Loading ...
Sorry, an error occurred while loading the content.
 

Re: [rest-discuss] Managing local device through server

Expand Messages
  • Jan Algermissen
    George, ... I think I do not understand what you are up to. Why does the client fetch the command for the device from the server? ... HTTP authentication is
    Message 1 of 8 , Feb 1, 2010
      George,

      On Jan 30, 2010, at 1:38 PM, George wrote:

      > Hi,
      >
      > I'm planning to develop a webservice, and I like to try the RESTful
      > architecture.
      >
      > The service is about downloading some data from the server to a device
      > attached on the local computer. The client need to retrieve the command
      > from the server and then send the response of the device to the server
      > to check its validity. Then the server says if it is ok or not.

      I think I do not understand what you are up to. Why does the client fetch the command for the device from the server?



      >
      > Device client Server
      > ----> Get command
      > <----- <-----
      >
      > ----> ----> Response from device
      > <----- Response from server indicating
      > if it is ok or not the execution
      >
      > It would be like: client calls authenticate of device. then the server
      > sends the command to be sent to the device for authentication.

      HTTP authentication is orthogonal. Use one of the HTTP standard authentication solutions.


      > The
      > client send this command to the device and the response is sent back to
      > the server. The server then replies.
      >
      > I have thought on:
      > /device/{id} as resource
      > /device/{id}/authenticate
      > GET will retrieve the command and blank state
      > <command> value </command>
      > <state> not defined </command>
      > PUT will send the response and get the real state
      > ---> <response> value </response>
      > <--- <state> not defined </command>
      >
      > I don't know if this is REST. Is it better to create another resource as:
      > /device/{id}/authenticate/command (only GET available)
      > /device/{id}/authenticate/response (only PUT available)
      > /device/{id}/authenticate (only GET avaliable for status)
      >
      > Any help is welcome.

      Can you explain your requirements? I am having trouble understanding what you are trying to do.

      Jan



      > TA
      >
      >
      >
      >
      >
      >
      >
      >
      > ------------------------------------
      >
      > Yahoo! Groups Links
      >
      >
      >

      -----------------------------------
      Jan Algermissen, Consultant

      Mail: algermissen@...
      Blog: http://www.nordsc.com/blog/
      Work: http://www.nordsc.com/
      -----------------------------------
    • George
      Hi, Let s try to explain it a little further. ... The system is foreseen to control a hardware device. The issue is that the device only accepts a subset of
      Message 2 of 8 , Feb 1, 2010
        Hi,

        Let's try to explain it a little further.


        On 01/02/2010 9:02, Jan Algermissen wrote:
        > George,
        >
        > On Jan 30, 2010, at 1:38 PM, George wrote:
        >
        >> Hi,
        >>
        >> I'm planning to develop a webservice, and I like to try the RESTful
        >> architecture.
        >>
        >> The service is about downloading some data from the server to a device
        >> attached on the local computer. The client need to retrieve the command
        >> from the server and then send the response of the device to the server
        >> to check its validity. Then the server says if it is ok or not.
        >
        > I think I do not understand what you are up to. Why does the client fetch the command for the device from the server?

        The system is foreseen to control a hardware device. The issue is that
        the device only accepts a subset of commands based on some cryptographic
        features.

        I don't want the command set and the cryptographic keys to be on the
        client, as this way I have to replicate the keys on every client and the
        security can be comprised.

        Each command is encrypted with different keys depending on the device it
        is directed to. So the issue is first is that the server needs to know
        the device as to open the session with the correct set of keys. After
        that, the client get the command (encripted and maced with server keys),
        this command is sent to the device who will response. The response has
        some crypto stuff that need to be check on the server. Then the client
        get an ACK or NACK depending on the correct answer from the device
        (whether the command is well executed or not, or whether the device owns
        the correct set of keys and it not a fake device).

        >
        >
        >
        >>
        >> Device client Server
        >> ----> Get command
        >> <-----<-----
        >>
        >> ----> ----> Response from device
        >> <----- Response from server indicating
        >> if it is ok or not the execution
        >>
        >> It would be like: client calls authenticate of device. then the server
        >> sends the command to be sent to the device for authentication.
        >
        > HTTP authentication is orthogonal. Use one of the HTTP standard authentication solutions.

        Authentication is done based on the crypto protocol that I explained above.

