Organizing the Internet of Things

By Ross Stapleton-Gray

It may be too late to bring back EPCglobal's Object Naming Service, but we sure could use it now.


A recent essay by Phil Windley, titled “The CompuServe of Things,” raises concerns of “walled gardens” and stovepiped services and applications—for example, the FitBit device that can collect health data, but which can then talk only to the FitBit service, with no provision to easily pass health data to any other relevant applications. Things are wildly proliferating, but as a fragmented, Balkanized universe of things.

The essay is remarkable for having, in 2014, no mention at all of the Electronic Product Code (EPC), or of the Object Naming Service (ONS). Chartered by EPCglobal in 2004 with a contract to VeriSign, the Object Naming Service could very well have become the root of a thriving Internet of Things (IoT). Instead, in the words of an industry contact deeply involved in the creation of the EPC standards, “it is pretty much gone.” And yet the IoT and the ONS infrastructure for RFID have every excuse to be inextricably paired—the phrase was coined in 1999 by the MIT Auto-ID Center’s Kevin Ashton.

Nearly a decade ago now, in 2005, I wrote an essay for RFID Journal (see The Radio-Free EPC) that speculated on what could be done if one ignored the use of EPCs in physical tags, but just laid that name space open to useful applications—for instance, defining a simple standard to give every music track from every published album its own unique ID number, thereby creating a unique copy of each song.

In a nutshell, since most music publishers already had a chunk of Global Trade Item Number (GTIN) space allotted for the bar codes they were sticking onto albums, and since the EPC’s item ID field was orders of magnitude larger than that in the GTIN, one could easily create a scheme to extrapolate a unique track ID that would handily fit into the EPC. In addition, one could create a standard means of representing a unique iteration of each song—specific licensing to a particular customer, for example—in an EPC’s serial field. One can only imagine how music services and digital rights management systems might have made use of such a standard to make music tracks more easily addressable. But how many different music-sharing services are there today, each hacking out a local solution to what could have been a part of a global picture?

Repeat the above for e-books and their unique iterations, and for any other real-world, intangible goods. But why stop there? Why not apply the EPC to any and all “virtual world” goods that one can? Should it matter, from the perspective of a point-of-sale system or shopping-cart software, whether I’m buying a can of beans from Safeway or a +2 magic sword in “World of Warcraft?” And apportioning chunks of the EPC space would also allow for seamless integration between any of these alternate (complementary?) realities. Neal Stephenson’s “Snow Crash” imagines the future “Metaverse,” the sum total of virtual realities accessible to humans (who, by and large, find it far more habitable than the novel’s brutishly dystopian real world). He wasn’t envisioning a world in which each service had its own proprietary identities; in his Metaverse, it was a seamless (virtual) landscape, where everything had its own unique name, every product its own code… Well…

Had the EPC been aggressively used to “name stuff,” rather than being held back, waiting on the demand for RFID tags, I think we would be hearing about it today as something important to the Internet of Things, instead of being told of such things as IPv6 (the next evolutionary step in assigning unique IDs to nodes on the Internet itself) or various object identifier schemes with even less traction.

It may not be too late to position the EPC and the ONS—which still impresses me as an elegant architecture for resolving IDs to the authorities who can speak to their meaning—as something more than Cinderella awaiting the arrival of a princely pile of RFID tags to demand its use.

Ross Stapleton-Gray is the founder and president of Stapleton-Gray & Associates, an information technology and policy consultancy focused on security, surveillance, privacy and mobile technologies, including RFID.