BS ISO 20078-3:2019 pdf free download.Road vehicles — Extended vehicle (ExVe) web services — Part 3: Security.
BS ISO 20078-3:2019 defines how to authenticate users and Accessing Parties on a web services interface. It also defines how a Resource Owner can delegate Access to its Resources to an Accessing Party. Within this context, this document also defines the necessary roles and required separation of duties between these in order to fulfil requirements stated on security, data privacy and data protection.
5.2 Authentication
The Identity Provider is responsible for authenticating the Resource Owner and managing the Resource Owner profile, based on the Resource Owner registration. The Resource Owner credentials are revealed only to the Identity Provider, and the Identity Provider confirms a successful authentication to concerned parties. If the Resource Owner has given consent, the Accessing Party will be authorized to access the Resource Owner’s profile (Figure 2).
5.3 Authorization
The Client Application as a component of the Accessing Party requires Access to Resources on behalf of the Resource Owner. At the authorization step, the Accessing Party requests authorization to access the Resources provided by the Resource Provider (Offering Party). The required authorization is requested at the Authorization Provider, providing the intended scope. By the consent of the Resource Owner, the Authorization Provider returns a limited authorization to the client application of the Accessing Party. Using the obtained authorization, the Client Application can access Resources.

Share on Facebook

Post on X

Follow us

Save