        >
        >
        >> The
        >> client send this command to the device and the response is sent back to
        >> the server. The server then replies.
        >>
        >> I have thought on:
        >> /device/{id} as resource
        >> /device/{id}/authenticate
        >> GET will retrieve the command and blank state
        >> <command> value</command>
        >> <state> not defined</command>
        >> PUT will send the response and get the real state
        >> ---> <response> value</response>
        >> <---<state> not defined</command>
        >>
        >> I don't know if this is REST. Is it better to create another resource as:
        >> /device/{id}/authenticate/command (only GET available)
        >> /device/{id}/authenticate/response (only PUT available)
        >> /device/{id}/authenticate (only GET avaliable for status)
        >>
        >> Any help is welcome.
        >
        > Can you explain your requirements? I am having trouble understanding what you are trying to do.

        The issue is that I need to get a command and then check the answer from
        that command. This will be done in 2 steps, and I don't know how to map
        that into resources.

        Thanks... hope now is clearer.

        CU
        Jorge

        > Jan
        >
        >
        >
        >> TA
        >>
        >>
        >>
        >>
        >>
        >>
        >>
        >>
        >> ------------------------------------
        >>
        >> Yahoo! Groups Links
        >>
        >>
        >>
        >
        > -----------------------------------
        > Jan Algermissen, Consultant
        >
        > Mail: algermissen@...
        > Blog: http://www.nordsc.com/blog/
        > Work: http://www.nordsc.com/
        > -----------------------------------
        >
        >
        >
      • António Mota
        I just read this on the diagonal, but it seems similar to what SyncML does, is that the case? _________________________________________________ Melhores
        Message 3 of 8 , Feb 2, 2010
          I just read this on the diagonal, but it seems similar to what SyncML
          does, is that the case?


          _________________________________________________

          Melhores cumprimentos / Beir beannacht / Best regards

          António Manuel dos Santos Mota

          http://card.ly/amsmota
          _________________________________________________




          2010/2/2 George <george.news@...>:
          > Boing... any idea?
          >
          > On 01/02/2010 10:28, George wrote:
          >>
          >>
          >> Hi,
          >>
          >> Let's try to explain it a little further.
          >>
          >> On 01/02/2010 9:02, Jan Algermissen wrote:
          >>  > George,
          >>  >
          >>  > On Jan 30, 2010, at 1:38 PM, George wrote:
          >>  >
          >>  >> Hi,
          >>  >>
          >>  >> I'm planning to develop a webservice, and I like to try the RESTful
          >>  >> architecture.
          >>  >>
          >>  >> The service is about downloading some data from the server to a device
          >>  >> attached on the local computer. The client need to retrieve the command
          >>  >> from the server and then send the response of the device to the server
          >>  >> to check its validity. Then the server says if it is ok or not.
          >>  >
          >>  > I think I do not understand what you are up to. Why does the client
          >> fetch the command for the device from the server?
          >>
          >> The system is foreseen to control a hardware device. The issue is that
          >> the device only accepts a subset of commands based on some cryptographic
          >> features.
          >>
          >> I don't want the command set and the cryptographic keys to be on the
          >> client, as this way I have to replicate the keys on every client and the
          >> security can be comprised.
          >>
          >> Each command is encrypted with different keys depending on the device it
