Presented to the TAC on November 15, 2023
Subgroup reviewed on November 30, 2023 - Recording
Subgroup readout to the TAC scheduled for December 13, 2023
Project Proposal - Project Introduction:
Required Information | Responses (Please list N/A if not applicable) |
Name of Project | FIDO Device Onboard |
Project Description (what it does, why it is valuable, origin and history) | What does FIDO Device Onboard do? FIDO Device Onboard (FDO) is an automated “Zero-Touch” onboarding service. To more securely and automatically onboard and provision a device on edge hardware, it only needs to be drop shipped to the point of installation, connected to the network and powered up. FDO does the rest. This zero-touch model simplifies the installer’s role, reduces costs and eliminates poor security practices, such as shipping default passwords. Why it is valuable? Easier, faster, less expensive, and more secure onboarding of devices. Expands TAM for IOT devices, accelerates resulting ecosystem of data processing infrastructure. Most “Zero touch” automated onboarding solutions require the target platform to be decided at manufacturer. · Forces Custom Build-to-Order Model- ODMs must manufacture unique device SKUs for each customer/cloud combination. FDO “Late Binding”- allows the device’s target platform to be selected “late” in the supply chain, at first power-on. · Enables Build-to-Plan Model - ODMs can build identical IOT devices in high volume using a standardized manufacturing process. Reduces inventories, supply cycle times, and costs. · Open – service & cloud independent. Devices are bound to target ecosystem at install. Works with existing cloud services, it does not replace them. Origin and History Secure Device Onboard was released as open source software by Intel Corporation in February 2020, based on Intel® SDO Version 1.7. The original Intel® SDO launched in September 2017 as a stand-alone Intel product reflecting the original SDO protocol and architecture specifications. With the complex ecosystem needed for success of this product, we decided to open source and donate the core functions of Intel® SDO to the community in order to drive an industry standard, resolve key industry friction points, and allow the IOT market to grow faster. We believe that open sourcing with a vibrant ecosystem will allow SDO to evolve into a true industry standard. In March of 2023 SDO was rebranded as FIDO device onboard and updated to conform to the FIDO Device Onboard 1.1 specification published by the FIDO alliance in April of 2022. The current version of FDO is 1.1.6. |
Statement on alignment with Foundation Mission Statement | One of the primary objectives of FIDO Device Onboard is to expand TAM for Edge and Networking devices. To achieve this goal, a cross-industry collaboration of device manufacturers; distributors; systems integrators; cloud service providers and device management software vendors is required to accelerate adoption. The Linux Foundation is the ideal organization to facilitate this collaboration and accelerate adoption of this important technology. |
| High level assessment of project synergy with existing projects under LF Edge, including how the project compliments/overlaps with existing projects, and potential ways to harmonize over time. Responses may be included both here and/or in accompanying documentation. | We believe that FIDO Device Onboard will accelerate adoption of devices into Home and Industrial ecosystems, helping drive the need for all of the current projects in the LFEdge community. Integration with FLEDGE enabled devices could simplify the production process and installation of newly manufactured devices. |
Link to current Code of Conduct | |
2 TAC Sponsors, if identified (Sponsors help mentor projects) - See full definition on Project Stages: Definitions and Expectations | Intel, Nick Haunschild IBM, Joe Pearson |
Project license | Apache License 2.0 |
Source control (GitHub by default) | |
Issue tracker (GitHub by default) | |
External dependencies (including licenses) | |
Release methodology and mechanics | FIDO Device Onboard currently follows a release cadence of approximately 12 weeks, typically with 9 weeks allocated for development, two weeks for integration test, and one week for final validation. Defects identified in the two-week integration test phase are resolved and the code base updated to create a release candidate for the final week of validation. Release artifacts are generated by a fully automated CI system. Integration test and validation includes both automated and manual testing and provides end-to-end testing of the SDO component running in concert to execute all phases of the SDO protocol and service lifecycle across multiple platforms. |
Names of initial committers, if different from those submitting proposal | Randy Templeton Intel Benny Davis Intel Shrikant Temburwar Intel Tushar Ranjan Behera Intel |
| Current number of code contributors to proposed project | 9, Intel Corp. |
| Current number of organizations contributing to proposed project | One, Intel |
| Briefly describe the project's leadership team and decision-making process | We recognize that in order to be a viable open source project, a neutral diverse technical governance is critical. Intel be actively seeking TSC leaders from companies who are committed to FDO success. Currently the leadership of the project is as follows: Geoffrey Cooper (Intel) is a Principal Engineer and co-author and maintainer for the FIDO Device on board specification maintained by the FIDO Alliance. Randy Templeton (Intel) is the chief architect for the FIDO Device Onboard implementation. He is responsible for translating the feature roadmap into technical requirements and architectural specifications, for maintenance of the FIDO Device Onboard protocol specification, and for the overall security architecture of FIDO Device Onboard. We anticipate that he will continue in this role the technical chair of FIDO Device Onboard Technical Steering Committee. Vasavi V (Intel) is the engineering manager for Intel contributions to FIDO Device Onboard project. She is responsible for software development as well as for oversite of devops and validation activities. We anticipate that she will continue manage the engineering resources that contribute to the FIDO Device Onboard project, with responsibility for ensuring contributions are properly and promptly reviewed and approved, and that she will eventually be joined by other contributors as the community of contributors grows. Hussein Alayan: Secure Device Onboard – Program Manager/Deputy Product owner (Intel) FDO is a complex project comprising five sub-components spanning embedded devices to cloud services. As the community of contributors grows, we anticipate that the governance model will evolve into a core team/sub-team model similar to the one used by the Rust project as described here: https://github.com/rust-lang/rfcs/blob/master/text/1068-rust-governance.md. |
| Preferred maturity level (see stages here) | Stage 1, aiming for Stage 2 |
| For Projects applying at the Growth (Phase 2) or Impact Stage (Phase 3), please outline how your project successfully meets/exceeds the requirements as defined under each category. Responses may be included both here and/or in accompanying documentation. | n/a |
| List of project's official communication channels (slack, irc, mailing lists) | using EXF's Slack and Groups.io for integration work, plan to use LF Edge Slack and Groups.io after acceptance at Stage 1 |
| Link to project's website | under development |
Links to social media accounts | none, will use LF Edge social media |
| Existing financial sponsorship | Intel |
| Infrastructure needs or requests (to include GitHub/Gerrit, CI/CD, Jenkins, Nexus, JIRA, other ...) | GitHub, GitHub Actions, investigating additional solutions including Cloud-based offerings provided free to open source projects |
| Currently Supported Architecture | x86, ARM 32 & 64 |
| Planned Architecture Support | none |
| Project logo in svg format (see https://github.com/lf-edge/lfedge-landscape#logos for guidelines) | https://github.com/lf-edge/artwork |
| n/a | |
| Does the project have a Core Infrastructure Initiative security best practices badge? (See: https://bestpractices.coreinfrastructure.org) | https://www.bestpractices.dev/en/projects/6714 |
| Any additional information the TAC and Board should take into consideration when reviewing your proposal? | FIDO Device Onboard InfoGitHub: https://github.com/fido-device-onboard The FIDO device Onboard project is a flexible software solution compliant with FIDO Device Onboard Specification. It simplifies and automates the process of onboarding IoT devices and permits late binding of device credentials, so that one manufactured device may onboard, without modification, to many different IoT/Edge platforms. Adoption: FDO has been integrated into the LF Edge Open Horizon project making it easy to use FDO-enabled edge devices with Horizon by simply importing their associated ownership vouchers and then powering on the devices. In addition, Dell Native Edge leverages FDO for its automated onboarding process and ASRock has integrated FDO into products like its iEP-5000G IoT Industrial gateway. |