Energy Web Documentation
  • Energy Web Ecosystem
  • Launchpad by Energy Web
  • EWC Validator Documentation
  • Community Ressources
  • Legacy documentation
  • Documentation Overview
  • Core Concepts
    • Energy Web Chain
    • Energy Web X
    • Energy Web Tokens
      • Token Lifting
      • Token Lowering
    • Worker Nodes and Worker Node Networks
      • Server-based Worker Node
      • Marketplace App (desktop-based)
    • Worker Node Operator
    • Smart Flows and Groups
    • Subscription
    • Reward Period
    • Voting and Consensus
    • Ethereum
      • Transactions and Transaction Costs
    • Decentralized Identifiers (DIDs)
  • EWC ECOSYSTEM
    • Energy Web Chain
      • System Architecture
        • Proof-of-Authority Consensus Mechanism
        • System Contracts
          • Name registry
          • Holding Contract
          • Block Reward Contract
          • Validator-Set Contract
        • Validator Node Architecture
      • Energy Web Block Explorer
      • Energy Web Chain Governance & Validators
    • Energy Web Tokens
  • EWX ECOSYSTEM
    • Energy Web X
    • EWX: Architecture
    • Pallets
      • Worker Node Pallet
      • Balances Pallet
      • Proxy Pallet
      • XCM Pallet
      • Assets Pallet
      • Multisig Pallet
      • Scheduler Pallet
      • Preimages Pallet
      • Offences Pallet
      • Eth-Bridge Pallet
      • Token-Manager Pallet
      • Ethereum-events pallet
      • Avn Pallet
    • Worker Nodes
      • 🖥️The Marketplace App
        • Operator and Worker Accounts
          • Creating an operator account
          • Funding an operator account
          • Connecting to operator account
          • Disconnecting an operator account
          • Creating a worker account
          • Importing worker account
          • Exporting worker account
          • Linking a worker account to an operator account
          • Unlinking a worker account from an operator account
        • How to use Ledger on Marketplace App
        • Token Management
          • Creating an EWC account
          • Managing EWC accounts
          • Lifting tokens
          • Lowering tokens
          • Tracking lifting and lowering transactions
          • Checking EWT balance
        • Subscriptions
          • Subscribing to a solution group
          • Topping-up subscription amount
          • Managing subscriptions
          • Unsubscribing from a solution group
          • Unsubscribing delay
        • Worker Node and Rewards
          • Configuring remote worker node
          • Switching worker node location to remote
          • Participating into worker node network
          • Votes casted per Period
          • Reward Period
          • Checking rewards
          • Claiming rewards
        • FAQ: Marketplace App
        • Location Services
      • 🗄️Server-based Worker Nodes
        • Deployment Guide
        • Bootstrapping Server-based Worker Node Accounts
        • FAQ: Server-based Worker Nodes
      • Worker Node use cases
        • Sample Enterprise Use-Cases
          • Operating Envelopes Partitioning
          • ZEL Request Partitioning
          • Green Proofs
            • SAFc
            • Green Proofs for Bitcoin (GP4BTC)
            • Green Proofs as a Service (GPSaaS)
            • Green Proofs for Electrical Vehicles (GP4EV)
  • ENERGY SOLUTIONS
    • Green Proofs by Energy Web
      • Green Proofs Overview
      • Green Proofs Architecure
      • Green Proofs Software Stack
      • Use Cases and Reference Implementations
        • 24x7 Renewable Electricity
        • Sustainable Aviation Fuel
        • Green Proofs for Bitcoin
          • GP4BTC Miner Guide
        • Decarbonizing Shipping
        • Green Proofs for Electrical Vehicles
        • Green Proofs as a Service (GPSaaS)
    • Digital Spine by Energy Web
      • Design and Architecture
      • Component Guides
        • Energy Web Name Service (ENS)
        • Self-Sovereign Identities
          • SSI-Hub
          • Technical Guide
            • Organizations
            • Applications
            • Roles and IAM
          • Deployment Guide
            • Deploy Identity Cache Server
            • Deploy Switchboard
        • DDHub Message Broker
          • Technical Guide
            • Authentication and Authorization
            • Topics
            • Messaging
          • Deployment Guide
            • Deploy DID Auth Proxy
            • Deploy Message Broker
        • DDHub Client Gateway
          • Technical Guide
            • Authentication and Authorization
              • Key Vault
            • Client Gateway Identity and VCs
            • Address Book
            • Topics
            • Channels
            • Integration Options
            • Messaging
          • Deployment Guide
            • Launchpad SaaS
            • Azure Marketplace
            • Self-Hosted
              • Deploy with Kubernetes
              • Deploy with Docker
            • Key Vault
              • Deploy with HashiCorp Key Vault
              • Deploy with Azure Key Vault
              • Deploy with AWS Secrets Manager
            • Rebranding and Whitelabelling
Powered by GitBook
On this page
  • Overview
  • User Guide
  • Pre-requisites
Export as PDF
  1. ENERGY SOLUTIONS
  2. Digital Spine by Energy Web
  3. Component Guides
  4. Self-Sovereign Identities
  5. Technical Guide

Roles and IAM

Overview

Identity and Access Management refers to the process of identifying, authorizing, and authenticating participants to interact with the data exchange hub.

Role-based access control is implemented at two levels:

  1. IAM for Client Gateways: Roles are used to govern each Client Gateway’s access to and permissions within a given application, including the gateway’s ability to interact with the Message Broker, access and read/write information within topics, and authenticating messages to ensure that both sender and recipients are known. IAM for Client Gateways is accomplished using a self-sovereign identity framework, in which each actor participating creates a unique identifier and uses it to enrol their gateway instance in one or more roles.

  2. IAM for Users: Each actor participating can govern internal access to their respective Client Gateway by configuring two separate user types: Admin Users, who have permissions to the full suite of features including channel management, API management, and messaging, and Messaging Users, who only have permissions to send, view, and acknowledge messages in the Client Gateway UI. IAM for Users is accomplished with a conventional username/password framework.

User Guide

Pre-requisites

Create a Role

Modify a Role

Remove a Role

Request a Role

Approve a Role Request

Revoke a Role

Sync Roles to Your DID

PreviousApplicationsNextDeployment Guide

Last updated 2 months ago