Next Article in Journal
An Effective Grouping Method for Privacy-Preserving Bike Sharing Data Publishing
Next Article in Special Issue
Secure and Dynamic Memory Management Architecture for Virtualization Technologies in IoT Devices
Previous Article in Journal
Collaborative Web Service Discovery and Recommendation Based on Social Link
Previous Article in Special Issue
Extensions and Enhancements to “the Secure Remote Update Protocol”
Article Menu
Issue 4 (December) cover image

Export Article

Open AccessArticle
Future Internet 2017, 9(4), 64;

IAACaaS: IoT Application-Scoped Access Control as a Service

Departamento de Ingeniería de Sistemas Telemáticos, Universidad Politécnica de Madrid, 28040 Madrid, Spain
This paper is an extended version of our paper published in Fernández, F.; Alonso, A.; Marco, L.; Salvachúa, J. A model to enable application-scoped access control as a service for IoT using OAuth 2.0. 2017 20th Conference on Innovations in Clouds, Internet and Networks (ICIN), 2017; pp. 322–324.
Author to whom correspondence should be addressed.
Received: 1 September 2017 / Revised: 4 October 2017 / Accepted: 13 October 2017 / Published: 17 October 2017
(This article belongs to the Special Issue IoT Security and Privacy)
Full-Text   |   PDF [780 KB, uploaded 17 October 2017]   |  


access control is a key element when guaranteeing the security of online services. However, devices that make the Internet of Things have some special requirements that foster new approaches to access control mechanisms. Their low computing capabilities impose limitations that make traditional paradigms not directly applicable to sensors and actuators. In this paper, we propose a dynamic, scalable, IoT-ready model that is based on the OAuth 2.0 protocol and that allows the complete delegation of authorization, so that an as a service access control mechanism is provided. Multiple tenants are also supported by means of application-scoped authorization policies, whose roles and permissions are fine-grained enough to provide the desired flexibility of configuration. Besides, OAuth 2.0 ensures interoperability with the rest of the Internet, yet preserving the computing constraints of IoT devices, because its tokens provide all the necessary information to perform authorization. The proposed model has been fully implemented in an open-source solution and also deeply validated in the scope of FIWARE, a European project with thousands of users, the goal of which is to provide a framework for developing smart applications and services for the future Internet. We provide the details of the deployed infrastructure and offer the analysis of a sample smart city setup that takes advantage of the model. We conclude that the proposed solution enables a new access control as a service paradigm that satisfies the special requirements of IoT devices in terms of performance, scalability and interoperability. View Full-Text
Keywords: IoT; security; access control; identity management; OAuth 2.0; IAACaaS IoT; security; access control; identity management; OAuth 2.0; IAACaaS

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).

Share & Cite This Article

MDPI and ACS Style

Alonso, Á.; Fernández, F.; Marco, L.; Salvachúa, J. IAACaaS: IoT Application-Scoped Access Control as a Service. Future Internet 2017, 9, 64.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics



[Return to top]
Future Internet EISSN 1999-5903 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top