Authorization Architecture for SWoT

Abstract: Social Web of Things (SWoT) is a user centric framework which facilitates interaction between software agents deployed on smart things and in the cloud. Software agents deployed on smart things are remotely accessible, host sensitive resources, and often represent high value targets. SWoT currently does not feature adequate security mechanisms which could protect software agents from unauthorized access. In this thesis, we aim to rectify this deficiency by introducing platform independent, exible, and user centric authorization mechanism inSWoT. We derive requirements and design of abstract authorization architecture from the preceding seminal work performed in SENSEI project. SENSEI and SWoT share same problem domain, but while SENSEI addresses enterprise use cases SWoT focusses on consumer use cases. This single but fundamental difference motivates adaptations of SENSEI contributions for application in SWoT. To realize concrete authorization architecture we perform extensive study of various authorization solutions. Results of our study indicate that novel User Managed Access (UMA) protocol represents promising solution for SWoT. We present the Authorization as a Service solution for SWoT framework, based on UMA protocol. This solution enables users to manage and control communication between software agents deployed on smart things and in the cloud from single centralized location. It also features runtime association of software agents, management, evaluation, and enforcement of access permissions for resources provided by software agents.