RemoteUIClientDevice:1 Device Template Version 1.01

Similar documents
DimmableLight:1 Device Template Version 1.01

Scanner:1.0 Device Template Version 1.01

Basic:1.0 Device Definition Version 1.0

ManageableDevice:1 Device Template Version 1.01

HVAC_ZoneThermostat:1 Device Template

TelephonyClient:1 Device

WANConnectionDevice:1 Device Template Version 1.01

ManageableDevice:2 Device Template Version 1.01

CIPA DCG-X006-Translation-2011

InternetGatewayDevice:2 Device Template Version 1.01

SwitchPower:1 Service Template Version 1.02

ETSI TS V1.3.0 ( )

QosPolicyHolder 1.0. For UPnP Version Date: March 10th, 2005

UPnP FanSpeed:1 Service Template Version 1.01 For UPnP Device Architecture 1.0

Dienstmodellierung in Nexus

UPnP QosPolicyHolder:2 Service Template Version 1.01

ControlValve:1 Service Template

TwoWayMotionMotor:1 Service Template Version 1.01

JJ Home-network Topology Identifying Protocol (HTIP)

HVAC_FanOperatingMode:1 Service Template

LANHostConfigManagement:1 Service Template Version 1.01

WANPOTSLinkConfig:1 Service Template Version 1.01

TelephonyArchitecture:1

DigitalSecurityCameraMotionImage:1 Service Template Version 1.01

TelephonyArchitecture:2. For UPnP Version 1.0. Status: Standardized DCP (SDCP) Date: December 10, Document Version: 1.0

UPnP QosPolicyHolder:3 Service Template Version 1.01

Feeder:1.0 Service Template Version 1.01

RemoteUIClient:1 Service Template Version 1.01

UPnP QosManager:2 Service Template Version 1.01

ContentSync:1 Service Template Version 1.01

(12) Patent Application Publication (10) Pub. No.: US 2006/ A1

WANDSLLinkConfig:1 Service Template Version 1.01

INTERNATIONAL STANDARD

IoT Management and ControlTransportGeneric Service. For UPnP Version 1.0. Status: Standardized DCP (SDCP) Date: July 1, Document Version: 1.

QosPolicyHolder:1 Erratum

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Configure and Install Root Domains 12c Release 3 (

Oracle Enterprise Manager Ops Center

SDLC INTELLECTUAL PROPERTY POLICY

Oracle Enterprise Manager Ops Center. Overview. What You Need. Create Oracle Solaris 10 Zones 12c Release 3 ( )

Oracle Enterprise Manager Ops Center. Introduction. Provisioning Oracle Solaris 10 Operating Systems 12c Release 2 ( )

UPnP AV Architecture:1

What s New for Oracle Cloud Stack Manager. Topics: July Oracle Cloud. What's New for Oracle Cloud Stack Release

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Creating vservers 12c Release 1 ( )

InboundConnectionConfig:1 Service

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need

FIPA ACL Message Structure Specification

Oracle Enterprise Manager Ops Center E Introduction

Secure Held Print Jobs. Administrator's Guide

Policy Manager for IBM WebSphere DataPower 8.0: Installation Guide

One Identity Manager Administration Guide for Connecting to SharePoint

WANIPConnection:1 Service Template Version 1.01

INTERNATIONAL STANDARD

1.0. Quest Enterprise Reporter Discovery Manager USER GUIDE

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide

DITA 1.3 Feature Article: Using DITA 1.3 Troubleshooting

QosManager:1. For UPnP Version 1.0 Date: March 10th, 2005

Firmware Management. Overview CHAPTER

Clean File Metadata Exchange Overview

ETSI TS V1.1.1 ( )

Register ME. Administrator's Guide

IBM Virtualization Engine TS7700 Series Best Practices. Usage with Linux on System z 1.0

RADASync:2 Service. For UPnP Version 1.0 Status: Standardized DCP Date: April 30, 2010 Document Version: 1.0 Service Template Version: 2.

