OK, the security spec section 7.1. is the normative reference for device ids.
However, the OIC Cor spec could also use more specific wording.
Interestingly the C++ example in iotivity does maintain device id's
over reboot, since it uses persistent storage. However, the C example
does not. And in the C++ example the device id is provisioned by the
application as a static value in a config file, which is wrong.
According to the security spec, the onboarding process should ensure
uniqueness of device id. Therefore it is not the application, but the
iotivity stack to own this, and manage device id's transparently. For
instance there are already solutions to generate a UUID based on HW
features.
Should I file a bug? Or is there an explanation?
Best regards,
Zoltan
On Wed, Dec 2, 2015 at 9:56 AM, Kis, Zoltan <zoltan.kis at intel.com> wrote:
> Hello,
>
> Problem: the device id as provided by iotivity does not persist over reboots.
>
> Although the OIC Core spec is not very clear about this, it does say
>
> "The identifier should be immutable over the lifecycle of that element
> and shall be unique within a context or domain."
>
> and
>
> "IP address is used when the device is using an IP configured
> interface. When an OIC Device only has the identity information of its
> peer, a resolution mechanism is needed to map the identifier to the
> corresponding address. The location information is embedded in
> identifier, and a separate resolution mechanism is not specified."
>
> So far we know there should be a lifecycle-bound id (whatever
> lifecycle means), and a resolution mechanism to address:port.
>
> The Remote Access spec is more clear:
>
> "The UUID shall be maintained over the lifecycle of the OIC Client.
> That is, when an OIC Client
> re-establish a connection after a reboot it shall use the same UUID.
> The following scheme full-JID scheme shall be supplied by an OIC Server:
> RAE Server: {user}@{domain.com}/OIC/1.0/{OIC-device type}/{UUID}
> The UUID shall be maintained over the lifecycle of the OIC Server and
> is the same UUID as
> defined in property ?di? of resource /oic/d. The OIC-device-type shall
> be the same value as the
> property ?rt? in /oic/d."
>
> This is much more clear. So I deduce we should use device id in the
> applications, and the stack has a resolution mechanism to translate
> between the device id and the address:port.
>
> Now the problem is the device id is not the same between reboots. We
> tested this with the JS bindings, and also with the iotivity test app.
> Could someone please explain whether is this a known feature or
> decision, or a bug?
>
> Thanks,
> Zoltan
