An Authorization Information Format (AIF) for ACE
draft-ietf-ace-aif-00
| Document | Type | Expired Internet-Draft (ace WG) | |
|---|---|---|---|
| Author | Carsten Bormann | ||
| Last updated | 2021-01-30 (Latest revision 2020-07-29) | ||
| Replaces | draft-bormann-core-ace-aif | ||
| Stream | Internet Engineering Task Force (IETF) | ||
| Formats |
Expired & archived
plain text
html
xml
htmlized
pdfized
bibtex
|
||
| Reviews |
ARTART Last Call review
(of
-05)
Ready with Nits
OPSDIR Last Call Review
Incomplete, due 2022-02-28
|
||
| Stream | WG state | WG Document | |
| Associated WG milestone |
|
||
| Document shepherd | (None) | ||
| IESG | IESG state | Expired | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
https://www.ietf.org/archive/id/draft-ietf-ace-aif-00.txt
Abstract
Constrained Devices as they are used in the "Internet of Things" need security. One important element of this security is that devices in the Internet of Things need to be able to decide which operations requested of them should be considered authorized, need to ascertain that the authorization to request the operation does apply to the actual requester, and need to ascertain that other devices they place requests on are the ones they intended. To transfer detailed authorization information from an authorization manager (such as an ACE-OAuth Authorization Server) to a device, a representation format is needed. This document provides a suggestion for such a format, the Authorization Information Format (AIF). AIF is defined both as a general structure that can be used for many different applications and as a specific refinement that describes REST resources and the permissions on them.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)