OCF Core Framework
The infrastructure that enables secure IP communication of the vertical defined application.
The OCF Core Framework is an IoT framework for device discovery, on-boarding and application-layer security, for device-to-device and device-to-cloud connectivity. It can be used with any application layer, using your own data models. The OCF Core Framework is published as a ISO/IEC standard, there is a compliant open source stack and a comprehensive certification program in place.
What does it solve:
The OCF Core Frame work enables vertical agnostic secure IP communication by means of a standardized framework. The open source implementation of the OCF Core Framework is IoTivity, which is compliant to the OCF standards and is a verified implementation by means of the OCF certification program.
The OCF Core Framework is compliant with most of the known security requirements documents.
Communication mechanisms covered by the OCF Core Framework
IoT means interacting with the physical world, hence the physical device is important. This is also the most costly part to develop. The Core Framework therefore is focusing on the code that is needed on the physical device. e.g. it covers:
- Device 2 Device communication
- Device 2 Cloud communication

OCF Core Framework on the (Embedded) device
The Core Framework has:
- a small footprint of code, for embedded devices and RTOS's
- small payloads, e.g. communication packages
- best in class security (including PKI), by using the latest technologies
- a base of widely accepted internet technologies, based on IETF RFCs
- a minimal required set of features
- a huge set of optional features that are already available for a vendor to use
- a design that allows vendors to concentrate on device function, not on the communication and security aspects
- an ISO/IEC content format, hence it is upgradable
- payloads that can be defined using any (existing) content type:
- For example: CBOR, JSON, XML
- CoAP, allowing the same communication paradigms as used on top of HTTP, but then with smaller communication packages
- The OCF Core Framework architecture is restful, but the application is not limited to that paradigm
Core Framework solution space

Security aspects
The OCF Core Framework can handle payloads based on CoAP securely. Each Device will be onboarded into a secure domain. Only devices onboarded in the secure domain are allowed to talk to each other. On top of the secure domain, access controls are defined. The access control mechanisms are based per resource (URL) and Methods that are allowed on the resource. This gives a granular control of who is allowed to interact with which part of the functionality on the device. For example a guest is allowed to read the current temperature of the thermostat but not allowed to change the set point of the thermostat.
OCF Specifications that describe the OCF Core Framework
The following OCF specifications are agnostic of the function of the device, e.g. vertical agnostic.
- Core Framework
- Core Optional Framework (optional, depends on deployment scenario)
- Easy Setup (optional, depends on deployment scenario)
- Security
- Bridging (optional, the architecture only, depends on deployment scenario)
- Onboarding Tool
- Device to Cloud Services (optional, depending on deployment scenario)
- Cloud Security (optional, of course required when doing cloud)
- OCF Cloud API for Cloud Services (optional, depending on deployment scenario)