OSCORE Profile of the Authentication and Authorization for Constrained Environments Framework
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, The IESG <email@example.com>, firstname.lastname@example.org, Jim Schaad <email@example.com>, firstname.lastname@example.org, email@example.com Subject: Protocol Action: 'OSCORE profile of the Authentication and Authorization for Constrained Environments Framework' to Proposed Standard (draft-ietf-ace-oscore-profile-11.txt) The IESG has approved the following document: - 'OSCORE profile of the Authentication and Authorization for Constrained Environments Framework' (draft-ietf-ace-oscore-profile-11.txt) as Proposed Standard This document is the product of the Authentication and Authorization for Constrained Environments Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-ace-oscore-profile/
Technical Summary The OAuth authentication and Authorization for Constrained Devices provides a message format and framework for moving keys and tokens between authority servers, clients, and resource servers. This document provides a set of security services with OSCORE so that the communication and authorizations can be performed. Working Group Summary Once the CoRE document dealing with OSCORE was finalized there was only one issue of significance. That issue was how to deal with re-use of tokens in order to make sure that the same transport key was not going to be regenerated. This has been addressed. Document Quality The document has been fairly extensively vetted. There are at least two implementations of a version of the document prior to the WGLC being done. Personnel Jim Schaad was the document shepherd. Ben Kaduk is the responsible AD.