[Edited Message Follows] Hello!
I'm preparing to OCF certification and testing my server using OCF Conformance Tool(2.2.0). I passed or got warning for almost tests but the only remaining test is the CT1.7.8.11. The process of the test is following(I omitted some process for convenience). 1. Four random UUIDs for DOXS, AMS, CMS and CLIENT_A is generated and added to /oic/sec/cred. 2. Set rowneruuid of /oic/sec/doxm and /oic/sec/pstat to the DOXS UUID. 3. Set rowneruuid of /oic/sec/acl2 to the AMS UUID. 4. Set rowneruuid of /oic/sec/cred to the CMS UUID. 5. Remove all the ACEs in the /oic/sec/acl2. 6. If the IUT has any Vertical Resources, ACE that provides "auth-crypt" acess with RETRIEVE is installed. 7. They tried to access each property of doxm/acl2/cred and see the access control is working properly. My question is in the aclist there is no ACE for the resources, doxm, acl2, cred. In this case, in what criteria to check the permission of the request? For example, in the test process, DOXS tries to update properties of doxm resource and it is allowed. I think that makes sense. Because DOXS owns the doxm resource. But, AMS also can update the doxm resource's properties and that's the desired result in the test. CMS also can do even AMS and CMS is not in the aclist for the doxm resource and there uuid is not in the rowneruuid in the doxm. However CLIENT_A is not allowed to update the doxm resource's properties(My server program is allowing it though. And that's why I'm not passing the test.). In summary, which client can access and do CRUDN operations when they're not in the aclist nor in the rowneruuid? Thanks. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#9961): https://lists.iotivity.org/g/iotivity-dev/message/9961 Mute This Topic: https://lists.iotivity.org/mt/27616825/21656 Group Owner: iotivity-dev+ow...@lists.iotivity.org Unsubscribe: https://lists.iotivity.org/g/iotivity-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
