Child pages
  • IRM in the Wild
Skip to end of metadata
Go to start of metadata

A Look At IRM in the Wild

The following table is a working document which reflects the various "IRM in the Wild" use cases the IRM WG is discussing and how each applies to the IRM Principles as they are currently defined.


 

Use/Business Cases Explored

PrinciplesMigrationIoTConnected Road to/from CarDNS

Block Chain

(e.g., OneName, NameCoin)
Distributed HashesPromise TheoryOntology
  SalesForceStrong Device Identity (SDID) - Low Computing PowerSDID - High Computing Power      
Is there a role for a Relationship Manager?YesYesYesYesYes    yes (basically, this is the role of the ontology engine here)
ScalableFULLY

PARTIAL

Reality of IoT

Raw device data stream, vs. identity (asset token)

FULLY

Has to be

FULLY

Has to be

PARTIAL

Yes - Road handles multiple cars but traffic and road usage is applied

FULLY

v4, v6

FULLY

  

ABOX instances, wip

TBOX rules

ActionablePARTIAL

FULLY

By the nature of the of the asset token and platform

PARTIAL

 

FULLY

 

FULLY

FULLY

IANA, Registration

PARTIAL

  

FULLY

Defined in TBox

(Im)MutablePARTIAL

FULLY

Depends on info available from the device

PARTIAL

FULLY

Push - TBD

FULLY

Immutable/Proxy/Forwarding

FULLY

  

FULLY

TBox ->'Reasoner' ->ABox
ContextualFULLY

FULLY

Depends on constraints of the device

Nothing that excludes this

FULLYFULLYFULLY

FULLY

Actually provides context

PARTIAL

  

FULLY

TBox ->'Reasoner' ->ABox
Transferrable (Delegation)NONE

PARTIAL

As token of "agency"

Need to re-mint token (new JWT)

PARTIAL

In terms of Ownership NOT Identity Change (Change vs. Transfer)

PARTIAL

In terms of Ownership NOT Identity Change (Change vs. Transfer)

NONE - Today

PARTIAL - in the Future - when automated vehicles are on the roads

FULLY

Bought, Forwarded

FULLY

  

FULLY

Ontology referentials
ProvablePARTIAL

FULLY

If HoK (signed JWT via JOSE)

PARTIAL

Requires gateway

FULLYFULLY

FULLY

w/HTTPS DNSSEC

FULLY

  

FULLY

Ontology referentials
AcknowledgablePARTIAL

FULLY

Allows it to be assigned, you can show this

PARTIAL

As capable as the device is

FULLYFULLY

FULLY

NMAP, other

FULLY

  

FULLY

Ontology referentials
RevocablePARTIAL

FULLY

Delete the token, there is an endpoint for access token status

NONEFULLYFULLYPARTIAL

FULLY

(although challenging for the right-to-be-forgotten)

  

FULLY

Ontology referentials
ConstrainablePARTIAL

PARTIAL

From the device perspective - not referring to back-end

PARTIAL

Difficult to add constraints - limited options

FULLYPARTIAL

FULLY

Subnets, Domains, etc.

FULLY

  

FULLY

Ontology referentials

TBox ->'Reasoner' ->ABox


 

Architecture Notions

NotionNotes/Comments
Scope it/ Profile 
Bounded for use/links to the real worldSAML, UMA?
Are components a viable approach?

OAuth/JWTs

OpenID Connect

At the IdP layer as backend or data store, "contextual identity store"

Can't change the apps

Hack the IdP

Hack the manager be it the IdP or the AS

Is it a rule generator?

"Contextual claims compiler"

Co-opt the IdP

Human Understandable

 
Are there simplifying assumptions? 
IRM provides the context for AuthZ? 
Build up the attributes from IdP in order to meet need for a claim 
Semantic aspects 
Autonomous 
Distributed Ledgers 
  • No labels

3 Comments

  1. Hope it is ok that I have written directly into it.

  2. Yes, feel free to populate the table, thanks Thorsten.

  3. Added BlockChain Details. I have a meeting today with the BlockChain/ SmartContracts Discussion Group, where I will add the following table to the discussion. My Goal here is to figure out, where we have links between Relationships and BlockChain/SC

    Principle

     DescriptionPotential link into BC/SCLink strength 
    ScalableIRM aware systems must be able to scale into billions (internet of things)BC/SC are not centralizedlight 
    ActionableA relationship must be able to 'do' something, or better: be able to transport the authorization to do something.could use BC/SC data, but no real benefit herelight 
    ImmutableA relationship can be immutable (this thing was made by...)This is definitly somehing where BC could helpmedium 
    ContextualA relationship must allow to be seen in a specific 'context' (time, place, predecessor, post...)

    could use BC/SC data, but no real benefit here

    light 
    TransferableA relationship can be transfered, permanently or temporary

    This is definitly somehing where BC could help

    medium 
    Provablerelationships are provable, either by single, multi or third parties.This is definitly somehing where BC could helpstrong 
    Acknowledgablea relationship between two or more must be able to be acknowledged (single ack, bi-directional,  majority,...)This is definitly somehing where BC could helpstrong 
    RevocableA relationship can be revoked (linked to accknowledge), right to be forgottenchallenging. BC/CS could help on one side, but right to be forgotten is not among them....medium 
    Constrainableany relationship can be granted, revoked, build based on constraints (eg laws)This is definitly somehing where BC could helpmedium