Use case "IoT platform"
Use case IoT platform draft (Ingo Friese)
I’d like to add another use-case. It’s about a service or platform offering end-users to connect all their little sensor for temperature or humidity. With the help of the platform they can connect it with other people or app-provider could build up applications and logic on top of it.
Simple example: If you are a farmer just buy one or more sensors (temperature, wind , rain)and connect to the weather platform and you will get access to weather data of all other farmers all over the country. So it’s a kind of crowd weather forcast.
IoT Platform use case
A company „IDoT Systems“ wants to set up a platform. “South-bound” users can connect all kind of sensors or actuators. “Northbound” users have their apps and solutions to control their sensors and actuators. The platform does access management, policies, persistence, protocol adaptions (if necessary) etc. in fact all classic middleware functions. (see picture below)
Possible scenarios are:
User buys a sensor/actuator and connects it to the “IDoT Systems” platform. With his app he can read and set current data. More advanced applications can combine data from different sensors and control complex processes e.g. in home automation or SME etc.
A user can also open access to his sensors for other users at the platform or for the internet in general.
Platform pre-conditions/pre-assumptions
1.) Today, devices and sensors speak a lot of different protocols, but most of them are not HTTP. We’ll have many different solution, address schemes and protocols in parallel for a while.
2.) Although we should aim at HTTP RESTful architecture because its flexible, loosely coupled, scalable and lightweight.
3.) Furthermore we can utilize common Web technologies for IdM/Authentication/Autorization.
4.) Elements running with other protocols might be integrated via protocol gateways.
With a look at this kind platform I see few issues to discuss or for further study:
1) Is it enough for a sensor to implement an OAuth interface?
2) UMA could be the right framework to assign and revoke rights for sensors/actuators?
Every user could have an own authorization manager.
With UMA we had also a standardized way to introduce new sensors to the platform.
3) The platform could manage XACML policies ending up in scopes for the actual OAuth request