IOTA Access is a lightweight access-control framework tailored for resource-constrained settings, such as embedded devices and the infrastructure in which they are used.
The framework is also expanded with relevant concepts, such as obligations and the delegation of access-control policies, to particularly address the needs of reliable and secure human-machine interactions in commercial settings of the IoT and mobility space.
IOTA Access uses access control policies. Attributes are described in combination with binary operations that result in the [grant, deny, conflict, undefined]
set of logical outcomes for access control of some physical device.
Existing access and permissions solutions revolve around having a connection to a centralized system. The permissions and privilege structures are stored in a server or cloud and managed by a centralized entity. The device granting access needs to have a maintained connection to check these access permissions, and it typically has to be stationary and is usually a highly restricted process.
In automotive and smart mobility contexts, none of this works reliably. Vehicles do not have a consistent connection all the time. Constantly checking in with a centralized structure requires high use of bandwidth and poses slew of single points of failure along the data pipeline. With the use of IOTA Access, we look to solve this. IOTA Access decentralizes access and permission structures and is working towards allowing them to be embedded into the devices and the individual processors on those devices directly. This is done with a new policy-based management structure that focuses on device and human interactions in a direct peer to peer context. Policies can be embedded into devices and devices they come in contact with. These policies can be directly managed by the device owner and can allow for a slew of improvements in security and usability.
For example, a vehicle with IOTA Access enabled, could connect to a parking entry station with IOTA Access enabled, and that entry station could directly allow the vehicle to enter and park based on the policy language if it has been approved. Or if there is a payment requirement, the wallet integration built into IOTA Access can allow for direct M2M payments between that vehicle and the parking entry station. No human interaction directly required. The station gives access to the vehicle. The vehicle pays for that access in a predetermined fashion, which could be as granular as by the second charge rates. When the vehicle leaves, the payment stops, and the transaction is concluded. This can work for EV charging, tolling, parking, fast food, usage-based road tax, mobility as a service use cases, or even delivery services. A user want’s a package dropped off in the trunk of their car while they are at work instead of at their house, Access could enable it. A user wants to rent out an autonomous vehicle in the future to make money while they work, then Access could enable that. A homeowner wants a smart lock to directly and securely manage access and payment for that access to a home they are renting out as an AirBnB. Access could enable that. All of these direct, frictionless use cases and more rely on access and permissions systems. And most cannot be done securely or reliably with centralized systems.
IOTA Access is a Work-in-Progress, and the project should be seen as a Minimum Viable Product (MVP).
IOTA Access is divided into a few repositories:
For newcomers, documentation is the ideal place to start. It will give you an overview of how the project is structured.
The docs directory contains markdown files for documentation:
Pull Requests are welcome.
This project uses clang-format to format C/C++ code. Before you make any changes please install the format script via running ./git_hooks/pre_commit_install.sh
.
IOTA Access is based on XAIN's FROST project, which is the byproduct of Leif-Nissen Lundbeak's 2019 PhD Thesis at Imperial College London.
Here's a list of resources on XAIN FROST: