Skip to content

DR-003-ARCH-ACL-Concept: Generic Format for Access Control List#3058

Open
christianbe9 wants to merge 12 commits into
eclipse-score:mainfrom
qorix-group:dr_003_arch_acl_concept
Open

DR-003-ARCH-ACL-Concept: Generic Format for Access Control List#3058
christianbe9 wants to merge 12 commits into
eclipse-score:mainfrom
qorix-group:dr_003_arch_acl_concept

Conversation

@christianbe9

Copy link
Copy Markdown
Contributor

Introducing a common format for an Access Control List (Crypto, SOME/IP,
IPC and further potential usecases), such that it is
only required to use one common parser, one common format for reviews
and also one common "ACL Manager" aka editor for ACLs and also compiler
for the ACL into a binary format.

Christian Becker added 10 commits July 1, 2026 19:09
Introducing a common format for an Access Control List (Crypto, SOME/IP,
IPC and further potential usecases), such that it is
only required to use one common parser, one common format for reviews
and also one common "ACL Manager" aka editor for ACLs and also compiler
for the ACL into a binary format.

Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>�
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

The created documentation from the pull request is available at: docu-html

Comment thread docs/design_decisions/DR-003-arch-ACL-Concept.md Outdated
Comment thread docs/design_decisions/DR-003-arch-ACL-Concept.md Outdated
@GuruprasadBhatL

Copy link
Copy Markdown

A few generic questions :

  1. Is JSON as a config format centrally approved in eclipse/score ?
  2. Is the proposal is to have ACL configuration for all features (Crypto/LoLa/SomeIP) in one file ?
  3. How is relationship established between ACL config and config of individual features like Crypto/LoLa.

{
"uids":
{
"101":{"rights": ["write"],"name": "oem.app.1","version": [],"criticality": "ASIL-B","specifics": {}},

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would like to understand significance of criticality in the current context.

How does it influence ACL configuration.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As we do an ACL my question is: should we include criticality in the config as well to do a cross check/ensure such that there is no mixture "by accident" of criticality due to wrong configuration or something; i.e. can a ASIL application and QM application both interact via one IPC which should not be the case afaik. So this is not a security thing, question is if we also should use this for safety purpose or not.

"enum": [
"read",
"write",
"monitor"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is monitor right ?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Idea behind monitor is (I'm not sure how valid) is only related to IPC, for SOME/IP and crypto its same as read, for IPC the idea is to have only read permission to data and control plane, so that a montoring application cannot interfere with the normal behaviour, however that means you could have partial reads from control plane, therefore control plane might be monitored but not so sure how good of an idea it is. Concrete example was for a Intrusion detection, health monitoring, etc.; e.g. you could check if somebody is blocking in the control pane for too long

@christianbe9

Copy link
Copy Markdown
Contributor Author

A few generic questions :

  1. Is JSON as a config format centrally approved in eclipse/score ?
    I would say yes, as all other components (e.g. lifecycle) are also using json as config format
  2. Is the proposal is to have ACL configuration for all features (Crypto/LoLa/SomeIP) in one file ?
    No, this can be, but must not. I just put everything into one file as the idea is to have everything in the same format and have one parser capable of parsing all the properties. So you can have 3 configs (1 IPC, 1 SOME/IP, 1 Crypto) or 2 configs (1 IPC & SOME/IP, 1 crypto) or 1 config containing all thats up to the integrator.
  3. How is relationship established between ACL config and config of individual features like Crypto/LoLa.
    ACL config is input to Crypto lib, LoLa and someipd; i.e. all 3 include the parser lib and use the acl, either from the same path or from 3 different paths, so the path where this ACL is located is configured per component.
    Based on the ACL the enforcement is then done in each component

christianbe9 and others added 2 commits July 9, 2026 13:38
Co-authored-by: Guruprasad Bhat <30743494+GuruprasadBhatL@users.noreply.github.com>
Signed-off-by: christianbe9 <christianb_ext@qorix.ai>
Co-authored-by: Guruprasad Bhat <30743494+GuruprasadBhatL@users.noreply.github.com>
Signed-off-by: christianbe9 <christianb_ext@qorix.ai>
@ChansAlive

