Hi Guys, Looping dev@ in.
On Mon, Feb 16, 2015 at 6:37 PM, Dilshan Edirisuriya <[email protected]> wrote: > Hi Shan, > > Please find the answers inline. > >> >> 1. The checkin URL does that contain the tenantID ? >> > > Checkin URL will hit with device tokens. This is associated with a device > rather than a specific user or role. > > >> 2. How the profiles are maintained and configured per device ? >> > > Right now its on demand. We generate the profile with random UUID and pass > that info into device. But when it comes to operations I am planning to > save these generated profiles in DB. But this will grow the db and we need > to find out some criteria to clear the tables. Anyway this is only > necessary to track device level operation and its statuses whether its > success or failed. > > >> 3. Getting the current state of the device . >> > > We do have a state field in DB. We can execute the device operations > payload and get current state of device like battery level etc. At the same > time we can return this as well whether its blocked, inactive or active. > Planning to provide a REST api for this. > > >> 4. Certificate Maintenance ? >> > > We are planning to integrate IS CA component may be in Milestone 5. > Prabath is working on the things to get the relevant components release for > us to use. > > >> 5. Inactive devices ? Policy >> > > Yet to be decided. Geeth/Dilan will work on this. > > >> 6. External Certificate server and CRL revoking >> > > Should work if those certificate servers adheres to SCEP protocol. Anyway > there are some places you need to have additional entries in Payload. We > have to test this and see. Initially I think we have to go with EJBCA. > > >> 7. Initial payload at the enrollment (Whether it contains CA, >> Intermediate CA) >> > > It contains a CA and a RA. > > > >> 8. The MDM profile based on the policy. >> > > Yet to be decided. Anyway profiles will be the same. From policy the way > it is controlling will be handled. > > > >> 9. Do we use expiring profiles for dynamic policy >> > > No we are just removing, updating and adding new when necessary. > > > >> 10. Pushing profile based on the passcode policy compliance. >> > > Another type of policy condition. Its basically the way we design from the > CDM end. Can be done if its necessary. > > >> 11. How an MDM work when its behind the proxy >> > > We have to open ports including APNS ports which we have listed down in > our documentation. > > > >> 12. Are we checking CommandUUID for each message >> > > Yes but we dont save any old payloads in databases. Just checking and > update it in necessary tables. Planning to store all in future as I > mentioned above. > > >> 13. Handling Not Now Response >> > > This is not implemented. This states is sort of a retry indication. Have > to include this. > > 14. How blocked devices are handled ? Do we block ? >> > > No. We tired to do the jailbreak check in EMM but I think we did not find > a way other than checking Cydia app. Like this incase of a blocked device > from MDM we have to block update profile commands, enrollments and > operations. Has not concentrated yet I think in new design. > > >> 15. Handling the expired APNS certificate . By June it will be expired. >> > > Before expiring we have to renew the certificates and place it in servers > with signing. This is why we need an automated signing mechanism integrated > to a component. I do have the code for this right now. Should be a good > intern project :) > > > >> >> >> >> -- >> *Shanmugarajah (Shan)* >> Director, Mobile Architecture, >> WSO2, Inc.; http://wso2.com >> Email: [email protected] >> Mobile : +94777748260 >> Blog: http://shanfour.blogspot.com >> > > > > -- > Dilshan Edirisuriya > Senior Software Engineer - WSO2 > Mob: + 94 777878905 > http://wso2.com/ > https://www.linkedin.com/profile/view?id=50486426 > -- Prabath Abeysekara Associate Technical Lead, Data TG. WSO2 Inc. Email: [email protected] Mobile: +94774171471
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
