IEEE Std 1888-2014 pdf download – IEEE Standard for Ubiquitous Green Community Control Network Protocol.
5.2 Component-to-component communication protocol 5.2.1 Types of component-to-component communication protocol This subclause specifies and describes the following three types of sub-protocols for component-to- component communication. Note that instances of components are GWs, Storages, and APPs. As for the accessing methods to a registry, see 5.3.   FETCH protocol—for data retrieval from a remote component.   WRITE protocol—for data transfer to a remote component.   TRAP protocol—for event query registration and event data transfer. The latter part of this subclause describes these protocols in detail. 5.2.2 FETCH protocol FETCH is a protocol for data retrieval from a remote component. We denote here the component that inquires data from the remote component by Requester, and the component that replies with the data by Provider. Figure 6 provides a diagram of the interaction.
10. Security considerations UGCCNet protocol is basically open. It assumes multi-domain operation and public access from other domain’s system components. In this context, security requirements to the system would be listed as follows:   To avoid unintended data disclosure to the public   To avoid unauthorized access to writable resources   Availability and confidentiality of remote communication host   Integrity and confidentiality of data   To avoid unintended access or operational conflicts To get confidentiality of remote communication host, we would be able to use VPN, SSL, SSH, and other related technologies. HTTPS, or SIP and its security extension, would help in getting integrity and confidentiality of data. Access control and access confliction management shall be the other important but different types of security issues that should be discussed independently. Generally, access control is used to allow only specific users to access both readable and writable resources, which would certainly help to avoid unauthorized access from or unintended data disclosure to the public (sometimes anonymous) users. In order to manage this, the system would need to introduce the concept of users to identify who is accessing the resources. We assume URI-based identification for user authentication just as Point ID takes URI for its identifier. Authentication of these users and components (probably by taking advantage of the existing authentication platforms) would certainly need to be considered.