SAN JOSE, Calif. – A group of more than 50 organizations released a broad framework this week for delivering services across the Internet of Things. The OpenFog Reference Architecture aims to set a baseline for guiding work on standards and product design, starting with security.
The year-old group defines “fog” broadly to cover everything from IoT end nodes to cloud services. It aims to define ways to minimize backhaul while providing reliable communications and deterministic latencies. Ultimately its recommendations will touch everything from the design of end node SoCs to gateways and applications.
The OpenFog Consortium does not expect all IoT nodes will be compliant with its requirements. But it does aim to enable every IoT deployment with its vision of interoperable services that span eight technical areas and many vertical markets. Along the way it will create test beds and certify products for compliance with itsa requirements.
Not surprisingly, security got special attention in the baseline document published this week. “It has a 30-page appendix with many detailed calls for action, mainly for security where we did a deep dive…that every silicon and security stack vendor should review,” said Chuck Byers, co-chair of the consortium’s architecture group and a principal engineer at Cisco Systems.
Specifically, the Trusted Computing Group’s standards for a hardware root of trust and how chip designers implement them may need to be modified for IoT, said Rob Swanson, chair of the consortium’s technical group and a principal engineer at Intel.
In addition, rivals such as ARM and Intel need to align the security primitives in their competing architectures “to serve app developers in a consistent way, [for example in] common crypto mechanisms for hardware acceleration,” Swanson said. (ARM is a member of the consortium which so far includes few chip vendors.)
Security is just one of eight tech areas the framework addresses, but it’s currently “the biggest source of heartburn,” said Byers, noting the group also will define APIs and processes for orchestrating IoT services.
“The calls to action will come in the next phase,” said Swanson. “We first needed to set the baseline with the reference architecture so we can show how systems are comprised for a given scenario,” he said.
Now the group has turned its attention to defining specific low-level functions, minimal viable interfaces and methods for testing them. “There’s quite a bit to do here,” Swanson said.
For example, two unannounced open source projects are already in the works that may become part of the consortium’s recommendations in the future. Meanwhile the group is setting up liaisons to collaborate with standards organizations and other IoT efforts including the Industrial Internet Consortium which has its own general and security frameworks.
— Rick Merritt, Silicon Valley Bureau Chief, EE Times