fi-ppp technologies training materials

This project is co‐funded by the European Union

of 6 Part of the FI‐PPP

Grant Agreement no. 632838

FINODEX ‘Future INternet Open Data Expansion’

COMBINATION OF COLLABORATIVE PROJECT & COORDINATION AND SUPPORT ACTION

Information and Communication Technologies

Deliverable 3.1 v2 FI‐PPP Technologies training materials

Due date of deliverable: 31/05/2015 Actual submission date: 26/05/2015 Start date of project: 01/06/2014 Duration: 27 Months Contact person responsible for this deliverable: Mr Stefano de Panfilis Organisation name responsible for this deliverable: Engineering – Ingegneria Informatica S.p.A.

Project co‐funded by European Commission within the Seventh Framework Programme

Dissemination level

PU Public X

PP Restricted to other programme participants (including the Commission Services)

RE Restricted to a group specified by the consortium (including the Commission Services)

CO Confidential, only for members of the consortium (including the Commission Services)

Deliverable 3.1. v2 FIWARE Technologies training materials


Part of the FI‐PPP

DOCUMENT INFO

Authors

Name Company E‐mail

Stefano de Panfilis ENG [email protected]

Davide dalle Carbonare ENG [email protected]

Pasquale Vitale ENG [email protected]

Reviewers

Name Company E‐mail

Miguel García ZABALA [email protected]

Document Control

Document version

Date Change

D3.1.1 15/10/2014 First draft

D3.1v1 21/10/2014 Final version by the consortium to be submitted to the EC.

D3.1v2 26/05/2015 Second version by the consortium to be submitted to the EC.

Document Data

Point of Contact Name: Stefano de Panfilis Partner: Engineering – Ingegneria Informática S.p.A.

Address: Via San Martino Della Battaglia 56, 00185, Roma, Italy Tel. (+39) 06‐8759‐4253

E‐mail: [email protected]

Deliverable 3.1v2 FI‐PPP Technologies training materials


of 6 Part of the FI‐PPP

SUMMARY This is a compilation of materials related to the FIWARE training of the potential proposers. The training materials on FIWARE technologies are divided into:

‐ YouTube Channel videos at www.youtube.com/user/finodexproject where during the project lifetime different materials will be generated and playlists related to FIWARE training (adding contents from third parties) in order to have an organised pool of videos to help proposers.

‐ Annex1 Summary of FIWARE technologies ‐ Annex2 Presentations on FIWARE technologies (done at different events)




ANNEX 1. SUMMARY ON FIWARE TECHNOLOGIES INCLUDING A PRESENTATION ON FIWARE TECHNOLOGY SEMINARY.




ANNEX 2. PRESENTATIONS ON FIWARE TECHNOLOGIES Including presentations on the basic FIWARE features, namely:

1. FIWARE Introduction

2. FIWARE LAB Cloud Portal

3. FIWARE Context Broker

4. FIWARE Overview of GEs

5. FIWARE IoT

6. FIWARE CEP

7. FIWARE IdM

8. FIWARE GE Architecture - samples

All these presentations are mainly intended to developers (SMEs, Entrepreneurs) to understand and improve their knowledge on FIWARE Platform (the slideshows were presented during the info days events).

1. FIWARE Introduction FIWARE Introduction presentation is the starting point to introduce interested users to the FIWARE Platform. The presentation contains the definition of "FIWARE Platform", what it is and how to use the FIWARE Technologies.

2. FIWARE LAB Cloud Portal FIWARE LAB Cloud Portal presentation introduces the cloud portal of FIWARE. It contains the steps to be followed to create virtual machines and how to connect to them via SSH.

3. FIWARE Overview of GEs FIWARE Overview Generic Enablers presentation defines a list and a short description of the Generic Enablers available in the FIWARE Catalogue.

4. FIWARE Context Broker This is maybe the most important FIWARE Generic Enabler. This presentation provides an overview of Orion Context Broker, how to work and how to use it in order to create the context information. The last sections are dedicated to advanced functionalities.

5. FIWARE IoT FIWARE Internet of Things presentation explains how to use the devices/sensors to transform the information of physical world in to data.

6. FIWARE CEP FIWARE Complex Event Processing presentation defines the patterns and rules about the context information for the Context Broker GE.




7. FIWARE IdM FIWARE Identity Management presentation shows the aspects related to authentication and authorization based on the OAuth 2.0, how to manage the identities and the organizations.

8. FIWARE GE Architecture - samples FIWARE Generic Enabler Architecture is a presentation that shows how can be realized some architectures by using FIWARE technologies starting from some practical examples..


Page 1 of 9 Part of the FI‐PPP

FINODEX INTRODUCES

TECHNOLOGIES


TECHNOLOGIES TRAINING MATERIALS The Technologies training materials is divided in seven macro area:

1. Cloud Hosting 2. Data/Context Management 3. Advanced middleware and interfaces to Network and Devices (I2ND) 4. Advanced Web‐based User Interface 5. Security 6. Internet of Things Services Enablement 7. Applications/Services and Data Delivery

The figure shows the chapters and for each chapters the Generic Enablers.

1. CLOUD HOSTING The Generic Enablers for Cloud Hosting chapter are:

1.1. IaaS Resource Management GE ‐ FIWARE Implementation This GE provides the facilities to provision virtual machines, as well as to associated compute, storage and network resources. The implementation is based on OpenStack ‐ the rapidly emerging open source project providing cloud infrastructure middleware, being adopted by the wide ecosystem of organizations across the various industry sectors.


1.2. Monitoring GE ‐ FIWARE Implementation Monitoring GE ‐ TID Implementation is the key component to allow incorporating monitoring and metering mechanisms in order be able to constantly check the performance of the system, but the architecture should be easily extended to collect data for other required needs. Monitoring involves gathering operational data in a running system.

1.3. Object Storage GE ‐ FIWARE Implementation This Generic Enabler Implementation provides robust, scalable object storage functionality based on OpenStack Swift. The OpenStack Swift API provides a standardised mechanism to manipulate both the binary objects that are stored, and the hierarchy of containers in which they are organised. This RESTful API can be accessed from any client technology that can communicate over HTTP. By leveraging OpenStack Swift, all the benefits of this rapidly maturing open‐source cloud storage solution can be realised. The highly‐available, distributed, and scalable features of swift can be exposed using commodity hardware.

1.4. PaaS Manager ‐ Pegasus Pegasus orchestrates the provisioning of the required virtual resources at IaaS level and the installation and configuration of the whole software stack of the application, taking into account the underlying virtual infrastructure. It provides a flexible mechanism to perform the deployment, enabling multiple deployment architectures: everything in a single server, several servers, or elastic architectures based on load balancers and different software tiers. Pegasus is a easy way to deploy your applications in the FIWARE Cloud.

1.5. Policy Manager ‐ Bosun The Policy Manager GE provides the basic management of cloud resources based on rules, as well as management of the corresponding resources within the FIWARE Cloud Instance like actions based on physical monitoring or infrastructure, security monitoring of resources and services or whatever that could be defined by a facts, actions and rules. Policy Manager is a easy rule engine designed to be used in the OpenStack ecosystem and of course inside the FIWARE Cloud.

1.6. Self‐Service Interfaces ‐ Cloud Portal The Self Service Interfaces provide a support for the users of the cloud infrastructure and platform to manage their services and resources deployed in cloud. For the moment it consist of open source implementation of a User Portal and Scripts.

1.7. Software Deployment & Configuration ‐ Sagitta Sagitta (the Software Deployment and Configuration ‐ SDC ‐ GE), which is the key enabler used to support automated deployment (installation and configuration) of software on running virtual machines. As part of the complete process of deployment of applications, the aim of Sagitta is to deploy software product instances upon request of the user using the API or through the Cloud Portal.

2. DATA/CONTEXT MANAGEMENT The Generic Enablers for Data/Context Management chapter are:

2.1. BigData Analysis ‐ Cosmos Cosmos is an implementation of the Big Data GE, allowing the deployment of private computing clusters based on Hadoop ecosystem. Current version of Cosmos allows users to:

• I/O operations regarding Infinity, a persistent storage cluster based on HDFS.

• Creation, usage and deletion of private computing clusters based on MapReduce and SQL‐like querying systems such as Hive or Pig.

• Manage the platform, in many aspects such as services, users, clusters, etc, from the Cosmos API or the Cosmos CLI


2.2. Complex Event Processing (CEP) ‐ Proactive Technology Online The CEP GE analyses event data in real‐time, generates immediate insight and enables instant response to changing conditions. While standard reactive applications are based on reactions to single events, the CEP GE reacts to situations rather than to single events. A situation is a condition that is based on a series of events that have occurred within a dynamic time window called processing context. Situations include composite events (e.g., sequence), counting operators on events (e.g., aggregation) and absence operators. The Proactive Technology Online is an implementation of the FIWARE CEP (Complex Event Processing) GE.

2.3. Publish/Subscribe Context Broker ‐ Orion Context Broker The Orion Context Broker is an implementation of the Publish/Subscribe Context Broker GE, providing the NGSI9 and NGSI10 interfaces. Using these interfaces, clients can do several operations:

• Register context producer applications, e.g. a temperature sensor within a room

• Update context information, e.g. send updates of temperature

• Being notified when changes on context information take place (e.g. the temperature has changed) or with a given frequency (e.g. get the temperature each minute)

• Query context information. The Orion Context Broker stores context information updated from applications, so queries are resolved based on that information.

2.4. Stream‐oriented ‐ Kurento The Stream Oriented GE is a development framework that provides an abstraction layer for multimedia capabilities, allowing non‐expert developers to include interactive media components to their applications. At the heart of this enabler there is the Open API. A REST‐like API, based on JSON RPC 2.0, exposing a toolbox of Media Elements that can be chained to create complex media processing pipelines. The Stream Oriented GE provides several client implementations of the Open API. The Java client allows developers to include media capabilities to Java or JEE applications. There is also a Javascript client ready to be used with NodeJS or directly in browser applications. Thanks to these, the Stream Oriented GE provides developers with a set of robust end‐to‐end interoperable multimedia communication capabilities to deal with the complexity of transport, encoding/decoding, processing and rendering tasks in an easy and efficient way.

