[Ace] Last Call: (Notification of Revoked Access Tokens in the Authentication and Authorization for Constrained Environments (ACE) Framework) to Prop

[The IESG]

The IESG has received a request from the Authentication and Authorization for
Constrained Environments WG (ace) to consider the following document: -
'Notification of Revoked Access Tokens in the Authentication and
   Authorization for Constrained Environments (ACE) Framework'
   as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-c...@ietf.org mailing lists by 2024-04-05. Exceptionally, comments may
be sent to i...@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


   This document specifies a method of the Authentication and
   Authorization for Constrained Environments (ACE) framework, which
   allows an Authorization Server to notify Clients and Resource Servers
   (i.e., registered devices) about revoked access tokens.  As specified
   in this document, the method allows Clients and Resource Servers to
   access a Token Revocation List on the Authorization Server by using
   the Constrained Application Protocol (CoAP), with the possible
   additional use of resource observation.  Resulting (unsolicited)
   notifications of revoked access tokens complement alternative
   approaches such as token introspection, while not requiring
   additional endpoints on Clients and Resource Servers.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-ace-revoked-token-notification/



No IPR declarations have been submitted directly on this I-D.





___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Protocol Action: 'Key Provisioning for Group Communication using ACE' to Proposed Standard (draft-ietf-ace-key-groupcomm-18.txt)

[The IESG]

The IESG has approved the following document:
- 'Key Provisioning for Group Communication using ACE'
  (draft-ietf-ace-key-groupcomm-18.txt) as Proposed Standard

This document is the product of the Authentication and Authorization for
Constrained Environments Working Group.

The IESG contact persons are Paul Wouters and Roman Danyliw.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ace-key-groupcomm/




Technical Summary

   This document defines how to use the Authentication and Authorization
   for Constrained Environments (ACE) framework to distribute keying
   material and configuration parameters for secure group communication.
   Candidate group members acting as Clients and authorized to join a
   group can do so by interacting with a Key Distribution Center (KDC)
   acting as Resource Server, from which they obtain the keying material
   to communicate with other group members.  While defining general
   message formats as well as the interface and operations available at
   the KDC, this document supports different approaches and protocols
   for secure group communication.  Therefore, details are delegated to
   separate application profiles of this document, as specialized
   instances that target a particular group communication approach and
   define how communications in the group are protected.  Compliance
   requirements for such application profiles are also specified.

Working Group Summary

   No controversies. 

Document Quality

This draft in itself cannot be implemented. The API and message template
formats that it defines have to be instantiated by its profiles (such as
key-groupcomm-oscore), which can rather be implemented. The latest has been
implemented in the java ACE implementation for Californium
 https://bitbucket.org/marco-tiloca-sics/ace-java/

Personnel

   The Document Shepherd for this document is Daniel Migault. The
   Responsible Area Director is Paul Wouters.


___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Last Call: (EAP-based Authentication Service for CoAP) to Proposed Standard

[The IESG]

The IESG has received a request from the Authentication and Authorization for
Constrained Environments WG (ace) to consider the following document: -
'EAP-based Authentication Service for CoAP'
   as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-c...@ietf.org mailing lists by 2024-01-25. Exceptionally, comments may
be sent to i...@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


   This document specifies an authentication service that uses the
   Extensible Authentication Protocol (EAP) transported employing
   Constrained Application Protocol (CoAP) messages.  As such, it
   defines an EAP lower layer based on CoAP called CoAP-EAP.  One of the
   main goals is to authenticate a CoAP-enabled IoT device (EAP peer)
   that intends to join a security domain managed by a Controller (EAP
   authenticator).  Secondly, it allows deriving key material to protect
   CoAP messages exchanged between them based on Object Security for
   Constrained RESTful Environments (OSCORE), enabling the establishment
   of a security association between them.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-ace-wg-coap-eap/



No IPR declarations have been submitted directly on this I-D.





___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Last Call: (Key Provisioning for Group Communication using ACE) to Proposed Standard

[The IESG]

The IESG has received a request from the Authentication and Authorization for
Constrained Environments WG (ace) to consider the following document: - 'Key
Provisioning for Group Communication using ACE'
   as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-c...@ietf.org mailing lists by 2023-10-20. Exceptionally, comments may
be sent to i...@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


   This document defines how to use the Authentication and Authorization
   for Constrained Environments (ACE) framework to distribute keying
   material and configuration parameters for secure group communication.
   Candidate group members acting as Clients and authorized to join a
   group can do so by interacting with a Key Distribution Center (KDC)
   acting as Resource Server, from which they obtain the keying material
   to communicate with other group members.  While defining general
   message formats as well as the interface and operations available at
   the KDC, this document supports different approaches and protocols
   for secure group communication.  Therefore, details are delegated to
   separate application profiles of this document, as specialized
   instances that target a particular group communication approach and
   define how communications in the group are protected.  Compliance
   requirements for such application profiles are also specified.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-ace-key-groupcomm/



No IPR declarations have been submitted directly on this I-D.


The document contains these normative downward references.
See RFC 3967 for additional information: 
rfc7967: Constrained Application Protocol (CoAP) Option for No Server 
Response (Informational - Independent Submission)
rfc9053: CBOR Object Signing and Encryption (COSE): Initial Algorithms 
(Informational - Internet Engineering Task Force (IETF))




___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Protocol Action: 'CoAP Transfer for the Certificate Management Protocol' to Proposed Standard (draft-ietf-ace-cmpv2-coap-transport-10.txt)

[The IESG]

The IESG has approved the following document:
- 'CoAP Transfer for the Certificate Management Protocol'
  (draft-ietf-ace-cmpv2-coap-transport-10.txt) as Proposed Standard

This document is the product of the Authentication and Authorization for
Constrained Environments Working Group.

The IESG contact persons are Paul Wouters and Roman Danyliw.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ace-cmpv2-coap-transport/





Technical Summary

This document specifies an authentication service that uses the Extensible 
Authentication Protocol (EAP) transported employing Constrained Application 
Protocol (CoAP) messages. As such, it defines an EAP lower layer based on CoAP 
called CoAP-EAP. One of the main goals is to authenticate a CoAP-enabled IoT 
device (EAP peer) that intends to join a security domain managed by a 
Controller (EAP authenticator). Secondly, it allows deriving key material to 
protect CoAP messages exchanged between them based on Object Security for 
Constrained RESTful Environments (OSCORE), enable the establishment of a 
security association between them.
   
