Loading ...
Sorry, an error occurred while loading the content.

14731Re: [rest-discuss] Managing local device through server

Expand Messages
  • George
    Feb 2, 2010
    • 0 Attachment
      I'll give it a try. I though I could make it using REST approach, but it
      seems it is not gonna be possible.

      Let's read and see if a flash comes ;)

      See you


      On 02/02/2010 18:10, António Mota wrote:
      > Well, basically yes, is for synchronizing devices, but can be extended
      > to other things. For example, we use (among other things) the Alert
      > messages to pass what is called Command&Control messages between two
      > systems.
      >
      > Now this is quite incompatible with the idea of REST, because SyncML
      > is based on Command Elements, it's not resource oriented. What you can
      > do is to use SyncML as payloads of REST messages, like you'll do with
      > any other media-type, and let the service implementations deal with
      > the SyncML itself.
      >
      > But even if this doesn't apply to your scenario, reading the sepc MAY
      > give you some good ideas...
      >
      > _________________________________________________
      >
      > Melhores cumprimentos / Beir beannacht / Best regards
      >
      > António Manuel dos Santos Mota
      >
      > http://card.ly/amsmota
      > _________________________________________________
      >
      >
      >
      >
      > 2010/2/2 George<george.news@...>:
      >>
      >> On 02/02/2010 14:31, António Mota wrote:
      >>>
      >>> I just read this on the diagonal, but it seems similar to what SyncML
      >>> does, is that the case?
      >>
      >> SyncML seems to be used to syncronized devices' (mobiles, handhelds,..) information, such as contacts,... My case is not such a thing, as the commands are for instance RS232 commands to be sent to a local device.
      >>
      >> Thanks. Anyway I will read a little further SyncML (curiosity)
      >>
      >> See you
      >>
      >>
      >>
      >>>
      >>> _________________________________________________
      >>>
      >>> Melhores cumprimentos / Beir beannacht / Best regards
      >>>
      >>> António Manuel dos Santos Mota
      >>>
      >>> http://card.ly/amsmota
      >>> _________________________________________________
      >>>
      >>>
      >>>
      >>>
      >>> 2010/2/2 George<george.news@...>:
      >>>>
      >>>> Boing... any idea?
      >>>>
      >>>> On 01/02/2010 10:28, George wrote:
      >>>>>
      >>>>>
      >>>>> Hi,
      >>>>>
      >>>>> Let's try to explain it a little further.
      >>>>>
      >>>>> On 01/02/2010 9:02, Jan Algermissen wrote:
      >>>>> > George,
      >>>>> >
      >>>>> > On Jan 30, 2010, at 1:38 PM, George wrote:
      >>>>> >
      >>>>> >> Hi,
      >>>>> >>
      >>>>> >> I'm planning to develop a webservice, and I like to try the RESTful
      >>>>> >> architecture.
      >>>>> >>
      >>>>> >> The service is about downloading some data from the server to a device
      >>>>> >> attached on the local computer. The client need to retrieve the command
      >>>>> >> from the server and then send the response of the device to the server
      >>>>> >> to check its validity. Then the server says if it is ok or not.
      >>>>> >
      >>>>> > I think I do not understand what you are up to. Why does the client
      >>>>> fetch the command for the device from the server?
      >>>>>
      >>>>> The system is foreseen to control a hardware device. The issue is that
      >>>>> the device only accepts a subset of commands based on some cryptographic
      >>>>> features.
      >>>>>
      >>>>> I don't want the command set and the cryptographic keys to be on the
      >>>>> client, as this way I have to replicate the keys on every client and the
      >>>>> security can be comprised.
      >>>>>
      >>>>> Each command is encrypted with different keys depending on the device it
      >>>>> is directed to. So the issue is first is that the server needs to know
      >>>>> the device as to open the session with the correct set of keys. After
      >>>>> that, the client get the command (encripted and maced with server keys),
      >>>>> this command is sent to the device who will response. The response has
      >>>>> some crypto stuff that need to be check on the server. Then the client
      >>>>> get an ACK or NACK depending on the correct answer from the device
      >>>>> (whether the command is well executed or not, or whether the device owns
      >>>>> the correct set of keys and it not a fake device).
      >>>>>
      >>>>> >
      >>>>> >
      >>>>> >
      >>>>> >>
      >>>>> >> Device client Server
      >>>>> >> ----> Get command
      >>>>> >> <-----<-----
      >>>>> >>
      >>>>> >> ----> ----> Response from device
      >>>>> >> <----- Response from server indicating
      >>>>> >> if it is ok or not the execution
      >>>>> >>
      >>>>> >> It would be like: client calls authenticate of device. then the server
      >>>>> >> sends the command to be sent to the device for authentication.
      >>>>> >
      >>>>> > HTTP authentication is orthogonal. Use one of the HTTP standard
      >>>>> authentication solutions.
      >>>>>
      >>>>> Authentication is done based on the crypto protocol that I explained above.
      >>>>>
      >>>>> >
      >>>>> >
      >>>>> >> The
      >>>>> >> client send this command to the device and the response is sent back to
      >>>>> >> the server. The server then replies.
      >>>>> >>
      >>>>> >> I have thought on:
      >>>>> >> /device/{id} as resource
      >>>>> >> /device/{id}/authenticate
      >>>>> >> GET will retrieve the command and blank state
      >>>>> >> <command> value</command>
      >>>>> >> <state> not defined</command>
      >>>>> >> PUT will send the response and get the real state
      >>>>> >> ---> <response> value</response>
      >>>>> >> <---<state> not defined</command>
      >>>>> >>
      >>>>> >> I don't know if this is REST. Is it better to create another
      >>>>> resource as:
      >>>>> >> /device/{id}/authenticate/command (only GET available)
      >>>>> >> /device/{id}/authenticate/response (only PUT available)
      >>>>> >> /device/{id}/authenticate (only GET avaliable for status)
      >>>>> >>
      >>>>> >> Any help is welcome.
      >>>>> >
      >>>>> > Can you explain your requirements? I am having trouble understanding
      >>>>> what you are trying to do.
      >>>>>
      >>>>> The issue is that I need to get a command and then check the answer from
      >>>>> that command. This will be done in 2 steps, and I don't know how to map
      >>>>> that into resources.
      >>>>>
      >>>>> Thanks... hope now is clearer.
      >>>>>
      >>>>> CU
      >>>>> Jorge
      >>>>>
      >>>>> > Jan
      >>>>> >
      >>>>> >
      >>>>> >
      >>>>> >> TA
      >>>>> >>
      >>>>> >>
      >>>>> >>
      >>>>> >>
      >>>>> >>
      >>>>> >>
      >>>>> >>
      >>>>> >>
      >>>>> >> ------------------------------------
      >>>>> >>
      >>>>> >> Yahoo! Groups Links
      >>>>> >>
      >>>>> >>
      >>>>> >>
      >>>>> >
      >>>>> > -----------------------------------
      >>>>> > Jan Algermissen, Consultant
      >>>>> >
      >>>>> > Mail: algermissen@...<mailto:algermissen%40acm.org>
      >>>>> > Blog: http://www.nordsc.com/blog/<http://www.nordsc.com/blog/>
      >>>>> > Work: http://www.nordsc.com/<http://www.nordsc.com/>
      >>>>> > -----------------------------------
      >>>>> >
      >>>>> >
      >>>>> >
      >>>>>
      >>>>>
      >>>>
      >>>>
      >>>>
      >>>> ------------------------------------
      >>>>
      >>>> Yahoo! Groups Links
      >>>>
      >>>>
      >>>>
      >>>>
      >>>
      >>
      >>
      >
    • Show all 8 messages in this topic