Versions Compared

Old Version 20

changes.mady.by.user Former user

Saved on

compared with

New Version 21

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Concepts of Identity within the Internet of Things

Version: 0.0304


Archives of this paper: http://kantarainitiative.org/confluence/display/IDoT/Concepts+of+Identity+within+the+Internet+of+Things

...

Abstract

The purpose of this paper is to describe identity concepts in the Internet of Things. Identity mechanisms in the Internet of Things are different from those in the classic web.
Furthermore this paper proposes a terminology for Identity management in the Internet of Things. This should help to facilitate discussions and work in this area without the need to define basic terms again.

...

The “Internet of Things” (IoT) is beginning to evolve and early solutions are now being implemented. We can find implementations in areas like logistics, farming, industry, home automation and many others. But its restrictions become obvious as we try to connect solutions of different vendors, communities or standard groups. From a business point of view the IoT enables a plethora of new opportunities, use cases and scenarios. From a technical point of view the IoT consists of uncountable devices, sensors or actuators or simply objects connected to services in the Internet. Today, devices and sensors speak a lot of different protocols, but most of them are not HTTP. That is why application development in the IoT is hard to be implemented. There is a lack of decent application integration layers. The next logical step is to use common Web technologies for the IoT. Identity management is one of the most important common technologies. Apart from adapting communication protocols an overarching identity framework is crucial for a growing IoT. Today we have many separated solutions and niche standards. As a consequence, there is no overall framework for how to recognize and manage identities across different solutions. That is why we decided to found a discussion group called “IDentities of Things” within Kantara Initiative. 

What is special about identitites in the Internet of Things?

Lifecycle

In user identity management (Classic IdM) we have rather long living lifecycles of an identity. In day to day service like e-mail, online shopping etc. a user account exists for months, years or even a lifetime. We as users of any kind of service might ask ourselves “When was the last time when we actively deactivated or deleted an account?”. In the Internet of Things objects have very different lifetimes. This might range from years or decades down to days or minutes.

Example: A parcel might be shipped from one country to another. The parcel gets an RFID tag associated with an identifier. It moves from logistic center to another, crosses borders, it is tracked, controlled and routed. As soon as it arrives the identity of the parcel disappears.

Protection Mechanisms

In the classic identity management certain protection methods have been established over the years to protect an identity from abuse. We have authentication methods to proof identities, secure channels to transmit identity attributes and passwords and other data are stored encrypted.
Security concepts like integrity, availability, authenticity,  non-repudiation are built in classic identity protocols like SAML and OpenID. In the Internet of Things the situation is different. Here many communication protocols are not based on internet protocol. Many sensors or actuators have just restricted resources in terms of energy, bandwidth, connectivity. Protocols like enOcean[] or KNX[]  use only few bytes to send commands or receive values. There is no room for encryption, challenge response procedure or other security mechanisms.


The IoT from (a very simplfied) logical point of view

...

Things or objects in the IoT have often a relationship to real persons. These could be owner(s), manufacture(s), user(s), administrator(s) or many other functions. These relationships are affected by lifecycles. A product might be owned by a manufacture first and subsequently by a user who bought the product. The owner, user or administrator of an object might change over time. Objects finally disappear from the IoT after a certain life time. Identity lifecycles in the IoT can be much longer or shorter than in classic user-related identity management systems.



Lifecycle of objects The lifecycle of objects might be different from identity of individuals. And object can be brought to existence. It can be assigned to an owner. An object might also change its owner. And object can technically disappear. The life cycle might be significant shorter or longer than in classic Identify management.This can lead to dynamic changes in routing, identity management etc….TBD


Governance of object data

...