Web API Management Meets the Internet of Things

Abstract: In this paper we outline the challenges of Web API management in Internet of Things (IoT) projects. Web API management is a key aspect of service-oriented systems that includes the following elements: metadata publishing, access control and key management, monitoring and monetization of interactions, as well as usage control and throttling. We look at how Web API management principles, including some of the above elements, translate into a world of connected devices (IoT). In particular, we present and evaluat… Show more

“…The works we considered that apply or adapt existing technologies and methods from other security domains to the IoT environment often consider OAuth 2 technology [19,24,29,41,43]. Two proposals also adopt the WS-Security specification to IoT devices and communication between them [30,49].…”

“…In summary, there are various novel proposals [33,36,39,40,42,45,48,50], especially focusing on distributed solutions [33,39,40,45,48,50], that potentially suit the IoT environment better in terms of scalability, maintainability, and flexibility, but due to their novelty it is difficult or impossible to predict which ideas might be adopted or see wide use. A significant amount of research [19,23,29,30,34,41,43,49] is focused on adoption of existing technologies; all exhibit promising results.…”

Survey of Authentication and Authorization for the Internet of Things

“…The works we considered that apply or adapt existing technologies and methods from other security domains to the IoT environment often consider OAuth 2 technology [19,24,29,41,43]. Two proposals also adopt the WS-Security specification to IoT devices and communication between them [30,49].…”

“…In summary, there are various novel proposals [33,36,39,40,42,45,48,50], especially focusing on distributed solutions [33,39,40,45,48,50], that potentially suit the IoT environment better in terms of scalability, maintainability, and flexibility, but due to their novelty it is difficult or impossible to predict which ideas might be adopted or see wide use. A significant amount of research [19,23,29,30,34,41,43,49] is focused on adoption of existing technologies; all exhibit promising results.…”

Survey of Authentication and Authorization for the Internet of Things

“…In both cases this adds complexity and expense, and may compromise usability. In Fremantle, Kopecký & Aziz (2015) there is a proposal for the use of the OAuth2 Dynamic Client Registration (Sakimura, Bradley & Jones, 2015) process to create unique keys/credentials for each device. In Fremantle & Aziz (2016) there is a well-defined and secure process for device and user registration that allows users to take control of devices in scenarios where the device itself offers no User Interface (UI) or a very basic UI.…”

“…Other related works include the work of Augusto et al (Augusto & Correia, 2011) have built a secure mobile digital wallet by using OAuth together with the XMPP protocol (Saint-Andre, 2011). In Fremantle, Kopecký & Aziz (2015), the usage of OAuth2 for IoT devices is extended to include the use of Dynamic Client Registration (Sakimura, Bradley & Jones, 2013) which allows each device to have its own unique identity, which we discussed as an important point in the section about cell A1.…”

“…We and others have proposed the model of using federated identity tokens from the device to the cloud in Fremantle et al (2014), Fremantle, Kopecký & Aziz (2015) and Cirani et al (2015).…”

A survey of secure middleware for the Internet of Things

INTER-Framework: An Interoperability Framework to Support IoT Platform Interoperability