Effective authorization for the Web of Things

The momentum gained by the Internet of Things (IoT) has lead technology to be sufficiently mature to finally reach the market. The expectations and concerns of users around new products are primarily related to the possibility to interact with things in a seamless and effective way and, above all, to do so securely. Within this context, the main pillars required to support a sustainable and practical IoT are: interoperability, discoverability, and authorization. Based on the concepts and experience gained with the traditional Internet, the Web of Things (WoT) paradigm is chartered to address the former two issues. However, fast-developed and simplistic vertical approaches, due to the rush to launch IoT products, have not considered authorization adequately. Access to smart objects typically occurs through product-bound Cloud platforms, which mediate between vendor-specific smartphone apps and objects. Notwithstanding, effective mechanisms to manage authorized access to resources are required to really make simple and safe to use and share things. In this paper, we propose a standard-based authorization framework for WoT applications, which allows to effectively enforce fine-grained access policies to authorized parties. An implementation is presented to highlight the simplicity of the proposed approach and the benefits that it can introduce.

[1]  David E. Culler,et al.  Transmission of IPv6 Packets over IEEE 802.15.4 Networks , 2007, RFC.

[2]  Eran Hammer-Lahav,et al.  The OAuth 1.0 Protocol , 2010, RFC.

[3]  Luca Veltri,et al.  Lightweight multicast forwarding for service discovery in low-power IoT networks , 2014, 2014 22nd International Conference on Software, Telecommunications and Computer Networks (SoftCOM).

[4]  Gianluigi Ferrari,et al.  The IoT hub: a fog node for seamless management of heterogeneous connected smart objects , 2015, 2015 12th Annual IEEE International Conference on Sensing, Communication, and Networking - Workshops (SECON Workshops).

[5]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[6]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[7]  Luca Veltri,et al.  IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios , 2015, IEEE Sensors Journal.

[8]  Matthias Kovatsch,et al.  Californium: Scalable cloud services for the Internet of Things with CoAP , 2014, 2014 International Conference on the Internet of Things (IOT).

[9]  Maciej P. Machulak,et al.  User-Managed Access (UMA) Profile of OAuth 2.0 , 2016 .

[10]  Luca Veltri,et al.  A Scalable and Self-Configuring Architecture for Service Discovery in the Internet of Things , 2014, IEEE Internet of Things Journal.

[11]  Johannes Hund,et al.  Toward the Web of Things: Applying Web Technologies to the Physical World , 2015, Computer.

[12]  Philip Levis,et al.  RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks , 2012, RFC.