See also: IRC log
<scribe> scribenick: dsr
Takuki welcomes us to Fujitsu with a brief account of the history of the site and its current role
Takuki hands the microphone back to Joerg to introduce the meeting
Joerg presents some slides setting out the context for this meeting
What is the motivation for the web of things? The goal is to overcome domain silos and enable cross domai IoT applications
The upper OSI layers are often proprietary due to the lack of standards
We’re investigating what web technologies are applied to the IoT today?
Joerg takes us through the Interest Group charter, see http://www.w3.org/2014/12/wot-ig-charter.html
The IG is looking at use cases and requirements across application domains. Liaisons with external organisations, the Web of Things framework, security and privacy.
Joerg: we are we currently in respect to the charter’s roadmap?
We had our first face to face in Munich in April this year with a focus on understanding use cases.
We want to examine use cases to extract the core aspects or “atomic use cases”
Examples include device registration, something that is common across application domains.
The next step is to identify technology candidates and understand the landscaope and identify gaps.
Coming out of the first face to face we chose to work on scripting API and protocol mappings, thing discovery, thing descriptions, and security and privacy.
Can we conclude on the model of building blocks and agree on the setup for work on the technology landscape?
Dave: we will also be discussing ideas for launching a working group, and I will describe this in more detail on Friday.
Joerg displays a diagram depicting the relationship between Web things, web browsers and servers.
How do we make things accessible from today’s web? Most people would expect to do this via a web browser. However, it is also about how things interact with each other over the Web
Web of Things building blocks are intended to map to existing IoT platforms and protocols.
This includes integratio of things in today’s web, with web applications integratin things.
We also expect to integrate applications via their semantics
Joerg summarises with the list of task forces that having been looking at the building blocks.
We will be hearing summaries of their progress this morning.
Joerg notes that as today we have guests plus regular IG members, that we should go around the room for brief introductions.
Everyone briefly gives their name, affiliation and interests in respect to the Web of Thiings.
Joerg presents the agenda for today.
We will start with reports from the various task forces, then a report on the joint meeting with the IRTF T2T RG. After lunch we look forward to hearing from the invited guests and finally from some practical work experimenting with implemention work.
Johannes Hund presenting.
We have sought to agree on an architecture model, use cases & requirements, the technology landscape, and the abstract resource model.
Johannes presents a diagram introducing the architecture model.
This has three servers (aka “servients”), each of which has scripts, resources, protocol mappings and modules for acting as client or server.
Legacy devices can be supported via adapters.
The client and server roles are exposed by the corresponding client and server scripting APIs
We’re beeng working on a use case document http://w3c.github.io/wot/wot-ucr.html
Johannes next summarises the abstract resource model in terms of events, properties and actions.
He presents a coffee machine as an example.
Properties include the water level, number of cups served, etc. Actions include brewing, cleaning, refunds, and events included coffee poured, service required
This bring us to the technology landscape. We’re looking at protocols, resource models and API patterns.
How can existing protocols be used for the abstract model. What are the common resource models. What are the patterns used on the Web.
Johannes summarises his expectations for the outcome of this face to face.
Can we achieve a consensus on the taxonomy and picture?
What do we expect to achieve by the next face to face in October (TPAC2015)
He presents the agenda points for the break out session for this meeting.
Questions?
[none raised]
Joerg: we had some discussion around the resource model and whether or not to go with a strict mapping to REST.
Johannes: if you have a pure hypermedia framework, you can use a pure REST style interface. For me it is more about agreement on the model, and finding the granularity for the representation.
Michael: that’s an interesting discussion. Hypermedia descriptors allow different models to be included in the framework. To what extent do we rely on media types, or link relations.
This makes it important to take a prototyping approach to evaluate different choices.
Soumya couldn’t make it today, so Johannes will present on his behalf.
We’re been seeking to evaluate different understandings of discovery, to survey the current landscape, and to identify different dimensions of discovery.
We’ve looked at the relationship between thing descriptions and discovery? What are you trying to discover, what is the context for that, e.g. where is it, and what is its role.
How does discovery fit into the overall Web of Things framework? We want to agree on a generic approach to discovery along with a taxonomy.
