W3C home > Mailing lists > Public > public-wot-ig@w3.org > February 2016

Re: Device Discovery and Telehash

From: Drasko DRASKOVIC <drasko.draskovic@gmail.com>
Date: Mon, 8 Feb 2016 20:05:00 +0100
Message-ID: <CAEk6gTBrHuHQTorFKjeYdP=LOWtM+yep+5RVy9vN7XxQ+h1nYw@mail.gmail.com>
To: Dave Raggett <dsr@w3.org>
Cc: Tibor Pardi <tibor@zovolt.com>, Public Web of Things IG <public-wot-ig@w3.org>
On Mon, Feb 8, 2016 at 7:22 PM, Dave Raggett <dsr@w3.org> wrote:
> Any thoughts on access control, a) for discovery and b) for accessing the
> service ?
> We would want to provide a simple approach that is easy to configure.

I do not know how Telehash solves this exactly, this is worth looking.
Usual centralized approach is via api_key, i.e. secret token. Meshblu
(https://github.com/octoblu/meshblu) for example uses simple device
provisioning via POST on /devices route. For some reason I do not
understand, they use both auth_uuid and auth_token
(https://github.com/octoblu/meshblu/issues/116). Also it might be
noted that I stumbled upon some weird SW patents that they filled:
https://github.com/octoblu/meshblu/issues/117, which is kind of sad -
because SW is MIT licensed.

In Mainflux (https://github.com/Mainflux/mainflux) I use JWT, which is
generated to hold device auth_id inside it:
Server (based on Restify) protects all routes except /status and POST
on devices (for provisioning) with this JWT:

I am looking now at Fiware (https://www.fiware.org/), but it uses
pretty heavy OAuth2 authentication via proxies that protect accesses
to various microservices... Dont know - if there will be notion of
users on the server which can control only their's subset of devices
maybe OAuth2 migh be the best solution...

Received on Monday, 8 February 2016 19:05:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:26:55 UTC