Dear Gregg and Tonny, Thank you for clarifying my confusion. After following your guiding to use the OcResource.setHost() method and with a proper subject wildcard ACE, my Android client can access secured application resources.
Best Regards, ChiaYu From: Gregg Reynolds [mailto:d...@mobileink.com] Sent: Tuesday, January 23, 2018 5:16 AM To: Tonny Tzeng Cc: Chiayu Wu (吳嘉彧); iotivity-dev; Derek Lin (林俊文) Subject: Re: [dev] FW: Android SECURED mode On Jan 22, 2018 12:37 AM, "Tonny Tzeng" <tonny.tz...@gmail.com<mailto:tonny.tz...@gmail.com>> wrote: I'm pretty sure, from my experiments, the device owner can't access to an application resource if it does not have proper ACE setup. Our smart home companion app<https://github.com/intel/SmartHome-Demo/tree/master/smarthome-companion> has two roles -- a resource client, and a provisioning client, if a device does not have ACE for the application resource, it can't be accessed even from the device owner. Yes. My reading the spec is that *every* resource must be guarded by an ACE - even "open" resources that can be accessed by anybody over an unsecure channel. That can only happen if the resource is guarded by an ACE with a subject wildcard (anon-something, I forget). A resource without an ACE is inaccesible, regardless of authentication. G
_______________________________________________ iotivity-dev mailing list iotivity-dev@lists.iotivity.org https://lists.iotivity.org/mailman/listinfo/iotivity-dev
