The Internet of Things is taking hold in our everyday life. Regrettably, the security of IoT devices is often being overlooked. Among the vast array of security issues plaguing the emerging IoT, we decide to focus on access control, as privacy, trust, and other security properties cannot be achieved without controlled access. This article classifies IoT access control solutions from the literature according to their architecture (e.g., centralized, hierarchical, federated, distributed) and examines the suitability of each one for access control purposes. Our analysis concludes that important properties such as auditability and revocation are missing from many proposals while hierarchical and federated architectures are neglected by the community. Finally, we provide an architecture-based taxonomy and future research directions: a focus on hybrid architectures, usability, flexibility, privacy, and revocation schemes in serverless authorization.

中文翻译：

---

集中式、分布式和介于两者之间的一切

物联网正在我们的日常生活中占据一席之地。遗憾的是，物联网设备的安全性经常被忽视。在困扰新兴物联网的众多安全问题中，我们决定专注于访问控制，因为如果没有受控访问，就无法实现隐私、信任和其他安全属性。本文根据其架构（例如，集中式、分层式、联合式、分布式）对文献中的物联网访问控制解决方案进行分类，并检查每种解决方案是否适用于访问控制目的。我们的分析得出的结论是，许多提案中缺少可审计性和撤销等重要属性，而社区则忽略了分层和联合架构。最后，我们提供了一个基于架构的分类和未来的研究方向：