The momentum gained by the Internet of Things (IoT) has lead technology to be sufficiently mature to finally reach the market. The expectations and concerns of users around new products are primarily related to the possibility to interact with things in a seamless and effective way and, above all, to do so securely. Within this context, the main pillars required to support a sustainable and practical IoT are: interoperability, discoverability, and authorization. Based on the concepts and experience gained with the traditional Internet, the Web of Things (WoT) paradigm is chartered to address the former two issues. However, fast-developed and simplistic vertical approaches, due to the rush to launch IoT products, have not considered authorization adequately. Access to smart objects typically occurs through product-bound Cloud platforms, which mediate between vendor-specific smartphone apps and objects. Notwithstanding, effective mechanisms to manage authorized access to resources are required to really make simple and safe to use and share things. In this paper, we propose a standard-based authorization framework for WoT applications, which allows to effectively enforce fine-grained access policies to authorized parties. An implementation is presented to highlight the simplicity of the proposed approach and the benefits that it can introduce.
Effective authorization for the Web of Things / Cirani, Simone; Picone, Marco. - (2015), pp. 316-320. (Intervento presentato al convegno 2nd IEEE World Forum on Internet of Things, WF-IoT 2015 tenutosi a ita nel 2015) [10.1109/WF-IoT.2015.7389073].
Effective authorization for the Web of Things
Cirani, Simone;Picone, Marco
2015-01-01
Abstract
The momentum gained by the Internet of Things (IoT) has lead technology to be sufficiently mature to finally reach the market. The expectations and concerns of users around new products are primarily related to the possibility to interact with things in a seamless and effective way and, above all, to do so securely. Within this context, the main pillars required to support a sustainable and practical IoT are: interoperability, discoverability, and authorization. Based on the concepts and experience gained with the traditional Internet, the Web of Things (WoT) paradigm is chartered to address the former two issues. However, fast-developed and simplistic vertical approaches, due to the rush to launch IoT products, have not considered authorization adequately. Access to smart objects typically occurs through product-bound Cloud platforms, which mediate between vendor-specific smartphone apps and objects. Notwithstanding, effective mechanisms to manage authorized access to resources are required to really make simple and safe to use and share things. In this paper, we propose a standard-based authorization framework for WoT applications, which allows to effectively enforce fine-grained access policies to authorized parties. An implementation is presented to highlight the simplicity of the proposed approach and the benefits that it can introduce.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
