Loading ...
Sorry, an error occurred while loading the content.

14730Re: [rest-discuss] Managing local device through server

Expand Messages
  • António Mota
    Feb 2 9:10 AM
    • 0 Attachment
      Well, basically yes, is for synchronizing devices, but can be extended
      to other things. For example, we use (among other things) the Alert
      messages to pass what is called Command&Control messages between two
      systems.

      Now this is quite incompatible with the idea of REST, because SyncML
      is based on Command Elements, it's not resource oriented. What you can
      do is to use SyncML as payloads of REST messages, like you'll do with
      any other media-type, and let the service implementations deal with
      the SyncML itself.

      But even if this doesn't apply to your scenario, reading the sepc MAY
      give you some good ideas...

      _________________________________________________

      Melhores cumprimentos / Beir beannacht / Best regards

      António Manuel dos Santos Mota

      http://card.ly/amsmota
      _________________________________________________




      2010/2/2 George <george.news@...>:
      >
      > On 02/02/2010 14:31, António Mota wrote:
      >>
      >> I just read this on the diagonal, but it seems similar to what SyncML
      >> does, is that the case?
      >
      > SyncML seems to be used to syncronized devices' (mobiles, handhelds,..) information, such as contacts,... My case is not such a thing, as the commands are for instance RS232 commands to be sent to a local device.
      >
      > Thanks. Anyway I will read a little further SyncML (curiosity)
      >
      > See you
      >
      >
      >
      >>
      >> _________________________________________________
      >>
      >> Melhores cumprimentos / Beir beannacht / Best regards
      >>
      >> António Manuel dos Santos Mota
      >>
      >> http://card.ly/amsmota
      >> _________________________________________________
      >>
      >>
      >>
      >>
      >> 2010/2/2 George<george.news@...>:
      >>>
      >>> Boing... any idea?
      >>>
      >>> On 01/02/2010 10:28, George wrote:
      >>>>
      >>>>
      >>>> Hi,
      >>>>
      >>>> Let's try to explain it a little further.
      >>>>
      >>>> On 01/02/2010 9:02, Jan Algermissen wrote:
      >>>>  >  George,
      >>>>  >
      >>>>  >  On Jan 30, 2010, at 1:38 PM, George wrote:
      >>>>  >
      >>>>  >>  Hi,
      >>>>  >>
      >>>>  >>  I'm planning to develop a webservice, and I like to try the RESTful
      >>>>  >>  architecture.
      >>>>  >>
      >>>>  >>  The service is about downloading some data from the server to a device
      >>>>  >>  attached on the local computer. The client need to retrieve the command
      >>>>  >>  from the server and then send the response of the device to the server
      >>>>  >>  to check its validity. Then the server says if it is ok or not.
      >>>>  >
      >>>>  >  I think I do not understand what you are up to. Why does the client
      >>>> fetch the command for the device from the server?
      >>>>
      >>>> The system is foreseen to control a hardware device. The issue is that
      >>>> the device only accepts a subset of commands based on some cryptographic
      >>>> features.
      >>>>
      >>>> I don't want the command set and the cryptographic keys to be on the
      >>>> client, as this way I have to replicate the keys on every client and the
      >>>> security can be comprised.
      >>>>
      >>>> Each command is encrypted with different keys depending on the device it
      >>>> is directed to. So the issue is first is that the server needs to know
      >>>> the device as to open the session with the correct set of keys. After
      >>>> that, the client get the command (encripted and maced with server keys),
      >>>> this command is sent to the device who will response. The response has
      >>>> some crypto stuff that need to be check on the server. Then the client
      >>>> get an ACK or NACK depending on the correct answer from the device
      >>>> (whether the command is well executed or not, or whether the device owns
      >>>> the correct set of keys and it not a fake device).
      >>>>
      >>>>  >
      >>>>  >
      >>>>  >
      >>>>  >>
      >>>>  >>  Device client Server
      >>>>  >>  ---->  Get command
      >>>>  >>  <-----<-----
      >>>>  >>
      >>>>  >>  ---->  ---->  Response from device
      >>>>  >>  <----- Response from server indicating
      >>>>  >>  if it is ok or not the execution
      >>>>  >>
      >>>>  >>  It would be like: client calls authenticate of device. then the server
      >>>>  >>  sends the command to be sent to the device for authentication.
      >>>>  >
      >>>>  >  HTTP authentication is orthogonal. Use one of the HTTP standard
      >>>> authentication solutions.
      >>>>
      >>>> Authentication is done based on the crypto protocol that I explained above.
      >>>>
      >>>>  >
      >>>>  >
      >>>>  >>  The
      >>>>  >>  client send this command to the device and the response is sent back to
      >>>>  >>  the server. The server then replies.
      >>>>  >>
      >>>>  >>  I have thought on:
      >>>>  >>  /device/{id} as resource
      >>>>  >>  /device/{id}/authenticate
      >>>>  >>  GET will retrieve the command and blank state
      >>>>  >>  <command>  value</command>
      >>>>  >>  <state>  not defined</command>
      >>>>  >>  PUT will send the response and get the real state
      >>>>  >>  --->  <response>  value</response>
      >>>>  >>  <---<state>  not defined</command>
      >>>>  >>
      >>>>  >>  I don't know if this is REST. Is it better to create another
      >>>> resource as:
      >>>>  >>  /device/{id}/authenticate/command (only GET available)
      >>>>  >>  /device/{id}/authenticate/response (only PUT available)
      >>>>  >>  /device/{id}/authenticate (only GET avaliable for status)
      >>>>  >>
      >>>>  >>  Any help is welcome.
      >>>>  >
      >>>>  >  Can you explain your requirements? I am having trouble understanding
      >>>> what you are trying to do.
      >>>>
      >>>> The issue is that I need to get a command and then check the answer from
      >>>> that command. This will be done in 2 steps, and I don't know how to map
      >>>> that into resources.
      >>>>
      >>>> Thanks... hope now is clearer.
      >>>>
      >>>> CU
      >>>> Jorge
      >>>>
      >>>>  >  Jan
      >>>>  >
      >>>>  >
      >>>>  >
      >>>>  >>  TA
      >>>>  >>
      >>>>  >>
      >>>>  >>
      >>>>  >>
      >>>>  >>
      >>>>  >>
      >>>>  >>
      >>>>  >>
      >>>>  >>  ------------------------------------
      >>>>  >>
      >>>>  >>  Yahoo! Groups Links
      >>>>  >>
      >>>>  >>
      >>>>  >>
      >>>>  >
      >>>>  >  -----------------------------------
      >>>>  >  Jan Algermissen, Consultant
      >>>>  >
      >>>>  >  Mail: algermissen@...<mailto:algermissen%40acm.org>
      >>>>  >  Blog: http://www.nordsc.com/blog/<http://www.nordsc.com/blog/>
      >>>>  >  Work: http://www.nordsc.com/<http://www.nordsc.com/>
      >>>>  >  -----------------------------------
      >>>>  >
      >>>>  >
      >>>>  >
      >>>>
      >>>>
      >>>
      >>>
      >>>
      >>> ------------------------------------
      >>>
      >>> Yahoo! Groups Links
      >>>
      >>>
      >>>
      >>>
      >>
      >
      >
    • Show all 8 messages in this topic