User Tools

Site Tools


faq_s

What does it mean to assign 'OC_SECURE' as a resource property to a resource?

When a 'client' needs to perform a REST operation on a resource hosted on a Server, it needs to choose a 'secure' channel OR an 'unsecured' channel. Client selects appropriate channel based on the information it received about the resource via resource discovery. Marking a resource as 'OC_SECURE' at hosting Server, allows Iotivity stack to include 'secure port' information in discovery responses.

What is /oic/sec/doxm resource ?

This SVR(Secure Virtual Resource) hosts below information about the OIC Device:

  • Device Ownership method supported by the device (such as, Just Works, PIN Based etc).
  • ID of this device.
  • Current Ownership status of the device.

Where does Iotivity stores device credentials?

Device Credentials are hosted in /oic/sec/cred resource.

JSON representation of set of credentials is displayed below:

 {	
  "credid": 1, (Used for referencing this credential locally)
  "sub": "MjIyMjIyMjIyMjIyMjIyMg==", (Base64 encoded ID of the subject. This ID is 
                                      exchanged in DTLS hanshake messages between two end-points)
  "credtyp": 1, (Type of Credentials: Symmetric Pairwise Key, asymmetric key, PIN etc)
  "pvdata": "QUFBQUFBQUFBQUFBQUFBQQ==", (Base64 encoded Pre Shared Key, 128 bit)
  "ownrs" : ["MjIyMjIyMjIyMjIyMjIyMg=="] (Base64 encoded ID of 'owners' of this credential)
  }


How are Access Control Lists(ACL's) stored inside Iotivity?

ACL's are hosted in /oic/sec/acl resource. JSON representation of an ACE is displayed below:

 {	
  "sub": "MjIyMjIyMjIyMjIyMjIyMg==", (Base64 encoded ID of the subject to whom this ACE applies)
  "rsrc": ["/a/light", "/b/fan"], (an array of resource URI's to which this ACE applies)
  "perms": 6, (a bitmask describing the permissions(CRUD) allowed for above subject on above resources)
  "ownrs" : ["MjIyMjIyMjIyMjIyMjIyMg=="] (Base64 encoded ID of 'owners' of this ACE)
  }    
 

How does Iotivity persist security configuration data?

Iotivity stores security configuration data such as ‘device credentials’, ‘ACL's’, ‘device ownership info’ etc in persistent storage (such as hard-disk, flash storage, EEPROM etc) .

An Iotivity application can provide this data to Iotivity stack by invoking OCRegisterPersistentStorageHandler() API at startup.

 
 OCPersistentStorage ps = {};
 ps.open = fopen;
 ps.read = fread;
 ps.write = fwrite;
 ps.close = fclose;
 ps.unlink = unlink;
 
 OCRegisterPersistentStorageHandler(&ps);
 

This needs to be invoked before the call to OCInit() API. By default, Iotivity stack will read SVR info from file ‘oic_svr_db.json’.

What is the format of Period property in ACL and Cred resources?

The Period property format is based on the grammar:

period             = date-time "/" date-time  ; start-time / end-time.
                                              ;The start-time MUST be before the end-time.
date-time          = date "T" time
date               = date-value
date-value         = date-fullyear date-month date-mday
date-fullyear      = 4DIGIT
date-month         = 2DIGIT        ;01-12
date-mday          = 2DIGIT        ;01-28, 01-29, 01-30, 01-31
                                   ;based on month/year
time               = time-hour time-minute time-second 
time-hour          = 2DIGIT        ;00-23
time-minute        = 2DIGIT        ;00-59
time-second        = 2DIGIT        ;00-60
                                   ;The "60" value is used to account for "leap" seconds.
Example:
PERIOD:20150626T150000/20150626T170000

What is the format of Recurrence property in ACL resource?

