Keywords—Internet of Modelling

Services notably contributed to the spread of Internet, which evolved from a restricted/small-sized academic and military network into a worldwide platform hosting applications of all kinds [ 1 ]. Likewise, services promise to represent the real drivers for the Internet of Things (IoT) [ 2 ], a dynamic and heterogeneous ecosystem of networked everyday objects, conventional computing systems, places, pets and people. These entities, supported by ubiquitous and seamless connectivity, take part in novel, advanced, cyberphysical services (indicated as IoT Services in the follow), which are expected to revolutionize every application context. As matter of fact, from industry and public safety, to wellness and transportation, new IoT services are always coming on the scene1, facilitated by the continuous spread of Smart Objects (SOs, namely everyday objects empowered in their conventional functionalities). Indeed, SOs acquire, process, and communicate information about the surrounding environment, entities and ongoing activities, and accordingly act and interoperate, regardless of their different communication protocols or technologies [ 3 ]. In such a scenario, IoT services are therefore fundamental, since they are high-level interfaces for straightforwardly accessing heterogeneous SOs, especially in dense, cooperative, open environments, e.g., a Smart City in which SOs belonging to different application contexts cooperate for providing services related to e-health, smart factories, energy and traffic management, etc. [ 4 ].

Although IoT is gaining momentum, and regardless the substantial background on computing services, the development of an IoT service is a challenging and not fully mastered task. Traditional computing services are based on a vertical data flow between physical and application layers, and each service is often independent [ 1 ]. Conversely, IoT services exploit both data and cyberphysical functionalities provided by a horizontal landscape of heterogeneous entities, sharing the same resources and environment. Due to their complexity, IoT services require a specific development methodology, so to be thoughtfully designed, formally verified, and simulated. Such a full-fledged approach, so long as supported by a preliminary and systematic modeling phase, paves the way toward reliable, fast and effective IoT Service development [ 5 ]. However, service modeling is often a neglected or underestimated activity, which is complicating the overall development process and limiting IoT services potentials.

In this work we propose a novel and full-fledged approach to IoT service modeling, aiming to support IoT Service development according to (i) different granularity, from highlevel and general purpose metamodels (suitable to the analysis phase) to detailed models, instantiated over specific domains or case studies (suitable to the implementation and verification phases); and (ii) different perspectives, providing both descriptive and operational service models, thus meeting the requirements of several professionals involved in the service development.

The rest of the paper is organized as follows. In Sec. II, related works pertaining service modeling are surveyed, with a particular focus on the most relevant IoT research initiatives. In Sec. III, our modeling approach for Opportunistic IoT Services is presented and its application shown in a concrete case study (public safety during a mass event’s evolution) in Sec. IV. Conclusions are drawn and future work outlined in Sec. V.

One of the most important contributions derives from the IoT-A project [ 6 ] (see Fig. 1(a)), in which a detailed IoT service model has been provided and then exploited as an architectural building block (“IoT Service Layer”) in different IoT platforms [ 7 ] like Butler and ICore. The IoT-A service model extends the previous one developed within the SENSEI2 project, and is totally aligned with the ones of AIOTI3 and FIWARE4 initiatives, as well as with the IEEE P2413 “Standard for an Architectural Framework for the IoT”5. According to the SSN (Semantic Sensor Networks)6 ontology, it describes an IoT service as a well-defined and standardized interface enabling interactions with the real world, specifically through its Virtual Entities (VEs, namely physical entities abstractions). Indeed, IoT services allow accessing a VE’s status, properties and functionalities (sensing, actuation, computation, storage or networking) by means of its Resources, thereby hiding VE heterogeneity/complexity to IoT developers and users. Associations between IoT services and VEs are established according to both dynamic (e.g., IoT service current status, VE location, and VE resource availability) and static information (for example, IoT Service specifications and quality of service, VE id and dimension). In particular, relevant information for each IoT service is coded in a Service Description Model according to the business-oriented USDL (Unified Service Description Language). This paves the way toward the application of the IoT-A service model within the world of Business Processes (BPs): indeed, by extending the BPMN 2.0 (Business Process Model and Notation), it is possible to treat IoT services as IoT-aware BPs [ 8 ].

Similarly to the IoT-A project [ 6 ], authors of [ 9 ] and [ 10 ] propose an SSN-based model in which IoT services are provided according to established associations between Physical Entities (PE, namely every person, place, or object whose spatio-temporal attributes and preferences constitute its Context). Differently from business-oriented service model of [ 6 ], however, the IoT service model of [ 9 ] and [ 10 ] specifically focus on semantic IoT service description, thus extending the OWL-S (Web Ontology Language for Service)7. Indeed, each IoT Service (see Fig. 1(b)) is featured by a ServiceProfile describing what a service does (functional and not-functional properties), a ServiceModel eliciting how a service works (processes and related Preconditions, Effects, Inputs, and Outputs), and a ServiceGrounding specifying how a service is concretely implemented (message formats, serialization, transport and addressing, etc.). In particular, with respect to the original OWL-S service model, ServiceProvisionConstraint, ContextPrecondition and ContextEffect classes have been introduced within the Service Profile to explicitly consider context-awareness and cyberphysicality at the modeling phase. Indeed, the ContextPrecondition class specifies the conditions related to the PE Context (namely its spatio-temporal features) that should hold before the service can be provided (Precondition specifies just general functional preconditions). 2 SENSEI: Integrating the Physical with the Digital World of the Network of the Future, www.sensei-project.eu 3 AIOTI: Alliance for IoT Innovation, www.aioti.eu 4 FIWARE: Future Internet ware, https://www.fiware.org/ 5 IEEE P2413, standards.ieee.org/develop/project/2413.html 6 SSN, http://www.w3.org/2005/Incubator/ssn 7 OWL-S, https://www.w3.org/Submission/OWL-S/

Similarly, the ContextEffect class describes changes to the external world or environment (Effect just describes the change to the service provider entity). Finally, ServiceProvisionConstraint class represents PE physical constraints that are relevant to the service provision.

An IoT-A like, but not SSN-based, service model is reported in [ 11 ] and [ 12 ], which mainly consists of IoT services and Entities of Interest (EoI). In particular, the latter represent physical objects, featured by their Properties of Interest (PoI, namely desired properties associated with an EoI), to be monitored, controlled, or tracked through Devices. IoT services, instead, are featured by a set of Requirements which consider a specific application context, an EoI, its PoI, and PoI’s observation rate and provided reliability (as shown in Fig. 1(c)). IoT service Requirements are specified in a declarative way and can be autonomously processed and matched with the expected levels of dependability.

A completely different approach to service modeling is carried out in [ 13 ] and [ 14 ]. In particular, these models are specifically conceived for operational purposes more than for descriptive goals. Indeed, both works exploit (extensions of) Petri Nets [ 15 ] to model real world entities as Nets, their operations as transitions and their IoT services as a sequence of states, as shown in Fig. 1(d). Such operational modeling allows controlling the correctness of IoT services among dynamic context changes, thus exhaustively and automatically checking their compliance to a given set of specifications.

Finally, the work in [ 16 ] focuses on modelling IoT services at the level of cooperating devices, namely, as computational processes working on spatio-temporal sensed data. The work discussed in the present paper addresses architectural aspects of IoT services sharing a common view where such services operate in given spatio-temporal execution contexts.

This work proposes a novel approach to service modeling, conceived to fully support IoT service development. Our approach has two main steps: (i) metamodeling, in which highlevel representations are provided, mainly for descriptive purposes, to outline a service overview particularly suitable for the analysis phase; and (ii) operational modeling, in which services are formalized following specific notations to support the further phases of service design, verification and simulation. These two steps (based on the same concepts but presented from two different perspectives) are both centered around innovative cyber-physical IoT services involving heterogeneous entities, generally defined “IoT Entities”, within a certain “IoT Environment”, to be detailed later, as depicted in Fig. 2. Similarly to models surveyed in Sec. II, we consider IoT services as interfaces for making an IoT Entity’s functionality accessible by other IoT Entities. Conversely, our IoT service model is the first that explicitly considers the following opportunistic properties, crucial to capture the real IoT service potentials but largely overlooked in the past: i. Dynamicity, IoT services can be dynamically, and not apriori, created/activated; ii. Context-awareness, any implicit/explicit information about

