Hi Security experts,
First of all, thanks for documenting so well the design and implementation of
the Security model for IoTivity, this has been very helpful to me so far. I
have a couple of questions after reading some of the email threads and wiki
docs:
1. IIRC, one of the rationale for adopting CBOR as the only mandatory payload
encoding was to keep the IoTivity stack as slim and efficient as possible which
is very important for constrained devices. Doesn't the Resource Manager use of
JSON go against that logic?
2. Will there be some sort of OIC-issued certificate or credentials for devices
that have passed the OIC compliance testing?
A sub-question is whether the device manufacturer would have to be a
member of OIC to take his product through certification and use such
certificate/credentials?
On an unrelated note, would it be possible to make the IoTivitiy-dev mailing
list archives searchable?
Thanks,
Geoffroy
Technical Marketing Engineer Manager
Open-Source Technology Centre
Tel: +32 (0)3 450 0851
-----------------------------------------------
Intel Corporation NV/SA
Kings Square, Veldkant 31
2550 Kontich
RPM (Bruxelles) 0415.497.718.
Citibank, Brussels, account 570/1031255/09
