Hi Ludwig and ACE ML, Thank you very much Ludwig for your effort, I have not yet read the new version of the draft, but I already had some thoughts about the "Client Token" (CT) concept, so I give a partial response to your questions (also in the hope to trigger the discussion on the ML):
a) I think the Use Case the CT is trying to solve is VERY relevant. b) I think is a reasonable solution; I need to study it more to give a full answer, but as a starting point seems to be the tool to solve the problem. Another concern I have is to analyze how this will impact interaction will vanilla OAuth 2.0 entities (as you mentioned). c) - Thank you very much for the Java implementation! Lots lots lots of work I imagine. I will try to test it and give feedback. Regards, and have a good weekend Renzo On Mon, Feb 6, 2017 at 9:37 AM, Ludwig Seitz <lud...@sics.se> wrote: > Hello ACE, > > I have posted an update of our draft, please see the changelog for what has > been updated. > > I am in the middle of implementing this, and I'd encourage others to do so > as well (https://bitbucket.org/lseitz/ace-java). > > I would also welcome review comments, especially on the Client Token (CT) > concept which is probably the most radical change wrt vanilla OAuth 2.0. I > would like you to specially consider the following questions: > > a.) Do you think the usecase for CT is valid? > > b.) Do you think CT is a reasonable solution for the usecase? > (alternative solutions or suggestions for improvement are welcome) > > c.) Should the CT (or an alternative solution) be part of this draft or > should it be a separate draft (or none at all)? > > Regards, > > Ludwig > > > -------- Forwarded Message -------- > > A new version of I-D, draft-ietf-ace-oauth-authz-05.txt > has been successfully submitted by Ludwig Seitz and posted to the > IETF repository. > > Name: draft-ietf-ace-oauth-authz > Revision: 05 > Title: Authentication and Authorization for Constrained > Environments (ACE) > Document date: 2017-02-03 > Group: ace > Pages: 62 > URL: https://www.ietf.org/internet-drafts/draft-ietf-ace-oauth-authz-05.txt > Status: https://datatracker.ietf.org/doc/draft-ietf-ace-oauth-authz/ > Htmlized: https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-05 > Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-ace-oauth-authz-05 > > Abstract: > This specification defines a framework for authentication and > authorization in Internet of Things (IoT) environments. The > framework is based on a set of building blocks including OAuth 2.0 > and CoAP, thus making a well-known and widely used authorization > solution suitable for IoT devices. Existing specifications are used > where possible, but where the constraints of IoT devices require it, > extensions are added and profiles are defined. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace > _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace