ace use cases & design patterns
TRANSCRIPT
ACE Use Cases & Design Patterns
draft-seitz-ace-usecases-01
Ludwig Seitz ([email protected])
IETF ACE WG meetingJuly 23, 2014
2
Overview
• IoT use cases– Container Monitoring– Home Automation– Building Automation– Smart Metering
Feel free to volunteer your use case!
(e.g. Industrial Control Systems, Automotive)
3
Question
• Is the three-party architecture sufficient to cover these use cases?
• Are all parts of that architecture necessary for these use cases ?
Client Protected resource
access
Resource Server
Authorization Server
4
• Which message sequence and design pattern do we want to focus on (cf. RFC 2904)
Question ctd
ClientResource
Server
Authorization Server
1.2.
3.
Push
ClientResource
Server
Authorization Server
2.
1.
Pull
3.
4.
Agent
Client Resource Server
Authorization Server
1. 4. 2. 3.
e.g. OAuth, Kerberos e.g. EAP, ABFAB4.
ClientResource
Server
Authorization Server
1.
2.
5.
Push & confirm
3.4.
e.g. OAuth token introspection
5
Container Monitoring
Storage & ripening
6
Container Monitoring
• (Presented at IETF 89)• Containers equipped with sensors and actuators
– Monitor and control environment– Monitor position– Log and report condition of cargo
• Stakeholders with different access rights– Owner– Transporters– Storage
• RS needs to do access control while offline– Needs push message sequence
7
Home Automation
Remotedelegationof access
rights
8
Home Automation
• Smart door lock + alarm• Remote delegation of physical access rights
9
Building Automation
Installation &Commissioning
Decommissioning
SecurityLifecycle
Operational
Maintenance
10
Building Automation
• Device lifecycle– Installation and commissioning– Operational– Maintenance– Decommissioning
• Context-based authorization– Access to light + HVAC if in the room
• Emergency override of access rights– Manual HVAC controls disabled by fire alarm
13
Smart Metering
Base station
14
Smart Metering
• Meters ↔ base stations: wireless comm– Dense urban environment → very short range– Water & Gas meters battery powered
• Fixed base stations too expensive– Too many needed to cover all meters– “Hostile environment” (sabotage, tampering)
• Solution: “Drive-by metering”– Needs push message sequence
• Power meters are mains powered (duh!)– Can use more powerful comm → longer range– Other meters could piggyback on that
15
Thank you!
Questions/comments?