SlideShare a Scribd company logo
Federated	
  Iden*ty	
  for	
  IoT	
  with	
  
OAuth	
  
Paul	
  Fremantle	
  
CTO,	
  WSO2	
  (paul@wso2.com)	
  
PhD	
  researcher,	
  Portsmouth	
  University	
  
(paul.fremantle@port.ac.uk)	
  	
  
@pzfreo	
  
How	
  this	
  will	
  work	
  
•  Quick	
  intro	
  to	
  Federated	
  Iden*ty	
  and	
  Access	
  
Management	
  
•  Even	
  quicker	
  introduc*on	
  to	
  OAuth2	
  
•  MQTT	
  overview	
  
•  Demo	
  
•  Issues	
  
•  Next	
  steps	
  
What	
  is	
  Federated	
  Iden*ty	
  and	
  Access	
  
Management	
  (FIAM)?	
  
Federated	
  IAM	
  aims	
  to	
  give	
  You	
  control	
  over	
  
your	
  creden*als	
  and	
  access:	
  
•  You	
  don’t	
  give	
  your	
  userid/pw	
  to	
  anyone	
  
•  You	
  control	
  the	
  grant	
  of	
  permissions	
  
•  LinkedIn	
  example	
  
•  OAuth2	
  emerging	
  as	
  widely	
  used	
  approach	
  
	
  
	
  
Why	
  FIAM	
  for	
  IoT?	
  
•  Your	
  device	
  =	
  Your	
  data	
  
•  Tokens	
  are	
  beYer	
  than	
  u/p	
  for	
  devices	
  
•  Manage	
  tokens	
  and	
  scopes	
  independently	
  of	
  
the	
  device	
  	
  
Tokens	
  
Why	
  OAuth2?	
  
•  Widely	
  implemented	
  
•  PreYy	
  good	
  	
  
–  Of	
  course	
  there	
  is	
  never	
  100%	
  agreement	
  
–  Or	
  certainty	
  with	
  security	
  protocols	
  

•  Not	
  just	
  HTTP:	
  
–  hYp://tools.ie^.org/html/dra_-­‐ie^-­‐kiYen-­‐sasl-­‐
oauth-­‐12	
  
–  OAuth2	
  used	
  with	
  SSL	
  
	
  	
  
Three-­‐legged	
  OAuth	
  
MQTT	
  
MQTT	
  
•  Very	
  lightweight	
  messaging	
  protocol	
  

–  Designed	
  for	
  8-­‐bit	
  controllers,	
  SCADA,	
  etc	
  
–  Low	
  power,	
  low	
  bandwidth	
  
–  Binary	
  header	
  of	
  2	
  bytes	
  
–  Lots	
  of	
  implementa*ons	
  
•  MosquiYo	
  from	
  Eclipse	
  
•  Apache	
  Ac*veMQ	
  and	
  Apollo	
  

–  Clients:	
  

•  Arduino,	
  Perl,	
  Python,	
  PHP,	
  C,	
  Java,	
  JS/Node.js,	
  .Net,	
  etc	
  

•  Plus	
  an	
  even	
  lighter-­‐weight	
  version	
  for	
  Zigbee	
  
–  MQTT-­‐SN	
  (Sensor	
  Network)	
  
CreateToken.py	
  

Demo	
  components	
  
	
  

1

Refresher.py	
  
2

Arduino	
  

3
5

4
MosquiYo	
  
(Open	
  Source	
  MQTT	
  
Broker)	
  
	
  
Ac*ng	
  as	
  “Resource	
  
Server”	
  
	
  
MosquiYo_py_auth	
  
	
  
mqY-­‐oauth2.py	
  

IdP	
  
	
  
WSO2	
  Iden*ty	
  
Server	
  

6

ESB	
  
Introspec*on	
  
API	
  
Demo	
  steps	
  
1.	
  Get	
  an	
  access-­‐token	
  /	
  refresh-­‐token	
  
2.	
  Encode	
  it	
  into	
  the	
  Arduino	
  code,	
  compile,	
  burn	
  
3.	
  Reboot	
  Arduino	
  
4.	
  Arduino	
  tries	
  access	
  token	
  
5.	
  Arduino	
  connects	
  as	
  “refresh	
  user”	
  and	
  requests	
  refresh	
  
token	
  
•  6.	
  Arduino	
  receives	
  updated	
  access	
  token	
  and	
  reconnects	
  	
  
•  7.	
  Arduino	
  starts	
  to	
  publish	
  data	
  (assuming	
  it	
  is	
  allowed!)	
  
•  8.	
  Python	
  client	
  receives	
  data	
  using	
  a	
  previously	
  authorized	
  
token	
  
• 
• 
• 
• 
• 
Step	
  1.	
  Get	
  a	
  token	
  
•  Simple	
  python	
  script	
  and	
  web	
  browser	
  
•  Encodes	
  the	
  requested	
  permission	
  “scopes”	
  as	
  
b64	
  encoded	
  JSON	
  (ugly	
  but	
  works!)	
  
•  scope	
  =	
  '[{"rw":"w","topic":"/pzf/#"}]’	
  
•  IdP	
  =	
  WSO2	
  Iden*ty	
  Server	
  
–  	
  open	
  source	
  Oauth	
  server	
  

•  Redirects	
  to	
  a	
  localhost	
  server	
  which	
  prints	
  
the	
  code	
  
Step	
  2.	
  Burn	
  into	
  Arduino	
  
•  LiYle	
  program	
  burns	
  into	
  EEPROM	
  
	
  
Step	
  3,	
  4,	
  5,	
  6	
  	
  
Recode	
  Arduino	
  with	
  App	
  
•  App	
  tries	
  access	
  token	
  to	
  CONNECT	
  
•  If	
  fails,	
  retries	
  as	
  user	
  “r”	
  (refresh)	
  
–  Ideally	
  this	
  would	
  be	
  a	
  separate	
  server	
  /	
  IdP-­‐based	
  
broker	
  

•  Sends	
  {clien*d,	
  refresh_token}	
  to	
  topic	
  /r	
  
•  Subscribes	
  to	
  /c/{clien*d}	
  
•  When	
  new	
  access_token	
  arrives,	
  saves	
  in	
  
EEPROM	
  and	
  reconnects	
  
Step	
  7.	
  Arduino	
  publishes	
  data	
  
•  MPU	
  9150	
  
•  Yaw,	
  Pitch,	
  Roll	
  
•  Every	
  publish	
  is	
  validated	
  against	
  the	
  IdP	
  
–  Should	
  be	
  cached	
  by	
  the	
  resource	
  server	
  
Step	
  8.	
  Python	
  client	
  subscribes	
  
•  Subscriber.py	
  
Lessons	
  learnt	
  
•  MQTT	
  and	
  MPU	
  /	
  I2C	
  code	
  is	
  97%	
  of	
  Duemilanove	
  

–  Adding	
  the	
  final	
  logic	
  to	
  do	
  OAuth2	
  flow	
  pushed	
  it	
  to	
  99%	
  
–  No	
  TLS	
  in	
  this	
  demo	
  is	
  a	
  big	
  issue	
  

•  Different	
  Oauth	
  implementa*ons	
  behave	
  differently	
  (e.g.	
  
changing	
  the	
  refresh	
  token	
  every	
  *me	
  you	
  refresh)	
  
•  Need	
  to	
  be	
  able	
  to	
  update	
  the	
  scope	
  of	
  token	
  if	
  this	
  will	
  
work	
  for	
  long	
  term	
  embedded	
  devices	
  
•  The	
  refresh	
  flow	
  should	
  not	
  really	
  go	
  via	
  the	
  Resource	
  
server	
  
–  Easy	
  fix	
  	
  

•  MQTT	
  should	
  have	
  a	
  well	
  defined	
  model	
  for	
  sending	
  a	
  
message	
  to	
  just	
  one	
  client	
  (securely)	
  
Next	
  steps	
  
• 
• 
• 
• 
• 

Do	
  the	
  same	
  for	
  CoAP	
  /	
  other	
  IoT	
  protocols	
  
Implement	
  solidly	
  J	
  
Gain	
  agreement	
  on	
  the	
  specific	
  MQTT	
  
Other	
  FIAM	
  approaches	
  for	
  IoT?	
  
Please	
  feel	
  free	
  to	
  contact	
  me:	
  
–  @pzfreo	
  
–  paul@wso2.com	
  
Ques*ons?	
  

More Related Content

What's hot

OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect Protocol
Michael Furman
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015
Eurotech
 
Owasp top 10
Owasp top 10 Owasp top 10
Creator IoT Framework
Creator IoT FrameworkCreator IoT Framework
Creator IoT Framework
Paul Evans
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architectures
inovia
 
Azure IoT Hub
Azure IoT HubAzure IoT Hub
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone
 
IoT on Azure
IoT on AzureIoT on Azure
IoT on Azure
Vinoth Rajagopalan
 
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)
Codit
 
Developing an IoT System FIWARE Based from the Scratch
Developing an IoT System FIWARE Based from the ScratchDeveloping an IoT System FIWARE Based from the Scratch
Developing an IoT System FIWARE Based from the Scratch
FIWARE
 
Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016
Erez Metula
 
Using an Open Source RESTful Backend for IoT Applications
Using an Open Source RESTful Backend for IoT ApplicationsUsing an Open Source RESTful Backend for IoT Applications
Using an Open Source RESTful Backend for IoT Applications
Jan Liband
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined Perimeter
Cryptzone
 
Microservices Security: dos and don'ts
Microservices Security: dos and don'tsMicroservices Security: dos and don'ts
Microservices Security: dos and don'ts
Minded Security
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud Platforms
Roshan Kulkarni
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
Leonardo De Moura Rocha Lima
 
DotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreDotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il Concentratore
Riccardo Cappello
 
FIWARE Developers Week_IoT basic exercises
FIWARE Developers Week_IoT basic exercisesFIWARE Developers Week_IoT basic exercises
FIWARE Developers Week_IoT basic exercises
FIWARE
 
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTAuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
TransUnion
 

What's hot (20)

OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect Protocol
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015
 
Owasp top 10
Owasp top 10 Owasp top 10
Owasp top 10
 
Creator IoT Framework
Creator IoT FrameworkCreator IoT Framework
Creator IoT Framework
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architectures
 
Azure IoT Hub
Azure IoT HubAzure IoT Hub
Azure IoT Hub
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
 
IoT on Azure
IoT on AzureIoT on Azure
IoT on Azure
 
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)
 
Developing an IoT System FIWARE Based from the Scratch
Developing an IoT System FIWARE Based from the ScratchDeveloping an IoT System FIWARE Based from the Scratch
Developing an IoT System FIWARE Based from the Scratch
 
Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016
 
Using an Open Source RESTful Backend for IoT Applications
Using an Open Source RESTful Backend for IoT ApplicationsUsing an Open Source RESTful Backend for IoT Applications
Using an Open Source RESTful Backend for IoT Applications
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined Perimeter
 
Microservices Security: dos and don'ts
Microservices Security: dos and don'tsMicroservices Security: dos and don'ts
Microservices Security: dos and don'ts
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud Platforms
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
 
DotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreDotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il Concentratore
 
FIWARE Developers Week_IoT basic exercises
FIWARE Developers Week_IoT basic exercisesFIWARE Developers Week_IoT basic exercises
FIWARE Developers Week_IoT basic exercises
 
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTAuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
 

Viewers also liked

Identity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTIdentity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoT
AllSeen Alliance
 
Creating an Internet of Everything
Creating an Internet of Everything Creating an Internet of Everything
Creating an Internet of Everything
AllSeen Alliance
 
Federated identity and trust management redp3678
Federated identity and trust management redp3678Federated identity and trust management redp3678
Federated identity and trust management redp3678
Banking at Ho Chi Minh city
 
No IoT Without Identity
No IoT Without Identity No IoT Without Identity
No IoT Without Identity
ForgeRock
 
Cybesecurity of the IoT
Cybesecurity of the IoTCybesecurity of the IoT
Cybesecurity of the IoT
Altoros
 
Device Management with OMA Lightweight M2M
Device Management with OMA Lightweight M2MDevice Management with OMA Lightweight M2M
Device Management with OMA Lightweight M2M
Hannes Tschofenig
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
ForgeRock
 
Technical landscape of IoT
Technical landscape of IoTTechnical landscape of IoT
Technical landscape of IoT
Nibodha Technologies
 
IBM Interconnect 2016 - Hybrid Cloud Messaging
IBM Interconnect 2016 - Hybrid Cloud MessagingIBM Interconnect 2016 - Hybrid Cloud Messaging
IBM Interconnect 2016 - Hybrid Cloud Messaging
Robert Nicholson
 
Capgemini Digital Transformation - Beyond the Hype
Capgemini Digital Transformation - Beyond the HypeCapgemini Digital Transformation - Beyond the Hype
Capgemini Digital Transformation - Beyond the Hype
default default
 
Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0
Hannes Tschofenig
 
Iot Software-As-A-Service Implementation Framework
Iot Software-As-A-Service Implementation FrameworkIot Software-As-A-Service Implementation Framework
Iot Software-As-A-Service Implementation Framework
Chandrashekhar More
 
How to use Innovative Architectures for Digital Enterprises
How to use Innovative Architectures for Digital EnterprisesHow to use Innovative Architectures for Digital Enterprises
How to use Innovative Architectures for Digital Enterprises
Capgemini
 
Delivering Digital Transformation and Leveraging a Digital Platform
Delivering Digital Transformation and Leveraging a Digital PlatformDelivering Digital Transformation and Leveraging a Digital Platform
Delivering Digital Transformation and Leveraging a Digital Platform
Capgemini
 
Capgemini Digital Reference Architecture with HPE
Capgemini Digital Reference Architecture with HPECapgemini Digital Reference Architecture with HPE
Capgemini Digital Reference Architecture with HPE
Capgemini
 
Building a Digital Transformation Roadmap
Building a Digital Transformation RoadmapBuilding a Digital Transformation Roadmap
Building a Digital Transformation Roadmap
Earley Information Science
 
Driving Connectivity in the Scottish Islands: Droneways and Airmasts
Driving Connectivity in the Scottish Islands: Droneways and AirmastsDriving Connectivity in the Scottish Islands: Droneways and Airmasts
Driving Connectivity in the Scottish Islands: Droneways and Airmasts
3G4G
 
An Introduction to IoT: Connectivity & Case Studies
An Introduction to IoT: Connectivity & Case StudiesAn Introduction to IoT: Connectivity & Case Studies
An Introduction to IoT: Connectivity & Case Studies
3G4G
 
5G Network Architecture and Design
5G Network Architecture and Design5G Network Architecture and Design
5G Network Architecture and Design
3G4G
 
3GPP Standards for the Internet-of-Things
3GPP Standards for the Internet-of-Things3GPP Standards for the Internet-of-Things
3GPP Standards for the Internet-of-Things
Eiko Seidel
 

Viewers also liked (20)

Identity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTIdentity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoT
 
Creating an Internet of Everything
Creating an Internet of Everything Creating an Internet of Everything
Creating an Internet of Everything
 
Federated identity and trust management redp3678
Federated identity and trust management redp3678Federated identity and trust management redp3678
Federated identity and trust management redp3678
 
No IoT Without Identity
No IoT Without Identity No IoT Without Identity
No IoT Without Identity
 
Cybesecurity of the IoT
Cybesecurity of the IoTCybesecurity of the IoT
Cybesecurity of the IoT
 
Device Management with OMA Lightweight M2M
Device Management with OMA Lightweight M2MDevice Management with OMA Lightweight M2M
Device Management with OMA Lightweight M2M
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
 
Technical landscape of IoT
Technical landscape of IoTTechnical landscape of IoT
Technical landscape of IoT
 
IBM Interconnect 2016 - Hybrid Cloud Messaging
IBM Interconnect 2016 - Hybrid Cloud MessagingIBM Interconnect 2016 - Hybrid Cloud Messaging
IBM Interconnect 2016 - Hybrid Cloud Messaging
 
Capgemini Digital Transformation - Beyond the Hype
Capgemini Digital Transformation - Beyond the HypeCapgemini Digital Transformation - Beyond the Hype
Capgemini Digital Transformation - Beyond the Hype
 
Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0
 
Iot Software-As-A-Service Implementation Framework
Iot Software-As-A-Service Implementation FrameworkIot Software-As-A-Service Implementation Framework
Iot Software-As-A-Service Implementation Framework
 
How to use Innovative Architectures for Digital Enterprises
How to use Innovative Architectures for Digital EnterprisesHow to use Innovative Architectures for Digital Enterprises
How to use Innovative Architectures for Digital Enterprises
 
Delivering Digital Transformation and Leveraging a Digital Platform
Delivering Digital Transformation and Leveraging a Digital PlatformDelivering Digital Transformation and Leveraging a Digital Platform
Delivering Digital Transformation and Leveraging a Digital Platform
 
Capgemini Digital Reference Architecture with HPE
Capgemini Digital Reference Architecture with HPECapgemini Digital Reference Architecture with HPE
Capgemini Digital Reference Architecture with HPE
 
Building a Digital Transformation Roadmap
Building a Digital Transformation RoadmapBuilding a Digital Transformation Roadmap
Building a Digital Transformation Roadmap
 
Driving Connectivity in the Scottish Islands: Droneways and Airmasts
Driving Connectivity in the Scottish Islands: Droneways and AirmastsDriving Connectivity in the Scottish Islands: Droneways and Airmasts
Driving Connectivity in the Scottish Islands: Droneways and Airmasts
 
An Introduction to IoT: Connectivity & Case Studies
An Introduction to IoT: Connectivity & Case StudiesAn Introduction to IoT: Connectivity & Case Studies
An Introduction to IoT: Connectivity & Case Studies
 
5G Network Architecture and Design
5G Network Architecture and Design5G Network Architecture and Design
5G Network Architecture and Design
 
3GPP Standards for the Internet-of-Things
3GPP Standards for the Internet-of-Things3GPP Standards for the Internet-of-Things
3GPP Standards for the Internet-of-Things
 

Similar to Federated Identity for IoT with OAuth2

How to write secure code
How to write secure codeHow to write secure code
How to write secure code
Flaskdata.io
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications
WSO2
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018
OpenIDFoundation
 
10 1 otp all
10 1 otp all10 1 otp all
10 1 otp all
Mohammad Alyan
 
2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi
Rafik HARABI
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE
 
Secure your web app presentation
Secure your web app presentationSecure your web app presentation
Secure your web app presentation
Frans Lytzen
 
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
Jakub Botwicz
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CloudIDSummit
 
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
 SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
South Tyrol Free Software Conference
 
Srikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latestSrikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latest
Srikanth Pilli
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
CODE BLUE
 
HTTP Services & REST API Security
HTTP Services & REST API SecurityHTTP Services & REST API Security
HTTP Services & REST API Security
Taiseer Joudeh
 
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Adam Dunkels
 
IzoT platform presentation
IzoT platform presentationIzoT platform presentation
IzoT platform presentation
Echelon Corporation
 
Splunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shellsSplunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shells
Anthony D Hendricks
 
Monkey Server
Monkey ServerMonkey Server
Monkey Server
Eduardo Silva Pereira
 
Eclipse Kura Shoot a-pi
Eclipse Kura Shoot a-piEclipse Kura Shoot a-pi
Eclipse Kura Shoot a-pi
Eclipse Kura
 
Practical Security with MQTT and Mosquitto
Practical Security with MQTT and MosquittoPractical Security with MQTT and Mosquitto
Practical Security with MQTT and Mosquitto
nbarendt
 

Similar to Federated Identity for IoT with OAuth2 (20)