We made a use case analysis and identified a set of categories for discovery,
find things around me, find things on my network, searching across peers, accessing thing metadata. Details are on the wiki page https://www.w3.org/WoT/IG/wiki/Discovery_Categories_and_Tech_Landscape
Joerg takes us through the wiki document.
Soumya wanted to highlight current plans for the discovery task force.
One task is to draft initial requirements, another is to evaluate technologies in each discovery category,
An example is to look at how search can be made using directories.
Another task is to simplify discovery for application developers.
An example is to make use of the relationships between things.
The approach will be discussed in more detail in the break out session.
Soumya has prepared some high level questions for the break out to address.
Dave: social context makes discovery more tractable
Information about relationships between you and your devices, between you and other people, information about your home, your organization and so forth.
Michael: (comment lost)
Joerg asks the audience for opinion on the importance of discovery
Michael: it is hugely important, and it is also a question of scale
the need to attribute based, web scale discovery.
Vlad: the context matters, e.g. personal discovery of things near you versus global discovery. There isn’t one way to do discovery. What is important is the way that data is represented as to how you find the data.
Joerg: discovery is also related to provisioning and configuring services.
Vlad: discovery can be contextualised by the kinds of IoT devices, how do I find the URL of a particular device.
Can you find the resource tree for a device, once you have its URL
This isn’t quite enough to knowing how to interact with it.
Joerg asks the room if he has had experience with having to use multiple discovery mechanisms due to the environment tanyone service has to be installed in
Michael: Bluetooth and the need for a proxy to map data from Bluetooth protocol into the approach needed for SSDP.
Any further comments/questions?
[no]
We take a short coffee break.
Sebastian presents the session.
First I want to explain the motivation for why we set up this task force.
Picture of a person scratching their head whilst considering an IoT device. What are you? What kind of data do you serve? How can I access that data?
The task force is clarifying and defining what the description language can be used for, what aspects of things need to be described. We are seeking to achieve a broad consensus.
We started in mid-May and have had about 10 teleconferences so far.
We have been surveying the technology landscape, looking at existing work.
More details at https://www.w3.org/WoT/IG/wiki/Thing_Description
Sebastian displays a meta model covering things, properties, data and resources.
He talks us through an example of a LED lamp which allows you to control the brightness and the colour of the light it emits
Properties include the name of a specific lamp and its location. The data includes the brightness and colour.
Sebastian relates this example to the CoAP protocol and the well known location based means for retrieving server metadata. CoAP supports link descriptions and encourages a fine grained description.
Sebastian presents a JSON-LD representation and notes that we will be going into details in tomorrow’s break out session.
He notes the comparative sizes of the models in plain JSON-LD and EXI/RDF.
For the break outs, Sebastian wants to discuss the refinement of the framework, to look at some interesting data types, relevant use cases as a basis for a gap analysis and plans for implementation work.
Question about how you are reaching out to look at work in other organisations, e.g. IPSO, OIC, IIC, AllJoyn etc.
Dave: we’re reaching out to these organisations to see how we can share ideas and use cases.
We will here some detail for the OIC on Friday.
[no more questions]
Oliver is the presenter.
First of all, with rich sensors, personal data needs to be protected from unauthorised monitoring.
The task force wiki page is [to be supplied]
In the last few years, people have either ignored IoT security or they have taken an ad hoc approach.
There is confusion around new security mechanisms. As a result, it makes sense to provide a landscape study.
Our work in progress includes a high level structure for the landscape study, an initial list of design time mechanisms, and an initial elaboration for JOSE (IETF), OAuth for CoAP, DTLS.
We’re also working on a document cataloguing security and privacy requirements.
This includes an initial elaboration for entity authentication, SSO and thing authorisation.
We have some supporting documents we plan to write. These include a summary of the challenges.
Another of these documents looks at advanced concepts, e.g. end to end security.
We are also working on a glossary and references
We have a spreadsheet relating use cases to security requirements.
We’re clustering requirements to keep things manageable.
Legal entities are used to creating security policies up front, but this doesn’t work in the consumer space.
We’re also considering requirements fulfillment through design-time mechanism clustering.
Classical solutions (i.e. invented prior to 2010) are primarily about enterprise solutions.
More recently we have web application solutions appearing, including FIDO, JOSE, OAuth, OIDC, SCIM and UMA, etc.
In the future, we can look forward to solutions aimed at the IoT/WoT.
