The Internet of Things (IoT) suffers from a lack of interoperability across platforms. As a result developers are faced with data silos, high costs and limited market potential. This can be likened to the situation before the Internet when there were competing non-interoperable networking technologies. The Internet makes it easy to develop networked applications independently of those technologies. W3C is seeking to do the same for the Internet of Things.

To achieve this goal, we need platform independent APIs for application developers, and a means for different platforms to discover how to inter-operate with one another. The approach we are taking is based upon rich metadata that describes the data and interaction models exposed to applications, and the communications and security requirements for platforms to communicate effectively. A further aspect is the need to enable platforms to share the same meaning when they exchange data. We are therefore seeking to enable expression of the semantics of things and the domain constraints associated with them, building upon W3C’s extensive work on RDF and Linked Data.

This includes the potential for using scripting languages like JavaScript, data encodings such as JSON and EXI, formats for data and metadata, including Linked Data, and protocols such as HTTP and WebSockets, to name just a few examples. JavaScript could be used for direct access to IoT sensors and actuators from the browser, in service platforms in the cloud or at the network edge, and for device drivers in gateways that use IoT protocols to access embedded/constrained devices, and web protocols to expose them to service platforms.

Identity is important for devices, users, applications and services, e.g. as part of end to end security and for trust management. Unlike regular web applications, we can’t assume that the user is present and able to authenticate his or herself. Trust management will entail the means to verify metadata, e.g. the provenance of data, the location of a given sensor, and so forth. This is analogous to know your customer requirements in the banking world. Confidentiality and privacy are important concepts for business to business and business to consumer services. Open standards are needed to enable open distributed markets of services.

Applications and services often need data at a higher level than the raw data provided by sensors. Moreover, data needs to be interpreted in the context of other sources of information. The same applies to control systems whose actions need to be translated in context into actions on lower level entities. The Web of Things needs to be able to model the real world at different levels of abstraction, and to enable open markets with free competition of services across these levels. The things in the Web of Things can be considered as virtual representations of physical or abstract entities.

A high-level view of the W3C WoT architecture from the security point of view is presented below, showing all possible execution boundaries.

A consequence of this is that the “Things” in the Web of Things are not limited to connected devices, but can also include things that are not and cannot be connected such as people and places, and abstract ideas, such as events (e.g. a concert), organizations, and time periods (e.g. the 70s). Each thing can have one or more virtual representations (avatars). Things can also have histories, e.g. for a car, recording the sequence of previous owners. Avatars have identities, rich descriptions, services, access control and data handling policies. Avatars have URIs and are accessible via web technologies. Avatars make it easier to build applications and services that combine information from different sources and different levels of abstraction.

This is great example of knowledge engineering and ontologies that includes the use of description logic and first order predicate logic in the form of axioms to support knowledge engineering derived AI and more advanced logical reasoning as well how these types of efforts can have a number of different protocol bindings down on the wire.

Written by Shawn Riley
Shawn Riley serves as the Chief Visionary Officer and Technical Advisor to the CEO for Shawn also volunteers as the Executive Vice President, Strategic Cyberspace Science and Board of Directors member at the non-profit Centre for Strategic Cyberspace + Security Science in London, England, UK. Shawn is an industry thought leader in the NSA's Science of Security virtual organization with a focus on applied cybersecurity science and AI-driven science in security operations.