OAuth-Based Authorization and Delegation in Smart Home for the Elderly Using Decentralized Identifiers and Verifiable Credentials

Abstract

Due to Internet of Things (IoT), computing and communication is transforming from one-to-one to many-to-many, where multiple devices and users are interacting with each other. IoT is mainly service-oriented smart communication network and smart home is an important and developing use case of the IoT. Smart home consists of collection of smart things. Theses smart things consist of smart home system in which light control system for home, healthcare system, remote assistance, etc. are provided. All these systems communicate with each other in order to provide services. The main objective of this use case is to deliver multiple services seamlessly to all the elderly people living in the smart home. To take benefit of these services the end user may try to access services and IoT devices. However, only authorized users should be allowed to access and use services autonomously as elderly people cannot participate in the process. Hence, it is important to verify the access rights of end users and there is requirement of secure authentication and authorization mechanism for specifying/controlling access to the resources. In this paper, we present authorization and delegation challenges in the smart home for the elderly where there are many constrained devices and the people who are bedridden or guarded. This paper discusses the visitor use case for the smart home scenario and the need of delegating access to resources. This paper proposes an OAuth-based delegation using decentralized identifiers (DIDs) and verifiable credentials (VCs). This paper also discusses the benefits of applying DIDs and VCs for delegation in constrained environment.