Skip to content

110 add zto device registration#118

Open
clundie-CL wants to merge 4 commits intocamaraproject:mainfrom
cablelabs:110-add-zto-device-registration
Open

110 add zto device registration#118
clundie-CL wants to merge 4 commits intocamaraproject:mainfrom
cablelabs:110-add-zto-device-registration

Conversation

@clundie-CL
Copy link
Copy Markdown
Contributor

@clundie-CL clundie-CL commented Apr 2, 2026

What type of PR is this?

  • enhancement/feature

What this PR does / why we need it:

Adds Trust Domain Device registration endpoints to the Network Access Management API, enabling zero-touch onboarding (ZTO) of subscriber and IoT devices to Trust Domains.

This introduces 5 new endpoints under /trust-domains/{trustDomainId}/devices for full CRUD lifecycle management of devices within a Trust Domain, including support for multiple bootstrapping protocols (DPP, Matter) and flexible credential management (server-generated or client-assigned).

Also includes consistency fixes to error responses across all existing endpoints (uniform 401/503, removal of unnecessary 400 on read-only endpoints).

Which issue(s) this PR fixes:

Fixes #110

Does this PR introduce a breaking change?

  • Yes
  • No

Special notes for reviewers:

This branch was rebased onto main after the #115 directory restructuring (Domain/ → modules/, Templates/ eliminated, bundled output no longer committed). The feature content is equivalent to what was previously on this branch, adapted to the new modular layout.

New files:

  • modules/TrustDomainDevices/TrustDomainDevices.yaml — all device registration schemas, parameters, and examples

Modified files:

  • network-access-management.yaml — 5 new endpoints, new "Trust Domain Devices" tag, new network-access-management:devices scope in description
  • modules/NAM_Common.yaml — added network-access-management:devices scope to OpenID security scheme

Error response consistency fixes (all endpoints):

  • Added 401 Unauthorized to all endpoints that were missing it
  • Added 503 Service Unavailable to all endpoints that were missing it
  • Removed 400 Bad Request from GET/DELETE endpoints that don't accept input beyond path parameters

Verification:

  • redocly lint passes with zero errors
  • redocly bundle produces valid standalone output

Changelog input

release-note
Add Trust Domain Device registration endpoints for zero-touch onboarding (DPP, Matter). Uniform 401/503 error responses across all endpoints.

@clundie-CL
Copy link
Copy Markdown
Contributor Author

clundie-CL commented Apr 2, 2026

I left this a draft in order to scrutinize further, especially in view of additional onboarding protocols we may want to include:

  • Bluetooth Low Energy: Conceivably this could used for BLE-only devices but needs to be unpacked and maybe better for a future enhancement
  • Well-Known SSID: Ref implementation working in CableLabs, but may need to sus out details some more before adding to this API.

My guess is that both of these need to be punted for a future enhancement.

@clundie-CL clundie-CL marked this pull request as ready for review April 13, 2026 15:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@caubut-charter caubut-charter Awaiting requested review from caubut-charter caubut-charter is a code owner

@mayur007 mayur007 Awaiting requested review from mayur007 mayur007 is a code owner

@benhepworth benhepworth Awaiting requested review from benhepworth benhepworth is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add ZTO Device Registration Endpoints

1 participant

@clundie-CL