Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)
draft-ietf-ace-oauth-authz-46

• Status
• IESG evaluation record
• IESG writeups
• Email expansions
• History

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, ace-chairs@ietf.org, ace@ietf.org, draft-ietf-ace-oauth-authz@ietf.org, kaduk@mit.edu, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'Authentication and Authorization for Constrained Environments (ACE) using the OAuth 2.0 Framework (ACE-OAuth)' to Proposed Standard (draft-ietf-ace-oauth-authz-43.txt)

The IESG has approved the following document:
- 'Authentication and Authorization for Constrained Environments (ACE)
   using the OAuth 2.0 Framework (ACE-OAuth)'
  (draft-ietf-ace-oauth-authz-43.txt) as Proposed Standard

This document is the product of the Authentication and Authorization for
Constrained Environments Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ace-oauth-authz/

Ballot Text

Technical Summary

  This document describes a framework for the use of OAuth 2.0
  in a constrained environment.  The document is mainly targeted
  at the protocols defined for CoAP, but other protocols can
  be used as well.  The framework defines the fields and
  symmantics needed for doing authorization and authenticiation
  of a client.

Working Group Summary

  The concesus on the document was generally very solid.  There
  were some issues that arose between the ACE and OAuth working
  groups over a couple of issues.  These issues appear to have
  been resolved.  The WG remained fairly active at resolving issues that
  arose during reviews of other documents that provide "profiles" of
  this framework.

Document Quality

  There have been at least four different groups who have
  announced an implementation at some level of the specification.
  While two of those implementations share a certain amount of
  common code, there are two implementations which have done
  interop tests at various times which do not share any code
  based on this document.

  The scope and issues of trying to deal with some of the
  OAuth 2.0 documents can be challenging at times.  While
  it is believed that a good job has been done, there are
  some potential areas where different people might end up
  doing new things.

Personnel

Jim Schaad was the shepherd.  Ben Kaduk is the responsible AD.

RFC Editor Note