The Object Security for Constrained RESTful Environments (OSCORE) Profile of the Authentication and Authorization for Constrained Environments (ACE) Framework
draft-ietf-ace-oscore-profile-19
Technical Summary
The OAuth authentication and Authorization for Constrained Devices
provides a message format and framework for moving keys and tokens
between authority servers, clients, and resource servers.
This document provides a set of security services with OSCORE so that the
communication and authorizations can be performed.
Working Group Summary
Once the CoRE document dealing with OSCORE was finalized there was
only one issue of significance. That issue was how to deal
with re-use of tokens in order to make sure that the same
transport key was not going to be regenerated. This has
been addressed.
Document Quality
The document has been fairly extensively vetted. There are
at least two implementations of a version of the document
prior to the WGLC being done.
Personnel
Jim Schaad was the document shepherd. Ben Kaduk is the responsible AD.
RFC Editor Note
RFC Editor Note
This document uses the non-BCP-14 keyword "RECOMMENDS" in a handful
of locations; please help rephrase them to use the "RECOMMENDED" keyword.