%% You should probably cite draft-gerdes-ace-a2a-01 instead of this revision.
@techreport{gerdes-ace-a2a-00,
    number =    {draft-gerdes-ace-a2a-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-gerdes-ace-a2a/00/},
    author =    {Stefanie Gerdes},
    title =     {{Managing the Authorization to Authorize in the Lifecycle of a Constrained Device}},
    pagetotal = 7,
    year =      2015,
    month =     mar,
    day =       9,
    abstract =  {Constrained nodes are devices which are limited in terms of processing power, memory, non-volatile storage and transmission capacity. Due to these constraints, commonly used security protocols are not easily applicable. Nevertheless, an authentication and authorization solution is needed to ensure the security of these devices. During the lifecycle of a constrained device, responsibility for managing authorization policies for the constrained device may change several times. To ensure the security of the constrained devices, the authorization to authorize must be transferred to the new principal in a secure way. The Delegated CoAP Authorization Framework (DCAF) specifies how resource-constrained nodes can delegate defined authentication- and authorization-related tasks to less-constrained devices called Authorization Managers, thus limiting the hardware requirements of the security solution for the constrained devices. This document defines how DCAF can be used to manage the Authorization Manager of a constrained device and introduces a flexible authorization solution for the whole lifecycle of a constrained device.},
}