IAACaaS: IoT application-scoped access control as a service

Alonso González, Álvaro ORCID: https://orcid.org/0000-0002-8456-8351, Fernández Moreno, Federico Alonso, Marcos Pascual, Lourdes and Salvachúa Rodríguez, Joaquín (2017). IAACaaS: IoT application-scoped access control as a service. "Future Internet", v. 9 (n. 64); pp. 1-16. ISSN 1999-5903. https://doi.org/10.3390/fi9040064.


Title: IAACaaS: IoT application-scoped access control as a service
  • Alonso González, Álvaro https://orcid.org/0000-0002-8456-8351
  • Fernández Moreno, Federico Alonso
  • Marcos Pascual, Lourdes
  • Salvachúa Rodríguez, Joaquín
Item Type: Article
Título de Revista/Publicación: Future Internet
Date: October 2017
ISSN: 1999-5903
Volume: 9
Freetext Keywords: IoT; security; access control; identity management; OAuth 2.0; IAACaaS
Faculty: E.T.S.I. Telecomunicación (UPM)
Department: Ingeniería de Sistemas Telemáticos
Creative Commons Licenses: Recognition - No derivative works - Non commercial

Full text

[thumbnail of INVE_MEM_2017_335900.pdf]
PDF - Requires a PDF viewer, such as GSview, Xpdf or Adobe Acrobat Reader
Download (798kB) | Preview


Access control is a key element when guaranteeing the security of online services. However, devices that make the Internet of Things have some special requirements that foster new approaches to access control mechanisms. Their low computing capabilities impose limitations that make traditional paradigms not directly applicable to sensors and actuators. In this paper, we propose a dynamic, scalable, IoT-ready model that is based on the OAuth 2.0 protocol and that allows the complete delegation of authorization, so that an as a service access control mechanism is provided. Multiple tenants are also supported by means of application-scoped authorization policies, whose roles and permissions are fine-grained enough to provide the desired flexibility of configuration. Besides, OAuth 2.0 ensures interoperability with the rest of the Internet, yet preserving the computing constraints of IoT devices, because its tokens provide all the necessary information to perform authorization. The proposed model has been fully implemented in an open-source solution and also deeply validated in the scope of FIWARE, a European project with thousands of users, the goal of which is to provide a framework for developing smart applications and services for the future Internet. We provide the details of the deployed infrastructure and offer the analysis of a sample smart city setup that takes advantage of the model. We conclude that the proposed solution enables a new access control as a service paradigm that satisfies the special requirements of IoT devices in terms of performance, scalability and interoperability.

More information

Item ID: 67327
DC Identifier: https://oa.upm.es/67327/
OAI Identifier: oai:oa.upm.es:67327
DOI: 10.3390/fi9040064
Official URL: https://www.mdpi.com/1999-5903/9/4/64
Deposited by: Memoria Investigacion
Deposited on: 12 Jun 2021 08:42
Last Modified: 12 Jun 2021 08:42
  • Logo InvestigaM (UPM)
  • Logo GEOUP4
  • Logo Open Access
  • Open Access
  • Logo Sherpa/Romeo
    Check whether the anglo-saxon journal in which you have published an article allows you to also publish it under open access.
  • Logo Dulcinea
    Check whether the spanish journal in which you have published an article allows you to also publish it under open access.
  • Logo de Recolecta
  • Logo del Observatorio I+D+i UPM
  • Logo de OpenCourseWare UPM