Some components around a CoAP setup are useful for applications but not (at least not typically) deployed on a constrained system. A CoAP-HTTP cross proxy can be a useful thing in trying out CoAP from a constrained device toward an HTTP service, and a Resource Directory can be useful in discovering a device (especially if it provides inbound proxying, which can be configured in RIOT’s provided RD endpoint implementation).
All these services can (and often should) be run by the operator, but in some setups that requires having a public address available (which, unfortunately, can currently not be taken for granted on the Internet), or is just an additional step standing between a user and a running demo.
I’d like to collect considerations for, and generally work toward, some services that we can easily provide for use with RIOT example applications.
Earlier discussion today brought up some concerns that this would need to address, plus some on my own list not discussed before:
- Rate limiting, especially toward outside services for which this could be used as an attack vector (even though a single server is a very weak botnet). Especially, it’d need to implement CoAP’s amplification mitigation correctly.
- GDPR compliance: We’d need ToS that declare this as for experimentation only, and forbid use with any kind of personal data.
- Logging: We could probably not log, although if this is declared as being “for public experimentation”, we might reserve the right to (or even publicly log just to disintencivise any use that is contrary to ToS)
- External reliance: Externals must not depend on this, this needs to stay best-effort-no-strings-for-us. It may help to have random downtimes just to force actual users off it.
- Any examples that would “phone home” to this need to be very explicitly declared, and probably have it opt-in through a configuration option (even though the README might recommend turning this on before elaborating on how to provide an equivalent own service).
Things I’d like to see running:
- Resource Directory, with reverse proxying
- Proxy services, both to other CoAP protocols and to HTTP
- SUIT server containing nightly builds of RIOT examples (just because we can )
- maybe a pubsub broker
- possibly an ACE server (but that’d need more development, and I don’t quite see how “log in with your RIOT account and find online devices of your RIOT friends” would be implemented)
I’m already running a similar service (RD, proxy w/o HTTP, some demo resources) on https://coap.amsuess.com/; as that is not under community control I’m reluctant to even put it into examples, let alone off-by-default or even on-by-default default values.
I think I can drive this (even though on a very open time scale); question is, are there more than the above-mentioned concerns to be considered?