On 01/12/2018 01:46 PM, Gregg Reynolds wrote: > On Jan 12, 2018 2:24 PM, "Thiago Macieira" <[email protected]> > wrote: > > On Friday, 12 January 2018 09:24:28 PST Filipe de Melo Silva wrote: >> So, are you saying that is impossible to reproduce this situation? > Suppose >> that we have a resource that can be discovered ONLY by a certain kind of >> users (ex.: Administrators), does IoTivity support it? > > I'm not sure that's a valid use-case. It may be that all resources are > discoverable, > > > As I read the spec, Discovery (which is really just RETRIEVE) is just like > any other request: maybe secure (i.e. authenticated), maybe not. Secure GET > /oic/res requires an authenticated client, and only exposes resources for > which that client is authorized. So it is not the case that all resources > are discoverable by any client. > > G
The essence of the trick is if you perform discovery on a device using its' /oic/res, it has to answer, but it doesn't have to answer revealing anything private, it can instead respond effectively with "call me back on a secure line and we can talk". Then when you then do that, the acls are applied. _______________________________________________ iotivity-dev mailing list [email protected] https://lists.iotivity.org/mailman/listinfo/iotivity-dev
