I am thinking about using the my.openhab functionality, but I am not really sure about the security implications.
Is there some kind of architecture description or specification which addresses security matters (e.g. encryption or authentication) and which describes the data transferred to the my.openhab server?
Thanks for your help in advanced!
The only written docs I know of are here:
Based on personal experience I can say the following:
my.openhab will proxy your sitemap over HTTPS so the communication to your sitemap through my.openhab is TLS encrypted
authentication between my.openhab and third party services (e.g. IFTTT) is through OAuth2
the only data about your Items that gets sent to my.openhab for sharing with third party services are those Items configured in myopenhab.persist. In short you can share none, one, selected individual Items, groups of Items, or all of your Items as you decide, and you can change your mind later
communication between the my.openhab binding and your openHAB webserver is through a localhost connection and is not encrypted and does not support authentication (hence the need to use security=EXTERNAL), but it is localhost so no traffic is leaving your server.
I’m not entirely certain but suspect communication between the my.openhab binding and the my.openhab cloud servers is both authenticated (using a generated secret key) and encrypted (TLS I suspect). This might also be OAuth2.
*I have no insight into the security measures in place on the cloud servers (encryption of data at rest, password salting policies, etc).
Perhaps @teichsta can comment more if I’m wrong or elaborate on anything I missed.
since you are much deeper in the code @belovictor @digitaldan @MARZIMA i’d like to leave the answer to you
Thanks a lot for sharing your experience, that gave me some interesting insight! Based on your description, I will test the my.openhab service!
Nonetheless I would be happy to get additional information from one of the developers.
what are you concerns? Is it more about data privacy or technical security?
If you access my.openHAB it is secured by HTTPS (SSL/TLS), the security towards web applications is ensured by
oAuth2 (more info here: http://tools.ietf.org/html/rfc6749) authorization framework with tokens as a authentication credential.
Please also read about the UUID and Secret of the myopenhab binding, which will be generated and needed to connect your openHAB device to the cloud: https://my.openhab.org/docs
At the moment we are working on a more technical documentation of my.openhab cloud.
I will let you know as soon it will be finished.
@rlkoshak already a good wrapup! Thanks.
Hope this helps you in the first step. Enjoy your OH!