Application-scoped Access Control for the Construction Industry

The construction industry is characterized by its extensive and dynamic collaborations between contractors providing various services and expertise. In such eco-systems, the secure sharing of information, data and equipment challenges the access control needs to be application agnostic. Furthermore, it needs fine-grained access policies including means for abstraction to ease administration, and support for delegated authorization in Service-Oriented Architecture (SOA) based systems. In this paper, we explore the use of delegated access using OAuth 2.0 with Attribute-Based Access Control (ABAC) for the collaborative sharing of equipment at construction sites. In particular, we investigate the use of contextual attributes to capture the dynamic aspects, such as location and urgency, in the booking of construction lifts. Through this study, we propose a solution based on the IoT Application-scoped Access Control as a Service (IAACaaS) architecture model combined with NIST Next Generation Access Control (NGAC). We present an architecture for a general Identity and Access Management (IAM) system for the construction industry, and provide a design and guide for implementation of this architecture in terms how key functionalities should be captured as reusable micro-services. Moreover, we describe how these micro-services can be combined to make the system a general and reusable solution providing access control for collaborative sharing of data, information and equipment at construction sites.