From Unmanaged Streams to Governed Spatial Workflows
Oasis is an IEEE 2874-compliant integration platform that connects IoT devices, machines, and services into managed, observable, spatially-aware data streams. It combines enterprise integration, IoT device governance, and Spatial Web identity management into a single platform.
Your Streams Are Running. Nobody’s Watching.
IoT sensors push telemetry. Industrial controllers exchange commands. Services call APIs. ERPs sync with supply chains.
Most of this traffic runs unmanaged — no visibility into what’s flowing, no control over how it behaves, no integration with your business processes. Devices have no verifiable identity. There’s no spatial context for where data originates or where it’s consumed. When something breaks, you find out from the impact, not the cause.
Traditional tools don’t solve this. Firewalls see ports, not protocols. API gateways expect REST, not industrial controllers. SIEM systems log events but can’t govern streams. Integration middleware connects systems but ignores security and spatial context.
Oasis closes the gap between connectivity and control — with standards-based spatial identity and governance built in.
IEEE 2874 Spatial Web Protocol
Oasis implements the IEEE 2874-2025 standard — Spatial Web Protocol, Architecture and Governance. This gives every device, service, and data stream a verifiable spatial identity and places it within a governed domain graph.
Spatial Web Identifiers
Every entity in Oasis — devices, services, domains, credentials, contracts — receives a W3C DID-compliant Spatial Web Identifier (SWID). Persistent, globally unique, and cryptographically verifiable. No more MAC addresses, IP assignments, or proprietary device IDs as the source of truth.
Universal Domain Graph
All entities and their relationships are maintained in a persistent domain graph with full event history. Spatial range queries, graph traversal, semantic filtering, and real-time status tracking — across domains, organizations, and geographic boundaries. The graph persists across restarts and supports federated queries across distributed nodes.
Transaction Protocol
A complete transaction protocol covering domain management, agent registration, credential verification, contract governance, and spatial queries. Every operation is authenticated, authorized, logged, and auditable — with support for HTTP, MQTT, WebSocket, and CoAP transport bindings.
Make Every Stream a Managed Stream
Oasis sits at the boundary between unmanaged and managed. It takes raw streams from any source — IoT devices, industrial protocols, APIs, message queues — and brings them into a governed workflow where they can be observed, validated, transformed, and routed.
Connect
300+ protocol connectors covering IoT, industrial, enterprise, and cloud protocols. Native support for MQTT, CoAP, HTTP, TCP, and WebSocket — with automatic device registration and spatial identity assignment. If your device or system can send data, Oasis can ingest it.
Govern
Channel and endpoint security applied to every integration route. Device identity verification through Spatial Web credentials, per-device rate limiting, payload validation, contract-based access policies, and automated credential lifecycle management. Streams behave predictably and only authorized sources participate.
Transform
Schema mapping, format conversion, enrichment, and filtering. Raw telemetry becomes structured business data. Oasis normalizes across formats so downstream systems receive what they expect.
Route
Deliver to the right destination with delivery guarantees. Data warehouses, SIEMs, dashboards, workflow engines, or downstream services. Fan-out to multiple consumers with independent delivery policies per destination. Real-time WebSocket broadcast for live telemetry dashboards.
Observe
Every message tracked. Every decision logged. Full audit trail for compliance. Real-time metrics on entity counts, operation throughput, agent status, and alert conditions — with threshold-based alerting when streams deviate from expected patterns.
IoT Device Governance
Purpose-built IoT capabilities that go beyond simple telemetry ingestion.
Device Lifecycle Management
Every device receives a Spatial Web identity at registration. Heartbeat monitoring automatically detects unresponsive devices and updates their status. The full device lifecycle — from provisioning through decommissioning — is tracked and auditable.
Digital Twins
Each physical device can have a corresponding digital twin in the domain graph. Telemetry readings update the twin’s state in real time. Query the digital twin to get the latest known state of any device without polling the physical hardware.
Telemetry Alerting
Define threshold rules per device or globally. When telemetry readings exceed configured limits, alerts are generated and persisted automatically. No external alerting infrastructure required — it’s built into the platform.
Contract Enforcement
Multi-party contracts govern device access and data sharing. Oasis continuously enforces contract terms and automatically terminates expired agreements. Spatial Web credentials tied to contracts ensure that access revocation is immediate and verifiable.
