Road vehicles -- Extended vehicle (ExVe) web services

This document describes the processes of an Offering Party's implementation to provide (ISO 20078‑2) Access controlled (ISO 20078-3) Resources (ISO 20078‑1) to Accessing Parties. The processes are summarized as: Registration of different stakeholder as well as granting, denying and revoking of Access to Resources. Those processes are held as examples of combining ISO 20078‑1, ISO 20078‑2 and ISO 20078‑3 and can vary depending on the actual implementation of the Offering Party.

Véhicule routiers -- Web services du véhicule étendu (ExVe)

General Information

Status
Published
Publication Date
23-Apr-2019
Current Stage
6060 - International Standard published
Start Date
30-Mar-2019
Completion Date
24-Apr-2019
Ref Project

Buy Standard

Technical report
ISO/TR 20078-4:2019 - Road vehicles -- Extended vehicle (ExVe) web services
English language
16 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

TECHNICAL ISO/TR
REPORT 20078-4
First edition
2019-04
Road vehicles — Extended vehicle
(ExVe) web services —
Part 4:
Control
Véhicule routiers — Web services du véhicule étendu (ExVe) —
Partie 4: Contrôle
Reference number
ISO/TR 20078-4:2019(E)
ISO 2019
---------------------- Page: 1 ----------------------
ISO/TR 20078-4:2019(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2019

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/TR 20078-4:2019(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms, definitions and abbreviations ............................................................................................................................................ 1

4 Roles .................................................................................................................................................................................................................................. 1

4.1 Resource owner...................................................................................................................................................................................... 1

4.1.1 Resources ............................................................................................................................................................................... 1

4.1.2 Containers.............................................................................................................................................................................. 2

4.2 Accessing Party ....................................................................................................................................................................................... 3

4.3 Offering Party ........................................................................................................................................................................................... 4

5 Processes ...................................................................................................................................................................................................................... 4

5.1 Registration ................................................................................................................................................................................................ 4

5.1.1 Accept registration of a requesting Party ................................................................................................... 4

5.1.2 Reject Registration of a requesting Party ................................................................................................... 4

5.1.3 Accept Resource Owner Registration ............................................................................................................ 5

5.1.4 Reject Resource Owner Registration .............................................................................................................. 5

5.2 Resources ..................................................................................................................................................................................................... 6

5.2.1 Grant Access to Resources ....................................................................................................................................... 6

5.2.2 Reject Access to Resources...................................................................................................................................... 7

5.2.3 Ignore Access Request to Resources ............................................................................................................... 8

5.2.4 Revoke Access to Resources ................................................................................................................................... 8

5.3 Containers ................................................................................................................................................................................................... 9

5.3.1 Creation of a Container............................................................................................................................................... 9

5.3.2 Deletion of a Container ............................................................................................................................................... 9

5.3.3 Grant Access to Resources grouped by a Containers .....................................................................10

5.3.4 Reject Access to Containers .................................................................................................................................11

5.3.5 Ignore Access Request to Containers ..........................................................................................................12

5.3.6 Revoke Access to Containers ..............................................................................................................................12

5.4 Resource Access ..................................................................................................................................................................................13

5.4.1 Access .....................................................................................................................................................................................13

5.4.2 No Access .............................................................................................................................................................................13

Annex A (informative) Registration of the service/application owner at the Accessing Party ............15

Bibliography .............................................................................................................................................................................................................................16

© ISO 2019 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/TR 20078-4:2019(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso

.org/iso/foreword .html.

This document was prepared by Technical Committee ISO/TC 22, Road vehicles, Subcommittee SC 31,

Data communication.
A list of all parts in the ISO 20078 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/members .html.
iv © ISO 2019 – All rights reserved
---------------------- Page: 4 ----------------------
TECHNICAL REPORT ISO/TR 20078-4:2019(E)
Road vehicles — Extended vehicle (ExVe) web services —
Part 4:
Control
1 Scope

This document describes the processes of an Offering Party’s implementation to provide (ISO 20078-2)

Access controlled (ISO 20078-3) Resources (ISO 20078-1) to Accessing Parties. The processes are

summarized as: Registration of different stakeholder as well as granting, denying and revoking of

Access to Resources. Those processes are held as examples of combining ISO 20078-1, ISO 20078-2 and

ISO 20078-3 and can vary depending on the actual implementation of the Offering Party.

2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 20078-1, Road vehicles — Extended vehicle (ExVe) ‘web services’ — Part 1: Content

3 Terms, definitions and abbreviations

For the purposes of this document, the terms, definitions and abbreviations given in ISO 20078-1 apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https: //www .iso .org/obp
— IEC Electropedia: available at http: //www .electropedia .org/
4 Roles
4.1 Resource owner
4.1.1 Resources

The Resource Owner is in control of the access to its Resources. To control access, the Resource Owner

uses the processes: granting, denying, ignoring and revoking.
© ISO 2019 – All rights reserved 1
---------------------- Page: 5 ----------------------
ISO/TR 20078-4:2019(E)
Figure 1 — The Resource Owner grants, denies or revokes access to Resources

Figure 1 illustrates an example of how a Resource Owner controls access to Resources offered to

the accessing Party by the offering Party. The Resource Owner can grant, deny or revoke access

(ISO 20078-3) to its Resources at any time.

— Granting: The Resource Owner reviews the resources presented by the Offering Party and decides

to grant access to the Accessing Party.

— Denying: The Resource Owner reviews the Resources presented by the Offering Party and decides

to deny access to the Accessing Party.

— Ignoring: The Resource Owner does not grant or deny access to the Accessing Party. The request

stays pending for a pre-defined time, after which it will be denied.

— Revoking: The Resource Owner revokes an already granted access to an Accessing Party.

NOTE The Accessing Party is a third-party service provider or the VM when acting as a service provider

both acting for after sales services after the ExVe has been sold or leased.
4.1.2 Containers

The Resource Owner is in control of the Access (ISO 20078-3) to their Resources (ISO 20078-1) grouped

by a Container. The Resource Owner uses the processes: registration, granting, denying, ignoring,

revoking to grant, deny or revoke Access Resources.

The content of a Container is defined by the Accessing Party or the Offering Party. The Offering Party

offers the Container with the granted Resources if available.
2 © ISO 2019 – All rights reserved
---------------------- Page: 6 ----------------------
ISO/TR 20078-4:2019(E)
Figure 2 — The Resource Owner grants, denies or revokes Access to Containers

Figure 2 displays an example for one Accessing Party. The Accessing Party or the Offering Party defines

Containers, each identified by a unique “CID”, to Access Resources of the Offering Party. The Resource

Owner can individually grant, deny or revoke — at any time — Access (ISO 20078-3) to Resources of

defined Containers (ISO 20078-1). Such decisions made by the Resource Owner are collectively called

the request permission processes. Possible states or outcomes of these processes are:

— Granted: A certain Container is defined by the Accessing or the Offering Party. The Resource Owner

grants Access to the Container for the Accessing Party. Through this grant process the Resource

Owner verifies that both the Resources, and the purpose of data processing of the Container are

presented by the Offering Party; see Figure 15 and/or Figures 16 and 17.

— Denied: A certain Container is defined by the Accessing or the Offering Party. The Resource Owner

denies the Access to the Container for the Accessing Party. Because of this action, the Resource

Owner does not approve the Access to the Resources and/or the purpose of data processing of the

Container that are presented by the Offering Party; see Figure 18.

— Pending/Ignored: A certain Container is defined by the Accessing or the Offering Party and selected

for a grant request. After starting the request, the Resource Owner does not continue to either grant

or to deny. The request stays pending as long as it is ignored by the Resource Owner. If a pre-defined

time passes, and the request has been ignored, it is denied by the Offering Party; see Figure 19.

— Revoked: A certain Container is defined by the Accessing Party or the Offering Party and was granted

by the Resource Owner. After a certain time, the Resource Owner revokes the Access to Resources

of the Container for the Accessing Party. This immediately denies any further Access to Resources

for the Accessing Party; see Figure 20.
4.2 Accessing Party

The Accessing Party uses the issued credentials to authenticate itself when requesting Access tokens

from the Offering Party. To retrieve an Access token and Access the Resource Owner’s Resources, an

explicit grant from the Resource Owner is required.
© ISO 2019 – All rights reserved 3
---------------------- Page: 7 ----------------------
ISO/TR 20078-4:2019(E)

Afterwards the Accessing Party registers its own digital customers on its digital services/applications

and/or on its resource providing services; see Annex A.1 as an example.

These digital customers consume the digital services/applications that are developed, offered

and maintained by the Accessing Party. These services are available for use for as long as Access to

Resources of the Offering Party is granted by the Resource Owner.
4.3 Offering Party

The Offering Party makes Resources available via web-services for Access by an Accessing Party. The

Offering Party provides Access to Resources based on the consent of the Resource Owner either on

a single resource or Resources grouped by a Container. Additionally, the Offering Party manages the

processes defined in (Clause 5).
5 Processes
5.1 Registration
5.1.1 Accept registration of a requesting Party

A requesting Party (not yet an Accessing Party) sends a registration request with the mandatory

registration information (identification) to the Offering Party.

Figure 3 — Registration request of a requesting Party accepted by the Offering Party

The approval of the registration is in responsibility of the Offering Party. If the registration is approved,

the Offering Party provides information on how to Access web-services and (if available) web portals,

e.g. web service documentation, URIs and necessary credentials.

After successful registration, the requesting Party receives the role of an Accessing Party and may (for

example) create Containers.
The registration process (Figure
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.