2. Cisco - IoE
• Cisco defines Internet of Everything (IoE) as
bringing together people, processes, data, and
things to make networked connections.
• The network plays a critical role in the IoE - it
must provide an intelligent, manageable,
secure infrastructure that can scale to support
billions of context-aware devices.
3. IoE - Issues
There are five principal issues that are
going to have to be resolved.
4. IoE - Issues
(cont.)
• Connectivity
• Identity
• Manageability
• Data Storage
• Security and Privacy
5. My vision of what an IoE network
platform should look like
7. IoE Stack
(cont.)
The IoE Stack addresses a design model to
handle connectivity, identity, manageability,
data storage, security and privacy issues.
8. Connectivity
• Interactive Connectivity Establishment (ICE) is
a standardized mechanism for establishing
peer-to-peer communication between
software agents running behind NAT firewalls.
• In a distributed and heterogeneous IoE
scenario, this mechanism comes handy
for interconnecting people and devices inside
and outside the enterprise boundaries.
9. Connectivity
(cont.)
• STUN server discovers the public IP address of
the client as well as identify the type of NAT in
use.
• TURN server acts as a relay or proxy for the
data session.
10. Identity
• A modern Identity Management System is an
enabler for networked people and devices.
• A new OpenID Connect authentication
standard can be implemented across virtually
any application or service.
• A trusted OpenID Connect Identity
Provider can ensure identity across people
and IoT devices.
11. Identity Provider
• An Identity Provider (IdP) is a trusted place
issuing identification information after
credential validation.
• OpenID Connect is a simple identity layer on
top of the OAuth 2.0 protocol, developed by
the OpenID Foundation.
12. Identity Provider
(cont.)
• OpenID Connect standard was designed to
cover B2B, as well as B2C scenarios. It
combines the simplicity of OAuth 2.0 and the
decentralized architecture of OpenID. It is
more powerful when used in combination
with User-Managed Access (UMA) standard.
• UMA leverages OpenID Connect to enable
safer B2B/B2C information sharing while
preserving privacy.
13. Manageability
• An essential part of managing trust and
security in the IoE world is an Identity and
Access Management.
• One of the ways to manage meshed network
connections between people and devices is
through the Identity-Based Network.
14. Manageability
(cont.)
• WebRTC - a free open project authored by
Google, now being drafted as an API definition by
the W3C, enables for real-time, peer-to-peer
video, audio, and data transfer between
browsers.
• In order for a WebRTC application to set up a
connection, its nodes need to exchange some
information.
• The signaling server is used to coordinate this
communication.
15. Manageability
Publish/Subscribe Relationships
• Publish Subscribe (Pub/Sub) design pattern is
becoming crucial for distributed signaling
systems.
• There are a few different communication
protocols and implementations supporting
Pub/Sub, such as XMPP, AMQP, MQTT and
Faye.
16. Manageability
Publish/Subscribe Relationships (cont.)
• By properly implementing OAuth2
authorization mechanism into Pub/Sub
systems, users can authorize publishing and
subscription requests.
• In this way users should be able to manage
their connections and relationships with
customers, partners and devices.
17. Data Storage
• WebRTC IoT Hub is a device running an agent
that resides on premises and can be paired
with a variety of sensors as well as third party
connected devices/agents.
• The collected data are processed, encrypted
and stored on the Hub device and periodically
backup through cloud data storage services.
18. Security and Privacy
• Datagram Transport Layer Security (DTLS) is
used to provide communications security and
privacy for datagram protocols.
• DTLS allows datagram-based applications to
communicate in a way that is designed to
prevent eavesdropping, tampering, or
message forgery.
19. Security and Privacy
(cont.)
• The WebRTC Data Channel technology uses a
peer-to-peer architecture that
provides privacy measures, which in
combination with Identity Relationship
Management assure that confidential
information can be accessed only by
authorized parties.
• DTLS encrypted data channel ensures security
for all participants.
20. Conclusion and next steps
Conclusion:
• Presented trust-to-trust communication is a
better fit for the distributed nature of cloud
computing and has intrinsic privacy-preserving
properties.
Next steps:
• Evaluate the Identity-Based Network architecture
as an IoE backbone.
• Develop a prototype software system.
21. Business Opportunities
Homes and Offices:
• Monitoring – smoke and water leak detector,
energy monitor.
• Centralized control – cameras, door locks,
thermostats, lighting and small appliances
control.
22. Business Opportunities
(cont.)
SOHOs, SMEs and Enterprises:
• Data sharing – email, FTP and Managed File
Transfer alternative.
• Collaboration – document management,
project management, virtual data room, sales
portal, supply chain collaboration, science &
research teams collaboration, product design
and development (engineering) collaboration.
23. Business Opportunities
(cont.)
Manufacturing:
• Proactive maintenance - machines that predict
failures and trigger maintenance processes
autonomously.
• Connected Supply Chain - tracking, monitoring
and reporting of inventory, parts and products
as they move through the supply chain.
24. Business Opportunities
(cont.)
Healthcare:
• Patient monitoring - remote, continuous
monitoring of a patient's health.
• Network-of-care - interconnected physicians,
hospitals, clinics and medical devices.
• Telehealth - the delivery of health-related
services and information to treat patients
remotely.
25. Thank you!
Igor Zboran: plus.google.com/+IgorZboran
Featured links:
• igi64.github.io/ioe
• twitter.com/igi64