Authorizing Center --> Cooperative ITS Credentials Management System:
user permission sets
Definitions
user permission sets (Information Flow): This flow identifies users, user groups, and associated user permission sets for a geographic area or jurisdiction and set of connected vehicle applications or services.
Authorizing Center (Source Physical Object): The 'Authorizing Center' provides the functionality needed to enable data exchange between and among mobile and fixed transportation users. Its primary mission is to enable safety, mobility and environmental communications-based applications for both mobile and non-mobile users. The Authorizing Center has some jurisdiction over limited access resources; typically this includes roadside application access and radio spectrum licensing. It may be implemented as an autonomous center or as a set of supporting services that are co-located within another center.
Cooperative ITS Credentials Management System (Destination Physical Object): The 'Cooperative ITS Credentials Management System' (CCMS) is a high-level aggregate representation of the interconnected systems that enable trusted communications between mobile devices and other mobile devices, roadside devices, and centers and protect data they handle from unauthorized access. Representing the different interconnected systems that make up a Public Key Infrastructure (PKI), this physical object represents an end user view of the credentials management system with focus on the exchanges between the CCMS and user devices that support the secure distribution, use, and revocation of trust credentials.
Included In
This Triple is in the following Service Packages:
This triple is associated with the following Functional Objects:
This Triple is described by the following Functional View Data Flows:
This Triple has the following triple relationships:
None |
Communication Solutions
- (None-Data) - Secure Internet (ITS) (32)
Selected Solution
Solution Description
ITS Application Entity
Development needed |
Click gap icons for more info.
|
||
Mgmt
|
Facilities
Development needed |
Security
|
|
TransNet
|
|||
Access
Internet Subnet Alternatives |
Note that some layers might have alternatives, in which case all of the gap icons associated with every alternative may be shown on the diagram, but the solution severity calculations (and resulting ordering of solutions) includes only the issues associated with the default (i.e., best, least severe) alternative.
Characteristics
Characteristic | Value |
---|---|
Time Context | Static |
Spatial Context | Regional |
Acknowledgement | True |
Cardinality | Unicast |
Initiator | Source |
Authenticable | True |
Encrypt | True |
Interoperability | Description |
---|---|
National | This triple should be implemented consistently within the geopolitical region through which movement is essentially free (e.g., the United States, the European Union). |
Security
Information Flow Security | ||||
---|---|---|---|---|
Confidentiality | Integrity | Availability | ||
Rating | High | High | Moderate | |
Basis | End entity identity and associated permissions could be contained. This PII could include that of emergency personnel, and could include permissions assigned, all of which, if easily accessed could have a high cost of recover. Flow is not realized by known standards, so it may be possible to lower it to MODERATE in the future, when it can be better characterized. | Assignment of permissions with control over physical communications channels needs the greatest possible protection and cannot be mishandled or manipulated in transit. | While update of this flow may be important, it is a non-real-time service in most cases. Could possibly be LOW. |
Security Characteristics | Value |
---|---|
Authenticable | True |
Encrypt | True |