%ents; ]>
Internet of Things - Control This specification describes how to control devices or actuators in an XMPP-based sensor network. &LEGALNOTICE; 0325 Experimental Standards Track Standards Council XEP-0001 XEP-0004 XEP-0030 XEP-0122 XEP-0137 XEP-0141 XEP-0323 XEP-0324 XEP-0331 XEP-0336 sensor-network-control Peter Waher peter.waher@clayster.com peter.waher@jabber.org http://www.linkedin.com/in/peterwaher 0.2 2014-03-10 pw

Namespace in dynamic form examples has been changed to urn:xmpp:xdata:dynamic.

Corrected the namespace used for parameterGroup elements in the examples of the document.

Added support for color values with alpha channel.

Updated the schema to more strictly validate references to x-data forms.

Schema was updated to reflect the correct relationship between the x-data subelement in a set operation.

Fixed links to documents with new numbers.

Changed namespace urn:xmpp:sn to urn:xmpp:iot

Schema was corrected: The parameter sub-element in the setResponse element was removed.

0.1 2013-05-06 psa

Initial published version approved by the XMPP Council.

0.0.1 2013-03-27 pw

First draft.

Actuators are devices in sensor networks that can be controlled through the network and act with the outside world. In sensor networks and Internet of Things applications, actuators make it possible to automate real-world processes. This document defines a mechanism whereby actuators can be controlled in XMPP-based sensor networks, making it possible to integrate sensors and actuators of different brands, makes and models into larger Internet of Things applications.

Note has to be taken, that these XEP's are designed for implementation in sensors, many of which have very limited amount of memory (both RAM and ROM) or resources (processing power). Therefore, simplicity is of utmost importance. Furthermore, sensor networks can become huge, easily with millions of devices in peer-to-peer networks.

Sensor networks contains many different architectures and use cases. For this reason, the sensor network standards have been divided into multiple XEPs according to the following table:

XEP Description
xep-0000-IoT-BatteryPoweredSensors Defines how to handle the peculiars related to battery powered devices, and other devices intermittently available on the network.
xep-0000-IoT-Discovery Defines the peculiars of sensor discovery in sensor networks. Apart from discovering sensors by JID, it also defines how to discover sensors based on location, etc.
xep-0000-IoT-Events Defines how sensors send events, how event subscription, hysteresis levels, etc., are configured.
xep-0000-IoT-Interoperability Defines guidelines for how to achieve interoperability in sensor networks, publishing interoperability interfaces for different types of devices.
xep-0000-IoT-Multicast Defines how sensor data can be multicast in efficient ways.
xep-0000-IoT-PubSub Defines how efficient publication of sensor data can be made in sensor networks.
xep-0000-IoT-Chat Defines how human-to-machine interfaces should be constructed using chat messages to be user friendly, automatable and consistent with other IoT extensions and possible underlying architecture.
XEP-0322 Defines how to EXI can be used in XMPP to achieve efficient compression of data. Albeit not a sensor network specific XEP, this XEP should be considered in all sensor network implementations where memory and packet size is an issue.
XEP-0323 Provides the underlying architecture, basic operations and data structures for sensor data communication over XMPP networks. It includes a hardware abstraction model, removing any technical detail implemented in underlying technologies. This XEP is used by all other sensor network XEPs.
XEP-0324 Defines how provisioning, the management of access privileges, etc., can be efficiently and easily implemented.
XEP-0325 This specification. Defines how to control actuators and other devices in Internet of Things.
XEP-0326 Defines how to handle architectures containing concentrators or servers handling multiple sensors.
XEP-0331 Defines extensions for how color parameters can be handled, based on &xep0004;
XEP-0336 Defines extensions for how dynamic forms can be created, based on &xep0004;, &xep0122;, &xep0137; and &xep0141;.

The following table lists common terms and corresponding descriptions.

Actuator
Device containing at least one configurable property or output that can and should be controlled by some other entity or device.
Computed Value
A value that is computed instead of measured.
Concentrator
Device managing a set of devices which it publishes on the XMPP network.
Field
One item of sensor data. Contains information about: Node, Field Name, Value, Precision, Unit, Value Type, Status, Timestamp, Localization information, etc. Fields should be unique within the triple (Node ID, Field Name, Timestamp).
Field Name
Name of a field of sensor data. Examples: Energy, Volume, Flow, Power, etc.
Field Type
What type of value the field represents. Examples: Momentary Value, Status Value, Identification Value, Calculated Value, Peak Value, Historical Value, etc.
Historical Value
A value stored in memory from a previous timestamp.
Identification Value
A value that can be used for identification. (Serial numbers, meter IDs, locations, names, etc.)
Localization information
Optional information for a field, allowing the sensor to control how the information should be presented to human viewers.
Meter
A device possible containing multiple sensors, used in metering applications. Examples: Electricity meter, Water Meter, Heat Meter, Cooling Meter, etc.
Momentary Value
A momentary value represents a value measured at the time of the read-out.
Node
Graphs contain nodes and edges between nodes. In Internet of Things, sensors, actuators, meters, devices, gatewats, etc., are often depicted as nodes whereas links between sensors (friendships) are depicted as edges. In abstract terms, it's easier to talk about a Node, rather than list different possible node types (sensors, actuators, meters, devices, gateways, etc.). Each Node has a Node ID.
Node ID
An ID uniquely identifying a node within its corresponding context. If a globally unique ID is desired, an architecture should be used using a universally accepted ID scheme.
Parameter
Readable and/or writable property on a node/device. The XEP-0326 &xep0326; deals with reading and writing parameters on nodes/devices. Fields are not parameters, and parameters are not fields.
Peak Value
A maximum or minimum value during a given period.
Precision
In physics, precision determines the number of digits of precision. In sensor networks however, this definition is not easily applicable. Instead, precision determines, for example, the number of decimals of precision, or power of precision. Example: 123.200 MWh contains 3 decimals of precision. All entities parsing and delivering field information in sensor networks should always retain the number of decimals in a message.
Sensor
Device measuring at least one digital value (0 or 1) or analog value (value with precision and physical unit). Examples: Temperature sensor, pressure sensor, etc. Sensor values are reported as fields during read-out. Each sensor has a unique Node ID.
SN
Sensor Network. A network consisting, but not limited to sensors, where transport and use of sensor data is of primary concern. A sensor network may contain actuators, network applications, monitors, services, etc.
Status Value
A value displaying status information about something.
Timestamp
Timestamp of value, when the value was sampled or recorded.
Token
A client, device or user can get a token from a provisioning server. These tokens can be included in requests to other entities in the network, so these entities can validate access rights with the provisioning server.
Unit
Physical unit of value. Example: MWh, l/s, etc.
Value
A field value.
Value Status
Status of field value. Contains important status information for Quality of Service purposes. Examples: Ok, Error, Warning, Time Shifted, Missing, Signed, etc.
Value Type
Can be numeric, string, boolean, Date & Time, Time Span or Enumeration.
WSN
Wireless Sensor Network, a sensor network including wireless devices.
XMPP Client
Application connected to an XMPP network, having a JID. Note that sensors, as well as applications requesting sensor data can be XMPP clients.

Control in sensor networks is about setting output values. To make the implementation simple, it is assumed that control of a device can be made using a single message. If only a simple set operation is requested, a <message> stanza can be sent. If an acknowledgement (ACK) of the operation (or Not-acknowledgement NACK) of the operation is desired, an <iq> stanza can be used instead.

To set control parameters in a device, the set command is sent to the device. The set command allows for two different ways of setting control parameters:

What type of control parameters there are available in different types of devices is described in XEP-xxxx: Internet of Things - Interoperability <xep-0000-IoT-Interoperability.html> .

If the device is a concentrator, as defined in Internet of Things - Concentrators, an handles multiple nodes behind it, which node(s) to control is defined using node elements. If not a concentrator, the use of node elements is not necessary, and control commands are sent directly to the device itself.

Following is an example of a control command sent using a message stanza:

]]>

Note that any response is supressed when sending a message stanza, regardless if the desired control command could be executed or not. The following example shows how the same control command could be issued using an IQ stanza instead:

Following is an example of a control command sent using an iq stanza:

]]>

In the following use cases, often a message stanza will be used to illustrate the point. However, the same operation could equally well be used using an iq stanza instead.

By using an IQ stanza, the caller can receive an acknowledgement of the reception of the command, or error information if the command could not be processed. Following is an example of a control command sent using an iq stanza, where the receiver reports an error back to the caller:

Invalid parameter type. ]]>

The following sub-sections illustrate how to set parameters of different types in a device.

Setting single boolean-valued control parameters is a common use case, for instance when controlling digital outputs. The following example shows how a boolean value can be set in a device.

]]>

Setting single integer-valued control parameters is a common use case, for instance when controlling analog outputs. The following example shows how a 32-bit integer value can be set in a device.

]]>

Setting single integer-valued control parameters is a common use case, for instance when controlling analog outputs. Even though 32-bit integers may cover most control needs, it might in some cases be limiting. Therefore, a 64-bit control parameters can be created. The following example shows how a 64-bit integer value can be set in a device.

]]>

Setting single string-valued control parameters is a common use case, for instance when controlling text displays. The following example shows how a string value can be set in a device.

]]>

Setting single double-valued control parameters can be an alternative form of controlling analog outputs for instance. The following example shows how a double value can be set in a device.

]]>

Setting date-valued control parameters might be necessary when timing is an issue. Often it forms part of a larger context. The following example shows how a date value can be set in a device.

]]>

Setting time-valued control parameters might be necessary when timing is an issue. Often it forms part of a larger context. The following example shows how a time value can be set in a device.

]]>

Setting date & time-valued control parameters might be necessary when timing is an issue. Often it forms part of a larger context. The following example shows how a date & time value can be set in a device.

]]>

Setting duration-valued control parameters might be necessary when timing is an issue. Often it forms part of a larger context. The following example shows how a duration value can be set in a device.

]]>

Setting single color values in a device can occur in instances where color or lighting is important. Sometimes color is set using enumerations (string-valued or integer-valued parameters), and sometimes as a color property. The following example shows how a color value can be set in a device.

]]>

Often, setting a single control parameter is not sufficient for a control action. In these cases, setting multiple control parameters at once is necessary. The set command makes this easy however, since it allows for any number of control parameters to be set at once, as the following example shows:

]]>

Sometimes the order of control parameters are important in the device, and sometimes the parameters form part of a whole. It depends on the context of the device. In the above example, the order is important. When the OutputPercent control parameter is set, it will start to fade in or out to the desired setting (10%), using the fade time set previously. If the FadeTimeMilliseconds control parameter would have been set after the OutputPercent parameter, the fading would have been started using the previous setting, which might be unknown.

The order of control parameters to use depends on the device. The Control Form lists available control parameters of the device in the order they are expected to be sent to the device. The XEP xep-0000-IoT-Interoperability details what control parameters must be available for different interfaces, and if the order of control parameters is important.

A client can get a control form containing available control parameters of the device. This is done using the getForm command, as is shown in the following example:

Dimmer 325ED0F3-9A9A-45A4-9634-4E0D41C5EA06 Time in milliseconds used to fade the light to the desired level. 300 Dimmer output, in percent. 100 If the dimmer is turned on or off. true ]]>

IMPORTANT: The device MUST mark all control parameters in the form as notSame, as defined in XEP-0336: Dynamic Data Forms <http://xmpp.org/extensions/xep-0336.html> . If an end user would open the control form and press OK (submitting the form) without having entered a value, no value would be written, and no action taken. If only a few parameter would be edited, only those parameters would be sent to the device and only the corresponding actions taken.

All parameters in the form MUST also have validation rules defined according to XEP-0122, specifically validation data types and ranges where appropriate. This to give type information to the client, which the client later can use to send typed control commands directly, without the need to get and send data forms to the device to control it.

Also, the device SHOULD group control parameters that should be written together using pages and sections, as described in XEP-0141. Parameters MUST also be ordered in a way so that when set in that order using the typed commands, the corresponding control actions can be successfully executed.

Note: There's a difference between node parameters, as described in XEP-0326 Internet of Things - Concentrators, and control parameters as described in this document. For more information about this, please see Difference between node parameters and node control parameters.

A device can reject a control form request. It does this returning an error iq stanza, and detailing the error in the result attribute of the getFormResponse element, as is shown in the following example:

]]>

Control actions can be requested by submitting a full or partial control form back to the device. Control parameters not edited MUST not be included in the form, and the device in turn MUST ONLY invoke control actions corresponding to the parameters returned in the form.

The following example shows how control actions can be requested submitting a control parameters form to the device:

325ED0F3-9A9A-45A4-9634-4E0D41C5EA06 500 10 ]]>

In this example, the FadeTimeMilliseconds and OutputPercent control parameters are sent, while the MainSwitch control parameter is left as is. Fading is therefore parformed only if the dimmer is switched on.

A device can reject a control form submission. It does this returning an error iq stanza, and detailing the error in the result attribute of the setResponse element. If there are errors in the form, details are listed using error elements in the response, as is shown in the following example:

325ED0F3-9A9A-45A4-9634-4E0D41C5EA06 500 200 Invalid parameter value. ]]>

Controlling devices behind a concentrator can be done by specifying what device(s) to control using node elements within the command elements sent to the concentrator. The following sub-sections show examples of how this is done.

To send a control message to a specific node behind a concentrator, the node element can be used to identify the node, as is shown in the following example:

]]>

The client can send the same control command to multiple nodes behind a concentrator by simply adding more node elements in the request, as is shown in the following example:

]]>

By using an IQ stanza, the caller can receive an acknowledgement of the reception of the command, or error information if the command could not be processed. When sending a control command to multiple nodes at a time the device must validate all parameters against all nodes before taking any control action. If validation fails, an error message is returned and no control action is taken. The following example shows an example of an erroneous control message made to multiple nodes on a device:

Invalid parameter type. ]]>

A client can get a control form containing available control parameters common between a set of nodes controlled by the concentrator. This is done adding a sequence of node elements to a getForm command sent to the concentrator, as is shown in the following example:

DigitalOutput1, DigitalOutput2, ... 325ED0F3-9A9A-45A4-9634-4E0D41C5EA06 If the digital output is high (checked) or low (uncheckd). true ]]>

Note that only parameters that are common between the nodes defined in the request must be returned. However, all parameters must have the notSame flag set, regardless of current output status.

A device can reject a control form request. It does this returning an error iq stanza, and detailing the error in the result attribute of the getFormResponse element. The following example shows the device rejecting a control form request, because it does not support the handling of common parameters between multiple nodes:

]]>

You set a control form to multiple nodes controlled by a concentrator by adding node elements to the set command sent to the concentrator, as is shown in the following example:

325ED0F3-9A9A-45A4-9634-4E0D41C5EA06 true ]]>

A device can reject a control form submission. It does this returning an error iq stanza, and detailing the error in the result attribute of the setResponse element. The following example shows the device rejecting a control form submission because one of the control parameters, even though it exists on all nodes, is not of the same type on all nodes.

325ED0F3-9A9A-45A4-9634-4E0D41C5EA06 true Invalid type ]]>

If an entity supports the protocol specified herein, it MUST advertise that fact by returning a feature of "urn:xmpp:iot:control" in response to &xep0030; information requests.

]]> ... ... ]]>

In order for an application to determine whether an entity supports this protocol, where possible it SHOULD use the dynamic, presence-based profile of service discovery defined in &xep0115;. However, if an application has not received entity capabilities information from an entity, it SHOULD use explicit service discovery instead.

If a client wants to know the current status of control parameters, it must perform a readout of Momentary and Status values from the device, according to &xep0323;, and from the returned set of values take the current control parameter value according to the following rules, ordered by priority:

  • If there's a field marked as momentary value, with an unlocalized field name equal to the unlocalized control parameter name and having a compatible field value type (see table below) and a status field without the missing flag set, the value of the field should be considered the current value of the control parameter.

  • If there's a field marked as status value, with an unlocalized field name equal to the unlocalized control parameter name and having a compatible field value type (see table below) and a status field without the missing flag set, the value of the field should be considered the current value of the control parameter.

Even though getting the the control form could provide the client with a quicker and easier way of retrieving control parameter values, the form is not guaranteed to contain correct current values. In some cases, retrieving current values might take time and only be retrieved using an asynchronous read-out process described in this section.

The following table shows how corresponding field values should be converted to the corresponding control parameter value based on field type (x-axis) and control parameter type (y-axis). N/A means conversion has no meaning and types are not compatible.

numeric string boolean dateTime timeSpan enum
boolean !=0 N/A x N/A N/A N/A
color N/A RRGGBB or RRGGBBAA N/A N/A N/A N/A
date N/A (1) N/A Date part N/A N/A
dateTime N/A (2) N/A x N/A N/A
double x (3) Z2 N/A N/A N/A
duration N/A (4) N/A N/A x N/A
int x (5) Z2 N/A N/A N/A
long x (5) Z2 N/A N/A N/A
string (6) x xs:boolean xs:dateTime xs:duration x
time N/A (7) N/A Time part (8) N/A

The following table lists notes with details on how to do conversion, if in doubt.

Note Description
(1) The client should try to convert the string to a date value, first according to the format specified by the XML data type xs:date, and if not possible by RFC 822.
(2) The client should try to convert the string to a date & time value, first according to the format specified by the XML data type xs:dateTime, and if not possible by RFC 822.
(3) The client should try to convert the string to a double-precision floating-point value, first according to the format specified by the XML data type xs:double, and if not possible using system-local string to floating-point conversion using local decimal and throusand separator settings.
(4) The client should try to convert the string to a duration value, first according to the format specified by the XML data type xs:duration, and if not possible using the XML data type xs:time.
(5) The client should try to convert the string to an integer value according to the corresponding XML data type formats xs:int and xs:long.
(6) The numeric field value consists of three parts: Numeric value, number of decimals and optional unit. If no unit is provided, only the numeric value should be converted to a string (compatible with the XML data type xs:double), using exactly the number of decimals provided in the field. If a unit is provided (non-empty string) it must not be appended to the value, if the value is to be used for control output. For presentation purposes however, a space could be appended to the number and the unit appended after the space.
(7) The client should try to convert the string to a time value according to the format specified by the XML data type xs:time.
(8) A timeSpan field value contains a xs:duration value. The xs:duration has a larger domain than xs:time, and contains all xs:time values, but xs:time does not contain all possible xs:duration values. So, conversion of an xs:duration value to an xs:time value should be performed only if a duration lies between 00:00:00 and 23:59:59.
x Use the canonical conversion method.
Z2 true = 1, false = 0.
N/A Not applicable. Conversion has no meaning. Value types are not compatible.
!=0 Nonzero = true, Zero = false.
RRGGBB A string of six hexadecimal characters, the first two the red component of the color, the next two the green component and the last two the blue component.
RRGGBBAA A string of eight hexadecimal characters, the first two the red component of the color, the next two the green component, the following two the blue component and the last two the alpha channel.
Date part Only the date part of the xs:dateTime value should be used.
Time part Only the time part of the xs:dateTime value should be used.
xs:boolean Conversion to a string should follow the rules specified for the XML datatype xs:boolean.
xs:dateTime Conversion to a string should follow the rules specified for the XML datatype xs:dateTime.
xs:duration Conversion to a string should follow the rules specified for the XML datatype xs:duration.

Note: the namespace prefix xs is here supposed to be linked with the XML Schema namespace http://www.w3.org/2001/XMLSchema.

A node defined in a concentrator, as defined by Internet of Things - Concentrators, supporting control has two sets of parameters that are different: First a set of node parameters and then a set of control parameters.

Node parameters are defined by the node type in the concentrator, as described in Internet of Things - Concentrators, and they are typically used by the concentrator to define the node and how to communicate or interact with the underlying device. The important part here is to know that the node parameters are maintained by the concentrator, not the underlying device.

Control parameters however, are parameters that reside on the underlying device. When set, they change the actual state or behaviour of the underlying device. The connection to the device however, controlled by the concentrator, remains unchanged by such a control parameter update.

Many control actions available in a device can be controlled using only one control parameter. If a device only publishes such control parameters, the order of control parameters is not that important.

However, there are many control actions that require the client to set multiple control parameters at the same time, for the device to have a complete understanding what the client wants to do.

XEP-0141 defines a way to group parameters in a data form by including the concept of pages and sections. Even though these pages and sections are used for layout purposes, it should be used by devices to mark parameters that should be used together to perform control actions.

The following set of rules should be adhered to, by devices as well as clients, to minimize confusion and resulting errors:

  • Control parameters should be listed in control forms in the order the device expects the client to write them back.

  • Clients should set control parameters in the order they are listed in the corresponding control forms.

  • Control actions that require multiple control parameters should report these together, grouped by pages or sections within pages, to make clear that the parameters belong together.

  • For control actions requiring multiple control parameters, devices should strive to publish default values for all parameters involved. These default values should then be used by the device if a client happens to write only a subset of the control parameters required for a control action. The default value could be the current state of the parameter.

Note however, that one cannot always make the assumption that parameters on the same page or same section in a control form belong to the same control action. For instance, a PLC with 16 digital outputs might publish a control form containing a single page with 16 check boxes on (boolean parameters), that can be controlled individually.

To solve the problem of grouping parameters together, so a client can know which parameters belong together, a new element is defined that can be used in data forms: parameterGroup. It is optional, but can be added to control parameters in forms, as a way to tell the client that parameters having the same parameterGroup belong together and should be written together.

Note: If used, the server must not include a parameter in more than one parameter group at a time. The form may contain multiple group, but each parameter must only have at most one parameterGroup element.

The following example illustrates the use of the parameterGroup element to group parameters together.

Spotlight 325ED0F3-9A9A-45A4-9634-4E0D41C5EA06 If the spotlight is turned on or off. true Horizontal angle of the spotlight. 0 Elevation angle of the spotlight. 0 ]]>

The above example informs the client that the two parameters HorizontalAngle and ElevationAngle should be written together to control a control action (named direction).

For more information about common control actions and their parameters, see xep-0000-IoT-Interoperability.html, which defines a set of interoperable interfaces and their abilities.

Nodes behind a concentrator, as defined in Internet of Things - Concentrators, have an additional means of publishing control interfaces: Node Commands.

However, there are many differences between Node Commands and Control Parameters, as shown in the following list:

  • Node Commands are defined by the node type in the concentrator, and not by the device itself.

  • Node Commands may do many different things, not only performing control actions.

  • Parametrized Node Commands require the client to always get a parameter data form, and write back values. There's no way to send simple control messages using Node Commands.

  • Node Commands can be partitioned, grouped and sorted separately.

  • Each Parametrized Node Command has a separate parameter form, which makes grouping of parameters normal.

  • Node Commands are only available for nodes controlled by a concentrator.

If implementing a device with many complex control actions (like an advanced PLC), consideration should be made to divide the device into logical groups and implement the concentrators interface as well. Then the more complex control actions could be implemented as Node Commands instead of control actions as defined in this document, and implementing the simpler more intuitive control actions as described in this document.

If control interaction is performed in a context of delegated trust, as defined in the Sensor Network Provisioning XEP-0324 &xep0324;, tokens should always be included in all calls. This to allow devices to check privileges with provisioning servers.

The set and getForm commands support the following token attributes:

  • serviceToken
  • deviceToken
  • userToken

For more information about provisioning, see Internet of Things - Provisioning.

Most examples in this document have been simplified examples where a few devices containing a few control parameters have been used. However, in many cases large subsystems with very many actuators containing many different control actions have to be controlled, as is documented in Internet of Things - Concentrators. In such cases, a node may have to be specified using two or perhaps even three ID's: a sourceId identifying the data source controlling the device, a possible cacheType narrowing down the search to a specific kind of node, and the common nodeId. For more information about this, see Internet of Things - Concentrators.

Note: For cases where the nodeId is sufficient to uniquely identify the node, it is sufficient to provide this attribute in the request. If there is ambiguity in the request, the receptor must treat the request as a request with a set of nodes, all with the corresponding nodeId as requested.

All timestamps and dateTime values use the XML data type xs:dateTime to specify values. These values include a date, an optional time and an optional time zone.

Note: If time zone is not available, it is supposed to be undefined. The client reading the sensor that reports fields without time zone information should assume the sensor has the same time zone as the client, if not explicitly configured otherwise on the client side.

If devices report time zone, this information should be propagated throughout the system. Otherwise, comparing timestamps from different time zones will be impossible.

Control commands sent using IQ stanzas instead of messages, should consider using the xml:lang attribute to specify the desired language used (if possible) when returning information back to the caller, like error messages, localized control forms, etc.

Controlling devices in a large sensor network is a hackers wet dream. Therefore, consideration of how network security is implemented should not be underestimated. The following sections provide some general items that should be considered.

Consider to always use an encrypted connection with any XMPP Server used in the network. Also, make sure the server is properly authenticated and any server certificate properly validated.

Control commands should only be accepted by trusted parties. A minimum is to make sure only authenticated and validated clients (friends) can perform control actions on the device.

Consider using provisioning servers to allow for detailed control of who can do what in a sensor network. Implementing proper provisioning support decreases the risk for adverse effects, not only from intentional hacking, but also from unintentional errors.

If using delegated trust, make sure the provisioning servers are properly authenticated and validated before trusting them.

More information about provisioning can be found in Internet of Things - Provisioning.

This document requires no interaction with &IANA;.

The protocol schema needs to be added to the list of XMPP protocol schemas.

]]>

For more information, please see the following resources:

Thanks to Joachim Lindborg and Tina Beckman for all valuable feedback.