SlideShare une entreprise Scribd logo

Federated Identity for IoT with OAuth2

Paul Fremantle
Paul Fremantle

My slides from FOSDEM14 IoT Devroom

Technologie
1  sur  21
Télécharger pour lire hors ligne
Federated  Iden*ty  for  IoT  with   OAuth   Paul  Fremantle   CTO,  WSO2  (paul@wso2.com)   PhD  researcher,  Portsmouth  University   (paul.fremantle@port.ac.uk)     @pzfreo  
How  this  will  work   •  Quick  intro  to  Federated  Iden*ty  and  Access   Management   •  Even  quicker  introduc*on  to  OAuth2   •  MQTT  overview   •  Demo   •  Issues   •  Next  steps  
What  is  Federated  Iden*ty  and  Access   Management  (FIAM)?   Federated  IAM  aims  to  give  You  control  over   your  creden*als  and  access:   •  You  don’t  give  your  userid/pw  to  anyone   •  You  control  the  grant  of  permissions   •  LinkedIn  example   •  OAuth2  emerging  as  widely  used  approach      
Why  FIAM  for  IoT?   •  Your  device  =  Your  data   •  Tokens  are  beYer  than  u/p  for  devices   •  Manage  tokens  and  scopes  independently  of   the  device    
Tokens  
Why  OAuth2?   •  Widely  implemented   •  PreYy  good     –  Of  course  there  is  never  100%  agreement   –  Or  certainty  with  security  protocols   •  Not  just  HTTP:   –  hYp://tools.ie^.org/html/dra_-­‐ie^-­‐kiYen-­‐sasl-­‐ oauth-­‐12   –  OAuth2  used  with  SSL      
Three-­‐legged  OAuth  
MQTT  
MQTT   •  Very  lightweight  messaging  protocol   –  Designed  for  8-­‐bit  controllers,  SCADA,  etc   –  Low  power,  low  bandwidth   –  Binary  header  of  2  bytes   –  Lots  of  implementa*ons   •  MosquiYo  from  Eclipse   •  Apache  Ac*veMQ  and  Apollo   –  Clients:   •  Arduino,  Perl,  Python,  PHP,  C,  Java,  JS/Node.js,  .Net,  etc   •  Plus  an  even  lighter-­‐weight  version  for  Zigbee   –  MQTT-­‐SN  (Sensor  Network)  
CreateToken.py   Demo  components     1 Refresher.py   2 Arduino   3 5 4 MosquiYo   (Open  Source  MQTT   Broker)     Ac*ng  as  “Resource   Server”     MosquiYo_py_auth     mqY-­‐oauth2.py   IdP     WSO2  Iden*ty   Server   6 ESB   Introspec*on   API  
Demo  steps   1.  Get  an  access-­‐token  /  refresh-­‐token   2.  Encode  it  into  the  Arduino  code,  compile,  burn   3.  Reboot  Arduino   4.  Arduino  tries  access  token   5.  Arduino  connects  as  “refresh  user”  and  requests  refresh   token   •  6.  Arduino  receives  updated  access  token  and  reconnects     •  7.  Arduino  starts  to  publish  data  (assuming  it  is  allowed!)   •  8.  Python  client  receives  data  using  a  previously  authorized   token   •  •  •  •  • 
Step  1.  Get  a  token   •  Simple  python  script  and  web  browser   •  Encodes  the  requested  permission  “scopes”  as   b64  encoded  JSON  (ugly  but  works!)   •  scope  =  '[{"rw":"w","topic":"/pzf/#"}]’   •  IdP  =  WSO2  Iden*ty  Server   –   open  source  Oauth  server   •  Redirects  to  a  localhost  server  which  prints   the  code  
Step  2.  Burn  into  Arduino   •  LiYle  program  burns  into  EEPROM    
Step  3,  4,  5,  6     Recode  Arduino  with  App   •  App  tries  access  token  to  CONNECT   •  If  fails,  retries  as  user  “r”  (refresh)   –  Ideally  this  would  be  a  separate  server  /  IdP-­‐based   broker   •  Sends  {clien*d,  refresh_token}  to  topic  /r   •  Subscribes  to  /c/{clien*d}   •  When  new  access_token  arrives,  saves  in   EEPROM  and  reconnects  
Step  7.  Arduino  publishes  data   •  MPU  9150   •  Yaw,  Pitch,  Roll   •  Every  publish  is  validated  against  the  IdP   –  Should  be  cached  by  the  resource  server  
Step  8.  Python  client  subscribes   •  Subscriber.py  
Lessons  learnt   •  MQTT  and  MPU  /  I2C  code  is  97%  of  Duemilanove   –  Adding  the  final  logic  to  do  OAuth2  flow  pushed  it  to  99%   –  No  TLS  in  this  demo  is  a  big  issue   •  Different  Oauth  implementa*ons  behave  differently  (e.g.   changing  the  refresh  token  every  *me  you  refresh)   •  Need  to  be  able  to  update  the  scope  of  token  if  this  will   work  for  long  term  embedded  devices   •  The  refresh  flow  should  not  really  go  via  the  Resource   server   –  Easy  fix     •  MQTT  should  have  a  well  defined  model  for  sending  a   message  to  just  one  client  (securely)  
Next  steps   •  •  •  •  •  Do  the  same  for  CoAP  /  other  IoT  protocols   Implement  solidly  J   Gain  agreement  on  the  specific  MQTT   Other  FIAM  approaches  for  IoT?   Please  feel  free  to  contact  me:   –  @pzfreo   –  paul@wso2.com  
Ques*ons?  

Recommandé

Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsPaul Fremantle
 
The use case for Cassandra at Ping Identity
The use case for Cassandra at Ping IdentityThe use case for Cassandra at Ping Identity
The use case for Cassandra at Ping IdentityPing Identity
 
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyOAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyMike Schwartz
 
IoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architectureIoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architecturePaul Fremantle
 
Anonymous Individual Integration for IoT
Anonymous Individual Integration for IoTAnonymous Individual Integration for IoT
Anonymous Individual Integration for IoTPaul Fremantle
 
Devising a practical approach to the Internet of Things
Devising a practical approach to the Internet of ThingsDevising a practical approach to the Internet of Things
Devising a practical approach to the Internet of ThingsGordon Haff
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]Leonardo De Moura Rocha Lima
 
Jamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS SecurityJamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS Securitycentralohioissa
 

Recommandé

Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsPaul Fremantle
 
The use case for Cassandra at Ping Identity
The use case for Cassandra at Ping IdentityThe use case for Cassandra at Ping Identity
The use case for Cassandra at Ping IdentityPing Identity
 
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyOAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyMike Schwartz
 
IoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architectureIoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architecturePaul Fremantle
 
Anonymous Individual Integration for IoT
Anonymous Individual Integration for IoTAnonymous Individual Integration for IoT
Anonymous Individual Integration for IoTPaul Fremantle
 
Devising a practical approach to the Internet of Things
Devising a practical approach to the Internet of ThingsDevising a practical approach to the Internet of Things
Devising a practical approach to the Internet of ThingsGordon Haff
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]Leonardo De Moura Rocha Lima
 
Jamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS SecurityJamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS Securitycentralohioissa
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect ProtocolMichael Furman
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015Eurotech
 
Owasp top 10
Owasp top 10 Owasp top 10
Owasp top 10 veerababu penugonda(Mr-IoT)
 
Creator IoT Framework
Creator IoT FrameworkCreator IoT Framework
Creator IoT FrameworkPaul Evans
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architecturesinovia
 
Azure IoT Hub
Azure IoT HubAzure IoT Hub
Azure IoT HubWinWire Technologies Inc
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
IoT on Azure
IoT on AzureIoT on Azure
IoT on AzureVinoth Rajagopalan
 
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)Codit
 
Developing an IoT System FIWARE Based from the Scratch
Developing an IoT System FIWARE Based from the ScratchDeveloping an IoT System FIWARE Based from the Scratch
Developing an IoT System FIWARE Based from the ScratchFIWARE
 
Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016Erez Metula
 
Using an Open Source RESTful Backend for IoT Applications
Using an Open Source RESTful Backend for IoT ApplicationsUsing an Open Source RESTful Backend for IoT Applications
Using an Open Source RESTful Backend for IoT ApplicationsJan Liband
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone
 
Microservices Security: dos and don'ts
Microservices Security: dos and don'tsMicroservices Security: dos and don'ts
Microservices Security: dos and don'tsMinded Security
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsRoshan Kulkarni
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and MethodsLeonardo De Moura Rocha Lima
 
DotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreDotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreRiccardo Cappello
 
FIWARE Developers Week_IoT basic exercises
FIWARE Developers Week_IoT basic exercisesFIWARE Developers Week_IoT basic exercises
FIWARE Developers Week_IoT basic exercisesFIWARE
 
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTAuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTTransUnion
 
Identity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTIdentity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTAllSeen Alliance
 
Creating an Internet of Everything
Creating an Internet of Everything Creating an Internet of Everything
Creating an Internet of Everything AllSeen Alliance
 

Contenu connexe

Tendances

OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect ProtocolMichael Furman
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015Eurotech
 
Creator IoT Framework
Creator IoT FrameworkCreator IoT Framework
Creator IoT FrameworkPaul Evans
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architecturesinovia
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)Codit
 
Developing an IoT System FIWARE Based from the Scratch
Developing an IoT System FIWARE Based from the ScratchDeveloping an IoT System FIWARE Based from the Scratch
Developing an IoT System FIWARE Based from the ScratchFIWARE
 
Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016Erez Metula
 
Using an Open Source RESTful Backend for IoT Applications
Using an Open Source RESTful Backend for IoT ApplicationsUsing an Open Source RESTful Backend for IoT Applications
Using an Open Source RESTful Backend for IoT ApplicationsJan Liband
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone
 
Microservices Security: dos and don'ts
Microservices Security: dos and don'tsMicroservices Security: dos and don'ts
Microservices Security: dos and don'tsMinded Security
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsRoshan Kulkarni
 
DotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreDotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreRiccardo Cappello
 
FIWARE Developers Week_IoT basic exercises
FIWARE Developers Week_IoT basic exercisesFIWARE Developers Week_IoT basic exercises
FIWARE Developers Week_IoT basic exercisesFIWARE
 
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTAuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTTransUnion
 

Tendances (20)

OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect Protocol
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015
 
Owasp top 10
Owasp top 10 Owasp top 10
Owasp top 10
 
Creator IoT Framework
Creator IoT FrameworkCreator IoT Framework
Creator IoT Framework
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architectures
 
Azure IoT Hub
Azure IoT HubAzure IoT Hub
Azure IoT Hub
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
 
IoT on Azure
IoT on AzureIoT on Azure
IoT on Azure
 
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)
 
Developing an IoT System FIWARE Based from the Scratch
Developing an IoT System FIWARE Based from the ScratchDeveloping an IoT System FIWARE Based from the Scratch
Developing an IoT System FIWARE Based from the Scratch
 
Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016
 
Using an Open Source RESTful Backend for IoT Applications
Using an Open Source RESTful Backend for IoT ApplicationsUsing an Open Source RESTful Backend for IoT Applications
Using an Open Source RESTful Backend for IoT Applications
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined Perimeter
 
Microservices Security: dos and don'ts
Microservices Security: dos and don'tsMicroservices Security: dos and don'ts
Microservices Security: dos and don'ts
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud Platforms
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
 
DotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreDotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il Concentratore
 
FIWARE Developers Week_IoT basic exercises
FIWARE Developers Week_IoT basic exercisesFIWARE Developers Week_IoT basic exercises
FIWARE Developers Week_IoT basic exercises
 
