Just as the IoT demands interoperability at the network and application layer, for it to reach its hoped for scale and ubiquity it also demands ‘identity interoperability’, i.e. the ability for things and applications to be able to discover, authenticate and trust devices with identities that are managed elsewhere.
OAuth 2.0 and OpenID® Connect 1.0 are two authentication and authorization standards that, while not developed specifically with the IoT in mind, promise to serve as important tools for the IoT’s authentication and authorization requirements—enabling a standardized interoperable identity layer for the IoT.
In this presentation I'll argue the relevance of these identity standards to the IoT by exploring how they fit into a representative IoT wearable architecture
30. Made
for
each
other
FIDO?
Mature federation protocol seeks
youthful authentication standard for
integrations AND MORE. I enjoy long
redirects on the browser, but detest
form fill. I’m tired of insecure
password posers – and am looking for
something real. If you think you are
‘Something I (Should) Have’, let’s
Connect!
31. Device
Cloud
Applica9on
Client
Server
Iden9ty
Cloud
Authn
&
ID
Client
Server
Device
Authn
&
ID
Client
Server
35. “Smart
Lock
for
Android
keeps
your
phone
or
tablet
unlocked
when
it’s
safe
–
no
PIN,
pa`ern
or
password
needed.
And
when
your
device
senses
it
may
not
be
safe,
it’ll
need
to
be
manually
unlocked.
Android
can
do
this
by
recognizing
signals
like
its
proximity
to
that
fly
smartwatch
on
your
wrist,
your
safe
home
loca9on,
even
your
voice.”
36. 1. A variety of devices interact with
users, both actively & passively, to
collect context and communicate
signals to authentication server
2. Aggregated & analyzed
3. Relevant identity attributes
encapsulated in tokens
4. Token communicated to application
5. Rinse & repeat