Thanks Kevin! Everyone, let's try to reach consensus about these changes at our next WG meeting, on 6/9, to unblock Kevin's work.
Thanks, Dan From: [email protected] [mailto:[email protected]] On Behalf Of Kevin Kane Sent: Wednesday, June 1, 2016 11:06 AM To: Allseen Core <[email protected]> Subject: [Allseen-core] ASACORE-1454: Offline Security 2.0 APIs ASACORE-1454<https://jira.allseenalliance.org/browse/ASACORE-1454> contemplates offline distribution of policy updates and membership certificates. Currently, all Security 2.0-related operations have to be done over the network via method calls. One consequence of this is that there is a potential race condition when it comes to claiming, between when a new claimable app emits its State notification to when a security agent claims it, particularly if it can be claimed without authentication via ECDHE_NULL. But more interestingly, we may want an out-of-band mechanism to do management. To that end, I'm proposing adding a set of APIs to the PermissionConfigurator class (which is currently used by apps to set their claimable state and set a manifest template, amongst other operations) that mirror the methods currently used by Security 2.0 management: the contents of the ClaimableApplication and ManagedApplication interfaces. This means Claim, UpdateIdentity, InstallPolicy, InstallManifests, Reset, and so on. This will then allow an app store to provision policy and credentials before the first time the app ever connects to the bus, and would let other apps/devices be provisioned by an out-of-band means, if such were desirable in their scenarios, or for testing purposes. The proposed API will be a mirror of the current Security 2.0 API exposed over the network, projected into the C and C++ bindings. Questions? Comments?
_______________________________________________ Allseen-core mailing list [email protected] https://lists.allseenalliance.org/mailman/listinfo/allseen-core
