IETF Logo Mail Archive

Re: [Ace] WGLC for draft-ietf-ace-oscore-gm-admin

Tim Hollebeek <tim.hollebeek@digicert.com> Tue, 20 February 2024 19:23 UTC

Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42996C180B5F for <ace@ietfa.amsl.com>; Tue, 20 Feb 2024 11:23:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=digicert.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x3qR8XN8ogOi for <ace@ietfa.amsl.com>; Tue, 20 Feb 2024 11:23:01 -0800 (PST)
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2105.outbound.protection.outlook.com [40.107.244.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B127CC14F6FA for <ace@ietf.org>; Tue, 20 Feb 2024 11:22:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TIs/Jak6uOe/SvySvc4I5t5/OOlX4lwc0X6DyXa0FFZM5KVsT6LVfy3HiJuJKiWgkR6rXDhordEX7hrg4gBgJxeXFDc1hNFpk+CVIeoFxOUcCwXObFDKDtzPzSI7IbFQ9XOv40h3J7FwzHHhh0QvmZr+s+A825Gea3TChkOr0AEroubt5zAIghEiZ7v0fEoaWGzQPt9EKXKFh1rPIRwAZH8DmbSSrPf4l/5HJ9qOLllR0lsCkCQolIs9u/b+J7QRFEiZq867wQQW0MeLeRg8k3nN++hm4VRKeuSBzyiuRV6dGUNPJ3ZJ48rOKsO8pdgcA3cIYo/UUSlU24EAxjDecg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/4xGMrIgBNvPNymJFiQriPQzllY0aJS5wvF70+UUBfs=; b=gp8cJ06RzOW7NNRyG+aKe7KF0iLL2pSaEgRjq9GEuAVa3Hn6ffP8AHbWUn+zxQ+JL5oDa4CxFpcORHouWaGLU3YA3iHhAuNCVnkOKvL+eo17n7Ac3udTHNk2aMMfiwcUML6HAvENbuuNPrJjBlsaEek1IXId1WRezEasb1RJBOHqJPH03S3i5/Iyycbkk1BpwvnUNlriTKbLhvvsyK+5k32HVeIaCP450ydJ2FqEDQJtgkGc4QaZuYdO1ZJnHAtVbQgI3p1QlxP1ss4aZsfvzQ7dxbvbi6+Djtm6F7oxTzmlFB+B77BwCjIIFH6mV3a4Gs28QaZvRx0wMhgijXx0mw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=digicert.com; dmarc=pass action=none header.from=digicert.com; dkim=pass header.d=digicert.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/4xGMrIgBNvPNymJFiQriPQzllY0aJS5wvF70+UUBfs=; b=YEvi/eKBsuiO8ycpee8EbDvLQf+6nAaztMvRtW64Y7NcQJ7xA9XWN40erX9hr+YUOpszeVMfiREvUmY+dcFVejdWIfSlaiU6CpSuLaGiycQPPQNgQNsbndcxmQLJI0LGEmrjU54vziNGlkihuvvyB2V8J0cE0Cb1+W2Y5hWXeiZ1yJvoZoJQynWSyH4qS+82hnm3s+rQOnASLY1Dx1GO5Jr6hby95UJidn1MYjn0OydflH5B58ch3FHcU9GlHmtWz+WMujfYa+GTOg2u5Pa9WWAo6ENyhFDJM+yqml/SEK85I9ytmDJ0nZ/0F7Wn2+vALJQ51xRo6ExofgKsyh6Wrg==
Received: from SN7PR14MB6492.namprd14.prod.outlook.com (2603:10b6:806:328::17) by PH0PR14MB5479.namprd14.prod.outlook.com (2603:10b6:510:147::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.39; Tue, 20 Feb 2024 19:22:31 +0000
Received: from SN7PR14MB6492.namprd14.prod.outlook.com ([fe80::7342:6ba1:7470:6412]) by SN7PR14MB6492.namprd14.prod.outlook.com ([fe80::7342:6ba1:7470:6412%5]) with mapi id 15.20.7292.036; Tue, 20 Feb 2024 19:22:31 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org>, Cigdem Sengul <cigdem.sengul@gmail.com>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] WGLC for draft-ietf-ace-oscore-gm-admin
Thread-Index: AdpYaAF9ZggzLJ/1SVeN57saT75AoAIqPoAQAAXeq4AARv25ywB7VG3Q
Date: Tue, 20 Feb 2024 19:22:31 +0000
Message-ID: <SN7PR14MB6492FE27B243B00B3B562DE583502@SN7PR14MB6492.namprd14.prod.outlook.com>
References: <SN7PR14MB64923C9DDDB116F7D6512B9783472@SN7PR14MB6492.namprd14.prod.outlook.com> <SN7PR14MB6492D843C3596805AB0B1826834C2@SN7PR14MB6492.namprd14.prod.outlook.com> <CAA7SwCPSQTZV4WD_b6pCQY=kPjUEiYxFSmfOxHmrtjOiUL5Pjw@mail.gmail.com> <PAXPR07MB88445B4BE7D5D379AB9A336DF4522@PAXPR07MB8844.eurprd07.prod.outlook.com>
In-Reply-To: <PAXPR07MB88445B4BE7D5D379AB9A336DF4522@PAXPR07MB8844.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=digicert.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SN7PR14MB6492:EE_|PH0PR14MB5479:EE_
x-ms-office365-filtering-correlation-id: 6c2f2a43-2c35-4657-9164-08dc32494907
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2IaBIejNjfK5OpCxOlG9BpQe2ZYn5gdl2D9X/xQa+b+i8gn2qMKTkrKiZTlc6E4+d4DUIGp0xAbmJKnCrTaIYQ5IBmoN5XBj6OAGTnutnjhaV7AeVo+5weggtV2O5eOJ5RYNp0KahLLToOfeLWtEhnBLNLyH1ZkGi9EKuIXzFMRdHDHnu4w6o7kNmZCkgz0Kpq8RNSId1vFWDJm8R7E81FbPIEi+dxVc0QyGH7gOldGhwoLnCwoRvaAxLpxZZMfjNqVIayjwY3/CgRCjVW7dtA3ouhUabg8ww0cC93lnFr/PmCwOcBV8GAR4BW4F85KqYCm2EmRiycvLmWzwk6tjjLcYDAYL8J44RGbLDcB3YpLFl2Jbgi+HHaviWIhd4cBup41d9Mcq07f9rFVIw1LEgSrvWM9NiX1FbYHa6fvMlMKTMnwj4FtZIq4oKBVnBYyOywuYklj2tgwozihCfcLAwu0uOUu/RESn7U5znVTwoOscsvffselrvGPkxt2oyzNCDIrjKWGIjy3pUxMRvskPqY6lKfFjhNyEF1Jbj5eqwU8EK/baSD5TygpbYGsOzs9UC10jbAYx7qwbM8bSwCbF6TmnvF19db1OBAi13dWtRbE=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN7PR14MB6492.