Identity Management in Platforms Offering IoT as a Service

  • Juan D. Parra Rodriguez
  • Daniel Schreckling
  • Joachim Posegga
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 150)


We describe a generic attribute-based identity management system. It aims to support the large variety of security requirements induced by applications for the IoT. Hence, we discuss various management options for system entities. We show how attribute assurance can be used to reliably define attributes within groups of identities. Apart from enabling personalized identity and policy enforcement schemes, this provides a feasible trade-off between the flexibility and scalability needs and the policy definition and enforcement requirements in the IoT. We provide a proof-of-concept implementation of our framework.


Identity management Internet of Things Platform as a service Attribute based access control Federated identity management 



The research leading to these results has received funding from the European Union’s FP7 project COMPOSE, under grant agreement 317862.


  1. 1.
    Wang, L., Wijesekera, D., Jajodia, S.: A logic-based framework for attribute based access control. In: Proceedings of the ACM Workshop on Formal Methods in Security Engineering, FMSE 2004, pp. 45–55. ACM, New York (2004)Google Scholar
  2. 2.
    Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: Proceedings of the IEEE International Conference on Web Services, pp. 561–569, July 2005. doi: 10.1109/ICWS.2005.25
  3. 3.
    Hu, V.C., Scarfone, K., Kuhn, R., Sandlin, K.: Guide to attribute based access control (ABAC) definition and considerations. Technical report, Nation Institute for Standards and Technologies, January 2014Google Scholar
  4. 4.
    Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  5. 5.
    Park, J., Sandhu, R.: The \(UCON_{ABC}\) usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)CrossRefGoogle Scholar
  6. 6.
    Jensen, J.: Federated identity management challenges. In: Seventh International Conference on Availability, Reliability and Security, pp. 230–235. IEEE, August 2012Google Scholar
  7. 7.
    Beres, Y., Baldwin, A., Mont, M.C., Shiu, S.: On identity assurance in the presence of federated identity management systems. In: Proceedings of the ACM Workshop on Digital Identity Management, DIM 2007, pp. 27–35. ACM, New York (2007)Google Scholar
  8. 8.
    Thomas, I., Meinel, C.: Enhancing claim-based identity management by adding a credibility level to the notion of claims. In: 2013 IEEE International Conference on Services Computing, pp. 243–250 (2009)Google Scholar
  9. 9.
    Bishop, M.A.: The Art and Science of Computer Security. Addison-Wesley Longman Publishing Co., Inc., Boston (2002) Google Scholar
  10. 10.
    Johnston, W., Mudumbai, S., Thompson, M.: Authorization and attribute certificates for widely distributed access control. In: Proceedings of the 7th Workshop on Enabling Technologies, pp. 340–345. IEEE Computer Society, Washington, D.C. (1998)Google Scholar
  11. 11.
    Bonatti, P.A., Samarati, P.: A uniform framework for regulating service access and information release on the web. J. Comput. Secur. 10(3), 241–271 (2002)Google Scholar
  12. 12.
    Lang, B., Foster, I., Siebenlist, F., Ananthakrishnan, R., Freeman, T.: A flexible attribute based access control method for grid computing. J. Grid Comput. 7(2), 169–180 (2009)CrossRefGoogle Scholar
  13. 13.
    Thompson, M.R., Essiari, A., Mudumbai, S.: Certificate-based authorization policy in a PKI environment. ACM Trans. Inf. Syst. Secur. 6(4), 566–588 (2003)CrossRefGoogle Scholar
  14. 14.
    Chadwick, D.W., Otenko, A.: The PERMIS X.509 role based privilege management infrastructure. In: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, SACMAT 2002, pp. 135–140. ACM, New York (2002)Google Scholar
  15. 15.
    Alfieri, R., Cecchini, R., Ciaschini, V., dell’Agnello, L., Frohner, A., Gianoli, A., Lõrentey, K., Spataro, F.: VOMS, an authorization system for virtual organizations. In: Fernández Rivera, F., Bubak, M., Gómez Tato, A., Doallo, R. (eds.) Across Grids 2003. LNCS, vol. 2970, pp. 33–40. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  16. 16.
    Guo, S., Lai, X.: An access control approach of multi security domain for web service. Procedia Eng. 15, 3376–3382 (2011)CrossRefGoogle Scholar
  17. 17.
    Cha, B.R., Seo, J.H., Kim, J.W.: Design of attribute-based access control in cloud computing environment. In: Kim, K.J., Ahn, S.J. (eds.) Proceedings of the International Conference on IT Convergence and Security. Lecture Notes in Electrical Engineering, vol. 120, pp. 41–50. Springer, Netherlands (2012) Google Scholar
  18. 18.
    Arias Cabarcos, P., Almenárez, F., Gómez Mármol, F., Marín, A.: To federate or not to federate: a reputation-based mechanism to dynamize cooperation in identity management. Wireless Pers. Commun. 75(3), 1769–1786 (2014)CrossRefGoogle Scholar
  19. 19.
    Tourzan, J., Koga, Y. (eds.): Liberty ID-WSF web services framework overview (Version 2.0). Technical report, Liberty Alliance Project (2006)Google Scholar

Copyright information

© Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2015

Authors and Affiliations

  • Juan D. Parra Rodriguez
    • 1
  • Daniel Schreckling
    • 1
  • Joachim Posegga
    • 1
  1. 1.Institute of IT-Security and Security LawUniversity of PassauPassauGermany

Personalised recommendations