Internet of Things (IoT) foresees the interaction and communication between different physical entities, which are constrained devices in this physical world. The entities also communicate with the Internet to provide solution for different complex problems. It goes for empowering future advances and dreams like, smart apartment, building automation, intelligent city construction, and e-health service. Secure data transmission is of prime importance in these scenarios. Standard IP-based security arrangements don’t address this issue as they are not composed in view of the restrictions of obliged gadgets. Consequently, more lightweight security components are required. The entities in the domain of IoT come from different vendors. Authentication and Authorization of these entities in a network demands the exchange of identity, certificates and protocol suites. High computation power and memory is required for this transmission. We propose a framework in which the authentication, authorization and key distribution is delegated. It also integrates capability-based fine-grained access control of services. Our evaluation implements different cryptographic algorithms to manage authentication and authorization of the entities in the domain of IoT using this framework. The simulation measures the time unit taken for managing these security aspects. The framework is also tested in a hardware-based testbed and justifies that this framework might be used in most of the IoT domain
