Decentralized access permission control using resource-oriented architecture for the Web of Things

As the today's Web provides open communication environment for a variety of web resources, the Web of Things (WoT) offers new opportunity and challenges about the interoperation among the smart things. The well-known Web technologies can leverage the Web-enabled things to publish and exchange their resource information over the Web, then the Web-enabled thing should cope with the security threat regarding the information exposures over the Web, particularly, access permissions to the thing's resource information. Thus, in this paper we analyse access permission control mechanism considering both the WoT characteristics and the REST-compliant resource-oriented Web architecture. In contrast to existing access control logics, the proposed mechanism utilizes not only the requester information such as the typical identity and the internet addresses, but also the context of the thing itself. Based on this mechanism, we present web-resource structure for access permission control, and describe an exemplary procedure in detail. This research contributes to the flexible and decentralized access permission control for WoT.