Use Cases for Authentication and Authorization in Constrained Environments
draft-ietf-ace-usecases-10
Revision differences
Document history
| Date | Rev. | By | Action |
|---|---|---|---|
|
2016-01-29
|
10 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
|
2016-01-12
|
10 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
|
2016-01-05
|
10 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
|
2015-10-28
|
10 | (System) | RFC Editor state changed to EDIT |
|
2015-10-28
|
10 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
|
2015-10-28
|
10 | (System) | Announcement was received by RFC Editor |
|
2015-10-26
|
10 | (System) | IANA Action state changed to No IC from In Progress |
|
2015-10-26
|
10 | (System) | IANA Action state changed to In Progress |
|
2015-10-26
|
10 | Amy Vezza | IESG state changed to Approved-announcement sent from Approved-announcement to be sent::AD Followup |
|
2015-10-26
|
10 | Amy Vezza | IESG has approved the document |
|
2015-10-26
|
10 | Amy Vezza | Closed "Approve" ballot |
|
2015-10-26
|
10 | Amy Vezza | Ballot approval text was generated |
|
2015-10-26
|
10 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
|
2015-10-26
|
10 | Amy Vezza | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
|
2015-10-26
|
10 | Amy Vezza | New version available: draft-ietf-ace-usecases-10.txt |
|
2015-10-26
|
09 | Gunter Van de Velde | Request for Last Call review by OPSDIR Completed: Ready. Reviewer: Mahesh Jethanandani. |
|
2015-10-22
|
09 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Revised I-D Needed from Waiting for AD Go-Ahead |
|
2015-10-22
|
09 | Cindy Morgan | Changed consensus to Yes from Unknown |
|
2015-10-22
|
09 | Jari Arkko | [Ballot comment] The comment from Joel Halpern's Gen-ART review might be something to take into account in the final version of the RFC. |
|
2015-10-22
|
09 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
|
2015-10-22
|
09 | Stephen Farrell | [Ballot comment] Excellent and well written document, thanks. I think there are five things you could usefully add, see below. That said, I agree that … [Ballot comment] Excellent and well written document, thanks. I think there are five things you could usefully add, see below. That said, I agree that this cannot and should not try to be fully complete so I won't argue (much:-) if you prefer to omit these. We/you can figure out what if any text to add I'm sure, but I'm happy to chat about that. 1. Software update is really needed and often missing and usually hard. There's at least a need to authenticate and authorize new firmware, when there is any update. That may not be the same as authorizing a new config. 2. Alice buys a new device, and would like to know if it is calling home or what it is doing before she configures it, or perhaps before she accepts it in her network. Even if she accepts it, she may want to be able to monitor the data it is sending "home" e.g. to ensure her TV is not sending data when she inserts a USB stick, if that is undesired. 3. Device fingerprinting is a threat that ought be considered by solution developers, especially if there is no reliable software update. Probably the best to be done is to try to make it hard for unauthorized parties to fingerprint a device, but that's also hard. 4. Commercial Devices will be end-of-lifed by vendors, and yet Alice still needs to be able to use, and perhaos to update, the device. That calls for some kind of authorization handover which is not quite the same as a change of ownership. 5. Penetration testing will happen and devices should not barf even then. Maybe that's a security consideration worth a mention. See also the secdir review. [1] It'd be good to see a response to that. [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06101.html |
|
2015-10-22
|
09 | Stephen Farrell | [Ballot Position Update] New position, Yes, has been recorded for Stephen Farrell |
|
2015-10-22
|
09 | Barry Leiba | [Ballot Position Update] New position, Yes, has been recorded for Barry Leiba |
|
2015-10-22
|
09 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
|
2015-10-22
|
09 | (System) | IESG state changed to Waiting for AD Go-Ahead from In Last Call |
|
2015-10-21
|
09 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
|
2015-10-21
|
09 | Ben Campbell | [Ballot comment] While I'm not ordinarily a big fan of publishing use cases as RFCs, I think this one has value. Otherwise, I have only … [Ballot comment] While I'm not ordinarily a big fan of publishing use cases as RFCs, I think this one has value. Otherwise, I have only a few minor comments: -Please expand ACE in the title, abstract, and body. - 2.6.1: Is it reasonable to expect wearable devices to have what sound like multi-user-profile capabilities? - 2.7: An informational reference for stuxnet might be helpful. |
