Multi-user WINET

From Tizen Wiki
Jump to: navigation, search

The aim of this page is to describe WINET requirements to be multi-user compliant.


Introduction

A network interface is a shared resource and so a policy must be defined to manage this resource in multi-user context.

At the moment ConnMan doesn't manage services per user but only per system. So Tizen needs a multi-user policy applied in ConnMan or between Tizen WINET C API and ConnMan.


We can consider two domains affected by multi-user requirements listed below according to the priority :

  • credentials
  • connections


Before describing these multi-user cases, we can consider :

  • 2 users : UserA and UserB,
  • wanting to connect to an acces point : AP

MultiUser Configuration

If UserA configure a network interface, UserB must not be able to modify the configuration of this interface until UserA deactivate this interface.

This means that UserB cannot both disconnect or deactive WiFi because the network interface is owned by UserA.

Here is a scenario which explains this use case :
Winet MultiUser Schema - Multi-user Configuration.png


When UserA logoff the connection owned by UserA shall be released.

Credentials

Credentials given by UserA to connect to the access point AP should not be re-used by UserB to connect to this access point.

  • UserA request to connect to access point AP
  • an authentication popup appears on UserA screen to allow connection
  • UserA deactivate WiFi
  • UserA reactivate WiFi and request to connect to access point AP
  • No authentication popup appears as credentials have been previously given
  • UserA deactivate WiFi
  • UserB requests to connect to access point AP
  • an authentication popup appears on UserB screen to allow connection

Here is a scenario which explains this use case, please note this diagram show a global view from user :
Winet MultiUser Schema - Credentials.png

As it's described above the credentials must be stored in order to avoid the user to enter it each time needed. This should be stored in a encrypted manner. When a user deactivate his WiFi the resource will be freed and will be accessible from other user.

Connection Sharing

In a first phase, WIFI connection is shared.

Here is a scenario which explains this first phase :
Winet MultiUser Schema - Connection Sharing 1.png
At the end the UserB use the same connection as UserA. But this interface is still owned by UserA, UserB cannot modify it by himself, it must be UserA.


In a second phase, if UserA connect to an access point using some credentials, UserB should not be able to use this connection except if UserA allow him to do so.

Here is a scenario which explains this second phase :
Winet MultiUser Schema - Connection Sharing 2.png
As in first phase, the UserB use the same connection as UserA. But this interface is still owned by UserA, UserB cannot modify it by himself, it must be UserA.

Links

WINET Architecture