Case 1:
The shared secret (valid for 7 days) – to be used to access token in the request.
The re-registration access token (RAT) – to be used for the renewal of registration, once the
registration is expired.
Case 2:
The re-registration access token (RAT) – to be used for the renewal of registration, once the
registration is expired.
The agent management stores the public key received after registering an agent and uses it to
verify the request access token from agent, which uses JWT signed with private key from now
on. For more information, see Onboarding an Agent.
Validity of the credentials
By default, each registered agent (either RSA 3072 or Shared Secret security profile) has its own
credentials valid for 7 days and it must be renewed on a regular basis. After this period,
Industrial IoT will not grant any access tokens to the agent and the agent credentials will be
invalid. The agent needs to re-register by providing its Registration Access Token (RAT).
Registration access tokens have no practical expiration times but each time a client refreshes its
registration a new RAT is generated by Industrial IoT.
API communication agent (e.g. MindConnect Nano)
Except the one for onboarding and registration, all Industrial IoT APIs require an access token:
The Agent requests an access token from Agent IAM using a self signed JSON Web Token (JWT).
The JWT is signed (see RFC-7515) with either the shared secret (Case 1) or the private key of the
public / private key pair (Case 2) in Step 2. The JWT contains the tenantId
The granted access token is valid for 30 minutes. It is also a JWT and contains:
tenantId
scopes: It describes the type of services used in this token holder.
After expiry, a new token needs to be requested.
Firmware management
Firmware management is stored in secure cloud storage. Agent accesses secure storage through
a signed URL issued by Industrial IoT and it is valid for 7 days.
Firmware is signed with private key from Industrial IoT. Firmware installer (MERS) on device,
checks signature against matching public key provided at initial installation in the factory.
To Next Page
Loading...
Need help?
General