idnits 2.17.1 draft-bormann-core-ace-aif-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([I-D.ietf-ace-dtls-authorize], [I-D.seitz-ace-oscoap-profile]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (July 18, 2017) is 2474 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-18) exists of draft-ietf-ace-dtls-authorize-01 == Outdated reference: A later version (-16) exists of draft-irtf-t2trg-iot-seccons-04 == Outdated reference: A later version (-06) exists of draft-seitz-ace-oscoap-profile-03 -- Obsolete informational reference (is this intentional?): RFC 7049 (Obsoleted by RFC 8949) -- Obsolete informational reference (is this intentional?): RFC 7159 (Obsoleted by RFC 8259) Summary: 1 error (**), 0 flaws (~~), 5 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group C. Bormann 3 Internet-Draft Universitaet Bremen TZI 4 Intended status: Informational July 18, 2017 5 Expires: January 19, 2018 7 An Authorization Information Format (AIF) for ACE 8 draft-bormann-core-ace-aif-04 10 Abstract 12 Constrained Devices as they are used in the "Internet of Things" need 13 security. One important element of this security is that devices in 14 the Internet of Things need to be able to decide which operations 15 requested of them should be considered authorized, need to ascertain 16 that the authorization to request the operation does apply to the 17 actual requester, and need to ascertain that other devices they place 18 requests on are the ones they intended. 20 On the ACE mailing list, an activity to create specifications for 21 such authenticated authorization for constrained devices is 22 contemplated, leading to protocol proposals such as 23 [I-D.ietf-ace-dtls-authorize] or [I-D.seitz-ace-oscoap-profile]. 25 One potential work item complementing this protocol work is an 26 Authorization Information Format (AIF). 28 This document provides a strawman for such a format that should 29 enable further discussion of the objectives for its development. 31 Status of This Memo 33 This Internet-Draft is submitted in full conformance with the 34 provisions of BCP 78 and BCP 79. 36 Internet-Drafts are working documents of the Internet Engineering 37 Task Force (IETF). Note that other groups may also distribute 38 working documents as Internet-Drafts. The list of current Internet- 39 Drafts is at http://datatracker.ietf.org/drafts/current/. 41 Internet-Drafts are draft documents valid for a maximum of six months 42 and may be updated, replaced, or obsoleted by other documents at any 43 time. It is inappropriate to use Internet-Drafts as reference 44 material or to cite them other than as "work in progress." 46 This Internet-Draft will expire on January 19, 2018. 48 Copyright Notice 50 Copyright (c) 2017 IETF Trust and the persons identified as the 51 document authors. All rights reserved. 53 This document is subject to BCP 78 and the IETF Trust's Legal 54 Provisions Relating to IETF Documents 55 (http://trustee.ietf.org/license-info) in effect on the date of 56 publication of this document. Please review these documents 57 carefully, as they describe your rights and restrictions with respect 58 to this document. Code Components extracted from this document must 59 include Simplified BSD License text as described in Section 4.e of 60 the Trust Legal Provisions and are provided without warranty as 61 described in the Simplified BSD License. 63 Table of Contents 65 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 66 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 67 2. Information Model . . . . . . . . . . . . . . . . . . . . . . 3 68 2.1. Limitations . . . . . . . . . . . . . . . . . . . . . . . 3 69 3. Data Model . . . . . . . . . . . . . . . . . . . . . . . . . 4 70 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 71 5. Security Considerations . . . . . . . . . . . . . . . . . . . 5 72 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 73 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 74 7.1. Normative References . . . . . . . . . . . . . . . . . . 6 75 7.2. Informative References . . . . . . . . . . . . . . . . . 6 76 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 78 1. Introduction 80 (See Abstract.) 82 1.1. Terminology 84 This memo uses terms from [RFC7252] and [RFC4949]. 86 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 87 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 88 "OPTIONAL" in this document are to be interpreted as described in 89 [RFC2119] when they appear in ALL CAPS. These words may also appear 90 in this document in lower case as plain English words, absent their 91 normative meanings. 93 (Note that this document is itself informational, but it is 94 discussing normative statements.) 95 The term "byte", abbreviated by "B", is used in its now customary 96 sense as a synonym for "octet". 98 2. Information Model 100 Authorizations are generally expressed through some data structures 101 that are cryptographically secured (or transmitted in a secure way). 102 This section discusses the information model underlying the payload 103 of that data (as opposed to the cryptographic armor around it). 105 For the purposes of this strawman, the underlying access control 106 model will be that of an access matrix, which gives a set of 107 permissions for each possible combination of a subject and on object. 109 For the objects, we simply use the URI of a resource on a CoAP 110 server. More specifically, the parts of the URI that identify the 111 server ("authority" in [RFC3986]) are considered the realm of the 112 authentication mechanism (which are handled in the cryptographic 113 armor); we therefore focus on the "path-absolute" and "query" parts 114 of the URI (URI "local-part" in this specification, as expressed by 115 the Uri-Path and Uri-Query options in CoAP). Similarly, we do not 116 concern the AIF format with the subject for which the AIF object is 117 issued, focusing the AIF object on a single row in the access matrix 118 (such a row traditionally is also called a capability list). 120 At the information model level, this leaves a set of pairs of local 121 URIs and related permissions. We simplify the model for the 122 permissions to simply giving the subset of the CoAP methods 123 permitted. This model is summarized in Table 1. 125 +------------+----------------+ 126 | local-part | Permission Set | 127 +------------+----------------+ 128 | /s/light | GET | 129 | | | 130 | /a/led | PUT, GET | 131 | | | 132 | /dtls | POST | 133 +------------+----------------+ 135 Table 1: An authorization instance in the AIF Information Model 137 2.1. Limitations 139 This simple information model only allows granting permissions for 140 static URIs. It is probably necessary to extend the model towards 141 URI templates [RFC6570], however, that requires some considerations 142 of the ease and unambiguity of matching a given URI against a set of 143 templates in an AIF object. 145 This simple information model also doesn't allow conditionalizing 146 access (e.g., "opening a door is allowed if that isn't locked"). 148 Finally, the model does not provide any special access for a set of 149 resources that are specific to a subject, e.g. that the subject 150 created itself by previous operations (PUT, POST) or that were 151 specifically created for the subject by others. 153 3. Data Model 155 For representing the AIF object discussion in Section 2, the 156 permission set is reduced to a single number by the following steps: 158 o The entries in the table that specify the same local-part are 159 merged into a single entry that specifies the union of the 160 permission sets 162 o The methods in the permission sets are converted into their CoAP 163 method numbers, minus 1 165 o The set of numbers is converted into a single number by taking 166 each number to the power of two and computing the inclusive OR of 167 the binary representations of all the numbers. 169 This strawman data model could be interchanged in the JSON [RFC7159] 170 representation given in Figure 1 (more extensible/more compact 171 representations are possible). 173 [["/s/light", 1], ["/a/led", 5], ["/dtls", 2]] 175 Figure 1: An authorization instance encoded in JSON (46 bytes) 177 In CDDL [I-D.greevenbosch-appsawg-cbor-cddl], a straightforward 178 specification of the data model (including both the methods from 179 [RFC7252] and the new ones from [RFC8132], identified by the method 180 code minus 1) is: 182 authorization-info = [* authorization] 183 authorization = [ 184 path: tstr, 185 permissions: uint .bits methods, 186 ] 187 methods = &( 188 GET: 0 189 POST: 1 190 PUT: 2 191 DELETE: 3 192 FETCH: 4 193 PATCH: 5 194 iPATCH: 6 195 ) 197 Figure 2: AIF in CDDL 199 A representation of this information in CBOR [RFC7049] is given in 200 Figure 3; again, several optimizations/improvements are possible. 202 83 # array(3) 203 82 # array(2) 204 68 # text(8) 205 2f732f6c69676874 # "/s/light" 206 01 # unsigned(1) 207 82 # array(2) 208 66 # text(6) 209 2f612f6c6564 # "/a/led" 210 05 # unsigned(5) 211 82 # array(2) 212 65 # text(5) 213 2f64746c73 # "/dtls" 214 02 # unsigned(2) 216 Figure 3: An authorization instance encoded in CBOR (29 bytes) 218 4. IANA Considerations 220 This document makes no requirements on IANA. (This section to be 221 removed by RFC editor.) 223 5. Security Considerations 225 (TBD. Some issues are already discussed in the security 226 considerations of [RFC7252] and in [I-D.irtf-t2trg-iot-seccons].) 228 6. Acknowledgements 230 TBD 232 7. References 234 7.1. Normative References 236 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 237 Requirement Levels", BCP 14, RFC 2119, 238 DOI 10.17487/RFC2119, March 1997, 239 . 241 [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", 242 FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, 243 . 245 [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained 246 Application Protocol (CoAP)", RFC 7252, 247 DOI 10.17487/RFC7252, June 2014, 248 . 250 7.2. Informative References 252 [I-D.greevenbosch-appsawg-cbor-cddl] 253 Birkholz, H., Vigano, C., and C. Bormann, "Concise data 254 definition language (CDDL): a notational convention to 255 express CBOR data structures", draft-greevenbosch-appsawg- 256 cbor-cddl-11 (work in progress), July 2017. 258 [I-D.ietf-ace-dtls-authorize] 259 Gerdes, S., Bergmann, O., Bormann, C., Selander, G., and 260 L. Seitz, "Datagram Transport Layer Security (DTLS) 261 Profile for Authentication and Authorization for 262 Constrained Environments (ACE)", draft-ietf-ace-dtls- 263 authorize-01 (work in progress), July 2017. 265 [I-D.irtf-t2trg-iot-seccons] 266 Garcia-Morchon, O., Kumar, S., and M. Sethi, "State-of- 267 the-Art and Challenges for the Internet of Things 268 Security", draft-irtf-t2trg-iot-seccons-04 (work in 269 progress), June 2017. 271 [I-D.seitz-ace-oscoap-profile] 272 Seitz, L., Gunnarsson, M., and F. Palombini, "OSCOAP 273 profile of ACE", draft-seitz-ace-oscoap-profile-03 (work 274 in progress), June 2017. 276 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 277 Resource Identifier (URI): Generic Syntax", STD 66, 278 RFC 3986, DOI 10.17487/RFC3986, January 2005, 279 . 281 [RFC6570] Gregorio, J., Fielding, R., Hadley, M., Nottingham, M., 282 and D. Orchard, "URI Template", RFC 6570, 283 DOI 10.17487/RFC6570, March 2012, 284 . 286 [RFC7049] Bormann, C. and P. Hoffman, "Concise Binary Object 287 Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049, 288 October 2013, . 290 [RFC7159] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data 291 Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March 292 2014, . 294 [RFC8132] van der Stok, P., Bormann, C., and A. Sehgal, "PATCH and 295 FETCH Methods for the Constrained Application Protocol 296 (CoAP)", RFC 8132, DOI 10.17487/RFC8132, April 2017, 297 . 299 Author's Address 301 Carsten Bormann 302 Universitaet Bremen TZI 303 Postfach 330440 304 Bremen D-28359 305 Germany 307 Phone: +49-421-218-63921 308 Email: cabo@tzi.org