SlideShare a Scribd company logo

Identity for IoT: An Authentication Framework for the IoT

AllSeen Alliance
AllSeen Alliance

John Bradley, Ping Identity, gave this presentation at the AllSeen Alliance's Partner Programme at Mobile World Congress 2015. About Ping Identity: Ping Identity provides next-generation identity security solutions. With more than 1,200 enterprise customers worldwide, including half of the Fortune 100, Ping Identity delivers professional-grade identity security solutions that meet the needs of organizations managing workforce, customer, and partner identities. Identity at Internet scale is a concept that will be required as the industry builds services that encompass billions of connected devices and identities.

Technology
1 of 17
Download to read offline
AN AUTHENTICATION FRAMEWORK FOR THE IOT John Bradley Copyright © 2014 Ping Identity Corp.All rights reserved. 1
Premise Copyright © 2014 Ping Identity Corp.All rights reserved. 2 •  The full promise of the Internet of Things (IoT) can only be realized if the many and varied interactions between users, things, cloud services and applications can be authenticated. •  User delegated consent will be necessary for any scenario where potentially privacy sensitive data is collected and transferred (wearables, home automation, health, etc). •  OAuth 2.0 and OpenID Connect 1.0 are two authentication and authorization standards that promise to serve as important tools for the IoT’s authentication and authorization requirements
Who are the actors Copyright © 2014 Ping Identity Corp.All rights reserved. 3 • Things/devices • Users • Applications • Clouds • Gateways
Who are the actors Copyright © 2014 Ping Identity Corp.All rights reserved. 4 • Things/devices • Users • Applications • Clouds • Gateways All of which need to be authenticated
Authentication & Authorization Model Copyright © 2014 Ping Identity Corp.All rights reserved. 5 •  IoT Actors authenticate by presenting security tokens on their calls/messages to each other •  Tokens represent relationship between the relevant user and the calling actor (and any consents/permissions associated with that relationship •  Upon receiving a message, an actor validates the token to verify the request is consistent with the relationship/permissions •  If consent is removed, token is revoked, and access disabled •  OAuth 2.0 & OpenID Connect 1.0 are two authentication & authorization frameworks that enable this model
OAuth 2.0 Copyright © 2014 Ping Identity Corp.All rights reserved. 6 •  OAuth 2.0 is an IETF standard authentication & authorization framework for securing application access to RESTful APIs •  OAuth allows a Client (an application that desires information) to send an API query to a Resource Server (RS), the application hosting the desired information, such that the RS can authenticate that the message was indeed sent by the Client. •  The Client authenticates to the RS through the inclusion of an access token on its API call—a token previously provided to the Client by an Authorization Server (AS). •  In those scenarios that the API in question protects access to a User’s identity attributes, it may be the case that the access token will only be issued by the AS after the User has explicitly given consent to the Client accessing those attributes.
OpenID Connect 1.0 Copyright © 2014 Ping Identity Corp.All rights reserved. 7 •  OpenID Connect 1.0 is an OIDF standard that profiles and extends OAuth 2.0 to add an identity layer—creating a single framework that promises to secure APIs, mobile native applications and browser applications in a single, cohesive architecture. •  OpenID Connect adds two notable identity constructs to OAuth’s token issuance model. –  An identity token—the delivery of which, from one party to another, can enable a federated SSO user experience for a user. –  A standardized identity attribute API—at which a client can retrieve the desired identity attributes for a given user. •  If your use case requires something more than authentication and authorization of API calls, Connect’s features that go beyond OAuth become relevant.
Representative IoT architecture Copyright © 2014 Ping Identity Corp.All rights reserved. 8 • Fitbit makes Aria smart scale • Scale syncs through home Wifi to Fitbit cloud for display & analysis through web & native applications • 3rd party services can access weight data to provide additional insight
Architecture requirements Copyright © 2014 Ping Identity Corp.All rights reserved. 9 • User weight data is personal and must be protected against compromise • Additionally, weight data must only be shared by Fitbit when consistent with user policy
Architecture Copyright © 2014 Ping Identity Corp.All rights reserved. 10 FitBit Proprietary 3rd party services REST API REST API
Architecture Copyright © 2014 Ping Identity Corp.All rights reserved. 11 FitBit Proprietary 3rd party services REST API REST API Lets examine how OAuth & Connect can apply here
Cloud to cloud Copyright © 2014 Ping Identity Corp.All rights reserved. 12 •  TrendWeight offers additional insight & analysis of weight data •  Pulls scale data from Fitbit cloud REST endpoints •  TrendWeight should use OAuth to authenticate their API calls as being on behalf of particular user •  Because user is involved in token issuance, privacy enabling model
Cloud to Cloud Copyright © 2014 Ping Identity Corp.All rights reserved. 13 Login & consent Weight data
Revocation of authorization Copyright © 2014 Ping Identity Corp.All rights reserved. 14 User can remove permissions assigned 3rd parties
Native Application Copyright © 2014 Ping Identity Corp.All rights reserved. 15 •  Users can view their weight data & trends from ioS & Android native applications •  Native applications pull data from Fitbit cloud REST endpoints •  Native applications should use OAuth to authenticate their API calls as being on behalf of particular user
Device to gateway Copyright © 2014 Ping Identity Corp.All rights reserved. 16 •  Devices communicate with each other and the gateway via the local network— sharing data, sending control messages, etc. •  These local interactions may not use HTTP, but instead a application protocol more optimized to the constraints (CPU size, battery, etc.) of devices. •  Such application protocols include XMPP, MQTT and CoAP. •  Work has begun in exploring how to bind OAuth & Connect to such IoT optimized protocols, e.g.ACE effort in IETF
Conclusion Copyright © 2014 Ping Identity Corp.All rights reserved. 17 • Authentication & authorization of actors is fundamental to IoT security • Mechanisms must be secure, scalable and privacy respecting • OAuth & Connect promise to provide important pieces of authn & authz framework for IoT

Recommended

5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access ManagementSam Bowne
 
Security and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSecurity and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSanjayKumarYadav58
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
SailPoint - IdentityNow Identity Governance
SailPoint - IdentityNow Identity GovernanceSailPoint - IdentityNow Identity Governance
SailPoint - IdentityNow Identity GovernanceArijan Horvat
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access managementVandana Verma
 

Recommended

5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access ManagementSam Bowne
 
Security and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSecurity and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSanjayKumarYadav58
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
SailPoint - IdentityNow Identity Governance
SailPoint - IdentityNow Identity GovernanceSailPoint - IdentityNow Identity Governance
SailPoint - IdentityNow Identity GovernanceArijan Horvat
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access managementVandana Verma
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Veritis Group, Inc
 
Microsoft Threat Protection
Microsoft Threat ProtectionMicrosoft Threat Protection
Microsoft Threat ProtectionThierry DEMAN
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementGovernment Technology Exhibition and Conference
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyNetwork Intelligence India
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
DCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDocker, Inc.
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101OneLogin
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseLance Peterman
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessForgeRock
 
Azure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity ManagementAzure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity ManagementMario Worwell
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure ADNew Horizons Ireland
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access ManagementPrashanth BS
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)KP Naidu
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Samrat Das
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
クラウドにおける Windows Azure Active Directory の役割
クラウドにおける Windows Azure Active Directory の役割クラウドにおける Windows Azure Active Directory の役割
クラウドにおける Windows Azure Active Directory の役割junichi anno
 
Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0Mads Toustrup-Lønne
 
Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Aujas
 
Identity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIdentity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIBM Security
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileNordic APIs
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateBjorn Hjelm
 

More Related Content

What's hot

Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Veritis Group, Inc
 
Microsoft Threat Protection
Microsoft Threat ProtectionMicrosoft Threat Protection
Microsoft Threat ProtectionThierry DEMAN
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
DCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDocker, Inc.
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101OneLogin
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseLance Peterman
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessForgeRock
 
Azure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity ManagementAzure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity ManagementMario Worwell
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access ManagementPrashanth BS
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)KP Naidu
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Samrat Das
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
クラウドにおける Windows Azure Active Directory の役割
クラウドにおける Windows Azure Active Directory の役割クラウドにおける Windows Azure Active Directory の役割
クラウドにおける Windows Azure Active Directory の役割junichi anno
 
Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0Mads Toustrup-Lønne
 
Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Aujas
 
Identity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIdentity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIBM Security
 

What's hot (20)

Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices 
 
Microsoft Threat Protection
Microsoft Threat ProtectionMicrosoft Threat Protection
Microsoft Threat Protection
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access Management
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
 
DCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at Netflix
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your Business
 
Azure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity ManagementAzure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity Management
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure AD
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access Management
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
 
クラウドにおける Windows Azure Active Directory の役割
クラウドにおける Windows Azure Active Directory の役割クラウドにおける Windows Azure Active Directory の役割
クラウドにおける Windows Azure Active Directory の役割
 
Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0
 
Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016
 
Identity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIdentity Governance: Not Just For Compliance
Identity Governance: Not Just For Compliance
 

Similar to Identity for IoT: An Authentication Framework for the IoT

Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileNordic APIs
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateBjorn Hjelm
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsPing Identity
 
FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of Things FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of ThingsFIDO Alliance
 
An Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectAn Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectBjorn Hjelm
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectLiamWadman
 
EduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationEduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationChristian Glahn
 
The “I” in API is for Identity (Nordic APIS April 2014)
The “I” in API is for Identity (Nordic APIS April 2014)The “I” in API is for Identity (Nordic APIS April 2014)
The “I” in API is for Identity (Nordic APIS April 2014)Nordic APIs
 
Smart OpenID & Mobile Network Security
Smart OpenID & Mobile Network SecuritySmart OpenID & Mobile Network Security
Smart OpenID & Mobile Network SecurityAndreas Leicher
 
Securing APIs with oAuth2
Securing APIs with oAuth2Securing APIs with oAuth2
Securing APIs with oAuth2Michae Blakeney
 
1000 ways to die in mobile oauth
1000 ways to die in mobile oauth1000 ways to die in mobile oauth
1000 ways to die in mobile oauthPriyanka Aash
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalOracleIDM
 
OpenID Foundation MODRNA WG overview at EIC 2019
OpenID Foundation MODRNA WG overview at EIC 2019OpenID Foundation MODRNA WG overview at EIC 2019
OpenID Foundation MODRNA WG overview at EIC 2019Bjorn Hjelm
 
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CloudIDSummit
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New BlackWSO2
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldPing Identity
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCloudIDSummit
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
 
Securing ap is oauth and fine grained access control
Securing ap is oauth and fine grained access controlSecuring ap is oauth and fine grained access control
Securing ap is oauth and fine grained access controlAaronLieberman5
 

Similar to Identity for IoT: An Authentication Framework for the IoT (20)

Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and Mobile
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG Update
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of Things
 
FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of Things FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of Things
 
An Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectAn Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile Connect
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID Connect
 
EduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationEduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and Implementation
 
The “I” in API is for Identity (Nordic APIS April 2014)
The “I” in API is for Identity (Nordic APIS April 2014)The “I” in API is for Identity (Nordic APIS April 2014)
The “I” in API is for Identity (Nordic APIS April 2014)
 
Smart OpenID & Mobile Network Security
Smart OpenID & Mobile Network SecuritySmart OpenID & Mobile Network Security
Smart OpenID & Mobile Network Security
 
Securing APIs with oAuth2
Securing APIs with oAuth2Securing APIs with oAuth2
Securing APIs with oAuth2
 
API Security with OAuth2.0.
API Security with OAuth2.0.API Security with OAuth2.0.
API Security with OAuth2.0.
 
1000 ways to die in mobile oauth
1000 ways to die in mobile oauth1000 ways to die in mobile oauth
1000 ways to die in mobile oauth
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
 
OpenID Foundation MODRNA WG overview at EIC 2019
OpenID Foundation MODRNA WG overview at EIC 2019OpenID Foundation MODRNA WG overview at EIC 2019
OpenID Foundation MODRNA WG overview at EIC 2019
 
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual World
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
 
Securing ap is oauth and fine grained access control
Securing ap is oauth and fine grained access controlSecuring ap is oauth and fine grained access control
Securing ap is oauth and fine grained access control
 

More from AllSeen Alliance

Programming the Internet of Things: Why Devices Need APIs
Programming the Internet of Things: Why Devices Need APIsProgramming the Internet of Things: Why Devices Need APIs
Programming the Internet of Things: Why Devices Need APIsAllSeen Alliance
 
Designing for Interoperability
Designing for InteroperabilityDesigning for Interoperability
Designing for InteroperabilityAllSeen Alliance
 
Introduction to the AllJoyn Gateway Agent
Introduction to the AllJoyn Gateway Agent Introduction to the AllJoyn Gateway Agent
Introduction to the AllJoyn Gateway Agent AllSeen Alliance
 
Building Universal Windows Apps with AllJoyn
Building Universal Windows Apps with AllJoynBuilding Universal Windows Apps with AllJoyn
Building Universal Windows Apps with AllJoynAllSeen Alliance
 
Internet of Everything Development Using AllJoyn
Internet of Everything Development Using AllJoynInternet of Everything Development Using AllJoyn
Internet of Everything Development Using AllJoynAllSeen Alliance
 
Wearables and IoT Strategy
Wearables and IoT StrategyWearables and IoT Strategy
Wearables and IoT StrategyAllSeen Alliance
 
Mobile interoperability and business productivity
Mobile interoperability and business productivityMobile interoperability and business productivity
Mobile interoperability and business productivityAllSeen Alliance
 
Standards and Interoperability: Creating a whole that is bigger than the sum ...
Standards and Interoperability: Creating a whole that is bigger than the sum ...Standards and Interoperability: Creating a whole that is bigger than the sum ...
Standards and Interoperability: Creating a whole that is bigger than the sum ...AllSeen Alliance
 
Open Sourcing the User Experience for the IoT
Open Sourcing the User Experience for the IoTOpen Sourcing the User Experience for the IoT
Open Sourcing the User Experience for the IoTAllSeen Alliance
 
Kalay Platform Enhancing Multimedia on AllJoyn Devices
Kalay Platform Enhancing Multimedia on AllJoyn DevicesKalay Platform Enhancing Multimedia on AllJoyn Devices
Kalay Platform Enhancing Multimedia on AllJoyn DevicesAllSeen Alliance
 
Developing Interoperable IoT Controls
Developing Interoperable IoT ControlsDeveloping Interoperable IoT Controls
Developing Interoperable IoT ControlsAllSeen Alliance
 
Mobile Networks as Secure and Reliable Communication Platform for Smart Home
Mobile Networks as Secure and Reliable Communication Platform for Smart HomeMobile Networks as Secure and Reliable Communication Platform for Smart Home
Mobile Networks as Secure and Reliable Communication Platform for Smart HomeAllSeen Alliance
 
Designing For Interoperability in Mobile
Designing For Interoperability in MobileDesigning For Interoperability in Mobile
Designing For Interoperability in MobileAllSeen Alliance
 
IoT at the Edge - Gateway Services
IoT at the Edge - Gateway ServicesIoT at the Edge - Gateway Services
IoT at the Edge - Gateway ServicesAllSeen Alliance
 
“Seamless and Batteryless” Creating an Internet of Everything
“Seamless and Batteryless” Creating an Internet of Everything“Seamless and Batteryless” Creating an Internet of Everything
“Seamless and Batteryless” Creating an Internet of EverythingAllSeen Alliance
 
Creating an Internet of Everything
Creating an Internet of Everything Creating an Internet of Everything
Creating an Internet of Everything AllSeen Alliance
 
An Open Source Project for the IoT
An Open Source Project for the IoTAn Open Source Project for the IoT
An Open Source Project for the IoTAllSeen Alliance
 
My Scale Just Told the Cloud I'm Fat
My Scale Just Told the Cloud I'm FatMy Scale Just Told the Cloud I'm Fat
My Scale Just Told the Cloud I'm FatAllSeen Alliance
 
Building IoT Products: Developer Experiences
Building IoT Products: Developer ExperiencesBuilding IoT Products: Developer Experiences
Building IoT Products: Developer ExperiencesAllSeen Alliance
 

More from AllSeen Alliance (20)

Programming the Internet of Things: Why Devices Need APIs
Programming the Internet of Things: Why Devices Need APIsProgramming the Internet of Things: Why Devices Need APIs
Programming the Internet of Things: Why Devices Need APIs
 
Designing for Interoperability
Designing for InteroperabilityDesigning for Interoperability
Designing for Interoperability
 
Introduction to the AllJoyn Gateway Agent
Introduction to the AllJoyn Gateway Agent Introduction to the AllJoyn Gateway Agent
Introduction to the AllJoyn Gateway Agent
 
Building Universal Windows Apps with AllJoyn
Building Universal Windows Apps with AllJoynBuilding Universal Windows Apps with AllJoyn
Building Universal Windows Apps with AllJoyn
 
