BS ISO/IEC 29341-12-2:2015 pdf download – Information technology — UPnP Device Architecture Part 1 2-2: Remote User Interface Device Control Protocol — Remote User Interface Server Device.
1. Scope
This device template is compliant with the UPnP Architecture, Version 1.0.
This document defines the device
urn:schemas-upnp-org:device:RemoteUIServerDevice:1.
This device can be a UPnP root device, or embedded within a different device.
The RemoteUIServerDevice encapsulates all services for the Remote UI Server Device Control Protocol (DCP).
2. Device Definitions 2.1. Device Type The following device type identifies a device that is compliant with this template: urn:schemas-upnp-org:device:RemoteUIServerDevice:1 2.2. Device Model It is recommended that RemoteUIServerDevice be implemented with support for securing UPnP™ actions. It is also recommended that securing of UPnP™ action is done using the DeviceSecurity service as defined by the UPnP™ security working committee. If implemented, the DeviceSecurity service must be contained either inside RemoteUIServerDevice implementation or in a device that encompasses the RemoteUIServerDevice. These two models are described below. 2.2.1. Description of Device Requirements The following table briefly describes the service used in RemoteUIServerDevice.
2.2.1.1. DeviceSecurity within RemoteUIServerDevice This model is typically applicable to physical devices that need DeviceSecurity functionality (including device ownership and access control) to be used only by the RemoteUIServerDevice. In this case, products that expose devices of the type urn:schemas-upnp-org:device:RemoteUIServerDevice:1 must implement minimum version numbers of the required service specified in the table below.
2.2.1.2. DeviceSecurity outside RemoteUIServerDevice This model is typically applicable to physical devices that implement Remote UI server functionality, but the RemoteUIServerDevice may use DeviceSecurity that is already part of another device. An example of this would be where urn:schemas-upnp-org:device: RemoteUIServerDevice:1 is implemented inside a device of the type urn:schemas-upnp-org:device: BasicDevice:1. The BasicDevice in this case contains the DeviceSecurity service that may be used by another UPnP™ device e.g., MediaRenderer. The implementation of RemoteUIServerDevice must contain the minimum version number of the service specified in the table below.
Relationships between Services Figure 2 shows the logical structure of the device and services defined by the working group for UPnP™ technology enabled Remote UI servers that may use the DeviceSecurity service for other UPnP™ devices contained in the same physical device. RemoteUIServer service may be dependent on the DeviceSecurity service for providing access control to the actions defined in the services.
2.2.2. Relationships Between Services The dependencies between the services are listed in the above section under the possible models of implementing services in RemoteUIServerDevice. 2.3. Theory of Operation It is highly recommended for the Remote UI server to use DeviceSecurity service to secure specific UPnP TM Remote UI server actions. This section assumes that the reader has an overall understanding of UPnP TM Security. Please refer to the DeviceSecurity:1 Service Control Specification for detailed description of a secure UPnP TM device. 2.3.1. Secure Remote UI Servers (if DeviceSecurity implemented in Remote UI server device) RemoteUIServer service provides a set of actions to give a list of user interfaces and to destroy an unconnected, instantiated UI. The actions in this service that change the device state should be authenticated via UPnP TM security. Some actions in RemoteUIServer service can carry critical information such password as arguments. By using DecryptAndExecute action defined in DeviceSecurity service, security sensitive information can be protected . A control point that accesses the secure actions on the service has to be initially authenticated via a Security Console application as described in UPnP TM Security DCP. Access control definitions such as Permissions, Profiles and Access Control List(ACL) for Remote UI server device are described in Appendix A.