Hi,
We just posted an article at 01.org
<https://01.org/blogs/ttzeng/2017/securely-accessing-iot-devices-based-javascript>
talking
few security concept in IoTivity. Though we were using iotivity-node as an
example, I think the following steps would get your Client accesses to the
Server securely:
(1) your Server need to register the resource with ResourceProperty.SECURE
flag in order to use the secured endpoint;
(2) allow the "auth-crypt" connection requests in the SVD dB;
(3) use an Onboarding Tool to establish ownership with both the Client and
the Server;
(4) mutual install the credentials of each other by pairing the devices
with the OBT
Regards,
Tonny
On 17 December 2017 at 14:38, Max Kholmyansky <max...@gmail.com> wrote:
> Hi Arthur,
>
> You should be able to communicate between the client and the server on
> Android, using SECURED=1 library.
>
> First, to set your "di" (client or server) - you need to specify the "di"
> value inside the DAT file (containing security information) - you can look
> at the samples. I never succeeded with setting the "di" using API, and I
> don't know if it's supported.
>
> Second, even using SECURED=1, in the server, you can allow any client
> (even not authenticated) to access any resource.
> The relevant ACL entry looks like: (you may need to change the "aceid"):
> {
>
> "aceid": 5,
> "subject": { "conntype": "anon-clear" },
> "resources": [
> { "href": "*" }
> ],
> "permission": 14
> }
>
> This is definitely not the way to configure it in production, but it should
> allow you to keep developing, without caring about access permissions for a
> while.
>
>
> Max
>
>
>
>
>
> On Thu, Dec 14, 2017 at 8:54 PM, Arthur Barros Lapprand <a...@cin.ufpe.br>
> wrote:
>
>> Hi all,
>>
>> I have a few beginner-leveled questions about secure mode in Android. Let
>> me explain the situation:
>>
>> I have created two apps (one for Server/Controlee and the other for the
>> Client/Controller) and I'm able to FIND and GET/POST/OBSERVE them without
>> problems. As this is a simple example, I now want to do the same things but
>> with SECURED=1. I should note that I am usually running both apps in the
>> same device (not the emulator, but my cellphone).
>>
>> So I started looking everywhere and discovered I could do this with a
>> local ACL and supposedly everything would be ok. Turns out it didn't, which
>> is why I am here. So my questions are:
>>
>> - Do I need anything else to use the SECURED flag in Android apart from
>> registering resource as secure and passing the ACL to the PlatformConfig
>> and configure it?
>>
>> - I read that when configuring the Platform with an ACL the DeviceID
>> should be set with the ID inside it. So as it failed I tried debugging the
>> ID, which led me to confusion about PlatformID and DeviceID. When loading
>> the ACL the DeviceID comes as a random byte[]. However, I can set the
>> DeviceID in the code and retrieve it just fine. The thing is, the ID
>> recieved by the Client (ServerID) isn't the same I set in the code. I'm not
>> sure if it's something about the encoding tricking me or if it's something
>> else. Can someone please shed me some light?
>>
>> In short, the Client can find the resources (they are registered with
>> SECURE type) but can't make a correct GET/POST/OBSERVE request, returning
>> UNAUTHORIZED_REQ. Any tips about this flag and Android are welcome.
>>
>> Sorry for the long post, thank you in advance!
>>
>> _______________________________________________
>> iotivity-dev mailing list
>> iotivity-dev@lists.iotivity.org
>> https://lists.iotivity.org/mailman/listinfo/iotivity-dev
>>
>>
>
> _______________________________________________
> iotivity-dev mailing list
> iotivity-dev@lists.iotivity.org
> https://lists.iotivity.org/mailman/listinfo/iotivity-dev
>
>
_______________________________________________
iotivity-dev mailing list
iotivity-dev@lists.iotivity.org
https://lists.iotivity.org/mailman/listinfo/iotivity-dev
