On Jan 22, 2018 12:37 AM, "Tonny Tzeng" <tonny.tz...@gmail.com> wrote:
I'm pretty sure, from my experiments, the device owner can't access to an application resource if it does not have proper ACE setup. Our smart home companion app <https://github.com/intel/SmartHome-Demo/tree/master/smarthome-companion> has two roles -- a resource client, and a provisioning client, if a device does not have ACE for the application resource, it can't be accessed even from the device owner. Yes. My reading the spec is that *every* resource must be guarded by an ACE - even "open" resources that can be accessed by anybody over an unsecure channel. That can only happen if the resource is guarded by an ACE with a subject wildcard (anon-something, I forget). A resource without an ACE is inaccesible, regardless of authentication. G
_______________________________________________ iotivity-dev mailing list iotivity-dev@lists.iotivity.org https://lists.iotivity.org/mailman/listinfo/iotivity-dev
