In the near future, ubiquitous computing will be everywhere, enormous small networked devices, commonly called as smart objects are embedded inside our daily environments, in our cars, houses, our clothes, shoes or even our body. These smart objects reshape our living environment, making it ubiquitously accessible than ever. What is more, by combining these smart objects with personal mobile/web applications, people can access to their environment in more ease, either remote monitor or remote control, more advanced smart applications can also bind the distributed sensors and actuators with user’s preference to make smart environment automated in response to the contextual changes.
Remote monitoring and control based on the device level gives us many benefits such as environment awareness and robot automation. But apart from this, there exists another great benefit derived from the device level – the enormous, continues and real time data streams which can be seen more valuable and exploited for the society as a whole. For example, my health data could be delivered to 3rd party (your personal doctor or hospital), they have the capability and knowledge to analysis your data, read data as health pattern and used to infer my health problem accurately. It gives people more easy and fast analytics on data, but more importantly collaboration between entities, like patients and doctors, household and Electricity Company.
All these sound great, but thinking that in the future, everyone has to manage tens of hundreds of smart devices, a headache problem? Yes, let alone there are more serious issues on the management of bindings between smart device and various applications, meaning user must be also aware of if there are 3rd party applications abusing my device data for benefits without accessing my permission – privacy issue or maliciously control my device remotely. It is not only concerned to network security/privacy problem in virtual reality, but far more stretched to the security and safety of our life in the physical world. So before this vision is truly coming to us, we need to make the worst assumptions and place the management of devices, security and privacy on the top list.
The main purpose of the webinos is to solve the interoperability and deployment issues of web-based application among various platforms. So for a web developer, they can make a web based application making use of web standard API and deploy them ubiquitously in PC, mobile, web, vehicle, embedded system platforms. What is more, the web based application could have the app data being synchronized, shared among the platforms; and different user can get collaborate in more explicit way under the secure framework. While on the user’s perspective, it makes easier to manage his devices and multiple level control on the application and 3rd party access. All these features are provided under the implementation of PZP and PZH.
As we know, PZP can represent one person’s device, a middleware between device, context control and application. PZH resides on the server, is a web service, managing all this person’s devices, their security, privacy on the data and connection. PZP are implemented on the device level and PZH are implemented on the cloud server level.
Looking back to the vision of IOT whether for the remote monitoring, automation, collaboration, all require devices talking to web or devices talking to each other securely, privately. Concerning the security and privacy, that is to say how are we going to split the keys and certificates into different levels of control and distribute the keys and certificates to others while maintaining easy management for us.
In our digital worlds, people’s identity is relying on the digital signature, certificate based on PKI – public key infrastructure. Therefore, device association with people, device communication, more complex interactions rely on this PKI again, but more webinos does is to maintain the interactions of these, and Webinos gives mechanism and policy implemented in PZP and PZH to distribute the key and certificate to devices, exchange them with other people. That ensures people three things.
1. People have a personal central hub to manage their devices uniformly in multiple levels, in particular associating personal identity with device.
2. Data connection between device and cloud/ device and device is secure.
3. People with a web trust can also get access to the other people’s device with their permission.
So with certificate exchange between devices, home monitoring device can be added to personal zone – in other words, device management hub, hub helps me authenticate the device, encrypt the data and route the device data to required location, such as my mobile phone. This is the basic for remote monitoring and control.
More complex interactions happens between users, that one trusted user want to use the device of another use, they must exchange their certificate and use authentication token to get access to the control the that device.
For example, Hackers convert MIT building in giant Tetris video game, there is a large building with hundreds of offices; person in each office owns the access to the light control, so he can remotely control the light on/off. So imagine one application wants to display the animation on the building surface with hundreds of windows in the night, so this application needs to get the permission from the person in the office to control that guy’s office light. In the webinos perspective, each light is like the PZP, and each person in the office uses the PZH to manage the certificate of device and application. The application that uses building surface to display is considered as PZH, so this application PZH has to talked to all the PZH in the office, and getting the signed certificate and finally with these certificates, that application PZH can control all the window/office lights at the night.
Or imagine use raspberry pi to teach the children programming, a tutor can start a course, which automatically generate a certificate for the course. Each child has a raspberry pi with certificate in the memory. If the tutor wants to collaborate with child remotely, like passing the codes to child’s device and uses code to control the device for the demo purpose (to show how the code works with the device). This also requires the devices sharing the certificates and communicating trustfully and securely.
So for me, the key of webinos is on the security and privacy but not the deployment of web apps. Simply connecting devices together is not an issue already because of IP, the true issue is people don’t trust connecting their devices together and sharing their data because they felt not protected. I felt the issue of interoperability and deployment of web app could be solved with Mozilla OSor Phonegap, while backbone of webinos provides a high level control on how people work with their devices, data and collaborate with other.
To build a smart city platform, in the simple manager, the platform should have basic middleware control on what, when, how the data can be accessible, and additionally accessible by who – developer. This functionality is often seen in the many application scenarios in the auth2 way, that each developer can register for an application ID and get a secret key, with these the developer can get access to the resource of the platform, the for the platform manager, they can monitor what resources the developer are using in their platform.
But a real sense of smart city platform, should more concentrate on the data rather management of developer. This can be explained in two perspectives.
One is the data not only points to the raw data but should have a semantic layer. In the semantic web, all the data are being connected; interoperable with different data vendor. With this in place, machine itself can understand the meaning of these data. And application can extract the context data from the data semantic layer that leads to the application more context awareness. Webinos tries to address the context data, but in limited manager, it doesn’t put the semantic web or ontology into the consideration, after all, semantic thing is not the problem it tries to solve.
The second perspective is real time data. The smart city platform is sitting between the data producers and data consumers. Data consumer is commonly referred as the developers who are using the data to make applications. Data producers can often be person or organizations who owns a few or a large number of devices, through the smart city platform, they are manage their devices and data securely. (Meaning even the device data are stored on the cloud/platform, the manager of platform still can’t see through the data due to user has the privacy key.) And in many circumstances, the input the platform is the real time device data, and the platform should route the data in real time to those developer who seen as the data consumers. To address this, one big challenge is the device authentication, web trust on device and user, which is to be addressed by webinos security and privacy framework. Another big thing is the real time data streaming of device data, is believed more efficient with protocol like MQTT. But webinos only supports XMPP, causing much latency in fact.
Ultimately, I don’t know on the interoperability and deployment of web application whether webinos could defeat Mozilla OS or Phonegap. But the security, privacy, policy are the core to be reused for solving the trust for device and data. The webinos security stuff could be implemented as software component under phonegap framework to achieve both security and interoperability.