Re: F37 Change: Support FIDO Device Onboarding (Self-Contained Change proposal)
> On Tue, Mar 29, 2022 at 10:24:38AM -0400, Simo Sorce wrote: > > Can we get a link to the actual software stack being proposed? > > The link in this proposal is a marketing post ... > > In Peter's defense, that marketing link in the summary was my suggestion -- > I wanted something that (relatively) concisely summarized the intention of > the standard. The github page just says "An implementation of the FIDO > Device Onboard Specification" which doesn't really do that. I meant to include both, it was purely an oversight. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: F37 Change: Support FIDO Device Onboarding (Self-Contained Change proposal)
On Tue, Mar 29, 2022 at 10:24:38AM -0400, Simo Sorce wrote: > Can we get a link to the actual software stack being proposed? > The link in this proposal is a marketing post ... In Peter's defense, that marketing link in the summary was my suggestion -- I wanted something that (relatively) concisely summarized the intention of the standard. The github page just says "An implementation of the FIDO Device Onboard Specification" which doesn't really do that. -- Matthew Miller Fedora Project Leader ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: F37 Change: Support FIDO Device Onboarding (Self-Contained Change proposal)
> On Tue, 2022-03-29 at 14:38 +, Peter Robinson wrote: > > > > > > Can we get a link to the actual software stack being > > > > > > proposed? > > > > > > The link in this proposal is a marketing post ... > > > > > > > > > > Yes, that was an oversight, for reference: > > > > > https://github.com/fedora-iot/fido-device-onboard-rs > > > > > > > > For reference it's under scope where I mentioned the > > > > implementation > > > > and clearly forgot to add the link. > > > > > > > > > > This is pretty neat! What kind of stuff can be done with this > > > onboarding system? > > > > It's designed to be small and straight forward, do one job securely > > Where is the security part coming from ? > Does this require devices to be pre-registred/pre-seeded with some root > of trust? > Or is it TOFU ? > > Or something else? It uses a RoT/chain of trust, details are in the spec: https://fidoalliance.org/specs/FDO/FIDO-Device-Onboard-RD-v1.1-20211214/FIDO-device-onboard-spec-v1.1-rd-20211214.html ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: F37 Change: Support FIDO Device Onboarding (Self-Contained Change proposal)
On Tue, 2022-03-29 at 14:38 +, Peter Robinson wrote: > > > > > Can we get a link to the actual software stack being > > > > > proposed? > > > > > The link in this proposal is a marketing post ... > > > > > > > > Yes, that was an oversight, for reference: > > > > https://github.com/fedora-iot/fido-device-onboard-rs > > > > > > For reference it's under scope where I mentioned the > > > implementation > > > and clearly forgot to add the link. > > > > > > > This is pretty neat! What kind of stuff can be done with this > > onboarding system? > > It's designed to be small and straight forward, do one job securely Where is the security part coming from ? Does this require devices to be pre-registred/pre-seeded with some root of trust? Or is it TOFU ? Or something else? > and succinctly. It's extendable by SIMs (Service Information Modules) > and ATM we have a small set of SIMs to do things like add a > user/ssh-key, add a file and run a command. We'll be adding > functionality like the ability to specify OTA update URLs. > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: F37 Change: Support FIDO Device Onboarding (Self-Contained Change proposal)
On Tue, Mar 29, 2022 at 3:45 PM Neal Gompa wrote: > > On Tue, Mar 29, 2022 at 10:38 AM Peter Robinson wrote: > > > > > > > > Can we get a link to the actual software stack being proposed? > > > > > > The link in this proposal is a marketing post ... > > > > > > > > > > Yes, that was an oversight, for reference: > > > > > https://github.com/fedora-iot/fido-device-onboard-rs > > > > > > > > For reference it's under scope where I mentioned the implementation > > > > and clearly forgot to add the link. > > > > > > > > > > This is pretty neat! What kind of stuff can be done with this onboarding > > > system? > > > > It's designed to be small and straight