Profile Based Access Control Model Using JSON Web Tokens

Abstract: Currently at Axis, a local role-based access control system is used in devices, which forces the user credentials to be directly installed on the individual devices and the limited selection of roles does not allow for fine-grained access rights. This creates an administrative nightmare in a large scale network and leads to elevated privileges. Instead of this approach a profile based access control can be used. The goal of this thesis work was to design an access control system for profile based access control, utilizing JSON Web Tokens (JWT) for distribution. How pro- file based access control works was investigated and the possibilities of enforcing dynamic, user defined and distributed profiles were explored in contrast to static access tables. This system allows an admin to create custom access control pro- files depending on the use case, instead of being limited by the roles or profiles preinstalled on the device. Open ID Connect was used for user authentication and authorization of profiles. The system’s design was implemented through an ambitious Proof-of-Concept (PoC) that encompassed numerous components with the primary objective of evaluating the feasibility of incorporating the proposed idea into an actual pro- duction system. The innovative features of the resulting system design have been condensed and included in a patent application, which was subsequently filed by Axis.