Commit 89b1bb30 authored by Santeri Toikka's avatar Santeri Toikka
Browse files

Added development notes as annex

parent 0e9607e4
Loading
Loading
Loading
Loading
+41 −2
Original line number Diff line number Diff line
@@ -417,8 +417,7 @@ Device management inherits the essential functions listed [4.1 Product functions
* Device tracking and compliance control
* Remote control of device application features

<mark>Market implementations: Apple FindMy iPhone, Microsoft InTune, Android screen time for kids through parental controls (or however that works), and Canon FollowMe printing service. The technical definition would even allow VPN controllers such as NordVPN to be evaluated in this context.
</mark>
> Example market implementations: Widely deployed proprietary features from well-known brands such as lost or stolen phone retrieval functions or children’s screen time parental control applications, etc.

## 4.2 Product Architecture

@@ -2597,6 +2596,46 @@ Requirements not covered by Annex R remain addressed by the core part of the sta

**Table Annex R-6: CRA Annex I Part I gap analysis**

# Annex X (informative): Standard development notes

This document is not perfect.

## Notes on 4.1.4 ICT device management

The chapter [4.1.4 ICT device management](#414-ict-device-management) does not have a use-case included.

The following work could be a direction worth exploring:

* The Open Mobile Alliance (OMA) Device Management protocol [OMADM] and LightweightM2M architecture [LWM2M]
* BroadBand Forum (BBF) CPE WAN Management protocol [TR-069] developed extensive specifications to facilitate Device Management over wireless and wireline telecommunication network respectively
* The Globalplatform Remote File Management and Remote Application Management specifications over HTTP [RAMh] and CoAP [RAMc] targeting secure elements such as SIM cards, as well as the Secure Element Management Service for eSIM [SEM] also fall in this category.

References:

* [OMADM] Open Mobile Alliance™: "OMA Device Management Protocol", Version 2.0.
* [LWM2M] Open Mobile Alliance™: "LightweightM2M Architecture", Version 1.0.
* [TR-069] BBF TR-069: "CPE WAN Management Protocol" Issue 1 Amendment 5, November 2013.
* [RAMh] GlobalPlatform Card Specification v2.2 - Amendment B v1.0.1: RAM over HTTP
* [RAMc] GlobalPlatform Card Specification v2.3 – Amendment M v1.0: RAM over CoAP
* [SEM] GlobalPaltform Card Specification v2.3 – Amendment I v1.2: Secure Element Management Service


## Notes on removed section 5.2.5 Software Bill of Materials

Early versions of this document had a section about SBOM requirements.

### The requirements
These requirements are generally binding, and there is no low-medium-high tiering available.

- **[REQ-SBOM-0]:** Operating system dependencies and application dependencies shall be clearly separated in the provided SBOM.
- **[REQ-SBOM-1a]:** Unique, unambiguous, and machine-readable identification of all components and dependencies shall be provided in the SBOM.
- **[REQ-SBOM-1b]:** The SBOM identifier format shall be consistent with common vulnerability handling standards.
- **[REQ-SBOM-2]:** The SBOM shall be consistent with [5.3.4 Secure updates] practices.

### Removal reason

There are no clear instructions or interfaces available.
The SBOM format and generation is not a concern that is unique for the products in this category.

# Annex L (informative): Change history