  
Working Group Summary

No issues, broad consensus.

Document Quality

No issues with the document. There is an open source implementation to support 
CMP over CoAP maintained by @David von Oheimb.
The Shepherd believesthese do not follow the draft exactly but are based on 
this draft.
https://github.com/siemens/LightweightCmpRa
https://github.com/siemens/embeddedCMP

Personnel

   Document Shepherd: Loganaden Velvindron and Paul Wouters
   Responsible Area Director?  Paul Wouters

   'The IANA Expert(s) for the registries in this document are Klaus Hartke 
(primary), Carsten Bormann (secondary), Jaime Jimenez (secondary), Alexander 
Pelov (secondary), Hendrik Brockhaus, David von Oheimb, John Gray, Mark 
Nottingham

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Interim Meeting: 2023-07-03

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG
will hold an interim meeting on 2023-07-03 from 09:00 to 10:00
America/New_York (13:00 to 14:00 UTC). Meeting Location: Montreal, CA


Agenda:
(No agenda submitted)

Information about remote participation:
https://meetings.conf.meetecho.com/interim/?short=0b9ebf8d-3741-4b39-a4ea-1c3211ca9cc3



--
A calendar subscription for all ace meetings is available at
https://datatracker.ietf.org/meeting/upcoming.ics?show=ace

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Interim Meeting: 2023-06-05

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG
will hold an interim meeting on 2023-06-05 from 09:00 to 10:00
America/New_York (13:00 to 14:00 UTC). Meeting Location: Montreal, CA


Agenda:
(No agenda submitted)

Information about remote participation:
https://meetings.conf.meetecho.com/interim/?short=209e5f7d-478c-4bec-86b5-0f9e3480b8a9



--
A calendar subscription for all ace meetings is available at
https://datatracker.ietf.org/meeting/upcoming.ics?show=ace

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Interim Meeting: 2023-05-08

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG
will hold an interim meeting on 2023-05-08 from 09:00 to 10:00
America/New_York (13:00 to 14:00 UTC). Meeting Location: Montreal, CA


Agenda:
(No agenda submitted)

Information about remote participation:
https://meetings.conf.meetecho.com/interim/?short=7bd2ea10-1c42-4dda-9bc0-8776a5cb4afb



--
A calendar subscription for all ace meetings is available at
https://datatracker.ietf.org/meeting/upcoming.ics?show=ace

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Last Call: (CoAP Transfer for the Certificate Management Protocol) to Proposed Standard

[The IESG]

The IESG has received a request from the Authentication and Authorization for
Constrained Environments WG (ace) to consider the following document: - 'CoAP
Transfer for the Certificate Management Protocol'
   as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-c...@ietf.org mailing lists by 2023-04-14. Exceptionally, comments may
be sent to i...@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


   This document specifies the use of Constrained Application Protocol
   (CoAP) as a transfer mechanism for the Certificate Management
   Protocol (CMP).  CMP defines the interaction between various PKI
   entities for the purpose of certificate creation and management.
   CoAP is an HTTP-like client-server protocol used by various
   constrained devices in the IoT space.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-ace-cmpv2-coap-transport/



No IPR declarations have been submitted directly on this I-D.





___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Protocol Action: 'Extension of the Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE) to Transport Layer Security (TLS)' to

[IESG Secretary]

The IESG has approved the following document:
- 'Extension of the Datagram Transport Layer Security (DTLS) Profile for
   Authentication and Authorization for Constrained Environments (ACE)
   to Transport Layer Security (TLS)'
  (draft-ietf-ace-extend-dtls-authorize-07.txt) as Proposed Standard

This document is the product of the Authentication and Authorization for
Constrained Environments Working Group.

The IESG contact persons are Paul Wouters and Roman Danyliw.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ace-extend-dtls-authorize/





Technical Summary

   This document updates the CoAP-DTLS profile for ACE described in RFC
   9202 by specifying that the profile applies to TLS as well as DTLS.

Working Group Summary

No controversies were encountered. The draft is an extending a core document of 
the ACE WG.

GENART review of this document recommended minting a 9202bis version of the 
document instead of the update style taken with this document.  That was not 
the consensus of the WG.

Document Quality

Per implementations: [1] supports CoAP transport over DTLS and TLS using 
libcoap [2]. The client-side retry with different transport layer security is 
not yet implemented.

[1] https://gitlab.informatik.uni-bremen.de/DCAF/dcaf
[2] https://libcoap.net


Personnel

- Document Shepherd: Daniel Migault
- Responsible AD: Roman Danyliw

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Last Call: (Extension of the CoAP-DTLS Profile for ACE to TLS) to Proposed Standard

[The IESG]

The IESG has received a request from the Authentication and Authorization for
Constrained Environments WG (ace) to consider the following document: -
'Extension of the CoAP-DTLS Profile for ACE to TLS'
   as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-c...@ietf.org mailing lists by 2023-01-24. Exceptionally, comments may
be sent to i...@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


   This document updates the CoAP-DTLS profile for ACE described in RFC
   9202 by specifying that the profile applies to TLS as well as DTLS.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-ace-extend-dtls-authorize/


The following IPR Declarations may be related to this I-D:

   https://datatracker.ietf.org/ipr/5576/
   https://datatracker.ietf.org/ipr/5575/






___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Interim Meeting: 2023-02-20 CHANGED

[IESG Secretary]

MEETING DETAILS HAVE CHANGED.  SEE LATEST DETAILS BELOW.

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
an interim meeting on 2023-02-20 from 09:00 to 10:00 America/New_York (14:00 to 
15:00 UTC).

Meeting Location:
Montreal, CA

Agenda:
(No agenda submitted)

Information about remote participation:
https://meetings.conf.meetecho.com/interim/?short=51d3eb03-9d84-42e9-8ffc-aec68070b315

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Interim Meeting: 2023-01-23 CHANGED

[IESG Secretary]

MEETING DETAILS HAVE CHANGED.  SEE LATEST DETAILS BELOW.

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
an interim meeting on 2023-01-23 from 09:00 to 10:00 America/New_York (14:00 to 
15:00 UTC).

