Loading ...
Sorry, an error occurred while loading the content.

14705Re: [rest-discuss] Managing local device through server

Expand Messages
  • George
    Feb 1, 2010
    • 0 Attachment
      Hi,

      Let's try to explain it a little further.


      On 01/02/2010 9:02, Jan Algermissen wrote:
      > George,
      >
      > On Jan 30, 2010, at 1:38 PM, George wrote:
      >
      >> Hi,
      >>
      >> I'm planning to develop a webservice, and I like to try the RESTful
      >> architecture.
      >>
      >> The service is about downloading some data from the server to a device
      >> attached on the local computer. The client need to retrieve the command
      >> from the server and then send the response of the device to the server
      >> to check its validity. Then the server says if it is ok or not.
      >
      > I think I do not understand what you are up to. Why does the client fetch the command for the device from the server?

      The system is foreseen to control a hardware device. The issue is that
      the device only accepts a subset of commands based on some cryptographic
      features.

      I don't want the command set and the cryptographic keys to be on the
      client, as this way I have to replicate the keys on every client and the
      security can be comprised.

      Each command is encrypted with different keys depending on the device it
      is directed to. So the issue is first is that the server needs to know
      the device as to open the session with the correct set of keys. After
      that, the client get the command (encripted and maced with server keys),
      this command is sent to the device who will response. The response has
      some crypto stuff that need to be check on the server. Then the client
      get an ACK or NACK depending on the correct answer from the device
      (whether the command is well executed or not, or whether the device owns
      the correct set of keys and it not a fake device).

      >
      >
      >
      >>
      >> Device client Server
      >> ----> Get command
      >> <-----<-----
      >>
      >> ----> ----> Response from device
      >> <----- Response from server indicating
      >> if it is ok or not the execution
      >>
      >> It would be like: client calls authenticate of device. then the server
      >> sends the command to be sent to the device for authentication.
      >
      > HTTP authentication is orthogonal. Use one of the HTTP standard authentication solutions.

      Authentication is done based on the crypto protocol that I explained above.

      >
      >
      >> The
      >> client send this command to the device and the response is sent back to
      >> the server. The server then replies.
      >>
      >> I have thought on:
      >> /device/{id} as resource
      >> /device/{id}/authenticate
      >> GET will retrieve the command and blank state
      >> <command> value</command>
      >> <state> not defined</command>
      >> PUT will send the response and get the real state
      >> ---> <response> value</response>
      >> <---<state> not defined</command>
      >>
      >> I don't know if this is REST. Is it better to create another resource as:
      >> /device/{id}/authenticate/command (only GET available)
      >> /device/{id}/authenticate/response (only PUT available)
      >> /device/{id}/authenticate (only GET avaliable for status)
      >>
      >> Any help is welcome.
      >
      > Can you explain your requirements? I am having trouble understanding what you are trying to do.

      The issue is that I need to get a command and then check the answer from
      that command. This will be done in 2 steps, and I don't know how to map
      that into resources.

      Thanks... hope now is clearer.

      CU
      Jorge

      > Jan
      >
      >
      >
      >> TA
      >>
      >>
      >>
      >>
      >>
      >>
      >>
      >>
      >> ------------------------------------
      >>
      >> Yahoo! Groups Links
      >>
      >>
      >>
      >
      > -----------------------------------
      > Jan Algermissen, Consultant
      >
      > Mail: algermissen@...
      > Blog: http://www.nordsc.com/blog/
      > Work: http://www.nordsc.com/
      > -----------------------------------
      >
      >
      >
    • Show all 8 messages in this topic