IETF Logo Mail Archive

Re: [coman] Device Classes?

Thomas Watteyne <watteyne@eecs.berkeley.edu> Sat, 05 April 2014 04:01 UTC

Return-Path: <twatteyne@gmail.com>
X-Original-To: coman@ietfa.amsl.com
Delivered-To: coman@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F6AF1A024C for <coman@ietfa.amsl.com>; Fri, 4 Apr 2014 21:01:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MWmF7ZJzUsGx for <coman@ietfa.amsl.com>; Fri, 4 Apr 2014 21:01:41 -0700 (PDT)
Received: from mail-pd0-x22a.google.com (mail-pd0-x22a.google.com [IPv6:2607:f8b0:400e:c02::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 663851A0143 for <coman@ietf.org>; Fri, 4 Apr 2014 21:01:41 -0700 (PDT)
Received: by mail-pd0-f170.google.com with SMTP id v10so4167992pde.29 for <coman@ietf.org>; Fri, 04 Apr 2014 21:01:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=ZAhbv484NBeTzZPhfyexRBCRKLFTQqSz/zV3vlp0JCc=; b=DP5mf5YxTdOTXcMj6th8FKGFq2RvmzCX4s1nMoGlfscd7vcRFg3h3GUS0n5UKIl9oy LBVO5QJVh4b9CuMr8pk6my2OzrkkEw1FQdGpHMUhV4wSkQNlMrfepuTUG5yooAjaw/EH zbLkvs0O7udLk4PScwYn1Oo+4I9R1kkm6fMwovLeAa6NZDZxSDVXz80JsM/cv8/BOv+w rpz3zQMd5cY/O9/QPzylyxDBQQKbuvKlFOGGL3kFrczEbl7DYIS9CSUoFGuH32H1a0/w BwVA4/devn0IzYWce6+8YK+EFgJ+oUxkzbmjDtfKW5fikR6Uf6Uml6nrubt6HEwJYJOs Vasw==
X-Received: by 10.68.136.41 with SMTP id px9mr18777290pbb.14.1396670496540; Fri, 04 Apr 2014 21:01:36 -0700 (PDT)
MIME-Version: 1.0
Sender: twatteyne@gmail.com
Received: by 10.66.154.130 with HTTP; Fri, 4 Apr 2014 21:01:16 -0700 (PDT)
In-Reply-To: <CABCOCHQRki5grLuTeQX3QRCnUxe14M0UueKN8=eFdO9K-rWLeQ@mail.gmail.com>
References: <533BBFB7.2000100@gmx.net> <893C4FAC-437D-4140-9832-A9ABA2D1518A@tzi.org> <533E75A9.5080003@gmx.net> <8D653B3C-E678-4A66-9798-978950977694@tzi.org> <533E9864.4060806@gmx.net> <EBDEF2B4-32C3-4B41-9CAF-C1A836CC6D7B@tzi.org> <533E9B6B.1080602@gmx.net> <B443FF47-FCF4-4FD7-96C9-07686D75D690@tzi.org> <CABCOCHQRki5grLuTeQX3QRCnUxe14M0UueKN8=eFdO9K-rWLeQ@mail.gmail.com>
From: Thomas Watteyne <watteyne@eecs.berkeley.edu>
Date: Fri, 04 Apr 2014 21:01:16 -0700
X-Google-Sender-Auth: I0vmgP9oCnIhJffvBGWsWoeMY1Y
Message-ID: <CADJ9OA8Jza1QkAdxEE0g0_igc4Lh066Ten=e1w-rxa9iadfbaw@mail.gmail.com>
To: Andy Bierman <andy@yumaworks.com>
Content-Type: multipart/alternative; boundary="047d7b15aac5d1ecdf04f643b0cd"
Archived-At: http://mailarchive.ietf.org/arch/msg/coman/aVpdU_FaABVyILPn1VYhB7djaWU
Cc: "coman@ietf.org" <coman@ietf.org>, Carsten Bormann <cabo@tzi.org>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
Subject: Re: [coman] Device Classes?
X-BeenThere: coman@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Management of Constrained Networks and Devices <coman.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/coman>, <mailto:coman-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/coman/>
List-Post: <mailto:coman@ietf.org>
List-Help: <mailto:coman-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/coman>, <mailto:coman-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Apr 2014 04:01:45 -0000

Andy, all,

If CoAP is already in nodes for the applications running on, you have a
monitoring/management solution almost for free. Want to monitoring the
state of some attribute of your protocol? Use CoAP observe. Want to change
a parameter of your protocol? CoAP PUT. On top of that, the work from
CORE/DICE/DTLS/ACE, will ensure security, including authentication and
authorization of management entities.

For nodes where CoAP is present for the application, proposing an
additional protocol will be a very hard sell.

Of course, as pointed out by Carsten, we need to agree on the resources.
What is the URI, what methods are supported, what's the payload format,
etc. YANG is a data modeling language which enables exactly that. RESTCONF
has a RESTful approach to monitoring/management which is aligned with CoAP.
What we would need is a constrained version of RESTCONF. This could be (and
should be) very simple.

At 6TiSCH, we have started this work, with YANG based data model [1] and a
CoAP-based protocol built around that [2], any URI starting with "/6t" is
to monitoring and manage the 6top sublayer. I believe there would be a huge
benefit to having a more general solution, to which we all agree, i.e. a
CoAPified version of RESTCONF. COMAN looks like the right place to do this.

Thomas

[1] http://tools.ietf.org/html/draft-ietf-6tisch-6top-interface-00
[2] http://tools.ietf.org/html/draft-sudhaakar-6tisch-coap-01


On Fri, Apr 4, 2014 at 5:16 PM, Andy Bierman <andy@yumaworks.com> wrote:

>
>
>
> On Fri, Apr 4, 2014 at 6:49 AM, Carsten Bormann <cabo@tzi.org> wrote:
>
>>
>> On 04 Apr 2014, at 13:45, Hannes Tschofenig <hannes.tschofenig@gmx.net>
>> wrote:
>>
>> > Hi Carsten.
>> >
>> >
>> > On 04/04/2014 02:08 PM, Carsten Bormann wrote:
>> >> On 04 Apr 2014, at 13:32, Hannes Tschofenig <hannes.tschofenig@gmx.net>
>> wrote:
>> >>
>> >>> For me the software update mechanism is extremely important since it
>> is
>> >>> not just a way to replace the entire firmware but also to provision
>> >>> certain protocol parameters.
>> >>
>> >> Provisioning protocol parameters is one CoAP PUT to the right
>> resource.  Cf. OMA LWM2M.
>> >> (They also do define a firmware update mechanism, but that seems to
>> presume the device has space for a complete firmware image.)
>> >
>> > That is exactly the question I raised when it comes to network
>> management.
>> >
>> > I don't understand what network management protocol add beyond what is
>> > already there with CoAP.
>>
>> Assuming we continue to use the client-server model of network
>> management, to use CoAP for this we need to define
>>
>> 1) What are the URIs that can be used for management?  How does the
>> client learn them (combination of discovery, URI templates, HATEOAS)?
>>
>> 2) What are the representations being exchanged (data format, data
>> modeling method).
>>
>>
> RESTCONF addresses (1) and (2).
> It replaces HATEOAS with YANG in order to be extensible,
> modular, and predictable. The target use-case is programmatic
> control.  HATEOAS seems more appropriate when human eyeballs and
> brain power are part of the state machine.
>
> IMO YANG would be a better long-term decision than SMIv2.
> It may seem that features like custom operations are too
> heavy-weight and over-kill for constrained networks, but it
> could be just the opposite.  Custom operations allow expensive
> generic operations to be condensed and 'packaged' to be as
> small as possible.
>
>
>
>
>> 3) What is the security model.
>>
>> There has been a strong argument that we should not start from scratch
>> with (2) (and probably not entirely with (1) either), even if we are not
>> using the other parts of existing management protocols.
>>
>> Proposals to address (1) and (2) are, for instance:
>> http://tools.ietf.org/html/draft-vanderstok-core-comi-03
>> http://www.tzi.de/~cabo/noms2014.pdf
>>
>> (My assumption is that ACE will be good enough to cover (3); we'll have
>> to make sure the lessons learned from management security go into ACE.)
>>
>> > Of course, you could replace CoAP entirely with SNMP
>>
>> SNMP is a bit more specialized and will not fit all applications that
>> CoAP is designed to cover.
>> But, yes, SNMP has been used successfully as an application protocol in
>> certain environments.
>>
>> >> If you want to do this the SEP2.0 way, you need EAP/PANA.
>> >> (SEP2.0 is targeting class-2+, not class-1.)
>> >
>> > With devices that are in direct connection with each other you could
>> > argue that there is no need for DTLS and alike since you will have to
>> > deal with the pairing procedure at the lower layer. Many devices fall
>> > into that category.
>>
>> (Defining single-hop security only is not very useful for the Internet of
>> Things.)
>>
>> > If that's not the case I believe you cannot assume that no network
>> > access authentication will be needed.
>>
>> Indeed, most wireless networks will need network access control.
>> Maybe there are ways to authorize (!) access to a network that are more
>> appropriate for the Internet of Things.
>> But this is outside the scope of COMAN.
>>
>> Grüße, Carsten
>>
>>
>
> Andy
>
>
> _______________________________________________
> coman mailing list
> coman@ietf.org
> https://www.ietf.org/mailman/listinfo/coman
>
>

v2.23.0 | Report a Bug | By Email