Hi Sachin,
Sorry the late response. I?ve created the jira ticket and the link is (https://jira.iotivity.org/browse/IOT-899) Thank you. :) Jay. From: Agrawal, Sachin [mailto:[email protected]] Sent: Monday, November 30, 2015 2:38 AM To: Junghyun Oh; iotivity Subject: RE: [dev] Not able to access the non-secure resource registered into the IoTivity with Secured mode Hi Jay, If a resource is registered as unsecured at Server, it should be discovered with a ?coap? URI scheme. Since you are experiencing an issue here, please file a Jira ticket for this bug. When Iotivity stack is compiled with SECURED mode, Secure Resource Manager (SRM) will ?always? perform access checks by consulting /oic/sec/acl resource before routing the request to RI layer. This will happen ?irrespective? of if the resource is registered with OC_SECURE or not. If you truly want to allow access to some resource(secure or un-secure) to everybody, you can include a ACE entry in this fashion: { "sub": "Kg==", <<Allows Wildcard access>> "rsrc": [ "/some/light/resource" ], "perms": 2, <<Grants ?Read? access to everybody>> "ownrs" : ["MTExMTExMTExMTExMTExMQ=="] } Some faq?s about Iotivity Security are here (https://wiki.iotivity.org/faq_s). Thanks Sachin From: iotivity-dev-bounces at lists.iotivity.org <mailto:iotivity-dev-bounces at lists.iotivity.org> [mailto:[email protected]] On Behalf Of Junghyun Oh Sent: Thursday, November 26, 2015 1:23 AM To: iotivity <iotivity-dev at lists.iotivity.org <mailto:iotivity-dev at lists.iotivity.org> > Subject: [dev] Not able to access the non-secure resource registered into the IoTivity with Secured mode Dear IoTivity-Security Maintainer, I have found that the non-secure resource registered into the IoTivity Stack with ?Secured? mode cannot be accessed through the network. Here is the code snippet that I?m using. Case 1. Non-Secured Resource with Discoverable Property OCStackResult ret = OCCreateResource(&m_Handle, resource_Type, resource_Interface, resource_URI, eh, NULL, OC_DISCOVERABLE|OC_OBSERVABLE); Case 2. Non-Secured Resource with Not-Discoverable Property OCStackResult ret = OCCreateResource(&m_Handle, resource_Type, resource_Interface, resource_URI, eh, NULL, OC_ACTIVE); Remind that I didn?t put ?OC_SECURE? flag when I register my resource in both cases. And when I broadcast discovery message, the HOST address of the found non-secure resource (Case 1) in the response message was ?coaps://xxx.xxx.xxx.xxx:yyyy?. Moreover, the resource client was not able to access(receiving response by sending GET/POST requests) to that resource in both cases if it does not execute the ?Provisioning? process. Question is 1. ?Is it right to use scheme type ?coaps? in host information of the un-secured resource if the server uses the IoTivity stack with ?Secured? mode??. 2. ?Is it right handling if not sending response back to the request on the non-secure resource if the server uses the IoTivity stack with ?Secured? mode?? Seems like ?coap? was used in the ?Non-Secured? mode and ?coaps? in the ?Secured? mode of the IoTivity stack by default. I think the scheme should be ?coap? in the response from non-secure resource regardless of the IoTivity mode(secured vs. non-secured) if the app. developer register the resource without ?OC_SECURE? flag intentionally. However, I just want to check whether this is intended design or not, and if it?s not intended, I would like to create a jira ticket for this. I will be appreciated if you, IoTivity-Security Maintainer, share us some explanation on this issue. :) Thank you. Jay. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20151208/004e30f8/attachment.html>
