Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
BaSyx / Documentation / Components / AAS Server / Features / Authorization
Authorization
User Story & Use Case
As AAS Components user
I want to authorize data access on AAS & Submodels contained in the AAS Server
so that I can store sensitive data and prevent its unauthorized access.
This feature enables AAS components user to secure the AAS & Submodels stored on the AAS Server component.
Feature Overview
The authorization is a basic implementation to enable only authorized requests for WRITE
and READ
operations for both the AAS and the submodels.
This implementation uses OAuth2 tokens and scopes, with the scopes being defined [for submodels] and [for the AAS].
As long as the token includes the respective scopes, an operation can be performed if the authorization is enabled.
An example for the authorization can be found in the scenario with Keycloak.
Feature Configuration
Authorization is disabled by default. Basic authorization can be configured in the aas.properties:
aas.authorization=Enabled aas.authorization=Disabled