This page last changed on May 22, 2012 by mredeker.
Beehive is our central data storage backend. Designer and Controller receive all there data from there.
All Beehive data can be accessed through a REST/JSON API which means somebody can decide to create another frontend, replace the Designer, maybe build a user maintenance app or even a new controller.
A new BeeviveAccountService will be created todo the following work:
- User registration
- User activation
- User maintenance
- Controller registration and maintenance
- Console registration and maintenance
- Certificate creation and maintenance
In regards to certificates I think of a chain like this: OpenRemoteCert -> OnlineAccountCert -> ControllerCert -> DeviceCert -> UserCert
- User creates a new online account (a certificate is created for this account and signed by the OpenRemoteCert). This can also be used for Browser<->Designer communication (not there yet)
- A controller registers itself with a UUID with Beehive on the first startup
- Users logs into Beehive and enters his controller UUID (this creates the link between Account and Controller and a ControllerCert is created)
- Controller downloads his Cert and design
- Client (Console) contacts controller without a certificate
- Controller sends "ClientAccessRequest" to Beehive
- Admin user logs into his Designer account and sees pending client requests
- Client request can be granted and DeviceCert is issued signed by the corresponding ControllerCert
- Controller downloads new DeviceCert and gives it to the client (Console)
- Console can work !
This workflow does not include the fact that one Console (iPad) might be used by different people. Then we would have DeviceCertificates to grant a device the right to speak to a controller (SSL) but also we need UserCertificates where we can allow different screens or UI elements to be visible or not.
I will try to create some flowcharts and also define the REST API for the AccountService next.
We have signed the ORCLA so we can begin integrating our improvements into OpenRemote. I would love to hear what I can do.
Posted by vincentkriek at Jun 01, 2012 10:23
Vincent, just sent an email to Melroy (didn't have your email on file) with couple of questions on how you'd like to proceed.
Posted by juha at Jun 04, 2012 13:34