Authentication and Authorization for Constrained Environments (ACE) using the OAuth 2.0 Framework (ACE-OAuth)
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: The IESG <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org, email@example.com, Jim Schaad <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org, email@example.com Subject: Protocol Action: 'Authentication and Authorization for Constrained Environments (ACE) using the OAuth 2.0 Framework (ACE-OAuth)' to Proposed Standard (draft-ietf-ace-oauth-authz-27.txt) The IESG has approved the following document: - 'Authentication and Authorization for Constrained Environments (ACE) using the OAuth 2.0 Framework (ACE-OAuth)' (draft-ietf-ace-oauth-authz-27.txt) as Proposed Standard This document is the product of the Authentication and Authorization for Constrained Environments Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-ace-oauth-authz/
Technical Summary This document describes a framework for the use of OAuth 2.0 in a constrained environment. The document is mainly targeted at the protocols defined for CoAP, but other protocols can be used as well. The framework defines the fields and symmantics needed for doing authorization and authenticiation of a client. Working Group Summary The concesus on the document was generally very solid. There were some issues that arose between the ACE and OAuth working groups over a couple of issues. These issues appear to have been resolved. The WG remained fairly active at resolving issues that arose during reviews of other documents that provide "profiles" of this framework. Document Quality There have been at least four different groups who have announced an implementation at some level of the specification. While two of those implementations share a certain amount of common code, there are two implementations which have done interop tests at various times which do not share any code based on this document. The scope and issues of trying to deal with some of the OAuth 2.0 documents can be challenging at times. While it is believed that a good job has been done, there are some potential areas where different people might end up doing new things. Personnel Jim Schaad was the shepherd. Ben Kaduk is the responsible AD.