We’re discussing recipes for the WoT. This will be based upon the classification of the use cases.
The aim is to help you identify categories of solutions, but you will still need to work on how these apply in detail for your specific context.
Oliver poses actions for the audience. First of all to ensure that your use cases are passed to the security and privacy task force. Make sure that your security and privacy mechanisms include your favourites techniques.
If the recipes aren’t practical for you please let us know.
Questions?
How does security requirements for things differ to other web services?
Oliver: services can apply contextual information when it comes to security decisions, e.g. where you log in from.
Joerg encourages people to review the work of the task forces.
We will return to this on Friday when we have looked some more into the details.
Comment from the audience: I am concerned that the current approaches won’t scale up effectively, e.g. when you need to manage millions of keys
Will this IG address scaling challenges?
Oliver: some people still think that classic solutions will be sufficient. This is unrealistic.
Part of the solutiuon will depend on the application domain. Devices may only need to know about a limited numbers of other devices. Right now we are trying to compile questions.
Question: is there an establishment of a framework …, different industries will have different requirements, what can we do across industries?
Oliver: right now I think more about a toolkit/chocolate box rather than a framework.
Comment: data will be very prolific, there has to be a level of a minimum base level requirement.
Oliver: yes, and data will need to remain in connection with the policies relating to it.
Joerg: we will return to security tomorrow.
Johannes is the presenter.
This is a report of a joint meeting between people from the W3C WoT IG and a research group in the IETF.
(The Internet Research Task Force Thing to Thing proposed Research Group)
This took place as part of the IETF ’93 week in Prague in mid-July 2015.
We shared use cases and participated in discussions of a cookbook for applying REST style APIs.
We discussed ideas for using REST for subscriptions.
We looked at hypermedia driven CoAP applications via developing user stories for each
When it comes to subscriptions, how does this work when you want to subscribe to multiple things.
We’re looking to continuing the discussions and to have a further joint meeting in Japan given than the W3C TPAC is in Japan the week before the IETF meeting which also will be in Japan.
Dave: any ideas for how we can extend this discussions across other SDOs, e.g. OASIS (MQTT, AMQP), OMA, OneM2M etc.?
Johannes: that will be easier to address when we have made further progress on the web of things framework.
Joerg: joint discussions is helpful, and can operate top-down and bottom up.
We shouldn’t stay with the scientific research issues, but also look at the practical challenges for implementation and products.
Joerg: working bottom up from a protocol is good to forging links with other communities.
Johannes hands the microphone over to Oliver to report on the track relating to security and privacy.
Oliver: we had a longer breakout on the Saturday. We discussed security and privacy related features in current IoT projects. We spent 2 hours on the Sunday discussing potential next steps with a view to ensuring complementary roles of the IETF and W3C groups.
There is interest in use cases from the home automation and building automation domains.
We hope to identify patterns and white-spots and follow up with further joint discussions.
In our Prague meeting, most of us were involved with capital goods rather than consumer goods. IoT devices are often of low value, but the context of the application is to control something of high value.
A focus on cross domain (cross vendor) domain scenarios.
The ad hoc approach to authorization is not going to work when it comes to cross domain/cross vendor solutions.
The people in the Prague meeting preferred symmetric crypto over public key based crypto. Concerns over certificate management for PKI.
Standards are needed for cross vendor solutions, but will also reduced costs even for single vendor solutions.
Unfortunately most current security and privacy solutions assume a single vendor solution.
Michael: a brief comment on the finding. On constrained devices, public key is practical on 32 bit microcontrollers, but certificates can be a challenge for small packet network technologies.
… we break for lunch …
We start with a presentation from Andrea Trasatti, Samsung
He shows a video introducing the ARTIK family of microcontrollers.
These range in the amount of RAM etc. and the integrated connectivity technologies. An embedded secure element supports the security operations.
Samsung is inviting developers to apply for developer kits.
Andrea will also talk about their cloud based SAMI platform.
The Samsng Strategy & Innovation Center is based in the Silicon Valley.
Andrea: we use open software (e.g. Linux) and an end to end security solution.
ARKTIK comes in three sizes: 1, 5 and 10. These are targetted at wide range of IoT related applications
The devices feed data into the cloud, where the SAMI platform manages privacy and access control.
A form based UI is used to create a device description (aka manifest). There is a JSON based query mechanism.
