Abstract
The strong development of the Internet of Things (IoT) is changing our current perception of the Internet towards an integrated vision of smart objects as part of our personal space. This convergence between the physical world and the cyber one is also presenting security challenges, since the unexpected leaks of information, and illegitimate access to data and physical systems could present a high impact in our lives, therefore access control has been an important factor in the development of IoT. This work proposes an authorization access model called SmartOrBAC built around a set of security and performance requirements. This model enhances the existing OrBAC (Organization-based Access Control) model and adapts it to IoT environments. SmartOrBAC separates the problem into different functional layers and then distributes processing costs between constrained devices and less constrained ones and at the same time addresses the collaborative aspect with a specific solution. We also demonstrate that even though our model is extensive, it does not add additional complexity regarding traditional access control model.