Authorization models for IoT environments: A survey

Abstract

Authorization models are pivotal in the Internet of Things (IoT) ecosystem, ensuring secure management of data access and communication. These models function after authentication, determining the specific actions that a device is allowed to perform. This paper aims to provide a comprehensive and comparative analysis of authorization solutions within IoT contexts, based on the requirements identified from the existing literature. We critically assess the functionalities and capabilities of various authorization solutions, particularly those designed for IoT cloud platforms and distributed architectures. Our findings highlight the urgent need for further development of authorization models optimized for the unique demands of IoT environments. Consequently, we address both the persistent challenges and the gaps within this domain. As IoT continues to reshape the technological landscape, the refinement and adaptation of authorization models remain imperative ongoing pursuits.This work was supported by the Spanish Government under the grant TED-2021-130369B-C32, funded by MICIU/AEI/ 10.13039/501100011033 and by the “European Union NextGenerationEU/PRTR” and the grant PID2020-113795RB-C32, fun-ded by MICIU/AEI /10.13039/501100011033. In addition, it was partially supported by project i-SHAPER, which is being carried out within the framework of the Recovery, Transformation, and Resilience Plan funds, funded by the European Union (Next Generation)