Time: Thursday, 2021-03-11, 16:00-18:00 UTC
Chairs: Carsten Bormann, Ari Keränen
Repository: https://github.com/t2trg/2021-ietf110
Video: https://youtu.be/HPtfYwM-EOk
Note takers: chairs, Michael McCool, Wei Pan
(attendees recorded by Meetecho)
Carsten gave an introduction to IRTF/T2TRG.
On the slide about RG/WG relationships:
Robert Moskowitz: What about lpwan and SCHC at the CoAP level?
CB: interesting question; 15 groups doing IoT related work. If people want to bring up researchy work, please do send mail to the list and bring it here.
WISHI had been focused on ASDF/OneDM work recently. The ASDF working group has completed their first deliverable today. In WISHI also looking at standards in IoT space and interest to describe them: what is there actually behind marketing materials.
In the IETF 110 hackathon, worked on validating SDF 1.1 features, tools for converting between ecosystems, new tools like sdf-thingmaker for assembling Things from Objects, and discussed mapping files for adding information (e.g, ecosystem instance specific) to SDF files.
(Notes by Michael McCool)
W3C Web of Things (WoT) is a standards-track activity within the W3C seeking to extend and apply web technologies to IoT. So far a metadata standard, the WoT Thing Description, has been published, and we are now working on a second round of standards, including one for Discovery (e.g. finding metadata). This metadata is based on JSON-LD and the discovery mechanism will support both syntactic (JSON Path, XPath) and semantic (SPARQL) search. There are other standardization or related informative documentation activities, including updates to the Thing Description, Profiles to improve out-of-the-box interoperability, and a Scripting API (for which an open-source implementation is available, node-wot). The WoT WG is also looking to align with activities such as ASDF, OneDM, CoRE, etc. Relevant to ASDF in particular, we are adding a “model” version of the Thing Description, the Thing Model, and automatic conversions from ASDF specifications to Thing Models are possible.
WoT also recently launched a new web page, consolidating information that was scattered in various places:
* https://www.w3.org/WoT/
There also will be a “virtual” F2F over the next two weeks:
* https://www.w3.org/WoT/IG/wiki/F2F_meeting,_March_2021
An updated, longer version of the presentation I will show today will be made available here:
* https://github.com/w3c/wot/blob/main/PRESENTATIONS/2021-03-online-f2f/2021-03-15-WoT-F2F-Summary-McCool.pdf
Michael McCool (MMC): Between May 1st and July open for review for the specs. Also work on Thing Models that are close conceptually with SDF and discussions on converting between the two.
Have virtual f2f next two weeks. If want to join open sessions, send me email and will forward invite.
CB: good links in CodiMD (above) for learning more about these activities.
Have been discussing creating a paper (informational RFC) for describing key attributes of IoT standards. Currently for someone from outside hard to understand the landscape and compare the IoT standards to understand which to use and adopt. Food nutrition labels are a good analogy: “IoT info standards labeling guide”.
Seeking contributions from SDO participants. Outline discussed in this presentation: https://github.com/t2trg/wishi/blob/master/slides/2020-06-30-Describing-IoT-Stds-2016-06-30MM.pdf
Will be made available in T2TRG for comments. Co-authors and contributors solicited (contact Milan).
Michael Koster gave the OneDM overview. Started to normalize IoT models across industry. SDF 1.0 was product from OneDM that was taken to IETF and now being finalized in ASDF. About 200 models in playground and many tools developed already. Hackathon work on semantic proxy that can use SDF converted ecosystem specific models to bridge between OCF and IPSO.
Working with Zigbee and Bluetooth Mesh on further model conversion and discussions with various SDO and industry players (SunSpec, textile manufacturing equipment, electronic data sheets, ISO SC41, NIST). Started to work on model convergence and processes.
(see example of the process in the slides)
Working on the models openly at Github https://github.com/one-data-model/
CB: OneDM focused initially on getting SDF done and now is going to enable the model convergence
MMC: timeframe for getting drafts stable and finalized? Some final PRs being discussed
CB: In ASDF finished the PRs and new version 1.1 as posted. Next working on 1.next.
MMC: so next looking new features?
CB: actually know already many new features that are needed.
Andreas Ruest (AR): Are there any links from OneDM to organizations like IP-BLiS and CHIP?
MJK: Project CHIP orgs were founding members in OneDM too. Wanted to go to straight to implementation to support commercial needs, OneDM now looking at the long term aspects of this. CHIP models not that different. For IP-BLiS we have had contact and seems we are aligned. Wouter van der Beek at OneDM is our contact to IP-BLiS.
This work was presented originally in IETF’s SECDISPATCH WG; got suggestion T2TRG could be good place to discuss this. About the quality of the private keys (for roots of trust) and how they get where they should. Goal to be able to tell apart what kind of security you have for them. Presented in various fora to get industry feedback.
Would like this document to be adopted at T2TRG, looking for co-authors and industry feedback.
AK: seems there’s lots of similarities to what Milan presented on IoT standards
MCR: was thinking of human readable, ultimately needs to be machine-readable but would like to have 20-30 descriptions in English first on this
Henk Birkholz (HB): ontology? taxonomy? hierarchical? narrower and broader terms?
MCR: not sure if enough structure here to bother, instead of thinking how they relate. When exceed 3 pages/slides could structure. Don’t want to argue what is similar but want to write down the terminology so that I know how the devices are managed and how it happened.
HB: I agree with “only model things you need”. Semantic dependencies, location of key, might become interesting thing to consume by other stakeholders. In beginning you were mentioning confusion about well defined things like RoT and trust anchor – not introducing these categories?
MCR: two categories of things: private keys in your devices, and private keys in your factories. Not same thing but lead to trust anchor in devices. Discussion applies to both but answers are different. How many have access to keys in devices / HSM?
HB: maybe worth considering to pull term RoT to doc; just food for thought.
MCR: hard to define in other docs so reluctant. Should doc go to point to org as YANG model?
HB: (OMG); would not try that
CB: there is a reason SDF is not YANG model. Reason why worth thinking modeling this, in large network need to know what is in there. For enterprise networks, nobody has any idea what is in there. Software BOM, COSWID activities try to find out what SW is in there. Having way to document trust relationships to entities certifying key pairs etc. may be useful thing. After Solarwind and MSFT Exchange things, can look into network and know what’s the impact. Modeling sec relationships is important.
MCR: like to have conversation on the list on what level of modeling is appropriate. Want to point to certain profiles of this doc, for example?
CB: SW not the only thing in which you place trust
MCR: also applies who signed the FW on your keyboard
CB: whole area here waiting for us; bring YANG, MUD, SDF worlds together, so we can do useful inference for that in security layer
MCR: suggest we flesh out more bits in this doc on questions like how to explain recovery process. Publish initial doc and then come back how to make this into model that is machine readable. But initially need people to be able to describe with common terminology.
CB: wasn’t suggesting all this to be covered by this document. You have chosen interesting angle to make crack in this area. Very useful doc to look at. But also we should look at larger area to see what components we can use to find out what is going on in networks. E.g., Aaron is one of the researchers who have done work in this space.
4 hands (around half answered)
Xavier presenting update on IoT edge draft. Addressed comments given during adoption process. Added new use cases: smart factory, smart agriculture, self-driving cards, AR/VR. Provides high level view on research topics rather than projects. List of research challenges new part of the draft and would benefit from reviews.
Overall draft is stable and ready for group reviews. Also planning to reach out to other IRTF groups and other SDOs
7 hands
CB: sounds like the amount of review we need to get this completed. Please provide some form of review / comments so we can advance the docs.
Xavier: even feedback on a short part of the document is very welcome
CB: indeed, no need to do always full review, can also look into parts of special interest
See https://datatracker.ietf.org/doc/html/draft-sarikaya-t2trg-sbootstrapping-11
Mohit presented latest version of the bootstrapping survey draft. Important part of the document is presenting terminology used by various organizations. Covering Wi-Fi alliance DPP, OMA SpecWorks LwM2M, OCF (not presented today), FIDO Alliance, and IETF technologies (EST, BRSKI, SZTP).
Key lessons: several stages before devices become operational. Need initial trust followed by configuration. Some protocols only deal with parts of the process wheras others provide full set. OMA LwM2M for example provides also access control lists. Draft has classification of protocols (managed, p2p/adhoc, lea of faith, hybrid. Often fall into multiple categories.
Authors feel the draft is maybe far from publication but very ready for application. Is the title reflective of the content?
Ash Wilson (from Jabber): DANISH BoF tomorrow related to this topic: https://datatracker.ietf.org/meetin%E2%80%A6/110/materials/agenda-110-danish-01 << DNS for device identity and PKI discovery
Andre Bondi (AB): interesting talk. Wondering if any thought on performance of enrolling? Could see scenario where device fails but if enrollment time is hour, that’s not good
MS: this draft doesn’t take position on those aspects. Some protocols require a human. Like scanning QR code. Cost for retrying is very different. We might run into problems trying to do that; especially if run prototypes and collect data. So far not done that.
Aaron Ding (AD): nice work; have been following for a while. In recent version Bluetooth section. Which point would like to say “this is settled”. What going to add there?
MS: lack of time from authors; have studied BT mesh but just need to find the time. Promise if this gets adopted, in the RG version there will be text on BT too.
CB: Aaron could provide comments to BT section?
AD: yes, once content
8 hands
MMC: have been struggling to find good definitions of these terms (and the IoT lifecycle) in WoT; looking from this from the point of view of aligning terminology in WoT docs. How stable is the doc? If we adopt these terms and freeze our spec in a few months, what is the risk of changes?
MS: summary of SDOs is stable (unless they change specs). Takeaways are authors' understanding. Once gets RG adopted, it will be RG’s understanding on the takeaways. Feel that part is stable. Plase find time to read and comments.
CB: seems significant level of interest. If opposed to adopting this document, please speak up now (no comments). Will put call for adoption to the list. Seems we have good chance to complete this affirmatively.
Dan Harkins (from Jabber): adopt!
CB: looking for feedback on the drafts presented. Short and longer notes are useful. We’ll have regular WISHI calls again soon.
AK: also looking forward to opportunities to collaborate with academia; please contact us chairs if you are organizing an event that is in the scope of the RG and we are happy to discuss opportunities.
(meeting adjourned)