-
- Se-Ra Oh, Young-Gab Kim, and Sanghyun Cho.
- Department of Computer and Information Security, Sejong University, Seoul 05006, Korea. terious551@sju.ac.kr.
- Sensors (Basel). 2019 Apr 20; 19 (8).
AbstractDue to the rapid development of Internet of Things (IoT), IoT platforms that can provide common functions for things are becoming increasingly important. However, access control frameworks in diverse IoT platforms have been developed for individual security goals, designs, and technologies. In particular, current OAuth-based access control frameworks that are widely used in IoT research have not been providing interoperability among IoT platforms even though sharing resources and services is a critical issue for IoT platforms. Therefore, we analyze the main requirements for an IoT access control framework to properly design our framework and propose an interoperable access control framework based on OAuth 2.0 and Role. Our approach describes a new extended authorization grant flow to issue an Interoperable Access Token (IAT) that has a global access scope across IoT platforms using multiple pairs of clients' credentials. With the IAT and proposed framework, we can access client-specific domains in heterogeneous IoT platforms, then valuable resources (e.g., data and services) in the domains can be accessed by validating the roles, which will greatly simplify permission management. Furthermore, IAT supports a simple token management (e.g., token issuance, refreshing, and revocation) by managing only one token for diverse IoT platforms. In addition, we implement our interoperable access control framework on Mobius and FIWARE, which are promising open-source IoT platforms, and test an interoperability scenario to demonstrate our approach with the implementation. Furthermore, the proposed framework is compared with other IoT access control approaches based on the selected requirements in this paper.
Notes
Knowledge, pearl, summary or comment to share?You can also include formatting, links, images and footnotes in your notes
- Simple formatting can be added to notes, such as
*italics*
,_underline_
or**bold**
. - Superscript can be denoted by
<sup>text</sup>
and subscript<sub>text</sub>
. - Numbered or bulleted lists can be created using either numbered lines
1. 2. 3.
, hyphens-
or asterisks*
. - Links can be included with:
[my link to pubmed](http://pubmed.com)
- Images can be included with:
![alt text](https://bestmedicaljournal.com/study_graph.jpg "Image Title Text")
- For footnotes use
[^1](This is a footnote.)
inline. - Or use an inline reference
[^1]
to refer to a longer footnote elseweher in the document[^1]: This is a long footnote.
.