Meeting Location:
Montreal, CA

Agenda:
(No agenda submitted)

Information about remote participation:
https://meetings.conf.meetecho.com/interim/?short=380a5e36-2f3a-4e71-8bcc-9d255cdc0fde

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Interim Meeting: 2022-12-19 CHANGED

[IESG Secretary]

MEETING DETAILS HAVE CHANGED.  SEE LATEST DETAILS BELOW.

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
an interim meeting on 2022-12-19 from 09:00 to 10:00 America/New_York (14:00 to 
15:00 UTC).

Meeting Location:
Montreal, CA

Agenda:
(No agenda submitted)

Information about remote participation:
https://meetings.conf.meetecho.com/interim/?short=5e0b91f9-04ca-40e7-b67a-62d7361adcc2

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Interim Meeting: 2023-03-20

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
an interim meeting on 2023-03-20 from 09:00 to 10:00 America/New_York (13:00 to 
14:00 UTC).

Meeting Location:
Montreal, CA

Agenda:
(No agenda submitted)

Information about remote participation:
https://meetings.conf.meetecho.com/interim/?short=0028a09b-68f2-4fa6-bc46-e62d96a824eb

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Interim Meeting: 2023-02-20

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
an interim meeting on 2023-02-20 from 14:00 to 15:00 America/New_York (19:00 to 
20:00 UTC).

Meeting Location:
Montreal, CA

Agenda:
(No agenda submitted)

Information about remote participation:
https://meetings.conf.meetecho.com/interim/?short=6030cc41-07c4-4e22-8c7f-0a530503ae66

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Interim Meeting: 2023-01-23

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
an interim meeting on 2023-01-23 from 14:00 to 15:00 America/New_York (19:00 to 
20:00 UTC).

Meeting Location:
Montreal, CA

Agenda:
(No agenda submitted)

Information about remote participation:
https://meetings.conf.meetecho.com/interim/?short=129cc3e2-d1e9-48e4-9b27-f7ffb609b492

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Interim Meeting: 2022-12-19

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
an interim meeting on 2022-12-19 from 19:00 to 20:00 America/New_York (00:00 to 
01:00 UTC).

Meeting Location:
Montreal, CA

Agenda:
(No agenda submitted)

Information about remote participation:
https://meetings.conf.meetecho.com/interim/?short=abdc278b-07bd-4a22-bb9f-2536d26d80d0

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Last Call: (CoAP Transfer for the Certificate Management Protocol) to Proposed Standard

[The IESG]

The IESG has received a request from the Authentication and Authorization for
Constrained Environments WG (ace) to consider the following document: - 'CoAP
Transfer for the Certificate Management Protocol'
   as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-c...@ietf.org mailing lists by 2022-10-27. Exceptionally, comments may
be sent to i...@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


   This document specifies the use of Constrained Application Protocol
   (CoAP) as a transfer mechanism for the Certificate Management
   Protocol (CMP).  CMP defines the interaction between various PKI
   entities for the purpose of certificate creation and management.
   CoAP is an HTTP-like client-server protocol used by various
   constrained devices in the IoT space.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-ace-cmpv2-coap-transport/



No IPR declarations have been submitted directly on this I-D.





___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2022-09-12

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
a virtual interim meeting on 2022-09-12 from 10:00 to 11:00 America/New_York 
(14:00 to 15:00 UTC).

Agenda:
(No agenda submitted)

Information about remote participation:
https://meetings.conf.meetecho.com/interim/?short=24c81a1f-7240-4990-a8ae-8b46a94e8b1b

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Protocol Action: 'Message Queuing Telemetry Transport (MQTT)-TLS profile of Authentication and Authorization for Constrained Environments (ACE) Framework' to Proposed Standard (draft-ietf-ace-mq

[The IESG]

The IESG has approved the following document:
- 'Message Queuing Telemetry Transport (MQTT)-TLS profile of
   Authentication and Authorization for Constrained Environments (ACE)
   Framework'
  (draft-ietf-ace-mqtt-tls-profile-17.txt) as Proposed Standard

This document is the product of the Authentication and Authorization for
Constrained Environments Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ace-mqtt-tls-profile/




Technical Summary

   This document specifies a profile for the ACE (Authentication and
   Authorization for Constrained Environments) framework to enable
   authorization in an Message Queuing Telemetry Transport (MQTT)-based
   publish-subscribe messaging system.  Proof-of-possession keys, bound
   to OAuth2.0 access tokens, are used to authenticate and authorize
   MQTT Clients.  The protocol relies on TLS for confidentiality and
   MQTT server (broker) authentication.

Working Group Summary

   This document had an uneventful journey through the WG, gathering
   feedback over multiple review cycles, with progress being driven by
   understanding and resolving potential issues and no major points of 
controversy.

Document Quality

There are at least two known implementations:
 * Implementation using the HiveMQ CE is a Java-based open source MQTT broker 
that fully supports MQTT 3.x and MQTT 5.  
https://github.com/michaelg9/HiveACEclient  

The Media-Type registration was sent to the media-types list for review at
https://mailarchive.ietf.org/arch/msg/media-types/85kGXBBKaWqIoCSU5k7GrE5FRWw/
though no comments were received.

Personnel

Daniel Migault is the Document Shepherd.
Benjamin Kaduk is the Responsible AD.

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Protocol Action: 'An Authorization Information Format (AIF) for ACE' to Proposed Standard (draft-ietf-ace-aif-07.txt)

[The IESG]

The IESG has approved the following document:
- 'An Authorization Information Format (AIF) for ACE'
  (draft-ietf-ace-aif-07.txt) as Proposed Standard

This document is the product of the Authentication and Authorization for
Constrained Environments Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ace-aif/





Technical Summary

   This specification provides a generic information model  and format
   for representing such authorization information (information about
   which entities are authorized to perform what operations), as well as two
   variants of a specific instantiation of that format for use with REST
   resources identified by URI path.

Working Group Summary

The WG was supportive of this work, which is already a normative
dependency of a couple other documents.

Document Quality

The technical mechanisms in this document are fairly straightforward
and have received ample review.  It is deemed to be sufficiently well
specified that other ACE documents (group-communication-related)
are using it to convey their authorization information.
A media type review request was posted just over a year ago
for an earlier revision,
https://mailarchive.ietf.org/arch/msg/media-types/sl2NFBvcaKtPH4LL7cCpTkwjy5E/ ,
which resulted in a (DE) reviewer saying it is mostly fine and just
in need of correction in terms of a few details of the registration template.

