Centralized and Decentralized Distributed Energy Resource Access Control Implementation Considerations

A global transition to power grids with high penetrations of renewable energy generation is being driven in part by rapid installations of distributed energy resources (DER). New DER equipment includes standardized IEEE 1547-2018 communication interfaces and proprietary communications capabilities. Interoperable DER provides new monitoring and control capabilities. The existence of multiple entities with different roles and responsibilities within the DER ecosystem makes the Access Control (AC) mechanism necessary. In this paper, we introduce and compare two novel architectures, which provide a Role-Based Access Control (RBAC) service to the DER ecosystem's entities. Selecting an appropriate RBAC technology is important for the RBAC administrator and users who request DER access authorization. The first architecture is centralized, based on the OpenLDAP, an open source implementation of the Lightweight Directory Access Protocol (LDAP). The second approach is decentralized, based on a private Ethereum blockchain test network, where the RBAC model is stored and efficiently retrieved via the utilization of a single Smart Contract. We have implemented two end-to-end Proofs-of-Concept (PoC), respectively, to offer the RBAC service to the DER entities as web applications. Finally, an evaluation of the two approaches is presented, highlighting the key speed, cost, usability, and security features.