My momma always said that, “ensuring security & privacy on the Web of Things was like a box of chocolates. You never know what technology you are going to pick”

29th May 2015

Picture by Bernd from Yokohama, Japan (One missing, oops.)

[CC BY-SA 2.0 (], via Wikimedia Commons

The Web of Things (WoT) is a term used to describe approaches, software architectural styles and programming patterns that allow everyday items to be part of the World Wide Web. Fundamentally, the purpose of the WoT is to standardise the use of Web technologies to accelerate the creation of applications and services on top of the Internet of Things. The concept of the WoT is currently being explored by an international group of researchers from industry (including Nominet UK) and academia as part of a W3C Interest Group. The group has recently met during their first face-to-face meeting that took place in Munich, Germany in April 2015.

As an outcome of this meeting a number of taskforces were created to explore specific areas of the Web of Things. One of these taskforces is concerned with understanding issues and requirements regarding security and privacy on the WoT. The emerging Internet of Things has introduced new challenges for the security of applications and the privacy of individuals. For example, applications might make use of sensitive infrastructure (power networks or building control systems) or might use sensitive information about people (location or health data). In order to boost people’s confidence on the IoT it is very important to protect the privacy of individuals and to provide strong and reliable security for systems and processes.

The group of researchers involved in this taskforce has already recognised that there would not be a single solution for security and privacy but rather a suite of technologies that a WoT architect could pick from (hence the chocolate box metaphor). Work has now begun exploring existing patterns, protocols, mechanisms and components that can be re-used or adapted in this context. This is a very exiting area of research and it has the potential to shape future standards and technology.

We feel Nominet can be a major contributor since the company already plays an important role in keeping the UK Internet infrastructure secure.  Moreover, our experience with the Oxford Flood Network is going to provide a valuable insight into bootstrapping IoT security in real life conditions.