Specification of the Asset Administration Shell Part 4: Security – IDTA Number: 01004
This document defines the security of the Asset Administration Shell. The interaction between authentication and authorisation is explained. The focus of the document is the Access Rule Model. ABAC (Attribute Based Access Control) is used for Access Rules.
Access Rules can be defined for both registries and repositories, so that descriptors, AASs, entire submodels or even individual submodel elements can be protected. References to the AAS model, global attributes such as time or claims from a signed access token can be used as attributes. Access tokens can be provided via authentication using OAuth 2.0, OpenID Connect or from a data room.
