30 likes | 136 Views
The UMA and OpenID Connect frameworks offer OAuth2 profiles for security that are IOT-ready. There are several options for client and person authentication and authorization.
E N D
IOT Get in line The UMA and OpenID Connect frameworks offer OAuth2 profiles for security that are IOT-ready. There are several options for client and person authentication and authorization. The main challenge for IOT is security inter-operability. If vendors continue to publish proprietary security schemes, IOT will make security management impossible for the average person. For example, how would you authorize your Bluetooth headset to post a status message on Twitter or LinkedIn? Or your router to block inbound port 80 during business hours? There needs to be some way for these devices to specify what authorizations are required. And centralization… we can’t go to the admin web site for every device we own. Enrolling people–not devices–electronically is probably more important right now. A device has its own metadata–for example “network” (Google or Apple) and “deviceID.” But until everyone has OpenID Connect creds at various domains, they will have no way to associate and authorize the devices. There are many articles on IOT (see below). When there are more “how-to” articles explaining how to secure APIs, and less articles worrying about the insecurity of APIs, IOT will live up to its potential.
http://www.gluu.co/.o685 http://www.gluu.co/.o457 http://www.gluu.co/zd-iot-security http://www.gluu.co/iot-security-minefield http://www.gluu.co/ioe http://www.gluu.co/supply-chain-iot http://www.gluu.co/gigyaiot http://www.gluu.co/sigfox-20mil http://www.gluu.co/securing_iot
http://www.gluu.co/api-of-things • http://www.gluu.co/iotsecurityconcerns • http://www.gluu.co/iotnextbigthing • http://www.gluu.co/gartner_iot_prediction • Article Resource - http://thegluuserver.wordpress.com/2014/05/16/how-to-benchmark-ox-for-a-large-scale-deployment