Re: IOTDB: how granting access to value in a device? from Dave Raggett on 2015-06-03 (public-web-of-things@w3.org from June 2015)

From: Dave Raggett <dsr@w3.org>
Date: Wed, 3 Jun 2015 15:19:10 +0100
To: David Janes <davidjanes@davidjanes.com>
Cc: "Da Cruz Pinto, Marcelo" <marcelo.da.cruz.pinto@intel.com>, Joachim Lindborg <joachim.lindborg@sust.se>, "public-web-of-." <public-web-of-things@w3.org>
Message-Id: <8C0861AB-5603-4F6A-ACD6-B7E70AAB9AA8@w3.org>

Indeed, which is why it is valuable to survey existing approaches and to identify gaps and ideas for new approaches that fill them. There is a lot of valuable work on best practices for security. There several approaches to access control, and it also relates to provenance tracking - if data is merged from different sources, then you may need to track who are the corresponding data owners.  The University of Passau has done some interesting work in static code analysis in that respect.

> On 3 Jun 2015, at 13:45, David Janes <davidjanes@davidjanes.com> wrote:
> 
> I think it's key that these things don't get baked in at too low a level or too early. There may be many different security models that people want to use. If the spec is done well, there'll be flexibility. That's not to say that you might now want to have a recommended security model, but picking that will require a lot of hands on experience.
> 
> D.
> 
> On Tue, Jun 2, 2015 at 6:10 PM, Da Cruz Pinto, Marcelo <marcelo.da.cruz.pinto@intel.com <mailto:marcelo.da.cruz.pinto@intel.com>> wrote:
> There are actually a number of ways in which you can negotiate access and manage policy for device functionality (sensors and actuators), depending of the layer at which you want to establish the control. If we consider the scenario in which device functions are exposed via REST APIs (regardless on whether the APIs are cloud-hosted or exposed by devices directly), the UMA (User-Managed Access) protocol is a very good fit. We (Intel) published a small article on how UMA may be mapped to IoT devices here:https://kantarainitiative.org/confluence/display/uma/Case+Study%3A+IoT+-+Intelligent+Refrigerated+Shipping+Containers <https://kantarainitiative.org/confluence/display/uma/Case+Study%3A+IoT+-+Intelligent+Refrigerated+Shipping+Containers>
>   <>
> From: Joachim Lindborg [mailto:joachim.lindborg@sust.se <mailto:joachim.lindborg@sust.se>] 
> Sent: Tuesday, June 2, 2015 1:31 PM
> To: public-web-of-.
> Subject: IOTDB: how granting access to value in a device?
> 
>  
> 
> How do I grant / block access to specific device values
> 
>  
> 
> one client can read the temperature another can take the picture
> 
>  
> 
> Is it the plan that all devices are fully published on internet? I wouldn't like to have my home exposed to internet. 
> 
>  
> 
> 
> 
> Regards
> 
> Joachim Lindborg
> CTO, systems architect
> 
> 
> Sustainable Innovation  SUST.se <http://sust.se/>
> Barnhusgatan 3 111 23 Stockholm
> 
> Email: Joachim.lindborg@sust.se <mailto:Joachim.lindborg@sust.se>
> linkedin: http://www.linkedin.com/in/joachimlindborg <http://www.linkedin.com/in/joachimlindborg>
> Tel +46 706-442270
> 
> 

—
   Dave Raggett <dsr@w3.org <mailto:dsr@w3.org>>

Received on Wednesday, 3 June 2015 14:19:20 UTC