3. ADVANCED MIDDLEWARE AND INTERFACES TO NETWORK AND DEVICES The Generic Enablers for I2ND chapter are:

3.1. Network Information and Control ‐ OFNIC OFNIC is a reliable and distributed Software Defined Network (SDN) controller for enterprises’ OpenFlow‐enabled network. It enables the abstraction and virtualization of network resources and functionalities. OFNIC also monitors the status of the network and provides near real‐time data about network statistics with different levels of granularity (flow, node, port).

4. ADVANCED WEB‐BASED USER INTERFACE The Generic Enablers for Advanced Web‐based UI chapter are:

4.1. 2D‐UI A JavaScript library that handles generic web user interface input events like keyboard and mouse. This GE provides means to dynamically add existing input devices input events such as touch pads and gamepad, and input event abstraction to handle keyboard key and mouse button combinations. The goal is to provide support for advanced, Web‐based, highly dynamic, and potential 3D user interfaces.

4.2. 2D/3D Capture 2D 3D Capturing is capture contextual information related a 2D 3D scene of the surrounding so that the data can be used to provided to or as services. Location information, lighting information, device orientation, heading direction


are the necessary contextual information and based on the service these other information available to the browser can be used.

4.3. 3D‐UI‐XML3D XML3D is an extension to HTML5 for declarative 3D content represented as a scene graph like structure inside the DOM. All nodes within this graph are also nodes in the web sites DOM tree representation and can be accessed and changed via JavaScript like any other common DOM elements as well. On these DOM nodes, HTML events can be registered similar to known HTML elements.

4.4. 3DUI ‐ WebTundra WebTundra is the Web client for taking realXtend 3D virtual worlds into modern web browsers. The provided TundraSDK and TundraClient can connect to a realXtend Tundra server. Implementing the Tundra network protocol via WebSocket and rendering with WebGL. For networked multiuser usage requires a Tundra server (Synchronization GE server side).

4.5. Augmented Reality Augmented Reality Generic Enabler is a high‐level application programming interface for HTML5 Augmented Reality applications. Required run‐time environment is the JavaScript support of a suitable web browser. No plug‐ins are required. These applications may rely on the functionality of the other GEs, like XML3D Technology, POI Data Provider, etc.

4.6. Cloud Rendering The goal of this GE is to provide a generic way to request, receive and control a video stream of a remote 3D application. The complexity and usual heavy performance requirements for a 3D application can be offloaded to a server, from a low end device that could not handle the rendering otherwise. Cloud Rendering GE provides a web service that can be used to implement your own 3D application rendering and interactions with the web client. Also provided are accompanying web client that shows how to talk to the web service and a renderer for the realXtend Tundra 3D application SDK and the end user Meshmoon Rocket client.

4.7. GIS Data Provider ‐ Geoserver/3D This GE is able to host geographical data and serve it in 3D form (where applicable) to both mobile and web clients. The GE implementation is based on open source Geoserver project (GPL licensed) and W3DS extension.

4.8. Interface Designer The goal is to provide an easy‐to‐use full manipulator / editor of 3D objects within a scene. An in‐browser world editor that allows users to easily create, remove, and manipulate scene objects through variety of tools. This editor in particular utilizes Scene and EC model, in other words, manipulates entities, components and attributes. Manipulations can be done through GUI that consist of three parts: scene tree, EC editor, and additional toolbar, or directly into the scene via 3D manipulation helper objects such as transform gizmo / axis tripods, and grids. The GUI provides extensive editing of entities that cannot be otherwise done via a 3D manipulation helper, and also in most of the cases serves for fine‐tuning of values.

4.9. POI Data Provider POI (Points of interest) Generic Enabler is a web server kit that supports

• storing information related to locations

• serving queries by location and other criteria

• can be configured to meet your data needs POI Generic Enabler makes it relatively easy to

• Relate any information to places, e.g.


o Tourist attractions / services o Photos, videos, 3D content o Special location data of your business o Imaginary items of an outdoor game o ...

• Search information by location and other criteria

• Store information by location

• Develop an application that utilizes those capabilities

4.10. Real Virtual Interaction A key aspect of Augmented Reality is that virtual content is not just presented embedded within the context of the real world, but that it should also allow users to interact actively with real objects and the objects to provide input to the user. Real Virtual Interaction generic enabler (GE) provides means for connecting real world devices consisting of sensors and actuators in to augmented or virtual reality applications. Since the real world sensors and actuators are not complex enough to contain necessary logic to publish themselves outside their immediate domain there needs to be a external service that is able to access these devices and to be able to share the access to other services and also directly to end‐users. This service provides security, data base for storing history and offline data, scalability and other cloud‐like features that make it easier for application and service developers to make use of the devices in various purposes. This GE also provides a practical prototype for publishing sensor and actuator information application developers derived from NGSI 9/10 format developed earlier in FIWARE.

4.11. Synchronization The Synchronization Generic Enabler presents a lightweight and generic network‐synchronized dynamic scene data model, and two communication protocols to interact with the model: SceneAPI, a RESTful HTTP API for non‐realtime querying and modification of the scene, and a WebSocket‐based bidirectional protocol for connected Web clients to receive continuous real‐time scene updates, and to post their real‐time changes to the scene. It includes a server reference implementation based on the realXtend Tundra SDK, and a JavaScript client library. The scene data model is based on a hierarchy of Entities, Components and Attributes. A typical use case would be the implementation of a dynamic multi‐user virtual world, but as the data model is completely generic, it is by no means limited to that use case.

4.12. Virtual Characters This GE consists of an open standard and reference implementation for virtual characters on the Web. Web applications will be able to create, display and animate virtual characters. The characters can be composed of multiple mesh parts, to eg. allow easily swappable parts like upper or lower bodies, and attached objects such as clothing. The virtual character functionality is implemented as a JavaScript library, and is part of the WebTundra codebase, which also contains the 3D‐UI and Synchronization (client part) GE's. The 3D‐UI GE (which in turn uses the WebGL API through the three.js rendering library) is utilized for the Entity‐Component‐Attribute based scene model, the hierarchical transformation graph and implementing the actual rendering: a virtual character becomes part of the scene hierarchy and can be manipulated using the scene model's functions.

5. SECURITY The Generic Enablers for Security chapter are:

5.1. Authorization PDP ‐ AuthZForce You get the reference implementation of the Authorization PDP Generic Enabler (formerly called Access Control GE). Indeed, as mandated by the GE specification, this implementation provides an API to get authorization decisions based on authorization policies, and authorization requests from PEPs. The API follows the REST architecture style, and complies with XACML v3.0. XACML (eXtensible Access Control Markup Language) is a OASIS standard for authorization policy format and evaluation logic, as well as for the authorization decision request/response format.


The PDP (Policy Decision Point) and the PEP (Policy Enforcement Point) terms are defined in the XACML standard. This GEri plays the role of a PDP. To fulfill the XACML architecture, you may need a PEP (Policy Enforcement Point) to protect your application, which is not provided here. However, the PEP Proxy by UPM ‐ soon to be found on this catalogue ‐ provides such a component for protecting RESTful APIs in particular.

5.2. Identity Management ‐ KeyRock Identity Management covers a number of aspects involving users' access to networks, services and applications, including secure and private authentication from users to devices, networks and services, authorization & trust management, user profile management, privacy‐preserving disposition of personal data, Single Sign‐On (SSO) to service domains and Identity Federation towards applications. The Identity Manager is the central component that provides a bridge between IdM systems at connectivity‐level and application‐level. Furthermore, Identity Management is used for authorising foreign services to access personal data stored in a secure environment. Hereby usually the owner of the data must give consent to access the data; the consent‐giving procedure also implies certain user authentication.

5.3. PEP Proxy ‐ Wilma You get the reference implementation of PEP Proxy Generic Enabler. Thanks to this component and together with Identity Management and Authorization PDP GEs, you will add authentication and authorization security to your backend applications. Thus, only FIWARE users will be able to access your GEs or REST services. But you will be able also to manage specific permissions and policies to your resources allowing different access levels to your users.

5.4. Security Monitoring The Security Monitoring GE is part of the overall Security Management System in FIWARE and as such is part of each and every FIWARE instance. The Security Monitoring GE was designed to be offered as a services suite. The services provided, even if they can be used in isolation offer their most when used conjointly to cover the whole & primary usage pattern. Hereafter is the list of services offered by the Security Monitoring

• MulVAL Attack Paths Engine

• Scored Attack Paths

• Remediation

6. INTERNET OF THINGS SERVICES ENABLEMENT The Generic Enablers for IoT chapter are:

6.1. Backend Device Management ‐ IDAS IDAS is an implementation of the BE Device Management GE, providing:

• an ADMIN REST API for M2M application developers.

• a DEVICE COMMUNICATION API for devices (sensor/actuators/gateways) communication. Currently it implements the following protocols: SensorML, Lightweight SensorML.

• an NGSI9/NGSI10 interface towards NGSI enabled brokers, implemented by the "IoT Agent" component.

• an opensource Reference Gateway for RaspberryPI and Z‐wave devices, called "FIGWAY". IoT integrators may port this software to their own gateway/devices hardware in order to easily interact with FIWARE IoT Backend.

6.2. Configuration Manager ‐ IoT Discovery IoT Discovery is an implementation of the Configuration Management GE, which focuses on semantically‐annotated IoT descriptions. The API provides two main modules:

• Sense2Web Linked‐data platform

• NGSI‐9 Server


6.3. Configuration Manager ‐ Orion Context Broker The Orion Context Broker is an implementation of the Configuration Manager GE, providing the NGSI9 interfaces. Within the IoT chapter, it is aimed to be used in combination with IoT Broker GE (so the IoTBroker deals with NGSI10 in a stateless fashion, relying in Orion as persistent storage for NGSI9 registrations) although it can be also used as a stand alone component. Using the NGSI9 interface, clients can do several operations:

• Register context producer applications, e.g. a temperature sensor within a room

• Discover context producers information, e.g. which sensors are providing temperature for a given entity

• Being notified when changes on context information availability

6.4. Gateway Data Handling GE ‐ EspR4FastData The Data Handling GE addresses the need to process data in real time. Frequently implemented features include filtering, aggregating and merging real‐time data from different sources. Thanks to Complex Event Processing (CEP), it is easy for applications to only subscribe to value‐added data which is relevant to them. CEP technology is sometimes also referred to as event stream analysis, or real time event correlation. EspR4FastData is a simple deployable servlet application. It features a dedicated REST management API, and a partial implementation of the standardized NGSI API.

6.5. IoT Broker The IoT Broker Generic Enabler is specified as a lightweight and scalable middleware component that separates IoT applications from the underlying device installations. The IoT Broker implementation available through the FIWARE Catalogue is the reference implementation of this Generic Enabler by NEC.

6.6. Protocol Adapter ‐ MR CoAP The MR CoaP Protocol Adapter allows you to plug devices using on CoaP over 6LowPan protocol within the IoT Architecture of FIWARE. The protocol adapter is designed to work with IBMs Moterunner platform and communicates via 6LoWPAN and uses CoAP as application layer protocol. The MR CoAP adapter is designed to use IBMs Mote Runner operating system. Moterunner is a run‐time platform running on the mote hardware that provides a virtual machine to execute device independent code.

7. APPLICATIONS/SERVICES AND DATA DELIVERY The Generic Enablers for Applications/Services and Data Delivery Framework chapter are:

7.1. Application Mashup ‐ Wirecloud Wirecloud builds on cutting‐edge end‐user development, RIA (Rich Internet Application) and semantic technologies to offer a next‐generation end‐user centred web application mashup platform aimed at leveraging the long tail of the Internet of Services. Web application mashups integrate heterogeneous data, application logic, and UI components (widgets/gadgets) sourced from the Web to create new coherent and value‐adding composite applications.

7.2. Marketplace ‐ WMarket The Marketplace provides functionality necessary for bringing together offering and demand for making business. These functions include basic services for registering business entities, publishing and retrieving offerings and demands, search and discover offerings according to specific consumer requirements as well as lateral functions like review, rating and recommendation.

7.3. Repository ‐ Repository RI The Repository is a core enabler of the FIWARE Business Framework. The repository provides a consistent uniform API to USDL service descriptions and associated media files for applications of the business framework. A service provider can use the Repository to publish the description of various aspects of the service according to a uniform description language.


7.4. Revenue Settlement and Sharing System ‐ RSS RI The Revenue Sharing System (RSS) GE is in charge of distributing the revenues originated by the usage of a given service among the involved stakeholders. In particular, it focuses on distributing part of the revenue generated by a service between the Marketplace Provider and the Service Provider(s) responsible for the service. With the term "service" we refer to both final applications and backend application services (typically exposed through an API). Note that, in the case of composite services, more than one service provider may have to receive a share of the revenues.

7.5. Store ‐ WStore Store is the GE for selling services to both consumers and developers of Future Internet applications and services and for end‐to‐end managing of offerings and sales. While a marketplace is a platform for many stores to place their offerings to a broader audience and consumers to search and compare services and find the store where to buy, a store is owned by a store owner who has full control over a specific service/app portfolio and offerings. The final business transaction (buying) is done at the store and the whole back office process (end‐to‐end managing of offerings and sales) is handled by the store. Service Business Frameworks (SBFs) represent one of the cornerstones of service ecosystems. The key objective of a SBF is to build and support an ecosystem of applications and services that is sustainable and fosters innovation as well as cross‐fertilization. In particular, it consists of a number of interrelated components that support managing services in the business framework across the whole service lifecycle: from creation and composition of services to monetization and revenue sharing.

Pasquale VitaleEngineering Ingegneria Informatica

Overview of Generic Enablers

Introduction

The FIWARE Platform comprises a set of technological “Generic Enablers” which are considered general purpose and independent from any “usage area”

Generic Enablers provide open interfaces:

to Application Developers (APIs)

to support interoperability with other GEs

FIWARE Reference Architecture

Build with other Generic Enablers

Introduction

FIWARE assembles a set of building blocks that ease creation of smart Internet Applications

These blocks are called Generic Enablers

They offer reusable and common shared functions serving multiple use cases in various sectors

FIWARE GE Specifications are open (public and royalty free)

FIWARE GE Implementation (FIWARE GEi)

platform product that implements a given GE Open Spec

there might be multiple compliant GEis of each GE Open Spec

available FIWARE GEis published on the FIWARE Catalogue

The 7 Technical Chapters

FIWARE GEs are divided into 7 technical chapters:

1. Cloud Hosting

2. Data/Context Management

3. Interfaces to Network and Devices (I2ND)

4. Advanced Web-based User Interface

5. Security

6. Internet of Things

7. Applications/Services and Data Delivery

1. Cloud Hosting

IaaS Resource Management - to provision VMs (associate compute, storage and network resources)

Monitoring - to allow incorporating monitoring and metering mechanisms

Object Storage - to provide robust, scalable object storage functionality

PaaS Manager - to enable multiple deployment architectures (tiers)

Policy Manager - to provide the basic management of cloud resources based on rules

Self-Service Interfaces - to support for the users of cloud to manage their services and resources

Software Deployment & Configuration - to support automated deployment of software

2. Data/Context Management

BigData Analysis - to allow the deployment of private computing clusters based on Hadoop ecosystem

Complex Event Processing - to analyze event data in real-time, generate immediate insight and enable instant response to changing conditions

Publish/Subscribe Context Broker - to manage the context information

Stream-oriented - to provide an abstraction layer for multimedia capabilities, allowing non-expert developers to include interactive media components to their applications

Network Information and Control – to enable the abstraction and virtualization of network resources and functionalities

3. Interfaces to Network and Devices

4. Advanced Web-based User Interface (1 of 2)

2D-UI - handles generic web user interface

2D/3D Capture - capture contextual information related a 2D 3D scene

3D-UI-XML3D - an extension to HTML5 for declarative 3D content represented as a scene graph

3DUI-WebTundra - Web client for taking realXtend 3D virtual worlds into modern web browsers

Augmented Reality - a high-level API for HTML5 Augmented Reality applications

Cloud Rendering - to provide a generic way to request, receive and control a video stream of a remote 3D application

4. Advanced Web-based User Interface (2 of 2)

GIS Data Provider - to host geographical data and serve it in 3D

POI Data Provider - to make easy the search, the store by location

Interface Designer - to provide an easy-to-use full manipulator / editor of 3D objects within a scene

Real Virtual Interaction - to provide means for connecting real world devices consisting of sensors and actuators in to augmented or virtual reality applications

Synchronization - presents a lightweight and generic network-synchronized dynamic scene data model

Virtual Characters - consists of an open standard and reference implementation for virtual characters on the Web (to create, display and animate virtual characters)

5. Security

Authorization PDP - provides an API to get authorization decisions based on authorization policies, and authorization requests from PEPs

Identity Management - covers a number of aspects involving users' access to networks, services and applications, including secure and private authentication from users to devices, networks and services, authorization & trust management, user profile management, privacy-preserving disposition of personal data, Single Sign-On (SSO) to service domains and Identity Federation towards applications

PEP Proxy - together with Identity Management and Authorization PDP GEs, add authentication and authorization security to your backend applications

Security Monitoring - to manage the Security Management System

6. Internet of Things

Backend Device Management - IDAS - to provide API for M2M application

Configuration Manager - IoT Discovery - to register the availability of Things and Sensor devices

Configuration Manager - Orion Context Broker - to provide the NGSI9 interfaces

Gateway Data Handling GE - EspR4FastData - to process data in real time

Protocol Adapter - MR CoAP - to allow to plug devices

IoT Broker - lightweight and scalable middleware component that separates IoT applications from the underlying device installations

7. Applications/Services and Data Delivery

Application Mashup - Wirecloud - to build on cutting-edge end-user development, RIA

Marketplace - to provide functionality necessary for bringing together offering and demand for making business

Repository - to provide a consistent uniform API to USDL service descriptions

Revenue Settlement and Sharing System - is in charge of distributing the revenues originated by the usage of a given service among the involved stakeholders

Store - WStore - to sell services to both consumers and developers of Future Internet applications and services and for end-to-end managing of offerings and sales

Specific Enablers (SEs)

A Specific Enabler (SE) is a component similar to a GE which offers functions relevant to domainsspecific, for example manufacturing, media, eHealth, energy and agrifood.

FIWARE GEs

Domain specific enablers

SMART CityApps

SMART Factory Apps

SMART Agrifood Apps

Thanks!Thanks!


