Matter controller permissions after device commissioning

I have tried filing a feedback, FB15509991, for help with this and that didn't go anywhere. Figured I would try the developer forums.

Overview

I am working on a matter device using the Matter SDK and the matter device basically consists of both a matter bridge and matter controller functionality. The bridge part is currently a none-issue, however trying to have our device be an additional controller for the existing matter fabric.

The overall idea for our device as a matter controller is that it can be commissioned with Apple Home (via Matter BLE commissioning) and then view and control existing matter devices (over Wi-Fi network) on the Homekit matter fabric (convenient user experience), instead of our device having to form a matter fabric of its own and then having the user re-commission all their devices to add them our controller (difficult and possibly frustrating user experience), in order to have a consistent control experience between our device's display and Apple Home app.

The big problem

When we onboard our device via Apple Home app it does not have attribute write permission to other devices on the same fabric as we are seeing Unsupported Access (IM:0x0000057E) responses instead of expected attribute changes. Same for attempts to read valid endpoint/cluster/attributes.

The possible solution

Our operational device needs to be added to the access control list (ACL) with View and Operator permissions and then the ACL update pushed to all the fabric devices in order to give our device controller access to them.

The next problem

My question is what do we have to do in order for our device will be given control access permissions (View + Operator) in an ACL (access control list) update to other devices after our device has been commissioned?

Because the matter specification does not define a "Controller Cluster" that could be used to type a device as a matter controller to make it obvious that the device wishes to have controller permissions post commissioning. So that means its up to each fabric administrator implementer as to how to accomplish what I'm requesting to do.

I'm hoping somebody in the Apple team responsible for the Matter + HomeKit integration could give me some insight as to whether this is even possible at this time.

Test environment

The environment consists of:

  • iPhone running iOS 17.7
  • iPad running iPadOS 18.0.1
  • HomePod Mini with software version 18.0
  • Realtek WiFi module running Matter Fan+Light firmware (Matter SDK 1.3) for target/controlee
  • [our device] LCD display unit + Realtek WiFi module (Matter SDK 1.3) for controller.
Answered by DTS Engineer in 811435022

So, the key issue here is this:

The overall idea for our device as a matter controller is that it can be commissioned with Apple Home (via Matter BLE commissioning) and then view and control existing matter devices (over Wi-Fi network) on the Homekit matter fabric (convenient user experience),

This is not something our ecosystem currently supports, nor is it something I'd expect most ecosystems support. That is, my expectation is that most ecosystems will restrict "controller" level access to "their devices", with alternative control path being handled by commissioning new ecosystems. This is the easiest approach for an ecosystem vendor to implement and it bypasses a variety of interface and user experience issues that would otherwise need to be solved.

My question is what do we have to do in order for our device will be given control access permissions (View + Operator) in an ACL (access control list) update to other devices after our device has been commissioned?

There isn't any mechanism to do this within the HomeKit ecosystem.

__
Kevin Elliott
DTS Engineer, CoreOS/Hardware

So, the key issue here is this:

The overall idea for our device as a matter controller is that it can be commissioned with Apple Home (via Matter BLE commissioning) and then view and control existing matter devices (over Wi-Fi network) on the Homekit matter fabric (convenient user experience),

This is not something our ecosystem currently supports, nor is it something I'd expect most ecosystems support. That is, my expectation is that most ecosystems will restrict "controller" level access to "their devices", with alternative control path being handled by commissioning new ecosystems. This is the easiest approach for an ecosystem vendor to implement and it bypasses a variety of interface and user experience issues that would otherwise need to be solved.

My question is what do we have to do in order for our device will be given control access permissions (View + Operator) in an ACL (access control list) update to other devices after our device has been commissioned?

There isn't any mechanism to do this within the HomeKit ecosystem.

__
Kevin Elliott
DTS Engineer, CoreOS/Hardware

Matter controller permissions after device commissioning
 
 
Q