Identity at the Center Identity At The Center #33 - IAM for IoT
Mar 2, 2020
Explore the complexities of Identity and Access Management (IAM) for Internet of Things devices. The hosts define what constitutes a 'thing' in the IoT landscape, differentiating device identity from human identity. They discuss best practices for device registration and authenticity, emphasizing the importance of separation in identity storage. Topics like machine-to-machine authentication, token usage, and security risks such as firmware vulnerabilities are key highlights. Dive into the challenges of scaling IoT IAM to ensure reliability and security.
AI Snips
Chapters
Transcript
Episode notes
What Counts As A 'Thing'
- 'Thing' spans devices, services, systems, applications, and data sources in IoT contexts.
- Most IoT refers to network-aware devices that report over the internet.
IoT Devices Exist On A Capability Spectrum
- IoT devices vary from 'smart' computers to very dumb sensors with minimal capabilities.
- This spectrum affects protocols, capabilities, and how identity solutions must be designed.
Relationships Drive IoT IAM
- IoT IAM centers on relationships: device-to-person and device-to-organization mappings matter.
- Lifecycle events like ownership changes must break and re-establish those relationships securely.