Key Management for Group Object Security for Constrained RESTful Environments (Group OSCORE) Using Authentication and Authorization for Constrained Environments (ACE)
draft-ietf-ace-key-groupcomm-oscore-20
Technical Summary
This document defines an application profile of the Authentication
and Authorization for Constrained Environments (ACE) framework, to
request and provision keying material in group communication
scenarios that are based on the Constrained Application Protocol
(CoAP) and are secured with Group Object Security for Constrained
RESTful Environments (Group OSCORE). This application profile
delegates the authentication and authorization of Clients, which join
an OSCORE group through a Resource Server acting as Group Manager for
that group. This application profile leverages protocol-specific
transport profiles of ACE to achieve communication security, server
authentication, and proof of possession for a key owned by the Client
and bound to an OAuth 2.0 access token.
Working Group Summary
Consensus was broad and the authors were very responsible to all
feedback including the IETF LC Directorate feedback.
Document Quality
An implementation in Java of the content of the document is available at [1].
The implementation builds on Key Provisioning for Group Communication using
ACE (draft-ietf-ace-key-groupcomm) and ACE framework for Authentication and
Authorization (RFC9200), as the document subject to this write-up itself
does.
[1] https://bitbucket.org/marco-tiloca-sics/ace-java/
Personnel
The Document Shepherd for this document is Rikard Höglund. The
Responsible Area Director is Paul Wouters.