| Re: [hono-dev] Credentials API - add operation definition |
|
Hi Karsten, since the Registration API and the Credentials API are fully separated and might be implemented in different services I think you have
a good point. So maybe different data stores with eventual consistency and more complex data management.. but that is the new world.
J Mit freundlichen Grüßen / Best regards Marc Pellmann Bosch Software Innovations GmbH INST/ECS4 Schöneberger Ufer 89-91 10785 Berlin GERMANY Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB 148411 B Executives: Dr. Ing. Rainer Kallenbach, Michael Hahn From: hono-dev-bounces@xxxxxxxxxxx [mailto:hono-dev-bounces@xxxxxxxxxxx]
On Behalf Of Frank Karsten (INST/ECS4) Hi Marc and Bala, thanks for your comments. To decouple the registration of a device and the handling of the credentials for a device has IMHO valid scenarios, like
-
Provide pre-shared keys for a large collection of devices (i.e. provide the credentials for them) -
Brand the concrete devices with these keys in a provisioning scenario of the manufacturer -
Enable resp. register the devices at Hono when coming online the first time, or when a whole subsection of devices are set online, etc. To be clear: I do not want to forbid the coupling of registration and the handling of credentials, I only would like to open it for other use cases where it might
be not necessary to check if a device was registered already. The implementer then can choose which implementation suits best. And Bala mentioned the cyclic dependency which might be problematic to handle. Does that make sense to you? Mit freundlichen Grüßen / Best regards
Bosch Software Innovations GmbH Schöneberger Ufer 89-91 10785 Berlin GERMANY Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB 148411 B; Executives: Dr.-Ing.
Rainer Kallenbach, Michael Hahn Von: hono-dev-bounces@xxxxxxxxxxx [mailto:hono-dev-bounces@xxxxxxxxxxx]
Im Auftrag von Pellmann Marc (INST/ECS4) Hi Karsten, at the end there need to be a link between the device and the credentials. In terms of e.g. a relational database there will be a relation. So it is always needed
to check for the master data of the device at some point. And for me it is more an aggregation as an association. I do not see the advantage of being able to store credentials before the device is created? What scenarios do you have in mind? A lot of problems might follow –
e.g. you might need to register a pseudo device, but then you have already taken the id. And if you want to delete a device all credentials should belong to it and should also be deleted – but there will be credentials without devices. Or maybe I missed your point here? Mit freundlichen Grüßen / Best regards Marc Pellmann Bosch Software Innovations GmbH INST/ECS4 Schöneberger Ufer 89-91 10785 Berlin GERMANY Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB 148411 B Executives: Dr. Ing. Rainer Kallenbach, Michael Hahn From:
hono-dev-bounces@xxxxxxxxxxx [mailto:hono-dev-bounces@xxxxxxxxxxx]
On Behalf Of Frank Karsten (INST/ECS4) Hi committers and contributors, When discussing the implementation of the “add”-operation for device credentials yesterday we found the following point: -
The API definition currently states that this operation is for devices that were already registered with Hono (by means of the registration API) Quotation : “Clients may use this command to initially add credentials for a device that has already been registered with Hono.” -
If credentials are added for not (yet) registered devices, an error code 412 should be returned, indicating that the device is not known to Hono While this seems to be straightforward, it has the implication that any implementation of the credentials API has to first check if the device of an “add” operation
is registered already. I want to change this point to be optional, so implementations of the credentials API may skip this check (and in this case allow registration of credentials for
devices that may be registered later). WDYT? Note that the “add” operation is optional itself, but IF it is implemented, the API clearly defines the semantics. So the full definition is important in the API
definition. Mit freundlichen Grüßen / Best regards
Bosch Software Innovations GmbH Schöneberger Ufer 89-91 10785 Berlin GERMANY Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB 148411 B; Executives: Dr.-Ing. Rainer Kallenbach, Michael Hahn |