From c3d643cbe21a468700f001248378d7bf2452e076 Mon Sep 17 00:00:00 2001
From: Ahmed Osman <ah_osman@yahoo.com>
Date: Wed, 27 Sep 2023 22:40:44 +0200
Subject: [PATCH] Update file README.md

---
 demos/demo2/README.md | 30 ++++++++++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/demos/demo2/README.md b/demos/demo2/README.md
index 756ff8b..08afa06 100644
--- a/demos/demo2/README.md
+++ b/demos/demo2/README.md
@@ -35,8 +35,34 @@ To await specific messages, S3IBAsyncClient's awaitMessage method can be used. T
 
 demo2_forestmanager_waldbesitzer.py updates the security submodel, then notifies demo2_forestmanager.py using the 
 S3IBAsyncClient's sendUserMessage Method:
-`await client.sendUserMessage(forstify_hmi_id, "s3ibs://" + forstify_hmi_id, "Authorized", "Authorized")`
-(foristify_hmi_id here is a naming mistake)
+`await client.sendUserMessage(forestmanager_hmi_id, "s3ibs://" + forestmanager_hmi_id, "Authorized", "Authorized")`
+
+### Security and Authorization
+
+Security-related data can be stored in the security submodel (refer to /model/security.py). It contains AccessControl, a SubmodelElementList of AccessRuleCollection. The latter is a SubmodelElementCollection, that contains a SubmodelElementList of AccessPermissonRule (a SubmodelElementCollection with the user the permission is being granted to, the permission type for example ALLOW, and the permisson for example READ) and the Target (a ReferenceElement that refers to the AAS-Element the rules apply to). 
+
+```
+    rules = [security.AccessPermissionRule(forestmanager_hmi_id, 
+                                           security.PermissionKind.ALLOW, 
+                                           security.Permission.READ),
+            security.AccessPermissionRule(forestmanager_hmi_id, 
+                                          security.PermissionKind.ALLOW, 
+                                          security.Permission.WRITE)]
+
+    rules_smc = security.AccessPermissionCollection(
+        target=model.ModelReference.from_referable(aas_dz_wald),
+        rules=rules
+    )
+
+    access_control = security.AccessControl(permissions=[rules_smc])
+
+    security_sm = security.Security("https://www.company.com/security") 
+    security_sm.add_referable(access_control)
+
+```
+
+Since permission-granting decisions are made by the opa-server (if security enabled), this data must provided (in simpler format) to it and continiously updated (if changes occur). This is handled by the S3IBServer Component utilizing the security.py::get_dict_from_security_submodel method.  
+
 
 
 
-- 
GitLab