draft-ietf-ace-dtls-authorize-01.txt   draft-ietf-ace-dtls-authorize-02.txt 
ACE Working Group S. Gerdes ACE Working Group S. Gerdes
Internet-Draft O. Bergmann Internet-Draft O. Bergmann
Intended status: Standards Track C. Bormann Intended status: Standards Track C. Bormann
Expires: January 4, 2018 Universitaet Bremen TZI Expires: May 3, 2018 Universitaet Bremen TZI
G. Selander G. Selander
Ericsson Ericsson
L. Seitz L. Seitz
RISE SICS RISE SICS
July 03, 2017 October 30, 2017
Datagram Transport Layer Security (DTLS) Profile for Authentication and Datagram Transport Layer Security (DTLS) Profiles for Authentication and
Authorization for Constrained Environments (ACE) Authorization for Constrained Environments (ACE)
draft-ietf-ace-dtls-authorize-01 draft-ietf-ace-dtls-authorize-02
Abstract Abstract
This specification defines a profile for delegating client This specification defines two profiles for delegating client
authentication and authorization in a constrained environment by authentication and authorization in a constrained environment by
establishing a Datagram Transport Layer Security (DTLS) channel establishing a Datagram Transport Layer Security (DTLS) channel
between resource-constrained nodes. The protocol relies on DTLS for between resource-constrained nodes. The protocol relies on DTLS for
communication security between entities in a constrained network. A communication security between entities in a constrained network
resource-constrained node can use this protocol to delegate using either raw public keys or pre-shared keys. A resource-
management of authorization information to a trusted host with less constrained node can use this protocol to delegate management of
severe limitations regarding processing power and memory. authorization information to a trusted host with less severe
limitations regarding processing power and memory.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 4, 2018. This Internet-Draft will expire on May 3, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 20 skipping to change at page 2, line 25
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 3 2. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Unauthorized Resource Request Message . . . . . . . . . . 5 2.1. Resource Access . . . . . . . . . . . . . . . . . . . . . 5
2.2. AS Information . . . . . . . . . . . . . . . . . . . . . 6 2.2. Dynamic Update of Authorization Information . . . . . . . 6
2.3. Resource Access . . . . . . . . . . . . . . . . . . . . . 7 2.3. Token Expiration . . . . . . . . . . . . . . . . . . . . 7
2.4. Dynamic Update of Authorization Information . . . . . . . 8 3. RawPublicKey Mode . . . . . . . . . . . . . . . . . . . . . . 8
3. RawPublicKey Mode . . . . . . . . . . . . . . . . . . . . . . 9
4. PreSharedKey Mode . . . . . . . . . . . . . . . . . . . . . . 10 4. PreSharedKey Mode . . . . . . . . . . . . . . . . . . . . . . 10
4.1. DTLS Channel Setup Between C and RS . . . . . . . . . . . 11 4.1. DTLS Channel Setup Between C and RS . . . . . . . . . . . 11
4.2. Updating Authorization Information . . . . . . . . . . . 13 4.2. Updating Authorization Information . . . . . . . . . . . 13
5. Security Considerations . . . . . . . . . . . . . . . . . . . 13 5. Security Considerations . . . . . . . . . . . . . . . . . . . 13
5.1. Unprotected AS Information . . . . . . . . . . . . . . . 14 6. Privacy Considerations . . . . . . . . . . . . . . . . . . . 13
5.2. Use of Nonces for Replay Protection . . . . . . . . . . . 14 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
5.3. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 14 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 14
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 8.1. Normative References . . . . . . . . . . . . . . . . . . 14
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 8.2. Informative References . . . . . . . . . . . . . . . . . 15
7.1. Normative References . . . . . . . . . . . . . . . . . . 14 8.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 16
7.2. Informative References . . . . . . . . . . . . . . . . . 15
7.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction 1. Introduction
This specification defines a profile of the ACE framework This specification defines a profile of the ACE framework
[I-D.ietf-ace-oauth-authz]. In this profile, a client and a resource [I-D.ietf-ace-oauth-authz]. In this profile, a client and a resource
server use CoAP [RFC7252] over DTLS [RFC6347] to communicate. The server use CoAP [RFC7252] over DTLS [RFC6347] to communicate. The
client uses an access token, bound to a key (the proof-of-possession client uses an access token, bound to a key (the proof-of-possession
key) to authorize its access to the resource server. DTLS provides key) to authorize its access to protected resources hosted by the
communication security, proof of possession, and server resource server. DTLS provides communication security, proof of
authentication. Optionally the client and the resource server may possession, and server authentication. Optionally the client and the
also use CoAP over DTLS to communicate with the authorization server. resource server may also use CoAP over DTLS to communicate with the
This specification supports the DTLS handshake with Raw Public Keys authorization server. This specification supports the DTLS handshake
(RPK) [RFC7250] and the DTLS PSK handshake [RFC4279]. with Raw Public Keys (RPK) [RFC7250] and the DTLS handshake with Pre-
Shared Keys (PSK) [RFC4279].
The DTLS RPK handshake [RFC7250] requires client authentication to The DTLS RPK handshake [RFC7250] requires client authentication to
provide proof-of-possession for the key tied to the access token. provide proof-of-possession for the key tied to the access token.
Here the access token needs to be transferred to the resource server Here the access token needs to be transferred to the resource server
before the handshake is initiated, as described in section 8.1 of before the handshake is initiated, as described in section 5.8.1 of
draft-ietf-ace-oauth-authz. [1] draft-ietf-ace-oauth-authz [1].
The DTLS PSK handshake [RFC4279] provides the proof-of-possession for The DTLS PSK handshake [RFC4279] provides the proof-of-possession for
the key tied to the access token. Furthermore the psk_identity the key tied to the access token. Furthermore the psk_identity
parameter in the DTLS PSK handshake is used to transfer the access parameter in the DTLS PSK handshake is used to transfer the access
token from the client to the resource server. token from the client to the resource server.
Note: While the scope of this draft is on client and resource server Note: While the scope of this draft is on client and resource server
communicating using CoAP over DTLS, it is expected that it applies communicating using CoAP over DTLS, it is expected that it applies
also to CoAP over TLS, possibly with minor modifications. also to CoAP over TLS, possibly with minor modifications.
However, that is out of scope for this version of the draft. However, that is out of scope for this version of the draft.
1.1. Terminology 1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
document are to be interpreted as described in RFC 2119 [RFC2119]. "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
Readers are expected to be familiar with the terms and concepts Readers are expected to be familiar with the terms and concepts
described in [I-D.ietf-ace-oauth-authz]. described in [I-D.ietf-ace-oauth-authz].
2. Protocol Overview 2. Protocol Overview
The CoAP-DTLS profile for ACE specifies the transfer of The CoAP-DTLS profile for ACE specifies the transfer of
authentication and, if necessary, authorization information between C authentication and, if necessary, authorization information between
and RS during setup of a DTLS session for CoAP messaging. It also the client C and the resource server RS during setup of a DTLS
specifies how a Client can use CoAP over DTLS to retrieve an Access session for CoAP messaging. It also specifies how a Client can use
Token from AS for a protected resource hosted on RS. CoAP over DTLS to retrieve an Access Token from the authorization
server AS for a protected resource hosted on the resource server RS.
This profile requires a Client (C) to retrieve an Access Token for This profile requires a Client (C) to retrieve an Access Token for
the resource(s) it wants to access on a Resource Server (RS) as the resource(s) it wants to access on a Resource Server (RS) as
specified in [I-D.ietf-ace-oauth-authz]. Figure 1 shows the typical specified in [I-D.ietf-ace-oauth-authz]. Figure 1 shows the typical
message flow in this scenario (messages in square brackets are message flow in this scenario (messages in square brackets are
optional): optional):
C RS AS C RS AS
| [-- Resource Request --->] | | | [-- Resource Request --->] | |
| | | | | |
| [<----- AS Information --] | | | [<----- AS Information --] | |
| | | | | |
| --- Token Request ----------------------------> | | --- Token Request ----------------------------> |
| | | | | |
| <---------------------------- Access Token ----- | | <---------------------------- Access Token ----- |
| + RS Information | | + RS Information |
Figure 1: Retrieving an Access Token Figure 1: Retrieving an Access Token
To determine the AS in charge of a resource hosted at the RS, C MAY To determine the AS in charge of a resource hosted at the RS, the
send an initial Unauthorized Resource Request message to RS. RS then client C MAY send an initial Unauthorized Resource Request message to
denies the request and sends the address of its AS back to C. the RS. The RS then denies the request and sends the address of its
AS back to the client C.
Instead of the initial Unauthorized Resource Request message, C MAY
look up the desired resource in a resource directory (cf.
[I-D.ietf-core-resource-directory]).
Once C knows AS's address, it can send an Access Token request to the Once the client C knows the authorization server's address, it can
/token endpoint at the AS as specified in [I-D.ietf-ace-oauth-authz]. send an Access Token request to the token endpoint at the AS as
If C wants to use the CoAP RawPublicKey mode as described in specified in [I-D.ietf-ace-oauth-authz]. If C wants to use the CoAP
Section 9 of RFC 7252 [2] it MUST provide a key or key identifier RawPublicKey mode as described in Section 9 of RFC 7252 [2] it MUST
within a "cnf" object in the token request. If AS decides that the provide a key or key identifier within a "cnf" object in the token
request is to be authorized it generates an access token response for request. If the authorization server AS decides that the request is
to be authorized it generates an access token response for the client
C containing a "profile" parameter with the value "coap_dtls" to C containing a "profile" parameter with the value "coap_dtls" to
indicate that this profile MUST be used for communication between C indicate that this profile MUST be used for communication between the
and RS. Is also adds a "cnf" parameter with additional data for the client C and the resource server. Is also adds a "cnf" parameter
establishment of a secure DTLS channel between C and RS. The with additional data for the establishment of a secure DTLS channel
semantics of the 'cnf' parameter depend on the type of key used between the client and the resource server. The semantics of the
between C and RS, see Section 3 and Section 4. 'cnf' parameter depend on the type of key used between the client and
the resource server, see Section 3 and Section 4.
The Access Token returned by AS then can be used by C to establish a The Access Token returned by the authorization server then can be
new DTLS session with RS. When C intends to use asymmetric used by the client to establish a new DTLS session with the resource
cryptography in the DTLS handshake with RS, C MUST upload the Access server. When the client intends to use asymmetric cryptography in
Token to the "/authz-info" resource on RS before starting the DTLS the DTLS handshake with the resource server, the client MUST upload
handshake, as described in section 8.1 of draft-ietf-ace-oauth-authz the Access Token to the authz-info resource on the resource server
[3]. If only symmetric cryptography is used between C and RS, the before starting the DTLS handshake, as described in section 5.8.1 of
Access Token MAY instead be transferred in the DTLS ClientKeyExchange draft-ietf-ace-oauth-authz [3]. If only symmetric cryptography is
message (see Section 4.1). used between the client and the resource server, the Access Token MAY
instead be transferred in the DTLS ClientKeyExchange message (see
Section 4.1).
Figure 2 depicts the common protocol flow for the DTLS profile after Figure 2 depicts the common protocol flow for the DTLS profile after
C has retrieved the Access Token from AS. the client C has retrieved the Access Token from the authorization
server AS.
C RS AS C RS AS
| [--- Access Token ------>] | | | [--- Access Token ------>] | |
| | | | | |
| <== DTLS channel setup ==> | | | <== DTLS channel setup ==> | |
| | | | | |
| == Authorized Request ===> | | | == Authorized Request ===> | |
| | | | | |
| <=== Protected Resource == | | | <=== Protected Resource == | |
Figure 2: Protocol overview Figure 2: Protocol overview
The following sections specify how CoAP is used to interchange The following sections specify how CoAP is used to interchange
access-related data between RS and AS so that AS can provide C and RS access-related data between the resource server and the authorization
with sufficient information to establish a secure channel, and convey server so that the authorization server can provide the client and
authorization information specific for this communication the resource server with sufficient information to establish a secure
relationship to RS. channel, and convey authorization information specific for this
communication relationship to the resource server.
Depending on the desired CoAP security mode, the Client-to-AS Depending on the desired CoAP security mode, the Client-to-AS
request, AS-to-Client response and DTLS session establishment carry request, AS-to-Client response and DTLS session establishment carry
slightly different information. Section 3 addresses the use of raw slightly different information. Section 3 addresses the use of raw
public keys while Section 4 defines how pre-shared keys are used in public keys while Section 4 defines how pre-shared keys are used in
this profile. this profile.
2.1. Unauthorized Resource Request Message 2.1. Resource Access
The optional Unauthorized Resource Request message is a request for a
resource hosted by RS for which no proper authorization is granted.
RS MUST treat any CoAP request for a resource other than "/authz-
info" as Unauthorized Resource Request message when any of the
following holds:
o The request has been received on an unprotected channel.
o RS has no valid access token for the sender of the request
regarding the requested action on that resource.
o RS has a valid access token for the sender of the request, but
this does not allow the requested action on the requested
resource.
Note: These conditions ensure that RS can handle requests
autonomously once access was granted and a secure channel has been
established between C and RS. The resource "/authz-info" is publicly
accessible to be able to upload new access tokens to RS (cf.
[I-D.ietf-ace-oauth-authz]).
Unauthorized Resource Request messages MUST be denied with a client
error response. In this response, the Resource Server SHOULD provide
proper AS Information to enable the Client to request an access token
from RS's Authorization Server as described in Section 2.2.
The response code MUST be 4.01 (Unauthorized) in case the sender of
the Unauthorized Resource Request message is not authenticated, or if
RS has no valid access token for C. If RS has an access token for C
but not for the resource that C has requested, RS MUST reject the
request with a 4.03 (Forbidden). If RS has an access token for C but
it does not cover the action C requested on the resource, RS MUST
reject the request with a 4.05 (Method Not Allowed).
Note: The use of the response codes 4.03 and 4.05 is intended to
prevent infinite loops where a dumb Client optimistically tries to
access a requested resource with any access token received from
AS. As malicious clients could pretend to be C to determine C's
privileges, these detailed response codes must be used only when a
certain level of security is already available which can be
achieved only when the Client is authenticated.
2.2. AS Information
The AS Information is sent by RS as a response to an Unauthorized
Resource Request message (see Section 2.1) to point the sender of the
Unauthorized Resource Request message to RS's AS. The AS information
is a set of attributes containing an absolute URI (see Section 4.3 of
[RFC3986]) that specifies the AS in charge of RS.
TBD: We might not want to add more parameters in the AS information
because
this would not only reveal too much information about RS's
capabilities to unauthorized peers but also be of little value as
C cannot really trust that information anyway.
The message MAY also contain a nonce generated by RS to ensure
freshness in case that the RS and AS do not have synchronized clocks.
Figure 3 shows an example for an AS Information message payload using
CBOR [RFC7049] diagnostic notation.
4.01 Unauthorized
Content-Format: application/ace+cbor
{AS: "coaps://as.example.com/token",
nonce: h'e0a156bb3f'}
Figure 3: AS Information payload example
In this example, the attribute AS points the receiver of this message
to the URI "coaps://as.example.com/token" to request access
permissions. The originator of the AS Information payload (i.e., RS)
uses a local clock that is loosely synchronized with a time scale
common between RS and AS (e.g., wall clock time). Therefore, it has
included a parameter "nonce" for replay attack prevention (c.f.
Section 5.2).
Note: There is an ongoing discussion how freshness of access tokens
can be achieved in constrained environments. This specification
for now assumes that RS and AS do not have a common understanding
of time that allows RS to achieve its security objectives without
explicitly adding a nonce.
The examples in this document are written in CBOR diagnostic notation
to improve readability. Figure 4 illustrates the binary encoding of
the message payload shown in Figure 3.
a2 # map(2)
00 # unsigned(0) (=AS)
78 1c # text(28)
636f6170733a2f2f61732e657861
6d706c652e636f6d2f746f6b656e # "coaps://as.example.com/token"
05 # unsigned(5) (=nonce)
45 # bytes(5)
e0a156bb3f
Figure 4: AS Information example encoded in CBOR
2.3. Resource Access
Once a DTLS channel has been established as described in Section 3 Once a DTLS channel has been established as described in Section 3
and Section 4, respectively, C is authorized to access resources and Section 4, respectively, the client is authorized to access
covered by the Access Token it has uploaded to the "/authz-info" resources covered by the Access Token it has uploaded to the authz-
resource hosted by RS. info resource hosted by the resource server.
On the server side (i.e., RS), successful establishment of the DTLS On the resource server side, successful establishment of the DTLS
channel binds C to the access token, functioning as a proof-of- channel binds the client to the access token, functioning as a proof-
possession associated key. Any request that RS receives on this of-possession associated key. Any request that the resource server
channel MUST be checked against these authorization rules that are receives on this channel MUST be checked against these authorization
associated with the identity of C. Incoming CoAP requests that are rules that are associated with the identity of the client. Incoming
not authorized with respect to any Access Token that is associated CoAP requests that are not authorized with respect to any Access
with C MUST be rejected by RS with 4.01 response as described in Token that is associated with the client MUST be rejected by the
Section 2.1. resource server with 4.01 response as described in Section 5.1.1 of
draft-ietf-ace-oauth-authz [4].
Note: The identity of C is determined by the authentication process Note: The identity of the client is determined by the authentication
process
during the DTLS handshake. In the asymmetric case, the public key during the DTLS handshake. In the asymmetric case, the public key
will define C's identity, while in the PSK case, C's identity is will define the client's identity, while in the PSK case, the
defined by the session key generated by AS for this communication. client's identity is defined by the session key generated by the
authorization server for this communication.
RS SHOULD treat an incoming CoAP request as authorized if the The resource server SHOULD treat an incoming CoAP request as
following holds: authorized if the following holds:
1. The message was received on a secure channel that has been 1. The message was received on a secure channel that has been
established using the procedure defined in this document. established using the procedure defined in this document.
2. The authorization information tied to the sending peer is valid. 2. The authorization information tied to the sending peer is valid.
3. The request is destined for RS. 3. The request is destined for the resource server.
4. The resource URI specified in the request is covered by the 4. The resource URI specified in the request is covered by the
authorization information. authorization information.
5. The request method is an authorized action on the resource with 5. The request method is an authorized action on the resource with
respect to the authorization information. respect to the authorization information.
Incoming CoAP requests received on a secure DTLS channel MUST be Incoming CoAP requests received on a secure DTLS channel MUST be
rejected rejected according to [Section 5.1.1 of draft-ietf-ace-oauth-
authz](https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-
08#section-5.1.1
1. with response code 4.03 (Forbidden) when the resource URI 1. with response code 4.03 (Forbidden) when the resource URI
specified in the request is not covered by the authorization specified in the request is not covered by the authorization
information, and information, and
2. with response code 4.05 (Method Not Allowed) when the resource 2. with response code 4.05 (Method Not Allowed) when the resource
URI specified in the request covered by the authorization URI specified in the request covered by the authorization
information but not the requested action. information but not the requested action.
C cannot always know a priori if a Authorized Resource Request will The client cannot always know a priori if an Authorized Resource
succeed. If C repeatedly gets AS Information messages (cf. Request will succeed. If the client repeatedly gets error responses
Section 2.2) as response to its requests, it SHOULD request a new containing AS Information (cf. Section 5.1.1 of draft-ietf-ace-
Access Token from AS in order to continue communication with RS. oauth-authz [5] as response to its requests, it SHOULD request a new
Access Token from the authorization server in order to continue
communication with the resource server.
2.4. Dynamic Update of Authorization Information 2.2. Dynamic Update of Authorization Information
The Client can update the authorization information stored at RS at The client can update the authorization information stored at the
any time. To do so, the Client requests from AS a new Access Token resource server at any time without changing an established DTLS
for the intended action on the respective resource and uploads this session. To do so, the Client requests from the authorization server
Access Token to the "/authz-info" resource on RS. a new Access Token for the intended action on the respective resource
and uploads this Access Token to the authz-info resource on the
resource server.
Figure 5 depicts the message flow where C requests a new Access Token Figure 3 depicts the message flow where the client C requests a new
after a security association between C and RS has been established Access Token after a security association between the client and the
using this protocol. resource server RS has been established using this protocol. The
token request MUST specify the key identifier of the existing DTLS
channel between the client and the resource server in the "kid"
parameter of the Client-to-AS request. The authorization server MUST
verify that the specified "kid" denotes a valid verifier for a proof-
of-possession ticket that has previously been issued to the
requesting client. Otherwise, the Client-to-AS request MUST be
declined with a the error code "unsupported_pop_key" as defined in
Section 5.6.3 of draft-ietf-ace-oauth-authz [6].
When the authorization server issues a new access token to update
existing authorization information it MUST include the specified
"kid" parameter in this access token. A resource server MUST
associate the updated authorization information with any existing
DTLS session that is identified by this key identifier.
Note: By associating the access tokens with the identifier of an
existing DTLS session, the authorization information can be
updated without changing the cryptographic keys for the DTLS
communication between the client and the resource server, i.e. an
existing session can be used with updated permissions.
C RS AS C RS AS
| <===== DTLS channel =====> | | | <===== DTLS channel =====> | |
| + Access Token | | | + Access Token | |
| | | | | |
| --- Token Request ----------------------------> | | --- Token Request ----------------------------> |
| | | | | |
| <---------------------------- New Access Token - | | <---------------------------- New Access Token - |
| + RS Information | | + RS Information |
| | | | | |
| --- Update /authz-info --> | | | --- Update /authz-info --> | |
| New Access Token | | | New Access Token | |
| | | | | |
| == Authorized Request ===> | | | == Authorized Request ===> | |
| | | | | |
| <=== Protected Resource == | | | <=== Protected Resource == | |
Figure 5: Overview of Dynamic Update Operation Figure 3: Overview of Dynamic Update Operation
2.3. Token Expiration
DTLS sessions that have been established in accordance with this
profile are always tied to a specific set of access tokens. As these
tokens may become invalid at any time (either because the token has
expired or the responsible authorization server has revoked the
token), the session may become useless at some point. A resource
server therefore may decide to terminate existing DTLS sessions after
the last valid access token for this session has been deleted.
As specified in section 5.8.2 of draft-ietf-ace-oauth-authz [7], the
resource server MUST notify the client with an error response with
code 4.01 (Unauthorized) for any long running request before
terminating the session.
The resource server MAY also keep the session alive for some time and
respond to incoming requests with a 4.01 (Unauthorized) error message
including AS Information to signal that the client needs to upload a
new access token before it can continue using this DTLS session. The
AS Information is created as specified in section 5.1.2 of draft-
ietf-ace-oauth-authz [8]. The resource server SHOULD add a "kid"
parameter to the AS Information denoting the identifier of the key
that it uses internally for this DTLS session. The client then
includes this "kid" parameter in a Client-to-AS request used to
retrieve a new access token to be used with this DTLS session. In
case the key identifier is already known by the client (e.g. because
it was included in the RS Information in an AS-to-Client response),
the "kid" parameter MAY be elided from the AS Information.
Table 1 updates Figure 2 in section 5.1.2 of draft-ietf-ace-oauth-
authz [9] with the new "kid" parameter in accordance with [RFC8152].
+----------------+----------+-----------------+
| Parameter name | CBOR Key | Major Type |
+----------------+----------+-----------------+
| kid | 4 | 2 (byte string) |
+----------------+----------+-----------------+
Table 1: Updated AS Information parameters
3. RawPublicKey Mode 3. RawPublicKey Mode
To retrieve an access token for the resource that C wants to access, To retrieve an access token for the resource that the client wants to
C requests an Access Token from AS. C MUST add a "cnf" object access, the client requests an Access Token from the authorization
carrying either its raw public key or a unique identifier for a server. The client MUST add a "cnf" object carrying either its raw
public key that it has previously made known to AS. public key or a unique identifier for a public key that it has
previously made known to the authorization server.
An example Access Token request from C to RS is depicted in Figure 6. An example Access Token request from the client to the resource
server is depicted in Figure 4.
POST coaps://as.example.com/token POST coaps://as.example.com/token
Content-Format: application/cbor Content-Format: application/cbor
{ {
grant_type: client_credentials, grant_type: client_credentials,
aud: "tempSensor4711", aud: "tempSensor4711",
cnf: { cnf: {
COSE_Key: { COSE_Key: {
kty: EC2, kty: EC2,
crv: P-256, crv: P-256,
x: h'TODOX', x: h'TODOX',
y: h'TODOY' y: h'TODOY'
} }
} }
} }
Figure 6: Access Token Request Example for RPK Mode Figure 4: Access Token Request Example for RPK Mode
The example shows an Access Token request for the resource identified The example shows an Access Token request for the resource identified
by the audience string "tempSensor4711" on the AS using a raw public by the audience string "tempSensor4711" on the authorization server
key. using a raw public key.
When AS authorizes a request, it will return an Access Token and a When the authorization server authorizes a request, it will return an
"cnf" object in the AS-to-Client response. Before C initiates the Access Token and a "cnf" object in the AS-to-Client response. Before
DTLS handshake with RS, it MUST send a "POST" request containing the the client initiates the DTLS handshake with the resource server, it
new Access Token to the "/authz-info" resource hosted by RS. If this MUST send a "POST" request containing the new Access Token to the
operation yields a positive response, C SHOULD proceed to establish a authz-info resource hosted by the resource server. If this operation
new DTLS channel with RS. To use raw public key mode, C MUST pass yields a positive response, the client SHOULD proceed to establish a
the same public key that was used for constructing the Access Token new DTLS channel with the resource server. To use raw public key
with the SubjectPublicKeyInfo structure in the DTLS handshake as mode, the client MUST pass the same public key that was used for
specified in [RFC7250]. constructing the Access Token with the SubjectPublicKeyInfo structure
in the DTLS handshake as specified in [RFC7250].
Note: According to [RFC7252], CoAP implementations MUST support the Note: According to [RFC7252], CoAP implementations MUST support the
ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 [RFC7251] and the ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 [RFC7251] and the
NIST P-256 curve. C is therefore expected to offer at least this NIST P-256 curve. the client is therefore expected to offer at
ciphersuite to RS. least this ciphersuite to the resource server.
The Access Token is constructed by AS such that RS can associate the The Access Token is constructed by the authorization server such that
Access Token with the Client's public key. If CBOR web tokens the resource server can associate the Access Token with the Client's
[I-D.ietf-ace-cbor-web-token] are used as recommended in public key. If CBOR web tokens [I-D.ietf-ace-cbor-web-token] are
[I-D.ietf-ace-oauth-authz], the AS MUST include a "COSE_Key" object used as recommended in [I-D.ietf-ace-oauth-authz], the authorization
in the "cnf" claim of the Access Token. This "COSE_Key" object MAY server MUST include a "COSE_Key" object in the "cnf" claim of the
contain a reference to a key for C that is already known by RS (e.g., Access Token. This "COSE_Key" object MAY contain a reference to a
from previous communication). If the AS has no certain knowledge key for the client that is already known by the resource server
that the Client's key is already known to RS, the Client's public key (e.g., from previous communication). If the authorization server has
MUST be included in the Access Token's "cnf" parameter. no certain knowledge that the Client's key is already known to the
resource server, the Client's public key MUST be included in the
Access Token's "cnf" parameter.
4. PreSharedKey Mode 4. PreSharedKey Mode
To retrieve an access token for the resource that C wants to access, To retrieve an access token for the resource that the client wants to
C MAY include a "cnf" object carrying an identifier for a symmetric access, the client MAY include a "cnf" object carrying an identifier
key in its Access Token request to AS. This identifier can be used for a symmetric key in its Access Token request to the authorization
by AS to determine the session key to construct the proof-of- server. This identifier can be used by the authorization server to
possession token and therefore MUST specify a symmetric key that was determine the session key to construct the proof-of-possession token
previously generated by AS as a session key for the communication and therefore MUST specify a symmetric key that was previously
between C and RS. generated by the authorization server as a session key for the
communication between the client and the resource server.
Depending on the requested token type and algorithm in the Access Depending on the requested token type and algorithm in the Access
Token request, AS adds RS Information to the response that provides C Token request, the authorization server adds RS Information to the
with sufficient information to setup a DTLS channel with RS. For response that provides the client with sufficient information to
symmetric proof-of-possession keys (c.f. setup a DTLS channel with the resource server. For symmetric proof-
[I-D.ietf-ace-oauth-authz]), C must ensure that the Access Token of-possession keys (c.f. [I-D.ietf-ace-oauth-authz]), the client
request is sent over a secure channel that guarantees authentication, must ensure that the Access Token request is sent over a secure
message integrity and confidentiality. channel that guarantees authentication, message integrity and
confidentiality.
When AS authorizes C it returns an AS-to-Client response with the When the authorization server authorizes the client it returns an AS-
profile parameter set to "coap_dtls" and a "cnf" parameter carrying a to-Client response with the profile parameter set to "coap_dtls" and
"COSE_Key" object that contains the symmetric session key to be used a "cnf" parameter carrying a "COSE_Key" object that contains the
between C and RS as illustrated in Figure 7. symmetric session key to be used between the client and the resource
server as illustrated in Figure 5.
2.01 Created 2.01 Created
Content-Format: application/cbor Content-Format: application/cbor
Location-Path: /token/asdjbaskd Location-Path: /token/asdjbaskd
Max-Age: 86400 Max-Age: 86400
{ {
access_token: b64'SlAV32hkKG ... access_token: b64'SlAV32hkKG ...
(remainder of CWT omitted for brevity; (remainder of CWT omitted for brevity;
token_type: pop, token_type: pop,
alg: HS256, alg: HS256,
expires_in: 86400, expires_in: 86400,
profile: coap_dtls, profile: coap_dtls,
cnf: { cnf: {
COSE_Key: { COSE_Key: {
kty: symmetric, kty: symmetric,
k: h'73657373696f6e6b6579' k: h'73657373696f6e6b6579'
} }
} }
} }
Figure 7: Example Access Token response Figure 5: Example Access Token response
In this example, AS returns a 2.01 response containing a new Access In this example, the authorization server returns a 2.01 response
Token. The information is transferred as a CBOR data structure as containing a new Access Token. The information is transferred as a
specified in [I-D.ietf-ace-oauth-authz]. The Max-Age option tells CBOR data structure as specified in [I-D.ietf-ace-oauth-authz]. The
the receiving Client how long this token will be valid. Max-Age option tells the receiving Client how long this token will be
valid.
A response that declines any operation on the requested resource is A response that declines any operation on the requested resource is
constructed according to Section 5.2 of RFC 6749 [4], (cf. constructed according to Section 5.2 of RFC 6749 [10], (cf.
