The OpenSCMS

Compact yet Complete SCMS Architecture

OpenSCMS implements the two fundamental EE interaction flows defined by IEEE 1609.2.1: enrollment certificate provisioning and authorization certificate provisioning. These flows are supported through direct interaction between the EE and the Enrollment Certificate Authority (ECA) and Registration Authority (RA), respectively.

To reduce architectural overhead while preserving functional correctness, OpenSCMS does not implement certain auxiliary components defined in the standard, such as the Device Configuration Manager (DCM) - you can check Assumptions and Limitations for more details. OpenSCMS enables the correct execution of both provisioning flows through a streamlined architecture in which:

• End entities interact directly with the ECA for enrollment certificate provisioning.
• End entities interact directly with the RA for authorization certificate provisioning.
• The RA additionally exposes endpoints responsible for certificate distribution, effectively subsuming the role of the Distribution Center (DC).
• Essential bootstrapping functionality for end entities—traditionally associated with the DCM—is provided directly by OpenSCMS through RA.

Importantly, the correctness of these flows has not been validated solely through specification compliance, but also through end-to-end integration with a conformant EE client. The client implements the IEEE 1609.2.1 protocol exactly as specified and successfully completes enrollment and authorization provisioning flows against OpenSCMS, demonstrating protocol-level interoperability and validating the architectural choices made by the project.