MQTT Security SC
Providing guidance on securing MQTT solutions.
Statement of Purpose
The OASIS MQTT Security Subcommittee provides guidance on how MQTT solutions may be made secure and how this may mesh with existing security standards.
The Subcommittee will propose a security section to be included within the main 3.1.1 specification alongside auxiliary supporting documentation. Members will develop specific legacy protocols for MQTT and a higher level approach based on the NIST Framework. For details, see the agreed SC Statement of Purpose in the OASIS MQTT Technical Committee Minutes for the meeting of Thursday, August 01, 2013.
See Arlen Nipper on "Historical MQTT Security", and some initial draft proposals/documents, including, e.g.,:
- MQTT and the NIST Cybersecurity Framework Version 1.0 (Non-Standards Track, Working Draft), posted 2014-04-01
- MQTT Supplemental Publication Version 1.0 Part 1: NIST Cybersecurity Framework, posted 2014-01-16
- "MQTT Security SC: M2M Straw-Man Proposition" [.docx], posted by Louis-P. Lamoureux
- "MQTT Security", posted by Allan Stockdill-Mander, with update from Geoff Brown, and 2013-09-10 draft
- [TBD] Allan and Raph straw man for generic client/server security
Providing Feedback: OASIS welcomes feedback on its technical activities from potential users, developers, and others to better assure the interoperability and quality of OASIS work.