Add new comment

I've been working on a large scale IoT design and reached a couple of key security related conclusions/principles:
- Hardware Things should be simple as they will be subverted: intelligence needs to be in the application layers. Accepting Things requires protocols that are comparable to the on-boarding process of Homeplug.
- Application level security requires an Object Capability (as opposed to ACL) based approach to enable:
-- authority delegation and attenuation, so that Things can be shared
-- security that as part of day-to-day functionality, otherwise the cost of security management either breaks the economics or there's much too much 'ambient authority'

Does my experience/conclusion resonate?