Reading Time: 26 minutes

The Internet of Things (IoT) is supposed to have 10 times the impact of the Web itself, which means it has potentially 10 times the risk for complication, and, with its ubiquity, 10 times the risk to security. Each “Thing” we encounter in our daily and professional lives could potentially be connected within the next couple years. And with so many, many more players, manufacturers, protocols, and programming languages, it all gets exponentially more complicated.

That’s why it’s interesting that the simplicity of grammar and the logic of verbs seems to be the solution that’s arisen to make sense of these 50 billion connected devices.

latest report
Learn why we are the Leaders in API management and iPaaS

The Web of Things working group, a part of the World Wide Web Consortium or W3C, has brought together 40 of the biggest players in the IoT space to standardize on semantic interoperability based on Linked Data (the underlying principle behind the Semantic Web) and application programming interfaces or APIs. ProgrammableWeb talked to these forerunners of the future of our soon-to-be connected world.

APIs Create Abstraction Layer for Universal IoT Communication

Dave Raggett, technical lead for the project, said the main objective of the WoT group is to “find a way of describing things in such a way that developers don’t have to know about the details [or] underlying communication patterns.”

While there can be a limitless amount of connected objects, similar kinds of objects tend to have aspects in common and behave or are used in similarly predictable ways. The vast majority of connected devices share some, if not all, of the following aspects:

  • Objects with certain properties, like temperature
  • Actions, like turning on heating
  • Events, like having the heat turn back on when the temperature drops
  • An owner
  • A vendor
  • A location

Raggett said the IoT is all about finding the description of things.

In order to turn the IoT into this description of things, the standards body has decided to build APIs as a sort of identity extraction layer for applications, similar to what the W3C did in creating an abstraction layer for the Internet itself.

“The Internet introduced an abstraction layer, which means that developers could create services end to end across networks without knowing anything about the networks or the technology. Abstraction layers are very powerful,” says Raggett.

“The APIs may vary slightly from one programming language to another. The working group charter is setting out to identify some common patterns across languages and then to define the specific APIs for particular languages like JavaScript related to the object model for the Web of Things,” he says.

For each grouping of connected things, they’re looking to answer:

  • How do I publish a Thing?
  • How do I access a Thing?
  • What is the lifecycle of a Thing?
  • How do I add a new property to a Thing?

“The idea is that if every application platform had its own APIs and they’re all different, it would make creating barriers easier. If we can create common APIs across platforms, we can reduce the cost. We want to create application APIs that are at the level of the Web of Things,” Raggett said. With this working group “we aren’t talking about a protocol, we’re talking about an action.”

Alan Bird, the W3C’s global development business leader, offers up the example of smart manufacturing:

“The big guys all have their own systems teams and they can guide through all this integration, but this is really a challenge for someone who is trying to have agile manufacturing. They don’t tend to have the expertise on networks and protocols and how to standardize across APIs. These companies are having to offer service integration solutions to make it work. It’s not a one-time expense because, with new integrations and new code, all that needs to be updated.”

Bird goes onto say that, “If we could have a standard definition and a known ontology, then we could work with our customers to build on our platform.” While currently they have to spend a lot of time reengineering the integration layer, he says.

He described the end objective of this WoT working group as one that reduces cost and increases profitability in a way that redeploys engineers onto other work, all through increased interoperability.

Bird says this working group is heading down the similar path as the Web. “Some leading-edge companies were doing some really cool stuff. But in order to gain the market share that they want and to continue to grow in the market, standardization is needed,” he says.

Pillars of IoT, who are also key W3C members, like IBM, Siemens, and Cisco, already have proof-of-concept labs to prove how this interoperability works. But now it’s up to the W3C to take it to the next level, attracting integration companies like Accenture, where you have a mix of products and companies interoperating together.

Why Could the API Be the Final Solution

Michael Campbell, CEO of IoT platform provider MachineShop, tells ProgrammableWeb that, “It seems like there are as many standardizations and bodies focusing on IoT protocols as there are IoT protocols.” He finds his own organization on five of these protocol boards.

