> I think so; there are some details of resale that BRSKI would like to make
> out-of-scope for the first document. Some way, we have to deal with it, and
> I would actually like feedback from OPC about the parameters of different
> solutions here.
There are two things I would like to clarify:
1) As it stands today BRSKI is pull model only and the push model is out of
scope but I don't see why that has to be the case once you allow for different
protocols between the Device and the Registrar. With our proposed OPC mapping
we would define a Registrar that supports both models. Is this of any interest
to the IETF or would it be an OPC only thing?
2) Perhaps the most value from BRSKI comes not from the MASA per se but the
voucher format (i.e. a digitally signed document with a standard format). We
could meet a lot of our requirements if we had a voucher which has a list of
nonce-less or bearer vouchers shipped to a particular location for use by a
particular end user. We could create workflows where the
manufacturer/distributor has to create this document when devices are
delivered. The document could be delivered via the MASA or via some other B2B
exchange or even on a USB stick. However it is delivered it can then be read by
the Registrar and use it to build a whitelist of Devices allowed on the
network.
I am also thinking that this voucher would be a good application for block
chain where instead of a bearer voucher we define a mechanism where the owner
the device could append a "block" to the original voucher which authorizes the
transfer to new owner.
-----Original Message-----
From: Michael Richardson <mcr+i...@sandelman.ca>
Sent: August 10, 2019 6:08 PM
To: Randy Armstrong (OPC) <randy.armstr...@opcfoundation.org>
Cc: Jack Visoky <jmvis...@ra.rockwell.com>; iot-onboard...@ietf.org;
anima@ietf.org
Subject: Re: EXTERNAL: Re: [Anima] [Iot-onboarding] OPC and BRSKI
Randy Armstrong (OPC) <randy.armstr...@opcfoundation.org> wrote:
> The questions that the OPC WG needs to answer are:
> 1) Can BRSKI meet our requirements?
I think so; there are some details of resale that BRSKI would like to make
out-of-scope for the first document. Some way, we have to deal with it, and I
would actually like feedback from OPC about the parameters of different
solutions here.
> 2) If the answer to 1) is yes then can it work with OPC UA security?
yes, I think so.
is there any open source reference code for the OPC UA security?
> 3) If the answer to 2) is no then do we use TLS or extend our own model
> with something like BRSKI but not BRSKI?
> While I cannot predict how the various participants in the OPC WGs will
> respond to question 3), I do know it would make collaboration a lot
> easier if the answer to 2) was yes.
I think yes.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6
IoT consulting =-
_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
