Versions Compared

Old Version 8

changes.mady.by.user Naiming Shen

Saved on

compared with

New Version 9

changes.mady.by.user Naiming Shen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The “Exp” is the expiration timestamp in Unix format in seconds. The edge-node will shut the Edge-View container if the time has expired.
  • The “Sub” is the device UUID, which defines that only the intended edge-node can use this JWT token.
  • The “Dep” is the dispatcher end-point URL, which includes the IP address or domain name, the TCP port and the path.
  • The “Key” is the nonce of either authentication or encryption operation for the Edge-view messages between the user laptop and the device.
  • The “Num” is the number of Edge-view instances running on the device. It can support up to 5 Edge-view instances to allow multiple sessions on the device simultaneously.
  • The boolean “Enc” is for the encryption operation of the message, the default is authentication.

Below is an example of a JWT token generated for an edge-node(sc-supermicro-zc5), it expires on April 20, 2022 with some example dispatcher endpoint(the purple is the 2nd part of JWT, the payload part):

eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJkZXAiOiIzNC4xMjEuMjM2LjI0Njo0ODQ4L2VkZ2UtdmlldyIsImVuYyI6dHJ1ZSwiZXhwIjoxNjUwNDg1NjcxLCJrZXkiOiJhZG1pbi0xMjM0IiwibnVtIjozLCJzdWIiOiI1ZmY0YmY3Zi0xZjdkLTRiMGYtODg2My0wMDQ0YzcyYWMyZGYifQeyJkZXAiOiIzNC4xMjEuMTAwLjIwMDozODM4L2VkZ2UtdmlldyIsImVuYyI6ZmFsc2UsImV4cCI6MTY1MTM2NTY0MCwia2V5Ijoic29tZS1yYW5kb20tc3RyaW5nIiwibnVtIjozLCJzdWIiOiI1ZmY0YmY3Zi0xZjdkLTRiMGYtODg2My0wMDQ0YzcyYWMyZGYifQ.imt73DR0KYUm8BmO2rYUfhjkPDWiwBvz4iAk2cEphXslOZ5M-IukgK84FBokhWtvNBRQ2-x_jAkDgQx9lBnvmQ22CrDTcFPwtB5zDj7ouw_9P3DvulokAmYL8Sx7wU6-wwK5_uKHD-7KFsFM9sEXLc7z1MfV1_YQ0f-QXhlL-Lpw

  • JWT token len

...

  • 322: {Alg:ES256 Typ:JWT}
  • token: {Dep:34.121.

...

  • 100.

...

  • 200:

...

  • 3838/edge-view Sub:5ff4bf7f-1f7d-4b0f-8863-0044c72ac2df Exp:

...

  • 1651365640 Key:

...

  • some-randome-

...

  • string Num:3 Enc:

...

  • false}
  • expires: 2022-04-

...

  • 30 17:

...

  • 40:

...

  • 40 -0700 PDT

Assume the ‘Dep’ for an enterprise is defined and inherited, the controller knows the UUID of the edge-node which is being provisioned, the only item in the JWT may need to change is the ‘Exp’ if the user does not want to use the default timeout value. E.g. the user wants this JWT to be valid only for the next 6 hours. The above JWT defines multiple instances of 3 and uses encryption nonce authentication mechanisms.

Policies for edge-node and application

...