egekorkan
commented
2 months ago @asorici thank you for the scenario proposal! We are now going to extract the requirements from each use case and we need you to extend your first comment with the types of requirements listed at https://github.com/w3c-cg/webagents/issues/34. You can have a look at an example at https://github.com/w3c-cg/webagents/issues/24
Title: Context-Based Authorized Access to Thing Affordances
Submitter(s): Alexandru Sorici
Motivation:
Current ThingDescription specifications provide for Security Schemes which can control access to the affordances provided by a Thing. However, the current options are mostly limited to token-based access which are less responsive to the possible dynamics of web agents (e.g. in terms of physical mobility, change of roles in an activity, change of role in an organization). Attribute-Based Access Control methods seem a more appropriate approach for authorization granting/revocation, since they condition the access on properties of both an agent (human user or software agent) and Thing, which can change at runtime. Notably, the different properties and events known about agents and Things in a hypermedia platform can be qualified as context information. This context information is generated by the participants in the hypermedia platform itself (web services, software agents, human users, IoT devices, etc). Developers of Things should therefore be able to leverage such information to condition access to the Thing itself (as a resource) or to its individual affordances, when deploying them in different hypermedia platforms.
Expected Participating Entities:
Workflow:
A human or software agent accesses an affordance provided by a Thing. The request is intercepted by the hypermedia agent platform in which the Thing is deployed. The Thing has specified a set of context conditions which a requester agent must satisfy for access. The conditions involve both static and dynamic (rapidly changing) information (e.g. the physical location of the requesting agent) context which are provided by other services and Things available in the hypermedia platform. The hypermedia platform provides a service to validate the context-based access conditions on behalf of the Thing and forwards the request for the affordance only if the access conditions are valid.
A more detailed description of envisioned interactions is provided in this short paper written in a technical report style, whereby an assumption is made that the hypermedia platform conforms to design principles and uses elements stemming from the Agents and Artifacts paradigm.
Related Use Cases (if any):
None, but all can be extended to encompass provisioning of authorized access as described here.
Existing solutions:
The CASHMERE project designs an approach to address this concern in particular, integrating with the Yggdrasil HMAS platform, though the prototype implementation is a work in progress.
Identified Requirements by the TF:
To be filled after submission. Examples of requirements include usage of specific communication protocols, media types, platforms, security and privacy mechanisms, or accesibility.
Comments: