Hi all, In off-list discussion the differences between OAuth-ACE, OCF and LwM2M was discussed. One of the distinguishing features of OAuth-ACE is that it allows user authentication and authorization to be conveniently provided and integrated into an already existing ecosystem.
However, after re-reading the OAuth-ACE draft I noticed that the use of a smart phone / tablet for accessing IoT devices is actually not well supported due to the decisions made around profiles. Hence, I created a pull request that relaxes the OAuth-ACE profiles in the following way: * It allows profiles to specify what protocols and encodings they use on the client to AS interface (in addition to the client to RS interface). * It allows the use of HTTPS and JSON encoding on the client to AS interface. Hence, this allows a client to request a CWT-based PoP token using HTTPS from an RS. Here is the pull request: https://github.com/ace-wg/ace-oauth/pull/129 Thoughts? Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
