Kaa releases
Shortcuts
Skip to end of metadata
Go to start of metadata

The endpoint registration is the process of initial communication setup that ensures that the endpoint is registered within the Kaa server along with the corresponding security credentials and the endpoint profile. It is not until the endpoint registers on the server that the Kaa framework services become available to the client application. During the process of registration, the Kaa endpoint at first communicates with one or multiple Bootstrap servers to obtain a list of available Operations servers, and then with an Operations server to submit the endpoint data and complete the registration.

Registration security

The endpoint SDK generates a security key pair during the initial client boot-up. By default, Kaa uses the RSA algorithm with a 2048-bit key. The key pair is used to ensure the endpoint authenticity and message integrity in different transport implementations. The public key is transferred to the Operations server during the registration to identify and verify endpoint requests.

Resolution request/response

Initially, the Kaa endpoint SDK does not include any information about Operations servers for security and load-balancing reasons. Instead, during the SDK generation, a Control server embeds a list of available Bootstrap servers into the SDK (using a properties file for Java implementation, a header file for C++, etc.). The endpoint selects a random Bootstrap server from the list and sends a resolution request to the selected Bootstrap server. The resolution request contains the application token that can be used by the Bootstrap server in specific load-balancing strategies. The resolution response from the Bootstrap server contains a prioritized list of Operations servers with their connectivity details and is signed with the Bootstrap server private key. The endpoint verifies the signature of the response by using the Bootstrap public key available from the build time parameters and retains the received information.

Registration request/response

The endpoint selects the server with the highest priority from the Operations server list and sends a registration request to that server. If there are several Operations servers with the top priority, the endpoint, for load balancing purposes, uses a random one.

The registration request contains the following information.

  • Application token
  • Endpoint public key
  • Endpoint profile body
  • Schema version information (versions of the profile, configuration, notification, event class families and other schemas).

The Operations server stores the endpoint profile and schema version information for processing future requests. Kaa uses the SHA-1 hash of the endpoint public key as the endpoint identifier across the system.

After the successful registration, the Operations server responds with a message that contains the current application state information.


Copyright © 2014, CyberVision, Inc.

  • No labels