Direct user access shouldn't be allowed (and priviledged access in particular). Instead, in accordance with standards such as IEC 62443, we advocate that the device makes connection to remote services if required (for instance to check for updates). Users may access a cloud based secure digital twin, such as Azure Digital Twins.
Therefore the important requirement is that devices embed:
a mutual authentication protocol and an end-to-end encrypted channel, to automatically send data to the cloud (see D3 deliverable)
an indirect interaction with end-users (e.g. for enrollment, update, etc.), in which the device acts as the client for a protocol such as IETF GNAP.
A goal for GNAP is to enable human centric authorization flows, enabling better privacy for patients and delegation between healthcare professionals. Another major improvement compared to existing protocols such as OAuth2 is that GNAP also enables to work with identity wallets.
Source : presentation done at IETF GNAP interim meeting slide - AS = authorization server / RS = resource server
Contrary to OAuth2 (and SIOP in particular), handling the authorization server as a token factory enables many types of interactions, including communications with native devices.
Implemented use cases
All these prototypes are available as opensource projects.
Hospital IT/IoT use case
The remote update includes an authorization layer based on GNAP.
BMS use case
We made a prototype that demonstrate the flexible delegation of rights within an organisation, using biscuit tokens (that are now integrated into GNAP):
