Jeff, Ingo,

 

In reading this thread I  noticed how compares to the conversations taking place in the IRM group, in our case we are looking at things up a level, i.e. at the relationship level and that identity management solutions need to not only consider the identity of things but their relationships to other things with identities in context.

 

I think the identity of the thing (and its attributes) is of interest and how they differ in the thing vs. person case, but maybe more of interest are the identities (plural) and their relationships (and the relationship attributes, which can carry/maintain thing attributes) and how to treat the “complex” identity presents the challenge as indicated by the third dash when you have IoT in use.   Our IRM work is geared toward developing principles that can be applied by designers and developers.  We are working through these now in the group.  I think this is very collaborative and hopefully informative to the effort in this DG. 

 

Sincerely,

 

Sal

 

PS, the link to the principles that we are “putting through the ringer”  is here http://kantarainitiative.org/confluence/download/attachments/47579353/Kantara%20IRM%20Design%20Principles%20of%20Relationship%20Final%20Report%20v1.pdf?version=2&modificationDate=1430236178000&api=v2

 

From: dg-idot-bounces@kantarainitiative.org [mailto:dg-idot-bounces@kantarainitiative.org] On Behalf Of j stollman
Sent: Wednesday, June 17, 2015 8:42 AM
To: Ingo.Friese@telekom.de
Cc: dg-idot@kantarainitiative.org
Subject: Re: [DG-IDoT] Start a new activity within IDoT DG

 

Ingo, 

 

I agree that the final product should be a statement, not a series of questions.  But, at this early stage, I thought it better to pose the questions in order to take the pulse of the group on the answers to the questions.  I have my own opinions, but I did not want to be so arrogant as to impose them on the group.  

 

My suggestion is that we discuss each contribution and refine it as a group activity.

 

Jeff


 

---------------------------------

Jeff Stollman
stollman.j@gmail.com
1 202.683.8699

 

Truth never triumphs — its opponents just die out.

Science advances one funeral at a time.

                                    Max Planck

 

On Wed, Jun 17, 2015 at 8:23 AM, <Ingo.Friese@telekom.de> wrote:

Hi Jeff,

 

Excellent. I just would formulate it slightly different. Not with so much question marks. Let’s say something:

 

A “thing” might be composed of various smaller “things”. So plan your systems accordingly regarding addresses and identifier.

 

What do you think?

 

From: j stollman [mailto:stollman.j@gmail.com]
Sent: Freitag, 12. Juni 2015 14:50
To: Friese, Ingo
Cc: dg-idot@kantarainitiative.org
Subject: Re: [DG-IDoT] Start a new activity within IDoT DG

 

Ingo,

 

I think that this is a good idea to get some key points documented as you have done in your discussion of identifiers versus addresses.

 

Here is another contribution:

 

At what level do we define an IoT device for purposes of identity?

A simple webcam designed to feed video over the internet is clearly an IoT device.  Essentially is it a sensor without intelligence and does not respond to commands.

But if that webcam is part of a smartphone, does it remain a single device?  As a component of a smartphone, it is accompanied by a variety of other sensors (e.g., camera, microphone, touch screen) as well as a processor (the phone's CPU), and and several actuators (e.g., speaker, video monitor, radio signal transmitter).   Because each of these components can be accessed simultaneously to provide disparate services, does the phone constitute a single device?  

 

For purposes of address-ability, it likely has only a single IP address. But from the perspective of its functionality, each separate capability can be accessed and used separately.  I could leave a smartphone at home and access it remotely as a webcam to watch a baby in a crib, as a microphone to listen to the sounds in my house, as a speaker to give a direction to my babysitter.

 

I apologize in advance for missing today's call.

 

Jeff

 

 


 

---------------------------------

Jeff Stollman
stollman.j@gmail.com
1 202.683.8699

 

Truth never triumphs — its opponents just die out.

Science advances one funeral at a time.

                                    Max Planck

 

On Fri, Jun 12, 2015 at 5:00 AM, <Ingo.Friese@telekom.de> wrote:

Dear IDoT DG member,

I’d like to start a new activity within our group. Here is my suggestion:

Inspired by the document “Security Guidance for Early Adopters of the Internet of Things (IoT)” of CSA (Cloud Security Alliance) I’d like to see a similar document for “Identity Management in IoT”, maybe not that detailed but in the same style.

How to proceed:

We all are from different companies with experiences from different industry sectors. All you have to do is to post your piece of recommendation or topic to the list or directly to our website.

I gave an example by describing “Identifier vs. Addresses” (very often people asked me …when we give every device in the world an IPv6 address all our problems are solved, right?....so I had to explain that just to have addresses is not enough)

See below this mail or under this link:

http://kantarainitiative.org/confluence/display/IDoT/Concepts+of+Identity+within+the+Internet+of+Things

 

So, I’d like to encourage you to send few sentences about what you have experienced. Step by step we compile a whole document, a kind of “How to”, “best practice”….somethings that is helpful and is interesting to read.

Background:

We started this group by looking for white spots in terms of identity. Here we have a paper and slide set givinga first overview.
Then we had a look at discovery. But since we are a group with many different members this topic was not of interest for a significant number of members.

On the other hand I’m not sure if it needs the 102nd architecture for IoT to develop. This is in many cases a theoretical work. I’d like to see a nice paper that is not that big, explaining the basics of identity in the IoT. Developer or other interested parties should take advantage of the paper and it should be kind of fun to read it.

Hope you join me in this activity.

Possible other topics could be:

-          Keep data processing local (privacy, roundtrip times)

-          Real time conditions (if needed) (authorization, authentication have to be fast)

-          Devices and relationships

-          Identities of different protocols

-          Smart authentication

-          Keep track of former transactions (block chain)

-          Proof of knowledge

-          …….etc

 

My example:

 

##################################

Addresses are not Identifier

There is a fundamental difference between addresses and identifier of devices. Addresses determine the communication endpoint within a certain system. For example in the Internet Protocol an IP address is needed to establish a socket, a connection between devices. Identifiers can be understood as a dedicated, publicly known attribute or name for an identity, a person or a device. Typically, identifiers are valid within a specific domain.

In the classic Web we have a Domain Name Service (DNS) mapping human readable Uniform Resource Identifier (URI) to IP-addresses.  A browser for example resolves a website URI www.telekom.com first. The actual connection between the browser and the Web server is then established by using the returned IP-address.

There are several advantages in separating addresses and identifier. An IoT system or any kind of communication software could use addresses directly in theory but software updates become necessary if network interfaces or sensors break and need to be replaced.

A mapping between identifier and addresses allows also a layer of indirection. This enables configurations like many identifiers pointing to one address. The address is only resolved when a certain condition is fulfilled.

####################################################

 

Kind regards
Ingo Friese

 

 

Deutsche Telekom AG

T-Labs (Research & Innovation)
Dipl.-Ing. Ingo Friese
Winterfeldtstr. 21, 10781 Berlin
+4930835358148 (Phone)

+49391580216849 (Fax)

E-Mail: ingo.friese@telekom.de

www.telekom.com

Life is for sharing. 

 

You can find the obligatory information on www.telekom.com/compulsory-statement

 

Big changes start small – conserve resources by not printing every e-mail.

 

 

 

 


_______________________________________________
DG-IDoT mailing list
DG-IDoT@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-idot