Discussion: Unanounced <mgmtObj> specializations in TS-0022
In TS-0022, clause "8.1.3.3 Management using the Mcc reference point", some specializations are explicitly disallowed from being announced. These are [authenticationProfile], [myCertFileCred], [trustAnchorCred], [MAFClientRegCfg], [MEFClientRegCfg]. More may be added, like [wificlient] and [OAuth2Authentication], which are missing in the descriptions.
This is also reflected in table "9.3-1: Field Device Configuration specific Resource Type Short Names" where there are no announced versions of the shortnames are defined.
I am wondering why this is and whether this should be a decision taken by TS-0022. Though I understand the security concerns, but this actually disallows certain management scenarios to distribute, for example, credentials.
- I am not sure whether it is actually compliant with current rules to disallow announcement of only some specializations of <mgmtObj>. Specializations inherit all the attributes of <mgmtObj>, including at and aa, so it will be very difficult to prevent a client to set those attributes.
- I think we unecessarily create arificial limitations here. It should be a decision of the actual deployment and management system to announce a resource or not, and to take the necessary security measures on the communication channel and the device itself.
I am wondering how the security information stored in those resources are distributed anyway. These information need to be sent to devices/nodes shomehow, so announcing them (one distribution method) should not be limited.