user aware device and security

  • guenther

    guenther - 2005-06-14

    Hello everybody.

    I'd like to build a kind of user aware device for multiple users.
    I'll try to describe what I'm trying to realize: After authentication a user should get a kind of individual device. For example with an individual presentation page or an information service offering only the kind of information the user is interested in. Because of that I thought about offering a kind of proxy device which starts for every authenticated user a new device with a few services.

    Is it possible to add an embedded device (as individual device for a user) while the root device (still announced) is running? If not, should is it possible to use another root device for every user? Is there a better way to solve my problem?

    For security reason (authentication, authorization, ..)  Im planning to use UPnP Security V.1 (Security Console and Secure Device). Is there an easier way to add security to UPnP?

    Thanks for your reply Gnther

    • Tim Malcolm

      Tim Malcolm - 2005-06-14

      Hi Gnther.
      The best approach would likely be develop a single device that filters resources based on a user's profile/preferences and some kind of rule. I've worked at a number of software companies with "personalized" products, perhaps the best known would be BEA. While I haven't designed personalization from the ground up, the solutions are all pretty similar. Using an AV server as an example, for an unknown user the server may list only PG movies and no music resources. Once the user has logged in, the personalization layer may do something like this:
        * IF the user is 18 or older, list all movie resourcess. [A PROFILE RULE]
        * IF the user likes ROCK music list all music resources in the Rock genre. [A PREFERENCE RULE]

      Hope that helps.

    • guenther

      guenther - 2005-06-15

      Thanks for your reply.

      I agree with you if we are talking about standard software but Im not sure if this is the right way for UPnP software.

      I think there are mechanisms you cant use anymore if you do it the way you described it. For example the GENA mechanism for events: If you want to inform the users of a service about the change of a state variable everything works fine if every user should be informed about this change but if you want to inform just a special user (because of personalization) about the change, its not possible with one service/device for all users.
      Another thing is the action invocation. With an individual device a service only has to know that it belongs to user A and has not to check which user tries to invoke an action on every action invocation. In some cases the personalization could even be invisible for a service of a personalized device.

      I think the main difference between the two ways is the point the personalization is made.
      Please tell me if I got something wrong.


      • Tim Malcolm

        Tim Malcolm - 2005-06-16

        Looks like you've thought about this in some detail! And I think you're correct - either approach would work. I worked at BEA on the Portal team so I do have a little bias when it comes to personalisation products.
        -- Tim.


Log in to post a comment.