Hello ACE, We have submitted a major updated version of draft-tiloca-ace-group-oscore-profile
https://tools.ietf.org/html/draft-tiloca-ace-group-oscore-profile-02 The document describes a profile of ACE where client and server communicate with Group OSCORE. This supports fine-grained access control in group communication environments, where different group members have different access rights to resources of other group members. This update is mostly about: 1) Clarifying pre-conditions and purpose, as requested by Ben at IETF 106. That is, nodes are required to have joined the OSCORE group first, while this profile is about access control within the group, among current group members. Instead, access control for joining is covered in a different document and is out of scope for this profile. 2) The document body now describing the profile as focused on Group OSCORE as only security protocol. Message formats and examples are updated accordingly. 3) Defining the document content of -01 as optional "dual mode", in Appendix A. This dual mode considers both OSCORE and Group OSCORE as security protocol. Comments are very welcome! Best, /Marco -------- Forwarded Message -------- Subject: New Version Notification for draft-tiloca-ace-group-oscore-profile-02.txt Date: Mon, 09 Mar 2020 12:27:13 -0700 From: internet-dra...@ietf.org To: Rikard Hoeglund <rikard.hogl...@ri.se>, Francesca Palombini <francesca.palomb...@ericsson.com>, Ludwig Seitz <ludwig.se...@combitech.se>, Marco Tiloca <marco.til...@ri.se> A new version of I-D, draft-tiloca-ace-group-oscore-profile-02.txt has been successfully submitted by Marco Tiloca and posted to the IETF repository. Name: draft-tiloca-ace-group-oscore-profile Revision: 02 Title: Group OSCORE Profile of the Authentication and Authorization for Constrained Environments Framework Document date: 2020-03-09 Group: Individual Submission Pages: 53 URL: https://www.ietf.org/internet-drafts/draft-tiloca-ace-group-oscore-profile-02.txt Status: https://datatracker.ietf.org/doc/draft-tiloca-ace-group-oscore-profile/ Htmlized: https://tools.ietf.org/html/draft-tiloca-ace-group-oscore-profile-02 Htmlized: https://datatracker.ietf.org/doc/html/draft-tiloca-ace-group-oscore-profile Diff: https://www.ietf.org/rfcdiff?url2=draft-tiloca-ace-group-oscore-profile-02 Abstract: This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework. The profile uses Group OSCORE to provide communication security between a Client and a (set of) Resource Server(s) as members of an OSCORE Group. The profile securely binds an OAuth 2.0 Access Token with the public key of the Client associated to the signing private key used in the OSCORE group. The profile uses Group OSCORE to achieve server authentication, as well as proof-of-possession for the Client public key. Also, it provides proof of Client's membership to the correct OSCORE group, by binding the Access Token to information from the Group OSCORE Security Context, thus allowing the Resource Server(s) to verify the Client's membership upon receiving a message protected with Group OSCORE from the Client. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