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: qahoDPsvRYecBzZlS9pU+3Y2UKzqw7keS0Wn1OUWlcMDeAHd0hCDQGJyyduDN86ojsFjK3FeJnepxa5PmGl18t+cowdtVSP3vW4PJ5S5v1Ryw+9oij9we9MukS4/RSb8hYDEXjhFpRivcwDa5AiozzYen7BuM/3Lh7YY6zfxwuNO97AZIpELxkMyg/rBOBqqoTidvPepx3No6kXGwKYE6B2dChFFiNEu3JboZbK0srgn1j7wvvv4hRO+G/5DbUmi1hL5bsdGm6uNcw47WAcUpACXazgYYz2pKJnrRTaa7LMn53zdT6Zh0gZGPcEv6bt1KG0Hou7BHp76D7IZqb1HewGD8LFdPZb1d7S6epOxtEw041mDWCULCSYZE6iQ3MDDV2IRi4oUnDKL8Rds1og3a1brGjNniwnj1i410pna1wB57ps5MHKx8Sl+JC5U/quC8wmQszmiEZlxA7qMPCLJV6rktvgahjCYYL2vLfRIT35W2MBqGdlYZLX85IGxPYUUsuVsaGNHfWo3tnL54bkXmiaLvwhJtVskVrVBxQVSvEegKy/4gBYK4NE383SP30MvKYr2wunhVsm9qjyroX6KpNvVj7F/svku/SdlqChPcq5zyZ/79Au4lLMERMfa5+WNlsEJOi3zZ/tlRhlMxHAdi8cmHt93A1C7GTNfqXDf3QDJXDvMd3Ar5ICy1nCAYzV9pMGBWJRx97ewA21Xq/IY5CekfNP/1uKJhgmYB0pkCe64TpekqPiyUh26fph/kSl5benbVFiVknKo8grm2HhvcmiCGzSCZSOKIixSvYeIJC4rKFE+tZ1Ni45b2KtfpVrhLT+wii01fAPN5j9f8EwNRiO4XhGKLFkjrySt425/eaZH8QhqdQCBo9c/jRUQDtxLOS1ZytDwwHktkctNwPRQ5YcT6XIH3UAWZjOWNfT7ata5+OTxmcrdzUkdx4ktjCimt0zxrj3pAhS0WlNUyjSVmEtM/A89Bg7zs+C5WHDWahx9Ik5YE8AKdiHjMIVpGTHuWVDuGcIV6+guJoGJT7aRYXsy6CqDo43Xo0XVhiuWN/VMV1ZcRfEYMHfxstKIo6jDC7HvnFl8W3HvTiiEd0r5DWyu6SrtAodcPrGVUd67jjolcCWOC72MhtxVIH0+4wySjoZa/RmCBrSNqWkNYfXsUsmZFsASiJ1654v5IxbbsHJEKCyuAbVejexN0TFIyUgQULwQk2xLdUQiyTGXm1IFkYA9fRzFh4dd+1LhyFCesBOSzHwAlHPjamUT/YW9A5ma+jslV4VgLiUKq4Gud06kHoRScOA7GPhk4us5y9jlCQMmSnCVoq8uzEEiFHKpljNXnnXPBJRMr4yY00bRhCkVhAFgzkL2yozcVN0wR33T20ql7kdq1EpK0RpfMx6zF1VS3RaqhzBCwDpmNwSJpjop07G2XyxG3qBAmikrzejmWgQvSBsZ2JXAVqVybaX+vWPx6jwU3HyQEb1pEGGevzbi9LU6i24FIR7n8SfeDtVHyANtLYqa+r0jQUen7bw9422X9Gy6AJ9r8CAM8h4gmW+bhrswCraNB7DDSNSTUuKa2DMogK2ArA3/S3kdOXqhLG2JX3yYhf8nx3LAHdyAnh7WjQ==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0022_01DA6408.3E50F560"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SN7PR14MB6492.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6c2f2a43-2c35-4657-9164-08dc32494907
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Feb 2024 19:22:31.8899 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: EwSg77Jy+r6BlXm50SIBcFgRQ1gYfhekfHQjeJmcEk1LBBgwxUX9F8Zb66ugRdQ4IDVyCFQw5UpzPoOkx0azcwjh938pUrEl3niT6xpCh0s=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR14MB5479
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/MIPCVYv1xp32mcAMa_bmd8jRneU>
Subject: Re: [Ace] WGLC for draft-ietf-ace-oscore-gm-admin
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Feb 2024 19:23:05 -0000

Thank you to both of you for the excellent comments and feedback, it is very
much appreciated.

 

We’ll see what the authors think about these comments and any additional
comments from Carsten, and get them incorporated into the draft.

 

Once we’ve achieved consensus on the WGLC draft, we’ll assign a document
shepherd, get the shepherd writeup written, and forward the document on to
IESG for publication.

 

-Tim

 

From: Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org> 
Sent: Sunday, February 18, 2024 3:52 AM
To: Cigdem Sengul <cigdem.sengul@gmail.com>; ace@ietf.org
Cc: Tim Hollebeek <tim.hollebeek@digicert.com>
Subject: Re: [Ace] WGLC for draft-ietf-ace-oscore-gm-admin

 

Hi,

 

I’ve been following the development of this draft and think it is ready in
the working group. In addition to some comments already made by Cigdem, I
found only a few nits in the latest version: 

 

Section 3

 

’In the rest of this section, these are referred to as "user scope
entries".’

 

…

 

’In the rest of this section, these are referred to as "admin scope
entries".’

 

*	Remove “In the rest of this section” in these sentences, as the
terms are used throughout the document. 
*	Move the text about the convention to abbreviate “admin scope entry”
with “scope entry”   from the end of section 3.0 to where the former is
defined, to keep definitions of “scope” together in the document. 

 

 

 

Thanks,

Göran

 

 

From: Ace <ace-bounces@ietf.org <mailto:ace-bounces@ietf.org> > on behalf of
Cigdem Sengul <cigdem.sengul@gmail.com <mailto:cigdem.sengul@gmail.com> >
Date: Friday, 16 February 2024 at 23:36
To: ace@ietf.org <mailto:ace@ietf.org>  <ace@ietf.org <mailto:ace@ietf.org>
>
Cc: Tim Hollebeek <tim.hollebeek=40digicert.com@dmarc.ietf.org
<mailto:tim.hollebeek=40digicert.com@dmarc.ietf.org> >
Subject: Re: [Ace] WGLC for draft-ietf-ace-oscore-gm-admin

Hello ace, 

 

I've reviewed the document and found it largely ready. 

 

Below, I make some suggestions to improve clarity and list a few editorial
comments, hope it helps.

Kind regards, 

--Cigdem 

 

 

Section 2. Group Administration
"The AS MAY release Access Tokens to the Administrator for other purposes
than accessing admin resources of registered Group Managers"

=> Reading further into the document, it becomes clear later that " Building
on the above, the same single scope can include user scope entries as well
as admin scope entries"


i.e., tokens may express permissions for user resources). It would be good
to clarify this earlier. 

Section 3. Format of Scope

=> The object identifier ("Toid") examples for wildcard patterns and complex
patterns would be useful. 
=> Can the Create permission be paired with a "literal" Toid? So, the admin
has the right to create a specific config for a specific group name?

Figure 2:
Write  | 3     | Change group configurations 

=>Instread of "Change", Update group configurations?

Section 3.1

"The Administrator may have established a secure communication association
with the Group Manager based on a first Access Token   T1, and then created
an OSCORE group G.  Following the
      invalidation of T1 (e.g., due to expiration) and the establishment of
a new secure communication association with the Group Manager based on a new
Access Token T2, the Administrator can seamlessly perform authorized
operations on the previously created group G."

The example is not clear to me. Why does the G having a wildcard or complex
pattern help in this case?

5.1.2

'group_title', with value either a human-readable description of the OSCORE
group encoded as a CBOR text string, or the CBOR simple value "null" (0xf6)
if no description is specified.

==>If this is group description, group_desc sounds more fitting than
group_title?

5.2
"A possible reason for the Group Manager to consider default values
different from those recommended in this section is to ensure that each of
those are consistent with what the Group Manager supports, e.g., in terms of
signature algorithm and format of authentication credentials used in the
OSCORE group."

Is this mainly saying, "The Group Manager MAY choose different default
values instead of those recommended in this section ... "


6.2 Retrieve a List of Group Configurations by Filters


It would be good to give an example with status filters as well. For
example, is it possible to use a complex pattern for group_name filter?

6.3 Create a New Group Configuration (and also 6.6.)

"Alternatively, the Administrator can perform the registration in the
Resource Directory on behalf of the Group Manager, acting as  Commissioning
Tool."

Why consider this option when 

 

"Therefore, it is RECOMMENDED that registrations of links to
group-membership resources in the Resource Directory are made (and possibly
updated) directly by the Group Manager, rather than by the Administrator."


Editorial
Abstract
OLD:
A Group Manager is responsible to handle the joining of new group
  members, as well as to manage and distribute the group keying
   material. 

NEW:
A Group Manager is responsible for handling the joining of new group
   members, as well as managing and distributing the group keying
   material. 

OLD:
This document defines a RESTful admin interface at the
   Group Manager, that

NEW:
This document defines a RESTful admin interface at the
   Group Manager that

Introduction
OLD:
 When group communication for CoAP is protected with Group OSCORE,
   nodes are required to explicitly join the correct OSCORE group. 

NEW: 
When group communication for CoAP is protected with Group OSCORE,
   nodes are required to join the correct OSCORE group explicitly.  

OLD:
e.g., based on
   the current application state or on pre-installed policies. 

NEW: 
e.g., based on
   the current application state or pre-installed policies. 

TERMINOLOGY
OLD:
An OSCORE group is used as security group for
         one or many application groups.

NEW:
An OSCORE group is used as a security group for
         one or many application groups.

3.1
OLD:
When relying on wildcard patterns and complex patterns, the Administrator
and the AS do not need to know exact group names for
      requesting and issuing an Access Token, respectively (see
      Section 4). 

NEW:
When relying on wildcard patterns and complex patterns, the Administrator
and the AS do not need to know the exact group names for
      requesting and issuing an Access Token, respectively (see
      Section 4). 

4.1
OLD:
With respect to the main Administrator, such assistant Administrators
   are expected to have less permissions to perform administrative
   operations related to the OSCORE group at the Group Manager.

NEW:
With respect to the main Administrator, such assistant Administrators
   are expected to have fewer permissions to perform administrative
   operations related to the OSCORE group at the Group Manager.

OLD:  For
   example, they may not be authorized to create the OSCORE group if not
   existing already, or to delete the OSCORE group and its
   configuration.

NEW:
 For example, they may not be authorized to create an OSCORE group, or to
delete an OSCORE group and its
   configuration.

6.3
OLD: "If the POST request did not specify certain parameters and the Group
Manager used default values different from the ones recommended in Section
5.2, then the response payload MUST include also those
   parameters, specifying the values chosen by the Group Manager for the
   current group configuration."

NEW: "If the POST request did not specify certain parameters and the Group
Manager used default values different from the ones recommended in Section
5.2, then the response payload MUST also include those
   parameters, specifying the values chosen by the Group Manager for the
   current group configuration.

6.6.2
OLD: "Retrieve from the Group Manager the new Group Manager's
            authentication credential "

NEW: Retrieve from the Group Manager the Group Manager's new
            authentication credential 

8.

Sentence hard to parse:
"This option
         fundamentally relies on the Group Manager freeing up group
         names, hence it is not viable if considerably or indefinitely
         postponing the creation of the group is not acceptable."

 

On Fri, 16 Feb 2024 at 19:48, Tim Hollebeek
<tim.hollebeek=40digicert.com@dmarc.ietf.org
<mailto:40digicert.com@dmarc.ietf.org> > wrote:

Just as a reminder, this WGLC closes in three days.  Please provide feedback

as to whether this document is ready to be sent to IESG or not.

 

-Tim

 

From: Tim Hollebeek 
Sent: Monday, February 5, 2024 2:18 PM
To: ace@ietf.org <mailto:ace@ietf.org> 
Subject: WGLC for draft-ietf-ace-oscore-gm-admin

 

Hello ACE Working Group members,

 

We’re finally ready to do a Working Group Last Call for the document

draft-ietf-ace-oscore-gm-admin:

 

https://datatracker.ietf.org/doc/draft-ietf-ace-oscore-gm-admin/

 

Admin Interface for the OSCORE Group Manager

                   draft-ietf-ace-oscore-gm-admin-10

 

Abstract

 

   Group communication for CoAP can be secured using Group Object

   Security for Constrained RESTful Environments (Group OSCORE).  A

   Group Manager is responsible to handle the joining of new group

   members, as well as to manage and distribute the group keying

   material.  This document defines a RESTful admin interface at the

   Group Manager, that allows an Administrator entity to create and

   delete OSCORE groups, as well as to retrieve and update their

   configuration.  The ACE framework for Authentication and

   Authorization is used to enforce authentication and authorization of

   the Administrator at the Group Manager.  Protocol-specific transport

   profiles of ACE are used to achieve communication security, proof-of-

   possession, and server authentication.

 

Please review the document and provide feedback to the list by 

19 February 2024.

 

For the chairs,

 

-Tim

 

_______________________________________________
Ace mailing list
Ace@ietf.org <mailto:Ace@ietf.org> 
https://www.ietf.org/mailman/listinfo/ace

v2.23.0 | Report a Bug | By Email