Standards Development

Scope

This part of ISO/IEC 21823 specifies interoperability from a behavioural and policy viewpoint. In this document, the following specifications for interoperability from a policy and behavioural point of view are included:

- a principle of how to achieve behavioural and policy interoperability;

- requirements on information related to behavioural and policy interoperability, and

- a framework for processes on developing information exchange rules from a behavioural and policy viewpoint

Purpose

The series of ISO/IEC 21823 standards addresses issues that relate to interoperability both between different IoT systems and within a single IoT system. ISO/IEC 21823-1 describes a general framework for interoperability for IoT systems. This includes a five facet model for interoperability which includes transport, syntactic, semantic, behavioural and policy. This standard (21823-5) addresses behavioural and policy interoperability. Behavioural interoperability ensures that the actual result achieves the expected outcome.

Policy interoperability ensures compliance with the legal, organizational, and policy frameworks applicable to the participating systems.

The behavioural interoperability facet abstracts from implementation details and describes the behaviour of participating systems in a representation-independent way. An example of behavioural interoperability could the storage of data in a protected form such as encryption. An example of policy interoperability could be compliance with a regulation that mandates deletion of personal data.

Successful behavioural interoperability has an impact on processes or activities of the interacting system. In an exchange between a target system and a source system, the target system cannot provide the features and functionalities expected by the source without an agreement on the behaviour of target system processes and activities. Lack of behavioural interoperability between two systems can be a very significant barrier to enable full interoperability between them. The implication is that the actual behaviour of one system can fail to match the expectations of the other system, even if the functional interface (or API) matches between the systems.

Policy interoperability can be one of the most challenging and difficult to achieve if there are mismatches between the interacting systems. If there is a legal prohibition on an IoT service connecting to an IoT device because the service runs in a different jurisdiction to the device, for example, then it is not possible for an IoT service to use that device even if all the other facets of interoperability are satisfied. IoT service provider policies concerning data placement (e.g. for sensitive data) can also be a significant barrier to policy interoperability.