DMTF授权规范简介.pdf

1、SPDM Authorization(Intro and Update)Raghu Krishnamurthy,NVIDIAScott Phuong,MicrosoftDisclaimerThe information in this presentation represents a snapshot of work in progress within the DMTF SPDM WG.This information is subject to change without notice.The standard specifications remain the normative r

2、eference for all information.For additional information,see the DMTF website.This information is a summary of the information that will appear in the specifications.See the specifications for further details.2AuthorizationDefinition:Determining if the requesting entity has the appropriate privileges

3、 to perform protected actions.If yes,to allow them to perform those protected actions.Scope:Provide a general mechanism for any use case(e.g.,SPDM,PLDM,other present and future PMCI WG use cases,alliance partners,industry)to perform authorization.Examples:PLDM FW Update,Type 2 and/or Type 6SPDM Set

4、Certs(and other future“set”commands).Expected publication Q4 2025AssumptionsThis presentation makes the following assumptionsThe endpoints in discussion communicate using SPDM(DSP0274)and SPDM Secured Messages(DSP0277)Communication can use any transport that supports the above commandsTo bootstrap A

5、uthorization,there needs to be a provisioning step for initial credentialDefinition of Policy profiles is out of scope for the Authorization specificationHigh Level Architectural ComponentsAuthorization FlowUse SPDM Sessions between Requester/Responder pair(simplifies supported options,baseline secu

6、rity)Specify how to authorize generic messagesCredential and Policy ManagementTypes of CredentialsAsymmetric Key Pair(Focus of initial release)Credential and Credential PolicyStandardize provisioning of credentials and associating them with their authorization policyAuthorization policy itself shoul