Data Access Control

This page intends to document:

1. Existing standards and specifications for access control mechanism to vehicle data
2. Example of definition of access groups / permissions / roles

NOTE:  The page is not intended as a comprehensive analysis of different choices*.  For 1) it documents only those access control mechanisms that may be applicable for currently investigated technologies in CCS.   Similarly, for 2) we expect to have examples of applying those principles to the currently investigated data model, which is now assumed to be VSS.  When the range of technologies that investigated in CCS increases, then the access control mechanisms provided by those technologies should be analyzed accordingly.

^* As a counter-example, general research into all available strategies for access control (Role-based systems, typical application permission systems such as those for Android apps, and many other examples), is hugely important but kept out of scope for this page.  Such research of already existing knowledge ought to be done whenever a new mechanism is defined, but we expect that to be collected elsewhere, associated with each such concrete project.  
As an example, existing standards that inspired the access control definition chapter in the W3C VISSv2 protocol were collected through discussions in the W3C Automotive working group and documented there in meeting minutes and in discussions on mailing lists.

Access control mechanisms related to CCS activities

W3C VISS v2:

• For W3C VISSv2 access control, please see chapter TBD in spec TBD.  → Ulf Bjorkengren

Other technologies somewhat investigated in CCS project:

• MQTT, limiting subscription to topics depending on credentials - TBD
• Options Apache NiFi / related technologies? - TBD
• Principles used by WAMP – TBD

Example of defining roles/permissions to VSS signals

• Example of definitions of role/purpose groups applied to VSS, according to W3C VISSv2 concept. – TODO