Site Tools


What does it mean to assign 'OC_SECURE' as a resource property to a resource?

When a 'client' needs to perform a REST operation on a resource hosted on a Server, it needs to choose a 'secure' channel OR an 'unsecured' channel. Client selects appropriate channel based on the information it received about the resource via resource discovery. Marking a resource as 'OC_SECURE' at hosting Server, allows Iotivity stack to include 'secure port' information in discovery responses.

What is /oic/sec/doxm resource ?

This SVR(Secure Virtual Resource) hosts below information about the OIC Device:

  • Device Ownership method supported by the device (such as, Just Works, PIN Based etc).
  • ID of this device.
  • Current Ownership status of the device.

Where does Iotivity stores device credentials?

Device Credentials are hosted in /oic/sec/cred resource.

JSON representation of set of credentials is displayed below:

  "credid": 1, (Used for referencing this credential locally)
  "sub": "MjIyMjIyMjIyMjIyMjIyMg==", (Base64 encoded ID of the subject. This ID is 
                                      exchanged in DTLS hanshake messages between two end-points)
  "credtyp": 1, (Type of Credentials: Symmetric Pairwise Key, asymmetric key, PIN etc)
  "pvdata": "QUFBQUFBQUFBQUFBQUFBQQ==", (Base64 encoded Pre Shared Key, 128 bit)
  "ownrs" : ["MjIyMjIyMjIyMjIyMjIyMg=="] (Base64 encoded ID of 'owners' of this credential)

How are Access Control Lists(ACL's) stored inside Iotivity?

ACL's are hosted in /oic/sec/acl resource. JSON representation of an ACE is displayed below:

  "sub": "MjIyMjIyMjIyMjIyMjIyMg==", (Base64 encoded ID of the subject to whom this ACE applies)
  "rsrc": ["/a/light", "/b/fan"], (an array of resource URI's to which this ACE applies)
  "perms": 6, (a bitmask describing the permissions(CRUD) allowed for above subject on above resources)
  "ownrs" : ["MjIyMjIyMjIyMjIyMjIyMg=="] (Base64 encoded ID of 'owners' of this ACE)

How does Iotivity persist security configuration data?

Iotivity stores security configuration data such as ‘device credentials’, ‘ACL's’, ‘device ownership info’ etc in persistent storage (such as hard-disk, flash storage, EEPROM etc) .

An Iotivity application can provide this data to Iotivity stack by invoking OCRegisterPersistentStorageHandler() API at startup.

 OCPersistentStorage ps = {}; = fopen; = fread;
 ps.write = fwrite;
 ps.close = fclose;
 ps.unlink = unlink;

This needs to be invoked before the call to OCInit() API. By default, Iotivity stack will read SVR info from file ‘oic_svr_db.json’.

What is the format of Period property in ACL and Cred resources?

The Period property format is based on the grammar:

period             = date-time "/" date-time  ; start-time / end-time.
                                              ;The start-time MUST be before the end-time.
date-time          = date "T" time
date               = date-value
date-value         = date-fullyear date-month date-mday
date-fullyear      = 4DIGIT
date-month         = 2DIGIT        ;01-12
date-mday          = 2DIGIT        ;01-28, 01-29, 01-30, 01-31
                                   ;based on month/year
time               = time-hour time-minute time-second 
time-hour          = 2DIGIT        ;00-23
time-minute        = 2DIGIT        ;00-59
time-second        = 2DIGIT        ;00-60
                                   ;The "60" value is used to account for "leap" seconds.

What is the format of Recurrence property in ACL resource?

The Recurrence property format is based on the grammar:

recur      = "FREQ"=freq
             ( ";" "UNTIL" "=" enddate ) /
             ( ";" "BYDAY" "=" bywdaylist ) /
freq       = "DAILY"            
enddate    = date
bywdaylist = weekday/ ( weekday *("," weekday) )
weekday    = "SU" / "MO" / "TU" / "WE" / "TH" / "FR" / "SA"


1."Allow access on every Monday, Wednesday & Friday between 3pm to 5pm" starting from June 26th, 2015
2."Allow access every Monday, Wednesday & Friday between 3pm to 5pm starting from June 26th, 2015 until   
   July 3rd, 2015"
3."Allow access for every on Tuesday & Thursday between 3pm to 5pm starting from June 26th 2015.
4."Allow access for every everyday between 3pm to 5pm starting from June 26th 2015.

How the access to a resource granted for only certain period of time rather than all the time?

Period & Recurrence properties of ACL/ACE can be used to grant access for certian period of time to a resource.


Acl": [{
"sub": "MjIyMjIyMjIyMjIyMjIyMg==",
"rsrc": [“/a/fan”, ”a/light”],
"perms": 6,
“prds”: [“20150701T140000/20150701T150000"], 
“recurs”: [“FREQ=DAILY; BYDAY=MO, WE, FR”],
"ownrs": ["MjIyMjIyMjIyMjIyMjIyMg=="]

How are Period and Recurrence properties associated with the resource property in ACE?

Period, Recurrence & Resource properties of ACE for a give subject are correlated by following two rule:
1. All the resources in the ACE must have same Period-Recurrence policy . Just like permission property,  
   if the resource has a different Period-Recurrence policy then new instance of ACE must be  created for 
   that resource.
2. Every ACE must have unique Subject-Resource pair. 
   For example consider a scenario 
   "Allow access to resources  /a/lock, /a/light & /a/garage on MO, WE & FR from 2 to 3pm and resource   
   /a/garage on TU &  TH from 9 to 10am forever"
   This scenario can have two ACL representation. But with the above two rules only first ACL is the 
   correct representation.
   acl": [
   "sub": "MjIyMjIyMjIyMjIyMjIyMg==",
   "rsrc": [“/a/lock”, ”a/light”],
   "perms": 6,
   “period”: [“20150701T140000/20150701T150000"],
   “recur” : [“FREQ=DAILY; BYDAY=MO, WE, FR”],
   "ownrs" : ["MjIyMjIyMjIyMjIyMjIyMg=="]
   "sub": “"MjIyMjIyMjIyMjIyMjIyMg=="",
   "rsrc": ["/a/garage"],
   "perms": 6,
   “prds”: [“20150701T140000/20150701T150000", “20150701T090000/20150701T100000"],
   “recurs” : [“FREQ=DAILY; BYDAY=MO, WE, FR”,”TU, TH”],
   "ownrs" : ["MjIyMjIyMjIyMjIyMjIyMg=="]
   acl": [
   "sub": “"MjIyMjIyMjIyMjIyMjIyMg=="",
   "rsrc": ["/a/garage", “/a/lock”, ”a/light”],
   "perms": 6,
   “prds”: [“20150701T140000/20150730T150000"],
   “recurs” : [“FREQ=DAILY; BYDAY=MO, WE, FR”],
   "ownrs" : ["MjIyMjIyMjIyMjIyMjIyMg=="]
   "sub": "MjIyMjIyMjIyMjIyMjIyMg==",
   "rsrc": ["/a/garage"],
   "perms": 6,
   “prds”: [“20150701T160000/20150730T170000"],
   “recur” : [”FREQ=DAILY; BYDAY=TU, TH”],
   "ownrs" : ["MjIyMjIyMjIyMjIyMjIyMg=="]


faq_s.txt · Last modified: 2017/05/16 14:40 by rzr