[Ace] Protocol Action: 'Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE)' to Proposed Standard (draft-ietf-ace-dtls-authorize-18
The IESG has approved the following document: - 'Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE)' (draft-ietf-ace-dtls-authorize-18.txt) as Proposed Standard This document is the product of the Authentication and Authorization for Constrained Environments Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-ace-dtls-authorize/ Technical Summary The ACE WG has created a framework for constrained servers to do authentication and authorization using OAuth. This document provides the details for how to use DTLS as the security for protecting and authentication the messages defined in the framework as well as the final client to resource server messages. Working Group Summary The document did not raise any issues during development. Most of the issues were focused on the framework document. Late-stage reviews revealed some issues that affected the framework and all profiles, and thus required changes in this document, but there was nothing particularly specific to this document. Document Quality At least two implementations of prior versions of this document exist. The process of doing these implementations and making sure that they were interoperable was influential in some of the content in the document. Personnel Jim Schaad was the document shepherd. Ben Kaduk is the responsible AD. ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
[Ace] Protocol Action: 'Additional OAuth Parameters for Authorization in Constrained Environments (ACE)' to Proposed Standard (draft-ietf-ace-oauth-params-15.txt)
The IESG has approved the following document: - 'Additional OAuth Parameters for Authorization in Constrained Environments (ACE)' (draft-ietf-ace-oauth-params-15.txt) as Proposed Standard This document is the product of the Authentication and Authorization for Constrained Environments Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-ace-oauth-params/ Technical Summary This specification defines new parameters for the OAuth 2.0 token and introspection endpoints. These parameters are targeted for use with the OAuth protocol adapted for constrained devices. Working Group Summary This document was created and modified in response to issues raised by the OAuth working group. They deal with a case which the ACE OAuth protocol does not currently support, but which may be introduced in OAuth. This document represents a consensus between the two groups. Document Quality There exist at least two implementations which are using these fields as part of the overall work. As noted above there was an issue with the OAuth working group but it has been resolved. Personnel Jim Schaad was the document shepherd. Ben Kaduk is the responsible AD. ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
[Ace] Protocol Action: 'Authentication and Authorization for Constrained Environments (ACE) using the OAuth 2.0 Framework (ACE-OAuth)' to Proposed Standard (draft-ietf-ace-oauth-authz-43.txt)
The IESG has approved the following document: - 'Authentication and Authorization for Constrained Environments (ACE) using the OAuth 2.0 Framework (ACE-OAuth)' (draft-ietf-ace-oauth-authz-43.txt) as Proposed Standard This document is the product of the Authentication and Authorization for Constrained Environments Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-ace-oauth-authz/ Technical Summary This document describes a framework for the use of OAuth 2.0 in a constrained environment. The document is mainly targeted at the protocols defined for CoAP, but other protocols can be used as well. The framework defines the fields and symmantics needed for doing authorization and authenticiation of a client. Working Group Summary The concesus on the document was generally very solid. There were some issues that arose between the ACE and OAuth working groups over a couple of issues. These issues appear to have been resolved. The WG remained fairly active at resolving issues that arose during reviews of other documents that provide "profiles" of this framework. Document Quality There have been at least four different groups who have announced an implementation at some level of the specification. While two of those implementations share a certain amount of common code, there are two implementations which have done interop tests at various times which do not share any code based on this document. The scope and issues of trying to deal with some of the OAuth 2.0 documents can be challenging at times. While it is believed that a good job has been done, there are some potential areas where different people might end up doing new things. Personnel Jim Schaad was the shepherd. Ben Kaduk is the responsible AD. ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace