* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Ace Status Pages

Authentication and Authorization for Constrained Environments (Active WG)
Sec Area: Roman Danyliw, Benjamin Kaduk | 2014-Jun-16 —  
Chairs
 


IETF-109 ace minutes

Session 2020-11-18 1200-1400: Room 7 - ace chatroom

Minutes

minutes-109-ace-00 minutes



          # IETF 109 ACE Meeting
          WEDNESDAY, November 18, 2020 12:00-14:00
          
          [codimd](https://codimd.ietf.org/notes-ietf-109-ace)
          [jabber](xmpp:ace@jabber.ietf.org?join)
          [video
          stream](https://meetings.conf.meetecho.com/ietf109/?group=ace&short=&item=1)
          [audio stream](http://mp3.conf.meetecho.com/ietf109/spring/1.m3u)
          [session](https://datatracker.ietf.org/meeting/109/session/ace)
          [wg documents](https://tools.ietf.org/wg/ace/)
          
          ## Agenda
          
          * agenda bashing 10 min Daniel
          
          * document status update
            dtls-authorize, oauth-authz, oauth-params are waiting to be sent to the
            IESG; OSCORE profile had WGLC but needs some more reviews, Christian
            and Marco offer to review; aif needs more reviews; mqtt-tls-profile
            being updated after WGLC; pubsub-profile needs to add MQTT, Francesca
            will coordinate with Cigdem
          
          * groupcom drafts:
              *
              [draft-ietf-ace-key-groupcomm](https://tools.ietf.org/wg/ace/draft-ietf-ace-key-groupcomm/)
              10 min Francesca
          Issue with scope: how does the KDC know the format of the scope? Candidate
          solutions: 1. Prefix with byte agreed between RS and AS, if same scope
          is reused needs to sync with AS. 2. Register CBOR tag, one for each
          application profile (currently only one) 3. Register a new Token claim.
          Discussion: Do we need to add something inband to disambiguate, or can
          we agree out of band.
          Ben: It seems we need to add something inband, a CBOR Tag seems
          architecturally "cleaner", but does not say anything about implementation.
          Carsten: need to think more. 1-byte CBOR tag registration is restricted.
          Francesca brings this to the list.
              *
              [draft-ietf-ace-key-groupcomm-oscore](https://tools.ietf.org/html/draft-ietf-ace-key-groupcomm-oscore)
              10 min Marco
          No comments
              *
              [draft-ietf-ace-oscore-gm-admin](https://tools.ietf.org/html/draft-ietf-ace-oscore-gm-admin)
              10 Min Marco
          Christian: General question: ACE documents make use of resources
          starting with "/", how is entry point discovered? Preference for less
          static method.
          Ben: BCP190 allow for fixed strings once parent is discovered.
          
          * charter 30 min
          
          Discusson of what certificate enrolment work is in scope.
          Goeran: coap-est is done; est protected by oscore+edhoc is not done
          Merge of paragraphs mentioning EST and CMPv2. No objections from the
          meeting. Chair confirms the proposal on the list.
          
          * New topics
              *
              [draft-tiloca-ace-group-oscore-profile](https://tools.ietf.org/html/draft-tiloca-ace-group-oscore-profile)
              10-15 min Marco
          ACE profile for resources accessed with Group OSCORE.
          Michael Richardson will review
              * draft-selander-ace-coap-est-oscore 10 min Goran
          Follows draft-ietf-ace-coap-est, but replaces DTLS with OSCORE/EDHOC.
          One key features is that the CoAP/HTTP proxy does not need to do anything
          EST-related, and thus does not need to be trusted.
          Who plans to review?
          Michael Richardson has been involved but is not currently listed as
          an author.   Please provide any additional comments if you have any.
          Francesca and Michael will review
              * draft-selander-ace-ake-authz 10 min Goran
          Doing authentication, authorization, and certificate enrolment in sequence
          is inefficient.
          Ben: the authenticator V serves a role similar to a BRSKI join proxy?
          Goeran: V is more of a registrar than a proxy
          Michael: the join proxy is on the constrained link; not shown in this
          figure.
          Olle: any implementations?
          Goeran: multiple authors have plans; Michael may be able to say more
          Ben: the voucher RFC 8366 is not just a BRSKI thing
          Michael: yes, I am implementing.
              *
              [draft-tiloca-ace-revoked-token-notification](https://tools.ietf.org/html/draft-tiloca-ace-revoked-token-notification)
              10-15 min Marco
          
          No comments
          
          * AOB
          
          
          Last words from chair on next steps:
          
          * monthly interim meetings going forward
          
          * need to finalize the work in progress before adopting new work
          
          * also need to finalize the rechartering
          
          
          ## Participants
          
          



Generated from PyHt script /wg/ace/minutes.pyht Latest update: 24 Oct 2012 16:51 GMT -