Connectivity Framework Annex F: Assessment Template: MQTT
F. 6.3 Usage Viewpoint
F. 6.3.1 Architecture( Section 6.3.1)
F. 6.3.2 Technology
Options( Section 6.3.2)
F. 6.3.3 Applications( Section 6.3.3)
F. 6.3.4 Typical
Usage( Section 2.2)
F. 6.3.5 Operations( Section 2.3.8)
F. 6.3.6 Security( Section 2.3.5)
F. 6.3.7 Safety( Section 2.3.9)
F. 6.3.8 Gateways( Section 3.3)
Summarize the main concepts, and high-level architecture, and terminology. Describe the end-to-end information exchange path.
MQTT consists of multiple MQTT-Clients connected to a MQTT-Server( or broker). MQTT- Clients publish and subscribe to messages on one or more MQTT-Topics. A message published at a client is sent to the MQTT-Server, which sends it to all the subscribed MQTT- Clients. An MQTT message is an opaque vector of bytes. List the choices to be made for using the connectivity technology in a system.
• Selection of MQTT versus MQTT-SN
• Selection of the MQTT broker. This is one for a segment of connected applications.
• Selection of client libraries( can be different for each client application).
A general statement of the typical applications that rely on this connectivity technology and the reason for using the connectivity technology.
According to the OASIS MQTT Technical Committee, target applications are sensors communicating to a broker via satellite links, occasional medical device dial-up connections with healthcare providers, home automation and small device scenarios. MQTT also targets mobile applications. What function or where in the system this technology is typically used? Centralized data collection. Can one monitor, manage, and dynamically replace elements of the connectivity function?
No, MQTT does not provide standardized mechanisms to monitor and manage a MQTT- Server. However, MQTT-clients can be replaced at any time.
The broker routes all messages in the system. To avoid becoming a bottleneck it is deployed so that there is high-bandwidth connectivity to all critical clients.
The broker should be specially protected against security breaches and denial of service attacks. What are the system security implications of this connectivity technology?
Security is provided only at the transport level between each client and the broker. There is no end-to-end( client to client security). Therefore, if the broker is compromised, all data in the system will be compromised.
The broker introduces a potential target to denial-service-attacks. For systems that need it, are certifiable implementations available?
There are currently no safety-certified client libraries or brokers.
List of gateways to core connectivity standards and other relevant connectivity technologies.
Custom application gateways have been developed for MQTT to DDS and HTTP to meet the needs of specific applications.
IIC: PUB: G5: V1.0: PB: 20170228- 114-