The ongoing technological advancement is making the Internet of Things (IoT) adoption spur worldwide, with the number of IoT-connected devices projected to increase to 43 billion by 2023. Amidst the latest wave of IoT maturity and execution of bespoke solutions, considering an approach that can respond to the fragmented nature of IoT technology is a strategic move.
Being a core challenge, IoT market fragmentation has complicated the path to IoT adoption. With hundreds of separate IoT vendors around the world, there are various IoT protocols and network standards being used. Sooner than later, stable and foundational IoT offerings that can plug and play with other IoT products would emerge and interoperability can be achieved to prevent hours of hand-coding IoT interfaces for end-to-end product functionality.
But in reality, the IoT market hasn't reached consistent interoperability yet. Device deployment happens on the top-most network layer, what happens underneath in the application layer still requires an organized and compatible path for all players. This is the reason why the World Wide Web Consortium (W3C) worked on the Web of Things (WoT) subset of IoT; a standardized language that can preserve and complement existing IoT standards and solutions.
Internet of Things aims to bring connectivity to almost every object found in the physical world. Transmitting it into the digital world might seem easy but could be complicated, particularly when it involves different access points, servers, and software. Without a doubt, the current trend of collaborating, distributed teams through the Internet, mobile communications, and autonomous entities can be efficiently advanced and deliver diverse services and applications if flexibility and interoperability are ensured.
Collaborations are threatened by the fragmentation that we witness in the IoT industry, bringing difficulty to integrate the diverse technologies found within various objects in IoT systems. For IoT to constantly function as a global infrastructure, following a standard approach in interconnecting things based on ICT and massive information can open up new revenue streams, drive business efficiencies, and facilitate new business models.
WoT: Architecture, interactions, and patterns
Imagine that you are a smart business that wants to automate actions inside the office — from scanning your biometrics at the door, booking meeting rooms, updating inventories, and scanning databases, among others. To facilitate the interoperability, fragmentation, and usability of IoT, Web of Things (WoT), a set of standards can be of use. This is built around web standards such as REST, HTTP, and URIs that allow devices to interact with one another seamlessly.
WoT follows a progressing architectural framework with four layers: accessibility, findability, sharing, and composition. Moreover, there are three key integration patterns as well that are defined by the point at which a WoT API is exposed to the internet: direct integration, gateway integration, and cloud integration.
In layman’s terms, first, it works in a way that Things are on the web (layer 1) and can be found by humans and machines (layer 2). And once their resources are being shared securely with others (layer 3), it’s time to look at how to build large-scale, meaningful WoT applications (layer 4).
Layer 1: This layer converts anything into a ‘web’ Thing or REST API. This will enable interaction using HTTP requests just like any other resource found on the web.
Layer 2: This layer ensures that the Thing can not only be easily used by other HTTP clients but can also be findable and automatically usable by other WoT applications by reusing web semantic standards.
Layer 3: This layer finds a safe way to transfer the data across services securely by using different protocols such as transport layer security (TLS), OAuth, and RDFa.
Layer 4: This layer deals with understanding the integration of data and services from diverse Things into an immense ecosystem of web tools such as analytics software and mashup platforms.
By these four layers, the Web of Things provides a set of standardized technology building blocks that help to simplify IoT application development through a web paradigm. At its core is an IoT device's metadata called Thing Description (TD). The TD can be considered as the entry point of an IoT instance as it provides information on which data and functions are provided, which protocol is used, how data is encoded and structured, and further human-and-machine-readable metadata.
Following the properties-action-event interaction model, a property exposes the state of the Thing. This property should be readable, could be updated, and could be observable by pushing the new state after a change by action happens. Hence, an action allows invoking a function of the Thing by either manipulating a state indirectly; manipulating multiple properties at a time; manipulating properties based on internal logic; or manipulating state over time. Lastly, an event describes a source that pushes data asynchronously from the Thing to the consumer.
To put it simply, the WoT interaction model can be perceived, for example, through a smart speaker that is turned off (property), and will start to play (action) upon detecting a voice that says ‘music please’ (event).
Ensuring security
Javascript is at the heart of IoT applications. In particular, Node.js is an open-source, cross-platform that makes the request-response flow faster and smoother. This JavaScript runtime environment is used to build data-centric, real-time solutions that can handle a large number of requests coming from sensors, beacons, transmitters, motors, and other IoT devices.
In the context of modern IoT and WoT development, JavaScript and Node.js are said to be the Swiss army knife that serves as a great option for IoT projects. Having said that, securing Javascript code for WoT is crucial to ensure that device integration to the web is more accessible and easier to program. By observing a proper cybersecurity approach, exfiltrating private information, malwartizing, defacing websites, and phishing attacks can be prevented. In an application-level, the least privilege access of zero trust framework can also be applicable to gain better control of information flow and APIs.