The advantages of extending the web beyond traditional end-points into everyday life can only be attained so long as hackers aren’t able to turn that expanded reach against the users whom it’s supposed to benefit, which is what the AllSeen alliance hopes to ensure with the latest changes to its connectivity framework. Reaching the necessary balance between security and usability should now prove much easier than before.

Manufacturers relying on the built-in authentication capabilities of AllJoyn were already able to regulate which services can interact with their hardware prior to the update but not the extent of the access permitted after authorization has been granted. As a result, a smart thermostat would need to fully clear a home control application even if only a handful of its functions have to be supported.

That creates a lot of additional surface area for attackers to try and exploit that grows bigger with every new link in the interconnected chain, like the other connected household appliances that a consumer hooks up to the controller app, the outdoor sensors with which those appliances interact and so on ad infinitum. The new update does away with that feedback loop of insecurity in one fell swoop.

It’s introducing granular access controls that will enable manufacturers to limit a third party to using only the specific features of their devices needed for its particular purpose. That means a smart home energy management system could set different permissions for its remote and the telemetry service that the power company uses to track consumption in order to remove the possibility of a hacker compromising one through the other.

That’s a much simpler alternative to manually implementing access controls, which not takes a great deal of time and effort but can also undermine the framework’s mission of enabling seamless interaction among connected devices. After all, one manufacturer’s security mechanism is not necessarily supported by another’s, especially not in a market with hundreds of often competing players.

That makes the new access controls a step forward not only for the security of AllJoyn but also its viability as a whole. The easier the framework can make it to effectively protect connected devices from threats, the bigger its appeal will grow, which is the key to achieving the mass adoption needed to facilitate the universal interoperability that the AllSeen Alliance has set out to deliver.

Microsoft Corp. and the other members of the consortium that helped develop the access controls have a great deal to gain individually as well from their standard beating out the numerous others aiming for the same goal. Each new feature and update brings them that much closer to winning the race.

Image via jeferrb