Hi, thank you for the quick replies! @Max
> I never succeeded with setting the "di" using API > I also never succeeded. However, since there was a recent release I should first give it a try. @Tonny I had an overview of the article. Very interesting indeed! But it uses javascript which isn't what I'm looking for this particular problem. Nonetheless, it is related to security 😁. Since I didn't have the time to read it in detail yet I may be saying things that are answered there, so pardon me in advance if you may. I need to state a few things: (3) use an Onboarding Tool to establish ownership with both the Client and > the Server; (4) mutual install the credentials of each other by pairing the devices > with the OBT > I'm trying to simulate these by setting the device owner through the ACL for development purposes. 2017-12-17 5:16 GMT-03:00 Tonny Tzeng <tonny.tz...@gmail.com>: > Hi, > > We just posted an article at 01.org > <https://01.org/blogs/ttzeng/2017/securely-accessing-iot-devices-based-javascript> > talking > few security concept in IoTivity. Though we were using iotivity-node as an > example, I think the following steps would get your Client accesses to the > Server securely: > (1) your Server need to register the resource with ResourceProperty.SECURE > flag in order to use the secured endpoint; > (2) allow the "auth-crypt" connection requests in the SVD dB; > (3) use an Onboarding Tool to establish ownership with both the Client and > the Server; > (4) mutual install the credentials of each other by pairing the devices > with the OBT > > Regards, > Tonny > > On 17 December 2017 at 14:38, Max Kholmyansky <max...@gmail.com> wrote: > >> Hi Arthur, >> >> You should be able to communicate between the client and the server on >> Android, using SECURED=1 library. >> >> First, to set your "di" (client or server) - you need to specify the "di" >> value inside the DAT file (containing security information) - you can look >> at the samples. I never succeeded with setting the "di" using API, and I >> don't know if it's supported. >> >> Second, even using SECURED=1, in the server, you can allow any client >> (even not authenticated) to access any resource. >> The relevant ACL entry looks like: (you may need to change the "aceid"): >> { >> >> "aceid": 5, >> "subject": { "conntype": "anon-clear" }, >> "resources": [ >> { "href": "*" } >> ], >> "permission": 14 >> } >> >> This is definitely not the way to configure it in production, but it should >> allow you to keep developing, without caring about access permissions for a >> while. >> >> >> Max >> >> >> >> >> >> On Thu, Dec 14, 2017 at 8:54 PM, Arthur Barros Lapprand <a...@cin.ufpe.br >> > wrote: >> >>> Hi all, >>> >>> I have a few beginner-leveled questions about secure mode in Android. >>> Let me explain the situation: >>> >>> I have created two apps (one for Server/Controlee and the other for the >>> Client/Controller) and I'm able to FIND and GET/POST/OBSERVE them without >>> problems. As this is a simple example, I now want to do the same things but >>> with SECURED=1. I should note that I am usually running both apps in the >>> same device (not the emulator, but my cellphone). >>> >>> So I started looking everywhere and discovered I could do this with a >>> local ACL and supposedly everything would be ok. Turns out it didn't, which >>> is why I am here. So my questions are: >>> >>> - Do I need anything else to use the SECURED flag in Android apart from >>> registering resource as secure and passing the ACL to the PlatformConfig >>> and configure it? >>> >>> - I read that when configuring the Platform with an ACL the DeviceID >>> should be set with the ID inside it. So as it failed I tried debugging the >>> ID, which led me to confusion about PlatformID and DeviceID. When loading >>> the ACL the DeviceID comes as a random byte[]. However, I can set the >>> DeviceID in the code and retrieve it just fine. The thing is, the ID >>> recieved by the Client (ServerID) isn't the same I set in the code. I'm not >>> sure if it's something about the encoding tricking me or if it's something >>> else. Can someone please shed me some light? >>> >>> In short, the Client can find the resources (they are registered with >>> SECURE type) but can't make a correct GET/POST/OBSERVE request, returning >>> UNAUTHORIZED_REQ. Any tips about this flag and Android are welcome. >>> >>> Sorry for the long post, thank you in advance! >>> >>> _______________________________________________ >>> iotivity-dev mailing list >>> iotivity-dev@lists.iotivity.org >>> https://lists.iotivity.org/mailman/listinfo/iotivity-dev >>> >>> >> >> _______________________________________________ >> iotivity-dev mailing list >> iotivity-dev@lists.iotivity.org >> https://lists.iotivity.org/mailman/listinfo/iotivity-dev >> >> >
_______________________________________________ iotivity-dev mailing list iotivity-dev@lists.iotivity.org https://lists.iotivity.org/mailman/listinfo/iotivity-dev
