Re: RWW like Implementations of IoT device management (via WoT) from bergi on 2016-09-18 (public-web-of-things@w3.org from September 2016)

From: bergi <bergi@axolotlfarm.org>
Date: Sun, 18 Sep 2016 22:29:58 +0200
To: Timothy Holborn <timothy.holborn@gmail.com>, "public-web-of-things@w3.org" <public-web-of-things@w3.org>
Cc: public-rww <public-rww@w3.org>, W3C Credentials Community Group <public-credentials@w3.org>, "public-webid@w3.org" <public-webid@w3.org>
Message-ID: <d05e05ed-c1ba-0829-dd3c-3ec3b72b855c@axolotlfarm.org>

Hi Tim,

I think most IoT/WoT standards use encrypted networks and authentication
is done by sharing a key to that network or a gateway that does the
access control. Encrypted networks can be WiFi or other (proprietary)
protocols. Many gateways transfer the data to the cloud. Usually that's
not very transparent.

Because bandwidth and memory can be very limited. The gateway is the
best place to implement authentication with decentralized identities.

Dark Horse [1] will use that approach. It's a Node.js gateway/host using
Express. A middleware could handle the authentication. There is already
a module [2], but it should be ported to RDFJS spec and Passport [4].

I'm also trying to shift the protocol and data mapping from the gateway
to the device. There is SmallHydra[5] for the ESP8266 and I'm working on
a solution for RFMxx [6], maybe with LoRaWAN [7] support. OpenThread [8]
would be also an option, but I haven't seen an Arduino implementation.

bergi

[1] https://github.com/bergos/dark-horse-server
[2] https://github.com/bergos/pubkey-login
[3] https://github.com/rdfjs/representation-task-force
[4] http://passportjs.org/
[5] https://github.com/bergos/smallhydra
[6]
https://learn.adafruit.com/adafruit-rfm69hcw-and-rfm96-rfm95-rfm98-lora-packet-padio-breakouts/overview
[7] https://github.com/matthijskooijman/arduino-lmic
[8] https://github.com/openthread/openthread

Am 15.09.2016 um 10:19 schrieb Timothy Holborn:
> I'm wondering what reference material may be available for IoT / WoT
> device firmware / platform configurations, where the user is in-control
> of the device.
> 
> This in-turn reflects what i'd consider a 'service-centric' approach vs.
> a 'human centric' approach.  In the 'human centric' approach, people
> would purchase a device - much like they did in the years prior
> to/advent of - WWW.  Drivers may be updated to support solving security
> flaws or updating to newer standards for communications; but
> essentially, the purchase decision does not require any
> data-relationship with the vendor of the product.
> 
> I envisage this could in-turn be done via a SoLiD[1] or RWW[2] like
> architecture (perhaps inclusive of improvements to existing WebID-TLS[3]
> support) with/without credentials[4] use-case support (most likely via
> #digitalreceipts #web-payments & server-side interactions?) 
> 
> I'm interested in further information, links appreciated.
> 
> Tim.H.
>  
> [1] https://github.com/solid/solid 
> [2] https://www.w3.org/community/rww/ 
> [3] https://en.wikipedia.org/wiki/Subject_Alternative_Name 
> [4] https://www.w3.org/community/credentials 
>

Received on Sunday, 18 September 2016 20:30:12 UTC