The WS4D group developed an alternative security profile for DPWS, the WS4D Security Profile. Its purpose is to enable mobile devices – such as smart phones or netbooks – to securely communicate over DPWS. An implementation in alpha state as well as documentation on how to secure your applications is available in the WS4D-gSOAP trunk. The highlights are
- direct authentication between devices (no authentication server, no certificate authorities)
- highly flexible authorization subsystem
- in nearest future: fine-grained configuration of security constraints
Of course, we provide an additional version of the well-known air conditioner example – this time using the security profile’s implementation. Check it out!