Internet of Things Architecture

(Elliott) #1
User

Interactions)(from WP4

IoT -Service Client

Interactions)(from WP4

Authentication IoT ServiceResolution Authorization Pseudonymization

authenticate(UserCredential) :Assertion

use application(Assertion)
discoverService(Assertion, ServiceSpecification) :ServiceDescription[]
verify(Assertion) :boolean
discoverService(ServiceSpecification) :ServiceDescription[]

authorize(Assertion, ServiceDescription, ActionT ype) :boolean
createPseudonym(ServiceID) :ServiceID
adoptServiceDesciption(ServiceID, ServiceDescription) :ServiceDescription

Figure 151 : Restricted discovery.

The User utilises an IoT Service client for interacting with the system. As part of
that a discoverService operation may be called by the IoT Service client as
described in C.2.1.2.In addition to what is described there, the Assertion is
passed to the IoT Service Resolution component as a new parameter. As the
first step, the IoT Service Resolution verifies the Assertion calling the verify
operation of the Authentication component, providing the Assertion as its
parameters. If the Assertion can successfully be verified the operation returns
true and the IoT Service Resolution can proceed with the discovery as
described in Section C.2.1.2.


The IoT Service Resolution component then has to check whether the
requesting User is allowed to see each Service Description returned by the
discovery operation. For this purpose, it calls the authorize operation of the
Authorization component, providing the assertion, the Service Description, and
the Action Type "discovery". The results can further be pseudonymized by
calling the createPseudonym operation of the Pseudonymization component.
The result is a new ServiceID. In the next step the IoT Service Resolution can
replace the original ServiceID with the pseudonym ServiceID. Finally the array
of discovered Service Descriptions is returned to the IoT Service Client as
described in the original process in Section C.2.1.2.


Interaction Diagram: Restricted Look-up


In a similar way as the discovery, the service look-up must be controlled in
order to protect the privacy of the targeted system (see Figure 152 ).


Again, the user authenticates to the Authentication components and receives
and authentication assertion. In addition to the ServiceSpecification, this
assertion is passed to the look-up IoT Service Resolution. The Resolution

Free download pdf