Personnel

The Document Shepherd is Loganaden Velvindron.
The Responsible Area Director is Benjamin Kaduk.

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Last Call: (Message Queuing Telemetry Transport (MQTT)-TLS profile of Authentication and Authorization for Constrained Environments (ACE) Framework) to P

[The IESG]

The IESG has received a request from the Authentication and Authorization for
Constrained Environments WG (ace) to consider the following document: -
'Message Queuing Telemetry Transport (MQTT)-TLS profile of
   Authentication and Authorization for Constrained Environments (ACE)
   Framework'
   as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-c...@ietf.org mailing lists by 2022-03-03. Exceptionally, comments may
be sent to i...@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


   This document specifies a profile for the ACE (Authentication and
   Authorization for Constrained Environments) framework to enable
   authorization in a Message Queuing Telemetry Transport (MQTT)-based
   publish-subscribe messaging system.  Proof-of-possession keys, bound
   to OAuth2.0 access tokens, are used to authenticate and authorize
   MQTT Clients.  The protocol relies on TLS for confidentiality and
   MQTT server (broker) authentication.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-ace-mqtt-tls-profile/



No IPR declarations have been submitted directly on this I-D.





___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Last Call: (An Authorization Information Format (AIF) for ACE) to Proposed Standard

[The IESG]

The IESG has received a request from the Authentication and Authorization for
Constrained Environments WG (ace) to consider the following document: - 'An
Authorization Information Format (AIF) for ACE'
   as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-c...@ietf.org mailing lists by 2022-02-28. Exceptionally, comments may
be sent to i...@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


   Information about which entities are authorized to perform what
   operations on which constituents of other entities is a crucial
   component of producing an overall system that is secure.  Conveying
   precise authorization information is especially critical in highly
   automated systems with large numbers of entities, such as the
   "Internet of Things".

   This specification provides a generic information model and format
   for representing such authorization information, as well as two
   variants of a specific instantiation of that format for use with REST
   resources identified by URI path.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-ace-aif/



No IPR declarations have been submitted directly on this I-D.





___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Interim Meeting Cancelled (was 2021-08-10)

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) virtual 
interim meeting for 2021-08-10 from 10:00 to 11:00 America/New_York
has been cancelled.





___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Protocol Action: 'OSCORE Profile of the Authentication and Authorization for Constrained Environments Framework' to Proposed Standard (draft-ietf-ace-oscore-profile-19.txt)

[The IESG]

The IESG has approved the following document:
- 'OSCORE Profile of the Authentication and Authorization for Constrained
   Environments Framework'
  (draft-ietf-ace-oscore-profile-19.txt) as Proposed Standard

This document is the product of the Authentication and Authorization for
Constrained Environments Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ace-oscore-profile/




Technical Summary

  The OAuth authentication and Authorization for Constrained Devices
  provides a message format and framework for moving keys and tokens
  between authority servers, clients, and resource servers.
  This document provides a set of security services with OSCORE so that the
  communication and authorizations can be performed.

Working Group Summary

  Once the CoRE document dealing with OSCORE was finalized there was
  only one issue of significance.  That issue was how to deal
  with re-use of tokens in order to make sure that the same
  transport key was not going to be regenerated.  This has 
  been addressed.

Document Quality

  The document has been fairly extensively vetted.  There are
  at least two implementations of a version of the document
  prior to the WGLC being done.

Personnel

Jim Schaad was the document shepherd.  Ben Kaduk is the responsible AD.


RFC Editor Note

 This document uses the non-BCP-14 keyword "RECOMMENDS" in a handful
 of locations; please help rephrase them to use the "RECOMMENDED" keyword.

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Protocol Action: 'Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE)' to Proposed Standard (draft-ietf-ace-dtls-authorize-18

[The IESG]

The IESG has approved the following document:
- 'Datagram Transport Layer Security (DTLS) Profile for Authentication
   and Authorization for Constrained Environments (ACE)'
  (draft-ietf-ace-dtls-authorize-18.txt) as Proposed Standard

This document is the product of the Authentication and Authorization for
Constrained Environments Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ace-dtls-authorize/




Technical Summary

  The ACE WG has created a framework for constrained servers
  to do authentication and authorization using OAuth.
  This document provides the details for how to use DTLS as
  the security for protecting and authentication the messages
  defined in the framework as well as the final client to
  resource server messages.

Working Group Summary

  The document did not raise any issues during development.
  Most of the issues were focused on the framework document.
  Late-stage reviews revealed some issues that affected the framework
  and all profiles, and thus required changes in this document, but
  there was nothing particularly specific to this document.

Document Quality

  At least two implementations of prior versions of this document
  exist.  The process of doing these implementations and making
  sure that they were interoperable was influential in some of
  the content in the document.

Personnel

Jim Schaad was the document shepherd.  Ben Kaduk is the responsible AD.

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Protocol Action: 'Additional OAuth Parameters for Authorization in Constrained Environments (ACE)' to Proposed Standard (draft-ietf-ace-oauth-params-15.txt)

[The IESG]

The IESG has approved the following document:
- 'Additional OAuth Parameters for Authorization in Constrained
   Environments (ACE)'
  (draft-ietf-ace-oauth-params-15.txt) as Proposed Standard

This document is the product of the Authentication and Authorization for
Constrained Environments Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ace-oauth-params/




Technical Summary

  This specification defines new parameters for the OAuth 2.0 token
  and introspection endpoints.  These parameters are targeted for use
  with the OAuth protocol adapted for constrained devices.

Working Group Summary

  This document was created and modified in response to issues raised
  by the OAuth working group.  They deal with a case which the ACE
  OAuth protocol does not currently support, but which may be
  introduced in OAuth.  This document represents a consensus between
  the two groups.

Document Quality

  There exist at least two implementations which are using these
  fields as part of the overall work.  As noted above there was an
  issue with the OAuth working group but it has been resolved.

Personnel

Jim Schaad was the document shepherd.  Ben Kaduk is the responsible AD.

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Protocol Action: 'Authentication and Authorization for Constrained Environments (ACE) using the OAuth 2.0 Framework (ACE-OAuth)' to Proposed Standard (draft-ietf-ace-oauth-authz-43.txt)

[The IESG]

The IESG has approved the following document:
- 'Authentication and Authorization for Constrained Environments (ACE)
   using the OAuth 2.0 Framework (ACE-OAuth)'
  (draft-ietf-ace-oauth-authz-43.txt) as Proposed Standard

This document is the product of the Authentication and Authorization for
Constrained Environments Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ace-oauth-authz/




Technical Summary

  This document describes a framework for the use of OAuth 2.0
  in a constrained environment.  The document is mainly targeted
  at the protocols defined for CoAP, but other protocols can
  be used as well.  The framework defines the fields and
  symmantics needed for doing authorization and authenticiation
  of a client.

Working Group Summary

  The concesus on the document was generally very solid.  There
  were some issues that arose between the ACE and OAuth working
  groups over a couple of issues.  These issues appear to have
  been resolved.  The WG remained fairly active at resolving issues that
  arose during reviews of other documents that provide "profiles" of
  this framework.

Document Quality

  There have been at least four different groups who have
  announced an implementation at some level of the specification.
  While two of those implementations share a certain amount of
  common code, there are two implementations which have done
  interop tests at various times which do not share any code
  based on this document.

  The scope and issues of trying to deal with some of the
  OAuth 2.0 documents can be challenging at times.  While
  it is believed that a good job has been done, there are
  some potential areas where different people might end up
  doing new things.

Personnel

Jim Schaad was the shepherd.  Ben Kaduk is the responsible AD.

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Interim Meeting Cancelled (was 2021-07-13)

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) virtual 
interim meeting for 2021-07-13 from 10:00 to 11:00 America/New_York
has been cancelled.





___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Interim Meeting Cancelled (was 2021-07-08)

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) virtual 
interim meeting for 2021-07-08 from 10:00 to 11:00 America/New_York
has been cancelled.





___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Interim Meeting Cancelled (was 2021-06-10)

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) virtual 
interim meeting for 2021-06-10 from 10:00 to 11:00 America/New_York
has been cancelled.





___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Interim Meeting Cancelled (was 2021-05-13)

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) virtual 
interim meeting for 2021-05-13 from 10:00 to 11:00 America/New_York
has been cancelled.





___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2021-12-14

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
a virtual interim meeting on 2021-12-14 from 10:00 to 11:00 America/New_York 
(15:00 to 16:00 UTC).

Agenda:
(No agenda submitted)

Information about remote participation:
https://ietf.webex.com/ietf/j.php?MTID=m4d4b02389fc6f862663a7ac103a9d9ce

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2021-10-12

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
a virtual interim meeting on 2021-10-12 from 10:00 to 11:00 America/New_York 
(14:00 to 15:00 UTC).

Agenda:
(No agenda submitted)

Information about remote participation:
https://ietf.webex.com/ietf/j.php?MTID=m4d4b02389fc6f862663a7ac103a9d9ce

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2021-09-14

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
a virtual interim meeting on 2021-09-14 from 10:00 to 11:00 America/New_York 
(14:00 to 15:00 UTC).

Agenda:
(No agenda submitted)

Information about remote participation:
https://ietf.webex.com/ietf/j.php?MTID=m4d4b02389fc6f862663a7ac103a9d9ce

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2021-08-10

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
a virtual interim meeting on 2021-08-10 from 10:00 to 11:00 America/New_York 
(14:00 to 15:00 UTC).

Agenda:
(No agenda submitted)

Information about remote participation:
https://ietf.webex.com/ietf/j.php?MTID=m4d4b02389fc6f862663a7ac103a9d9ce

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2021-07-13

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
a virtual interim meeting on 2021-07-13 from 10:00 to 11:00 America/New_York 
(14:00 to 15:00 UTC).

Agenda:
(No agenda submitted)

Information about remote participation:
https://ietf.webex.com/ietf/j.php?MTID=m4d4b02389fc6f862663a7ac103a9d9ce

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2021-06-08

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
a virtual interim meeting on 2021-06-08 from 10:00 to 11:00 America/New_York 
(14:00 to 15:00 UTC).

Agenda:
(No agenda submitted)

Information about remote participation:
https://ietf.webex.com/ietf/j.php?MTID=m4d4b02389fc6f862663a7ac103a9d9ce

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2021-05-11

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
a virtual interim meeting on 2021-05-11 from 10:00 to 11:00 America/New_York 
(14:00 to 15:00 UTC).

Agenda:
(No agenda submitted)

Information about remote participation:
https://ietf.webex.com/ietf/j.php?MTID=m4d4b02389fc6f862663a7ac103a9d9ce

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2021-04-13

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
a virtual interim meeting on 2021-04-13 from 10:00 to 11:00 America/New_York 
(14:00 to 15:00 UTC).

Agenda:
(No agenda submitted)

Information about remote participation:
https://ietf.webex.com/ietf/j.php?MTID=m4d4b02389fc6f862663a7ac103a9d9ce

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Interim Meeting Cancelled (was 2021-04-08)

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) virtual 
interim meeting for 2021-04-08 from 10:00 to 11:00 America/New_York
has been cancelled.





___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] WG Action: Rechartered Authentication and Authorization for Constrained Environments (ace)

[The IESG]

The Authentication and Authorization for Constrained Environments (ace) WG in
the Security Area of the IETF has been rechartered. For additional
information, please contact the Area Directors or the WG Chairs.

Authentication and Authorization for Constrained Environments (ace)
---
Current status: Active WG

Chairs:
  Daniel Migault 
  Loganaden Velvindron 

Assigned Area Director:
  Benjamin Kaduk 

Security Area Directors:
  Benjamin Kaduk 
  Roman Danyliw 

Mailing list:
  Address: ace@ietf.org
  To subscribe: https://www.ietf.org/mailman/listinfo/ace
  Archive: https://mailarchive.ietf.org/arch/browse/ace/

Group page: https://datatracker.ietf.org/group/ace/

Charter: https://datatracker.ietf.org/doc/charter-ietf-ace/

The Authentication and Authorization for Constrained Environments (ace) WG
has defined a standardized solution framework for authentication and
authorization to enable authorized access to resources identified by a URI
and hosted on a resource server in constrained environments.

The access to the resource is mediated by an authorization server, which is
not considered to be constrained.

Profiles of this framework for application to security protocols commonly
used in constrained environments, including CoAP+DTLS and CoAP+OSCORE, have
also been standardized.  The Working Group is charged with maintenance of
the framework and existing profiles thereof, and may undertake work to
specify profiles of the framework for additional secure communications
protocols and for additional support services providing authorized access
to crypto keys (that are not necessarily limited to constrained endpoints,
though the focus remains on deployment in ecosystems with a substantial
portion of constrained devices).

In addition to the ongoing maintenance work, the Working Group will extend
the framework (originally designed to protect the exchange between single
client and single RS) as needed for applicability to group communications.
The initial focus will be on using (D)TLS and (Group) OSCORE as the underlying
communication security protocols. The Working Group will standardize
procedures for requesting and distributing group keying material using the ACE
framework as well as appropriated management interfaces.

The Working Group will standardize a format for expressing authorization
information for a given authenticated principal as received from an
authorization manager.

The Working Group will examine how to use Constrained Application Protocol
(CoAP) as a transport medium for certificate enrollment protocols, such as
EST and CMPv2, as well as a transport for authentication protocols such as
EAP (in coordination with the EMU WG), and standardize as needed.

Milestones:

  Nov 2018 - Submit DTLS Profile for ACE to the IESG for publication as a
  proposed standard

  Sep 2020 - WGLC for Group Communications

  Jan 2021 - Adoption call for "CoAP Transport for CMPV2"

  Feb 2021 - Adoption call of "EAP-based Authentication Service for CoAP"

  Feb 2021 - Submission to the IESG of "OSCORE Profile of the Authentication
  and Authorization for Constrained Environments Framework"

  Feb 2021 - Call for adoption of "Protecting EST Payloads with OSCORE"

  Jun 2021 - Submission to IESG of "CoAP Transport for CMPV2" (if adopted)

  Jul 2021 - Submission to the IESG of Pub-Sub Profile for Authentication and
  Authorization for Constrained Environments (ACE)

  Jul 2021 - Submission to the IESG of "An Authorization Information Format
  (AIF) for ACE"

  Jul 2021 - Submission to the IESG of "Key Provisioning for Group
  Communication using ACE"

  Jul 2021 - Submission to the IESG of "Protecting EST Payloads with OSCORE"

  Aug 2021 - Submission to the IESG of "EAP-based Authentication Service for
  CoAP"

  Sep 2021 - Submission to the IESG of "Key Management for OSCORE Groups in
  ACE"

  Dec 2021 - Submission to the IESG of "Admin Interface for the OSCORE Group
  Manager"



___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] WG Review: Authentication and Authorization for Constrained Environments (ace)

[The IESG]

The Authentication and Authorization for Constrained Environments (ace) WG in
the Security Area of the IETF is undergoing rechartering. The IESG has not
made any determination yet. The following draft charter was submitted, and is
provided for informational purposes only. Please send your comments to the
IESG mailing list (i...@ietf.org) by 2021-02-07.

Authentication and Authorization for Constrained Environments (ace)
---
Current status: Active WG

Chairs:
  Daniel Migault 

Assigned Area Director:
  Benjamin Kaduk 

Security Area Directors:
  Benjamin Kaduk 
  Roman Danyliw 

Mailing list:
  Address: ace@ietf.org
  To subscribe: https://www.ietf.org/mailman/listinfo/ace
  Archive: https://mailarchive.ietf.org/arch/browse/ace/

Group page: https://datatracker.ietf.org/group/ace/

Charter: https://datatracker.ietf.org/doc/charter-ietf-ace/

The Authentication and Authorization for Constrained Environments (ace) WG
has defined a standardized solution framework for authentication and
authorization to enable authorized access to resources identified by a URI
and hosted on a resource server in constrained environments.

The access to the resource is mediated by an authorization server, which is
not considered to be constrained.

Profiles of this framework for application to security protocols commonly
used in constrained environments, including CoAP+DTLS and CoAP+OSCORE, have
also been standardized.  The Working Group is charged with maintenance of
the framework and existing profiles thereof, and may undertake work to
specify profiles of the framework for additional secure communications
protocols and for additional support services providing authorized access
to crypto keys (that are not necessarily limited to constrained endpoints,
though the focus remains on deployment in ecosystems with a substantial
portion of constrained devices).

In addition to the ongoing maintenance work, the Working Group will extend
the framework (originally designed to protect the exchange between single
client and single RS) as needed for applicability to group communications.
The initial focus will be on using (D)TLS and (Group) OSCORE as the underlying
communication security protocols. The Working Group will standardize
procedures for requesting and distributing group keying material using the ACE
framework as well as appropriated management interfaces.

The Working Group will standardize a format for expressing authorization
information for a given authenticated principal as received from an
authorization manager.

The Working Group will examine how to use Constrained Application Protocol
(CoAP) as a transport medium for certificate enrollment protocols, such as
EST and CMPv2, as well as a transport for authentication protocols such as
EAP (in coordination with the EMU WG), and standardize as needed.

Milestones:

TBD

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2021-07-08

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
a virtual interim meeting on 2021-07-08 from 10:00 to 11:00 America/New_York 
(14:00 to 15:00 UTC).

Agenda:
(No agenda submitted)

Information about remote participation:
https://ietf.webex.com/ietf/j.php?MTID=mc48894d33bb1c5d7d226c77348caba31

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2021-06-10

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
a virtual interim meeting on 2021-06-10 from 10:00 to 11:00 America/New_York 
(14:00 to 15:00 UTC).

Agenda:
(No agenda submitted)

Information about remote participation:
https://ietf.webex.com/ietf/j.php?MTID=mc48894d33bb1c5d7d226c77348caba31

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2021-05-13

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
a virtual interim meeting on 2021-05-13 from 10:00 to 11:00 America/New_York 
(14:00 to 15:00 UTC).

Agenda:
(No agenda submitted)

Information about remote participation:
https://ietf.webex.com/ietf/j.php?MTID=mc48894d33bb1c5d7d226c77348caba31

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2021-04-08

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
a virtual interim meeting on 2021-04-08 from 10:00 to 11:00 America/New_York 
(14:00 to 15:00 UTC).

