github.com/simpleiot/simpleiot@v0.18.3/docs/ref/security.md

github.com/simpleiot/simpleiot@v0.18.3/docs/ref/security.md (about)

1 # Security
2
3 Users and downstream devices will need access to a Simple IoT instance. Simple
4 IoT currently provides access via HTTP and NATS.
5
6 ## Server
7
8 For cloud/server deployments, we recommend installing a web server like Caddy in
9 front of Simple IoT. See the [Installation page](../user/installation.md) for
10 more information.
11
12 ## Edge
13
14 Simple IoT Edge instances initiate all connections to upstream instances;
15 therefore, no incoming connections are required on edge instances and all
16 incoming ports can be firewalled.
17
18 ## HTTP
19
20 The Web UI uses JWT (JSON web tokens).
21
22 Devices can also communicate via HTTP and use a simple auth token. Eventually
23 may want to switch to JWT or something similar to what NATS uses.
24
25 NOTE, it is important to set an auth token -- otherwise there is no restriction
26 on accessing the device API.
27
28 ## NATS
29
30 Currently devices communicating via NATS use a common auth token. It would be
31 nice to move to something where each device has its own authentication (TODO,
32 explore NATS advanced auth options).
33
34 Long term we plan to leverage the NATS
35 [security model](https://docs.nats.io/nats-concepts/security) for user and
36 device authn/authz.:
37
38 - [NATS authentication](https://docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_intro)
39 - [NATS authorization](https://docs.nats.io/running-a-nats-service/configuration/securing_nats/authorization)