Agreed, I think UMA has patterns that could work in an IDoT/IoT context, although there may be something add.. app/device-wise.. I haven't fully thought that through, since taking a look and the links Eve pointed us to below..
CheersColin
From: Ingo.Friese@telekom.de
To: colin_wallis@hotmail.com; emaler@forrester.com
CC: dg-idot@kantarainitiative.org
Date: Fri, 23 Aug 2013 14:36:50 +0200
Subject: RE: [DG-IDoT] IDoT use-case collection "rental car mobility" scenario by Ingo
Hi Eve,Hi Colin, Without knowing all UMA details I have the feeling that UMA could work for many use-cases in the Internet of Things, e.g. in terms of
authorization although the resource owner is not present; a standardized way to introduce the AM to the protected source; one AM per user/owner etc.. Ingo From: Eve Maler [mailto:eve@xmlgrrl.com]
Sent: Montag, 19. August 2013 17:55
To: Colin Wallis; Friese, Ingo; dg-idot@kantarainitiative.org
Subject: Re: [DG-IDoT] IDoT use-case collection "rental car mobility" scenario by Ingo Hi folks-- Responding from my personal email address... "OAuth for things" and granting access authorization to autonomous (no pun intended) third parties around access to devices are topics we've discussed a bit in the UMA group. You can see the discussion in our 2013-06-20 meeting notes and also in the "Device Managed Access" email thread. What UMA's profile adds to OAuth's typical capabilities (wrt this topic, anyway) is to allow the resource owner to set the conditions of access ("policy") and then not have to be present or logged in to anything when a third-party requesting party comes along and attempts access. The choice of whether to treat a human being or the "thing" itself as the initial resource owner is an interesting philosophical/deployment-specific question. Eve On 19 Aug 2013, at 8:15 AM, "Maler, Eve"
From the identity point of view we have several aspects here:Bob is crossing domains of different companies. All these companies may have chosen different solutions, protocols and address and authentication schemes to manage their items.Addressing/Discovery The gate of “Berlin Parking” has to communicate with Bob’s car. At least in order to recognize “ok this car has a special contract so it’s good to go”. For communication we need communication endpoints/addresses for the gate and for the car. The endpoint for the gate could be: 10.0.0.78.88.9876.berlincenter.berlinparking.de (mixed address…public & “Berlin Parking” specific address URL) The endpoint for the car is in fact an IMEI (International Mobile Station Equipment Identity) of a mobile build in GSM unit e.g. #490154203237518#. Other rental car companies use the car-id taken from the CAN-BUS System (widely used system in car industry). Both companies have their special address scheme.How to address items across different domains, namespaces and formats? (Extensible Resource Identifier OASIS XRI might be an approach….needs further discussion)Authentication Bob is able to load the battery of his car or he can get gasoline without direct payment. It is really important that only cars of “Green&blue car” company get their fuel or energy without extra payment. So the car has to authenticate itself against the energy station.How to provide authentication without Bob’s interaction? May be its possible to find a special solution for “Green&blue car” but what if tomorrow other rental car companies want to join? Is there something like a general authentication scheme for things?Authorization “Green&blue car” is only allowed for gas up to a certain amount of money.How to authorize things? (OAuth for Things?...)Policies The rental car company “Green&blue car” is allowed to check the status, location and certain statistics at any time. “Berlin Green Energy” is allowed to check the location of Bobs car in order to direct him to the nearest Energy station. There has to be a policy management deciding who is allowed for what?I have the feeling we need an authorization framework here. (kind of UMA/OAuth thing?) _______________________________________________ DG-IDoT mailing list DG-IDoT@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idot Eve Maler http://www.xmlgrrl.com/blog +1 425 345 6756 http://www.twitter.com/xmlgrrl