Created question in FIWARE Q/A platform on 08-04-2021 at 07:04
Please, ANSWER this question AT https://stackoverflow.com/questions/66999301/secure-communication-between-fiware-orion-and-context-provider-iot-agent
Question:
Secure communication between FIWARE orion and context-provider/IoT agent
Description:
I have to think about an architecture using FIWARE orion context-broker and several IoT agents/context-provider. In the documentation is a section describing how to securue the communication from an IoT agent/context-provider to orion. But how to secure the other sider?
What I understand, so far, is that a context-provider has to expose a REST endpoint (/op/query) on which it accepts incomming traffic. But how do it can make sure, that these request are valid?
In case of a subscription you can use httpCustom instead of http in the provider section, when you create a subscription. With this it is possible to use a static token which will be used by orion, when making request to the given url. This isn't possible for registration. Any suggestions how a context-provider/IoT agent can decide if an incoming request is a valid one?
Monitor
Major