While the Internet of Things is breaking into the market, the controlled access to constrained resources still remains a blocking concern. Unfortunately, conventional solutions already accepted for both web and cloud applications cannot be directly used in this context. In fact, they generally require high computational and bandwidth capabilities (that are impossible to reach with constrained devices) and offer poor interoperability against standardized communication protocols for the Internet of Things. To solve this issue, this contribution presents a flexible authentication and authorization framework for the Internet of Things, namely OAuth-IoT. It leverages and properly harmonizes existing open-standards (including the OAuth 2.0 authorization framework, different token formats, and the protocol suite for the Internet of Things tailored by the Internet Engineering Task Force), while carefully taking into account the limited capabilities of constrained devices. Functionalities and benefits offered by OAuth-IoT are pragmatically shown by means of an experimental testbed, and further demonstrated with a very preliminary performance assessment.
OAuth-IoT: An access control framework for the Internet of Things based on open standards / Sciancalepore, Savio; Piro, Giuseppe; Caldarola, Daniele; Boggia, Gennaro; Bianchi, Giuseppe. - ELETTRONICO. - (2017), pp. 676-681. (Intervento presentato al convegno IEEE Symposium on Computers and Communications, ISCC tenutosi a Crete, Greece nel July 3-6, 2017) [10.1109/ISCC.2017.8024606].
OAuth-IoT: An access control framework for the Internet of Things based on open standards
Savio Sciancalepore;Giuseppe Piro;Gennaro Boggia;
2017-01-01
Abstract
While the Internet of Things is breaking into the market, the controlled access to constrained resources still remains a blocking concern. Unfortunately, conventional solutions already accepted for both web and cloud applications cannot be directly used in this context. In fact, they generally require high computational and bandwidth capabilities (that are impossible to reach with constrained devices) and offer poor interoperability against standardized communication protocols for the Internet of Things. To solve this issue, this contribution presents a flexible authentication and authorization framework for the Internet of Things, namely OAuth-IoT. It leverages and properly harmonizes existing open-standards (including the OAuth 2.0 authorization framework, different token formats, and the protocol suite for the Internet of Things tailored by the Internet Engineering Task Force), while carefully taking into account the limited capabilities of constrained devices. Functionalities and benefits offered by OAuth-IoT are pragmatically shown by means of an experimental testbed, and further demonstrated with a very preliminary performance assessment.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
