Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Internet Engineering Task Force / Interim Meetings / 26 Oct 2021
Internet Engineering Task Force / Interim Meetings / 26 Oct 2021
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: IETF-T2TRG-20211026-1500

Description

T2TRG meeting session at IETF
2021/10/26 1500

https://datatracker.ietf.org/meeting//proceedings/

A

Okay, so we're about to get started here. If anyone wants to do a last minute av check now you have a minute and then we're gonna get started here.

A

Okay, so welcome everyone. This is the thing to sing research group, um what we call a pre-ietf summary meeting, so at english in research group, we organized these summary meetings to reach out to the broader iot community around on the opposite. We do, but then the actual work happens in more usually more focused meetings, uh workshops and and such, but these events are good to get an overview on the activities that has been happening between between the summary.

B

Meetings.

A

My name is arik geranin and my co-chair at thinking. Research group is karsten bourman.

A

As you saw um since we are in an irtf meeting, the notebook applies. The short version is that if technology works as expected, you are being recorded. You should also be nice to each other, and there are ipr guidelines that do apply here for more details. You can have a closer look at these slides. Essentially, if you are aware of related ipr, you should be disclosing it and when it comes to privacy and code of contact, everything you do here is essentially public and recordings will be made public.

A

There's a policy on how personal information is handled and also you agree to be respectful. Do it with each other and there's a bunch of links for more details on all of these and finally, a quick reminder about the goals of the irtf. So this is a research group. So, even though we do close collaboration with the ietf, where standards are done in this group, we do mostly research and we do discussions.

A

I really promote development of collaboration and teamwork, exploring the issues that are related to the technologies that are often then standardized on the ietf.

A

Side, a quick administrative um for notes. We do have the idf and note taking tool. uh It's there's a link in the in the meeting materials and also here on the slides. um The chairs will be taking notes in the tool, but we also welcome everyone here in the meeting to join, join and take take the notes together.

A

um Same thing goes with jabber. um We will be looking at the chat and relaying. If you have comments you want to be related to the meeting, but also everyone else feel free to chime in and if you haven't already uh subscribe to our mailing list. Thinking arts at irtf or please do that at the following link. So you will be updated on all the activities and we commonly have a github repositories about all the meetings that we organized and for this particular meeting you will find all the information and materials on the last link.

A

Then going for the agenda for today we are now in the chairs, update slot uh quick update about the research group status and upcoming meetings and activities. After that we have two longer slots for a research talks. We have first from chen gundagan about data, centric, co-op transport and then from steve hanna about a matter.

A

This new iot, smart home organization and their security and privacy for security and privacy expert discussion uh follow that we will be giving a brief update uh from the wishy activity, and then we have two updates uh from um sdos that we work closely together on w3c web of things and from one dm and iot schema.

A

Finally, uh if we don't go way over, then we do have a bit of flex time to be flexible on timing, we use for those previous topics and then perhaps in the end, a few minutes of wrap up before we end the meeting any questions or comments on the agenda.

A

Okay, so after this meeting and our plan is that we would be continuing our regular wishy calls, um we have had them sometimes um roughly every month, sometimes a bit less frequent. uh We had one just yesterday and we are now planning for the next one, perhaps before thanksgiving so towards the end end of november.

A

This time we are not planning to have a tinkering research summary meeting at the ietf virtual meeting. However, there is a good chance, we'll have some wishy related activities at the hackathon on the on the week before ietf, so stay tuned about that we also often have online meetings with other organizations, for example, ocf ole, miss backworks, w3c web of things, and there is a one small meeting already planned for for this thursday, together with the web of things, crew.

A

Also, we've been long uh discussing that we should do more co-location with academic conferences, and this time we actually do have. We have the dye snack workshop on december 7th and you can find more information on the link on the slide, but overall we'll be very keen on doing more of this co-locating with academic conferences.

A

So if you are organizing such or you know a and an or a conference, which would be a good good fit for team, think archie co-location, please let us know and we're very happy to talk with you and then also, hopefully, next year, we'll be able to go also back to more actual face-to-face meetings. So whenever the current situation allows, we hope to have also physical meetings upcoming in 2022.

A

That, of course, still remains to be seen when we actually get to that.

A

Briefly about the research group document status, the restful design for iot document was updated. Recently we did approve the terminology in particular, and also added more details on the affordances that were not discussed in much detail on that version. Yet the authors do believe there could be still many things added there, but on the other hand, we have to draw the limit somewhere how much things we act there, and when do we actually publish this.

A

So we believe this probably time to go towards publication of this document, and the next steps here are for the have a a chairs review um and then go towards uh last call. But if you haven't look at the document recently, please go ahead. Have a look, send your comments to the do the authors and do the list and let's, let's get that document published uh likewise for the it's an iot and there's some more details coming that on the on the following slide, but also for that.

A

The expected time frame is that we would be getting a publication requested also during this year, and then we have that document. Second bootstrapping for iot also having more details on the following slides there. We expect that the public s request perhaps would be happening sometime next year.

A

Also, we have had in the wish a discussion about this iot information model, standard description, um that is in the plans of turning into tingling research group document and in addition, in the in the wishy work, uh we have had a large set of discussions uh and some documents in the wishy wiki. We do have a plan on turning some of those wishy notes into research group documents, also, if you're interested in particularly any of this work, just approach the shares and we'll be more than happy to connect you with the right people.

A

Then briefly about the two drafts, so we asked the authors to give us a few bullets on the current status, and this is the one for the iot challenges and functions. So a new revision was published in august, then that revision now reflects the feedback from the 1m2m community members, in particular new use cases in section 2.4, and also more details on section 4 about this one mtm service layer and related to the text to relate to relevant functions.

A

Also, there was a good review last week from roberto moravito that the authors are now planning to address and and post a new version, but that seems to be the only uh open comments at the moment. So um from chairs point of view. uh After those comments are addressed, uh we think we would be ready to move uh towards last call with this document and get it published.

A

So, of course, now would be a good time to hear if anyone has any um any comments on this or do you do you believe that we are ready to go forward with this document.

C

I do want to say I did not get around to samia review, um but I didn't read it twice. I just didn't manage to get the detailed notes up. uh I have not left read latest version number three, but I was uh most. My comments were small matters in the previous version, so I think I'm okay, with version three being published.

A

Okay, great, thank you, michael and um and of course, if you have a uh if there's some still comments, you haven't had a chance to share, go ahead and share with the authors they can still um address. That would be great.

C

I think in general the problem was: I had no clear way to how to like uh send an annotated file, which I guess I should have scanned it and sent it in. But uh if there was a mechanism like, let me annotate a file of comments.

C

No word document could be annotated or something that would have been helpful, but anyways.

D

Well, the the itf way is uh doing poly requests. um I'm sure this is available here as well, but uh whatever is most appropriate for you. Please please use well.

C

Yeah I'm just making excuses. I I just kept getting distracted and never did finish the job. So sorry about that.

A

Okay, thank you michael and yeah. Give it a try and do reach out to us if you think you need some help with that, but um yes would be great to be able to move forward with this.

A

Okay, then, on the the other draft uh that used to be known as secure, bootstrapping and nowadays known as terminology and processes for initial security setup for iot devices of other devices, there was a major revision submitted um just some short time ago. There's a new title uh in particular bootstrapping was renamed into ini security setup.

A

There is a description on how you do the initial security setup in bluetooth mesh and also at least some terminology by each standard protocol that was identified and unlisted and also in the next version. The idea is to be identify, initial assumptions and knowledge on the device. After a setup, the authors are now looking for feedback um in particular. If your favorite protocol or standard is missing, please um do reach out to the authors.

A

You can send comments to the mailing list or direct the authors, and we would be hoping to be able to move also this forward and hopefully get it published sometime early next year.

A

Any comments or questions here.

A

Okay, go ahead, elliot.

E

Hi guys, uh everybody good morning, good afternoon, good evening, um just a question about this trap. I haven't looked at the revision update yet um is this the grand sum total of the changes that we're talking about or is there is there more? I mean if it was a major revision? Maybe the authors might want to say a few more words.

F

Sure am I audible.

F

Can you hear me yep, yeah, okay, uh uh thanks elliot for the question, so basically what we had agreed over the last couple of meetings was that maybe calling the draft bootstrapping is not the best idea, because some protocols and standards use, onboarding and and obviously some others use provisioning. So, uh thanks to karsten, he suggested the idea of using the term initial security setup, so the abstract and and basically the introduction now um has removed the reference to bootstrapping and and now uses.

