Federated Identity and Access Management for the Internet of Things
- 1 September 2014
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
We examine the use of Federated Identity and Access Management (FIAM) approaches for the Internet of Things (IoT). We look at specific challenges that devices, sensors and actuators have, and look for approaches to address them. OAuth is a widely deployed protocol -- built on top of HTTP -- for applying FIAM to Web systems. We explore the use of OAuth for IoT systems that instead use the lightweight MQTT 3.1 protocol. In order to evaluate this area, we built a prototype that uses OAuth 2.0 to enable access control to information distributed via MQTT. We evaluate the results of this prototyping activity, and assess the strengths and weaknesses of this approach, and the benefits of using the FIAM approaches with IoT and Machine to Machine (M2M) scenarios. Finally we outline areas for further research.Keywords
This publication has 15 references indexed in Scilit:
- A Formal Model and Analysis of the MQ Telemetry Transport ProtocolPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2014
- End-to-end security for sleepy smart object networksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2012
- Introducing the QEST broker: Scaling the IoT by bridging MQTT and RESTPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2012
- Securing the Internet of ThingsComputer, 2011
- The application of publish/subscribe messaging to environmental, monitoring, and control systemsIBM Journal of Research and Development, 2010
- Privacy in the cloudsIdentity in the Information Society, 2008
- Automated management and service provisioning model for distributed devicesPublished by Association for Computing Machinery (ACM) ,2007
- The connected carIEE Review, 2005
- Wireless Sensor NetworksPublished by Wiley ,2004
- The many faces of publish/subscribeACM Computing Surveys, 2003