Database Reference
In-Depth Information
Fig. 3. Semantic annotation of observations in X-GSN
connections, HTTP requests, JDBC database queries, and more. X-GSN implements
wrappers for these data providers, and allows users to develop custom ones. Virtual
sensors and wrapper settings are speci
les, which provide internal
details of the data to be exposed. Data are represented as streams of data tuples which
can be consumed, queried or analyzed on-line. In OpenIoT this processing includes the
annotation of sensor observations as soon as they arrive to X-GSN, as depicted in
Fig.
3
. Note that virtual sensors can be built on top of other virtual sensors, providing
different layers of information. For example, one can imagine a set of thermometers
that send their data into X-GSN. Then all those data streams can feed an aggregating
virtual sensor that averages received values over prede
ed in con
guration
ned time windows, annotates
average values semantically and stores them in the LSM cloud store. The described
example is realized by editing only a few XML
les. In general, the effort needed to
deploy a new sensor in OpenIoT is typically in the range of few man-hours.
3.2 Authenticated and Authorized Access to Resources
The diversity of applications interacting in an IoT ecosystem calls for non-trivial security
and access-rights schemes. Conventional approaches (e.g., creating distinct user accounts
for each application and granting access rights to each user) are not scalable as the number
of applications and user accounts grows. OpenIoT adopts a flexible and generic approach
for authentication and authorization. User management, authentication, and authorization
are performed by the privacy & security module and its CAS (Central Authentication
Service) service. Users are redirected to a centric login page the
rst time they try to
access a restricted resource where they provide their username and password to the central
authentication entity. If authentication is successful, the CAS redirects the user to the
original web page and returns a token to the web application. Tokens represent authen-
ticated users, have a prede
ned expiration time and are valid only before they expire. The
token is forwarded from a service to the next one in a request chain, e.g., from the user
interface to LSM. Services can check if the token is valid, or use the token to check if the
user represented by this token has the necessary access rights.
In terms of implementation, OAuth2.0 enabled Jasig CAS has been extended for
the OpenIoT needs. In particular, we added the end point permissions for retrieving
Search WWH ::
Custom Search