|
2015-10-21
|
09 | Ben Campbell | [Ballot Position Update] New position, Yes, has been recorded for Ben Campbell |
|
2015-10-21
|
09 | Spencer Dawkins | [Ballot comment] This draft seems especially worth the effort of publishing a use case draft as an RFC. I learned a lot while reviewing it. … [Ballot comment] This draft seems especially worth the effort of publishing a use case draft as an RFC. I learned a lot while reviewing it. The security considerations section seemed unusually valuable for a use case draft. Do the title and abstract call enough attention to that? The section title "2.1.1. Bananas for Munich" would also be a great name for a rock band ... :-) |
|
2015-10-21
|
09 | Spencer Dawkins | [Ballot Position Update] New position, Yes, has been recorded for Spencer Dawkins |
|
2015-10-21
|
09 | Terry Manderson | [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson |
|
2015-10-20
|
09 | Benoît Claise | [Ballot comment] "ACE use cases." And ACE stands for :-) |
|
2015-10-20
|
09 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
|
2015-10-20
|
09 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
|
2015-10-20
|
09 | Martin Stiemerling | [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling |
|
2015-10-16
|
09 | Kathleen Moriarty | Ballot has been issued |
|
2015-10-16
|
09 | Kathleen Moriarty | [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty |
|
2015-10-16
|
09 | Kathleen Moriarty | Created "Approve" ballot |
|
2015-10-16
|
09 | Kathleen Moriarty | Ballot writeup was changed |
|
2015-10-15
|
09 | Jean Mahoney | Request for Last Call review by GENART is assigned to Joel Halpern |
|
2015-10-15
|
09 | Jean Mahoney | Request for Last Call review by GENART is assigned to Joel Halpern |
|
2015-10-15
|
09 | Jean Mahoney | Closed request for Last Call review by GENART with state 'Withdrawn' |
|
2015-10-15
|
09 | Tero Kivinen | Request for Last Call review by SECDIR Completed: Has Issues. Reviewer: Adam Montville. |
|
2015-10-14
|
09 | (System) | Notify list changed from draft-ietf-ace-usecases.ad@ietf.org, ace-chairs@ietf.org, draft-ietf-ace-usecases.shepherd@ietf.org, Hannes.Tschofenig@gmx.net, draft-ietf-ace-usecases@ietf.org to (None) |
|
2015-10-09
|
09 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Mahesh Jethanandani |
|
2015-10-09
|
09 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Mahesh Jethanandani |
|
2015-10-08
|
09 | Jean Mahoney | Request for Last Call review by GENART is assigned to Tom Taylor |
|
2015-10-08
|
09 | Jean Mahoney | Request for Last Call review by GENART is assigned to Tom Taylor |
|
2015-10-08
|
09 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
|
2015-10-08
|
09 | Amanda Baber | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-ace-usecases-09, which is currently in Last Call, and has the following comments: We understand that this … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-ace-usecases-09, which is currently in Last Call, and has the following comments: We understand that this document doesn't require any IANA actions. While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, IANA does not object. If this assessment is not accurate, please respond as soon as possible. |
|
2015-10-08
|
09 | Cindy Morgan | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (ACE use cases) to Informational … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (ACE use cases) to Informational RFC The IESG has received a request from the Authentication and Authorization for Constrained Environments WG (ace) to consider the following document: - 'ACE use cases' as Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2015-10-22. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract Constrained devices are nodes with limited processing power, storage space and transmission capacities. These devices in many cases do not provide user interfaces and are often intended to interact without human intervention. This document includes a collection of representative use cases for authentication and authorization in constrained environments. These use cases aim at identifying authorization problems that arise during the lifecycle of a constrained device and are intended to provide a guideline for developing a comprehensive authentication and authorization solution for this class of scenarios. Where specific details are relevant, it is assumed that the devices use the Constrained Application Protocol (CoAP) as communication protocol, however most conclusions apply generally. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-ace-usecases/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-ace-usecases/ballot/ No IPR declarations have been submitted directly on this I-D. |
