A survey on Identity and Access Management for future IoT services

The explosive advancement of Artificial Intelligence (AI) and Edge Computing (EC) is accelerating the development of the future Internet of Things (IoT), which spans various application domains and has become an integral part of modern life. However, certain limitations of IoT introduce security and privacy challenges for users and enterprises, hindering its broader adoption. Identity and Access Management (IAM), capable of handling the massive scale of digital identities and permissions while ensuring that only authenticated entities can access authorized resources and interact securely, has been widely adopted as an entry point for securing IoT services. However, traditional IAM systems, primarily designed for cloud-based web services, face several challenges, such as scalability and privacy, when integrated into edge-native IoT architectures. This paper provides a systematic review of IAM solutions in IoT environments. It identifies four key requirements for future IoT services, analyzes IAM architecture and the state of the art of its six primary functionalities, namely storage, identity management, authentication, authorization, audit, and federation, and studies ten more comprehensive IAM solutions. A detailed evaluation of aspects such as functionality completeness, security, privacy, and scalability is carried out. Finally, based on the evaluation results, the missing points in the existing literature, as well as upcoming challenges and development trends, are pointed out. The study aims to inspire further research and development efforts towards building a comprehensive IAM solution for edge-enabled IoT systems.