IETF Logo Mail Archive

Re: [scim] I-D Action: draft-ietf-scim-device-model-03.txt

Monty Wiseman <monty.wiseman@beyondidentity.com> Mon, 04 March 2024 23:33 UTC

Return-Path: <monty.wiseman@beyondidentity.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36CD0C1C4DAF for <scim@ietfa.amsl.com>; Mon, 4 Mar 2024 15:33:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=beyondidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QONl79EpwUgJ for <scim@ietfa.amsl.com>; Mon, 4 Mar 2024 15:33:14 -0800 (PST)
Received: from mail-ot1-x335.google.com (mail-ot1-x335.google.com [IPv6:2607:f8b0:4864:20::335]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53210C1D61D2 for <scim@ietf.org>; Mon, 4 Mar 2024 15:33:08 -0800 (PST)
Received: by mail-ot1-x335.google.com with SMTP id 46e09a7af769-6e4eb1ec4e9so638586a34.3 for <scim@ietf.org>; Mon, 04 Mar 2024 15:33:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=beyondidentity.com; s=google-bid; t=1709595187; x=1710199987; darn=ietf.org; h=content-transfer-encoding:from:content-language:subject:to :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=QWHqJqu8KWQUWu3Mj9zkzsBTTaGsy/dblOUk0RZQ1NY=; b=JToYJX8PgLSrC68iqsHCH1mj4Cgga3UCTxei08Xess1RnYGwFv8W9BoQNhUurpVyPW DgwehRALLTS8xVM5aJ/Iez3W9/CaFoD+H3OHVzJddOI2F0vroSHCn4ASXuGZORlEb0uj jk+dlxWwBdd1wH1x5zNVD3e/VvThI/KUjXGmMeMXvunJofrTQsQQQjHEPL5R1ZQsIyqi Uoctm0r+rQ7oG5gPkCypIX9PjY9O5sv9MwtDenk2RRpThTq6cRmmVrKWFgmRCX9wmqTG Or+rKPsMBEFJHdVTLzKm55+jXaEL/5RSKQrSEa2hjVXq9WQeyT8MNdkBwsFwUmtF+HDD fZwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709595187; x=1710199987; h=content-transfer-encoding:from:content-language:subject:to :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=QWHqJqu8KWQUWu3Mj9zkzsBTTaGsy/dblOUk0RZQ1NY=; b=IKv0a9JQK4/DpVPpcglr4M8scBYkpN0VA1CFgzdMNBL/O95v32oZuy8bYGM1oHxKLR agmgW2GqLNRAnvWh7ZIyby/r8p+PVvVAWM1C5ROliBKG/Y9TWwk3Pd6d1e2IXTdIlfOW ezliWNwVSozRSqyjuk2Vrfp3QHNcYPV83JHN1X2lIL037U86Tkq19JEe4ilUG3ZQ8GBh +keMLiDw+kMlO6G0kYHGVW5Q8rYI0vfzYfv2r4XdaF7WXeN2xsxMofyT4bO43zyjMUl3 Rr3rFgxE5svRv2p5rPtSTmdj9LI/KZY056pbccYCvhmPr7idAttmSHUAQLjFd5FUMN1i CzeQ==
X-Gm-Message-State: AOJu0YzJJkGNRi2hJnVN7dFqwQkxEwzDk4AEKaITahlpWMhlUs4BHQ8U bvDqCqKpuRJYuS1IcHT6iM7dz43EXYFIg/n1SfNCvdT7WzxE01l3CDigzy/Iysijk8e+DsqRSSL C
X-Google-Smtp-Source: AGHT+IEGLEFw8uNJpzUthQ5/NqQcC9z4uF3TsiuWPoj9NJmVZXti6qr6LbW+4nHwo/S5Nj/oRxTwHg==
X-Received: by 2002:a05:6870:418c:b0:218:afdb:bb67 with SMTP id y12-20020a056870418c00b00218afdbbb67mr201626oac.11.1709595187019; Mon, 04 Mar 2024 15:33:07 -0800 (PST)
Received: from [192.168.2.180] (ip72-198-88-7.ok.ok.cox.net. [72.198.88.7]) by smtp.gmail.com with ESMTPSA id i23-20020a05683033f700b006e4f852c1f4sm508otu.0.2024.03.04.15.33.06 for <scim@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 Mar 2024 15:33:06 -0800 (PST)
Message-ID: <66298f3a-7d5d-4c1c-b09c-8a8aba49454b@beyondidentity.com>
Date: Mon, 04 Mar 2024 17:33:05 -0600
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: scim@ietf.org
Content-Language: en-US
From: Monty Wiseman <monty.wiseman@beyondidentity.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/apxKyoDJbJA_rtuGhXQN9_PAITQ>
Subject: Re: [scim] I-D Action: draft-ietf-scim-device-model-03.txt
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2024 23:33:18 -0000

There should be a Device Extension for TCG-defined TPM-based devices. 
There is a "Platform Certificate" and "TPM2 Key for device Identity" 
(802.1ar keys in TPM) x.509-based certificate defined by Trusted 
Computing Group (TCG) that defines a particular device and includes 
supply chain assurance back to the manufacturer. I'd be willing to 
contribute.

https://trustedcomputinggroup.org/wp-content/uploads/IWG_Platform_Certificate_Profile_v1p1_r19_pub_fixed.pdf

https://trustedcomputinggroup.org/wp-content/uploads/TPM-2p0-Keys-for-Device-Identity-and-Attestation_v1_r12_pub10082021.pdf

-- 
Monty Wiseman
Security Architect, Beyond Identity
www.beyondidentity.com
Infracture Working Group Co-chair
Trusted Computing Group

v2.23.0 | Report a Bug | By Email