The following errata report has been submitted for RFC9203, "The Object Security for Constrained RESTful Environments (OSCORE) Profile of the Authentication and Authorization for Constrained Environments (ACE) Framework".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid8678 -------------------------------------- Type: Editorial Reported by: Marco Tiloca <[email protected]> Section: 4.2 Original Text ------------- As specified in Section 5.8.3 of [RFC9200], the RS must notify the client with an error response with code 4.01 (Unauthorized) for any long running request before terminating the session, when the access token expires. Corrected Text -------------- As specified in Section 5.10.3 of [RFC9200], the RS must notify the client with an error response with code 4.01 (Unauthorized) for any long running request before terminating the session, when the access token expires. Notes ----- The quoted text from Section 4.2 of RFC 9203 defines interactions between the client and the RS. However, the referred Section 5.8.3 of RFC 9200 is about error responses for interactions with the AS. The right section of RFC 9200 to refer to is instead 5.10.3, which says: "If a token that authorizes a long-running request, such as a CoAP Observe [RFC7641], expires, the RS MUST send an error response with the response code equivalent to the CoAP code 4.01 (Unauthorized) to the client and then terminate processing the long-running request." Instructions: ------------- This erratum is currently posted as "Reported". (If it is spam, it will be removed shortly by the RFC Production Center.) Please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party will log in to change the status and edit the report, if necessary. -------------------------------------- RFC9203 (draft-ietf-ace-oscore-profile-19) -------------------------------------- Title : The Object Security for Constrained RESTful Environments (OSCORE) Profile of the Authentication and Authorization for Constrained Environments (ACE) Framework Publication Date : August 2022 Author(s) : F. Palombini, L. Seitz, G. Selander, M. Gunnarsson Category : PROPOSED STANDARD Source : Authentication and Authorization for Constrained Environments Stream : IETF Verifying Party : IESG _______________________________________________ Ace mailing list -- [email protected] To unsubscribe send an email to [email protected]
