Coder Social home page Coder Social logo

ace's People

Contributors

duranda avatar happyemu avatar

Stargazers

avatar

Watchers

avatar avatar avatar

Forkers

io42630

ace's Issues

Authentication data is sent in message-body when using HTTP

EDHOC data is currently handled as a raw payload on HTTPResourceServer and HTTPClient. As EDHOC is made primarly for CoAP, some extra adaptations are required to make it compliant.

In the current state, accessing resources has application/edhoc data in message-body:

ace/lib/ace/client/__init__.py

Line 119 in 21d9235

async with self.client.get(f"{rs_url}{endpoint}", data=data) as resp:

This is clearly in violation of HTTP/1.1:

A message-body MUST NOT be included in a request if the specification of the request method (section 5.1.1) does not allow sending an entity-body in requests.

Instead, authentication data should be provided as a CBOR Web Token in the Authorization header. This might be encoded using base64url.

Scope naming scheme.

ace/examples/temperature_server.py

Line 22 in 3b69e40

router.add_get('/temperature', self.wrap(scope="read_temperature", handler=self.get_temperature))

Is it feasible to change the scope naming scheme from:
scope="read_temperature"
to:
scope="METHOD PATH"
in order to match the location of the currently requested resource, such that scope becomes for example:
scope="GET /temperature"
scope="PUT /0/properties/temperature"
?

Pros:

  • RS can check scope without the necessity of an internal scope to PATH table.

Cons:

  • Sending PATH over the air from CL to AS/authz-info might not in accordance ACE spec.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.