In the mobility sector, there are many players who work together directly or indirectly to make integrated mobility experiences possible. In the area of car sharing, for example, there are mobility providers who act as car sharing providers to customers. They own a brand, process bookings and payments (e.g. via app) and take care of customer relations.
The actual rented vehicles, on the other hand, come from so-called asset providers. These could be companies that already have a fleet of vehicles that are not fully utilized or have explicitly organized vehicles for hire. However, asset providers can also have other necessary infrastructure, such as parking spaces, which are required for station-based car sharing.
Apart from car sharing, there are other stakeholders who are part of the mobility industry. Charging infrastructure operators for electric vehicles can be found here, for example. On the one hand, these are charging providers who offer customers subscriptions to purchase charges and, on the other hand, charging point providers who operate charging stations where charging can be carried out.
It is often the case that a company assumes several roles at the same time (e.g. a mobility provider could also own its own vehicles and parking spaces), but it is very unlikely that a company will hold all roles at once. In other words, in order to connect different providers and to enable collaboration in an orderly and seamless manner, we have developed the SmartMove platform: A Mobility as a Service (Maas) application that covers the roles of mobility providers, asset providers and charging infrastructure provider providers and maps their interactions. As a result, none of these stakeholders need to have know-how in software development and can fully focus on handling their own transactions in the mobility market.
In the following blog post, we would like to introduce you to the technical background of our SmartMove platform and discuss the challenges and solutions in the area of multi-tenant implementation.
Multi-tenant MaaS from a technical perspective
As discussed at the beginning, there are many players in the mobility sector. Our SmartMove platform covers all these roles and enables them to work seamlessly together by mapping their work processes and interactions in our software. Our SmartMove platform essentially consists of a backend system with a web front end (the smartmove Web Portal), which, among other things, enables customer relation management, booking management, billing, fleet and product management. There are also related components in our ecosystem, such as a white label and a SmartMove app, which is the front end for end customers.
All of these components are interlinked, but not every user should be able to see all the details. Critical data from a stakeholder should not be accessible to a representative from another role, especially if there is no active collaboration. The design of such a platform is therefore complex not only from a purely technical point of view, but also in terms of security and data protection.
Access control to data and privacy is therefore clearly carried out along the dividing lines between roles. For example, end customers should not have access to vehicles that are not part of their product with a mobility provider. That is why we first look at the organizational chart of stakeholders on the SmartMove platform from a customer perspective.
An end customer selects a product from a mobility provider. This mobility provider has contracts with asset providers who own vehicles. These can also be connected to other asset providers, which provide storage space. Mobility providers also have contracts with charging providers to enable customers to charge their rental electric vehicles. Charging providers are cooperating behind the scenes with charging point providers to provide access to physical charging stations. Ultimately, a mobility provider can determine which of the existing vehicles and charging providers are offered for each product.
The product is therefore the linchpin for the authorizations of an end user. People who have selected a specific product are not allowed to view vehicles, parking spaces and charging points that are not included in their product. This means that all functions of the SmartMove platform are subject to access restrictions. As a result, access permissions must be implemented for every REST interface of the backend.
Now, the point of view from end customers is not the only one. For example, a mobility provider typically has a support hotline that must be able to help people with specific problems. Of course, they must be able to view the data of the persons concerned as well as their bookings, invoices, vehicles used, etc. However, support employees may not view customers from other mobility providers. Asset providers could also need access to data from people, for example if they have damaged a vehicle. This means that even though asset providers usually have no insight, there are certain special cases that must be covered by an authorization system.
As you can see, one of the biggest challenges in implementing a multi-tenant MaaS platform is that a variety of different roles come together, all of which are only allowed limited access to certain data in accordance with data protection laws. In addition, these authorizations are structured differently depending on the point of view. A complex network of role interactions and access restrictions is therefore created, which must be precisely planned and implemented cleanly.
Conclusio
Our SmartMove platform brings different players together while respecting the needs of each party so that everyone can benefit from each other. By bringing services together, companies can contribute to modern mobility in different roles. Implementing such a multi-tenant setup requires meticulous planning and know-how in software engineering. We hope we were able to give you a brief insight into our implementation process.
