In this paper we outline the challenges of Web API management in Internet of Things (IoT) project... more In this paper we outline the challenges of Web API management in Internet of Things (IoT) projects. Web API management is a key aspect of service-oriented systems that includes the following elements: metadata publishing, access control and key management, monitoring and monetization of interactions, as well as usage control and throttling. We look at how Web API management principles, including some of the above elements, translate into a world of connected devices (IoT). In particular, we present and evaluate a prototype that addresses the issue of managing authentication with millions of insecure low-power devices communicating with non-HTTP protocols. With this first step, we are only beginning to investigate IoT API management, therefore we also discuss necessary future work.
Abstract—We examine the use of Federated Identity and Access Management (FIAM) approaches for the... more Abstract—We examine the use of Federated Identity and Access Management (FIAM) approaches for the Internet of Things (IoT). We look at specific challenges that devices, sensors and actuators have, and look for approaches to address them. OAuth is a widely deployed protocol – built on top of HTTP – for applying FIAM to Web systems. We explore the use of OAuth for IoT systems that instead use the lightweight MQTT 3.1 protocol. In order to evaluate this area, we built a prototype that uses OAuth 2.0 to enable access control to information distributed via MQTT. We evaluate the results of this prototyping activity, and assess the strengths and weaknesses of this approach, and the benefits of using the FIAM approaches with IoT and Machine to Machine (M2M) scenarios. Finally we outline areas for further research.
2014 International Workshop on Secure Internet of Things, 2014
We examine the use of Federated Identity and Access Management (FIAM) approaches for the Internet... more We examine the use of Federated Identity and Access Management (FIAM) approaches for the Internet of Things (IoT). We look at specific challenges that devices, sensors and actuators have, and look for approaches to address them. OAuth is a widely deployed protocol -built on top of HTTP -for applying FIAM to Web systems. We explore the use of OAuth for IoT systems that instead use the lightweight MQTT 3.1 protocol. In order to evaluate this area, we built a prototype that uses OAuth 2.0 to enable access control to information distributed via MQTT. We evaluate the results of this prototyping activity, and assess the strengths and weaknesses of this approach, and the benefits of using the FIAM approaches with IoT and Machine to Machine (M2M) scenarios. Finally we outline areas for further research.
Distributed information systems predominantly have client-server architectures, as does the Web i... more Distributed information systems predominantly have client-server architectures, as does the Web itself. In this article, we review the evolution of the interface of client-server distributed systems, from Messaging and RPC systems that predate the Web, to RESTful Web APIs. We highlight the often overlooked importance of the client-server interface in Web applications, and we reference historic and current systems to discuss the roles of "Web Service" technologies and Service-Oriented Architectures. Considering the future, we point out four directions in which we can see Web APIs moving, including the incorporation of hypermedia and semantics.
The DEBS Grand Challenge is an annual event in which different event-based systems compete to sol... more The DEBS Grand Challenge is an annual event in which different event-based systems compete to solve a real-world problem. The 2014 challenge is to demonstrate scalable realtime analytics using high-volume sensor data collected from smart plugs over a one and a half month period. This paper aims to show how a general-purpose commercially available event-based system -the WSO2 Complex Event Processor (WSO2 CEP) -was used to solve this problem. In addition, we explore areas where we created extensions to the WSO2 CEP engine to better solve the challenge.
... Stratos provides user access to an Amazon RDS (database) instance or they may use a Cassandra... more ... Stratos provides user access to an Amazon RDS (database) instance or they may use a Cassandra storage space available with Stratos. Stratos applies most of the best practices of Cloud architecture (eg, [15]) to applications by default. ...
Proceedings of the 5th International Workshop on Middleware for Service Oriented Computing - MW4SOC '10, 2010
SOA proposes an architecture that composes many services together in a loosely coupled manner, an... more SOA proposes an architecture that composes many services together in a loosely coupled manner, and those services may provide a wide spectrum of features like implementing Business Logic, supporting Service Orchestration, Service Mediation, and Eventing, etc. Each user would, typically, choose a subset of these features and build his architecture on them. Although it is conceptually possible to fit all the features into the same server, due to performance and modularity concerns, the functionalities are broken across several servers and deployed rather than deploying as a single server. This paper presents Carbon, a component based server building framework that allows users to pick and choose different SOA concepts and build their own customized servers. Furthermore, the same framework enables those different features to share cross cutting concerns like storage, security, user interfaces, throttling, eventing etc., thus simplifying the server development process and reducing the footprint of the overall implementation. We present Carbon, the design decisions, and architecture while comparing and contrasting the proposed framework with other component based frameworks. The primary contributions of this paper are proposing a server building framework for SOA platform, taking initial steps towards defining and implementing such a framework, and sharing experiences of building and using the framework in real world settings. Furthermore, we propose a minimal kernel for SOA upon which the proposed platform can be constructed.
