IoTopia Task Force

The IoTopia Task Force is chaired by Sebastian Hans from Oracle. All GlobalPlatform members are eligible to participate in this group.


The goal of the IoTopia Task Force is to accelerate IoT device deployment by providing best practice references for IoT security, guidelines, testing and certification. It does this by defining and evaluating the business and technical requirements of existing and emerging secure services, required by consumer and industrial products in an increasingly connected world.

The vision is to create an open and standardized approach to secure IoT device management, utilizing GlobalPlatform technologies or existing technologies from other groups, including IETF. Some examples of this work:

  1. Device Intent – GlobalPlatform’s MUD File Service leverages IETF’s framework and uniform resource identifier (URI) to outline device intent, and help device manufacturers publish, in a unique location, the MUD file library associated with their products.
  2. Autonomous, Scalable, Secure Onboarding – the task force is looking for standards-based secure onboarding processes to streamline network administration, based on open standards, such as Bootstrapping Remote Secure Key Infrastructures (BRSKI).
  3. Device Lifecycle Management – software, firmware and hardware patching and updates, and clarifying lifecycle of Software Bill of Materials (SBOM) for updatable connected devices, an initiative that is being driven by GlobalPlatform’s SBOM sub-task force.


  • Leverage standards and accepted parameters for secure-by-design, onboarding, device intent and lifecycle management, and develop high-level requirements, guidelines, and white papers on IoT-related solutions and specifications;
  • Host internal and external educational meetings and workshops to further the understanding of IoT technologies across the ecosystem;
  • Develop a blueprint for device makers to build and manage connected IoT devices using GlobalPlatform secure component technologies; and
  • Collaborate with Government agencies (including NIST/NCCoE, ENISA), Industry Consortiums (such as CTA, CTIA, OCF, IETF, ISA) and Universities, to achieve adoption of the IoTopia Framework and four pillars.

Current Priorities

  • Digital identity – Promote interoperability between different market and/or regional digital identity schemes, by defining standards for a digital wallet application that can securely host multiple apps and services.
  • IoT – Update the GlobalPlatform Secure Channel Protocol specification to support network-controlled devices and align with the GSMA’s latest eSIM IoT specification.
  • Post-Quantum Crypto – Support for Post-Quantum Crypto in IoT to protect devices and help ensure secure continuity of services when quantum computers become available.
  • Industry alignment – Collaborate with industry partners including the Car Connectivity Consortium, ETSI, GSMA, IoT Connectivity Alliance (ICA), Industrial Internet Consortium (IIC), NFC Forum, NIST, Open Mobile Alliance, oneM2M, Trusted Connectivity Alliance and Trusted Platform Consortium.
Related Content

Managing Security & Risk in the IoT

Watch Nguyen Quang-Huy, Evaluation Labs Manager at Trusted Labs, discuss the implications of an IoT hack and how TEE technology can help manage this risk.


VIDEO: How does SESIP provide a standardized methodology for IoT security implementation?

Technical Director Gil Bernabeu, alongside Brightsight’s Carlos Serratos and NXP’s Eve Atallah, explores how SESIP will provide the IoT ecosystem with a scalable, standardized methodology for ensuring that connected products meet the specific compliance, security, privacy and scalability challenges presented by the rapidly expanding IoT landscape.

Watch Here

Combined strengths of oneM2M and GlobalPlatform to address IoT security

François Ennesser, chairman of oneM2M Security Working Group and Gil Bernabeu, GlobalPlatform Technical Officer, illustrate how the know-how and expertise of both organizations complement each other to combine security and ubiquity in IoT deployments.

SBOM Sub-Task Force

The SBOM sub-task force is chaired by Gonda Lamberink of Fortress Information Security. All GlobalPlatform members are eligible to participate in this group.

The purpose of the SBOM (Software Bill of Materials) sub task force within the IoTopia committee is to analyze the impact of, and provide guidance on, the deployment of SBOM.


  • To assess the impact of the deployment of SBOM.
  • To clarify the concepts of software transparency and assurance and provide guidance, such as:
    • A consistent means to produce, consume and exchange software transparency and assurance information.
    • A guide to improve interoperability of software transparency and assurance data exchange.
  • To initiate dialogue and collaborations with impacted markets such as telecoms, healthcare and automotive.
  • To collaborate within GlobalPlatform and with external organizations on SBOM and other key iniatives.
  • To define any necessary requirements for technology development in relation to SBOM.

Current Priorities

  • Software Bill of Materials (SBOM) – Analyze impact of the Software Bill of Materials (SBOM) and provide guidance relating to SBOM deployment, including a consistent means to produce, consume and exchange, software transparency and assurance information.

Sebastian Hans

IoTopia Task Force Chair


Mr. Hans currently serves as Principal Member of Technical Staff at Oracle, previously Sun Microsystems Inc., where he is responsible for all smart card standardization activities with a strong focus on SIM and UICC technology. While at Sun Microsystems Inc, Mr. Hans has also headed up business development within the telecommunications market and has driven advanced pilot projects for the deployment of Java Card in the banking, insurance and mobile communication markets. Mr. Hans represents Sun Microsystems Inc. in ETSI SCP, 3GPP, OMA and is the Vice Chair of ETSI SCP TEC.

Mr. Hans serves as GlobalPlatform Board Director and Co-Chair of the IoTopia Task Force.

Gonda Lamberink

SBOM Sub-Task Force Chair

Fortress Information Security

Ms. Gonda Lamberink is the current Chair of GlobalPlatform’s Device Intent Working Group where she oversees the organization’s involvement in developing documentation for creation, management and certification of MUD files. The working group will also focus on creating MUD Proof of Concept implementations, industry outreach, and exploring liaisons with stakeholders and organizations to help drive MUD. Ms. Lamberink also works as Cybersecurity Senior Business Development Manager at UL (Underwriters Laboratories).

Interested in joining the IoTopia Task Force?

Hey There!

It seems you are using an outdated browser, unfortunately this means that our website will not render properly for you. Update your browser to view this website correctly.