w3c / automotive

W3C Automotive Working Group Specifications
Other
146 stars 68 forks source link

Optional VIN for access tokens? #429

Closed erikbosch closed 2 years ago

erikbosch commented 3 years ago

As of today we require VIN for access grant tokens, but we do not support VIN for access tokens.

https://raw.githack.com/w3c/automotive/gh-pages/spec/VISSv2_Core.html#access-token

This implies that the access token must have been signed with a vehicle-specific-key, as otherwise there is no mechanism for the "Gen2 Server" to know which vehicle the token gives access to. I assume that when a "Gen2 server" gets a request for something in vehicle 1234, then it must first check if the access token has been signed with the key for vehicle 1234. If the access token was signed by some other key, e.g. the key for vehicle 1235 then the request shall be rejected.

Would it as an alternative be allowed for an "Access Token Server" to issue access tokens with a specified VIN? With that approach the same (private) key could be used to sign all access tokens, and the "Gen2 Server" would use the same (public) key to authenticate all tokens, and then additionally compare the explicit VIN with the current request. If a new vehicle is enrolled, there is no need to push keys for the new vehicle to both "Access Token Server" and "Gen2 Server".

That could give higher flexibility for Gen2 Server implementations and deployments to decide how to handle authentication/authorization, depending on use-case they can restrict access to a specific vehicle either by signature or by explicit VIN.

UlfBj commented 2 years ago

To align this with issue #425 I suggest that the Access Token Server MUST include the VIN claim in the Access Token if it is present in the Access Grant Token.

UlfBj commented 2 years ago

Fixed in PR431