search

admin-shell-io / questions-and-answers

This repository aims for providing answers to often asked questions in the context of the Asset Administration Shell.
https://admin-shell-io.github.io/questions-and-answers/
Creative Commons Attribution 4.0 International
24 stars 6 forks source link

Security Metamodel #69

Open StenGruener opened 2 years ago

StenGruener commented 2 years ago

Discussed in https://github.com/admin-shell-io/questions-and-answers/discussions/63

Originally posted by **gillistephan** December 22, 2021 Hi everyone, I have a question / looking for some hints regarding the (1) modeling and implications of the Security Metamodel in order to implement proper authz and (2) scenarios for operation. Question 1: To keep it simple, I will not refer to the actual properties in the AAS itself and only use the basic relations (read, write) between Subjects and Objects. Lets assume the case we want to model an AAS with some Submodels and the respective Security. For an easy case that some Subject X has Permission Read on Submodel Y, the evaluation is pretty straight forward when Subject X requests access to Submodel Y. A little more difficult case would be, when Subject X has Permission Read on the AAS Z itself. While there are no further constraints on Submodels, the question is: If Subject X has the Permission Read on the AAS itself, does this implicitly also apply Permission Read to all Submodels? The same holds true for the question: If Subject X has Write Permission on Submodel Y, does this implicitly apply the Permission Read? If Subject X has Read Permission on Submodel Y and Submodel Y references any ConceptDescription, does this implicitly apply the Permission Read to the ConceptDescription? I hope my point is clear - So the overall question is: Can subjects be recursive (by not only referencing a specific subject but also a set of subjects) or should / must indirections be modeled? Would be good, to get some clarification here, as the implementations of a checker would be considerable different. Question 2: Are there any best practices / or implementations going on for AAS-Runtimes?
BirgitBoss commented 2 years ago

"If Subject X has the Permission Read on the AAS itself, does this implicitly also apply Permission Read to all Submodels?"

No, this is not the case. The AAS just contains logical IDs of its submodels. If you want to access the submodels themselves you need to fetch the endpoint of a submodel via the registry. The submodel can have completely different access rights.

With respect to permissions: the metamodel does not predefine any permissions. Instead, it assumes that the permissions are defined in a submodel. This includes clear semantics of the permissions defined in this submodel like the one you ask: does write include read permission. Up to now there is no standardized submodel template for permissions.

BirgitBoss commented 2 years ago

The second question is not clear to me, do you mean APIs for accessing information at runtime?

BirgitBoss commented 2 years ago

You may be interested in this video from @aorzelskiGH on security with the Asset Administration Shell: https://youtu.be/CH_mguOJ0Ko

StenGruener commented 2 years ago

07.03.22: wait for @aorzelskiGH

StenGruener commented 2 years ago

@gillistephan any updates on your question after the meeting with Andreas on 31.1.? Something which might be valuable for the I4.0 community and can be posted in our Q&A list.

StenGruener commented 2 years ago

currently Chapter 7 of DotAAS is the only authoritative source