Use Cases for Authentication and Authorization in Constrained Environments
RFC 7744
Document | Type | RFC - Informational (January 2016; No errata) | |
---|---|---|---|
Authors | Ludwig Seitz , Stefanie Gerdes , Göran Selander , Mehdi Mani , Sandeep Kumar | ||
Last updated | 2018-12-20 | ||
Replaces | draft-seitz-ace-usecases | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | Submitted to IESG for Publication | |
Document shepherd | Hannes Tschofenig | ||
Shepherd write-up | Show (last changed 2015-10-07) | ||
IESG | IESG state | RFC 7744 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Yes | ||
Telechat date | |||
Responsible AD | Kathleen Moriarty | ||
Send notices to | (None) | ||
IANA | IANA review state | Version Changed - Review Needed | |
IANA action state | No IANA Actions |
Internet Engineering Task Force (IETF) L. Seitz, Ed. Request for Comments: 7744 SICS Swedish ICT AB Category: Informational S. Gerdes, Ed. ISSN: 2070-1721 Universitaet Bremen TZI G. Selander Ericsson M. Mani Itron S. Kumar Philips Research January 2016 Use Cases for Authentication and Authorization in Constrained Environments Abstract Constrained devices are nodes with limited processing power, storage space, and transmission capacities. In many cases, these devices do not provide user interfaces, and they are often intended to interact without human intervention. This document includes a collection of representative use cases for authentication and authorization in constrained environments. These use cases aim at identifying authorization problems that arise during the life cycle of a constrained device and are intended to provide a guideline for developing a comprehensive authentication and authorization solution for this class of scenarios. Where specific details are relevant, it is assumed that the devices use the Constrained Application Protocol (CoAP) as a communication protocol. However, most conclusions apply generally. Seitz, et al. Informational [Page 1] RFC 7744 ACE Use Cases January 2016 Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7744. Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Seitz, et al. Informational [Page 2] RFC 7744 ACE Use Cases January 2016 Table of Contents 1. Introduction ....................................................4 1.1. Terminology ................................................4 2. Use Cases .......................................................5 2.1. Container Monitoring .......................................5 2.1.1. Bananas for Munich ..................................6 2.1.2. Authorization Problems Summary ......................7 2.2. Home Automation ............................................8 2.2.1. Controlling the Smart Home Infrastructure ...........8 2.2.2. Seamless Authorization ..............................8 2.2.3. Remotely Letting in a Visitor .......................9 2.2.4. Selling the House ...................................9 2.2.5. Authorization Problems Summary ......................9 2.3. Personal Health Monitoring ................................10 2.3.1. John and the Heart Rate Monitor ....................11 2.3.2. Authorization Problems Summary .....................12 2.4. Building Automation .......................................13 2.4.1. Device Life Cycle ..................................13 2.4.1.1. Installation and Commissioning ............13 2.4.1.2. Operational ...............................14 2.4.1.3. Maintenance ...............................15 2.4.1.4. Recommissioning ...........................16Show full document text