Chapter 3.3. Lifecycle component

[mokamhuber]

Hi everyone, in our discussion on identity management of components, we have identified different phases in the life-cycle of a component:

Phase	When does it happen	How is the component identity affected	What about the data?
Provisioning	New component becomes available when an operator provisions a new instance of the blueprint (on a new device, a new service-instance in the cluster, ...)	A component identity is issued by a Certificate Authority (CA) which issues an x509 identity certificate (or something comparable)	No Data is available on a newly provisioned component, but arbitrary data can be added afterwards.
Maintaining	New versions of utilized software are distributed, configuration of the component changes (slightly)	As long as the trust level of the SW stack AND the operator remains unchanged, the identity does NOT change.	Data already stored on the connector MUST adhere to the defined UC policies so update or migration strategies need to ensure their fulfillment by deleting/removing/making data inaccessible.
Out of service (Decommissioning)	Component is sold/transferred to another operator, SW change that affects the overall trust level, component is not offered/available any longer	The component identity needs to be decommissioned, certificate(s) of the component(s) is(are) revoked.	All data currently on/in the connector needs to be removed (if necessary transfer them to other connectors beforehand).

Since this is a general topic, not only addressing the identity but the overall usage of components, we were wondering whether it makes more sense moving this to the Process layer chapter and including additional aspects. What do you think? @HeinrichPet