ISO/TR 20078-4:2021
(Main)Road vehicles — Extended vehicle (ExVe) web services — Part 4: Control
Road vehicles — Extended vehicle (ExVe) web services — Part 4: Control
This document describes the processes of an offering party’s implementation to provide (ISO 20078‑2) access-controlled (ISO 20078-3) resources (ISO 20078‑1) to accessing parties. The processes are summarized as: registration of different stakeholder as well as granting, denying and revoking of access to resources. Those processes are held as examples of combining ISO 20078‑1, ISO 20078‑2 and ISO 20078‑3 and can vary depending on the actual implementation of the offering party.
Véhicules routiers — Web services du véhicule étendu (ExVe) — Partie 4: Contrôle
General Information
Relations
Buy Standard
Standards Content (Sample)
TECHNICAL ISO/TR
REPORT 20078-4
Second edition
2021-10
Road vehicles — Extended vehicle
(ExVe) web services —
Part 4:
Control
Véhicules routiers — Web services du véhicule étendu (ExVe) —
Partie 4: Contrôle
Reference number
ISO/TR 20078-4:2021(E)
© ISO 2021
---------------------- Page: 1 ----------------------
ISO/TR 20078-4:2021(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
© ISO 2021 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/TR 20078-4:2021(E)
Contents Page
Foreword .iv
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Roles . 1
4.1 Resource owner . 1
4.1.1 Resources . 1
4.1.2 Containers . 2
4.2 Accessing party . 4
4.3 Offering party . 4
5 Processes . 4
5.1 Registration . 4
5.1.1 Accept registration of a requesting party . 4
5.1.2 Reject registration of a requesting party . 5
5.1.3 Accept resource owner registration . 5
5.1.4 Reject resource owner registration . 6
5.2 Resources . 6
5.2.1 Grant access to resources . 6
5.2.2 Reject access to resources. 8
5.2.3 Ignore access request to resources . 9
5.2.4 Revoke access to resources . 10
5.3 Containers . 10
5.3.1 Creation of a container . 10
5.3.2 Deletion of a container . 11
5.3.3 Grant access to resources grouped by a container .12
5.3.4 Reject access to containers . 14
5.3.5 Ignore access request to containers . 15
5.3.6 Revoke access to containers . 15
5.4 Resource access . 16
5.4.1 Access . 16
5.4.2 No access . 16
5.4.3 Push of resources . 17
Annex A (informative) Registration of the service/application owner at the accessing party .19
Bibliography .21
iii
© ISO 2021 – All rights reserved
---------------------- Page: 3 ----------------------
ISO/TR 20078-4:2021(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 22, Road vehicles, Subcommittee SC 31,
Data communication.
This second edition cancels and replaces the first edition (ISO/TR 20078-4:2019), which has been
technically revised.
The main changes are as follows:
— revised the clause containers;
— added new subclause describing push of resources (5.4.3).
A list of all parts in the ISO 20078 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
iv
© ISO 2021 – All rights reserved
---------------------- Page: 4 ----------------------
TECHNICAL REPORT ISO/TR 20078-4:2021(E)
Road vehicles — Extended vehicle (ExVe) web services —
Part 4:
Control
1 Scope
This document describes the processes of an offering party’s implementation to provide (ISO 20078-
2) access-controlled (ISO 20078-3) resources (ISO 20078-1) to accessing parties. The processes are
summarized as: registration of different stakeholder as well as granting, denying and revoking of
access to resources. Those processes are held as examples of combining ISO 20078-1, ISO 20078-2 and
ISO 20078-3 and can vary depending on the actual implementation of the offering party.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 20078-1, Road vehicles — Extended vehicle (ExVe) web services — Part 1: Content and definitions
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 20078-1 apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
4 Roles
4.1 Resource owner
4.1.1 Resources
The resource owner is in control of the access to its resources. To control access, the resource owner
uses the processes: granting, denying, ignoring and revoking.
1
© ISO 2021 – All rights reserved
---------------------- Page: 5 ----------------------
ISO/TR 20078-4:2021(E)
Figure 1 — The resource owner grants, denies or revokes access to resources
Figure 1 illustrates an example of how a resource owner controls access to resources offered to the
accessing party by the offering party. The resource owner can grant, deny or revoke access (ISO 20078-
3) to its resources at any time.
— Granting: the resource owner reviews the resources presented by the offering party and decides to
grant access to the accessing party.
— Denying: the resource owner reviews the resources presented by the offering party and decides to
deny access to the accessing party.
— Ignoring: the resource owner does not grant or deny access to the accessing party. The request stays
pending for a pre-defined time, after which it will be denied.
— Revoking: the resource owner revokes an already granted access to an accessing party.
NOTE The accessing party is a third-party service provider or the VM when acting as a service provider both
acting for after sales services after the ExVe has been sold or leased.
4.1.2 Containers
The resource owner is in control of the access (ISO 20078-3) to their resources (ISO 20078-1) grouped
by a container. The resource owner uses the processes: registration, granting, denying, ignoring,
revoking to grant, deny or revoke access resources.
The content of a container is defined by the accessing party or the offering party. The offering party
offers the container with the granted resources if available.
2
© ISO 2021 – All rights reserved
---------------------- Page: 6 ----------------------
ISO/TR 20078-4:2021(E)
Figure 2 — The resource owner grants, denies or revokes access to containers
Figure 2 displays an example for one accessing party. The accessing party or the offering party defines
containers, each identified by a unique container Id (CID), to access resources of the offering party.
The resource owner can individually grant, deny or revoke — at any time — access (ISO 20078-3) to
resources of defined containers (ISO 20078-1) in relation to a one or more vehicle identifiers (VINs)
for not anonymized resources. Such decisions made by the resource owner are collectively called the
request permission processes. Possible states or outcomes of these processes are the following.
— Granted: a certain container is defined by the accessing or the offering party. The resource owner
grants access to the container (and if required in combination with a vehicle identifier) for the
accessing party. Through this grant process the resource owner verifies that both the resources, and
the purpose of data processing of the container are presented by the offering party; see Figure 15
and/or Figures 16 and 17.
— Denied: a certain container is defined by the accessing or the offering party. The resource owner
denies the access to the container for the accessing party. Because of this action, the resource owner
does not approve the access to the resources and/or the purpose of data processing of the container
that are presented by the offering party; see Figure 18.
— Pending/ignored: a certain container is defined by the accessing party or the offering party and
selected for a grant request. After starting the request, the resource owner does not continue to
either grant or to deny the request. The request stays pending as long as it is ignored by the resource
owner. If a pre-defined time passes, and the request has been ignored, it is denied by the offering
party; see Figure 19.
— Revoked: a certain container is defined by the accessing party or the offering party and was granted
by the resource owner. After a certain time, the resource owner revokes the access to resources of
the container for the accessing party. This immediately denies any further access to resources for
the accessing party; see Figure 20.
3
© ISO 2021 – All rights reserved
---------------------- Page: 7 ----------------------
ISO/TR 20078-4:2021(E)
4.2 Accessing party
The accessing party uses the issued credentials to authenticate itself when requesting access tokens
from the offering party. To retrieve an access token and access the resource owner’s resources, an
explicit grant from the resource owner is required.
Afterwards the accessing party registers its own digital customers on its digital services/applications
and/or on its resource providing services; see Annex A as an example.
These digital customers consume the digital services/applications that are developed, offered and
maintained by the accessing party. These services are available for use as long as access to resources of
the offering party is granted by the resource owner.
4.3 Offering party
The offering party makes resources available via web services for access by an accessing party. The
offering party provides access to resources based on the consent of the resource owner either on a
single resource or resources grouped by a container. Additionally, the offering party manages the
processes defined in (Clause 5).
5 Processes
5.1 Registration
5.1.1 Accept registration of a requesting party
A requesting party (not yet an accessing party) sends a registration request with the mandatory
registration information (identification) to the offering party.
Figure 3 — Registration request of a requesting party accepted by the offering party
The approval of the registration is the responsibility of the offering party. If the registration is approved,
the offering party provides information on how to access web services and (if available) web portals,
e.g. web service documentation, URIs and necessary credentials.
After successful registration, the requesting party receives the role of an accessing party and can (for
example) create containers.
4
© ISO 2021 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/TR 20078-4:2021(E)
The registration process (Figure 3) can be online, offline or a combination of both.
NOTE AccessingPartyID (APID) and AccessingPartyCredentials (APC) are issued; see ISO 20078-1.
5.1.2 Reject registration of a requesting party
A requesting party sends a registration request with the mandatory registration information to the
offering party.
