[Iot-onboarding] Thinking through onboarding

Scott Jenson <scottj@google.com> Wed, 11 September 2019 16:55 UTC

Return-Path: <scottj@google.com>
X-Original-To: iot-onboarding@ietfa.amsl.com
Delivered-To: iot-onboarding@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 9AFB8120AE8 for <iot-onboarding@ietfa.amsl.com>; Wed, 11 Sep 2019 09:55:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id BHqyrlvIkqlP for <iot-onboarding@ietfa.amsl.com>; Wed, 11 Sep 2019 09:55:46 -0700 (PDT)
Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C05F120AF1 for <iot-onboarding@ietf.org>; Wed, 11 Sep 2019 09:55:46 -0700 (PDT)
Received: by mail-lf1-x133.google.com with SMTP id r134so17019066lff.12 for <iot-onboarding@ietf.org>; Wed, 11 Sep 2019 09:55:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=z+4y6UQaHI1GqDRSyVtjwiY6PPVVIt6eLETvWkxFsMI=; b=sINW6lqoyHll2q9ScZlOkzc4OBdmckukFwqECI8XLrKGZNT54tyuXHfTJCDZMxnVP+ W7GAX6tgTUGTjDol+GO4Jv4FQO3B0dz2mPuUw0BNHmVMdsHR7wXYk9l0cahMnO4dxeMW PHZz3TiE+ltH7Tf6EQSeu57TJ7vdeQmtWw5XazBqEBHVR5xKMgTcRmxQsfCGsb+hKWne qmOBxXZFMSQZoUt3eYocytpl41h3lNd1osuJkYW2XjEiQ8NXPQdGLRBlm7yLiNRDRXSN ZKTbZp0REijcjmZUSI4kSAcTocRsX5BUkwkGn8+Bviqhl7xBiKqsVNP/lLM5cRVgFQQC tQTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=z+4y6UQaHI1GqDRSyVtjwiY6PPVVIt6eLETvWkxFsMI=; b=OmpOQBM8BEpW+SP/oj54KE1Rf9ngyzaDvSVvJLDSwhF7DWYlzO0Uk0Tq03Rk462w57 6zSt+fuTKSlPM+zna2tN+qg034l/7Pk/vm26vqIKOMz2+0gbuC5yVp7rugRlA0iX4Q/a FZDqwTbOavMyEkkcrR8F8RKkEuG0sLbMvbhbS0fJjNiAKunmLjbG8yRo68pIu0Tk6eRt ylWPic9tQGQjB74Qam+kyzMqL1IsVBXqe874bkR+IOlUtSQItIcXLO3tWcIg0YOayC+w GqIucJf/4XYG3dffaz63p52+tO5S7G+jCg77KmxZJCEg4062B1vFm3QU8DcVfdeNhwAi 9v5Q==
X-Gm-Message-State: APjAAAVf7HCLGLQajuLYVm3LghYrjAKgGyLy5PBGjw7ew5926kx68kMq szvaYUMBAa2v3fiWcHjegFVcIDiNVn2QBWgo02EJnYCu26aotg==
X-Google-Smtp-Source: APXvYqxcE+tFt2Jtu3/glZNzhLV/REPk0Hw3Qk//JQohaRlUI0Vf7tLWgnJQlg3xEfZF8RX/eQDln69Nuzgc3qlrrIE=
X-Received: by 2002:ac2:47f8:: with SMTP id b24mr24890811lfp.134.1568220943741; Wed, 11 Sep 2019 09:55:43 -0700 (PDT)
MIME-Version: 1.0
From: Scott Jenson <scottj@google.com>
Date: Wed, 11 Sep 2019 09:55:17 -0700
Message-ID: <CAAfQcpTRb4O-2BqK=3EUUrxk1zCpmgnk-zR4dH6AM8=wd9Bx=w@mail.gmail.com>
To: iot-onboarding@ietf.org
Content-Type: multipart/alternative; boundary="000000000000486035059249e4a0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-onboarding/nYGuSauw3euugGIzN6_r6Jk2tA8>
Subject: [Iot-onboarding] Thinking through onboarding
X-BeenThere: iot-onboarding@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IoT onboarding mechanisms <iot-onboarding.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-onboarding/>
List-Post: <mailto:iot-onboarding@ietf.org>
List-Help: <mailto:iot-onboarding-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Sep 2019 16:55:49 -0000

Michael Richardson introduced me to this mailing list. I'm working through
the onboarding issue from and UX point of view, trying to make it 'just
work' and my (likely naive) starting point is that when you turn on a
device (or 20...) in your home they should 'just work' and auto connect.
Clearly there are a lot of reasons this is hard and I've been working
through specificis of how to safely onboard a large number of devices (e.g.
light switches and electrical sockets) . However, as I've worked through
the entire customer journey, it's clear this is a very deep problem:

   1. *Correct* *Installation*
   Is each device correctly installed, especially for deployments with
   multiple people involved for industrial deployments. Are all devices
   powered up and ready to be onboarded? How do can you confirm? If you've
   installed X devices and only see X-1 devices, how do you find the missing

   2. *Mapping*
   What room is this in? What does it control?

   3. *Maintenance*
   Why isn't switch#27 responding? Where is switch #27? Can I replace

It's the realization that it is more than just 'configuration' but really
more 'fleet management'. I've come to the conclusion that to solve *just*
the onboarding problem, isn't enough. The fleet management issue isn't
something to put into the 'app layer' and not worry about it. It's
something important for the onboarding issue as well.

What started my towards this list are my concerns with BRSKI. While having
a company installed cert to connect to your specific WiFi can be fairly
automatic and even magical, that seems like a very fragile system. Most
devices are bought through resellers so a bespoke cert is out of the
question. Less urgent but still important are changes to your WiFi and
reselling. All of these solutions point to the likely friction of a factory

The only solution I've found so far is the Nest solution (I know, I'm from
Google but I'm not selling it, I promise...) which has a QRcode on the
device and an app. It's a pain to have an app in the loop but it allows:
generic purchase (e.g. home depot) so anyone can setup anything (or move to
a new Wifi AP)

I don't this this solution is good enough but it works and it's fairly
secure. My goal in posting this to this list is to kick start a better

To summarize: I feel that if we really believe in the potential of smart
devices, we need to onboard dozens of devices at once. But doing so feels
incredibly hard. One way forward would be to work on additional protocols,
likely involving a location service (e.g. Wifi RTT) and a heartbeat service
to kickstart some rudimentary fleet management to help troubleshoot any
onboarding issues. This may be longer term thinking but I assume this crowd
is the one that would appreciate this issue.