Explanation of Identity and Access Management
https://www.autosar.org/fileadmin/standards/R23-11/AP/AUTOSAR_AP_EXP_IdentityAndAccessManagement.pdf
<この項は書きかけです。順次追記します。>
This article is not completed. I will add some words in order.
Release Overviews
Classic Platform Release Overview, AUTOSAR No.0 ,R23-11, CP
https://qiita.com/kaizen_nagoya/items/8468435185e109189ead
Foundation Release Overview, AUTOSAR 781, R23-11, FO
https://qiita.com/kaizen_nagoya/items/f249bdb8c313d8bff883
Adaptive Platform Release Overview, AUTOSAR 782, R23-11, AP
https://qiita.com/kaizen_nagoya/items/13a104606a34fe24fcf7
Terms
The glossary below includes acronyms and abbreviations relevant to Identity and Ac- cess Management that are not included in the AUTOSAR Glossary.
Glossary AUTOSAR_FO_TR_Glossary
https://www.autosar.org/fileadmin/standards/R23-11/FO/AUTOSAR_FO_TR_Glossary.pdf
| terms(Acronyms and abbreviations) | Description |
|---|---|
| Policy Decision Point (PDP) | The PDP represents the logic in which the access control deci- sion is made. It determines if the application is allowed to perform the requested task. The PDP implementation and setup are not specified in AUTOSAR. |
| Policy Enforcement Point (PEP) | The PEP represents the logic in which the Access Control Deci- sions are enforced. It communicates directly with the associated PDP to receive the Access Control Decision. |
| Access control Policy | Access Control Policies are bound to the targets of calls (i.e., Ser- vice interfaces) and are used to express what Identity Information are necessary to access those interfaces. |
| Access Control Decision | The Access Control Decision is a Boolean value indicating if the requested operation is permitted or not. It is based on the identity of the caller and the Access Control Policy. |
| Identity | Identity represents properties of an Adaptive Application the ac- cess control is decided / enforced upon. In the case of Remote IAM, Identity can also mean properties of a remote ECU the ac- cess control is decided / enforced upon. |
| AUTOSAR Resource | The term AUTOSAR Resource covers interfaces that are under the scope of IAM (e.g., Service Interfaces, Crypto Key Slots, Crypto certificates). |
| Intent | An Intent is a property of an Adaptive Application. Access to an AUTOSAR Resource (e.g., CryptoKeySlot, ServiceInterface and its members Method, Event, and Field) is granted if the request- ing Application possesses all acknowledged intents that are nec- essary for that specific resource. An Intent could also describe the type of the access the Application is requesting (e.g., Read or write access to a CryptoCertificate). Intents are assigned to Adaptive Applications within their Application Manifest by means of AUTOSAR Resource specific modelling(e.g., ComFieldGrant- Design) |
| Grant | The integrator acknowledges an Adaptive Application’s intent by transferring GrantDesigns to a Grant in the deployment phase. Grant elements may be processed into access control lists for the PDP implementation. |
| Application ID | Application ID is a unique identifier of an Adaptive Application. In the meta-model an Adaptive Application is represented by a Process. |
| Process | A Process is the meta model’s runtime instance of an Adaptive Application and represents its runtime identity. A Process may be identified during runtime by a uniquely assigned identifier (e.g., a Unix user). |
| IPC | Inter-Process Communication |
補足資料(Additions)
2023 Countdown Calendar 主催・参加一覧
https://qiita.com/kaizen_nagoya/items/c4c2f08ac97f38d08543
CountDownCalendar月間 いいねをいただいた記事群 views 順
https://qiita.com/kaizen_nagoya/items/583c5cbc225dac23398a
<この記事は個人の過去の経験に基づく個人の感想です。現在所属する組織、業務とは関係がありません。>
This article is an individual impression based on the individual's experience. It has nothing to do with the organization or business to which I currently belong.
文書履歴(document history)
ver. 0.01 初稿 20231231
最後までおよみいただきありがとうございました。
いいね 💚、フォローをお願いします。
Thank you very much for reading to the last sentence.
Please press the like icon 💚 and follow me for your happy life.