Skip to end of metadata
Go to start of metadata
  • No labels

1 Comment

  1. Unknown User (jpinson)

    IoT Wonderland

    First Morning Session 10:00am

    Presenter: Ashley Stevenson

    Notes: John Pinson

     

    -       Use Case: I want to be able to authenticate a consumer device or thing – let’s say it was bought at a Walgreens.

    -       Ashley: does the manufacturer enable? Is the data from the device getting stored in the device? Is it getting uploaded to the cloud? Does it collect data?

     

    Four Elements of Identity Management for the Internet of Things

    1. Digital Identity – how do we take bits and bytes to create a digital identity record?
    2. Credentials – what is the login or driver’s license, etc.
    3. Authentication – the step where the user presents credentials proving they are in fact who they claim to be. There needs to be some kind of credentials, whether a token, login+password, etc. Birth certificate – you never use it, but it can be used to create a password, or driver’s license – see UPS example below.
    4. Authorization – what are you allowed to do? Can you delete data? Can you copy or transfer or print?

     

    -       Federation cuts across all four points.

    -       Governance / Federated Authorization. Think of UMA. It enables you to create consent policy that is decentralized, so given a circumstance, that piece of data is accessible on a repeatable basis, eg. Any doctor can access your heart rate data.

     

    Question:

    -       Would UMA work in a situation where you have an elderly grandmother where you need to delegate access to her healthcare data?

    Answer: Yes. Depending on your organization, ForgeRock can constrain the devices / infrastructure that you are allowed to see, and grant access as needed. 

     

     

    Ashley demos a SmartCity console built in OpenAM #IoT 

    The unique thing with the IoT is that it goes beyond M2M interactions, enabling people and devices to share data up to the cloud, or with other people & devices. OpenIDM is the access point for devices, but it’s just the beginning. Does that device have a credential? Is it associated with the organization? How so? OpenIDM enables you to assign a token, a PKI association, etc. Think of a UPS guy. If you’re expecting a delivery on a Tuesday morning, and a guy wearing brown, driving a brown truck shows up at your doorstep, he’s fully credentialed to make that delivery. Same with IoT devices. 

     

    • Fine-grained authentication: policy abstraction. When you have thousands or tens of thousands of devices under management, you need abstracted policy. In a healthcare setting, in my circle of medical professionals, all qualified doctors, nurses, pharmacists, etc., automatically have access to X data set. 
    • IoT moving forward: securing critical infrastructure is essential. Smart city, traffic infrastructure, water, electrical, etc. – are all vulnerable. Credential management is a weak spot here. X.509 credentials