oneM2M Dynamic Authorization System server
oneM2M_DAS is a middleware server platform that stores virtual representations (of oneM2M targeted resources) and access control policy for each resource to enable the dynamic authorization system for IoT devices and applications between IoT M2M Server.
oneM2M_DAS Server will provide the following functionalities to realize the dynamic authorization system for resource access requests from IoT applications and devices to IoT M2M Server:
① Store the resource data that is drived from IoT M2M Server into MySQL DB;
② Store ACP info related to a specific resource for an Originator (IoT device or application) into the MySQL DB;
③ Receive access control info/tokenid,etc. from IoT M2M Server/IoT devices and applications, and response to IoT M2M Server/IoT devices and applications with generated access control policy info/granted permission info or access token. Adhering to oneM2M DAS specific protocol to communicate with IoT M2M Server;
④ Create access token for secure communication and store it into MySQL DB;
⑤ Support Json Web Token for with End-to-End Secure Data function
oneM2M_DAS is a middleware server platform that stores virtual representations (of oneM2M targeted resources) and access control policy for each resource to enable the dynamic authorization system for IoT devices and applications.
For protocol binding support, oneM2M_DAS has HTTP server internally. Mainly it consists of requester and responder. The requester contains the DB access component. Every HTTP request is go through requester component, parser, actor and then create SQL query to data access (e.g. retrieval, discovery) with DB connector. When it gets access result, the responder creates the response in JSON serialization. .
|Source File||Role and Function|
|dasserver.js||This file initiates oneM2M_DAS server and helps loading main Node JS files.
It also contains configuration parameters for oneM2M_DAS server such as defaultbodytype indicating the serialization, usecsebase
indicating CSEBase name, usecseid indicating CSEID, usedbhost indicating the host address running MySQL, and usedbpass indicating the password for MySQL etc. Users can modify those configuration parameters.
|app.js||This file acts as role of flow router and it is the main code running oneM2M_DAS server.
① It handles initial processing of received packets.
② It initiates HTTP server with ‘listening’ mode to wait for HTTP requests target to the oneM2M_DAS HTTP server.
③ It handles the parsing of URL of packets and evaluate the correctness of the request body resulted of parsing. It then sends the request to resource.js to continue the processing if the request is valid one, otherwise throws exceptions.
④ It also contains the logic for checking access control information received from IN-CSE to generate and sed back temporal access control policy or granting permission.
|das-ae.js||This file initiates oneM2M_DAS AE and helps loading main Node JS files.
It also contains configuration parameters for oneM2M_DAS AE such as usecsebase indicating CSEBase name, usecseid indicating CSEID etc. Users can modify those configuration parameters.
|app-ae.js||This file acts as role of flow router and it is the main code running oneM2M_DAS AE.
① It handles initial processing of received packets.
② It initiates HTTP server with ‘listening’ mode to wait for HTTP requests target to the oneM2M_DAS AE HTTP server.
③ It handles the parsing of URL of packets and evaluate the correctness of the request body resulted of parsing. If the request is targeted to oneM2M_DAS Server, it forwards the request to oneM2M_DAS Server. It works like a proxy server between IN-CSE and oneM2M_DAS server.
④ It registers itself to IN-CSE to enable a trusted communication.
|das/db_action.js||This file contains parameters used to connect and access to the database and parameters for returning response results from the database.|
|das/resource.js||It is core file to process the CREATE, RETRIEVE, UPDATE, DELETE, NOTIFY operations for oneM2M resource primitives, access control info, and tokens.
This file undertakes the processing of parsed request URI and request body received from app.js according to corresponding operation. It converts the data into a format to process the data and connect to mysql database.
The mysql database is initialized and handled by db_action.js and sql_action.js module.
|das/responder.js||It is responsible for handling the response process.
It receives processing results from app.js and resource.js modules and generates responses from the processing results in JSON serialization format.
|das/sql_action.js||This file contains functions to receive data and parameters required for a series of database operations and functions to call db_action.js module to return data from database.|
|das/time-check.js||This file contains functions to realizing the time-window based access control mechanism.|
|das/token.js||This file contains functions to generate and store access tokens.|
|Git Hub Project Link|
|Gub Hub Release Direct DownLoad Link|
|Direct Link||Revision||Release Date|
|zip file||v1.0.0||Mar 2020|
Copyright (c) 2020, KDDI Research, Inc. All rights reserved Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
* Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.