On Dec 20, 2016 1:25 AM, "Khaled Elsayed" <khaledieee at gmail.com> wrote:
Hi, I am trying to gather some information on the security features in iotivity. I know DTLS is used, but is there anything like authorization from devices when they are discovered? Is any client capable of discovering whatever device running the stack? I'm going from memory so I could be wrong, but I believe the answer is "no". /ooc/d is a resource, and just like any other resource, access to it must be granted. so you can configure your device to grant discovery access only to specific clients (using creds and ACLs). Remember that "discover" is not an OIC/OCF operation; to discover you send a GET, either multicast or unicast. gregg Is there a document that explain iotivity security with some good details? Also, this Internet Draft https://tools.ietf.org/html/ draft-ietf-core-object-security-01 just came out and it proposes using CBOR for application layer security. I know CBOR is used in the iotivity stack, so is this ID along the same line of thought in iotivity or is the model different? Best regards, Khaled _______________________________________________ iotivity-dev mailing list iotivity-dev at lists.iotivity.org https://lists.iotivity.org/mailman/listinfo/iotivity-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20161223/70429395/attachment.html>
