Privacy enabled web service access control using SAML and XACML for home automation gateways

A recent trend in home automation are gateways that offer a Web service based Application Programming Interface (API) to access an underlying home automation system. Due to the ease of use and the interoperability of Web services numerous use cases can be found for third party applications using such APIs. Smart homes allow to control nearly every aspect of living within a building, which also imposes great security and privacy concerns. Therefore this paper contributes a generic access control concept for Web service based APIs using the Security Assertion Markup Language and the Extensible Access Control Markup Language. This concept allows a user to securely authorize the access of third party applications to the home automation system in order to protect privacy and to ensure security. The access control concept is generic since no API change is required leaving the service provider and service consumer untouched.