F

Instead, the phrase of initial security setup and uh the other suggestion from carsten was that, instead of trying to categorize these protocols for setting up devices into managed and and peer-to-peer and ad hoc, it might make sense to instead identify like who are the players involved.

F

uh Is it the manufacturer, user owner are their servers involved and what kind of terminology does each of the protocol use and and what kind of information is imparted to the devices once this process is finished, so some of them might provision like entire access control list, while others may just provision a single key which you can then use against authorization server. uh So what we have done in this update is basically restructure, so get rid of the old categorization of managed and and peer-to-peer and ad hoc.

F

Instead, now we have like we don't try to categorize. Instead, we just have a list of uh common uh protocols and then try to identify the terms. They use uh the players that are involved, and this is work in progress. So the remaining part is basically like what are the initial assumptions.

F

So, if, if the device is supposed to be shipped with a vendor certificate, then that's an that's an initial assumption and and these uh we still need to fill in uh it takes a little while to go through each standard and kind of uh figure out the details. But uh I think the structure is more or less ready. It's more like going through each of the standard and then filling up the missing information.

E

So it was a pretty good, comprehensive answer to my question.

A

Okay, thank you, mohit any more questions or comments on any of the previous topics. Before we move on.

A

Okay, so then we had the research talk about the data centric co-op transport. um Would you like to go ahead.

G

Yep thanks, let me share my slides.

G

So I'm sending a sharing request.

A

And now it should be good.

G

All right, so, first of all thanks ari and custom for providing slot um in this presentation. I want to share like the insights that we gained by looking at a data centric co-op deployment option. My name is jen kindron and I'm a phd student at the rv hamburg.

G

So first, when I say data centric, let's have a look. What what that means and by data centering we first look at a paradigm. That's called information theory networking, it's an alternative paradigm and it's basically deployed on the networking layer and replaces, as you can see in the stack, replaces the host centric ip networking. It is highly specialized on content delivery by providing very loose coupling of data and the data producers.

G

There are a couple of architectures that implement the icn paradigm and the most well-known are name data networking which is abbreviated, ndn and content-centric. Networking ccnx. The key features of these protocols are that they have a name-based forwarding. They have the stateful forwarding which operates hop-wise. They have caching, that's also hop-wise and they have or they use security on an object level.

G

When we look at the technical aspects of ccnx and ndn, then we can see that we have request response paradigm. So we have an interest message and the data message. These are the primitives of the protocols on the network layer.

G

They have a flow balance and the request date. They build request date on on each hop. So every time a node forwards, an interest message, there's a state built on that node to eventually build a reverse path for the response message. We have the caches. So when an interest hits the cache, then the data is returned along these yeah the states and we have a hopwice re-transmission mechanism. So when we lose a message in a data message, then the retransmission happens. So we send another interest and the good thing now we have the caches.

G

So the interest actually does not need to traverse the whole path, but any cache in the middle can respond to the data um and, of course, because it's a very good combination with the caches and dn and ccnx are using security on the object level.

G

So the data message is either protected by an hmac or using digital signatures.

G

So the current research indicates that these they're, like these information, separate properties, the stable forwarding, the caching and object security. They are actually promising and kind of good candidates for iot deployments, the stable forwarding and caching, they shorten the request paths, as I said before, so they reduce the link traversals and the number of transmissions and packets in the in yeah.

F

On the link.

G

And the security enables an end-to-end security that even goes beyond untrusted gateways and also, but we will see this later. They also allow a multi-party communication, which is not so easy achieved with transport security.

G

And while we were like looking into these kind of icn networks in the iot, we figured that actually, the co-op standard already gives a lot of the features that we like sorted out here. If you look, for example, at core proxy, which is in the main rfc of co-op, then they already provide a caching mechanism.

G

They also have stateful forwarding and now that we have the oscar rfc, they provide, of course, the object, security and in combination. We try to build something um that we.

H

Call the data centric.

G

Co-Op deployment option- and this is the next thing on jet on the agenda after that- I will show you how we made this possible to have a multi-party communication using this data centric co-op deployment. It wasn't so easily achieved, but you will see, and then I will show like a brief um use case by how we send the firmware updates uh using this deployment option.

G

So again, very brief. The typical core deployment looks like this. We have a client, we have a server and in the middle we have ip4 orders. Anything is happening end to end and also the retransmissions are happening and to end. We have the request and we have the response and with the new deployment option, we the data center deployment option. We have again a client at the server, but in the middle we have now co-op proxies.

G

So we are building a path of of proxies, um and this gives us the the stateful forwarding that we saw before in in the end of season x and everything is happening, hop wise. Now we have hopewise, caching and even the retransmissions are performed pop files and we have forwarding that is now happening on names.

G

So again, it's very similar to to ndn, and this is something that we implemented and deployed and in the scope of this paper here, which we submitted last year's to the icn conference, and if you look at this in more detail than we see the following, so there are three uh data structures. They are basically the same data structures that also, and the anesthesia and x use.

G

Let's first start with the cache, because there's already present in the in the core policy and pretty good, well-defined and the request table is something or let's say this way. I think the the proxy operation itself is in the rfc of of co-op is a little bit unspecified um regarding how the proxy is handling or the the request that it receives and how they are stored and what information we need to store and stuff like this.

G

So we implemented a prequest table or basically did the same things that ndn is doing. We used the cache key because it's already well defined in the in the co-op rfc as an identifier to to identify uh distinct requests, and we have a.

F

Proxy level.

G

Fib implementation and it's basically just information to store the next stop for a specific name or url.

G

So now, if you look at this example, we have the client um it's requesting, you can see the url and on top it's using so in this case we're using forward proxies. So we are using the forward proxy uri and we are requesting from a specific node uh the sensor resource.

G

Since everything is hop-wise, we can use link local pv6 addresses, so the initial request goes one up further.

G

We are putting this information into the request table of that node.

G

The next node sends an empty acknowledgement to yeah to fulfill the the confirmable gets and then stores that information, where the request comes from into the request table and forwards that again to the next node and once we are at the end, node, let's say so: the node before the the actual server or maybe here's a gateway. And then we have the internet, and this node is resolving the the forward proxy uri and puts it into a path and can use the global ip address to to request the actual content.

G

So when the server receives a typical request that we would also get from a normal co-op deployment, this node sends back a response and the response then traverses back the reverse: the reverse path that was built in the request tables. So we know where the request came from and we can send back the data there. We consume the request date and this is done until it's received at the origin of the request.

G

So this is the whole chain and how it looks like um we of course, have there's oscar to provide security so, and what oscar is doing is that it wraps co-op and co-op and it rewrites the method into a post method and there's like this small tradeoff, you can have. um I mean the proxy yuri itself is outside the oscar score context, but you can have this trade-off of whether we should put everything like the whole host part into the proxy uri um or also the the path itself.

G

um So this is basically a trade-off between. Do. We want to fine grained forwarding on the proxy level flip, or do we want more privacy and also, and only have the the global ip address part exposed.

G

So here's a very short package, the section. um The only thing I want to show you actually here is um in the middle part. You see the co-op data center deployment, you see the on route, forwarders and the packets forget and the response packages and then the last hop the last stop is the same as the typical co-op deployment, because it resolves the proxy uri.

G

But in the the on-road messages you can see that the sixth open part actually is reduced, and this is because we are using the hop-wise forwarding and in this case the ipv6. The link locally v6 addresses, which means that six lowpan can do a much better compression.

G

Instead of having global appearances.

G

Here's another year like insight that we got in this paper, it's a little bit unrelated, but we were like testing the setup against a typical details, setup and, of course, oscor is operating next to co-op, so that re-transmissions, which happen actually can happen frequently in these setups, that the re-transmissions don't need to like re-invoke the whole security measurements again. But for dtls because of this layout approach, every re-transmission has to re-traverse the dts record, which again introduces overhead computational overhead.

G

So we have this picture now of how the data centric core deployment works, and then we thought, okay, we can do multiparty communications because ndn supports that intrinsically um so this means we can have request messages from multiple um sources.

G

It's some one point it's aggregated and then we only have one request that goes out and when the responses come back, they fan out. At the same time, we can have a request fan out mechanism, so the request is received for water and then they fan out and we have response duplication mechanisms. So this is what ndn gives you, but then we figured out okay. If we use the typical oscar and integrate this into the soh setup, then we have a problem because oscor actually has a very strict message binding.

G

So as a single response can only match a single request, which denies like everything that multiparty communication needs and then for the caching, of course, because it's encrypted with a specific key and for an endpoint and it's not very feasible or possible to get the the data out of the cache from for another another node, and this is what we looked into into this paper.

G

This year's.

F

Sen,.

G

And this is where we yeah implemented, basically the let's say more or less a solution for that um we were looking into the the draft from christian. I think he's also here in the call I think also marco tiloka is also an author of this draft.

G

So basically, the all the nodes of a specific group assume a virtual client, the role of a virtual client and they have the same keying material and every request that is generated by using this virtual client role looks the same, and so now we can have the actual cache utilization that we want and also we can do the request aggregations, because the requests now look the same, and this looks the following. So in the picture below we can see um the example where request comes in uh on the folding note.

G

If there's a cache it then that's, okay, the response is returned, but if there's no cache it, then we look at the request table. Okay, there is no request there, so the request is forwarded to the to somewhere.

G

If there are now multiple request tests and multiple requests coming in, um they match um so the cash key, which is what we use for identifying the requests if they match, then they aggregate on the request table and they stop there. So they are not forwarded again to the to the to the server.

G

So now the response comes back. Then first goes into the cache and the response is fanned out to all the requesters, of course, using the the same tokens that we have to record for each request.

G

A very small evaluation that we did on the iot lab testbed, um using the m3 nodes which, with deploying an arm, cortex m3 architecture, and they have 15.4 radio capability.

G

We use the right operating system for doing the measurements. We have this topology on the right, so we have nine clients, uh one one server and some four orders in the middle and the scenario was that each client requests an instruction. So it's a data that is the same for all of them, so this could be like a light fixture and they want to have the yeah the instruction for a specific time.

G

So what we see is on the x-axis. You can see the content retrieval time so how long it takes until the instruction is received by a client on the y-axis. You see the cdf and the distribution function, and then we can see the protocols for oscor and oscar proxy oscor is like is only the end-to-end co-op deployment or score proxies. The end is it is a hop-wise co-op deployment, but it's not utilizing the the cache with the oscar draft and then we have ndn, and then we have the oscar proxy with the cachable oscar draft.

G

So we can see that for the first two protocols, the content, retrieval times I mean we can see re-transmissions happening. This is what's happening every two seconds. We have this. The steps this these are the retransmissions, but also we see that not all retrievals are actually received, so we don't go up 200 percent, but stay at almost 30 percent of of content that is actually received. If you look at the ndn and the cacheable score, then we can see that they go up until almost 100 of um instructions that are received.

G

um Also, if we look at the the sub second range, we can see that the latency decreases a lot, and this is because um that, on the long paths that we had in topology, there are is already the the content available. The instructions from from previous client requests, and so we don't need to traverse the whole path.

G

So now we look into this use case the firmware update. um I think we all agree that firmware updates are necessary in the iot, but there are a few challenges.

G

The problem is that, like the propagation of the firmware itself, it is resource consuming and the iot firmware is actually one to two orders of magnitude larger than the typical sensor values, and then we thought: okay, let's apply the co-op deployment, or in this case, actually we used ndn because it was for the icn conference, but now that we saw that we can basically replace this, uh this nda deployment with the co-op deployment um and yeah- I mean it's on our agenda to actually implement this also with the co-op deployment, but everything should hold um for for the co-op case.

G

So in this paper we followed the suit philosophy. So we have a manifest file to request meta information on a specific firmware, and once we receive information, we can request that multiple, the firmware itself, which is chunked because it's typically typically too big for for the mtu of those link layers with the co-op case. We would probably use block wise transfer to do this with the core deployment.

G

So once everything is received, we verify the image input in your firmware.

G

Since we have the statement forwarding, we can actually decide how we the how the retrievals are happening. So we can have the typical I mean the concurrent retrievals is when each node somehow discovers there's a new version, and now they autonomously request all the firmwares, and this can happen simultaneously. So we can have simultaneous updates happening on the same path from multiple nodes or we can have this cascading retrievals, where actually an upstream node is blocking downstream requests.

G

Until that specific node is not finished with its its own proper filter update, so we will see how these will perform.

G

um So we have a new experiment.

F

Here.

G

With this topology again on the testbed, we use riot 30 devices in the use cases. This use case is that each device is requesting a firmware, and I marked this specific path here in red, and this is what we will look at in the next plots, because it's the longest one of the longest paths and will probably have the highest stress.

G

So all devices are requesting a firmware. That's 120 kilo, a kilobyte big, um is chunked with four four thousand.

F

Chunks.

G

um We have on the x-axis the experiment, duration, you can see it goes into the minutes range and in the y-axis we have the chunk retrieval rate. So how long does it? How many chunks can I receive per? Second, we have this for the concurrent.

F

And for.

G

The guiding retrieval strategies and we have the nodes and one two and seven and seven as you know, that's the farthest away. So we can see for the concurrent case that the retrievals I mean first, the the download process takes a long time. So, if you look at the n7 node, we can see that the chunk, retrieval average is actually a two. So we only receiving two chunks per second and it takes almost 30 minutes for that node to complete. um So that's yeah, the worst case, because it's also the fastest farthest away.

G

If you look at the cascading strategy, so when the upstream nodes actually block the requests from from downstream nodes until they finish their own download.

F

We.

G

Can see that we have a much more relaxed scenario, so every node actually finishes the download process in around four to five minutes until everyone is.

G

Finished so that's the next and last plot. um We now wanted to see okay. uh How will this perform if you don't have the caches?

G

So basically, how will this look like for an end-to-end deployment, for example by using core, so we have the same or a firmware image of 128 kilobyte and we have again the concurrent and cascading strategies we have at the update completion time in minutes of the on the x-axis and the cdf and the y-axis, and now we have these two scenarios, one. In the first scenario, we are deploying a common binary, so binary that's used by all the same nodes, all the nodes, so we can actually leverage the caching.

G

This is what we saw before the nodes finish or the latest download finishes at almost 32 minutes and now, if you deploy the individual binary, so each node is having a single binary. So we can cash. Well, we can cash, but we can't utilize the caches. Then we can see that this explodes until the more than two two hours.

G

Okay, so we come to the takeaways now and we have always. We saw that, like the information centric contact retrievals, they are more efficient because of the the caching and the stateful forwarding.

G

We also have the object security and it allows us to do a multi-party communication, which is not so easy to do with transport security, and also we have new perspectives for iot deployments using this data centric co-op deployment.

G

Now you probably wondered how the forwarding information on the proxy level is is maintained and handled. There's no solution. Yet we did everything with static routes, but we plan to look into how to actually discover this, these hopwise proxies and to build some form of dynamic path to the to the content and also in the proxy uri we're using global ip addresses.

G

But this could also be just any identifier that is mapped on the on the folding information base to some link local address, so it doesn't need to be actually an ip address, but this is also in the future.

G

So this concludes the talk and I'm happy to take any questions from here and thanks for listening.

A

Thank you chiang very, very interesting presentation and topic. um So anyone, if you have questions, feel free to join the queue um we'll be taking questions from them iq, but while waiting for people to join, um I had one question on this: that it seems that you're reusing a lot of existing uh co-op uh functionality. So I was wondering like what is the uh impact on implementation. So, if I do have a, for example, a co-op proxy that already supports playing co-op and an oscore, how much extra do I need to do to actually support?

A

Also the kind of technology you were showing here.

G

So I tried to explain actually hear that by reading the co-op rfc, I wasn't really sure how the proxy is handling all the states. um So the state management is, I think, maybe I'm wrong, but I think a little bit underspecified in the rfc itself.

G

So I'm not sure if this is like too custom or not, but I could imagine that a proxy would do it like this, and this would be something that would need to be implemented extra.

G

I guess, but this is not. I mean that's not so much more than than having all the other parts.

G

So I guess it's pretty easy to to con to converge to the data center core deployment from just having the standard blocks.

A

Okay, very good thanks.

A

And then on the uh the forward um part I was wondering: have you been? I mean in the ic energy. They have been looking the same topic also quite a bit. I guess you are already discussing with that group. um If you have found common ways that you could actually achieve that.

G

um But the forwarding you mean fighting forward, it could be.

A

I mean finding the forward path like.

G

The path yeah yeah, so so yeah, so basically the future work part um yeah I mean I think it should be.

G

I think it should be possible to have to take any ndn routing protocol and use it on top of this to to find the names, but I also think it could be possible to actually have to take an ip protocol.

G

I didn't look into it, but maybe it's possible to, for example, take ripple and and adjust ripple to yeah. I don't know.

F

To somehow.

G

Have the the name, information and distribute the name informations in the dodec, but this is something that yeah needs more elaboration and to look into it.

G

Maybe it's even possible to re to use resource directories to to learn which yeah, which resources are are out there and maybe then build a path towards that, but um I don't know yet. I can tell more, I think, on the topic, but it's definitely um yeah it's an open issue um and something that needs to be addressed. If this is of interest, that's uh yeah. I agree with that.

A

Great thanks, looking forward to hear more yeah. Thank you. Go ahead.

D

Yeah my question is designed to be the the last one and I think from the timing. It probably is um so there is the large body of icn research out there and um one wonders what what what are the next pieces of that research that that you? Actually, you will start to borrow what are the most useful elements that we could use for this kind of data, centric, uh uh chord-based, environment.

G

Yep, that's a very good question so by having this co-op deployment.

F

Data center.

G

Deployment of course, we open the door for all the icn research, that's done and they have a lot of research on caching strategies. Cache placement replacement- and I guess, should be fairly easy to adapt a lot of these things into this kind of deployment.

G

So um I mean, as we all know, we have almost no memory on these devices, so we need some form of cash um placement strategies and in this case I think I used the least recently used, but there are much much better strategies um um that to take from from these from the icn research.

G

Besides that, there are a few published subscribe schemes from from the icn world. That might also be beneficial to have even more like loose coupling, but I'm not so sure about yet how this might look like and to look like, and then these deployments.

G

But I think the caching is something that we can definitely use and it's easy to to get.

D

Thank you. So we are looking forward from for a lot of more research on that from you and from other people. Yep.

G

Thank you also.

H

Okay, very good.

A

Thank you chiang and um because we know exactly on the right time on the agenda for our our next talk, so welcome steve hannah. um Would you like to share from your screen? Yes, I would.

I

Can you hear my audio okay? Yes, we can hear you. Okay, great, I'm gonna share my screen. Now you should see the.

A

Slides.

I

Yes, thank you. Okay, very good. uh The full screen view I presume. Yes, I see it so I'm uh thankful for your invitation to come here and to talk a little bit about uh matter. uh The set of uh open standards for uh smart home security or for smart home. Rather, I should say security is my special interest. So that's what I'll be talking about security and privacy topics.

I

There are many other aspects to matter as you'll see. I do include some introduction and overview information about matter in the presentation.

I

All of this comes from the connectivity standards alliance, which used to be called the zigbee alliance, a matter by the way used to be called project chip or connected home over ip, and it is an industry standards group and, as such, the.

I

Specifications are not yet widely available only to members, they will be available to everyone once they're complete in the 1.0 version. uh So this is an opportunity to get a sneak peek at how the security and privacy works there and I think, there's some interesting innovations that you'll enjoy hearing about.

I

I have to apologize, though, that the information here is necessarily incomplete because well for one thing, uh the standards aren't quite finished, you're leaving the 1.0 version and I'm not allowed to present every detail of the draft standards uh I'll apologize as well that my presentation may be sub-optimal as I've been diagnosed recently with covid and, although they're happy to say that my vaccines seem to be doing their job, I may not be up to quite my usual standard and thanks as well to the irtf community uh for your assistance, uh in particular rand connetti, uh former uh chair of the multicast security research group, who provided essential assistance to uh matter simply in giving us an overview of multicast security topics some uh 15 months ago, all right, let's get into it.

I

We have only 30 minutes for this and I'd like to leave some time for questions.

I

So I'm going to cover an introduction to the matter standards uh folk, a presentation of the security and privacy principles, description of our threat model, which is always necessary prerequisite when talking about how one is addressing security and privacy and finally, the security and privacy architecture.

I

So an introduction to matter perhaps you've heard of it. It's been in the press, you might want to know a little more well uh matter is intended to be uh wides of widespread utility uh within smart home and perhaps beyond, and that's why our marketing team has chosen such a bold name for it uh matter.

I

It's of course, the one thing that all things in the world have in common they'll have some matter formed of matter, uh and so this is intended to convey the foundational nature of the standard and what we hope will be the eventual ubiquity.

I

uh The matter logo, which appears in the upper left corner of the slide, is something that we intend to indicate to consumers that the marked devices will work together, compatibly and seamlessly, as they look today, for logos like wi-fi or bluetooth, but spanning multiple network media.

I

And one of our essential goals is to simplify the process of developing and using uh smart home and iot products, um so that consumers don't have to worry about how it's going to work or whether it's going to work.

I

There are four pillars of matter, a matter effort, simplicity, interoperability, reliability and security, and I won't go into these in any detail, but I think the most important thing from my perspective is security made the list yes we're last, but but we are on the list, it's recognized widely by the matter, participants that security is absolutely essential for matter and for iot.

I

You can't add it later now. How does matter work? Well, it's an application layer stack, it rides on top of tcp or udp, requires ipv6 and works over any ipv6 compatible network.

I

That being said, it does include some native support for wi-fi thread and ble and other uh underlying medium aba added later in that when, as you'll see later, when you bring a batter device into your home, we can automatically provision wi-fi credentials into it. So that's not a separate step, but can be handled as a seamless and single process.

I

uh It's designed, as I said, to be secure and to use uh standard commercial algorithms uh for cryptographic, algorithms and uh protocols for cryptographic protocols.

I

uh We use an open source development approach and the uh source code is already available. I'll include the link in a few slides and the uh source code is based on technologies and source code already uh used by the members. So a lot of contributions from the members there. We didn't have to start from scratch and it's designed because it's ip based to not have to go through a bridge, necessarily a protocol translation module to get from your device.

I

However small, that device might be to your mobile and eventually all the way up to the cloud. So you can have end-to-end security matter as an application layer protocol uh doesn't just include, uh say, security protocols like tls would but also has a data model, and this means that we have a set of nouns and verbs specific to certain device types, such as say a light bulb which would have on and off or uh adjustments to the intensity or perhaps the color of the of the light bulb uh and uh similar other device. Types.

I

uh Zigbee already had a uh set of uh a common data model, and this is being extended for matter. uh It's designed to be a low overhead or relatively low overhead implementation. When you're, adding ipv6. There is a certain element of overhead and adding security on top of that, as well, uh is a bit of a burden, but still we're aiming to keep the burden as low as possible, aiming for less than 128k of ram and less than a megabyte of flash or non-volatile memory.

I

uh I know having worked with irtf and then the thing the thing research group in the past. These may seem like large numbers to you, but uh for the world of uh iot um they are, shall we say medium.

I

At least in smart homes uh so- and they allow us to achieve our goals, uh one of our goals is ease of use, and I do want to emphasize that the whole system has been designed to be easy to set up easy for consumers to understand easy for developers to employ in their products and uh so on and so forth.

I

So we'll talk more about the setup experience in the next slides and how that relates to security, but just to say that this has been a barrier in the past. Consumers will go out and buy an iot device, bring it home and they can't figure out how to make it work or at least how to make it work with the devices they want it to work with. In fact, it might not be compatible with those devices, but also the setup.

I

Experience is different for each device and depending on whether you're introducing it to your apple, iphone, your google android phone or other google nest, devices, etc, etc.

I

It's just confusing uh because there's so many ways that it can work uh I'll, talk more about the multi-admin feature in a few moments and go into some more detail. But essentially this is a new feature which is designed to ensure that your devices, such as a bulb, will be able to work with whatever administrative and control devices you might have.

I

So you might have say an iphone and use home kit or you might have a google uh pixel device and use google nest or whatever, whatever you may have um that's permitted and uh required to be permitted uh that the device can hook up to uh whatever ecosystem.

I

uh You already have in place so long as they both support matter and it can simultaneously work with multiple ecosystems at the same time. So that's the multi-admin feature referenced here.

I

All right, keeping it moving matter supports an initial set of device types. These are the ones listed on this slide and other device types will be added later. This is an ongoing process and we do expect that controllers will be not only in the form of switches and dials, but also say smart speakers, smart screens,.

I

Even laptops and mobile phones and tablets, we'll all be able to control these devices and control devices from multiple vendors, of course, multi-vendor interoperability is essential. Here I mentioned it's an open source project and here's the link you can go to to find the open source and to look at it today.

