This can be done via certificates. You can find the example for the
provisionclient. I am still trying to figure out myself as it is not very
well documented. Quoting Nathan reply on my question sent last week or so.
There is indeed an example of Certificate-based Client/Server
authentication in the IoTivity example “sampleserver_mfg”, which is in the
resource/csdk/securitiy/provisioning/sample folder.
On Wed, Nov 28, 2018 at 2:56 PM Max <max...@gmail.com> wrote:
>
> Hi,
>
> I am looking for a technical advice on how a *secure UDP endpoint *("coaps")
> exposed by IoTivity-powered server - may be accessed *from any
> IoTivity-powered client*, without prior coordination between the client
> and the server.
>
> This is similar to the idea that any browser in the world can access a web
> site via SSL, while the server isn't blocking any particular browser from
> the access.
>
> *[Note: this is a technology POC, not related to the OCF specification. So
> the question is in the context of IoTivity library capabilities, not in the
> context of the OCF security and compliance]*
>
> I would appreciate some advice from the people who understand how the DTLS
> "handshake" in IoTivity works.
>
> Looking at the sample code... The "simpleclient" and "simpleserver" sample
> solve the issue, via placing a shared "credential" into the security
> configuration file.
>
> Below is the server configuration file.
>
> However, this isn't good for me, since the server needs a section per
> specific "di" of the connecting client, while my goal is to allow DTLS
> (secure) session for any client.
>
> I would appreciate ideas on how it can be done.
>
> Thanks in advance,
>
> Max.
>
> "cred": {
> "creds": [
> {
> "credid": 1,
> "subjectuuid": "32323232-3232-3232-3232-323232323232",
> "credtype": 1,
> "period": "20150630T060000/20990920T220000",
> "privatedata": {
> "data": "AAAAAAAAAAAAAAAA",
> "encoding": "oic.sec.encoding.raw"
> }
> },
> {
> "credid": 2,
> "subjectuuid": "31393139-3139-3139-3139-313931393139",
> "credtype": 1,
> "period": "20150630T060000/20990920T220000",
> "privatedata": {
> "data": "BBBBBBBBBBBBBBBB",
> "encoding": "oic.sec.encoding.raw"
> }
> }
> ],
> "rowneruuid": "32323232-3232-3232-3232-323232323232"
> }
>
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#10035):
https://lists.iotivity.org/g/iotivity-dev/message/10035
Mute This Topic: https://lists.iotivity.org/mt/28430313/21656
Group Owner: iotivity-dev+ow...@lists.iotivity.org
Unsubscribe: https://lists.iotivity.org/g/iotivity-dev/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