2010 IEEE 3rd International Conference on Cloud Computing, 2010
Enterprise IT infrastructure incurs many costs ranging from hardware costs and software licenses/... more Enterprise IT infrastructure incurs many costs ranging from hardware costs and software licenses/maintenance costs to the costs of monitoring, managing, and maintaining IT infrastructure. The recent advent of cloud computing offers some tangible prospects of reducing some of those costs; however, abstractions provided by cloud computing are often inadequate to provide major cost savings across the IT infrastructure life-cycle.
2012 IEEE 26th International Parallel and Distributed Processing Symposium Workshops & PhD Forum, 2012
By enabling users to allocate computing resources on demand, cheaply, and in an elastic manner, C... more By enabling users to allocate computing resources on demand, cheaply, and in an elastic manner, Cloud Computing has made large computation resources available to small and medium size organizations. However, using the Cloud requires users to place their computations, data, or both in a shared data center own by an outsider. This sharing has raised many security concerns. Such concerns are much apparent with use cases like health informatics, where the security of the information is critical and imposed by government regulations. We propose a hybrid approach to solve this problem, where only computations are moved to the public domains while keeping the data within the private network, and computations may access data through a set of services that expose data following the Principle of Least Privilege. Such architectures will, however, require computations in the cloud to connect to the local network that holds the data, and the obvious solution: that is opening up ports in the organizational firewall could potentially create security loopholes. As an alternative, we propose Cloud Services Gateway (CSG), which enable users to selectively expose their private services that reside inside a firewall to outside clients while maintaining fine grained control. This paper motivates hybrid Cloud architectures and presents the architecture and design decisions of Cloud Services Gateway.
The protocol defined in this specification depends upon other Web services specifications for the... more The protocol defined in this specification depends upon other Web services specifications for the 40 identification of service endpoint addresses and policies. How these are identified and retrieved 41 are detailed within those specifications and are out of scope for this ...
In this paper we outline the challenges of Web API management in Internet of Things (IoT) project... more In this paper we outline the challenges of Web API management in Internet of Things (IoT) projects. Web API management is a key aspect of service-oriented systems that includes the following elements: metadata publishing, access control and key management, monitoring and monetization of interactions, as well as usage control and throttling. We look at how Web API management principles, including some of the above elements, translate into a world of connected devices (IoT). In particular, we present and evaluate a prototype that addresses the issue of managing authentication with millions of insecure low-power devices communicating with non-HTTP protocols. With this first step, we are only beginning to investigate IoT API management, therefore we also discuss necessary future work.
Abstract—We examine the use of Federated Identity and Access Management (FIAM) approaches for the... more Abstract—We examine the use of Federated Identity and Access Management (FIAM) approaches for the Internet of Things (IoT). We look at specific challenges that devices, sensors and actuators have, and look for approaches to address them. OAuth is a widely deployed protocol – built on top of HTTP – for applying FIAM to Web systems. We explore the use of OAuth for IoT systems that instead use the lightweight MQTT 3.1 protocol. In order to evaluate this area, we built a prototype that uses OAuth 2.0 to enable access control to information distributed via MQTT. We evaluate the results of this prototyping activity, and assess the strengths and weaknesses of this approach, and the benefits of using the FIAM approaches with IoT and Machine to Machine (M2M) scenarios. Finally we outline areas for further research.
2014 International Workshop on Secure Internet of Things, 2014
We examine the use of Federated Identity and Access Management (FIAM) approaches for the Internet... more We examine the use of Federated Identity and Access Management (FIAM) approaches for the Internet of Things (IoT). We look at specific challenges that devices, sensors and actuators have, and look for approaches to address them. OAuth is a widely deployed protocol -built on top of HTTP -for applying FIAM to Web systems. We explore the use of OAuth for IoT systems that instead use the lightweight MQTT 3.1 protocol. In order to evaluate this area, we built a prototype that uses OAuth 2.0 to enable access control to information distributed via MQTT. We evaluate the results of this prototyping activity, and assess the strengths and weaknesses of this approach, and the benefits of using the FIAM approaches with IoT and Machine to Machine (M2M) scenarios. Finally we outline areas for further research.