|
2015-10-08
|
09 | Cindy Morgan | Last call announcement was generated |
|
2015-10-08
|
09 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Adam Montville |
|
2015-10-08
|
09 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Adam Montville |
|
2015-10-07
|
09 | Cindy Morgan | IANA Review state changed to IANA - Review Needed |
|
2015-10-07
|
09 | Cindy Morgan | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (ACE use cases) to Informational … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (ACE use cases) to Informational RFC The IESG has received a request from the Authentication and Authorization for Constrained Environments WG (ace) to consider the following document: - 'ACE use cases' as Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2015-10-21. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract Constrained devices are nodes with limited processing power, storage space and transmission capacities. These devices in many cases do not provide user interfaces and are often intended to interact without human intervention. This document includes a collection of representative use cases for authentication and authorization in constrained environments. These use cases aim at identifying authorization problems that arise during the lifecycle of a constrained device and are intended to provide a guideline for developing a comprehensive authentication and authorization solution for this class of scenarios. Where specific details are relevant, it is assumed that the devices use the Constrained Application Protocol (CoAP) as communication protocol, however most conclusions apply generally. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-ace-usecases/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-ace-usecases/ballot/ No IPR declarations have been submitted directly on this I-D. |
|
2015-10-07
|
09 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
|
2015-10-07
|
09 | Kathleen Moriarty | Last call was requested |
|
2015-10-07
|
09 | Kathleen Moriarty | Ballot approval text was generated |
|
2015-10-07
|
09 | Kathleen Moriarty | Ballot writeup was generated |
|
2015-10-07
|
09 | Kathleen Moriarty | IESG state changed to Last Call Requested from Publication Requested |
|
2015-10-07
|
09 | Kathleen Moriarty | Last call announcement was generated |
|
2015-10-07
|
09 | Kathleen Moriarty | Last call announcement was generated |
|
2015-10-07
|
09 | Kathleen Moriarty | IESG process started in state Publication Requested |
|
2015-10-07
|
09 | (System) | Earlier history may be found in the Comment Log for /doc/draft-seitz-ace-usecases/ |
|
2015-10-07
|
09 | Kathleen Moriarty | Working group state set to Submitted to IESG for Publication |
|
2015-10-07
|
09 | Stefanie Gerdes | New version available: draft-ietf-ace-usecases-09.txt |
|
2015-10-07
|
08 | Hannes Tschofenig | Changed document writeup |
|
2015-10-07
|
08 | Stefanie Gerdes | New version available: draft-ietf-ace-usecases-08.txt |
|
2015-10-02
|
07 | Ludwig Seitz | New version available: draft-ietf-ace-usecases-07.txt |
|
2015-10-01
|
06 | Kathleen Moriarty | Shepherding AD changed to Kathleen Moriarty |
|
2015-10-01
|
06 | Kathleen Moriarty | Placed on agenda for telechat - 2015-10-22 |
|
2015-09-23
|
06 | Ludwig Seitz | New version available: draft-ietf-ace-usecases-06.txt |
|
2015-09-01
|
05 | Ludwig Seitz | New version available: draft-ietf-ace-usecases-05.txt |
|
2015-06-05
|
04 | Ludwig Seitz | New version available: draft-ietf-ace-usecases-04.txt |
|
2015-03-09
|
03 | Stefanie Gerdes | New version available: draft-ietf-ace-usecases-03.txt |
|
2015-02-05
|
02 | Stefanie Gerdes | New version available: draft-ietf-ace-usecases-02.txt |
|
2015-01-13
|
01 | Ludwig Seitz | New version available: draft-ietf-ace-usecases-01.txt |
|
2014-12-05
|
00 | Hannes Tschofenig | Intended Status changed to Informational from None |
|
2014-12-05
|
00 | Hannes Tschofenig | Notification list changed to "Hannes Tschofenig" <Hannes.Tschofenig@gmx.net> |
|
2014-12-05
|
00 | Hannes Tschofenig | Document shepherd changed to Hannes Tschofenig |
|
2014-12-05
|
00 | Hannes Tschofenig | Document adopted early December. |
|
2014-12-05
|
00 | Hannes Tschofenig | This document now replaces draft-seitz-ace-usecases instead of None |
|
2014-12-04
|
00 | Ludwig Seitz | New version available: draft-ietf-ace-usecases-00.txt |