I thought to test this out to confirm that the identity could not be copied to another device.
Awesome.. as I received the following error when attempting this.
failure creating Bind session to service golanghttp error="unable to create session. http status code: 400, msg: {"error":{"cause":{"field":"ServiceId","reason":"service not found","value":"kIrlFFylD"},"code":"COULD_NOT_VALIDATE","message":"The supplied request contains an invalid document or no valid accept content were available, see cause","requestId":"mNgmcSRoD"},"meta":{"apiEnrollmentVersion":"0.0.1","apiVersion":"0.0.1"}}\n"
However.. what I do not know is the specific details used to validate this.
What would it take for someone to use an enrolled identity on another device... or is it practically not possible due to the difficulty to perform this?
the identity is merely a file. if you have the proper rights you can transfer the file without an issue. strictly speaking, we would never recommend doing this since you shouldn't transfer keys - but practically I've done this all the time.
"failure creating Bind session" and "invalid document or no valid accept content were available" make me think you're just referencing the wrong file.
I can absolutely confirm that "if you do it right" (or copy the right file) you can totally move the identity file from one machine to another. If you make a few identities during development (like I do) it's easy to move the wrong file, copy the wrong file etc... 
1 Like
Ahh.. that would make sense.. as it would not have the right service policy settings. Got it..
The reason why I tried this that I found you use the SDK packages you pass the name through as a part of the request.. allowing you to validated it in a prehook to confirm authorisation.
What would be nice is if the json file is embedded in the app when its enrolled. I think I have seen this done with the mobile edge device.. this would be a nice feature to consider for the future in other edge devices