On Jan 12, 2018 3:23 PM, "Mats Wichmann" <[email protected]> wrote:
On 01/12/2018 12:54 PM, Gregg Reynolds wrote: > Looking for more info on this. Anybody have a use case or two? Sample code? > > For example, in a household. Clients with admin role can turn things on or > off. Mom and Pop might use multiple devices to control the network. Kids > cannot. Ok. Why use roles instead of just authenticating each device? If > you assert a role your device must still be authenticated, no? A "role" feels more natural for granting/denying rights than a device. Ok, but no device, no role, right? Role-based authorization is parasitic on device-based authorization, no? So you can one device that may assert multiple roles? I'm feeling kinda dumb here. The Whizzo Corp Whole-Home-Controller can presumably be used by many people, so who gets to do what with it? As could "the TV Remote". Let's say Pop programs some restrictions into the TV for the kids using the remote. If one of the kids picks up the remote, if access is entirely device-based, they can just undo that, no? What's the difference? I guess the kid must enter a pwd to get a role? But with multiple devices, what's the difference? Note that hw device (remote control thingee) != OCF device. I will just fess up here: I am confused. G Current TVs address that by hiding that function behind an extra layer of authentication (usually a PIN) - think of that as the "Can Change Filters" role.
_______________________________________________ iotivity-dev mailing list [email protected] https://lists.iotivity.org/mailman/listinfo/iotivity-dev
