...
The “Internet of Things” (IoT) is beginning to evolve and early solutions are now being implemented. We can find implementations in areas like logistics, farming, industry, home automation and many others. But its restrictions become obvious as we try to connect solutions of different vendors, communities or standard groups. From a business point of view the IoT enables a plethora of new opportunities, use cases and scenarios. From a technical point of view the IoT consists of uncountable devices, sensors or actuators or simply objects connected to services in the Internet. Today, devices and sensors speak a lot of different protocols, but most of them are not HTTP. That is why application development in the IoT is hard to be implemented. There is a lack of decent application integration layers. The next logical step is to use common Web technologies for the IoT. Identity management is one of the most important common technologies. Apart from adapting communication protocols an overarching identity framework is crucial for a growing IoT. Today we have many separated solutions and niche standards. As a consequence, there is no overall framework for how to recognize and manage identities across different solutions. That is why we decided to found a discussion group called “IDentities of Things” within Kantara Initiative.
After five three years work in the Identity of Things discussion group, the analyses of various standards, projects and activities we would like to summarize our thoughts here. Find below a collections of questions that came across during our work, meetings, conferences and discussions.
...
There are many standards, protocols and solutions in the area of IoT. There is and most likely will be no single kind of identifier. Identifier mapping and discovery become important services of larger IoT deployments. Let's give an example: A street lamp might have a field bus address consisting of 2 bytes. It is connected with a gateway. Within the gateway the lamp is mapped to "lamp 123". A lamp management system can switch on and off "lamp123". Via a REST interface the lamp management system exposes the lamp for example as oneM2M "application entity". So other management systems can switch the lamp by sending messages to a specific oneM2M URL. In this example a thing (lamp) is identified with different identifiers that are maped to each other.
Policy controled mapping
The mapping process consists of different steps. In every step can be controlled by access policies. This way its possible to control whether an identifier is visible or not or who can "see" a certain thing or not. In our example the policy check could be implemented in the lamp management system or with the REST API.
Mapping and discovery mechanisms and DNS
In most cases DNS (Domain Name Service) can't be used directly. DNS was designed to map between IP-addresses and human readable domain names. DNS is not able to handle identifier from various IoT protocols. It is also not possible to propagate changes in a very short time.But DNS has a outstanding governance process that ensures unique identifiers. So DNS is at least part of most mapping processes. In our example DNS might be used to find the company domain of the lamp management or the address of the REST API.
What are the challenges of Identiy in the Internet of Things?
The challenges can be grouped in
- Ownership and identity relationships
- Object Identifier and Namespace
- Authentication and Authorization
- Governance of data and Privacy
see details in our paper The Identity of Things discussion group: Challenges from the Identities of Things
------ old content...to be revised----
What is special about identites in the Internet of Things? (a loose collection of special topics in IdM in IoT....)
...