also a contribution to the IGF Dynamic Coalition on the Internet of Things
http://internet-things.org

Considerations on
Namespace Services
for the Networks of Things

Dr.Francis Muguet: francis.muguet

The Internet of Things is a new frontier, however it features multi-faceted edges, and it would have been preferable to name it, in a more general manner, as the Networks of Things or the Nets of Things because there could be several Networks, as long as there are freely and easily interoperable. The related namespaces are expected to become orders of magnitude larger than the current namespace of the Internet, which is mostly of an Internet of web sites, or for short the Net of the Web. Needless to say, the governance of the Nets of things is just nascent.

Concerning the current Internet of things, a nameservice that has been adopted by EPC Global and GS1, is the Object Naming Service (ONS). According to the Object Naming Service (ONS) Version 1.0 specs, ONS applies to the SGTIN portion of a given Electronic Product Code™ (EPC) that contains an EPC Manager Number, an Object Class, and a Serial Number. and should not be construed as applying to all EPC namespaces. Specifications for those other namespaces are the subject of future work within the ONS Working Group. ../.. , the EPC is encoded as a Uniform Resource Identifier (URI). The ONS operates through the DNS ( which is managed by ICANN ), for example an ONS object identifier is translated into the domain name :

000024.0614141.sgtin.id.onsepc.com which relies on the .com gTLD and the onsepc.com domain name. What is stunning is that all the ONS namespace, that should become orders of magnitude larger that all the existing DNS namespace goes through only one domain name !. The secondary namespace xxx.onsepc.com as for all domain names is privately managed by the domain name owner that has all control over this namespace. There is nothing new in that regard. This ONS namespace is managed through a database maintained by Verisign. Recently, another ONS root based in Europe :onsepc1.eu has been added, whose database is maintained by Orange Business Services. Another ONS root is proposed in China.

The resolution of the .com and .eu extension is managed by ICANN. The resolution of onsepc.com domain name is under ICANN control, while the onsepc1.eu is under control of the European ccTLD : EURid .

It is important to underline that the current intent of GS1 is not to become the (unique) namespace service for the Net of Things. The ONS service only gives access to a limited resource ( EPCglobal EPCIS).

Concerning search engines, according to the Object Naming Service (ONS) Version 1.0 specs, there are some specifics : EPC Discovery Service(s) A “search engine” for EPC related data. A Discovery Service returns locations that have some data related to an EPC. Unlike ONS, in general a Discovery Service may contain pointers to entities other than the entity that originally assigned the EPC code. Hence, Discovery Services are not universally authoritative for any data they may have about an EPC. It is expected that there will be multiple competitively run Discovery Services and that some of them will have limited scope.

Another interesting aspect is that the Net of Things is naturally relying on metadata, much more that the Net of the Web. Many applications are still relying on the legacy Electronic Data Interchange (EDI) format, but XML-based approaches such as XML-RPC are being used more and more, while it is possible to convert EDI to XML. In a paradoxical way, the Net of Things might be a much more favorable field of implementation of the Semantic Web than the Net of the Web for which it has been originally designed.

It is important to underline the little known fact that the current DNS system was designed from the outset as a naming tool available for networks other than the Internet, specifically the Chaosnet and Hesiod networks. These networks, now only of historical interest, were never under the governance of the IETF or ICANN. They are constituting very significant legal precedents.

Such a design is implemented with the help of a parameter named class that defines a network with its own specific and distinct namespace. Classes are currently defined, according to the IANA Protocol Registries, by the RFC 5395 ( that supersedes RFC 2929 ). Each class is a autonomous namespace with its own DNS root servers and its own governance.

Starting from the years 1995, implementation of a number of alternative DNS roots fragmented and perturbed the IN class managed by ICANN. Therefore in 2001, ICANN itself recommended to make use of unused classes, especially one of the 256 classes for a "private use" for the purpose of an experimentation. Alternative DNS roots have been commercial and technical failures.

The Internet is using the class "IN" whose namespace is managed by ICANN. The Chaosnet and Hesiod networks class parameter value are respectively CH and HS. For all practical purposes, the field class only currently takes the value "IN", but there are up to 65,000 classes available and unused.

The network software of an internet user includes a DNS client software, also called "resolver" that is pointing to a DNS server that shall answer with an IP address to a request about a domain name. DNS clients appear in many applications (browser, ftp, email client, etc. ..). When a user accesses to the network, in most cases, the DNS server is determined by default by the ISP,. The DNS server, also by default, answers within the class "IN".

