wiki:WikiStart

Welcome to the ACE Wiki

ACE Profile Roadmap

In the ACE WG meeting at IETF #99 it was decided to use the Wiki to make a roadmap for the completion of the authorization-related work, in particular the dependencies between the ACE profiles.

Instructions for ACE profile authors: Please verify/fill in the details of the profile in the table. Further information can be detailed below. NOTE: This does not have to be a complete description of the profile, but an outline of what is contributed and how it relates to other profiles.

Profile nameUse caseRole of ClientRole of RSC-RS protocolCom. sec.DependencyImplementations Draft
coap_dtlsGeneric REST accessAny ClientAny RSCoAPDTLS - SICS, jimsch (1)
coap_oscoapGeneric REST accessAny ClientAny RSCoAPOSCOAP - SICS, jimsch (2)
publisherPublish on topicPublisherBrokerCoAPCOSE (1),(2) - (3)
subscriberSubscribe to topicSubscriberBrokerCoAPCOSE (1),(2) - (3)
mqtt_tlsMQTT accesspublisher/subscriberBrokerMQTTTLS Nominet (4)
coap_ipsecGeneric REST accessAny ClientAny RSCoAPIPsec - SICS (5)
.................. ... ... ...

Other ACE profile related drafts

NameUse caseRole of ClientRole of RSC-RS protocolCom. sec.DependencyImplementations Draft
Joining OSCOAP multicast groupsAuthorized access to OSCOAP multicast groupsJoining nodeGroup managerCoAPSame as in ACE profile used (1),(2) Same as ACE profile(6)
Security for Low-Latency Group CommunicationAuthorized access to CoAP multicastJoining nodeGroup managerCoAPSpecified in the document ACE-OAuth, symmetric key group communication security As part of OpenAIS EU funded project(7)
.................. ... ... ...

References

CoAP-DTLS profile:

(1) https://tools.ietf.org/html/draft-ietf-ace-dtls-authorize

OSCOAP profile:

(2) https://tools.ietf.org/html/draft-seitz-ace-oscoap-profile

Publish-Subscribe profile:

(3) https://tools.ietf.org/html/draft-palombini-ace-coap-pubsub-profile

MQTT profile:

(4) https://tools.ietf.org/html/draft-sengul-ace-mqtt-tls-profile

IPsec profile:

(5) https://tools.ietf.org/html/draft-aragon-ace-ipsec-profile

Joining OSCOAP multicast groups:

(6) https://tools.ietf.org/html/draft-tiloca-ace-oscoap-joining

Security for Low-Latency Group Communication:

(7) https://tools.ietf.org/html/draft-somaraju-ace-multicast

Background info

Appendix C of the ACE Framework lists the requirements on profiles of this framework which is the basis for the comparison here. https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-07#appendix-C

  • Profile identifier
  • Communication protocol between client and RS
  • Security protocol between client and RS
  • How the client and the RS mutually authenticate?
  • Specify the Content-format of the protocol messages
  • Proof-of-possession protocol(s) and which key types (e.g. symmetric/asymmetric) are supported
  • Introspection support, and if so,
    • Communication protocol between RS and AS
    • Security protocol between RS and AS
    • How the RS and the AS mutually authenticate?
  • Communication protocol between client and AS
  • Security protocol between client and AS
  • How the client and the AS mutually authenticate?
  • Does the profile define other methods of token transport than the /authz-info endpoint?

Additional items to compare:

  • Use cases
  • Existing implementation
  • Dependency on other profiles
Last modified 8 months ago Last modified on Feb 1, 2018, 7:53:43 AM