Bidirectional Device Communication
Not just telemetry collection — Oasis supports command push to devices for firmware updates, configuration changes, and remote actuation. Commands are tracked, auditable, and governed by the same security policies as inbound telemetry.
Enterprise Integration Engine
Oasis is built on a proven enterprise integration framework with 300+ pre-built protocol connectors. This gives you proven message routing patterns, protocol mediation without custom code, and an active ecosystem with broad connector coverage.
What Oasis adds: IEEE 2874 spatial identity, channel-level and endpoint-level security governance, persistent domain graph with event sourcing, device lifecycle management, digital twins, telemetry alerting, and multi-node federation — capabilities that don’t exist in any integration framework natively.
How It Works
1. Register — Devices and services receive Spatial Web Identifiers and are placed into the domain graph. Relationships, capabilities, and access credentials are established.
2. Ingest — Connect to any source using 300+ protocol connectors. Industrial sensors, cloud APIs, message brokers, constrained IoT devices via CoAP, real-time streams via WebSocket.
3. Secure — Apply identity, rate, and payload policies at the channel level. Devices authenticate via Spatial Web credentials before data flows. Streams are validated against expected behavior. Per-device rate limits prevent abuse.
4. Process — Transform, enrich, filter, and validate data in-stream. Normalize formats, apply business logic, evaluate alert thresholds, update digital twins. Detect anomalies in real time.
5. Route — Deliver to one or many destinations with guaranteed delivery. Data warehouses, monitoring systems, workflow engines, downstream services. Real-time broadcast via WebSocket for live dashboards.
6. Govern — Contracts enforce multi-party agreements automatically. Expired contracts are terminated. Revoked credentials take immediate effect. Every message, every decision, every policy version — logged and traceable.
Use Cases
IoT Fleet Management
Thousands of sensors, one integration layer. Every device gets a Spatial Web identity. Heartbeat monitoring detects failures automatically. Digital twins maintain the latest state of every device. Threshold alerting catches anomalies before they become incidents. Normalize telemetry from heterogeneous devices and route to analytics platforms.
Industrial Data Integration
Connect PLCs, SCADA systems, and MES to IT systems. Protocol mediation between OPC-UA, Modbus, and enterprise APIs — with Spatial Web credential verification and contract-based access governance. Bridge the IT/OT divide without exposing either side.
Smart Building & Facility Management
Geospatially organized domain graph maps every sensor, controller, and zone. Spatial range queries locate devices by physical area. Digital twins track room conditions in real time. Contract-governed access ensures tenants only see their own data.
Service Orchestration
Govern service-to-service communication across your application landscape. Rate limits, credential-based access control, contract validation, circuit breaking, and delivery guarantees. Make microservice integration observable and controllable.
Compliance Pipelines
Generate audit-grade evidence from operational streams. The domain graph provides complete provenance — which device produced which data, through which credentials, under which contract. Map data flows to NIS2, DORA, and IEC 62443 requirements automatically.
Federation & Multi-Node Deployment
Oasis nodes can federate across organizational and geographic boundaries. Each node maintains its own domain graph while forwarding cross-domain queries transparently. This enables distributed IoT deployments where devices in different locations are managed by different Oasis instances but participate in a shared governance framework.
Deployment
Gateway Mode
Inline integration and enforcement at network boundaries. Inspect, transform, and route all traffic passing through.
Sidecar Mode
Per-service deployment in containerized environments. Scales with your application workloads.
Agent Mode
Lightweight integration agent on constrained devices or edge nodes. CoAP support for resource-limited hardware. Minimal footprint, full governance.
Federated Mode
Multi-node deployment with domain graph federation. Each node governs locally while participating in a shared spatial identity framework.
Standards Compliance
Oasis doesn’t invent proprietary protocols. It implements established standards — giving you interoperability, audit defensibility, and vendor independence.
IEEE 2874-2025
Spatial Web Protocol, Architecture and Governance. Full implementation of entity modeling, transaction protocol, and domain graph specifications.
W3C DID-core
Decentralized Identifier format for all Spatial Web Identifiers. Interoperable, self-sovereign, and cryptographically verifiable.
MQTT 5.0 & CoAP
Native IoT protocol support for constrained and standard devices. No protocol translation required at the device level.
HMAC-SHA256
Industry-standard device authentication signatures for machine-to-machine communication. Replay-resistant, timestamp-validated.
Your streams are already running. Oasis makes them spatially governed.
Contact us to discuss your integration landscape and how Oasis fits your workflow.