802.11AR seems to be part of Device Provisioning Protocol (DPP) or
Wi-Fi Easy Connect (same thing).
Here is a video from the past with a demo.
There is a dependency on the WLAN side as well, not just ClearPass and I have not seen many client devices that support DPP/Wi-Fi Easy Connect, which may be why there (to my knowledge) is not yet a practical implementation available.
To my understanding the Secure Device ID does not need to be publicly signed because you provision the device with like a QR code that has the information to setup the trust. And there are all kinds of things in place to verify ownership across the supply chain.
These recent videos from a hardware manufacturer seem to have some more details. If others have better information, please share here.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Dec 01, 2022 05:30 AM
From: Danny Bosman
Subject: 802.1AR
We are working on a new policy for IoT devices. A new standard is 802.1AR but i can't find much detailed information.
Is a Secure Device ID (iDevID, lDevID...) in fact a kind of (public signed) certificate - but one that never expires?
Is there any practical use / implementation of 802.1AR in Clearpass PM known?
------------------------------
Danny Bosman
KBC Group - Belgium
------------------------------