The LinkSmart® Border Gateway provides a single point of entry into an "Internet of Things" (IoT-AS) autonomous system consisting of connected devices, their supporting services and the messaging infrastructure. These are the main functionalities:
TLS offloading at the edge of the protected autonomous system (HTTPS, TLS-encrypted MQTT and TLS-encrypted WebSocket).
Authentication and authorization for HTTP, MQTT and WebSocket requests. Users and their permissions can be defined using an Identity Provider conforming to the OpenID Connect protocol.
Access control for HTTP requests can be defined for the type of protocol (HTTP or HTTPS), requested resources (or paths) and allowed HTTP methods.
Access control for MQTT requests can be defined for topics, wildcards, and MQTT commands (publish, subscribe etc.).
Access control for WebSocket connections can be defined for hostnames and ports.
HTTP request forwarding to internal services according to location definitions (e.g. a request to https://iot.linksmart.eu/<location> can be forwarded to localhost or any other host protected by the Border Gateway on the correct port).
Address translation for HTTP requests, i.e. internal IoT-AS addresses in HTTP responses can be translated to external addresses that the requester is able to connect to.
The Border Gateway can be easily deployed in a Docker container. The basic configuration requires a TLS certificate for the host and an available OpenID Connect provider.