Copy link
Copy Markdown

A few generic questions :

  1. Is JSON as a config format centrally approved in eclipse/score ?
    I would say yes, as all other components (e.g. lifecycle) are also using json as config format
  2. Is the proposal is to have ACL configuration for all features (Crypto/LoLa/SomeIP) in one file ?
    No, this can be, but must not. I just put everything into one file as the idea is to have everything in the same format and have one parser capable of parsing all the properties. So you can have 3 configs (1 IPC, 1 SOME/IP, 1 Crypto) or 2 configs (1 IPC & SOME/IP, 1 crypto) or 1 config containing all thats up to the integrator.
  3. How is relationship established between ACL config and config of individual features like Crypto/LoLa.
    ACL config is input to Crypto lib, LoLa and someipd; i.e. all 3 include the parser lib and use the acl, either from the same path or from 3 different paths, so the path where this ACL is located is configured per component.
    Based on the ACL the enforcement is then done in each component

Hi,

ACL config is input to Crypto lib. Considering we have a library daemon architecture for crypto stack, is this still valid? Would this be crypto daemon or still crypto lib?

@christianbe9

Copy link
Copy Markdown
Contributor Author

A few generic questions :

  1. Is JSON as a config format centrally approved in eclipse/score ?
    I would say yes, as all other components (e.g. lifecycle) are also using json as config format
  2. Is the proposal is to have ACL configuration for all features (Crypto/LoLa/SomeIP) in one file ?
    No, this can be, but must not. I just put everything into one file as the idea is to have everything in the same format and have one parser capable of parsing all the properties. So you can have 3 configs (1 IPC, 1 SOME/IP, 1 Crypto) or 2 configs (1 IPC & SOME/IP, 1 crypto) or 1 config containing all thats up to the integrator.
  3. How is relationship established between ACL config and config of individual features like Crypto/LoLa.
    ACL config is input to Crypto lib, LoLa and someipd; i.e. all 3 include the parser lib and use the acl, either from the same path or from 3 different paths, so the path where this ACL is located is configured per component.
    Based on the ACL the enforcement is then done in each component

Hi,

ACL config is input to Crypto lib. Considering we have a library daemon architecture for crypto stack, is this still valid? Would this be crypto daemon or still crypto lib?

Yes, that was bad wording by me; so ACL would be input to Crypto Daemon (in a setup where you have a mw:crypto for the application which handles the IPC to the Deaemon using LoLa and a Daemon which actually handles the jobs). The crypto lib itself will be part of the application, so it will not include the ACL check (as application would check itself then).

@GuruprasadBhatL

Copy link
Copy Markdown

Original Question : How is relationship established between ACL config and config of individual features like Crypto/LoLa.

Response :
ACL config is input to Crypto lib, LoLa and someipd; i.e. all 3 include the parser lib and use the acl, either from the same path or from 3 different paths, so the path where this ACL is located is configured per component.
Based on the ACL the enforcement is then done in each component

Follow up question :

How is ACL format enforced in config of SomeIP/Crypto ? is is there a way for SOMEIP/Crypto config to inherit (enforce interface schema ) from ACL JSON schema ?

if this is clarified, I have no further questions.

@qor-lb qor-lb added ft:communication Feature Team Communication ft:security&crypto labels Jul 14, 2026
@christianbe9

Copy link
Copy Markdown
Contributor Author

Original Question : How is relationship established between ACL config and config of individual features like Crypto/LoLa.

Response : ACL config is input to Crypto lib, LoLa and someipd; i.e. all 3 include the parser lib and use the acl, either from the same path or from 3 different paths, so the path where this ACL is located is configured per component. Based on the ACL the enforcement is then done in each component

Follow up question :

How is ACL format enforced in config of SomeIP/Crypto ? is is there a way for SOMEIP/Crypto config to inherit (enforce interface schema ) from ACL JSON schema ?

if this is clarified, I have no further questions.

From my side fine, makes sense, we can define it such that all ACLs must inerhit this ACL JSON schema included here.

And then if some component needs something in addition we update the main ACL JSON schema such that it always remains central.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

Status: Backlog
Status: No status

Development

Successfully merging this pull request may close these issues.

4 participants