Skip to main content

Key entities

In the standard BRSKI flows we have the following entities

  • Pledge: the (IOT) device requesting access to the network
  • Router: a singular instance of a networking device offering access to a physical network
  • Registrar: “The Registrar component embodies the identity, membership and trust anchor of the domain”
  • MASA: Manufacturer Authorised Signing Authority

And implicit within this is the concept of a “Domain”. A domain is something to which the pledge logically joins? A domain is something over which a person or organisation asserts control, in other words can determine the conditions under which a pledge may join. (ie defines policy)

Let us consider the relationships

  • Pledge->Domain: can a pledge be a member of more than one domain ?
  • Pledge->Router: a pledge can clearly physically join more than one physical network. This is clearly obvious where many routers sit under a single domain. (it's more complex if a router can sit under multiple domains ) The relationship between a pledge and a router is physically manifest in terms of the EAP-TLS (WPA-Enterprise) certificate that the pledge presents to the router. The router then permits access when it checks the

https://www.ietf.org/archive/id/draft-richardson-anima-registrar-considerations-06.html