Re: [Ace] I-D Action: draft-ietf-ace-pubsub-profile-04.txt
Cigdem Sengul <cigdem.sengul@gmail.com> Wed, 29 December 2021 23:14 UTC
Return-Path: <cigdem.sengul@gmail.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAA743A082B for <ace@ietfa.amsl.com>; Wed, 29 Dec 2021 15:14:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15pIgJxYZpxX for <ace@ietfa.amsl.com>; Wed, 29 Dec 2021 15:14:39 -0800 (PST)
Received: from mail-ua1-x934.google.com (mail-ua1-x934.google.com [IPv6:2607:f8b0:4864:20::934]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA01A3A082A for <ace@ietf.org>; Wed, 29 Dec 2021 15:14:38 -0800 (PST)
Received: by mail-ua1-x934.google.com with SMTP id t18so32186625uaj.1 for <ace@ietf.org>; Wed, 29 Dec 2021 15:14:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=ZUMVCnjWMQfxiOIpZT4+4FDSnJgFeUl7S7r7t8H6LyM=; b=lkHhWXbFUlslIhK7BUAp7hxT+RelggT8pxb5/wN75VLLtRcgR1bkOKK4BZUM2fOu9J OJNvPOFVobNzLh2B5Rp7GJFoW6AKhV5VlyqPqUzMh/hnSAzlvV2eE3Xi1miedaCA5dEt DgOgdiEIY44P28tiFA7MZgx8/sL9RKTsYiG3ubjbHZoRdL3i67TOZKKkcGmx7u8CDgGt 3mQsaxSe2+pcnZOT2J7SS/MJRTvcijYdr7Ixc5NCQ6b7N8nqn5Pi8phuvpxcPlNEAk8m YGyFMC0Uwlt4+Bh1JYsx6ub1TddaNuV/6M4rNYNuwfgsQcKYTFGuhtwf8TOOPzJZMJpv hGew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=ZUMVCnjWMQfxiOIpZT4+4FDSnJgFeUl7S7r7t8H6LyM=; b=LJyYYiTjsduOh3Bjrziqbji7S5+SnLyPGqnYMMhtU9o8jhwAYqOvpyxOT0fsD40gPG ZDqb7QLGcth8uAt5ovNsDpND1p2fj4ICzemq7kJ/i6U1niubS65anXcMZgAvHlSZBa3q bc3tfQ5ZLkSD2eofkcqWrmr2iiLozIggNhhdb2Eev2WdssXmxjMiEQnCaWNRQkN3y89z e36lZ4on12pVUkpLAwHUplVKqx0Pwp/LRbOUIaG0/TZAbzORa/jztmuAdu89TDqykJ23 3j5bwGkAwMGJ85qmdRFVVKgf51+V64MYZBFHvkOjhgipR6aGtqaMZh+uJyItP2Z1Z+ur DSPg==
X-Gm-Message-State: AOAM531XxesUKOdgaOt37niGHre+16DpjakKtd3v/577fDhRQ1scP8Dy tXT9KzLlvaUDHqIWYjK/w2eyGpNP5/ZCzyJVBljHc+vrtz4=
X-Google-Smtp-Source: ABdhPJwkxjGxzlmjkeANFMRUgSaGqjvYOx2HyQEF7AE0GgyL9o3wr7gEBSMNYZ8T22yZXe4hUS7SZhzHvbEnqcnrclo=
X-Received: by 2002:a67:1c44:: with SMTP id c65mr8775260vsc.78.1640819677250; Wed, 29 Dec 2021 15:14:37 -0800 (PST)
MIME-Version: 1.0
References: <164081884779.16641.15799607470830201773@ietfa.amsl.com>
In-Reply-To: <164081884779.16641.15799607470830201773@ietfa.amsl.com>
From: Cigdem Sengul <cigdem.sengul@gmail.com>
Date: Wed, 29 Dec 2021 23:14:38 +0000
Message-ID: <CAA7SwCP-A_EGZ+TszDR4wLJR5i-6DM0ZamUqbsjbP0Am1ekk2A@mail.gmail.com>
To: Ace Wg <ace@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000000c71405d4511afa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/wvWEKt5YKVXtK5yrwAzoBn5p7Ao>
Subject: Re: [Ace] I-D Action: draft-ietf-ace-pubsub-profile-04.txt
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Dec 2021 23:14:44 -0000
Dear Ace, I've uploaded a new version of the pub-sub document before the document expired on January 1, 2022. This version partially addresses the review comments of Marco [August 30 and October 12] (Thanks, Marco!). The new version makes the following changes: 1) Changes to using two authorization requests to AS. One request where the audience is the broker and the other is the KDC. This approach was considered more appropriate in IETF 111 discussion and discussion e-mails with Marco to the group. 2) Change from COSE_Key used as a public key, support UCCS. 3) Various rewording suggestions captured in this Github issue: https://github.com/ace-wg/pubsub-profile/issues/12 <https://github.com/ace-wg/pubsub-profile/issues/12> 4) Revised discussion around application group to security group mapping, and MQTT text - discussion captured here: https://github.com/ace-wg/pubsub-profile/issues/14 There are several open issues, some of which marked as ToDo in the submitted draft (e.g., multiple publishers protecting topic content, better alignment to the new KDC interface etc., which can be seen here: https://github.com/ace-wg/pubsub-profile/issues. <https://github.com/ace-wg/pubsub-profile/issues> Therefore, a new version will be uploaded soon again to handle those. Happy new year to all! -Cigdem On Wed, Dec 29, 2021 at 11:00 PM <internet-drafts@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Authentication and Authorization for > Constrained Environments WG of the IETF. > > Title : Pub-Sub Profile for Authentication and > Authorization for Constrained Environments (ACE) > Authors : Francesca Palombini > Cigdem Sengul > Filename : draft-ietf-ace-pubsub-profile-04.txt > Pages : 23 > Date : 2021-12-29 > > Abstract: > This specification defines an application profile for authentication > and authorization for Publishers and Subscribers in a constrained > pub-sub scenario, using the ACE framework. This profile relies on > transport layer or application layer security to authorize the pub- > sub clients to the broker. Moreover, it describes the use of > application layer security to protect the content of the pub-sub > client message exchange through the broker. The profile covers pub- > sub scenarios using either the Constrained Application Protocol > (CoAP) [I-D.ietf-core-coap-pubsub] or the Message Queue Telemetry > Transport (MQTT) [MQTT-OASIS-Standard-v5] protocol. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-ace-pubsub-profile/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-ace-pubsub-profile-04.html > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-ace-pubsub-profile-04 > > > Internet-Drafts are also available by rsync at rsync.ietf.org: > :internet-drafts > > > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace >
- [Ace] I-D Action: draft-ietf-ace-pubsub-profile-0… internet-drafts
- Re: [Ace] I-D Action: draft-ietf-ace-pubsub-profi… Cigdem Sengul