He warns that we need to be careful with how freely we use the word “protocol” because there are important ones like the communications protocols — like Bluetooth, Wi-Fi, Zigbee, MQTT, and CoAP — and networking protocols which decide the different ways to package data transferred over a network. But too often the term “protocol” is tossed around when really we are talking about the actual format of the data going across a network via some protocol, he says. While there may be protocols in place, he points to how even within the heating, ventilation, and air-con world, each element and brand is implemented very differently.

Campbell says that IBM did a particularly good job with creating the MQTT protocol and then open sourcing it, “but again how people implement MQTT varies from vendor to vendor.”

“That’s why I think an API construct is a really smart thing to do because what it does is it allows various vertical markets to choose whatever works for their verticals,” he says. “It’s important for verticals to maintain their proprietary access because they all have their own security requirements.”

Campbell offers the example of the utilities industry, where the data transmission on the energy grid is too important to have watered down security. He says the situation is the same for the healthcare, supply chain, and transportation industries. “They have too many elements for them to adopt a horizontal IoT universal protocol or standard.”

All this being said, Campbell argues that “anything that moves to an API-first or API-centric architecture for the exchange of the information and purposes of integration is the way to go because, even though you might have many, many different protocols based on applications requirements in a vertical industry, in all cases an API-centric architecture still can and should be implemented.”

The API “is one of the few ways that you can standardize at the data exchange layer that can cut across vertical markets because [APIs] are protocol agnostic, and they are agnostic to the type of device and volume of data or transport protocol,” he says.

But in the end, it’s not just the API but the API backed by Linked Data and the semantics it enables that will drive the WoT Working Group’s next recommendations.

Linked Data Chosen to Bring Semantic Interoperability to IoT

What is “semantic interoperability” besides a mouthful? According to Raggett, it’s about having “different services that are communicating but don’t have the same meaning.”

With a combination of Linked Data and interoperability through APIs, the W3C believes a consistency and fluency can be created across standards and platforms.

“Suddenly the Open Data Initiative and open data movement started to go and, following on Obama, the European Union needed to follow more data and they said ‘Data is the oil of the twenty-first century. A lot of companies saw the value of data,” says Linked Data Aficionado and Apiwise Co-Founder Dimitri Van Hees, when describing the origin of Linked Data. “Then the Raspberry Pi and Arduino and the Internet of Things [arrived]. Suddenly there was a lot of data, both useful and useless. People didn’t know where to look anymore. There was data everywhere about everything. I see those things as independent happenings, but they all happened at the same time. The rise of Open Data, the rise of the Internet of Things and the rise of social data—it was my time to strike,” he says.

He believes that while we have a lot of data, if it isn’t useful, people won’t use it, and he argues that Linked Data gives it usefulness.

This concept is certainly not new; Sir Tim Berners Lee built the Semantic Web on it.

“You have a Google MapsTrack this API, you have a location, but what if it also knew there were so many parking places this far away. So then it gives an added value to the end user of the person visiting a stadium” [who was worried about parking],” Van Hees says.

He often describes Linked Data in a way similar to diagramming sentences — everything breaking down to Subject, Predicate, and Object (what Semantic Web experts call a triple). Linked Data is what gives the context to where a thing is, what it’s doing, and who or what it’s communicating with.

A Web of Linked Data is also often discussed in the same circles as the term “graph.” For example, the immense Web of linked data that an identity is tied to on Facebook is sometimes referred to as someone’s personal graph. However, Linked Data can mean different things. There’s Linked Data (capitalized), which is the publicly accessible and queryable triples that, in aggregate, make up the Semantic Web. And there’s linked data (lowercase), where the basics of linking data to form graphs of information are put into practice, but actual implementation is proprietary or hidden from the public.

