The IESG has approved the following document: - 'Key Management for Group Object Security for Constrained RESTful Environments (Group OSCORE) Using Authentication and Authorization for Constrained Environments (ACE)' (draft-ietf-ace-key-groupcomm-oscore-21.txt) as Proposed Standard
This document is the product of the Authentication and Authorization for Constrained Environments Working Group. The IESG contact persons are Paul Wouters and Deb Cooley. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-ace-key-groupcomm-oscore/ Technical Summary This document defines an application profile of the Authentication and Authorization for Constrained Environments (ACE) framework, to request and provision keying material in group communication scenarios that are based on the Constrained Application Protocol (CoAP) and are secured with Group Object Security for Constrained RESTful Environments (Group OSCORE). This application profile delegates the authentication and authorization of Clients, which join an OSCORE group through a Resource Server acting as Group Manager for that group. This application profile leverages protocol-specific transport profiles of ACE to achieve communication security, server authentication, and proof of possession for a key owned by the Client and bound to an OAuth 2.0 access token. Working Group Summary Consensus was broad and the authors were very responsible to all feedback including the IETF LC Directorate feedback. Document Quality An implementation in Java of the content of the document is available at [1]. The implementation builds on Key Provisioning for Group Communication using ACE (draft-ietf-ace-key-groupcomm) and ACE framework for Authentication and Authorization (RFC9200), as the document subject to this write-up itself does. [1] https://bitbucket.org/marco-tiloca-sics/ace-java/ Personnel The Document Shepherd for this document is Rikard Höglund. The Responsible Area Director is Paul Wouters. _______________________________________________ IETF-Announce mailing list -- [email protected] To unsubscribe send an email to [email protected]
