Hi Uze: Thanks a lot!! :-)
Our concern is: every device should have an immutable deviceID, whatever it contains secure resource(s) or not. So, for the device without setting PersistentStorage, stack will provide a default ACL and also generate a deviceID for it. But, to ensure the deviceID is immutable after restart, the device should, by itself, save the deviceID and skip deviceID generation in stack when reboot. Is that correct? Thank you. Best Regards, Annie _____ From: ???(Uze Choi) [mailto:[email protected]] Sent: Wednesday, August 31, 2016 9:13 AM To: 'Annie Weng'; iotivity-dev at lists.iotivity.org Subject: RE: [dev] Question about non-secured resource with SECURD config enabled As far as I know, you can get the persistent device ID generated in iotivity launch first time in case OC_SECURE build. It will be better any security stack committer to answer. Randeep could you explain in detail? BR, Uze Choi From: Annie Weng [mailto:[email protected]] Sent: Tuesday, August 30, 2016 6:23 PM To: '???(Uze Choi)'; iotivity-dev at lists.iotivity.org Subject: RE: [dev] Question about non-secured resource with SECURD config enabled Hi Uze: Thanks a lot for your response!! > One is to set * by creating resource with OC_SECURE option, > The other is to create resource without OC_SECURE option. Wish the 2nd method can be applied. It is much intuitive for "open-access" design. I still have a question while testing security setting using IoTivity 1.1.0: With SECURED config enabled, device can still run without setting the PersistentStorage, but not accessible. But PersistentStorage should be essential, whatever the resource is secure or non-secure, isn't it? (We need to ensure PersistentStorage must exist because we need the DeviceID in it.) Is it just because that the stack doesn't check if PersistentStorage is set? Or, it is because that, for some cases, it is allowed not to set PersistentStorage? Thank you. Best Regards, Annie _____ From: ???(Uze Choi) [mailto:[email protected]] Sent: Tuesday, August 30, 2016 12:20 PM To: 'Annie Weng'; iotivity-dev at lists.iotivity.org Subject: RE: [dev] Question about non-secured resource with SECURD config enabled SECURED is build option enabling security module. This will enable the ACL table check. But Access control is only valid for the resource created with OC_SECURE option. We call it secure resource. Anyway, ACL table check and target resource access are different step. Open Access rule (*) can be applied to the specific secure resource, This is valid for the resource with OC_SECURE option. >From the previous OCF meeting, two options enabling the open access have been discussed. One is to set * by creating resource with OC_SECURE option, The other is to create resource without OC_SECURE option. Please Anyone who know final status share the status. BR, Uze Choi From: [email protected] [mailto:iotivity-dev-bounces at lists.iotivity.org] On Behalf Of Annie Weng Sent: Tuesday, August 30, 2016 12:22 PM To: iotivity-dev at lists.iotivity.org Subject: [dev] Question about non-secured resource with SECURD config enabled Hi All: I have some questions about OC_SECURED flag. May I have your help for it? (1) According to this message: http://lists.iotivity.org/pipermail/iotivity-dev/2015-December/003202.html As long as the SECURD config is enabled, SRM will always check the ACL, irrespective if OC_SECURED of the resource is set or not. Then, except coaps/coap selection, what is the effect of with/without OC_SECURED flag? (2) Does it mean that: if we want to design an "open-access" resource, it seems that it is nothing about setting OC_SECURED flag or not. The only thing is set ACL as "allowing wildcard access", isn't it? Thank you. Best Regards, Annie -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20160901/e2768732/attachment.html>
