[IOT] OpenADR comment period

Thomas Nichols tnichols at enernoc.com
Thu Jun 20 03:41:34 UTC 2013


An OpenADR network conceptually looks like a star network, with a single
VTN (virtual top node/ coordinator) and many VENS (virtual end nodes.)

The VEN needs to trust commands from a top node, and VENs can't
communicate -- ever -- with other VENs as far as OpenADR is concerned.

Agreed it's largely an implementation concern which is why it's not laid
out in the spec, more of a guidance.

We consider in most cases, the VTN and XMPP server will be controlled by
the same entity. The VTN could be connected as an XMPP client (or multiple
clients) or VTN endpoints could be exposed as service JIDs.

I think we have two choices.  (1) Tell VTN implementers/ deployments that
they need to secure the XMPP server to prevent VEN to VEN communication.
Or (2) we require VENs to maintain a whitelist of VTN JIDs, and drop or
reject packets that are not from an approved JID.  Or maybe both.

Thanks!
-Thom


On 6/20/13 11:58 AM, "Peter Saint-Andre" <stpeter at stpeter.im> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Hi Thom, thanks for your other post.
>
>On 6/19/13 8:52 PM, Thomas Nichols wrote:
>> One question, which is more of an implementation detail but we
>> would like some input, is how to prevent communication between end
>> node clients.  I think during registration, VENs would have to be
>> added to an ACL or group, and then a filter would be used at the
>> XMPP server to block packets whose "to" and "from" belong to that
>> group.
>
>Would service providers want to forbid all communication among
>clients, or limit it to communication among particular "groups", as
>you say?
>
>That kind of thing usually is implementation-specific, but if you let
>us know what you're trying to achieve perhaps we can provide some
>pointers.
>
>Peter
>
>- -- 
>Peter Saint-Andre
>https://stpeter.im/
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
>Comment: GPGTools - http://gpgtools.org
>Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
>iQIcBAEBAgAGBQJRwm/kAAoJEOoGpJErxa2pytcP/RK6BNMmBsW9Eiej2T16jhEP
>y52kiJNMpXA57fNknPqiKCXduoIqk+MvcExV08z8+N4tx8+DfyU9jqJjS+gGFGgb
>fEw/w0FBFgbdgpb5QYf02TKhEnyl4sGBIeDf13rHRxNVV7dXqH+S5LNybrnG+kqt
>V9U7VcoCrgobCaGiNAlZ/H2YPiItNk+zZ2y2Oi1AkNJzqrVUQHSuzuHM8zu83NwK
>nneN7NUo03fy9xvgYxbmUTy2gjetEH1GX8I61MTa+JM6eHxm/cpTkaErFTIEWvli
>xcNUL6aAvPqaLXfQ612UhZG187Pnk35xiROyNvgKjjfV5CKSnuJdejEiARjUrD9X
>bnyZzZrIFZ417Gr3ElwH4Xw58Iu2eBqBOCknmGGgyi/Fw8txeVPkB6DnCa2e4tN8
>TWo1KCKxVVm4KhkVSQ/nDq1zXTdK0CMo8RXLARGXql3o7eWMzTOVzwOsnM1um8O1
>74W1z7r/kHH+wcE3HUXbPLC3vpe5SIBSTtNoZweYnx3aZ5PXJ8txiSO6tfr4K9ox
>ahevU7MGRqXje+ARrrUFutszQyvNTBmDjU9hQqP35yBfVfxx9RV7JZU8I03c7keG
>aPpd+9FjfnCxyRql825Ykw/KoXZaben2C6dOC8vRxgRQQFGX+jQKCLVWwI5srLpG
>T4yKMuk5SdwJFAu+kplN
>=NCvu
>-----END PGP SIGNATURE-----


This email and any information disclosed in connection herewith, whether written or oral, is the property of EnerNOC, Inc. and is intended only for the person or entity to which it is addressed.  
This email may contain information that is privileged, confidential or otherwise protected from disclosure.  
Distributing or copying any information contained in this email to anyone other than the intended recipient is strictly prohibited.


More information about the IOT mailing list