Also, to read more on Linked Data:

  • How to Take Advantage of Existing Linked Data Networks
  • How Linked Data Solved a Digital Age Marketing Problem
  • How to Build Hypermedia APIs with JSON-LD and Hydra

Now the IoT “needs new standards for validation for semantic interoperability — we see a gap there. I think that with Web developers, some people are put off because they see that the syntax and the communities are somewhat detached from what they are doing now,” Raggett says.

The Web does that now with webpages, pointing to the Semantic Web-based as having “proven extremely successful….We look forward to it being a critical ingredient for open markets and services around the Internet of Things,” he says.

“In the smart home, if you want to put together devices with certain standards, they have to agree to certain languages and standards. “[While in] smart cities if you want to combine different information sources and to provide data across cities, we need some agreement on the terms we’re using,” Raggett says.

He uses the analogy of a Web browser, where the W3C has seen great success in its open browser standards. He says they want to take these standards and apply them to an application platform. In this case they want to run an application browser in the IoT, running on the network edge or in the cloud.

“By having open standards around these open platforms or Web platforms, we think that it can drive the growth of the market,” Raggett said, adding we should never doubt that open standards and open platforms expand naturally.

Will These Be Enough for IoT’s Security?

Of course when you’re talking about connected devices that collect data about people’s movements and connect the previously unconnected, security is always going to be a hot topic.

“At the moment we have individual organizations working on the security,” Raggett said. They’re “using the same protocols but differently, but what we need to do, as a community of organizations, is to build a common vision of what’s going to happen with end-to-end security on these platforms.”

The W3C isn’t a board that releases standards and protocols, rather it’s a community that releases recommendations and best practices. In this case, by advising people to make sure to ask these questions:

  • Do the devices themselves satisfy my best practices?
  • What about the services on top of them?
  • How resilient are these services in case of attack?

“We want to evaluate the specifications of what security to provide, and we also want to reach out to these organizations,” Raggett said. “There are quite a few standards, but [success depends on] how you put them together and you use them. If you use them badly, then you lose that security.”

The goal is to bring different governing and advisory bodies, as well as standards developing organizations, like the Industrial Internet Consortium, the IoT Security Foundation, and those behind connection layers like Bluetooth, together to compile more best practices. This will surely involve security metadata and cross-platform approaches building on top of the IoT platform security.

According to Raggett, this is about building on “a lot of existing work, but it’s about producing a common approach for end-to-end security across platforms.”

This voluntary working group sees a two-year roadmap toward releasing recommendations and specifications, as well as an open-source wrapping to better collaborate over and share all the results.

Of course with so many pieces brought together, Raggett said they will work “to try to pick off pieces that are sufficiently mature [with a] likelihood of a certain amount of agreement in a reasonable timescale.”

But How Can Developers Get Involved?

Bird admits that the “W3C’s biggest challenge has been where we’re technology’s best-kept secret,” and says they need more evangelism, particularly to get CTOs and project management decision makers more involved.

However, with much of the WoT working group’s recommendations still two years out, what should developers be doing now?

“The market is still immature. Developers have to focus on their short-term goals and pragmatically pick standards and to connect to communities to learn about best practices,” says Bird.

With someone like the knighted Berners-Lee at the top of it and Fortune 50 companies involved, we tend to look at something as important as the WoT working group as something untouchable. But one of the most interesting parts of the open source world surrounding the W3C is it’s not like that at all. In the end, it’s still an astonishingly open initiative that really welcomes contribution from the public.

The next step is for the WoT group to find ways to reach out to more developers for feedback as they encourage work around the open source world.

If your company is a member of the W3C and it’s your responsibility to develop platforms in the IoT concept area, contact the consortium or working group directly.

“If they’re a developer where they’re doing some development of a platform or a smart-whatever implementation and there are problems where the Web isn’t behaving the way that they want, they should encourage their work to join the W3C so we can put that forth as a use case,” says Bird.

This article first appeared on ProgrammableWeb.