The openMDM Eclipse Working Group recognizes the need to provide user authentication and user authorization as part of the openMDM 5 framework and solicits proposals for the design and implementation of suitable mechanisms to perform these functions. Specifically, the following questions are to be addressed:
- Which notion of user identity is used by openMDM?
- How is the identity of a user authenticated during login?
- How is the identity of the current user passed between different openMDM components and between openMDM components and underlying data sources (e.g., ODS servers)?
- How are roles and user-role assignments managed?
- How are access rights defined and managed?
- Which component(s) are responsible for enforcing access control and which mechanisms are used for the enforcement?
- How should openMDM components and applications react to authorization failures?
An initial workshop on user authentication and authorization in openMDM was held in April 2016 and resulted in a set of observations, requirements and suggestions documented under ORGA-98 and Orga-158. Based on the results of this workshop, the openMDM Eclipse Working Group now looks for a specific design and (after acceptance of the design by the Working Group) an implementation of user authentication and authorization within the openMDM framework.
Responsible Driver Members
- Müller BBM (Stefan Wartini)
- Siemens (Gert Sablon)
- DONE: Kick-off meeting held (2.11.2016) see Minutes:
- DONE: Interviews planned with OEMS
- Interview partners defined: BMW (Michael Schwarzbach), Audi (Franz Wöhrl/Sven Wittig), Daimler (??)
- DONE Interviews were carried out by Canoo.
- Consolidated interview results are introduced into the concept (see 1. Delivery)
- DONE: 1. Delivery: The final concept was created by Canoo. The concept was presented to Siemens and Müller BBM and approved. It was also presented to the Architecture Committee and approved by the Architecture Committee. See final documentation
- IN PROCESS: 2. Delivery: Example Implementation