[Security] Behavior of /oic/d & /oic/p resources for secured device
I have 2 concerns regarding /oic/d and /oic/p resources for secured device:
- Currently, unicast or multicast request to a secured device's /oic/d & /oic/p is responded with 4.01(unauthorized request). If we add two entries in the database for /oic/d & /oic/p( like there is already for /oic/res) then these resources are accessible and both unicast & multicast is responded with 2.05. So my concern is, should the device vendor add this to the database themselves or it should be pre added with iotivity default database?
- When I add the entries for /oic/d & /oic/p in the database, as these resources do not have a secured port, even after provisioning the device, any client can access them. So I want to know the security policy on this regard; that what is the desired outcome - all the clients will be able to access /oic/d & /oic/p of a secured & provisioned resource or only the authorized clients should have access to it?
JIRA migration meta data
- JIRA Issue ID: IOT-1077
- Reporter: i.mushfiq
- Assignee: randeep01
- Creator: i.mushfiq
- Created at: 2016-04-06T18:25:55.000-0700
- Found in Version: 1.1.0-RC2
- Fix in Version: 1.1-rel
- Issue Severity: Major
- Reproducibility: Always (100%)
- Operating System: Ubuntu
- Hardware/ OEM Platform: None
- External URL: None
- Bugzilla ID: None
- Product: None
- Status: Closed
- Components: SDK
- Priority: P3
- Due Date: None
-
Issue Type: Bug
END of JIRA migration meta data