Internet of Things Architecture

4.2.2.7 Security

The Security FG (see Figure 38 ) is responsible for ensuring the security and
privacy of IoT-A-compliant systems.

It consists of five functional components:

 Authorisation;

 Key Exchange & Management;

 Trust & Reputation;

 Identity Management;

 Authentication.

VE Service

Service MonitoringVE & IoT

VE Resolution

IoT ServiceResolution IoT Service

Authorisation

Key Exchange &Management

Trust & Reputation

Identity Management

Authentication

OrchestrationService

Service

Composition

Management Security

Application

Communication

Configuration

Fault

Device

Reporting

Member

State

Process Management IoT

ModelingProcess

Process

Execution

Service

Choreography

OrganisationService

Network

Communication

End To End

Communication

Hop to Hop

Communication

Virtual Entity IoT Service

Figure 38 : Security FG

The Authorization FC is a front end for managing policies and performing
access control decisions based on access control policies. This access control
decision can be called whenever access to a restricted resource is requested.
For example, this function is called inside the IoT Service Resolution FC, to
check if a user is allowed to perform a lookup on the requested resource. This is
an important part of the privacy protection mechanisms

The two default functionalities offered by the Authorization FC are 1/ to
determine whether an action is authorized or not -the decision is made based
on the information provided from the assertion, service description and action
type- and 2/ to manage policies. This refers to adding, updating or deleting an
access policy.