George Fletcher, AOL, Inc.
Exploring one mechanism, using open standards, to add a layer of security and convenience for devices connecting to a
personal cloud, including the challenges that exist to make it a reality.
How to Troubleshoot Apps for the Modern Connected Worker
CIS14: Securing the Internet of Things with Open Standards
1. Where are we today?
Devices and Solutions are exploding
● personal
o fitness, watches, ...
● household
o lights, detectors, thermostats, appliances, ...
● medical
o heart rate monitors, ...
2. Emerging Pattern
Each device has it’s own service in the cloud
Device reports data to the service
User accesses their device’s data via cloud
APIs
11. User Experience
● How do I allow my son to change the
thermostat but only within a limited range?
● How do I easily add a light bulb to the family
room and have it inherit the policy already
assigned to the other lights in the “family
room”?
● How do I let my friend borrow the car such
that driving data is delivered to both of us?
12. User Experience
● How do I sell my washing machine? (and
reset to initial state?)
o Can I save my policy from the old washing machine
and apply it to the new one?
● How do I craft custom experiences such that
when a World Cup game comes on, the light
change to my preferred team’s colors, the
blinds close and the TV tunes to the correct
channel?
13. Key Elements to Usability
Simple onboarding process
● provisioning device into personal cloud
● grouping device with other like devices
● pre-authorization of
o who/what can query the device
o who/what can control the device
14. Key Elements to Usability
Simple Authorization model
● out-of-band user consent channel
● alerts of abnormalities
● sharing / multi-access
● centralized policy management
15. Key Elements to Usability
Simple de-provisioning
● revocation of authorized capabilities
● reset of device to initial state
● removal of device from groups and
relationships
● archive activity data for historical purposes
18. OAuth2 Basics
● Framework for API
Authorization
o e.g. Valet Key
● Get a token (RFC 6749)
o code, implicit,
refresh, assertion, ...
● Use a token (RFC 6750)
o bearer token profile
19. OAuth2 Dynamic Registration
Client Registration Endpoint
● Initial Access Token
o out-of-band AuthZ
● Software Statement
o signed claims provided by software stack
22. User Managed Access (UMA)
resource owner
resource server
authorization
server
client
protected
resources
(unnamed till
now)
UMA, Kantara Initiative: Used with Permission
23. UMA & Online Sharing
I want to share this stuff
selectively
• Among my own apps
• With family and friends
• With organizations
I want to protect this stuff
from being seen by
everyone in the world
UMA, Kantara Initiative: Used with Permission
I want to control access
proactively, not just feel forced
to consent over and over
24. UMA request flow
Alice shares calendar with Bob
● Alice emails Bob a link to her calendar
● Bob goes to his calendar software and
subscribes to Alice’s calendar using the link
provided by Alice in the email
25. OAuth2 Code Flow
UMA Request Flow
UMA 3.1.1UMA 3.4.1UMA 3.1.2UMA 3.2.2 / OAuth2 Token Introspection
27. Persistent Compute Object (PICO)
Identity—they represent a specific entity
Storage—they persistently encapsulate both structured and unstructured data
Open event network—they respond to events
Processing—they run applications autonomously
Event Channels—they have connections to other picos
APIs—they provide access to and access other online services
Slide by Phil Windley: Used with Permission
29. Picos Use an Event Query Model
Slide by Phil Windley: Used with Permission
30. Programming Model
Program in any language you like
OAuth access to pico
Pico provides
user data
processing
API and inter-pico communications
Slide by Phil Windley: Used with Permission
32. Sample Use Case
Adding new garage door opener to my Internet
of Things
- already have Car, Lights, Thermostat, etc
Goal: garage door is up when I drive in the
driveway
35. Architectural Requirements
Owner Pico functions as the UMA AS
Each Pico functions as an UMA client
● pico channel authz is RPT introspection
Smart phone app functions as an UMA client
Tight binding between device and device Pico
36. Assumptions
Device manufactured with a Software
Statement
Device supports bi-directional NFC
Device supports HTTPS
User has a smart phone bound to their
personal cloud (trusted app)
37. Software Statement
JSON Signed Web Token (JWS)
● Issuer claim [iss] (manufacturer)
● Subject claim [sub] (device unique id)
● JWT ID claim [jti] (unique id)
● Device type [com.example.device.type]
Public key for signature must be retrievable via
the issuer claim.
38. User Experience
User runs personal cloud app and “taps” the Garage Door
opener
Garage Door opener flashes an LED to signal success
Personal cloud app shows Garage Door as being
connected to the House pico
Personal cloud app can query (or change) the open/closed
state of the door
39. NFC “Tap” garage door opener
1. Device transfers
software statement
to phone
2. Phone transfers
UMA AS endpoint
to device
a. optionally network
connectivity creds
40. Phone app adds device to cloud
Pre-Register Device
[Software_Statement]
Add Garage Door Opener
to House?
Create ‘Garage Door’
42. Garage Door connects to pico
Where’s my Pico?
[AAT]
Endpoint: https://…
Pico ID: 123UMA RPT Req (3.4.1)
[AAT, Pico ID]
RPT
(pre-authorized) Establish Connection
[RPT]
43. Where are we?
Garage Door device is connected to it’s pico
Policy for what/who can query/control the
garage door managed by the Owner pico and
implemented via UMA
44. What do we want?
Garage door to open when I drive into the
driveway
Assume:
Car is already connected to it’s ‘Car’ pico
‘Car’ pico has a channel with the ‘House’ pico
Car has geo-fence capability
46. Decommissioning the Garage Door
1. User via their trusted app instructs the Owner pico to remove the ‘Garage
Door’ pico
2. The Owner pico sends a message to the ‘House’ pico to delete the
‘Garage Door’ pico
3. The ‘Garage Door’ pico can now archive any historical data before sending
a message to the ‘Garage Door’ to reset to factory defaults
4. Owner pico revokes all ‘Garage Door’ access tokens
47. Benefits of this approach
● Collected data is stored and managed under
the user’s control
● Authorization policy across the personal IoT
cloud is centrally managed
o Lots of opportunity for innovation in how to help the
user manage their devices
o Authorization policy can be inherited across the data
model
● Implementable today with existing standards
48. References
UMA
● UMA 101 2013-10-29
● UMA Webinar 2014-03-20
● UMA Core Spec
Personal Clouds:
● Connecting Things
OAuth 2:
● Dynamic Client Registration
● Token Introspection
JOSE
● JSON Web Token
● JSON Web Signature