Managed offline sessions
Remote control of multi-users devices such as drones, robots and inspection cameras, require a different type of session management: how to avoid interference from multiple users users, how to make users accountable for their own actions and, yet, how to avoid the need for a real-time connection with an external system.
In these cases, you want to avoid that critical sessions need to be maintained by your remote controlling server and avoid that sessions need to be externally verified. Yet, you do want to verify the controller’s right to remotely control a device and you want to hold the controller accountable for every instruction he/she is remotely sending to the device.
OpenID Connect provides the standard for bearer id-tokens. Using id-tokens, stateless and offline ‘sessions’ can be set up whereby the id-token contains all information to verify access rights and sessions. There is no need for caching user data and user sessions and no need to verify sessions against an external system in real-time.