Capability-Based Multi-Tenant Access Management in Crowdsourced Drone Services

TL;DR

This paper introduces a capability-based access control system for crowdsourced drone services that integrates Verifiable Credentials with OAuth 2.0, enhancing security, privacy, and multi-tenancy support.

Contribution

It presents a novel integration of VCs into OAuth 2.0, creating a new access token format and protocol for secure, flexible, and efficient resource sharing in drone services.

Findings

Enhanced security and privacy in drone data sharing

Supports multi-tenancy with decentralized access policies

Improves data portability and long-term access

Abstract

We propose a capability-based access control method that leverages OAuth 2.0 and Verifiable Credentials (VCs) to share resources in crowdsourced drone services. VCs securely encode claims about entities, offering flexibility. However, standardized protocols for VCs are lacking, limiting their adoption. To address this, we integrate VCs into OAuth 2.0, creating a novel access token. This token encapsulates VCs using JSON Web Tokens (JWT) and employs JWT-based methods for proof of possession. Our method streamlines VC verification with JSON Web Signatures (JWS) requires only minor adjustments to current OAuth 2.0 systems. Furthermore, in order to increase security and efficiency in multi-tenant environments, we provide a novel protocol for VC creation that makes use of the OAuth 2.0 client credentials grant. Using VCs as access tokens enhances OAuth 2.0, supporting long-term use and efficient data management. This system aids bushfire management authorities by ensuring high availability, enhanced privacy, and improved data portability. It supports multi-tenancy, allowing drone operators to control data access policies in a decentralized environment.