Automated XIoT device management GoldenPath
Hi list, first Q, so please be nice ;) If I am in the wrong list, please just let me know where to ask :) I am in the process of figuring out the architecture of how to automate XIoT device management best possible, and thought the following functionality in Radius would be a good approach. Are these something that is already supported in FreeRadius? Suggestions for better alternatives or guides/links on how to best achieve this are much appreciated :) "ZeroConf" XIoT info: - [MUD](https://datatracker.ietf.org/doc/rfc8520) retrieval (-> asset management system -> XIoTType ACL creation/approval -> provisioning) - [SBOM](https://cyclonedx.org/specification/overview) retrieval (-> asset management system -> continuous lightweight vulnerability scanning -> proactive compromisation actions) ZeroTrust XIoT PNAC 802.1x EAP-TLS authentication: - [FDO](https://github.com/fido-device-onboard) - [KeyLime](https://github.com/keylime) - [Akri](https://github.com/project-akri/akri) ZeroTouch XIoT provisioning: - [AWS IoT Greengrass](https://github.com/aws-greengrass) - [Tinkerbell](https://github.com/tinkerbell/proposals/issues/66) Thanks in advance :) Br. Michael
For additional information, I have created a suggestion for SONiC switches on this subject: https://github.com/sonic-net/SONiC/issues/1362 Den tors. 15. jun. 2023 kl. 23.08 skrev Michael Maymann <m@maymann.com>:
Hi list,
first Q, so please be nice ;) If I am in the wrong list, please just let me know where to ask :)
I am in the process of figuring out the architecture of how to automate XIoT device management best possible, and thought the following functionality in Radius would be a good approach. Are these something that is already supported in FreeRadius? Suggestions for better alternatives or guides/links on how to best achieve this are much appreciated :)
"ZeroConf" XIoT info: - [MUD](https://datatracker.ietf.org/doc/rfc8520) retrieval (-> asset management system -> XIoTType ACL creation/approval -> provisioning) - [SBOM](https://cyclonedx.org/specification/overview) retrieval (-> asset management system -> continuous lightweight vulnerability scanning -> proactive compromisation actions)
ZeroTrust XIoT PNAC 802.1x EAP-TLS authentication: - [FDO](https://github.com/fido-device-onboard) - [KeyLime](https://github.com/keylime) - [Akri](https://github.com/project-akri/akri)
ZeroTouch XIoT provisioning: - [AWS IoT Greengrass](https://github.com/aws-greengrass) - [Tinkerbell](https://github.com/tinkerbell/proposals/issues/66)
Thanks in advance :)
Br. Michael
On Jun 15, 2023, at 5:08 PM, Michael Maymann <m@maymann.com> wrote:
first Q, so please be nice ;) If I am in the wrong list, please just let me know where to ask :)
This is the list to ask about RADIUS / FeeeRADIUS issues.
I am in the process of figuring out the architecture of how to automate XIoT device management best possible, and thought the following functionality in Radius would be a good approach. Are these something that is already supported in FreeRadius?
$ grep -ri xiot raddb Nope.
Suggestions for better alternatives or guides/links on how to best achieve this are much appreciated :)
That's a lot of software repos and documents. It isn't efficient to root through them all, seeing which ones are relevant to RADIUS. So... what is the RADIUS server supposed to do here? What data does it receive, and what does it send in the Access-Accept? Alan DeKok.
participants (2)
-
Alan DeKok -
Michael Maymann