YASA* looks at turning commercial buildings into Internet things
'Fairhair' is *Yet Another Standards Alliance, but at least it cares about security
A vendor collective pushing Internet of Things standardisation for commercial buildings has published its first set of specifications, and wonder-of-wonders the specs include security.
In evidence that the world's fast running out of tortured names that don't sound stupid in English or funny/obscene in other languages, the group calls itself the Fairhair Alliance. It's best-known backers are Cisco, Phillips, Osram, Lutron, Siemens and Silicon Labs.
Announcing the first fruits of their work, the alliance says it's prepared draft standards for Resource Discovery, Resource Modelling, and Resource Security.
Under security, the alliance white paper lists [PDF] device protection; device identity (both to get access to the network, and so the network can provide device-appropriate services); system state (installation, commissioned, or in service) and multi-tenant considerations.
IETF specs supporting this include a bootstrapping draft (drawn from the Autonomic Networking Integrated Model and Approach working group, ANIMA); profile management from the Manufacturer Usage Description Specification group, and AES with elliptic key crypto.
Resource modelling is straightforward: a RESTful API model to create, read, set and delete data; a harmonised Constrained Application Protocol (CoAP) for message transfer; and the JSON-derived Concise Binary Object Representation (CBOR) data format.
For resource discovery, the group is suggesting the Constrained RESTful Environments (CoRE) Link Format (RFC 6690), and a CoRE resource directory (working group here) providing a centralised device database. ®
*Bootnote: Oh, all right: the group says it's named itself after Harald Fairhair, a late Dark Ages king widely regarded as creating a unified Norway, making the group's name a riff on Bluetooth's use of another King of Norway (and Denmark), Harald "Bluetooth" Gormsson, for its name. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust