Blockchain based Internet of Things (Debashis De, Siddhartha Bhattacharyya etc.)

Identity Management in Internet of Things with Blockchain

217

• Assigning and managing roles to identities

• Creation of groups of identities for mass management and scalability

• Applying policies of rules regarding all the above.

The second obligation of IAM is all about an entity’s interaction with IoT

and ﬁltering which actions are allowed and which are not by the entity using its

corresponding identity. Consequently, access management is used for:

• Allow or forbid access to services and resources

• Activity monitoring for administrative transparency

• Provisioning of data access for privacy

• Delegating access to private data or restricted services.

2.3

The Four Principles of Managing Identities and Access

By now it must be clear that IAM is not a speciﬁc framework or protocol which can

be applied to a system and succeed in providing the services of the previous section,

rather it is an abstract description of the functionalities it must offer. Every IoT

environment has different needs, different kinds of entities that might interact with

using a wide variety of communication protocols. This makes IAM a system whose

architecture needs to be designed according to the respective IoT system’s abstract

architecture and functionality. So, in order to design a robust IAM architecture and

choose the most suitable frameworks and protocols, one must consider the following

features of IAM [17]:

• The Authentication Services: Authentication is the process with which an entity

can verify itself using either something they know (e.g., password, seed phrase,

mnemonic etc.), either something they own (e.g., tokens, certiﬁcate etc.) or

something that characterizes them (e.g., biometric credentials, unique circuit

characteristics etc.) [18].

• The Authorization Services: Authorization includes all the policies and rules

which dictate what services and applications can be accessed by whom. Entities

within a certain environment are assigned with roles and privileges that corre-

spond to respective authorization levels, allowing them (or forbidding them) the

access to resources.

• Identity Management: The identity management is the combination of technolo-

gies and tools for deﬁning the digital identity for each entity, storing the identities’

information and updating it when a change in an entity’s account occurs. The revo-

cation of a digital identity when necessary is also one of the tasks to be handled

by the identity management services.

• Federated Identity (FId): When multiple applications or organizations must work

within the same environment, while each of them has its own rules and policies,

the use of a federated identity service can make things easier. Instead of the user

providing credentials directly to each application, the FId acts as an intermediate