From 4eb67d7f698547c76a6aeb8c7d197f7de7afc7ab Mon Sep 17 00:00:00 2001
From: "Matthew A. Miller" Initial published version approved by the XMPP Council. Corrected downloadPrivileges example. Made several corrections of the language. Expanded the introduction. Changes "Sensor Networks" to "Internet of Things". Fixed links to documents with new numbers. Changed namespace urn:xmpp:sn to urn:xmpp:iot Initial published version approved by the XMPP Council. Added control use cases. Grouped use cases. Added altitude credentials. Added resource information of original called to their corresponding JIDs. Added information about how to read sensors from large subsystems. Added friend recommendation message. Added use cases for service access rights and corresponding user privileges. First draft.
- This XEP provides the underlying architecture, basic operations and data structures for provisioning of services, access rights and user privileges in sensor networks.
+
+ This specification describes an architecture for efficient provisioning of services, access rights and user privileges in for the Internet of Things, where
+ communication between Things is done using the XMPP protocol.
+
+ Note has to be taken, that this XEP, and other Internet of Things-related XEP's, are designed for implementation in small devices, many of which have very limited
+ amount of memory (both RAM and ROM) or resources (processing power). Therefore, simplicity is of utmost importance. Furthermore, Internet of Things networks can
+ become huge, easily containing millions or billions of devices in peer-to-peer networks.
- Note has to be taken, that these XEP's are designed for implementation in sensors, many of which have very limited amount of memory (both RAM and ROM) or resources (processing power).
- Therefore, simplicity is of utmost importance. Furthermore, sensor networks can become huge, easily containing millions of devices in peer-to-peer networks.
+ An added complexity in the provisioning case is that Things (small sensors for example) often have very limited user interface options. Therefore, this document
+ explains how provisioning can be done efficiently using a trusted third party with more power and options when it comes to user interface design and storage.
+ This document defines the following important operations to allow for efficient provisioning of services in the Internet of Things, based on XMPP:
+
- An added complexity in the provisioning case is that sensors often have very limited user interface options. Therefore, this document explains how provisioning can be done
- efficiently using a trusted third party with more power and options when it comes to user interface design and storage.
+ This XEP relies on &xep0323; and &xep0325; for sensor data readout and control interfaces.
+ Internet of Things contain many different architectures and use cases. For this reason, the IoT standards have been divided into multiple XEPs according to the following table:
- This XEP relies heavily on sensor-data The following table lists common terms and corresponding descriptions.
@@ -384,7 +441,7 @@
Note: In many cases, an address to a provisioning server might be preprogrammed during production of the
- device. In these cases, parts of the above procedure may not neccessary. All the client needs to do, if the provisioning server is not available
+ device. In these cases, parts of the above procedure may not be necessary. All the client needs to do, if the provisioning server is not available
in the roster of the device, is to send a subscription request to the provisioning server, to alert the server of the existence of the device,
and possibly request a device token.
@@ -498,14 +555,14 @@
from='device@clayster.com/device'
to='provisioning@clayster.com'
id='2'>
-
@@ -563,10 +620,11 @@
- Note: This use case is an extension of the use case 'Read-out rejected' in the XEP sensor-data.
+ Note: This use case is an extension of the use case 'Read-out rejected' in the XEP-0323
+ Internet of Things - Sensor Data.
- The following example shows the communication first between the client and the device, then the device and the provisioning server, and last between the device and the client:
+ The following example shows the communication first between the client and the device, then between the device and the provisioning server, and last between the device and the client:
- Note that the provisioning server responds with a canReadResponse element, with the same content as the canRead element in the request.
-
@@ -613,14 +668,15 @@
- Note: This use case is an extension of the use case 'Read-out of multiple devices' in the XEP sensor-data.
+ Note: This use case is an extension of the use case 'Read-out of multiple devices' in the XEP-0323
+ Internet of Things - Sensor Data.
Note 2: If the server responds, but without specifying a list of nodes, the device can assume that all nodes available in the original request are allowed
to be read. If no nodes in the request are allowed to be read, the provisioning server must respond with a result='false', so the device can reject the read-out request.
- The following example shows the communication first between the client and the device, then the device and the provisioning server, and last between the device and the client:
+ The following example shows the communication first between the client and the device, then between the device and the provisioning server, and last between the device and the client:
@@ -680,7 +736,7 @@
to be sent. If no fields in the request are allowed to be sent, the provisioning server must respond with a result='false', so the device can reject the read-out request.
- The following example shows the communication first between the client and the device, then the device and the provisioning server, and last between the device and the client:
+ The following example shows the communication first between the client and the device, then between the device and the provisioning server, and last between the device and the client:
@@ -721,7 +777,7 @@
the fields allowed to be sent are listed. The client must only send fields having field names in this list.
- Also note, that the provisioning server can return both lists of allowed nodes and allowed field names in the response. In this case, the device must only send allowed fields
+ Also note, that the provisioning server can return a list of both allowed nodes and allowed field names in the response. In this case, the device must only send allowed fields
from allowed nodes, and ignore all other fields and/or nodes.
+
+
+
XEP
Description
-
- XEP-0000-ColorParameter
- Defines extensions for how color parameters can be handled, based on &xep0004;
-
-
- XEP-0000-DynamicForms
- Defines extensions for how dynamic forms can be created, based on &xep0004;, &xep0122;, &xep0137; and &xep0141;.
-
-
- exi
-
- Defines how to EXI can be used in XMPP to achieve efficient compression of data. Albeit not a sensor network specific XEP, this XEP should be considered
- in all sensor network implementations where memory and packet size is an issue.
-
-
-
xep-0000-SN-BatteryPoweredSensors
+ xep-0000-IoT-BatteryPoweredSensors
Defines how to handle the peculiars related to battery powered devices, and other devices intermittently available on the network.
-
xep-0000-SN-Concentrators
- Defines how to handle architectures containing concentrators or servers handling multiple sensors.
+ xep-0000-IoT-Discovery
+ Defines the peculiars of Thing discovery in Internet of Things. Apart from discovering Things by JID, it also defines how to discover Things based on location, etc.
-
xep-0000-SN-Control
- Defines how to control actuators and other devices in sensor networks.
+ xep-0000-IoT-Events
+ Defines how Things send events, how event subscription, hysteresis levels, etc., are configured.
-
xep-0000-SN-Discovery
- Defines the peculiars of sensor discovery in sensor networks. Apart from discovering sensors by JID, it also defines how to discover sensors based on location, etc.
+ xep-0000-IoT-Interoperability
+ Defines guidelines for how to achieve interoperability in Internet of Things, publishing interoperability interfaces for different types of devices.
-
- xep-0000-SN-Events
- Defines how sensors send events, how event subscription, hysteresis levels, etc., are configured.
-
-
- xep-0000-SN-Interoperability
- Defines guidelines for how to achieve interoperability in sensor networks, publishing interoperability interfaces for different types of devices.
-
-
xep-0000-SN-Multicast
+ xep-0000-IoT-Multicast
Defines how sensor data can be multicast in efficient ways.
-
- sensor-network-provisioning
- This specification. Defines how provisioning, the management of access privileges, etc., can be efficiently and easily implemented.
+ xep-0000-IoT-PubSub
+ Defines how efficient publication of sensor data can be made in Internet of Things.
-
- xep-0000-SN-PubSub
- Defines how efficient publication of sensor data can be made in sensor networks.
-
- sensor-data
+
+
+ xep-0000-IoT-Chat
+ Defines how human-to-machine interfaces should be constructed using chat messages to be user friendly, automatable and consistent with other IoT extensions and possible underlying architecture.
+
+
+ XEP-0322
+
+ Defines how to EXI can be used in XMPP to achieve efficient compression of data. Albeit not a Internet of Things specific XEP, this XEP should be considered
+ in all Internet of Things implementations where memory and packet size is an issue.
+
+
+
- XEP-0323
Provides the underlying architecture, basic operations and data structures for sensor data communication over XMPP networks.
- It includes a hardware abstraction model, removing any technical detail implemented in underlying technologies. This XEP is used by all other sensor network XEPs.
+ It includes a hardware abstraction model, removing any technical detail implemented in underlying technologies. This XEP is used by all other
+ Internet of Things XEPs.
+
+ XEP-0324
+ This specification. Defines how provisioning, the management of access privileges, etc., can be efficiently and easily implemented.
+
+
+ XEP-0325
+ Defines how to control actuators and other devices in Internet of Things.
+
+
+ XEP-0326
+ Defines how to handle architectures containing concentrators or servers handling multiple Things.
+
+
+ XEP-0331
+ Defines extensions for how color parameters can be handled, based on &xep0004;
+
+
+ XEP-0336
+ Defines extensions for how dynamic forms can be created, based on &xep0004;, &xep0122;, &xep0137; and &xep0141;.
+
- The following example shows the communication first between the client and the device, then the device and the provisioning server, and last between the device and the client: + The following example shows the communication first between the client and the device, then between the device and the provisioning server, and last between the device and the client:
- The following example shows the communication first between the client and the device, then the device and the provisioning server, and last between the device and the client: -
-- Note that the provisioning server responds with a canControlResponse element, similar to the canControl element in the request, except - only the nodes allowed to be controlled are included. The device must only permit control of nodes listed in the response from the provisioning server. Other nodes available - in the request should be ignored. -
-- Also note, that the restricted set of nodes and/or parameters returned from the provisioning server must be returned to the original caller, so it can - act on the information that only a partial control action was allowed and taken. -
- -- In case the provisioning server wants to limit the control parameters a client can control in a device, the provisioning server has the possibility to grant - control access, but list a set of parameters the client is allowed to control in the corresponding device. -
-- - -
-- Note: If the server responds, but without specifying a list of nodes, the device can assume that all nodes available in the original request are allowed - to be controlled. If no nodes in the request are allowed to be controlled, the provisioning server must respond with a result='false', so the device can reject the read-out request. - The same is true for parameters: If the provisioning server does not specify parameters in the response, the caller can assume all parameters are allowed. -
-- The following example shows the communication first between the client and the device, then the device and the provisioning server, and last between the device and the client: -
++ Note that the provisioning server responds with a canControlResponse element, similar to the canControl element in the request, except + only the nodes allowed to be controlled are included. The device must only permit control of nodes listed in the response from the provisioning server. Other nodes available + in the request should be ignored. +
++ Also note, that the restricted set of nodes and/or parameters returned from the provisioning server must be returned to the original caller, so it can + act on the information that only a partial control action was allowed and taken. +
+ ++ In case the provisioning server wants to limit the control parameters a client can control in a device, the provisioning server has the possibility to grant + control access, but list a set of parameters the client is allowed to control in the corresponding device. +
++ + +
++ Note: If the server responds, but without specifying a list of nodes, the device can assume that all nodes available in the original request are allowed + to be controlled. If no nodes in the request are allowed to be controlled, the provisioning server must respond with a result='false', so the device can reject the read-out request. + The same is true for parameters: If the provisioning server does not specify parameters in the response, the caller can assume all parameters are allowed. +
++ The following example shows the communication first between the client and the device, then between the device and the provisioning server, and last between the device and the client: +
- Also note, that the provisioning server can return both lists of allowed nodes and allowed parameter names in the response back to the client, so it can + Also note, that the provisioning server can return a list of both allowed nodes and allowed parameter names in the response back to the client, so it can act on the information that only a partial control action was allowed and taken.
The provisioning server receives these credentials, and decides if the user should have access to the service or not, based on rules configured in the provisioning service. - If the user is granted access, a userToken is generated and returned to the service. This token + If the user is granted access, a userToken is generated and returned to the service.
Now, the service can determine if this access grant is sufficient or not. It can require the user to login into the service first. If so, the service should provide the provisioning
@@ -1084,7 +1140,7 @@
from='service@clayster.com/service'
to='provisioning@clayster.com'
id='9'>
-
- The following table suggests some examples of Privilge IDs, with suggestive descriptions. (Only used as an example.) + The following table suggests some examples of Privilege IDs, with suggestive descriptions. (Only used as an example.)