Hi Goeffrey, and thanks, glad you are finding the documentation useful.
The decision to adopt CBOR wasn't final until just recently, after we were
already finished with implementation using JSON. Our plan is to migrate the
security modules to CBOR as soon as CBOR is fully integrated with the core.
The OIC security architecture allows a vendor to use whatever certificate or
signing authority they might choose, and we do not control what certificates
are or are not provisioned to the device.
This is however separate from any certification process, which is not directly
related security. Maybe someone else can speak to the existence of such a
process, I do not know.
If you have any further questions please don't hesitate to ask.
Thanks,
Nathan
On Jun 2, 2015 5:02 AM, "VanCutsem, Geoffroy" <geoffroy.vancutsem at intel.com>
wrote:
Hi Security experts,
First of all, thanks for documenting so well the design and implementation of
the Security model for IoTivity, this has been very helpful to me so far. I
have a couple of questions after reading some of the email threads and wiki
docs:
1. IIRC, one of the rationale for adopting CBOR as the only mandatory payload
encoding was to keep the IoTivity stack as slim and efficient as possible which
is very important for constrained devices. Doesn't the Resource Manager use of
JSON go against that logic?
2. Will there be some sort of OIC-issued certificate or credentials for devices
that have passed the OIC compliance testing?
A sub-question is whether the device manufacturer would have to be a
member of OIC to take his product through certification and use such
certificate/credentials?
On an unrelated note, would it be possible to make the IoTivitiy-dev mailing
list archives searchable?
Thanks,
Geoffroy
Technical Marketing Engineer Manager
Open-Source Technology Centre
Tel: +32 (0)3 450 0851
-----------------------------------------------
Intel Corporation NV/SA
Kings Square, Veldkant 31
2550 Kontich
RPM (Bruxelles) 0415.497.718.
Citibank, Brussels, account 570/1031255/09
_______________________________________________
iotivity-dev mailing list
iotivity-dev at lists.iotivity.org
https://lists.iotivity.org/mailman/listinfo/iotivity-dev
