Project Members:

• aliazzz
• hermsen (admin)
• i-campbell (admin)

SparkplugB Security Definitions

This Page
Authentication | Authorization | Encryption

General Sparkplug info
Infrastructure | Security | Messages

Information and guides
Sparkplug™ information | Preview how-to | Setup a test system with Ignition Primary Host | Add SparkplugB to an existing CODESYS project

Authentication

There are several levels of security and access control configured within an MQTT infrastructure.
From a pure MQTT client perspective, the client does need to provide

• a mandatory unique Client ID,
• optional Username and Password

Authorization

Although access control is not mandated in the MQTT specification for use in MQTT Server implementations, Access Control List (ACL) functionality is available for most MQTT Server implementations. The ACL of an MQTT Server implementation is used to specify which Topic Namespace any MQTT Client can subscribe to and publish on. For further information on this topic see your MQTT broker's documentation.

Encryption

The MQTT specification does not specify any TCP/IP security scheme as it was envisaged that TCP/IP security would (and did) change over time. In short, SparkplugB lifts upon MQTT, which lifts upon TCP/IP and it's ever evolving security, so SparkplugB is by design equipped with the latest security features. Allthough Sparkplug B will not specify any TCP/IP security schema it will provide examples on how to secure an MQTT infrastructure using TLS security.