Closed zubairhamed closed 6 years ago
A device within Hono is defined by its (unique) (tenant ID, device ID) tuple. That said, a particular device can have arbitrary authentication IDs associated with it (using the Credentials API). This accounts for use cases where a device is capable of using multiple transport protocols (and authentication mechanisms) or rotating keys. However, when a device connects to a protocol adapter and gets authenticated, its device ID is resolved based on the credentials (auth ID + secret) the device provides. Thus, if two devices use the same credentials during authentication, they are resolved to the same device ID, i.e. Hono treats them as the same device. With gateways there are two scenarios possible:
Hi Kai,
I’m referring to more like the pattern of actual devices which are non ip enabled and needs the use of a gateway to proxy them.
Think of Example Zigbee where nodes should be identified by devices but the gateway could be using a single username or password(or certificate auth)
Z
Still, this might be accomplished using any of the approaches outlined above. Which one are you referring to? Do the ZigBee devices/sensors need to be represented by their own device ID or are they mapped to properties of the gateway, so that when such a ZigBee device has some data to publish, it would appear as if it came from the gateway?
Yes exactly. Each Zigbee (or any other typical similar protocol)device would be its own device and would need its own Device ID.
Each Zigbee (or any other typical similar protocol)device would be its own device and would need its own Device ID.
Is that a hard requirement or is this just the first approach that came to mind? Would it also work to map the ZigBee devices to properties of the gateway?
Its a hard requirement, such devices have their own pairing, commissioning process etc so they shouldn't be compared to data/sensors.
Also LPWAN technologies (LoRAWAN/Sigfox) where you typically configure a single backend callback of device "types" and not devices would be affected.
If you're available later after lunch for f2f, i can show you exactly what i mean.
Z
I see. Then the answer is: no, Hono does not support this use case at the moment. The protocol adapters currently do not support a client to act on behalf of other devices. We have been giving this some thought but it would probably require some more sophisticated authorization model than what we currently have in place.
One possible approach to the use case where a gateway acts on behalf of another device:
This way we could gradually introduce support for this kind of gateway operation by
@sophokles73 The approach you've illustrated sounds good.
fixed in 95407c4c4d32ac31fdfceebc8e4fbaf1a3eed81c
For example, devices which are proxied by an HTTP server (or the typical Gateway pattern for non-ip devices)
Currently it looks like a 1:1 mapping between auth-id and device-id
I understand that POST omits the tenant and device-id from the path.
How can multiple devices use the same auth-id to authenticate? Combine Basic Auth with the PUT request instead?