Oracle Utilities Opower Energy Efficiency Web Portal - Classic Single Sign-On

EbXML Registry Security Proposal

Hierarchical Data Extension UUID For _DSD

Discover GALILEO. Institutional Branding

EnterpriseTrack Reporting Data Model Configuration Guide Version 17

Jini Meets UPnP: An Architecture for Jini/UPnP Interoperability

ForeScout Extended Module for MaaS360

ForeScout Extended Module for MobileIron

Real Application Security Administration

Security Guide Release 4.0

Oracle Hospitality OPERA Exchange Interface Cloud Authentication. October 2017

One Identity Starling Two-Factor Authentication. Administration Guide

Creating Domain Templates Using the Domain Template Builder 11g Release 1 (10.3.6)

One Identity Manager 8.0. Administration Guide for Connecting to Cloud Applications

Jini Meets UPnP: An Architecture for Jini/UPnP Interoperability

BEAWebLogic. Enterprise Security. WebLogic Server v8.1 Installation

Management Console for SharePoint

IBM Security QRadar Version Customizing the Right-Click Menu Technical Note

Oracle Cloud Known Issues for Trial and Paid Subscriptions. Release 18.1

Oracle Agile Product Lifecycle Management for Process

Oracle Fusion Middleware

INTERNATIONAL STANDARD

FOR TCG ACPI Specification

BEAProducts. ISV Partners Guide

Oracle Fusion Middleware

ForeScout Extended Module for IBM BigFix

Tivoli Decision Support 2.1

Oracle Enterprise Manager Ops Center. Introduction. Creating Oracle Solaris 11 Zones 12c Release 2 ( )

Oracle Revenue Management and Billing Analytics. Version Security Guide. Revision 1.1

Avaya Converged Platform 130 Series. idrac9 Best Practices

Intel Unite Solution Intel Unite Plugin for WebEx*

Oracle Communications EAGLE Element Management System Reporting Studio. Upgrade/Installation Guide Release 46.2 E69122 Revision 2

ForeScout Extended Module for IBM BigFix

One Identity Active Roles 7.2. What's New Guide

One Identity Manager 8.0. Administration Guide for Connecting to LDAP

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need

Contents About Connecting the Content Repository... 5 Prerequisites for Configuring a Content Repository and Unifier... 5

Oracle. Loyalty Cloud Securing Loyalty. Release 13 (update 18B)

Transcription:

RemoteUIClientDevice:1 Device Template Version 1.01 For UPnP Version 1.0 Status: Standardized DCP Date: April 16, 2014 This Standardized DCP has been adopted as a Standardized DCP by the Steering Committee of the UPnP Forum, pursuant to Section 2.1(c)(ii) of the UPnP Forum Membership Agreement. UPnP Forum Members have rights and licenses defined by Section 3 of the UPnP Forum Membership Agreement to use and reproduce the Standardized DCP in UPnP Compliant Devices. All such use is subject to all of the provisions of the UPnP Forum Membership Agreement. THE UPNP FORUM TAKES NO POSITION AS TO WHETHER ANY INTELLECTUAL PROPERTY RIGHTS EXIST IN THE STANDARDIZED DCPS. THE STANDARDIZED DCPS ARE PROVIDED "AS IS" AND "WITH ALL FAULTS". THE UPNP FORUM MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE STANDARDIZED DCPS, INCLUDING BUT NOT LIMITED TO ALL IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, OF REASONABLE CARE OR WORKMANLIKE EFFORT, OR RESULTS OR OF LACK OF NEGLIGENCE. 2014 UPnP Forum. All Rights Reserved. Authors Ylian Saint-Hilaire Mark Walker Ku Bong Min Richard Bardini Company Intel Corporation Intel Corporation LG Electronics Intel Corporation

UPnP RemoteUIClientDevice:1 Device Template Version 1.01 Contents 1. OVERVIEW AND SCOPE... 3 2. DEVICE DEFINITIONS... 4 2.1. DEVICE TYPE... 4 2.2. DEVICE MODEL... 4 2.2.1. Description of Device Requirements... 4 2.2.2. Relationships Between Services... 6 2.3. THEORY OF OPERATION... 6 2.3.1. Secure Remote UI Clients (if DeviceSecurity implemented in Remote UI client device)... 6 3. XML DEVICE DESCRIPTION... 7 4. TEST... 8 APPENDIX A: ACCESS CONTROL DEFINITIONS (IF DEVICESECURITY SERVICE IS IMPLEMENTED)... 9 A1 PERMISSIONS... 9 A2 PROFILES... 10 A3 ACCESS CONTROL LIST (ACL) ENTRY... 10 List of Tables Table 1: RemoteUIClientDevice Service Descriptions... 4 Table 2: Device Requirements for stand-alone RemoteUIClientDevice... 4 Table 3: Device Requirements for embedded RemoteUIClientDevice... 5 Table 4: Defined permissions for RemoteUIClient Service... 9 2014 UPnP Forum. All Rights Reserved. 2

UPnP RemoteUIClientDevice:1 Device Template Version 1.01 1. Overview and Scope This device template is compliant with the UPnP Architecture, Version 1.0. This document defines the device urn:schemas-upnp-org:device:remoteuiclientdevice:1. This device can be a UPnP root device, or embedded within a different device. The RemoteUIClientDevice encapsulates all services for the Remote UI Client Device Control Protocol (DCP). 2014 UPnP Forum. All Rights Reserved. 3

UPnP RemoteUIClientDevice:1 Device Template Version 1.01 2. Device Definitions 2.1. Device Type The following device type identifies a device that is compliant with this template: urn:schemas-upnp-org:device:remoteuiclientdevice:1 2.2. Device Model It is recommended that RemoteUIClientDevice be implemented with support for securing UPnP actions. It is also recommended that securing of UPnP action is done using the DeviceSecurity service as defined by the UPnP security working committee. If implemented, the DeviceSecurity service must be contained either inside RemoteUIClientDevice implementation or in a device that encompasses the RemoteUIClientDevice. These two models are described below. 2.2.1. Description of Device Requirements The following table briefly describes the services used in RemoteUIClientDevice. Table 1: RemoteUIClientDevice Service Descriptions Service Name RemoteUIClient DeviceSecurity Service Description Allows for basic operations on a Remote UI client including: user interface connection management, optionally user interface availability management and optionally basic user interaction. Actions for taking ownership, configuring access control, establishing secure sessions, and invoking secure actions. 2.2.1.1. DeviceSecurity within RemoteUIClientDevice This model is typically applicable to physical devices that need DeviceSecurity functionality (including device ownership and access control) to be used only by the RemoteUIClientDevice. In this case, products that expose devices of the type urn:schemas-upnp-org:device:remoteuiclientdevice:1 must implement minimum version numbers of the required service specified in the table below. Table 2: Device Requirements for stand-alone RemoteUIClientDevice DeviceType Root Req. or Opt. 1 ServiceType Req. or Opt. 1 Service ID 2 RemoteUIClientDevice:1 Yes R RemoteUIClient:1 R RemoteUIClient 1 R = Required, O = Optional, X = Non-standard. 2 Prefixed by urn:upnp-org:serviceid:. DeviceSecuirty:1 O DeviceSecurity Non-standard services embedded by an UPnP vendor go here. X To be defined by vendor 2014 UPnP Forum. All Rights Reserved. 4

Relationship between Services Figure 1 shows the logical structure of the device and services defined by the working group for UPnP technology enabled Remote UI clients. RemoteUIClient Device RemoteUIClient Service required DeviceSecurity optional Figure 1: DeviceSecurity within RemoteUIClientDevice 2.2.1.2. DeviceSecurity outside RemoteUIClientDevice This model is typically applicable to physical devices that implement Remote UI Client functionality, but the RemoteUIClientDevice may use DeviceSecurity that is already part of another device. An example of this would be where urn:schemas-upnp-org:device: RemoteUIClientDevice:1 is implemented inside a device of the type urn:schemas-upnp-org:device: BasicDevice:1. The BasicDevice in this case contains the DeviceSecurity service that may be used by another UPnP device e.g., MediaRenderer. The implementation of RemoteUIClientDevice must contain the minimum version number of the service specified in the table below. Table 3: Device Requirements for embedded RemoteUIClientDevice DeviceType Root Req. or Opt. 1 ServiceType Req. or Opt. 1 Service ID 2 RemoteUIClientDevice:1 Yes R RemoteUIClient:1 R RemoteUIClient 1 R = Required, O = Optional, X = Non-standard. 2 Prefixed by urn:upnp-org:serviceid:. Non-standard services embedded by an UPnP vendor go here. X To be defined by vendor Relationships between Services Figure 2 shows the logical structure of the device and services defined by the working group for UPnP technology enabled Remote UI clients that may use the DeviceSecurity service for other UPnP devices contained in the same physical device. RemoteUIClient service may be dependent on the DeviceSecurity service for providing access control to the actions defined in the services. 5

