Anyone have any input on this? Am I not on the right track?
On Wed, Jul 27, 2016 at 11:47 AM Carl Dunham <carl at oneid.com> wrote:
> Hi, all,
>
> I'm just getting started with iotivity, so my apologies of this has been
> covered before, or if I've just skipped a step somewhere.
>
> I am trying to work through an application that includes some app-specific
> authentication. It looks like that would be straight-forward, by
> calling SRMRegisterHandler() with a request handler to do what I need to
> do. However, I would also like to use DTLS and have specified SECURE=1.
> The SRMRegisterHandler method has this code:
>
> #if defined(__WITH_DTLS__)
> CARegisterHandler(SRMRequestHandler, SRMResponseHandler,
> SRMErrorHandler);
> #else
> CARegisterHandler(reqHandler, respHandler, errHandler);
> #endif /* __WITH_DTLS__ */
>
> Which passes the buck to SRMRequestHandler(), but that method calls
> reqHandler thusly:
>
> if (IsAccessGranted(response) && gRequestHandler)
> {
> gRequestHandler(endPoint, requestInfo);
> return;
> }
>
> Meaning that it is already checking for authorization before I have a
> chance to check authenticity of the request and subject. Not a huge deal,
> perhaps, but I'd like to avoid spending resources on bogus requests.
>
> Should I be instead trying to inject something in at the DTLS level? I was
> hoping to just layer on top of that, and perhaps have an interface to
> SRMRegisterHandler
> that would separate the concerns of authentication and authorization, so I
> could leverage the infrastructure already in place for the PE, etc., but
> just add my bit of authentication at the front end of the process (post
> transport-level authentication).
>
> Hope that makes sense.
>
> Thanks!
>
> Carl
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20160729/604247f7/attachment.html>
