Hello ACE, We have submitted an updated version of the draft "Group OSCORE Profile of the Authentication and Authorization for Constrained Environments Framework"
https://tools.ietf.org/html/draft-tiloca-ace-group-oscore-profile-01 The document describes a profile of ACE where client and server can communicate with OSCORE and Group OSCORE. This supports fine-grained access control in group communication environments, where different group members have different access rights to resources of other group members. The pairwise OSCORE security context between the client and server is established in a way similar to the OSCORE profile, and is securely bound to the Group OSCORE security context previously obtained when joining the OSCORE group. This update is mostly about: 1) More discussions on relevant use cases in the introduction, including input from BACnet (thanks, Dave!). 2) Addressed issue about possible client impersonation, by proving client's possession of its own private key to the AS and including the client's public key in the Access Token (thanks, Jim!). 3) Alignment with the latest v -08 of the OSCORE profile. Comments are very welcome! Best, /Marco -------- Forwarded Message -------- Subject: New Version Notification for draft-tiloca-ace-group-oscore-profile-01.txt Date: Mon, 4 Nov 2019 11:38:58 -0800 From: [email protected] To: Ludwig Seitz <[email protected]>, Marco Tiloca <[email protected]>, Rikard Hoeglund <[email protected]>, Francesca Palombini <[email protected]> A new version of I-D, draft-tiloca-ace-group-oscore-profile-01.txt has been successfully submitted by Marco Tiloca and posted to the IETF repository. Name: draft-tiloca-ace-group-oscore-profile Revision: 01 Title: Group OSCORE Profile of the Authentication and Authorization for Constrained Environments Framework Document date: 2019-11-04 Group: Individual Submission Pages: 35 URL: https://www.ietf.org/internet-drafts/draft-tiloca-ace-group-oscore-profile-01.txt Status: https://datatracker.ietf.org/doc/draft-tiloca-ace-group-oscore-profile/ Htmlized: https://tools.ietf.org/html/draft-tiloca-ace-group-oscore-profile-01 Htmlized: https://datatracker.ietf.org/doc/html/draft-tiloca-ace-group-oscore-profile Diff: https://www.ietf.org/rfcdiff?url2=draft-tiloca-ace-group-oscore-profile-01 Abstract: This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework. The profile uses Object Security for Constrained RESTful Environments (OSCORE) and/or Group OSCORE to provide communication security between a Client and (a group of) Resource Server(s). Furthermore, the profile uses (Group) OSCORE to provide server authentication, and OSCORE to achieve proof-of-possession for a key owned by the Client and bound to an OAuth 2.0 Access Token. Also, the profile provides proof-of-group-membership for the Client, by securely binding the pre-established Group OSCORE Security Context to the pairwise OSCORE Security Context newly established with the Resource Server. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
