Sorry I meant I want to state this, not a few things, hehe. Basically I want to focus on local ACL permissions without dealing with the whole device ownership and pairing process. Thank you again!
2017-12-18 10:12 GMT-03:00 Arthur Barros Lapprand <a...@cin.ufpe.br>: > Hi, thank you for the quick replies! > > @Max > >> I never succeeded with setting the "di" using API >> > > I also never succeeded. However, since there was a recent release I should > first give it a try. > > @Tonny > I had an overview of the article. Very interesting indeed! But it uses > javascript which isn't what I'm looking for this particular problem. > Nonetheless, it is related to security 😁. Since I didn't have the time to > read it in detail yet I may be saying things that are answered there, so > pardon me in advance if you may. I need to state a few things: > > (3) use an Onboarding Tool to establish ownership with both the Client and >> the Server; > > (4) mutual install the credentials of each other by pairing the devices >> with the OBT >> > I'm trying to simulate these by setting the device owner through the ACL > for development purposes. > > > > 2017-12-17 5:16 GMT-03:00 Tonny Tzeng <tonny.tz...@gmail.com>: > >> Hi, >> >> We just posted an article at 01.org >> <https://01.org/blogs/ttzeng/2017/securely-accessing-iot-devices-based-javascript> >> talking >> few security concept in IoTivity. Though we were using iotivity-node as an >> example, I think the following steps would get your Client accesses to the >> Server securely: >> (1) your Server need to register the resource with >> ResourceProperty.SECURE flag in order to use the secured endpoint; >> (2) allow the "auth-crypt" connection requests in the SVD dB; >> (3) use an Onboarding Tool to establish ownership with both the Client >> and the Server; >> (4) mutual install the credentials of each other by pairing the devices >> with the OBT >> >> Regards, >> Tonny >> >> On 17 December 2017 at 14:38, Max Kholmyansky <max...@gmail.com> wrote: >> >>> Hi Arthur, >>> >>> You should be able to communicate between the client and the server on >>> Android, using SECURED=1 library. >>> >>> First, to set your "di" (client or server) - you need to specify the >>> "di" value inside the DAT file (containing security information) - you can >>> look at the samples. I never succeeded with setting the "di" using API, and >>> I don't know if it's supported. >>> >>> Second, even using SECURED=1, in the server, you can allow any client >>> (even not authenticated) to access any resource. >>> The relevant ACL entry looks like: (you may need to change the "aceid"): >>> { >>> >>> "aceid": 5, >>> "subject": { "conntype": "anon-clear" }, >>> "resources": [ >>> { "href": "*" } >>> ], >>> "permission": 14 >>> } >>> >>> This is definitely not the way to configure it in production, but it should >>> allow you to keep developing, without caring about access permissions for a >>> while. >>> >>> >>> Max >>> >>> >>> >>> >>> >>> On Thu, Dec 14, 2017 at 8:54 PM, Arthur Barros Lapprand < >>> a...@cin.ufpe.br> wrote: >>> >>>> Hi all, >>>> >>>> I have a few beginner-leveled questions about secure mode in Android. >>>> Let me explain the situation: >>>> >>>> I have created two apps (one for Server/Controlee and the other for the >>>> Client/Controller) and I'm able to FIND and GET/POST/OBSERVE them without >>>> problems. As this is a simple example, I now want to do the same things but >>>> with SECURED=1. I should note that I am usually running both apps in the >>>> same device (not the emulator, but my cellphone). >>>> >>>> So I started looking everywhere and discovered I could do this with a >>>> local ACL and supposedly everything would be ok. Turns out it didn't, which >>>> is why I am here. So my questions are: >>>> >>>> - Do I need anything else to use the SECURED flag in Android apart from >>>> registering resource as secure and passing the ACL to the PlatformConfig >>>> and configure it? >>>> >>>> - I read that when configuring the Platform with an ACL the DeviceID >>>> should be set with the ID inside it. So as it failed I tried debugging the >>>> ID, which led me to confusion about PlatformID and DeviceID. When loading >>>> the ACL the DeviceID comes as a random byte[]. However, I can set the >>>> DeviceID in the code and retrieve it just fine. The thing is, the ID >>>> recieved by the Client (ServerID) isn't the same I set in the code. I'm not >>>> sure if it's something about the encoding tricking me or if it's something >>>> else. Can someone please shed me some light? >>>> >>>> In short, the Client can find the resources (they are registered with >>>> SECURE type) but can't make a correct GET/POST/OBSERVE request, returning >>>> UNAUTHORIZED_REQ. Any tips about this flag and Android are welcome. >>>> >>>> Sorry for the long post, thank you in advance! >>>> >>>> _______________________________________________ >>>> iotivity-dev mailing list >>>> iotivity-dev@lists.iotivity.org >>>> https://lists.iotivity.org/mailman/listinfo/iotivity-dev >>>> >>>> >>> >>> _______________________________________________ >>> iotivity-dev mailing list >>> iotivity-dev@lists.iotivity.org >>> https://lists.iotivity.org/mailman/listinfo/iotivity-dev >>> >>> >> >
_______________________________________________ iotivity-dev mailing list iotivity-dev@lists.iotivity.org https://lists.iotivity.org/mailman/listinfo/iotivity-dev