Last active
December 29, 2020 16:54
-
-
Save willcharlton/8b7ab88f9dd01233500902d78aaf8911 to your computer and use it in GitHub Desktop.
Sequence diagram for becoming a CA, an IoT Platform and securely provisioning devices.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@startuml | |
skinparam backgroundColor Azure | |
skinparam sequenceMessageAlign center | |
skinparam NoteBackgroundColor DarkOrange | |
skinparam NoteBorderColor Black | |
skinparam NoteFontName Lucida Console | |
skinparam NoteFontSize 18 | |
skinparam ArrowFontName Lucida Console | |
skinparam ArrowFontSize 18 | |
skinparam sequence { | |
ArrowColor Green | |
ActorBorderColor Black | |
LifeLineBorderColor Gray | |
LifeLineBackgroundColor #A9DCDF | |
ParticipantBorderColor Black | |
ParticipantBackgroundColor LightGray | |
ParticipantFontName Lucida Console | |
ParticipantFontSize 20 | |
ParticipantFontColor Black | |
ActorBackgroundColor aqua | |
ActorFontColor DeepSkyBlue | |
ActorFontSize 24 | |
ActorFontName Lucida Console | |
DividerBackgroundColor Lavender | |
DividerBorderThickness 3 | |
DividerFontName Lucida Console | |
DividerFontSize 16 | |
} | |
autonumber "<font color=crimson size=24><b> [ 0 ] " | |
== Provisioning == | |
CA->CA: Create Root,\nSelf-Signed\nKey-Pair | |
CA->Platform: Copy-Paste\nRoot Cert\nto Platform | |
activate Platform | |
Platform->Platform: Create\nIntermediary\nCSR | |
Platform->CA: Submit CSR\nFor Signature | |
CA->Platform: Sign and Return\nIntermediary Cert | |
deactivate Platform | |
activate Device_1 | |
Device_1->Device_1: Create\nCSR | |
Device_1->Platform: Submit CSR\nfor Signature | |
Platform->Device_1: Sign and Return\nClient Cert | |
deactivate Device_1 | |
activate Device_N | |
Device_N->Device_N: Create\nCSR | |
Device_N->Platform: Submit CSR\nfor Signature | |
Platform->Device_N: Sign and Return\nClient Cert | |
deactivate Device_N | |
activate Device_X | |
Device_X->Device_X: Create Self-Signed\nClient Cert | |
deactivate Device_X | |
== Fleet Operations == | |
Device_1->Platform: POST/GET | |
Device_N->Platform: POST/GET | |
Device_X-[#red]>x Platform: POST/GET | |
note left | |
Devices connecting with | |
certs not signed by root | |
or intermediary are not | |
allowed to connect. | |
end note | |
== PKI Maintenance == | |
autonumber 3 "<font color=crimson size=24><b> [ 0 ] " | |
Platform->Platform: Create\nNew\nIntermediary\nCSR | |
Platform->CA: Submit CSR\nFor Signature | |
CA->Platform: Sign and Return\nIntermediary Cert | |
activate Device_M | |
Device_M->Device_M: Create\nCSR | |
Device_M->Platform: Submit CSR\nfor Signature | |
Platform->Device_M: Sign and Return\nClient Cert | |
deactivate Device_M | |
== Fleet Operations == | |
autonumber 30 "<font color=crimson size=24><b> [ 0 ] " | |
Device_1->Platform: POST/GET | |
Device_N->Platform: POST/GET | |
Device_X-[#red]>x Platform: POST/GET | |
Device_M->Platform: POST/GET | |
@enduml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment