wiki:Bootstrap Design Team Charter

Charter (working draft)

The Anima WG charter states a number of requirements for the security of protocols: (ALLCAPs text indicates what this design team brings to the anima charter)

  • REQUIRE: discovery mechanism

  • OWN: "Bootstrapping a trust infrastructure" (from the charter)
  • OWN: a common way to identify nodes to facilitate privacy and integrity of other ANIMA protocols
  • CLARIFYING ADDITION: Identity of nodes is base layer of anima security model.
  • CO-OWN A common security model
  • CLARIFICATION: how zero-touch enrollment builds on top of bootstrapping (e.g. IEEE 802.1AR LDevID Key Infrastructure, local PKI)
  • CLARIFICATION: how final device identity (e.g. LDevID) is used to become an active member of the autonomic domain.
  • PROVIDE IDENTITY FOR: a negotiation mechanism to enable closed-loop interaction
  • PROVIDE IDENTITY FOR: a secure and logically separated communications channel
  • PROVIDE IDENTITY FOR: a consistent autonomic management mode

  The purpose of the bootstrap design team are as follows:

  1. Define "Bootstrapping a trust infrastructure" requirements, scope and flow. Initially for what ANIMA itself needs, but also socialize this to other working groups and see if requirements of those groups going beyond ANIMAs requirements can also be included.
  2. Architectural model of the signaling workflows necessary to achieve this enrollment (both online, and "sneaker net")
  3. Actual protocol definitions/selections sufficient to implement an interoperable autonomic network.

Goal one: Provide a normative definition for the concept of a Domain's Identity (e.g. by hash of the public key of the trust anchor).

Goal two: Define the target underlying security model of an autonomic network, in which autonomic devices are enrolled with a local credential (e.g: IEEE 802.1AR LDevID) identifying the autonomic domain that they belong to by Domain Identity.

Goal three: Define a 'bright line' of when the bootstrapping process is over. Clarify how to use this to complete enrollment and subsequently how to use the LDevID to become an active member of the autonomic domain (e.g. obtaining autonomic configuration).

Goal four: analyze to what extent it is possible to leverage ANIMA security model, signaling flow architecture or protocols of anima to solve requirements of adjacenct IETF working groups. If other working groups require extensions/alternatives to security model , signaling flows or protocols, a common framework will be defined to make it clear where the work of different working groups must diverge due to requirements.

Goal five: the bootstrapping protocol should be extensible such that it can be extended for example to provide additional secured elements of the LDevID (e.g. authorizations) or optimized configuration distribution.

Milestones:

  • COMPLETE: Deliver draft(s)that are sufficient for working group adoption that provide a framework for identity/security and bootstrap functions for autonomic networks according to the ANIMA charter and that can therefore integrate with the other building blocks,signaling and ACP: date 2015-07-06 cutoff (IETF93)
  • IN PROGRESS: IETF94 goals:
    • Formal bootstrapping requirements statements to be reviewed and approved with the working group.
  • Formal presentation of approved requirements to other working groups (e.g. ace?)
    • Netconf-zerotouch discussions to continue. Perhaps joint work on the document. (Existing alignment is high)
  • The design team will verify and update the existing requirements and understand the relevant use cases. 
    • However, documenting and solving use cases is out of scope for the design team.

The design team is encouraged to develop protocol walkthroughs and an abstract API as aids to understanding.  The design team is not itself expected to produce code, but ease of implementation is an important consideration.

Last modified 7 years ago Last modified on 04/02/16 16:37:26