In this document I will try to list the major cloud providers for the IoT.
The devices can communicate with the cloud via :
- HTTP
- MQTT
Confidentiality is provided by TLS and must be used at every point.
Various TLS ciphers are suported
Authentication is provided by sigV4 Amazon's certificates.
Authorization is managed via policies for users, groups, and roles.
Those policies are linked to identies. Identities can be created via the Identity & Access Management
Policies can also be linked to an Amazon Cognito identy or any OpenID Connect provider (facebook, Google...)
No device management is offered.
Devices have the responsability to keep their credentials, no provisionning mechanism is offered (X509 private keys should be burned in the client - TLSv1.2 & SHA-256 RSA certificate signature validation MUST be supported-).
The devices have to be declared in the AWS registry database (devices public keys). A CLI-tool is provided to manage identities and roles for each device (create, activate, desactivate, revoke).
Red Hat IoT solution Documentation
The device exchange data with the cloud via :
- MQTT
- HTTP
- LWM2M (COAP)
- AMQP
Device management : Rhiot offers a LWM2M implementation to manage de device. Device details can be accessed this way. see here Boostraping solution : server initiated, must be on the same network.
Authentication (optional). HTTP requests are intercepted to add a token support. Not built-in.
Confidentiality (optional). TLS can be activated.
Authorization not implemented. However LWM2M offers an access control object, so that should work easily.
Main Documentation
Technical Documentation
SDKs
The device exchange data with the cloud via :
- AMQP
- HTTP
- MQTT (via Azure protocol gateway)
Note : Your application can access devices via the Azure hub only with AMQP.
Device management :
The device must be provisioned in the IoT hub. The service issue the necessary tokens and URIs. Thoses must be provided into the device.
The service offers a REST API to create, retrieve, update, and delete devices.
Authentication
- SASL PLAIN & Claim based security when using AMQP
- Token in the Authentication HTTP header
Confidentiality : TLS must always be use.
Authorization Per device policy. Read/Write/Connect.
runabove.com
Available protocols :
- HTTP
- Telnet
Authentication
Token (got into your runabove account, when provisioning a device) or TLS certificate
Confidentiality devices may use TLS encryption
Authorization
differents tokens are used to write or read.
Main documentation IBM bluemix is based on the open source project cloud foundry
Available protocol :
- MQTT
Device Management : IBM offers a custom device management built on MQTT :
- Location
- Device Attributes
- Diagnostics
- Observation
- Reboot / Reset / upgrade firmware
Confidentiality devices may use TLS encryption
Authentication
Device must provide its ID + Token (got into your cloud account, when provisioning a device).
Note : the token is not stored in the cloud. You must store it (in case IBM cloud gets hacked?).
Authorization : devices can publish and subscribe to a restricted topic space.
Available protocols :
- COAP (over UDP&TCP)
Authentication ?
Confidentiality devices may use TLS or DTLS
Authorization ?
Supported protocols :
- MQTT
- LWM2M
- HTTP
Authentication
The device is authenticated via login & password. Those must be provided into the cloud managment interface when the device is declared.
More details : Publishing via MQTT
Sell physical Gateways that can be managed via AirLink service.
Proxy to google apps engine