Internet of Everything Development Using AllJoyn
Internet of Everything Development Using AllJoynInternet of Everything Development Using AllJoyn
Internet of Everything Development Using AllJoyn
 
Wearables and IoT Strategy
Wearables and IoT StrategyWearables and IoT Strategy
Wearables and IoT Strategy
 
Mobile interoperability and business productivity
Mobile interoperability and business productivityMobile interoperability and business productivity
Mobile interoperability and business productivity
 
Standards and Interoperability: Creating a whole that is bigger than the sum ...
Standards and Interoperability: Creating a whole that is bigger than the sum ...Standards and Interoperability: Creating a whole that is bigger than the sum ...
Standards and Interoperability: Creating a whole that is bigger than the sum ...
 
Open Sourcing the User Experience for the IoT
Open Sourcing the User Experience for the IoTOpen Sourcing the User Experience for the IoT
Open Sourcing the User Experience for the IoT
 
Kalay Platform Enhancing Multimedia on AllJoyn Devices
Kalay Platform Enhancing Multimedia on AllJoyn DevicesKalay Platform Enhancing Multimedia on AllJoyn Devices
Kalay Platform Enhancing Multimedia on AllJoyn Devices
 
Developing Interoperable IoT Controls
Developing Interoperable IoT ControlsDeveloping Interoperable IoT Controls
Developing Interoperable IoT Controls
 
Mobile Networks as Secure and Reliable Communication Platform for Smart Home
Mobile Networks as Secure and Reliable Communication Platform for Smart HomeMobile Networks as Secure and Reliable Communication Platform for Smart Home
Mobile Networks as Secure and Reliable Communication Platform for Smart Home
 
Designing For Interoperability in Mobile
Designing For Interoperability in MobileDesigning For Interoperability in Mobile
Designing For Interoperability in Mobile
 
IoT at the Edge - Gateway Services
IoT at the Edge - Gateway ServicesIoT at the Edge - Gateway Services
IoT at the Edge - Gateway Services
 
The Social Home
The Social HomeThe Social Home
The Social Home
 
“Seamless and Batteryless” Creating an Internet of Everything
“Seamless and Batteryless” Creating an Internet of Everything“Seamless and Batteryless” Creating an Internet of Everything
“Seamless and Batteryless” Creating an Internet of Everything
 
Creating an Internet of Everything
Creating an Internet of Everything Creating an Internet of Everything
Creating an Internet of Everything
 
An Open Source Project for the IoT
An Open Source Project for the IoTAn Open Source Project for the IoT
An Open Source Project for the IoT
 
My Scale Just Told the Cloud I'm Fat
My Scale Just Told the Cloud I'm FatMy Scale Just Told the Cloud I'm Fat
My Scale Just Told the Cloud I'm Fat
 
Building IoT Products: Developer Experiences
Building IoT Products: Developer ExperiencesBuilding IoT Products: Developer Experiences
Building IoT Products: Developer Experiences
 

Recently uploaded

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Recently uploaded (20)

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Identity for IoT: An Authentication Framework for the IoT

  • 1. AN AUTHENTICATION FRAMEWORK FOR THE IOT John Bradley Copyright © 2014 Ping Identity Corp.All rights reserved. 1
  • 2. Premise Copyright © 2014 Ping Identity Corp.All rights reserved. 2 •  The full promise of the Internet of Things (IoT) can only be realized if the many and varied interactions between users, things, cloud services and applications can be authenticated. •  User delegated consent will be necessary for any scenario where potentially privacy sensitive data is collected and transferred (wearables, home automation, health, etc). •  OAuth 2.0 and OpenID Connect 1.0 are two authentication and authorization standards that promise to serve as important tools for the IoT’s authentication and authorization requirements
  • 3. Who are the actors Copyright © 2014 Ping Identity Corp.All rights reserved. 3 • Things/devices • Users • Applications • Clouds • Gateways
  • 4. Who are the actors Copyright © 2014 Ping Identity Corp.All rights reserved. 4 • Things/devices • Users • Applications • Clouds • Gateways All of which need to be authenticated
  • 5. Authentication & Authorization Model Copyright © 2014 Ping Identity Corp.All rights reserved. 5 •  IoT Actors authenticate by presenting security tokens on their calls/messages to each other •  Tokens represent relationship between the relevant user and the calling actor (and any consents/permissions associated with that relationship •  Upon receiving a message, an actor validates the token to verify the request is consistent with the relationship/permissions •  If consent is removed, token is revoked, and access disabled •  OAuth 2.0 & OpenID Connect 1.0 are two authentication & authorization frameworks that enable this model
  • 6. OAuth 2.0 Copyright © 2014 Ping Identity Corp.All rights reserved. 6 •  OAuth 2.0 is an IETF standard authentication & authorization framework for securing application access to RESTful APIs •  OAuth allows a Client (an application that desires information) to send an API query to a Resource Server (RS), the application hosting the desired information, such that the RS can authenticate that the message was indeed sent by the Client. •  The Client authenticates to the RS through the inclusion of an access token on its API call—a token previously provided to the Client by an Authorization Server (AS). •  In those scenarios that the API in question protects access to a User’s identity attributes, it may be the case that the access token will only be issued by the AS after the User has explicitly given consent to the Client accessing those attributes.
  • 7. OpenID Connect 1.0 Copyright © 2014 Ping Identity Corp.All rights reserved. 7 •  OpenID Connect 1.0 is an OIDF standard that profiles and extends OAuth 2.0 to add an identity layer—creating a single framework that promises to secure APIs, mobile native applications and browser applications in a single, cohesive architecture. •  OpenID Connect adds two notable identity constructs to OAuth’s token issuance model. –  An identity token—the delivery of which, from one party to another, can enable a federated SSO user experience for a user. –  A standardized identity attribute API—at which a client can retrieve the desired identity attributes for a given user. •  If your use case requires something more than authentication and authorization of API calls, Connect’s features that go beyond OAuth become relevant.
  • 8. Representative IoT architecture Copyright © 2014 Ping Identity Corp.All rights reserved. 8 • Fitbit makes Aria smart scale • Scale syncs through home Wifi to Fitbit cloud for display & analysis through web & native applications • 3rd party services can access weight data to provide additional insight
  • 9. Architecture requirements Copyright © 2014 Ping Identity Corp.All rights reserved. 9 • User weight data is personal and must be protected against compromise • Additionally, weight data must only be shared by Fitbit when consistent with user policy
  • 10. Architecture Copyright © 2014 Ping Identity Corp.All rights reserved. 10 FitBit Proprietary 3rd party services REST API REST API
  • 11. Architecture Copyright © 2014 Ping Identity Corp.All rights reserved. 11 FitBit Proprietary 3rd party services REST API REST API Lets examine how OAuth & Connect can apply here
  • 12. Cloud to cloud Copyright © 2014 Ping Identity Corp.All rights reserved. 12 •  TrendWeight offers additional insight & analysis of weight data •  Pulls scale data from Fitbit cloud REST endpoints •  TrendWeight should use OAuth to authenticate their API calls as being on behalf of particular user •  Because user is involved in token issuance, privacy enabling model
  • 13. Cloud to Cloud Copyright © 2014 Ping Identity Corp.All rights reserved. 13 Login & consent Weight data
  • 14. Revocation of authorization Copyright © 2014 Ping Identity Corp.All rights reserved. 14 User can remove permissions assigned 3rd parties
  • 15. Native Application Copyright © 2014 Ping Identity Corp.All rights reserved. 15 •  Users can view their weight data & trends from ioS & Android native applications •  Native applications pull data from Fitbit cloud REST endpoints •  Native applications should use OAuth to authenticate their API calls as being on behalf of particular user
  • 16. Device to gateway Copyright © 2014 Ping Identity Corp.All rights reserved. 16 •  Devices communicate with each other and the gateway via the local network— sharing data, sending control messages, etc. •  These local interactions may not use HTTP, but instead a application protocol more optimized to the constraints (CPU size, battery, etc.) of devices. •  Such application protocols include XMPP, MQTT and CoAP. •  Work has begun in exploring how to bind OAuth & Connect to such IoT optimized protocols, e.g.ACE effort in IETF
  • 17. Conclusion Copyright © 2014 Ping Identity Corp.All rights reserved. 17 • Authentication & authorization of actors is fundamental to IoT security • Mechanisms must be secure, scalable and privacy respecting • OAuth & Connect promise to provide important pieces of authn & authz framework for IoT