-----Original Message-----
From: Francesca Palombini <francesca.palomb...@ericsson.com>
Sent: Monday, August 31, 2020 5:53 AM
To: Ace Wg <ace@ietf.org>
Cc: ace-cha...@ietf.org
Subject: OSCORE Profile IANA questions
Hi all,
I have two quick questions concerning IANA actions to be done for the OSCORE
profile:
1) The framework (-params) and the profile are currently conflicting on the
registration of parameters, and we need to fix that.
In the framework, parameters that are sent from Client to AS (such as req_cnf)
are registered in the OAuth Parameters Registry as having "Parameter Usage
Location: token request". The OSCORE profile registers parameters sent from
Client to RS (such as nonce1) with "Parameter Usage Location: token request".
The possible "Parameter Usage Location" are "token request" "token response"
"authorization request" "authorization response" (see
https://tools.ietf.org/html/rfc6749#section-11.2.1 ). It seems that
"authorization request/response" are to the Resource Owner, and "token
request/response" are to the Authorization Server. I think the framework is
using the right names, but I am not sure what other location to put there, I
think there is no name for Client-to-RS and RS-to-Client in the registry right
now.
[JLS] Look at the OAuth registries - they have some "standardized" names for
these interactions as well as the RS-AS pair.
Jim
2) The OSCORE profile defines a new registry, the OSCORE Security Context
Parameters registry. The question is where to put this registry? My proposal is
to put it under
https://www.iana.org/assignments/core-parameters/core-parameters.xhtml . Any
objections?
Thanks,
Francesca
_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace