IETF Logo Mail Archive

Re: [Ace] Scope of the ACE Charter

Göran Selander <goran.selander@ericsson.com> Wed, 05 March 2014 18:24 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B49101A01A0 for <ace@ietfa.amsl.com>; Wed, 5 Mar 2014 10:24:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.94
X-Spam-Level:
X-Spam-Status: No, score=-0.94 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, HOST_MISMATCH_NET=0.311, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i0hY0qgiMSwC for <ace@ietfa.amsl.com>; Wed, 5 Mar 2014 10:24:28 -0800 (PST)
Received: from sessmg20.mgmt.ericsson.se (sessmg20.ericsson.net [193.180.251.50]) by ietfa.amsl.com (Postfix) with ESMTP id CC9091A0157 for <ace@ietf.org>; Wed, 5 Mar 2014 10:24:23 -0800 (PST)
X-AuditID: c1b4fb32-b7f4c8e0000012f5-18-53176bd3f2b6
Received: from ESESSHC016.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg20.mgmt.ericsson.se (Symantec Mail Security) with SMTP id 27.8E.04853.3DB67135; Wed, 5 Mar 2014 19:24:19 +0100 (CET)
Received: from ESESSMB303.ericsson.se ([169.254.3.152]) by ESESSHC016.ericsson.se ([153.88.183.66]) with mapi id 14.02.0387.000; Wed, 5 Mar 2014 19:23:01 +0100
From: Göran Selander <goran.selander@ericsson.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] Scope of the ACE Charter
Thread-Index: AQHPOH/Ac8HmUR+Qg0a24PkLLktiB5rSvh6A
Date: Wed, 05 Mar 2014 18:23:00 +0000
Message-ID: <CF3D02CF.AA74%goran.selander@ericsson.com>
References: <5317357B.6020407@gmx.net>
In-Reply-To: <5317357B.6020407@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.9.131030
x-originating-ip: [153.88.183.149]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <ABC291ABCC8C724BAEC15298E473C5A3@ericsson.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrILMWRmVeSWpSXmKPExsUyM+Jvje7lbPFgg31PJC2+f+thtli68x6r A5PH4k372TyWLPnJFMAUxWWTkpqTWZZapG+XwJVxfs0apoKzIhUXG++yNTAe4+li5OSQEDCR uL3kKBOELSZx4d56ti5GLg4hgROMEvcbTjJCOIsZJebeP8wGUsUm4C7xuGcjC4gtIhAkcbjx NVCcg0NYQFui8Z0eRFhH4tKBlewgYREBI4lL2wJATBYBFYm9DaogFbwC5hKXlx8AaxQSUJNo WegBEuYUUJf40XaUHcRmBLrm+6k1YJcxC4hL3HoyH+pKAYkle84zQ9iiEi8f/2MFsUUF9CTu PZrLAhFXklh7eDsLRK+BxPtz85lBVjELWEsc7AuGCGtLLFv4mhniGkGJkzOfsExgFJ+FZNss JN2zELpnIemehaR7ASPrKkbJ4tTi4tx0IwO93PTcEr3Uoszk4uL8PL3i1E2MwGg7uOW30Q7G k3vsDzFKc7AoifNeZ60JEhJITyxJzU5NLUgtii8qzUktPsTIxMEp1cDo0Sp4W2BfX5vsOYWl 3mLTfCv9p+0oj5LpqbsY9FS1c+lLN3ter+3Nl8S3TlSxmSbgFLZ/0xHOL9d/5jvYiprx7Dg7 c1ew0MLe3RvS4iacvPFTeZWC20nN5avvfvjzYN/ztRlxQpWl1iv3PcmYnusyYd2/F87fYt74 xa5zSjm7eX+Pm5LVegluJZbijERDLeai4kQAivF8lIQCAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/ace/ILB8XwhbcK_mOExcHBdzXHbONpg
Subject: Re: [Ace] Scope of the ACE Charter
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Mar 2014 18:24:30 -0000

Hi Hannes,


Just looking at interface (I): If the client is not constrained I think
HTTP/TLS should be an option to COAP/DTLS.

Adding to the discussion about HTTP/COAP proxies in the meeting: If both
the authorisation information and the keying information is object secure
(JWT, CMS, Š) there is no need to trust the proxy.



Göran




On 05/03/14 14:32, "Hannes Tschofenig" <hannes.tschofenig@gmx.net> wrote:

>Hi all,
>
>I would like to thank you all for the great discussion today at the BOF.
>There was good feedback and the following scoping aspect showed up.
>
>In a nutshell there was some disagreement to purely focus on CoAP/DTLS
>as part of a future working group.
>
>There was not enough time to go down to the details during the session
>due to lack of time. Hence, I will try to clarify this aspect on the
>mailing list.
>
>Let us have a look at the high level architecture:
>
>                                          +---------------+
>                                          | Authorization |
>             +--------------------------->|  Server       |
>             |        (I)                 +---------------+
>             |                                  ^
>             |                                  |
>             |                                  |
>             |                                  | III
>             |                                  |
>             |                                  |
>             |                                  |
>             v                                  v
>        +-----------+                     +-----+-----+
>        |           |      II             | Resource  |
>        |   Client  | <..................>| Server    |
>        +-----------+                     +-----------+
>
>I: This is the interaction where keying and authorization information is
>provided to the client.
>
>II: This is the resource access.
>
>III: This is a potential exchange necessary for having the resource
>server interacting with the authorization server for authenticating the
>client and for authorizing the client.
>
>(The exact details of the interaction depend on the specific solution,
>of course.)
>
>As you can see in the figure, there are various places where DTLS and
>CoAP should or shouldn't be used.
>
>A few persons said that they want to use other protocols besides CoAP
>and DTLS.
>
>Please explain me where you would like to other protocols being taken
>into consideration. What protocols are you considering in which of these
>interfaces?
>
>Ciao
>Hannes
>

v2.23.0 | Report a Bug | By Email