fi-ppp technologies training materials
TRANSCRIPT
This project is co‐funded by the European Union
Page 1 of 6 Part of the FI‐PPP
Grant Agreement no. 632838
FINODEX ‘Future INternet Open Data Expansion’
COMBINATION OF COLLABORATIVE PROJECT & COORDINATION AND SUPPORT ACTION
Information and Communication Technologies
Deliverable 3.1 v2 FI‐PPP Technologies training materials
Due date of deliverable: 31/05/2015 Actual submission date: 26/05/2015 Start date of project: 01/06/2014 Duration: 27 Months Contact person responsible for this deliverable: Mr Stefano de Panfilis Organisation name responsible for this deliverable: Engineering – Ingegneria Informatica S.p.A.
Project co‐funded by European Commission within the Seventh Framework Programme
Dissemination level
PU Public X
PP Restricted to other programme participants (including the Commission Services)
RE Restricted to a group specified by the consortium (including the Commission Services)
CO Confidential, only for members of the consortium (including the Commission Services)
Deliverable 3.1. v2 FIWARE Technologies training materials
This project is co‐funded by the European Union
Part of the FI‐PPP
DOCUMENT INFO
Authors
Name Company E‐mail
Stefano de Panfilis ENG [email protected]
Davide dalle Carbonare ENG [email protected]
Pasquale Vitale ENG [email protected]
Reviewers
Name Company E‐mail
Miguel García ZABALA [email protected]
Document Control
Document version
Date Change
D3.1.1 15/10/2014 First draft
D3.1v1 21/10/2014 Final version by the consortium to be submitted to the EC.
D3.1v2 26/05/2015 Second version by the consortium to be submitted to the EC.
Document Data
Point of Contact Name: Stefano de Panfilis Partner: Engineering – Ingegneria Informática S.p.A.
Address: Via San Martino Della Battaglia 56, 00185, Roma, Italy Tel. (+39) 06‐8759‐4253
E‐mail: [email protected]
Deliverable 3.1v2 FI‐PPP Technologies training materials
This project is co‐funded by the European Union
Page 3 of 6 Part of the FI‐PPP
SUMMARY This is a compilation of materials related to the FIWARE training of the potential proposers. The training materials on FIWARE technologies are divided into:
‐ YouTube Channel videos at www.youtube.com/user/finodexproject where during the project lifetime different materials will be generated and playlists related to FIWARE training (adding contents from third parties) in order to have an organised pool of videos to help proposers.
‐ Annex1 Summary of FIWARE technologies ‐ Annex2 Presentations on FIWARE technologies (done at different events)
Deliverable 3.1v2 FI‐PPP Technologies training materials
This project is co‐funded by the European Union
Part of the FI‐PPP
ANNEX 1. SUMMARY ON FIWARE TECHNOLOGIES INCLUDING A PRESENTATION ON FIWARE TECHNOLOGY SEMINARY.
Deliverable 3.1v2 FI‐PPP Technologies training materials
This project is co‐funded by the European Union
Part of the FI‐PPP
ANNEX 2. PRESENTATIONS ON FIWARE TECHNOLOGIES Including presentations on the basic FIWARE features, namely:
1. FIWARE Introduction
2. FIWARE LAB Cloud Portal
3. FIWARE Context Broker
4. FIWARE Overview of GEs
5. FIWARE IoT
6. FIWARE CEP
7. FIWARE IdM
8. FIWARE GE Architecture - samples
All these presentations are mainly intended to developers (SMEs, Entrepreneurs) to understand and improve their knowledge on FIWARE Platform (the slideshows were presented during the info days events).
1. FIWARE Introduction FIWARE Introduction presentation is the starting point to introduce interested users to the FIWARE Platform. The presentation contains the definition of "FIWARE Platform", what it is and how to use the FIWARE Technologies.
2. FIWARE LAB Cloud Portal FIWARE LAB Cloud Portal presentation introduces the cloud portal of FIWARE. It contains the steps to be followed to create virtual machines and how to connect to them via SSH.
3. FIWARE Overview of GEs FIWARE Overview Generic Enablers presentation defines a list and a short description of the Generic Enablers available in the FIWARE Catalogue.
4. FIWARE Context Broker This is maybe the most important FIWARE Generic Enabler. This presentation provides an overview of Orion Context Broker, how to work and how to use it in order to create the context information. The last sections are dedicated to advanced functionalities.
5. FIWARE IoT FIWARE Internet of Things presentation explains how to use the devices/sensors to transform the information of physical world in to data.
6. FIWARE CEP FIWARE Complex Event Processing presentation defines the patterns and rules about the context information for the Context Broker GE.
Deliverable 3.1v2 FI‐PPP Technologies training materials
This project is co‐funded by the European Union
Part of the FI‐PPP
7. FIWARE IdM FIWARE Identity Management presentation shows the aspects related to authentication and authorization based on the OAuth 2.0, how to manage the identities and the organizations.
8. FIWARE GE Architecture - samples FIWARE Generic Enabler Architecture is a presentation that shows how can be realized some architectures by using FIWARE technologies starting from some practical examples..
This project is co‐funded by the European Union
Page 1 of 9 Part of the FI‐PPP
FINODEX INTRODUCES
TECHNOLOGIES
Deliverable 3.1v2 FI‐PPP Technologies training materials
TECHNOLOGIES TRAINING MATERIALS The Technologies training materials is divided in seven macro area:
1. Cloud Hosting 2. Data/Context Management 3. Advanced middleware and interfaces to Network and Devices (I2ND) 4. Advanced Web‐based User Interface 5. Security 6. Internet of Things Services Enablement 7. Applications/Services and Data Delivery
The figure shows the chapters and for each chapters the Generic Enablers.
1. CLOUD HOSTING The Generic Enablers for Cloud Hosting chapter are:
1.1. IaaS Resource Management GE ‐ FIWARE Implementation This GE provides the facilities to provision virtual machines, as well as to associated compute, storage and network resources. The implementation is based on OpenStack ‐ the rapidly emerging open source project providing cloud infrastructure middleware, being adopted by the wide ecosystem of organizations across the various industry sectors.
Deliverable 3.1v2 FI‐PPP Technologies training materials
1.2. Monitoring GE ‐ FIWARE Implementation Monitoring GE ‐ TID Implementation is the key component to allow incorporating monitoring and metering mechanisms in order be able to constantly check the performance of the system, but the architecture should be easily extended to collect data for other required needs. Monitoring involves gathering operational data in a running system.
1.3. Object Storage GE ‐ FIWARE Implementation This Generic Enabler Implementation provides robust, scalable object storage functionality based on OpenStack Swift. The OpenStack Swift API provides a standardised mechanism to manipulate both the binary objects that are stored, and the hierarchy of containers in which they are organised. This RESTful API can be accessed from any client technology that can communicate over HTTP. By leveraging OpenStack Swift, all the benefits of this rapidly maturing open‐source cloud storage solution can be realised. The highly‐available, distributed, and scalable features of swift can be exposed using commodity hardware.
1.4. PaaS Manager ‐ Pegasus Pegasus orchestrates the provisioning of the required virtual resources at IaaS level and the installation and configuration of the whole software stack of the application, taking into account the underlying virtual infrastructure. It provides a flexible mechanism to perform the deployment, enabling multiple deployment architectures: everything in a single server, several servers, or elastic architectures based on load balancers and different software tiers. Pegasus is a easy way to deploy your applications in the FIWARE Cloud.
1.5. Policy Manager ‐ Bosun The Policy Manager GE provides the basic management of cloud resources based on rules, as well as management of the corresponding resources within the FIWARE Cloud Instance like actions based on physical monitoring or infrastructure, security monitoring of resources and services or whatever that could be defined by a facts, actions and rules. Policy Manager is a easy rule engine designed to be used in the OpenStack ecosystem and of course inside the FIWARE Cloud.
1.6. Self‐Service Interfaces ‐ Cloud Portal The Self Service Interfaces provide a support for the users of the cloud infrastructure and platform to manage their services and resources deployed in cloud. For the moment it consist of open source implementation of a User Portal and Scripts.
1.7. Software Deployment & Configuration ‐ Sagitta Sagitta (the Software Deployment and Configuration ‐ SDC ‐ GE), which is the key enabler used to support automated deployment (installation and configuration) of software on running virtual machines. As part of the complete process of deployment of applications, the aim of Sagitta is to deploy software product instances upon request of the user using the API or through the Cloud Portal.
2. DATA/CONTEXT MANAGEMENT The Generic Enablers for Data/Context Management chapter are:
2.1. BigData Analysis ‐ Cosmos Cosmos is an implementation of the Big Data GE, allowing the deployment of private computing clusters based on Hadoop ecosystem. Current version of Cosmos allows users to:
• I/O operations regarding Infinity, a persistent storage cluster based on HDFS.
• Creation, usage and deletion of private computing clusters based on MapReduce and SQL‐like querying systems such as Hive or Pig.
• Manage the platform, in many aspects such as services, users, clusters, etc, from the Cosmos API or the Cosmos CLI
Deliverable 3.1v2 FI‐PPP Technologies training materials
2.2. Complex Event Processing (CEP) ‐ Proactive Technology Online The CEP GE analyses event data in real‐time, generates immediate insight and enables instant response to changing conditions. While standard reactive applications are based on reactions to single events, the CEP GE reacts to situations rather than to single events. A situation is a condition that is based on a series of events that have occurred within a dynamic time window called processing context. Situations include composite events (e.g., sequence), counting operators on events (e.g., aggregation) and absence operators. The Proactive Technology Online is an implementation of the FIWARE CEP (Complex Event Processing) GE.
2.3. Publish/Subscribe Context Broker ‐ Orion Context Broker The Orion Context Broker is an implementation of the Publish/Subscribe Context Broker GE, providing the NGSI9 and NGSI10 interfaces. Using these interfaces, clients can do several operations:
• Register context producer applications, e.g. a temperature sensor within a room
• Update context information, e.g. send updates of temperature
• Being notified when changes on context information take place (e.g. the temperature has changed) or with a given frequency (e.g. get the temperature each minute)
• Query context information. The Orion Context Broker stores context information updated from applications, so queries are resolved based on that information.
2.4. Stream‐oriented ‐ Kurento The Stream Oriented GE is a development framework that provides an abstraction layer for multimedia capabilities, allowing non‐expert developers to include interactive media components to their applications. At the heart of this enabler there is the Open API. A REST‐like API, based on JSON RPC 2.0, exposing a toolbox of Media Elements that can be chained to create complex media processing pipelines. The Stream Oriented GE provides several client implementations of the Open API. The Java client allows developers to include media capabilities to Java or JEE applications. There is also a Javascript client ready to be used with NodeJS or directly in browser applications. Thanks to these, the Stream Oriented GE provides developers with a set of robust end‐to‐end interoperable multimedia communication capabilities to deal with the complexity of transport, encoding/decoding, processing and rendering tasks in an easy and efficient way.
3. ADVANCED MIDDLEWARE AND INTERFACES TO NETWORK AND DEVICES The Generic Enablers for I2ND chapter are:
3.1. Network Information and Control ‐ OFNIC OFNIC is a reliable and distributed Software Defined Network (SDN) controller for enterprises’ OpenFlow‐enabled network. It enables the abstraction and virtualization of network resources and functionalities. OFNIC also monitors the status of the network and provides near real‐time data about network statistics with different levels of granularity (flow, node, port).
4. ADVANCED WEB‐BASED USER INTERFACE The Generic Enablers for Advanced Web‐based UI chapter are:
4.1. 2D‐UI A JavaScript library that handles generic web user interface input events like keyboard and mouse. This GE provides means to dynamically add existing input devices input events such as touch pads and gamepad, and input event abstraction to handle keyboard key and mouse button combinations. The goal is to provide support for advanced, Web‐based, highly dynamic, and potential 3D user interfaces.
4.2. 2D/3D Capture 2D 3D Capturing is capture contextual information related a 2D 3D scene of the surrounding so that the data can be used to provided to or as services. Location information, lighting information, device orientation, heading direction
Deliverable 3.1v2 FI‐PPP Technologies training materials
are the necessary contextual information and based on the service these other information available to the browser can be used.
4.3. 3D‐UI‐XML3D XML3D is an extension to HTML5 for declarative 3D content represented as a scene graph like structure inside the DOM. All nodes within this graph are also nodes in the web sites DOM tree representation and can be accessed and changed via JavaScript like any other common DOM elements as well. On these DOM nodes, HTML events can be registered similar to known HTML elements.
4.4. 3DUI ‐ WebTundra WebTundra is the Web client for taking realXtend 3D virtual worlds into modern web browsers. The provided TundraSDK and TundraClient can connect to a realXtend Tundra server. Implementing the Tundra network protocol via WebSocket and rendering with WebGL. For networked multiuser usage requires a Tundra server (Synchronization GE server side).
4.5. Augmented Reality Augmented Reality Generic Enabler is a high‐level application programming interface for HTML5 Augmented Reality applications. Required run‐time environment is the JavaScript support of a suitable web browser. No plug‐ins are required. These applications may rely on the functionality of the other GEs, like XML3D Technology, POI Data Provider, etc.
4.6. Cloud Rendering The goal of this GE is to provide a generic way to request, receive and control a video stream of a remote 3D application. The complexity and usual heavy performance requirements for a 3D application can be offloaded to a server, from a low end device that could not handle the rendering otherwise. Cloud Rendering GE provides a web service that can be used to implement your own 3D application rendering and interactions with the web client. Also provided are accompanying web client that shows how to talk to the web service and a renderer for the realXtend Tundra 3D application SDK and the end user Meshmoon Rocket client.
4.7. GIS Data Provider ‐ Geoserver/3D This GE is able to host geographical data and serve it in 3D form (where applicable) to both mobile and web clients. The GE implementation is based on open source Geoserver project (GPL licensed) and W3DS extension.
4.8. Interface Designer The goal is to provide an easy‐to‐use full manipulator / editor of 3D objects within a scene. An in‐browser world editor that allows users to easily create, remove, and manipulate scene objects through variety of tools. This editor in particular utilizes Scene and EC model, in other words, manipulates entities, components and attributes. Manipulations can be done through GUI that consist of three parts: scene tree, EC editor, and additional toolbar, or directly into the scene via 3D manipulation helper objects such as transform gizmo / axis tripods, and grids. The GUI provides extensive editing of entities that cannot be otherwise done via a 3D manipulation helper, and also in most of the cases serves for fine‐tuning of values.
4.9. POI Data Provider POI (Points of interest) Generic Enabler is a web server kit that supports
• storing information related to locations
• serving queries by location and other criteria
• can be configured to meet your data needs POI Generic Enabler makes it relatively easy to
• Relate any information to places, e.g.
Deliverable 3.1v2 FI‐PPP Technologies training materials
o Tourist attractions / services o Photos, videos, 3D content o Special location data of your business o Imaginary items of an outdoor game o ...
• Search information by location and other criteria
• Store information by location
• Develop an application that utilizes those capabilities
4.10. Real Virtual Interaction A key aspect of Augmented Reality is that virtual content is not just presented embedded within the context of the real world, but that it should also allow users to interact actively with real objects and the objects to provide input to the user. Real Virtual Interaction generic enabler (GE) provides means for connecting real world devices consisting of sensors and actuators in to augmented or virtual reality applications. Since the real world sensors and actuators are not complex enough to contain necessary logic to publish themselves outside their immediate domain there needs to be a external service that is able to access these devices and to be able to share the access to other services and also directly to end‐users. This service provides security, data base for storing history and offline data, scalability and other cloud‐like features that make it easier for application and service developers to make use of the devices in various purposes. This GE also provides a practical prototype for publishing sensor and actuator information application developers derived from NGSI 9/10 format developed earlier in FIWARE.
4.11. Synchronization The Synchronization Generic Enabler presents a lightweight and generic network‐synchronized dynamic scene data model, and two communication protocols to interact with the model: SceneAPI, a RESTful HTTP API for non‐realtime querying and modification of the scene, and a WebSocket‐based bidirectional protocol for connected Web clients to receive continuous real‐time scene updates, and to post their real‐time changes to the scene. It includes a server reference implementation based on the realXtend Tundra SDK, and a JavaScript client library. The scene data model is based on a hierarchy of Entities, Components and Attributes. A typical use case would be the implementation of a dynamic multi‐user virtual world, but as the data model is completely generic, it is by no means limited to that use case.
4.12. Virtual Characters This GE consists of an open standard and reference implementation for virtual characters on the Web. Web applications will be able to create, display and animate virtual characters. The characters can be composed of multiple mesh parts, to eg. allow easily swappable parts like upper or lower bodies, and attached objects such as clothing. The virtual character functionality is implemented as a JavaScript library, and is part of the WebTundra codebase, which also contains the 3D‐UI and Synchronization (client part) GE's. The 3D‐UI GE (which in turn uses the WebGL API through the three.js rendering library) is utilized for the Entity‐Component‐Attribute based scene model, the hierarchical transformation graph and implementing the actual rendering: a virtual character becomes part of the scene hierarchy and can be manipulated using the scene model's functions.
5. SECURITY The Generic Enablers for Security chapter are:
5.1. Authorization PDP ‐ AuthZForce You get the reference implementation of the Authorization PDP Generic Enabler (formerly called Access Control GE). Indeed, as mandated by the GE specification, this implementation provides an API to get authorization decisions based on authorization policies, and authorization requests from PEPs. The API follows the REST architecture style, and complies with XACML v3.0. XACML (eXtensible Access Control Markup Language) is a OASIS standard for authorization policy format and evaluation logic, as well as for the authorization decision request/response format.
Deliverable 3.1v2 FI‐PPP Technologies training materials
The PDP (Policy Decision Point) and the PEP (Policy Enforcement Point) terms are defined in the XACML standard. This GEri plays the role of a PDP. To fulfill the XACML architecture, you may need a PEP (Policy Enforcement Point) to protect your application, which is not provided here. However, the PEP Proxy by UPM ‐ soon to be found on this catalogue ‐ provides such a component for protecting RESTful APIs in particular.
5.2. Identity Management ‐ KeyRock Identity Management covers a number of aspects involving users' access to networks, services and applications, including secure and private authentication from users to devices, networks and services, authorization & trust management, user profile management, privacy‐preserving disposition of personal data, Single Sign‐On (SSO) to service domains and Identity Federation towards applications. The Identity Manager is the central component that provides a bridge between IdM systems at connectivity‐level and application‐level. Furthermore, Identity Management is used for authorising foreign services to access personal data stored in a secure environment. Hereby usually the owner of the data must give consent to access the data; the consent‐giving procedure also implies certain user authentication.
5.3. PEP Proxy ‐ Wilma You get the reference implementation of PEP Proxy Generic Enabler. Thanks to this component and together with Identity Management and Authorization PDP GEs, you will add authentication and authorization security to your backend applications. Thus, only FIWARE users will be able to access your GEs or REST services. But you will be able also to manage specific permissions and policies to your resources allowing different access levels to your users.
5.4. Security Monitoring The Security Monitoring GE is part of the overall Security Management System in FIWARE and as such is part of each and every FIWARE instance. The Security Monitoring GE was designed to be offered as a services suite. The services provided, even if they can be used in isolation offer their most when used conjointly to cover the whole & primary usage pattern. Hereafter is the list of services offered by the Security Monitoring
• MulVAL Attack Paths Engine
• Scored Attack Paths
• Remediation
6. INTERNET OF THINGS SERVICES ENABLEMENT The Generic Enablers for IoT chapter are:
6.1. Backend Device Management ‐ IDAS IDAS is an implementation of the BE Device Management GE, providing:
• an ADMIN REST API for M2M application developers.
• a DEVICE COMMUNICATION API for devices (sensor/actuators/gateways) communication. Currently it implements the following protocols: SensorML, Lightweight SensorML.
• an NGSI9/NGSI10 interface towards NGSI enabled brokers, implemented by the "IoT Agent" component.
• an opensource Reference Gateway for RaspberryPI and Z‐wave devices, called "FIGWAY". IoT integrators may port this software to their own gateway/devices hardware in order to easily interact with FIWARE IoT Backend.
6.2. Configuration Manager ‐ IoT Discovery IoT Discovery is an implementation of the Configuration Management GE, which focuses on semantically‐annotated IoT descriptions. The API provides two main modules:
• Sense2Web Linked‐data platform
• NGSI‐9 Server
Deliverable 3.1v2 FI‐PPP Technologies training materials
6.3. Configuration Manager ‐ Orion Context Broker The Orion Context Broker is an implementation of the Configuration Manager GE, providing the NGSI9 interfaces. Within the IoT chapter, it is aimed to be used in combination with IoT Broker GE (so the IoTBroker deals with NGSI10 in a stateless fashion, relying in Orion as persistent storage for NGSI9 registrations) although it can be also used as a stand alone component. Using the NGSI9 interface, clients can do several operations:
• Register context producer applications, e.g. a temperature sensor within a room
• Discover context producers information, e.g. which sensors are providing temperature for a given entity
• Being notified when changes on context information availability
6.4. Gateway Data Handling GE ‐ EspR4FastData The Data Handling GE addresses the need to process data in real time. Frequently implemented features include filtering, aggregating and merging real‐time data from different sources. Thanks to Complex Event Processing (CEP), it is easy for applications to only subscribe to value‐added data which is relevant to them. CEP technology is sometimes also referred to as event stream analysis, or real time event correlation. EspR4FastData is a simple deployable servlet application. It features a dedicated REST management API, and a partial implementation of the standardized NGSI API.
