[Ace] bringing draft-selander-ace-ake-authz to ACE?

Mon, 07 Sep 2020 18:05:09 -0700 

I'm sorry that I missed today's meeting.
I guess this wasn't on the agenda in the end?

Göran Selander <goran.selan...@ericsson.com> wrote:
    > But you are right that the draft is not just a new ACE profile. The
    > voucher concept fits into ANIMA, but is carried as an ACE access
    > token. It also makes use of the auxiliary data and other elements of
    > EDHOC. But neither ANIMA nor LAKE seems to be the right working
    > groups. ANIMA is not using the ACE framework, and LAKE is for the
    > nearest future only concerned with the basic AKE.

ANIMA BRSKI is not using the ACE framework, but that's because I don't think
it was clear when we started the work that vouchers were semantically similar
to JWT/CWT.  Well, I tried to move things that way, but it was just too soon.

When we started, I thought that the thing that the AS (W) returns to V is an 
RFC8366 semantic voucher (encoded to CBOR a la 
draft-ietf-anima-constrained-voucher).
However, in the document it has taken on it's own life.
I think that we tried to make it close to an ACE token.

This is where the connection comes in.

Jim:
    jim>     I have been sitting this to try and make a decision and figure out
    jim> what my feelings are with this draft.  I did a fast read through the
    jim> document, too fast to actually understand what it is trying to do, and
    jim> I immediately ran into the question of why this document would be part
    jim> of ACE.  It is using the concepts of a voucher, which is not currently
    jim> an ACE concept, as one of the fundamental concepts.  That combined with
    jim> the use of an AKE makes me very wary of this document.  (I have not
    jim> spent enough time embedded in the ECIES and HPKE world to understand
    jim> this well.)

I think that the ECIES and HPKE part is not particularly significant.
There are some links at:
   https://www.sandelman.ca/SSW/ietf/brski-links/

The link:   Generic Animation of BRSKI - Bootstrapping Remote Secure Key
            Infrastructure (ODP) (screencast) (enterprise/IoT screencast)
points to:  https://www.youtube.com/watch?v=Mtbh_GN0Ce4 which is only 5
            minutes long.

I should redo this for ACE-AKE-AUTHZ, aka Ultra-Constrained enrollment.


-- 
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     m...@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

Reply via email to