Agenda:
(No agenda submitted)

Information about remote participation:
https://ietf.webex.com/ietf/j.php?MTID=mc48894d33bb1c5d7d226c77348caba31

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2021-02-11

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
a virtual interim meeting on 2021-02-11 from 10:00 to 11:00 America/New_York 
(15:00 to 16:00 UTC).

Agenda:
(No agenda submitted)

Information about remote participation:
https://ietf.webex.com/ietf/j.php?MTID=mc48894d33bb1c5d7d226c77348caba31

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2021-01-14

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) WG will 
hold
a virtual interim meeting on 2021-01-14 from 10:00 to 11:00 America/New_York 
(15:00 to 16:00 UTC).

Agenda:
ACE interim meeting
Hosted by Daniel Migault

https://ietf.webex.com/ietf/j.php?MTID=mc48894d33bb1c5d7d226c77348caba31
Thursday, Jan 14, 2021 4:00 pm | 1 hour | (UTC+01:00) Amsterdam, Berlin, Bern, 
Rome, Stockholm, Vienna
Occurs the second Thursday of every month effective 1/14/2021 until 7/8/2021 
from 10:00 AM to 11:00 AM, (UTC-05:00) Eastern Time (US & Canada)
Meeting number: 178 918 7327
Password: RbPSgiDG676
630b07621fef4d6aaf415a240c688145_20210114T15Z

Join by video system
Dial 1789187...@ietf.webex.com
You can also dial 173.243.2.68 and enter your meeting number.

Join by phone
1-650-479-3208 Call-in toll number (US/Canada)
Access code: 178 918 7327

Information about remote participation:
https://ietf.webex.com/ietf/j.php?MTID=mc48894d33bb1c5d7d226c77348caba31

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Last Call: (OSCORE profile of the Authentication and Authorization for Constrained Environments Framework) to Proposed Standard

[The IESG]

The IESG has received a request from the Authentication and Authorization for
Constrained Environments WG (ace) to consider the following document: -
'OSCORE profile of the Authentication and Authorization for Constrained
   Environments Framework'
   as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-c...@ietf.org mailing lists by 2020-07-20. Exceptionally, comments may
be sent to i...@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


   This memo specifies a profile for the Authentication and
   Authorization for Constrained Environments (ACE) framework.  It
   utilizes Object Security for Constrained RESTful Environments
   (OSCORE) to provide communication security, server authentication,
   and proof-of-possession for a key owned by the client and bound to an
   OAuth 2.0 access token.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-ace-oscore-profile/



No IPR declarations have been submitted directly on this I-D.





___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Last Call: (Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE)) to Proposed Standard

[The IESG]

The IESG has received a request from the Authentication and Authorization for
Constrained Environments WG (ace) to consider the following document: -
'Datagram Transport Layer Security (DTLS) Profile for Authentication
   and Authorization for Constrained Environments (ACE)'
   as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-c...@ietf.org mailing lists by 2020-07-20. Exceptionally, comments may
be sent to i...@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


   This specification defines a profile of the ACE framework that allows
   constrained servers to delegate client authentication and
   authorization.  The protocol relies on DTLS version 1.2 for
   communication security between entities in a constrained network
   using either raw public keys or pre-shared keys.  A resource-
   constrained server can use this protocol to delegate management of
   authorization information to a trusted host with less severe
   limitations regarding processing power and memory.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-ace-dtls-authorize/


The following IPR Declarations may be related to this I-D:

   https://datatracker.ietf.org/ipr/3112/






___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2020-06-22

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) Working 
Group will hold
a virtual interim meeting on 2020-06-22 from 10:00 to 11:30 America/New_York 
(14:00 to 15:30 UTC).

Agenda:
(No agenda submitted)

Information about remote participation:
https://ietf.webex.com/ietf/j.php?MTID=md8728a7cd7aa263c70a3c712da89f3ee

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2020-05-18

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) Working 
Group will hold
a virtual interim meeting on 2020-05-18 from 10:00 to 11:30 America/New_York 
(14:00 to 15:30 UTC).

Agenda:
(No agenda submitted)

Information about remote participation:
https://ietf.webex.com/ietf/j.php?MTID=md8728a7cd7aa263c70a3c712da89f3ee

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2020-04-15

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) Working 
Group will hold
a virtual interim meeting on 2020-04-15 from 07:00 to 09:00 America/Los_Angeles 
(14:00 to 16:00 UTC).

Agenda:
Administrivia
ACE Documents stuck with the AD
  - DTLS document
MQTT document
Group Keying Documents
- Framework
- OSCORE
- PubSub (if a new one is published)
Wrap up and closing
- Virutual Interop events for anything?

Information about remote participation:
https://ietf.webex.com/ietf/j.php?MTID=mb5f50b1e50b7e9ad04f89d67ea2e4caf

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2020-02-25

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) Working 
Group will hold
a virtual interim meeting on 2020-02-25 from 11:00 to 12:30 America/New_York.

Agenda:
(No agenda submitted)

Information about remote participation:
https://ietf.webex.com/ietf/j.php?MTID=mef47d467abc73c0a86252d04c0fe24a2

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2020-02-28

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) Working 
Group will hold
a virtual interim meeting on 2020-02-28 from 08:00 to 09:00 America/New_York.

Agenda:
* chairs slides
* status / progress of the current drafts
* draft-ietf-ace-pusub
* 

A more detailed agenda will be provided

Information about remote participation:
https://ietf.webex.com/ietf/j.php?MTID=m6d4d2bbc3dece1e868ab501cc801b271

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Protocol Action: 'EST over secure CoAP (EST-coaps)' to Proposed Standard (draft-ietf-ace-coap-est-18.txt)

[The IESG]

The IESG has approved the following document:
- 'EST over secure CoAP (EST-coaps)'
  (draft-ietf-ace-coap-est-18.txt) as Proposed Standard

This document is the product of the Authentication and Authorization for
Constrained Environments Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ace-coap-est/




Technical Summary

  Enrollment over Secure Transport [RFC 7030] provides a REST style
  interface for doing X.509 certificate enrollment as well as other
  operations to support the enrollments.  This document provides a
  set of procedures to run this REST API using DTLS and CoAP rather
  than TLS and HTTP.

