WebUSB API Gives USB-Connected Devices Direct Access to Web Services

Two Google developers recently published a draft version of the WebUSB API that provides Web pages direct access to USB devices. The goal of the API is to provide a safe, standard method to expose USB-connected devices to Web services. While the API certainly applies to standard, legacy USB-connected devices (e.g. keyboards, mice, AV equipment, etc.), the API could have a major impact on the development of the Internet of Things (IoT) movement.

"The WebUSB API provides a way to safely expose USB device services to the Web," editors Reilly Grant and Ken Rockot commented in the unofficial draft docs. "It provides an API familiar to developers who have used existing native USB libraries and exposes the device interfaces defined by existing specifications. With this API hardware manufacturers will have the ability to build cross- Platform JavaScript SDKs for their devices. This will be good for the Web because, instead of waiting for a new kind of device to be popular enough for browsers to provide a specific API, new and innovative hardware can be built for the Web from day one."

A common inhibitor to IoT acceleration is waiting for a hardware manufacturer to develop a custom API for an individual piece of hardware. While this API might seem like a universal solution to this problem, the WebUSB API does not grant immediate Web access to any piece of hardware with a USB port. Rather, the API serves as a standard technology that Web developers can adopt within products and hardware manufacturers can build devices with Web capabilities out of the box.

The foremost concern with anything that touches IoT is security. Red flags immediately go up when one learns that USB becomes the connector between a device and the Web. After all, USB devices and computers automatically trust each other, without required Authentication steps. Grant and Rockot address the security concerns with a CORS-like security system. The WebUSB security protocol treats each USB devices as a separate source, similar to the way CORS treats Web domains separately. In turn, developers must specifically call out what device receives access, and then prompt users for authorization on a per site basis.

The WebUSB API is backward compatible to allow for USB-enabled devices manufactured before the API release to operate without custom firmware. The API is available at the WICG website. It remains unofficial for the time being. Developers and manufacturers who wish to participate in its development should visit the GitHub site

Be sure to read the next Internet of Things article: Survey Highlights Security Concern Among IoT Developers