I do not seem to have been doing a good job of explaining the issue that I am raising here, so I am going to go scenario based for a description.
* I get an access token from an AS with a scope of [ "coap://multicast-01", ["responder"]] * I join the group associated with that address * I then decide to send the message below out encrypted with the group symmetric key and signed with the public key I registered during the join GET coap://multicast-01/resource1 * The server TimeX receives the above message. It starts to process the message by checking the signature - that passes. It then decrypts the message and that succeeds. It then processes the get request because it does not know that this is a violation of the scope assigned to me by the AS. This will not happen for the MQTT profile as long as the AS (singular or plural) are setup correctly as the MQTT broker would not allow the publish operation to occur as it also has the set of operation permissions to enforce. The only way that I know for the server TimeX to enforce the allowable operations is for that information to be propagated along with the signature public key from the KDC to the server. One can create a similar scenario on the other side where a client sends a response when it is only authorized as a "requester". Jim _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace