New WSO2 White Paper Examines the Benefits, Risks and Challenges of Managing Identity Across the Internet of Things

Paper discusses the key fundamentals and benefits of adopting an identity broker to securely and effectively manage the identities of IoT devices

Mountain View, CA – June 16, 2016 – With the rapid rise of the Internet of Things (IoT), the concept of identity management has extended to the Identity of Things (IDoT). Through IDoT, organizations can assign unique identifiers with associated metadata to devices, enabling them to connect and communicate effectively with other entities over the Internet. To help IT professionals secure their IoT implementations, WSO2 has published a new white paper that examines the benefits, risks and challenges of implementing an IDoT solution based on the concept of “connected identity”.

Benefits, Risks and Challenges of Connected Identity

The white paper, “Connected Identity: Benefits, Risks, and Challenges,” was written by WSO2 Director of Security Prabath Siriwardena. He begins by discussing the evolution of identity for the Internet of Things. He then explains the importance of breaking down the identity silos that exist in many of today’s connected businesses and how this can be achieved by adopting an identity bus or identity broker pattern.

Next, Prabath reviews the key benefits of an identity bus/identity broker pattern, most notably how this provides a frictionless approach to introducing new service and identity providers and removing existing ones. Other advantages covered are:

  • Easy enforcement of new authentication protocols
  • Ability to perform claim transformations, role mapping, and just-in-time provisioning
  • Centralized monitoring, auditing and access control
  • Easy introduction of a new federation protocol

Prabath also explores the key fundamentals that an identity broker should follow. He discusses the need to be federation protocol, transport protocol, and authentication protocol agnostic. Additionally, he looks at the requirements for providing the ability to perform claim transformations, home realm discovery, and multi-option and multi-step authentication, among others.

Prabath concludes by explaining how the combination of WSO2 Identity Server’s comprehensive security model based on OAuth 2.0 with WSO2 API Manager can be used to build an end-to-end API security ecosystem for the enterprise.

The white paper can be downloaded at

About the Author

Prabath Siriwardena, WSO2 director of security has more than 11 years of industry experience, which currently involves providing security architecture solutions to many of WSO2’s key customers. He has spoken at several global user conferences including ApacheCon, OSCON, QCon, WSO2Con, and the European Identity Conference, among others. He has also authored four books related to Apache Maven, enterprise integration, and API security.

Prabath is an Apache Axis2 Project Management Committee (PMC) member as well as a member of OASIS Identity Metasystem Interoperability (IMI) Technical Committee (TC), OASIS eXtensible Access Control Markup Language (XACML) TC, OASIS Security Services (SAML) TC, OASIS Identity in the Cloud TC and OASIS Cloud Authorization (CloudAuthZ) TC.

About WSO2

WSO2 empowers enterprises to build connected businesses and accelerate their pace of innovation with the industry’s only lean, fully integrated, and 100% open source enterprise middleware platform. Using WSO2’s platform, enterprises have all the functionality to build, integrate, manage, secure and analyze their APIs, applications, Web services, and microservices—on-premises, in the cloud, on mobile devices, and across the Internet of Things. Leading enterprise customers worldwide rely on WSO2’s platform and its robust performance and governance for their mission-critical applications. Today, these businesses represent nearly every sector: health, financial, retail, logistics, manufacturing, travel, technology, telecom and more. Visit to learn more, or check out the WSO2 community on the WSO2 Blog, Twitter, LinkedIn and Facebook.

Trademarks and registered trademarks are the properties of their respective owners.