Managing the Authorization to Authorize in the Lifecycle of a Constrained Device

Document Type Expired Internet-Draft (individual)
Author Stefanie Gerdes 
Last updated 2016-03-13 (latest revision 2015-09-10)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Constrained nodes are devices which are limited in terms of processing power, memory, non-volatile storage and transmission capacity. Due to these constraints, commonly used security protocols are not easily applicable. Nevertheless, an authentication and authorization solution is needed to ensure the security of these devices. During the lifecycle of a constrained device, responsibility for managing authorization policies for the constrained device may change several times. To ensure the security of the constrained devices, the authorization to authorize must be transferred to the new principal in a secure way. Resource-constrained nodes benefit from delegating defined authentication- and authorization-related tasks to less-constrained devices called Authorization Managers, thus limiting the hardware requirements of the security solution for the constrained devices. This document defines how security relationships between constrained nodes and their Authorization Managers can be established and managed in a RESTful way, thus providing for a flexible authorization solution for the whole lifecycle of a constrained node.


Stefanie Gerdes (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)