Re: [Dev] FW: Tizen 3 services: use case for multi user

Wed, 24 Sep 2014 02:15:49 -0700 

Hi Zheng Wu,

Not sure to entirely follow all the steps below, but it sounds good to me.
But I would like to point out that the multi-user policy is different than security policy. I suggest that do not mix those parts even if some of the multi-user issues can be solved by security. Security will be added later and will be adapted to NTB already having multi-user support. 


Anyway, I'm updating the wiki page according to multi-user integration 
phases and I will add pictures.

I'll let you know.

Best regards,
Corentin


On 09/24/2014 08:30 AM, Zheng, Wu wrote:

Hi Corentin,


Later when userA will request to pair with deviceR, I assume that userA will 
have to verified his privileges from Cynara before being allowed to make the 
pairing request.
But first we need a mechanism to check who is paired with what device and so 
on...

1. if DeviceR was paired with DeviceL by userA, NTB can know who paired with 
DeviceR successfully.
Therefore, NTB can record that which device has paired by which user in a file 
and memory.

Bluez can provide if DeviceR has been paired or not too.

2.Therefore, when user (such as userA) invoke the pair interface of NTB.

a. Firstly, NTB will have to verified his privileges from Cynara before being 
allowed to make the pairing request.

The privileges include that if userA can use the paired devices after the 
device has been paired by the other user(userB) or not and if userA can pair 
with DeviceR or not.

b. If userA has not the privileges to pair with DeviceR, useA will not pair 
with DeviceR and return false.

c. If userA has the privileges to pair with DeviceR, NTB can check with Bluez 
if DeviceR has been paired or not.

d. If DeviceR has been paired, NTB will check if DeviceR is paired by userA or 
not.

e. If DeviceR has been paired by userA, userA can work with DeviceR well (such 
as connection).

f. If DeviceR has been paired by the other user(userB), userA has checked if 
userA can use the paired device after the device has been paired by the other 
user(userB) or not.

1. Firstly, userA can't work with DeviceR well (such as connection).

2. Secondly, If userA has the privileges to use the paired device after the 
device has been paired by the other user(userB),  userA can work with DeviceR 
well (such as connection).
If userA has not privileges to use the paired device after the device has been 
paired by the other user(userB),  userA can't work with DeviceR well (such as 
connection).

f. If DeviceR has not been paired, userA will pair with DeviceR.
After paired successfully, userA can work well with DeviceR(such as connection).

Any suggestions?

BTW, we can implement NTB related features firstly and Cynara can be done after 
Cynara is ready (in second step).

Best Regards
Zheng Wu

-----Original Message-----
From: Corentin Lecouvey [mailto:[email protected]]
Sent: Tuesday, September 23, 2014 5:54 PM
To: Zheng, Wu; Ohly, Patrick
Cc: Le Foll, Dominique; [email protected]; Von Dentz, Luiz
Subject: Re: [Dev] FW: Tizen 3 services: use case for multi user

Hi Zheng Wu,

On 09/23/2014 10:47 AM, Zheng, Wu wrote:

Hi Patrick,


You don't get a list of privileges from Cynara. You ask whether a uid
+app combination has a certain privilege and get a yes/no answer back.
What would be the privilege here? It would be your job to define that privilege 
and ensure that Cynara knows who is allowed to have it.

Please check the following the steps and it matches the requirement of 
multi-paired?

1. each user can run a NTB daemon and NTB daemon will control the user's BT 
agent and paired.

2. When userA (in DeviceL) want to pair DeviceR, userA will check if DeviceL 
has been paired in DeviceL.

I would say userA will check if deviceL is already paired with deviceR by an 
other user.


3. If not is paired, userA will paired with DeviceR and userA will save that 
userA has paired with DeviceL successfully and DeviceL has been paired.
    And userA can use the device.

Yes


4. if userB want to pair with DeviceR, it will check if userB has paired with 
DeviceR or not and if DeviceR has been paired or not.

I would say it will check if userA or an other user is paired with deviceR.


    If DeviceR not paired, the process is the same with UserA.

yes


    If userB not paired with DeviceR and DeviceR has been paired, please check 
the following steps.

Here userA is paired with deviceR, deviceL is paired with deviceR. if userB 
asks for pairing with deviceR.
1st phase: userB can't pair with deviceR.
2nd phase : userB can pair with deviceR only if deviceR and userB accept the 
pairing request (authentication required).


    
    userB will ask whether a uid+app combination has a certain privilege and get a yes/no answer back from Cynara.


    If Cynara tell userB that it has a certain privilege to use DeviceR, userB 
will set a mark and use DeviceR.
    If Cynara tell userB that it has not a certain privilege to use DeviceR, 
userB will pair with DeviceR failure and can't use DeviceR and tell app that 
paired with DeviceR failure.

  From my point of view, multi-pairing part is not related to privileges check 
right now. It mostly concern adapter multi-control part for multi-user support.

Later when userA will request to pair with deviceR, I assume that userA will 
have to verified his privileges from Cynara before being allowed to make the 
pairing request.
But first we need a mechanism to check who is paired with what device and so 
on...



Best regards,
Corentin


_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev




























					Reply via email to