Commit eec6eae8 authored by Santeri Toikka's avatar Santeri Toikka
Browse files

Updated configuration distribution

Closes #340, #341, #342, #444
parent 6e28eb0e
Loading
Loading
Loading
Loading
+6 −10
Original line number Diff line number Diff line
@@ -405,16 +405,12 @@ See [5.2.6 Role based authorisation](#526-role-based-authorisation)

### 5.3.3 Mitigations for managed device configuration integrity and confidentiality

Push style configuration updates:

-   **[REQ-CONF-0]** The product shall enable the device to verify the integrity of the configuration.
-   **[REQ-CONF-1]** NMS sends the configuration only through [5.2.1 Secure channel].

Pull style configuration updates:

-   **[REQ-CONF-2]** Connectible configuration update API shall enable managed device to verify the product's authenticity.
-   **[REQ-CONF-3]** The product shall ensure that the provdided credentials are valid.
-   **[REQ-CONF-4]** NMS shall ensure that the managed device role, place in the topology and function matches the requested configuration.
* **[REQ-CONF-1]** The product shall interface only through a [5.2.1 Secure channel].
* **[REQ-CONF-2]** Where the product distributes or makes available configuration to managed devices
  * The product shall ensure that the configuration is protected against unauthorized modification and disclosure;
  * The product shall ensure that only the intended managed device can obtain and apply the relevant configuration;
  * The prodcut shall ensure that the device can verify the integrity of the configuration.
* **[REQ-CONF-3]** The configuration interfacing design shall enable the managed device to verify the authenticity of the product.

### 5.3.4 Secure updates