BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
The Identity of Things (IDoT) is an area of endeavor that involves assigning unique identifiers (UID) with associated metadata to devices and objects (things), enabling them to connect and communicate effectively with other entities over the Internet.
The metadata associated with the UID collectively defines the identity of an endpoint. Identity of things is an essential component of the Internet of Things (IoT), in which almost anything imaginable can be addressed and networked for exchange of data online. In this context, a thing can be any entity -- including both physical and logical objects -- that has a unique identifier and the ability to transfer data over a network.
Addressability makes it possible for things to be targeted and found. To be addressable for the Internet of Things, an entity must be globally uniquely identifiable, which means that it must be associated with something -- typically an alphanumeric string -- that is not associated with anything else.
To make communication among things effective and secure, however, it's crucial to make more information about their identities available to other things. Following are some of the essential considerations for identities of IoT things:
Lifecycle: Some IoT entities can have quite extensive life spans. An individual's electronic medical record (EMR), for example, is a logical object that maintains its identity through the person's life. On the other hand some other entities have very brief lifecycles. A parcel, for example, only exists as an entity from the time it is shipped until the time it is received.
Relationships: It's important to know how an IoT entity is related to other entities, including not only other things but also external entities such as owners, administrators and other responsible parties.
Context-awareness: Identity and access management (IAM) for IoT entities must have the capacity to be context-dependent. It may be appropriate, for example, for an entity to access another entity or system under certain circumstances and inappropriate -- or even dangerous -- for it to be granted access otherwise.
Authentication: Multifactor authentication is effective to validate humans but less so for IoT things because many methods -- biometric verification, for example -- are not relevant. It's necessary to find other means of securely authenticating IoT identities.
See a presentation from IEEE on considerations for securing identities for entities in the Internet of Things: