Use cases for CoRE security

Document Type Expired Internet-Draft (individual)
Authors Ludwig Seitz  , Stefanie Gerdes  , Göran Selander 
Last updated 2014-03-20 (latest revision 2013-09-16)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document presents use cases for security measures in scenarios involving constrained RESTful devices. Special focus is placed on access control and authentication. Where specific details are relevant, it is assumed that the devices use CoAP as communication protocol, however most conclusions apply generally. A number of security requirements are derived from the use cases, which are intended as a guideline for developing a comprehensive authentication and authorization approach for this class of scenarios.


Ludwig Seitz (
Stefanie Gerdes (
Göran Selander (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)