forward, do one job securely > > and succinctly. It's extendable by SIMs (Service Information Modules) > > and ATM we have a small set of SIMs to do things like add a > > user/ssh-key, add a file and run a command. We'll be adding > > functionality like the ability to specify OTA update URLs. > > Just to check my understanding here, we can basically bootstrap users, > download a script, and run it? And in the future we can configure > RPM-OSTree update remotes? Basically yes, the OTA is intended to be generic as part of the standard so we're still working out how exactly to make that generic, hence why it's not there yet, but the other three are essentially correct. This is the first phase of getting it into Fedora IoT so interested parties can start to play. It's evolving and under active development and there will be new features coming that will likely be part of different Change proposals but are not part of this one. This is about the core functionality. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: F37 Change: Support FIDO Device Onboarding (Self-Contained Change proposal)
On Tue, Mar 29, 2022 at 10:38 AM Peter Robinson wrote: > > > > > > Can we get a link to the actual software stack being proposed? > > > > > The link in this proposal is a marketing post ... > > > > > > > > Yes, that was an oversight, for reference: > > > > https://github.com/fedora-iot/fido-device-onboard-rs > > > > > > For reference it's under scope where I mentioned the implementation > > > and clearly forgot to add the link. > > > > > > > This is pretty neat! What kind of stuff can be done with this onboarding > > system? > > It's designed to be small and straight forward, do one job securely > and succinctly. It's extendable by SIMs (Service Information Modules) > and ATM we have a small set of SIMs to do things like add a > user/ssh-key, add a file and run a command. We'll be adding > functionality like the ability to specify OTA update URLs. Just to check my understanding here, we can basically bootstrap users, download a script, and run it? And in the future we can configure RPM-OSTree update remotes? -- 真実はいつも一つ!/ Always, there's only one truth! ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: F37 Change: Support FIDO Device Onboarding (Self-Contained Change proposal)
> > > > Can we get a link to the actual software stack being proposed? > > > > The link in this proposal is a marketing post ... > > > > > > Yes, that was an oversight, for reference: > > > https://github.com/fedora-iot/fido-device-onboard-rs > > > > For reference it's under scope where I mentioned the implementation > > and clearly forgot to add the link. > > > > This is pretty neat! What kind of stuff can be done with this onboarding > system? It's designed to be small and straight forward, do one job securely and succinctly. It's extendable by SIMs (Service Information Modules) and ATM we have a small set of SIMs to do things like add a user/ssh-key, add a file and run a command. We'll be adding functionality like the ability to specify OTA update URLs. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: F37 Change: Support FIDO Device Onboarding (Self-Contained Change proposal)
On Tue, Mar 29, 2022 at 10:29 AM Peter Robinson wrote: > > On Tue, Mar 29, 2022 at 3:26 PM Peter Robinson wrote: > > > > On Tue, Mar 29, 2022 at 3:25 PM Simo Sorce wrote: > > > > > > Can we get a link to the actual software stack being proposed? > > > The link in this proposal is a marketing post ... > > > > Yes, that was an oversight, for reference: > > https://github.com/fedora-iot/fido-device-onboard-rs > > For reference it's under scope where I mentioned the implementation > and clearly forgot to add the link. > This is pretty neat! What kind of stuff can be done with this onboarding system? -- 真実はいつも一つ!/ Always, there's only one truth! ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: F37 Change: Support FIDO Device Onboarding (Self-Contained Change proposal)
On Tue, Mar 29, 2022 at 3:26 PM Peter Robinson wrote: > > On Tue, Mar 29, 2022 at 3:25 PM Simo Sorce wrote: > > > > Can we get a link to the actual software stack being proposed? > > The link in this proposal is a marketing post ... > > Yes, that was an oversight, for reference: > https://github.com/fedora-iot/fido-device-onboard-rs For reference it's under scope where I mentioned the implementation and clearly forgot to add the link. > > On Tue, 2022-03-29 at 09:50 -0400, Ben Cotton wrote: > > > https://fedoraproject.org/wiki/Changes/FIDODeviceOnboarding > > > > > > == Summary == > > > Package and enable the > > > [https://fidoalliance.org/fido-alliance-creates-new-onboarding-standard-to-secure-internet-of-things-iot/ > > > FIDO Device Onboarding] software stack for Zero Touch Onboarding on > > > Fedora IoT. > > > > > > == Owner == > > > * Name: [[User:pbrobinson| Peter Robinson]] > > > * Email: [mailto:pbrobin...@fedoraproject.org| > > > pbrobin...@fedoraproject.org] > > > * Name: [[User:runcom| Antonio Murdaca]] > > > * Email: [mailto:amurd...@redhat.com| amurd...@redhat.com] > > > > > > > > > == Detailed Description == > > > > > > The ability for an IoT or Edge device to be plugged in and > > > automatically onboard itself with zero user interaction is critical to > > > be able to scale IoT/Edge to millions of devices. To do this in a > > > secure way with open standards across the industry is even more > > > critical. The FIDO IoT working group has worked with leaders in the > > > silicon industry such as Intel and Arm to produce the FIDO Device > > > onboarding spec which allows a device credential, a root and chain of > > > trust to ensure the secure onboarding of a device without the need of > > > stored credentials. > > > > > > == Benefit to Fedora == > > > > > > The benefit to Fedora is to allow the IoT Edition to demonstrate the > > > use of leading edge open industry protocols for onboarding IoT and > > > Edge devices. > > > > > > == Scope == > > > * Proposal owners: > > > ** Package the rust implementation of the FIDO device onboarding stack > > > including client, rendezvous service, owner onboarding service and > > > prototype manufacturing service. > > > ** Enable the client service by default for IoT Edition > > > ** Add the client service to the IoT Edition deliverables > > > > > > * Other developers: > > > ** No impact > > > > > > * Release engineering: [https://pagure.io/releng/issue/10720 #10720] > > > * Policies and guidelines: N/A (not a System Wide Change) > > > * Trademark approval: N/A (not needed for this Change) > > > > > > == Upgrade/compatibility impact == > > > There is no upgrade impact. FIDO FDO is a single use onboarding > > > protocol and will not impact existing IoT user systems. > > > > > > == How To Test == > > > > > > * Test with FDO all-in-one services. Documentation will be available > > > for testing. > > > > > > == User Experience == > > > > > > No impact to non IoT Edition users. > > > > > > The user experience for the IoT Edition is still evolving and this > > > will be updated as things fall into place later in Spring and early > > > Summer 2022. > > > > > > == Dependencies == > > > N/A (not a System Wide Change) > > > > > > == Contingency Plan == > > > > > > * Contingency mechanism: Not shipping FDO as a package in Fedora or > > > including it in the IoT Edition > > > * Contingency deadline: GA > > > * Blocks release? No. > > > * Blocks product? No. > > > > > > == Documentation == > > > N/A (not a System Wide Change) > > > > > > == Release Notes == > > > Fedora IoT Edition supports the FIDO Device Onboarding 1.1 > > > specification for zero touch onboarding of IoT and Edge devices. > > > > > > > > > -- > > > Ben Cotton > > > He / Him / His > > > Fedora Program Manager > > > Red Hat > > > TZ=America/Indiana/Indianapolis > > > ___ > > > devel mailing list -- devel@lists.fedoraproject.org > > > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > > > Fedora Code of Conduct: > > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > > List Archives: > > > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > > > Do not reply to spam on the list, report it: > > > https://pagure.io/fedora-infrastructure > > > > -- > > Simo Sorce > > RHEL Crypto Team > > Red Hat, Inc > > > > > > > > ___ > > devel mailing list -- devel@lists.fedoraproject.org > > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > > Do not reply to spam on the list, report it: > >
Re: F37 Change: Support FIDO Device Onboarding (Self-Contained Change proposal)
On Tue, Mar 29, 2022 at 3:25 PM Simo Sorce wrote: > > Can we get a link to the actual software stack being proposed? > The link in this proposal is a marketing post ... Yes, that was an oversight, for reference: https://github.com/fedora-iot/fido-device-onboard-rs > On Tue, 2022-03-29 at 09:50 -0400, Ben Cotton wrote: > > https://fedoraproject.org/wiki/Changes/FIDODeviceOnboarding > > > > == Summary == > > Package and enable the > > [https://fidoalliance.org/fido-alliance-creates-new-onboarding-standard-to-secure-internet-of-things-iot/ > > FIDO Device Onboarding] software stack for Zero Touch Onboarding on > > Fedora IoT. > > > > == Owner == > > * Name: [[User:pbrobinson| Peter Robinson]] > > * Email: [mailto:pbrobin...@fedoraproject.org| pbrobin...@fedoraproject.org] > > * Name: [[User:runcom| Antonio Murdaca]] > > * Email: [mailto:amurd...@redhat.com| amurd...@redhat.com] > > > > > > == Detailed Description == > > > > The ability for an IoT or Edge device to be plugged in and > > automatically onboard itself with zero user interaction is critical to > > be able to scale IoT/Edge to millions of devices. To do this in a > > secure way with open standards across the industry is even more > > critical. The FIDO IoT working group has worked with leaders in the > > silicon industry such as Intel and Arm to produce the FIDO Device > > onboarding spec which allows a device credential, a root and chain of > > trust to ensure the secure onboarding of a device without the need of > > stored credentials. > > > > == Benefit to Fedora == > > > > The benefit to Fedora is to allow the IoT Edition to demonstrate the > > use of leading edge open industry protocols for onboarding IoT and > > Edge devices. > > > > == Scope == > > * Proposal owners: > > ** Package the rust implementation of the FIDO device onboarding stack > > including client, rendezvous service, owner onboarding service and > > prototype manufacturing service. > > ** Enable the client service by default for IoT Edition > > ** Add the client service to the IoT Edition deliverables > > > > * Other developers: > > ** No impact > > > > * Release engineering: [https://pagure.io/releng/issue/10720 #10720] > > * Policies and guidelines: N/A (not a System Wide Change) > > * Trademark approval: N/A (not needed for this Change) > > > > == Upgrade/compatibility impact == > > There is no upgrade impact. FIDO FDO is a single use onboarding > > protocol and will not impact existing IoT user systems. > > > > == How To Test == > > > > * Test with FDO all-in-one services. Documentation will be available > > for testing. > > > > == User Experience == > > > > No impact to non IoT Edition users. > > > > The user experience for the IoT Edition is still evolving and this > > will be updated as things fall into place later in Spring and early > > Summer 2022. > > > > == Dependencies == > > N/A (not a System Wide Change) > > > > == Contingency Plan == > > > > * Contingency mechanism: Not shipping FDO as a package in Fedora or > > including it in the IoT Edition > > * Contingency deadline: GA > > * Blocks release? No. > > * Blocks product? No. > > > > == Documentation == > > N/A (not a System Wide Change) > > > > == Release Notes == > > Fedora IoT Edition supports the FIDO Device Onboarding 1.1 > > specification for zero touch onboarding of IoT and Edge devices. > > > > > > -- > > Ben Cotton > > He / Him / His > > Fedora Program Manager > > Red Hat > > TZ=America/Indiana/Indianapolis > > ___ > > devel mailing list -- devel@lists.fedoraproject.org > > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > > Do not reply to spam on the list, report it: > > https://pagure.io/fedora-infrastructure > > -- > Simo Sorce > RHEL Crypto Team > Red Hat, Inc > > > > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
Re: F37 Change: Support FIDO Device Onboarding (Self-Contained Change proposal)
