This Specific Enabler (SE) provides a scalable and flexible service to collect and dispatch, in a controlled way, events in Smart Factory environments. The SE manages events using distinct, autonomous and independent partitions (namespaces) whose number and structure depends only on the functional needs of the production site. Events are associated to specific nodes in a namespace. The access control mechanism provided by the SE manages access rights (publish or subscribe) to a specific node or to set of nodes in a namespace thus assuring that only specific, authorized entities can send or receive events. The Specific Enabler architecture is highly scalable and is compliant with the AMQP standard (http://www.amqp.org) for message oriented middleware.
Events management is a key component of the Smart Factory domain and, in general, of automation systems adopting an Event Driven Architecture. This FITMAN SE provides asynchronous and fire-and-forget communication functions. Additionally, to support the Smart Factory demand for properly managing business-confidential and business-critical data, this SE enforce a capability-based access control mechanism ( https://en.wikipedia.org/wiki/Capability-based_security ) and offers scalability and resiliency features as envisaged by the AMQP standard.
The Secure Event Management is a middleware component that acts as a secure, flexible, and scalable connector among event sources (i.e. Publishers) and event consumers (i.e. Subscribers). As stated in the previous section, it aggregates events in specific, disjoint, hierarchical namespacesfor processing and access control convenience. The advantages of this technology are the following:
- complete decoupling of events’ sources and consumers (asynchronous, fire-and-forget patterns)
- bringing data to the interested consumers instead of bringing consumers to data
- scalability and reconfiguration flexibility
- advanced, flexible, and scalable access control features
- dynamic and smooth addition of new events’ sources and consumers (zero downtime)
The Secure Event Management supports a capability based access control mechanism to govern access to events’ namespaces from single namespace nodes, up to set of disjoint nodes or whole namespace subtrees. The capability based approach has the following features: access right delegation, capability tokens revocation, fine-grained access rights. Token elements are based on the Security Assertion Markup Language (SAML)and eXtensible Access Control Markup Language (XACML) standards (with some extensions).
Capabilities are communicable and unforgeable tokens of authority. By virtue of the possession of a capability token, a process/subject can access a resource/service exercising the rights that the capability token grants. A capability based access control and rights delegation approach has the following advantages:
- the Principle of Least Authority (PoLA) is the default
- supports a more fine-grained access control
- less security issues (no Confused Deputy problem)
- externalizes and distributes the management of the authorization process
- no issues related to the complexity and dynamics of identity management
The SE includes features and specific service elements to generate access capabilities (access tokens) and capability revocation tokens, as well as to revoke granted access rights (i.e., revoke access tokens).
Architecture
The following picture provides a quick overview of a deployment scenario of the SE as a middleware that mediates data exchanges between shop floor event sources and consumer services both within and outside the production facilities. As highlighted in the picture, a device/service (e.g., the Complex Event Processing engine) can be at the same time consumer of some kind of events, and source of other events (e.g., it analyzes events originated by the production line and managed via a namespace – the yellow one in the picture – and, then, generates alerting events dispatched via another specific namespace – the blue one in the picture).
