Hi Tonny, Yes, initially I want to run existing code and that ACE will hopefully be helpful even though I've once tried to use that wildcard ACE without success. I do use the ResourceProperty.SECURE flag when registering resources but I'm not sure if I really need to set credentials in the SVR database if I want a wildcard ACE to work. Right now I'm fighting some build issues when building SECURED=1 for Android that came with the 1.3.1 release. I'll certainly give feedback once I manage to do that.
Thank you, A. Lapprand Em ter, 19 de dez de 2017 às 09:58, Tonny Tzeng <tonny.tz...@gmail.com> escreveu: > Hi Arthur, > > The concept to get secure access to a resource is the same for C++ and > JavaScript -- use secure endpoint in C++/JavaScript, and have proper ACL > and credential setup in the SVR database. If what you want is to run > existing code intact but with SECURED=1, then add an anonymous connection > type ACE as Max described above will work. Let us know it's not the case... > > Regards, > Tonny > > On 18 December 2017 at 21:15, Arthur Barros Lapprand <a...@cin.ufpe.br> > wrote: > >> Sorry I meant I want to state this, not a few things, hehe. Basically I >> want to focus on local ACL permissions without dealing with the whole >> device ownership and pairing process. Thank you again! >> >> 2017-12-18 10:12 GMT-03:00 Arthur Barros Lapprand <a...@cin.ufpe.br>: >> >>> Hi, thank you for the quick replies! >>> >>> @Max >>> >>>> I never succeeded with setting the "di" using API >>>> >>> >>> I also never succeeded. However, since there was a recent release I >>> should first give it a try. >>> >>> @Tonny >>> I had an overview of the article. Very interesting indeed! But it uses >>> javascript which isn't what I'm looking for this particular problem. >>> Nonetheless, it is related to security 😁. Since I didn't have the time to >>> read it in detail yet I may be saying things that are answered there, so >>> pardon me in advance if you may. I need to state a few things: >>> >>> (3) use an Onboarding Tool to establish ownership with both the Client >>>> and the Server; >>> >>> (4) mutual install the credentials of each other by pairing the devices >>>> with the OBT >>>> >>> I'm trying to simulate these by setting the device owner through the ACL >>> for development purposes. >>> >>> >>> >>> 2017-12-17 5:16 GMT-03:00 Tonny Tzeng <tonny.tz...@gmail.com>: >>> >>>> Hi, >>>> >>>> We just posted an article at 01.org >>>> <https://01.org/blogs/ttzeng/2017/securely-accessing-iot-devices-based-javascript> >>>> talking >>>> few security concept in IoTivity. Though we were using iotivity-node as an >>>> example, I think the following steps would get your Client accesses to the >>>> Server securely: >>>> (1) your Server need to register the resource with >>>> ResourceProperty.SECURE flag in order to use the secured endpoint; >>>> (2) allow the "auth-crypt" connection requests in the SVD dB; >>>> (3) use an Onboarding Tool to establish ownership with both the Client >>>> and the Server; >>>> (4) mutual install the credentials of each other by pairing the devices >>>> with the OBT >>>> >>>> Regards, >>>> Tonny >>>> >>>> On 17 December 2017 at 14:38, Max Kholmyansky <max...@gmail.com> wrote: >>>> >>>>> Hi Arthur, >>>>> >>>>> You should be able to communicate between the client and the server on >>>>> Android, using SECURED=1 library. >>>>> >>>>> First, to set your "di" (client or server) - you need to specify the >>>>> "di" value inside the DAT file (containing security information) - you can >>>>> look at the samples. I never succeeded with setting the "di" using API, >>>>> and >>>>> I don't know if it's supported. >>>>> >>>>> Second, even using SECURED=1, in the server, you can allow any client >>>>> (even not authenticated) to access any resource. >>>>> The relevant ACL entry looks like: (you may need to change the >>>>> "aceid"): >>>>> { >>>>> >>>>> "aceid": 5, >>>>> "subject": { "conntype": "anon-clear" }, >>>>> "resources": [ >>>>> { "href": "*" } >>>>> ], >>>>> "permission": 14 >>>>> } >>>>> >>>>> This is definitely not the way to configure it in production, but it >>>>> should allow you to keep developing, without caring about access >>>>> permissions for a while. >>>>> >>>>> >>>>> Max >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Thu, Dec 14, 2017 at 8:54 PM, Arthur Barros Lapprand < >>>>> a...@cin.ufpe.br> wrote: >>>>> >>>>>> Hi all, >>>>>> >>>>>> I have a few beginner-leveled questions about secure mode in Android. >>>>>> Let me explain the situation: >>>>>> >>>>>> I have created two apps (one for Server/Controlee and the other for >>>>>> the Client/Controller) and I'm able to FIND and GET/POST/OBSERVE them >>>>>> without problems. As this is a simple example, I now want to do the same >>>>>> things but with SECURED=1. I should note that I am usually running both >>>>>> apps in the same device (not the emulator, but my cellphone). >>>>>> >>>>>> So I started looking everywhere and discovered I could do this with a >>>>>> local ACL and supposedly everything would be ok. Turns out it didn't, >>>>>> which >>>>>> is why I am here. So my questions are: >>>>>> >>>>>> - Do I need anything else to use the SECURED flag in Android apart >>>>>> from registering resource as secure and passing the ACL to the >>>>>> PlatformConfig and configure it? >>>>>> >>>>>> - I read that when configuring the Platform with an ACL the DeviceID >>>>>> should be set with the ID inside it. So as it failed I tried debugging >>>>>> the >>>>>> ID, which led me to confusion about PlatformID and DeviceID. When loading >>>>>> the ACL the DeviceID comes as a random byte[]. However, I can set the >>>>>> DeviceID in the code and retrieve it just fine. The thing is, the ID >>>>>> recieved by the Client (ServerID) isn't the same I set in the code. I'm >>>>>> not >>>>>> sure if it's something about the encoding tricking me or if it's >>>>>> something >>>>>> else. Can someone please shed me some light? >>>>>> >>>>>> In short, the Client can find the resources (they are registered with >>>>>> SECURE type) but can't make a correct GET/POST/OBSERVE request, returning >>>>>> UNAUTHORIZED_REQ. Any tips about this flag and Android are welcome. >>>>>> >>>>>> Sorry for the long post, thank you in advance! >>>>>> >>>>>> _______________________________________________ >>>>>> iotivity-dev mailing list >>>>>> iotivity-dev@lists.iotivity.org >>>>>> https://lists.iotivity.org/mailman/listinfo/iotivity-dev >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> iotivity-dev mailing list >>>>> iotivity-dev@lists.iotivity.org >>>>> https://lists.iotivity.org/mailman/listinfo/iotivity-dev >>>>> >>>>> >>>> >>> >> >
_______________________________________________ iotivity-dev mailing list iotivity-dev@lists.iotivity.org https://lists.iotivity.org/mailman/listinfo/iotivity-dev
