A Model-Driven Approach for Access Control in Internet of Things (IoT) Applications – An Introduction to UMLOA

The Internet of Things (IoT) is a collection of billions of devices attached to the internet that collect and exchange data using nodes, sensors, and controllers. The world is now continuously shifting from the traditional approaches to the IoT technology in order to meet the demands of modern technological advancements. However, the selection and implementation of right access control method in IoT applications is always challenging. In this context, OAuth is a renowned access control protocol in IoT applications. However, it is difficult to provide access control in IoT application through OAuth due to its implementation complexity. Therefore, there is a strong dire to introduce a model based approach that provide simple access control mechanism in IoT applications while preserving the major OAuth features. This article introduces Unified Modeling Language profile for OAuth (UMLOA) to model the access control requirements for IoT applications. Particularly, UMLOA is capable of modeling confidentiality, integrity, availability, scalability, and interoperability requirements in IoT applications. This provides the basis to transform the UMLOA source models into different target models (e.g. iFogSim etc.) for early verification of access control requirements. The applicability of UMLOA is validated through intelligent shipping container case study.