W3C home > Mailing lists > Public > public-wot-ig@w3.org > February 2016

Re: Device Discovery and Telehash

From: Drasko DRASKOVIC <drasko.draskovic@gmail.com>
Date: Mon, 8 Feb 2016 20:05:00 +0100
Message-ID: <CAEk6gTBrHuHQTorFKjeYdP=LOWtM+yep+5RVy9vN7XxQ+h1nYw@mail.gmail.com>
To: Dave Raggett <dsr@w3.org>
Cc: Tibor Pardi <tibor@zovolt.com>, Public Web of Things IG <public-wot-ig@w3.org>
On Mon, Feb 8, 2016 at 7:22 PM, Dave Raggett <dsr@w3.org> wrote:
> Any thoughts on access control, a) for discovery and b) for accessing the
> service ?
>
> We would want to provide a simple approach that is easy to configure.

I do not know how Telehash solves this exactly, this is worth looking.
Usual centralized approach is via api_key, i.e. secret token. Meshblu
(https://github.com/octoblu/meshblu) for example uses simple device
provisioning via POST on /devices route. For some reason I do not
understand, they use both auth_uuid and auth_token
(https://github.com/octoblu/meshblu/issues/116). Also it might be
noted that I stumbled upon some weird SW patents that they filled:
https://github.com/octoblu/meshblu/issues/117, which is kind of sad -
because SW is MIT licensed.

In Mainflux (https://github.com/Mainflux/mainflux) I use JWT, which is
generated to hold device auth_id inside it:
https://github.com/Mainflux/mainflux/blob/master/app/controllers/devices.js#L25.
Server (based on Restify) protects all routes except /status and POST
on devices (for provisioning) with this JWT:
https://github.com/Mainflux/mainflux/blob/master/server.js#L34.

I am looking now at Fiware (https://www.fiware.org/), but it uses
pretty heavy OAuth2 authentication via proxies that protect accesses
to various microservices... Dont know - if there will be notion of
users on the server which can control only their's subset of devices
maybe OAuth2 migh be the best solution...

BR,
Drasko
Received on Monday, 8 February 2016 19:05:29 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 10 February 2016 08:15:37 UTC