0

Documentation on onboarding

asked 2014-06-11 04:33:40 -0700

leodor gravatar image

Are the onboarding protocols documented anywhere?

I've seen the whitepaper describing it from the development perspective, but how about a functional description?

I am interested in the security aspects of the onboarding process.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2014-06-12 13:04:33 -0700

bspencer gravatar image

The AllJoyn Onboarding interface can be found here. This is the document that provides more details on how the Onboarding service function.s The interface used for the Onboarding serivce is a secure interface, so the payload in the method calls are encrypted. AllJoyn handles the encryption and key exchange, a developer implements the model of authentication to be used: pin/passcode, username/password, certificate.

edit flag offensive delete publish link more

Comments

Thanks, that specification clarifies a lot. Is the passphrase encrypted in any way as it passes between the onboarder and the onboardee, or does AllJoyn rely on the SoftAP's own security? I would appreciate if you could you point me to documentation on secure interfaces as well.

leodor ( 2014-06-16 06:20:54 -0700 )edit

AllJoyn has its own encryption built into the Software Framework. A message payload is encrypted when communicating with a Secure Interface and only the application end points have the keys to decrypt the contents. We do not have a document on security at this time. The source code is available(https://git.allseenalliance.org/cgit/core/alljoyn.git/tree/) and you are welcome to look through the code itself. The SASL framework is first used to negotiate a handshake and then AES128 bit encryption is used at this time. There is a discussion through the AllSeen Alliance for changes/improvements to security. I would recommend you look at signing up to the AllSeen Alliance to help contribute and evolve the project if you are interested in security.

bspencer ( 2014-06-16 19:38:47 -0700 )edit

I am interested in participating. Can you suggest specific mailing lists to join for the discussion on security?

leodor ( 2014-06-17 01:50:54 -0700 )edit

Start with the discussion list: https://lists.allseenalliance.org/mailman/listinfo/allseen-discuss .

bspencer ( 2014-06-20 11:54:11 -0700 )edit

Please, don't forget mark this as answered if you are satisfied with the response.

bspencer ( 2014-06-20 11:55:21 -0700 )edit
Login/Signup to Answer

Question Tools

Follow
1 follower

Stats

Asked: 2014-06-11 04:33:40 -0700

Seen: 213 times

Last updated: Jun 12 '14