rfc9203.original | rfc9203.txt | |||
---|---|---|---|---|
ACE Working Group F. Palombini | Internet Engineering Task Force (IETF) F. Palombini | |||
Internet-Draft Ericsson AB | Request for Comments: 9203 Ericsson AB | |||
Intended status: Standards Track L. Seitz | Category: Standards Track L. Seitz | |||
Expires: 7 November 2021 Combitech | ISSN: 2070-1721 Combitech | |||
G. Selander | G. Selander | |||
Ericsson AB | Ericsson AB | |||
M. Gunnarsson | M. Gunnarsson | |||
RISE | RISE | |||
6 May 2021 | March 2022 | |||
OSCORE Profile of the Authentication and Authorization for Constrained | The Object Security for Constrained RESTful Environments (OSCORE) | |||
Environments Framework | Profile of the Authentication and Authorization for Constrained | |||
draft-ietf-ace-oscore-profile-19 | Environments (ACE) Framework | |||
Abstract | Abstract | |||
This document specifies a profile for the Authentication and | This document specifies a profile for the Authentication and | |||
Authorization for Constrained Environments (ACE) framework. It | Authorization for Constrained Environments (ACE) framework. It | |||
utilizes Object Security for Constrained RESTful Environments | utilizes Object Security for Constrained RESTful Environments | |||
(OSCORE) to provide communication security and proof-of-possession | (OSCORE) to provide communication security and proof-of-possession | |||
for a key owned by the client and bound to an OAuth 2.0 access token. | for a key owned by the client and bound to an OAuth 2.0 access token. | |||
Status of This Memo | Status of This Memo | |||
This Internet-Draft is submitted in full conformance with the | This is an Internet Standards Track document. | |||
provisions of BCP 78 and BCP 79. | ||||
Internet-Drafts are working documents of the Internet Engineering | ||||
Task Force (IETF). Note that other groups may also distribute | ||||
working documents as Internet-Drafts. The list of current Internet- | ||||
Drafts is at https://datatracker.ietf.org/drafts/current/. | ||||
Internet-Drafts are draft documents valid for a maximum of six months | This document is a product of the Internet Engineering Task Force | |||
and may be updated, replaced, or obsoleted by other documents at any | (IETF). It represents the consensus of the IETF community. It has | |||
time. It is inappropriate to use Internet-Drafts as reference | received public review and has been approved for publication by the | |||
material or to cite them other than as "work in progress." | Internet Engineering Steering Group (IESG). Further information on | |||
Internet Standards is available in Section 2 of RFC 7841. | ||||
This Internet-Draft will expire on 7 November 2021. | Information about the current status of this document, any errata, | |||
and how to provide feedback on it may be obtained at | ||||
https://www.rfc-editor.org/info/rfc9203. | ||||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2022 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents | |||
license-info) in effect on the date of publication of this document. | (https://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | ||||
Please review these documents carefully, as they describe your rights | carefully, as they describe your rights and restrictions with respect | |||
and restrictions with respect to this document. Code Components | to this document. Code Components extracted from this document must | |||
extracted from this document must include Simplified BSD License text | include Revised BSD License text as described in Section 4.e of the | |||
as described in Section 4.e of the Trust Legal Provisions and are | Trust Legal Provisions and are provided without warranty as described | |||
provided without warranty as described in the Simplified BSD License. | in the Revised BSD License. | |||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction | |||
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | 1.1. Terminology | |||
2. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Protocol Overview | |||
3. Client-AS Communication . . . . . . . . . . . . . . . . . . . 7 | 3. Client-AS Communication | |||
3.1. C-to-AS: POST to token endpoint . . . . . . . . . . . . . 7 | 3.1. C-to-AS: POST to Token Endpoint | |||
3.2. AS-to-C: Access Token . . . . . . . . . . . . . . . . . . 9 | 3.2. AS-to-C: Access Token | |||
3.2.1. The OSCORE_Input_Material . . . . . . . . . . . . . . 13 | 3.2.1. The OSCORE_Input_Material | |||
4. Client-RS Communication . . . . . . . . . . . . . . . . . . . 16 | 4. Client-RS Communication | |||
4.1. C-to-RS: POST to authz-info endpoint . . . . . . . . . . 16 | 4.1. C-to-RS: POST to authz-info Endpoint | |||
4.1.1. The Nonce 1 Parameter . . . . . . . . . . . . . . . . 18 | 4.1.1. The Nonce 1 Parameter | |||
4.1.2. The ace_client_recipientid Parameter . . . . . . . . 18 | 4.1.2. The ace_client_recipientid Parameter | |||
4.2. RS-to-C: 2.01 (Created) . . . . . . . . . . . . . . . . . 19 | 4.2. RS-to-C: 2.01 (Created) | |||
4.2.1. The Nonce 2 Parameter . . . . . . . . . . . . . . . . 20 | 4.2.1. The Nonce 2 Parameter | |||
4.2.2. The ace_server_recipientid Parameter . . . . . . . . 20 | 4.2.2. The ace_server_recipientid Parameter | |||
4.3. OSCORE Setup . . . . . . . . . . . . . . . . . . . . . . 20 | 4.3. OSCORE Setup | |||
4.4. Access rights verification . . . . . . . . . . . . . . . 23 | 4.4. Access Rights Verification | |||
5. Secure Communication with AS . . . . . . . . . . . . . . . . 23 | 5. Secure Communication with AS | |||
6. Discarding the Security Context . . . . . . . . . . . . . . . 23 | 6. Discarding the Security Context | |||
7. Security Considerations . . . . . . . . . . . . . . . . . . . 24 | 7. Security Considerations | |||
8. Privacy Considerations . . . . . . . . . . . . . . . . . . . 26 | 8. Privacy Considerations | |||
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26 | 9. IANA Considerations | |||
9.1. ACE Profile Registry . . . . . . . . . . . . . . . . . . 27 | 9.1. ACE Profile Registry | |||
9.2. OAuth Parameters Registry . . . . . . . . . . . . . . . . 27 | 9.2. OAuth Parameters Registry | |||
9.3. OAuth Parameters CBOR Mappings Registry . . . . . . . . . 27 | 9.3. OAuth Parameters CBOR Mappings Registry | |||
9.4. OSCORE Security Context Parameters Registry . . . . . . . 28 | 9.4. OSCORE Security Context Parameters Registry | |||
9.5. CWT Confirmation Methods Registry . . . . . . . . . . . . 29 | 9.5. CWT Confirmation Methods Registry | |||
9.6. JWT Confirmation Methods Registry . . . . . . . . . . . . 29 | 9.6. JWT Confirmation Methods Registry | |||
9.7. Expert Review Instructions . . . . . . . . . . . . . . . 29 | 9.7. Expert Review Instructions | |||
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 30 | 10. References | |||
10.1. Normative References . . . . . . . . . . . . . . . . . . 30 | 10.1. Normative References | |||
10.2. Informative References . . . . . . . . . . . . . . . . . 32 | 10.2. Informative References | |||
Appendix A. Profile Requirements . . . . . . . . . . . . . . . . 33 | Appendix A. Profile Requirements | |||
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 34 | Acknowledgments | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 34 | Authors' Addresses | |||
1. Introduction | 1. Introduction | |||
This document specifies the "coap_oscore" profile of the ACE | This document specifies the "coap_oscore" profile of the ACE | |||
framework [I-D.ietf-ace-oauth-authz]. In this profile, a client and | framework [RFC9200]. In this profile, a client (C) and a resource | |||
a resource server use the Constrained Application Protocol (CoAP) | server (RS) use the Constrained Application Protocol (CoAP) [RFC7252] | |||
[RFC7252] to communicate. The client uses an access token, bound to | to communicate. The client uses an access token, bound to a | |||
a symmetric key (the proof-of-possession key) to authorize its access | symmetric key (the proof-of-possession (PoP) key) to authorize its | |||
to the resource server. Note that this profile uses a symmetric- | access to the resource server. Note that this profile uses a | |||
crypto-based scheme, where the symmetric secret is used as input | symmetric-crypto-based scheme, where the symmetric secret is used as | |||
material for keying material derivation. In order to provide | input material for keying material derivation. In order to provide | |||
communication security and proof of possession, the client and | communication security and PoP, the client and resource server use | |||
resource server use Object Security for Constrained RESTful | Object Security for Constrained RESTful Environments (OSCORE) as | |||
Environments (OSCORE) [RFC8613]. Note that the proof of possession | defined in [RFC8613]. Note that the PoP is not achieved through a | |||
is not achieved through a dedicated protocol element, but rather | dedicated protocol element but rather occurs after the first message | |||
occurs after the first message exchange using OSCORE. | exchange using OSCORE. | |||
OSCORE specifies how to use CBOR Object Signing and Encryption (COSE) | OSCORE specifies how to use CBOR Object Signing and Encryption (COSE) | |||
[I-D.ietf-cose-rfc8152bis-struct][I-D.ietf-cose-rfc8152bis-algs] to | [RFC9052] [RFC9053] to secure CoAP messages. Note that OSCORE can be | |||
secure CoAP messages. Note that OSCORE can be used to secure CoAP | used to secure CoAP messages, as well as HTTP and combinations of | |||
messages, as well as HTTP and combinations of HTTP and CoAP; a | HTTP and CoAP; a profile of ACE similar to the one described in this | |||
profile of ACE similar to the one described in this document, with | document, with the difference of using HTTP instead of CoAP as the | |||
the difference of using HTTP instead of CoAP as communication | communication protocol, could be specified analogously to this one. | |||
protocol, could be specified analogously to this one. | ||||
1.1. Terminology | 1.1. Terminology | |||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
"OPTIONAL" in this document are to be interpreted as described in BCP | "OPTIONAL" in this document are to be interpreted as described in | |||
14 [RFC2119] [RFC8174] when, and only when, they appear in all | BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
capitals, as shown here. | capitals, as shown here. | |||
Certain security-related terms such as "authentication", | Certain security-related terms such as "authentication", | |||
"authorization", "confidentiality", "(data) integrity", "Message | "authorization", "confidentiality", "(data) integrity", "Message | |||
Authentication Code (MAC)", "Hash-based Message Authentication Code | Authentication Code (MAC)", "Hash-based Message Authentication Code | |||
(HMAC)", and "verify" are taken from [RFC4949]. | (HMAC)", and "verify" are taken from [RFC4949]. | |||
RESTful terminology follows HTTP [RFC7231]. | RESTful terminology follows HTTP [RFC7231]. | |||
Readers are expected to be familiar with the terms and concepts | Readers are expected to be familiar with the terms and concepts | |||
defined in OSCORE [RFC8613], such as "Security Context" and | defined in OSCORE [RFC8613], such as "Security Context" and | |||
"Recipient ID". | "Recipient ID". | |||
Terminology for entities in the architecture is defined in OAuth 2.0 | Terminology for entities in the architecture is defined in OAuth 2.0 | |||
[RFC6749], such as client (C), resource server (RS), and | [RFC6749], such as client (C), resource server (RS), and | |||
authorization server (AS). It is assumed in this document that a | authorization server (AS). It is assumed in this document that a | |||
given resource on a specific RS is associated to a unique AS. | given resource on a specific RS is associated to a unique AS. | |||
Concise Binary Object Representation (CBOR) [RFC8949] and Concise | Concise Binary Object Representation (CBOR) [RFC8949] and Concise | |||
Data Definition Language (CDDL) [RFC8610] are used in this document. | Data Definition Language (CDDL) [RFC8610] are used in this document. | |||
CDDL predefined type names, especially bstr for CBOR byte strings and | CDDL predefined type names, especially "bstr" for CBOR byte strings | |||
tstr for CBOR text strings, are used extensively in this document. | and "tstr" for CBOR text strings, are used extensively in this | |||
document. | ||||
Note that the term "endpoint" is used here, as in | Note that the term "endpoint" is used as in [RFC9200], following its | |||
[I-D.ietf-ace-oauth-authz], following its OAuth definition, which is | OAuth definition, which is to denote resources such as token and | |||
to denote resources such as token and introspect at the AS and authz- | introspect at the AS and authz-info at the RS. The CoAP definition, | |||
info at the RS. The CoAP [RFC7252] definition, which is "An entity | which is "[a]n entity participating in the CoAP protocol" [RFC7252], | |||
participating in the CoAP protocol" is not used in this document. | is not used in this document. | |||
Examples throughout this document are expressed in CBOR diagnostic | Examples throughout this document are expressed in CBOR diagnostic | |||
notation without the tag and value abbreviations. | notation without the tag and value abbreviations. | |||
2. Protocol Overview | 2. Protocol Overview | |||
This section gives an overview of how to use the ACE Framework | This section gives an overview of how to use the ACE Framework | |||
[I-D.ietf-ace-oauth-authz] to secure the communication between a | [RFC9200] to secure the communication between a client and a resource | |||
client and a resource server using OSCORE [RFC8613]. The parameters | server using OSCORE [RFC8613]. The parameters needed by the client | |||
needed by the client to negotiate the use of this profile with the | to negotiate the use of this profile with the AS, as well as the | |||
authorization server, as well as the OSCORE setup process, are | OSCORE setup process, are described in detail in the following | |||
described in detail in the following sections. | sections. | |||
The RS maintains a collection of OSCORE Security Contexts with | The RS maintains a collection of OSCORE Security Contexts with | |||
associated authorization information for all the clients that it is | associated authorization information for all the clients that it is | |||
communicating with. The authorization information is maintained as | communicating with. The authorization information is maintained as | |||
policy that is used as input to processing requests from those | policy that is used as input to processing requests from those | |||
clients. | clients. | |||
This profile requires a client to retrieve an access token from the | This profile requires a client to retrieve an access token from the | |||
AS for the resource it wants to access on an RS, by sending an access | AS for the resource it wants to access on an RS, by sending an access | |||
token request to the token endpoint, as specified in section 5.8 of | token request to the token endpoint, as specified in Section 5.8 of | |||
[I-D.ietf-ace-oauth-authz]. The access token request and response | [RFC9200]. The access token request and response MUST be | |||
MUST be confidentiality-protected and ensure authenticity. This | confidentiality protected and ensure authenticity. The use of OSCORE | |||
profile RECOMMENDS the use of OSCORE between client and AS, to reduce | between the client and AS is RECOMMENDED in this profile, to reduce | |||
the number of libraries the client has to support, but other | the number of libraries the client has to support, but other | |||
protocols fulfilling the security requirements defined in section 5 | protocols fulfilling the security requirements defined in Section 5 | |||
of [I-D.ietf-ace-oauth-authz] MAY alternatively be used, such as TLS | of [RFC9200] MAY alternatively be used, such as TLS [RFC8446] or DTLS | |||
[RFC8446] or DTLS [I-D.ietf-tls-dtls13]. | [RFC9147]. | |||
Once the client has retrieved the access token, it generates a nonce | Once the client has retrieved the access token, it generates a nonce | |||
N1, defined in this document (see Section 4.1.1). The client also | N1, as defined in this document (see Section 4.1.1). The client also | |||
generates its own OSCORE Recipient ID ID1 (see Section 3.1 of | generates its own OSCORE Recipient ID, ID1 (see Section 3.1 of | |||
[RFC8613]), for use with the keying material associated to the RS. | [RFC8613]), for use with the keying material associated to the RS. | |||
The client posts the token, N1 and its Recipient ID to the RS using | The client posts the token N1 and its Recipient ID to the RS using | |||
the authz-info endpoint and mechanisms specified in section 5.8 of | the authz-info endpoint and mechanisms specified in Section 5.8 of | |||
[I-D.ietf-ace-oauth-authz] and Content-Format = application/ace+cbor. | [RFC9200] and Content-Format = application/ace+cbor. When using this | |||
When using this profile, the communication with the authz-info | profile, the communication with the authz-info endpoint is not | |||
endpoint is not protected, except for update of access rights. | protected, except for the update of access rights. | |||
If the access token is valid, the RS replies to this request with a | If the access token is valid, the RS replies to this request with a | |||
2.01 (Created) response with Content-Format = application/ace+cbor, | 2.01 (Created) response with Content-Format = application/ace+cbor, | |||
which contains a nonce N2 and its newly generated OSCORE Recipient | which contains a nonce N2 and its newly generated OSCORE Recipient | |||
ID, ID2, for use with the keying material associated to the client. | ID, ID2, for use with the keying material associated to the client. | |||
Moreover, the server concatenates the input salt received in the | Moreover, the server concatenates the input salt received in the | |||
token, N1, and N2 to obtain the Master Salt of the OSCORE Security | token, N1, and N2 to obtain the Master Salt of the OSCORE Security | |||
Context (see section 3 of [RFC8613]). The RS then derives the | Context (see Section 3 of [RFC8613]). The RS then derives the | |||
complete Security Context associated with the received token from the | complete Security Context associated with the received token from the | |||
Master Salt, the OSCORE Recipient ID generated by the client (set as | Master Salt; the OSCORE Recipient ID generated by the client (set as | |||
its OSCORE Sender ID), its own OSCORE Recipient ID, plus the | its OSCORE Sender ID); its own OSCORE Recipient ID; plus the | |||
parameters received in the access token from the AS, following | parameters received in the access token from the AS, following | |||
section 3.2 of [RFC8613]. | Section 3.2 of [RFC8613]. | |||
In a similar way, after receiving the nonce N2, the client | In a similar way, after receiving the nonce N2, the client | |||
concatenates the input salt, N1 and N2 to obtain the Master Salt of | concatenates the input salt N1 and N2 to obtain the Master Salt of | |||
the OSCORE Security Context. The client then derives the complete | the OSCORE Security Context. The client then derives the complete | |||
Security Context from the Master Salt, the OSCORE Recipient ID | Security Context from the Master Salt; the OSCORE Recipient ID | |||
generated by the RS (set as its OSCORE Sender ID), its own OSCORE | generated by the RS (set as its OSCORE Sender ID); its own OSCORE | |||
Recipient ID, plus the parameters received from the AS. | Recipient ID; plus the parameters received from the AS. | |||
Finally, the client starts the communication with the RS by sending a | Finally, the client starts the communication with the RS by sending a | |||
request protected with OSCORE to the RS. If the request is | request protected with OSCORE to the RS. If the request is | |||
successfully verified, the server stores the complete Security | successfully verified, the server stores the complete Security | |||
Context state that is ready for use in protecting messages, and uses | Context state that is ready for use in protecting messages and uses | |||
it in the response, and in further communications with the client, | it in the response, and in further communications with the client, | |||
until token deletion due to, for example, expiration. This Security | until token deletion due to, for example, expiration. This Security | |||
Context is discarded when a token (whether the same or a different | Context is discarded when a token (whether the same or a different | |||
one) is used to successfully derive a new Security Context for that | one) is used to successfully derive a new Security Context for that | |||
client. | client. | |||
The use of nonces N1 and N2 during the exchange prevents the reuse of | The use of nonces N1 and N2 during the exchange prevents the reuse of | |||
an Authenticated Encryption with Associated Data (AEAD) nonce/key | an Authenticated Encryption with Associated Data (AEAD) nonce/key | |||
pair for two different messages. Reuse might otherwise occur when | pair for two different messages. Reuse might otherwise occur when | |||
client and RS derive a new Security Context from an existing (non- | the client and RS derive a new Security Context from an existing | |||
expired) access token, as might occur when either party has just | (non-expired) access token, as might occur when either party has just | |||
rebooted, and might lead to loss of both confidentiality and | rebooted, and that might lead to loss of both confidentiality and | |||
integrity. Instead, by using the exchanged nonces N1 and N2 as part | integrity. Instead, by using the exchanged nonces N1 and N2 as part | |||
of the Master Salt, the request to the authz-info endpoint posting | of the Master Salt, the request to the authz-info endpoint posting | |||
the same token results in a different Security Context, by OSCORE | the same token results in a different Security Context, by OSCORE | |||
construction, since even though the Master Secret, Sender ID and | construction, since even though the Master Secret, Sender ID, and | |||
Recipient ID are the same, the Master Salt is different (see | Recipient ID are the same, the Master Salt is different (see | |||
Section 3.2.1 of [RFC8613]). If the exchanged nonces were reused, a | Section 3.2.1 of [RFC8613]). If the exchanged nonces were reused, a | |||
node reusing a non-expired old token would be susceptible to on-path | node reusing a non-expired old token would be susceptible to on-path | |||
attackers provoking the creation of an OSCORE message using an old | attackers provoking the creation of an OSCORE message using an old | |||
AEAD key and nonce. | AEAD key and nonce. | |||
After the whole message exchange has taken place, the client can | After the whole message exchange has taken place, the client can | |||
contact the AS to request an update of its access rights, sending a | contact the AS to request an update of its access rights, sending a | |||
similar request to the token endpoint that also includes an | similar request to the token endpoint that also includes an | |||
identifier so that the AS can find the correct OSCORE security input | identifier so that the AS can find the correct OSCORE security input | |||
material it has previously shared with the client. This specific | material it has previously shared with the client. This specific | |||
identifier, encoded as a byte string, is assigned by the AS to be | identifier, encoded as a byte string, is assigned by the AS to be | |||
unique in the sets of its OSCORE security input materials, and is not | unique in the sets of its OSCORE security input materials, and it is | |||
used as input material to derive the full OSCORE Security Context. | not used as input material to derive the full OSCORE Security | |||
Context. | ||||
An overview of the profile flow for the OSCORE profile is given in | An overview of the profile flow for the OSCORE profile is given in | |||
Figure 1. The names of messages coincide with those of | Figure 1. The names of messages coincide with those of [RFC9200] | |||
[I-D.ietf-ace-oauth-authz] when applicable. | when applicable. | |||
C RS AS | C RS AS | |||
| | | | | | | | |||
| ----- POST /token ----------------------------> | | | ----- POST /token ----------------------------> | | |||
| | | | | | | | |||
| <---------------------------- Access Token ----- | | | <---------------------------- Access Token ----- | | |||
| + Access Information | | | + Access Information | | |||
| ---- POST /authz-info ---> | | | | ---- POST /authz-info ---> | | | |||
| (access_token, N1, ID1) | | | | (access_token, N1, ID1) | | | |||
| | | | | | | | |||
skipping to change at page 7, line 40 ¶ | skipping to change at line 283 ¶ | |||
| | | | | | | | |||
| <--- OSCORE Response ----- | | | | <--- OSCORE Response ----- | | | |||
| | | | | | | | |||
| ... | | | | ... | | | |||
Figure 1: Protocol Overview | Figure 1: Protocol Overview | |||
3. Client-AS Communication | 3. Client-AS Communication | |||
The following subsections describe the details of the POST request | The following subsections describe the details of the POST request | |||
and response to the token endpoint between client and AS. | and response to the token endpoint between the client and AS. | |||
Section 3.2 of [RFC8613] defines how to derive a Security Context | Section 3.2 of [RFC8613] defines how to derive a Security Context | |||
based on a shared master secret and a set of other parameters, | based on a shared Master Secret and a set of other parameters, | |||
established between client and server, which the client receives from | established between the client and server, which the client receives | |||
the AS in this exchange. The proof-of-possession key (pop-key) | from the AS in this exchange. The PoP key included in the response | |||
included in the response from the AS MUST be used as master secret in | from the AS MUST be used as a Master Secret in OSCORE. | |||
OSCORE. | ||||
3.1. C-to-AS: POST to token endpoint | 3.1. C-to-AS: POST to Token Endpoint | |||
The client-to-AS request is specified in Section 5.8.1 of | The client-to-AS request is specified in Section 5.8.1 of [RFC9200]. | |||
[I-D.ietf-ace-oauth-authz]. | ||||
The client must send this POST request to the token endpoint over a | The client must send this POST request to the token endpoint over a | |||
secure channel that guarantees authentication, message integrity and | secure channel that guarantees authentication, message integrity, and | |||
confidentiality (see Section 5). | confidentiality (see Section 5). | |||
An example of such a request is shown in Figure 2 | An example of such a request is shown in Figure 2. | |||
Header: POST (Code=0.02) | Header: POST (Code=0.02) | |||
Uri-Host: "as.example.com" | Uri-Host: "as.example.com" | |||
Uri-Path: "token" | Uri-Path: "token" | |||
Content-Format: "application/ace+cbor" | Content-Format: "application/ace+cbor" | |||
Payload: | Payload: | |||
{ | { | |||
"audience" : "tempSensor4711", | "audience" : "tempSensor4711", | |||
"scope" : "read" | "scope" : "read" | |||
} | } | |||
Figure 2: Example C-to-AS POST /token request for an access token | Figure 2: Example C-to-AS POST /token Request for an Access Token | |||
bound to a symmetric key. | Bound to a Symmetric Key | |||
If the client wants to update its access rights without changing an | If the client wants to update its access rights without changing an | |||
existing OSCORE Security Context, it MUST include in its POST request | existing OSCORE Security Context, it MUST include a "req_cnf" object | |||
to the token endpoint a req_cnf object, with the kid field carrying a | in its POST request to the token endpoint, with the kid field | |||
CBOR byte string containing the OSCORE Input Material Identifier | carrying a CBOR byte string containing the OSCORE Input Material | |||
(assigned as discussed in Section 3.2). This identifier, together | identifier (assigned as discussed in Section 3.2). This identifier, | |||
with other information such as audience (see Section 5.8.1 of | together with other information such as audience (see Section 5.8.1 | |||
[I-D.ietf-ace-oauth-authz]), can be used by the AS to determine the | of [RFC9200]), can be used by the AS to determine the shared secret | |||
shared secret bound to the proof-of-possession token and therefore | bound to the proof-of-possession token; therefore, it MUST identify a | |||
MUST identify a symmetric key that was previously generated by the AS | symmetric key that was previously generated by the AS as a shared | |||
as a shared secret for the communication between the client and the | secret for the communication between the client and the RS. The AS | |||
RS. The AS MUST verify that the received value identifies a proof- | MUST verify that the received value identifies a proof-of-possession | |||
of-possession key that has previously been issued to the requesting | key that has previously been issued to the requesting client. If | |||
client. If that is not the case, the Client-to-AS request MUST be | that is not the case, the client-to-AS request MUST be declined with | |||
declined with the error code "invalid_request" as defined in | the error code invalid_request as defined in Section 5.8.3 of | |||
Section 5.8.3 of [I-D.ietf-ace-oauth-authz]. | [RFC9200]. | |||
An example of such a request is shown in Figure 3. | ||||
An example of such a request is shown in Figure 3 | ||||
Header: POST (Code=0.02) | Header: POST (Code=0.02) | |||
Uri-Host: "as.example.com" | Uri-Host: "as.example.com" | |||
Uri-Path: "token" | Uri-Path: "token" | |||
Content-Format: "application/ace+cbor" | Content-Format: "application/ace+cbor" | |||
Payload: | Payload: | |||
{ | { | |||
"audience" : "tempSensor4711", | "audience" : "tempSensor4711", | |||
"scope" : "write", | "scope" : "write", | |||
"req_cnf" : { | "req_cnf" : { | |||
"kid" : h'01' | "kid" : h'01' | |||
} | } | |||
Figure 3: Example C-to-AS POST /token request for updating rights | Figure 3: Example C-to-AS POST /token Request for Updating Rights | |||
to an access token bound to a symmetric key. | to an Access Token Bound to a Symmetric Key | |||
3.2. AS-to-C: Access Token | 3.2. AS-to-C: Access Token | |||
After verifying the POST request to the token endpoint and that the | After verifying the POST request to the token endpoint and that the | |||
client is authorized to obtain an access token corresponding to its | client is authorized to obtain an access token corresponding to its | |||
access token request, the AS responds as defined in section 5.8.2 of | access token request, the AS responds as defined in Section 5.8.2 of | |||
[I-D.ietf-ace-oauth-authz]. If the client request was invalid, or | [RFC9200]. If the client request was invalid, or not authorized, the | |||
not authorized, the AS returns an error response as described in | AS returns an error response as described in Section 5.8.3 of | |||
section 5.8.3 of [I-D.ietf-ace-oauth-authz]. | [RFC9200]. | |||
The AS can signal that the use of OSCORE is REQUIRED for a specific | The AS can signal that the use of OSCORE is REQUIRED for a specific | |||
access token by including the "ace_profile" parameter with the value | access token by including the ace_profile parameter with the value | |||
"coap_oscore" in the access token response. This means that the | "coap_oscore" in the access token response. This means that the | |||
client MUST use OSCORE towards all resource servers for which this | client MUST use OSCORE towards all resource servers for which this | |||
access token is valid, and follow Section 4.3 to derive the security | access token is valid, and follow Section 4.3 to derive the security | |||
context to run OSCORE. Usually it is assumed that constrained | context to run OSCORE. Usually, it is assumed that constrained | |||
devices will be pre-configured with the necessary profile, so that | devices will be preconfigured with the necessary profile, so that | |||
this kind of profile signaling can be omitted. | this kind of profile signaling can be omitted. | |||
Moreover, the AS MUST send the following data: | Moreover, the AS MUST send the following data: | |||
* a master secret | * a Master Secret | |||
* an identifier of the OSCORE Input Material | * an identifier of the OSCORE Input Material | |||
Additionally, the AS MAY send the following data, in the same | Additionally, the AS MAY send the following data, in the same | |||
response. | response. | |||
* a context identifier | * a context identifier | |||
* an AEAD algorithm | * an AEAD algorithm | |||
* an HMAC-based key derivation function (HKDF, [RFC5869]) algorithm, | ||||
see section 3.1 of [I-D.ietf-cose-rfc8152bis-algs] | * an HMAC-based key derivation function (HKDF) algorithm [RFC5869]; | |||
see Section 3.1 of [RFC9053] | ||||
* a salt | * a salt | |||
* the OSCORE version number | * the OSCORE version number | |||
This data is transported in the OSCORE_Input_Material. The | This data is transported in the OSCORE_Input_Material. The | |||
OSCORE_Input_Material is a CBOR map object, defined in Section 3.2.1. | OSCORE_Input_Material is a CBOR map object, defined in Section 3.2.1. | |||
This object is transported in the "cnf" parameter of the access token | This object is transported in the cnf parameter of the access token | |||
response as defined in Section 3.2 of [I-D.ietf-ace-oauth-params], as | response, as defined in Section 3.2 of [RFC9201], as the value of a | |||
the value of a field named "osc", registered in Section 9.5 and | field named "osc", which is registered in Sections 9.5 and 9.6. | |||
Section 9.6. | ||||
The AS MAY assign an identifier to the context (context identifier). | The AS MAY assign an identifier to the context (context identifier). | |||
This identifier is used as ID Context in the OSCORE context as | This identifier is used as ID Context in the OSCORE context as | |||
described in section 3.1 of [RFC8613]. If assigned, this parameters | described in Section 3.1 of [RFC8613]. If assigned, these parameters | |||
MUST be communicated as the "contextId" field in the | MUST be communicated as the contextId field in the | |||
OSCORE_Input_Material. The application needs to consider that this | OSCORE_Input_Material. The application needs to consider that this | |||
identifier is sent in the clear and may reveal information about the | identifier is sent in the clear and may reveal information about the | |||
endpoints, as mentioned in section 12.8 of [RFC8613]. | endpoints, as mentioned in Section 12.8 of [RFC8613]. | |||
The master secret and the identifier of the OSCORE_Input_Material | The Master Secret and the identifier of the OSCORE_Input_Material | |||
MUST be communicated as the "ms" and "id" field in the "osc" field in | MUST be communicated as the ms and id field in the osc field in the | |||
the "cnf" parameter of the access token response. If included, the | cnf parameter of the access token response. If included, the | |||
AEAD algorithm is sent in the "alg" parameter in the | following are sent: the AEAD algorithm in the alg parameter in the | |||
OSCORE_Input_Material; the HKDF algorithm in the "hkdf" parameter of | OSCORE_Input_Material; the HKDF algorithm in the hkdf parameter of | |||
the OSCORE_Input_Material; a salt in the "salt" parameter of the | the OSCORE_Input_Material; a salt in the salt parameter of the | |||
OSCORE_Input_Material; and the OSCORE version in the "version" | OSCORE_Input_Material; and the OSCORE version in the version | |||
parameter of the OSCORE_Input_Material. | parameter of the OSCORE_Input_Material. | |||
The same parameters MUST be included in the claims associated with | The same parameters MUST be included in the claims associated with | |||
the access token. The OSCORE master secret MUST be encrypted by the | the access token. The OSCORE Master Secret MUST be encrypted by the | |||
authorization server so that only the resource server can decrypt it | authorization server so that only the resource server can decrypt it | |||
(see Section 6.1. of [I-D.ietf-ace-oauth-authz]). This profile | (see Section 6.1 of [RFC9200]). The use of a CBOR Web Token (CWT) | |||
RECOMMENDS the use of a CBOR web token (CWT) protected with | protected with COSE_Encrypt/COSE_Encrypt0 as specified in [RFC8392] | |||
COSE_Encrypt/COSE_Encrypt0 as specified in [RFC8392]. If the token | is RECOMMENDED in this profile. If the token is a CWT, the same | |||
is a CWT, the same OSCORE_Input_Material structure defined above MUST | OSCORE_Input_Material structure defined above MUST be placed in the | |||
be placed in the "osc" field of the "cnf" claim of this token. | osc field of the cnf claim of this token. | |||
The AS MUST send different OSCORE_Input_Material (and therefore | The AS MUST send a different OSCORE_Input_Material (and therefore | |||
different access tokens) to different authorized clients, in order | different access tokens) to different authorized clients, in order | |||
for the RS to differentiate between clients. | for the RS to differentiate between clients. | |||
Figure 4 shows an example of an AS response. The access token has | Figure 4 shows an example of an AS response. The access token has | |||
been truncated for readability. | been truncated for readability. | |||
Header: Created (Code=2.01) | Header: Created (Code=2.01) | |||
Content-Type: "application/ace+cbor" | Content-Type: "application/ace+cbor" | |||
Payload: | Payload: | |||
{ | { | |||
skipping to change at page 11, line 21 ¶ | skipping to change at line 439 ¶ | |||
"ace_profile" : "coap_oscore", | "ace_profile" : "coap_oscore", | |||
"expires_in" : "3600", | "expires_in" : "3600", | |||
"cnf" : { | "cnf" : { | |||
"osc" : { | "osc" : { | |||
"id" : h'01', | "id" : h'01', | |||
"ms" : h'f9af838368e353e78888e1426bd94e6f' | "ms" : h'f9af838368e353e78888e1426bd94e6f' | |||
} | } | |||
} | } | |||
} | } | |||
Figure 4: Example AS-to-C Access Token response with OSCORE profile. | Figure 4: Example AS-to-C Access Token Response with an OSCORE | |||
Profile | ||||
Figure 5 shows an example CWT Claims Set, including the relevant | Figure 5 shows an example CWT Claims Set, including the relevant | |||
OSCORE parameters in the "cnf" claim. | OSCORE parameters in the cnf claim. | |||
{ | { | |||
"aud" : "tempSensorInLivingRoom", | "aud" : "tempSensorInLivingRoom", | |||
"iat" : "1360189224", | "iat" : "1360189224", | |||
"exp" : "1360289224", | "exp" : "1360289224", | |||
"scope" : "temperature_g firmware_p", | "scope" : "temperature_g firmware_p", | |||
"cnf" : { | "cnf" : { | |||
"osc" : { | "osc" : { | |||
"ms" : h'f9af838368e353e78888e1426bd94e6f', | "ms" : h'f9af838368e353e78888e1426bd94e6f', | |||
"id" : h'01' | "id" : h'01' | |||
} | } | |||
} | } | |||
} | } | |||
Figure 5: Example CWT Claims Set with OSCORE parameters. | Figure 5: Example CWT Claims Set with OSCORE Parameters | |||
The same CWT Claims Set as in Figure 5, using the value abbreviations | The same CWT Claims Set as in Figure 5, using the value abbreviations | |||
defined in [I-D.ietf-ace-oauth-authz] and [RFC8747] and encoded in | defined in [RFC9200] and [RFC8747] and encoded in CBOR, is shown in | |||
CBOR is shown in Figure 6. The bytes in hexadecimal are reported in | Figure 6. The bytes in hexadecimal are reported in the first column, | |||
the first column, while their corresponding CBOR meaning is reported | while their corresponding CBOR meaning is reported after the # sign | |||
after the "#" sign on the second column, for easiness of readability. | on the second column, for readability. | |||
NOTE TO THE RFC EDITOR: before publishing, it should be checked (and | ||||
in case fixed) that the values used below (which are not yet | ||||
registered) are the final values registered in IANA. | ||||
A5 # map(5) | A5 # map(5) | |||
63 # text(3) | 63 # text(3) | |||
617564 # "aud" | 617564 # "aud" | |||
76 # text(22) | 76 # text(22) | |||
74656D7053656E736F72496E4C6976696E67526F6F6D | 74656D7053656E736F72496E4C6976696E67526F6F6D | |||
# "tempSensorInLivingRoom" | # "tempSensorInLivingRoom" | |||
63 # text(3) | 63 # text(3) | |||
696174 # "iat" | 696174 # "iat" | |||
6A # text(10) | 6A # text(10) | |||
skipping to change at page 12, line 41 ¶ | skipping to change at line 502 ¶ | |||
