Use case: Object IdM managed appliance and servicing registration, authentication, and authorization

Owned by Former user (Deleted)
Last updated: Nov 19, 2013 by Former user (Deleted)Version comment

 Use case: “Object IdM managed appliance and servicing registration, authentication, and authorization” draft (Frank Mildner)

Discussion

From a business and security perspective, major features of self-servicing appliances need to provide transparent identification and seamless authentication of the appliance to web services and transparent identification and seamless authentication of web services to the appliance on behalf of the owner of the appliance and on behalf of the service team without additional owner or service team intervention.

Pre-requisites

A user has purchased a household appliance (e.g. air condition, refrigerator, washing machine, etc.) including a subscription for self-servicing. 

Appliance is registered on an Object IdP by its owner, manufacturer, vendor service team or on its own(?).

The servicing web service is registered on an Object IdP by its owner, manufacturer, vendor service team or on its own(?)

Service processes

The diagnostics application in the appliance realizes / analyzes the malfunctioning of a part or the changing values (e.g temperature, pressure, etc.). The m2m device in the appliance initiates an alarming call/message to the web service. So as to access the web service and get an access, based on the communication roles and security roles, the appliance starts an authentication on the Object-IdP. Based on its identity and credentials the appliance receive an access token from the IdP and use the token to grant access to the servicing web-service to assure its identity in order to book an additional remote diagnostic or a service technician and ensure thereby misuse of servicing or vice versa avoid a compromise of the appliance.

Gaps, open issues

What is the identity of the appliance?

Who is the owner of the appliance identity?

How identity representation (addresses, serial numbers…) can be matched/mapped to the “actual” Identity of Things?

And what is the “actual” Identity of Things? (e.g. GS1 claims the be the IoT namespace)

Requirements

The Object IdP shall support the management of appliance registration, authentication authorization.

The Object IdP shall support the management of web service registration, authentication authorization.

The Object IdP shall support the management of token validation