Identity Management in Internet of Things with Blockchain

215

2.1

Different IAM Models

There are two different IAM models which have increased popularity due to the ease

of management they offer. These models are role-based access control (RBAC) and

attribute-based access control (ABAC). While these are very general approaches and

usuallyappliedinenvironmentsregardingorganizationsandcompaniesformanaging

access of stuff in data and local files, the resemblance of the administrative needs with

an IoT environment is also apparent, since the only difference in the IoT environments

is that of the existence of devices instead of users.

In more detail, RBAC (Fig. 3) uses a single-base model consisting of predefined

users, roles, permissions and sessions to gradually build bottom-up models in order

to add complexity and diversity to the model while defining the cardinality of roles

[14]. Different users (or devices in the case of IoT) have different roles assigned to

them, while permissions and sessions are granted as per those roles. Further tiers

intend to introduce hierarchy and inheritance of permissions, as well as constraints

within certain use case scenarios. The final model tier is used to combine the previous

tiers and offer logic when some of the hierarchy and constrain rules are conflicted.

On the other hand, ABAC (Fig. 4) is a model designed to be built on attributes that

characterize every entity within the corresponding environment. More specifically,

ABAC considers users as subjects and resource entities as objects [15]. Both subjects

and objects are characterized by a set of attributes, while at the same time there is a

set of access control rules defined either before or after the initialization of the IAM

system. When the corresponding environment conditions occur, the access control

Fig. 3 Role based access control system