To follow up in writing with my comments on the call today...
In addition to the northbound and southbound interfaces there should be a statement about what assumptions and/or requirements there are with respect to the OS and hardware platform security.
The hardware platform is the system hardware, firmware, bootloaders. The hardware platform security would include things like hardware root-of-trust, secure boot, secure storage for secrets, and hardware-based attestation mechanisms. The OS would provide security interfaces based on those mechanisms.
What assumptions, if any, will EdgeX have about the underlying OS and system it is running on?
Potential places where EdgeX may intersect with hardware platform security:
In the end the security of the software stack is only going to be as good as the security of the platform it is running on.
System Architect, ARM