Dear Ace, I've uploaded a new version of the pub-sub document before the document expired on January 1, 2022. This version partially addresses the review comments of Marco [August 30 and October 12] (Thanks, Marco!).
The new version makes the following changes: 1) Changes to using two authorization requests to AS. One request where the audience is the broker and the other is the KDC. This approach was considered more appropriate in IETF 111 discussion and discussion e-mails with Marco to the group. 2) Change from COSE_Key used as a public key, support UCCS. 3) Various rewording suggestions captured in this Github issue: https://github.com/ace-wg/pubsub-profile/issues/12 <https://github.com/ace-wg/pubsub-profile/issues/12> 4) Revised discussion around application group to security group mapping, and MQTT text - discussion captured here: https://github.com/ace-wg/pubsub-profile/issues/14 There are several open issues, some of which marked as ToDo in the submitted draft (e.g., multiple publishers protecting topic content, better alignment to the new KDC interface etc., which can be seen here: https://github.com/ace-wg/pubsub-profile/issues. <https://github.com/ace-wg/pubsub-profile/issues> Therefore, a new version will be uploaded soon again to handle those. Happy new year to all! -Cigdem On Wed, Dec 29, 2021 at 11:00 PM <[email protected]> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Authentication and Authorization for > Constrained Environments WG of the IETF. > > Title : Pub-Sub Profile for Authentication and > Authorization for Constrained Environments (ACE) > Authors : Francesca Palombini > Cigdem Sengul > Filename : draft-ietf-ace-pubsub-profile-04.txt > Pages : 23 > Date : 2021-12-29 > > Abstract: > This specification defines an application profile for authentication > and authorization for Publishers and Subscribers in a constrained > pub-sub scenario, using the ACE framework. This profile relies on > transport layer or application layer security to authorize the pub- > sub clients to the broker. Moreover, it describes the use of > application layer security to protect the content of the pub-sub > client message exchange through the broker. The profile covers pub- > sub scenarios using either the Constrained Application Protocol > (CoAP) [I-D.ietf-core-coap-pubsub] or the Message Queue Telemetry > Transport (MQTT) [MQTT-OASIS-Standard-v5] protocol. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-ace-pubsub-profile/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-ace-pubsub-profile-04.html > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-ace-pubsub-profile-04 > > > Internet-Drafts are also available by rsync at rsync.ietf.org: > :internet-drafts > > > _______________________________________________ > Ace mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ace >
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
