Suggestions for DODP 2.1 updates - daisy/DAISY-Online-Refresh GitHub Wiki

This page contains suggestions for inclusion in the 2.1 update to the specification. Any requirements listed below are expected to be fully compatible with version 2 of the specification, and therefore not break backwards compatibility.

Previously Issue 91. Instead of requesting the username/password, the device directly logs on using its signed serial number.

It uses the same private/public key infrastructure as the getCredentials call.

A logon request could look like:

<logon>
    <serial>123456-ABCDEF</serial>
    <manufacturer>foo</manufacturer>
    <signature>VEhJU19JU19USEVfU0lHTkFUVVJFIQ==</signature>
</logon>

How is this safe ?

The signature can only be created by devices which have access to the private key The signature can be verified by anyone

What are the benefits compared to getCredentials():

• a device logon does not have to know the password so it cannot leak or lose it
• it does not need to be stored unencryped on the server - or it cannot be server to the player or multiple players)
• it may simply be changed
• a device can be "detached" from a user account remotely

Disadvantages:

• unspecified "signature" method (xmldsig?)
• not yet forseen issues...