...
How to design a privacy ensured IoT system?
How is authentication realized in IoT today?
...
Mapping and discovery become important services in large IoT deployments with different systems, standards and domains. Let's give an example : A street lamp might have a field bus address consisting of 2 bytes. It is connected with a gateway. Within the gateway the lamp is mapped to "lamp 123". A lamp management system can switch on and off "lamp123" intertnally. Via a REST interface the lamp management system exposes the lamp, for example as oneM2M "application entity". So other management systems can switch the lamp on and off by sending messages to a specific oneM2M URL. In this example a thing (lamp) is identified with different identifiers that are mapped to each other (field bus address, internal ID, oneM2M-URL)..
When the authorities of a city want to address all lamp posts in one area they use some kind of mnagement software. Only in very rare situation this kind of software talks direct to lamp posts. There are mostly gateways inbetween the communication path pmapping IDs and mostly also protocols.
Anchor | ||||
---|---|---|---|---|
|
Does the lack of an IoT identitfier make IoT architectures more complicated?
...
The are various design strategies and architecture concepts to ensure privacy in communication and during resource access control. The Identity of Thing Discussion Group supports IEEE P2413 IoT Architecture Working Group in writing a Privacy and Trust Architecture View Point. This viewpoint is described in an Architecture viewpoint template of ISO/IEC/IEEE 42010:2011. This describes concerns and models to frame the viewpoint. Find here the: current concerns of the Privacy and Trust Architecture Viewpoint. This first draft of the complete P2413 architecture draft is expected to be published late 2017.
User Managed Access (UMA): UMA is a profile on top of OAuth.
Anchor | |||
---|---|---|---|
|
What are key concepts for Identity in Kantara Initiative that can be also used in the IoT (tbd)?
|
How is authentication realized in IoT today?
Different authentication methods are used in IoT today. Let's have an examplary look at authentication in oneM2M. When it comes to communication between 2 systems in the HTTP profile of oneM2M simpe authentication can be used. This means a username and a password iare written to the header of the message. An altrnative is to use authentication tokens. The can send along with a message header or as HTTP-request parameters. A great example are JSON Web Tokens. username (IETF RFC 7519).
Anchor | ||||
---|---|---|---|---|
|
What are key concepts for Identity in Kantara Initiative that can be also used in the IoT?
User Managed Access (UMA)
Services or devices miay have access policies describing who may have access and what kind of operation under what conditions are allowed. In oneM2M for example there is a concept of Access Control Policies that are attached to certain resources. A policy object or file is deployed at configuration or at some point in time. This ccncept is rather static because the policy has already regarded user or application names in it. But oneM2M proposes also another way: "dynamic authorization":
Here come UMA into play. In the dynamic authorization...tbd
Identity Relationship Management (tbd)
...
ISO 19770 Syllabus |
|
| |
SWID Schema | XML schema for ISO/IEC 19770 Software ID Tags |
| |
NIST IR 7693 | Specification for Asset Identification | http://csrc.nist.gov/publications/nistir/ir7693/NISTIR-7693.pdf |
|
NIST IR 7695 | Common Platform Enumeration: Naming Specification Version 2.3 | http://csrc.nist.gov/publications/nistir/ir7695/NISTIR-7695-CPE-Naming.pdf |
|
NIST IR 7696 | Common Platform Enumeration : Name Matching Specification Version 2.3 | http://csrc.nist.gov/publications/nistir/ir7696/NISTIR-7696-CPE-Matching.pdf |
|
NIST IR 7697 | Common Platform Enumeration: Dictionary Specification Version 2.3 | http://csrc.nist.gov/publications/nistir/ir7697/NISTIR-7697-CPE-Dictionary.pdf |
|
NIST IR 7698 | Common Platform Enumeration: Applicability Language Specification Version 2.3 | http://csrc.nist.gov/publications/nistir/ir7698/NISTIR-7698-CPE-Language.pdf |
|
NIST Cyber-Physical Systems | Cyber-Physical Systems or “smart” systems are co-engineered interacting networks of physical and computational components | http://www.nist.gov/cps/ | |
IETF RFC 2578 | Structure of Management Information Version 2 (SMIv2) |
| |
ITU-T X.672 | Object identifier resolution system |
| |
ITU-T X.660 | Procedures for the operation of object identifier registration authorities: General procedures and top arcs of the international object identifier tree |
| |
ITU-T OID Flyer | “Object Identifiers and their Registration Authorities: Your Solution to Identification” | http://www.itu.int/dms_pub/itu-t/oth/0B/04/T0B040000482C01PDFE.pdf |
|
ISO 26324:2012 | Digital object identifier system |
|