The infrastructure that enables secure IP communication of the vertical defined application.
What does it solve
The OCF Core Frame work enables vertical agnostic secure IP communication by means of a standardized framework. The open source implementation of the OCF Core Framework is IoTivity, which is compliant to the OCF standards and is a verified implementation by means of the OCF certification program.
The OCF Core Framework is compliant with most of the known security requirements documents.
Communication mechanisms covered by the OCF Core Framework
IoT means interacting with the physical world, hence the physical device is important. This is also the most costly part to develop.
The Core Framework therefore is focusing on the code that is needed on the physical device. e.g. it covers:
- Device 2 Device communication
- Device 2 Cloud communication
This is is same communication that IoTivity is covering.
The full communication mechanisms are depicted in the image below.
OCF Core Framework on the (Embedded) device
The Core Framework stack is designed:
- To have a small footprint of the code
- To communicate with small payloads, e.g. communication packages
- Having the best in class security, by using latest technologies
- Is based on widely accepted internet technologies, a huge amount of RFCs are being used.
- Having a minimal required set of features
- Having a huge set of optional features that are already available for a vendor to use
- Designed in mind that vendors can concentrate on function of the device, not on the communication and security aspects.
- The OCF Frame work communication has own content format, hence it is upgradable.
- The payloads can be defined in any (existing) content types.
- For example: CBOR, JSON, XML
- Using CoAP allowing the same communication paradigms as used on top of HTTP, but then with smaller communication packages
- The OCF Core Framework architecture is restfull, but the application is not limited to that paradigm
Core Framework solution space
Security aspects of the OCF Core Framework
The OCF Core Framework can handle payloads based on CoAP securely. Each Device will be onboarded into a secure domain. Only devices onboarded in the secure domain are allowed to talk to each other. On top of the secure domain, access controls are defined. The access control mechanisms are based per resource (URL) and Methods that are allowed on the resource. This gives a granular control of who is allowed to interact with which part of the functionality on the device. For example a guest is allowed to read the current temperature of the thermostat but not allowed to change the set point of the thermostat.
Another aspect of security is the adherence to external security requirements. OCF has investigated the external requirements against the OCF security specification.
The result of this comparison is captured below.
OCF Specifications that describe the OCF Core Framework
The following OCF specifications are agnostic of the function of the device, e.g. vertical agnostic.
- Core Framework
- Core Optional Framework (optional, depends on deployment scenario)
- Easy Setup (optional, depends on deployment scenario)
- Bridging (optional, the architecture only, depends on deployment scenario)
- Onboarding Tool
- Device to Cloud Services (optional, depending on deployment scenario)
- Cloud Security (optional, of course required when doing cloud)
- OCF Cloud API for Cloud Services (optional, depending on deployment scenario)