There's general agreement that when it comes to standards, IoT has some way to go. But the IoT standards effort took a significant step forward this week, with the merger of two prominent existing standards bodies. Here are the key details from the groups' announcement:
The Open Connectivity Foundation (OCF), sponsor of the IoTivity open source project, and AllSeen Alliance, which provides the AllJoyn open source IoT framework, today announced that the two organizations’ boards have approved a merger under the OCF name and bylaws.
The newly merged groups will collaborate on future OCF specifications, as well as the IoTivity and AllJoyn open source projects. The expanded OCF board of directors will consist of executives from a wide array of leading companies: AB Electrolux, Arçelik A.S., ARRIS International plc, CableLabs, Canon, Inc., Cisco Systems, Inc., GE Digital, Haier, Intel, LG Electronics, Inc., Microsoft, Qualcomm, Samsung Electronics, and Technicolor SA.
OCF will now sponsor both the IoTivity and AllJoyn open source projects at The Linux Foundation. Both projects will collaborate to support future versions of the OCF specification in a single IoTivity implementation that combines the best of both technologies into a unified solution. Current devices running on either AllJoyn or IoTivity solutions will be interoperable and backward-compatible.
As Computerworld reports, the IoT standards process has in the past been marked by contention rather than cooperation, making this week's announcement all the more notable:
The fiercest rivalry was between the AllSeen Alliance, backed by Qualcomm and Microsoft, and the Open Interoperability Consortium (OIC), founded by Intel, Samsung, and others. Each had its own way for devices to discover and learn about each other.
That said, there has already been some convergence around IoT standards. Last November, the Open Interconnect Consortium acquired assets from the UPnP Forum.
Other IoT standards efforts have actually disappeared due to lack of support, notes Constellation Research VP and principal analyst Andy Mulholland. What's different about the OCF and AllSeen Alliance's merger is the fact both are backed by major technology and home electronics companies, he says.
"Previously both have been rivals, and some would claim their activities have confused potential customers for home automation products," he adds. "However it has become clear as work has progressed that there is an increasing degree of compatibility, so it's good news to hear common sense as to the benefits of creating a single common standard has prevailed. Unfortunately, there is still a long way to go to achieve the true interoperability that IoT requires to create the vision of the global interactive digital economy. However, more partnerships between various technology companies and increasing cooperation between several open source projects show a degree of progress has been made."
In general, it's a good thing when standards bodies merge or vacate the field to make room for larger players, says Constellation Research VP and principal analyst Steve Wilson.
However, "as a side bar, I have to say that my security alarm bells instinctively ring at the complexity implied by so much standards work," Wilson adds. "Do we really need IoT devices to be talking in such a sophisticated way that standards are required across different industries? Is the benefit worth the security risk?"
Wilson sees two types of risk. "First, when devices are overly connected, there are more ways they can be exploited by attackers, or otherwise just fail from networking problems." (On this front, hackers recently released source code for an IoT botnet into the wild.)
"Is the connectivity fetish warranted? Is there a real case for wiring everything together?" Wilson says. "Security hard-heads would like see more regular household devices 'air-gapped: keep them off the grid."
The second risk is the implied complexity of unified standards for interoperability, Wilson notes. "Complexity is the enemy of security," he says. "Standardised interoperability means each device needs a bigger networking stack in its software, miore routine patching of the devices, and more failure modes. I hope that these standards bodies take the opportunity we have at this point in the evolution of IoT, to pause, reflect, and standardise some simplicity in the core of the devices, for the sake of security."
24/7 Access to Constellation Insights
Subscribe today for unrestricted access to expert analyst views on breaking news.
