-
Notifications
You must be signed in to change notification settings - Fork 485
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFE: SCM trust: SpireServer FDO Rendezvous + CaptivePortal #4289
Labels
triage/in-progress
Issue triage is in progress
Comments
mmaymann
changed the title
Manufacturer root of trust: FDO Rendezvous Server functionality in Spire Server
Manufacturer based root of trust: FDO Rendezvous in Spire Server
Jun 27, 2023
mmaymann
changed the title
Manufacturer based root of trust: FDO Rendezvous in Spire Server
RFE: Manufacturer based root of trust: FDO Rendezvous in Spire Server
Jun 27, 2023
10 tasks
mmaymann
changed the title
RFE: Manufacturer based root of trust: FDO Rendezvous in Spire Server
RFE: SupplyChain based root of trust: FDO Rendezvous in Spire Server
Jun 27, 2023
mmaymann
changed the title
RFE: SupplyChain based root of trust: FDO Rendezvous in Spire Server
RFE: Manufacturer+SupplyChain based root of trust: FDO Rendezvous in Spire Server
Jun 27, 2023
mmaymann
changed the title
RFE: Manufacturer+SupplyChain based root of trust: FDO Rendezvous in Spire Server
RFE: Manufacturer+SupplyChain trust: FDO Rendezvous in Spire Server
Jun 27, 2023
mmaymann
changed the title
RFE: Manufacturer+SupplyChain trust: FDO Rendezvous in Spire Server
RFE: SCM trust: FDO Rendezvous + CaptivePortal in Spire Server
Jun 30, 2023
mmaymann
changed the title
RFE: SCM trust: FDO Rendezvous + CaptivePortal in Spire Server
RFE: SCM trust: SpireServer FDO Rendezvous + CaptivePortal
Jun 30, 2023
@amartinezfayo awesome :) |
Related to: #4281 Closing this out until we have more time to discuss over video |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Roots of trust:
This RFE is regarding 1+2. SCM (SupplyChain&Manufacturer) based root of trust (A below):
A. XIoT onboarding:
-- Manufacturer produces device + forwards ownership to company using Fido Device Onboard (FDO) functionality in Spire Server
-- CaptivePortal Guest/MDM/BYOD registration (Port integration)
B. XIoT attestation: agentless EAP(oL) device (-> AP) -> SONiCSpireAgentEAP(L2) -> SpireServer -> SONiCSpireAgent(P)NAC/ACL
C. Company provisions validated devices to their desired state
D. Day2 operations (Realtime Spire Network+Device+User+Workload+Data attestation)
I have given my free OSS GoldenPath KubernetesNative version of a GitOps Zero-Conf|Trust|Touch XIoT management target architecture - directly from network devices.
Suggestions/enhancements would be highly appreciated :)
Thanks in advance :)
The text was updated successfully, but these errors were encountered: