IoT, MUD and Enterprises

Date: August 20, 2020
Time: 00:00 UTC - 00:00 UTC
Slides: Slides
Recording: Recording
device management | IoT

This webinar will be taught by Michael Richardson and Dr. Anna Maria Mandalari.

Between the number and type of IoT devices that may be used by enterprises, in short order, there will not be enough people on the earth to administer them. New means of scale are required. Do old assumptions hold? Standards such as Manufacturer Usage Descriptions and CoAP are emerging.

Anna Maria’s talk:

The emerging complicated Internet of Things (IoT) ecosystem will not only rely on collection and processing of personal data, but also performs actuations in the real world and thus, have physical consequences. The potential harms to individuals and society are significantly more serious than privacy alone. This greatly increases the challenge in delivering public safety, acceptability and trust as identified in the large number of government and independent reviews and research findings.
We have been developing the opensource Databox Platform. Beyond its research impact, Databox is currently turning into a popular opensource platform for privacy-preserving data analysis. In this talk, I will explore what we are invisible trading in exchange for these devices, and discuss potential future mitigation through Databox.


Dr. Anna Maria Mandalari works as research associate in the Dyson School of Design Engineering at the Faculty of Engineering at Imperial College London. She was a Marie Curie Early Stage Researcher affiliated with the University Carlos III of Madrid, within the European project ITN METRICS. During her PhD she was research visitor at Telefonica I+D (Spain) and Simula Research Laboratory (Norway). Her research interests are related to IoT, privacy, large-scale Internet measurements, Internet measurement platforms, middleboxes and new Internet protocols.

Michael Richardson’s talk:

A critical part of managing privacy and authorization in enterprise networks involves managing identity. There is a rich field of identity management offerings from big and small. There are multiple identity management conferences one can attend (now going virtual). There are no dominant identity management mechanisms, and no dominant onboarding systems for IoT devices.
What kinds of devices should enterprises expect to deal with?
What should enterprises look for in feature sets of devices that they expect to acquire?
This is a interactive discussion dealing with the question of how enterprises can navigate managing identities for IoT, BYOD, and remote workers.


Michael Richardson is an open source and open standards consultant. An autodidact, he wrote mail transfer agents as a teenager, and in the 1990s, found his calling designing and building embedded networking products, in the security sector. Michael has built multiple IPsec systems, joining the FreeS/WAN team in 2001, and founding Xelerance in 2003. Since 2008 Michael has worked in and chaired the IETF ROLL working group, doing routing protocols for IoT mesh systems. Michael has authored a number of IoT related RFCs including RFC8366 and RFC7416. Michael currently works on IoT security systems in the 6tisch, ANIMA and ACE WG, specializing in the problem of initial bootstrap trust.