SPAN Design: Difference between revisions

From
Jump to navigation Jump to search
No edit summary
Line 6: Line 6:


(Bluetooth built-in? IP-based: Bonjour?)
(Bluetooth built-in? IP-based: Bonjour?)

We should define a service discovery mechanism that is completely IP-based (most probably: use Bonjour for that) and completely agnostic of the lower layers. Then there should also be the possibility to use mechanisms that are specific to the respective lower layer, e.g. to speed up discovery and most importantly to optimize the operation (there's no sense in establishing a full IP connection with ZeroConf etc. when it can be determined at the Bluetooth layer that the remote side won't talk with us anyways). These lower layer mechanisms would have to be defined separately for each NFC technology. In the case of Bluetooth that would most probably be based on SDP.


=== Phase 2: Authentification and Authorization ===
=== Phase 2: Authentification and Authorization ===

Revision as of 15:16, 3 November 2005


Protocol Design

Phase 1: Service Discovery

(Bluetooth built-in? IP-based: Bonjour?)

We should define a service discovery mechanism that is completely IP-based (most probably: use Bonjour for that) and completely agnostic of the lower layers. Then there should also be the possibility to use mechanisms that are specific to the respective lower layer, e.g. to speed up discovery and most importantly to optimize the operation (there's no sense in establishing a full IP connection with ZeroConf etc. when it can be determined at the Bluetooth layer that the remote side won't talk with us anyways). These lower layer mechanisms would have to be defined separately for each NFC technology. In the case of Bluetooth that would most probably be based on SDP.

Phase 2: Authentification and Authorization

All (?) communication can be done using (signed) SAML assertions and protocols

  • Client (mobile phone) authenticates to service device (beamer)
  • Client asks service device for usage access
  • Service device asks client for authorization
  • Client asks Access Control Manager for authorization to access service device
  • Client gets authorization from Access Control Manager
  • Client hands authorization over to service device
  • Service device grants access

Used SAML assertions and protocols:

  • SAML Authentication query
  • SAML Authentication statement
  • SAML Authorization decision query
  • SAML Authorization decision statement

Phase 3: Using the Service

...