Role of Platforms in WoT

[jasonanovak]

Today, devices may be compatible with multiple IoT platforms (e.g. a lightbulb may work with Amazon Alexa, Google Home, Apple HomeKit, and its own Zygbee backed application). The WoT Primary Stakeholders includes Device Manufacturer (OEM), Thing Provider or Thing Integrator, and Thing User, and does not discuss the role of these platforms (although one could argue they are Thing Providers). As a result, the role of platforms aren't addressed elsewhere in the document (e.g. Attackers).

It may be worthwhile to include some notion of platforms in WoT as it seems likely that a WoT Thing may support one or more existing platforms and defenses/attacks should consider such.

[ereshetova]

Yes, I guess in our thinking the platforms like Google Home or Amazon Alexa are different "Thing providers". The cases when one device supports more than one of them is a multi-tenant case in our terms. The new threats arising from this use-case are listed in the additional table here (https://rawgit.com/w3c/wot-security/master/index.html#threats) under paragraph starting "If a WoT system allows co-existence of different independent thing providers (tenants) ...". And then example of multi-tenant WoT arch. is shown in here: https://rawgit.com/w3c/wot-security/master/index.html#wot-servient-multi-tenant

I will add additional explanation and examples on platforms and also call them in a separate subsection in document to make sure they are visible enough.

Also, do you think the current threats & architecture picture for multi-tenant case reflects the modern IoT platform case well enough? What might be missing/incorrect?

[jasonanovak]

I'm not sure that Google Home or Amazon Alexa are "Thing Providers" under the WoT document at the moment though as they may provide infrastructure in some cases / WoT deployments without necessarily having a WoT thing necessarily in the configuration (e.g. I control my Google Home compliant WoT devices using an Android phone but I don't have a Google build Google Home device in my home).

[mmccool]

These platforms often act as hubs that proxy or translate other protocols and either generate or store TDs and provide a directory service. So I think we should deal with the role of such "platforms" in the context of the services they provide: proxies, tunnels, intermediaries, and directories. Some of these, i.e. directory services, are assumed in the WoT architecture but are not (yet) fully specified, although they are on our roadmap.

[mmccool]

To discuss: are "Hubs" and "Platforms" the same thing? Perhaps not, since "platforms" seem to always have a cloud component but "hubs" may not (eg OpenHAB). However, it might be useful to review these (and their security architectures) to consider how WoT can integrate with them. For now labelling with "Hubs" so it shows up in searches for that label...

[mmccool]

So... we have a list of "hubs" already, I think the way to start here is to make a list of "platforms". Here is a start:

• Apple Homekit
• Amazon Greengrass
• Microsoft Azure IoT
• Google Home

I think a "platform" differs from a "hub" in that the latter is basically a software service running on a particular device (eg a home gateway) whereas a platform may require endpoint devices to adhere to a certain standard, register with and send information to a cloud service, etc. There however may be overlap, e.g. a "platform" might include a "hub" as a component and a "hub" may register with and use a cloud service...

I (personally) don't think "Alexa" is itself a platform, rather it's a control interface that works through existing standards and platforms (eg Google Home). There may be other hubs/platforms we need to look at too like SmartThings (ask M Koster) and Philips Hue, OCF, etc In fact many devices use a proprietary hub/platform for their own systems due to the current vertical integration architecture.