IAACaaS: IoT Application-Scoped Access Control as a Service

Alonso, Andoni; Fernández, Federico; Marco, Lourdes; Salvachúa, Joaquín

doi:10.3390/fi9040064

Cited by 31 publications

(25 citation statements)

References 26 publications

(28 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…IoT access control solutions must support and implement these paradigms and must be consistent with the IoT’s own protocols and architectures. Standards as OAuth 2.0 [ 2 ] or XACML [ 10 ] combined with these paradigms allow creation of a fine-grained access control model over IoT Publish/Subscribe architectures [ 6 , 7 , 8 ]. Moreover, the International Data Spaces created an IIoT standard [ 11 , 12 ] in which they define a vocabulary and data model—implemented with the NGSI FIWARE standard [ 13 ]—that boost and eases the definition of fine-grained access control policies with ABAC or UCON [ 8 , 14 ].…”

Section: Related Workmentioning

confidence: 99%

“…The IAACaaS model, proposed in previous works [ 6 , 7 ] and implemented through the FIWARE open-source platform, is based on the OAuth 2.0 protocol and relies on an XACML (eXtensible Access Control Markup Language) architecture to enable the administration of fine-grained policies. As explained before, we use this model to secure communications between IoT devices and a Publish/Subscribe broker.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Evaluation of an IoT Application-Scoped Access Control Model over a Publish/Subscribe Architecture Based on FIWARE

García-Pozo

Alonso

Salvachúa

2020

Sensors

Self Cite

View full text Add to dashboard Cite

The Internet of Things (IoT) brings plenty of opportunities to enhance society’s activities, from improving a factory’s production chain to facilitating people’s household tasks. However, it has also brought new security breaches, compromising privacy and authenticity. IoT devices are vulnerable to being accessed from the Internet; they lack sufficient resources to face cyber-attack threats. Keeping a balance between access control and the devices’ resource consumption has become one of the highest priorities of IoT research. In this paper, we evaluate an access control architecture based on the IAACaaS (IoT application-Scoped Access Control as a Service) model with the aim of protecting IoT devices that communicate using the Publish/Subscribe pattern. IAACaaS is based on the OAuth 2.0 authorization framework, which externalizes the identity and access control infrastructure of applications. In our evaluation, we implement the model using FIWARE Generic Enablers and deploy them for a smart buildings use case with a wireless communication. Then, we compare the performance of two different approaches in the data-sharing between sensors and the Publish/Subscribe broker, using Constrained Application Protocol (CoAP) and Hypertext Transfer Protocol (HTTP) protocols. We conclude that the integration of Publish/Subscribe IoT deployments with IAACaaS adds an extra layer of security and access control without compromising the system’s performance.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Evaluation of an IoT Application-Scoped Access Control Model over a Publish/Subscribe Architecture Based on FIWARE

García-Pozo

Alonso

Salvachúa

2020

Sensors

Self Cite

View full text Add to dashboard Cite

show abstract

“…As we pointed out earlier, the model we propose allows service providers to decide the interface they should serve to the users depending on their functional capabilities. To achieve this, we have considered IAACaaS (IoT Application-Scoped Access Control as a Service) model [46,47] as a starting point. IAACaaS enables the complete delegation of authentication and authorization to enable an as a service access control mechanism for Internet of Things applications.…”

Section: Basic Architecturementioning

confidence: 99%

An Identity Model for Providing Inclusive Services and Applications

2019

Self Cite

View full text Add to dashboard Cite

Information and Communication Technologies (ICT) need to be accessible for every single person in the globe. Governments and companies are starting to regulate products and services to ensure digital accessibility as a mandatory requirement. A recent example is the European standard EN 301 549, where the functional accessibility requirements for ICT products and services are defined. Especially on the Web, these standards must be integrated throughout the development processes, where the selected architecture models play an essential role. Starting from a model that is based on the OAuth 2.0 protocol, and that allows the complete delegation of authorization (so that an as a service access control mechanism is provided), this paper propose an identity model for providing inclusive services and applications. The model takes advantage of the users’ profiles and their functional attributes to determine how to serve web interfaces to them in a specific service. Those attributes are entirely flexible, and can be defined linked to users’ functional capabilities, or even a particular skill. We have implemented the proposed model as an extension of an existing open source Identity Manager and tested it with a real use case deployment. We conclude that the proposed solution enables a new identity paradigm that allows service providers to design their interfaces satisfying the diversity requirements in terms of design and development.

show abstract

“…Figure 2 shows the architecture we propose to achieve the Identity and Access Management IDS requirements using FIWARE components. It is based on the work explained in [ 26 , 27 ], where a generic IoT Application-Scoped Access Control as a Service (IAACaaS) mechanism is proposed. Here we extend and adapt it to fit the specific requirements of IDS.…”

Section: Materializing Industrial Data Space Architecture With Fiwmentioning

confidence: 99%

Industrial Data Space Architecture Implementation Using FIWARE

Alonso

García-Pozo

Cantera³

et al. 2018

Sensors

Self Cite

View full text Add to dashboard Cite

We are in front of a new digital revolution that will transform the way we understand and use services and infrastructures. One of the key factors of this revolution is related to the evolution of the Internet of Things (IoT). Connected sensors will be installed in cities and homes affecting the daily life of people and providing them new ways of performing their daily activities. However, this revolution will also affect business and industry bringing the IoT to the production processes in what is called Industry 4.0. Sensor-enabled manufacturing equipment will allow real time communication, smart diagnosis and autonomous decision making. In this scope, the Industrial Data Spaces (IDS) Association has created a Reference Architecture model that aims to provide a common frame for designing and deploying Industry IoT infrastructures. In this paper, we present an implementation of such Reference Architecture based on FIWARE open source software components (Generic Enablers). We validate the proposed architecture by deploying and testing it in a real industry use case that tries to improve the maintenance and operation of milling machines. We conclude that the FIWARE-based IDS implementation fits the requirements of the IDS Reference Architecture providing open source software suitable to any Industry 4.0 environment.

show abstract

IAACaaS: IoT Application-Scoped Access Control as a Service

Cited by 31 publications

References 26 publications

Evaluation of an IoT Application-Scoped Access Control Model over a Publish/Subscribe Architecture Based on FIWARE

Evaluation of an IoT Application-Scoped Access Control Model over a Publish/Subscribe Architecture Based on FIWARE

An Identity Model for Providing Inclusive Services and Applications

Industrial Data Space Architecture Implementation Using FIWARE

Contact Info

Product

Resources

About