FIWARE LAB Cloud Portal

Summary

FIWARE LAB Cloud Hosting

Deploying your first VM

Deploying components for your application

Object Storage API

Reference Information

OpenStack: The Open Source Cloud Operating System

OpenStack is open source software to build private and public clouds

FIWARE LAB Cloud Portal is IaaS based on OpenStack

Provision and manage large networks of virtual machines

Object storage and Block storage for use with servers and applicationsPluggable, scalable, API-driven system

for managing networks and IP addresses

Cloud Portal

FIWARE LAB Cloud Hosting

Steps:

Create your account in lab.fi-ware.org

Enter in the Cloud Portal

Create your keypair (private key)

Deploy your instance

Add a public IP

Open ports to the VM

FIWARE LAB Cloud Hosting Create your account in lab.fi-ware.org

If you forgot it, request the new password

Enter your email and password to access to the FIWARE LAB

Redirect to account.lab.fi-ware.org/users/sign_in

If you do not have an account, sign up

FIWARE LAB Cloud Hosting Enter in the Cloud Portal

COMPUTE

STORAGE

BLUEPRINT

FIWARE LAB Cloud Hosting Create your keypair

FIWARE LAB Cloud Hosting Compute section

Compute menu

Images

Instances

Security

Flavors

Snapshots

FIWARE LAB Cloud Hosting Compute section Images

Choose your VM you want to launch

•baseimages,•fiware:apps,•fiware:data,•fiware:i2nd,•fiware:iot,•fiware:security,•fiware:userinterface,•fiware:utils

FIWARE LAB Cloud Hosting Compute section detail

FIWARE LAB Cloud Hosting Compute section Wizard - step 1 of 4

Details

Instance Name

Flavor (tiny, small, medium, etc…)

Instance Count


Access & Security

Keypair

Security Groups


Post Creation

Customization Script


Summary

Instance Name

Keypair

Security Group

FIWARE LAB Cloud Hosting Compute section Instances

FIWARE LAB Cloud Hosting Compute section Flavors

FIWARE LAB Cloud Hosting Compute section Security

Security

Floating IPs

Security Groups

Keypairs


Security

Floating IPs

Allocate Floating IPs

Actions

Associate IP

Disassociate Floating IP

Release Floating IPs


Security

Security Groups

Create Security Group

Actions

Edit Rule

Delete Rule


Security

Security Groups

Create Security Group

Actions

Edit Rule

Delete Rule

-1 is to allow ping

22 is to allow ssh

443 is to allow https

80 is to allow http allow only IP


Security

Keypairs

Create Keypair

Import Keypair

Actions

Delete Keypairs

FIWARE LAB Cloud Hosting Compute section Snapshots

Snapshots

Instance Snapshots

Volume Snapshots


Snapshots

Instance Snapshots

Actions

Launch Instance

Edit Image

Delete Snapshots


Snapshots

Volume Snapshots

Actions

Delete Snapshots

FIWARE LAB Cloud Hosting Blueprint section

Blueprint Instances

Blueprint Templates

FIWARE LAB Cloud Hosting Blueprint section Blueprint Instances

Go in the catalog

FIWARE LAB Cloud Hosting Blueprint section Blueprint Templates

Blueprint Templates

Open Catalog

Create New Template

Actions

Launch Template

Clone Template

Delete Template

FIWARE LAB Cloud Hosting Blueprint section Open Catalog

Blueprint Templates

Catalog

Close catalog

Actions

Clone Template

FIWARE LAB Cloud Hosting Blueprint section Create New Template

Blueprint Template

Create New Template


Click on template to start the wizard to add tiers in your CloudPortalTemplate


Blueprint Templates

Create Tier

Wizard step 1 of 2


Blueprint Templates

Create Tier

Wizard step 2 of 2

Software added to tier


CloudPortalTemplate detail

Edit and delete tiers


There are 2 tiers for CloudPortalTemplate


Launch the CloudPortalTemplate

to start the wizard


Blueprint Templates

Launch Blueprint Template

FIWARE LAB Cloud Hosting Blueprint section Blueprint Instances

FIWARE LAB Cloud Hosting Storage section

Volumes

Containers

FIWARE LAB Cloud Hosting Storage section Volumes

Volumes are persistent storage for the VM

FIWARE LAB Cloud Hosting Storage section Create Volume

Create Volume

FIWARE LAB Cloud Hosting Storage section

Volume attached

FIWARE LAB Cloud Hosting Storage section Containers

Containers are object storage (like folders)

FIWARE LAB Cloud Hosting Storage section Create Container

Create Container

FIWARE LAB Cloud Hosting Storage section Create Container

Upload Objects

FIWARE LAB Cloud Hosting Storage section Container

Download Object

FIWARE LAB Cloud Hosting Storage section Container

Copy Object

FIWARE LAB Cloud Hosting Storage section Object Storage API

Authentication to get initial tokenusername='[email protected]' password='mypassword' curl -d '{"auth": {"passwordCredentials": {"username":"'$username'", "password":"'$password'"}}}' \-H ‘content-type: aplication/json' \ http://cloud.lab.fi-ware.org:4730/v2.0/tokens \ -vvv

Use initial token to get tenantcurl -H 'x-auth-token: '$token http://cloud.lab.fi-ware.org:4730/v2.0/tenants

Authenticate tenant to get token for Object Storagecurl -d '{"auth": {"passwordCredentials": {"username":"'$username'", "password":"'$password'"}, "tenantId":"'$tenantId'"}}' \ -H ‘content-type: aplication/json' \http://cloud.lab.fi-ware.org:4730/v2.0/tokens

Object Storage URLhttp://$node_cdmi:8080/cdmi/$auth/container/

http://forge.fi-ware.org/plugins/mediawiki/wiki/fiware/index.php/Object_Storage_-_User_and_Programmers_Guide

FIWARE LAB Cloud Hosting Storage section Example container

REST call: GET

X-Auth-Tokenapplication/cdmi-object X-CDMI-Specification-Version

List of objects within the container

Connection to VM (1)

Example via SSH

with keypair.pem file

ssh -i keypair.pem [email protected]


Example via Putty

Convert keypair to PPK


Example via FileZilla

Set keypair

Information

If you have any question or problem contact [email protected]

You can see webinars, courses, videos in the FIWARE Academyhttp://edu.fi-ware.org

You can use stackoverflow to ask question using the fiware and/or filab tags.

Thanks!Thanks!


FIWARE Contex Broker

Introduction

Managing Context Information at large scale

FIWARE Context Broker GE (implementation: Orion)

Creating and pulling data

Pushing data and notifications

Convenience operations

Managing Context Information at large scale

Context Information is represented through values assigned to attributes

The Context Broker is able to:

handle context information at large scale

enable your application to query on context information

subscribe to changes in context information that will be received through notifications

enable your application or other applications to modify the context information

Context Management in FIWARE

Context Information: the value of attributes that characterize those entities relevant to your application

NGSI API

Bus• Location• No. passengers• Driver• License plate

Citizen• Name-Surname• Birthday• Preferences• Location• To Do list

Shop• Location• Business name• Franchise• Offerings

Applications/Services

Context Broker

A sensor in a pedestrian street

The Public Bus Transport Management system

A person from his smartphone

It’s too hot!

What’s the current temperature?

… but programmers should just care about entities and their attributes

Context Information independent from the source

Context information may come from many sources using different interfaces and protocols …


Get notified when an update on context information takes place

Bus = “X”, last_stop = “A”, arrived= “Yes”

push

Notify me when bus “X” arrives at the bus stop “A”

API


Acting on devices can be as easy as changing the value of attributes linked to its corresponding entity

Street lamp = “lamp1”, status= “on”

Street Lamp lamp1.status “on”

API

FIWARE Context Broker GE: Orion

Main functions:

Context availability management - OMA NGSI-9 specs

Context management - OMA NGSI-10 specs

HTTP and REST-based

XML payload support

JSON payload support


Functions Operations

NGSI-9• Register, • Search,• Subscribe for context sources

• registerContext• discoverContextAvailability• subscribeContextAvailability• updateContextAvailabilitySubscription• unsubscribeContextAvailability

NGSI-10• Query,• Update,• Subscribe to context elements

• updateContext• queryContext• subscribeContext• updateContextSubscription• unsubscribeContextSubscription


Context in NGSI is based in an entity-attribute model:

Attributes• Name• Type• Value

Entity

• EntityId• EntityType 1 n

“has”


Orion Architecture

11

Orion Context Broker

ContextProducers

ContextConsumers

subscriptions

update

query

notify

notify

update

update

DB

1026

1026

Context Broker operations: create and pull data

Context Producers publish data/context elements by invoking the updateContext operation on a Context Broker

Context Consumers can retrieve data/context elements by invoking the queryContext operation on a Context Broker

Context Consumer

queryContext

Context Producer

updateContext

Context Broker

speed

Entity creation example: car create

updateContext operation with APPEND action type

POST localhost:1026/v1/updateContext... {"contextElements": [{"type": "Car","isPattern": "false","id": "Car1","attributes": [{"name": "speed","type": "float","value": "98"

}]

}],"updateAction": "APPEND"

}

200 OK... {"contextResponses": [{"contextElement": {"attributes": [{"name": "speed","type": "float","value": ""

}],"id": "Car1","isPattern": "false","type": "Car"

},"statusCode": {"code": "200","reasonPhrase": "OK"

}}

]}

Update context elements example: car updateContext

updateContext operation with UPDATE action type

POST localhost:1026/v1/updateContext... {"contextElements": [{"type": "Car","isPattern": "false","id": "Car1","attributes": [{"name": "speed","type": "float","value": "110"

}]

}],"updateAction": "UPDATE"

}

200 OK... {"contextResponses": [{"contextElement": {"attributes": [{"name": "speed","type": "float","value": ""



}}

]}

Query context operation example: car queryContext

queryContext operation by Id

POST <cb_host>:1026/v1/queryContext... {"entities": [{"type": "Car","isPattern": "false","id": "Car1"

}]

}

200 OK... {"contextResponses": [{"contextElement": {"attributes": [{"name": "speed","type": "float","value": "110"

}],

"id": "Car1","isPattern": "false","type": "Car"


}}

]}

Entity creation example: room create

POST localhost:1026/v1/updateContext... {"contextElements": [{"type": "Room","isPattern": "false","id": "Room1","attributes": [{"name": "temperature","type": "float","value": "24"

},{"name": "pressure","type": "integer","value": "718"

}

]}

],"updateAction": "APPEND"

}

200 OK... {"contextResponses": [{"contextElement": {"attributes": [{"name": "temperature","type": "float","value": ""

},{"name": "pressure","type": "integer","value": ""

}],"id": "Room1","isPattern": "false","type": "Room"


}}

]}

Two attributes: temperature and pressure

Update context elements example: room updateContext

POST localhost:1026/v1/updateContext... {"contextElements": [{"type": "Room","isPattern": "false","id": "Room1","attributes": [{"name": "temperature","type": "float","value": "25"


}

]}

],"updateAction": "UPDATE"

}





}}

]}

Update: temperature and pressure

Query context operation example: room queryContext

queryContext operation by Id

POST <cb_host>:1026/v1/queryContext... {"entities": [{"type": “Room","isPattern": "false","id": “Room1"

}]

}

200 OK... {"contextResponses": [{"contextElement": {"attributes": [{"name": "temperature","type": "float","value": "25"




}}

]}


queryContext operation by Id and attribute

POST <cb_host>:1026/v1/queryContext... {"entities": [{"type": “Room","isPattern": "false","id": "Room1"

}] ,"attributes": [

"temperature"]

}

200 OK... {"contextResponses": [{"contextElement": {"attributes": [{"name": "temperature","type": "float","value": "25"

}],

"id": "Room1","isPattern": "false","type": "Room"


}}

]}

Entity creation example: room create

POST localhost:1026/v1/updateContext... {"contextElements": [{"type": "Room","isPattern": "false","id": "Room2","attributes": [{"name": "temperature","type": "float","value": “33"

},{"name": "pressure","type": "integer","value": “722"

}

]}

],"updateAction": "APPEND"

}





}}

]}

Append another room: Room2


queryContext operation by regex Room.*

POST <cb_host>:1026/v1/queryContext... {"entities": [{"type": “Room","isPattern": “true","id": "Room.*"

}] ,"attributes": [

"temperature"]

}

{"contextResponses": [{"contextElement": {"attributes": [{"name": "temperature","type": "float","value": "25"



}},{"contextElement": {"attributes": [{"name": "temperature","type": "float","value": “33"



}}

]}

Context Broker operations: push data

Context Consumers can subscribe to receive context information that satisfy certain conditions using the subscribeContext. Such subscriptions may have a duration.

The Context Broker notifies updates on context information to subscribed Context Consumers by invoking the notifyContext operation they export

subscription_id = subscribeContext (consumer, expr, duration)

Context Consumer

notifyContext (subscription_id, data/context)

Context Broker

Application

Context subscriptions example: ONTIMEINTERVAL

POST <cb_host>:1026/v1/subscribeContext…{"entities": [{"type": "Room","isPattern": "false","id": "Room1"

}],"attributes": ["temperature"

],"reference": "http://<host>:<port>/publish","duration": "P1M","notifyConditions": [{"type": "ONTIMEINTERVAL","condValues": [“PT10S"

]}

]}

200 OK... {"subscribeResponse": {"duration": "P1M","subscriptionId": "54dcb87fa85d63b107245ff1"

}}

25

19

Context subscriptions example: ONCHANGE

POST <cb_host>:1026/v1/subscribeContext…{"entities": [{"type": "Room","isPattern": "false","id": "Room1"

}],"attributes": ["temperature"

],"reference": "http://<host>:<port>/publish","duration": "P1M","notifyConditions": [{"type": "ONCHANGE","condValues": ["temperature"

]}

],"throttling": "PT5S"

}

200 OK... {"subscribeResponse": {"duration": "P1M","subscriptionId": "51c0ac9ed714fb3b37d7d5a8","throttling": "PT5S"

}}

25

19

NotificationPOST http://<host>:<port>/publish…{"subscriptionId" : "51c0ac9ed714fb3b37d7d5a8","originator" : "localhost","contextResponses" : [{"contextElement" : {"attributes" : [{"name" : "temperature","type" : "float","value" : "19"}],"type" : "Room","isPattern" : "false","id" : "Room1"},"statusCode" : {"code" : "200","reasonPhrase" : "OK"}}]}

Convenience Operations

They are equivalent to previous standard operations in functionality

Avoid the need for POST-ing payloads in many cases or simplifying them considerably

Simple to write, more REST-like

They are not a substitute but a complement to standard NGSI operations

Four examples (there are many others):

Entities

Attributes

Subscriptions

Types


Entities

GET /v1/contextEntities/{entityID} Query Context Retrieves an entity

POST /v1/contextEntities/{entityID} Entity Creation Creates an entity

PUT /v1/contextEntities/{entityID} Update Context Updates an entity

DELETE /v1/contextEntities/{entityID} Delete Context Deletes an entity

GET all entities

GET /v1/contextEntities


Attributes

GET /v1/contextEntities/{entityID}/attributes/{attrID} Retrieves an attribute’s value

POST /v1/contextEntities/{entityID}/attributes/{attrID} Creates a new attribute for an entity

PUT /v1/contextEntities/{entityID}/attributes/{attrID} Updates an attribute’s value

DELETE /v1/contextEntities/{entityID}/attributes/{attrID} Deletes an attribute


Subscriptions

POST /v1/contextSubscriptions Creates a subscription

PUT / v1/contextSubscriptions/{subID} Updates a subscription

DELETE / v1/contextSubscriptions/{subID} Deletes a subscription


Entity types

GET /v1/contextTypes

Retrieve a list of all entity types currently in Orion, including their corresponding attributes

GET / v1/contextTypes/{typeID}

Retrieve attributes associated to an entity type

PRO TIP

GET /v1/contextTypes?collapse=trueRetrieves a list of all entity types without attribute info

Advanced features

Pagination

Compound attribute values

Metadata

Geo-location

Registrations & context providers

Entity service paths

Pagination

Pagination helps clients organize query and discovery requests with a large number of responses

Three URI parameters:

limit

- Number of elements per page (default: 20, max: 1000)

offset

- Number of elements to skip (default: 0)

details

- Returns total elements (default: "off")

Pagination

Example, querying the first 100 entries:

POST <orion_host>:1026/v1/queryContext?limit=100&details=on

The first 100 elements are returned, along with the following errorCode in the response: "errorCode": {

"code": "200", "details": "Count: 322", "reasonPhrase": "OK"

}

Now there are 322 entities, we can keep querying the broker for them:POST <orion_host>:1026/v1/queryContext?offset=100&limit=100POST <orion_host>:1026/v1/queryContext?offset=200&limit=100POST <orion_host>:1026/v1/queryContext?offset=300&limit=100

Compound attribute values

An attribute can have a structured value. Vectors and key-value maps are supported

It maps directly to JSON's objects and arrays

Example:

we have a car whose four wheels' pressure

we want to represent as a compound attribute for a car entity

we would create the car entity like this:

{"contextElements": [{"type": "Car","isPattern": "false","id": "Car1","attributes": [{"name": "tirePressure","type": "kPa","value": {"frontRight": "120","frontLeft": "110","backRight": "115","backLeft": "130"

}}]

}],"updateAction": "APPEND"

}

Metadata

Users may attach metadata to attributes

Reserved metadatas: ID, Location, creDate and modDate

Examples:…"attributes": [{"name": "temperature","type": "float","value": "26.5","metadatas": [{"name": "accuracy","type": "float","value": "0.9"}]}]

…

…"attributes": [{"name": "temperature","type": "float","value": "26.5","metadatas": [{"name": "average","type": "float","value": "22.4"}]}]

…

Context Element attributes

• Name• Type• Value

Context Element

• EntityId• EntityType

n

“has”

1

Metadata

• Name• Type• Valuen

“has”

1

Geo-location

Entities can have an attribute that specifies its location

- Using a "location" metadata

Example:

create an entity called Madrid (of type "City")

with attribute "position" defined as location

POST <cb_host>:1026/v1/updateContext{"contextElements": [{"type": "City","isPattern": "false","id": "Madrid","attributes": [{"name": "position","type": "coords","value": "40.418889, ‐3.691944","metadatas": [{"name": "location","type": "string","value": "WGS84"}

]}]}],"updateAction": "APPEND"}

Coordinates for Madrid are:

• latitude 40.418889

• longitude 3.691944

Geo-located queries

Entities location can be used in queryContex using:

- FIWARE::Location as scopeType

- and an area specification as scopeValue

The area specification are:

- area internal to a circle, given its centre and radius

- area external to a circle, given its centre and radius

- area internal to a polygon, given its vertices

- area external to a polygon, given its vertices

{"entities": [{"type": "Point","isPattern": "true","id": ".*"}],"restriction": {"scopes": [{"type" : "FIWARE::Location","value" : {"polygon": {"vertices": [{"latitude": "0","longitude": "0"},{"latitude": "0","longitude": "6"},{"latitude": "6","longitude": "6"},{"latitude": "6","longitude": "0"}]}}}]}}

Geo-location - circle

Distances between:

- Madrid / Alcobendas 13.65 km

- Madrid / Leganes 12.38 km

Consider a radius of 13.5 km

POST <cb_host>:1026/v1/queryContext…{"entities": [{"type": "City","isPattern": "true","id": ".*"}],"restriction": {"scopes": [{"type" : "FIWARE::Location","value" : {"circle": {"centerLatitude": "40.418889","centerLongitude": "‐3.691944","radius": "13500"}}}]}}

The query is Madrid and Leganes

Geo-location - inverse circle

Distances between:

- Madrid / Alcobendas 13.65 km

- Madrid / Leganes 12.38 km

Consider a radius of 13.5 km

POST <cb_host>:1026/v1/queryContext{"entities": [{"type": "City","isPattern": "true","id": ".*"}],"restriction": {"scopes": [{"type" : "FIWARE::Location","value" : {"circle": {"centerLatitude": "40.418889","centerLongitude": "‐3.691944","radius": "13500","inverted": "true"}}}]}}

The query is Alcobendas

Registration & Context Providers

Context Broker doesn't cache the result of the query internallyApplication

Context Broker Context Provider

1. registerContext(provider= )

2. queryContext(id) 3. queryContext(id)

4. data5. data

Context Consumer

db


POST <cb_host>:1026/v1/registry/registerContext…{"contextRegistrations": [{"entities": [{"type": "Car","isPattern": "false","id": "Car1"

},"attributes": [{"name": "speed","type": "float","isDomain": "false"

}],"providingApplication": "http://contextprovider.com/Cars"

}],"duration": "P1M"

