@techreport{gerdes-ace-a2a-01,
    number =    {draft-gerdes-ace-a2a-01},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-gerdes-ace-a2a/01/},
    author =    {Stefanie Gerdes},
    title =     {{Managing the Authorization to Authorize in the Lifecycle of a Constrained Device}},
    pagetotal = 8,
    year =      2015,
    month =     sep,
    day =       10,
    abstract =  {Constrained nodes are devices which are limited in terms of processing power, memory, non-volatile storage and transmission capacity. Due to these constraints, commonly used security protocols are not easily applicable. Nevertheless, an authentication and authorization solution is needed to ensure the security of these devices. During the lifecycle of a constrained device, responsibility for managing authorization policies for the constrained device may change several times. To ensure the security of the constrained devices, the authorization to authorize must be transferred to the new principal in a secure way. Resource-constrained nodes benefit from delegating defined authentication- and authorization-related tasks to less-constrained devices called Authorization Managers, thus limiting the hardware requirements of the security solution for the constrained devices. This document defines how security relationships between constrained nodes and their Authorization Managers can be established and managed in a RESTful way, thus providing for a flexible authorization solution for the whole lifecycle of a constrained node.},
}