Device Security Rating (DSR) is a Proof of Concept to demonstrate the secure access to services using Zero Trust design principles. In contrast to enterprise-centric Zero Trust architectures, where devices need to be owned and/or managed by a company, the DSR PoC is designed in a way that allows participants from different legal and organisational entities without the need of giving up the ownership of their devices.
It provides the specification and sample implementation of following aspects:
Device and App Attestation
Sample implementation for Apple iOS and Google Android
Device Registration
Self managed automatic registration and hardware-based identity
Device Management Service
Sample implementation written in Java
Policy Decision and Policy Enforcement Points
Sample implementation written in Go
Sample Policy
Sample policy bundle for Open Policy Agent
Sample Business API
Protected by zero trust mechanisms
Contributions welcome!
The Device Security Rating PoC is an open-source project of the German National Digital Health Agency, gematik GmbH. It is part of the next generation German eHealth network Telematics Infrastructure 2.0 and based on the Zero Trust concept paper released in March 2023. By releasing all material to the public, gematik would like to start a dialog with the civil society and industry.