Re: [m2m-iwg] M3DA presentation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [m2m-iwg] M3DA presentation - Security

From: Matteo Collina <matteo.collina@xxxxxxxxx>
Date: Tue, 12 Mar 2013 18:45:53 +0000
Delivered-to: m2m-iwg@xxxxxxxxxxx
List-archive: <http://dev.eclipse.org/mailman/private/m2m-iwg>
List-help: <mailto:m2m-iwg-request@eclipse.org?subject=help>
List-subscribe: <http://dev.eclipse.org/mailman/listinfo/m2m-iwg>, <mailto:m2m-iwg-request@eclipse.org?subject=subscribe>
List-unsubscribe: <http://dev.eclipse.org/mailman/options/m2m-iwg>, <mailto:m2m-iwg-request@eclipse.org?subject=unsubscribe>

Hi Rick,

You made a very good point, but I still have some questions.

2013/3/12 Rick Bullotta <rick.bullotta@xxxxxxxxxxxxx>

I’m quite familiar with OAuth – we use it quite often to authenticate against backend apps and data sources, but I don’t think it is the appropriate on-device authentication mechanism or even the right technique for device -> cloud. It is better suited towards authentication on a “sensor cloud” or other intermediate server that exposes the device data/capabilities.

Could you please expand this point?

Why these use cases are different?

Perhaps there are some scenarios where OAuth could be used in an on-site gateway to provide access to other users/apps, but in general, OAuth is a fairly poor choice for securing M2M applications due to the lack of granular ACLs. It tends to be used for “all or nothing” access control.

I totally agree with you. However a user/password model does not support ACL out of the box.

M2M applications require a far more granular security model, including read/write access at an individual sensor/actuator level. That would quickly become totally unmanageable using OAuth.

I am speaking about protecting end users, not the sensors/actuators.

As a User, I want only "my" thermostat to access to my cloud profiles, and vice versa.

Storing an OAuth-like token directly inside the device will certainly help security and privacy.

I understand that you are suggesting to use two different protocols for authorizing user to access sensors/actuators.

In your architecture, OAuth might be used for authorizing users to access the "cloud", and then another protocol/authentication scheme for the communication between sensors/actuators and the cloud.

Why OAuth is not capable of both?

I think it is important to avoid falling into the trap of universally leveraging technologies that were designed for social apps (which are very “non mission critical”) for applications in the M2M space.

I am speaking about non-mission-critical solutions. I certainly do not want OAuth inside a nuclear reactor or a factory plant.

Still, the explosion of "consumer" technologies such as OAuth might radically change this field.

Thanks,

Matteo

Follow-Ups:
- Re: [m2m-iwg] M3DA presentation - Security
  - From: Cuero Bugot

References:
- Re: [m2m-iwg] M3DA presentation - Security
  - From: UOMo
- Re: [m2m-iwg] M3DA presentation - Security
  - From: Rick Bullotta
- Re: [m2m-iwg] M3DA presentation - Security
  - From: Matteo Collina
- Re: [m2m-iwg] M3DA presentation - Security
  - From: Rick Bullotta

Prev by Date: Re: [m2m-iwg] M3DA presentation - Security
Next by Date: Re: [m2m-iwg] M3DA presentation - Security
Previous by thread: Re: [m2m-iwg] M3DA presentation - Security
Next by thread: Re: [m2m-iwg] M3DA presentation - Security
Index(es):
- Date
- Thread

Breadcrumbs