TechDoc: Identifying- and connecting to- SmartSpaces and Sandboxes

Posted on May 12, 2011


Definitions: SmartSpaces, SmartSpace Hubs and SandBoxes

SmartSpace: A location that is wired up and made “smart” and interactive using computing power, sensors and computer controlled devices.

(Global) SmartSpace Hub: A Server somewhere on the web to which a Local SmartSpace (Application) can connect. The global connection can be used to:

  1. Share data – Over the web
  2. Connect to other SmartSpaces – On other locations, to exchange data and create interactions
  3. Offer Web Based User Interfaces – To use on local SmartSpaces. For instance, to play music or change lighting in a room

SandBox: Or: “Application SandBox”. An isolated workspace in which devices and applications within the Smart Space can send specific messages to each other. Using SandBoxes, multiple instances of one application can run inside a SmartSpace without messages from one application messing up the workings of the other application instances. One SmartSpace can have many devices sending their messages over multiple SandBoxes.

Scope of a Smartspace

There are two environments in which a Smartspace can run:

  1. Local SmartSpace – Approachable via a WiFi connection or other wireless technology and protocol. Anything within a Local SmartSpace runs in a limited IP range within the Local Network.
  2. Global SmartSpace Hub – Approachable via the internet. Functions as a hub for services that should be approachable online, from anywhere in the world.

Type of Global SmartSpace Hubs

  1. Public Global SmartSpace Hub – Offers access to anyone to create a SandBox. As SandBox names have to be unique to avoid two different SmartSpaces Applications to share data, the Global SmartSpaces Hub might offer you something generate a unique SandBox ID to avoid data crossover. Public Hubs are unsafe as anyone can – in principle – tap into any Sandbox, unless there is a limitation based on (a list of) IP-Addresses attached to individual SandBoxes.
  2. Private Global SmartSpaces Hub – Is created by a specific person for a specific use. The Private Hub will – for instance – only grant access to specific clients from specific IP Addresses.

SandBoxes and safety: limiting access by segmentation

SandBoxes help you to shield functionalities and data streams within your SmartSpaces. You can run private SandBoxes by connecting them to specific machines with specific IP Addresses or public SandBoxes to be used and tapped into by anyone and anything that connects to your local network.

Especially when you connect your SmartSpace to a Global SmartSpace Hub – running somewhere on the web ans accessible by anyone from anywhere – you want to limit the options this Global Hub will expose to the world. More about how you connect later.

Rules on a global SmartSpaces connection

  1. Connecting from Local to Global is possible – A local SmartSpace can connect to a SandBox on a Global SmartSpaces Hub
  2. Connecting from Global to Local is impossible – A global Smartspace can not connect to a local SmartSpace
  3. The Local SmartSpace creates the Sandbox – As you do not want any external source to be able to tap into your running SanBoxes, the Local SmartSpace will dictate which Sandbox will be created remotely. For safety reasons, whatever runs in this SandBox should give only a very limited and very specific access to what you run in your Local SmartSpace.
There are two reasons for this limitation:
  1. Technical limitations – In most cases a Local SmartSpace runs within a Local Network and does not expose its services outside this Local Network.
  2. Safety – You do not want people from outside connect to your Local SmartSpace and being able to take over things

Connecting to a local SmartSpace

WiFi: A local SmartSpace will in most cases be exposed via a Wireless network / WiFi Connection.

Connect to WiFi: To connect to a local SmartSpace, you have to connect to that Local Wireless Network. From there, the SmartSpaces client Application will take over to scan for available Applications and Sandboxes.

Password Protection: In most cases the Local Wireless Network will be protected by a password:

  1. Public spaces – For public spaces the password should be derivable from the Network name. So if the Wireless Network is calles “SmartSpaces_SomeLocation”, the password could be a Hash code. The public space should limit the access to anything to a maximum to avoid abuse of the WiFi connection. As the key to the network is derived from the Network Name, this is relatively easy to hack.
  2. Private spaces –  The Private Wireless Network spaces should be protected by a password that is not related to the Network Name. As a private network grants access to hardware inside a house or private space, it is imperative to take care of this by the designer of the Smart Space in a proper way.

Connecting to a Public Global SmartSpace Hub

The basic steps to make a connection to a Global SmartSpace Hub is done in two steps:

  1. Identifying the location and SandBox of a (Global) SmartSpace Hub – The Global SmartSpace Hub will run on a location somewhere on the web. Inside the Hub, one or more SandBoxes are running, each with a unique name. The link to a Smartspace Hub will consist of two parts: “<Server Domain Name>:<Sandbox Name>”. Like this: ““.
  2. Dealing with this connection – The SmartSpaces Client will split the Server Domain Name and the SandBox name and:
    1. Connect to Server – First connect to “<Server Domain Name>”
    2. Connect to SandBox – Then connect a SmartSpaces Socket to “<Sandbox Name>”
Using this principle locally: You can use this same principle also in your local SmartSpace. The link to a Local Smartspace Hub will consist of two parts: “<IP number>:<Sandbox Name>”. Like this: ““. You will skip the Local SmartSpaces Hub Discovery Process.

Running a Private Global Hub

A Private Global Hub is a SmartSpaces Hub which will only grant access to specific machines, people and machines who are able to authenticate themselves, or to connections from specific IP Addresses.

Whatever Sandboxes are shared and whatever, are only accessible for people and machines on your VIP list.

Posted in: techdoc