Читать книгу Service Level Management in Emerging Environments - Nader Mbarek - Страница 25

Access control makes it possible to fight against the unauthorized use of a resource. In order to implement this control, a list of entities authorized to access a resource with their access authorizations is defined in accordance with a security policy. This security service is offered to implement different types of access to resources (reading, writing, modification, information deletion and task execution). Access control is based on one or more elements, using an information database that is maintained by authorization centers or the entity itself and this may take the form of an access control list or a hierarchical or distributed matrix. These databases include authentication information (passwords, security tags, etc.) (ITU-T 1991). Two entities are used for access control in the IoT: the data holders (users of IoT services) and objects (data collectors) that send data or receive commands. These two entities must be mutually authenticated (Balte et al. 2015).