Considering some IoT devics may not be powerful enough to handle TLS (e.g. Arduino based), what is the intended security (authentication) method?
Having plain connection (MQTT or HTTP) a static password is out of question. So I am considering to have an HMAC based digest for the password. What is the MQTT authentication user registry?
I see an article http://wso2.com/library/articles/2016/06/article-the-basics-of-mqtt-and-how-wso2-products-support-mqtt-protocol/ where a custom broked authenticator can be defined. Would a custom IAuthenticator implementation (e.g. HMAC based password) be enough?
I know it may not be foolproof until each message is not authenticated
MQTT broker in IoTS has an extension for authentication and authorization. By default, we have enabled OAuth as the authentication mechanism. Please refer [1] & [2] to understand how custom auth mechanism can be used.