An OpenADR network conceptually looks like a star network, with a single
VTN (virtual top node/ coordinator) and many VENS (virtual end nodes.)
The VEN needs to trust commands from a top node, and VENs can't
communicate -- ever -- with other VENs as far as OpenADR is concerned.
Agreed it's largely an implementation concern which is why it's not laid
out in the spec, more of a guidance.
We consider in most cases, the VTN and XMPP server will be controlled by
the same entity. The VTN could be connected as an XMPP client (or multiple
clients) or VTN endpoints could be exposed as service JIDs.
I think we have two choices. (1) Tell VTN implementers/ deployments that
they need to secure the XMPP server to prevent VEN to VEN communication.
Or (2) we require VENs to maintain a whitelist of VTN JIDs, and drop or
reject packets that are not from an approved JID. Or maybe both.
Thanks!
-Thom
On 6/20/13 11:58 AM, "Peter Saint-Andre" <stpeter(a)stpeter.im> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Thom, thanks for your other post.
On 6/19/13 8:52 PM, Thomas Nichols wrote:
One question, which is more of an implementation
detail but we
would like some input, is how to prevent communication between end
node clients. I think during registration, VENs would have to be
added to an ACL or group, and then a filter would be used at the
XMPP server to block packets whose "to" and "from" belong to that
group.
Would service providers want to forbid all communication among
clients, or limit it to communication among particular "groups", as
you say?
That kind of thing usually is implementation-specific, but if you let
us know what you're trying to achieve perhaps we can provide some
pointers.
Peter
- --
Peter Saint-Andre
https://stpeter.im/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools -
http://gpgtools.org
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iQIcBAEBAgAGBQJRwm/kAAoJEOoGpJErxa2pytcP/RK6BNMmBsW9Eiej2T16jhEP
y52kiJNMpXA57fNknPqiKCXduoIqk+MvcExV08z8+N4tx8+DfyU9jqJjS+gGFGgb
fEw/w0FBFgbdgpb5QYf02TKhEnyl4sGBIeDf13rHRxNVV7dXqH+S5LNybrnG+kqt
V9U7VcoCrgobCaGiNAlZ/H2YPiItNk+zZ2y2Oi1AkNJzqrVUQHSuzuHM8zu83NwK
nneN7NUo03fy9xvgYxbmUTy2gjetEH1GX8I61MTa+JM6eHxm/cpTkaErFTIEWvli
xcNUL6aAvPqaLXfQ612UhZG187Pnk35xiROyNvgKjjfV5CKSnuJdejEiARjUrD9X
bnyZzZrIFZ417Gr3ElwH4Xw58Iu2eBqBOCknmGGgyi/Fw8txeVPkB6DnCa2e4tN8
TWo1KCKxVVm4KhkVSQ/nDq1zXTdK0CMo8RXLARGXql3o7eWMzTOVzwOsnM1um8O1
74W1z7r/kHH+wcE3HUXbPLC3vpe5SIBSTtNoZweYnx3aZ5PXJ8txiSO6tfr4K9ox
ahevU7MGRqXje+ARrrUFutszQyvNTBmDjU9hQqP35yBfVfxx9RV7JZU8I03c7keG
aPpd+9FjfnCxyRql825Ykw/KoXZaben2C6dOC8vRxgRQQFGX+jQKCLVWwI5srLpG
T4yKMuk5SdwJFAu+kplN
=NCvu
-----END PGP SIGNATURE-----
This email and any information disclosed in connection herewith, whether written or oral,
is the property of EnerNOC, Inc. and is intended only for the person or entity to which it
is addressed.
This email may contain information that is privileged, confidential or otherwise protected
from disclosure.
Distributing or copying any information contained in this email to anyone other than the
intended recipient is strictly prohibited.