          >> is directed to. So the issue is first is that the server needs to know
          >> the device as to open the session with the correct set of keys. After
          >> that, the client get the command (encripted and maced with server keys),
          >> this command is sent to the device who will response. The response has
          >> some crypto stuff that need to be check on the server. Then the client
          >> get an ACK or NACK depending on the correct answer from the device
          >> (whether the command is well executed or not, or whether the device owns
          >> the correct set of keys and it not a fake device).
          >>
          >>  >
          >>  >
          >>  >
          >>  >>
          >>  >> Device client Server
          >>  >> ----> Get command
          >>  >> <-----<-----
          >>  >>
          >>  >> ----> ----> Response from device
          >>  >> <----- Response from server indicating
          >>  >> if it is ok or not the execution
          >>  >>
          >>  >> It would be like: client calls authenticate of device. then the server
          >>  >> sends the command to be sent to the device for authentication.
          >>  >
          >>  > HTTP authentication is orthogonal. Use one of the HTTP standard
          >> authentication solutions.
          >>
          >> Authentication is done based on the crypto protocol that I explained above.
          >>
          >>  >
          >>  >
          >>  >> The
          >>  >> client send this command to the device and the response is sent back to
          >>  >> the server. The server then replies.
          >>  >>
          >>  >> I have thought on:
          >>  >> /device/{id} as resource
          >>  >> /device/{id}/authenticate
          >>  >> GET will retrieve the command and blank state
          >>  >> <command> value</command>
          >>  >> <state> not defined</command>
          >>  >> PUT will send the response and get the real state
          >>  >> ---> <response> value</response>
          >>  >> <---<state> not defined</command>
          >>  >>
          >>  >> I don't know if this is REST. Is it better to create another
          >> resource as:
          >>  >> /device/{id}/authenticate/command (only GET available)
          >>  >> /device/{id}/authenticate/response (only PUT available)
          >>  >> /device/{id}/authenticate (only GET avaliable for status)
          >>  >>
          >>  >> Any help is welcome.
          >>  >
          >>  > Can you explain your requirements? I am having trouble understanding
          >> what you are trying to do.
          >>
          >> The issue is that I need to get a command and then check the answer from
          >> that command. This will be done in 2 steps, and I don't know how to map
          >> that into resources.
          >>
          >> Thanks... hope now is clearer.
          >>
          >> CU
          >> Jorge
          >>
          >>  > Jan
          >>  >
          >>  >
          >>  >
          >>  >> TA
          >>  >>
          >>  >>
          >>  >>
          >>  >>
          >>  >>
          >>  >>
          >>  >>
          >>  >>
          >>  >> ------------------------------------
          >>  >>
          >>  >> Yahoo! Groups Links
          >>  >>
          >>  >>
          >>  >>
          >>  >
          >>  > -----------------------------------
          >>  > Jan Algermissen, Consultant
          >>  >
          >>  > Mail: algermissen@... <mailto:algermissen%40acm.org>
          >>  > Blog: http://www.nordsc.com/blog/ <http://www.nordsc.com/blog/>
          >>  > Work: http://www.nordsc.com/ <http://www.nordsc.com/>
          >>  > -----------------------------------
          >>  >
          >>  >
          >>  >
          >>
          >>
          >
          >
          >
          > ------------------------------------
          >
          > Yahoo! Groups Links
          >
          >
          >
          >
        • George
          Boing... any idea?
          Message 4 of 8 , Feb 2, 2010
            Boing... any idea?

            On 01/02/2010 10:28, George wrote:
            >
            >
            > Hi,
            >
            > Let's try to explain it a little further.
            >
            > On 01/02/2010 9:02, Jan Algermissen wrote:
            > > George,
            > >
            > > On Jan 30, 2010, at 1:38 PM, George wrote:
            > >
            > >> Hi,
            > >>
            > >> I'm planning to develop a webservice, and I like to try the RESTful
            > >> architecture.
            > >>
            > >> The service is about downloading some data from the server to a device
            > >> attached on the local computer. The client need to retrieve the command
            > >> from the server and then send the response of the device to the server
            > >> to check its validity. Then the server says if it is ok or not.
            > >
            > > I think I do not understand what you are up to. Why does the client
            > fetch the command for the device from the server?
            >
            > The system is foreseen to control a hardware device. The issue is that
            > the device only accepts a subset of commands based on some cryptographic
            > features.
            >
            > I don't want the command set and the cryptographic keys to be on the
            > client, as this way I have to replicate the keys on every client and the
            > security can be comprised.
            >
            > Each command is encrypted with different keys depending on the device it
            > is directed to. So the issue is first is that the server needs to know
            > the device as to open the session with the correct set of keys. After
            > that, the client get the command (encripted and maced with server keys),
            > this command is sent to the device who will response. The response has
            > some crypto stuff that need to be check on the server. Then the client
            > get an ACK or NACK depending on the correct answer from the device
            > (whether the command is well executed or not, or whether the device owns
            > the correct set of keys and it not a fake device).
            >
            > >
            > >
            > >
            > >>
            > >> Device client Server
            > >> ----> Get command
            > >> <-----<-----
            > >>
            > >> ----> ----> Response from device
            > >> <----- Response from server indicating
            > >> if it is ok or not the execution
            > >>
            > >> It would be like: client calls authenticate of device. then the server
            > >> sends the command to be sent to the device for authentication.
            > >
            > > HTTP authentication is orthogonal. Use one of the HTTP standard
            > authentication solutions.
            >
            > Authentication is done based on the crypto protocol that I explained above.
            >
            > >
            > >
            > >> The
            > >> client send this command to the device and the response is sent back to
            > >> the server. The server then replies.
            > >>
            > >> I have thought on:
            > >> /device/{id} as resource
            > >> /device/{id}/authenticate
            > >> GET will retrieve the command and blank state
            > >> <command> value</command>
            > >> <state> not defined</command>
            > >> PUT will send the response and get the real state
            > >> ---> <response> value</response>
            > >> <---<state> not defined</command>
            > >>
            > >> I don't know if this is REST. Is it better to create another
            > resource as:
            > >> /device/{id}/authenticate/command (only GET available)
            > >> /device/{id}/authenticate/response (only PUT available)
            > >> /device/{id}/authenticate (only GET avaliable for status)
            > >>
            > >> Any help is welcome.
            > >
            > > Can you explain your requirements? I am having trouble understanding
            > what you are trying to do.
            >
            > The issue is that I need to get a command and then check the answer from
            > that command. This will be done in 2 steps, and I don't know how to map
            > that into resources.
            >
            > Thanks... hope now is clearer.
            >
            > CU
            > Jorge
            >
            > > Jan
            > >
            > >
            > >
            > >> TA
            > >>
            > >>
            > >>
            > >>
            > >>
            > >>
            > >>
            > >>
            > >> ------------------------------------
            > >>
            > >> Yahoo! Groups Links
            > >>
            > >>
            > >>
            > >
            > > -----------------------------------
            > > Jan Algermissen, Consultant
            > >
            > > Mail: algermissen@... <mailto:algermissen%40acm.org>
            > > Blog: http://www.nordsc.com/blog/ <http://www.nordsc.com/blog/>
            > > Work: http://www.nordsc.com/ <http://www.nordsc.com/>
            > > -----------------------------------
            > >
            > >
            > >
            >
            >
          • George
            ... SyncML seems to be used to syncronized devices (mobiles, handhelds,..) information, such as contacts,... My case is not such a thing, as the commands are
            Message 5 of 8 , Feb 2, 2010
              On 02/02/2010 14:31, António Mota wrote:
              > I just read this on the diagonal, but it seems similar to what SyncML
              > does, is that the case?

