Network Working Group C. Bormann Internet-Draft Universitaet Bremen TZI Intended status: Informational March 09, 2015 Expires: September 10, 2015 An Authorization Information Format (AIF) for ACE draft-bormann-core-ace-aif-02 Abstract Constrained Devices as they are used in the "Internet of Things" need security. One important element of this security is that devices in the Internet of Things need to be able to decide which operations requested of them should be considered authorized, need to ascertain that the authorization to request the operation does apply to the actual requester, and need to ascertain that other devices they place requests on are the ones they intended. On the ACE mailing list, an activity to create specifications for such authenticated authorization for constrained devices is contemplated, leading to protocol proposals such as [I-D.gerdes-ace-dcaf-authorize]. One potential work item complementing this protocol work is an Authorization Information Format (AIF). This document provides a strawman for such a format that should enable further discussion of the objectives for its development. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on September 10, 2015. Bormann Expires September 10, 2015 [Page 1]
Internet-Draft ACE AIF March 2015 Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 2. Information Model . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Limitations . . . . . . . . . . . . . . . . . . . . . . . 3 3. Data Model . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 5. Security Considerations . . . . . . . . . . . . . . . . . . . 5 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 7.1. Normative References . . . . . . . . . . . . . . . . . . 6 7.2. Informative References . . . . . . . . . . . . . . . . . 6 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction (See Abstract.) 1.1. Terminology This memo uses terms from [RFC7252] and [RFC4949]. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119] when they appear in ALL CAPS. These words may also appear in this document in lower case as plain English words, absent their normative meanings. (Note that this document is itself informational, but it is discussing normative statements.) Bormann Expires September 10, 2015 [Page 2]
Internet-Draft ACE AIF March 2015 The term "byte", abbreviated by "B", is used in its now customary sense as a synonym for "octet". 2. Information Model Authorizations are generally expressed through some data structures that are cryptographically secured (or transmitted in a secure way). This section discusses the information model underlying the payload of that data (as opposed to the cryptographic armor around it). For the purposes of this strawman, the underlying access control model will be that of an access matrix, which gives a set of permissions for each possible combination of a subject and on object. For the objects, we simply use the URI of a resource on a CoAP server. More specifically, the parts of the URI that identify the server ("authority" in [RFC3986]) are considered the realm of the authentication mechanism (which are handled in the cryptographic armor); we therefore focus on the "path-absolute" and "query" parts of the URI (URI "local-part" in this specification, as expressed by the Uri-Path and Uri-Query options in CoAP). Similarly, we do not concern the AIF format with the subject for which the AIF object is issued, focusing the AIF object on a single row in the access matrix (such a row traditionally is also called a capability list). At the information model level, this leaves a set of pairs of local URIs and related permissions. We simplify the model for the permissions to simply giving the subset of the CoAP methods permitted. This model is summarized in Table 1. +------------+----------------+ | local-part | Permission Set | +------------+----------------+ | /s/light | GET | | | | | /a/led | PUT, GET | | | | | /dtls | POST | +------------+----------------+ Table 1: An authorization instance in the AIF Information Model 2.1. Limitations This simple information model only allows granting permissions for static URIs. It is probably necessary to extend the model towards URI templates [RFC6570], however, that requires some considerations Bormann Expires September 10, 2015 [Page 3]
Internet-Draft ACE AIF March 2015 of the ease and unambiguity of matching a given URI against a set of templates in an AIF object. This simple information model also doesn't allow conditionalizing access (e.g., "opening a door is allowed if that isn't locked"). Finally, the model does not provide any special access for a set of resources that are specific to a subject, e.g. that the subject created itself by previous operations (PUT, POST) or that were specifically created for the subject by others. 3. Data Model For representing the AIF object discussion in Section 2, the permission set is reduced to a single number by the following steps: o The entries in the table that specify the same local-part are merged into a single entry that specifies the union of the permission sets o The methods in the permission sets are converted into their CoAP method numbers, minus 1 o The set of numbers is converted into a single number by taking each number to the power of two and computing the inclusive OR of the binary representations of all the numbers. This strawman data model could be interchanged in the JSON [RFC7159] representation given in Figure 1 (more extensible/more compact representations are possible). [["/s/light", 1], ["/a/led", 5], ["/dtls", 2]] Figure 1: An authorization instance encoded in JSON (46 bytes) In a slightly extended form of CDDL (extended by allowing .bits on uint), [I-D.greevenbosch-appsawg-cbor-cddl], a straightforward specification of the data model is: Bormann Expires September 10, 2015 [Page 4]
Internet-Draft ACE AIF March 2015 authorization-info = [* authorization] authorization = [ path: tstr, permissions: uint .bits methods, ] methods = &( GET: 0 POST: 1 PUT: 2 DELETE: 3 PATCH: 4 ) Figure 2: AIF in CDDL A representation of this information in CBOR [RFC7049] is given in Figure 3; again, several optimizations/improvements are possible. 83 # array(3) 82 # array(2) 68 # text(8) 2f732f6c69676874 # "/s/light" 01 # unsigned(1) 82 # array(2) 66 # text(6) 2f612f6c6564 # "/a/led" 05 # unsigned(5) 82 # array(2) 65 # text(5) 2f64746c73 # "/dtls" 02 # unsigned(2) Figure 3: An authorization instance encoded in CBOR (29 bytes) 4. IANA Considerations This document makes no requirements on IANA. (This section to be removed by RFC editor.) 5. Security Considerations (TBD. Some issues are already discussed in the security considerations of [RFC7252] and in [I-D.garcia-core-security].) Bormann Expires September 10, 2015 [Page 5]
Internet-Draft ACE AIF March 2015 6. Acknowledgements TBD 7. References 7.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", RFC 4949, August 2007. [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained Application Protocol (CoAP)", RFC 7252, June 2014. 7.2. Informative References [I-D.garcia-core-security] Garcia-Morchon, O., Kumar, S., Keoh, S., Hummen, R., and R. Struik, "Security Considerations in the IP-based Internet of Things", draft-garcia-core-security-06 (work in progress), September 2013. [I-D.gerdes-ace-dcaf-authorize] Gerdes, S., Bergmann, O., and C. Bormann, "Delegated CoAP Authentication and Authorization Framework (DCAF)", draft- gerdes-ace-dcaf-authorize-01 (work in progress), February 2015. [I-D.greevenbosch-appsawg-cbor-cddl] Vigano, C., Birkholz, H., and R. Sun, "CBOR data definition language: a notational convention to express CBOR data structures.", draft-greevenbosch-appsawg-cbor- cddl-05 (work in progress), March 2015. [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005. [RFC6570] Gregorio, J., Fielding, R., Hadley, M., Nottingham, M., and D. Orchard, "URI Template", RFC 6570, March 2012. [RFC7049] Bormann, C. and P. Hoffman, "Concise Binary Object Representation (CBOR)", RFC 7049, October 2013. Bormann Expires September 10, 2015 [Page 6]
Internet-Draft ACE AIF March 2015 [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data Interchange Format", RFC 7159, March 2014. Author's Address Carsten Bormann Universitaet Bremen TZI Postfach 330440 Bremen D-28359 Germany Phone: +49-421-218-63921 Email: cabo@tzi.org Bormann Expires September 10, 2015 [Page 7]