Figure 4 — Registration of a requesting party is rejected by the offering party
The offering party verifies the request. Invalid requests are rejected, e.g. if the identity cannot be
verified, or information is missing (see Figure 4). I
...
TECHNICAL ISO/TR
REPORT 20078-4
Second edition
Road vehicles — Extended vehicle
(ExVe) web services —
Part 4:
Control
Véhicules routiers — Web services du véhicule étendu (ExVe) —
Partie 4: Contrôle
PROOF/ÉPREUVE
Reference number
ISO/TR 20078-4:2021(E)
©
ISO 2021
---------------------- Page: 1 ----------------------
ISO/TR 20078-4:2021(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii PROOF/ÉPREUVE © ISO 2021 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/TR 20078-4:2021(E)
Contents Page
Foreword .iv
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Roles . 1
4.1 Resource owner. 1
4.1.1 Resources . 1
4.1.2 Containers. 2
4.2 Accessing party . 4
4.3 Offering party . 4
5 Processes . 4
5.1 Registration . 4
5.1.1 Accept registration of a requesting party . 4
5.1.2 Reject registration of a requesting party . 5
5.1.3 Accept resource owner registration. 5
5.1.4 Reject resource owner registration . 6
5.2 Resources . 6
5.2.1 Grant access to resources . 6
5.2.2 Reject access to resources. 8
5.2.3 Ignore access request to resources . 9
5.2.4 Revoke access to resources .10
5.3 Containers .10
5.3.1 Creation of a container .10
5.3.2 Deletion of a container .11
5.3.3 Grant access to resources grouped by a container .12
5.3.4 Reject access to containers .14
5.3.5 Ignore access request to containers .15
5.3.6 Revoke access to containers.15
5.4 Resource access .16
5.4.1 Access .16
5.4.2 No access .16
5.4.3 Push of resources .17
Annex A (informative) Registration of the service/application owner at the accessing party .19
Bibliography .21
© ISO 2021 – All rights reserved PROOF/ÉPREUVE iii
---------------------- Page: 3 ----------------------
ISO/TR 20078-4:2021(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso .org/
iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 22, Road vehicles, Subcommittee SC 31,
Data communication.
This second edition cancels and replaces the first edition (ISO/TR 20078-4:2019), which has been
technically revised.
The main changes compared to the previous edition are as follows:
— revised the clause containers;
— added new subclause describing push of resources (5.4.3).
A list of all parts in the ISO 20078 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv PROOF/ÉPREUVE © ISO 2021 – All rights reserved
---------------------- Page: 4 ----------------------
TECHNICAL REPORT ISO/TR 20078-4:2021(E)
Road vehicles — Extended vehicle (ExVe) web services —
Part 4:
Control
1 Scope
This document describes the processes of an offering party’s implementation to provide (ISO 20078-2)
access-controlled (ISO 20078-3) resources (ISO 20078-1) to accessing parties. The processes are
summarized as: registration of different stakeholder as well as granting, denying and revoking of
access to resources. Those processes are held as examples of combining ISO 20078-1, ISO 20078-2 and
ISO 20078-3 and can vary depending on the actual implementation of the offering party.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 20078-1 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
4 Roles
4.1 Resource owner
4.1.1 Resources
The resource owner is in control of the access to its resources. To control access, the resource owner
uses the processes: granting, denying, ignoring and revoking.
© ISO 2021 – All rights reserved PROOF/ÉPREUVE 1
---------------------- Page: 5 ----------------------
ISO/TR 20078-4:2021(E)
Figure 1 — The resource owner grants, denies or revokes access to resources
Figure 1 illustrates an example of how a resource owner controls access to resources offered to
the accessing party by the offering party. The resource owner can grant, deny or revoke access
(ISO 20078-3) to its resources at any time.
— Granting: the resource owner reviews the resources presented by the offering party and decides to
grant access to the accessing party.
— Denying: the resource owner reviews the resources presented by the offering party and decides to
deny access to the accessing party.
— Ignoring: the resource owner does not grant or deny access to the accessing party. The request stays
pending for a pre-defined time, after which it will be denied.
— Revoking: the resource owner revokes an already granted access to an accessing party.
NOTE The accessing party is a third-party service provider or the VM when acting as a service provider both
acting for after sales services after the ExVe has been sold or leased.
4.1.2 Containers
The resource owner is in control of the access (ISO 20078-3) to their resources (ISO 20078-1) grouped
by a container. The resource owner uses the processes: registration, granting, denying, ignoring,
revoking to grant, deny or revoke access resources.
The content of a container is defined by the accessing party or the offering party. The offering party
offers the container with the granted resources if available.
2 PROOF/ÉPREUVE © ISO 2021 – All rights reserved
---------------------- Page: 6 ----------------------
ISO/TR 20078-4:2021(E)
Figure 2 — The resource owner grants, denies or revokes access to containers
Figure 2 displays an example for one accessing party. The accessing party or the offering party defines
containers, each identified by a unique container Id (CID), to access resources of the offering party.
The resource owner can individually grant, deny or revoke — at any time — access (ISO 20078-3) to
resources of defined containers (ISO 20078-1) in relation to a one or more vehicle identifiers (VINs)
for not anonymized resources. Such decisions made by the resource owner are collectively called the
request permission processes. Possible states or outcomes of these processes are the following.
— Granted: a certain container is defined by the accessing or the offering party. The resource owner
grants access to the container (and if required in combination with a vehicle identifier) for the
accessing party. Through this grant process the resource owner verifies that both the resources, and
the purpose of data processing of the container are presented by the offering party; see Figure 15
and/or Figures 16 and 17.
— Denied: a certain container is defined by the accessing or the offering party. The resource owner
denies the access to the container for the accessing party. Because of this action, the resource owner
does not approve the access to the resources and/or the purpose of data processing of the container
that are presented by the offering party; see Figure 18.
— Pending/ignored: a certain container is defined by the accessing party or the offering party and
selected for a grant request. After starting the request, the resource owner does not continue to
either grant or to deny the request. The request stays pending as long as it is ignored by the resource
owner. If a pre-defined time passes, and the request has been ignored, it is denied by the offering
party; see Figure 19.
— Revoked: a certain container is defined by the accessing party or the offering party and was granted
by the resource owner. After a certain time, the resource owner revokes the access to resources of
the container for the accessing party. This immediately denies any further access to resources for
the accessing party; see Figure 20.
© ISO 2021 – All rights reserved PROOF/ÉPREUVE 3
---------------------- Page: 7 ----------------------
ISO/TR 20078-4:2021(E)
4.2 Accessing party
The accessing party uses the issued credentials to authenticate itself when requesting access tokens
from the offering party. To retrieve an access token and access the resource owner’s resources, an
explicit grant from the resource owner is required.
Afterwards the accessing party registers its own digital customers on its digital services/applications
and/or on its resource providing services; see Clause A.1 as an example.
These digital customers consume the digital services/applications that are developed, offered and
maintained by the accessing party. These services are available for use as long as access to resources of
the offering party is granted by the resource owner.
4.3 Offering party
The offering party makes resources available via web services for access by an accessing party. The
offering party provides access to resources based on the consent of the resource owner either on a
single resource or resources grouped by a container. Additionally, the offering party manages the
processes defined in (Clause 5).
5 Processes
5.1 Registration
5.1.1 Accept registration of a requesting party
A requesting party (not yet an accessing party) sends a registration request with the mandatory
registration information (identification) to the offering party.
Figure 3 — Registration request of a requesting party accepted by the offering party
The approval of the registration is the responsibility of the offering party. If the registration is approved,
the offering party provides information on how to access web services and (if available) web portals,
e.g. web service documentation, URIs and necessary credentials.
After successful registration, the requesting party receives the role of an accessing party and can (for
example) create containers.
4 PROOF/ÉPREUVE © ISO 2021 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/TR 20078-4:2021(E)
The registration process (Figure 3) can be online, offline or a combination of both.
NOTE AccessingPartyID (APID) and AccessingPartyCredentials (APC) are issued; see ISO 20078-1.
5.1.2 Reject registration of a requesting party
A requesting party sends a registration request with the mandatory registration information to the
offering party.
Figure 4 — Registration of a requesting party is rejected by the offering party
The offering party verifies the request. Invalid requests are rejected, e.g. if the identity cannot be
verified, or information is missing (see Figure 4). If technically possible, the requesting party is
informed of the reason.
If the circumstances change and any registrations become invalid, the offering party cancels such
registrations.
5.1.3 Accept resource owner registration
A resource owner sends a registration request including the mandatory infor
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.