RFE: SBOM and MUD support

fido-device-onboard / release-fidoiot

It contains the binary artifacts related to different releases for FIDO Device Onboard (FDO) Specification implementations.

0 stars 8 forks source link

RFE: SBOM and MUD support #28

Open mmaymann opened 1 year ago

mmaymann commented 1 year ago

Hi, Request for FDO functionality enhancements:

SBOM (Software Bill Of Material) to be able to validate risks thoughout IOT device lifetime (e.g. CycloneDX)
MUD (Manufacturer Usage Description) to easily create ACLs (Access Control Lists) for IOT device types (e.g. IETF) Thanks in advance 😊

DukeDavis12 commented 1 year ago

Hi @mmaymann,

SBOM (Software Bill Of Material) to be able to validate risks thoughout IOT device lifetime

To get the Software BOM; you can run mvn dependency:tree command on the root folder to get the details of every component used.

MUD - Can you give more details?

mmaymann commented 1 year ago

@DukeDavis12: thanks for your reply. 1: sorry, what I mean is SBOM support (in TPM) from manufacturing (inside FDO) of the IOT device, so that customers can track SBOM risks of IOT devices during its entire lifecycle. 2: https://developer.cisco.com/docs/mud/#!what-is-mud/what-is-mud (in TPM) again from manufacturing (inside FDO) of the IOT device, so that customers can easily create ACLs to grant POLP access to onboarded IOT devices e.g. in a NAC like I requested here: https://github.com/sonic-net/SONiC/issues/1362