DMTF’s Security Protocols and Data Models (SPDM) Working Group has recently released a new Authorization Specification (DSP0289). This specification adds authorization capabilities to the existing suite of SPDM specifications. Authorization allows a device to verify that a requester has permission to access protected functions. The standard aims to address authorization uniformly across SPDM and PMCI standards, as well as among DMTF alliance partners and the wider industry.

This release includes the Authorization Specification (DSP0289) and updates the suite of SPDM specifications. Key updates include the versions of SPDM messages (DSP0274), the Secured Messages using SPDM over MCTP Binding Specification (DSP0276), and SPDM Secured Messages (DSP0277). Additionally, as part of this release, there are updates to version 1.0 of Secured Messages using SPDM for backward compatibility for infrastructures relying on it. There is also a 2.0 version of Secured Messages for SPDM for implementations desiring a more concise layering. The updates to DSP0274 are required for implementations supporting Authorization.

These specifications - developed by the SPDM Working Group - incorporate feedback from the organization’s alliance partners. To learn more about the SPDM Working Group or to get involved in this work, please visit https://www.dmtf.org/standards/spdm.