WE CLAIM
1. A method at a network element for securely sharing services across
domains, the method comprising:
receiving a request at the network element to add a first domain and an
edge domain to a system;
provisioning a public key of the network element to the first domain and
the edge domain;
receiving a public key of the first domain;
populating, in the network element, a table with services provided by the
first domain or the edge domain;
populating, in the network element, a second table with applications
installed at the first domain or edge domain and permissions for services for the
applications; and
controlling access to the services by the applications.
2. The method of claim 1, wherein the controlling access comprises:
receiving a request from an application on the first domain, the request
being signed by the first domain;
verifying the request;
based on the verifying and based on the permissions for services for the
application, providing at least one token for a service back to the first domain, the
at least one token including an identifier for the service and a signature of the
network element.
3. The method of claim 2, wherein the token further includes an expiration
time.
4. The method of claim 1, wherein the controlling access comprises:
receiving a request from a domain bridge on the first domain, the request
being signed by the first domain and including an application identifier;
verifying the request;
based on the verifying and based on the permissions for services for an application associated with the application identifier, providing at least one token for a service back to the domain bridge, the at least one token including an identifier for the service and a signature of the network element.
5. The method of claim 1, wherein the controlling access comprises: receiving a request from the first domain to synchronize the second table;
and
providing the second table to the first domain.
6. The method of claim 1, wherein the table with services further includes delegation of permissions for a subset of services.
7. The method of claim 1, wherein the provisioning occurs during manufacture of a computing device with the first domain and the edge domain.
8. The method of claim 1, wherein the provisioning occurs at a trusted service center for a computing device with the first domain and the edge domain.
9. The method of claim 1, wherein the first domain and the edge domain belong to a vehicle, and wherein the network element is a fleet manager.
10. A network element for securely sharing services across domains, the network element comprising:
a processor; and
a communications subsystem, wherein the network element is configured to:
receive a request at the network element to add a first domain and an edge domain to a system;
provision a public key of the network element to the first domain and the edge domain;
receive a public key of the first domain;
populate, in the network element, a table with services provided by the first domain or the edge domain;
populate, in the network element, a second table with applications installed at the first domain or edge domain and permissions for services for the applications; and
control access to the services by the applications.