Internet of Things Patterns
This is an excerpt of the pattern that was first published in [1].

Permission Control

Icon of the Permission Control pattern

Device owners are afraid to completely hand over access to their devices and data to others. Allow device owners to choose which functionality and data a backend server or other communication partners are allowed to access when they first connect to the device. Ensure that these choices are respected and updated when something changes.

Aliases:

Explicit Choice

Context:

In the IoT there are often multiple stakeholders involved, such as device and platform manufacturers, owners, and users. Building and using IoT solutions often requires communication between the components of these stakeholders, for example between devices and a backend server, as data and functionality are shared.

Problem:

Device owners are afraid to completely hand over access to their devices and data to third parties without any control. Often, it is unclear what data a device shares with communication partners or what others can access and control.

Forces:

  • Choice: Device owners should have a choice as to what rights they grant a particular communication partner. This may include scenarios where they do only grant limited rights with which communication partners have to work. The available choices depend on the use case and its semantics.

  • Granularity: Different levels of granularity may be required depending on the use case.

  • Enforcement: The mechanism has to protect users’ rights. If a user chooses not to allow something it has to make sure that this choice is enforced.

  • Simplicity: Such a mechanism has to be easy to use for end users. It will not be adopted or it will be wrongly used if it is too complicated.

  • Updates: Capabilities of devices and the communication partners which access them change. In such a case, the user may change his mind about previous choices or has to make new choices. The backend server and other systems have to make sure to work with the current set of choices at all times.

Solution:

When first connecting a device to a backend server, require an explicit choice from the user regarding which functionality and data the backend and other communication partners are allowed to use. Build your backend server so that it adheres to these choices. Require the user to confirm these choices if something on the device or the backend server changes.

Solution sketch of the Permission Control pattern

Solution Details:

This is an excerpt of a previously published pattern. The full pattern can be found in [1].


Benefits:
Drawbacks:

Variants:

Related Patterns:

Known Uses:

  1. L. Reinfurt, U. Breitenbücher, M. Falkenthal, P. Fremantle, and F. Leymann, “Internet of Things Security Patterns,” in Proceedings of the 24th Conference on Pattern Languages of Programs (PLoP), 2017. Available at https://dl.acm.org/citation.cfm?id=3290305