Revision history [back]

click to hide/show revision 1
initial version

Your observation is correct. Authentication mechanisms in AllJoyn are independent of one another. When two peers authenticate with one another in AllJoyn, they exchange a list of auth mechanisms and choose the strongest one that is common to both. Once authentication (using any authentication mechanism) is complete, a master secret gets established which is used for further communication (the expiration of master secret is configurable by the application).

You are looking to chain these authentication mechanism to mandate multiple authentication mechanisms. Because what you are looking for is not the usual state of affairs in AllJoyn, you would need to write your application in the following manner:

  • Create two BusAttachments, BA1 & BA2. Enable auth mechanism M1 on BA1 and auth mechanism M2 and BA2. Have the consumer app authenticate against both BA1 and BA2. This method of using multiple BusAttachments in one application is usually not recommended due to higher resource usage.
  • Create one BusAttachment BA and enable auth mechanism M1. As soon as authentication using M1 is complete, clear the keys using ajn::BusAttachment::ClearKeys, disable auth mechanism M1 and enable auth mechanism M2. You will need to exercise a greater care to handle multiple devices authenticating simultaneously and ensure that the flow is correct.

What you are looking to do hasn't been attempted before, and hence your mileage way vary. If you are looking for additional guidance with Security in AllJoyn, you might want to contact: allseen-security@lists.allseenalliance.org.

Your observation is correct. Authentication mechanisms in AllJoyn are independent of one another. When two peers authenticate with one another in AllJoyn, they exchange a list of auth mechanisms and choose the strongest one that is common to both. Once authentication (using any authentication mechanism) is complete, a master secret gets established which is used for further communication (the expiration of master secret is configurable by the application).

You are looking to chain these authentication mechanism to mandate multiple authentication mechanisms. Because what you are looking for is not the usual state of affairs in AllJoyn, you would need to write your application in the following manner:

  • Create two BusAttachments, BA1 & BA2. Enable auth mechanism M1 on BA1 and auth mechanism M2 and on BA2. Have the consumer app authenticate against both BA1 and BA2. This method of using multiple BusAttachments in one application is usually not recommended due to higher resource usage.
  • Create one BusAttachment BA and enable auth mechanism M1. As soon as authentication using M1 is complete, clear the keys using ajn::BusAttachment::ClearKeys, disable auth mechanism M1 and enable auth mechanism M2. You will need to exercise a greater care to handle multiple devices authenticating simultaneously and ensure that the flow is correct.

What you are looking to do hasn't been attempted before, and hence your mileage way vary. If you are looking for additional guidance with Security in AllJoyn, you might want to contact: allseen-security@lists.allseenalliance.org.

Your observation is correct. Authentication mechanisms in AllJoyn are independent of one another. When two peers authenticate with one another in AllJoyn, they exchange a list of auth mechanisms and choose the strongest one that is common to both. Once authentication (using any authentication mechanism) is complete, a master secret gets established which is used for further communication (the expiration of master secret is configurable by the application).

You are looking to chain these authentication mechanism to mandate multiple authentication mechanisms. Because what you are looking for is not the usual state of affairs in AllJoyn, you would need to write your application in the one of the two following manner:ways:

  • Create two BusAttachments, BA1 & BA2. Enable auth mechanism M1 on BA1 and auth mechanism M2 on BA2. Have the consumer app authenticate against both BA1 and BA2. This method of using multiple BusAttachments in one application is usually not recommended due to higher resource usage.
  • Create one BusAttachment BA and enable auth mechanism M1. As soon as authentication using M1 is complete, clear the keys using ajn::BusAttachment::ClearKeys, disable auth mechanism M1 and enable auth mechanism M2. You will need to exercise a greater care to handle multiple devices authenticating simultaneously and ensure that the flow is correct.

What you are looking to do hasn't been attempted before, and hence your mileage way vary. If you are looking for additional guidance with Security in AllJoyn, you might want to contact: allseen-security@lists.allseenalliance.org.