RE: Notes on W3C WoT Security Use Cases from daisuke.ajitomi@toshiba.co.jp on 2017-07-20 (public-wot-ig@w3.org from July 2017)

From: <daisuke.ajitomi@toshiba.co.jp>
Date: Thu, 20 Jul 2017 09:39:53 +0000
To: <bfrancis@mozilla.com>
CC: <Soumya-Kanti.Datta@eurecom.fr>, <elena.reshetova@intel.com>, <public-wot-ig@w3.org>, <public-wot-wg@w3.org>
Message-ID: <cafc1a1907af4a4a882f599d79c1bb1d@TGXML376.toshiba.local>
Hi Ben,

> I don't think that giving globally accessible domain names to consumer devices is in itself a privacy problem.

I shouldn’t have used such a controversial word “privacy”. But, globally accessible devices will be under threat from DoS/DDoS attacks, etc.
IMHO, considering home network environment that has no network administrator, it’s more trouble than it’s worth.
Anyway, your solution (WoT Gateway) is very interesting and I think that it is one of the best practices of WoT achieved with existing technologies.

> The danger with these cloud based services is that they risk centralisation and lock-in for users and we've already seen examples of businesses shutting down cloud services and bricking consumer devices as a result. There is certainly a place for these managed services, but the architecture of the Web of Things should not fundamentally depend on a central point of control, it must be decentralised at least to the extent that the web is today.

I think that the centralization issue is a matter of degree. Don’t you provide the gateways with any software update services? I think it is a kind of centralized services.
So I think that it is reasonable for a WoT device manufacturer to provide customers with the remote-access service as well as the software update service.
The important point is that the manufacturer publishes Web APIs protected with standardized ways (OAuth/OIDC) and allows third-parties to develop their own WoT services with the Web APIs.

> Industrial use cases certainly have different characteristics to consumer use cases.

Yes. I think that public domain names shouldn’t be issued to WoT devices in various use cases.

Daisuke Ajitomi

From: Benjamin Francis [mailto:bfrancis@mozilla.com]
Sent: Wednesday, July 19, 2017 9:00 PM
To: ajitomi daisuke(安次富 大介 ○ＲＤＣ□ＮＳＬ) <daisuke.ajitomi@toshiba.co.jp>
Cc: Soumya Kanti Datta <Soumya-Kanti.Datta@eurecom.fr>; Reshetova, Elena <elena.reshetova@intel.com>; public-wot-ig <public-wot-ig@w3.org>; public-wot-wg@w3.org
Subject: Re: Notes on W3C WoT Security Use Cases

Hi Daisuke,

On 16 July 2017 at 06:23, <daisuke.ajitomi@toshiba.co.jp<mailto:daisuke.ajitomi@toshiba.co.jp>> wrote:
Great summary for the issue and solutions. It is very interesting to me.
In my opinion, it is not just an offline issue and it includes a big privacy problem of whether globally accessible domain names can be issued to personal-use devices or not.
In your solution, getting DV certs and using HTTPS to the gateways, the users have to disclose their ip addresses and domain names globally and open ports to the global internet

I don't think that giving globally accessible domain names to consumer devices is in itself a privacy problem. Many devices already have publicly resolvable addresses, open ports or tunnel through firewalls, and most users disclose their IP address every time they visit a website. What is important is getting authentication, authorisation and encryption right so that those devices can not be accessed by unauthorised users and data can not be intercepted.

even though there are alternative solutions (e.g. cloud-hosted web-based remote control service that is well-managed by service admins).

The danger with these cloud based services is that they risk centralisation and lock-in for users and we've already seen examples of businesses shutting down cloud services and bricking consumer devices as a result. There is certainly a place for these managed services, but the architecture of the Web of Things should not fundamentally depend on a central point of control, it must be decentralised at least to the extent that the web is today.

In particular, considering industrial use cases, I don't know the approach can be acceptable or not.

Industrial use cases certainly have different characteristics to consumer use cases.


My colleagues and I have had a similar problem and launched a Community Group named "HTTPS in local network CG" this year.
We have still just started discussions about use cases and requirements.
I'd appreciate it if you check it out.
https://www.w3.org/community/httpslocal/

https://github.com/httpslocal/usecases (draft)
https://httpslocal.github.io/cg-charter/ (draft)

In addition, in the last TPAC, we held a breakout session for this topic.
https://www.w3.org/wiki/TPAC2016/session-https-local-summary


The following slide includes my early-stage idea as one of the potential solutions.
https://www.w3.org/wiki/images/3/37/2016.w3c.breakout_session.dot-local-server-cert.p.pdf


This is all very interesting, thank you!

Ben
Received on Thursday, 20 July 2017 09:40:30 UTC