BS ISO 20078-3:2021 pdf download – Road vehicles — Extended vehicle (ExVe) web services Part 3: Security

BS ISO 20078-3:2021 pdf download – Road vehicles — Extended vehicle (ExVe) web services Part 3: Security This document defines how to authenticate users and accessing parties on a web-services interface. It also defines how a resource owner can delegate access to its resources to an accessing party. Within this context, this document also defines the necessary roles and required separation of duties between these in order to fulfil requirements stated on security, data privacy and data protection. All conditions and dependencies of the roles are defined towards a reference implementation using OAuth 2.0 [1] compatible framework and OpenID Connect 1.0 [2] compatible framework. 2 Normative references The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO 20078‑1, Road vehicles — Extended vehicle (ExVe) web services — Content and definitions 3 Terms and definitions For the purposes of this document, the convention, terms and definitions given in ISO 20078‑1 and the following apply. ISO and IEC maintain terminological databases for use in standardization at the following addresses: — ISO Online browsing platform: available at https://www.iso.org/obp — IEC Electropedia: available at https://www.electropedia.org/ 3.1 identity token ID token digitally signed JWT and contains claims (3.3) about the authenticated resource owner 3.2 authorization code intermediate result of a successful resource‑owner authorization process and that is used by authorized clients to obtain access tokens and optionally refresh tokens 3.3 claim asserted information about a certain entity EXAMPLE ROID, resource owner’s first name, last name, address, connected vehicle’s capability and/or other attributes. 3.4 token issuer entity that generates and provides identity tokens (3.1), access tokens, and refresh tokens 5? Basic? communication? flow 5.1 Offering party authorization domain 5.1.1 General This document separates the activities necessary for authentication, authorization and resource access into three distinct communication flows with separate duties (see Figure 1). 5.1.2 Authentication The identity provider is responsible for authenticating the resource owner and managing the resource owner profile, based on the resource owner registration. The resource owner credentials are revealed only to the identity provider, and the identity provider confirms a successful authentication to concerned parties. If the resource owner has given consent, the accessing party will be authorized to access the resource owner’s profile...