< draft-ietf-ace-oauth-authz-31.txt		draft-ietf-ace-oauth-authz-32.txt >
	ACE Working Group L. Seitz		ACE Working Group L. Seitz
	Internet-Draft Combitech		Internet-Draft Combitech
	Intended status: Standards Track G. Selander		Intended status: Standards Track G. Selander
	Expires: July 21, 2020 Ericsson		Expires: August 4, 2020 Ericsson
	E. Wahlstroem		E. Wahlstroem
	S. Erdtman		S. Erdtman
	Spotify AB		Spotify AB
	H. Tschofenig		H. Tschofenig
	Arm Ltd.		Arm Ltd.
	January 18, 2020		February 1, 2020
	Authentication and Authorization for Constrained Environments (ACE)		Authentication and Authorization for Constrained Environments (ACE)
	using the OAuth 2.0 Framework (ACE-OAuth)		using the OAuth 2.0 Framework (ACE-OAuth)
	draft-ietf-ace-oauth-authz-31		draft-ietf-ace-oauth-authz-32
	Abstract		Abstract
	This specification defines a framework for authentication and		This specification defines a framework for authentication and
	authorization in Internet of Things (IoT) environments called ACE-		authorization in Internet of Things (IoT) environments called ACE-
	OAuth. The framework is based on a set of building blocks including		OAuth. The framework is based on a set of building blocks including
	OAuth 2.0 and the Constrained Application Protocol (CoAP), thus		OAuth 2.0 and the Constrained Application Protocol (CoAP), thus
	transforming a well-known and widely used authorization solution into		transforming a well-known and widely used authorization solution into
	a form suitable for IoT devices. Existing specifications are used		a form suitable for IoT devices. Existing specifications are used
	where possible, but extensions are added and profiles are defined to		where possible, but extensions are added and profiles are defined to
	skipping to change at page 1, line 45 ¶		skipping to change at page 1, line 45 ¶
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at https://datatracker.ietf.org/drafts/current/.		Drafts is at https://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on July 21, 2020.		This Internet-Draft will expire on August 4, 2020.
	Copyright Notice		Copyright Notice
	Copyright (c) 2020 IETF Trust and the persons identified as the		Copyright (c) 2020 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(https://trustee.ietf.org/license-info) in effect on the date of		(https://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	skipping to change at page 26, line 42 ¶		skipping to change at page 26, line 42 ¶
	| token_type | RFC 6749 |		| token_type | RFC 6749 |
	| expires_in | RFC 6749 |		| expires_in | RFC 6749 |
	| refresh_token | RFC 6749 |		| refresh_token | RFC 6749 |
	| scope | RFC 6749 |		| scope | RFC 6749 |
	| state | RFC 6749 |		| state | RFC 6749 |
	| error | RFC 6749 |		| error | RFC 6749 |
	| error_description | RFC 6749 |		| error_description | RFC 6749 |
	| error_uri | RFC 6749 |		| error_uri | RFC 6749 |
	| ace_profile | [this document] |		| ace_profile | [this document] |
	| cnf | [I-D.ietf-ace-oauth-params] |		| cnf | [I-D.ietf-ace-oauth-params] |
	| rs_cnf | [I-D.ietf-ace-oauth-params] |		| rs_cnf | [I-D.ietf-ace-oauth-params] |
	\-------------------+-------------------------------/		\-------------------+-------------------------------/
	Figure 8: Access Information parameters		Figure 8: Access Information parameters
	Figure 9 shows a response containing a token and a "cnf" parameter		Figure 9 shows a response containing a token and a "cnf" parameter
	with a symmetric proof-of-possession key, which is defined in		with a symmetric proof-of-possession key, which is defined in
	[I-D.ietf-ace-oauth-params]. Note that the key identifier 'kid' is		[I-D.ietf-ace-oauth-params]. Note that the key identifier 'kid' is
	only used to simplify indexing and retrieving the key, and no		only used to simplify indexing and retrieving the key, and no
	assumptions should be made that it is unique in the domains of either		assumptions should be made that it is unique in the domains of either
	the client or the RS.		the client or the RS.
	skipping to change at page 56, line 40 ¶		skipping to change at page 56, line 40 ¶
	This specification registers the 'application/ace+cbor' media type		This specification registers the 'application/ace+cbor' media type
	for messages of the protocols defined in this document carrying		for messages of the protocols defined in this document carrying
	parameters encoded in CBOR. This registration follows the procedures		parameters encoded in CBOR. This registration follows the procedures
	specified in [RFC6838].		specified in [RFC6838].
	Type name: application		Type name: application
	Subtype name: ace+cbor		Subtype name: ace+cbor
	Required parameters: none		Required parameters: N/A
	Optional parameters: none		Optional parameters: N/A
	Encoding considerations: Must be encoded as CBOR map containing the		Encoding considerations: Must be encoded as CBOR map containing the
	protocol parameters defined in [this document].		protocol parameters defined in [this document].
	Security considerations: See Section 6 of this document.		Security considerations: See Section 6 of [this document]
	Interoperability considerations: n/a		Interoperability considerations: N/A
	Published specification: [this document]		Published specification: [this document]
	Applications that use this media type: The type is used by		Applications that use this media type: The type is used by
	authorization servers, clients and resource servers that support the		authorization servers, clients and resource servers that support the
	ACE framework as specified in [this document].		ACE framework as specified in [this document].
	Additional information:		Fragment identifier considerations: N/A
	Magic number(s): n/a
	File extension(s): .ace
	Macintosh file type code(s): n/a		Additional information: N/A
	Person & email address to contact for further information:		Person & email address to contact for further information:
	<iesg@ietf.org>		<iesg@ietf.org>
	Intended usage: COMMON		Intended usage: COMMON
	Restrictions on usage: None		Restrictions on usage: none
	Author: Ludwig Seitz <ludwig.setiz@combitech.se>		Author: Ludwig Seitz <ludwig.seitz@combitech.se>
	Change controller: IESG		Change controller: IESG
	8.15. CoAP Content-Format Registry		8.15. CoAP Content-Format Registry
	This specification registers the following entry to the "CoAP		This specification registers the following entry to the "CoAP
	Content-Formats" registry:		Content-Formats" registry:
	Media Type: application/ace+cbor		Media Type: application/ace+cbor
	skipping to change at page 61, line 49 ¶		skipping to change at page 61, line 49 ¶
	<https://www.bluetooth.com/specifications/bluetooth-core-		<https://www.bluetooth.com/specifications/bluetooth-core-
	specification/>.		specification/>.
	[I-D.erdtman-ace-rpcc]		[I-D.erdtman-ace-rpcc]
	Seitz, L. and S. Erdtman, "Raw-Public-Key and Pre-Shared-		Seitz, L. and S. Erdtman, "Raw-Public-Key and Pre-Shared-
	Key as OAuth client credentials", draft-erdtman-ace-		Key as OAuth client credentials", draft-erdtman-ace-
	rpcc-02 (work in progress), October 2017.		rpcc-02 (work in progress), October 2017.
	[I-D.ietf-quic-transport]		[I-D.ietf-quic-transport]
	Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed		Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed
	and Secure Transport", draft-ietf-quic-transport-24 (work		and Secure Transport", draft-ietf-quic-transport-25 (work
	in progress), November 2019.		in progress), January 2020.
	[I-D.ietf-tls-dtls13]		[I-D.ietf-tls-dtls13]
	Rescorla, E., Tschofenig, H., and N. Modadugu, "The		Rescorla, E., Tschofenig, H., and N. Modadugu, "The
	Datagram Transport Layer Security (DTLS) Protocol Version		Datagram Transport Layer Security (DTLS) Protocol Version
	1.3", draft-ietf-tls-dtls13-34 (work in progress),		1.3", draft-ietf-tls-dtls13-34 (work in progress),
	November 2019.		November 2019.
	[Margi10impact]		[Margi10impact]
	Margi, C., de Oliveira, B., de Sousa, G., Simplicio Jr,		Margi, C., de Oliveira, B., de Sousa, G., Simplicio Jr,
	M., Barreto, P., Carvalho, T., Naeslund, M., and R. Gold,		M., Barreto, P., Carvalho, T., Naeslund, M., and R. Gold,
End of changes. 14 change blocks.
	19 lines changed or deleted		15 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/