The emergence of Internet of Things (IoT) and smart-home systems allows us to combine devices from different domains and to explore new usages and services. Unfortunately interoperability between devices from different technologies is a major issue to overcome before being able to offer smart services. For this purpose we have proposed the xAAL system. It is both a federating home-automation protocol and an open infrastructure designed to address issues caused by the heterogeneity of existing home-automation solutions. xAAL has been implemented, deployed and has proved its efficiency. However, early versions have been designed with functional concerns in mind. The time has come to address security. xAAL has its own specificities: a distributed system, multicast communications on a bus, etc. This paper details choices, compromises and motivations for selecting security elements that have been introduced in the new version of xAAL.