It is the RFC 5395 that takes care of the question of classes. In addition to CH and HS classes and 256 classes that anyone can freely use them for "private use", the other 65,000 classes are not yet assigned classes, and may be assigned following an “IETF review", term which is defined in RFC5226 as :

”IETF Review” (Formerly called "IETF Consensus") New values are assigned only through RFCs that have been shepherded through the IESG( Internet Engineering Steering Group ) as AD-Sponsored or IETF WG Documents [RFC3932] [RFC3978]. The intention is that the document and proposed assignment will be reviewed by the IESG and appropriate IETF WGs (or experts, if suitable working groups no longer exist) to ensure that the proposed assignment will not negatively impact interoperability or otherwise extend IETF protocols in an inappropriate or damaging manner. To ensure adequate community review, such documents are shepherded through the IESG as AD-sponsored (or WG) documents with an IETF Last Call.

If IETF were to decide to block classes assignments to stifle competition, one could legitimately ask why the IETF , whose governance sphere is limited to the Internet, is entitled to assign a class to a network other than his own ie: the Internet. Under international public law, governance and arbitrage between networks should be the responsibility of an international organization such as the International Telecommunication Union, a situation that has been acknowledged by ICANN in its article 4 of incorporation: ICANN “shall operate […] its activities in conformity with relevant principles of international law and applicable international conventions and local law” and “shall corporate as appropriate with relevant international organizations.” -

It is proposed to create other IP based networks, and thus using the same technical pipes as the Internet, but legally distinct, precisely because they are using distinct namespace classes.

For a class to be usable in practice, it is required that the DNS client or "resolver" is able to receive from the DNS server the IP address corresponding to a domain name in this class. The BIND^¹ software is the best known among DNS server software but there are a few others^² .Most DNS clients and servers do not implement completely the RFCs, including RFC 5395. The field class is often considered as a fixed value with IN. Therefore, these software clients and servers shall have to be updated and that the class field must correspond to a true variable. This does not offer any particular technical difficulty.

There is no namespace fragmentation. The parallel use of several classes, is possible: users may use, at the same time, concurrent systems because they can be supported by the same DNS servers. It is transparent to the user, as shall be the transition from IPv4 to IPv6, which occurs at a different level. There is no conceptual problem.

Concerning DNS security, a centralized security could then be replaced by distinct decentralized security systems related to each class, offering a commercial and political independence for all players. In the DNSSEC and system the root signing authority may be distinct according to each class.

Concerning economics, classes are opening the namespace market to competition between potentially 65,000 players and would end the monopoly of the historic operator.

At the scientific and technological level, the classes allow innovation (eg semantic web, Multilingualism, M2M, etc......) to flourish.

In coherence with the goal to open the competition, several class namespace services are promoted for the Networks of Things. It has been underlined that through the use of classes, they are fully interoperable. Therefore one may and in fact, must escape from the mindset that the namespace for the Net of Things should be unique. Not only one RFID tag may relate to several namespaces, but an object may also host several RFID tags that would not be necessarily identical. This combination is going to greatly increase security, reliability and trust when one deals no longer with pure information, but with material objects. Here are a few suggestions :

A) ONS 2.0 ?. One first suggestion is that the current object Naming Service (ONS) should be improved so that it does go anymore through the conduit of a handful of domain names, but it operates through one or several classes in order to truly constitute independent and interoperable Networks of Objects. This improvement does not require a major change in the ONS philosophy.

B) Proxy class to the Handle System. If, despite its advantages, the Handle System does not emerge as a direct resolver for the Internet of things, and if the need of DNS gateways or proxies does arise, then, one DNS class could be dedicated to the DNS gateways to the Handle System. As the governance of this class should left naturally to the CNRI, it could manage the class root database and decides on security protocols.

C) Trademarks : one application of interest is to enable all concerned stakeholders to query independently and trustfully about the trademark of an object, over all its lifetime. Concerned stakeholders could be : owners, customers, sellers, transportation operators, customs and security services. This trademark information should be provided, independently from the information given by the seller, reseller, warehouse manager.

According to the Nice agreement, the International Classification of Trademarks comprises 45 classes. It is proposed to affect 45 DNS classes among the 65000 classes available to map directly the 45 classes of trademarks into the namespace. In this way, brands related to different classes could co-exist peacefully and legally in the cyberspace. Each brand could have a domain name in a different DNS class related to its relevant trademark class. This would solve legal problems in a coherent fashion. It would also allow search engines to take into account the trademark class parameter, which they cannot do at this moment. It is very important to underline that the DNS Mark classes are of interest not only for marketing information concerning web sites, but even more concerning the Networks of Things. Of course; it would allow to check if a product is really related to the brand it claims to be. It could be a tool against counterfeiting. Therefore, WIPO, while creating and managing the DNS Mark classes could in a position to provide to trademarks owners, not only trusted domain names but value-added services concerning their products.

Search engines, provided that search engines robots can access at one place on the planet to DNS Marks classes, may reflect this information into their answers to queries from all over the world.

The DNS classes are akin to a new dimension in the Namespace and its usefulness for the Net of Things is going

Experiments may be performed using one of the 256 classes scheduled for private use.

Concerning experimentation over an area, implementation of classes shall be ensured in :

2) servers and DNS clients, servers and other web applications, at, local or remotely located companies, operating in the area;

3) servers and DNS clients, servers and other web applications, at local (or even national) authorities, associations as well as individuals operating in the area :

In the case of the Networks of Things, the virtual community approach might be better suited for an experiment. One could start with a virtual community composed with professionals where the concern for traceability is at a premium.

The need for DNS servers of ISPs to implement DNS classes resolving is not as important in this case, if we provide internet gateways where the DNS classes resolving is implemented. Community members, if they notice that the DNS servers of their ISPs are not resolving DNS classes could use those gateways.

Example of virtual communities: transportation operators, pharmaceutical industry and customer , health , food safety, etc....

In general, concerning all Information Networks, whether the Net of the Web or the Net of Things, consequences of an effective opening of the namespace services to competition are quite important but they are going to be different.

Concerning the Net of the Web, opening the competition is a constructive and alternative way out of an protracted and old-fashioned power struggle over a existing critical resource, that constitutes the ICANN “quasi-monopoly” ( term used by EU Commissioner Reding in her 4 May 2009 video address ). Within this perspective, ICANN would appear simply as the historic namespace operator, under the parentage of the country that started the Internet. Other namespace operators should and could appear with the parentage of other stakeholders such as International Organizations, international regions, cultural communities, Countries, national regions, Cities, Businesses and last but not least Civil Society, bringing its concern for long-term societal values, over short-term financial interests.

Concerning the nascent Net of Things, we are fortunately not locked into the scenario of an old, intense power struggle. Introduction, from the outset, of an effective competition for namespace services would avoid unnecessary conflicts. Concerning the Net of things, the nascent governance of its naming services could be established; from the outset, as a competitive environment between different naming services, including the Handle System, the Object Naming Service (ONS), as as well as other services related to different DNS classes.

Concerning namespace services, the governmental and intergovernmental oversight, should be to insure that the competition is fair and transparent. However, the Net of Things is more complex than the Net of the Web, since it involves many patented technologies. Through their participation within international global organizations,such as the UN, ITU, WIPO, etc.. or regional organizations such as OECD, CoE, OEA etc..., they should insure, at the international level, that the competition is not only fair, but also equitable for small stakeholders from developed countries and even more so from developing countries.

Concerning classes governance, it is suggested, in a very exploratory fashion, to consider transparent, inclusive, multi-stakeholder partnerships, including intergovernmental and governmental organizations, technical operators, businesses, academia, civil society, fully recognized within an international public law context, according to the UNMSP proposal.

The IGF dynamic coalition on the Internet of Things could provide a very unique place to start discussions about the governance of the Net of Things; which includes, inter alia, governance of naming services, because it is part of a multi-stakeholder United Nation process, where all stakeholders are on a equal procedural footing, and where governments may participate officially as such.

As the Net of Things is going to have profound societal societal consequences, participation of Civil Society is required. As an example, such initiative like the Societal LightHouse ( Geneva ) could provide some civil society input from the citizens and SMEs in the region of Geneva.

Namespace classes may provide an effective way to open competition namespace services over IP based information networks, which in turn completely revolutionizes, in a constructive way, the governance of namespace services.

To a larger extent than for the Net of the Web, but in a longer term, namespace classes related to Net of Things are key strategic elements to consider in order to confront the global economic crisis.

2http://en.wikipedia.org/wiki/Comparison_of_DNS_server_software