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTAuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
 

En vedette

Identity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTIdentity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTAllSeen Alliance
 
Creating an Internet of Everything
Creating an Internet of Everything Creating an Internet of Everything
Creating an Internet of Everything AllSeen Alliance
 
Federated identity and trust management redp3678
Federated identity and trust management redp3678Federated identity and trust management redp3678
Federated identity and trust management redp3678Banking at Ho Chi Minh city
 
No IoT Without Identity
No IoT Without Identity No IoT Without Identity
No IoT Without Identity ForgeRock
 
Cybesecurity of the IoT
Cybesecurity of the IoTCybesecurity of the IoT
Cybesecurity of the IoTAltoros
 
Device Management with OMA Lightweight M2M
Device Management with OMA Lightweight M2MDevice Management with OMA Lightweight M2M
Device Management with OMA Lightweight M2MHannes Tschofenig
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTForgeRock
 
IBM Interconnect 2016 - Hybrid Cloud Messaging
IBM Interconnect 2016 - Hybrid Cloud MessagingIBM Interconnect 2016 - Hybrid Cloud Messaging
IBM Interconnect 2016 - Hybrid Cloud MessagingRobert Nicholson
 
Capgemini Digital Transformation - Beyond the Hype
Capgemini Digital Transformation - Beyond the HypeCapgemini Digital Transformation - Beyond the Hype
Capgemini Digital Transformation - Beyond the Hypedefault default
 
Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0Hannes Tschofenig
 
Iot Software-As-A-Service Implementation Framework
Iot Software-As-A-Service Implementation FrameworkIot Software-As-A-Service Implementation Framework
Iot Software-As-A-Service Implementation FrameworkChandrashekhar More
 
How to use Innovative Architectures for Digital Enterprises
How to use Innovative Architectures for Digital EnterprisesHow to use Innovative Architectures for Digital Enterprises
How to use Innovative Architectures for Digital EnterprisesCapgemini
 
Delivering Digital Transformation and Leveraging a Digital Platform
Delivering Digital Transformation and Leveraging a Digital PlatformDelivering Digital Transformation and Leveraging a Digital Platform
Delivering Digital Transformation and Leveraging a Digital PlatformCapgemini
 
Capgemini Digital Reference Architecture with HPE
Capgemini Digital Reference Architecture with HPECapgemini Digital Reference Architecture with HPE
Capgemini Digital Reference Architecture with HPECapgemini
 
Driving Connectivity in the Scottish Islands: Droneways and Airmasts
Driving Connectivity in the Scottish Islands: Droneways and AirmastsDriving Connectivity in the Scottish Islands: Droneways and Airmasts
Driving Connectivity in the Scottish Islands: Droneways and Airmasts3G4G
 
An Introduction to IoT: Connectivity & Case Studies
An Introduction to IoT: Connectivity & Case StudiesAn Introduction to IoT: Connectivity & Case Studies
An Introduction to IoT: Connectivity & Case Studies3G4G
 
5G Network Architecture and Design
5G Network Architecture and Design5G Network Architecture and Design
5G Network Architecture and Design3G4G
 
3GPP Standards for the Internet-of-Things
3GPP Standards for the Internet-of-Things3GPP Standards for the Internet-of-Things
3GPP Standards for the Internet-of-ThingsEiko Seidel
 

En vedette (20)

Identity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTIdentity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoT
 
Creating an Internet of Everything
Creating an Internet of Everything Creating an Internet of Everything
Creating an Internet of Everything
 
Federated identity and trust management redp3678
Federated identity and trust management redp3678Federated identity and trust management redp3678
Federated identity and trust management redp3678
 
No IoT Without Identity
No IoT Without Identity No IoT Without Identity
No IoT Without Identity
 
Cybesecurity of the IoT
Cybesecurity of the IoTCybesecurity of the IoT
Cybesecurity of the IoT
 
Device Management with OMA Lightweight M2M
Device Management with OMA Lightweight M2MDevice Management with OMA Lightweight M2M
Device Management with OMA Lightweight M2M
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
 
Technical landscape of IoT
Technical landscape of IoTTechnical landscape of IoT
Technical landscape of IoT
 
IBM Interconnect 2016 - Hybrid Cloud Messaging
IBM Interconnect 2016 - Hybrid Cloud MessagingIBM Interconnect 2016 - Hybrid Cloud Messaging
IBM Interconnect 2016 - Hybrid Cloud Messaging
 
Capgemini Digital Transformation - Beyond the Hype
Capgemini Digital Transformation - Beyond the HypeCapgemini Digital Transformation - Beyond the Hype
Capgemini Digital Transformation - Beyond the Hype
 
Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0
 
Iot Software-As-A-Service Implementation Framework
Iot Software-As-A-Service Implementation FrameworkIot Software-As-A-Service Implementation Framework
Iot Software-As-A-Service Implementation Framework
 
How to use Innovative Architectures for Digital Enterprises
How to use Innovative Architectures for Digital EnterprisesHow to use Innovative Architectures for Digital Enterprises
How to use Innovative Architectures for Digital Enterprises
 
Delivering Digital Transformation and Leveraging a Digital Platform
Delivering Digital Transformation and Leveraging a Digital PlatformDelivering Digital Transformation and Leveraging a Digital Platform
Delivering Digital Transformation and Leveraging a Digital Platform
 
Capgemini Digital Reference Architecture with HPE
Capgemini Digital Reference Architecture with HPECapgemini Digital Reference Architecture with HPE
Capgemini Digital Reference Architecture with HPE
 
Building a Digital Transformation Roadmap
Building a Digital Transformation RoadmapBuilding a Digital Transformation Roadmap
Building a Digital Transformation Roadmap
 
Driving Connectivity in the Scottish Islands: Droneways and Airmasts
Driving Connectivity in the Scottish Islands: Droneways and AirmastsDriving Connectivity in the Scottish Islands: Droneways and Airmasts
Driving Connectivity in the Scottish Islands: Droneways and Airmasts
 
An Introduction to IoT: Connectivity & Case Studies
An Introduction to IoT: Connectivity & Case StudiesAn Introduction to IoT: Connectivity & Case Studies
An Introduction to IoT: Connectivity & Case Studies
 
5G Network Architecture and Design
5G Network Architecture and Design5G Network Architecture and Design
5G Network Architecture and Design
 
3GPP Standards for the Internet-of-Things
3GPP Standards for the Internet-of-Things3GPP Standards for the Internet-of-Things
3GPP Standards for the Internet-of-Things
 

Similaire à Federated Identity for IoT with OAuth2

How to write secure code
How to write secure codeHow to write secure code
How to write secure codeFlaskdata.io
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications WSO2
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenIDFoundation
 
2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabiRafik HARABI
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE
 
Secure your web app presentation
Secure your web app presentationSecure your web app presentation
Secure your web app presentationFrans Lytzen
 
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)Jakub Botwicz
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CloudIDSummit
 
Srikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latestSrikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latestSrikanth Pilli
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysJoff Thyer
 
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...CODE BLUE
 
HTTP Services & REST API Security
HTTP Services & REST API SecurityHTTP Services & REST API Security
HTTP Services & REST API SecurityTaiseer Joudeh
 
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3Adam Dunkels
 
Splunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shellsSplunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shellsAnthony D Hendricks
 
Eclipse Kura Shoot a-pi
Eclipse Kura Shoot a-piEclipse Kura Shoot a-pi
Eclipse Kura Shoot a-piEclipse Kura
 
Practical Security with MQTT and Mosquitto
Practical Security with MQTT and MosquittoPractical Security with MQTT and Mosquitto
Practical Security with MQTT and Mosquittonbarendt
 

Similaire à Federated Identity for IoT with OAuth2 (20)

How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018
 
10 1 otp all
10 1 otp all10 1 otp all
10 1 otp all
 
2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT Devices
 
Secure your web app presentation
Secure your web app presentationSecure your web app presentation
Secure your web app presentation
 
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
 
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
 
Srikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latestSrikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latest
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
 
HTTP Services & REST API Security
HTTP Services & REST API SecurityHTTP Services & REST API Security
HTTP Services & REST API Security
 
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
 
IzoT platform presentation
IzoT platform presentationIzoT platform presentation
IzoT platform presentation
 
Splunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shellsSplunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shells
 
Monkey Server
Monkey ServerMonkey Server
Monkey Server
 
Eclipse Kura Shoot a-pi
Eclipse Kura Shoot a-piEclipse Kura Shoot a-pi
Eclipse Kura Shoot a-pi
 
Practical Security with MQTT and Mosquitto
Practical Security with MQTT and MosquittoPractical Security with MQTT and Mosquitto
Practical Security with MQTT and Mosquitto
 

Plus de Paul Fremantle

IoT and Blockchains - enhancing security and privacy
IoT and Blockchains - enhancing security and privacyIoT and Blockchains - enhancing security and privacy
IoT and Blockchains - enhancing security and privacyPaul Fremantle
 
Web API Management meets the Internet of Things
Web API Management meets the Internet of ThingsWeb API Management meets the Internet of Things
Web API Management meets the Internet of ThingsPaul Fremantle
 
Apache Stratos - Building a PaaS using OSGi and Equinox
Apache Stratos - Building a PaaS using OSGi and EquinoxApache Stratos - Building a PaaS using OSGi and Equinox
Apache Stratos - Building a PaaS using OSGi and EquinoxPaul Fremantle
 
Beyond Economics - Cloud as a Business Enabler
Beyond Economics - Cloud as a Business EnablerBeyond Economics - Cloud as a Business Enabler
Beyond Economics - Cloud as a Business EnablerPaul Fremantle
 
The Evolution of Integration
The Evolution of IntegrationThe Evolution of Integration
The Evolution of IntegrationPaul Fremantle
 
High Volume Web API Management with the WSO2 ESB
High Volume Web API Management with the WSO2 ESBHigh Volume Web API Management with the WSO2 ESB
High Volume Web API Management with the WSO2 ESBPaul Fremantle
 
Stratos Open PaaS OSCON 2011
Stratos Open PaaS OSCON 2011Stratos Open PaaS OSCON 2011
Stratos Open PaaS OSCON 2011Paul Fremantle
 
Stratos and PaaS for London Java Community
Stratos and PaaS for London Java CommunityStratos and PaaS for London Java Community
Stratos and PaaS for London Java CommunityPaul Fremantle
 
Understanding Platform as a Service
Understanding Platform as a ServiceUnderstanding Platform as a Service
Understanding Platform as a ServicePaul Fremantle
 
Making Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and MeteredMaking Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and MeteredPaul Fremantle
 
Building Cloud Native Software
Building Cloud Native SoftwareBuilding Cloud Native Software
Building Cloud Native SoftwarePaul Fremantle
 
Building Innovation with Open Source Approaches
Building Innovation with Open Source ApproachesBuilding Innovation with Open Source Approaches
Building Innovation with Open Source ApproachesPaul Fremantle
 
Three SOA Case Studies
Three SOA Case StudiesThree SOA Case Studies
Three SOA Case StudiesPaul Fremantle
 
Fast SOA with Apache Synapse
Fast SOA with Apache SynapseFast SOA with Apache Synapse
Fast SOA with Apache SynapsePaul Fremantle
 
REST vs WS-*: Myths Facts and Lies
REST vs WS-*: Myths Facts and LiesREST vs WS-*: Myths Facts and Lies
REST vs WS-*: Myths Facts and LiesPaul Fremantle
 

Plus de Paul Fremantle (16)

IoT and Blockchains - enhancing security and privacy
IoT and Blockchains - enhancing security and privacyIoT and Blockchains - enhancing security and privacy
IoT and Blockchains - enhancing security and privacy
 
Web API Management meets the Internet of Things
Web API Management meets the Internet of ThingsWeb API Management meets the Internet of Things
Web API Management meets the Internet of Things
 
Apache Stratos - Building a PaaS using OSGi and Equinox
Apache Stratos - Building a PaaS using OSGi and EquinoxApache Stratos - Building a PaaS using OSGi and Equinox
Apache Stratos - Building a PaaS using OSGi and Equinox
 
Beyond Economics - Cloud as a Business Enabler
Beyond Economics - Cloud as a Business EnablerBeyond Economics - Cloud as a Business Enabler
Beyond Economics - Cloud as a Business Enabler
 
Evolution of PaaS
Evolution of PaaSEvolution of PaaS
Evolution of PaaS
 
The Evolution of Integration
The Evolution of IntegrationThe Evolution of Integration
The Evolution of Integration
 
High Volume Web API Management with the WSO2 ESB
High Volume Web API Management with the WSO2 ESBHigh Volume Web API Management with the WSO2 ESB
High Volume Web API Management with the WSO2 ESB
 
Stratos Open PaaS OSCON 2011
Stratos Open PaaS OSCON 2011Stratos Open PaaS OSCON 2011
Stratos Open PaaS OSCON 2011
 
Stratos and PaaS for London Java Community
Stratos and PaaS for London Java CommunityStratos and PaaS for London Java Community
Stratos and PaaS for London Java Community
 
Understanding Platform as a Service
Understanding Platform as a ServiceUnderstanding Platform as a Service
Understanding Platform as a Service
 
Making Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and MeteredMaking Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and Metered
 
Building Cloud Native Software
Building Cloud Native SoftwareBuilding Cloud Native Software
Building Cloud Native Software
 
Building Innovation with Open Source Approaches
Building Innovation with Open Source ApproachesBuilding Innovation with Open Source Approaches
Building Innovation with Open Source Approaches
 
Three SOA Case Studies
Three SOA Case StudiesThree SOA Case Studies
Three SOA Case Studies
 
Fast SOA with Apache Synapse
Fast SOA with Apache SynapseFast SOA with Apache Synapse
Fast SOA with Apache Synapse
 
REST vs WS-*: Myths Facts and Lies
REST vs WS-*: Myths Facts and LiesREST vs WS-*: Myths Facts and Lies
REST vs WS-*: Myths Facts and Lies
 

Dernier

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Dernier (20)

