I am recently doing some study on Global Platfrom Card. I got a questions while reading the specs.
The spec 2.2.1 mentioned while In OP_READY status, it's able to load, install Supplementary Security Domains. and this is the very beginning state of Card.
However, it also mentioned for install Supplementary Security Domains, "An initial key shall be available within the Issuer Security Domain.". which make me confused.
Where are there initial key from?
Is it pre implanted in the factory?
I found some docs said, the initial keys for ISD is diversified from "Key diversification data" which is returned by doing "INITIALIZE UPDATE" request. Is this true? How can I generate initial keys from this data?
Big thanks for your answers!!!
The keys get implanted implicitly during personalization phase. I suggest to also read Common Criteria protection profiles and/or javacard security targets to get a better understanding of the GP spec and overall lifecycle.
Related
The Ruby on Rails app I'm working on is a Tool Provider (TP) of Learning Tools Interoperability (LTI) version 1.1. One of our consumer uses Moodle 3.4 version. I need to get the student enrolment dates to a course from the Moodle instance to the provider as a launch param. Is there any LTI variable substitutions can I use to get this information ?
Any help is really appreciated.
Short answer: 'no'.
Better answer:
The list of spec defined LTI variables can be found at https://www.imsglobal.org/spec/lti/v1p3/#lti-context-variable
and I don't see any variables that look like they would directly match what you need. And of note moodle doesn't actually send all of the possible variables, you can find the list of variables moodle does support by referencing this file in the project's github.
https://github.com/moodle/moodle/blob/master/lib/ltiprovider/src/ToolProvider/ToolProvider.php
It is common where different platforms may allow variables to be sent that are in addition to those defined by the specification, but in this case it does not seem that moodle sends what you are looking for.
In the LTI 1.3 specification you might want to look at the Names and Roles Provisioning service (http://www.imsglobal.org/spec/lti-nrps/v2p0), however it still doesn't provide specific dates for the events, but does allow detections of adds and drops. Also there is a delta portion of the spec so you can load 'changes since' the last polling period.
I'm currently building a mutation that deletes a node.
I looked into the NODE_DELETE mutator configuration, but it specifies it needs a parentName, parentID and connectionName.
Why does deleting a node needs theses fields ? As Relay uses global IDs, it should be fairly easy to delete a node from all connections and/or all fields it is being referenced in.
See the documentation :
Relay NODE_DELETE documentation
Your intuition is correct. Those fields are redundant for the purpose of deleting node from data store, only config.deletedIDFieldName is used during such operation (details in writeRelayUpdatePayload module).
However you can't leave other fields unfilled, because they are still required during validation of your mutation that extends RelayMutation class. I have no idea where this inconsistency comes from, but it's worth noting that Relay team changed the direction of development and RelayMutation will get deprecated.
RelayMutation and fat/tracked queries. Future releases will deprecate
this API in favor of a static mutation API. We recommend using
RelayGraphQLMutation to ease the transition to new mutations.
source: Related issue on github
After quick look in Relay's source it seems this transitional API does not use the old method of configs validation, but I haven't got a chance to experiment with it yet, so you can confirm it yourself.
I am trying to allow users to create issues from a webpage, just like the Issue Collector. The problem is, there are only three templates provided for the collector and none of them are quite right.
What I want is to have three required fields that then combine to become the description. (Similar to how the first template has "what do you like" "what do you not like" which both go in the description)
The problem is there's no obvious way to edit the popup's contents.
Is there any way I can get at the source code of the collector to create my own modified version? Alternatively, if I just copy the html of the popup using inspect element could I create a working clone?
EDIT: Well, I've managed to get at the source code using a java decompiler, but now I haven't got a clue how to put it back together again...
Do you have a paid license for JIRA? If so, Atlassian will give you a copy of the source code.
From their FAQ's
After an order has been placed, how and when can the license key and source be accessed?
Access to your license key(s) and any
applicable source code is provided only after the successful receipt
and processing of your payment. Once payment is received, the Billing
and Technical contact specified on the order can log into their My
Atlassian account, and view all corresponding license keys.
And instructions on how to "put it all back together" :)
Then you are free to customize to your heart's content.
Of course, you'll need to re-customize every time there's an update from Atlassian ...
See also this post on Atlassian's wiki
I am currently using 8191 for the 'AccessRights' variable required for the MDM payload (com.apple.mdm).
Now when using this the users gets the following message:
The administrator may collect personal data, add/remove accounts and
restrictions, list, install and manage apps, and remotely erase data
on your iPhone
Telling him/her the MDM-server are allowed to wipe the device remotely. Now I don't want the MDM-server to be able to do this at all.
When I change the AccessRights to 4161 for instance, the message changes into:
The administrator may collect personal data, and list, install and
manage apps on your iPhone
Now I can't find ANY reference to this AccessRights variable and its values. Can anyone enlighten me on what the value actually represents?
Here is the table that describes all flags for access rights:
You can mix these values to configure necessary list of access rights.
In your particular cases:
8191 - is a combination of all above values.
4161 - is a combination of 4096, 64 and 1.
Update:
Visput's printscreen of "Mobile Device Management Protocol Reference" provides the desired numerical values for AccessRights . However this answer will remain for context, the lessons learned along the way and the mention that said material may be subject to NonDisclosure Agreements due to the nature of the Apple confidential material.
For clear understanding of the answer's scope as well as for the sake of explaining to novices i will provide a little context.
Context
First off Mobile Device Management (MDM) provides you with features which are organized into a collection of settings called configuration profiles - features like real management capabilities, including convenient configuration, self-service tools, and enhanced protection etc.
These profiles are just XML file that allow you to distribute configuration information.
Configuration profiles are in property list format.
From the document that describes the keys in a configuration profile and provides examples of the resulting XML payloads, PayloadContent is one of the keys. It is also the one you meant that contains the AccessRights property.
PayloadContent[optional] is an Array of payload dictionaries (payload objects). Not
present if IsEncrypted is true.
The docs specify that these are the Payload Dictionary Keys Common to All Payloads: PayloadType,PayloadVersion,PayloadIdentifier,PayloadUUID,PayloadDisplayName,PayloadDescription,PayloadOrganization.
In addition to the standard payload keys above, each payload type contains keys that are specific to that payload type.
You are working with PayloadType "com.apple.mdm" and are looking for payload-specific keys for the MDM payload.
Conclusion
I have looked long and hard for all references of mdm payload keys. All i could find where a couple of AccessRights values, there is none in the official documentation available to the public.
The closest i could find was Inside the mdm protocol (pdf). A project with the goal of not creating a simple, turn-key, stand-alone MDM server, nor probing the protocol for weaknesses or hidden features, but simply to document as much of the protocol as possible.
From this document:
Unfortunately, documentation of the underlying protocol has never been
freely available. Obviously, third parties selling MDM servers were
provided access to the documentation by Apple, but it’s not been
available for researchers or smaller development shops. This
hampers risk analysis for enterprises making use of MDM. In order to aid such risk
assessments, and to enable and encourage future research, this project was born.
Now i consider the document to be very useful for understanding MDM. On access rights it provides an image page 8 representing a print screen of a GUI tool which presents access rights as check boxes. As for generated values, your best chance is to google anything like:
<key>AccessRights</key>
<integer>8191</integer>
I've also found the value 2047 somewhere.
I've also found mentions of access rights in this Security Configuration Recommendations from the NSA for Apple iOS devices. On page 16 you have Access Rights for Remote Administrators:
The following settings control what an MDM server is permitted to
query from an iOS device. For an enterprise-owned,
enterprise-controlled device, permitting the enterprise administrator
to query as much information as possible is appropriate. Some MDM
products may simply include these access rights by default and offer
options to retrieve less information from the device.
And it goes on to actually list the check boxes which where also illustrated in the previous guide. No correspondence to xml generated data/ids.
The closest i got to the actual id's was in this mdm-settings.xml which enumerates the access rules along with some other data used on the device for iOS6.
Your best change is to contact apple support and ask for details.
The info you are looking for may be subject to NonDisclosure Agreements due to the nature of the Apple confidential material. The document above was based on data available in Developer Preview
I'm using trying to interface with Quickbooks Online for an internal application that will push and pull transactions using qbXML. My problem is that I can't figure out which message I need to send in order to list and add the items listed under the "Banking" > "Registers" page. I've gone through the messages listed in the Onscreen Reference for Intuit Software Development Kits and none of them seem to give me this information.
Also, does anyone know of a list that explains what each message does?
If you're in a bank account register, you're writing checks. There are 3 kinds of checks in QuickBooks:
Expense checks - if you added a check directly in the register window, you would be adding an expense check.
Bill payment checks - these appear in a check register, but you can only add them with a bill payment operation.
Payroll checks - these appear in the check register, but they can only be added using the Intuit Payroll Service or by enabling manual payroll (almost no one does manual payroll in actual practice, but it is good to know about for testing purposes).
The first 2 types of checks have their own message type: the Add/Mod Check and Add/Mod BillPayment messages respectively. Payroll checks can't be added by the SDK. You can query all 3 types using a Transaction query message. I should also mention that it's possible to add an entry in any register using a journal entry, but that's not a good idea unless you are certain you know what you're doing.
I hate to tell you this, but the best reference for QuickBooks messages is the one you're already using. There are also XML files in the <sdk root>\docs directory that describe SDK operations. But there is really no substitute for understanding how QuickBooks operates from a user's perspective.
If you're going to be working with QuickBooks integration, it's a good idea to make friends with one or more QuickBooks Pro Advisors so you can run these kinds of issue by them. The relationship is generally mutually beneficial, since QuickBooks Pro Advisors often find it handy to have access to an SDK programmer.