Sorry I meant I want to state this, not a few things, hehe. Basically I
want to focus on local ACL permissions without dealing with the whole
device ownership and pairing process. Thank you again!

2017-12-18 10:12 GMT-03:00 Arthur Barros Lapprand <a...@cin.ufpe.br>:

> Hi, thank you for the quick replies!
>
> @Max
>
>> I never succeeded with setting the "di" using API
>>
>
> I also never succeeded. However, since there was a recent release I should
> first give it a try.
>
> @Tonny
> I had an overview of the article. Very interesting indeed! But it uses
> javascript which isn't what I'm looking for this particular problem.
> Nonetheless, it is related to security 😁. Since I didn't have the time to
> read it in detail yet I may be saying things that are answered there, so
> pardon me in advance if you may. I need to state a few things:
>
> (3) use an Onboarding Tool to establish ownership with both the Client and
>> the Server;
>
> (4) mutual install the credentials of each other by pairing the devices
>> with the OBT
>>
> I'm trying to simulate these by setting the device owner through the ACL
> for development purposes.
>
>
>
> 2017-12-17 5:16 GMT-03:00 Tonny Tzeng <tonny.tz...@gmail.com>:
>
>> Hi,
>>
>> We just posted an article at 01.org
>> <https://01.org/blogs/ttzeng/2017/securely-accessing-iot-devices-based-javascript>
>>  talking
>> few security concept in IoTivity. Though we were using iotivity-node as an
>> example, I think the following steps would get your Client accesses to the
>> Server securely:
>> (1) your Server need to register the resource with
>> ResourceProperty.SECURE flag in order to use the secured endpoint;
>> (2) allow the "auth-crypt" connection requests in the SVD dB;
>> (3) use an Onboarding Tool to establish ownership with both the Client
>> and the Server;
>> (4) mutual install the credentials of each other by pairing the devices
>> with the OBT
>>
>> Regards,
>> Tonny
>>
>> On 17 December 2017 at 14:38, Max Kholmyansky <max...@gmail.com> wrote:
>>
>>> Hi Arthur,
>>>
>>> You should be able to communicate between the client and the server on
>>> Android, using SECURED=1 library.
>>>
>>> First, to set your "di" (client or server) - you need to specify the
>>> "di" value inside the DAT file (containing security information) - you can
>>> look at the samples. I never succeeded with setting the "di" using API, and
>>> I don't know if it's supported.
>>>
>>> Second, even using SECURED=1, in the server, you can allow any client
>>> (even not authenticated) to access any resource.
>>> The relevant ACL entry looks like: (you may need to change the "aceid"):
>>> {
>>>
>>>     "aceid": 5,
>>>     "subject": { "conntype": "anon-clear" },
>>>     "resources": [
>>>         { "href": "*" }
>>>     ],
>>>     "permission": 14
>>> }
>>>
>>> This is definitely not the way to configure it in production, but it should 
>>> allow you to keep developing, without caring about access permissions for a 
>>> while.
>>>
>>>
>>> Max
>>>
>>>
>>>
>>>
>>>
>>> On Thu, Dec 14, 2017 at 8:54 PM, Arthur Barros Lapprand <
>>> a...@cin.ufpe.br> wrote:
>>>
>>>> Hi all,
>>>>
>>>> I have a few beginner-leveled questions about secure mode in Android.
>>>> Let me explain the situation:
>>>>
>>>> I have created two apps (one for Server/Controlee and the other for the
>>>> Client/Controller) and I'm able to FIND and GET/POST/OBSERVE them without
>>>> problems. As this is a simple example, I now want to do the same things but
>>>> with SECURED=1. I should note that I am usually running both apps in the
>>>> same device (not the emulator, but my cellphone).
>>>>
>>>> So I started looking everywhere and discovered I could do this with a
>>>> local ACL and supposedly everything would be ok. Turns out it didn't, which
>>>> is why I am here. So my questions are:
>>>>
>>>> - Do I need anything else to use the SECURED flag in Android apart from
>>>> registering resource as secure and passing the ACL to the PlatformConfig
>>>> and configure it?
>>>>
>>>> - I read that when configuring the Platform with an ACL the DeviceID
>>>> should be set with the ID inside it. So as it failed I tried debugging the
>>>> ID, which led me to confusion about PlatformID and DeviceID. When loading
>>>> the ACL the DeviceID comes as a random byte[]. However, I can set the
>>>> DeviceID in the code and retrieve it just fine. The thing is, the ID
>>>> recieved by the Client (ServerID) isn't the same I set in the code. I'm not
>>>> sure if it's something about the encoding tricking me or if it's something
>>>> else. Can someone please shed me some light?
>>>>
>>>> In short, the Client can find the resources (they are registered with
>>>> SECURE type) but can't make a correct GET/POST/OBSERVE request, returning
>>>> UNAUTHORIZED_REQ. Any tips about this flag and Android are welcome.
>>>>
>>>> Sorry for the long post, thank you in advance!
>>>>
>>>> _______________________________________________
>>>> iotivity-dev mailing list
>>>> iotivity-dev@lists.iotivity.org
>>>> https://lists.iotivity.org/mailman/listinfo/iotivity-dev
>>>>
>>>>
>>>
>>> _______________________________________________
>>> iotivity-dev mailing list
>>> iotivity-dev@lists.iotivity.org
>>> https://lists.iotivity.org/mailman/listinfo/iotivity-dev
>>>
>>>
>>
>
_______________________________________________
iotivity-dev mailing list
iotivity-dev@lists.iotivity.org
https://lists.iotivity.org/mailman/listinfo/iotivity-dev

Reply via email to