Skip to main content

Authentication and Authorization for Constrained Environments (ace)

WG Name Authentication and Authorization for Constrained Environments
Acronym ace
Area Security Area (sec)
State Active
Charter charter-ietf-ace-02 Approved
Status update Show Changed 2018-03-22
Document dependencies
Additional resources Issue tracker, Wiki, Zulip stream
Personnel Chairs Loganaden Velvindron, Tim Hollebeek
Area Director Paul Wouters
Delegate Paul Wouters
Mailing list Address ace@ietf.org
To subscribe https://www.ietf.org/mailman/listinfo/ace
Archive https://mailarchive.ietf.org/arch/browse/ace/
Chat Room address https://zulip.ietf.org/#narrow/stream/ace

Charter for Working Group

The Authentication and Authorization for Constrained Environments (ace) WG
has defined a standardized solution framework for authentication and
authorization to enable authorized access to resources identified by a URI
and hosted on a resource server in constrained environments.

The access to the resource is mediated by an authorization server, which is
not considered to be constrained.

Profiles of this framework for application to security protocols commonly
used in constrained environments, including CoAP+DTLS and CoAP+OSCORE, have
also been standardized. The Working Group is charged with maintenance of
the framework and existing profiles thereof, and may undertake work to
specify profiles of the framework for additional secure communications
protocols and for additional support services providing authorized access
to crypto keys (that are not necessarily limited to constrained endpoints,
though the focus remains on deployment in ecosystems with a substantial
portion of constrained devices).

In addition to the ongoing maintenance work, the Working Group will extend
the framework (originally designed to protect the exchange between single
client and single RS) as needed for applicability to group communications.
The initial focus will be on using (D)TLS and (Group) OSCORE as the underlying
communication security protocols. The Working Group will standardize
procedures for requesting and distributing group keying material using the ACE
framework as well as appropriated management interfaces.

The Working Group will standardize a format for expressing authorization
information for a given authenticated principal as received from an
authorization manager.

The Working Group will examine how to use Constrained Application Protocol
(CoAP) as a transport medium for certificate enrollment protocols, such as
EST and CMPv2, as well as a transport for authentication protocols such as
EAP (in coordination with the EMU WG), and standardize as needed.

Milestones

Date Milestone Associated documents
Dec 2021 Submission to the IESG of "Admin Interface for the OSCORE Group Manager" draft-ietf-ace-oscore-gm-admin
Sep 2021 Submission to the IESG of "Key Management for OSCORE Groups in ACE" draft-ietf-ace-key-groupcomm-oscore
Aug 2021 Submission to the IESG of "EAP-based Authentication Service for CoAP" draft-marin-ace-wg-coap-eap
Jul 2021 Submission to the IESG of "Key Provisioning for Group Communication using ACE" rfc9594 (was draft-ietf-ace-key-groupcomm)
Jul 2021 Submission to the IESG of Pub-Sub Profile for Authentication and Authorization for Constrained Environments (ACE) draft-ietf-ace-pubsub-profile
Jul 2021 Submission to the IESG of "Protecting EST Payloads with OSCORE" draft-selander-ace-coap-est-oscore
Jul 2021 Submission to the IESG of "An Authorization Information Format (AIF) for ACE" rfc9237 (was draft-ietf-ace-aif)
Jun 2021 Submission to IESG of "CoAP Transport for CMPV2" (if adopted) draft-msahni-ace-cmpv2-coap-transport
Feb 2021 Call for adoption of "Protecting EST Payloads with OSCORE" draft-selander-ace-coap-est-oscore

Done milestones

Date Milestone Associated documents
Done Submit DTLS Profile for ACE to the IESG for publication as a proposed standard rfc9202 (was draft-ietf-ace-dtls-authorize)
Done Adoption call of "EAP-based Authentication Service for CoAP" draft-marin-ace-wg-coap-eap
Done Submission to the IESG of "OSCORE Profile of the Authentication and Authorization for Constrained Environments Framework" rfc9203 (was draft-ietf-ace-oscore-profile)
Done Adoption call for "CoAP Transport for CMPV2" draft-msahni-ace-cmpv2-coap-transport