Trusted Data Sharing with Linked Data in the Internet of Things (IoT)

Posted on 15th June 201715th June 2017

This post intends to give the reader a perspective on how Jolocom brings trusted data sharing to the AGILE IoT Gateway (AGILE is a H2020 project). It should provide essential value to the user, not only but also in context of the internet of things, and not least to benefits from the EU’s General Data Protection Regulation (GDPR).

The original idea of the World Wide Web

To start with, the vision of Jolocom aligns with the original idea of the World Wide Web, which was distributed: everyone would have their own node (e.g. home page), everyone would share their content (e.g. blog posts), and everyone would own their own data. The web consisted of nodes connected through links with no center. Jolocom wants to help reclaiming this vision that everyone owns their own node (digital identity) and that every node can communicate with any other node, with no intermediation (e.g. centralized platform).

The dominating power of a few

Today a handful of companies dominate vast parts of the web’s activities – Facebook for social networking, Google for searching, Paypal for payments or eBay for auctions, Samsung/IBM for IoT – and they actually own the data their users have provided and generated. Ergo these companies have unprecedented insight and power over us. They can influence and nudge us without our knowledge, which gives them not only a huge competitive advantage, but also interferes with fundamental values of society and the right for privacy.

Social Linked Data (Solid) and Blockchain (Ethereum)

Jolocom uses a decentralized software architecture that is very promising. It was initiated by Tim Berners-Lee who invented the web and gave it to us as a gift, free and open source. His new project is called Solid (“social linked data”) and it allows you to own your own data, while also using it with only the applications you want to use. With Solid, you simply store your data in your own Personal Data Store (PDS; in Jolocom’s case: a Solid Server), which is hosted wherever you wish. At the core of Solid is the WebID, which Jolocom integrates with the Ethereum blockchain, to build a self-sovereign digital identity that allows you to represent yourself and to enrich your data with semantic meaning. Besides that and storing data, it also lets other applications ask for your data. Solid authenticates the DApps (Decentralized Applications) through Access Control Lists (ACLs) and if you’ve given access permission to the requester of the data, the Solid server delivers it.

Here’s a concrete example.You might store data from your IoT devices or sensors in your own PDS: the sort of data about yourself that would normally be uploaded directly from your IoT device to a third party. That way if someone built a new DApp, to offer specialized services to people, you could join it by using your WebID. To share information with others (individuals or organisations), you simply give them permission to access the appropriate information in your PDS. The data in your PDS would remain your own, in every sense of the word: fully under your control, stored where you choose, and usable only by an Organization’s WebID that you’ve given permission to.

The fantastic thing about Solid is that it does all this without having to centralize information in hands that we can’t- and too often also should not – fully trust.

General Data Protection Regulation (GDPR)

Users are becoming increasingly aware of the need and importance for strong data rights. Governments are slowly adapting to this, with the upcoming EU General Data Protection Regulation as the first move towards a market in which businesses will have to adapt with new business models and technical infrastructure. With the decentralized web as an answer to these needs, users will be able to use services they want to interact with, data will be stored in their own private location, and they will be able to switch between them. This will allow and encourage for a market with a significantly lowered barrier to innovate, one in which collaboration between players is much favourable over competition. Without the main competitive advantage of data, network effects and vendor lock-in will become virtually obsolete. We help businesses create and participate in collaborative decentralized ecosystems where the value generated by its services benefits the ecosystem as a whole.

GDPR compliance is now mandated by May 2018. This means businesses are now required to show exactly how the data they collect is used and enables them to freely take this data with them to different services.

Conclusion

Social Linked Data with its decentralized architecture has the properties to profoundly enrich trust, data portability, and privacy. At the same time it will step up usability to a whole new level for both the user and service providers, while simultaneously becoming compliant to GDPR.

Author: Joachim Lohkamp, Jolocom

Adaptation Exhibition

Posted on 6th June 201716th June 2017

You are invited to attend the Adaptation exhibition on July 11-14 in Berlin, Germany.

The event will kick off at 6 pm on July 11 and will be open the two following days. The venue is Agora Rollberg, a Berlin-based experimental center for contemporary practices. The perfect place for this exposition!

You will get to see the four projects that have been working on their art + IoT piece since March. They have been collaborating with some AGILE partners: BioAssist, ATOS, Libelium, and Create-Net who have helped the artists with the AGILE software.

The four projects that will be showcased are:

E-Camera, by Luisa Fabrizzi
Floral Automaton, by Thomas Grogan
Fountains, by Justus Harris and Eric Dolores
Still Touchable? by Sue Park and Souneil Park

Adaptation will be hosted as a satellite event of the Berlin Tech Open Air. So that’s another excuse you can use to come around, attend workshops & talks and network. If you don’t like networking… you should attend just to see the city of Berlin!

