SlideShare une entreprise Scribd logo

Federated Identity for IoT with OAuth2

Paul Fremantle
Paul Fremantle

My slides from FOSDEM14 IoT Devroom

Technologie
1  sur  21
Télécharger pour lire hors ligne
Federated  Iden*ty  for  IoT  with   OAuth   Paul  Fremantle   CTO,  WSO2  (paul@wso2.com)   PhD  researcher,  Portsmouth  University   (paul.fremantle@port.ac.uk)     @pzfreo  
How  this  will  work   •  Quick  intro  to  Federated  Iden*ty  and  Access   Management   •  Even  quicker  introduc*on  to  OAuth2   •  MQTT  overview   •  Demo   •  Issues   •  Next  steps  
What  is  Federated  Iden*ty  and  Access   Management  (FIAM)?   Federated  IAM  aims  to  give  You  control  over   your  creden*als  and  access:   •  You  don’t  give  your  userid/pw  to  anyone   •  You  control  the  grant  of  permissions   •  LinkedIn  example   •  OAuth2  emerging  as  widely  used  approach      
Why  FIAM  for  IoT?   •  Your  device  =  Your  data   •  Tokens  are  beYer  than  u/p  for  devices   •  Manage  tokens  and  scopes  independently  of   the  device    
Tokens  
Why  OAuth2?   •  Widely  implemented   •  PreYy  good     –  Of  course  there  is  never  100%  agreement   –  Or  certainty  with  security  protocols   •  Not  just  HTTP:   –  hYp://tools.ie^.org/html/dra_-­‐ie^-­‐kiYen-­‐sasl-­‐ oauth-­‐12   –  OAuth2  used  with  SSL      
Three-­‐legged  OAuth  
MQTT  
MQTT   •  Very  lightweight  messaging  protocol   –  Designed  for  8-­‐bit  controllers,  SCADA,  etc   –  Low  power,  low  bandwidth   –  Binary  header  of  2  bytes   –  Lots  of  implementa*ons   •  MosquiYo  from  Eclipse   •  Apache  Ac*veMQ  and  Apollo   –  Clients:   •  Arduino,  Perl,  Python,  PHP,  C,  Java,  JS/Node.js,  .Net,  etc   •  Plus  an  even  lighter-­‐weight  version  for  Zigbee   –  MQTT-­‐SN  (Sensor  Network)  
CreateToken.py   Demo  components     1 Refresher.py   2 Arduino   3 5 4 MosquiYo   (Open  Source  MQTT   Broker)     Ac*ng  as  “Resource   Server”     MosquiYo_py_auth     mqY-­‐oauth2.py   IdP     WSO2  Iden*ty   Server   6 ESB   Introspec*on   API  
Demo  steps   1.  Get  an  access-­‐token  /  refresh-­‐token   2.  Encode  it  into  the  Arduino  code,  compile,  burn   3.  Reboot  Arduino   4.  Arduino  tries  access  token   5.  Arduino  connects  as  “refresh  user”  and  requests  refresh   token   •  6.  Arduino  receives  updated  access  token  and  reconnects     •  7.  Arduino  starts  to  publish  data  (assuming  it  is  allowed!)   •  8.  Python  client  receives  data  using  a  previously  authorized   token   •  •  •  •  • 
Step  1.  Get  a  token   •  Simple  python  script  and  web  browser   •  Encodes  the  requested  permission  “scopes”  as   b64  encoded  JSON  (ugly  but  works!)   •  scope  =  '[{"rw":"w","topic":"/pzf/#"}]’   •  IdP  =  WSO2  Iden*ty  Server   –   open  source  Oauth  server   •  Redirects  to  a  localhost  server  which  prints   the  code  
Step  2.  Burn  into  Arduino   •  LiYle  program  burns  into  EEPROM    
Step  3,  4,  5,  6     Recode  Arduino  with  App   •  App  tries  access  token  to  CONNECT   •  If  fails,  retries  as  user  “r”  (refresh)   –  Ideally  this  would  be  a  separate  server  /  IdP-­‐based   broker   •  Sends  {clien*d,  refresh_token}  to  topic  /r   •  Subscribes  to  /c/{clien*d}   •  When  new  access_token  arrives,  saves  in   EEPROM  and  reconnects  
Step  7.  Arduino  publishes  data   •  MPU  9150   •  Yaw,  Pitch,  Roll   •  Every  publish  is  validated  against  the  IdP   –  Should  be  cached  by  the  resource  server  
Step  8.  Python  client  subscribes   •  Subscriber.py  
Lessons  learnt   •  MQTT  and  MPU  /  I2C  code  is  97%  of  Duemilanove   –  Adding  the  final  logic  to  do  OAuth2  flow  pushed  it  to  99%   –  No  TLS  in  this  demo  is  a  big  issue   •  Different  Oauth  implementa*ons  behave  differently  (e.g.   changing  the  refresh  token  every  *me  you  refresh)   •  Need  to  be  able  to  update  the  scope  of  token  if  this  will   work  for  long  term  embedded  devices   •  The  refresh  flow  should  not  really  go  via  the  Resource   server   –  Easy  fix     •  MQTT  should  have  a  well  defined  model  for  sending  a   message  to  just  one  client  (securely)  
Next  steps   •  •  •  •  •  Do  the  same  for  CoAP  /  other  IoT  protocols   Implement  solidly  J   Gain  agreement  on  the  specific  MQTT   Other  FIAM  approaches  for  IoT?   Please  feel  free  to  contact  me:   –  @pzfreo   –  paul@wso2.com  
Ques*ons?  

Recommandé

Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsPaul Fremantle
 
The use case for Cassandra at Ping Identity
The use case for Cassandra at Ping IdentityThe use case for Cassandra at Ping Identity
The use case for Cassandra at Ping IdentityPing Identity
 
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyOAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyMike Schwartz
 
IoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architectureIoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architecturePaul Fremantle
 
Anonymous Individual Integration for IoT
Anonymous Individual Integration for IoTAnonymous Individual Integration for IoT
Anonymous Individual Integration for IoTPaul Fremantle
 
Devising a practical approach to the Internet of Things
Devising a practical approach to the Internet of ThingsDevising a practical approach to the Internet of Things
Devising a practical approach to the Internet of ThingsGordon Haff
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]Leonardo De Moura Rocha Lima
 
Jamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS SecurityJamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS Securitycentralohioissa
 

Recommandé

Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsPaul Fremantle
 
The use case for Cassandra at Ping Identity
The use case for Cassandra at Ping IdentityThe use case for Cassandra at Ping Identity
The use case for Cassandra at Ping IdentityPing Identity
 
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyOAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyMike Schwartz
 
IoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architectureIoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architecturePaul Fremantle
 
Anonymous Individual Integration for IoT
Anonymous Individual Integration for IoTAnonymous Individual Integration for IoT
Anonymous Individual Integration for IoTPaul Fremantle
 
Devising a practical approach to the Internet of Things
Devising a practical approach to the Internet of ThingsDevising a practical approach to the Internet of Things
Devising a practical approach to the Internet of ThingsGordon Haff
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]Leonardo De Moura Rocha Lima
 
Jamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS SecurityJamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS Securitycentralohioissa
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect ProtocolMichael Furman
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015Eurotech
 
Owasp top 10
Owasp top 10 Owasp top 10
Owasp top 10 veerababu penugonda(Mr-IoT)
 
Creator IoT Framework
Creator IoT FrameworkCreator IoT Framework
Creator IoT FrameworkPaul Evans
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architecturesinovia
 
Azure IoT Hub
Azure IoT HubAzure IoT Hub
Azure IoT HubWinWire Technologies Inc
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
IoT on Azure
IoT on AzureIoT on Azure
IoT on AzureVinoth Rajagopalan
 
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)Codit
 
Developing an IoT System FIWARE Based from the Scratch
Developing an IoT System FIWARE Based from the ScratchDeveloping an IoT System FIWARE Based from the Scratch
Developing an IoT System FIWARE Based from the ScratchFIWARE
 
Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016Erez Metula
 
Using an Open Source RESTful Backend for IoT Applications
Using an Open Source RESTful Backend for IoT ApplicationsUsing an Open Source RESTful Backend for IoT Applications
Using an Open Source RESTful Backend for IoT ApplicationsJan Liband
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone
 
Microservices Security: dos and don'ts
Microservices Security: dos and don'tsMicroservices Security: dos and don'ts
Microservices Security: dos and don'tsMinded Security
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsRoshan Kulkarni
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and MethodsLeonardo De Moura Rocha Lima
 
DotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreDotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreRiccardo Cappello
 
FIWARE Developers Week_IoT basic exercises
FIWARE Developers Week_IoT basic exercisesFIWARE Developers Week_IoT basic exercises
FIWARE Developers Week_IoT basic exercisesFIWARE
 
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTAuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTTransUnion
 
Identity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTIdentity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTAllSeen Alliance
 
Creating an Internet of Everything
Creating an Internet of Everything Creating an Internet of Everything
Creating an Internet of Everything AllSeen Alliance
 

Contenu connexe

Tendances

OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect ProtocolMichael Furman
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015Eurotech
 
Creator IoT Framework
Creator IoT FrameworkCreator IoT Framework
Creator IoT FrameworkPaul Evans
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architecturesinovia
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)Codit
 
Developing an IoT System FIWARE Based from the Scratch
Developing an IoT System FIWARE Based from the ScratchDeveloping an IoT System FIWARE Based from the Scratch
Developing an IoT System FIWARE Based from the ScratchFIWARE
 
Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016Erez Metula
 
Using an Open Source RESTful Backend for IoT Applications
Using an Open Source RESTful Backend for IoT ApplicationsUsing an Open Source RESTful Backend for IoT Applications
Using an Open Source RESTful Backend for IoT ApplicationsJan Liband
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone
 
Microservices Security: dos and don'ts
Microservices Security: dos and don'tsMicroservices Security: dos and don'ts
Microservices Security: dos and don'tsMinded Security
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsRoshan Kulkarni
 
DotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreDotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreRiccardo Cappello
 
FIWARE Developers Week_IoT basic exercises
FIWARE Developers Week_IoT basic exercisesFIWARE Developers Week_IoT basic exercises
FIWARE Developers Week_IoT basic exercisesFIWARE
 
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTAuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTTransUnion
 

Tendances (20)

OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect Protocol
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015
 
Owasp top 10
Owasp top 10 Owasp top 10
Owasp top 10
 
Creator IoT Framework
Creator IoT FrameworkCreator IoT Framework
Creator IoT Framework
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architectures
 
Azure IoT Hub
Azure IoT HubAzure IoT Hub
Azure IoT Hub
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
 
IoT on Azure
IoT on AzureIoT on Azure
IoT on Azure
 
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)
Azure IoT suite - A look behind the curtain (Sam Vanhoutte @AZUG Event)
 
Developing an IoT System FIWARE Based from the Scratch
Developing an IoT System FIWARE Based from the ScratchDeveloping an IoT System FIWARE Based from the Scratch
Developing an IoT System FIWARE Based from the Scratch
 
Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016
 
Using an Open Source RESTful Backend for IoT Applications
Using an Open Source RESTful Backend for IoT ApplicationsUsing an Open Source RESTful Backend for IoT Applications
Using an Open Source RESTful Backend for IoT Applications
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined Perimeter
 
Microservices Security: dos and don'ts
Microservices Security: dos and don'tsMicroservices Security: dos and don'ts
Microservices Security: dos and don'ts
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud Platforms
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
 
DotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreDotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il Concentratore
 
FIWARE Developers Week_IoT basic exercises
FIWARE Developers Week_IoT basic exercisesFIWARE Developers Week_IoT basic exercises
FIWARE Developers Week_IoT basic exercises
 
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTAuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
 

En vedette

Identity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTIdentity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTAllSeen Alliance
 
Creating an Internet of Everything
Creating an Internet of Everything Creating an Internet of Everything
Creating an Internet of Everything AllSeen Alliance
 
Federated identity and trust management redp3678
Federated identity and trust management redp3678Federated identity and trust management redp3678
Federated identity and trust management redp3678Banking at Ho Chi Minh city
 
No IoT Without Identity
No IoT Without Identity No IoT Without Identity
No IoT Without Identity ForgeRock
 
Cybesecurity of the IoT
Cybesecurity of the IoTCybesecurity of the IoT
Cybesecurity of the IoTAltoros
 
Device Management with OMA Lightweight M2M
Device Management with OMA Lightweight M2MDevice Management with OMA Lightweight M2M
Device Management with OMA Lightweight M2MHannes Tschofenig
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTForgeRock
 
IBM Interconnect 2016 - Hybrid Cloud Messaging
IBM Interconnect 2016 - Hybrid Cloud MessagingIBM Interconnect 2016 - Hybrid Cloud Messaging
IBM Interconnect 2016 - Hybrid Cloud MessagingRobert Nicholson
 
Capgemini Digital Transformation - Beyond the Hype
Capgemini Digital Transformation - Beyond the HypeCapgemini Digital Transformation - Beyond the Hype
Capgemini Digital Transformation - Beyond the Hypedefault default
 
Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0Hannes Tschofenig
 
Iot Software-As-A-Service Implementation Framework
Iot Software-As-A-Service Implementation FrameworkIot Software-As-A-Service Implementation Framework
Iot Software-As-A-Service Implementation FrameworkChandrashekhar More
 
How to use Innovative Architectures for Digital Enterprises
How to use Innovative Architectures for Digital EnterprisesHow to use Innovative Architectures for Digital Enterprises
How to use Innovative Architectures for Digital EnterprisesCapgemini
 
Delivering Digital Transformation and Leveraging a Digital Platform
Delivering Digital Transformation and Leveraging a Digital PlatformDelivering Digital Transformation and Leveraging a Digital Platform
Delivering Digital Transformation and Leveraging a Digital PlatformCapgemini
 
Capgemini Digital Reference Architecture with HPE
Capgemini Digital Reference Architecture with HPECapgemini Digital Reference Architecture with HPE
Capgemini Digital Reference Architecture with HPECapgemini
 
Driving Connectivity in the Scottish Islands: Droneways and Airmasts
Driving Connectivity in the Scottish Islands: Droneways and AirmastsDriving Connectivity in the Scottish Islands: Droneways and Airmasts
Driving Connectivity in the Scottish Islands: Droneways and Airmasts3G4G
 
An Introduction to IoT: Connectivity & Case Studies
An Introduction to IoT: Connectivity & Case StudiesAn Introduction to IoT: Connectivity & Case Studies
An Introduction to IoT: Connectivity & Case Studies3G4G
 
5G Network Architecture and Design
5G Network Architecture and Design5G Network Architecture and Design
5G Network Architecture and Design3G4G
 
3GPP Standards for the Internet-of-Things
3GPP Standards for the Internet-of-Things3GPP Standards for the Internet-of-Things
3GPP Standards for the Internet-of-ThingsEiko Seidel
 

En vedette (20)

Identity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTIdentity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoT
 
Creating an Internet of Everything
Creating an Internet of Everything Creating an Internet of Everything
Creating an Internet of Everything
 
Federated identity and trust management redp3678
Federated identity and trust management redp3678Federated identity and trust management redp3678
Federated identity and trust management redp3678
 
No IoT Without Identity
No IoT Without Identity No IoT Without Identity
No IoT Without Identity
 
Cybesecurity of the IoT
Cybesecurity of the IoTCybesecurity of the IoT
Cybesecurity of the IoT
 
Device Management with OMA Lightweight M2M
Device Management with OMA Lightweight M2MDevice Management with OMA Lightweight M2M
Device Management with OMA Lightweight M2M
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
 
