Leveraging OpenID To connect Vehicle to the Cloud

Size: px

Start display at page:

Download "Leveraging OpenID To connect Vehicle to the Cloud"

Carol Andrews
6 years ago
Views:

1 Leveraging OpenID To connect Vehicle to the Cloud ALS 2017 Tokyo Fulup Ar Foll Lead Architect

2 Who Are We? 2

3 V2C Multiple Requirements Car to Cloud Cloud to Car Telematics Car sharing, Fleet management Profiling Real time Update Traffic/Map User Preferences SOTA, Streaming Music, Traffic Car to Infrastructure Payment Car to City Car to Home 3

4 V2C MUST fix issues Potential open door for cyber-attack? Who own and controls the data? What s about user privacy? How to provide the right user experience with on time to the market innovations? How to open popular to non-automotive services (Spotify, Facebook, Paypal, ) How to keep the service running for 25 years?... Last but not least, where to find skill developers? 4

5 AGL Microservices Architecture Entertainement Cluster Navigation Service Head Unix Direction Indication My Car Portal Maintenance Portal Paiement Know Bugs Subcriptions Maintenances Preference Service Packs Carte handling Localistion management POI Transport & ACL Transport & ACL Cluster Virtual Signal Cloud CAN-BUS Virtual Signal Engine-CAN-BUS CAN-BUS ABS LIN-BUS Transport & ACL Geopositioning Virtual Signal Preferences & Custumisation Gyro, Acelerometer MongoDB Engine No-SQL Engine Paiement Service Statistics & Analytics CAN GPS Log Analytics Multi ECU & Cloud Aware Architecture 5

6 AGL-DD API Description Model 6

7 OpenAPI Binding Description 7

8 AGL-DD Security Model Not ready yet for Cloud SaaS Start,Stop,Pause,Install,Remove,... Application Framwork Live Cycle Management Navigation Service Log/Supervision Service MultiMedia Service Carte handling Media Player Carte handling POI management Radio Interface POI management etc... etc... etc... Cgroups NameSpace Containers Transport + Acess Control MAC Enforcement Smack Agent-2 Car Environement Agent-3 Engine Agent-4 Remote Signal CAN Bus-A CAN Bus-B Smart City LIN Bus-A Cluster-Unit RVI Audio... Cloud Distributed Application Architecture 8

9 Why OpenID Connect? Inherit from SAML2 protocols models Simpler to deploy than SAML2 Over 10 years of lesson learn on massive deployment Support of privacy and data protection built in Low level based on REST, SSL, JSON High Level based on oauth2, JWT (Json Web Token),JWS(Json Web Signature) Toolkit available in multiple languages Supported natively or flavoured by many internet providers (Facebook, Google, Paypal, ), but also by many governments Community Active & well known Open to custom profile Ready to work with AGL 9

OpenID members Companies involve OpenId Development Contributors included a diverse international representation of industry, academia and independent technology leaders: AOL, Deutsche

10 OpenID members Companies involve OpenId Development Contributors included a diverse international representation of industry, academia and independent technology leaders: AOL, Deutsche Telekom, Facebook, Google, Microsoft, Mitre Corporation, mixi, Nomura Research Institute, Orange, PayPal, Ping Identity, Salesforce, Yahoo! Japan, among other individuals and organizations. 10

11 OpenID Simple Flow Slide Credit Nov Matake, OpenID Japan 11

12 OpenID Connect Detail Flow Slide credit axway.com 12

13 Global Architecture Local Binding Remote Binding ws-client:tcp://hostname:port/myapi (11) Forward AuthCode ws-server:tcp://hostname:port/myapi (1) Request API (3) Forward AuthZ Request (2) Request AuthZ scope,..) (13) Receive User Info (12) Provide AuthCode (10) Forward AuthCode (4) Request AuthZ on behalf Remote (clientid, scope,..) Identity Agent (9) Return AuthCode (5) Redirect Authentication URL for User consent IDP (Identity Provider) e.g. (7) Forward IDP redirect Consent/Authentication User UI (7) User Consent/Authentication Interaction 13

14 Data Model Identity Agent Data Structure (UsrID) Local User Profile Name Etc. (AppID) Local App Profile ClientID Autority, Scope Session Token/Timeout Persistant Data Etc. (FedID) IDP pseudonym AuthZ token Session Token/Timeout Etc. 14

15 Work To Be Done AGL Binding Protocol Extension Access Controls Native integration of OpenID Connect Support for use interaction (consent, authentication) LOA Hook for roles/group Link with existing privilege model Authentication Webview for Authentication/Consent Map authentication devices (NFC, FiDO) Define API for custom API 15

16 Further Information Specifications: Introduction Deep dive in protocols: [Following videos are pretty technical, while they relates to one of pevious live project they may help to understand OpenID protocols. Please ignore 1 st videos which are related to the installation of the project, last ones demonstrate protocols through a live debug session] French English (last video) (2nd & 3rd videos) Warning: When searching for information you should be aware that OpenIDconnect has 100% different from OpenID-v1/v2. 16

CAN Signaling Agent. A generic model to handle signals. AGL AMM Feb/2017 Fulup Ar Foll Lead Architect

CAN Signaling Agent. A generic model to handle signals. AGL AMM Feb/2017 Fulup Ar Foll Lead Architect CAN Signaling Agent A generic model to handle signals AGL AMM Feb/2017 Fulup Ar Foll Lead Architect fulup@iot.bzh st 1 technical Contributor Application Development Integration Yocto recipes Releases automation