SlideShare ist ein Scribd-Unternehmen logo

Authorization Aspects of the Distributed Dataflow-oriented IoT Framework Calvin

T
Tomas Nilsson

Master's Thesis Presentation

Technologie
1 von 33
Downloaden Sie, um offline zu lesen
Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Aspects of the Distributed Dataflow-oriented IoT Framework Calvin Master’s Thesis Tomas Nilsson June 8, 2016 Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 1 / 20
Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Presentation Outline Introduction to Calvin Authorization Considerations Aims and challenges for this master’s thesis work Authorization in Calvin What have I implemented? Demo Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 2 / 20
Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Distributed Cloud for IoT Applications and Actors Migration, Capabilities, and Requirements Calvin – Distributed Cloud for IoT Open-source framework developed by Ericsson Research Simplify development of distributed applications combining IoT and cloud computing Execute different parts of the application on different devices Migrate to other devices without interrupting execution Calvin runtime handles data transport, message parsing, scheduling, etc. Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 3 / 20
Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Distributed Cloud for IoT Applications and Actors Migration, Capabilities, and Requirements Calvin – Applications and Actors Dataflow programming methodology Actors perform certain tasks Application defines how data flows between actors State Requirements Action outin Actor Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 4 / 20
Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Distributed Cloud for IoT Applications and Actors Migration, Capabilities, and Requirements Calvin – Applications and Actors Dataflow programming methodology Actors perform certain tasks Application defines how data flows between actors Application example: button io.GPIOReader state camera media.Camera trigger image screen media.ImageRenderer image Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 4 / 20
Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Distributed Cloud for IoT Applications and Actors Migration, Capabilities, and Requirements Calvin – Migration, Capabilities, and Requirements Before migration A B Runtime 1 B C Runtime 2 B C Actor 1 C Actor 3 A Actor 2 Requirements Capabilities & Attributes Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 5 / 20
Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Distributed Cloud for IoT Applications and Actors Migration, Capabilities, and Requirements Calvin – Migration, Capabilities, and Requirements After migration A B Runtime 1 B C Runtime 2 A Actor 2 B C Actor 1 C Actor 3 Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 5 / 20
Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Aims and Challenges Attribute-Based Access Control Adaptable to Constrained Devices Aims and Challenges for this thesis work Implement authorization of applications/actors in Calvin Desired Functionality: Fine-grained authorization decisions on access to resources offered by a runtime Adaptable to different environments Usable as input for migration decisions in Calvin Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 6 / 20
Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Aims and Challenges Attribute-Based Access Control Adaptable to Constrained Devices Aims and Challenges for this thesis work Implement authorization of applications/actors in Calvin Desired Functionality: Fine-grained authorization decisions on access to resources offered by a runtime Adaptable to different environments Usable as input for migration decisions in Calvin Challenges Dynamic distributed execution model All runtimes not known when execution starts Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 6 / 20
Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Aims and Challenges Attribute-Based Access Control Adaptable to Constrained Devices Attribute-Based Access Control (ABAC) Evaluate policy rules against attributes Subject attributes Resource attributes Action attributes Environment attributes Flexible and fine-grained access control XACML – XML-based ABAC standard Who? What? When? Where? Why? How? Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 7 / 20
Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Aims and Challenges Attribute-Based Access Control Adaptable to Constrained Devices Adaptable to Constrained Devices Compact message and policy formats JSON instead of XML Flexibility important Local authorization – minimize network traffic External authorization – minimize storage or processing power needs Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 8 / 20
Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Authorization Flow Policy Administration Point (PAP) Policy Enforcement Point (PEP) Policy Decision Point (PDP) Policy Information Point (PIP) Policy Retrieval Point (PRP) 2. Authorization request 1. Access required 3. Retrieve policies 4a. Evaluate policies 4b. Retrieve additional attributes Manage policies 5. Authorization decision User/Application/ Actor 6. Access permitted/ denied Fetch data from different sources Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 9 / 20
Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Authorization Request Request sent by Policy Enforcement Point to Policy Decision Point to check if access should be granted to an actor 1 { 2 subject: { 3 first_name: Tomas, 4 last_name: Nilsson, 5 actor_signer: Ericsson 6 }, 7 action: { 8 requires: [runtime, calvinsys.events.timer] 9 }, 10 resource: { 11 node_id: a77c0687-dce8-496f-8d81-571333be6116 12 } 13 } Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 10 / 20
Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Authorization Response Response from Policy Decision Point to Policy Enforcement Point Contains authorization decision and constraints under which the decision is valid 1 { 2 decision: permit, 3 obligations: [ 4 { 5 id: time_range, 6 attributes: { 7 start_time: 09:00, 8 end_time: 17:00 9 } 10 } 11 ] 12 } Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 11 / 20
Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Find Matching Policies Use policy target to determine to which requests a policy applies Examples: first name must be Tomas or Gustav: {first_name: [Tomas, Gustav]} email must end with @ericsson.com: {email: .*@ericsson.com} Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 12 / 20
Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Evaluate Policies Evaluate complete policy if policy target matches the request Rules with conditions are evaluated to get a policy decision The following functions can be used in a condition: ==, =, =, !=, AND, OR Combining algorithms are used to combine decisions if multiple policies match the request Permit overrides Deny overrides Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 13 / 20
Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Evaluate Policies 1 { 2 condition: { 3 function: and, 4 attributes: [ 5 { 6 function: equal, 7 attributes: [attr:resource:address.country, 8 [SE, DK]] 9 }, 10 { 11 function: greater_than_or_equal, 12 attributes: [attr:environment:current_date, 13 2016-03-04] 14 } 15 ] 16 } 17 } Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 14 / 20
xxxxx yyyyy zzzzz.. Payload SignatureHeader Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion JSON Web Token for External Authorization Signed JSON Web Tokens (JWT) are used to secure the information exchange when the Policy Decision Point is external Header: { typ: JWT, alg: ES256 } ES256 = Elliptic Curve Digital Signature Algorithm using the SHA-256 hash algorithm Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 15 / 20
xxxxx yyyyy zzzzz.. Payload SignatureHeader Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion JSON Web Token for External Authorization Signed JSON Web Tokens (JWT) are used to secure the information exchange when the Policy Decision Point is external Payload: { iss: ID of runtime that creates JWT, sub: ID of actor that the response applies to, aud: ID of runtime to which the JWT is intended, iat: the time at which the JWT was issued, exp: the expiration time for the JWT, response: the authorization response } Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 15 / 20
xxxxx yyyyy zzzzz.. Payload SignatureHeader Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion JSON Web Token for External Authorization Signed JSON Web Tokens (JWT) are used to secure the information exchange when the Policy Decision Point is external Signature: The digital signature of the concatenation of the encoded header and the encoded payload (separated by ’.’) Signed using the private key of the runtime that creates the JWT Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 15 / 20
Policy Decision Point 1. Access Denied for Camera, Runtime 1 at 17:00 Camera Runtime 2 (RT2) Camera PDP PDP Runtime 1 (RT1) (uses PDP on RT2) Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Smart Migration Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 16 / 20
Policy Decision Point 1. Access Denied for Camera, Runtime 1 at 17:00 Camera Possible migration destinations: RT2 (PDP on RT2) RT4 (PDP on RT3) Runtime 2 (RT2) Camera 2. Get possible migration destinations from global storage PDP PDP Runtime 1 (RT1) (uses PDP on RT2) Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Smart Migration Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 16 / 20
Policy Decision Point 1. Access Denied for Camera, Runtime 1 at 17:00 Camera Possible migration destinations: RT2 (PDP on RT2) RT4 (PDP on RT3) Runtime 2 (RT2) Camera 2. Get possible migration destinations from global storage PDP PDP 3. Authorization search request Signed by Runtime 1 Runtime 1 (RT1) (uses PDP on RT2) Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Smart Migration Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 16 / 20
Policy Decision Point 1. Access Denied for Camera, Runtime 1 at 17:00 4. No runtimes where access is permitted Camera Possible migration destinations: RT2 (PDP on RT2) RT4 (PDP on RT3) Runtime 2 (RT2) Camera 2. Get possible migration destinations from global storage PDP PDP 3. Authorization search request Signed by Runtime 1 Runtime 1 (RT1) (uses PDP on RT2) Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Smart Migration Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 16 / 20
Camera Policy Decision Point Runtime 3 (RT3) Runtime 4 (RT4) (uses PDP on RT3) Camera PDP PDP Runtime 1 (RT1) (uses PDP on RT2) 5. New authorization search request Signed by Runtime 1 Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Smart Migration Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 16 / 20
Camera Policy Decision Point 6. Access Permitted for Camera, Runtime 4 Signed by Runtime 3 Runtime 3 (RT3) Runtime 4 (RT4) (uses PDP on RT3) Camera PDP PDP Runtime 1 (RT1) (uses PDP on RT2) 5. New authorization search request Signed by Runtime 1 Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Smart Migration Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 16 / 20
7. Migrate Camera actor to Runtime 4 (include access decision) Camera Policy Decision Point 6. Access Permitted for Camera, Runtime 4 Signed by Runtime 3 Signed by Runtime 3 Access Permitted for Camera, Runtime 4 Runtime 3 (RT3) Runtime 4 (RT4) (uses PDP on RT3) Camera PDP PDP Runtime 1 (RT1) (uses PDP on RT2) 5. New authorization search request Signed by Runtime 1 Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Smart Migration Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 16 / 20
Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Conclusion All aims achieved The following combination is highly suitable for dynamic distributed execution models: Attribute-Based Access Control – enables flexibility and fine-grained decisions JSON-based messages and policies – lightweight and compact Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 17 / 20
Calvin Runtime Name: laptop Camera Address: Testvägen 1, Lund, SwedenCalvin Runtime Name: entrance Camera Address: Testvägen 1, Lund, SwedenCalvin Runtime Name: secret_room Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Available Runtimes Application and Deployment Requirements Authorization Policies Demo – Available Runtimes Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 18 / 20
trigge std.Cons Name laptop Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Available Runtimes Application and Deployment Requirements Authorization Policies Demo – Application and Deployment Requirements Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 19 / 20
trigge std.Cons Name laptop Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Available Runtimes Application and Deployment Requirements Authorization Policies Demo – Application and Deployment Requirements User attributes: { first_name: Tomas, last_name: Nilsson, age: 24, organization: Ericsson, group: Security } Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 19 / 20
Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Available Runtimes Application and Deployment Requirements Authorization Policies Demo – Authorization Policies Secret room: Permit camera access if subject belongs to group Security Only between 08:00 and 10:XX Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 20 / 20
Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Available Runtimes Application and Deployment Requirements Authorization Policies Demo – Authorization Policies Secret room: Permit camera access if subject belongs to group Security Only between 08:00 and 10:XX Entrance: Permit camera access if subject belongs to group Security Only between 08:00 and 18:00 Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 20 / 20