Distributed information systems predominantly have client-server architectures, as does the Web i... more Distributed information systems predominantly have client-server architectures, as does the Web itself. In this article, we review the evolution of the interface of client-server distributed systems, from Messaging and RPC systems that predate the Web, to RESTful Web APIs. We highlight the often overlooked importance of the client-server interface in Web applications, and we reference historic and current systems to discuss the roles of "Web Service" technologies and Service-Oriented Architectures. Considering the future, we point out four directions in which we can see Web APIs moving, including the incorporation of hypermedia and semantics.
The DEBS Grand Challenge is an annual event in which different event-based systems compete to sol... more The DEBS Grand Challenge is an annual event in which different event-based systems compete to solve a real-world problem. The 2014 challenge is to demonstrate scalable realtime analytics using high-volume sensor data collected from smart plugs over a one and a half month period. This paper aims to show how a general-purpose commercially available event-based system -the WSO2 Complex Event Processor (WSO2 CEP) -was used to solve this problem. In addition, we explore areas where we created extensions to the WSO2 CEP engine to better solve the challenge.
... Stratos provides user access to an Amazon RDS (database) instance or they may use a Cassandra... more ... Stratos provides user access to an Amazon RDS (database) instance or they may use a Cassandra storage space available with Stratos. Stratos applies most of the best practices of Cloud architecture (eg, [15]) to applications by default. ...
Proceedings of the 5th International Workshop on Middleware for Service Oriented Computing - MW4SOC '10, 2010
SOA proposes an architecture that composes many services together in a loosely coupled manner, an... more SOA proposes an architecture that composes many services together in a loosely coupled manner, and those services may provide a wide spectrum of features like implementing Business Logic, supporting Service Orchestration, Service Mediation, and Eventing, etc. Each user would, typically, choose a subset of these features and build his architecture on them. Although it is conceptually possible to fit all the features into the same server, due to performance and modularity concerns, the functionalities are broken across several servers and deployed rather than deploying as a single server. This paper presents Carbon, a component based server building framework that allows users to pick and choose different SOA concepts and build their own customized servers. Furthermore, the same framework enables those different features to share cross cutting concerns like storage, security, user interfaces, throttling, eventing etc., thus simplifying the server development process and reducing the footprint of the overall implementation. We present Carbon, the design decisions, and architecture while comparing and contrasting the proposed framework with other component based frameworks. The primary contributions of this paper are proposing a server building framework for SOA platform, taking initial steps towards defining and implementing such a framework, and sharing experiences of building and using the framework in real world settings. Furthermore, we propose a minimal kernel for SOA upon which the proposed platform can be constructed.
2010 IEEE 3rd International Conference on Cloud Computing, 2010
Enterprise IT infrastructure incurs many costs ranging from hardware costs and software licenses/... more Enterprise IT infrastructure incurs many costs ranging from hardware costs and software licenses/maintenance costs to the costs of monitoring, managing, and maintaining IT infrastructure. The recent advent of cloud computing offers some tangible prospects of reducing some of those costs; however, abstractions provided by cloud computing are often inadequate to provide major cost savings across the IT infrastructure life-cycle.
2012 IEEE 26th International Parallel and Distributed Processing Symposium Workshops & PhD Forum, 2012
By enabling users to allocate computing resources on demand, cheaply, and in an elastic manner, C... more By enabling users to allocate computing resources on demand, cheaply, and in an elastic manner, Cloud Computing has made large computation resources available to small and medium size organizations. However, using the Cloud requires users to place their computations, data, or both in a shared data center own by an outsider. This sharing has raised many security concerns. Such concerns are much apparent with use cases like health informatics, where the security of the information is critical and imposed by government regulations. We propose a hybrid approach to solve this problem, where only computations are moved to the public domains while keeping the data within the private network, and computations may access data through a set of services that expose data following the Principle of Least Privilege. Such architectures will, however, require computations in the cloud to connect to the local network that holds the data, and the obvious solution: that is opening up ports in the organizational firewall could potentially create security loopholes. As an alternative, we propose Cloud Services Gateway (CSG), which enable users to selectively expose their private services that reside inside a firewall to outside clients while maintaining fine grained control. This paper motivates hybrid Cloud architectures and presents the architecture and design decisions of Cloud Services Gateway.
The protocol defined in this specification depends upon other Web services specifications for the... more The protocol defined in this specification depends upon other Web services specifications for the 40 identification of service endpoint addresses and policies. How these are identified and retrieved 41 are detailed within those specifications and are out of scope for this ...
Uploads
Papers by Paul Fremantle