Working Group Summary

  Following adoption of the document progress in the WG was
  smooth.  The major issues in terms of formating and structure
  were worked out prior to WG adoption.

Document Quality

  The document has been reviewed and is directly build on
  RFC 7030.  Prior to the document going into last call three
  different groups of implementers got together and had a
  series of virtual inter-op events.  These lead to several changes
  and clarifications in the document as problems were identified.
  The document mirrors EST in using the tls-unique value for channel
  binding, even though it is now preferred to use TLS exporters instead
  of tls-unique.  The intent is that CoAP-EST will gain support for TLS
  exporters when it is defined for traditional EST, and that the ACE WG
  is not the correct place to do that work.

Personnel

The Document Shepherd is Jim Schaad.
The responsible Area Director is Benjamin Kaduk

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Authentication and Authorization for Constrained Environments (ace) WG Virtual Meeting: 2020-01-31

[IESG Secretary]

The Authentication and Authorization for Constrained Environments (ace) Working 
Group will hold
a virtual interim meeting on 2020-01-31 from 11:00 to 12:30 America/New_York.

Agenda:
* chairs slides (note well, agenda bashing ...)
* draft-ietf-ace-key-groupcomm
* draft-ietf-ace-key-groupcomm-oscore
* draft-ietf-ace-mqtt-tls-profile
* draft-ietf-ace-coap-pubsub-profile
* AOB

Information about remote participation:
ACE Working Group invites you to join this Webex meeting.  Meeting number 
(access code): 641 066 992   Meeting password: akZaYmff Friday, January 31, 
2020  11:00 am  |  (UTC-05:00) Eastern Time (US & Canada)  |  1 hr 30 mins  
Join meeting   Join by phone Tap to call in from a mobile device (attendees 
only) 1-650-479-3208 Call-in toll number (US/Canada)  Join from a video 
system or application Dial 641066...@ietf.webex.com  You can also dial 
173.243.2.68 and enter your meeting number. Join using Microsoft Lync or 
Microsoft Skype for Business Dial 641066992.i...@lync.webex.comNeed help? 
Go to http://help.webex.com

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Last Call: (Additional OAuth Parameters for Authorization in Constrained Environments (ACE)) to Proposed Standard

[The IESG]

The IESG has received a request from the Authentication and Authorization for
Constrained Environments WG (ace) to consider the following document: -
'Additional OAuth Parameters for Authorization in Constrained
   Environments (ACE)'
   as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-c...@ietf.org mailing lists by 2019-12-13. Exceptionally, comments may
be sent to i...@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


   This specification defines new parameters for the OAuth 2.0 token and
   introspection endpoints when used with the framework for
   authentication and authorization for constrained environments (ACE).
   These are used to express the proof-of-possession key the client
   whishes to use, the proof-of-possession key that the AS has selected,
   and the key the RS should use to authenticate to the client.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-ace-oauth-params/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-ace-oauth-params/ballot/


No IPR declarations have been submitted directly on this I-D.




___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Last Call: (Authentication and Authorization for Constrained Environments (ACE) using the OAuth 2.0 Framework (ACE-OAuth)) to Proposed Standard

[The IESG]

The IESG has received a request from the Authentication and Authorization for
Constrained Environments WG (ace) to consider the following document: -
'Authentication and Authorization for Constrained Environments (ACE)
   using the OAuth 2.0 Framework (ACE-OAuth)'
   as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-c...@ietf.org mailing lists by 2019-12-13. Exceptionally, comments may
be sent to i...@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


   This specification defines a framework for authentication and
   authorization in Internet of Things (IoT) environments called ACE-
   OAuth.  The framework is based on a set of building blocks including
   OAuth 2.0 and CoAP, thus transforming a well-known and widely used
   authorization solution into a form suitable for IoT devices.
   Existing specifications are used where possible, but extensions are
   added and profiles are defined to better serve the IoT use cases.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-ace-oauth-authz/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-ace-oauth-authz/ballot/

The following IPR Declarations may be related to this I-D:

   https://datatracker.ietf.org/ipr/3123/



The document contains these normative downward references.
See RFC 3967 for additional information: 
rfc4949: Internet Security Glossary, Version 2 (Informational - Independent 
Submission Editor stream)



___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Protocol Action: 'Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)' to Proposed Standard (draft-ietf-ace-cwt-proof-of-possession-11.txt)

[The IESG]

The IESG has approved the following document:
- 'Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)'
  (draft-ietf-ace-cwt-proof-of-possession-11.txt) as Proposed Standard

This document is the product of the Authentication and Authorization for
Constrained Environments Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ace-cwt-proof-of-possession/




Technical Summary

This document specifies describes how to declare in a CBOR Web Token (CWT)
that the presenter of the CWT possesses a particular proof-of-possession key.
It is a functional equivalent to the proof of possession key semantics in 
JSON Web Tokens (JWTs) (RFC 7800) but using CBOR/CWT instead of JSON/JWT.

Working Group Summary

The WG has reached consensus to publish this protocol specification as a
Proposed Standard so that it tracks the equivalent work with JWTs (RFC 7800).
It has been subjected to review from the community of interest and the details
have been testing through various CWT implementations.

Document Quality

This document went through the usual level of review for the WG.  WGLC
and AD evaluation revealed some issues to address with respect to clarity,
but no major flaws were found.

Personnel

Roman Danyliw is the document shepherd.
Benjamin Kaduk is the responsible AD.

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] Last Call: (Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)) to Proposed Standard

[The IESG]

The IESG has received a request from the Authentication and Authorization for
Constrained Environments WG (ace) to consider the following document: -
'Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)'
   as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
i...@ietf.org mailing lists by 2019-10-09. Exceptionally, comments may be
sent to i...@ietf.org instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.

Abstract


   This specification describes how to declare in a CBOR Web Token (CWT)
   that the presenter of the CWT possesses a particular proof-of-
   possession key.  Being able to prove possession of a key is also
   sometimes described as being the holder-of-key.  This specification
   provides equivalent functionality to "Proof-of-Possession Key
   Semantics for JSON Web Tokens (JWTs)" (RFC 7800) but using CBOR and
   CWTs rather than JSON and JWTs.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-ace-cwt-proof-of-possession/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-ace-cwt-proof-of-possession/ballot/


No IPR declarations have been submitted directly on this I-D.




___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace