Internet of Things – Architecture © - 103 -
Figure 30 : Example of an identity PoolIn our system, any subject (service or user) is univocally mapped to its root
identity. However, a subject might require to be provided with multiple
secondary identities by the Identity Manager. The set of multiple identities
associated to a unique subject is denoted with identity pool (see Figure 30).
Secondary identities can then be used, for privacy or usability purposes, when
the subject interacts with the IoT system. However, the system does log the
identities (either secondary/pseudo or root identities) of the subjects it interacts
with so to mitigate possible Repudiation. The Identity Management provides a
mapping functionality that maps, to requesters with the right credentials, root
identities to secondary identities/pseudonyms.
The second corner-stone functionality for ensuring privacy is Authentication
(AuthN component).
Its functionality is to bond a subject to its identity (root identity) or to certify
properties/roles of the subject, or both. If the subject is a user, examples of
possible certified properties can be:
Has age over 18 y.o; Has valid driving license; Has certification level x.Similarly, certified roles can be:
Management; Operational; Maintenance etc.So, in our system, a given subject can be granted access to an IoT resource
according to the subject‘s identification, or according to the subject‘s certified