That isn't a particularly insightful observation. It does however, have some significant implications. Many existing identity and access management frameworks, products and implementations focus on the P - people. As the IoT landscape develops, the IAM framework needs to be significantly expanded to accommodate life cycle, authentication and authorization services across a multitude of components, especially data.
For example, device registration and authentication is well understood, but what about the security regarding the data integrity, delivery and correlation of that data?
Do the new identity frameworks now need to accommodate use cases like the following:
- Authorization checks at the broker collection level when a device delivers it's data payload
- Tagging of data to allow a full supply chain to exist when data exists in it's final cloud storage
- Ability for clients to register and apply claims to the services that sit on top of the correlated data
- Ability for services to register against the final big data persistence store
- Ability for users to grant access to clients, services and applications to the data they tagged
- Ability for devices to represent a user or service in a transaction
There are clearly a lot more use cases that exist in the new IoT world, that have can't be fulfilled in the current identity landscapes. Will be interesting to see how they develop.