Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

IDoT: Challenges from the IDentities of Things Landscape

1,656 views

Published on

This is a presentation from the Kantara Initiative Identities of the Things (IDoT) Discussion Group. The presentations summarizes the findings to date of the DG for next steps and industry discussion and innovation.

Published in: Technology
  • Be the first to comment

IDoT: Challenges from the IDentities of Things Landscape

  1. 1. Challenges from the Identities of Things Kantara Utrecht Sep 04/05th 2014 Ingo Friese, Deutsche Telekom AG, Berlin, Germany
  2. 2. A closer look at the Identities of Things. Agenda.  Exemplary IoT Scenario  Object Identifier and Namespace  Authentication and Authorization  Ownership and Identity Relationships  Governance of Data and Privacy
  3. 3. Exemplary IoT Scenario
  4. 4. Exemplary IoT Scenario: Fleet management in farming industry. *by courtesy of Claas
  5. 5. Exemplary IoT Scenario: Support of farming production processes. Harvesting Transport Processing
  6. 6. Object Identifier and Namespace
  7. 7. Object Identifier and Namespace It needs new mechanisms to find identifier and addresses of communication partners in the IoT. Example XRI xri://construction-community.org/(urn:yelllowMachine.serialno:#123abc) xri://construction-community.org/(urn:abcConst.license:#B-BC1234) „Yellow Machine Inc.“ serial no. as identifier e.g. #123abc construction-community.org „ABC Construction Inc.“ license plate as identifier e.g. B-BC1234 How to address?
  8. 8. Authentication and Authorization
  9. 9. Authentication and Authorization Proper IdM mechanisms become paramount in the IoT.
  10. 10. Strong Authentication 1/2 How to strengthen authentication means in the IoT? User Identities Something you know + have + are Identities of Things Something you know + have + are ?
  11. 11. Strong Authentication 2/2 Context-based authentication. Additional information could be taken e.g. from the network layer, from geographical information or from other use case specific factors.
  12. 12. Authorization 1/2 OAuth – Authorization for the “classic” Internet. Application Authorization Server Token Request User Login & Consent Resource Server / API Endpoint Code Exchange Code for Token Token Response Call API / Get Resource w/ token User User has to be online !
  13. 13. Authorization 2/2 User Managed Access - Authorization for the IoT(?) Application Authorization Token Request Server Resource Server / API Endpoint Code Exchange Code for Token Token Response Authentication & Consent Call API / Get Resource w/ token Policies and Identity Claims
  14. 14. Ownership, Identity Relationships and Lifecycle
  15. 15. Ownership and Identity Relationships Things or objects in the IoT often have a relationship to real persons. user owner Thing group of users administrator Identity relationships in the IoT have an impact on other identity related processes like e.g. authentication, authorization or governance of data.
  16. 16. Identity of Things Lifecycle Identity lifecycles in the IoT can be much longer or shorter than in classic user-related IdM. ID update ID creation provisioning ID update ID revocation de-provisionig In the Internet of Things objects have very different lifetimes ranging from years or decades down to days or minutes.
  17. 17. Governance of Data and Privacy
  18. 18. Governance of Data and Privacy The problem. Data produced in a IoT device …… Position Velocity Usage of Gas Oil temperatur Oil pressure Engine status … GPS Persons having different claims to data owner user Sensors Claims to data „I want to use the position data for statistics!“ „I don‘t want the position data to be used. They could be used to track my personal behavior“
  19. 19. Governance of Data and Privacy Users have their claims-to data. owner Sensor Data sink 1 user Data sink 2 Appropriate methods to be applied to the data  publish  anonymize  discard  encrypt end-2-end Persons having different claims to data
  20. 20. Governance of Data and Privacy The configurable “claims-to” approach. …… Position Velocity Usage of Gas Oil temperatur …  encrypt end-2-end  anonymize  discard  publish Different configurations in different domains, regions and countries.
  21. 21. Questions?

×