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

Federated Identity for IoT with OAuth2

  • 1. Federated  Iden*ty  for  IoT  with   OAuth   Paul  Fremantle   CTO,  WSO2  (paul@wso2.com)   PhD  researcher,  Portsmouth  University   (paul.fremantle@port.ac.uk)     @pzfreo  
  • 2. How  this  will  work   •  Quick  intro  to  Federated  Iden*ty  and  Access   Management   •  Even  quicker  introduc*on  to  OAuth2   •  MQTT  overview   •  Demo   •  Issues   •  Next  steps  
  • 3.
  • 4. What  is  Federated  Iden*ty  and  Access   Management  (FIAM)?   Federated  IAM  aims  to  give  You  control  over   your  creden*als  and  access:   •  You  don’t  give  your  userid/pw  to  anyone   •  You  control  the  grant  of  permissions   •  LinkedIn  example   •  OAuth2  emerging  as  widely  used  approach      
  • 5. Why  FIAM  for  IoT?   •  Your  device  =  Your  data   •  Tokens  are  beYer  than  u/p  for  devices   •  Manage  tokens  and  scopes  independently  of   the  device    
  • 7. Why  OAuth2?   •  Widely  implemented   •  PreYy  good     –  Of  course  there  is  never  100%  agreement   –  Or  certainty  with  security  protocols   •  Not  just  HTTP:   –  hYp://tools.ie^.org/html/dra_-­‐ie^-­‐kiYen-­‐sasl-­‐ oauth-­‐12   –  OAuth2  used  with  SSL      
  • 10. MQTT   •  Very  lightweight  messaging  protocol   –  Designed  for  8-­‐bit  controllers,  SCADA,  etc   –  Low  power,  low  bandwidth   –  Binary  header  of  2  bytes   –  Lots  of  implementa*ons   •  MosquiYo  from  Eclipse   •  Apache  Ac*veMQ  and  Apollo   –  Clients:   •  Arduino,  Perl,  Python,  PHP,  C,  Java,  JS/Node.js,  .Net,  etc   •  Plus  an  even  lighter-­‐weight  version  for  Zigbee   –  MQTT-­‐SN  (Sensor  Network)  
  • 11.
  • 12. CreateToken.py   Demo  components     1 Refresher.py   2 Arduino   3 5 4 MosquiYo   (Open  Source  MQTT   Broker)     Ac*ng  as  “Resource   Server”     MosquiYo_py_auth     mqY-­‐oauth2.py   IdP     WSO2  Iden*ty   Server   6 ESB   Introspec*on   API  
  • 13. Demo  steps   1.  Get  an  access-­‐token  /  refresh-­‐token   2.  Encode  it  into  the  Arduino  code,  compile,  burn   3.  Reboot  Arduino   4.  Arduino  tries  access  token   5.  Arduino  connects  as  “refresh  user”  and  requests  refresh   token   •  6.  Arduino  receives  updated  access  token  and  reconnects     •  7.  Arduino  starts  to  publish  data  (assuming  it  is  allowed!)   •  8.  Python  client  receives  data  using  a  previously  authorized   token   •  •  •  •  • 
  • 14. Step  1.  Get  a  token   •  Simple  python  script  and  web  browser   •  Encodes  the  requested  permission  “scopes”  as   b64  encoded  JSON  (ugly  but  works!)   •  scope  =  '[{"rw":"w","topic":"/pzf/#"}]’   •  IdP  =  WSO2  Iden*ty  Server   –   open  source  Oauth  server   •  Redirects  to  a  localhost  server  which  prints   the  code  
  • 15. Step  2.  Burn  into  Arduino   •  LiYle  program  burns  into  EEPROM    
  • 16. Step  3,  4,  5,  6     Recode  Arduino  with  App   •  App  tries  access  token  to  CONNECT   •  If  fails,  retries  as  user  “r”  (refresh)   –  Ideally  this  would  be  a  separate  server  /  IdP-­‐based   broker   •  Sends  {clien*d,  refresh_token}  to  topic  /r   •  Subscribes  to  /c/{clien*d}   •  When  new  access_token  arrives,  saves  in   EEPROM  and  reconnects  
  • 17. Step  7.  Arduino  publishes  data   •  MPU  9150   •  Yaw,  Pitch,  Roll   •  Every  publish  is  validated  against  the  IdP   –  Should  be  cached  by  the  resource  server  
  • 18. Step  8.  Python  client  subscribes   •  Subscriber.py  
  • 19. Lessons  learnt   •  MQTT  and  MPU  /  I2C  code  is  97%  of  Duemilanove   –  Adding  the  final  logic  to  do  OAuth2  flow  pushed  it  to  99%   –  No  TLS  in  this  demo  is  a  big  issue   •  Different  Oauth  implementa*ons  behave  differently  (e.g.   changing  the  refresh  token  every  *me  you  refresh)   •  Need  to  be  able  to  update  the  scope  of  token  if  this  will   work  for  long  term  embedded  devices   •  The  refresh  flow  should  not  really  go  via  the  Resource   server   –  Easy  fix     •  MQTT  should  have  a  well  defined  model  for  sending  a   message  to  just  one  client  (securely)  
  • 20. Next  steps   •  •  •  •  •  Do  the  same  for  CoAP  /  other  IoT  protocols   Implement  solidly  J   Gain  agreement  on  the  specific  MQTT   Other  FIAM  approaches  for  IoT?   Please  feel  free  to  contact  me:   –  @pzfreo   –  paul@wso2.com