On Jul 29, 2016 5:03 PM, "Carl Dunham" <carl at oneid.com> wrote:
>
> Anyone have any input on this? Am I not on the right track?
>
Hi Carl,
Alas, I cannot help you. But I can offer this: Iotivity is still very
young, and has not yet evolved the kind of community that offers quick
answers to questions like yours. I've posted many questions that got no
response at all, but I've also gotten lots of helpful responses - just not
immediately, always, but sometimes immediately. Keep asking.
gregg
>
> On Wed, Jul 27, 2016 at 11:47 AM Carl Dunham <carl at oneid.com> wrote:
>>
>> Hi, all,
>>
>> I'm just getting started with iotivity, so my apologies of this has been
covered before, or if I've just skipped a step somewhere.
>>
>> I am trying to work through an application that includes some
app-specific authentication. It looks like that would be straight-forward,
by calling SRMRegisterHandler() with a request handler to do what I need to
do. However, I would also like to use DTLS and have specified SECURE=1.
The SRMRegisterHandler method has this code:
>>
>> #if defined(__WITH_DTLS__)
>> CARegisterHandler(SRMRequestHandler, SRMResponseHandler,
SRMErrorHandler);
>> #else
>> CARegisterHandler(reqHandler, respHandler, errHandler);
>> #endif /* __WITH_DTLS__ */
>>
>> Which passes the buck to SRMRequestHandler(), but that method calls
reqHandler thusly:
>>
>> if (IsAccessGranted(response) && gRequestHandler)
>> {
>> gRequestHandler(endPoint, requestInfo);
>> return;
>> }
>>
>> Meaning that it is already checking for authorization before I have a
chance to check authenticity of the request and subject. Not a huge deal,
perhaps, but I'd like to avoid spending resources on bogus requests.
>>
>> Should I be instead trying to inject something in at the DTLS level? I
was hoping to just layer on top of that, and perhaps have an interface
to SRMRegisterHandler that would separate the concerns of authentication
and authorization, so I could leverage the infrastructure already in place
for the PE, etc., but just add my bit of authentication at the front end of
the process (post transport-level authentication).
>>
>> Hope that makes sense.
>>
>> Thanks!
>>
>> Carl
>
>
> _______________________________________________
> iotivity-dev mailing list
> iotivity-dev at lists.iotivity.org
> https://lists.iotivity.org/mailman/listinfo/iotivity-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20160729/e8182e6d/attachment.html>
