I'm pretty sure, from my experiments, the device owner can't access to an application resource if it does not have proper ACE setup. Our smart home companion app <https://github.com/intel/SmartHome-Demo/tree/master/smarthome-companion> has two roles -- a resource client, and a provisioning client, if a device does not have ACE for the application resource, it can't be accessed even from the device owner.
Regards, Tonny On 22 January 2018 at 04:50, Gregg Reynolds <[email protected]> wrote: > > > On Jan 20, 2018 11:59 PM, <[email protected]> wrote: > > Dear Gregg, > > According to https://wiki.iotivity.org/security_resource_manager > |Requests from DevOwner are allowed without checking ACL. > > > I believe that is only half-true. It's true for (some?) SVRs, but (only?) > during onboarding. I think it is never true for application-defined > resources, at least not post-onboarding. Can somebody clarify this? > > G > > _______________________________________________ > iotivity-dev mailing list > [email protected] > https://lists.iotivity.org/mailman/listinfo/iotivity-dev > >
_______________________________________________ iotivity-dev mailing list [email protected] https://lists.iotivity.org/mailman/listinfo/iotivity-dev