I

It's intended to be uh quite uh open and accessible. That's why we've made the code already available. It's a apache 2.0 license and includes lots of examples. It's one of our reference platforms is the raspberry pi. So if you have a raspberry, pi and probably most of us, do you can download the code, build it and run it on the raspberry pi today um and well. I think I've mentioned all the rest here.

I

All right uh timeline, uh the specs are already available to our csa members and, of course we would welcome you to join. If you wish, the members have been working on the sdk. We don't intend to release the spec until the sdk is ready to release as well, because well as ietf would say, we need to have proof in the form of running code, that the specification is a good one and actually works.

I

There's a big difference between theory and practice.

I

At that time, in the first half of 2022, uh when the sdk and the spec are released, uh we should have some products already read ready for certification, because they're already undergoing testing now and when I say certification well, um that uh every uh matter device everything that has a logo on it, that or logo on it uh will be tested. Just like wi-fi devices are tested to make sure that they're interoperable it doesn't mean you can't create your own prototypes at home, but they won't be supported with a consumer in a consumer environment.

I

They would need to be certified uh so uh security and privacy principles.

I

So these are the principles upon which our design rests a comprehensive approach. We don't just think about the security of the device, but we think about the security of the network and of the cloud and of the uh the privacy of all of those as well in including guinea gateways. If there may be some present, uh we're designing it to be as strong as we can using well-tested standard, crypto, algorithms and protocols and ease of use, as I mentioned earlier, is a requirement.

I

In fact one could say we intend it to be a hallmark of uh matter, so that ease of use drives design decisions in the protocols and the design and the standards for designing matter systems to be resilient. We recognize that it will be impossible to prevent every infection and we want to make sure that it's possible to detect compromise and to recover from it and uh to be agile well with uh quantum computing just over the horizon at a practical scale.

I

It's essential that anybody who's designing a secure system today include support, at the very least for uh post-quantum crypto to be added. But in addition, we recognize that there are always new developments and especially in the field of security, new threats that come along and the uh protocols, the standards and the devices, even after already in the field, need to be designed to adapt to those new developments and threats.

I

So we've designed them to do so all right hold on a second. I think I'm going to do a little coughing that does sort of come with the territory.

I

uh Thank goodness for the vaccines.

I

So what is the threat model for matter?

I

Well, uh when we consider threats, we consider all different sorts of threats, any uh attacker or actor who's, trying to compromise the system in any way- and this wouldn't just be your typical uh cloak and dagger government attacker or a a an attacker from overseas performing some remote attack, it might be say, a former lover or a spouse, uh someone who stayed in your home. Perhaps you gave them access as a guest house, guest and and now you wanted to revoke it.

I

uh Well, we have to make sure that's easy and possible without their cooperation, it could be a supplier say the landlord or the builder.

I

It could be some other trusted party, such as a a cleaning person that you gave temporary access to your home, and now you need to revoke it or somebody who snuck into your home, and you don't want that to become a permanent. Cyber intrusion could even be a house guest who's only there for a dinner party, and you don't want them to be able to compromise your home.

I

They may have varying levels of access, resources and skills. We recognize that and of course we have to consider supplier security as well. If the supplier of your devices should be uh hacked compromised, have their development environment compromised, for example? How is that handled or your cloud provider?

I

We also consider the life cycle of these devices.

I

Smart home devices may have a long life cycle. You might gift them to your children or sell them in a yard, sale, throw them in the trash and have somebody pick them out of the trash and then try to use them to get the keys that could be used to infiltrate your home.

I

So we consider those issues as well and as far as targets, I've mentioned already a variety of different targets, but one that's important to consider is the humans in the loop. uh Well, uh humans are often the weakest link in the chain.

I

We can design a perfect protocol, but if the humans can't understand how to use it or if it's too hard or they have to remember long passwords, that's just not going to work, and so we try to consider these human factors and how different humans might be tricked into doing things that they might later regret.

I

All right oops a bit too far. Well, I think I've talked about these things already.

I

So when we look at the threats and we've categorized now something about 200 threats to the matter uh system, uh we categorize them, we analyze them and categorize them in three ways: severity likelihood and impact where, let's start from the bottom impact, what would be the effect of a successful attack is, what's the scope of it? Does it just let the attacker control one device or your whole home network or the whole fleet of devices of that type?

I

I won't go into all the details here, but we do also consider how difficult the attack is and whether it requires physical access from that severity is derived, and we try to make sure that we identify as many and address as many of these countermeasures as possible, especially the high severity ones.

I

Here's an example uh threat where a maliciously crafted message exploits a device vulnerability, causing a device compromise.

I

It's high severity and we address it by requiring all devices to support over-the-air firmware updates either using our mains or another means now we'll get into the architecture.

I

So um a device comes from the factory with certain set of credentials. These pki credentials issue from a trusted route here and there can be multiple trusted routes which are distributed through a distributed. Compliance ledger in this case. It's a self-signed cert from bolby and the pki descends to a leave certificate unique to that device and identifying what vendor it's from and what product id or product type. It has.

I

Those correspond to a private key, of course, unique to the device and stored on the device and a certification declaration for this product type, as well as a verifier that will be used later when we bring the device into the home well the process of bringing it in and commissioning. It is easy from a user standpoint to just scan it scan the qr code. That is that we saw in the last slide and then it indicate yes, I do want to commission this light bulb and it's commissioned into the home.

I

It gets a set of credentials for the network and some other things that we'll talk about in the next slide, and it's able to operate fully within the home as a secured and trusted device within that home.

I

uh There we go and now what is installed on the device during commissioning. Well, it's the things in the right column. Here, a new set of credentials if you're familiar with ieee 8021ar.

I

This is similar to the ldap id or local device id. Now you see the device has a set of credentials specific to this home or fabric. The fabric. Id is a 64-bit number chosen by the commissioner or someone that it trusts and a unique node id another 64-bit id unique to this device within the home, and this chain goes back to a root ca which could be located in the home or elsewhere. It depends on how the particular fabric is operated by that administrator.

I

Each ecosystem will have its own decision for where the root ca is located. There's a private key, of course, corresponding to the operational cert and an access control list that determines who can do what on that bulb. Like turn it on or off or change its color or with a higher level of privilege, perhaps change its access control list, and I mentioned already the operational network credentials such as wi-fi credentials that are used by the bulb to connect into the home.

I

So a few ways in which matter raises the bar over what we have today in uh smart home security and uh well, it's not perhaps so hard to do considering how weak, smart home security often is easy, secure and flexible uh device commissioning, which I've walked through a moment ago, the validation of each device to make sure that this device is authentic and certified that it's been its device type has been tested.

I

That's the device attestation insert that I talked about earlier in the certification declaration ability to check up to date info on revocation of those credentials device attestation credentials through the distributed compliance ledger a strong device identity, the secondary identity, that's used within the home to ensure that only your devices can communicate within your home and that secondary identity is used in the unicast communications. Much as it would be in tls. In fact, our unicast security design is based on tls and uses the same signal protocol as tls 1.3 and secured group communications.

I

The this provides assurance that using a symmetric group key that the sender and receiver are both members of the group. It doesn't provide sender or authentication at least to this version, but it does provide assurance of group membership and the ability to quickly revoke group membership, as needed talked already about the ability to have multiple administrators um even from different ecosystems simultaneously and about access controls and secure software updates by a standard mechanism, or if you wish a proprietary one. An additional thing that's provided is remote attestation.

I

This is optional, but if the device supports it, it can use a route of trust to provide remote attestation of software integrity based on measurements taken at booter at runtime, and the matter team remains committed to raise continuing to raise the bar for security and privacy, both through our open engagement with security researchers through our vulnerability response process, making everything open to encourage people to analyze and find vulnerabilities report them and us to improve them, and it's our intent to continue.

I

As I mentioned earlier, to improve the protocols and the implementation to fix problems and to address them proactively, there's a link for more information about matter buildwithmatter.com and a link for more information about csa, and I see I still have about three minutes left for questions.

A

Excellent, thank you steve for a very, very good and interesting presentation and as before. um If you have questions, please do join the mike q.

A

So since there's no one else yet I was wondering, um can you still talk a little bit more about the protocol stack that you have on top of udp and and tcp? um What kind of um technologies do you have there today.

I

Sure so uh we have a secure channel protocol and the secure channel protocol, as I mentioned, is based on a sigma handshake.

I

Now, there's also a the ability to do group communications um based on a symmetric key, that's used to uh encrypt and authenticate all of the packets. uh I believe it's a aes uh cbc. um That's used there uh as128 for that. Crypto.

