Dear Gregg and Tonny,

Thank you for clarifying my confusion.
After following your guiding to use the OcResource.setHost() method and with a 
proper subject wildcard ACE, my Android client can access secured application 
resources.

Best Regards,
ChiaYu

From: Gregg Reynolds [mailto:d...@mobileink.com]
Sent: Tuesday, January 23, 2018 5:16 AM
To: Tonny Tzeng
Cc: Chiayu Wu (吳嘉彧); iotivity-dev; Derek Lin (林俊文)
Subject: Re: [dev] FW: Android SECURED mode



On Jan 22, 2018 12:37 AM, "Tonny Tzeng" 
<tonny.tz...@gmail.com<mailto:tonny.tz...@gmail.com>> wrote:
I'm pretty sure, from my experiments, the device owner can't access to an 
application resource if it does not have proper ACE setup. Our smart home 
companion 
app<https://github.com/intel/SmartHome-Demo/tree/master/smarthome-companion> 
has two roles -- a resource client, and a provisioning client, if a device does 
not have ACE for the application resource, it can't be accessed even from the 
device owner.

Yes. My reading the spec is that *every* resource must be guarded by an ACE - 
even "open" resources that can be accessed by anybody over an unsecure channel. 
That can only happen if the resource is guarded by an ACE with a subject 
wildcard (anon-something, I forget). A resource without an ACE is inaccesible, 
regardless of authentication.

G
_______________________________________________
iotivity-dev mailing list
iotivity-dev@lists.iotivity.org
https://lists.iotivity.org/mailman/listinfo/iotivity-dev

Reply via email to