...
The “Internet of Things” (IoT) is beginning to evolve and early solutions are now being implemented. We can find implementations in areas like logistics, farming, industry, home automation and many others. But its restrictions become obvious as we try to connect solutions of different vendors, communities or standard groups. From a business point of view the IoT enables a plethora of new opportunities, use cases and scenarios. From a technical point of view the IoT consists of uncountable devices, sensors or actuators or simply objects connected to services in the Internet. Today, devices and sensors speak a lot of different protocols, but most of them are not HTTP. That is why application development in the IoT is hard to be implemented. There is a lack of decent application integration layers. The next logical step is to use common Web technologies for the IoT. Identity management is one of the most important common technologies. Apart from adapting communication protocols an overarching identity framework is crucial for a growing IoT. Today we have many separated solutions and niche standards. As a consequence, there is no overall framework for how to recognize and manage identities across different solutions. That is why we decided to found a discussion group called “IDentities of Things” within Kantara Initiative.
What is special about
...
identites in the Internet of Things? (
...
a loose collection of special topics in IdM in IoT....)
Addresses are not Identifier
There is a fundamental difference between addresses and identifier of devices. Addresses determine the communication endpoint within a certain system. For example in the Internet Protocol an IP address is needed to establish a socket, a connection between devices. While an address is unique at a given point in time, addresses need not be permanent. A device can have its address changed. A new device can take on the address of a previous device. And a device can have more than one IP address.
Identifiers can be understood as An identifier is typically a dedicated, publicly known attribute or name (or collection of attributes and names) for an identity, a individual person or a device. Typically, identifiers are valid within a specific domain. A device can have more than one identifier, but it requires is best to have at least one unique identifier within any domain through which it can be accessed. In the classic Web we have a Domain Name If there is no unique identifier, an attempt to communicate with your friend "Joe" may inadvertently open a channel to another Joe. Or an attempt to obtain temperature data from Sensor "X" my be routed to another Sesnor X that can provide only video images of baby eagles hatching.
In the classic Web, we have a Domain Name Service (DNS) mapping human readable Uniform Resource Identifier (URI) to IP-addresses. A browser for example resolves a website URI www.telekom.com to a specific IP address of the form xxxx:yyyy:zzzz first. The actual connection between the browser and the Web server is then established by using the returned IP-address.
There are several advantages in separating addresses and identifier. An IoT system or any kind of communication software could use addresses directly in theory but software updates become necessary if network interfaces or sensors break and need to be replaced.A mapping between identifier and addresses allows also a layer of indirection. This enables configurations like many identifiers pointing to one identifiers. Incorporating identifiers as a layer of indirection between the address and those seeking to access the address has several benefits. First, it may be easier to remember the identifier www.telekom.com than a lengthy address. Second, this layer of indirection allows the address of the device to be changed without losing the the ability to access it. The DNS mapping merely needs to be updated to reflect this change. in this way, a user seeking to access www.telekom.com just needs to remember the identifier and the DNS mapping will automatically reroute the user to the proper address. to the appropriate address. This becomes particularly important if the location is accessed from within a program, because it obviates the need to update the software every time the address changes. Additionally, this layer of indirection enables many-to-one configurations where several different identifiers point to a single address. The address is only resolved when a certain condition is fulfilledcondition is fulfilled. The preceding statement needs further clarification.
A thing is composed of other things
...
But if that webcam is part of a smartphone, does it remain a single device? As a component of a smartphone, it is accompanied by a variety of other sensors (e.g., camera, microphone, touch screen) as well as a processor (the phone's CPU), and and several actuators (e.g., speaker, video monitor, radio signal transmitter). Because each of these components can be accessed simultaneously to provide disparate services, does These various components may be accessed separately or in various groupings to provide disparate services. Similarly, I may be willing to give the babysitter access to turn the speaker off when my baby goes to sleep, but not to the camerat which I want to keep always on. This raises the question, "Does the phone constitute a single device?"
For purposes of address-ability, it likely has only a single IP address. But from the perspective of its functionality, each separate capability can be accessed and used separately. E.g. , I could leave a smartphone at home and access it remotely as a webcam to watch a baby in a crib, as a microphone to listen to the sounds in my house, as a speaker to give a direction to my the babysitter, etc.
Relationships and Identities
...
Blockchain and Trust
tbd Matteo / Ingo
Proof of knowledge
tbd Matteo/Ingo
...