How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018
 
10 1 otp all
10 1 otp all10 1 otp all
10 1 otp all
 
2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT Devices
 
Secure your web app presentation
Secure your web app presentationSecure your web app presentation
Secure your web app presentation
 
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
 
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
 SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
 
Srikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latestSrikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latest
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
 
HTTP Services & REST API Security
HTTP Services & REST API SecurityHTTP Services & REST API Security
HTTP Services & REST API Security
 
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
 
IzoT platform presentation
IzoT platform presentationIzoT platform presentation
IzoT platform presentation
 
Splunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shellsSplunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shells
 
Monkey Server
Monkey ServerMonkey Server
Monkey Server
 
Eclipse Kura Shoot a-pi
Eclipse Kura Shoot a-piEclipse Kura Shoot a-pi
Eclipse Kura Shoot a-pi
 
Practical Security with MQTT and Mosquitto
Practical Security with MQTT and MosquittoPractical Security with MQTT and Mosquitto
Practical Security with MQTT and Mosquitto
 

More from Paul Fremantle

IoT and Blockchains - enhancing security and privacy
IoT and Blockchains - enhancing security and privacyIoT and Blockchains - enhancing security and privacy
IoT and Blockchains - enhancing security and privacy
Paul Fremantle
 
Web API Management meets the Internet of Things
Web API Management meets the Internet of ThingsWeb API Management meets the Internet of Things
Web API Management meets the Internet of Things
Paul Fremantle
 
Apache Stratos - Building a PaaS using OSGi and Equinox
Apache Stratos - Building a PaaS using OSGi and EquinoxApache Stratos - Building a PaaS using OSGi and Equinox
Apache Stratos - Building a PaaS using OSGi and Equinox
Paul Fremantle
 
Beyond Economics - Cloud as a Business Enabler
Beyond Economics - Cloud as a Business EnablerBeyond Economics - Cloud as a Business Enabler
Beyond Economics - Cloud as a Business Enabler
Paul Fremantle
 
Evolution of PaaS
Evolution of PaaSEvolution of PaaS
Evolution of PaaS
Paul Fremantle
 
The Evolution of Integration
The Evolution of IntegrationThe Evolution of Integration
The Evolution of Integration
Paul Fremantle
 
High Volume Web API Management with the WSO2 ESB
High Volume Web API Management with the WSO2 ESBHigh Volume Web API Management with the WSO2 ESB
High Volume Web API Management with the WSO2 ESB
Paul Fremantle
 
Stratos Open PaaS OSCON 2011
Stratos Open PaaS OSCON 2011Stratos Open PaaS OSCON 2011
Stratos Open PaaS OSCON 2011
Paul Fremantle
 
Stratos and PaaS for London Java Community
Stratos and PaaS for London Java CommunityStratos and PaaS for London Java Community
Stratos and PaaS for London Java Community
Paul Fremantle
 
Understanding Platform as a Service
Understanding Platform as a ServiceUnderstanding Platform as a Service
Understanding Platform as a Service
Paul Fremantle
 
Making Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and MeteredMaking Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and Metered
Paul Fremantle
 
Building Cloud Native Software
Building Cloud Native SoftwareBuilding Cloud Native Software
Building Cloud Native Software
Paul Fremantle
 
Building Innovation with Open Source Approaches
Building Innovation with Open Source ApproachesBuilding Innovation with Open Source Approaches
Building Innovation with Open Source Approaches
Paul Fremantle
 
Three SOA Case Studies
Three SOA Case StudiesThree SOA Case Studies
Three SOA Case Studies
Paul Fremantle
 
Fast SOA with Apache Synapse
Fast SOA with Apache SynapseFast SOA with Apache Synapse
Fast SOA with Apache Synapse
Paul Fremantle
 
REST vs WS-*: Myths Facts and Lies
REST vs WS-*: Myths Facts and LiesREST vs WS-*: Myths Facts and Lies
REST vs WS-*: Myths Facts and Lies
Paul Fremantle
 

More from Paul Fremantle (16)