I

Other additional questions that you have about it. I have this back open.

A

I still thinking about, like um you know the idea. We've been working on co-op and there's a few other um transfer protocols that are used by different ecosystems, um right kind of wondering. What kind of protocols have you chosen to use there or is it something completely different than what everyone else is using.

I

uh It's a different uh mechanism: yeah we're not using clap.

A

Okay, thanks and I guess we'll see more information that when the spec is released.

I

Absolutely, and perhaps even sooner, I should mention that we have a white paper coming out with more details on the security aspects later this fall, and I believe that there's also intended to be a another one on the transport and communications aspects of matter uh that will come out uh later in the year in the calendar.

I

I believe uh it may not be quite firm exactly when that white paper will be out, but we do expect to have that out well before the uh the springtime um and then, of course, you'll be able to see the whole spec once that comes out yeah, very good thanks a lot, and we welcome engagement with the research community. Of course,.

A

Okay- and I see we have carson and michael in the question, do you want to go first.

D

So I have two things: one from the jabber mold city: thanks you for the excellent overview and wishes. Other sdos didn't even have as good presentations as this, and he also has a question on slide 23.

D

Is it correct that the private key for the acme certificate is generated outside of the device and then provisioned on it.

I

ah Hold on a second I'll go back to slide 23.

I

Yeah, okay, I'll try to go back um there we go. uh No, the private key can be generated on the device yeah for the officer. That's what he was asking about. Okay, in fact it is in in this case it would always be generated on the device it's for the device attestation, certainly because of manufacturing difficulties.

I

Sometimes it's necessary to generate a device, attestations or private key off the device and in a controlled and secure manufacturing environment inject it, but during operation it would always be generated on the device.

D

Okay, uh well, thank you for the answer. I also have a question. um You discuss the the whole aspect of ownership transfer and even the scavenging case, the the hair loom case. um One interesting question that often comes up is um when you have iot devices that actually become part of a home.

D

There are some that are kind of your personal bubble, like your smartphone and your smart speaker and so on. So you would take those with you, but there are other iot devices that actually installed in the home and one interesting ownership transfer is the involuntary ownership transfer where the whole home changes its ownership in in an involuntary way. Is this something you have considered.

I

It is and I'll be honest there and say that I don't think, we've completely solved that problem. um We have a solution for the time being, which involves physical access to the device, um and uh you know then resetting each device individually. But this is a painful process and we'd like to have something better in the future.

I

We're just not yet there yet and we.

F

Won't be for 1.0, I.

I

Think yeah it's a hard problem. 1.0 is a 1.0. It doesn't have everything we'd never like.

D

Thank you.

A

I'm michael go ahead.

B

Eva thanks for uh very pretty uh set of slides, they are very nice and explanatory.

B

um You mentioned that you use sigma, I like tls, but you're, not using tls, um and you don't seem to have any algorithm agility, and so I'm hoping that your white paper that comes out on security, I hope, will explain to the community how you intend to deal with issues like that, and that would be very useful to understand what the plan is, and I just I guess that was really.

B

It wasn't really a question so much as a request of you to to to make sure that's an important part of it and uh as to carson's comment about involuntary stuff. uh So I have a document uh about this and some of the problems and I'd love some some more communication about that and there's actually some people at columbia who have apparently been doing. I saw a talk from, uh I can't say his name henning um uh there, uh professor, um and they have some interesting solutions.

B

It's just not clear that they will fit in the smallest devices. So I would encourage you to uh um there's a bunch of there's a bunch of stuff happening in the academic community. It seems on this topic and maybe that would be a good place to uh to engage across the whole industry.

I

Great thank you for that tip. I will absolutely look for those uh papers from henning um and as for algorithm agility. Yes, it's designed in sorry if I gave an impression otherwise, but we are planning for a pq transition.

D

So there is one more question from the jabra. I see that there are several security design considerations specifically for privacy. Are there any considerations beyond the secure ids.

I

Oh yes, uh there are so, for example, I I won't be able to list them all off the top of my head, but there is an additional uh privacy um key which is used across the fabric to uh encrypt all identifiers.

I

So even identifiers that are used for uh addressing um are such as the node ids are uh encrypted in a manner that other people, on the same uh wi-fi network, for example, would not be able to unnecessarily uh would not be able to decrypt those unless they had the corresponding fabric. Key.

I

As for other items on that list, as I said, I'm not a privacy expert, so I would refer you to the that.

I

Any more questions, no okay,.

A

Very very good, thank you once more for steven for steve for making it here, and this is a very interesting presentation. I'm looking forward to hear more uh on on this topic and uh yeah. Please keep us posted when there is more information you can share would be very interesting to hear about it.

I

I'll come back after the spec is public and we can talk about it. Then.

D

Yeah- and we wish you a quick and full recovery.

I

Thank you. I'm gonna leave now go take a nap bye-bye.

A

Very good, thank you.

A

Okay, so if we then continue on on the agenda, we have next next a a quick update on that on the wishy. Let me get the.

A

Slide doesn't seem to show up.

D

Let me try that.

A

I did a new slide that has been shared, but it's.

A

Okay,.

D

So I go to slide 11.

A

Yes, please.

D

No, that's not the wrong one right, one. Fourteen, maybe fourteen.

A

Indeed, very good thanks karsten, so a a quick update on on this um recent work on the iot semantic hybrid interoperability. So this is an ongoing activity. We have in the tingling research group looking at the semantic and hyper-media interoperability aspects. um Since the previous summary meeting, we have had two wishy calls. uh One was around on sdf, so this semantic definition format that we are now working at the iedf astf working group.

A

But we had a discussion on some of the topics that go beyond the current scope of the sdf language and in particular, how we could be looking at different relationships and instance, information. So when in sdf you can describe the affordances of iot devices and more structure that they have using the sdf definitions.

A

The idea here is that you could also describe potentially more complex relationship information between the definitions, so not just simple hierarchical information, but also, for example, that this kind of a light switch is connected to that kind of a light bulb, and they have this kind of a turning on relationship between them and also another aspect that we have discussed in in the wishing meetings. Is this instance information?

A

So, whereas sdf you normally only define classes class level information, so, for example, uh this is where like lightbulb looks like there are a lot of cases when you need to be talking about instances of those classes and we've been discussing whether what would be the right mechanism for for talking about that, whether it's an sdf extension or something else.

A

Another topic, uh a bigger topic that we had in the wishing meeting, is this follow-up on the azure digital twins, definition dddl and how it would interwork with the sdf. So this was our our third meeting with the azure dtdl team. um We discussed in the meeting that was actually yesterday on monday um about the enhancements that would take for sda, sdf and ddl that we can improve both of their expressiveness and also how they can work together.

A

So, for example, how could we to talk about external ontologies, using sdf and dtdl, but in a way it would be easy to try to translate that information from from one model to another. Then we can use sdf as a clue between different ecosystems going from one to a dddl ecosystem.

A

Also, one of our favorite classic recurring topic is the units.

A

So when you measure something often you want to sell what is the unit for an additional semantic information and um that's a topic that is on the surface very simple, but when you're looking a bit deeper, it turns out to be quite complex, um and here, in particular um in sdf, we've been aligning with the cinema units with additional feature coming in that we can refer to external ontologies uh for additional units, but then in ddl there are some units that are not in cinema units and are not quite suitable for the cinema unit registry.

A

How do we deal with those? For example?

A

um We also did discuss about some related, tooling improvements, so we've been working on tools in the sdf work to convert models between different ecosystems, so we have implemented a tools tool set for go between sdf and dpdl.

A

So here we discuss the latest advancements on that and also what we've been doing. We did convert um all the existing sdf playground models, uh so a set of models coming from the uh oma live within the iphone ecosystem, ocf ecosystem and a few from uh zigbee ecosystem into dddl and be able to then use those uh with the azure digital twin tools and then also another exercise we have done is we took a set of ddl models that are describing a a domain-specific system and converted those into sdf?

A

There are few things missing uh in the translation, in particular licensing information that has turned out to be very, very useful information to carry in the models, so we might be seeing that kind of improvements coming to the bddl later on and overall, a big topic here is the sharing, converting and publishing the models. So we can all learn from the different ecosystems and work on ways to improve uh compatibility across different ecosystems.

A

One particular plan for the way forward that we discussed in the meeting on monday. um Was this a grand challenge, hacking plan? So how could we use, for example, um sdf described devices say you have an live device that is using ipso models that we have described, sdf?

A

How you could use sdf as as the tool in between to go to get those devices connected to your azure digital print system? So you, for example, convert those ips models into dtl models, import them to a system and have that way more easily your iot system up and running. So we have no early plans on getting that kind of hacking activity ongoing uh together with the dddl team.

A

That was a a quick overview on on the on the wishy activities. um Any questions or comments here.

A

Okay, hearing none but you're, of course, all welcome to join the future wishing meetings. We do have a plan to have the next meeting, hopefully before thanksgiving, um but we'll be able to still come back to these topics and also another topic that we'll we're planning to look at closer. Is this the web of things uh thing description um that we didn't have a chance to talk in in our previous?

A

We should we should call that's gonna, be on the future topics, but we will be announcing into in the future, which is also, as usual, on the tingling research group mailing list.

A

Okay, then we have next. um The w3c web of things update and michael mccool um michael, would like to share your screen.

C

I will attempt to do so.

A

Now it should be showing up in a moment.

C

Hold on a second uh hold on, let it allow it.

C

I have to res have to restart.

A

Okay, um while we went wait for mike mccool to come back um michael coster, do you want check that your screen sharing works or, alternatively, we could share share.

H

The slides the slides, because they only really have two slides my.

J

Update will be brief and I think that it makes sense I can just go. I can just do it.

A

Okay, now actually see michael cool is back.

D

We can also share the pdf if that helps.

A

Okay, now, let's see.

A

And by the way, michael, um you don't seem to have audio right now,.

C

You should hear me now and see my screen.

A

Now we can hear you and see your screen thanks.

C

Sorry about that recent os upgrade apparently revered all my permissions, okay anyways. I have 10 minutes. Let me talk about the w3c web of things, which I should be on this slide and I actually have um you know I have to fix what I was doing.

C

Right, so I have two things in this deck. uh One is a: what is what and what is recent activity because of limited time, I'm only going to like very quickly do what is what assuming most people have seen it I'm going to spend most of my time talking about uh recent activity, um I will say I've more slides than I will have time to spend on, so you can go and find out more information on the slides or uploaded, including hyperlinks, to various things.

C

Okay, what is what basically we're part of w3c w3c does web standards and what we're trying to do is extend and adapt web standards to apply to iot.

C

Now we're in our second charter, we've already published one spec, which is the thing description which is metadata describing iot devices and their network apis, and the basic idea is to describe uh interfaces rather than prescribing them, and so you basically uh get this json ld file. It describes how to talk to a device and also creates an abstraction, so you can deal with the device at a high level, abstraction in terms of properties, events and actions, as opposed to the details of the protocols to implement that it also includes data schemas.

C

So you know how to format and unpack information going to and from device. It also supports multiple protocols, so you can describe http or co-app or mpt. um I won't go into detail about this too much. I just want to mention you know some links here. So we have. uh You know several we've already published td 1.0, we're now working on td 1.1.

C

I will say the deadline is basically the end of this year for feature freeze, so we're now in cleanup and finalization phases for these um there's also a new spec for discovery, which is how to find and get things descriptions for devices which I think is quite important for overall usability, and this is uh actually uh overlaps or impinges upon some ietf topics, I'll mention in a minute and profiles which sort of limits the scope for certain uh uh interoperability uh scripts- and you also go through our website.

C

Remember one thing: the website is useful to find out uh recent status, all right, so that was all I want to spend on. What is what and now I want to talk about what we're doing lately.

C

So we just finished a plug fest. uh We had a whole bunch of projects. I want time to go into them, but I will mention that one of them was converting stf to thing models.

C

I think models are kind of like a templates for tds and they sort of fill the same function as sdf and dtdl and we're looking at airbuilding between them. Tds themselves are designed to describe instances of devices in particular devices, and so they have concrete urls and ids in them. Tms are classes of devices.

C

um There are several other things, including geolocation, uh nhk integration and things like this. um We also recently uh had some presentations about some a couple: new commercial applications, so takanaka corporate contract construction company out of japan. It's actually built a very complete system using a watt for building information models.

C

This is in the application domain of uh you know. Smart buildings and building information systems often include lots of devices from different vendors different standards.

C

It's a good application for watt, which is designed to clean that up and to also track metadata about devices, there's also a startup, which is a spin-off from technical university of munich, which has been very active in what and they are basically building a uh iot dashboard uh based on uh using the descriptions to describe devices from different vendors um as part of our discovery.

C

Implementation, so w3c requires at least two implementations of every feature before it's going to become a standard so because discovery is new, we have to worry about implementations and there's actually two parts of the discovery there's first contact protocols which leverage existing discovery, mechanisms like dns, sd and there's a directory service which allows you to search and query metadata, um and I will say that that query service also includes xpath and sparkle and jsonpap.

C

Anyway. We need three implementations of directory services. We have three, and so we have one out of values of barcelona: uh uh sorry, upm uh watt hive. We have one on fraunhofer and we have now one of the logic lab which is based in uh which is associated with siemens.

C

The logilab one uh supports sparkle and sparkle, of course, can be used for semantic queries and very powerful search searches regarding touch points with ietf. uh We wanted to include json path, queries in our in our directory service.

C

Unfortunately, one challenge there is not a standard, but there is a rfc draft in ietf, but because we have to freeze our features by the end of the year, we basically have are scratching our heads right now. What to do?

C

I think the plan is we're going to make just empath, informative experimental feature and we're going to have to def. We have at least one mandatory query mechanism for directories that was going to be jsonpath. It's not a standard. We can't do that.

C

uh We don't want to mandate implementation of xpath or sparkle, both which are quite complicated, so we're basically looking at doing a minimum query implementation for now and transitioning to xpath as soon as we can with a 1.1 spec in the near future.

C

So we're kind of waiting for jsonpath to get nailed to the wall, so we can depend on it.

C

Other relationships are core rd, which is obviously also a directory service, but we're using it as a first contact mechanism as a on-ramp into our directory, which supports you, know more advanced features like sparkle.

C

uh We're also going to be having a discussion on october 28th about other touch points such as signatures and uh signing of json, payloads and so forth and sql tables and, of course, asdf. We've been exploring the feature completeness of conversion between tms and sdf models.

C

um There's a couple other things that are under discussion. These will not be normative intervals, but are things that are being discussed in the interest group which looks at experimental ideas.

C

So one thing looking at is ontologies for geospatial data, and this needs to be coordinated with organizations like the open, geospatial consortium, the spatial data on the web, working group, insight, w3c, open ar and a bunch of other groups that depend on geospatial data.

C

This type of data is especially important for smart city applications and it's used both for the location of iot devices and for dynamic location of devices, and so one of the challenges is how to deal with the fact that sometimes this data is static and sometimes it's dynamic um and there's also different requirements around ar versus, like mapping uh regarding you know, and also differences between the location of the device and the location of the feature of interest being measured, which might, in some cases be different.

C

There's also quite a lot of variety about what is geospatial data. It's not just location, it could be orientation, it could be velocity, um it could be heading different, coordinate systems, so it's quite complicated.

C

The other thing we're looking at are signatures, so we wanted to sign tds, the tvs are quite large and they need to be modified and we need to support changing their other features.

C

So the existing signature mechanisms for json weren't quite powerful enough and we've been looking, uh and we have a discussion on for 28 about you know. uh How can we adapt or extend uh what's currently out there? Is there any way we can use current standards or do we need something new?

C

So we've got that draft proposal for a new thing, but I really like to figure out if I can use existing standards instead, um there's also a json ld signature uh spec in the pipe, but it's based on rdf. You have to expand it into rdf and canonicalize the rdf, which requires rdf processing if you're trying to avoid, because just just verifying the signature really shouldn't require pulling things into an rdf database.

C

So there's a bunch of uh practical concerns there and finally we're in the midst of defying our new charter. uh We're gonna be extending our current charter for six months, so our next charter would start uh next july and we're we had to defer a bunch of features for compatibility reasons to td 2.0 and we're also probably going to look at maybe making normative some of the stuff that I mentioned above, like geospatial ontologies.

C

uh The other thing we're looking at seriously is uh managing data itself. So right now we have a directory for metadata, but we really want. Maybe is a directory for data and there's actually some ieee activity around that as well for doing queries or intervals that we need to align with anyway, that's a brain dump, but if you have any questions, I don't know if you have time, but I'm open to it.

A

Thank you michael um for for the overview, and of course I mean we'll be having um follow-up meetings um together, where we can go in much much more details here. Does anyone have any quick questions? You want to ask right away. Please go ahead.