              SyncML seems to be used to syncronized devices' (mobiles, handhelds,..)
              information, such as contacts,... My case is not such a thing, as the
              commands are for instance RS232 commands to be sent to a local device.

              Thanks. Anyway I will read a little further SyncML (curiosity)

              See you



              >
              > _________________________________________________
              >
              > Melhores cumprimentos / Beir beannacht / Best regards
              >
              > António Manuel dos Santos Mota
              >
              > http://card.ly/amsmota
              > _________________________________________________
              >
              >
              >
              >
              > 2010/2/2 George<george.news@...>:
              >> Boing... any idea?
              >>
              >> On 01/02/2010 10:28, George wrote:
              >>>
              >>>
              >>> Hi,
              >>>
              >>> Let's try to explain it a little further.
              >>>
              >>> On 01/02/2010 9:02, Jan Algermissen wrote:
              >>> > George,
              >>> >
              >>> > On Jan 30, 2010, at 1:38 PM, George wrote:
              >>> >
              >>> >> Hi,
              >>> >>
              >>> >> I'm planning to develop a webservice, and I like to try the RESTful
              >>> >> architecture.
              >>> >>
              >>> >> The service is about downloading some data from the server to a device
              >>> >> attached on the local computer. The client need to retrieve the command
              >>> >> from the server and then send the response of the device to the server
              >>> >> to check its validity. Then the server says if it is ok or not.
              >>> >
              >>> > I think I do not understand what you are up to. Why does the client
              >>> fetch the command for the device from the server?
              >>>
              >>> The system is foreseen to control a hardware device. The issue is that
              >>> the device only accepts a subset of commands based on some cryptographic
              >>> features.
              >>>
              >>> I don't want the command set and the cryptographic keys to be on the
              >>> client, as this way I have to replicate the keys on every client and the
              >>> security can be comprised.
              >>>
              >>> Each command is encrypted with different keys depending on the device it
              >>> is directed to. So the issue is first is that the server needs to know
              >>> the device as to open the session with the correct set of keys. After
              >>> that, the client get the command (encripted and maced with server keys),
              >>> this command is sent to the device who will response. The response has
              >>> some crypto stuff that need to be check on the server. Then the client
              >>> get an ACK or NACK depending on the correct answer from the device
              >>> (whether the command is well executed or not, or whether the device owns
              >>> the correct set of keys and it not a fake device).
              >>>
              >>> >
              >>> >
              >>> >
              >>> >>
              >>> >> Device client Server
              >>> >> ----> Get command
              >>> >> <-----<-----
              >>> >>
              >>> >> ----> ----> Response from device
              >>> >> <----- Response from server indicating
              >>> >> if it is ok or not the execution
              >>> >>
              >>> >> It would be like: client calls authenticate of device. then the server
              >>> >> sends the command to be sent to the device for authentication.
              >>> >
              >>> > HTTP authentication is orthogonal. Use one of the HTTP standard
              >>> authentication solutions.
              >>>
              >>> Authentication is done based on the crypto protocol that I explained above.
              >>>
              >>> >
              >>> >
              >>> >> The
              >>> >> client send this command to the device and the response is sent back to
              >>> >> the server. The server then replies.
              >>> >>
              >>> >> I have thought on:
              >>> >> /device/{id} as resource
              >>> >> /device/{id}/authenticate
              >>> >> GET will retrieve the command and blank state
              >>> >> <command> value</command>
              >>> >> <state> not defined</command>
              >>> >> PUT will send the response and get the real state
              >>> >> ---> <response> value</response>
              >>> >> <---<state> not defined</command>
              >>> >>
              >>> >> I don't know if this is REST. Is it better to create another
              >>> resource as:
              >>> >> /device/{id}/authenticate/command (only GET available)
              >>> >> /device/{id}/authenticate/response (only PUT available)
              >>> >> /device/{id}/authenticate (only GET avaliable for status)
              >>> >>
              >>> >> Any help is welcome.
              >>> >
              >>> > Can you explain your requirements? I am having trouble understanding
              >>> what you are trying to do.
              >>>
              >>> The issue is that I need to get a command and then check the answer from
              >>> that command. This will be done in 2 steps, and I don't know how to map
              >>> that into resources.
              >>>
              >>> Thanks... hope now is clearer.
              >>>
              >>> CU
              >>> Jorge
              >>>
              >>> > Jan
              >>> >
              >>> >
              >>> >
              >>> >> TA
              >>> >>
              >>> >>
              >>> >>
              >>> >>
              >>> >>
              >>> >>
              >>> >>
              >>> >>
              >>> >> ------------------------------------
              >>> >>
              >>> >> Yahoo! Groups Links
              >>> >>
              >>> >>
              >>> >>
              >>> >
              >>> > -----------------------------------
              >>> > Jan Algermissen, Consultant
              >>> >
              >>> > Mail: algermissen@...<mailto:algermissen%40acm.org>
              >>> > Blog: http://www.nordsc.com/blog/<http://www.nordsc.com/blog/>
              >>> > Work: http://www.nordsc.com/<http://www.nordsc.com/>
              >>> > -----------------------------------
              >>> >
              >>> >
              >>> >
              >>>
              >>>
              >>
              >>
              >>
              >> ------------------------------------
              >>
              >> Yahoo! Groups Links
              >>
              >>
              >>
              >>
              >
            • António Mota
              Well, basically yes, is for synchronizing devices, but can be extended to other things. For example, we use (among other things) the Alert messages to pass
              Message 6 of 8 , Feb 2, 2010
                Well, basically yes, is for synchronizing devices, but can be extended
                to other things. For example, we use (among other things) the Alert
                messages to pass what is called Command&Control messages between two
                systems.

                Now this is quite incompatible with the idea of REST, because SyncML
                is based on Command Elements, it's not resource oriented. What you can
                do is to use SyncML as payloads of REST messages, like you'll do with
                any other media-type, and let the service implementations deal with
                the SyncML itself.

                But even if this doesn't apply to your scenario, reading the sepc MAY
                give you some good ideas...

                _________________________________________________

                Melhores cumprimentos / Beir beannacht / Best regards

                António Manuel dos Santos Mota

                http://card.ly/amsmota
                _________________________________________________




                2010/2/2 George <george.news@...>:
                >
                > On 02/02/2010 14:31, António Mota wrote:
                >>
                >> I just read this on the diagonal, but it seems similar to what SyncML
                >> does, is that the case?
                >
                > SyncML seems to be used to syncronized devices' (mobiles, handhelds,..) information, such as contacts,... My case is not such a thing, as the commands are for instance RS232 commands to be sent to a local device.
                >
                > Thanks. Anyway I will read a little further SyncML (curiosity)
                >
                > See you
                >
                >
                >
                >>
                >> _________________________________________________
                >>
                >> Melhores cumprimentos / Beir beannacht / Best regards
                >>
                >> António Manuel dos Santos Mota
                >>
                >> http://card.ly/amsmota
                >> _________________________________________________
                >>
                >>
                >>
                >>
                >> 2010/2/2 George<george.news@...>:
                >>>
                >>> Boing... any idea?
                >>>
                >>> On 01/02/2010 10:28, George wrote:
                >>>>
                >>>>
                >>>> Hi,
                >>>>
                >>>> Let's try to explain it a little further.
                >>>>
                >>>> On 01/02/2010 9:02, Jan Algermissen wrote:
                >>>>  >  George,
                >>>>  >
                >>>>  >  On Jan 30, 2010, at 1:38 PM, George wrote:
                >>>>  >
                >>>>  >>  Hi,
                >>>>  >>
                >>>>  >>  I'm planning to develop a webservice, and I like to try the RESTful
                >>>>  >>  architecture.
                >>>>  >>
                >>>>  >>  The service is about downloading some data from the server to a device
                >>>>  >>  attached on the local computer. The client need to retrieve the command
                >>>>  >>  from the server and then send the response of the device to the server
                >>>>  >>  to check its validity. Then the server says if it is ok or not.
                >>>>  >
                >>>>  >  I think I do not understand what you are up to. Why does the client
                >>>> fetch the command for the device from the server?
                >>>>
                >>>> The system is foreseen to control a hardware device. The issue is that
                >>>> the device only accepts a subset of commands based on some cryptographic
                >>>> features.
                >>>>
                >>>> I don't want the command set and the cryptographic keys to be on the
                >>>> client, as this way I have to replicate the keys on every client and the
                >>>> security can be comprised.
                >>>>
                >>>> Each command is encrypted with different keys depending on the device it
                >>>> is directed to. So the issue is first is that the server needs to know
                >>>> the device as to open the session with the correct set of keys. After
                >>>> that, the client get the command (encripted and maced with server keys),
                >>>> this command is sent to the device who will response. The response has
                >>>> some crypto stuff that need to be check on the server. Then the client
                >>>> get an ACK or NACK depending on the correct answer from the device
                >>>> (whether the command is well executed or not, or whether the device owns
                >>>> the correct set of keys and it not a fake device).
                >>>>
                >>>>  >
                >>>>  >
                >>>>  >
                >>>>  >>
                >>>>  >>  Device client Server
                >>>>  >>  ---->  Get command
                >>>>  >>  <-----<-----
                >>>>  >>
                >>>>  >>  ---->  ---->  Response from device
                >>>>  >>  <----- Response from server indicating
                >>>>  >>  if it is ok or not the execution
                >>>>  >>
                >>>>  >>  It would be like: client calls authenticate of device. then the server
                >>>>  >>  sends the command to be sent to the device for authentication.
                >>>>  >
                >>>>  >  HTTP authentication is orthogonal. Use one of the HTTP standard
                >>>> authentication solutions.
                >>>>
                >>>> Authentication is done based on the crypto protocol that I explained above.
                >>>>
                >>>>  >
                >>>>  >
                >>>>  >>  The
                >>>>  >>  client send this command to the device and the response is sent back to
                >>>>  >>  the server. The server then replies.
                >>>>  >>
                >>>>  >>  I have thought on:
                >>>>  >>  /device/{id} as resource
                >>>>  >>  /device/{id}/authenticate
                >>>>  >>  GET will retrieve the command and blank state
                >>>>  >>  <command>  value</command>
                >>>>  >>  <state>  not defined</command>
                >>>>  >>  PUT will send the response and get the real state
                >>>>  >>  --->  <response>  value</response>
                >>>>  >>  <---<state>  not defined</command>
                >>>>  >>
                >>>>  >>  I don't know if this is REST. Is it better to create another
                >>>> resource as:
                >>>>  >>  /device/{id}/authenticate/command (only GET available)
                >>>>  >>  /device/{id}/authenticate/response (only PUT available)
                >>>>  >>  /device/{id}/authenticate (only GET avaliable for status)
                >>>>  >>
                >>>>  >>  Any help is welcome.
                >>>>  >
                >>>>  >  Can you explain your requirements? I am having trouble understanding
                >>>> what you are trying to do.
                >>>>
                >>>> The issue is that I need to get a command and then check the answer from
                >>>> that command. This will be done in 2 steps, and I don't know how to map
                >>>> that into resources.
                >>>>
                >>>> Thanks... hope now is clearer.
                >>>>
                >>>> CU
                >>>> Jorge
                >>>>
                >>>>  >  Jan
                >>>>  >
                >>>>  >
                >>>>  >
                >>>>  >>  TA
                >>>>  >>
                >>>>  >>
                >>>>  >>
                >>>>  >>
                >>>>  >>
                >>>>  >>
                >>>>  >>
                >>>>  >>
                >>>>  >>  ------------------------------------
                >>>>  >>
                >>>>  >>  Yahoo! Groups Links
                >>>>  >>
                >>>>  >>
                >>>>  >>
                >>>>  >
                >>>>  >  -----------------------------------
                >>>>  >  Jan Algermissen, Consultant
                >>>>  >
                >>>>  >  Mail: algermissen@...<mailto:algermissen%40acm.org>
                >>>>  >  Blog: http://www.nordsc.com/blog/<http://www.nordsc.com/blog/>
                >>>>  >  Work: http://www.nordsc.com/<http://www.nordsc.com/>
                >>>>  >  -----------------------------------
                >>>>  >
                >>>>  >
                >>>>  >
                >>>>
                >>>>
                >>>
                >>>
                >>>
                >>> ------------------------------------
                >>>
                >>> Yahoo! Groups Links
                >>>
                >>>
                >>>
                >>>
                >>
                >
                >
              • George
                I ll give it a try. I though I could make it using REST approach, but it seems it is not gonna be possible. Let s read and see if a flash comes ;) See you
                Message 7 of 8 , Feb 2, 2010
                  I'll give it a try. I though I could make it using REST approach, but it
                  seems it is not gonna be possible.

