The platforms supporting the smart city applications are rarely implemented from scratch by a municipality and/or totally owned by a single company, but are more typically realized by integrating some existing ICT infrastructures thanks to a supporting platform, such as the well known FIWARE platform. Such a multi-tenant deployment model is required to lower the initial investment costs to implement large scale solutions for smart cities, but also imposes some key security obstacles. In fact, smart cities support critical applications demanding to protect the data and functionalities from malicious and unauthorized uses. Equipping the supporting platforms with proper means for access control is demanding, but these means are typically implemented according to a centralized approach, where a single server stores and makes available a set of identity attributes and authorization policies. Having a single root of trust is not suitable in a distributed and cooperating scenario of large scale smart cities due to their multi-tenant deployment. In fact, each of the integrated system has its own set of security policies, and the other systems need to be aware of these policy, in order to allow a seamless use of the same credentials across the overall infrastructure (realizing what is known as the single-sign-on). This imposes the problem of consistent and secure data replicas within a distributed system, which can be properly approached by using the blockchain technology. Therefore, this work proposes a novel solution for distributed management of identity and authorization policies by leveraging on the blockchain technology to hold a global view of the security policies within the system, and integrating it in the FIWARE platform. A detailed assessment is provided to evaluate the goodness of the proposed approach and to compare it with the existing solutions.

支持智能城市应用程序的平台很少由市政当局从零开始实施和/或由一家公司完全拥有，但是更常见的是，借助诸如知名的FIWARE平台之类的支持平台，通过集成一些现有的ICT基础设施来实现。需要这种多租户部署模型来降低初期投资成本，以实施针对智慧城市的大规模解决方案，但同时也带来了一些关键的安全障碍。实际上，智慧城市支持关键应用程序，这些应用程序要求保护数据和功能免受恶意和未经授权的使用。要求为支持平台配备适当的访问控制手段，但是这些手段通常是根据集中式方法来实现的，单个服务器存储并提供一组身份属性和授权策略的位置。单一信任根由于它们的多租户部署而不适用于大型智能城市的分布式和协作方案。实际上，每个集成系统都有其自己的安全策略集，其他系统需要了解这些策略，以便允许在整个基础架构中无缝使用相同的凭据（实现所谓的安全策略）。单点登录）。这带来了分布式系统内一致且安全的数据副本的问题，可以使用区块链技术对其进行适当处理。因此，这项工作提出了一种新的解决方案，用于身份和授权策略的分布式管理，它利用区块链技术在系统内保持安全策略的全局视图，并将其集成到FIWARE平台中。提供了详细的评估，以评估所提出方法的优缺点，并将其与现有解决方案进行比较。