PLATFORMS
The domOS ecosystem is a specification based on existing and emerging IoT standards that allows smart services for buildings to be decoupled from the underlying appliances and devices in buildings.
In the frame of the domOS project, three platforms have been upgraded to the domOS ecosystem specification: cloud.iO, S-IOT and domOS-Arrowhead.
cloud.iO
cloud.iO is a scalable open-source Internet of Things solution supporting the connection of a huge number of devices (“things”) to a central cloud platform. It enables applications to monitor and control things in real-time and to access the history of measurements and setpoints. Using state-of-the-art encryption and certificate-based authentication for all connections (things and applications) and offering flexible privacy management, cloud.iO is the ideal mediation platform between distributed things and applications.
-
cloud.iO has a domOS ecosystem-compliant add-on module for smart buildings. A relation database stores:
Metadata related to the building (“the building has been built in 1990 and features a heated surface of 500 m2”)
The energy topology (“space heating and domestic hot water preparation are performed by an interruptible air-water heat pump with 4 kW electrical power”)
URLs to access monitoring and control points in buildings, associated with the position of the concerned points in the energy topology (“This is the URL that provides the instantaneous electrical power consumed by the heat pump over the three phases”)
As part of the commissioning operation of a new building, an electrician installs a cloud.iO gateway, connects it with local devices and appliances, and finally collects data related to the building and feeds the ad hoc relational database with them.
-
A REST web service provides the list of the connected buildings and, for each building, a valid BD document. The BD is dynamically generated from data stored in the relational database.
-
A static WoT compliant Thing Model is elaborated for each supported appliance/device model. BDs contain information to instantiate a Thing Model and transform t it into a compliant TD.
-
cloud.iO provides HTTP REST access to BDs, Thing Models and monitoring/control points in buildings. Hence, services are only required to dispose of a REST client service. No WoT scripting API-compliant library is required.
-
cloud.iO features a fine-grained privacy control tool that allows a manager to configure detailed read and write access to monitoring and control points in buildings. In the context of domOS, cloud.iO serves filtered BDs to applications, which contain only the elements they may access.
-
All connected parties (i.e., building gateways and applications) are connected to the central server infrastructure using TLS-secured connections, with certificate-based client authentication.
-
Owners: HES-SO Valais, Institute of Systems Engineering
Licensing model: Open source, MIT license
Implementation of the domOS ecosystem
domOS-Arrowhead
domOS-Arrowhead is a scalable open platform for enabling smart services (applications) to access domestic buildings and their installed devices. It is a software layer that acts as a mediator between the service, the building, and the devices and enforces access control. An instance of the domOS-Arrowhead platform will be run, administrated, and hosted by a platform operator (role). The building owner (role) manages the building, the devices, and access rights. The domOS-Arrowhead platform uses the Arrowhead SOA industrial automation framework as a foundation to implement its services.
-
The main platform components are depicted below. The main features of the domOS-Arrowhead platform are:
Access and Identity Management (AIM) using OATH2.1 implemented by Keycloak, a standard and well-known access and identity manager.
domOS common ontology compliant things- and building descriptions.
Web-of-things (WoT) as device abstraction.
Semantic web-based knowledge bases, validation, and semantic querying of building descriptions.
Forced intermediation handles all communications between external applications and things performing access control upon each affordance access.
Fine-grained things access control on affordance level; each access to a thing’s affordance is checked against specified read-, write-, and execute affordance permissions as specified by the building owner.
Internal and external applications. An application may be written as a normal Arrowhead application and executed in the local cloud, or it may be completely external.
Efficient implementation of the intermediator using Reactive Java. The platform has the ability to add multiple intermediator instances when required for scaling.
Flexible deployment options both at the gateway and the cloud level.
-
The domOS eco-system-compliant building description directory stores and manages building descriptions. Building owners edit these according to the structure, the meta-data, the devices that are installed in the building, and what “measurement- and control points” are available to applications. Technically, applications use a REST API to query the building description directory using semantic web SPARQL. Support for import and export via JSON-LD is planned.
-
domOS-Arrowhead is web-of-things compliant. It assumes that things descriptions of the devices (either WoT native or adapters) are available. Things descriptions are stored in the platform’s things description directory. The platform uses forced intermediation, meaning that no device credentials are revealed to applications, and each access is checked against the specified access rights.
-
Services can run inside the platform, or live as external components e.g., hosted by the smart service provider. They must be able to process things-description and perform SPARQL queries to the building description.
-
domOS-Arrowhead enables fine-grained things access control on affordance level; each access to a thing’s affordance is checked against specified read-, write-, and execute affordance permissions as specified by the building owner. Access to the data stored in the platform is controlled through user roles and controlling explicit access rights.
-
The platform uses state-of-art secure communication and implementation principles.
-
Owner: Aalborg University
Implementation of the domOS ecosystem
S-IOT
SIOT is a novel, decentralized approach to build IoT systems. Appmodule developed SIOT, considering the high security, availability, redundancy, and real-time requirements of mission-critical systems like smart grids.
-
Within the domOS project, the SIOT platform is extended with the WoT layer. Buildings are now described by Building Descriptions (BDs) and Thing Descriptions (TDs), which makes the platform interoperable with other systems and services.
-
The aliunid system presents the BDs and TDs in HTTP format and can be reached via URL. The BDs and TDs are generated from data stored in the private cloud.
-
cloud.iO provides HTTP REST access to BDs, Thing Models and monitoring/control points in buildings. Hence, services are only required to dispose of a REST client service. No WoT scripting API-compliant library is required.
-
SIOT is a closed platform: aliunid GATEWAY and aliunid HOME are operated by aliunid (service provider).
Users can register themselves using the aliunid HOME App. In this case, such registration is made with the help of the authentication server, which allows control of all related functions, such as registration, and password change.
The privacy of the stored data is guaranteed by means of the Private Cloud, to which access is strictly controlled. Moreover, a Private Cloud can be deployed on a decentralised server, which can be protected against any attacks by applying the related security measures commonly known in the networking community.
-
The security platform uses the common principles of an identity and access management (IAM) system as they are applied today in a modern network environment and in conjunction with the Device VPN system (DVPN). All information transport is secured with the so-called Transport Layer Security (TLS), which is available for standard sockets (SSL), for web sockets (WSS) and for HTML (HTMLS).
-
Owner: Appmodule AG