OAuth2 Chipset… the answer to IOT Security?

1
 OAuth2 Chipse the answer to IOT
Security?

• If you have been following the Gluu Twitter feed,
  youve probably noticed a lot of articles posted
  recently about Internet of Things (IOT)
  security (or lack thereof).
•  
• If you bother to read any of these articles, you
  will discover that none of them provide any
  answers as to how a mobile application can share
  user data while calling APIs and web access
  management system, or how the API server can
  determine if a Request for an API by a certain
  person, using a certain client should be honored.
  Its a weird situation where the people (and even
  some of the journalists) know that the emperor
  has no clothes, but the API developers and IOT
  experts are going about business as usual.
•  
• Even though it would make sense to build in
  security from the ground up, the focus of IOT
  hardware vendors has been on connectivity and
  shipping fast. And why not? As long as IOT
  devices sell, the fact that they might have some
  terrible security flaw that requires replacement
  next year is just an extra bonus.
•  
• Leveraging existing security standards for IOT
  has challenges. For example, IOT devices are more
  resource constrained than phonesthey have slower
  CPUs and less memory.
•  

2
They are disconnected from the Internet more
often. Some devices might not ever connect to the
Internet, although they may connect to a local
network. Some devices might not even have IP
they may connect only via Bluetooth or some other
wireless network protocol.   Lets take a simple
example. You have a tablet, and you want to use
it to choose a Netflix movie on your TV, pre-heat
your oven for the brownies, and tell your
robot-butler to take out the ice-cream. Luckily,
your oven, TV and robot-butler have APIs. But how
will they know its you who made this request
(maybe your kids dont have ice cream
permission)? And how will they know to trust
your tablet, which communicates on your
behalf?   The answer to IOT security is to not
re-invent 15 years of access management
experience. The patterns and protocols that is
now available to protect Web resources should be
carried over to IOT. This would provide a solid
foundation for incremental enhancements in
security.
3
I think that security needs to built in at the
chipset level. This may sound crazy, but the idea
of embedding a web server into a hardware device
seemed crazy in the mid 90's. The two most
promising APIs for IOT security are OpenID
Connect and UMA. These profiles of OAuth2 provide
open standards for authentication and wam
software system.   When people think about
security, they tend to focus on all the bad stuff
that can happen without security. Many wonder,
When will there be another 9/11 security event
that forces user behavior to change? I think
this is the wrong way to look at it. We need
security because it would enable us to lead
richer, more productive lives. In other words,
the opportunity cost of not having security far
exceeds the costs of breaches. What could we do
if we had security?   Article resource-https//ww
w.smore.com/k410w-oauth2-chipset-the-answer-to-iot