Versions Compared

Old Version 56

changes.mady.by.user Former user

Saved on

compared with

New Version 57

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Ownership and identity relationships
  • Object Identifier and Namespace
  • Authentication and Authorization
  • Governance of data and Privacy

see details in our paper published in the proceedings of the IEEE World Forum on Internet of Things (WF-IoT) 2014:  Challenges from the Identities of Things

...

Do we need a special identitfier or is there already “the Identifier" for the Internet of Things”?

There is no special identifier for IoT. And there won't be one kind of Identifier. Many standards defacto standards, protocols and solutions exist in the area of IoT. There are variuos kinds of identifier with diffent characteristics suitable for specific purposes. (for details see our Identifier Survey).

...

When there is no dedicated identifier for the IoT, how can things with different identifier from different standards, protocols and domains communicate with each other?

...

  • Things or objects in the IoT often have a relationship to real persons. These could be owner(s), manufacturer(s), user(s), administrator(s) or many other functions. A product might be owned by a manufacturer first and subsequently by a user who bought the product. The owner, user or administrator of an object might change over time. Ownership and identity relationships in the IoT have an impact on other identity related processes like e.g. authentication, authorization. The owner of a thing might be challenged for authentication or be asked for authorization policies.
  • Object Identifier and Namespace
  • Authentication and Authorization
  • Governance of data and Privacy

see details in our paper published in the proceedings of the IEEE World Forum on Internet of Things (WF-IoT) 2014:  Challenges from the Identities of Things

Anchor
2
2

Do we need a special identitfier or is there already “the Identifier" for the Internet of Things”?

There is no special identifier for IoT. And there won't be one kind of Identifier. Many standards defacto standards, protocols and solutions exist in the area of IoT. There are variuos kinds of identifier with diffent characteristics suitable for specific purposes. (for details see our Identifier Survey).

Anchor
3
3

When there is no dedicated identifier for the IoT, how can things with different identifier from different standards, protocols and domains communicate with each other?

Mapping and discovery become important services in large IoT deployments with differnt systems, standards and domains. Let's give an example: A street lamp might have a field bus address consisting of 2 bytes. It is connected with a gateway. Within the gateway the lamp is mapped to "lamp 123". A lamp management system can switch on and off "lamp123" intertnally. Via a REST interface the lamp management system exposes the lamp for example as oneM2M "application entity". So other management systems can switch the lamp by sending messages to a specific oneM2M URL. In this example a thing (lamp) is identified with different identifiers that are mapped to each other (field bus address, internal ID, oneM2M-URL).

...

The are various design startegies and architecture concepts to ensure privacy in communication and during resource access control. The Identity of Thing Discussion Group supports IEEE P2413 IoT Architecture Working Group in writing a Privacy- and Trust Architecture View Point. This first draft of P2413 is (propably) published End of 2017.(we will publish here the privacy strategies and architecture concepts "in brief" soon).

Anchor
8
8

What are key concepts for Identity in Kantara Initiative that can be also used in the IoT ?

User Managed Access (UMA): UMA is a profil on top of OAuth....tbd

Identity Relationship Management

User Consnet Receipts

Is the hugh address pool of IPv6 a soltution for Identities in IoT?

tbd

 

 

 

 

 

 

 

------ old content...to be revised----

What is special about identites in the Internet of Things? (a loose collection of special topics in IdM in IoT....)

Addresses are not Identifier

There is a fundamental difference between addresses and identifier of devices. Addresses determine the communication endpoint within a certain system. For example in the Internet Protocol an IP address is needed to establish a socket, a connection between devices.  While an address is unique at a given point in time, addresses need not be permanent.  A device can have its address changed.  A new device can take on the address of a previous device.  And a device can have more than one IP address.

An identifier is typically a dedicated, publicly known attribute or name (or collection of attributes and names) for an a individual person or device. Typically, identifiers are valid within a specific domain.  A device can have more than one identifier, but it is best to have at least one unique identifier within any domain through which it can be accessed.   If there is no unique identifier, an attempt to communicate with your friend "Joe" may inadvertently open a channel to another Joe.  Or an attempt to obtain temperature data from Sensor "X" my be routed to another Sesnor X that can provide only video images of baby eagles hatching.

In the classic Web, we have a Domain Name Service (DNS) mapping human readable Uniform Resource Identifier (URI) to IP-addresses.  A browser for example resolves a website URI www.telekom.com to a specific IP address of the form xxxx:yyyy:zzzz first. The actual connection between the browser and the Web server is then established by using the returned IP-address.

There are several advantages in separating addresses and identifiers. Incorporating identifiers as a layer of indirection between the address and those seeking to access the address  has several benefits.  First, it may be easier to remember the identifier www.telekom.com than a lengthy address.  Second, this layer of indirection allows the address of the device to be changed without losing the the ability to access it.  The DNS mapping merely needs to be updated to reflect this change.  in this way, a user seeking to access www.telekom.com just needs to remember the identifier and the DNS mapping will automatically reroute the user to the proper address. to the appropriate address.  This becomes particularly important if the location is accessed from within a program, because it obviates the need to update the software every time the address changes.  Additionally, this layer of indirection enables many-to-one configurations where several different identifiers point to a single address. The address is only resolved when a certain condition is fulfilled. The preceding statement needs further clarification.

A thing is composed of other things

a profil on top of OAuth....tbd

Identity Relationship Management

User Consnet Receipts

Is the hugh address pool of IPv6 a soltution for Identities in IoT?

tbd

 

Can a thing be composed of other things?

Yes! A simple webcam designed to feed video over the internet is clearly an IoT device.  Essentially is it a sensor without intelligence and does not respond to commands.

...

For purposes of address-ability, it likely has only a single IP address. But from the perspective of its functionality, each separate capability can be accessed and used separately.  E.g., I could leave a smartphone at home and access it remotely as a webcam to watch a baby in a crib, as a microphone to listen to the sounds in my house, as a speaker to give a direction to the babysitter, etc.

 

Relationships and Identities

Ingo/Sal

 

 

 

 

 

 

 

 

 

 

 

Ownership and identity relationships

...