Commissioning an IoT App Store occurs in four steps:
1. Create an IoT App Store
The first step is to create a brand account. A brand account has extensive permissions. It can be used for certain functions including to:
- Generate, register and hold the signing keys for all associated IoT App Stores
- Sign configuration files used to build device images with access to the IoT App Store
- Register key software components hosted in the App Store (kernels and bootloaders)
2. Create SSO accounts and assign roles
IoT app stores are administered via a dashboard. Ubuntu SSO is the identity provider for the IoT App Store - each account requires an email address. The App Store administrators can assign specific roles to users: administrator, publisher, reviewer and viewer. See the following sections of this guide to find out more about each of these roles.
3. Configure the serial vault
The serial vault stores various keys and also provides signed configuration files to devices. These keys allow devices to authenticate against IoT App Stores. At first boot, a device running Ubuntu Core will perform a provisioning step to retrieve a signed configuration file from the serial vault.
The main configuration files that are stored and served by the serial vault are:
|Account key||Cryptographic key used to sign assertions|
|Model assertion||A statement about the properties of a device model. It contains information needed to create an Ubuntu Core image|
|Serial assertion||A statement binding a device identity with the device public key.|
All of these files are used by the device, serial vault and IoT App Store to verify and manage the access to a device.
4. Create sub stores
Store Administrators can create derivative IoT App Stores hierarchically tied to their account. Sub stores can be created for a number of use cases, including:
- Product sub stores: enterprises with a product portfolio can create sub stores associated with different product lines or to specific product models.
- Ecosystem sub stores: enterprises can create stores on behalf of their ecosystem partners. These could be resellers, subsidiaries or business partners.