IoT and Blockchains - enhancing security and privacy
IoT and Blockchains - enhancing security and privacyIoT and Blockchains - enhancing security and privacy
IoT and Blockchains - enhancing security and privacy
 
Web API Management meets the Internet of Things
Web API Management meets the Internet of ThingsWeb API Management meets the Internet of Things
Web API Management meets the Internet of Things
 
Apache Stratos - Building a PaaS using OSGi and Equinox
Apache Stratos - Building a PaaS using OSGi and EquinoxApache Stratos - Building a PaaS using OSGi and Equinox
Apache Stratos - Building a PaaS using OSGi and Equinox
 
Beyond Economics - Cloud as a Business Enabler
Beyond Economics - Cloud as a Business EnablerBeyond Economics - Cloud as a Business Enabler
Beyond Economics - Cloud as a Business Enabler
 
Evolution of PaaS
Evolution of PaaSEvolution of PaaS
Evolution of PaaS
 
The Evolution of Integration
The Evolution of IntegrationThe Evolution of Integration
The Evolution of Integration
 
High Volume Web API Management with the WSO2 ESB
High Volume Web API Management with the WSO2 ESBHigh Volume Web API Management with the WSO2 ESB
High Volume Web API Management with the WSO2 ESB
 
Stratos Open PaaS OSCON 2011
Stratos Open PaaS OSCON 2011Stratos Open PaaS OSCON 2011
Stratos Open PaaS OSCON 2011
 
Stratos and PaaS for London Java Community
Stratos and PaaS for London Java CommunityStratos and PaaS for London Java Community
Stratos and PaaS for London Java Community
 
Understanding Platform as a Service
Understanding Platform as a ServiceUnderstanding Platform as a Service
Understanding Platform as a Service
 
Making Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and MeteredMaking Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and Metered
 
Building Cloud Native Software
Building Cloud Native SoftwareBuilding Cloud Native Software
Building Cloud Native Software
 
Building Innovation with Open Source Approaches
Building Innovation with Open Source ApproachesBuilding Innovation with Open Source Approaches
Building Innovation with Open Source Approaches
 
Three SOA Case Studies
Three SOA Case StudiesThree SOA Case Studies
Three SOA Case Studies
 
Fast SOA with Apache Synapse
Fast SOA with Apache SynapseFast SOA with Apache Synapse
Fast SOA with Apache Synapse
 
REST vs WS-*: Myths Facts and Lies
REST vs WS-*: Myths Facts and LiesREST vs WS-*: Myths Facts and Lies
REST vs WS-*: Myths Facts and Lies
 

Recently uploaded

GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 

Recently uploaded (20)

GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 

Federated Identity for IoT with OAuth2

  • 1. Federated  Iden*ty  for  IoT  with   OAuth   Paul  Fremantle   CTO,  WSO2  (paul@wso2.com)   PhD  researcher,  Portsmouth  University   (paul.fremantle@port.ac.uk)     @pzfreo  
  • 2. How  this  will  work   •  Quick  intro  to  Federated  Iden*ty  and  Access   Management   •  Even  quicker  introduc*on  to  OAuth2   •  MQTT  overview   •  Demo   •  Issues   •  Next  steps  
  • 3.
  • 4. What  is  Federated  Iden*ty  and  Access   Management  (FIAM)?   Federated  IAM  aims  to  give  You  control  over   your  creden*als  and  access:   •  You  don’t  give  your  userid/pw  to  anyone   •  You  control  the  grant  of  permissions   •  LinkedIn  example   •  OAuth2  emerging  as  widely  used  approach      
  • 5. Why  FIAM  for  IoT?   •  Your  device  =  Your  data   •  Tokens  are  beYer  than  u/p  for  devices   •  Manage  tokens  and  scopes  independently  of   the  device    
  • 7. Why  OAuth2?   •  Widely  implemented   •  PreYy  good     –  Of  course  there  is  never  100%  agreement   –  Or  certainty  with  security  protocols   •  Not  just  HTTP:   –  hYp://tools.ie^.org/html/dra_-­‐ie^-­‐kiYen-­‐sasl-­‐ oauth-­‐12   –  OAuth2  used  with  SSL      
  • 10. MQTT   •  Very  lightweight  messaging  protocol   –  Designed  for  8-­‐bit  controllers,  SCADA,  etc   –  Low  power,  low  bandwidth   –  Binary  header  of  2  bytes   –  Lots  of  implementa*ons   •  MosquiYo  from  Eclipse   •  Apache  Ac*veMQ  and  Apollo   –  Clients:   •  Arduino,  Perl,  Python,  PHP,  C,  Java,  JS/Node.js,  .Net,  etc   •  Plus  an  even  lighter-­‐weight  version  for  Zigbee   –  MQTT-­‐SN  (Sensor  Network)  
  • 11.
  • 12. CreateToken.py   Demo  components     1 Refresher.py   2 Arduino   3 5 4 MosquiYo   (Open  Source  MQTT   Broker)     Ac*ng  as  “Resource   Server”     MosquiYo_py_auth     mqY-­‐oauth2.py   IdP     WSO2  Iden*ty   Server   6 ESB   Introspec*on   API  
  • 13. Demo  steps   1.  Get  an  access-­‐token  /  refresh-­‐token   2.  Encode  it  into  the  Arduino  code,  compile,  burn   3.  Reboot  Arduino   4.  Arduino  tries  access  token   5.  Arduino  connects  as  “refresh  user”  and  requests  refresh   token   •  6.  Arduino  receives  updated  access  token  and  reconnects     •  7.  Arduino  starts  to  publish  data  (assuming  it  is  allowed!)   •  8.  Python  client  receives  data  using  a  previously  authorized   token   •  •  •  •  • 
  • 14. Step  1.  Get  a  token   •  Simple  python  script  and  web  browser   •  Encodes  the  requested  permission  “scopes”  as   b64  encoded  JSON  (ugly  but  works!)   •  scope  =  '[{"rw":"w","topic":"/pzf/#"}]’   •  IdP  =  WSO2  Iden*ty  Server   –   open  source  Oauth  server   •  Redirects  to  a  localhost  server  which  prints   the  code  
  • 15. Step  2.  Burn  into  Arduino   •  LiYle  program  burns  into  EEPROM    
  • 16. Step  3,  4,  5,  6     Recode  Arduino  with  App   •  App  tries  access  token  to  CONNECT   •  If  fails,  retries  as  user  “r”  (refresh)   –  Ideally  this  would  be  a  separate  server  /  IdP-­‐based   broker   •  Sends  {clien*d,  refresh_token}  to  topic  /r   •  Subscribes  to  /c/{clien*d}   •  When  new  access_token  arrives,  saves  in   EEPROM  and  reconnects  
  • 17. Step  7.  Arduino  publishes  data   •  MPU  9150   •  Yaw,  Pitch,  Roll   •  Every  publish  is  validated  against  the  IdP   –  Should  be  cached  by  the  resource  server  
  • 18. Step  8.  Python  client  subscribes   •  Subscriber.py  
  • 19. Lessons  learnt   •  MQTT  and  MPU  /  I2C  code  is  97%  of  Duemilanove   –  Adding  the  final  logic  to  do  OAuth2  flow  pushed  it  to  99%   –  No  TLS  in  this  demo  is  a  big  issue   •  Different  Oauth  implementa*ons  behave  differently  (e.g.   changing  the  refresh  token  every  *me  you  refresh)   •  Need  to  be  able  to  update  the  scope  of  token  if  this  will   work  for  long  term  embedded  devices   •  The  refresh  flow  should  not  really  go  via  the  Resource   server   –  Easy  fix     •  MQTT  should  have  a  well  defined  model  for  sending  a   message  to  just  one  client  (securely)  
  • 20. Next  steps   •  •  •  •  •  Do  the  same  for  CoAP  /  other  IoT  protocols   Implement  solidly  J   Gain  agreement  on  the  specific  MQTT   Other  FIAM  approaches  for  IoT?   Please  feel  free  to  contact  me:   –  @pzfreo   –  paul@wso2.com