We are evaluating several platforms for integrating a "Smart Energy System".
One important requirement we have to support is multitenancy. From the docs I can see the possibility to start the Orion Context Broker with this option. Orion will ensure the data separation based on the fiware-service request header.
That's fine but how to "secure" this header across the whole software stack (PEP-Proxy, IoT-Agent)?
Which component/device sets this header? Which component ensures that a request with a specific fiware-service header value is authorized to access the data of this tenant?
In my opinion this is a task for Wilma as PEP-Proxy. All traffic to Orion is routed through the PEP-Proxy and the proxy checks if this request is valid. Unfortunately I can not find such a check within the source code nor it is explained in the documentation.
Has someone implemented such an architecture an can help me?
