Hello ACE, We have recently submitted an updated version of draft-tiloca-ace-group-oscore-profile
https://tools.ietf.org/html/draft-tiloca-ace-group-oscore-profile-04 The document describes a profile of ACE where client and resource server(s) communicate with Group OSCORE. This supports fine-grained access control in group communication environments, where different group members have different access rights to the resources of the servers in the group. This version further builds on the major update done in v -02, with the profile now focused on Group OSCORE as only security protocol. Changes are: 1) Clarifications on proof-of-possession, mutual authentication and token protection, consistently with the equivalent statements in the latest OSCORE profile [1]. 2) Update to the "Dual Mode" in Appendix A to be aligned with the latest OSCORE profile [1], especially as to the ID negotiation of Client and Resource Server. Comments are very welcome! Best, /Marco [1] https://tools.ietf.org/html/draft-ietf-ace-oscore-profile-13 -------- Forwarded Message -------- Subject: New Version Notification for draft-tiloca-ace-group-oscore-profile-04.txt Date: Mon, 02 Nov 2020 08:50:18 -0800 From: [email protected] To: Francesca Palombini <[email protected]>, Marco Tiloca <[email protected]>, Ludwig Seitz <[email protected]>, Rikard Hoeglund <[email protected]> A new version of I-D, draft-tiloca-ace-group-oscore-profile-04.txt has been successfully submitted by Rikard Hoeglund and posted to the IETF repository. Name: draft-tiloca-ace-group-oscore-profile Revision: 04 Title: Group OSCORE Profile of the Authentication and Authorization for Constrained Environments Framework Document date: 2020-11-02 Group: Individual Submission Pages: 54 URL: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-tiloca-ace-group-oscore-profile-04.txt&data=04%7C01%7Cmarco.tiloca%40ri.se%7C5d08d39c137444bf09fe08d87f4f626a%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637399326982038641%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=KFwFs%2B7wkrmM1ABWgpzAkCQUOqFgn9aJEVf4%2F8J5KLw%3D&reserved=0 Status: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-tiloca-ace-group-oscore-profile%2F&data=04%7C01%7Cmarco.tiloca%40ri.se%7C5d08d39c137444bf09fe08d87f4f626a%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637399326982038641%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=Zv7y5wfCSd4frHbgP1j%2Fx5KNolY9mP8G1xB94hfvOlw%3D&reserved=0 Htmlized: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-tiloca-ace-group-oscore-profile&data=04%7C01%7Cmarco.tiloca%40ri.se%7C5d08d39c137444bf09fe08d87f4f626a%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637399326982038641%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=FINy%2BdiJotA8JCsryqKFaPLeqIjxLM29o1a7MTDf8yw%3D&reserved=0 Htmlized: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-tiloca-ace-group-oscore-profile-04&data=04%7C01%7Cmarco.tiloca%40ri.se%7C5d08d39c137444bf09fe08d87f4f626a%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637399326982038641%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=09l%2F3Ph1bTjWAgni1WLU0A4mm%2FHsdOHU%2FOym1Vs0zxw%3D&reserved=0 Diff: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-tiloca-ace-group-oscore-profile-04&data=04%7C01%7Cmarco.tiloca%40ri.se%7C5d08d39c137444bf09fe08d87f4f626a%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637399326982038641%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=9ydrxTKn%2Bo%2BgbYNKMbtvMJ1%2FRkWzq6V%2F4kUFarw4Oc8%3D&reserved=0 Abstract: This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework. The profile uses Group OSCORE to provide communication security between a Client and a (set of) Resource Server(s) as members of an OSCORE Group. The profile securely binds an OAuth 2.0 Access Token with the public key of the Client associated to the signing private key used in the OSCORE group. The profile uses Group OSCORE to achieve server authentication, as well as proof-of-possession for the Client's public key. Also, it provides proof of the Client's membership to the correct OSCORE group, by binding the Access Token to information from the Group OSCORE Security Context, thus allowing the Resource Server(s) to verify the Client's membership upon receiving a message protected with Group OSCORE from the Client. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
