Managing the Authorization to Authorize in the Lifecycle of a Constrained Device
draft-gerdes-ace-a2a-01
Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Author | Stefanie Gerdes | ||
Last updated | 2016-03-13 (Latest revision 2015-09-10) | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
Constrained nodes are devices which are limited in terms of processing power, memory, non-volatile storage and transmission capacity. Due to these constraints, commonly used security protocols are not easily applicable. Nevertheless, an authentication and authorization solution is needed to ensure the security of these devices. During the lifecycle of a constrained device, responsibility for managing authorization policies for the constrained device may change several times. To ensure the security of the constrained devices, the authorization to authorize must be transferred to the new principal in a secure way. Resource-constrained nodes benefit from delegating defined authentication- and authorization-related tasks to less-constrained devices called Authorization Managers, thus limiting the hardware requirements of the security solution for the constrained devices. This document defines how security relationships between constrained nodes and their Authorization Managers can be established and managed in a RESTful way, thus providing for a flexible authorization solution for the whole lifecycle of a constrained node.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)