Section 5.5.3 of [I-D.ietf-ace-oauth-authz]). Section 5.7.3 of [I-D.ietf-ace-oauth-authz]).
4.00 Bad Request 4.00 Bad Request
Content-Format: application/cbor Content-Format: application/cbor
{ {
error: invalid_request error: invalid_request
} }
Figure 8: Example Access Token response with reject Figure 6: Example Access Token response with reject
4.1. DTLS Channel Setup Between C and RS 4.1. DTLS Channel Setup Between C and RS
When C receives an Access Token from AS, it checks if the payload When a client receives an Access Token from an authorization server,
contains an "access_token" parameter and a "cnf" parameter. With it checks if the payload contains an "access_token" parameter and a
this information C can initiate establishment of a new DTLS channel "cnf" parameter. With this information the client can initiate
with RS. To use DTLS with pre-shared keys, C follows the PSK key establishment of a new DTLS channel with a resource server. To use
exchange algorithm specified in Section 2 of [RFC4279] using the key DTLS with pre-shared keys, the client follows the PSK key exchange
conveyed in the "cnf" parameter of the AS response as PSK when algorithm specified in Section 2 of [RFC4279] using the key conveyed
constructing the premaster secret. in the "cnf" parameter of the AS response as PSK when constructing
the premaster secret.
In PreSharedKey mode, the knowledge of the session key by C and RS is In PreSharedKey mode, the knowledge of the session key by the client
used for mutual authentication between both peers. Therefore, RS and the resource server is used for mutual authentication between
must be able to determine the session key from the Access Token. both peers. Therefore, the resource server must be able to determine
Following the general ACE authorization framework, C can upload the the session key from the Access Token. Following the general ACE
Access Token to RS's "/authz-info" resource before starting the DTLS authorization framework, the client can upload the Access Token to
handshake. Alternatively, C MAY provide the most recent the resource server's authz-info resource before starting the DTLS
handshake. Alternatively, the client MAY provide the most recent
base64-encoded Access Token in the "psk_identity" field of the base64-encoded Access Token in the "psk_identity" field of the
ClientKeyExchange message. ClientKeyExchange message.
If RS receives a ClientKeyExchange message that contains a If a resource server receives a ClientKeyExchange message that
"psk_identity" with a length greater zero, it MUST base64-decode its contains a "psk_identity" with a length greater zero, it MUST
contents and check if the "psk_identity" field contains a key base64-decode its contents and use the resulting byte sequence as
identifier or Access Token according to the following CDDL index for its key store (i.e., treat the contents as key identifier).
specification: The resource server MUST check if it has one or more Access Tokens
that are associated with the specified key. If no valid Access Token
psk_identity = { is available for this key, the DTLS session setup is terminated with
kid => bstr // access_token => bstr an "illegal_parameter" DTLS alert message.
}
The identifiers for the map keys "kid" and "access_token" are used
with the same meaning as in COSE [I-D.ietf-cose-msg] and the ACE
framework [I-D.ietf-ace-oauth-authz] respectively. The identifier
"kid" thus has the value 4 (see [I-D.ietf-cose-msg]), and the
identifier "access_token" has the value 19, respectively (see
[I-D.ietf-ace-oauth-authz]).
If the "psk_identity" field contains a key identifier, the receiver
MUST check if it has one or more Access Tokens that are associated
with the specified key. If no valid Access Token is available for
this key, the DTLS session setup is terminated with an
"illegal_parameter" DTLS alert message.
If instead the "psk_identity" field contains an Access Token, it must
processed in the same way as an Access Token that has been uploaded
to its "/authz-info" resource. In this case, RS continues processing
the ClientKeyExchange message if the contents of the "psk_identity"
contained a valid Access Token. Otherwise, the DTLS session setup is
terminated with an "illegal_parameter" DTLS alert message.
Note1: As RS cannot provide C with a meaningful PSK identity hint in If no key with a matching identifier is found the resource server the
resource server MAY process the decoded contents of the
"psk_identity" field as access token that is stored with the
authorization information endpoint before continuing the DTLS
handshake. If the decoded contents of the "psk_identity" do not
yield a valid access token for the requesting client, the DTLS
session setup is terminated with an "illegal_parameter" DTLS alert
message.
response to C's ClientHello message, RS SHOULD NOT send a Note1: As a resource server cannot provide a client with a meaningful
ServerKeyExchange message. PSK identity hint in
response to the client's ClientHello message, the resource server
SHOULD NOT send a ServerKeyExchange message.
Note2: According to [RFC7252], CoAP implementations MUST support the Note2: According to [RFC7252], CoAP implementations MUST support the
ciphersuite TLS_PSK_WITH_AES_128_CCM_8 [RFC6655]. C is therefore ciphersuite TLS_PSK_WITH_AES_128_CCM_8 [RFC6655]. A client is
expected to offer at least this ciphersuite to RS. therefore expected to offer at least this ciphersuite to the
resource server.
This specification assumes that the Access Token is a PoP token as This specification assumes that the Access Token is a PoP token as
described in [I-D.ietf-ace-oauth-authz] unless specifically stated described in [I-D.ietf-ace-oauth-authz] unless specifically stated
otherwise. Therefore, the Access Token is bound to a symmetric PoP otherwise. Therefore, the Access Token is bound to a symmetric PoP
key that is used as session key between C and RS. key that is used as session key between the client and the resource
server.
While C can retrieve the session key from the contents of the "cnf" While the client can retrieve the session key from the contents of
parameter in the AS-to-Client response, RS uses the information the "cnf" parameter in the AS-to-Client response, the resource server
contained in the "cnf" claim of the Access Token to determine the uses the information contained in the "cnf" claim of the Access Token
actual session key when no explicit "kid" was provided in the to determine the actual session key when no explicit "kid" was
"psk_identity" field. Usually, this is done by including a provided in the "psk_identity" field. Usually, this is done by
"COSE_Key" object carrying either a key that has been encrypted with including a "COSE_Key" object carrying either a key that has been
a shared secret between AS and RS, or a key identifier that can be encrypted with a shared secret between the authorization server and
used by RS to lookup the session key. the resource server, or a key identifier that can be used by the
resource server to lookup the session key.
Instead of the "COSE_Key" object, AS MAY include a "COSE_Encrypt" Instead of the "COSE_Key" object, the authorization server MAY
structure to enable RS to calculate the session key from the Access include a "COSE_Encrypt" structure to enable the resource server to
Token. The "COSE_Encrypt" structure MUST use the _Direct Key with calculate the session key from the Access Token. The "COSE_Encrypt"
KDF_ method as described in Section 12.1.2 of draft-ietf-cose-msg structure MUST use the _Direct Key with KDF_ method as described in
[5]. The AS MUST include a Context information structure carrying a Section 12.1.2 of RFC 8152 [11]. The authorization server MUST
PartyU "nonce" parameter carrying the nonce that has been used by AS include a Context information structure carrying a PartyU "nonce"
to construct the session key. parameter carrying the nonce that has been used by the authorization
server to construct the session key.
This specification mandates that at least the key derivation This specification mandates that at least the key derivation
algorithm "HKDF SHA-256" as defined in [I-D.ietf-cose-msg] MUST be algorithm "HKDF SHA-256" as defined in [RFC8152] MUST be supported.
supported. This key derivation function is the default when no "alg" This key derivation function is the default when no "alg" field is
field is included in the "COSE_Encrypt" structure for RS. included in the "COSE_Encrypt" structure for the resource server.
4.2. Updating Authorization Information 4.2. Updating Authorization Information
Usually, the authorization information that RS keeps for C is updated Usually, the authorization information that the resource server keeps
by uploading a new Access Token as described in Section 2.4. for a client is updated by uploading a new Access Token as described
in Section 2.2.
If the security association with RS still exists and RS has indicated If the security association with the resource server still exists and
support for session renegotiation according to [RFC5746], the new the resource server has indicated support for session renegotiation
Access Token MAY be used to renegotiate the existing DTLS session. according to [RFC5746], the new Access Token MAY be used to
In this case, the Access Token is used as "psk_identity" as defined renegotiate the existing DTLS session. In this case, the Access
in Section 4.1. The Client MAY also perform a new DTLS handshake Token is used as "psk_identity" as defined in Section 4.1. The
according to Section 4.1 that replaces the existing DTLS session. Client MAY also perform a new DTLS handshake according to Section 4.1
that replaces the existing DTLS session.
After successful completion of the DTLS handshake RS updates the After successful completion of the DTLS handshake the resource server
existing authorization information for C according to the new Access updates the existing authorization information for the client
Token. according to the new Access Token.
5. Security Considerations 5. Security Considerations
TODO This document specifies a profile for the Authentication and
Authorization for Constrained Environments (ACE) framework
[I-D.ietf-ace-oauth-authz]. As it follows this framework's general
approach, the general security and privacy considerations from
section 6 and section 7 also apply to this profile.
5.1. Unprotected AS Information Constrained devices that use DTLS [RFC6347] are inherently vulnerable
to Denial of Service (DoS) attacks as the handshake protocol requires
creation of internal state within the device. This is specifically
of concern where an adversary is able to intercept the initial cookie
exchange and interject forged messages with a valid cookie to
continue with the handshake.
Initially, no secure channel exists to protect the communication [I-D.tiloca-tls-dos-handshake] specifies a TLS extension to prevent
between C and RS. Thus, C cannot determine if the AS information this type of attack which is applicable especially for constrained
contained in an unprotected response from RS to an unauthorized environments where the authorization server can act as trust anchor.
request (c.f. Section 2.2) is authentic. It is therefore advisable
to provide C with a (possibly hard-coded) list of trustworthy
authorization servers. AS information responses referring to a URI
not listed there would be ignored.
5.2. Use of Nonces for Replay Protection 6. Privacy Considerations
RS may add a nonce to the AS Information message sent as a response An unprotected response to an unauthorized request may disclose
to an unauthorized request to ensure freshness of an Access Token information about the resource server and/or its existing
subsequently presented to RS. While a timestamp of some granularity relationship with the client. It is advisable to include as little
would be sufficient to protect against replay attacks, using information as possible in an unencrypted response. When a DTLS
randomized nonce is preferred to prevent disclosure of information session between the client and the resource server already exists,
about RS's internal clock characteristics. more detailed information may be included with an error response to
provide the client with sufficient information to react on that
particular error.
5.3. Privacy Note that some information might still leak after DTLS session is
established, due to observable message sizes, the source, and the
destination addresses.
An unprotected response to an unauthorized request (c.f. 7. IANA Considerations
Section 2.2) may disclose information about RS and/or its existing
relationship with C. It is advisable to include as little
information as possible in an unencrypted response. When a DTLS
session between C and RS already exists, more detailed information
may be included with an error response to provide C with sufficient
information to react on that particular error.
6. IANA Considerations The following registrations are done for the ACE OAuth Profile
Registry following the procedure specified in
[I-D.ietf-ace-oauth-authz].
This document has no actions for IANA. Note to RFC Editor: Please replace all occurrences of "[RFC-XXXX]"
with the RFC number of this specification and delete this paragraph.
7. References Profile name: coap_dtls
7.1. Normative References Profile Description: Profile for delegating client authentication and
authorization in a constrained environment by establishing a Datagram
Transport Layer Security (DTLS) channel between resource-constrained
nodes.
Profile ID: 1
Change Controller: IESG
Specification Document(s): [RFC-XXXX]
8. References
8.1. Normative References
[I-D.ietf-ace-oauth-authz] [I-D.ietf-ace-oauth-authz]
Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and
H. Tschofenig, "Authentication and Authorization for H. Tschofenig, "Authentication and Authorization for
Constrained Environments (ACE)", draft-ietf-ace-oauth- Constrained Environments (ACE)", draft-ietf-ace-oauth-
authz-06 (work in progress), March 2017. authz-08 (work in progress), October 2017.
[I-D.tiloca-tls-dos-handshake]
Tiloca, M., Seitz, L., Hoeve, M., and O. Bergmann,
"Extension for protecting (D)TLS handshakes against Denial
of Service", draft-tiloca-tls-dos-handshake-01 (work in
progress), October 2017.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc2119>. editor.org/info/rfc2119>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005,
<http://www.rfc-editor.org/info/rfc3986>.
[RFC4279] Eronen, P., Ed. and H. Tschofenig, Ed., "Pre-Shared Key [RFC4279] Eronen, P., Ed. and H. Tschofenig, Ed., "Pre-Shared Key
Ciphersuites for Transport Layer Security (TLS)", Ciphersuites for Transport Layer Security (TLS)",
RFC 4279, DOI 10.17487/RFC4279, December 2005, RFC 4279, DOI 10.17487/RFC4279, December 2005,
<http://www.rfc-editor.org/info/rfc4279>. <https://www.rfc-editor.org/info/rfc4279>.
[RFC5746] Rescorla, E., Ray, M., Dispensa, S., and N. Oskov, [RFC5746] Rescorla, E., Ray, M., Dispensa, S., and N. Oskov,
"Transport Layer Security (TLS) Renegotiation Indication "Transport Layer Security (TLS) Renegotiation Indication
Extension", RFC 5746, DOI 10.17487/RFC5746, February 2010, Extension", RFC 5746, DOI 10.17487/RFC5746, February 2010,
<http://www.rfc-editor.org/info/rfc5746>. <https://www.rfc-editor.org/info/rfc5746>.
[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
January 2012, <http://www.rfc-editor.org/info/rfc6347>. January 2012, <https://www.rfc-editor.org/info/rfc6347>.
[RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained
Application Protocol (CoAP)", RFC 7252, Application Protocol (CoAP)", RFC 7252,
DOI 10.17487/RFC7252, June 2014, DOI 10.17487/RFC7252, June 2014, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc7252>. editor.org/info/rfc7252>.
7.2. Informative References
[I-D.ietf-ace-cbor-web-token] [RFC8152] Schaad, J., "CBOR Object Signing and Encryption (COSE)",
Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig, RFC 8152, DOI 10.17487/RFC8152, July 2017,
"CBOR Web Token (CWT)", draft-ietf-ace-cbor-web-token-07 <https://www.rfc-editor.org/info/rfc8152>.
(work in progress), July 2017.
[I-D.ietf-core-object-security] [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
Selander, G., Mattsson, J., Palombini, F., and L. Seitz, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
"Object Security of CoAP (OSCOAP)", draft-ietf-core- May 2017, <https://www.rfc-editor.org/info/rfc8174>.
object-security-04 (work in progress), July 2017.
[I-D.ietf-core-resource-directory] 8.2. Informative References
Shelby, Z., Koster, M., Bormann, C., and P. Stok, "CoRE
Resource Directory", draft-ietf-core-resource-directory-10
(work in progress), March 2017.
[I-D.ietf-cose-msg] [I-D.ietf-ace-cbor-web-token]
Schaad, J., "CBOR Object Signing and Encryption (COSE)", Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig,
draft-ietf-cose-msg-24 (work in progress), November 2016. "CBOR Web Token (CWT)", draft-ietf-ace-cbor-web-token-09
(work in progress), October 2017.
[RFC6655] McGrew, D. and D. Bailey, "AES-CCM Cipher Suites for [RFC6655] McGrew, D. and D. Bailey, "AES-CCM Cipher Suites for
Transport Layer Security (TLS)", RFC 6655, Transport Layer Security (TLS)", RFC 6655,
DOI 10.17487/RFC6655, July 2012, DOI 10.17487/RFC6655, July 2012, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc6655>. editor.org/info/rfc6655>.
[RFC7049] Bormann, C. and P. Hoffman, "Concise Binary Object
Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049,
October 2013, <http://www.rfc-editor.org/info/rfc7049>.
[RFC7250] Wouters, P., Ed., Tschofenig, H., Ed., Gilmore, J., [RFC7250] Wouters, P., Ed., Tschofenig, H., Ed., Gilmore, J.,
Weiler, S., and T. Kivinen, "Using Raw Public Keys in Weiler, S., and T. Kivinen, "Using Raw Public Keys in
Transport Layer Security (TLS) and Datagram Transport Transport Layer Security (TLS) and Datagram Transport
Layer Security (DTLS)", RFC 7250, DOI 10.17487/RFC7250, Layer Security (DTLS)", RFC 7250, DOI 10.17487/RFC7250,
June 2014, <http://www.rfc-editor.org/info/rfc7250>. June 2014, <https://www.rfc-editor.org/info/rfc7250>.
[RFC7251] McGrew, D., Bailey, D., Campagna, M., and R. Dugal, "AES- [RFC7251] McGrew, D., Bailey, D., Campagna, M., and R. Dugal, "AES-
CCM Elliptic Curve Cryptography (ECC) Cipher Suites for CCM Elliptic Curve Cryptography (ECC) Cipher Suites for
TLS", RFC 7251, DOI 10.17487/RFC7251, June 2014, TLS", RFC 7251, DOI 10.17487/RFC7251, June 2014,
<http://www.rfc-editor.org/info/rfc7251>. <https://www.rfc-editor.org/info/rfc7251>.
7.3. URIs 8.3. URIs
[1] https://tools.ietf.org/html/draft-ietf-ace-oauth-authz- [1] https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-
06#section-5.7.1 08#section-5.8.1
[2] https://tools.ietf.org/html/rfc7252#section-9 [2] https://tools.ietf.org/html/rfc7252#section-9
[3] https://tools.ietf.org/html/draft-ietf-ace-oauth-authz- [3] https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-
03#section-8.1 08#section-5.8.1
[4] https://tools.ietf.org/html/rfc6749#section-5.2 [4] https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-
08#section-5.5.1
[5] https://tools.ietf.org/html/draft-ietf-cose-msg-23#section-12.1.2 [5] https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-
08#section-5.1.1
[6] https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-
08#section-5.6.3
[7] https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-
08#section-5.8.2
[8] https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-
08#section-5.1.2
[9] https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-
08#section-5.1.2
[10] https://tools.ietf.org/html/rfc6749#section-5.2
[11] https://tools.ietf.org/html/rfc8152#section-12.1.2
Authors' Addresses Authors' Addresses
Stefanie Gerdes Stefanie Gerdes
Universitaet Bremen TZI Universitaet Bremen TZI
Postfach 330440 Postfach 330440
Bremen D-28359 Bremen D-28359
Germany Germany
Phone: +49-421-218-63906 Phone: +49-421-218-63906
 End of changes. 88 change blocks. 
401 lines changed or deleted 408 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/