...
Example: A parcel might be shipped from one country to another. The parcel gets an RFID tag associated with an identifier. It moves from logistic center to another, crosses borders, it is tracked, controlled and routed. As soon as it arrives the identity of the parcel disappears.
Ownership and identity relationships
Things or objects in the IoT often have a relationship to real persons. These could be owner(s), manufacturer(s), user(s), administrator(s) or many other functions. A product might be owned by a manufacturer first and subsequently by a user who bought the product. The owner, user or administrator of an object might change over time. Ownership and identity relationships in the IoT have an impact on other identity related processes like e.g. authentication, authorization. The owner of a thing might be challenged for authentication or be asked for authorization policies.
Protection Mechanisms
In the classic identity management certain protection methods have been established over the years to protect an identity from abuse. We have authentication methods to proof identities, secure channels to transmit identity attributes and passwords and other data are stored encrypted.
Security concepts like integrity, availability, authenticity, non-repudiation are built in classic identity protocols like SAML and OpenID. In the Internet of Things the situation is different. Here many communication protocols are not based on internet protocol. Many sensors or actuators have just restricted resources in terms of energy, bandwidth, connectivity. Protocols like enOcean[] or KNX[] use only few bytes to send commands or receive values. There is no room for encryption, challenge response procedure or other security mechanisms.
...