6D73 # "ms" | 6D73 # "ms" | |||
50 # bytes(16) | 50 # bytes(16) | |||
F9AF838368E353E78888E1426BD94E6F | F9AF838368E353E78888E1426BD94E6F | |||
# "\xF9\xAF\x83\x83h\xE3S\xE7 | # "\xF9\xAF\x83\x83h\xE3S\xE7 | |||
\x88\x88\xE1Bk\xD9No" | \x88\x88\xE1Bk\xD9No" | |||
62 # text(2) | 62 # text(2) | |||
6964 # "id" | 6964 # "id" | |||
41 # bytes(1) | 41 # bytes(1) | |||
01 # "\x01" | 01 # "\x01" | |||
Figure 6: Example CWT Claims Set with OSCORE parameters, CBOR | Figure 6: Example CWT Claims Set with OSCORE Parameters Using | |||
encoded. | CBOR Encoding | |||
If the client has requested an update to its access rights using the | If the client has requested an update to its access rights using the | |||
same OSCORE Security Context, which is valid and authorized, the AS | same OSCORE Security Context, which is valid and authorized, the AS | |||
MUST omit the "cnf" parameter in the response, and MUST carry the | MUST omit the cnf parameter in the response and MUST carry the OSCORE | |||
OSCORE Input Material identifier in the "kid" field in the "cnf" | Input Material identifier in the kid field in the cnf claim of the | |||
claim of the token. This identifier needs to be included in the | token. This identifier needs to be included in the token in order | |||
token in order for the RS to identify the correct OSCORE Input | for the RS to identify the correct OSCORE Input Material. | |||
Material. | ||||
Figure 7 shows an example of such an AS response The access token has | Figure 7 shows an example of such an AS response. The access token | |||
been truncated for readability. | has been truncated for readability. | |||
Header: Created (Code=2.01) | Header: Created (Code=2.01) | |||
Content-Type: "application/ace+cbor" | Content-Type: "application/ace+cbor" | |||
Payload: | Payload: | |||
{ | { | |||
"access_token" : h'8343a1010aa2044c53 ... | "access_token" : h'8343a1010aa2044c53 ... | |||
(remainder of access token (CWT) omitted for brevity)', | (remainder of access token (CWT) omitted for brevity)', | |||
"ace_profile" : "coap_oscore", | "ace_profile" : "coap_oscore", | |||
"expires_in" : "3600" | "expires_in" : "3600" | |||
} | } | |||
Figure 7: Example AS-to-C Access Token response with OSCORE | Figure 7: Example AS-to-C Access Token Response with an OSCORE | |||
profile, for update of access rights. | Profile for the Update of Access Rights | |||
Figure 8 shows an example CWT Claims Set, containing the necessary | Figure 8 shows an example CWT Claims Set that contains the necessary | |||
OSCORE parameters in the "cnf" claim for update of access rights. | OSCORE parameters in the cnf claim for the update of access rights. | |||
{ | { | |||
"aud" : "tempSensorInLivingRoom", | "aud" : "tempSensorInLivingRoom", | |||
"iat" : "1360189224", | "iat" : "1360189224", | |||
"exp" : "1360289224", | "exp" : "1360289224", | |||
"scope" : "temperature_h", | "scope" : "temperature_h", | |||
"cnf" : { | "cnf" : { | |||
"kid" : h'01' | "kid" : h'01' | |||
} | } | |||
} | } | |||
Figure 8: Example CWT Claims Set with OSCORE parameters for | Figure 8: Example CWT Claims Set with OSCORE Parameters for the | |||
update of access rights. | Update of Access Rights | |||
3.2.1. The OSCORE_Input_Material | 3.2.1. The OSCORE_Input_Material | |||
An OSCORE_Input_Material is an object that represents the input | An OSCORE_Input_Material is an object that represents the input | |||
material to derive an OSCORE Security Context, i.e., the local set of | material to derive an OSCORE Security Context, i.e., the local set of | |||
information elements necessary to carry out the cryptographic | information elements necessary to carry out the cryptographic | |||
operations in OSCORE (Section 3.1 of [RFC8613]). In particular, the | operations in OSCORE (Section 3.1 of [RFC8613]). In particular, the | |||
OSCORE_Input_Material is defined to be serialized and transported | OSCORE_Input_Material is defined to be serialized and transported | |||
between nodes, as specified by this document, but can also be used by | between nodes, as specified by this document, but it can also be used | |||
other specifications if needed. The OSCORE_Input_Material can either | by other specifications if needed. The OSCORE_Input_Material can be | |||
be encoded as a JSON object or as a CBOR map. The set of common | encoded as either a JSON object or a CBOR map. The set of common | |||
parameters that can appear in an OSCORE_Input_Material can be found | parameters that can appear in an OSCORE_Input_Material can be found | |||
in the IANA "OSCORE Security Context Parameters" registry | in the IANA "OSCORE Security Context Parameters" registry | |||
(Section 9.4), defined for extensibility, and the initial set of | (Section 9.4), defined for extensibility, and the initial set of | |||
parameters defined in this document is specified below. All | parameters defined in this document is specified below. All | |||
parameters are optional. Table 1 provides a summary of the | parameters are optional. Table 1 provides a summary of the | |||
OSCORE_Input_Material parameters defined in this section. | OSCORE_Input_Material parameters defined in this section. | |||
+===========+=======+==========+===================+===============+ | +===========+=======+==========+===================+===============+ | |||
| name | CBOR | CBOR | registry | description | | | name | CBOR | CBOR | registry | description | | |||
| | label | type | | | | | | label | type | | | | |||
+===========+=======+==========+===================+===============+ | +===========+=======+==========+===================+===============+ | |||
| id | 0 | byte | | OSCORE Input | | | id | 0 | byte | | OSCORE Input | | |||
| | | string | | Material | | | | | string | | Material | | |||
| | | | | Identifier | | | | | | | identifier | | |||
+-----------+-------+----------+-------------------+---------------+ | +-----------+-------+----------+-------------------+---------------+ | |||
| version | 1 | unsigned | | OSCORE | | | version | 1 | unsigned | | OSCORE | | |||
| | | integer | | Version | | | | | integer | | version | | |||
+-----------+-------+----------+-------------------+---------------+ | +-----------+-------+----------+-------------------+---------------+ | |||
| ms | 2 | byte | | OSCORE Master | | | ms | 2 | byte | | OSCORE Master | | |||
| | | string | | Secret value | | | | | string | | Secret value | | |||
+-----------+-------+----------+-------------------+---------------+ | +-----------+-------+----------+-------------------+---------------+ | |||
| hkdf | 3 | text | [COSE.Algorithms] | OSCORE HKDF | | | hkdf | 3 | text | [COSE.Algorithms] | OSCORE HKDF | | |||
| | | string / | Values (HMAC- | value | | | | | string / | values (HMAC- | value | | |||
| | | integer | based) | | | | | | integer | based) | | | |||
+-----------+-------+----------+-------------------+---------------+ | +-----------+-------+----------+-------------------+---------------+ | |||
| alg | 4 | text | [COSE.Algorithms] | OSCORE AEAD | | | alg | 4 | text | [COSE.Algorithms] | OSCORE AEAD | | |||
| | | string / | Values (AEAD) | Algorithm | | | | | string / | values (AEAD) | Algorithm | | |||
| | | integer | | value | | | | | integer | | value | | |||
+-----------+-------+----------+-------------------+---------------+ | +-----------+-------+----------+-------------------+---------------+ | |||
| salt | 5 | byte | | an input to | | | salt | 5 | byte | | an input to | | |||
| | | string | | OSCORE Master | | | | | string | | OSCORE Master | | |||
| | | | | Salt value | | | | | | | Salt value | | |||
+-----------+-------+----------+-------------------+---------------+ | +-----------+-------+----------+-------------------+---------------+ | |||
| contextId | 6 | byte | | OSCORE ID | | | contextId | 6 | byte | | OSCORE ID | | |||
| | | string | | Context value | | | | | string | | Context value | | |||
+-----------+-------+----------+-------------------+---------------+ | +-----------+-------+----------+-------------------+---------------+ | |||
Table 1: OSCORE_Input_Material Parameters | Table 1: OSCORE_Input_Material Parameters | |||
id: This parameter identifies the OSCORE_Input_Material and is | id: This parameter identifies the OSCORE_Input_Material and is | |||
encoded as a byte string. In JSON, the "id" value is a Base64 | encoded as a byte string. In JSON, the "id" value is a | |||
encoded byte string. In CBOR, the "id" type is byte string, and | base64-encoded byte string. In CBOR, the "id" type is a byte | |||
has label 0. | string, and it has label 0. | |||
version: This parameter identifies the OSCORE Version number, which | version: This parameter identifies the OSCORE version number, which | |||
is an unsigned integer. For more information about this field, | is an unsigned integer. For more information about this field, | |||
see section 5.4 of [RFC8613]. In JSON, the "version" value is an | see Section 5.4 of [RFC8613]. In JSON, the "version" value is an | |||
integer. In CBOR, the "version" type is integer, and has label 1. | integer. In CBOR, the "version" type is an integer, and it has | |||
label 1. | ||||
ms: This parameter identifies the OSCORE Master Secret value, which | ms: This parameter identifies the OSCORE Master Secret value, which | |||
is a byte string. For more information about this field, see | is a byte string. For more information about this field, see | |||
section 3.1 of [RFC8613]. In JSON, the "ms" value is a Base64 | Section 3.1 of [RFC8613]. In JSON, the "ms" value is a | |||
encoded byte string. In CBOR, the "ms" type is byte string, and | base64-encoded byte string. In CBOR, the "ms" type is byte | |||
has label 2. | string, and it has label 2. | |||
hkdf: This parameter identifies the OSCORE HKDF Algorithm. For more | hkdf: This parameter identifies the OSCORE HKDF Algorithm. For more | |||
information about this field, see section 3.1 of [RFC8613]. The | information about this field, see Section 3.1 of [RFC8613]. The | |||
values used MUST be registered in the IANA "COSE Algorithms" | values used MUST be registered in the IANA "COSE Algorithms" | |||