Can we get a link to the actual software stack being proposed? The link in this proposal is a marketing post ... On Tue, 2022-03-29 at 09:50 -0400, Ben Cotton wrote: > https://fedoraproject.org/wiki/Changes/FIDODeviceOnboarding > > == Summary == > Package and enable the > [https://fidoalliance.org/fido-alliance-creates-new-onboarding-standard-to-secure-internet-of-things-iot/ > FIDO Device Onboarding] software stack for Zero Touch Onboarding on > Fedora IoT. > > == Owner == > * Name: [[User:pbrobinson| Peter Robinson]] > * Email: [mailto:pbrobin...@fedoraproject.org| pbrobin...@fedoraproject.org] > * Name: [[User:runcom| Antonio Murdaca]] > * Email: [mailto:amurd...@redhat.com| amurd...@redhat.com] > > > == Detailed Description == > > The ability for an IoT or Edge device to be plugged in and > automatically onboard itself with zero user interaction is critical to > be able to scale IoT/Edge to millions of devices. To do this in a > secure way with open standards across the industry is even more > critical. The FIDO IoT working group has worked with leaders in the > silicon industry such as Intel and Arm to produce the FIDO Device > onboarding spec which allows a device credential, a root and chain of > trust to ensure the secure onboarding of a device without the need of > stored credentials. > > == Benefit to Fedora == > > The benefit to Fedora is to allow the IoT Edition to demonstrate the > use of leading edge open industry protocols for onboarding IoT and > Edge devices. > > == Scope == > * Proposal owners: > ** Package the rust implementation of the FIDO device onboarding stack > including client, rendezvous service, owner onboarding service and > prototype manufacturing service. > ** Enable the client service by default for IoT Edition > ** Add the client service to the IoT Edition deliverables > > * Other developers: > ** No impact > > * Release engineering: [https://pagure.io/releng/issue/10720 #10720] > * Policies and guidelines: N/A (not a System Wide Change) > * Trademark approval: N/A (not needed for this Change) > > == Upgrade/compatibility impact == > There is no upgrade impact. FIDO FDO is a single use onboarding > protocol and will not impact existing IoT user systems. > > == How To Test == > > * Test with FDO all-in-one services. Documentation will be available > for testing. > > == User Experience == > > No impact to non IoT Edition users. > > The user experience for the IoT Edition is still evolving and this > will be updated as things fall into place later in Spring and early > Summer 2022. > > == Dependencies == > N/A (not a System Wide Change) > > == Contingency Plan == > > * Contingency mechanism: Not shipping FDO as a package in Fedora or > including it in the IoT Edition > * Contingency deadline: GA > * Blocks release? No. > * Blocks product? No. > > == Documentation == > N/A (not a System Wide Change) > > == Release Notes == > Fedora IoT Edition supports the FIDO Device Onboarding 1.1 > specification for zero touch onboarding of IoT and Edge devices. > > > -- > Ben Cotton > He / Him / His > Fedora Program Manager > Red Hat > TZ=America/Indiana/Indianapolis > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
F37 Change: Support FIDO Device Onboarding (Self-Contained Change proposal)
https://fedoraproject.org/wiki/Changes/FIDODeviceOnboarding == Summary == Package and enable the [https://fidoalliance.org/fido-alliance-creates-new-onboarding-standard-to-secure-internet-of-things-iot/ FIDO Device Onboarding] software stack for Zero Touch Onboarding on Fedora IoT. == Owner == * Name: [[User:pbrobinson| Peter Robinson]] * Email: [mailto:pbrobin...@fedoraproject.org| pbrobin...@fedoraproject.org] * Name: [[User:runcom| Antonio Murdaca]] * Email: [mailto:amurd...@redhat.com| amurd...@redhat.com] == Detailed Description == The ability for an IoT or Edge device to be plugged in and automatically onboard itself with zero user interaction is critical to be able to scale IoT/Edge to millions of devices. To do this in a secure way with open standards across the industry is even more critical. The FIDO IoT working group has worked with leaders in the silicon industry such as Intel and Arm to produce the FIDO Device onboarding spec which allows a device credential, a root and chain of trust to ensure the secure onboarding of a device without the need of stored credentials. == Benefit to Fedora == The benefit to Fedora is to allow the IoT Edition to demonstrate the use of leading edge open industry protocols for onboarding IoT and Edge devices. == Scope == * Proposal owners: ** Package the rust implementation of the FIDO device onboarding stack including client, rendezvous service, owner onboarding service and prototype manufacturing service. ** Enable the client service by default for IoT Edition ** Add the client service to the IoT Edition deliverables * Other developers: ** No impact * Release engineering: [https://pagure.io/releng/issue/10720 #10720] * Policies and guidelines: N/A (not a System Wide Change) * Trademark approval: N/A (not needed for this Change) == Upgrade/compatibility impact == There is no upgrade impact. FIDO FDO is a single use onboarding protocol and will not impact existing IoT user systems. == How To Test == * Test with FDO all-in-one services. Documentation will be available for testing. == User Experience == No impact to non IoT Edition users. The user experience for the IoT Edition is still evolving and this will be updated as things fall into place later in Spring and early Summer 2022. == Dependencies == N/A (not a System Wide Change) == Contingency Plan == * Contingency mechanism: Not shipping FDO as a package in Fedora or including it in the IoT Edition * Contingency deadline: GA * Blocks release? No. * Blocks product? No. == Documentation == N/A (not a System Wide Change) == Release Notes == Fedora IoT Edition supports the FIDO Device Onboarding 1.1 specification for zero touch onboarding of IoT and Edge devices. -- Ben Cotton He / Him / His Fedora Program Manager Red Hat TZ=America/Indiana/Indianapolis ___ devel-announce mailing list -- devel-announce@lists.fedoraproject.org To unsubscribe send an email to devel-announce-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
F37 Change: Support FIDO Device Onboarding (Self-Contained Change proposal)
https://fedoraproject.org/wiki/Changes/FIDODeviceOnboarding == Summary == Package and enable the [https://fidoalliance.org/fido-alliance-creates-new-onboarding-standard-to-secure-internet-of-things-iot/ FIDO Device Onboarding] software stack for Zero Touch Onboarding on Fedora IoT. == Owner == * Name: [[User:pbrobinson| Peter Robinson]] * Email: [mailto:pbrobin...@fedoraproject.org| pbrobin...@fedoraproject.org] * Name: [[User:runcom| Antonio Murdaca]] * Email: [mailto:amurd...@redhat.com| amurd...@redhat.com] == Detailed Description == The ability for an IoT or Edge device to be plugged in and automatically onboard itself with zero user interaction is critical to be able to scale IoT/Edge to millions of devices. To do this in a secure way with open standards across the industry is even more critical. The FIDO IoT working group has worked with leaders in the silicon industry such as Intel and Arm to produce the FIDO Device onboarding spec which allows a device credential, a root and chain of trust to ensure the secure onboarding of a device without the need of stored credentials. == Benefit to Fedora == The benefit to Fedora is to allow the IoT Edition to demonstrate the use of leading edge open industry protocols for onboarding IoT and Edge devices. == Scope == * Proposal owners: ** Package the rust implementation of the FIDO device onboarding stack including client, rendezvous service, owner onboarding service and prototype manufacturing service. ** Enable the client service by default for IoT Edition ** Add the client service to the IoT Edition deliverables * Other developers: ** No impact * Release engineering: [https://pagure.io/releng/issue/10720 #10720] * Policies and guidelines: N/A (not a System Wide Change) * Trademark approval: N/A (not needed for this Change) == Upgrade/compatibility impact == There is no upgrade impact. FIDO FDO is a single use onboarding protocol and will not impact existing IoT user systems. == How To Test == * Test with FDO all-in-one services. Documentation will be available for testing. == User Experience == No impact to non IoT Edition users. The user experience for the IoT Edition is still evolving and this will be updated as things fall into place later in Spring and early Summer 2022. == Dependencies == N/A (not a System Wide Change) == Contingency Plan == * Contingency mechanism: Not shipping FDO as a package in Fedora or including it in the IoT Edition * Contingency deadline: GA * Blocks release? No. * Blocks product? No. == Documentation == N/A (not a System Wide Change) == Release Notes == Fedora IoT Edition supports the FIDO Device Onboarding 1.1 specification for zero touch onboarding of IoT and Edge devices. -- Ben Cotton He / Him / His Fedora Program Manager Red Hat TZ=America/Indiana/Indianapolis ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
