Table 1.
Comparison of Access Control Approach and Considered Requirements.
| AC Approach | LI | FL | CA | SC | IN | Remakes | |
|---|---|---|---|---|---|---|---|
| Sciancalepore et al. [5] | ABAC | - | ✔ | ✔ | ✔ | ✔ | Consideration of the federation between heterogeneous IoT platforms |
| Sciancalepore et al. [15] | OAuth 2.0 | ✔ | ✔ | - | ✔ | ✔ | Consideration of multiple token standards (i.e., Bearer, JWT, and PoP) |
| Fernandez et al. [18] | OAuth 2.0 and Role-based | ✔ | ✔ | - | ✔ | ✔ | Access control service is completely delegated to the server |
| Pal el al. [22] | Attribute-, Capability-, and Role-based | ✔ | ✔ | ✔ | ✔ | - | Access decision based on three features (i.e., attribute, capability, role) |
| Neto et al. [25] | ABAC | ✔ | ✔ | ✔ | ✔ | ✔ | Authentication and access control considering the entire life-cycle of IoT device |
| Ouechtati et al. [26] | ABAC | - | ✔ | ✔ | ✔ | - | Consideration of the subject behavior and the trust value |
| Proposed framework | Extended OAuth 2.0 and Role-based | ✔ | ✔ | ✔ | ✔ | ✔ | All requirements and interoperability between heterogenous IoT platforms are fully considered in the proposed access control framework |
* AC: Access Control, LI: Lightweight, FL: Flexibility, CA: Context-awareness, SC: Scalability, IN: Interoperability.