Empfohlen

Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Dilum Bandara
 
Kaleido Platform Overview and Full-stack Blockchain Services
Kaleido Platform Overview and Full-stack Blockchain ServicesKaleido Platform Overview and Full-stack Blockchain Services
Kaleido Platform Overview and Full-stack Blockchain ServicesPeter Broadhurst
 
Blockchain Hyper Ledger Fabric : Bangkok Conference
Blockchain Hyper Ledger Fabric : Bangkok ConferenceBlockchain Hyper Ledger Fabric : Bangkok Conference
Blockchain Hyper Ledger Fabric : Bangkok ConferenceAraf Karsh Hamid
 
BBK LBS 2009 ET
BBK LBS 2009 ETBBK LBS 2009 ET
BBK LBS 2009 ETJonathan Spinney
 
Hyperledger Fabric
Hyperledger FabricHyperledger Fabric
Hyperledger FabricMurughan Palaniachari
 
Best Practices Using RTI Connext DDS
Best Practices Using RTI Connext DDSBest Practices Using RTI Connext DDS
Best Practices Using RTI Connext DDSReal-Time Innovations (RTI)
 
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018Oracle - Hyperledger Silicon Valley meetup, June 20, 2018
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018Oracle Developers
 
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Arnaud Le Hors
 

Empfohlen

Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Dilum Bandara
 
Kaleido Platform Overview and Full-stack Blockchain Services
Kaleido Platform Overview and Full-stack Blockchain ServicesKaleido Platform Overview and Full-stack Blockchain Services
Kaleido Platform Overview and Full-stack Blockchain ServicesPeter Broadhurst
 
Blockchain Hyper Ledger Fabric : Bangkok Conference
Blockchain Hyper Ledger Fabric : Bangkok ConferenceBlockchain Hyper Ledger Fabric : Bangkok Conference
Blockchain Hyper Ledger Fabric : Bangkok ConferenceAraf Karsh Hamid
 
BBK LBS 2009 ET
BBK LBS 2009 ETBBK LBS 2009 ET
BBK LBS 2009 ETJonathan Spinney
 
Hyperledger Fabric
Hyperledger FabricHyperledger Fabric
Hyperledger FabricMurughan Palaniachari
 
Best Practices Using RTI Connext DDS
Best Practices Using RTI Connext DDSBest Practices Using RTI Connext DDS
Best Practices Using RTI Connext DDSReal-Time Innovations (RTI)
 
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018Oracle - Hyperledger Silicon Valley meetup, June 20, 2018
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018Oracle Developers
 
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203
Hyperledger Fabric - Blockchain for the Enterprise - FOSDEM 20190203Arnaud Le Hors
 
Internship Resume
Internship ResumeInternship Resume
Internship ResumeTyler Sebree
 
Distributed Graph Databases and the Emerging Web of Data
Distributed Graph Databases and the Emerging Web of DataDistributed Graph Databases and the Emerging Web of Data
Distributed Graph Databases and the Emerging Web of DataMarko Rodriguez
 
Many Bundles of Things - M Rulli
Many Bundles of Things - M RulliMany Bundles of Things - M Rulli
Many Bundles of Things - M Rullimfrancis
 
Fineo Technical Overview - NextSQL for IoT
Fineo Technical Overview - NextSQL for IoTFineo Technical Overview - NextSQL for IoT
Fineo Technical Overview - NextSQL for IoTJesse Yates
 
MongoDB IoT City Tour LONDON: Managing the Database Complexity, by Arthur Vie...
MongoDB IoT City Tour LONDON: Managing the Database Complexity, by Arthur Vie...MongoDB IoT City Tour LONDON: Managing the Database Complexity, by Arthur Vie...
MongoDB IoT City Tour LONDON: Managing the Database Complexity, by Arthur Vie...MongoDB
 
Getting to know oracle database objects iot, mviews, clusters and more…
Getting to know oracle database objects iot, mviews, clusters and more…Getting to know oracle database objects iot, mviews, clusters and more…
Getting to know oracle database objects iot, mviews, clusters and more…Aaron Shilo
 
Informix - The Ideal Database for IoT
Informix - The Ideal Database for IoTInformix - The Ideal Database for IoT
Informix - The Ideal Database for IoTPradeep Natarajan
 
Developing io t applications in the fog a distributed dataflow approach
Developing io t applications in the fog a distributed dataflow approachDeveloping io t applications in the fog a distributed dataflow approach
Developing io t applications in the fog a distributed dataflow approachNam Giang
 
Understanding the Operational Database Infrastructure for IoT and Fast Data
Understanding the Operational Database Infrastructure for IoT and Fast DataUnderstanding the Operational Database Infrastructure for IoT and Fast Data
Understanding the Operational Database Infrastructure for IoT and Fast DataVoltDB
 
IOT Paris Seminar 2015 - Storage Challenges in IOT
IOT Paris Seminar 2015 - Storage Challenges in IOTIOT Paris Seminar 2015 - Storage Challenges in IOT
IOT Paris Seminar 2015 - Storage Challenges in IOTMongoDB
 
Cassandra & Spark for IoT
Cassandra & Spark for IoTCassandra & Spark for IoT
Cassandra & Spark for IoTMatthias Niehoff
 
Why IoT needs Fog Computing ?
Why IoT needs Fog Computing ?Why IoT needs Fog Computing ?
Why IoT needs Fog Computing ?Ahmed Banafa
 
Understanding the Internet of Things Protocols
Understanding the Internet of Things ProtocolsUnderstanding the Internet of Things Protocols
Understanding the Internet of Things ProtocolsReal-Time Innovations (RTI)
 
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...Animesh Singh
 
Reactive Data Centric Architectures with Vortex, Spark and ReactiveX
Reactive Data Centric Architectures with Vortex, Spark and ReactiveXReactive Data Centric Architectures with Vortex, Spark and ReactiveX
Reactive Data Centric Architectures with Vortex, Spark and ReactiveXAngelo Corsaro
 
The Data Distribution Service Tutorial
The Data Distribution Service TutorialThe Data Distribution Service Tutorial
The Data Distribution Service TutorialAngelo Corsaro
 
Fog Computing with Vortex
Fog Computing with VortexFog Computing with Vortex
Fog Computing with VortexAngelo Corsaro
 
Building IoT Applications with Vortex and the Intel Edison Starter Kit
Building IoT Applications with Vortex and the Intel Edison Starter KitBuilding IoT Applications with Vortex and the Intel Edison Starter Kit
Building IoT Applications with Vortex and the Intel Edison Starter KitAngelo Corsaro
 
DDS In Action Part II
DDS In Action Part IIDDS In Action Part II
DDS In Action Part IIAngelo Corsaro
 
DDS and OPC UA Explained
DDS and OPC UA ExplainedDDS and OPC UA Explained
DDS and OPC UA ExplainedAngelo Corsaro
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Ram Vennam
 

Weitere ähnliche Inhalte

Andere mochten auch

Distributed Graph Databases and the Emerging Web of Data
Distributed Graph Databases and the Emerging Web of DataDistributed Graph Databases and the Emerging Web of Data
Distributed Graph Databases and the Emerging Web of DataMarko Rodriguez
 
Many Bundles of Things - M Rulli
Many Bundles of Things - M RulliMany Bundles of Things - M Rulli
Many Bundles of Things - M Rullimfrancis
 
Fineo Technical Overview - NextSQL for IoT
Fineo Technical Overview - NextSQL for IoTFineo Technical Overview - NextSQL for IoT
Fineo Technical Overview - NextSQL for IoTJesse Yates
 
MongoDB IoT City Tour LONDON: Managing the Database Complexity, by Arthur Vie...
MongoDB IoT City Tour LONDON: Managing the Database Complexity, by Arthur Vie...MongoDB IoT City Tour LONDON: Managing the Database Complexity, by Arthur Vie...
MongoDB IoT City Tour LONDON: Managing the Database Complexity, by Arthur Vie...MongoDB
 
Getting to know oracle database objects iot, mviews, clusters and more…
Getting to know oracle database objects iot, mviews, clusters and more…Getting to know oracle database objects iot, mviews, clusters and more…
Getting to know oracle database objects iot, mviews, clusters and more…Aaron Shilo
 
Informix - The Ideal Database for IoT
Informix - The Ideal Database for IoTInformix - The Ideal Database for IoT
Informix - The Ideal Database for IoTPradeep Natarajan
 
Developing io t applications in the fog a distributed dataflow approach
Developing io t applications in the fog a distributed dataflow approachDeveloping io t applications in the fog a distributed dataflow approach
Developing io t applications in the fog a distributed dataflow approachNam Giang
 
Understanding the Operational Database Infrastructure for IoT and Fast Data
Understanding the Operational Database Infrastructure for IoT and Fast DataUnderstanding the Operational Database Infrastructure for IoT and Fast Data
Understanding the Operational Database Infrastructure for IoT and Fast DataVoltDB
 
IOT Paris Seminar 2015 - Storage Challenges in IOT
IOT Paris Seminar 2015 - Storage Challenges in IOTIOT Paris Seminar 2015 - Storage Challenges in IOT
IOT Paris Seminar 2015 - Storage Challenges in IOTMongoDB
 
Why IoT needs Fog Computing ?
Why IoT needs Fog Computing ?Why IoT needs Fog Computing ?
Why IoT needs Fog Computing ?Ahmed Banafa
 
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...Animesh Singh
 
Reactive Data Centric Architectures with Vortex, Spark and ReactiveX
Reactive Data Centric Architectures with Vortex, Spark and ReactiveXReactive Data Centric Architectures with Vortex, Spark and ReactiveX
Reactive Data Centric Architectures with Vortex, Spark and ReactiveXAngelo Corsaro
 
The Data Distribution Service Tutorial
The Data Distribution Service TutorialThe Data Distribution Service Tutorial
The Data Distribution Service TutorialAngelo Corsaro
 
Fog Computing with Vortex
Fog Computing with VortexFog Computing with Vortex
Fog Computing with VortexAngelo Corsaro
 
Building IoT Applications with Vortex and the Intel Edison Starter Kit
Building IoT Applications with Vortex and the Intel Edison Starter KitBuilding IoT Applications with Vortex and the Intel Edison Starter Kit
Building IoT Applications with Vortex and the Intel Edison Starter KitAngelo Corsaro
 
DDS and OPC UA Explained
DDS and OPC UA ExplainedDDS and OPC UA Explained
DDS and OPC UA ExplainedAngelo Corsaro
 

Andere mochten auch (20)

Internship Resume
Internship ResumeInternship Resume
Internship Resume
 
Distributed Graph Databases and the Emerging Web of Data
Distributed Graph Databases and the Emerging Web of DataDistributed Graph Databases and the Emerging Web of Data
Distributed Graph Databases and the Emerging Web of Data
 
Many Bundles of Things - M Rulli
Many Bundles of Things - M RulliMany Bundles of Things - M Rulli
Many Bundles of Things - M Rulli
 
Fineo Technical Overview - NextSQL for IoT
Fineo Technical Overview - NextSQL for IoTFineo Technical Overview - NextSQL for IoT
Fineo Technical Overview - NextSQL for IoT
 
MongoDB IoT City Tour LONDON: Managing the Database Complexity, by Arthur Vie...
MongoDB IoT City Tour LONDON: Managing the Database Complexity, by Arthur Vie...MongoDB IoT City Tour LONDON: Managing the Database Complexity, by Arthur Vie...
MongoDB IoT City Tour LONDON: Managing the Database Complexity, by Arthur Vie...
 
Getting to know oracle database objects iot, mviews, clusters and more…
Getting to know oracle database objects iot, mviews, clusters and more…Getting to know oracle database objects iot, mviews, clusters and more…
Getting to know oracle database objects iot, mviews, clusters and more…
 
Informix - The Ideal Database for IoT
Informix - The Ideal Database for IoTInformix - The Ideal Database for IoT
Informix - The Ideal Database for IoT
 
Developing io t applications in the fog a distributed dataflow approach
Developing io t applications in the fog a distributed dataflow approachDeveloping io t applications in the fog a distributed dataflow approach
Developing io t applications in the fog a distributed dataflow approach
 
Understanding the Operational Database Infrastructure for IoT and Fast Data
Understanding the Operational Database Infrastructure for IoT and Fast DataUnderstanding the Operational Database Infrastructure for IoT and Fast Data
Understanding the Operational Database Infrastructure for IoT and Fast Data
 
IOT Paris Seminar 2015 - Storage Challenges in IOT
IOT Paris Seminar 2015 - Storage Challenges in IOTIOT Paris Seminar 2015 - Storage Challenges in IOT
IOT Paris Seminar 2015 - Storage Challenges in IOT
 
Cassandra & Spark for IoT
Cassandra & Spark for IoTCassandra & Spark for IoT
Cassandra & Spark for IoT
 
Why IoT needs Fog Computing ?
Why IoT needs Fog Computing ?Why IoT needs Fog Computing ?
Why IoT needs Fog Computing ?
 
Understanding the Internet of Things Protocols
Understanding the Internet of Things ProtocolsUnderstanding the Internet of Things Protocols
Understanding the Internet of Things Protocols
 
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
 
Reactive Data Centric Architectures with Vortex, Spark and ReactiveX
Reactive Data Centric Architectures with Vortex, Spark and ReactiveXReactive Data Centric Architectures with Vortex, Spark and ReactiveX
Reactive Data Centric Architectures with Vortex, Spark and ReactiveX
 
The Data Distribution Service Tutorial
The Data Distribution Service TutorialThe Data Distribution Service Tutorial
The Data Distribution Service Tutorial
 
Fog Computing with Vortex
Fog Computing with VortexFog Computing with Vortex
Fog Computing with Vortex
 
Building IoT Applications with Vortex and the Intel Edison Starter Kit
Building IoT Applications with Vortex and the Intel Edison Starter KitBuilding IoT Applications with Vortex and the Intel Edison Starter Kit
Building IoT Applications with Vortex and the Intel Edison Starter Kit
 
DDS In Action Part II
DDS In Action Part IIDDS In Action Part II
DDS In Action Part II
 
DDS and OPC UA Explained
DDS and OPC UA ExplainedDDS and OPC UA Explained
DDS and OPC UA Explained
 

Ähnlich wie Authorization Aspects of the Distributed Dataflow-oriented IoT Framework Calvin

Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Ram Vennam
 
Role-based Access Control June09 GeoSOA Workshop
Role-based Access Control June09 GeoSOA WorkshopRole-based Access Control June09 GeoSOA Workshop
Role-based Access Control June09 GeoSOA WorkshopCarbon Project
 
Api service mesh and microservice tooling
Api service mesh and microservice toolingApi service mesh and microservice tooling
Api service mesh and microservice toolingLuca Mattia Ferrari
 
Introduction to Istio for APIs and Microservices meetup
Introduction to Istio for APIs and Microservices meetupIntroduction to Istio for APIs and Microservices meetup
Introduction to Istio for APIs and Microservices meetupDaniel Ciruli
 
Istio: Using nginMesh as the service proxy
Istio: Using nginMesh as the service proxyIstio: Using nginMesh as the service proxy
Istio: Using nginMesh as the service proxyLee Calcote
 
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar VenugopalanAgile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar VenugopalanIndia Scrum Enthusiasts Community
 
GDPR Compliance Countdown - Is your Application environment ready?
GDPR Compliance Countdown - Is your Application environment ready?GDPR Compliance Countdown - Is your Application environment ready?
GDPR Compliance Countdown - Is your Application environment ready?QualiQuali
 
Cloud 12 08 V2
Cloud 12 08 V2Cloud 12 08 V2
Cloud 12 08 V2Pini Cohen
 
Cyber object types and controls.pdf
Cyber object types and controls.pdfCyber object types and controls.pdf
Cyber object types and controls.pdfRobert Kloots
 
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfNordic APIs
 
Combating Mobile Device Theft with Blockchain
Combating Mobile Device Theft with BlockchainCombating Mobile Device Theft with Blockchain
Combating Mobile Device Theft with BlockchainNagesh Caparthy
 
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays
 
KeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREKeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREÁlvaro Alonso González
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Kenneth Peeples
 
Creating Complete Test Environments in the Cloud: Skytap & Parasoft Webinar
Creating Complete Test Environments in the Cloud: Skytap & Parasoft WebinarCreating Complete Test Environments in the Cloud: Skytap & Parasoft Webinar
Creating Complete Test Environments in the Cloud: Skytap & Parasoft WebinarSkytap Cloud
 
3 Steps to Safely Bringing Your Own Devices (BYOD)
3 Steps to Safely Bringing Your Own Devices (BYOD)3 Steps to Safely Bringing Your Own Devices (BYOD)
3 Steps to Safely Bringing Your Own Devices (BYOD)Motorola Solutions
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...apidays
 

Ähnlich wie Authorization Aspects of the Distributed Dataflow-oriented IoT Framework Calvin (20)

Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019
 
Role-based Access Control June09 GeoSOA Workshop
Role-based Access Control June09 GeoSOA WorkshopRole-based Access Control June09 GeoSOA Workshop
Role-based Access Control June09 GeoSOA Workshop
 
Api service mesh and microservice tooling
Api service mesh and microservice toolingApi service mesh and microservice tooling
Api service mesh and microservice tooling
 
Introduction to Istio for APIs and Microservices meetup
Introduction to Istio for APIs and Microservices meetupIntroduction to Istio for APIs and Microservices meetup
Introduction to Istio for APIs and Microservices meetup
 
Istio: Using nginMesh as the service proxy
Istio: Using nginMesh as the service proxyIstio: Using nginMesh as the service proxy
Istio: Using nginMesh as the service proxy
 
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar VenugopalanAgile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
Agile Tour Pune 2015: Dev-ops- niche or mainstream: Bhaskar Venugopalan
 
Project falcon1
Project falcon1Project falcon1
Project falcon1
 
GDPR Compliance Countdown - Is your Application environment ready?
GDPR Compliance Countdown - Is your Application environment ready?GDPR Compliance Countdown - Is your Application environment ready?
GDPR Compliance Countdown - Is your Application environment ready?
 
Cloud 12 08 V2
Cloud 12 08 V2Cloud 12 08 V2
Cloud 12 08 V2
 
Cyber object types and controls.pdf
Cyber object types and controls.pdfCyber object types and controls.pdf
Cyber object types and controls.pdf
 
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdf
 
Combating Mobile Device Theft with Blockchain
Combating Mobile Device Theft with BlockchainCombating Mobile Device Theft with Blockchain
Combating Mobile Device Theft with Blockchain
 
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
 
KeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREKeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWARE
 
Venkataraman Raghunathan
Venkataraman RaghunathanVenkataraman Raghunathan
Venkataraman Raghunathan
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
 
Creating Complete Test Environments in the Cloud: Skytap & Parasoft Webinar
Creating Complete Test Environments in the Cloud: Skytap & Parasoft WebinarCreating Complete Test Environments in the Cloud: Skytap & Parasoft Webinar
Creating Complete Test Environments in the Cloud: Skytap & Parasoft Webinar
 
3 Steps to Safely Bringing Your Own Devices (BYOD)
3 Steps to Safely Bringing Your Own Devices (BYOD)3 Steps to Safely Bringing Your Own Devices (BYOD)
3 Steps to Safely Bringing Your Own Devices (BYOD)
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
 

Kürzlich hochgeladen

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 

Kürzlich hochgeladen (20)

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 

Authorization Aspects of the Distributed Dataflow-oriented IoT Framework Calvin

  • 1. Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Aspects of the Distributed Dataflow-oriented IoT Framework Calvin Master’s Thesis Tomas Nilsson June 8, 2016 Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 1 / 20
  • 2. Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Presentation Outline Introduction to Calvin Authorization Considerations Aims and challenges for this master’s thesis work Authorization in Calvin What have I implemented? Demo Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 2 / 20
  • 3. Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Distributed Cloud for IoT Applications and Actors Migration, Capabilities, and Requirements Calvin – Distributed Cloud for IoT Open-source framework developed by Ericsson Research Simplify development of distributed applications combining IoT and cloud computing Execute different parts of the application on different devices Migrate to other devices without interrupting execution Calvin runtime handles data transport, message parsing, scheduling, etc. Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 3 / 20
  • 4. Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Distributed Cloud for IoT Applications and Actors Migration, Capabilities, and Requirements Calvin – Applications and Actors Dataflow programming methodology Actors perform certain tasks Application defines how data flows between actors State Requirements Action outin Actor Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 4 / 20
  • 5. Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Distributed Cloud for IoT Applications and Actors Migration, Capabilities, and Requirements Calvin – Applications and Actors Dataflow programming methodology Actors perform certain tasks Application defines how data flows between actors Application example: button io.GPIOReader state camera media.Camera trigger image screen media.ImageRenderer image Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 4 / 20
  • 6. Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Distributed Cloud for IoT Applications and Actors Migration, Capabilities, and Requirements Calvin – Migration, Capabilities, and Requirements Before migration A B Runtime 1 B C Runtime 2 B C Actor 1 C Actor 3 A Actor 2 Requirements Capabilities & Attributes Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 5 / 20
  • 7. Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Distributed Cloud for IoT Applications and Actors Migration, Capabilities, and Requirements Calvin – Migration, Capabilities, and Requirements After migration A B Runtime 1 B C Runtime 2 A Actor 2 B C Actor 1 C Actor 3 Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 5 / 20
  • 8. Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Aims and Challenges Attribute-Based Access Control Adaptable to Constrained Devices Aims and Challenges for this thesis work Implement authorization of applications/actors in Calvin Desired Functionality: Fine-grained authorization decisions on access to resources offered by a runtime Adaptable to different environments Usable as input for migration decisions in Calvin Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 6 / 20
  • 9. Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Aims and Challenges Attribute-Based Access Control Adaptable to Constrained Devices Aims and Challenges for this thesis work Implement authorization of applications/actors in Calvin Desired Functionality: Fine-grained authorization decisions on access to resources offered by a runtime Adaptable to different environments Usable as input for migration decisions in Calvin Challenges Dynamic distributed execution model All runtimes not known when execution starts Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 6 / 20
  • 10. Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Aims and Challenges Attribute-Based Access Control Adaptable to Constrained Devices Attribute-Based Access Control (ABAC) Evaluate policy rules against attributes Subject attributes Resource attributes Action attributes Environment attributes Flexible and fine-grained access control XACML – XML-based ABAC standard Who? What? When? Where? Why? How? Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 7 / 20
  • 11. Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Aims and Challenges Attribute-Based Access Control Adaptable to Constrained Devices Adaptable to Constrained Devices Compact message and policy formats JSON instead of XML Flexibility important Local authorization – minimize network traffic External authorization – minimize storage or processing power needs Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 8 / 20
  • 12. Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Authorization Flow Policy Administration Point (PAP) Policy Enforcement Point (PEP) Policy Decision Point (PDP) Policy Information Point (PIP) Policy Retrieval Point (PRP) 2. Authorization request 1. Access required 3. Retrieve policies 4a. Evaluate policies 4b. Retrieve additional attributes Manage policies 5. Authorization decision User/Application/ Actor 6. Access permitted/ denied Fetch data from different sources Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 9 / 20
  • 13. Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Authorization Request Request sent by Policy Enforcement Point to Policy Decision Point to check if access should be granted to an actor 1 { 2 subject: { 3 first_name: Tomas, 4 last_name: Nilsson, 5 actor_signer: Ericsson 6 }, 7 action: { 8 requires: [runtime, calvinsys.events.timer] 9 }, 10 resource: { 11 node_id: a77c0687-dce8-496f-8d81-571333be6116 12 } 13 } Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 10 / 20
  • 14. Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Authorization Response Response from Policy Decision Point to Policy Enforcement Point Contains authorization decision and constraints under which the decision is valid 1 { 2 decision: permit, 3 obligations: [ 4 { 5 id: time_range, 6 attributes: { 7 start_time: 09:00, 8 end_time: 17:00 9 } 10 } 11 ] 12 } Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 11 / 20
  • 15. Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Find Matching Policies Use policy target to determine to which requests a policy applies Examples: first name must be Tomas or Gustav: {first_name: [Tomas, Gustav]} email must end with @ericsson.com: {email: .*@ericsson.com} Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 12 / 20
  • 16. Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Evaluate Policies Evaluate complete policy if policy target matches the request Rules with conditions are evaluated to get a policy decision The following functions can be used in a condition: ==, =, =, !=, AND, OR Combining algorithms are used to combine decisions if multiple policies match the request Permit overrides Deny overrides Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 13 / 20
  • 17. Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Evaluate Policies 1 { 2 condition: { 3 function: and, 4 attributes: [ 5 { 6 function: equal, 7 attributes: [attr:resource:address.country, 8 [SE, DK]] 9 }, 10 { 11 function: greater_than_or_equal, 12 attributes: [attr:environment:current_date, 13 2016-03-04] 14 } 15 ] 16 } 17 } Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 14 / 20
  • 18. xxxxx yyyyy zzzzz.. Payload SignatureHeader Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion JSON Web Token for External Authorization Signed JSON Web Tokens (JWT) are used to secure the information exchange when the Policy Decision Point is external Header: { typ: JWT, alg: ES256 } ES256 = Elliptic Curve Digital Signature Algorithm using the SHA-256 hash algorithm Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 15 / 20
  • 19. xxxxx yyyyy zzzzz.. Payload SignatureHeader Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion JSON Web Token for External Authorization Signed JSON Web Tokens (JWT) are used to secure the information exchange when the Policy Decision Point is external Payload: { iss: ID of runtime that creates JWT, sub: ID of actor that the response applies to, aud: ID of runtime to which the JWT is intended, iat: the time at which the JWT was issued, exp: the expiration time for the JWT, response: the authorization response } Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 15 / 20
  • 20. xxxxx yyyyy zzzzz.. Payload SignatureHeader Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion JSON Web Token for External Authorization Signed JSON Web Tokens (JWT) are used to secure the information exchange when the Policy Decision Point is external Signature: The digital signature of the concatenation of the encoded header and the encoded payload (separated by ’.’) Signed using the private key of the runtime that creates the JWT Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 15 / 20
  • 21. Policy Decision Point 1. Access Denied for Camera, Runtime 1 at 17:00 Camera Runtime 2 (RT2) Camera PDP PDP Runtime 1 (RT1) (uses PDP on RT2) Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Smart Migration Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 16 / 20
  • 22. Policy Decision Point 1. Access Denied for Camera, Runtime 1 at 17:00 Camera Possible migration destinations: RT2 (PDP on RT2) RT4 (PDP on RT3) Runtime 2 (RT2) Camera 2. Get possible migration destinations from global storage PDP PDP Runtime 1 (RT1) (uses PDP on RT2) Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Smart Migration Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 16 / 20
  • 23. Policy Decision Point 1. Access Denied for Camera, Runtime 1 at 17:00 Camera Possible migration destinations: RT2 (PDP on RT2) RT4 (PDP on RT3) Runtime 2 (RT2) Camera 2. Get possible migration destinations from global storage PDP PDP 3. Authorization search request Signed by Runtime 1 Runtime 1 (RT1) (uses PDP on RT2) Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Smart Migration Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 16 / 20
  • 24. Policy Decision Point 1. Access Denied for Camera, Runtime 1 at 17:00 4. No runtimes where access is permitted Camera Possible migration destinations: RT2 (PDP on RT2) RT4 (PDP on RT3) Runtime 2 (RT2) Camera 2. Get possible migration destinations from global storage PDP PDP 3. Authorization search request Signed by Runtime 1 Runtime 1 (RT1) (uses PDP on RT2) Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Smart Migration Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 16 / 20
  • 25. Camera Policy Decision Point Runtime 3 (RT3) Runtime 4 (RT4) (uses PDP on RT3) Camera PDP PDP Runtime 1 (RT1) (uses PDP on RT2) 5. New authorization search request Signed by Runtime 1 Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Smart Migration Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 16 / 20
  • 26. Camera Policy Decision Point 6. Access Permitted for Camera, Runtime 4 Signed by Runtime 3 Runtime 3 (RT3) Runtime 4 (RT4) (uses PDP on RT3) Camera PDP PDP Runtime 1 (RT1) (uses PDP on RT2) 5. New authorization search request Signed by Runtime 1 Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Smart Migration Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 16 / 20
  • 27. 7. Migrate Camera actor to Runtime 4 (include access decision) Camera Policy Decision Point 6. Access Permitted for Camera, Runtime 4 Signed by Runtime 3 Signed by Runtime 3 Access Permitted for Camera, Runtime 4 Runtime 3 (RT3) Runtime 4 (RT4) (uses PDP on RT3) Camera PDP PDP Runtime 1 (RT1) (uses PDP on RT2) 5. New authorization search request Signed by Runtime 1 Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Smart Migration Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 16 / 20
  • 28. Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Authorization Flow Message and Policy Formats Smart Migration Conclusion Conclusion All aims achieved The following combination is highly suitable for dynamic distributed execution models: Attribute-Based Access Control – enables flexibility and fine-grained decisions JSON-based messages and policies – lightweight and compact Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 17 / 20
  • 29. Calvin Runtime Name: laptop Camera Address: Testvägen 1, Lund, SwedenCalvin Runtime Name: entrance Camera Address: Testvägen 1, Lund, SwedenCalvin Runtime Name: secret_room Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Available Runtimes Application and Deployment Requirements Authorization Policies Demo – Available Runtimes Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 18 / 20
  • 30. trigge std.Cons Name laptop Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Available Runtimes Application and Deployment Requirements Authorization Policies Demo – Application and Deployment Requirements Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 19 / 20
  • 31. trigge std.Cons Name laptop Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Available Runtimes Application and Deployment Requirements Authorization Policies Demo – Application and Deployment Requirements User attributes: { first_name: Tomas, last_name: Nilsson, age: 24, organization: Ericsson, group: Security } Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 19 / 20
  • 32. Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Available Runtimes Application and Deployment Requirements Authorization Policies Demo – Authorization Policies Secret room: Permit camera access if subject belongs to group Security Only between 08:00 and 10:XX Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 20 / 20
  • 33. Introduction to Calvin Authorization Considerations Authorization in Calvin Demo Available Runtimes Application and Deployment Requirements Authorization Policies Demo – Authorization Policies Secret room: Permit camera access if subject belongs to group Security Only between 08:00 and 10:XX Entrance: Permit camera access if subject belongs to group Security Only between 08:00 and 18:00 Tomas Nilsson Authorization Aspects of the IoT Framework Calvin 20 / 20