registry (see [COSE.Algorithms]) and MUST be HMAC-based HKDF | registry (see [COSE.Algorithms]) and MUST be HMAC-based HKDF | |||
algorithms (see section 3.1 of [I-D.ietf-cose-rfc8152bis-algs]). | algorithms (see Section 3.1 of [RFC9053]). The value can be | |||
The value can either be the integer or the text string value of | either the integer or the text-string value of the HMAC-based HKDF | |||
the HMAC-based HKDF algorithm in the "COSE Algorithms" registry. | algorithm in the "COSE Algorithms" registry. In JSON, the "hkdf" | |||
In JSON, the "hkdf" value is a case-sensitive ASCII string or an | value is a case-sensitive ASCII string or an integer. In CBOR, | |||
integer. In CBOR, the "hkdf" type is text string or integer, and | the "hkdf" type is a text string or integer, and it has label 3. | |||
has label 3. | ||||
alg: This parameter identifies the OSCORE AEAD Algorithm. For more | alg: This parameter identifies the OSCORE AEAD Algorithm. For more | |||
information about this field, see section 3.1 of [RFC8613] The | information about this field, see Section 3.1 of [RFC8613]. The | |||
values used MUST be registered in the IANA "COSE Algorithms" | values used MUST be registered in the IANA "COSE Algorithms" | |||
registry (see [COSE.Algorithms]) and MUST be AEAD algorithms. The | registry (see [COSE.Algorithms]) and MUST be AEAD algorithms. The | |||
value can either be the integer or the text string value of the | value can be either the integer or the text-string value of the | |||
HMAC-based HKDF algorithm in the "COSE Algorithms" registry. In | HMAC-based HKDF algorithm in the "COSE Algorithms" registry. In | |||
JSON, the "alg" value is a case-sensitive ASCII string or an | JSON, the "alg" value is a case-sensitive ASCII string or an | |||
integer. In CBOR, the "alg" type is text string or integer, and | integer. In CBOR, the "alg" type is a text string or integer, and | |||
has label 4. | it has label 4. | |||
salt: This parameter identifies an input to the OSCORE Master Salt | salt: This parameter identifies an input to the OSCORE Master Salt | |||
value, which is a byte string. For more information about this | value, which is a byte string. For more information about this | |||
field, see section 3.1 of [RFC8613]. In JSON, the "salt" value is | field, see Section 3.1 of [RFC8613]. In JSON, the "salt" value is | |||
a Base64 encoded byte string. In CBOR, the "salt" type is byte | a base64-encoded byte string. In CBOR, the "salt" type is a byte | |||
string, and has label 5. | string, and it has label 5. | |||
contextId: This parameter identifies the security context as a byte | contextId: This parameter identifies the security context as a byte | |||
string. This identifier is used as OSCORE ID Context. For more | string. This identifier is used as OSCORE ID Context. For more | |||
information about this field, see section 3.1 of [RFC8613]. In | information about this field, see Section 3.1 of [RFC8613]. In | |||
JSON, the "contextID" value is a Base64 encoded byte string. In | JSON, the "contextID" value is a base64-encoded byte string. In | |||
CBOR, the "contextID" type is byte string, and has label 6. | CBOR, the "contextID" type is a byte string, and it has label 6. | |||
An example of JSON OSCORE_Input_Material is given in Figure 9. | An example of JSON OSCORE_Input_Material is given in Figure 9. | |||
"osc" : { | "osc" : { | |||
"alg" : "AES-CCM-16-64-128", | "alg" : "AES-CCM-16-64-128", | |||
"id" : b64'AQ==' | "id" : b64'AQ==' | |||
"ms" : b64'+a+Dg2jjU+eIiOFCa9lObw' | "ms" : b64'+a+Dg2jjU+eIiOFCa9lObw' | |||
} | } | |||
Figure 9: Example JSON OSCORE_Input_Material | Figure 9: Example JSON OSCORE_Input_Material | |||
skipping to change at page 16, line 21 ¶ | skipping to change at line 668 ¶ | |||
? 3 => tstr / int, ; hkdf | ? 3 => tstr / int, ; hkdf | |||
? 4 => tstr / int, ; alg | ? 4 => tstr / int, ; alg | |||
? 5 => bstr, ; salt | ? 5 => bstr, ; salt | |||
? 6 => bstr, ; contextId | ? 6 => bstr, ; contextId | |||
* int / tstr => any | * int / tstr => any | |||
} | } | |||
4. Client-RS Communication | 4. Client-RS Communication | |||
The following subsections describe the details of the POST request | The following subsections describe the details of the POST request | |||
and response to the authz-info endpoint between client and RS. The | and response to the authz-info endpoint between the client and RS. | |||
client generates a nonce N1 and an identifier ID1 unique in the sets | The client generates a nonce N1 and an identifier ID1 that is unique | |||
of its own Recipient IDs, and posts them together with the token that | in the sets of its own Recipient IDs and posts them together with the | |||
includes the materials (e.g., OSCORE parameters) received from the AS | token that includes the materials (e.g., OSCORE parameters) received | |||
to the RS. The RS then generates a nonce N2 and an identifier ID2 | from the AS to the RS. The RS then generates a nonce N2 and an | |||
unique in the sets of its own Recipient IDs, and uses Section 3.2 of | identifier ID2 that is unique in the sets of its own Recipient IDs | |||
[RFC8613] to derive a security context based on a shared master | and uses Section 3.2 of [RFC8613] to derive a security context based | |||
secret, the two exchanged nonces and the two identifiers, established | on a shared Master Secret, the two exchanged nonces, and the two | |||
between client and server. The exchanged nonces and identifiers are | identifiers, established between the client and server. The | |||
encoded as CBOR byte string if CBOR is used, and as Base64 string if | exchanged nonces and identifiers are encoded as a CBOR byte string if | |||
JSON is used. This security context is used to protect all future | CBOR is used and as a base64 string if JSON is used. This security | |||
communication between client and RS using OSCORE, as long as the | context is used to protect all future communication between the | |||
access token is valid. | client and RS using OSCORE, as long as the access token is valid. | |||
Note that the RS and client authenticate each other by generating the | Note that the RS and client authenticate each other by generating the | |||
shared OSCORE Security Context using the pop-key as master secret. | shared OSCORE Security Context using the PoP key as the Master | |||
An attacker posting a valid token to the RS will not be able to | Secret. An attacker posting a valid token to the RS will not be able | |||
generate a valid OSCORE Security Context and thus not be able to | to generate a valid OSCORE Security Context and thus will not be able | |||
prove possession of the pop-key. Additionally, the mutual | to prove possession of the PoP key. Additionally, the mutual | |||
authentication is only achieved after the client has successfully | authentication is only achieved after the client has successfully | |||
verified a response from the RS protected with the generated OSCORE | verified a response from the RS protected with the generated OSCORE | |||
Security Context. | Security Context. | |||
4.1. C-to-RS: POST to authz-info endpoint | 4.1. C-to-RS: POST to authz-info Endpoint | |||
The client MUST generate a nonce value N1 very unlikely to have been | The client MUST generate a nonce value N1 that is very unlikely to | |||
previously used with the same input keying material. This profile | have been previously used with the same input keying material. The | |||
RECOMMENDS using a 64-bit long random number as the nonce's value. | use of a 64-bit long random number as the nonce's value is | |||
The client MUST store the nonce N1 as long as the response from the | RECOMMENDED in this profile. The client MUST store the nonce N1 as | |||
RS is not received and the access token related to it is still valid | long as the response from the RS is not received and the access token | |||
(to the best of the client's knowledge). | related to it is still valid (to the best of the client's knowledge). | |||
The client generates its own Recipient ID, ID1, for the OSCORE | The client generates its own Recipient ID, ID1, for the OSCORE | |||
Security Context that it is establishing with the RS. By generating | Security Context that it is establishing with the RS. By generating | |||
its own Recipient ID, the client makes sure that it does not collide | its own Recipient ID, the client makes sure that it does not collide | |||
with any of its Recipient IDs, nor with any other identifier ID1 if | with any of its Recipient IDs, nor with any other identifier ID1 if | |||
the client is executing this exchange with a different RS at the same | the client is executing this exchange with a different RS at the same | |||
time. | time. | |||
The client MUST use CoAP and the Authorization Information resource | The client MUST use CoAP and the authorization information resource | |||
as described in section 5.8.1 of [I-D.ietf-ace-oauth-authz] to | as described in Section 5.8.1 of [RFC9200] to transport the token, | |||
transport the token, N1 and ID1 to the RS. | N1, and ID1 to the RS. | |||
Note that the use of the payload and the Content-Format is different | Note that the use of the payload and the Content-Format is different | |||
from what is described in section 5.8.1 of | from what is described in Section 5.8.1 of [RFC9200], which only | |||
[I-D.ietf-ace-oauth-authz], which only transports the token without | transports the token without any CBOR wrapping. In this profile, the | |||
any CBOR wrapping. In this profile, the client MUST wrap the token, | client MUST wrap the token, N1, and ID1 in a CBOR map. The client | |||
N1 and ID1 in a CBOR map. The client MUST use the Content-Format | MUST use the Content-Format "application/ace+cbor" defined in | |||
"application/ace+cbor" defined in section 8.14 of | Section 8.14 of [RFC9200]. The client MUST include the access token | |||
[I-D.ietf-ace-oauth-authz]. The client MUST include the access token | using the access_token parameter; N1 using the nonce1 parameter | |||
using the "access_token" parameter, N1 using the "nonce1" parameter | defined in Section 4.1.1; and ID1 using the ace_client_recipientid | |||
defined in Section 4.1.1, and ID1 using the "ace_client_recipientid" | ||||
parameter defined in Section 4.1.2. | parameter defined in Section 4.1.2. | |||
The communication with the authz-info endpoint does not have to be | The communication with the authz-info endpoint does not have to be | |||
protected, except for the update of access rights case described | protected, except for the update of access rights case described | |||
below. | below. | |||
Note that a client may be required to re-POST the access token in | Note that a client may be required to re-POST the access token in | |||
order to complete a request, since an RS may delete a stored access | order to complete a request, since an RS may delete a stored access | |||
token (and associated Security Context) at any time, for example due | token (and associated Security Context) at any time, for example, due | |||
to all storage space being consumed. This situation is detected by | to all storage space being consumed. This situation is detected by | |||
the client when it receives an AS Request Creation Hints response. | the client when it receives an AS Request Creation Hints response. | |||
Reposting the same access token will result in deriving a new OSCORE | Reposting the same access token will result in deriving a new OSCORE | |||
Security Context to be used with the RS, as different exchanged | Security Context to be used with the RS, as different exchanged | |||
nonces will be used. | nonces will be used. | |||
The client may also choose to re-POST the access token in order to | The client may also choose to re-POST the access token in order to | |||
update its OSCORE Security Context. In that case, the client and the | update its OSCORE Security Context. In that case, the client and the | |||
RS will exchange newly generated nonces, re-negotiate identifiers, | RS will exchange newly generated nonces, renegotiate identifiers, and | |||
and derive new keying material. The client and RS might decide to | derive new keying material. The client and RS might decide to keep | |||
keep the same identifiers or renew them during the re-negotiation. | the same identifiers or renew them during the renegotiation. | |||
Figure 10 shows an example of the request sent from the client to the | Figure 10 shows an example of the request sent from the client to the | |||
RS. The access token has been truncated for readability. | RS. The access token has been truncated for readability. | |||
Header: POST (Code=0.02) | Header: POST (Code=0.02) | |||
Uri-Host: "rs.example.com" | Uri-Host: "rs.example.com" | |||
Uri-Path: "authz-info" | Uri-Path: "authz-info" | |||
Content-Format: "application/ace+cbor" | Content-Format: "application/ace+cbor" | |||
Payload: | Payload: | |||
{ | { | |||
"access_token": h'8343a1010aa2044c53 ... | "access_token": h'8343a1010aa2044c53 ... | |||
(remainder of access token (CWT) omitted for brevity)', | (remainder of access token (CWT) omitted for brevity)', | |||
"nonce1": h'018a278f7faab55a', | "nonce1": h'018a278f7faab55a', | |||
"ace_client_recipientid" : h'1645' | "ace_client_recipientid" : h'1645' | |||
} | } | |||
Figure 10: Example C-to-RS POST /authz-info request using CWT | Figure 10: Example C-to-RS POST /authz-info Request Using CWT | |||
If the client has already posted a valid token, has already | If the client has already posted a valid token, has already | |||
established a security association with the RS, and wants to update | established a security association with the RS, and wants to update | |||
its access rights, the client can do so by posting the new token | its access rights, the client can do so by posting the new token | |||
(retrieved from the AS and containing the update of access rights) to | (retrieved from the AS and containing the update of access rights) to | |||
the /authz-info endpoint. The client MUST protect the request using | the /authz-info endpoint. The client MUST protect the request using | |||
the OSCORE Security Context established during the first token | the OSCORE Security Context established during the first token | |||
exchange. The client MUST only send the "access_token" field in the | exchange. The client MUST only send the access_token field in the | |||
CBOR map in the payload, no nonce or identifier are sent. After | CBOR map in the payload; no nonce or identifier is sent. After | |||
proper verification (see Section 4.2), the RS will replace the old | proper verification (see Section 4.2), the RS will replace the old | |||
token with the new one, maintaining the same Security Context. | token with the new one, maintaining the same Security Context. | |||
4.1.1. The Nonce 1 Parameter | 4.1.1. The Nonce 1 Parameter | |||
This parameter MUST be sent from the client to the RS, together with | The nonce 1 parameter MUST be sent from the client to the RS, | |||
the access token, if the ace profile used is coap_oscore, and the | together with the access token, if the ACE profile used is | |||
message is not an update of access rights, protected with an existing | "coap_oscore", and the message is not an update of access rights, | |||
OSCORE Security Context. The parameter is encoded as a byte string | protected with an existing OSCORE Security Context. The parameter is | |||
for CBOR-based interactions, and as a string (Base64 encoded binary) | encoded as a byte string for CBOR-based interactions and as a string | |||
for JSON-based interactions. This parameter is registered in | (base64-encoded binary) for JSON-based interactions. This parameter | |||
Section 9.2. | is registered in Section 9.2. | |||
4.1.2. The ace_client_recipientid Parameter | 4.1.2. The ace_client_recipientid Parameter | |||
This parameter MUST be sent from the client to the RS, together with | The ace_client_recipientid parameter MUST be sent from the client to | |||
the access token, if the ace profile used is coap_oscore, and the | the RS, together with the access token, if the ACE profile used is | |||
message is not an update of access rights, protected with an existing | "coap_oscore", and the message is not an update of access rights, | |||
OSCORE Security Context. The parameter is encoded as a byte string | protected with an existing OSCORE Security Context. The parameter is | |||
for CBOR-based interactions, and as a string (Base64 encoded binary) | encoded as a byte string for CBOR-based interactions and as a string | |||
for JSON-based interactions. This parameter is registered in | (base64-encoded binary) for JSON-based interactions. This parameter | |||
Section 9.2. | is registered in Section 9.2. | |||
4.2. RS-to-C: 2.01 (Created) | 4.2. RS-to-C: 2.01 (Created) | |||
The RS MUST follow the procedures defined in section 5.8.1 of | The RS MUST follow the procedures defined in Section 5.8.1 of | |||
[I-D.ietf-ace-oauth-authz]: the RS must verify the validity of the | [RFC9200]: the RS must verify the validity of the token. If the | |||
token. If the token is valid, the RS must respond to the POST | token is valid, the RS must respond to the POST request with 2.01 | |||
request with 2.01 (Created). If the token is valid but is associated | (Created). If the token is valid but is associated to claims that | |||
to claims that the RS cannot process (e.g., an unknown scope), or if | the RS cannot process (e.g., an unknown scope), or if any of the | |||
any of the expected parameters is missing (e.g., any of the mandatory | expected parameters are missing (e.g., any of the mandatory | |||
parameters from the AS or the identifier "id1"), or if any parameters | parameters from the AS or the identifier ID1), or if any parameters | |||
received in the "osc" field is unrecognized, the RS must respond with | received in the osc field are unrecognized, the RS must respond with | |||
an error response code equivalent to the CoAP code 4.00 (Bad | an error response code equivalent to the CoAP code 4.00 (Bad | |||
Request). In the latter two cases, the RS may provide additional | Request). In the latter two cases, the RS may provide additional | |||
information in the error response, in order to clarify what went | information in the error response, in order to clarify what went | |||
wrong. The RS may make an introspection request (see Section 5.9.1 | wrong. The RS may make an introspection request (see Section 5.9.1 | |||
of [I-D.ietf-ace-oauth-authz]) to validate the token before | of [RFC9200]) to validate the token before responding to the POST | |||
responding to the POST request to the authz-info endpoint. | request to the authz-info endpoint. | |||
Additionally, the RS MUST generate a nonce N2 very unlikely to have | Additionally, the RS MUST generate a nonce N2 that is very unlikely | |||
been previously used with the same input keying material, and its own | to have been previously used with the same input keying material and | |||
Recipient ID, ID2. The RS makes sure that ID2 does not collide with | its own Recipient ID, ID2. The RS makes sure that ID2 does not | |||
any of its Recipient IDs. The RS MUST ensure that ID2 is different | collide with any of its Recipient IDs. The RS MUST ensure that ID2 | |||
from the value received in the ace_client_recipientid parameter. The | is different from the value received in the ace_client_recipientid | |||
RS sends N2 and ID2 within the 2.01 (Created) response. The payload | parameter. The RS sends N2 and ID2 within the 2.01 (Created) | |||
of the 2.01 (Created) response MUST be a CBOR map containing the | response. The payload of the 2.01 (Created) response MUST be a CBOR | |||
"nonce2" parameter defined in Section 4.2.1, set to N2, and the | map containing the nonce2 parameter defined in Section 4.2.1, set to | |||
"ace_server_recipientid" parameter defined in Section 4.2.2, set to | N2, and the ace_server_recipientid parameter defined in | |||
ID2. This profile RECOMMENDS using a 64-bit long random number as | Section 4.2.2, set to ID2. The use of a 64-bit long random number as | |||
