FIWARE: authentication between IoT Agent and Context Broker
I've been tinkering with Fiware and trying to understand how to handle security. This diagram shows an example of using proxies to authenticate requests.
But I don't see any authentication between the IoT Agent and the Context Broker. I would have guessed that the IoT Agent is intended to be a gateway device running on hardware physically located adjacant to the devices. But if that's the case with this setup then there's no authentication when making calls to the Context Broker.
Is the IoT Agent only intended to be hosted in the cloud within the same network as the Context Broker? Or is there some way to insert a proxy between them that handles security?
It is based on the scenario in which these components are configured. Generally the data are being sent to Context Broker from devices via pep-proxy and iotagent.
We implemented a scenario in which the devices sends context information to Context Broker, in this case the authentication of access token and devices will be done by Wilma/Keyrock before information is processed to iotagent and then to Orion(Context Broker).
In the above case, the link between iotagent and Orion(Context Broker) is hidden(private), one does not accesses Orion or iotagent directly from public domain and the whole scenario have only exposed endpoint of Wilma(pep-proxy). So, everytime a device sends data, it can only sends to Wilma, and after authentication by Keyrock it is then processed to iotagent and ultimately to Orion.
The iotagent doesn't generally run adjacently to end devices. they run on cloud nodes along with other FIWARE components, the devices are located remotely.
For more details refer this https://documenter.getpostman.com/view/513743/RWaHxUgP
- How to disable security in Quarkus
- SNC name of ABAP System
- Is MD5 a good way to generate account verification code
- Is there any relationship between Secure Boot and Kernel Lockdown?
- CryptographicException: Access denied - How to give access on User store?
- How to use an API from my mobile app without someone stealing the token
- Symfony security component - Unable to find key \"username\" in the token payload
- Is it a good praxis to secure an webservice endpoint with a simple token string?
- Can using access token alone prevent CSRF attack, since browser prevents accessing cookies of another site?
- Are there CSRF attacks that don't use cookies?
- How does Double Submit Cookie Pattern Prevent against CSRF attacks?
- vulnerable Tomcat 10.1.31 embedded in Artifactory 7.98.13
- Why CSRF token should be in meta tag and in cookie?
- How can I prevent SQL injection in PHP?
- How/why is login page redirect required?
- Do Electron apps enforce CORS restrictions in the renderer process?
- How can i use a reverse shell over global Internet?
- Should I Manually Patch the Pandas DataFrame.query() Vulnerability or Wait for an Official Update?
- C# - Securely storing a password locally
- how to secure keys for API calls from android device to amazon services
- Should I add application.properties to .gitignore if the Git repository is private and both the server and DB are on an internal network?
- Understanding the port numbers of a network connection strings in systemd output of an ubuntu device
- Disable firefox same origin policy
- SecurityError: Blocked a frame with origin from accessing a cross-origin frame
- Securely decoding a Base64 character array in Java
- Is There a Security Risk Using ADB Over TCP/IP for Wireless App Development in Expo?
- Is it a good idea to distribute docker image containing my selfsigned certificate?
- Is it possible to externalize nested components
- How can I make a file trully immutable (non-deletable and read-only)?
- Buzz words in architecture document