[agl-discussions] [Key Management] Provisioning proposal for connected GDP/AGL-RP devices
mfeuer1 at jaguarlandrover.com
Fri Sep 9 16:27:44 EDT 2016
I've asked Ulf Wiger to take a look at your proposal and figure out how we
can integrate it with the RVI provisioning push that we are doing for the
More info to come.
*Head System Architect - Open Source Projects**Jaguar Land Rover*
*Email*: mfeuer1 at jaguarlandrover.com
*Mobile*: +1 949 294 7871
Jaguar Land Rover North America, LLC
1419 NW 14th Ave, Portland, OR 97209
Jaguar Land Rover Limited
Registered Office: Abbey Road, Whitley, Coventry CV3 4LF
Registered in England No: 1672070
This e-mail and any attachments contain confidential information for a
specific individual and purpose. The information is private and privileged
and intended solely for the use of the individual to whom it is addressed.
If you are not the intended recipient, please e-mail us immediately. We
apologise for any inconvenience caused but you are hereby notified that any
disclosure, copying or distribution or the taking of any action in reliance
on the information contained herein is strictly prohibited.
This e-mail does not constitute an order for goods or services unless
accompanied by an official purchase order.
On Thu, Sep 8, 2016 at 5:36 AM, Arthur Taylor <arthur at advancedtelematic.com>
> Hi all,
> Please excuse the cross-post - not sure where this fits best.
> We've been discussing inside ATS how we're going to manage device
> registration for OTA client devices (in development contexts, where ATS
> is responsible for the key management). This has implications for the
> provisioning of GDP and AGL Reference Platform devices, which include
> the OTA client, but is generally applicable to any device consuming
> connected services.
> Until now, we've been manually provisioning devices, either by creating
> credentials for them by hand or generating credentials online that must
> manually be downloaded and installed in the devices.
> As we move to deeper integration with both GDP and AGL-RP, we're
> interested to have a convenient, flexible and generic solution for both
> projects and for any service that depends on secure cloud authentication.
> The proposal attached is a summary of our current proposal, which is
> consistent with best practices that we've seen in the field. It
> references a couple of components that don't yet exist as GENIVI / AGL
> components (though there are existing solutions available either as open
> source or proprietary software):
> - Device Registry - maps user accounts to devices
> - Authorization Server - manages the mapping from IDs to permissions
> - Registration Service - where devices connect to create credentials
> - User Preferences Service - store for user preference information
> - Certificate Repository - secure store (possibly HSM-backed) for keys
> We'd be interested to have feedback from anyone working on similar
> topics or who can give us advice about the suitability of the approach
> for AGL / GENIVI use-cases.
> Arthur Taylor, ATS Advanced Telematic Systems GmbH
> Kantstrasse 162, 10623 Berlin
> Managing Directors: Dirk Pöschl, Armin G. Schmidt
> Register Court: HRB 151501 B, Amtsgericht Charlottenburg
> automotive-discussions mailing list
> automotive-discussions at lists.linuxfoundation.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the genivi-projects