...
The purpose of this page is to describe identity concepts in the Internet of Things. Identity mechanisms in the Internet of Things are different from those in the classic web. (Scott: let's say how)
Furthermore this page proposes a terminology for Identity management in the Internet of Things. This should help to facilitate discussions and work in this area without the need to define basic terms again.
...
A thing is not always just one thing. Can a thing be composed of other things?
| Anchor | ||||
|---|---|---|---|---|
|
What are the challenges of
...
Identity in the Internet of Things?
The challenges can be grouped in
...
There is no special identifier for IoT. And there won't be one kind of Identifier. Many standards defacto de facto standards, protocols and solutions already exist in the area of IoT. There are variuos various kinds of identifier identifiers with diffent different characteristics suitable for specific purposes. (for details see our Identifier Survey).
| Anchor | ||||
|---|---|---|---|---|
|
When there is no dedicated identifier for the IoT, how can things with different
...
identifiers from different standards, protocols and domains communicate with each other?
Mapping and discovery become important services in large IoT deployments with differnt systems, standards and domains. Let's give an example: A street lamp might have a field bus address consisting of 2 bytes. It is connected with a gateway. Within the gateway the lamp is mapped to "lamp 123". A lamp management system can switch on and off "lamp123" intertnally. Via a REST interface the lamp management system exposes the lamp for example as oneM2M "application entity". So other management systems can switch the lamp by sending messages to a specific oneM2M URL. In this example a thing (lamp) is identified with different identifiers that are mapped to each other (field bus address, internal ID, oneM2M-URL).
| Anchor | ||||
|---|---|---|---|---|
|
Does the lack of an IoT identitfier make IoT architectures more
...
complicated?
It takes more effort to find and map various identifier but the mapping process gives also the possibility to implement access control mechanisms. Only entitled service or user are able to rersolve or discover the identifier of a thing.This way its possible to control whether an identifier is visible or not or who can "see" a certain thing or not. In our example the policy check could be implemented in the lamp management system or with the REST API.
...
Privacy and Trust becomes crucial in the Internet of Things because even an arbitrary data, like a temperature might be related to a user when it’s combined with other data like location or it is profiled over a certain period of time period. So it is possible to see whether a person is iat at home or not. One extreme exemplary privacy issues is the ability to determine what kind of TV-Program a user is watching just from measuring the energy consumption with very frequent samples [ 1 ].
...
The are various design startegies and architecture concepts to ensure privacy in communication and during resource access control. The Identity of Thing Discussion Group supports IEEE P2413 IoT Architecture Working Group in writing a Privacy- and Trust Architecture View Point. This viewpoint is described in an Architecture viewpoint template of ISO/IEC/IEEE 42010:2011. This uses describes concerns and models to frame the viewpoint. Find here the: current concerns of the Privacy and Trust Architecture Viewpoint. This first draft of the complete P2413 architecture draft is (propably) published End of expected to be published late 2017.
| Anchor | ||||
|---|---|---|---|---|
|
What are key concepts for Identity in Kantara Initiative that can be also used in the IoT (tbd)?
User Managed Access (UMA): UMA is a profil profile on top of OAuth....tbd
Identity Relationship Management (tbd)
...
User Consent Receipts
| Anchor | ||||
|---|---|---|---|---|
|
Is the
...
huge address pool of IPv6 a soltution for Identities in IoT(tbd)?
Public classic IP-addresses (IPv4 addresses) are a rare resource. So the IT industry developed various approches to deal with this situation. Mechanisms like "Network Address Translation (NAT)" or "Sub-netting" were developed to use address ranges in an optimal way. Access provider use IP-address pools and "re-use" IP-addresses by dynamic assigment. IP-address problem is not new. It is an issue for many years. Recently the problem seems to get worth because bilions of new devices appear with the Internet of Things. Not all but many of them need also an IP-Address.
The hugh huge address room space of IPv6 seems to solve this problem. And moreover sometimes IPv6 is seen as a universal address for the IoT. So why not give every IoT device a IPv6 address?
Appart Apart from the fact that many IoT devices do not even have an IP stack the idea is not feasable A thing like a sensor or actuator can brake The new thing has break, and the device may have a new IP-address. So a software system that wants to communicate with a thing would fail if it uses the IP-address directly. So it needs a mapping and discovery mechanism that translates the hardware address (IPv6 or even something else) to an identifier that is handled by the software system.
...
But if that webcam is part of a smartphone, does it remain a single device? As a component of a smartphone, it is accompanied by a variety of other sensors (e.g., camera, microphone, touch screen) as well as a processor (the phone's CPU), and several actuators (e.g., speaker, video monitor, radio transmitter). These various components may be accessed separately or in various groupings to provide disparate services. Similarly, I may be willing to give the babysitter access to turn the speaker off when my baby goes to sleep, but not to the camerat which I want to keep always on. This raises the question, "Does the phone constitute a single device?"
For purposes of address-abilityaddressability, it likely has only a single IP address. But from the perspective of its functionality, each separate capability can be accessed and used separately. E.g., I could leave a smartphone at home and access it remotely as a webcam to watch a baby in a crib, as a microphone to listen to the sounds in my house, as a speaker to give a direction to the babysitter, etc.
...
In the classic identity management certain protection methods have been established over the years to protect an identity from abusefraud and misuse. We have authentication methods to proof identities, secure channels to transmit identity attributes and passwords and other data are stored encrypted.
Security concepts like integrity, availability, authenticity, non-repudiation are built in classic identity protocols like SAML and OpenID. In the Internet of Things the situation is different. Here many communication protocols are not based on internet protocol. Many sensors or actuators have just restricted resources in terms of energy, bandwidth, connectivity. Protocols like enOcean[www.enocean.com] or KNX[www.knx.org] use only few bytes to send commands or receive values. There is no room for encryption, challenge response procedure or other security mechanisms.
...
- “Something that you have"
- “Something that you know”
- “Something that you are” (e.g. biometrybiometrics)
In the IoT the last two proofs are not applicable to objects anymore.
...