Basic Device (example) RemoteUIClient Device RemoteUIClient Service required DeviceSecurity optional Figure 2: Example of DeviceSecurity outside RemoteUIClientDevice 2.2.2. Relationships Between Services The dependencies between the services are listed in the above section under the possible models of implementing services in RemoteUIClientDevice. 2.3. Theory of Operation A Remote UI client can be a fully autonomous device that runs its own user interface in addition to executing remoted UIs, or it may be a fully remoted device with no local UI capability. In both cases, the RemoteUIClientDevice:1 UPnP device is implemented, allowing anyone on the network to discover and control the Remote UI client. Since many different types of user interaction device exist with many different form factors and usages, the behavior of the Remote UI client device may change. In any case, it is highly recommended for the Remote UI client to employ the DeviceSecurity service to secure specific UPnP TM Remote UI client actions. This section assumes that the reader has an overall understanding of UPnP TM Security. Please refer to the DeviceSecurity:1 Service Control Specification for detailed description of a secure UPnP TM device. 2.3.1. Secure Remote UI Clients (if DeviceSecurity implemented in Remote UI client device) RemoteUIClient service provides a set of actions to manage remote connections and process user s input data. The actions in this service that change the device state should be authenticated via UPnP TM Security. Some actions in RemoteUIClient service can carry critical information such as password in their argument field. By using DecryptAndExecute action defined in DeviceSecurity service, security sensitive information can be protected. A control point that accesses the secure actions on the service has to be initially authenticated via a Security Console application as described in UPnP TM Security DCP. Access control definitions such as Permissions, Profiles and Access Control List (ACL) for Remote UI client device are described in Appendix A. 6

3. XML Device Description <?xml version="1.0" encoding="utf-8"?> <root xmlns="urn:schemas-upnp-org:device-1-0"> <specversion> <major>1</major> <minor>0</minor> </specversion> <URLBase>base URL for all relative URLs</URLBase> <device> <devicetype>urn:schemas-upnp-org:device:remoteuiclientdevice:1 </devicetype> <friendlyname>short user-friendly title</friendlyname> <manufacturer>manufacturer name</manufacturer> <manufacturerurl>url to manufacturer site</manufacturerurl> <modeldescription>long user-friendly title</modeldescription> <modelname>model name</modelname> <modelnumber>model number</modelnumber> <modelurl>url to model site</modelurl> <serialnumber>manufacturer's serial number</serialnumber> <UDN>uuid:UUID</UDN> <UPC>Universal Product Code</UPC> <iconlist> <icon> <mimetype>image/format</mimetype> <width>horizontal pixels</width> <height>vertical pixels</height> <depth>color depth</depth> <url>url to icon</url> </icon> </iconlist> <servicelist> <service> <servicetype>urn:schemas-upnp-org:service:remoteuiclient:1</servicetype> <serviceid>urn:upnp-org:serviceid:remoteuiclient</serviceid> <SCPDURL>URL to service description</scpdurl> <controlurl>url for control</controlurl> <eventsuburl>url for eventing</eventsuburl> </service> </servicelist> <presentationurl>url for presentation</presentationurl> </device> </root> 7

4. Test No semantic tests are defined for this device. 8

Appendix A: Access Control Definitions (if DeviceSecurity service is implemented) This section specifies the Permissions, Profiles and Access Control List (ACL) entry to be implemented in the DeviceSecurity service that can optionally be used by the RemoteUIClientDevice. This is used by the Security Console to assign access control of secure actions on the Remote UI client device to control point applications. Please refer to the DeviceSecurity1.0 service specification for more details about Security Console, Permissions, Profiles and ACLs. A1 Permissions The following table describes the permissions to perform access control to the secure actions of the services embedded in the Remote UI client device. The RUICDeviceAll is a required permission which can securely access all the actions in the RemoteUIClient service. The other permissions are optional. Vendors may define additional set of permissions to perform access control on the Remote UI client device. For example, they may provide separate master and guest permissions for finer granularity of access. However for maximum interoperability, vendors should use the optional permissions presented in this document rather than implementing their own security permissions. Table 4: Defined permissions for RemoteUIClient Service Permission Allowed Actions RUICDeviceAll 1 All actions in RemoteUIClient Service. RUICDeviceInfo GetCurrentConnections, GetDeviceProfile, GetUIListing RUICDeviceChangeConnection Connect, Disconnect RUICDeviceChangeStatus AddUIListing, RemoveUIListing, DisplayMessage, ProcessInput 1 RUICDeviceAll must be implemented. When implementing only the required RUICDeviceAll permission, the following XML format is used: <Permission> <UIname>RUICDeviceControl</UIname> <ACLEntry> <RUIWG:RUICDeviceAll/> </ACLEntry> <FullDescriptionURL></FullDescriptionURL> <ShortDescription> This permission allows the control point to set and get all secure actions of all the services of the Remote UI client device. </ShortDescription> </Permission> XML element tags UIname, ACLEntry, FullDescription, ShortDescription and Permission are defined in the DeviceSecurity1.0 service specification. The above defined permission is returned by the Remote UI client device in the DefinedPermissions argument of DeviceSecurity s GetDefinedPermission action 9

If the DeviceSecurity service resides inside the RemoteUIClientDevice, it will contain only the defined permissions of the Remote UI client device (as mentioned above). The DefinedPermissions argument of GetDefinedPermission action returned by the DeviceSecurity in this case would be: <DefinedPermissions> <Permission> <UIname>RUICDeviceControl</UIname> <ACLEntry> <RUIWG:RUICDeviceAll/> </ACLEntry> <FullDescriptionURL></FullDescriptionURL> <ShortDescription> Allow this application to complete control of the Remote UI client device. </ShortDescription> </Permission> </DefinedPermissions> If the DeviceSecurity service resides outside of the RemoteUIClientDevice and the RemoteUIClientDevice is embedded in a container device with other devices such as MediaRenderer, the DefinedPermissions argument of GetDefinedPermission action returned by the DeviceSecurity service in this case would be: <DefinedPermissions> <Permission> <UIname>RUICDeviceControl</UIname> <ACLEntry> <RUIWG:RUICDeviceAll/> </ACLEntry> <FullDescriptionURL></FullDescriptionURL> <ShortDescription> Allow this application to complete control of the Remote UI client device. </ShortDescription> </Permission> <Permission> e.g., Permission defined by MediaRenderer Device </Permission> </DefinedPermissions> A2 Profiles There is no profile specified to be used for the Remote UI client device. However, vendors may define profiles of their own. Please refer to DeviceSecurity1.0 service specification for more details. A3 Access Control List (ACL) entry If DeviceSecurity service is implemented in the UPnP Remote UI client device, RemoteUIClient would have the <RUIWG:RUICDeviceAll> defined permission for access control. Following XML shows an example ACL entry granting this defined permission to the control point specified in the subject element. The string value drdpbgzz under the <hash> tag denotes the public key hash of the control point for which this ACL is defined as an example. <acl> 10

</acl> <entry> <subject> <hash> <algorithm>sha1</algorithm> <value>drdpbgzztfq7jl2q2n/ynghcfj8=</value> </hash> </subject> <access> <RUIWG:RUICDeviceAll/> </access> <valid> <not-before>2002-10-23_05:17:32</not-before> <not-after>2004-12-31_23:59:59</not-after> </valid> </entry> 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback