![Page 1: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/1.jpg)
Challenges from the Identities of Things
Kantara
Utrecht Sep 04/05th 2014
Ingo Friese, Deutsche Telekom AG,
Berlin, Germany
![Page 2: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/2.jpg)
A closer look at the Identities of Things.Agenda.
Exemplary IoT Scenario Object Identifier and Namespace Authentication and Authorization Ownership and Identity Relationships Governance of Data and Privacy
![Page 3: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/3.jpg)
Exemplary IoT Scenario
![Page 4: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/4.jpg)
Exemplary IoT Scenario:Fleet management in farming industry.
*by courtesy of Claas
![Page 5: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/5.jpg)
Exemplary IoT Scenario:Support of farming production processes.
Harvesting Transport Processing
![Page 6: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/6.jpg)
Object Identifier and Namespace
![Page 7: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/7.jpg)
construction-community.org
Object Identifier and NamespaceIt needs new mechanisms to find identifier and addresses of communication partners in the IoT.
„Yellow Machine Inc.“
serial no. as identifiere.g. #123abc
„ABC Construction Inc.“
license plateas identifier
e.g. B-BC1234
Example XRIxri://construction-community.org/(urn:yelllowMachine.serialno:#123abc)xri://construction-community.org/(urn:abcConst.license:#B-BC1234)
How to address?
![Page 8: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/8.jpg)
Authenticationand
Authorization
![Page 9: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/9.jpg)
Authentication and AuthorizationProper IdM mechanisms become paramount in the IoT.
![Page 10: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/10.jpg)
Strong Authentication 1/2How to strengthen authentication means in the IoT?
Something you
know + have + are
User Identities
Something you
?
Identities of Things
know + have + are
![Page 11: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/11.jpg)
Strong Authentication 2/2Context-based authentication.
Additional information could be taken e.g. from the network layer, from geographical information or from other use case specific factors.
![Page 12: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/12.jpg)
Authorization 1/2OAuth – Authorization for the “classic” Internet.
Token Request
User Login & Consent
Application AuthorizationServer
ResourceServer /
API Endpoint
Code
Exchange Code for Token
Token Response
Call API / Get Resource w/ token
User has to be online !
User
![Page 13: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/13.jpg)
Authorization 2/2User Managed Access - Authorization for the IoT(?)
Token Request
Application AuthorizationServer
ResourceServer /
API Endpoint
Code
Exchange Code for Token
Token Response
Call API / Get Resource w/ token
Authentication & Consent
Policies and
Identity Claims
![Page 14: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/14.jpg)
Ownership,Identity Relationships
andLifecycle
![Page 15: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/15.jpg)
Ownership and Identity RelationshipsThings or objects in the IoT often have a relationship to real persons.
Identity relationships in the IoT have an impact on other identity related processes like e.g. authentication, authorization or governance of data.
user
owner
administrator
group of usersThing
![Page 16: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/16.jpg)
Identity of Things LifecycleIdentity lifecycles in the IoT can be muchlonger or shorter than in classic user-related IdM.
In the Internet of Things objects have very different lifetimes ranging from years or decades down to days or minutes.
ID creationprovisioning
ID update
ID update
ID revocationde-provisionig
![Page 17: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/17.jpg)
Governance of Dataand
Privacy
![Page 18: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/18.jpg)
Governance of Data and PrivacyThe problem.
……PositionVelocity
Usage of GasOil temperaturOil pressureEngine status
…
Data producedin a IoT device
GPS
user
owner
Persons havingdifferent claims
to data
Sensors
„I want to use the position data forstatistics!“
„I don‘t want the position data to beused. They could beused to track mypersonal behavior“
Claims to data
![Page 19: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/19.jpg)
Governance of Data and PrivacyUsers have their claims-to data.
user
ownerData sink 1
Sensor
Data sink 2
Appropriate methodsto be applied to the data
discard encrypt end-2-end
publish anonymize
Persons havingdifferent claims
to data
![Page 20: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/20.jpg)
Governance of Data and PrivacyThe configurable “claims-to” approach.
……Position
Velocity
Usage of Gas
Oil temperatur…
encrypt end-2-end
anonymize
discard
publish
Different configurations in different domains, regions and countries.
![Page 21: IDoT: Challenges from the IDentities of Things Landscape](https://reader033.vdocuments.net/reader033/viewer/2022051817/547e12c9b4af9fb4158b556b/html5/thumbnails/21.jpg)
Questions?