...
- draft 0.01 Ingo.Friese@telekom.de
- draft 0.02 Jeff Stollman
- draft 0.03 Scott Shorter
- draft 0.04 Ingo.Friese@telekom.de
##################################
Addresses are not Identifier
There is a fundamental difference between addresses and identifier of devices. Addresses determine the communication endpoint within a certain system. For example in the Internet Protocol an IP address is needed to establish a socket, a connection between devices. Identifiers can be understood as a dedicated, publicly known attribute or name for an identity, a person or a device. Typically, identifiers are valid within a specific domain.
In the classic Web we have a Domain Name Service (DNS) mapping human readable Uniform Resource Identifier (URI) to IP-addresses. A browser for example resolves a website URI www.telekom.com first. The actual connection between the browser and the Web server is then established by using the returned IP-address.
There are several advantages in separating addresses and identifier. An IoT system or any kind of communication software could use addresses directly in theory but software updates become necessary if network interfaces or sensors break and need to be replaced.
A mapping between identifier and addresses allows also a layer of indirection. This enables configurations like many identifiers pointing to one address. The address is only resolved when a certain condition is fulfilled.
####################################################
Abstract
The purpose of this paper is to describe identity concepts in the Internet of Things. Identity mechanisms in the Internet of Things are different from those in the classic web.
Furthermore this paper proposes a terminology for Identity management in the Internet of Things. This should help to facilitate discussions and work in this area without the need to define basic terms again.
Introduction
The “Internet of Things” (IoT) is beginning to evolve and early solutions are now being implemented. We can find implementations in areas like logistics, farming, industry, home automation and many others. But its restrictions become obvious as we try to connect solutions of different vendors, communities or standard groups. From a business point of view the IoT enables a plethora of new opportunities, use cases and scenarios. From a technical point of view the IoT consists of uncountable devices, sensors or actuators or simply objects connected to services in the Internet. Today, devices and sensors speak a lot of different protocols, but most of them are not HTTP. That is why application development in the IoT is hard to be implemented. There is a lack of decent application integration layers. The next logical step is to use common Web technologies for the IoT. Identity management is one of the most important common technologies. Apart from adapting communication protocols an overarching identity framework is crucial for a growing IoT. Today we have many separated solutions and niche standards. As a consequence, there is no overall framework for how to recognize and manage identities across different solutions. That is why we decided to found a discussion group called “IDentities of Things” within Kantara Initiative.
...
Abstract
The purpose of this paper is to describe identity concepts in the Internet of Things. Identity mechanisms in the Internet of Things are different from those in the classic web.
Furthermore this paper proposes a terminology for Identity management in the Internet of Things. This should help to facilitate discussions and work in this area without the need to define basic terms again.
Introduction
The “Internet of Things” (IoT) is beginning to evolve and early solutions are now being implemented. We can find implementations in areas like logistics, farming, industry, home automation and many others. But its restrictions become obvious as we try to connect solutions of different vendors, communities or standard groups. From a business point of view the IoT enables a plethora of new opportunities, use cases and scenarios. From a technical point of view the IoT consists of uncountable devices, sensors or actuators or simply objects connected to services in the Internet. Today, devices and sensors speak a lot of different protocols, but most of them are not HTTP. That is why application development in the IoT is hard to be implemented. There is a lack of decent application integration layers. The next logical step is to use common Web technologies for the IoT. Identity management is one of the most important common technologies. Apart from adapting communication protocols an overarching identity framework is crucial for a growing IoT. Today we have many separated solutions and niche standards. As a consequence, there is no overall framework for how to recognize and manage identities across different solutions. That is why we decided to found a discussion group called “IDentities of Things” within Kantara Initiative.
What is special about identitites in the Internet of Things? (loosly collection of special topics in IdM in IoT....)
Addresses are not Identifier
There is a fundamental difference between addresses and identifier of devices. Addresses determine the communication endpoint within a certain system. For example in the Internet Protocol an IP address is needed to establish a socket, a connection between devices. Identifiers can be understood as a dedicated, publicly known attribute or name for an identity, a person or a device. Typically, identifiers are valid within a specific domain.
In the classic Web we have a Domain Name Service (DNS) mapping human readable Uniform Resource Identifier (URI) to IP-addresses. A browser for example resolves a website URI www.telekom.com first. The actual connection between the browser and the Web server is then established by using the returned IP-address.
There are several advantages in separating addresses and identifier. An IoT system or any kind of communication software could use addresses directly in theory but software updates become necessary if network interfaces or sensors break and need to be replaced.
A mapping between identifier and addresses allows also a layer of indirection. This enables configurations like many identifiers pointing to one address. The address is only resolved when a certain condition is fulfilled.
A thing is composed of other things
A simple webcam designed to feed video over the internet is clearly an IoT device. Essentially is it a sensor without intelligence and does not respond to commands.
But if that webcam is part of a smartphone, does it remain a single device? As a component of a smartphone, it is accompanied by a variety of other sensors (e.g., camera, microphone, touch screen) as well as a processor (the phone's CPU), and and several actuators (e.g., speaker, video monitor, radio signal transmitter). Because each of these components can be accessed simultaneously to provide disparate services, does the phone constitute a single device?
For purposes of address-ability, it likely has only a single IP address. But from the perspective of its functionality, each separate capability can be accessed and used separately. I could leave a smartphone at home and access it remotely as a webcam to watch a baby in a crib, as a microphone to listen to the sounds in my house, as a speaker to give a direction to my babysitter.
Blockchain and Trust
tbd Matteo / Ingo
Proof of knowledge
tbd Matteo/Ingo
Lifecycle
In user identity management (Classic IdM) we have rather long living lifecycles of an identity. In day to day service like e-mail, online shopping etc. a user account exists for months, years or even a lifetime. In the Internet of Things objects have very different lifetimes. This might range from years or decades down to days or minutes.
Example: A parcel might be shipped from one country to another. The parcel gets an RFID tag associated with an identifier. It moves from logistic center to another, crosses borders, it is tracked, controlled and routed. As soon as it arrives the identity of the parcel disappears.
Ownership and identity relationships
...