Daily Digest

Thursday, 27 August 2015

Device Authentication

A common use case in people centric identity management, is that of authentication - verifying and proving who you say you are.  Digitally this normally involves the triad of something you know, something you have and something you are - in exchange you may receive an access token or cookie, that can be used when needing access to a site, API or application.

Monday, 10 August 2015

Device Identity -v- Service Identity

A key model in IoT data landscapes, seems to be the transmission of data from devices to a 'cloud' analytics or storage solution via protocol translation brokers.  For example a smart light sends data over CoAP to a gateway, that in turn can be accessed over REST/HTTP to retrieve data or aggregate the data with other lights.

Wednesday, 18 March 2015

People, Data & Devices

This week I was at the Gartner IAM Conference in London and I had several conversations regarding the different components in the IoT space. The obvious consistent components are the devices themselves, the people (who either own or operate the device) as well as the data those devices either collector, process or generate. That isn't a particularly insightful observation. It does however, have some significant implications.

Monday, 5 January 2015

Relationships, Relationships Everywhere

Relationships play a key part in the identity of things landscape.  There are the obvious relationships between people and the services, applications and things they interact with.  There are also relationships between people and the identity and attribute providers, that allows those individuals to consume their services and applications - how those things authenticate and gain assurance.

Wednesday, 17 December 2014

Differing Authorization in IoT

I was having several conversations this week regarding authorization in the IoT space and out came some interesting points.  Whilst there are several authorization standards becoming popular in this area (thinking mainly User Managed Access, OAuth2, Open ID Connect...), how those standards get implemented will vary hugely.

Consumer authorization for example, is often about volatile, temporary relationships between service providers and the personal owner of identity or personally associated data (probably collected via an IoT device).  Classic example is Instagram pictures and a picture printing service, or GPS tracker data from a running smart watch and the local running club.