PM WANI Specification 1.0 vs 2.0
This document discusses the difference between the 1.0 and 2.0 specification for PM-WANI framework.
According to the PM-WANI website, the specifications were released on the following dates
| Specification Version | Filename | Date |
|---|---|---|
| V1.0 | Architecture and Specifications of entities under PM WANI Framework. Annexure-II to The Framework and Guidelines for Registration | 11.12.2020 |
| V2.0 | Version.2_0 Architecture and Specifications of entities under PM WANI Framework. Annexure-II to The Framework and Guidelines for Registration | 18.02.2021 |
The main difference in the spec is to do with the way the users connect to the PM-WANI compatible network
In version 1.0, the app-provider is to allow a user to maintain a list of devices like laptop, smartwatch(using their unique MAC-ID). Once this user buys the data-sachet, all the devices in the user-profile will get access to internet.
User's device group
- Smartphone
- Smartwatch
- Laptop
This was made possible by the device list(see "Devices":[] below) that was provided in the app-provider-backed-response to the PDOA captive portal during the authentication process
{
"ver": "1.0", // version of the profile format
"app-provider-id": "", // mandatory - ID from WaniRegistry
"app-provider-name":"", // name from WaniRegistry
"timestamp": "YYYYMMDDhhmmss", // current timestamp
"Username":"", // mandatory
"payment-address":"", // upi://vpa/token or wallet://ac-
no@ppi/token
"Devices":[], // device MAC-IDs array if any for current session
"signature":"", // computed for this structure (see below)
"key-exp": "" // Key→exp value of the key pair used for signature
}
Optionally, the app-provider could also allow a user to maintain multiple groups of MAC-ID's and the user could choose one group vs another for connecting.
In version 2.0, the requirement for app-providers to maintain this list of devices(using their unique MAC-ID) is removed. Here, while authenticating, the app needs to send the user's 'username and password' in the request query (see below)
<style type="text/css"> .tg {border-collapse:collapse;border-spacing:0;} .tg td{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px; overflow:hidden;padding:10px 5px;word-break:normal;} .tg th{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px; font-weight:normal;overflow:hidden;padding:10px 5px;word-break:normal;} .tg .tg-zh46{border-color:inherit;font-family:"Courier New", Courier, monospace !important;text-align:left;vertical-align:top} .tg .tg-941b{border-color:inherit;font-family:"Courier New", Courier, monospace !important;font-size:11px;text-align:left; vertical-align:top} </style>| Version 1.0 waniapptoken | Version 2.0 waniapptoken |
|---|---|
| { "ver": "1.0", // version of the token structure "timestamp": "YYYYMMDDhhmmss", "username": "", // username of user "appId": "", // App id to handle multiple apps from same provider "appVer": "", // version of app to handle multiple app versions "totp": "", // TOTP generated by the app. This is essential to ensure App provider server can trust origin of this token "custData": {} // any custom JSON data structure needed by the app } |
{ "ver": "1.0", // version of the token structure "timestamp": "YYYYMMDDhhmmss", "username": "", // username of user (mandatory) “password”: "", // password created by the user (mandatory)“apMacId”: “A1:22:33:44:55:AF”,//MAC ID of the WiFi radio of13Access point which SSID is selected (mandatory) “deviceMacId”: “12:22:33:44:55:BA”,//MAC ID of the User device after selecting SSID (optional) "appId": "", // App id to handle multiple apps from same provider "appVer": "", // version of app to handle multiple app versions "totp": "", // TOTP generated by the app. This is essential to ensure App provider server can trust origin of this token "custData": {} // any custom JSON data structure needed by the app } |
Since there is no list of mac-id, the other devices(apart from the one that uses the app) needs someone to open the captive portal and login with the user's 'username and password' on the captive portal manually.
| Version 1.0 | Version 2.0 |
|---|---|
| Maintains list of devices in app | Does not maintain list of device in app |
| Once the payment is successful, every device in the user's device-group can access internet | The devices need to either install the app or have to manually enter the 'username and password' in the captive-portal |
| Advantage | Disadvantage |
|---|---|
| Once the device group is set-up, the internet connectivity is seamless for all devices | The user needs to figure out a way to get the mac-address of his device like laptop,smartwatch to add to the device group on the app |
| Security risk, where the MAC address of one of the devices may be sniffed and misused by malicious user |
| Advantage | Disadvantages |
|---|---|
| The user does not need to find the mac-address of the device | Devices that do not have an app need to connect to the network by someone manually entering the 'username and password'. Doing this will be very tricky in devices like smartwatches |
| The request contains the password which is a security risk if compromised | |
| The user needs to remember the username/password |