}

200 OK... {"duration" : "P1M","registrationId" : "52a744b011f5816465943d58"}

The application registers the Context Provider for the Car1 speed using providingApplication attributeApplication

registerContext

http://contextprovider.com/Cars

{"contextResponses": [{"contextElement": {"attributes": [{"name": "speed","type": "float","value": "100"


},"statusCode": {"code": "200","details": "Redirected to context provider http://contextprovider.com/Cars","reasonPhrase": "OK"

}}

]}


It includes details in the response

POST <cb_host>:1026/v1/queryContext... {"entities": [{"type": "Car","isPattern": "false","id": "Car1"

}]

}

queryContext(id)

data

Multitenancy

Context Broker implements a simple multitenant/multiservice model based and logical database separation

Make easer service/tenant based authorization policies provided by other FI-WARE components or third party software

Orion uses the "Fiware-Service" HTTP header in the request to identify the service/tenant

Example:Fiware-Service: Tenant1

Context BrokerContext Broker

Tenant1

Tenant2

…

entities1/attributes1/subscripitions1

entities2/attributes2/subscripitions2

Entity Service Paths

Orion Context Broker supports hierarchical scopes

Entities can be assigned to a scope at creation time with updateContext

queryContext can be also scoped to locate entities in the corresponding scopes

For example, consider the following scopes in the figure:

- Madrid, as first level scope

- Gardens and Districts, as second-level scope (children of Madrid)

- ParqueNorte, ParqueOeste and ParqueSur (children of Gardens)

and Fuencarral and Latina (children of Districts)

- Parterre1 and Parterre2 (children of ParqueNorte)


In order to use a service path we put in a new HTTP header called “Fiware-ServicePath". For example:Fiware-ServicePath: Madrid/Gardens/ParqueNorte/Parterre1

ParqueNorte

Parterre2Parterre1


Properties:1. A query on a service path will look only into the specified node2. Use ParentNode/# to include all child nodes3. Queries without Fiware-ServicePath resolve to /#4. Entities will fall in the "/" node by default5. You can OR a query using a comma (,) operator in the header

For example, to query all street lights that are either in ParqueSur or in ParqueOeste you would use:

ServicePath: Madrid/Gardens/ParqueSur, Madrid/Gardens/ParqueOesteYou can OR up to 10 different scopes

- Maximum scope levels: 10Scope1/Scope2/.../Scope10

1. You can have the same element IDs in different scopes (be careful with this!)2. You can't change scope once the element is created3. One entity can belong to only one scope

A B

A or B

ParqueNorte

Parterre1light1

light1

Thanks!Thanks!


FIWARE Technology

The ICT world is changing

The nature of ICT applications is changing …

development of new and emerging ICT technologies

next-generation networks (NGNs)

convergence in devices

rise of social networks

… and changing needs of consumers

ICTs is now fully integrated into modern lives

Towards the Future Internet

Many people (users, developers, SME, WE) need:

a platform (cloud-based) to deploy for their applications

to connect to IoT

to able to analyze big data into large-scale

to handle data context

to monetize applications and services

can help them

What is FIWARE?

In 2011 the EC and major European ICT companies launched an ambitious FI-PPP programme in order to define a platform that would be an open option for the development of applications in the Future Internet

The result was a new platform, called FIWARE

FIWARE is:

a new infrastructure to create services and applications on the Internet

serve the needs of developers in multiple domains

Target of FIWARE

to help the development and implementation of new services

providing a set of APIs for rapid application development in many areas

facilitating reuse and introducing standards

eHealth

Tourism

Transport, Mobility and

Logistics

e-government

Smart Energy Grid …

FIWARE Platform

Advanced OpenStack-based Cloud + rich library of services named Generic Enablers (GEs)

GEs cover common functionalities in many application fields like:

security

storage

cloud

data context

IoT

What are the Generic Enablers?

FIWARE GEs are a set of general-purpose functions available through well-defined standard APIs

GEs are useful to make easier to:

connect to the Internet of Things, perform Big Data analysis,

handle Data/Media in real time at large scale,

create augmented reality applications and 3D user interfaces,

and manage the security aspects.

GEs are published in the FIWARE Catalogue and divided into 7 Technical Chapters

GEs Technical ChaptersA

dvan

ced

Web

-bas

ed U

I

Inte

rnet

of T

hing

s

Dat

a/M

edia

Con

text

M

anag

emen

t

Arc

hite

ctur

e of

App

/ Se

rvic

es E

cosy

stem

and

D

eliv

ery

Fram

ewor

k

Secu

rity

Clo

ud H

ostin

g

Inte

rfac

e to

Net

wor

k an

d D

evic

es

FIWARE GEs for Advanced Web-based UI

Rich web-based User Experience:

3D graphics for the web (HTML 5) without any experiences

Real-time collaborative 3D applications

Design of 3D environments

Virtual Characters on the web

Infrastructure for interaction with real world objects

GIS 3D presentations

FIWARE GEs for Internet of Things

Connect apps to the physical world:

Interface & Discovery of Sensors/Devices

Configuration Manager

Gateway Data Handling

FIWARE GEs for Data/Context Management

Manage data at large scale and transform it into knowledge:

Big Data Analysis

Management of communication among different entities

Massive message events handling and processing

Media Streaming and Processing

Reach target users, to monetize apps and services:

Combine existing widgets for web application front-ends

Business management of applications and services:

Marketplace

Repository

Revenue Sharing System (RSS)

Store

FIWARE GEs for Apps/Services Ecosystem and Delivery Framework

FIWARE GEs for Security

Ensuring Privacy, Security and Trust:

Identity Management

Access Control

Security Monitoring and Analysis

FIWARE GEs for Cloud Hosting

Take the most of infrastructures while keeping costs lower and under control:

IaaS/PaaS Management

Monitoring

Policy Management Portal and tools for cloud services

FIWARE GEs for Interface to Network and Devices

Access from everywhere by using network interfaces, adapt to devices:

Controller for software defined networking

How to make available FIWARE technologies

You need a “meeting point” where users (developers, SME, WE) can:

test and showcase the applications with real data and users

catch attention of potential customers and investors

meet each other to create innovationThe place where you can developyour applications

FIWARE Lab is:

accessible from a dedicate website

a free cloud hosting to create, build and test apps

FIWARE Lab (https://cloud.lab.fi-ware.org)

FIWARE Lab is a portal accessible via web browser

IaaS: you can install your VMs with GEs

PaaS: through a precompiled templateyou can instantiate your infrastructure

with software components(FIWARE GEs, Tomcat, MySQL, etc...)

FIWARE Lab Node (Regions)

The FIWARE Lab cloud platform is based on a federation of interconnected nodes across EuropeNew nodes are in Zurigo, Poznan, Crete, Gent, Stockholm …

Where to find GEs

GEs are described in the Catalogue (http://catalogue.fi-ware.org/)

FIWARE Catalogue

You can provide a feedback

FIWARE Catalogue

Download sources

Where to find tutorials and guides

In Mediawiki of FIWARE forge (http://wiki.fiware.org)

FIWARE Academy (http://edu.fi-ware.org)

FIWARE Academy is an e-Learning Platform where you can find:

webinars

courses

videos

The navigation is divided in Chapters

Conclusion

FIWARE allows you to easily build and manage in newer apps and services by making complex process simple, cost-effective, high-quality and secure.

Middleware

Infrastructure

3rd parties build and manageApps & Services

Thanks!Thanks!


FIWARE Internet of Things

Connection to the Internet of Things

“Things” mean sensors/actuators

it collects all observations and translates them in data

IoT manages the context information from:

external systems

end users interacting with your application using some web portal

IDAS is an implementation of FIWARE IoT Backend Device Management GE

to connect to Context Broker GE

it translates observations into NGSI events

FIWARE IoT Backend Device Management

FIWARE Context Broker

IoT Agent-1

IoTAgent-2

IoT Agent-n

IoT AgentManager

create/monitor

FIWARE Backend IoTDevice Management

OMA NGSI API (northbound interface)

(southbound interfaces)

MQTTETSI M2M IETF CoAPEach IoT Agent handles interaction with a given set of devices

Connect any thing

Three way to connect to Context Broker

ContextBroker

Your IoTIoT

Backend

Gateway GEs Backend GEs

NGSI9/10

B) IoT Backend (IDAS/SBC)

SML, UL2.0, MQTT, ETSIM2M, CoAP/OMA‐LW

NGSI

ProprietaryZigbeeZwave

CoAP/MTRunnerETSIM2M

CoAP/LWM2M

OAuth2.0

How to read measures captured from IoT devices

IDAS translates information into NGSI and sends to a Context Broker.

Example - connection of device using UltraLight 2.0 protocol:

Step 1 - know the details of the IDAS (IoT Agent)

Step 2 - create a model for your IoT device

Step 3 - create (register) an asset/device for your IoT device

Step 4 - send observations related to your IoT device

Step 5 - reading measurements sent by your IoT device

Connection to the Internet of Things – Step 1

know the details of the IDAS (IoT Agent) you will be sending the measurements to

IP Address (<idas_host>): in this case 130.206.80.47

REST Admin Port (<idas_admin_port>): the port used to access the administrative API of IDAS, 5073

REST Devices Port (<idas_ul20_port>): the port used by your IoT devices to send observations or request commands, in this case 8002

Service (<service>): IDAS is able to manage different tenants, for instance for different cities or smartspaces. You can always use our “OpenIoT” service for testing, as we actually do in this example

APIKEY (<apikey>): This is a shared secret your IoT devices need to know prior to communicate to IDAS regarding a specific Service. Each service/tenant has its own APIKEY, in the case of the testing service “OpenIoT” it is the string “4jggokgpepnvsb2uv4s40d59ov”


Create a Model for your IoT device

In the OpenIoT model there are:

SENSOR_TEMP: for a generic Temperature sensor

SENSOR_HUM: for a generic Humidity sensor

SENSOR_LUM: for a generic Illuminance sensor

SENSOR_MOV: for a generic Presence sensor

SENSOR_ZWAVE_4IN1: for the specific Everspring Zwave 4IN1 (Temperature, Humidity, Light, Presence) sensor


Create an own Model is pretty simple (use REST ADMIN API)

Payload JSON Format:

Check IDAS doc in the Catalogue

TOKEN = FIWARE Oauth Token

Measurements have an “alias”

e.g: Temperature = t

POST <idas_host>:<idas_admin_port>/m2m/v2/services/<service>/models/(Example: POST: http://130.206.80.47:5073/m2m/v2/services/OpenIoT/models/)

Headers: {'content‐type': 'application/json’; 'X‐Auth‐Token' : <Oauth2.0 TOKEN>}

{ "name": "SENSOR_TEMP", "capabilities" : [ { "name" : "Temperature", "property" : "temperature", "format" : { "name" : "Temperature", "alias" : "t" , "phenomenon": "urn:x‐ogc:def:phenomenon:IDAS:1.0:temperature", "type" : "Quantity", "uom": "celsius”

} } ], "protocol": "ul‐2_0” }


Create (register) an asset/device for your IoT device (use REST ADMIN API)


Check IDAS doc in the Catalogue


Must reuse an existing model

DEV_ID = 1st “name”

ASSET_ID = 2nd (asset) “name”

POST <idas_host>:<idas_admin_port>/m2m/v2/services/<service>/assets/ (Example: POST: http://130.206.80.47:5371/m2m/v2/services/OpenIoT/assets/)

Headers: {'content‐type': 'application/json’; 'X‐Auth‐Token' : <Oauth2.0 TOKEN>}

{ "name": "RPI:79:ed:af:zwave:temp:1", "model": "SENSOR_TEMP", "asset": { "name": "TEMP‐LivingRoom", "description": "asset model protocol”

} }


Send observations from IoT device (use UL2.0 DEVICE API)



DEV_ID = asset name (step 3)

POST: http://130.206.80.47:8002/d?k=[APIKEY]&i=[DEV_ID]http://130.206.80.47:8002/d?k=4jggokgpepnvsb2uv4s40d59ov&i=RPI:79:ed:af:zwave:temp:1

Headers: {'content‐type': 'application/text’; 'X‐Auth‐Token' : [TOKEN]}

Payload: ‘ t|25‘

Sending multiple measurements with one request (4IN1):POST:http://130.206.80.47:8002/d?k=4jggokgpepnvsb2uv4s40d59ov&i=RPI:79:ed:af:4IN1‐Room Headers: {'content‐type': 'application/text’; 'X‐Auth‐Token' : [TOKEN]}Payload: ‘t|23#h|80#l|95#m|Quiet‘


Read measurements sent by your IoT device

Use NGSI API to read NSGI entity

Entity ID = <asset_name> (TEMP-LivingRoom)

Entity Type = Sensor

Attributes = phenomena (Temperature, Humidity, Light, Presence)

GET <idas_host>:<idas_admin_port>/m2m/v2/services/<service>/assets/ (Example: GET: http://130.206.80.47:5371/m2m/v2/services/OpenIoT/assets/[ASSET_ID])

How to act upon IoT devices

Send commands to device:

register command URL (PUSH)

command = true to know what attribute is related

get commands from device (POOLING)

HTTP POST body can be empty or containing a measure

send commands via IDAS ADMIN API

Command XML can be escaped when used in REST API

PUT: <sbc_host>/m2m/v2/services/WorkshopSBC/assets/AssetSemaphoreDemo

Headers: {'content‐type': 'application/json’}

{ "DeviceProps": { "commandURL": "http://movistarfoto.tid.es:80/CommandSimulator/ping", "command": "true","manufacturer": "Test Manufacturer","model": "A123","serialNumber": "123456","version": "1.0",

} }

GET or POST: <idas_host:8002/d?k=5qmnuj9du3qOr3slifhvqgkuif&i=SemaphoreDemo&ip=http://movistarfoto.tid.es:80/CommandSimulator/ping

tm|32.3

POST: <sbc_host>/m2m/v2/services/WorkshopSBC/assets/AssetSemaphoreDemo/command

{ “commandXML": “<paid:command name=\“ping\“ />“}

Thanks!Thanks!


FIWARE Complex Event Processing

How to process the context events in real-time

To perform some processing on available context information you need a Complex Event Processing

The CEP allows you to detect patterns above contexts (triggering some action or raising some alarm)

The CEP receives contexts information as input events and generates observations (or situations) as output events

Applications role

Applications connected to the CEP GE (external applications or some other GE like Context Broker GE) can play two different role:

the role of Event Producer

the role of Event Consumer

Note: A given application can play both roles

Event Producer

Event Producer sources can be:

an external applications reporting events

a sensor reporting a measurement

Event Producers can be provide events in two modes:

Push mode - the Event Producers push events into the CEP by means of invoking a REST API

Pull mode - the Event Producer exports a REST API that the CEP can invoke to retrieve events

Event Consumer

Event Consumers are the destination point of events. For example:

Dashboard: a type of event consumer that displays alarms defined when certain conditions hold on events related to some entities user community or produced by a number of devices

Handling process: a type of event consumer that consumes meaningful events (such as opportunities or threats) and performs a concrete action

The Context Broker GE which can connect as an event consumer to the CEP and forward the events it consumes to all interested applications based on a subscription model

Pattern

The CEP allows you to define patterns over selected events occurring in event processing contexts (such as a time window or segmentation) with optional additional conditions

Those patterns can be defined using Web based authoring tool (without to write any code)

Event Processing Agent (EPA) - Pattern

Patterns supported are:

Basic type, meaning a basic event

a lamp battery charge is below 15 percent

Aggregate type, compute some aggregation functions on a set of incoming events

the percentage of failed measurements is higher than 10 percent in the last 5 minutes

Absent type, meaning no event holding some condition arrived within the time window for the pattern to match

no sensor events arrived in the last 10 minutes

Sequence type, meaning events need to occur in a specified order for the pattern to be detected

detect if the sensor status was “fixed” and later was “failed” within 24 hours

All type, meaning that all the events specified should arrive for the pattern to match

alert if the total reservations number arriving from 4 branches is higher than some threshold

From Event-Condition-Action to Pattern-Condition-Action

In certain scenarios, single events are insignificant, a CEP engine can detect combinations of events, and generate derived events situations, which are meaningful

Use CEP when there is a need to detect patterns over incoming events

Other tools can be used when there is a need to respond to single events with some condition (e.g., Context Broker GE)

Event Processing Context definition

Every EPA (event processing agent - pattern) is associated with an event processing context

Event processing context can be a:

temporal processing context (time window)

segmentation processing context

composite context (group of several contexts) +

Event processing context groups event instances can be processed in a related way

Working with the CEP

The FI-WARE CEP instance: IBM Proactive Technology Online - PROTON

Proton (CEP GE Instance) – Build Time Web User Interface

Definition type (or build block) of CEP:

Event types - events that are expected to be received as input or to be sent as output

EPAs - responsible to detect patterns: Basic, Aggregate, Absent, Sequence, All

Processing Contexts - Temporal, Segmentation, Composite

Consumers - the event consumers: File, REST, JMS, Custom

Producers - the event source: File, REST, JMS, Custom

Build Time Web User Interface

The Authoring tool allows you to define a CEP application, validate it, and export the application definition

Create definitions

Definitions can be generated by the user through a WEB User Interface

Definitions can be generated by external systems

In JSON format

Runtime Main interactions

Runtime Main interactions - Input & Output Adapters

Proton (CEP GE Instance) – Rest Input Adapter

Rest Input Adapter Client

Has a Producer definition in the Web UI

Activates a REST service as a client

Access the REST API declared by the event producer and pull events using the GET method

Support format:

Tag delimited

JSON

Name=ShipPosition;ShipID=RTX33;Long=46;Lat=55;Speed=4.0;Time=1333033200;

{"Name":"TrafficReport", "volume":"1000“}

Proton (CEP GE Instance) – Rest Output Adapter

Rest Output Adapter Client

Has a Consumer definition in the Web UI

Activates a REST service as a client

Access the REST API declared by the event consumer and push events to the consumer using the POST method

Support format:

Tag delimited

JSON

Name=TrafficReport;Certainty=0.0;Cost=0.0;EventSource=;OccurrenceTime=null;Annotation=;Duration=0.0;volume=1000; EventId=40f68052‐3c7c‐4245‐ae5a‐6e20def2e618;ExpirationTime=null;Chronon=null;DetectionTime=1349181899221;

{"Cost":"0.0","Certainty":"0.0","Name":"TrafficReport","EventSource":"","Duration":"0.0","Annotation":"", "volume":"1000","EventId":"e206b5e8‐9f3a‐4711‐9f46‐d0e9431fe215","DetectionTime":"1350311378034"}

How to administrate the CEP – REST ADMIN APIsManaging the Definitions Repository

GET all the existing definitions in the repository

GET specific definition in JSON format

POST a new definition

PUT update for a definition

DELETE definition

Administrating runtime Instances

GET instance status

PUT instance status

Reading the State of the CEP engine:

The instance’s definition URI

The instance’s state (stopped or started)

How to send input events to the CEP

Example to send event in the JSON format (in push mode)

POST <cep_host>:<port>/{instance_name}/rest/events (Example: POST: http://130.206.81.23:8080/ProtonOnWebServer/rest/events)

Headers: {'Content‐Type’: 'application/json’; 'X‐Auth‐Token' : <Oauth2.0 TOKEN>}

{ "Name":"TrafficReport", "volume":"1000"

}

Thanks!Thanks!


FIWARE Identity Management

Identity Management

An example

Account

Identity Management

In FIWARE

GE

GE

GE

GE

GE

GE

OAuth 2.0 for Identity Management

Examples …

OAuth 2.0 for Identity Management

… and FIWARE too! With Identity Management

Login with

OAuth 2.0

Messages flow

Web App IdM

1) redirect

3) request access‐token

4) access‐token

2) access‐codeO

Aut

h Li

brar

y

Request user info using access‐token

IP: a.b.c.dIP: e.f.g.h

OAuth 2.0

Client libraries for your application

http://oauth.net/2/

PHP, Cocoa, iOS, Java, Ruby, JavaScript, Python

Example using Node.js

https://github.com/ging/oauth2-example-client

Preliminary steps with IdM at FIWARE Account Portal

Add an application


Set/create roles and permissions for application

Add new permissions if needed


Result: OAuth credentials for the application


OAuth 2.0 messages flow

1) RedirectFirst, we have to redirect user to the IdM web site in order to login and authorize the access to the new application (identified

by its client_id).

https://a.b.c.d/oauth2/authorize?response_type=code&client_id=2322


1) RedirectAuthorize


2) Access code

After introducing user/password to login and clicking the “Accept” button (needed only once), the browser redirect us back to the web page of our application:

http://e.f.g.h/login?code=ZNYy2HpyO1oMzalQ9-N2T1AIc0tnhTCuCziEG91PiPZPZYkJotzIBfZZlImfw4U7QpAwsgEGw4iakEL0n2FHlg

IdM uses the callback URL specified in the registration of the application.

We get the “code” value, which will be used in order to authenticate user.


3) Request access token

In order to request an access-token, without the knowledge of the credentials of the user:

curl -v --insecure -X POST https://a.b.c.d/oauth2/token -H "Content-Type: application/x-www-form-urlencoded" -H "Authorization: Basic MjowYjE5MmUwZDlmMDFkOTgyNjdmMjM2NTM4YzZhNDlmODMxMGNhNmJlNTA2ODg4OTc2MDJhODk1ODVhYmQ2YTYyODRiMGU0MDY4MTBkMjc2YTYzNmE2Yzg1NTg2MjJhZGFjZjIyYmM3ZDg5MjNiNWVkYWQ2ZmU0ODhlNmZhOGRjZg==" -d "grant_type=authorization_code&code=ZNYy2HpyO1oMzalQ9-N2T1AIc0tnhTCuCziEG91PiPZPZYkJotzIBfZZlImfw4U7QpAwsgEGw4iakEL0n2FHlg&redirect_uri=http://e.f.g.h/login"

Authorization is calculated as Base64(Client_ID:Client_Secret)


4) Access token

The previous request will return the following information:

HTTP/1.1 200 OKContent-Type: application/json

{"access_token": "3-EoxEo3tUas9tQJvxnDsAqkUEi38Ftmy5Ou_vPWNAtA9qyusJdP1LCB835b4WOB80_XLUziWOFdCs7qSHELlA","expires_in": 2591999,"refresh_token": "vEUA4j5oie7DCAzYy9PpXxgV4UsGJZx1B0ooEB-ewumULG_D2DdRs5dAtau-GXWeziWsvAQLEv9OIfG2DXP9lg","token_type": "bearer"

}

Securing your backend

Level 1: Authentication

Check if a user has a FIWARE account

Level 2: Basic Authorization

Check if a user has permissions to access a resource

HTTP verb + resource path

Level 3: Advanced Authorization

Custom XACML policies


BackendApps

IdM

5) Req

uest +

access‐token

OAuth2 flows

6) access‐token

7) OK + user info (roles)

Web App

OA

uth

Libr

ary

4) access‐token


BackendApps

IdM5) Req

uest +

access‐token

Web App

OA

uth

Libr

ary

Proxy

6) access‐token

7) OK + user info (roles)

OAuth2 flows

4) access‐token


Request + access token (step 5)

The request from web application to the backend and GEs would look like:

GET https://{backend-apps-url} HTTP/1.1Host: {backend-apps-hostname}

X-Auth-Token: {access-token}

Request should include the X-Auth-Token header with the exact access token received at previous step 4:

3-EoxEo3tUas9tQJvxnDsAqkUEi38Ftmy5Ou_vPWNAtA9qyusJdP1LCB835b4WOB80_XLUziWOFdCs7qSHELlA


Validate X-Auth-Token (step 6)

As a prerequisite, if we do not have it, a new admin token must be issued (expires in 24h) in order to request the validation of the auth token.

curl -vv -s -d '{"auth": {"passwordCredentials": {"username":"pepProxy", "password": "pepProxy"}}}' -H "Content-type: application/json" http://a.b.c.d:4730/v2.0/tokens

KEEP IN MIND this uses fixed password credentials for FIWARE Proxy to generate the admin token, but in a future a registry of users and passwords will be maintained.



Previous call will return the following message:

{"access": {

"token": {"expires": "2015-07-09T15:16:07Z","id": "5b2177e7e1e6592cb7ea168ce9c0e87f"

},"user": {

"id": "pepProxy","name": "pepProxy","roles_links": [],"username": "pepProxy"

}}

}



Assuming that you have a valid admin token (24 hours valid only), we can validate the access token included in the request (step 5):

curl --insecure -H "X-Auth-Token:5b2177e7e1e6592cb7ea168ce9c0e87f" http://a.b.c.d:4731/v2.0/access-tokens/3-EoxEo3tUas9tQJvxnDsAqkUEi38Ftmy5Ou_vPWNAtA9qyusJdP1LCB835b4WOB80_XLUziWOFdCs7qSHELlA

Please note X-Auth-Token header in this request is the admin token, while the access-token being validated is part of the resource path in URL.

This could return the following status codes if something is wrong:404 Access_token not valid 401 X-Auth-Token not valid (unauthorized)403 X-Auth-Token not valid (expired)


BackendApps

IdM

Requ

est +

access‐token

Web App

OA

uth

Libr

ary

Proxy

6) access‐token + verb + path

7) OK + user info

Oauth2 flows

access‐token

AC GE

Access token + verb + path (step 6)

In this case you should call the API with the following information:

curl --insecure -H "X-Auth-Token:5b2177e7e1e6592cb7ea168ce9c0e87f” –H “Content-Type:application/json” –H “x-auth-resource:path” –H “x-auth-action:verb” http://a.b.c.d:4731/v2.0/access-tokens/authREST/3-EoxEo3tUas9tQJvxnDsAqkUEi38Ftmy5Ou_vPWNAtA9qyusJdP1LCB835b4WOB80_XLUziWOFdCs7qSHELlA

Where:- path is the URL of the resource to be accessed, e.g.:

/resource1/item2- verb is the HTTP verb associated to the request (GET, PUT, POST, DELETE)- X-Auth-Token is the admin token (FIWARE Proxy token)

As before, request URL includes the access-token being validated


OK + user info (step 7)

200 Ok if all was OK, with the following user information:{

"actorId": 1,…"organizations": [

{"id": 1,"name": "prueba","roles": [

{"id": "8db87ccbca3b4d1ba4814c3bb0d63aab","name": "Member"

…"roles": [

{"id": 5,"name": "Provider"

}


401 HTTP Unauthorized

Where you can see: • the roles associated to the organization (in red) • and the roles associated to the application (in blue).

BackendApps

IdM

Requ

est +

access‐token

Web App

OA

uth

Libr

ary

Proxy extension

XACML policy

OK + user info

Oauth2 flows

access‐token

AC GE

Level 3: Advanced Authorization

1) Edit application properties

Policies creation in IdM

2) Create new role


3) Add a new permission


4) Change to advanced mode


5) Fill in the rule field


Sample XACML rule contentPermissions in XACML format may include 1 or more resources and 1 or several actions, e.g.:

<Rule RuleId="PR:Manage" Effect="Permit"><Description>Rule: Permission example</Description><Target>

<Resources><Resource>

<ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[PATH]</AttributeValue><ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"

DataType="http://www.w3.org/2001/XMLSchema#string" /></ResourceMatch>

</Resource></Resources>

…


Sample XACML rule content…

<Actions><Action><ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[VERB]</AttributeValue><ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"

DataType="http://www.w3.org/2001/XMLSchema#string" /></ActionMatch>

</Action></Actions>

</Target></Rule>


FIWARE IdM:

Source Code: https://github.com/ging/fi-ware-idm

Documentation: https://github.com/ging/fi-ware-idm/wiki

FIWARE Access Control:

http://catalogue.fi-ware.org/enablers/access-control-tha-implementation/documentation

FIWARE OAuth2 Demo:

https://github.com/ging/oauth2-example-client

FIWARE Proxy:

https://github.com/ging/fi-ware-pep-proxy

Documentation

Thanks!Thanks!


FIWARE Context/Data Management Platform

FIWARE Context/Data Management Platform

Context/Data Management Platform

Applications

OMA NGSI-9/10Processing/Analysis

Algorithms

Gathered data is injected for processing/analysis

Distributed Context Sources

Complex Event Processing (PROTON)

BigData Analysis(COSMOS)

Processed data is injected for processing/analysis

Data generated either by CEP or BigData is published

Gathered data injected for CEP-like processing

Direct bigdata injection

Programming of rules

Context Broker

NGSI

Context Sources

BigData Analysis

adapter

adapter

Open Data publication

Cygnus

NGSI Adapter

Browser

Context Broker

History

(Webserver)

Cosmos

PEP‐PROXY

APIs

ngsi2Cosmos

IDM

Example

CKAN

Big Data

measures / commands

IoT/Sensor Open Data

Context Broker

IoT Broker & Config Management(from sensors to things)

actuators

Accounting &

Paym

ent & B

illing

IDM

& A

uth

Short-termhistoric data

BigData Processing

Data Quering/Action, Publish/Subscr

Open Data publishing

Real-time processing

BIETL

RULESDEFINITION

TOOL

OPERATIONAL DASHBOARD KPI GOVERNANCE OPEN DATA PORTALS

GIS

City Services Serviceorchestrator

Context Adapters

CEP

Media StreamsProcessing

Media

media content

IoT Backend Device Management

Target Smart City platform

Specific Enablers

Generic Enablers

Thanks!Thanks!

fi-ppp technologies training materials

Documents