hono icon indicating copy to clipboard operation
hono copied to clipboard
verified publisher icon eclipse-hono

Provide bootstrapping endpoint for initial device configuration

Open mhemmeter opened this issue 5 years ago • 2 comments

In real world scenarios it is not always possible to equip a device as part of the manufacturing process with the final endpoint it is supposed to connect to and the credentials for setting up a secure connection. Imagine for example a device manufacturer produces a high number of devices and does not know yet to which customer a device will be sold finally.

In such a scenario a bootstrapping process can equip a device dynamically with the final configuration independent of the manufacturing process. It would be very beneficial for Eclipse Hono to provide such a bootstrapping endpoint.

mhemmeter avatar Mar 04 '20 13:03 mhemmeter

I would like to start the discussion with bootstrapping feature in Hono.

From my side I provide the business requirements or better to say workflow below, could you verify if we have the same expectations to this topic?

  • The device gets bootstrapping credentials (bootrstrapping endpoint, bootstrapping auth-id (must be unique-id - UUID), bootstrapping device-id (can be also used UUID), bootstrapping password and bootstrapping tenant-id (generic tenant for all devices which make bootstrapping)) and uses them for authentication by Bootstrapping Server to get the Credentials for the communication with Protocol Adapters.

Question: What do you think regarding generic tenant for bootstraping for initial provisioing of the devices? Is it acceptable approach or do you have other idea how the devices could be pre-provisioned?

  • The initial communication with Bootstrap Server could be done via HTTP protocol. The device sends telemetry or event msg. to the Bootstrap Server with the request to get the Credentials and receives the response to this request in the form of Command containing the necessary data.

  • To get the Credentials for the communication with the Protocol Adapter the provisioing of the devices with the real tenant must be done with the help of Device Registry Management API beforehand.

  • There must be a mapping in place between bootstrapping Credentials and the Credentials for the Protocol Adapter on the basis of UUID

If we are agreed on the general level we could proceed further with details regarding implementation.

alinaserg avatar Mar 11 '20 14:03 alinaserg

IMHO the Bootstrap Server concept as defined in the LWM2M Spec could serve as the basis for further discussion. There is also a separate document defining the transport bindings which describes how security aspects are addressed using specific transport protocols.

sophokles73 avatar Mar 16 '20 07:03 sophokles73