A model to enable application-scoped access control as a service for IoT using OAuth 2.0

Fernández Moreno, Federico Alonso; Alonso González, Álvaro; Marcos Pascual, Lourdes y Salvachúa Rodríguez, Joaquín (2017). A model to enable application-scoped access control as a service for IoT using OAuth 2.0. En: "20th Conference on Innovations in Clouds, Internet and Networks (ICIN 2017)", 07/03/2017 - 09/03/2017, Paris, France. pp. 322-324. https://doi.org/10.1109/ICIN.2017.7899433.

Descripción

Título: A model to enable application-scoped access control as a service for IoT using OAuth 2.0
Autor/es:
  • Fernández Moreno, Federico Alonso
  • Alonso González, Álvaro
  • Marcos Pascual, Lourdes
  • Salvachúa Rodríguez, Joaquín
Tipo de Documento: Ponencia en Congreso o Jornada (Artículo)
Título del Evento: 20th Conference on Innovations in Clouds, Internet and Networks (ICIN 2017)
Fechas del Evento: 07/03/2017 - 09/03/2017
Lugar del Evento: Paris, France
Título del Libro: 20th Conference on Innovations in Clouds, Internet and Networks (ICIN 2017)
Fecha: 2017
Materias:
Escuela: E.T.S.I. Telecomunicación (UPM)
Departamento: Ingeniería de Sistemas Telemáticos [hasta 2014]
Licencias Creative Commons: Reconocimiento - Sin obra derivada - No comercial

Texto completo

[img]
Vista Previa
PDF (Document Portable Format) - Se necesita un visor de ficheros PDF, como GSview, Xpdf o Adobe Acrobat Reader
Descargar (204kB) | Vista Previa

Resumen

Access Control is crucial for security management, but in the context of the Internet of Things it cannot be implemented the same way as traditional systems do. Indeed, devices that make the Internet of Things impose some constraints that encourage the design of new access control mechanisms, which should provide flexibility of configuration, as well as support several authorization scopes at the same time, yet being computationally light, dynamic and scalable in order to be ready for the forthcoming Cloud Computing paradigm. In this paper we propose an authorization model that is based on the OAuth 2.0 protocol. From the point of view of the identity provider, this model allows managing roles and permissions for an application-scoped authorization, to enable more flexible scenarios in which multiple tenants take part. With regard to devices, the OAuth 2.0 makes authorization extremely light, because all the required information is provided with a token. Considering all this, authorization management is completely delegated to an external system, so that an as-a-service access control mechanism is provided. The proposed model complies with the security, flexibility and performance requirements that are needed in the Internet of Things paradigm.

Más información

ID de Registro: 50197
Identificador DC: http://oa.upm.es/50197/
Identificador OAI: oai:oa.upm.es:50197
Identificador DOI: 10.1109/ICIN.2017.7899433
URL Oficial: https://ieeexplore.ieee.org/document/7899433/
Depositado por: Memoria Investigacion
Depositado el: 12 Sep 2018 15:38
Ultima Modificación: 12 Sep 2018 15:38
  • GEO_UP4
  • Open Access
  • Open Access
  • Sherpa-Romeo
    Compruebe si la revista anglosajona en la que ha publicado un artículo permite también su publicación en abierto.
  • Dulcinea
    Compruebe si la revista española en la que ha publicado un artículo permite también su publicación en abierto.
  • Recolecta
  • InvestigaM
  • Observatorio I+D+i UPM
  • OpenCourseWare UPM