IoT Entities synergically interact within the IoT Environment, providing and leveraging IoT Services according to their own features (namely static/dynamic attributes) and cyber-physical functionalities (namely entity capabilities subject to specific conditions or constraints). To provide more customized modeling, and differently from the surveyed related works, IoT Entities are categorized into Humans, Pets (both involved uniquely in service consuming) and Things (acting as IoT service prosumers). Fig. 3 depicts the aforementioned IoT Entities’ classification and their role in the IoT Service provision. In their turn, Things can be further classified into Smart Objects and Computing Systems. In particular, Computing Systems are conventional PC, notebooks, servers, etc. They are usually described by means of features like IP/MAC addresses, software and hardware specifications, exposing their functionalities (typically computation) locally or remotely on the Web. Smart Objects (SOs), instead, are everyday objects augmented with sensing/actuation, processing, storing, and networking functionalities. Because of their capabilities, cyberphysical nature and pervasiveness, SOs are primary service prosumers in an IoT scenario.

To consider all the information that could be relevant for the IoT Service provision, the SO metamodel of [ 17 ] has been extended in Fig. 4, thus describing each SO through its:  Status: it is characterized by a list of variables, given as pairs <name, value>, that capture the SO state.  FingerPrint: it contains the following basic and distinctive SO information, such as Identifier (representing the Id of the SO, which allows its unique identification within the IoT or an IoT subsystem), Creator (either an individual creating the SO for personal use, an industrial company that creates it for business, or an academic research laboratory implementing it for research purposes), Type (given for categorizing SOs with a deeper level of detail, thus distinguishing for example a smart pen from a smart car or a smart building), QoSParameter (associated to the SO, like reliability, availability, etc.), Constraint (defines an SO static constraint that, if violated, prevent the SO from working, such as electric voltage, and maximum SO work temperature), and Preference (helping choose between alternatives options, properties, modalities, etc. (e.g., a SmartCar with a preferred fuel brand). A preference is not necessarily stable over time and, as opposed to a Constraint, it can be disregarded.  PhysicalProperty: it represents a physical property of the original object without any hardware augmentation and embedded smartness.  Service: it models an IoT service provided/consumed by the

SO.  Device: it defines the hardware and software characteristics of a device that allows to augment the physical object and make it smart. A device can be specialized into (i) Computer, representing the SO processing unit (e.g. embedded computer, plug computer, etc.); (ii) Sensor, modeling a sensor node belonging to the SO; and (iii) Actuator: modeling an actuator node belonging to the SO.  Location: it represents the geophysical position of the SO.

The modeling approach described in Sec. III has been applied to the “Crowd safety” opportunistic IoT Service, inspired by the one proposed in [ 19 ]. It considers a mass public event, such as the Vienna marathon, and aims at (i) alerting people located nearby overcrowded zones, where any small incident can create a dangerous panic situation; (ii) proposing alternative paths according to the user’s preferences/constraints (e.g., a tourist, an elder, a biker can receive different suggestions for the same destination customized on their preferences). In details, SOs deployed around the city (e.g., smart traffic lights, and smart lamps) monitor through their embedded devices the flow of athletes and audience, and allow estimating the city zones’ density. The “Crowd Safety” IoT Service” thus alerts citizens located nearby overcrowded zones by sending a notification on their personal devices. The same alerted citizens can hence specify their destination and receive customized, context-aware, and real-time hints on the best path to be followed. The “Crowd Safety” is clearly an opportunistic IoT Service because it exposes the four aforementioned opportunistic properties of: i. Dynamicity, since it is activated only if a zone’s density level exceeds a threshold continuously for a certain amount of time; ii. Co-located, since it exploits multiple SOs at the same time for contemporary serving multiple citizens located nearby the overcrowded zones; iii. Transient, since it lasts only for an emergency situation and until the citizen is near an overcrowded zone; iv. Context-aware, since it considers athletes and audience positions and environmental elements (e.g., a bridge) for determining density and risk levels, as well as citizens positions and their preferences for providing alerts and customized hints.

This work has been carried out under the framework of INTER-IoT, Research and Innovation action - Horizon 2020 European Project, Grant Agreement #687283, financed by the European Union.