Technical landscape of IoT
Technical landscape of IoTTechnical landscape of IoT
Technical landscape of IoT
 
IBM Interconnect 2016 - Hybrid Cloud Messaging
IBM Interconnect 2016 - Hybrid Cloud MessagingIBM Interconnect 2016 - Hybrid Cloud Messaging
IBM Interconnect 2016 - Hybrid Cloud Messaging
 
Capgemini Digital Transformation - Beyond the Hype
Capgemini Digital Transformation - Beyond the HypeCapgemini Digital Transformation - Beyond the Hype
Capgemini Digital Transformation - Beyond the Hype
 
Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0Authorization for Internet of Things using OAuth 2.0
Authorization for Internet of Things using OAuth 2.0
 
Iot Software-As-A-Service Implementation Framework
Iot Software-As-A-Service Implementation FrameworkIot Software-As-A-Service Implementation Framework
Iot Software-As-A-Service Implementation Framework
 
How to use Innovative Architectures for Digital Enterprises
How to use Innovative Architectures for Digital EnterprisesHow to use Innovative Architectures for Digital Enterprises
How to use Innovative Architectures for Digital Enterprises
 
Delivering Digital Transformation and Leveraging a Digital Platform
Delivering Digital Transformation and Leveraging a Digital PlatformDelivering Digital Transformation and Leveraging a Digital Platform
Delivering Digital Transformation and Leveraging a Digital Platform
 
Capgemini Digital Reference Architecture with HPE
Capgemini Digital Reference Architecture with HPECapgemini Digital Reference Architecture with HPE
Capgemini Digital Reference Architecture with HPE
 
Building a Digital Transformation Roadmap
Building a Digital Transformation RoadmapBuilding a Digital Transformation Roadmap
Building a Digital Transformation Roadmap
 
Driving Connectivity in the Scottish Islands: Droneways and Airmasts
Driving Connectivity in the Scottish Islands: Droneways and AirmastsDriving Connectivity in the Scottish Islands: Droneways and Airmasts
Driving Connectivity in the Scottish Islands: Droneways and Airmasts
 
An Introduction to IoT: Connectivity & Case Studies
An Introduction to IoT: Connectivity & Case StudiesAn Introduction to IoT: Connectivity & Case Studies
An Introduction to IoT: Connectivity & Case Studies
 
5G Network Architecture and Design
5G Network Architecture and Design5G Network Architecture and Design
5G Network Architecture and Design
 
3GPP Standards for the Internet-of-Things
3GPP Standards for the Internet-of-Things3GPP Standards for the Internet-of-Things
3GPP Standards for the Internet-of-Things
 

Similaire à Federated Identity for IoT with OAuth2

How to write secure code
How to write secure codeHow to write secure code
How to write secure codeFlaskdata.io
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications WSO2
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenIDFoundation
 
2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabiRafik HARABI
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE
 
Secure your web app presentation
Secure your web app presentationSecure your web app presentation
Secure your web app presentationFrans Lytzen
 
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)Jakub Botwicz
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CloudIDSummit
 
Srikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latestSrikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latestSrikanth Pilli
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysJoff Thyer
 
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...CODE BLUE
 
HTTP Services & REST API Security
HTTP Services & REST API SecurityHTTP Services & REST API Security
HTTP Services & REST API SecurityTaiseer Joudeh
 
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3Adam Dunkels
 
Splunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shellsSplunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shellsAnthony D Hendricks
 
Eclipse Kura Shoot a-pi
Eclipse Kura Shoot a-piEclipse Kura Shoot a-pi
Eclipse Kura Shoot a-piEclipse Kura
 
Practical Security with MQTT and Mosquitto
Practical Security with MQTT and MosquittoPractical Security with MQTT and Mosquitto
Practical Security with MQTT and Mosquittonbarendt
 

Similaire à Federated Identity for IoT with OAuth2 (20)

