Re: [Ace] Innovating
Göran Selander <goran.selander@ericsson.com> Sat, 31 October 2015 08:18 UTC
Return-Path: <goran.selander@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84EA11A1ADD for <ace@ietfa.amsl.com>; Sat, 31 Oct 2015 01:18:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.901
X-Spam-Level:
X-Spam-Status: No, score=-3.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y0VtfMmrrhBj for <ace@ietfa.amsl.com>; Sat, 31 Oct 2015 01:18:03 -0700 (PDT)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32A901A1ACA for <Ace@ietf.org>; Sat, 31 Oct 2015 01:18:03 -0700 (PDT)
X-AuditID: c1b4fb30-f79626d000006adf-85-5634793944cc
Received: from ESESSHC012.ericsson.se (Unknown_Domain [153.88.183.54]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id 46.8B.27359.93974365; Sat, 31 Oct 2015 09:18:01 +0100 (CET)
Received: from ESESSMB303.ericsson.se ([169.254.3.162]) by ESESSHC012.ericsson.se ([153.88.183.54]) with mapi id 14.03.0248.002; Sat, 31 Oct 2015 09:17:06 +0100
From: Göran Selander <goran.selander@ericsson.com>
To: Stefanie Gerdes <gerdes@tzi.de>, Samuel Erdtman <samuel@erdtman.se>, Carsten Bormann <cabo@tzi.org>
Thread-Topic: [Ace] Innovating
Thread-Index: AQHREnxBH+G/NF6jq069q22sAXskIZ6DluUAgAEJvwCAAKNxgA==
Date: Sat, 31 Oct 2015 08:17:06 +0000
Message-ID: <D25A296A.3C018%goran.selander@ericsson.com>
References: <56326D0D.9020309@tzi.org> <CAF2hCbYy17CENMe6tJvD49QQpdNOVp9nGNNcEXVqPXa=_qgTEg@mail.gmail.com> <5633FDF6.2010501@tzi.de>
In-Reply-To: <5633FDF6.2010501@tzi.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.7.141117
x-originating-ip: [153.88.183.154]
Content-Type: text/plain; charset="utf-8"
Content-ID: <70D23C58578F0A4E87248AB7F2693355@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrBIsWRmVeSWpSXmKPExsUyM2K7ma5lpUmYwY/fshbfv/UwWzQtbmSy ODLlLqvFxot3GS2W7rzHavF/6SkmBzaPF//2MHos3rSfzWPJkp9MHtvefmX2mLYoM4A1issm JTUnsyy1SN8ugSvj179PrAV9UhUvXiU0MO6Q7GLk5JAQMJFoOXOBDcIWk7hwbz2YLSRwmFHi wTfmLkYuIHsJo8Tu05MZQRJsAi4SDxoeMYHYIgKZEq9W3WYFsZkFSiQ+3W1mBrGFBWQlGj/+ A7I5gGrkJDbetYEod5L49qsFbD6LgKrE/SfdYK28AhYS+27PYIHY1ckocXTOdzaQXk4BNYnG pfwgNYxAt30/tYYJYpW4xK0n85kgbhaQWLLnPDOELSrx8vE/sJmiAnoSK683Qf2lJLHo9mcm kJHMApoS63fpQ5jWEuufSkFMVJSY0v2QHeIaQYmTM5+wTGCUmIVk2SyE5lkIzbOQNM9C0ryA kXUVo2hxanFSbrqRkV5qUWZycXF+nl5easkmRmD8Htzy22AH48vnjocYBTgYlXh4DfYZhwmx JpYVV+YeYpTgYFYS4eXVNAkT4k1JrKxKLcqPLyrNSS0+xCjNwaIkztvM9CBUSCA9sSQ1OzW1 ILUIJsvEwSnVwMj29WjcS/stKVvOPejTsjjU3XBjoeRzIa9Ziy4sYvumuNu5doaS3rVo1Ufp 7v07Oz8ssQyfuvrQlw+3Nqe9CzixIeQ0h2lnhv80/dDtTt6BQQxq7P6lfn5MKhta119Tkzsc Ir9k+cxvhr9Xts/scTK0v+T08HX9qlO9ynOTppXsSUqZvuOfyh4lluKMREMt5qLiRABgDaOs 2wIAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/ace/Uv4TUfXW44nWmRdkdpox4S0mPns>
Cc: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Olaf Bergmann <bergmann@tzi.org>, "Ace@ietf.org" <Ace@ietf.org>
Subject: Re: [Ace] Innovating
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Oct 2015 08:18:05 -0000
On 2015-10-31 00:32, "Stefanie Gerdes" <gerdes@tzi.de> wrote: >Hi all, > >The solutions in ACE are all reusing existing solutions, they are just >using different solutions to a different extent. > >The use cases show that there is a large variety of scenarios with >different characteristics. The scenarios differ from the web scenarios >which is why we founded ACE in the first place. Some of the use cases >might only require a little tweaking of existing protocols, others need >more consideration about how those protocols can be applied. > >We designed DCAF to address scenarios where the client, the server or >both can be class-1 devices (see RFC 7228 [1]), where the client and the >server may belong to different owners with distinct authorization >policies and where these owners may not intervene in the authorization >process at the time of the communication. As far as I understand >draft-seitz-ace-oauth, it only supports less-constrained clients. No, that is not correct. What gave you that impression? Instead of me going through how various deployment scenarios in section 6 could be used with constrained clients, it would be helpful it you gave some reference to the draft supporting your claim. But just to give an example see section 6.3: https://tools.ietf.org/html/draft-seitz-ace-oauth-authz-00#section-6.3 In this case the interaction and processing performed by the client could be restricted to passing a reference token, which can be made arbitrarily small, to the resource server and then making the resource request. These two requests could even be combined into one request/response using optimizations described in Appendix B, see figure 23. https://tools.ietf.org/html/draft-seitz-ace-oauth-authz-00#appendix-B As one concrete use case the client could be key fob using radio energy harvesting. Göran >That >might be fine for the use cases and devices that you have in mind. With >DCAF, we go a bit further into the constrained world and want to enable >constrained devices to securely communicate with other constrained devices > >Of course we want DCAF to interoperate with existing protocols. That is >why we describe how such interactions can work (see >draft-gerdes-ace-dcaf-examples [2]). > >Best regards, >Steffi > >[1] https://tools.ietf.org/html/rfc7228 >[2] https://tools.ietf.org/html/draft-gerdes-ace-dcaf-examples-00
- [Ace] Innovating Carsten Bormann
- Re: [Ace] Innovating Erik Wahlström neXus
- Re: [Ace] Innovating Carsten Bormann
- Re: [Ace] Innovating Malisa Vucinic
- Re: [Ace] Innovating Samuel Erdtman
- [Ace] [ACE] Innovating Göran Selander
- Re: [Ace] Innovating Göran Selander
- Re: [Ace] Innovating Stefanie Gerdes
- Re: [Ace] Innovating Stefanie Gerdes
- Re: [Ace] Innovating Göran Selander
- Re: [Ace] Innovating Göran Selander
- Re: [Ace] Innovating Hannes Tschofenig