We look forward to seeing you at the event.

View Details and get your ticket – it’s free!

EclipseCon France – Toulouse (June 21-22)

Posted on 31st May 201731st May 2017

At the end of June, the Eclipse AGAIL (AGILE) committers will be in Toulouse France for EclipseCon France 2017. It’s an annual Eclipse Foundation event for the French/ European Eclipse community. It’s an opportunities to learn, explore, share, and collaborate on the latest ideas and information about Eclipse technologies, the Eclipse Working Groups, and Eclipse member companies.

EclipseCon France will take place on June 21-22 at the Centre des Congrès Pierre Baudis in Toulouse, France. Here’s what we will be up to at the event:

Research Booth: where many European Research Projects will be present, including AGILE.
Talk on June 22: Meet & Greet the Eclipse Research Project Community
Meeting the community

While we are in Toulouse, we will also take the opportunity to meet face-to-face with consortium partners on June 19-20 to discuss the next steps and how best to move this project onward and upward! We will definitely keep you updated.

Demo Day at TU Graz, Austria

Posted on 24th April 201727th April 2017

The AGILE consortium had its quarterly plenary meeting at the end of March in Graz, Austria. FBK / Create-Net, AGILE project leader, took advantage of this opportunity to ask each of the partners to create a demonstration focusing on one aspect of the project for which they were responsible or involved. This resulted in an excellent demo session where we were able to take the pulse of the project.

This post lists and describes most of these demonstrations in order to share with you this excellent feedback.Continue reading→

IoT Developer Survey Results

Posted on 19th April 201724th April 2017

We’re pleased to announced that the third IoT Developer Survey 2017 results have just been published! It has been a pleasure for the AGILE consortium to participate in this initiative again this year. We think the information obtained by these surveys can be helpful for many of us in the IoT community.

Survey Results

Adaptation – Presenting the Winning Ideas and Next Steps

Posted on 7th March 20178th March 2017

It has been a while since we last updated you about AGILE’s media arts contest Adaptation. The reason for this is that the Adaptation jury has been busy going through the applicant’s proposals and deciding which four projects will embark in the program with us for a few months. Here are the four winning projects are the following and a short explanation of each of them:

Winning Ideas

Quantified-Self category: E-Camera

Artist: Luisa Fabrizi
Support partner: BioAssist

A camera that reveals pictures with variations depending on the emotions of the photographer in a certain moment in time thanks to the sensory extensions of the camera. Whenever the photographer takes a picture a software analyses the photographer’s momentary body data and remixes the picture in a way that resembles the original picture.

Smart Cities category: Floral Automation

Artist: Thomas Grogan
Support partner: Libelium

Floral Automaton is a sculptural device that grows plants digitally. By using various sensors taken from Smart Cities technologies, it reacts and adapts itself to its environment in real time.

Interactive Spaces category: Still touchable?

Artists: Sue Park & Souneil Park
Support partner: Atos

Who replaced our bookstores, record shop and post offices? And how? Can we recuperate our physical relationships with the information nowadays? Can they still be tangible and interactable? This project aims to trigger reflection about the change in our relationship with information given the development and arise of modern technology in the recent years. Intangible data will be transformed into physical representations as the visitor interacts with physical objects.

Environment + Data category: Fountains

Artists: Eric Dolores & Justus Harris

The Fountains installation will translate open data sets of water pollution selected from specific locations around the globe into data visualizations that transform the 3D scanned, virtual skin surface of people’s bodies to reflect the quality of their local water sources.The installation will also feature audio recordings of interviews of people adversely affected by water pollution, as well as people living with fair water conditions.

What’s next?

Everyone has been on-boarded and the artists have been connected to their partners. The sensors are about to be configured to the AGILE gateway and sent to the artists so they can start exploring them. During the next four months, artists and partners will be working hand in hand to develop the proposals towards the end point: the summer exhibition of the projects in Berlin, the city of artists.

Stay tuned by subscribing to the Adaptation list!

Participate in the IoT Developer Survey 2017

Posted on 8th February 201724th April 2017

The third annual IoT Developer Survey, hosted by Eclipse IoT, has just been launched. In previous years it has provided interesting insight about how developers are building IoT solutions. If you’re interested in last year’s results, you can view them here.

The AGILE consortium is pleased to be one of the partners supporting this initiative again this year. Please take the time to complete this 5-8 minute survey.

Remote Gateway Management: Benefits, and how we make it happen

Posted on 3rd February 20178th March 2017

Key features of the AGILE gateway include the ability to provide data and device management, execution of Internet of Things (IoT) applications and, importantly, communicate with the Cloud to enable a plethora of use-cases. But there is also features that are provided “under the hood”, features such as security.

Resin.io: a not-so-silent force working alongside the AGILE gateway

For AGILE to enable user application deployment, remote updates, and monitoring of connected gateways, we are customising and will utilise a software technology built by one of the project partners called Resin.io – it is a Remote Gateway Management interface that is deployed in the Cloud, and has, amongst others, a local component that will be running on each gateway called “Agent”.

Resin.io Container used in AGILE: Enables remote management features

The Resin.io Agent works on container level, with elevated privileges to manage both the underlying Operating System (OS), but also the user-space (any applications installed). In simple scenarios, it downloads the changed layers of any application container images, stops the old versions of those applications, and starts the new ones. As the process is ongoing, you can see the overall progress of the process in a dashboard. It is fully interactive, and allows clicking on any specific gateway devices to see more detailed information about the device, such as logs.

Staying up-to-date: A dashboard allows you to see the current status of a gateway

The Agent, which we are customising for use in pilots and use-cases adopted by AGILE, also contains the necessary components to keep a persistent, always-on connection to the Cloud environment which controls it (over secure VPN, as we are paranoid about security!). The Agent allows, upon authorisation, anything from updating the AGILE gateway on the fly, restarting modules and applications, adding functionality as well as providing monitoring information (such as OS logs) automatically and upon request. It also enables a streamlined approach to defining environment variables or other configuration options on the gateway.

Security, as always, is paramount

By far the most important feature is its ability to receive over-the-air updates. And we believe this is extremely important on any IoT application for security reasons. Imagine your gateway, end-devices and deployed applications suffering from a bug whilst you are unable to deploy a fix remotely – and now imagine if it’s not an issue with your own code, but rather an urgent OS security vulnerability! A popular real-world example of this is the U.S. Traffic Safety Administration car recall announcement, one from Tesla Motors, and one from GM. Both are related to problems that could cause fires. Tesla’s fix can be conducted as an “over the air” software update and doesn’t require owners to bring their cars to the dealer (more on this on the Wired article here). And there are recent cases of cameras being hijacked, armies of devices used for Distributed Denial of Service (DDoS) attacks… so let’s just say that it’s important for us to “have the users covered” as part of the AGILE project.

Of course, there is even more urgent need for these solutions to be secure (after all, any device which is why we are dedicating months of work, and the expertise of research and industry partners, in making sure the hardware and software stack behind AGILE is secure, end-to-end.

What does the management interface it look like?

As one our principles is to make things as easy as possible for our users, we are utilising the latest standards in Web development, User Interface (UI) design, and User Experience (UX).

Here is what you should expect to see once you get your hands on an AGILE gateway:

Device management interface: Environment Variables, Terminal, Actions (e.g. reboot)

Multi-gateway management: Information on OS updates, availability, monitoring/logs

Let us know your thoughts

The AGILE consortium comprises pioneering partners in hardware and software for IoT. Resin.io has been built to bring the Cloud deployment workflow to the world of embedded devices, and the customisation for use in AGILE with an AGILE-specific gateway management system, is no exception. Along the lines, we discover and assimilate interesting ideas from the Cloud or embedded worlds, or even invent ideas that only apply to the new paradigm the project represents.  There is a lot going on behind the scenes, and we are very keen to hear from the community about features they would like to see on the Remote Gateway Management interface. The consortium partners are organising pilots that will allow IoT device manufacturers (devices that will be controlled by the AGILE gateway through its integrated network modules), as well as developers and end-users to get hands-on with our early prototypes and final hardware gateway.

Author
Georgios Michalakidis, R&D Manager, Resin.io

AGILE Identity Management

Posted on 23rd January 20178th March 2017

The basis of a security framework is to identify and authenticate users and entities in the system. As a result, developing a proper identity management platform is the first step to start building the security mechanisms in the gateway. Now, we will describe key aspects of AGILE’s IDM and how it can be integrated on external systems, why some of the design choices were made, and point to additional resources which are hopefully useful for newcomers.

A Polyglot User Identity Management

We want to make our user’s lives easy by not creating yet another identity management system which forces them to create new username and passwords just to interact with the gateway. In our daily lives we already deal with a high amount of different credentials with particular restrictions; for example, passwords need to have a minimal length and must include particular characters. Some users deal with this by reusing passwords in different systems; however, this is a bad practice since the system administrator, or an attacker compromising the system, would obtain the user’s credentials for other external systems.

As a result, we have put considerable effort to find proper ways to integrate different authentication mechanisms into our identity management in order to have a usable user management. Currently, AGILE IDM allows users to authenticate using a range of protocols such as Web ID, Oauth2, or username and passwords verified locally on the gateway’s side.

Practically, this means that users who have been already registered with external identity providers, such as Google or GitHub can use their accounts to log into their AGILE gateways as users do when they login using services that rely on such identity providers using Oauth2. Furthermore, for users who do not want to use such identity providers, AGILE offers also other options to authenticate.

For instance, in particular installations of AGILE IDM, it may be desirable that users can log in using the username and passwords used by the underlying Linux system (also avoiding the creation of new username and passwords for the gateway management). Another option is to obtain a Web ID certificate from a provider (such as databox.me or similar) to login in AGILE by just selecting the client-side certificate during the validation step. The Web ID protocol, which is commonly used on linked data environments, allows users to authenticate with a web application by using a client side certificate validation step during the TLS handshake. The integration of this protocol will favor the integration of applications relying on linked data protocols (such as the Little Sister Jolocom’s application).

Last but not least, for users who still desire to have a local username and password generated just for the gateway management this is also supported.

Oauth2 Integration with AGILE IDM

AGILE IDM behaves as an Oauth2 provider towards applications relying on its authentication services. This integration method between applications and AGILE IDM is completely independent from the authentication mechanism used by AGILE IDM to authenticate the user. The latter could be Oauth2, Web ID, or a local username and password.
In consequence, any application relying on AGILE IDM to authenticate its users can use one of the Oauth2 grant types supported by AGILE IDM. Currently, AGILE IDM supports the following grant types:

Authorization code
Implicit (also known as token) flow
Client Credentials

To facilitate the use of AGILE IDM within the project, and by external adopters we have created a set of Node.js applications relying on AGILE IDM which implement the proper Oauth2 flows here. Furthermore, the authorization code application also provides a basic web interface to create and update entities and users, change their attributes, and them to groups. This will hopefully make testing and understanding how AGILE IDM works easier for newcomers.

Portable and Flexible

AGILE IDM uses Node.js as runtime; as a result, it can be employed not only on the gateway but also in other scenarios and operating systems. Also, in addition to the user management and authentication component, AGILE IDM allows the definition of flexible policies on the principal’s attributes in such a way that they can be written or read by particular users. This is paramount to support the definition of other entities, such as sensors or applications connecter or running on the gateway.
Currently, along with the German FORSEC project, we have begun a collaboration effort to integrate AGILE IDM in an IoT platform allowing users to control their data usage in a Cloud-based platform. AGILE IDM will offer not only user authentication, but also the management of principals in the system through its flexible attribute definition system. Last but not least, AGILE IDM also receives input from FORSEC regarding the policy enforcement framework on the attribute level.

Hands on Tutorials

To foster the use of the identity management platform developed in AGILE, we have also spent resources to document its functionality and to provide tutorials describing how to install, configure or extend AGILE’s IDM. For more information, please check the following links:

General README information
Step-by-step guide configuration for Oauth2 providers
Documentation for the project, developers and use cases of AGILE IDM: (link to be added soon)
Tutorial video on AGILE IDM installation and use of Oauth2 client demo of AGILE IDM

Authors

Juan D. Parra Rodriguez, University of Passau
Daniel Schreckling, FORSEC

Join us in Berlin for the IoT-EPI Challenge: Solving social problems using IoT

Posted on 18th January 201724th April 2017

We are excited to announce the participation of AGILE at the upcoming IoT-EPI challenge event in Berlin this March. The event is open to IoT enthusiasts and entrepreneurs with creative minds who believe that technology and innovation can be applied for social good. Three main challenges are looking for the right candidates to combine the available IoT technologies (from IoT-EPI projects like AGILE) to develop successful use cases.

AGILE is part of the Retail: Scan-to-share challenge. We are working together with TagItSmart and BigIoT projects to provide retail shoppers the ability to identify which supermarket foods are about to expire before purchasing them. The objective is to provide it to individuals in need. Join us in Berlin to discuss how we can use the technology and develop such an interesting platform and user ecosystem that can be self-sustained and scalable.

If you are interested to join (participation is free), learn more on how you can use the AGILE gateway and IoT technologies for making social impact, and qualify for prizes, apply here until the February 8

Event Date: March 17, 2017
Event Place: Ahoy, Berlin, Germany
More info: website and Twitter @agile_iot

The original idea of the World Wide Web

The dominating power of a few

Social Linked Data (Solid) and Blockchain (Ethereum)

General Data Protection Regulation (GDPR)

Conclusion

Share this:

Share this:

Share this:

Share this:

Share this:

Winning Ideas

Quantified-Self category: E-Camera

Smart Cities category: Floral Automation

Interactive Spaces category: Still touchable?

Environment + Data category: Fountains

What’s next?

Share this:

Share this:

Resin.io: a not-so-silent force working alongside the AGILE gateway

Security, as always, is paramount

What does the management interface it look like?

Let us know your thoughts

Share this:

A Polyglot User Identity Management

Oauth2 Integration with AGILE IDM

Portable and Flexible

Hands on Tutorials

Share this:

Share this: