On 2018-02-18 17:45, Carsten Bormann wrote:
On Feb 18, 2018, at 08:35, Hannes Tschofenig <hannes.tschofe...@arm.com> wrote:
We should maybe add that this information is provisioned either during
manufacturing, via a commissioning tool or some other mechanisms. Not sure
whether this will indeed add more but it might be useful to know.
For a protocol that is meant to be interoperable, there need to be standard (if
not MTI) ways of getting this done.
At least we need to have a defined interface between CAM (“commissioning tool”)
and C for letting C know what was agreed about how to address AS and which RSes
it should be used for.
Why don't you make a new draft where you propose such a mechanism?
I don't think this fits in the scope of the framework draft, since the
framework is supposed to deal with the interaction between C-AS and C-RS
(after the onboarding has happened).
I agree that onboarding is a valid concern (which is why I wrote
appendix B), but lets not delay draft-ietf-ace-oauth-authz any further
by adding a whole new set of functionality in it.
Ludwig Seitz, PhD
Security Lab, RISE SICS
Phone +46(0)70-349 92 51
Ace mailing list