دورية أكاديمية
Multilevel Subgranting by Power of Attorney and OAuth Authorization Server in Cyber–Physical Systems
العنوان: | Multilevel Subgranting by Power of Attorney and OAuth Authorization Server in Cyber–Physical Systems |
---|---|
المؤلفون: | Vattaparambil Sudarsan, Sreelakshmi, Schelén, Olov, Bodin, Ulf |
بيانات النشر: | Luleå tekniska universitet, EISLAB |
سنة النشر: | 2023 |
المجموعة: | Luleå University of Technology Publications / Publikationer Luleå Tekniska Universitet |
مصطلحات موضوعية: | authorization, cyber–physical systems (CPS), grant negotiation and authorization protocol (GNAP), OAuth, Power of Attorney (PoA), proxy signature, user managed access (UMA), Computer Systems, Datorsystem |
الوصف: | Many Cyber-Physical Systems are today semiautonomous and powerful enough to perform advanced tasks on their own. This means they can also act as representatives of people or devices that have given them an order. However, traditional access control policies and delegation models do not meet industrial requirements such as support for letting autonomous CPS devices act on their own with certified credentials under the sub authorization by subcontractors, without the need for a separate account per device. In this paper, we analyze and compare power of attorney, proxy signature by warrant, and OAuth to identify the strengths and challenges of each. Based on the comparison, we propose an OAuth grant type based on the power of attorney and inspired by the concept of proxy signature by warrant. Power of Attorney is a generic and self-contained document that a principal signs and directs to an agent, thereby providing it the power to execute actions on behalf of the principal for a predefined time, even if it is offline. One key advantage of the power of attorney is that it can support effective sub-granting on several levels to support industrial scenarios where resource owners bring in authorized contractors that can in their turn authorize and bring in several devices without incurring management overhead to the resource owner. A proof-of-concept and performance evaluation of the proposed model is presented using an industrial use-case scenario with multi-level authorization. ; Validerad;2023;Nivå 2;2023-11-07 (hanlid); Funder: ECSEL JU (826452); Full text license: CC BY ; Arrowhead Tools Project |
نوع الوثيقة: | article in journal/newspaper |
وصف الملف: | application/pdf |
اللغة: | English |
العلاقة: | IEEE Internet of Things Journal, 2327-4662, 2023, 10:17, s. 15266-15282; orcid:0000-0002-8873-9226; orcid:0000-0002-4031-2872; orcid:0000-0001-5408-0008; http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-97006Test; Scopus 2-s2.0-85153408957 |
DOI: | 10.1109/jiot.2023.3265407 |
الإتاحة: | https://doi.org/10.1109/jiot.2023.3265407Test http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-97006Test |
حقوق: | info:eu-repo/semantics/openAccess |
رقم الانضمام: | edsbas.31AE8899 |
قاعدة البيانات: | BASE |
DOI: | 10.1109/jiot.2023.3265407 |
---|