The Recurrence property format is based on the grammar:

recur      = "FREQ"=freq
            *(
             ( ";" "UNTIL" "=" enddate ) /
             ( ";" "BYDAY" "=" bywdaylist ) /
             )
freq       = "DAILY"            
enddate    = date
bywdaylist = weekday/ ( weekday *("," weekday) )
weekday    = "SU" / "MO" / "TU" / "WE" / "TH" / "FR" / "SA"

Examples:

1."Allow access on every Monday, Wednesday & Friday between 3pm to 5pm" starting from June 26th, 2015
   PERIOD:20150626T150000/20150626T170000
   RRULE: FREQ=DAILY; BYDAY=MO, WE, FR
2."Allow access every Monday, Wednesday & Friday between 3pm to 5pm starting from June 26th, 2015 until   
   July 3rd, 2015"
   PERIOD:20150626T150000/20150626T170000
   RRULE: FREQ=DAILY; UNTIL=20150703; BYDAY=MO, WE, FR
3."Allow access for every on Tuesday & Thursday between 3pm to 5pm starting from June 26th 2015.
   PERIOD:20150626T150000/20150626T170000
   RRULE: FREQ=DAILY; BYDAY=TU, TH
4."Allow access for every everyday between 3pm to 5pm starting from June 26th 2015.
   PERIOD:20150626T150000/20150626T170000
   RRULE: FREQ=DAILY;

How the access to a resource granted for only certain period of time rather than all the time?

Period & Recurrence properties of ACL/ACE can be used to grant access for certian period of time to a resource.

Example:

Acl": [{
"sub": "MjIyMjIyMjIyMjIyMjIyMg==",
"rsrc": [“/a/fan”, ”a/light”],
"perms": 6,
“prds”: [“20150701T140000/20150701T150000"], 
“recurs”: [“FREQ=DAILY; BYDAY=MO, WE, FR”],
"ownrs": ["MjIyMjIyMjIyMjIyMjIyMg=="]
}]

How are Period and Recurrence properties associated with the resource property in ACE?

Period, Recurrence & Resource properties of ACE for a give subject are correlated by following two rule:
1. All the resources in the ACE must have same Period-Recurrence policy . Just like permission property,  
   if the resource has a different Period-Recurrence policy then new instance of ACE must be  created for 
   that resource.
2. Every ACE must have unique Subject-Resource pair. 
   For example consider a scenario 
   "Allow access to resources  /a/lock, /a/light & /a/garage on MO, WE & FR from 2 to 3pm and resource   
   /a/garage on TU &  TH from 9 to 10am forever"
   This scenario can have two ACL representation. But with the above two rules only first ACL is the 
   correct representation.
   1.
   acl": [
   {
   "sub": "MjIyMjIyMjIyMjIyMjIyMg==",
   "rsrc": [“/a/lock”, ”a/light”],
   "perms": 6,
   “period”: [“20150701T140000/20150701T150000"],
   “recur” : [“FREQ=DAILY; BYDAY=MO, WE, FR”],
   "ownrs" : ["MjIyMjIyMjIyMjIyMjIyMg=="]
   },
   {
   "sub": “"MjIyMjIyMjIyMjIyMjIyMg=="",
   "rsrc": ["/a/garage"],
   "perms": 6,
   “prds”: [“20150701T140000/20150701T150000", “20150701T090000/20150701T100000"],
   “recurs” : [“FREQ=DAILY; BYDAY=MO, WE, FR”,”TU, TH”],
   "ownrs" : ["MjIyMjIyMjIyMjIyMjIyMg=="]
   }]
   2.
   acl": [
   {
   "sub": “"MjIyMjIyMjIyMjIyMjIyMg=="",
   "rsrc": ["/a/garage", “/a/lock”, ”a/light”],
   "perms": 6,
   “prds”: [“20150701T140000/20150730T150000"],
   “recurs” : [“FREQ=DAILY; BYDAY=MO, WE, FR”],
   "ownrs" : ["MjIyMjIyMjIyMjIyMjIyMg=="]
   },
   {
   "sub": "MjIyMjIyMjIyMjIyMjIyMg==",
   "rsrc": ["/a/garage"],
   "perms": 6,
   “prds”: [“20150701T160000/20150730T170000"],
   “recur” : [”FREQ=DAILY; BYDAY=TU, TH”],
   "ownrs" : ["MjIyMjIyMjIyMjIyMjIyMg=="]
   }]

RESOURCES

faq_s.txt · Last modified: 2017/05/16 14:40 by Phil Coval