Foreword

Security in INTER-IoT is treated as a cross-layer component as it affects similarly all the interoperability levels considered in the project. Althoug the objective of the project is not to study the IoT security as a independent work, it is clear that the scientific and technical research aspects of the project (including the connection of industrial IoT platform, the access to health measurements or the actuation over IoT devices) have implicit requirements to ensure the trustworthiness, reliability and privacy of the interoperability mechanims.

Thus, there are layer-specific security components that prevent from malicious access or software that could interact with the software components. These mechanisms are hidden in the different communication layers and are out of the scope of this document. To have more information, please refer to https://inter-iot.github.io/.

This Cookbook section refers, however, to the high-level cross-layer security components that are in charge of ensuring the external access to the different INTER-IoT interoperability layers.

The layer infrastructure of INTER-IoT is only accessible by external applications or users by accessing the INTER-API. The INTER-API is a curated homogeneous API that redirects to the appropriated layer method once it is called. INTER-API is exposed in INTER-IoT through the API Gateway, which is part of the API Manager solution. Thus, all the API requests addressed to INTER-IoT are processed in the API Manager, which, at the same time, validates and check the origin of the request using the Identity Server.

The API Manager, in collaboration with the Identity Server implements an standard architecture for fine-grained access control to resources, XACML. This standard has been implement in INTER-IoT for the case of the IoT platforms, devices and services, so that it is easy to define access of the INTER-IoT users to specific or groups of resources, leveragin the security rules execution engine of XACML.

This condition obliges the cross layer the introduction of user management, to allow applications and developers to create an identity, stored in the Identity Server, that can have some permissions and roles associated and thus have a security badge to get acess (or be rejected) to INTER-IoT mechanisms.