Key points are not available for this paper at this time.
While the Internet of Things is breaking into the market, the controlled access to constrained resources still remains a blocking concern. Unfortunately, conventional solutions already accepted for both web and cloud applications cannot be directly used in this context. In fact, they generally require high computational and bandwidth capabilities (that are impossible to reach with constrained devices) and offer poor interoperability against standardized communication protocols for the Internet of Things. To solve this issue, this contribution presents a flexible authentication and authorization framework for the Internet of Things, namely OAuth-IoT. It leverages and properly harmonizes existing open-standards (including the OAuth 2.0 authorization framework, different token formats, and the protocol suite for the Internet of Things tailored by the Internet Engineering Task Force), while carefully taking into account the limited capabilities of constrained devices. Functionalities and benefits offered by OAuth-IoT are pragmatically shown by means of an experimental testbed, and further demonstrated with a very preliminary performance assessment.
Sciancalepore et al. (Sat,) studied this question.