Versions Compared

Old Version 128

changes.mady.by.user Philippe Robin

Saved on

compared with

New Version 129

changes.mady.by.user Philippe Robin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Alex: some ideas on my desktop, although not formalized as a set of specifications yet
  • the recording of Alex's pitch is here
  • some hints on the discussion are given below
  • in the web when using graphql,  there is a user login name and password to connect to the data
  • you need to authorize yourseld on the phone, the session is valid for a certain period of time, if you do things, the session will remain
  • the server knows you
  • before you can use a graphql application,  you need to register, there is a link between the graphql server and your role
  • let us switch in the car environment and let us deploy some kind of a server in the car
  • what we learned from the web, graphql needs a name and a password
  • the app which is installed in the vehicle environment shouf be identified and signed / qualified as coming from the BMW store or the OEM specific store
  • the app should be made trusted in the environment
  • Johan: I agree with the approach
  • Alex:  in the web we have roles & permissions stored in the server but not applicable to the vehicle environment
  • more on the token: in the web, we have a token enhancement, after we logged on to the server and run through the authentication process, we got a token enhancement
  • we can have the same in the vehicle environement
  • (not captured...)
  • access rights: each and every app should bring permission groups in the manifest file
  • let us assume the app is allowed to access 20 atrributes
  • let us assume the user driver needs to have more permissions that the user "baby"
  • how do we handle this ?
  • Johan: I understand the difference between the web and the car
  • (not captured...)
  • Alex: in the car we have an app where the user authorizes him once and then this app gives rights to all other apps that need it
  • discussion continues on the sw architecture
  • Gunnar: the key thing for me is that you can include the information that is to be exchanged in the token
  • discussion on the token structure
  • jira: AASIG-117 - Prepare use cases for the security token validation In Progress is in-progress

Tuesday

...

3 November  - 500pm CET

Participants

  • Alexander Domin, Johan Strand, Stefan Wysocki, Guru, Stephen Lawrence, Gunnar, Philippe

...