OTA Profile Delivery and Config.: How to identify device in the phase 3.2?
Hello
I will be referring to http://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptu al/iPhoneOTAConfiguration/Art/otadeveloper_flowchart.jpg
Maybe I am missing something but I can't find how to identify the device and its original request in the phase 3 step 2.
In the phase 2 step 1 I can use the challenge. But the challenge is missing in the phase 3 step 2.
Example:
User authenticates himself providing login/password and chooses the configuration to install. It means that in phase 1 step 4 the Profile Service knows what user+configuration is being requested. To track this request the Profile Service generates a challenge that will work like session identifier.
In phase 2 step 1 the Profile Service receives the device identification and the challenge. The challenge is used to track the user deviceconfiguration request. (For SCEP request I must use different challenge obtained from the SCEP admin page.)
In phase 3 step 2 the device sends the request for the final configuration. Unfortunately it sends no challenge to identify it anymore.
How can I identify the original user deviceconfiguration in the last phase? I see some possible solutions but any of them are not very clean:
a) use the URL with generated ID in phase 1 step 4 onwards.
b) use the DN of the device certificate where it's part would generated in the phase 2 step 1
c) use device UDID - this way the Profile Service can only track the device but not the specific request
What is the preferred way to do it?
Thanks in advance
I will be referring to http://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptu al/iPhoneOTAConfiguration/Art/otadeveloper_flowchart.jpg
Maybe I am missing something but I can't find how to identify the device and its original request in the phase 3 step 2.
In the phase 2 step 1 I can use the challenge. But the challenge is missing in the phase 3 step 2.
Example:
User authenticates himself providing login/password and chooses the configuration to install. It means that in phase 1 step 4 the Profile Service knows what user+configuration is being requested. To track this request the Profile Service generates a challenge that will work like session identifier.
In phase 2 step 1 the Profile Service receives the device identification and the challenge. The challenge is used to track the user deviceconfiguration request. (For SCEP request I must use different challenge obtained from the SCEP admin page.)
In phase 3 step 2 the device sends the request for the final configuration. Unfortunately it sends no challenge to identify it anymore.
How can I identify the original user deviceconfiguration in the last phase? I see some possible solutions but any of them are not very clean:
a) use the URL with generated ID in phase 1 step 4 onwards.
b) use the DN of the device certificate where it's part would generated in the phase 2 step 1
c) use device UDID - this way the Profile Service can only track the device but not the specific request
What is the preferred way to do it?
Thanks in advance
Other OS