New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implicit registration of devices connected via gateways #2053
Comments
Remark: An interesting question is if and how an implicit registration can work in a setup where Eclipse Hono is used in combination with Eclipse Ditto (see Eclipse IoT Packages). In such a setup devices must not only be registered in the Eclipse Hono device registry but also as a Thing in Ditto. |
Regarding the combination with Eclipse Ditto (via Eclipse IoT Packages or somehow else), a proposal could be to emit some kind of "welcome" message to the north-bound application for each implicit registration. |
I understand the use case and I also see the benefit of being able to register such devices on the fly. Devices being registered in this way will never be able to connect directly to a protocol adapter, though, because we would not register any credentials for them. This is consistent with the fact that the gateway device authenticates to the adapter and then acts on behalf of the edge device(s). I can imagine several approaches:
It would also be possible to let the gateway use the gateway specific resource for uploading data on behalf of a new edge device and include a marker (header/query param etc) to indicate to the adapter that this data is for a new edge device which should be provisioned on the fly. However, it might be difficult to return the generated device identifier to the gateway in this case. In MQTT for example there is no response message which could be used to convey the information. Regarding the additional provisioning of the device in Ditto, we should be able to use the same mechanism that we already use for devices that are being auto-provisioned based on a client certificate. See #1296 for a discussion of options. As part of that discussion we explicitly decided against emitting an event in that case for the time being. In any case, I would consider it an (optional) feature of a device registry implementation. |
If the device will have different id (chosen by gateway, adapter or registry) then it will be nice if the device has option to provide its own/internal id (if exists) in order to be incorporated in the generated id. |
FMPOV, the first approach about (the one where uploading an event/telemetry message for an unknown device triggers creation of the device) seems to be the one we should be aiming for. This would avoid having to define a separate new resource for each adapter and would also be a very intuitive solution. I imagine, the right for a tenant to automatically create devices would have to be explicitly defined for such tenants, so that not every tenant is allowed to do that. Open questions:
|
FMPOV this should even require explicit authorization at the gateway level.
I guess the desired behavior depends on whether a physical device should always be represented by a single logical device ID in Hono. If the gateway generates an ID for the device then gateway A might generate a different ID than gateway B. Following @avgustinmm 's comment above, we would always end up with different device IDs for the same physical device, depending on which gateway the device is connected via. Maybe @avgustinmm and @mhemmeter can comment on whether this would be acceptable for the envisioned used cases and what those use cases are in the first place?
If we create device IDs scoped to the gateway IDs then I'd rather go for the limited life span approach instead of relying on the fact that a gateway would (eventually) unregister a device ... |
Usually, the device network provides enough information for the device identifier. For example, in Blueooth, it can be the device address. Of course, the different gateway vendors can use different identifiers. The main point here is that the gateway knows the device and can recognize it with a given identifier. It'll be useful to reuse this identifier(or similar one) in the Hone device registry. In this way, the device can be easily found.
From the user point of view, these devices are not so different. They just cannot speak Hono protocol but they are used as any other device. Such limited life will require a periodic "keep me" message and will complicate the provisioning. |
For the sake of simplicity I suggest to leave the roaming use case out of this issue for the time being. Instead, let's focus on how a gateway can register a device on the fly. Consequently, unregistering such a device should also be of no concern right now.
This mechanism should work regardless of the payload of the message published by the gateway. However, the gateway might also publish a specific event in order to indicate the device's capabilities as discussed in #1618. In that case Ditto could use the information from the payload to create a typed Thing that reflects the capabilities of the device already. This, however, is completely optional. @calohmn @mhemmeter @avgustinmm @e-grigorov @geglock @fkaltner WDYT? |
The approach makes sense to me. From a requirements perspective we can exclude the roaming use case and add it later on (if necessary at all). Supporting this new feature in MQTT Protocol Adapter has highest priority for me (compared to the other protocols supported by Eclipse Hono). |
I think this is doable. Can you assign this issue to me? |
I wonder if this hono_registration_status property should ever be transported via a QoS 0 telemetry message - if this message never reaches the downstream application, a corresponding thing will e.g. never be created in the downstream connected Ditto. So FMPOV for telemetry messages there should be a separate QoS 1 event generated (ideally published before the causing telemetry message is published) in order to ensure that it eventually reaches a downstream connected consumer. If the message from the device already was an event message, the information could be "piggy-backed" in the same QoS 1 event message via the mentioned property. |
Wouldn't Ditto favor the "specific event" case Kai outlined above:
? But in general you are right: for telemetry sent with QoS 0 there's a risk that the downstream application may miss that message. However, to my understanding, telemetry messages are forwarded by Hono having QoS 1 always (see: https://github.com/eclipse/hono/blob/cba0221c43ec2b93bfb436d438d8542f81f61022/client/src/main/java/org/eclipse/hono/client/impl/TelemetrySenderImpl.java#L109). |
Ah, the gateway would have to publish that event? Sure, that would also work.
I don't think so. The sender link uses QoS 1 for telemetry messages as well, yes. However, there is no re-sending of negatively settled messages by the downstream consumer. Re-Sending does not happen for telemetry messages in Hono, even not for QoS 1 telemetry, as far as I know. |
I am not sure about the details about re-delivery - @calohmn can you help out? |
Yes. I agree that in case of a telemetry message we should send a separate event message with the hono_registration_status property then (before forwarding the telemetry message), in order to make sure that the message with that property gets brokered and will also get delivered if the downstream consumer is temporarily unavailable for example. |
I am not sure why we would still need the Also this approach still has some edge cases: even if we send an event when a telemetry message of a not yet provisioned devices comes in and we wait for the event being settled we could lose the telemetry message if the application crashes at that very point of time. |
I think a specific event would be characterized by the very fact that it has that In that regard we could indeed follow the "piggy-back" approach of just adding that property if the message already is an event message. I think if the northbound application rather wants separate event messages with that status information or if it needs more information, then the gateways should be set up so that they publish specific events (#1618) in such a case.
But the delay in publishing the telemetry message by waiting for the disposition update for the event message first wouldn't make it more likely that the telemetry message gets lost, would it? The telemetry might get lost anyway and it's probably also not the last telemetry message of that device. |
It would be very helpful if the gateway ID could also be included as part of the message which indicates that a new device was registered. Maybe as additional defined property? What do you think? |
Sounds reasonable and is easy to implement. So I guess there's no harm on Hono's side 😄 We could name the property |
If we want to include the gateway identifier then FMPOV it should simply be |
…eways WIP This fixes eclipse-hono#2053 Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
So, it seems like we include two properties in the downstream message:
|
…sioning. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…ice registry. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…sioning. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…ngoDb-based device registry. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…ngoDb-based device registry. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…ngoDb-based device registry. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…BC-based device registry. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…BC-based device registry. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…BC-based device registry. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…rovisioning. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…BC-based device registry. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…BC-based device registry. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…rovisioning. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…rovisioning. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…rovisioning. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…rovisioning. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…ngoDb-based device registry. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
Adding capability to auto-provision devices to MongoDb-based device registry. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…sioning. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…rovisioning. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…gistry Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…rovisioning. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…rovisioning. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…sioning and fixing typo in event content type. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…fixing typo in event content type. Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
…eways Based on newly introduced authorities for a registered device a gateway is now enabled to perform auto-provisioning of edge devices. Applications are notified of auto-provisioned devices by receiving an empty event with corresponding application properties set. This fixes eclipse-hono#2053 Signed-off-by: Florian Kaltner <florian.kaltner@bosch.io>
As of today all devices that connect to Hono via a gateway are supposed to be explicitly registered in the device registry with the via flag pointing to the gateway device. In this setup only gateway devices are authenticated and not the devices themselves. In order to simplify the management of devices in such a setup an implicit registration of devices behind a gateway would be beneficial form my perspective.
At first glance from security perspective an implicit registration should be possible as after successful authentication of the gateway device a trust relation has been established.
For example such a feature would help in case devices connect via Bluetooth to a gateway that then communicates with Hono. Due to the features in Bluetooth devices may show up in a deployment dynamically and it may not be possible to "pre-register" the devices. It would be easier in a such a dynamic scenario if Hono registers these devices implicitly upon connection instead requiring the gateway to invoke the Device Registry Management API for explicit registration.
The text was updated successfully, but these errors were encountered: