@@ -172,6 +172,8 @@ The figure 5.2.1-1 is an illustration of a simple TLS protected communication be
The device validates the provided public certificate and logs in with machine credentials.
NMS authorises the query based on the role and identity of the device.
Conformity with this clause does not require use of DNS, TLS, certificate-based authentication, where equivalent security outcomes are achieved by other means appropriate to the product design and foreseeable use.
Other approaches are possible, including where the product is responsible for initiating the TLS connection towards the managed device and logging into the managed device.
In this case, the managed device is responsible for authorizing the product based on the identity of the product.