                  Let's read and see if a flash comes ;)

                  See you


                  On 02/02/2010 18:10, António Mota wrote:
                  > Well, basically yes, is for synchronizing devices, but can be extended
                  > to other things. For example, we use (among other things) the Alert
                  > messages to pass what is called Command&Control messages between two
                  > systems.
                  >
                  > Now this is quite incompatible with the idea of REST, because SyncML
                  > is based on Command Elements, it's not resource oriented. What you can
                  > do is to use SyncML as payloads of REST messages, like you'll do with
                  > any other media-type, and let the service implementations deal with
                  > the SyncML itself.
                  >
                  > But even if this doesn't apply to your scenario, reading the sepc MAY
                  > give you some good ideas...
                  >
                  > _________________________________________________
                  >
                  > Melhores cumprimentos / Beir beannacht / Best regards
                  >
                  > António Manuel dos Santos Mota
                  >
                  > http://card.ly/amsmota
                  > _________________________________________________
                  >
                  >
                  >
                  >
                  > 2010/2/2 George<george.news@...>:
                  >>
                  >> On 02/02/2010 14:31, António Mota wrote:
                  >>>
                  >>> I just read this on the diagonal, but it seems similar to what SyncML
                  >>> does, is that the case?
                  >>
                  >> SyncML seems to be used to syncronized devices' (mobiles, handhelds,..) information, such as contacts,... My case is not such a thing, as the commands are for instance RS232 commands to be sent to a local device.
                  >>
                  >> Thanks. Anyway I will read a little further SyncML (curiosity)
                  >>
                  >> See you
                  >>
                  >>
                  >>
                  >>>
                  >>> _________________________________________________
                  >>>
                  >>> Melhores cumprimentos / Beir beannacht / Best regards
                  >>>
                  >>> António Manuel dos Santos Mota
                  >>>
                  >>> http://card.ly/amsmota
                  >>> _________________________________________________
                  >>>
                  >>>
                  >>>
                  >>>
                  >>> 2010/2/2 George<george.news@...>:
                  >>>>
                  >>>> Boing... any idea?
                  >>>>
                  >>>> On 01/02/2010 10:28, George wrote:
                  >>>>>
                  >>>>>
                  >>>>> Hi,
                  >>>>>
                  >>>>> Let's try to explain it a little further.
                  >>>>>
                  >>>>> On 01/02/2010 9:02, Jan Algermissen wrote:
                  >>>>> > George,
                  >>>>> >
                  >>>>> > On Jan 30, 2010, at 1:38 PM, George wrote:
                  >>>>> >
                  >>>>> >> Hi,
                  >>>>> >>
                  >>>>> >> I'm planning to develop a webservice, and I like to try the RESTful
                  >>>>> >> architecture.
                  >>>>> >>
                  >>>>> >> The service is about downloading some data from the server to a device
                  >>>>> >> attached on the local computer. The client need to retrieve the command
                  >>>>> >> from the server and then send the response of the device to the server
                  >>>>> >> to check its validity. Then the server says if it is ok or not.
                  >>>>> >
                  >>>>> > I think I do not understand what you are up to. Why does the client
                  >>>>> fetch the command for the device from the server?
                  >>>>>
                  >>>>> The system is foreseen to control a hardware device. The issue is that
                  >>>>> the device only accepts a subset of commands based on some cryptographic
                  >>>>> features.
                  >>>>>
                  >>>>> I don't want the command set and the cryptographic keys to be on the
                  >>>>> client, as this way I have to replicate the keys on every client and the
                  >>>>> security can be comprised.
                  >>>>>
                  >>>>> Each command is encrypted with different keys depending on the device it
                  >>>>> is directed to. So the issue is first is that the server needs to know
                  >>>>> the device as to open the session with the correct set of keys. After
                  >>>>> that, the client get the command (encripted and maced with server keys),
                  >>>>> this command is sent to the device who will response. The response has
                  >>>>> some crypto stuff that need to be check on the server. Then the client
                  >>>>> get an ACK or NACK depending on the correct answer from the device
                  >>>>> (whether the command is well executed or not, or whether the device owns
                  >>>>> the correct set of keys and it not a fake device).
                  >>>>>
                  >>>>> >
                  >>>>> >
                  >>>>> >
                  >>>>> >>
                  >>>>> >> Device client Server
                  >>>>> >> ----> Get command
                  >>>>> >> <-----<-----
                  >>>>> >>
                  >>>>> >> ----> ----> Response from device
                  >>>>> >> <----- Response from server indicating
                  >>>>> >> if it is ok or not the execution
                  >>>>> >>
                  >>>>> >> It would be like: client calls authenticate of device. then the server
                  >>>>> >> sends the command to be sent to the device for authentication.
                  >>>>> >
                  >>>>> > HTTP authentication is orthogonal. Use one of the HTTP standard
                  >>>>> authentication solutions.
                  >>>>>
                  >>>>> Authentication is done based on the crypto protocol that I explained above.
                  >>>>>
                  >>>>> >
                  >>>>> >
                  >>>>> >> The
                  >>>>> >> client send this command to the device and the response is sent back to
                  >>>>> >> the server. The server then replies.
                  >>>>> >>
                  >>>>> >> I have thought on:
                  >>>>> >> /device/{id} as resource
                  >>>>> >> /device/{id}/authenticate
                  >>>>> >> GET will retrieve the command and blank state
                  >>>>> >> <command> value</command>
                  >>>>> >> <state> not defined</command>
                  >>>>> >> PUT will send the response and get the real state
                  >>>>> >> ---> <response> value</response>
                  >>>>> >> <---<state> not defined</command>
                  >>>>> >>
                  >>>>> >> I don't know if this is REST. Is it better to create another
                  >>>>> resource as:
                  >>>>> >> /device/{id}/authenticate/command (only GET available)
                  >>>>> >> /device/{id}/authenticate/response (only PUT available)
                  >>>>> >> /device/{id}/authenticate (only GET avaliable for status)
                  >>>>> >>
                  >>>>> >> Any help is welcome.
                  >>>>> >
                  >>>>> > Can you explain your requirements? I am having trouble understanding
                  >>>>> what you are trying to do.
                  >>>>>
                  >>>>> The issue is that I need to get a command and then check the answer from
                  >>>>> that command. This will be done in 2 steps, and I don't know how to map
                  >>>>> that into resources.
                  >>>>>
                  >>>>> Thanks... hope now is clearer.
                  >>>>>
                  >>>>> CU
                  >>>>> Jorge
                  >>>>>
                  >>>>> > Jan
                  >>>>> >
                  >>>>> >
                  >>>>> >
                  >>>>> >> TA
                  >>>>> >>
                  >>>>> >>
                  >>>>> >>
                  >>>>> >>
                  >>>>> >>
                  >>>>> >>
                  >>>>> >>
                  >>>>> >>
                  >>>>> >> ------------------------------------
                  >>>>> >>
                  >>>>> >> Yahoo! Groups Links
                  >>>>> >>
                  >>>>> >>
                  >>>>> >>
                  >>>>> >
                  >>>>> > -----------------------------------
                  >>>>> > Jan Algermissen, Consultant
                  >>>>> >
                  >>>>> > Mail: algermissen@...<mailto:algermissen%40acm.org>
                  >>>>> > Blog: http://www.nordsc.com/blog/<http://www.nordsc.com/blog/>
                  >>>>> > Work: http://www.nordsc.com/<http://www.nordsc.com/>
                  >>>>> > -----------------------------------
                  >>>>> >
                  >>>>> >
                  >>>>> >
                  >>>>>
                  >>>>>
                  >>>>
                  >>>>
                  >>>>
                  >>>> ------------------------------------
                  >>>>
                  >>>> Yahoo! Groups Links
                  >>>>
                  >>>>
                  >>>>
                  >>>>
                  >>>
                  >>
                  >>
                  >
                Your message has been successfully submitted and would be delivered to recipients shortly.