I got a link to the latest posted version of the security spec. https://openconnectivity.org/specs/OIC_Security_Specification_v1.1.0.pdf
Which I will be digging into to try and find answers. I in a short time I did find out a little more about my questions. (Thanks Joseph Morrow. :)) > What values are expected for the 'permission:' tag? The permission level represents a bitmask of CRUDN backward. So actually, the bitmask reads NDURC. For example, a permission value of "1" means that any client can only perform CREATE operations. So value of 6 or "00110" means any client can perform UPDATE or RETRIEVE operations. > Once I have the *.json file with the ACLs. How to I generate the *.dat file? Get the application <iotivity>/out/x86_64/linux/debug/resource/csdk/security/tool/json2cbor built. Run the json2cbor tool with path to your json file as the first argument. Use the path and name of your intended CBOR file as the second argument. I would still really appreciate an example of a permissive ACL *.json file that I could use. George From: iotivity-dev-bounces at lists.iotivity.org [mailto:[email protected]] On Behalf Of Nash, George Sent: Wednesday, January 25, 2017 12:03 PM To: iotivity-dev at lists.iotivity.org Subject: [dev] Documentation for generating ACL file I have been digging thought the documentation available on the wiki and I have not found any documentation that tells how to generate. I have two questions: (Question 1) Is there a ACL file that basically wildcards all the permissions so the application in question basically works the same with SECURED=1 as it did with SECURED=0. I recall seeing a post in the past with a permissive ACL but I could not find it with my fast search. Once I have the *.json file with the ACLs. How to I generate the *.dat file? I want something like this so I can update unittests to just work and not fail due to ACCESS_DENIED failure due to no ACL found. (Question 2) Where can I go to find out more about the ACL options. Right now there are many tags in the example json files that I don't know what is expected. I want to know things like: - What values are expected for the 'permission:' tag? I see 2, 6, 7 I assume the integer represents a mask of read/write/execute values but I don't know those from the number. - I assume (maybe wrongly) that 'rowneruuid' identifies the remote user. Can I have multiple remote users? - Why is rowneruuid in the 'acl' and in the 'cred' when in all of the examples they appear to be the same. Is this for some mapping? - What is the meaning of the numbers for the tags in 'creds'? Tags like 'credid', 'credtype', 'privatedata'. In the `privatedata` is the 'data' a public key? I have looked over the documents I could find on the wiki found from this page. https://wiki.iotivity.org/security?do=backlink I feel there are probably more documents in the security working groups workspace but I don't even know where to start. I am not a security expert so a lot of the nitty gritty details elude me. What I want is a good enough understanding to write a program or ACL file and feel assured it has the permissions and security. Just like many users I have been working with code compiled with SECURED=0. Now that SECURED=1 is the default I am working on updating samples and unit test code to work again. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20170125/8d4b8939/attachment.html>