6.5. IoT Broker The IoT Broker Generic Enabler is specified as a lightweight and scalable middleware component that separates IoT applications from the underlying device installations. The IoT Broker implementation available through the FIWARE Catalogue is the reference implementation of this Generic Enabler by NEC.
6.6. Protocol Adapter ‐ MR CoAP The MR CoaP Protocol Adapter allows you to plug devices using on CoaP over 6LowPan protocol within the IoT Architecture of FIWARE. The protocol adapter is designed to work with IBMs Moterunner platform and communicates via 6LoWPAN and uses CoAP as application layer protocol. The MR CoAP adapter is designed to use IBMs Mote Runner operating system. Moterunner is a run‐time platform running on the mote hardware that provides a virtual machine to execute device independent code.
7. APPLICATIONS/SERVICES AND DATA DELIVERY The Generic Enablers for Applications/Services and Data Delivery Framework chapter are:
7.1. Application Mashup ‐ Wirecloud Wirecloud builds on cutting‐edge end‐user development, RIA (Rich Internet Application) and semantic technologies to offer a next‐generation end‐user centred web application mashup platform aimed at leveraging the long tail of the Internet of Services. Web application mashups integrate heterogeneous data, application logic, and UI components (widgets/gadgets) sourced from the Web to create new coherent and value‐adding composite applications.
7.2. Marketplace ‐ WMarket The Marketplace provides functionality necessary for bringing together offering and demand for making business. These functions include basic services for registering business entities, publishing and retrieving offerings and demands, search and discover offerings according to specific consumer requirements as well as lateral functions like review, rating and recommendation.
7.3. Repository ‐ Repository RI The Repository is a core enabler of the FIWARE Business Framework. The repository provides a consistent uniform API to USDL service descriptions and associated media files for applications of the business framework. A service provider can use the Repository to publish the description of various aspects of the service according to a uniform description language.
Deliverable 3.1v2 FI‐PPP Technologies training materials
7.4. Revenue Settlement and Sharing System ‐ RSS RI The Revenue Sharing System (RSS) GE is in charge of distributing the revenues originated by the usage of a given service among the involved stakeholders. In particular, it focuses on distributing part of the revenue generated by a service between the Marketplace Provider and the Service Provider(s) responsible for the service. With the term "service" we refer to both final applications and backend application services (typically exposed through an API). Note that, in the case of composite services, more than one service provider may have to receive a share of the revenues.
7.5. Store ‐ WStore Store is the GE for selling services to both consumers and developers of Future Internet applications and services and for end‐to‐end managing of offerings and sales. While a marketplace is a platform for many stores to place their offerings to a broader audience and consumers to search and compare services and find the store where to buy, a store is owned by a store owner who has full control over a specific service/app portfolio and offerings. The final business transaction (buying) is done at the store and the whole back office process (end‐to‐end managing of offerings and sales) is handled by the store. Service Business Frameworks (SBFs) represent one of the cornerstones of service ecosystems. The key objective of a SBF is to build and support an ecosystem of applications and services that is sustainable and fosters innovation as well as cross‐fertilization. In particular, it consists of a number of interrelated components that support managing services in the business framework across the whole service lifecycle: from creation and composition of services to monetization and revenue sharing.
Pasquale VitaleEngineering Ingegneria Informatica
Overview of Generic Enablers
Introduction
The FIWARE Platform comprises a set of technological “Generic Enablers” which are considered general purpose and independent from any “usage area”
Generic Enablers provide open interfaces:
to Application Developers (APIs)
to support interoperability with other GEs
FIWARE Reference Architecture
Build with other Generic Enablers
Introduction
FIWARE assembles a set of building blocks that ease creation of smart Internet Applications
These blocks are called Generic Enablers
They offer reusable and common shared functions serving multiple use cases in various sectors
FIWARE GE Specifications are open (public and royalty free)
FIWARE GE Implementation (FIWARE GEi)
platform product that implements a given GE Open Spec
there might be multiple compliant GEis of each GE Open Spec
available FIWARE GEis published on the FIWARE Catalogue
The 7 Technical Chapters
FIWARE GEs are divided into 7 technical chapters:
1. Cloud Hosting
2. Data/Context Management
3. Interfaces to Network and Devices (I2ND)
4. Advanced Web-based User Interface
5. Security
6. Internet of Things
7. Applications/Services and Data Delivery
1. Cloud Hosting
IaaS Resource Management - to provision VMs (associate compute, storage and network resources)
Monitoring - to allow incorporating monitoring and metering mechanisms
Object Storage - to provide robust, scalable object storage functionality
PaaS Manager - to enable multiple deployment architectures (tiers)
Policy Manager - to provide the basic management of cloud resources based on rules
Self-Service Interfaces - to support for the users of cloud to manage their services and resources
Software Deployment & Configuration - to support automated deployment of software
2. Data/Context Management
BigData Analysis - to allow the deployment of private computing clusters based on Hadoop ecosystem
Complex Event Processing - to analyze event data in real-time, generate immediate insight and enable instant response to changing conditions
Publish/Subscribe Context Broker - to manage the context information
Stream-oriented - to provide an abstraction layer for multimedia capabilities, allowing non-expert developers to include interactive media components to their applications
Network Information and Control – to enable the abstraction and virtualization of network resources and functionalities
3. Interfaces to Network and Devices
4. Advanced Web-based User Interface (1 of 2)
2D-UI - handles generic web user interface
2D/3D Capture - capture contextual information related a 2D 3D scene
3D-UI-XML3D - an extension to HTML5 for declarative 3D content represented as a scene graph
3DUI-WebTundra - Web client for taking realXtend 3D virtual worlds into modern web browsers
Augmented Reality - a high-level API for HTML5 Augmented Reality applications
Cloud Rendering - to provide a generic way to request, receive and control a video stream of a remote 3D application
4. Advanced Web-based User Interface (2 of 2)
GIS Data Provider - to host geographical data and serve it in 3D
POI Data Provider - to make easy the search, the store by location
Interface Designer - to provide an easy-to-use full manipulator / editor of 3D objects within a scene
Real Virtual Interaction - to provide means for connecting real world devices consisting of sensors and actuators in to augmented or virtual reality applications
Synchronization - presents a lightweight and generic network-synchronized dynamic scene data model
Virtual Characters - consists of an open standard and reference implementation for virtual characters on the Web (to create, display and animate virtual characters)
5. Security
Authorization PDP - provides an API to get authorization decisions based on authorization policies, and authorization requests from PEPs
Identity Management - covers a number of aspects involving users' access to networks, services and applications, including secure and private authentication from users to devices, networks and services, authorization & trust management, user profile management, privacy-preserving disposition of personal data, Single Sign-On (SSO) to service domains and Identity Federation towards applications
PEP Proxy - together with Identity Management and Authorization PDP GEs, add authentication and authorization security to your backend applications
Security Monitoring - to manage the Security Management System
6. Internet of Things
Backend Device Management - IDAS - to provide API for M2M application
Configuration Manager - IoT Discovery - to register the availability of Things and Sensor devices
Configuration Manager - Orion Context Broker - to provide the NGSI9 interfaces
Gateway Data Handling GE - EspR4FastData - to process data in real time
Protocol Adapter - MR CoAP - to allow to plug devices
IoT Broker - lightweight and scalable middleware component that separates IoT applications from the underlying device installations
7. Applications/Services and Data Delivery
Application Mashup - Wirecloud - to build on cutting-edge end-user development, RIA
Marketplace - to provide functionality necessary for bringing together offering and demand for making business
Repository - to provide a consistent uniform API to USDL service descriptions
Revenue Settlement and Sharing System - is in charge of distributing the revenues originated by the usage of a given service among the involved stakeholders
Store - WStore - to sell services to both consumers and developers of Future Internet applications and services and for end-to-end managing of offerings and sales
Specific Enablers (SEs)
A Specific Enabler (SE) is a component similar to a GE which offers functions relevant to domainsspecific, for example manufacturing, media, eHealth, energy and agrifood.
FIWARE GEs
Domain specific enablers
SMART CityApps
SMART Factory Apps
SMART Agrifood Apps
Thanks!Thanks!
Pasquale VitaleEngineering Ingegneria Informatica
FIWARE LAB Cloud Portal
Summary
FIWARE LAB Cloud Hosting
Deploying your first VM
Deploying components for your application
Object Storage API
Reference Information
OpenStack: The Open Source Cloud Operating System
OpenStack is open source software to build private and public clouds
FIWARE LAB Cloud Portal is IaaS based on OpenStack
Provision and manage large networks of virtual machines
Object storage and Block storage for use with servers and applicationsPluggable, scalable, API-driven system
for managing networks and IP addresses
Cloud Portal
FIWARE LAB Cloud Hosting
Steps:
Create your account in lab.fi-ware.org
Enter in the Cloud Portal
Create your keypair (private key)
Deploy your instance
Add a public IP
Open ports to the VM
FIWARE LAB Cloud Hosting Create your account in lab.fi-ware.org
If you forgot it, request the new password
Enter your email and password to access to the FIWARE LAB
Redirect to account.lab.fi-ware.org/users/sign_in
If you do not have an account, sign up
FIWARE LAB Cloud Hosting Enter in the Cloud Portal
COMPUTE
STORAGE
BLUEPRINT
FIWARE LAB Cloud Hosting Create your keypair
FIWARE LAB Cloud Hosting Compute section
Compute menu
Images
Instances
Security
Flavors
Snapshots
FIWARE LAB Cloud Hosting Compute section Images
Choose your VM you want to launch
•baseimages,•fiware:apps,•fiware:data,•fiware:i2nd,•fiware:iot,•fiware:security,•fiware:userinterface,•fiware:utils
FIWARE LAB Cloud Hosting Compute section detail
FIWARE LAB Cloud Hosting Compute section Wizard - step 1 of 4
Details
Instance Name
Flavor (tiny, small, medium, etc…)
Instance Count
FIWARE LAB Cloud Hosting Compute section Wizard - step 2 of 4
Access & Security
Keypair
Security Groups
FIWARE LAB Cloud Hosting Compute section Wizard - step 3 of 4
Post Creation
Customization Script
FIWARE LAB Cloud Hosting Compute section Wizard - step 4 of 4
Summary
Instance Name
Keypair
Security Group
FIWARE LAB Cloud Hosting Compute section Instances
FIWARE LAB Cloud Hosting Compute section Flavors
FIWARE LAB Cloud Hosting Compute section Security
Security
Floating IPs
Security Groups
Keypairs
FIWARE LAB Cloud Hosting Compute section Security
Security
Floating IPs
Allocate Floating IPs
Actions
Associate IP
Disassociate Floating IP
Release Floating IPs
FIWARE LAB Cloud Hosting Compute section Security
Security
Floating IPs
Allocate Floating IPs
Actions
Associate IP
Disassociate Floating IP
Release Floating IPs
FIWARE LAB Cloud Hosting Compute section Security
Security
Security Groups
Create Security Group
Actions
Edit Rule
Delete Rule
FIWARE LAB Cloud Hosting Compute section Security
Security
Security Groups
Create Security Group
Actions
Edit Rule
Delete Rule
-1 is to allow ping
22 is to allow ssh
443 is to allow https
80 is to allow http allow only IP
FIWARE LAB Cloud Hosting Compute section Security
Security
Keypairs
Create Keypair
Import Keypair
Actions
Delete Keypairs
FIWARE LAB Cloud Hosting Compute section Security
Security
Keypairs
Create Keypair
Import Keypair
Actions
Delete Keypairs
FIWARE LAB Cloud Hosting Compute section Snapshots
Snapshots
Instance Snapshots
Volume Snapshots
FIWARE LAB Cloud Hosting Compute section Snapshots
Snapshots
Instance Snapshots
Actions
Launch Instance
Edit Image
Delete Snapshots
FIWARE LAB Cloud Hosting Compute section Snapshots
Snapshots
Volume Snapshots
Actions
Delete Snapshots
FIWARE LAB Cloud Hosting Blueprint section
Blueprint Instances
Blueprint Templates
FIWARE LAB Cloud Hosting Blueprint section Blueprint Instances
Go in the catalog
FIWARE LAB Cloud Hosting Blueprint section Blueprint Templates
Blueprint Templates
Open Catalog
Create New Template
Actions
Launch Template
Clone Template
Delete Template
FIWARE LAB Cloud Hosting Blueprint section Open Catalog
Blueprint Templates
Catalog
Close catalog
Actions
Clone Template
FIWARE LAB Cloud Hosting Blueprint section Create New Template
Blueprint Template
Create New Template
FIWARE LAB Cloud Hosting Blueprint section Blueprint Templates
Click on template to start the wizard to add tiers in your CloudPortalTemplate
FIWARE LAB Cloud Hosting Blueprint section Blueprint Templates
Blueprint Templates
Create Tier
Wizard step 1 of 2
FIWARE LAB Cloud Hosting Blueprint section Blueprint Templates
Blueprint Templates
Create Tier
Wizard step 2 of 2
Software added to tier
FIWARE LAB Cloud Hosting Blueprint section Blueprint Templates
CloudPortalTemplate detail
Edit and delete tiers
FIWARE LAB Cloud Hosting Blueprint section Blueprint Templates
There are 2 tiers for CloudPortalTemplate
FIWARE LAB Cloud Hosting Blueprint section Blueprint Templates
Launch the CloudPortalTemplate
to start the wizard
FIWARE LAB Cloud Hosting Blueprint section Blueprint Templates
Blueprint Templates
Launch Blueprint Template
FIWARE LAB Cloud Hosting Blueprint section Blueprint Instances
FIWARE LAB Cloud Hosting Storage section
Volumes
Containers
FIWARE LAB Cloud Hosting Storage section Volumes
Volumes are persistent storage for the VM
FIWARE LAB Cloud Hosting Storage section Create Volume
Create Volume
FIWARE LAB Cloud Hosting Storage section
Volume attached
FIWARE LAB Cloud Hosting Storage section Containers
Containers are object storage (like folders)
FIWARE LAB Cloud Hosting Storage section Create Container
Create Container
FIWARE LAB Cloud Hosting Storage section Create Container
Upload Objects
FIWARE LAB Cloud Hosting Storage section Container
Download Object
FIWARE LAB Cloud Hosting Storage section Container
Copy Object
FIWARE LAB Cloud Hosting Storage section Object Storage API
Authentication to get initial tokenusername='[email protected]' password='mypassword' curl -d '{"auth": {"passwordCredentials": {"username":"'$username'", "password":"'$password'"}}}' \-H ‘content-type: aplication/json' \ http://cloud.lab.fi-ware.org:4730/v2.0/tokens \ -vvv
Use initial token to get tenantcurl -H 'x-auth-token: '$token http://cloud.lab.fi-ware.org:4730/v2.0/tenants
Authenticate tenant to get token for Object Storagecurl -d '{"auth": {"passwordCredentials": {"username":"'$username'", "password":"'$password'"}, "tenantId":"'$tenantId'"}}' \ -H ‘content-type: aplication/json' \http://cloud.lab.fi-ware.org:4730/v2.0/tokens
Object Storage URLhttp://$node_cdmi:8080/cdmi/$auth/container/
http://forge.fi-ware.org/plugins/mediawiki/wiki/fiware/index.php/Object_Storage_-_User_and_Programmers_Guide
FIWARE LAB Cloud Hosting Storage section Example container
REST call: GET
X-Auth-Tokenapplication/cdmi-object X-CDMI-Specification-Version
List of objects within the container
Connection to VM (2)
Example via Putty
Convert keypair to PPK
Connection to VM (3)
Example via FileZilla
Set keypair
Information
If you have any question or problem contact [email protected]
You can see webinars, courses, videos in the FIWARE Academyhttp://edu.fi-ware.org
You can use stackoverflow to ask question using the fiware and/or filab tags.
Thanks!Thanks!
Pasquale VitaleEngineering Ingegneria Informatica
FIWARE Contex Broker
Introduction
Managing Context Information at large scale
FIWARE Context Broker GE (implementation: Orion)
Creating and pulling data
Pushing data and notifications
Convenience operations
Managing Context Information at large scale
Context Information is represented through values assigned to attributes
The Context Broker is able to:
handle context information at large scale
enable your application to query on context information
subscribe to changes in context information that will be received through notifications
enable your application or other applications to modify the context information
Context Management in FIWARE
Context Information: the value of attributes that characterize those entities relevant to your application
NGSI API
Bus• Location• No. passengers• Driver• License plate
Citizen• Name-Surname• Birthday• Preferences• Location• To Do list
Shop• Location• Business name• Franchise• Offerings
Applications/Services
Context Broker
A sensor in a pedestrian street
The Public Bus Transport Management system
A person from his smartphone
It’s too hot!
What’s the current temperature?
… but programmers should just care about entities and their attributes
Context Information independent from the source
Context information may come from many sources using different interfaces and protocols …
Context Management in FIWARE
Get notified when an update on context information takes place
Bus = “X”, last_stop = “A”, arrived= “Yes”
push
Notify me when bus “X” arrives at the bus stop “A”
API
Context Management in FIWARE
Acting on devices can be as easy as changing the value of attributes linked to its corresponding entity
Street lamp = “lamp1”, status= “on”
Street Lamp lamp1.status “on”
API
FIWARE Context Broker GE: Orion
Main functions:
Context availability management - OMA NGSI-9 specs
Context management - OMA NGSI-10 specs
HTTP and REST-based
XML payload support
JSON payload support
FIWARE Context Broker GE: Orion
Functions Operations
NGSI-9• Register, • Search,• Subscribe for context sources
• registerContext• discoverContextAvailability• subscribeContextAvailability• updateContextAvailabilitySubscription• unsubscribeContextAvailability
NGSI-10• Query,• Update,• Subscribe to context elements
• updateContext• queryContext• subscribeContext• updateContextSubscription• unsubscribeContextSubscription
FIWARE Context Broker GE: Orion
Context in NGSI is based in an entity-attribute model:
Attributes• Name• Type• Value
Entity
• EntityId• EntityType 1 n
“has”
FIWARE Context Broker GE: Orion
Orion Architecture
11
Orion Context Broker
ContextProducers
ContextConsumers
subscriptions
update
query
notify
notify
update
update
DB
1026
1026
Context Broker operations: create and pull data
Context Producers publish data/context elements by invoking the updateContext operation on a Context Broker
Context Consumers can retrieve data/context elements by invoking the queryContext operation on a Context Broker
Context Consumer
queryContext
Context Producer
updateContext
Context Broker
speed
Entity creation example: car create
updateContext operation with APPEND action type
POST localhost:1026/v1/updateContext... {"contextElements": [{"type": "Car","isPattern": "false","id": "Car1","attributes": [{"name": "speed","type": "float","value": "98"
}]
}],"updateAction": "APPEND"
}
200 OK... {"contextResponses": [{"contextElement": {"attributes": [{"name": "speed","type": "float","value": ""
}],"id": "Car1","isPattern": "false","type": "Car"
},"statusCode": {"code": "200","reasonPhrase": "OK"
}}
]}
Update context elements example: car updateContext
updateContext operation with UPDATE action type
POST localhost:1026/v1/updateContext... {"contextElements": [{"type": "Car","isPattern": "false","id": "Car1","attributes": [{"name": "speed","type": "float","value": "110"
}]
}],"updateAction": "UPDATE"
}
200 OK... {"contextResponses": [{"contextElement": {"attributes": [{"name": "speed","type": "float","value": ""
}],"id": "Car1","isPattern": "false","type": "Car"
},"statusCode": {"code": "200","reasonPhrase": "OK"
}}
]}
Query context operation example: car queryContext
queryContext operation by Id
POST <cb_host>:1026/v1/queryContext... {"entities": [{"type": "Car","isPattern": "false","id": "Car1"
}]
}
200 OK... {"contextResponses": [{"contextElement": {"attributes": [{"name": "speed","type": "float","value": "110"
}],
"id": "Car1","isPattern": "false","type": "Car"
},"statusCode": {"code": "200","reasonPhrase": "OK"
}}
]}
Entity creation example: room create
POST localhost:1026/v1/updateContext... {"contextElements": [{"type": "Room","isPattern": "false","id": "Room1","attributes": [{"name": "temperature","type": "float","value": "24"
},{"name": "pressure","type": "integer","value": "718"
}
]}
],"updateAction": "APPEND"
}
200 OK... {"contextResponses": [{"contextElement": {"attributes": [{"name": "temperature","type": "float","value": ""
},{"name": "pressure","type": "integer","value": ""
}],"id": "Room1","isPattern": "false","type": "Room"
},"statusCode": {"code": "200","reasonPhrase": "OK"
}}
]}
Two attributes: temperature and pressure
Update context elements example: room updateContext
POST localhost:1026/v1/updateContext... {"contextElements": [{"type": "Room","isPattern": "false","id": "Room1","attributes": [{"name": "temperature","type": "float","value": "25"
},{"name": "pressure","type": "integer","value": "720"
}
]}
],"updateAction": "UPDATE"
}
200 OK... {"contextResponses": [{"contextElement": {"attributes": [{"name": "temperature","type": "float","value": ""
},{"name": "pressure","type": "integer","value": ""
}],"id": "Room1","isPattern": "false","type": "Room"
},"statusCode": {"code": "200","reasonPhrase": "OK"
}}
]}
Update: temperature and pressure
Query context operation example: room queryContext
queryContext operation by Id
POST <cb_host>:1026/v1/queryContext... {"entities": [{"type": “Room","isPattern": "false","id": “Room1"
}]
}
200 OK... {"contextResponses": [{"contextElement": {"attributes": [{"name": "temperature","type": "float","value": "25"
},{"name": "pressure","type": "integer","value": "720"
}],"id": "Room1","isPattern": "false","type": "Room"
},"statusCode": {"code": "200","reasonPhrase": "OK"
}}
]}
Query context operation example: room queryContext
queryContext operation by Id and attribute
POST <cb_host>:1026/v1/queryContext... {"entities": [{"type": “Room","isPattern": "false","id": "Room1"
}] ,"attributes": [
"temperature"]
}
200 OK... {"contextResponses": [{"contextElement": {"attributes": [{"name": "temperature","type": "float","value": "25"
}],
"id": "Room1","isPattern": "false","type": "Room"
},"statusCode": {"code": "200","reasonPhrase": "OK"
}}
]}
Entity creation example: room create
POST localhost:1026/v1/updateContext... {"contextElements": [{"type": "Room","isPattern": "false","id": "Room2","attributes": [{"name": "temperature","type": "float","value": “33"
},{"name": "pressure","type": "integer","value": “722"
}
]}
],"updateAction": "APPEND"
}
200 OK... {"contextResponses": [{"contextElement": {"attributes": [{"name": "temperature","type": "float","value": ""
},{"name": "pressure","type": "integer","value": ""
}],"id": "Room2","isPattern": "false","type": "Room"
},"statusCode": {"code": "200","reasonPhrase": "OK"
}}
]}
Append another room: Room2
Query context operation example: room queryContext
queryContext operation by regex Room.*
POST <cb_host>:1026/v1/queryContext... {"entities": [{"type": “Room","isPattern": “true","id": "Room.*"
}] ,"attributes": [
"temperature"]
}
{"contextResponses": [{"contextElement": {"attributes": [{"name": "temperature","type": "float","value": "25"
}],"id": "Room1","isPattern": "false","type": "Room"
},"statusCode": {"code": "200","reasonPhrase": "OK"
}},{"contextElement": {"attributes": [{"name": "temperature","type": "float","value": “33"
}],"id": "Room2","isPattern": "false","type": "Room"
},"statusCode": {"code": "200","reasonPhrase": "OK"
}}
]}
Context Broker operations: push data
Context Consumers can subscribe to receive context information that satisfy certain conditions using the subscribeContext. Such subscriptions may have a duration.
The Context Broker notifies updates on context information to subscribed Context Consumers by invoking the notifyContext operation they export
subscription_id = subscribeContext (consumer, expr, duration)
Context Consumer
notifyContext (subscription_id, data/context)
Context Broker
Application
Context subscriptions example: ONTIMEINTERVAL
POST <cb_host>:1026/v1/subscribeContext…{"entities": [{"type": "Room","isPattern": "false","id": "Room1"
}],"attributes": ["temperature"
],"reference": "http://<host>:<port>/publish","duration": "P1M","notifyConditions": [{"type": "ONTIMEINTERVAL","condValues": [“PT10S"
]}
]}
200 OK... {"subscribeResponse": {"duration": "P1M","subscriptionId": "54dcb87fa85d63b107245ff1"
}}
25
19
Context subscriptions example: ONCHANGE
POST <cb_host>:1026/v1/subscribeContext…{"entities": [{"type": "Room","isPattern": "false","id": "Room1"
}],"attributes": ["temperature"
],"reference": "http://<host>:<port>/publish","duration": "P1M","notifyConditions": [{"type": "ONCHANGE","condValues": ["temperature"
]}
],"throttling": "PT5S"
}
200 OK... {"subscribeResponse": {"duration": "P1M","subscriptionId": "51c0ac9ed714fb3b37d7d5a8","throttling": "PT5S"
}}
25
19
NotificationPOST http://<host>:<port>/publish…{"subscriptionId" : "51c0ac9ed714fb3b37d7d5a8","originator" : "localhost","contextResponses" : [{"contextElement" : {"attributes" : [{"name" : "temperature","type" : "float","value" : "19"}],"type" : "Room","isPattern" : "false","id" : "Room1"},"statusCode" : {"code" : "200","reasonPhrase" : "OK"}}]}
Convenience Operations
They are equivalent to previous standard operations in functionality
Avoid the need for POST-ing payloads in many cases or simplifying them considerably
Simple to write, more REST-like
They are not a substitute but a complement to standard NGSI operations
Four examples (there are many others):
Entities
Attributes
Subscriptions
Types
Convenience Operations
Entities
GET /v1/contextEntities/{entityID} Query Context Retrieves an entity
POST /v1/contextEntities/{entityID} Entity Creation Creates an entity
PUT /v1/contextEntities/{entityID} Update Context Updates an entity
DELETE /v1/contextEntities/{entityID} Delete Context Deletes an entity
GET all entities
GET /v1/contextEntities
Convenience Operations
Attributes
GET /v1/contextEntities/{entityID}/attributes/{attrID} Retrieves an attribute’s value
POST /v1/contextEntities/{entityID}/attributes/{attrID} Creates a new attribute for an entity
PUT /v1/contextEntities/{entityID}/attributes/{attrID} Updates an attribute’s value
DELETE /v1/contextEntities/{entityID}/attributes/{attrID} Deletes an attribute
Convenience Operations
Subscriptions
POST /v1/contextSubscriptions Creates a subscription
PUT / v1/contextSubscriptions/{subID} Updates a subscription
DELETE / v1/contextSubscriptions/{subID} Deletes a subscription
Convenience Operations
Entity types
GET /v1/contextTypes
Retrieve a list of all entity types currently in Orion, including their corresponding attributes
GET / v1/contextTypes/{typeID}
Retrieve attributes associated to an entity type
PRO TIP
GET /v1/contextTypes?collapse=trueRetrieves a list of all entity types without attribute info
Advanced features
Pagination
Compound attribute values
Metadata
Geo-location
Registrations & context providers
Entity service paths
Pagination
Pagination helps clients organize query and discovery requests with a large number of responses
Three URI parameters:
limit
- Number of elements per page (default: 20, max: 1000)
offset
- Number of elements to skip (default: 0)
details
- Returns total elements (default: "off")
Pagination
Example, querying the first 100 entries:
POST <orion_host>:1026/v1/queryContext?limit=100&details=on
The first 100 elements are returned, along with the following errorCode in the response: "errorCode": {
"code": "200", "details": "Count: 322", "reasonPhrase": "OK"
}
Now there are 322 entities, we can keep querying the broker for them:POST <orion_host>:1026/v1/queryContext?offset=100&limit=100POST <orion_host>:1026/v1/queryContext?offset=200&limit=100POST <orion_host>:1026/v1/queryContext?offset=300&limit=100
Compound attribute values
An attribute can have a structured value. Vectors and key-value maps are supported
It maps directly to JSON's objects and arrays
Example:
we have a car whose four wheels' pressure
we want to represent as a compound attribute for a car entity
we would create the car entity like this:
{"contextElements": [{"type": "Car","isPattern": "false","id": "Car1","attributes": [{"name": "tirePressure","type": "kPa","value": {"frontRight": "120","frontLeft": "110","backRight": "115","backLeft": "130"
}}]
}],"updateAction": "APPEND"
}
Metadata
Users may attach metadata to attributes
Reserved metadatas: ID, Location, creDate and modDate
Examples:…"attributes": [{"name": "temperature","type": "float","value": "26.5","metadatas": [{"name": "accuracy","type": "float","value": "0.9"}]}]
…
…"attributes": [{"name": "temperature","type": "float","value": "26.5","metadatas": [{"name": "average","type": "float","value": "22.4"}]}]
…
Context Element attributes
• Name• Type• Value
Context Element
• EntityId• EntityType
n
“has”
1
Metadata
• Name• Type• Valuen
“has”
1
Geo-location
Entities can have an attribute that specifies its location
- Using a "location" metadata
Example:
create an entity called Madrid (of type "City")
with attribute "position" defined as location
POST <cb_host>:1026/v1/updateContext{"contextElements": [{"type": "City","isPattern": "false","id": "Madrid","attributes": [{"name": "position","type": "coords","value": "40.418889, ‐3.691944","metadatas": [{"name": "location","type": "string","value": "WGS84"}
]}]}],"updateAction": "APPEND"}
Coordinates for Madrid are:
• latitude 40.418889
• longitude 3.691944
Geo-located queries
Entities location can be used in queryContex using:
- FIWARE::Location as scopeType
- and an area specification as scopeValue
The area specification are:
- area internal to a circle, given its centre and radius
- area external to a circle, given its centre and radius
- area internal to a polygon, given its vertices
- area external to a polygon, given its vertices
{"entities": [{"type": "Point","isPattern": "true","id": ".*"}],"restriction": {"scopes": [{"type" : "FIWARE::Location","value" : {"polygon": {"vertices": [{"latitude": "0","longitude": "0"},{"latitude": "0","longitude": "6"},{"latitude": "6","longitude": "6"},{"latitude": "6","longitude": "0"}]}}}]}}
Geo-location - circle
Distances between:
- Madrid / Alcobendas 13.65 km
- Madrid / Leganes 12.38 km
Consider a radius of 13.5 km
POST <cb_host>:1026/v1/queryContext…{"entities": [{"type": "City","isPattern": "true","id": ".*"}],"restriction": {"scopes": [{"type" : "FIWARE::Location","value" : {"circle": {"centerLatitude": "40.418889","centerLongitude": "‐3.691944","radius": "13500"}}}]}}
The query is Madrid and Leganes
Geo-location - inverse circle
Distances between:
- Madrid / Alcobendas 13.65 km
- Madrid / Leganes 12.38 km
Consider a radius of 13.5 km
POST <cb_host>:1026/v1/queryContext{"entities": [{"type": "City","isPattern": "true","id": ".*"}],"restriction": {"scopes": [{"type" : "FIWARE::Location","value" : {"circle": {"centerLatitude": "40.418889","centerLongitude": "‐3.691944","radius": "13500","inverted": "true"}}}]}}
The query is Alcobendas
Registration & Context Providers
Context Broker doesn't cache the result of the query internallyApplication
Context Broker Context Provider
1. registerContext(provider= )
2. queryContext(id) 3. queryContext(id)
4. data5. data
Context Consumer
db
Registration & Context Providers
POST <cb_host>:1026/v1/registry/registerContext…{"contextRegistrations": [{"entities": [{"type": "Car","isPattern": "false","id": "Car1"
},"attributes": [{"name": "speed","type": "float","isDomain": "false"
}],"providingApplication": "http://contextprovider.com/Cars"
}],"duration": "P1M"
}
200 OK... {"duration" : "P1M","registrationId" : "52a744b011f5816465943d58"}
The application registers the Context Provider for the Car1 speed using providingApplication attributeApplication
registerContext
http://contextprovider.com/Cars
{"contextResponses": [{"contextElement": {"attributes": [{"name": "speed","type": "float","value": "100"
}],"id": "Car1","isPattern": "false","type": "Car"
},"statusCode": {"code": "200","details": "Redirected to context provider http://contextprovider.com/Cars","reasonPhrase": "OK"
}}
]}
Registration & Context Providers
It includes details in the response
POST <cb_host>:1026/v1/queryContext... {"entities": [{"type": "Car","isPattern": "false","id": "Car1"
}]
}
queryContext(id)
data
Multitenancy
Context Broker implements a simple multitenant/multiservice model based and logical database separation
Make easer service/tenant based authorization policies provided by other FI-WARE components or third party software
Orion uses the "Fiware-Service" HTTP header in the request to identify the service/tenant
Example:Fiware-Service: Tenant1
Context BrokerContext Broker
Tenant1
Tenant2
…
entities1/attributes1/subscripitions1
entities2/attributes2/subscripitions2
Entity Service Paths
Orion Context Broker supports hierarchical scopes
Entities can be assigned to a scope at creation time with updateContext
queryContext can be also scoped to locate entities in the corresponding scopes
For example, consider the following scopes in the figure:
- Madrid, as first level scope
- Gardens and Districts, as second-level scope (children of Madrid)
- ParqueNorte, ParqueOeste and ParqueSur (children of Gardens)
and Fuencarral and Latina (children of Districts)
- Parterre1 and Parterre2 (children of ParqueNorte)
Entity Service Paths
In order to use a service path we put in a new HTTP header called “Fiware-ServicePath". For example:Fiware-ServicePath: Madrid/Gardens/ParqueNorte/Parterre1
ParqueNorte
Parterre2Parterre1
Entity Service Paths
Properties:1. A query on a service path will look only into the specified node2. Use ParentNode/# to include all child nodes3. Queries without Fiware-ServicePath resolve to /#4. Entities will fall in the "/" node by default5. You can OR a query using a comma (,) operator in the header
For example, to query all street lights that are either in ParqueSur or in ParqueOeste you would use:
ServicePath: Madrid/Gardens/ParqueSur, Madrid/Gardens/ParqueOesteYou can OR up to 10 different scopes
- Maximum scope levels: 10Scope1/Scope2/.../Scope10
1. You can have the same element IDs in different scopes (be careful with this!)2. You can't change scope once the element is created3. One entity can belong to only one scope
A B
A or B
ParqueNorte
Parterre1light1
light1
Thanks!Thanks!
Pasquale VitaleEngineering Ingegneria Informatica
FIWARE Technology
The ICT world is changing
The nature of ICT applications is changing …
development of new and emerging ICT technologies
next-generation networks (NGNs)
convergence in devices
rise of social networks
… and changing needs of consumers
ICTs is now fully integrated into modern lives
Towards the Future Internet
Many people (users, developers, SME, WE) need:
a platform (cloud-based) to deploy for their applications
to connect to IoT
to able to analyze big data into large-scale
to handle data context
to monetize applications and services
can help them
What is FIWARE?
In 2011 the EC and major European ICT companies launched an ambitious FI-PPP programme in order to define a platform that would be an open option for the development of applications in the Future Internet
The result was a new platform, called FIWARE
FIWARE is:
a new infrastructure to create services and applications on the Internet
serve the needs of developers in multiple domains
Target of FIWARE
to help the development and implementation of new services
providing a set of APIs for rapid application development in many areas
facilitating reuse and introducing standards
eHealth
Tourism
Transport, Mobility and
Logistics
e-government
Smart Energy Grid …
FIWARE Platform
Advanced OpenStack-based Cloud + rich library of services named Generic Enablers (GEs)
GEs cover common functionalities in many application fields like:
security
storage
cloud
data context
IoT
What are the Generic Enablers?
FIWARE GEs are a set of general-purpose functions available through well-defined standard APIs
GEs are useful to make easier to:
connect to the Internet of Things, perform Big Data analysis,
handle Data/Media in real time at large scale,
create augmented reality applications and 3D user interfaces,
and manage the security aspects.
GEs are published in the FIWARE Catalogue and divided into 7 Technical Chapters
GEs Technical ChaptersA
dvan
ced
Web
-bas
ed U
I
Inte
rnet
of T
hing
s
Dat
a/M
edia
Con
text
M
anag
emen
t
Arc
hite
ctur
e of
App
/ Se
rvic
es E
cosy
stem
and
D
eliv
ery
Fram
ewor
k
Secu
rity
Clo
ud H
ostin
g
Inte
rfac
e to
Net
wor
k an
d D
evic
es
FIWARE GEs for Advanced Web-based UI
Rich web-based User Experience:
3D graphics for the web (HTML 5) without any experiences
Real-time collaborative 3D applications
Design of 3D environments
Virtual Characters on the web
Infrastructure for interaction with real world objects
GIS 3D presentations
FIWARE GEs for Internet of Things
Connect apps to the physical world:
Interface & Discovery of Sensors/Devices
Configuration Manager
Gateway Data Handling
FIWARE GEs for Data/Context Management
Manage data at large scale and transform it into knowledge:
Big Data Analysis
Management of communication among different entities
Massive message events handling and processing
Media Streaming and Processing
Reach target users, to monetize apps and services:
Combine existing widgets for web application front-ends
Business management of applications and services:
Marketplace
Repository
Revenue Sharing System (RSS)
Store
FIWARE GEs for Apps/Services Ecosystem and Delivery Framework
FIWARE GEs for Security
Ensuring Privacy, Security and Trust:
Identity Management
Access Control
Security Monitoring and Analysis
FIWARE GEs for Cloud Hosting
Take the most of infrastructures while keeping costs lower and under control:
IaaS/PaaS Management
Monitoring
Policy Management Portal and tools for cloud services
FIWARE GEs for Interface to Network and Devices
Access from everywhere by using network interfaces, adapt to devices:
Controller for software defined networking
How to make available FIWARE technologies
You need a “meeting point” where users (developers, SME, WE) can:
test and showcase the applications with real data and users
catch attention of potential customers and investors
meet each other to create innovationThe place where you can developyour applications
FIWARE Lab is:
accessible from a dedicate website
a free cloud hosting to create, build and test apps
FIWARE Lab (https://cloud.lab.fi-ware.org)
FIWARE Lab is a portal accessible via web browser
IaaS: you can install your VMs with GEs
PaaS: through a precompiled templateyou can instantiate your infrastructure
with software components(FIWARE GEs, Tomcat, MySQL, etc...)
FIWARE Lab Node (Regions)
The FIWARE Lab cloud platform is based on a federation of interconnected nodes across EuropeNew nodes are in Zurigo, Poznan, Crete, Gent, Stockholm …
Where to find GEs
GEs are described in the Catalogue (http://catalogue.fi-ware.org/)
FIWARE Catalogue
You can provide a feedback
FIWARE Catalogue
Download sources
Where to find tutorials and guides
In Mediawiki of FIWARE forge (http://wiki.fiware.org)
FIWARE Academy (http://edu.fi-ware.org)
FIWARE Academy is an e-Learning Platform where you can find:
webinars
courses
videos
The navigation is divided in Chapters
Conclusion
FIWARE allows you to easily build and manage in newer apps and services by making complex process simple, cost-effective, high-quality and secure.
Middleware
Infrastructure
3rd parties build and manageApps & Services
Thanks!Thanks!
Pasquale VitaleEngineering Ingegneria Informatica
FIWARE Internet of Things
Connection to the Internet of Things
“Things” mean sensors/actuators
it collects all observations and translates them in data
IoT manages the context information from:
external systems
end users interacting with your application using some web portal
IDAS is an implementation of FIWARE IoT Backend Device Management GE
to connect to Context Broker GE
it translates observations into NGSI events
FIWARE IoT Backend Device Management
FIWARE Context Broker
IoT Agent-1
IoTAgent-2
IoT Agent-n
IoT AgentManager
create/monitor
FIWARE Backend IoTDevice Management
OMA NGSI API (northbound interface)
(southbound interfaces)
MQTTETSI M2M IETF CoAPEach IoT Agent handles interaction with a given set of devices
Connect any thing
Three way to connect to Context Broker
ContextBroker
Your IoTIoT
Backend
Gateway GEs Backend GEs
NGSI9/10
B) IoT Backend (IDAS/SBC)
SML, UL2.0, MQTT, ETSIM2M, CoAP/OMA‐LW
NGSI
ProprietaryZigbeeZwave
CoAP/MTRunnerETSIM2M
CoAP/LWM2M
OAuth2.0
How to read measures captured from IoT devices
IDAS translates information into NGSI and sends to a Context Broker.
Example - connection of device using UltraLight 2.0 protocol:
Step 1 - know the details of the IDAS (IoT Agent)
Step 2 - create a model for your IoT device
Step 3 - create (register) an asset/device for your IoT device
Step 4 - send observations related to your IoT device
Step 5 - reading measurements sent by your IoT device
Connection to the Internet of Things – Step 1
know the details of the IDAS (IoT Agent) you will be sending the measurements to
IP Address (<idas_host>): in this case 130.206.80.47
REST Admin Port (<idas_admin_port>): the port used to access the administrative API of IDAS, 5073
REST Devices Port (<idas_ul20_port>): the port used by your IoT devices to send observations or request commands, in this case 8002
Service (<service>): IDAS is able to manage different tenants, for instance for different cities or smartspaces. You can always use our “OpenIoT” service for testing, as we actually do in this example
APIKEY (<apikey>): This is a shared secret your IoT devices need to know prior to communicate to IDAS regarding a specific Service. Each service/tenant has its own APIKEY, in the case of the testing service “OpenIoT” it is the string “4jggokgpepnvsb2uv4s40d59ov”
Connection to the Internet of Things – Step 2
Create a Model for your IoT device
In the OpenIoT model there are:
SENSOR_TEMP: for a generic Temperature sensor
SENSOR_HUM: for a generic Humidity sensor
SENSOR_LUM: for a generic Illuminance sensor
SENSOR_MOV: for a generic Presence sensor
SENSOR_ZWAVE_4IN1: for the specific Everspring Zwave 4IN1 (Temperature, Humidity, Light, Presence) sensor
Connection to the Internet of Things – Step 2
Create an own Model is pretty simple (use REST ADMIN API)
Payload JSON Format:
Check IDAS doc in the Catalogue
TOKEN = FIWARE Oauth Token
Measurements have an “alias”
e.g: Temperature = t
POST <idas_host>:<idas_admin_port>/m2m/v2/services/<service>/models/(Example: POST: http://130.206.80.47:5073/m2m/v2/services/OpenIoT/models/)
Headers: {'content‐type': 'application/json’; 'X‐Auth‐Token' : <Oauth2.0 TOKEN>}
{ "name": "SENSOR_TEMP", "capabilities" : [ { "name" : "Temperature", "property" : "temperature", "format" : { "name" : "Temperature", "alias" : "t" , "phenomenon": "urn:x‐ogc:def:phenomenon:IDAS:1.0:temperature", "type" : "Quantity", "uom": "celsius”
} } ], "protocol": "ul‐2_0” }
Connection to the Internet of Things – Step 3
Create (register) an asset/device for your IoT device (use REST ADMIN API)
Payload JSON Format:
Check IDAS doc in the Catalogue
TOKEN = FIWARE Oauth Token
Must reuse an existing model
DEV_ID = 1st “name”
ASSET_ID = 2nd (asset) “name”
POST <idas_host>:<idas_admin_port>/m2m/v2/services/<service>/assets/ (Example: POST: http://130.206.80.47:5371/m2m/v2/services/OpenIoT/assets/)
Headers: {'content‐type': 'application/json’; 'X‐Auth‐Token' : <Oauth2.0 TOKEN>}
{ "name": "RPI:79:ed:af:zwave:temp:1", "model": "SENSOR_TEMP", "asset": { "name": "TEMP‐LivingRoom", "description": "asset model protocol”
} }
Connection to the Internet of Things – Step 4
Send observations from IoT device (use UL2.0 DEVICE API)
Payload JSON Format:
TOKEN = FIWARE Oauth Token
DEV_ID = asset name (step 3)
POST: http://130.206.80.47:8002/d?k=[APIKEY]&i=[DEV_ID]http://130.206.80.47:8002/d?k=4jggokgpepnvsb2uv4s40d59ov&i=RPI:79:ed:af:zwave:temp:1
Headers: {'content‐type': 'application/text’; 'X‐Auth‐Token' : [TOKEN]}
Payload: ‘ t|25‘
Sending multiple measurements with one request (4IN1):POST:http://130.206.80.47:8002/d?k=4jggokgpepnvsb2uv4s40d59ov&i=RPI:79:ed:af:4IN1‐Room Headers: {'content‐type': 'application/text’; 'X‐Auth‐Token' : [TOKEN]}Payload: ‘t|23#h|80#l|95#m|Quiet‘
Connection to the Internet of Things – Step 5
Read measurements sent by your IoT device
Use NGSI API to read NSGI entity
Entity ID = <asset_name> (TEMP-LivingRoom)
Entity Type = Sensor
Attributes = phenomena (Temperature, Humidity, Light, Presence)
GET <idas_host>:<idas_admin_port>/m2m/v2/services/<service>/assets/ (Example: GET: http://130.206.80.47:5371/m2m/v2/services/OpenIoT/assets/[ASSET_ID])
How to act upon IoT devices
Send commands to device:
register command URL (PUSH)
command = true to know what attribute is related
get commands from device (POOLING)
HTTP POST body can be empty or containing a measure
send commands via IDAS ADMIN API
Command XML can be escaped when used in REST API
PUT: <sbc_host>/m2m/v2/services/WorkshopSBC/assets/AssetSemaphoreDemo
Headers: {'content‐type': 'application/json’}
{ "DeviceProps": { "commandURL": "http://movistarfoto.tid.es:80/CommandSimulator/ping", "command": "true","manufacturer": "Test Manufacturer","model": "A123","serialNumber": "123456","version": "1.0",
} }
GET or POST: <idas_host:8002/d?k=5qmnuj9du3qOr3slifhvqgkuif&i=SemaphoreDemo&ip=http://movistarfoto.tid.es:80/CommandSimulator/ping
tm|32.3
POST: <sbc_host>/m2m/v2/services/WorkshopSBC/assets/AssetSemaphoreDemo/command
{ “commandXML": “<paid:command name=\“ping\“ />“}
Thanks!Thanks!
Pasquale VitaleEngineering Ingegneria Informatica
FIWARE Complex Event Processing
How to process the context events in real-time
To perform some processing on available context information you need a Complex Event Processing
The CEP allows you to detect patterns above contexts (triggering some action or raising some alarm)
The CEP receives contexts information as input events and generates observations (or situations) as output events
Applications role
Applications connected to the CEP GE (external applications or some other GE like Context Broker GE) can play two different role:
the role of Event Producer
the role of Event Consumer
Note: A given application can play both roles
Event Producer
Event Producer sources can be:
an external applications reporting events
a sensor reporting a measurement
Event Producers can be provide events in two modes:
Push mode - the Event Producers push events into the CEP by means of invoking a REST API
Pull mode - the Event Producer exports a REST API that the CEP can invoke to retrieve events
Event Consumer
Event Consumers are the destination point of events. For example:
Dashboard: a type of event consumer that displays alarms defined when certain conditions hold on events related to some entities user community or produced by a number of devices
Handling process: a type of event consumer that consumes meaningful events (such as opportunities or threats) and performs a concrete action
The Context Broker GE which can connect as an event consumer to the CEP and forward the events it consumes to all interested applications based on a subscription model
Pattern
The CEP allows you to define patterns over selected events occurring in event processing contexts (such as a time window or segmentation) with optional additional conditions
Those patterns can be defined using Web based authoring tool (without to write any code)
Event Processing Agent (EPA) - Pattern
Patterns supported are:
Basic type, meaning a basic event
a lamp battery charge is below 15 percent
Aggregate type, compute some aggregation functions on a set of incoming events
the percentage of failed measurements is higher than 10 percent in the last 5 minutes
Absent type, meaning no event holding some condition arrived within the time window for the pattern to match
no sensor events arrived in the last 10 minutes
Sequence type, meaning events need to occur in a specified order for the pattern to be detected
detect if the sensor status was “fixed” and later was “failed” within 24 hours
All type, meaning that all the events specified should arrive for the pattern to match
alert if the total reservations number arriving from 4 branches is higher than some threshold
From Event-Condition-Action to Pattern-Condition-Action
In certain scenarios, single events are insignificant, a CEP engine can detect combinations of events, and generate derived events situations, which are meaningful
Use CEP when there is a need to detect patterns over incoming events
Other tools can be used when there is a need to respond to single events with some condition (e.g., Context Broker GE)
Event Processing Context definition
Every EPA (event processing agent - pattern) is associated with an event processing context
Event processing context can be a:
temporal processing context (time window)
segmentation processing context
composite context (group of several contexts) +
Event processing context groups event instances can be processed in a related way
Working with the CEP
The FI-WARE CEP instance: IBM Proactive Technology Online - PROTON
Proton (CEP GE Instance) – Build Time Web User Interface
Definition type (or build block) of CEP:
Event types - events that are expected to be received as input or to be sent as output
EPAs - responsible to detect patterns: Basic, Aggregate, Absent, Sequence, All
Processing Contexts - Temporal, Segmentation, Composite
Consumers - the event consumers: File, REST, JMS, Custom
Producers - the event source: File, REST, JMS, Custom
Build Time Web User Interface
The Authoring tool allows you to define a CEP application, validate it, and export the application definition
Create definitions
Definitions can be generated by the user through a WEB User Interface
Definitions can be generated by external systems
In JSON format
Runtime Main interactions
Runtime Main interactions - Input & Output Adapters
Proton (CEP GE Instance) – Rest Input Adapter
Rest Input Adapter Client
Has a Producer definition in the Web UI
Activates a REST service as a client
Access the REST API declared by the event producer and pull events using the GET method
Support format:
Tag delimited
JSON
Name=ShipPosition;ShipID=RTX33;Long=46;Lat=55;Speed=4.0;Time=1333033200;
{"Name":"TrafficReport", "volume":"1000“}
Proton (CEP GE Instance) – Rest Output Adapter
Rest Output Adapter Client
Has a Consumer definition in the Web UI
Activates a REST service as a client
Access the REST API declared by the event consumer and push events to the consumer using the POST method
Support format:
Tag delimited
JSON
Name=TrafficReport;Certainty=0.0;Cost=0.0;EventSource=;OccurrenceTime=null;Annotation=;Duration=0.0;volume=1000; EventId=40f68052‐3c7c‐4245‐ae5a‐6e20def2e618;ExpirationTime=null;Chronon=null;DetectionTime=1349181899221;
{"Cost":"0.0","Certainty":"0.0","Name":"TrafficReport","EventSource":"","Duration":"0.0","Annotation":"", "volume":"1000","EventId":"e206b5e8‐9f3a‐4711‐9f46‐d0e9431fe215","DetectionTime":"1350311378034"}
How to administrate the CEP – REST ADMIN APIsManaging the Definitions Repository
GET all the existing definitions in the repository
GET specific definition in JSON format
POST a new definition
PUT update for a definition
DELETE definition
Administrating runtime Instances
GET instance status
PUT instance status
Reading the State of the CEP engine:
The instance’s definition URI
The instance’s state (stopped or started)
How to send input events to the CEP
Example to send event in the JSON format (in push mode)
POST <cep_host>:<port>/{instance_name}/rest/events (Example: POST: http://130.206.81.23:8080/ProtonOnWebServer/rest/events)
Headers: {'Content‐Type’: 'application/json’; 'X‐Auth‐Token' : <Oauth2.0 TOKEN>}
{ "Name":"TrafficReport", "volume":"1000"
}
Thanks!Thanks!
Pasquale VitaleEngineering Ingegneria Informatica
FIWARE Identity Management
Identity Management
An example
Account
Identity Management
In FIWARE
GE
GE
GE
GE
GE
GE
OAuth 2.0 for Identity Management
Examples …
OAuth 2.0 for Identity Management
… and FIWARE too! With Identity Management
Login with
OAuth 2.0
Messages flow
Web App IdM
1) redirect
3) request access‐token
4) access‐token
2) access‐codeO
Aut
h Li
brar
y
Request user info using access‐token
IP: a.b.c.dIP: e.f.g.h
OAuth 2.0
Client libraries for your application
http://oauth.net/2/
PHP, Cocoa, iOS, Java, Ruby, JavaScript, Python
Example using Node.js
https://github.com/ging/oauth2-example-client
Preliminary steps with IdM at FIWARE Account Portal
Add an application
Preliminary steps with IdM at FIWARE Account Portal
Set/create roles and permissions for application
Add new permissions if needed
Preliminary steps with IdM at FIWARE Account Portal
Result: OAuth credentials for the application
Preliminary steps with IdM at FIWARE Account Portal
OAuth 2.0 messages flow
1) RedirectFirst, we have to redirect user to the IdM web site in order to login and authorize the access to the new application (identified
by its client_id).
https://a.b.c.d/oauth2/authorize?response_type=code&client_id=2322
OAuth 2.0 messages flow
1) RedirectAuthorize
OAuth 2.0 messages flow
2) Access code
After introducing user/password to login and clicking the “Accept” button (needed only once), the browser redirect us back to the web page of our application:
http://e.f.g.h/login?code=ZNYy2HpyO1oMzalQ9-N2T1AIc0tnhTCuCziEG91PiPZPZYkJotzIBfZZlImfw4U7QpAwsgEGw4iakEL0n2FHlg
IdM uses the callback URL specified in the registration of the application.
We get the “code” value, which will be used in order to authenticate user.
OAuth 2.0 messages flow
3) Request access token
In order to request an access-token, without the knowledge of the credentials of the user:
curl -v --insecure -X POST https://a.b.c.d/oauth2/token -H "Content-Type: application/x-www-form-urlencoded" -H "Authorization: Basic MjowYjE5MmUwZDlmMDFkOTgyNjdmMjM2NTM4YzZhNDlmODMxMGNhNmJlNTA2ODg4OTc2MDJhODk1ODVhYmQ2YTYyODRiMGU0MDY4MTBkMjc2YTYzNmE2Yzg1NTg2MjJhZGFjZjIyYmM3ZDg5MjNiNWVkYWQ2ZmU0ODhlNmZhOGRjZg==" -d "grant_type=authorization_code&code=ZNYy2HpyO1oMzalQ9-N2T1AIc0tnhTCuCziEG91PiPZPZYkJotzIBfZZlImfw4U7QpAwsgEGw4iakEL0n2FHlg&redirect_uri=http://e.f.g.h/login"
Authorization is calculated as Base64(Client_ID:Client_Secret)
OAuth 2.0 messages flow
4) Access token
The previous request will return the following information:
HTTP/1.1 200 OKContent-Type: application/json
{"access_token": "3-EoxEo3tUas9tQJvxnDsAqkUEi38Ftmy5Ou_vPWNAtA9qyusJdP1LCB835b4WOB80_XLUziWOFdCs7qSHELlA","expires_in": 2591999,"refresh_token": "vEUA4j5oie7DCAzYy9PpXxgV4UsGJZx1B0ooEB-ewumULG_D2DdRs5dAtau-GXWeziWsvAQLEv9OIfG2DXP9lg","token_type": "bearer"
}
Securing your backend
Level 1: Authentication
Check if a user has a FIWARE account
Level 2: Basic Authorization
Check if a user has permissions to access a resource
HTTP verb + resource path
Level 3: Advanced Authorization
Custom XACML policies
Level 1: Authentication
BackendApps
IdM
5) Req
uest +
access‐token
OAuth2 flows
6) access‐token
7) OK + user info (roles)
Web App
OA
uth
Libr
ary
4) access‐token
Level 1: Authentication
BackendApps
IdM5) Req
uest +
access‐token
Web App
OA
uth
Libr
ary
Proxy
6) access‐token
7) OK + user info (roles)
OAuth2 flows
4) access‐token
Level 1: Authentication
Request + access token (step 5)
The request from web application to the backend and GEs would look like:
GET https://{backend-apps-url} HTTP/1.1Host: {backend-apps-hostname}
X-Auth-Token: {access-token}
Request should include the X-Auth-Token header with the exact access token received at previous step 4:
3-EoxEo3tUas9tQJvxnDsAqkUEi38Ftmy5Ou_vPWNAtA9qyusJdP1LCB835b4WOB80_XLUziWOFdCs7qSHELlA
Level 1: Authentication
Validate X-Auth-Token (step 6)
As a prerequisite, if we do not have it, a new admin token must be issued (expires in 24h) in order to request the validation of the auth token.
curl -vv -s -d '{"auth": {"passwordCredentials": {"username":"pepProxy", "password": "pepProxy"}}}' -H "Content-type: application/json" http://a.b.c.d:4730/v2.0/tokens
KEEP IN MIND this uses fixed password credentials for FIWARE Proxy to generate the admin token, but in a future a registry of users and passwords will be maintained.
Level 1: Authentication
Validate X-Auth-Token (step 6)
Previous call will return the following message:
{"access": {
"token": {"expires": "2015-07-09T15:16:07Z","id": "5b2177e7e1e6592cb7ea168ce9c0e87f"
},"user": {
"id": "pepProxy","name": "pepProxy","roles_links": [],"username": "pepProxy"
}}
}
Level 1: Authentication
Validate X-Auth-Token (step 6)
Assuming that you have a valid admin token (24 hours valid only), we can validate the access token included in the request (step 5):
curl --insecure -H "X-Auth-Token:5b2177e7e1e6592cb7ea168ce9c0e87f" http://a.b.c.d:4731/v2.0/access-tokens/3-EoxEo3tUas9tQJvxnDsAqkUEi38Ftmy5Ou_vPWNAtA9qyusJdP1LCB835b4WOB80_XLUziWOFdCs7qSHELlA
Please note X-Auth-Token header in this request is the admin token, while the access-token being validated is part of the resource path in URL.
This could return the following status codes if something is wrong:404 Access_token not valid 401 X-Auth-Token not valid (unauthorized)403 X-Auth-Token not valid (expired)
Level 2: Basic Authorization
BackendApps
IdM
Requ
est +
access‐token
Web App
OA
uth
Libr
ary
Proxy
6) access‐token + verb + path
7) OK + user info
Oauth2 flows
access‐token
AC GE
Access token + verb + path (step 6)
In this case you should call the API with the following information:
curl --insecure -H "X-Auth-Token:5b2177e7e1e6592cb7ea168ce9c0e87f” –H “Content-Type:application/json” –H “x-auth-resource:path” –H “x-auth-action:verb” http://a.b.c.d:4731/v2.0/access-tokens/authREST/3-EoxEo3tUas9tQJvxnDsAqkUEi38Ftmy5Ou_vPWNAtA9qyusJdP1LCB835b4WOB80_XLUziWOFdCs7qSHELlA
Where:- path is the URL of the resource to be accessed, e.g.:
/resource1/item2- verb is the HTTP verb associated to the request (GET, PUT, POST, DELETE)- X-Auth-Token is the admin token (FIWARE Proxy token)
As before, request URL includes the access-token being validated
Level 2: Basic Authorization
OK + user info (step 7)
200 Ok if all was OK, with the following user information:{
"actorId": 1,…"organizations": [
{"id": 1,"name": "prueba","roles": [
{"id": "8db87ccbca3b4d1ba4814c3bb0d63aab","name": "Member"
…"roles": [
{"id": 5,"name": "Provider"
}
Level 2: Basic Authorization
401 HTTP Unauthorized
Where you can see: • the roles associated to the organization (in red) • and the roles associated to the application (in blue).
BackendApps
IdM
Requ
est +
access‐token
Web App
OA
uth
Libr
ary
Proxy extension
XACML policy
OK + user info
Oauth2 flows
access‐token
AC GE
Level 3: Advanced Authorization
1) Edit application properties
Policies creation in IdM
2) Create new role
Policies creation in IdM
3) Add a new permission
Policies creation in IdM
4) Change to advanced mode
Policies creation in IdM
5) Fill in the rule field
Policies creation in IdM
Sample XACML rule contentPermissions in XACML format may include 1 or more resources and 1 or several actions, e.g.:
<Rule RuleId="PR:Manage" Effect="Permit"><Description>Rule: Permission example</Description><Target>
<Resources><Resource>
<ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[PATH]</AttributeValue><ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
DataType="http://www.w3.org/2001/XMLSchema#string" /></ResourceMatch>
</Resource></Resources>
…
Policies creation in IdM
Sample XACML rule content…
<Actions><Action><ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[VERB]</AttributeValue><ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
DataType="http://www.w3.org/2001/XMLSchema#string" /></ActionMatch>
</Action></Actions>
</Target></Rule>
Policies creation in IdM
FIWARE IdM:
Source Code: https://github.com/ging/fi-ware-idm
Documentation: https://github.com/ging/fi-ware-idm/wiki
FIWARE Access Control:
http://catalogue.fi-ware.org/enablers/access-control-tha-implementation/documentation
FIWARE OAuth2 Demo:
https://github.com/ging/oauth2-example-client
FIWARE Proxy:
https://github.com/ging/fi-ware-pep-proxy
Documentation
Thanks!Thanks!
Pasquale VitaleEngineering Ingegneria Informatica
FIWARE Context/Data Management Platform
FIWARE Context/Data Management Platform
Context/Data Management Platform
Applications
OMA NGSI-9/10Processing/Analysis
Algorithms
Gathered data is injected for processing/analysis
Distributed Context Sources
Complex Event Processing (PROTON)
BigData Analysis(COSMOS)
Processed data is injected for processing/analysis
Data generated either by CEP or BigData is published
Gathered data injected for CEP-like processing
Direct bigdata injection
Programming of rules
Context Broker
NGSI
Context Sources
BigData Analysis
adapter
adapter
Open Data publication
Cygnus
NGSI Adapter
Browser
Context Broker
History
(Webserver)
Cosmos
PEP‐PROXY
APIs
ngsi2Cosmos
IDM
Example
CKAN
Big Data
measures / commands
IoT/Sensor Open Data
Context Broker
IoT Broker & Config Management(from sensors to things)
actuators
Accounting &
Paym
ent & B
illing
IDM
& A
uth
Short-termhistoric data
BigData Processing
Data Quering/Action, Publish/Subscr
Open Data publishing
Real-time processing
BIETL
RULESDEFINITION
TOOL
OPERATIONAL DASHBOARD KPI GOVERNANCE OPEN DATA PORTALS
GIS
City Services Serviceorchestrator
Context Adapters
CEP
Media StreamsProcessing
Media
media content
IoT Backend Device Management
Target Smart City platform
Specific Enablers
Generic Enablers
Thanks!Thanks!