FI-WARE websites

FI-PPP Business Opportunities for SMEs
thierry.nagellen@orange.com
pascal.bisson@thalesgroup.com
April, 16th 2014
AGENDA
Part 1: Future Internet Public Private Partnership introduction
Part 2: FI-WARE, FI-Lab & FI-Ops: what’s that?
Part 3: FI-WARE websites
Part 4: Open Specs and API: opportunities for SMEs
Part 5: Some Generic Enablers Implementations
Part 6: Sum up for SMEs
1
PART 1
Future Internet
Public Private Partnership
Introduction
2
Future Internet Public Private Partnership introduction (1)
European initiative to structure collaborative projects into a common
program
Industrial commitment to push research results to the market (preindustrialisation)
Together techno-push and market-pull:
• Propose new technologies (European leadership)
• Interactions with Use-Cases (fullfiment of market requirements)
• Involvement of new partners (especially from vertical sectors)
Large budget: 300 M€ with 100 M€ dedicated to SMEs
3
Future Internet Public Private Partnership introduction (2)
04/2013
04/2011
04/2014
04/2015
CONCORD: program coordination
INFINITY: infrastructures
XiFi infrastructure
Envirofi Environnemental Data
Outsmart Utilities & Urban Monitoring
Finseny Smart Grids
FIspace
SmartAgri+Logistics
Fi-Content 2
Finesce Smart Grid
Instant Mobility
Multimodal services in urban areas
FITMAN manufacturing
Safecity Safer Cities
FI-Star eHealth
I3H
FIC3
Finest Interurban Logistics
OPEN INNOVATION
FI-Content Enriched Content
16 Accelerators
SmartAgriFood
Fromethe farm to the fork
FI-Core: Tech Found.
FI-Ware: Core Platform
INNOVATE
TEST
4
ADOPT !
Future Internet Public Private Partnership introduction (3)
More info about the programme and the projects www.fi-ppp.eu
5
FI-PPP(4)
Call 3
Future Internet Public Private Partnership introduction
Infrastructures
Scenarios
UC
platforms
SME
WE
Generic
Enablers
WE
Phase 3 project
??
WE
WE
Regional
policies
Entrepreneurial
communities
Results phase 1 + 2,…
Phase 3 project
WE
SME
??
SME
SME
WE
WE
??
Phase 3 project
SME
SME
SME
WE WE
??
SME
WE
WE
WE ??
WE
WE
WE
WE WE
WE
??
SME WE
SME SME SME
SME ??
??
WE
Services and
applications
SME SME
SME
SME
SME
SME
…Involving hundreds of
…Brought into
…Developing services
SMEs and
up to 20 projects…
and applications.
WebEntrepreneurs…
Future Internet Public Private Partnership introduction (5)
Main messages
7
Video 1
Campus Party 2013 in London
8
PART 2
What’s that ?
9
FI-WARE, FI-Lab, FI-Ops: what’s that? (1)
They are 3 products
FI-WARE:
• Provide Generic Enablers
• Something you can use in different ways for your « own »platform
• Common part to break the silos
FI-Lab
• A sandbox to test and use Generic Enablers
• Cloud facilities distributed through Europe (5+12 data centers)
• What you get: free Virtual Machines (5) + 10Gb
FI-Ops: for paltform providers
• Tools to deploy and federate the data centers using FI-WARE framework
10
FI-WARE, FI-Lab, FI-Ops: what’s that? (2)
FI-WARE: architecture overview
11
FI-WARE Generic Enablers
Cloud Enablers
Apps Enablers
I2ND Enablers
Data /Context Enablers
IoT Enablers
Security Enablers
Video 2
FI-WARE Challenges
13
PART 3
FI-WARE Websites
14
FI-WARE websites (1)
Everything is on www.fi-ware.org
But we will have a quick tour of:
• catalogue.fi-ware.org a kind of executive summary per Generic Enabler
• edu.fi-ware.org the e-Learning platform to discover Generic Enablers
Features
• wiki.fi-ware.org the place to find much more details
And then, you will be able to create your account on FI-Lab to
play and test Generic Enablers
• lab.fi-ware.org
15
FI-WARE websites (2)
Everything is on www.fi-ware.org
16
FI-WARE websites (3)
catalogue.fi-ware.org
a kind of executive summary per Generic Enabler
17
FI-WARE websites (4)
catalogue.fi-ware.org
a kind of executive summary per Generic Enabler
Provide feedback
18
FI-WARE websites (5)
edu.fi-ware.org the e-Learning platform to discover Generic Enablers
Features
19
FI-WARE websites (6)
edu.fi-ware.org : you can find detailed courses per Generic Enabler
20
FI-WARE websites (7)
wiki.fi-ware.org the place to find much more details
Key points !
21
FI-WARE websites (7)
Open
Specs
API
From description
to
concrete softwares
22
Video 3
Smart City Expo 2013
23
PART 4
Open Specs and API:
Opportunities for SMEs
24
Open Specs and API: opportunities for SMEs
 Open Secs: FREE
• Documentation is available
• You can understand main features of
Generic Enabler: (can be re-use for multiple
verticals and associated service platforms)
• Your comments are more than welcome!
• Become part of the community and share with us, and with your ecosystem
 API: FREE
• For your developers to plug your onw software into Generic Enablers
• To develop your own instances of Generic Enablers and be compliant & interoperable
• Open or create your paltform/services to/for other verticals
• Again, your comments and contributions are more than welcome!
 Licence models (for concrete softwares)
• 70% are now in Open Source => you can contribute !
25
API example: OMA-NGSI (1)
 OMA NGSI 9 & 10: API for 11 Generic Enablers
 Data & Context Management:
• Context Broker
• Complex Event Processing
• Big Data
• Location Platform
 Internet of Things
• Backend Device Management
• Backend Configuration Manager
• Backend Template Handler
• Backend IoT Broker
• Gateway Data Handling
• Gateway Device Management
• Gateway Protocol Adapter
26
API example: OMA-NGSI (2)
 OMA NGSI 9 & 10 Data Model
27
API example: OMA-NGSI (3)
 OMA NGSI 9 & 10 Operations
28
API example: OMA-NGSI (4)
 OMA NGSI 10 RESTful interface: resource structure
29
API example: OMA-NGSI (5)
 OMA NGSI convenience interactions examples
30
Video 4
Campus Party Brazil 2014
31
PART 5
Some Generic Enablers
Implementations
32
Internet of Things (1)
From Architecture to Implementation
Several
implementations
33
Internet of Things (2)
Multiple implementation are linked to industrial partners technical choices
Backend Configuration Manager: Orion vs IoT Discovery
• Orion is a fully integrated version of Configuration Manager (IoT) and
Context Broker (Data & Context Management)
• IoT Discovery is a Configuration Manager with optional features as
geographical discovery (which are the things in this geographical area)
Gateway Protocol Adapter
• At least one instance per specific protocol
• Available: Zigbee, Coap & EPC Global (RFID)
Other examples in other technical chapters:
• Security: Identity Management
• Data & Context Management: Context Broker
34
Gateway Data Handling: Esper4FastData (1)
Provide
intelligence inside
gateways and
transform data
into information in
real-time
35
Gateway Data Handling: Esper4FastData (2)
Its own detailed
architecture
36
Video 5
Kurento demo in Campus Party Brazil 2014
37
Security Architecture
FI-WARE: Catalog
http://catalogue.fi-ware.eu/
Security Monitoring GE
Focus on following features:
 MulVAL Attack Paths Engine
 Scored Attack Paths
 Remediation
Security Monitoring GE – V3 - Architectural
design
Security Monitoring GE service offer
For FI-PPP Liaison we
offer the following main
functionalities:
•
•
•
identifying the
vulnerabilities and
potential attacks,
evaluating the
business impact,
proposing
countermeasures
and increase the
cyber resilience.
4 steps:
1.
extract semi-automatically all the
information needed
2.
generate attack graph by MulVAL
3.
calculate the scored attack paths
4.
compute some remediations with their cost
MulVAL Attack Paths

Functions available for the User:


Visualized attack tree
Global risk level: Score metrics
obtained from Common
Vulnerability Scoring System
(CVSS),
Inputs:
 Automatic collection
 Information about network topology
=> via Vulnerability scanners
(Nessus, OVAL) and CMDB
 Machines, Accounts, Network services,
Dependency graph, IP / Hostname of the
machines
Vulnerability identifier
Via Common Vulnerabilities and Exposures
(http://cve.mitre.org/)
Semi automatic
Security Policy (Business dependent)
SecMon GE
feature Attack Path Engine
Testbed:
http://secmonitoring.testbed.fiware.eu/AttackGraphEngine/attackgraph.jsp
44
Scored Attack Paths

Functions available for the User:

Extension of the score
assessment at the path level




Given a target node, each
path leading to that node is
given a score.
The score of each path
reflects the risk associated
to the path as a whole
Business impact scoring
(semi manual process)
It is left to organisation
taking into account the
business challenges
Impact scoring offers an
assessment of the extent to
which processes and
security policies are
impacted when a given IT
asset target has been
compromised
Rationale:
 Risk scores provided by MulVAL is not
sufficient
For each node in the attack graph, a risk
score is computed
Does not allow a generic assessment
of the attack graph as a whole
Does not take into account the impact
on processes and the business
Scored paths are mandatory for the
remediation process (prioritization)
SecMon GE
feature Scored Attack Path
Testbed:
http://secmonitoring.testbed.fiware.eu/ScoredAttackPaths
46
Remediation app

Functions available for the User:

Provide tool for proposing
cost-sensitive remediations



Propose remediations to
these attack paths with
their cost
Validate the chosen
remediation
Compute different
remediation options that
could interrupt the selected
attack path


A path may include several
vulnerabilities: each one of
them can be targeted
separately
Eliminating one single
condition may interrupt the
whole attack path
Prerequisites:
 Needs a remediation database (e.g. patches
related to vulnerabilities)
Use network topology (automatically collected)
to compute which firewall rules could be deployed
SecMon GE
feature Remediation App
Testbed:
http://secmonitoring.testbed.fi-ware.eu/Remediation
48
Access Control GE

Functions available for the User:




RBAC & ABAC policy enforcement
with XACML (OASIS standard)
REST API for PDP & PAP
Multi-tenancy
Attribute Sources



Flexible accounting
OAuth token validation & parsing
PEP






LDAP directory
SQL DB
REST/JSON API
Easy integration of plugins for
other sources (extensible API)
Ready-made PEP as HTTP
Reverse-Proxy or Servlet PEP
Java SDK for custom PEP
Thales Use Case:
FI-WARE Use Case – Cloud API Access Control
 GIS Access Control in a C4ISR system for French
government & NATO
49
Data Handling GE
FI-WARE Security Chapter
 Focuses on revealing specific attributes or other data
according to defined privacy and security conditions
 Deploys PPL language based on XACML to describe
preferences and policies
 Attaches these preferences and policies to the data
 Allows definition of a specific retention period
Privacy-Preserving Authentication GE
FI-WARE Security Chapter
 Provides building blocks to implement all roles of a privacypreserving authentication system
 Based on Idemix crypto engine
 In particular, it allows
 identity providers to setup an online service for issuing
privacy-preserving attribute-based credentials (aka
anonymous credentials)
 end users to generate privacy-preserving tokens to
anonymously authenticate to service providers
 service providers to verify the user-generated tokens with
respect to a given access policy
Identity Management – DigitalSelf
GEFI-WARE Security Chapter
 Encompasses a number of aspects involved with
users' access to networks, services and applications,
including
 Secure and private authentication
 ‘Authorisation & Trust’ management
 ‘User Profile’ management
 Self management of personal data
 ‘Single Sign-On’ (SSO) to service domains
 ‘Identity Federation’ towards applications
FI-WARE Security Chapter
Combined Demonstrator
WP8 Combined Demonstrator on



Identity Management GE (NSN)
Data Handling GE (SAP)
Privacy GE (IBM)
>> Taking privacy work from ABC4Trust
project
Making it work in the FI-WARE Platform <<
FI-WARE WP8 Combined Demonstrator
Description of Use-Case
Demonstrator illustrates:
Anonymous access to file store service
Policy based access to resources
Use of zero knowledge proof technology (Idemix)
By use of the Generic Enablers:
Data Handling GE:
An enhanced file store service allows access to resources based on
“sticky” policies
Privacy GE:
Provides building blocks for ‘User in the Cloud’, ‘Verifier as a Service’
and ‘Issuer Service’
Identity GE:
An enhanced IDM system provides attributes (PII) needed for issuing
credentials
Result:
While respecting privacy of the user, selective attribute sharing will be
supported
restricted to the ‘need to know’ principle.
EIT-ICT Labs – FI-PPP Liaison Activity
Goal 2013
•
create established links mutually beneficial between the
FI-PPP and the EIT ICT Labs initiatives.
›
›
›
1. Instantiation of FI-WARE Testbed in the Trento
Node to serve Living and Territorial Labs,
2. Bringing FI-WARE selected technologies to wide
adoption by building new services,
3. Experimenting the Testbed in real cases and
Business Model definition.
Results
•
•
•
Adoption of FI-WARE Testbed as a playground where to
inject new technologies (notably service marketplace at
large, cloud computing, security, interface to network
devices) and on top of which built new services,

While the indicated carriers only cover the
RTD part of the implementation of the
Testbed, with the support of EIT we
introduced the Testbed in specific and
well focused business or social
environments. This goal requires training
people and organisations (SMEs in
particular), customization of the Testbed
according to specific needs coming from
business domains and community of
users (notably living and territorial labs).
FI-WARE, Infinity
Digital
forensics for
(technical)
evidence
Instantiation of the Testbed and real use cases in specific
territorial or living labs,
Dedicated workshops with entrepreneurs, notably SMEs,
and researchers. The outcomes are intended to boost
the adoption of FI technologies within SMEs, Public
Administrations, and visionary individuals with the aim of
creating new innovative jobs and businesses.
EIT Funding Non EIT Funding 75%
400 KEur
First experience on SMEs engagement, FI-PPP Liaison 2014 follow-up project will go further.
PART 6
Sum up for SMEs
56
Sum up for SMEs
Be ready for September 2014 (annoucement of calls mid-September)
• Discover FI-WARE Generic Enablers
• Use FI-Lab to play with new technologies
Be engaged in 2015
• Bring your « commercial » ideas
• Be funded to do innovation
• Build your new products/services
Find additional funding with ACCELERATORs support
• Bootstrap your own new business
• Think Big to become Bigger (international business)
57
Thanks !
http://fi-ppp.eu
http://fi-ware.eu
http://lab.fi-ware.eu
Follow @Fiware on Twitter !
58