Hi guys, Excuse my dumbness but I'm not really getting it. How do you define in the ACL which resources are DISCOVERABLE? Because even if oic/res/ ask the client to authenticate, if I gave access to /oic/res/, the client will be able to discover any resource by only knowing it's type. Sure, the client won't be able to make changes on the resources, or see it's values. But the client will know that the resource exists...
Can you guys give me some light as how to proper secure the discovery of resources? Thanks in advance, Eduardo Maia 2018-01-12 18:09 GMT-03:00 Mats Wichmann <m...@wichmann.us>: > On 01/12/2018 01:46 PM, Gregg Reynolds wrote: > > On Jan 12, 2018 2:24 PM, "Thiago Macieira" <thiago.macie...@intel.com> > > wrote: > > > > On Friday, 12 January 2018 09:24:28 PST Filipe de Melo Silva wrote: > >> So, are you saying that is impossible to reproduce this situation? > > Suppose > >> that we have a resource that can be discovered ONLY by a certain kind of > >> users (ex.: Administrators), does IoTivity support it? > > > > I'm not sure that's a valid use-case. It may be that all resources are > > discoverable, > > > > > > As I read the spec, Discovery (which is really just RETRIEVE) is just > like > > any other request: maybe secure (i.e. authenticated), maybe not. Secure > GET > > /oic/res requires an authenticated client, and only exposes resources for > > which that client is authorized. So it is not the case that all resources > > are discoverable by any client. > > > > G > > > The essence of the trick is if you perform discovery on a device using > its' /oic/res, it has to answer, but it doesn't have to answer revealing > anything private, it can instead respond effectively with "call me back > on a secure line and we can talk". Then when you then do that, the acls > are applied. > > _______________________________________________ > iotivity-dev mailing list > iotivity-dev@lists.iotivity.org > https://lists.iotivity.org/mailman/listinfo/iotivity-dev >
_______________________________________________ iotivity-dev mailing list iotivity-dev@lists.iotivity.org https://lists.iotivity.org/mailman/listinfo/iotivity-dev
