Explanation of Identity and Access Management
AUTOSAR AP R23-11
2 Acronyms and Abbreviations
The glossary below includes acronyms and abbreviations relevant to Identity and Ac-
cess Management that are not included in the AUTOSAR Glossary.
Term
Description
Policy Decision Point (PDP)
The PDP represents the logic in which the access control deci-
sion is made. It determines if the application is allowed to perform
the requested task. The PDP implementation and setup are not
specified in AUTOSAR.
Policy Enforcement Point (PEP) The PEP represents the logic in which the Access Control Deci-
sions are enforced. It communicates directly with the associated
PDP to receive the Access Control Decision.
Access control Policy
Access Control Policies are bound to the targets of calls (i.e., Ser-
vice interfaces) and are used to express what Identity Information
are necessary to access those interfaces.
Access Control Decision The Access Control Decision is a Boolean value indicating if the
requested operation is permitted or not. It is based on the identity
of the caller and the Access Control Policy.
Identity
Identity represents properties of an Adaptive Application the ac-
cess control is decided / enforced upon. In the case of Remote
IAM, Identity can also mean properties of a remote ECU the ac-
cess control is decided / enforced upon.
AUTOSAR Resource The term AUTOSAR Resource covers interfaces that are under
the scope of IAM (e.g., Service Interfaces, Crypto Key Slots,
Crypto certificates).
Intent
An Intent is a property of an Adaptive Application. Access to an
AUTOSAR Resource (e.g., Cr yptoKeySlot, ServiceInterface and
its members Method, Event, and Field) is granted if the request-
ing Application possesses all acknowledged intents that are nec-
essary for that specific resource. An Intent could also describe
the type of the access the Application is requesting (e.g., Read
or write access to a CryptoCertificate). Intents are assigned to
Adaptive Applications within their Application Manifest by means
of AUTOSAR Resource specific modelling(e.g., ComFieldGrant-
Design)
Grant
The integrator acknowledges an Adaptive Application’s intent by
transferring GrantDesigns to a Grant in the deployment phase.
Grant elements may be processed into access control lists for
the PDP implementation.
Application ID
Application ID is a unique identifier of an Adaptive Application.
In the meta-model an Adaptive Application is represented by a
Process.
Process
A Process is the meta model’s runtime instance of an Adaptive
Application and represents its runtime identity. A Process may be
identified during runtime by a uniquely assigned identifier (e.g., a
Unix user).
IPC Inter-Process Communication
Table 2.1: Acronyms and Abbreviations
5 of 13 Document ID 1071: AUTOSAR_AP_EXP_IdentityAndAccessManagement