How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018
 
10 1 otp all
10 1 otp all10 1 otp all
10 1 otp all
 
2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT Devices
 
Secure your web app presentation
Secure your web app presentationSecure your web app presentation
Secure your web app presentation
 
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
 
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
 
Srikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latestSrikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latest
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
 
HTTP Services & REST API Security
HTTP Services & REST API SecurityHTTP Services & REST API Security
HTTP Services & REST API Security
 
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
 
IzoT platform presentation
IzoT platform presentationIzoT platform presentation
IzoT platform presentation
 
Splunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shellsSplunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shells
 
Monkey Server
Monkey ServerMonkey Server
Monkey Server
 
Eclipse Kura Shoot a-pi
Eclipse Kura Shoot a-piEclipse Kura Shoot a-pi
Eclipse Kura Shoot a-pi
 
Practical Security with MQTT and Mosquitto
Practical Security with MQTT and MosquittoPractical Security with MQTT and Mosquitto
Practical Security with MQTT and Mosquitto
 

Plus de Paul Fremantle

IoT and Blockchains - enhancing security and privacy
IoT and Blockchains - enhancing security and privacyIoT and Blockchains - enhancing security and privacy
IoT and Blockchains - enhancing security and privacyPaul Fremantle
 
Web API Management meets the Internet of Things
Web API Management meets the Internet of ThingsWeb API Management meets the Internet of Things
Web API Management meets the Internet of ThingsPaul Fremantle
 
Apache Stratos - Building a PaaS using OSGi and Equinox
Apache Stratos - Building a PaaS using OSGi and EquinoxApache Stratos - Building a PaaS using OSGi and Equinox
Apache Stratos - Building a PaaS using OSGi and EquinoxPaul Fremantle
 
Beyond Economics - Cloud as a Business Enabler
Beyond Economics - Cloud as a Business EnablerBeyond Economics - Cloud as a Business Enabler
Beyond Economics - Cloud as a Business EnablerPaul Fremantle
 
The Evolution of Integration
The Evolution of IntegrationThe Evolution of Integration
The Evolution of IntegrationPaul Fremantle
 
High Volume Web API Management with the WSO2 ESB
High Volume Web API Management with the WSO2 ESBHigh Volume Web API Management with the WSO2 ESB
High Volume Web API Management with the WSO2 ESBPaul Fremantle
 
Stratos Open PaaS OSCON 2011
Stratos Open PaaS OSCON 2011Stratos Open PaaS OSCON 2011
Stratos Open PaaS OSCON 2011Paul Fremantle
 
Stratos and PaaS for London Java Community
Stratos and PaaS for London Java CommunityStratos and PaaS for London Java Community
Stratos and PaaS for London Java CommunityPaul Fremantle
 
Understanding Platform as a Service
Understanding Platform as a ServiceUnderstanding Platform as a Service
Understanding Platform as a ServicePaul Fremantle
 
Making Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and MeteredMaking Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and MeteredPaul Fremantle
 
Building Cloud Native Software
Building Cloud Native SoftwareBuilding Cloud Native Software
Building Cloud Native SoftwarePaul Fremantle
 
Building Innovation with Open Source Approaches
Building Innovation with Open Source ApproachesBuilding Innovation with Open Source Approaches
Building Innovation with Open Source ApproachesPaul Fremantle
 
Three SOA Case Studies
Three SOA Case StudiesThree SOA Case Studies
Three SOA Case StudiesPaul Fremantle
 
Fast SOA with Apache Synapse
Fast SOA with Apache SynapseFast SOA with Apache Synapse
Fast SOA with Apache SynapsePaul Fremantle
 
REST vs WS-*: Myths Facts and Lies
REST vs WS-*: Myths Facts and LiesREST vs WS-*: Myths Facts and Lies
REST vs WS-*: Myths Facts and LiesPaul Fremantle
 

Plus de Paul Fremantle (16)

IoT and Blockchains - enhancing security and privacy
IoT and Blockchains - enhancing security and privacyIoT and Blockchains - enhancing security and privacy
IoT and Blockchains - enhancing security and privacy
 
Web API Management meets the Internet of Things
Web API Management meets the Internet of ThingsWeb API Management meets the Internet of Things
Web API Management meets the Internet of Things
 
Apache Stratos - Building a PaaS using OSGi and Equinox
Apache Stratos - Building a PaaS using OSGi and EquinoxApache Stratos - Building a PaaS using OSGi and Equinox
Apache Stratos - Building a PaaS using OSGi and Equinox
 
Beyond Economics - Cloud as a Business Enabler
Beyond Economics - Cloud as a Business EnablerBeyond Economics - Cloud as a Business Enabler
Beyond Economics - Cloud as a Business Enabler
 
Evolution of PaaS
Evolution of PaaSEvolution of PaaS
Evolution of PaaS
 
The Evolution of Integration
The Evolution of IntegrationThe Evolution of Integration
The Evolution of Integration
 
High Volume Web API Management with the WSO2 ESB
High Volume Web API Management with the WSO2 ESBHigh Volume Web API Management with the WSO2 ESB
High Volume Web API Management with the WSO2 ESB
 
Stratos Open PaaS OSCON 2011
Stratos Open PaaS OSCON 2011Stratos Open PaaS OSCON 2011
Stratos Open PaaS OSCON 2011
 
Stratos and PaaS for London Java Community
Stratos and PaaS for London Java CommunityStratos and PaaS for London Java Community
Stratos and PaaS for London Java Community
 
Understanding Platform as a Service
Understanding Platform as a ServiceUnderstanding Platform as a Service
Understanding Platform as a Service
 
Making Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and MeteredMaking Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and Metered
 
Building Cloud Native Software
Building Cloud Native SoftwareBuilding Cloud Native Software
Building Cloud Native Software
 
Building Innovation with Open Source Approaches
Building Innovation with Open Source ApproachesBuilding Innovation with Open Source Approaches
Building Innovation with Open Source Approaches
 
Three SOA Case Studies
Three SOA Case StudiesThree SOA Case Studies
Three SOA Case Studies
 
Fast SOA with Apache Synapse
Fast SOA with Apache SynapseFast SOA with Apache Synapse
Fast SOA with Apache Synapse
 
REST vs WS-*: Myths Facts and Lies
REST vs WS-*: Myths Facts and LiesREST vs WS-*: Myths Facts and Lies
REST vs WS-*: Myths Facts and Lies
 

Dernier

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Dernier (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Federated Identity for IoT with OAuth2

  • 1. Federated  Iden*ty  for  IoT  with   OAuth   Paul  Fremantle   CTO,  WSO2  (paul@wso2.com)   PhD  researcher,  Portsmouth  University   (paul.fremantle@port.ac.uk)     @pzfreo  
  • 2. How  this  will  work   •  Quick  intro  to  Federated  Iden*ty  and  Access   Management   •  Even  quicker  introduc*on  to  OAuth2   •  MQTT  overview   •  Demo   •  Issues   •  Next  steps  
  • 3.
  • 4. What  is  Federated  Iden*ty  and  Access   Management  (FIAM)?   Federated  IAM  aims  to  give  You  control  over   your  creden*als  and  access:   •  You  don’t  give  your  userid/pw  to  anyone   •  You  control  the  grant  of  permissions   •  LinkedIn  example   •  OAuth2  emerging  as  widely  used  approach      
  • 5. Why  FIAM  for  IoT?   •  Your  device  =  Your  data   •  Tokens  are  beYer  than  u/p  for  devices   •  Manage  tokens  and  scopes  independently  of   the  device    
  • 7. Why  OAuth2?   •  Widely  implemented   •  PreYy  good     –  Of  course  there  is  never  100%  agreement   –  Or  certainty  with  security  protocols   •  Not  just  HTTP:   –  hYp://tools.ie^.org/html/dra_-­‐ie^-­‐kiYen-­‐sasl-­‐ oauth-­‐12   –  OAuth2  used  with  SSL      
  • 10. MQTT   •  Very  lightweight  messaging  protocol   –  Designed  for  8-­‐bit  controllers,  SCADA,  etc   –  Low  power,  low  bandwidth   –  Binary  header  of  2  bytes   –  Lots  of  implementa*ons   •  MosquiYo  from  Eclipse   •  Apache  Ac*veMQ  and  Apollo   –  Clients:   •  Arduino,  Perl,  Python,  PHP,  C,  Java,  JS/Node.js,  .Net,  etc   •  Plus  an  even  lighter-­‐weight  version  for  Zigbee   –  MQTT-­‐SN  (Sensor  Network)  
  • 11.
  • 12. CreateToken.py   Demo  components     1 Refresher.py   2 Arduino   3 5 4 MosquiYo   (Open  Source  MQTT   Broker)     Ac*ng  as  “Resource   Server”     MosquiYo_py_auth     mqY-­‐oauth2.py   IdP     WSO2  Iden*ty   Server   6 ESB   Introspec*on   API  
  • 13. Demo  steps   1.  Get  an  access-­‐token  /  refresh-­‐token   2.  Encode  it  into  the  Arduino  code,  compile,  burn   3.  Reboot  Arduino   4.  Arduino  tries  access  token   5.  Arduino  connects  as  “refresh  user”  and  requests  refresh   token   •  6.  Arduino  receives  updated  access  token  and  reconnects     •  7.  Arduino  starts  to  publish  data  (assuming  it  is  allowed!)   •  8.  Python  client  receives  data  using  a  previously  authorized   token   •  •  •  •  • 
  • 14. Step  1.  Get  a  token   •  Simple  python  script  and  web  browser   •  Encodes  the  requested  permission  “scopes”  as   b64  encoded  JSON  (ugly  but  works!)   •  scope  =  '[{"rw":"w","topic":"/pzf/#"}]’   •  IdP  =  WSO2  Iden*ty  Server   –   open  source  Oauth  server   •  Redirects  to  a  localhost  server  which  prints   the  code  
  • 15. Step  2.  Burn  into  Arduino   •  LiYle  program  burns  into  EEPROM    
  • 16. Step  3,  4,  5,  6     Recode  Arduino  with  App   •  App  tries  access  token  to  CONNECT   •  If  fails,  retries  as  user  “r”  (refresh)   –  Ideally  this  would  be  a  separate  server  /  IdP-­‐based   broker   •  Sends  {clien*d,  refresh_token}  to  topic  /r   •  Subscribes  to  /c/{clien*d}   •  When  new  access_token  arrives,  saves  in   EEPROM  and  reconnects  
  • 17. Step  7.  Arduino  publishes  data   •  MPU  9150   •  Yaw,  Pitch,  Roll   •  Every  publish  is  validated  against  the  IdP   –  Should  be  cached  by  the  resource  server  
  • 18. Step  8.  Python  client  subscribes   •  Subscriber.py  
  • 19. Lessons  learnt   •  MQTT  and  MPU  /  I2C  code  is  97%  of  Duemilanove   –  Adding  the  final  logic  to  do  OAuth2  flow  pushed  it  to  99%   –  No  TLS  in  this  demo  is  a  big  issue   •  Different  Oauth  implementa*ons  behave  differently  (e.g.   changing  the  refresh  token  every  *me  you  refresh)   •  Need  to  be  able  to  update  the  scope  of  token  if  this  will   work  for  long  term  embedded  devices   •  The  refresh  flow  should  not  really  go  via  the  Resource   server   –  Easy  fix     •  MQTT  should  have  a  well  defined  model  for  sending  a   message  to  just  one  client  (securely)  
  • 20. Next  steps   •  •  •  •  •  Do  the  same  for  CoAP  /  other  IoT  protocols   Implement  solidly  J   Gain  agreement  on  the  specific  MQTT   Other  FIAM  approaches  for  IoT?   Please  feel  free  to  contact  me:   –  @pzfreo   –  paul@wso2.com