We support REST and WebSocket ingestion APIs.
For privacy, users own their data and decide who to share what data with. Users can revoke these rights as needed.
Applications can write on behalf of users.
At this point we don’t have a vocabulary, but we can define terms as needed.
For example to add a new unit of measure.
For more info: http://www.artik.io and https://developer.samsungsami.io @AndreaTrasati @SamsungIoT
Andrea: the boards run a particular version of Linux. In principle, you could replace this with say a version of Android if that is what you wanted.
You might need to develop the drivers though.
Andrea is happy to review the W3C WoT IG work on thing descriptions.
Oliver: are you using OAuth and if so with what flow?
Andrea: right now we want to ensure that users grant access rights for each service individually. This could become cumbersome if there were a large number of services to deal with.
Arnaud: JSON-LD with global identifiers has some benefits, but …
Andrea: we want to allow developers to name their properties rather than to have to use someone else’s. The cloud backend can do the conversions.
Arnaud: do you have the means to control what information is sent to say weight watcher, e.g. weight but not location?
Andrea: not right now
Joerg: are you looking into the discovery challenges?
Andrea: we are interested in doing so
We are definitely interested in interoperaibility as an aim
We switch talks — Michael Koster, ARM, Web to the Edge - REST and Hypermedia for Machine APIs
Michael: I want to talk about some of the IoT related standard we are using at ARM.
This includes the following groups: IETF, OMA LWM2M, IPSO
The Internet/Web provides useful design patterns. Innovation mostly in the end points, layered protocols, uniform addressing and stateless interaction.
He presents an architecture diagrm for IP for constrained environments.
followed by a brief introduction to CoAP.
RFC 6690 defines the CoRE link format for triples. This is reasonably compact with a few defined abbreviations.
CoAP servers support discovery via resource directories using the CoRE link format.
IPSO smart objects define data models
OMA LWM2M reference architecture uses REST based APIs over CoAP.
Resources are atomic pieces of information that can be read, written or executed.
Objects and resources have 16 bit identifiers.
IPSO smart objects can be composed to create models of complex things.
IPSO can work with MQTT as well as CoAP, and other IP based protocols.
Basic data types include strings, decimal, boolean, time, dates etc.
IPSO has been working on a wide range of smart objects.
RFC 6690 can be used for associating additional semantic descriptions with smart objects and resources.
Michael is interested in how IPSO can be made part of the Web of Things.
A common web client could be used to control IoT devices via a REST based interface. APIs can be autmated through hypermedia.
Web linking, relations and attributes are a good foundation for this hypermedia.
Models conform to schemas and can be used to generate APIs and bindings to protocols.
This approach allows you to compose models for richer capabilities.
For discovery, catalogs and brokers are useful building blocks.
Follow on work: how to describe events, actions and properties. What functional abstractions will enable vertical specialisation whilst still providing broad capabilities.
Michael: many organizations who claim to be making the one approach for data modelling for everyone else to use.
How can we get to a common approach?
Johannes: what do you see as being in common across all these approaches?
Michael: encapsulation is one example, some kind of annotation mechanism, similar goals. However, each group seems to be creating their own namespaces for what are essentially the same ideas.
Arnaud: who are the main players behind IPSO and LWM2M?
Michael lists some of the stakeholders involved.
Arnaud: I wasn’t quite sure how the Web of Things layer fits in
Michael: the device is the server, this is what makes the web scale.
The service layer bridges the device and the Web.
Constrained devices should support the same architecture although perhaps with less ....
Bryan: in AT&T we have an active M2M group.
Michael hands over to Scott Jenson to talk about Google and the Physical Web
The first slide is “W3C intro to the Physical Web”
Scott notes that he is with the Chrome team. It is not altogether clear that the Physical Web is directly relevant to the WoT IG.
In last October we opened a GitHub project on the Physical Web.
The Physical Web is based upon a Bluetooth beacon standard and a phone scanner standard.
The browser window is controlled by the DOM and is cool, the location field is dull!
We want to improve the user experience by reducing user friction (no typing of URLs)
Bluetooth Smart beacons transmit their URL once a second. This is one way communication with no return path.
The phone shows the URLs from beacons within range and the user picks one of interest and opens the corresponding web page.
Some people say this is just like QRCodes. But that misses the point. We can get URLs from many devices up to 50m away without any effort on behalf of the user.
Another criticism is spam. We don’t want to spam the user. Instead users have to actively ask to see what URLs are in their neighbourhood.
<bryan> at the same time, QR code scanning is an intent-driven activity, i.e. the user is explicitly seeking additional info about a device with a visible QR code.
<bryan> as compared to getting a lot of URLs for devices in the local area, without really knowing which is which
A local proxy server hides the user’s identity from the remote server. This is open source and not a “Google product"
Once you’ve connected to a website, the web app can use websockets etc. to communicate with the device, e.g. to pay for a parking slot.
We expect that mobile devices that connect to the Internet with zero user configuration will be very popular.
We can also use JavaScript Bluetooth APIs to talk to devices directly once we have the web page loaded. (based upon the API from the W3C Bluetooth CG)
Devices can be dumb, but a beacon can provide the link to related services in the cloud, e.g. recipes
<bryan> question: for the turtle example, how does the web app control the device directly via bluetooth once downloaded?
[answer chrome supports the bluetooth API]
Questions?
<bryan> cool. glad to see BT API implementation
Johannes: how does the browser present the choices for the beacons in range?
The local proxy pulls a snippet from the web server for the browser to display.
Bryan: how does the proxy ensure privacy?
Scott: the proxy server’s HTTP request is bare of user identifying info
This is why we open sourced the proxy server to ensure that people can trust it.
Question: do you have to have Chrome for this to work?
<bryan> answer: the user knows there is a proxy service at work in the app and trusts it to protect the user's privacy (it would be interesting to see the policy at the proxy server)
Scott: today, yes, but we expect this to be more broadly adopted.
In future, we expect to support more sophistocated clients, e.g. using ranking to alter the way the beacons are listed.
Oliver: is the proxy server using OAuth?
Can it be shared across users?
<bryan> i would hope that the ranking is purely based upon some relevance or reputation model, and not an economic relationship to the proxy service operator...
Scott: not right now.
Oliver: when people share a device, there could be problems.
Scott: we’re abolutely in agreement with you …
Scott hands over to Jane Yin, Fujitsu for an Introduction to IIC Activities
She starts with asking how many of us have heard about the IIC [quite a lot of hands go up]
The IIC has 186 members currently and is now just over a year and a half old.
The term “Industrial Internet” was coined by GE as the “third wave of the Internet”.
The aim is to combine people, devices and computers via the Internet to achieve transformational business outcomes.
Low cost devices and connectivity are driving the opportunities.
This will create a vast amount of data.
70% of professionals say that interoperability is the biggest challenge, whilst only 14% say that security is the main challenge!
The IIC membership is still dominated by North America
The IIC is not a a standards organization.
Instead, the IIC aims to evaluate existing standards and to influence global SDO’s.
Jane: we are working on testbeds to ensure interoperability
We are collecting use cases from our members as input for our discussions on security and the reference architecture.
Security is an increasing focus for us.
Jane describes the operation of the testbed working group.
Bosch are particularly interested in tracking handheld tools in the work place.
Another testbed focuses on microgrid applications.
China is putting a big emphasis on Industrial Internet
For more info http://www.iiconsortium.org/
Questions?
Joerg asks about the reference architecture and testing
Jane: maybe we need a testbed for the reference architecture?
… we break for coffee
This is scribe.perl Revision: 1.140 of Date: 2014-11-06 18:16:30 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/dimensions/categories/ Succeeded: s/one/once/ Succeeded: s/Vlad/the room/ Succeeded: s/he/anyone/ Succeeded: s/security/IoT security/ Succeeded: s/Grup/Group/ Succeeded: s/stories/user stories/ Succeeded: s/in /on / Succeeded: s/wel /well / Succeeded: s/ it/ in/ Succeeded: s/Internet/Internet to achieve transformational business outcomes/ Succeeded: s/tesbed/testbed/ Found ScribeNick: dsr Inferring Scribes: dsr Present: Jonghong_Jeon Bryan_Sullivan WARNING: Fewer than 3 people found for Present list! Got date from IRC log name: 29 Jul 2015 Guessing minutes URL: http://www.w3.org/2015/07/29-wot-minutes.html People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option.[End of scribe.perl diagnostic output]