All, We would like the ACE WG to consider the extension of the CoAP-DTLS profile of the ACE framework (draft-ietf-dtls-authorize) to TLS.
An example of where this may be useful: 3GPP has specified the use of CoAP in SEAL (Service Enabler Architecture Layer for Verticals) [1] and the Service-Based Architecture has previously adopted OAuth 2.0 for authorization of access to services. CoAP as specified there is not restricted to UDP but may also carried in TCP and web sockets. To apply the ACE framework in that setting would require an ACE profile supporting TLS. The CoAP-DTLS profile supports DTLS 1.2 and 1.3, but is applicable also to corresponding versions of TLS. What is missing is essentially that statement. This has been discussed previously as John noted in a recent email to the list. Considering the CoAP-DTLS profile is in a progressed state it may be too late to include this in the CoAP-DTLS profile. The other option is a new draft updating draft-ietf-dtls-authorize. To illustrate how little additional information is needed we wrote a draft with all content in the two-paragraph introduction, available in [2], to be submitted when the I-D submission opens again. Note that the proposal is not to define a new profile of the ACE framework. That is not desirable since for most practical purposes the authorization is independent of whether UDP, TCP or websockets is used. Could we have a slot on the ACE agenda on Tuesday to discuss this? Thanks, Göran [1] https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3587 [2] https://gitlab.informatik.uni-bremen.de/ace/extend-dtls-authorize/-/blob/main/draft-bergmann-ace-extend-dtls-authorize-00.txt
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