D

I have one quick question: are you talking about jason pass and we're going to have a working group meeting in two weeks from now? um Do we have any any documentation that we could use for limiting a first version of the jsonpath document to the features you actually need.

C

Yeah, so one question was a subset of jsonpath that we could we no won't change and we'll implement just that subset. uh We need more examples. In our directory document there was a web page uh where the front-end representation a bunch of examples.

C

I think the key thing we have to support is keyword, search and probably searches over the type of the app type of the document and that's what we're looking at for the minimum functionality and basically you need to find out. You know all the lights, for example and then get their ids.

C

So that's we have some we're currently discussing what is the minimum required functionality and uh I think in two weeks time. Hopefully I have an answer to that. That's more concrete.

D

Yeah, if we have one in in 10 days, that might be even more useful, yeah.

C

Yeah well we're in the middle of our face to face. uh I can bring it up in our. We have two more meetings. Maybe I can bring it up tomorrow and try and get you there.

D

Just throw out over something that that is uh preliminary uh as soon as possible, because that will really help us streamline this.

C

Yeah- and I I actually owe you a review of the json paths back and do a bit of a brain dump on what is the minimum future requirement. But let me see if I can dig up as far as our other discussion. I do have an issue about this, and maybe I can just forward to the issue.

D

Great. Thank you.

C

Okay,.

A

Great, thank you michael, and we are looking forward to hear more about this, and then we have our our final topic. um Microcoster and 1dm, and an iot schema update.

A

And the slide should be showing up in a moment.

A

And michael seems that you don't have yet audio screen audio stream.

D

You have to click your microphone.

J

I was stuck, I was stuck trying to share you're gonna you're gonna present the slides. I was stuck trying to share screen and I couldn't turn the audio on but yeah there you go.

J

Yeah, so this is really what um what amount to our application semantic initiatives that we're tracking as one data model and the earlier initiatives that we started, uh iot schema.org so um slide. Please.

J

Yeah, so one one data model, just to recap: um well, where we are, I don't really need to go back and talk about what we're trying to do, because I think most of us know what it is and could just go. Look so sdf is currently being developed in the asdf working group. We've kind of successfully spawned that out a year ago.

J

Our consensus process is developed and resolved um in terms of what we're going to uh to use. That uh nicholas drove that very, very well, um and some others, but nicholas, is our acting secretary for this process, so we're about to basically start um reviewing models. We've already started the review and and come up with a what we're calling a provisional set of models for our first publication.

J

That's really our status and we we picked sensors and we picked some uh operational state and mode setting models, and I think we've decided we're going to broaden things beyond that, but that much has been decided and the the challenges we've encountered so far are about sort of we're. Looking at there really a lot of different ways. Sensors are not really that easy.

J

There are a lot of different ways that people, design, sensors and a lot of different layers of functionality and ways of reporting and features in the data model and azadi was alluding to earlier different ways of handling units versus whether we have a sensor category for each unit or whether a unit is an attribute of a more generic sensor. Things like that, so we're we're basically going to work through those and figure out what what some reasonable solutions are for those we've kind of decided to to um to get something out the door.

J

You know to demonstrate that that we have useful stuff, but also we're not going to walk away from the harder problems, we're going to sort of step up and see if we can make some progress on maybe breaking things into modular features, so that then layered functionality so that we can describe simple sensors and complex sensors with the same set of basic building blocks and that's sort of given rise to some discussions, as ari also mentioned on what we mean by class and instance, and specializations of models where you start with an abstract model.

J

And- and you know incrementally or successively specialize it, um we don't really have a roadmap to present we're we're not working really working against a fixed time goal, but we do have this challenge of getting some some provisional models published in our official vetted workspace area so that people can start using them and we can start rolling things out.

J

So um when I can, I can take questions on one dm or just go through that. Why don't I just move on and try to talk about, iot schema, because it's going to be fairly brief. Next slide, please yeah!

J

So we started a long time ago thought we were going to extend schema.org, but we built it according to the the same event, action property event, meta model that um that everyone seems to have in some one form or another or a subset of, but ended up being that schema.org doesn't really want to go in the direction of having device definitions. That's just not really the kind of content they're their scope, for they want to keep things a little more generic and describe more like patterns so and our basic pattern stuff isn't really useful.

J

As it is without the devices to point to so we're kind of not going to be extending schema.org right away and that's really kind of the big news, um what we're doing is working on realigning iot schema with 1dm and other ontologies, so that we can basically have the device and start looking at the problem of how we talk about devices in the context of the physical world and so that that kind of means like becoming sort of an rdf front end, maybe for other ontologies and integration, but maybe becoming more of an integration kind of thing where, where iot schema, would be a way that you could get rdf that um that you could point to in a thing description.

J

So we don't really have a clear idea: we're working on rechartering. I can't really see the last line of the slide is there's. Oh there we go oh yeah, so basically where what we're? What we're looking at, though, and had some proposal from siemens already, is um some extensions in the meta model so that we can connect to physical relations and we have another little ontology that we're uh looking at for that.

J

So um I don't know if I have a conclusion slider that really I just wanted to sort of summarize where we're at on both of those activities. um Is there any questions or comments of a couple of seconds? I guess otherwise we're close to being back on time.

J

Okay, cool. Thank you.

D

Yeah, I think this is uh very interesting because we just had this discussion about relationships with respect to to sdf and and having a place where, where these relationships are already uh being discussed and- and uh we we might have something we can point to instead of uh reinventing the wheel there is- is probably going to be very useful.

D

So um what's the best way for for us to find out, what's going on, there.

J

I'm sorry to find out what's going on where.

D

In the iot schema.org activity.

J

um Yeah interesting, um I have canceled the monthly meetings for a while, but basically you need to need to uh kind of restart. That, I think, is what we need to do so, there's a mailing list that people are on and I'll send out uh email. But um that's a that's a really good question. I don't really have a a great answer right now, other than I will. I will try to get things going again.

J

We had the european vacation around august september and we didn't ever really start back up since that, but I think we have some more clear one. One observation I will make, though, is that we're seeing people um kind of knocking on the door at w3c around web of things and sort of they have the whole problem. They have that what's the common format, where do my models go? How do I standardize the thing that I'm doing so?

J

We kind of need to look at a maybe some kind of way of doing a little bit better integration across these these things- and I don't know if iot schema, we already have a w3c community group, but it didn't ever really activate, and so we kind of and w3c well web of things is in the middle of rechartering some things.

J

So uh maybe it's time to look at that um community group discussion or maybe it's time to look at kind of opening up the venue iot schema, never really had a a venue we're just working off of you, know zoom and things like that and google mail and and what have you anyway,.

F

um

J

I don't want to like run on us over time, but um that's a good point and let's, let's make sure we sort of, engage something and look at that, because I think there is a gap that needs to be addressed and I think that we kind of have the right approach there. But um the the bigger integration is really the question. Yeah, I'm cool.

C

You think autism org will be open to adding it to a deliverables like a spec through wpc and what.

J

That we need to look at some things where, when people come to w3c, they have you know an answer for some of the other questions they have. Besides, just what's the format.

C

Right.

D

Okay, it seems to me that would be a good subject to have a discussion on uh soon with maybe a few other players from the iot schema side. So I think we should discuss how to set up such a meeting, so we can get some progress on on the physical relation types and and other types of relations that we actually need in sdf as well. In the long run,.

J

Yeah, that's, I think, that's that's I I totally agree and maybe that's a good uh thing for wishy. Also great.

A

Okay, thank you. Thank you, michaels. It was very, very good information and I clearly you know a lot of good opportunities across these different activities and organizations to align our activities. So let's take a step at that and definitely you know in wishy we're more than happy to host this kind of discussion, so that could be a potential uh agenda item for our next wishing meeting.

A

Good and now we're actually almost at the end of the meeting, we had already a good good set of um discussions here and I uh we did write a good big set of notes uh in the usual place. Please go check them out and and see if we missed some something essential or if we mis represented your comments, it's always good to to fix those before we publish publish the notes, but before we close for today. In any final questions, comments from anyone.

A

Okay hearing none, so I guess our our next meeting, what we'll be all probably seeing in in the upcoming ietf uh hackathons and I idf meetings, but the next more official thinking research group activities are probably going to be than the upcoming wishing meetings. So wishing you all well until then um stay safe and looking forward to seeing you soon again.

A

Thank you and bye-bye.

D

Thank you.