the nonce's value. The RS MUST use the Content-Format "application/ | the nonce's value is RECOMMENDED in this profile. The RS MUST use | |||
ace+cbor" defined in section 8.14 of [I-D.ietf-ace-oauth-authz]. | the Content-Format "application/ace+cbor" defined in Section 8.14 of | |||
[RFC9200]. | ||||
Figure 11 shows an example of the response sent from the RS to the | Figure 11 shows an example of the response sent from the RS to the | |||
client. | client. | |||
Header: Created (Code=2.01) | Header: Created (Code=2.01) | |||
Content-Format: "application/ace+cbor" | Content-Format: "application/ace+cbor" | |||
Payload: | Payload: | |||
{ | { | |||
"nonce2": h'25a8991cd700ac01', | "nonce2": h'25a8991cd700ac01', | |||
"ace_server_recipientid" : h'0000' | "ace_server_recipientid" : h'0000' | |||
} | } | |||
Figure 11: Example RS-to-C 2.01 (Created) response | Figure 11: Example RS-to-C 2.01 (Created) Response | |||
As specified in section 5.8.3 of [I-D.ietf-ace-oauth-authz], the RS | As specified in Section 5.8.3 of [RFC9200], the RS must notify the | |||
must notify the client with an error response with code 4.01 | client with an error response with code 4.01 (Unauthorized) for any | |||
(Unauthorized) for any long running request before terminating the | long running request before terminating the session, when the access | |||
session, when the access token expires. | token expires. | |||
If the RS receives the token in a OSCORE protected message, it means | If the RS receives the token in an OSCORE-protected message, it means | |||
that the client is requesting an update of access rights. The RS | that the client is requesting an update of access rights. The RS | |||
MUST ignore any nonce and identifiers in the request, if any was | MUST ignore any nonce and identifiers in the request, if any were | |||
sent. The RS MUST check that the "kid" of the "cnf" claim of the new | sent. The RS MUST check that the "kid" of the cnf claim of the new | |||
access token matches the identifier of the OSCORE Input Material of | access token matches the identifier of the OSCORE Input Material of | |||
the context used to protect the message. If that is the case, the RS | the context used to protect the message. If that is the case, the RS | |||
MUST overwrite the old token and associate the new token to the | MUST overwrite the old token and associate the new token to the | |||
Security Context identified by the "kid" value in the "cnf" claim. | Security Context identified by the "kid" value in the cnf claim. The | |||
The RS MUST respond with a 2.01 (Created) response protected with the | RS MUST respond with a 2.01 (Created) response protected with the | |||
same Security Context, with no payload. If any verification fails, | same Security Context, with no payload. If any verification fails, | |||
the RS MUST respond with a 4.01 (Unauthorized) error response. | the RS MUST respond with a 4.01 (Unauthorized) error response. | |||
As specified in section 5.8.1 of [I-D.ietf-ace-oauth-authz], when | As specified in Section 5.8.1 of [RFC9200], when receiving an updated | |||
receiving an updated access token with updated authorization | access token with updated authorization information from the client | |||
information from the client (see Section 3.1), it is recommended that | (see Section 3.1), it is recommended that the RS overwrites the | |||
the RS overwrites the previous token, that is only the latest | previous token; that is, only the latest authorization information in | |||
authorization information in the token received by the RS is valid. | the token received by the RS is valid. This simplifies the process | |||
This simplifies the process needed by the RS to keep track of | needed by the RS to keep track of authorization information for a | |||
authorization information for a given client. | given client. | |||
4.2.1. The Nonce 2 Parameter | 4.2.1. The Nonce 2 Parameter | |||
This parameter MUST be sent from the RS to the client if the ace | The nonce 2 parameter MUST be sent from the RS to the client if the | |||
profile used is coap_oscore, and the message is not a response to an | ACE profile used is "coap_oscore" and the message is not a response | |||
update of access rights, protected with an existing OSCORE Security | to an update of access rights, protected with an existing OSCORE | |||
Context. The parameter is encoded as a byte string for CBOR-based | Security Context. The parameter is encoded as a byte string for | |||
interactions, and as a string (Base64 encoded binary) for JSON-based | CBOR-based interactions and as a string (base64-encoded binary) for | |||
interactions. This parameter is registered in Section 9.2 | JSON-based interactions. This parameter is registered in Section 9.2 | |||
4.2.2. The ace_server_recipientid Parameter | 4.2.2. The ace_server_recipientid Parameter | |||
This parameter MUST be sent from the RS to the client if the ace | The ace_server_recipientid parameter MUST be sent from the RS to the | |||
profile used is coap_oscore, and the message is not a response to an | client if the ACE profile used is "coap_oscore" and the message is | |||
update of access rights, protected with an existing OSCORE Security | not a response to an update of access rights, protected with an | |||
Context. The parameter is encoded as a byte string for CBOR-based | existing OSCORE Security Context. The parameter is encoded as a byte | |||
interactions, and as a string (Base64 encoded binary) for JSON-based | string for CBOR-based interactions and as a string (base64-encoded | |||
interactions. This parameter is registered in Section 9.2 | binary) for JSON-based interactions. This parameter is registered in | |||
Section 9.2 | ||||
4.3. OSCORE Setup | 4.3. OSCORE Setup | |||
Once the 2.01 (Created) response is received from the RS, following | Once the 2.01 (Created) response is received from the RS, following | |||
the POST request to authz-info endpoint, the client MUST extract the | the POST request to authz-info endpoint, the client MUST extract the | |||
bstr nonce N2 from the "nonce2" parameter in the CBOR map in the | bstr nonce N2 from the nonce2 parameter in the CBOR map in the | |||
payload of the response. Then, the client MUST set the Master Salt | payload of the response. Then, the client MUST set the Master Salt | |||
of the Security Context created to communicate with the RS to the | of the Security Context created to communicate with the RS to the | |||
concatenation of salt, N1, and N2, in this order: Master Salt = | concatenation of salt, N1, and N2 in this order: Master Salt = salt | | |||
salt | N1 | N2, where | denotes byte string concatenation, where salt | N1 | N2, where | denotes byte string concatenation, salt is the CBOR | |||
is the CBOR byte string received from the AS in Section 3.2, and | byte string received from the AS in Section 3.2, and N1 and N2 are | |||
where N1 and N2 are the two nonces encoded as CBOR byte strings. An | the two nonces encoded as CBOR byte strings. An example of Master | |||
example of Master Salt construction using CBOR encoding is given in | Salt construction using CBOR encoding is given in Figure 12. | |||
Figure 12. | ||||
N1, N2 and input salt expressed in CBOR diagnostic notation: | N1, N2 and input salt expressed in CBOR diagnostic notation: | |||
nonce1 = h'018a278f7faab55a' | nonce1 = h'018a278f7faab55a' | |||
nonce2 = h'25a8991cd700ac01' | nonce2 = h'25a8991cd700ac01' | |||
input salt = h'f9af838368e353e78888e1426bd94e6f' | input salt = h'f9af838368e353e78888e1426bd94e6f' | |||
N1, N2 and input salt as CBOR encoded byte strings: | N1, N2 and input salt as CBOR encoded byte strings: | |||
nonce1 = 0x48018a278f7faab55a | nonce1 = 0x48018a278f7faab55a | |||
nonce2 = 0x4825a8991cd700ac01 | nonce2 = 0x4825a8991cd700ac01 | |||
input salt = 0x50f9af838368e353e78888e1426bd94e6f | input salt = 0x50f9af838368e353e78888e1426bd94e6f | |||
Master Salt = 0x50 f9af838368e353e78888e1426bd94e6f | Master Salt = 0x50 f9af838368e353e78888e1426bd94e6f | |||
48 018a278f7faab55a 48 25a8991cd700ac01 | 48 018a278f7faab55a 48 25a8991cd700ac01 | |||
Figure 12: Example of Master Salt construction using CBOR encoding | Figure 12: Example of Master Salt Construction Using CBOR Encoding | |||
If JSON is used instead of CBOR, the Master Salt of the Security | If JSON is used instead of CBOR, the Master Salt of the Security | |||
Context is the Base64 encoding of the concatenation of the same | Context is the base64 encoding of the concatenation of the same | |||
parameters, each of them prefixed by their size, encoded in 1 byte. | parameters, each of them prefixed by their size, encoded in 1 byte. | |||
When using JSON, the nonces and input salt have a maximum size of 255 | When using JSON, the nonces and input salt have a maximum size of 255 | |||
bytes. An example of Master Salt construction using Base64 encoding | bytes. An example of Master Salt construction using base64 encoding | |||
is given in Figure 13. | is given in Figure 13. | |||
N1, N2 and input salt values: | N1, N2 and input salt values: | |||
nonce1 = 0x018a278f7faab55a (8 bytes) | nonce1 = 0x018a278f7faab55a (8 bytes) | |||
nonce2 = 0x25a8991cd700ac01 (8 bytes) | nonce2 = 0x25a8991cd700ac01 (8 bytes) | |||
input salt = 0xf9af838368e353e78888e1426bd94e6f (16 bytes) | input salt = 0xf9af838368e353e78888e1426bd94e6f (16 bytes) | |||
Input to Base64 encoding: 0x10 f9af838368e353e78888e1426bd94e6f | Input to Base64 encoding: 0x10 f9af838368e353e78888e1426bd94e6f | |||
08 018a278f7faab55a 08 25a8991cd700ac01 | 08 018a278f7faab55a 08 25a8991cd700ac01 | |||
Master Salt = b64'EPmvg4No41PniIjhQmvZTm8IAYonj3+qtVoIJaiZHNcArAE=' | Master Salt = b64'EPmvg4No41PniIjhQmvZTm8IAYonj3+qtVoIJaiZHNcArAE=' | |||
Figure 13: Example of Master Salt construction using Base64 encoding | Figure 13: Example of Master Salt Construction Using Base64 Encoding | |||
The client MUST set the Sender ID to the ace_server_recipientid | The client MUST set the Sender ID to the ace_server_recipientid | |||
received in Section 4.2, and the Recipient ID to the | received in Section 4.2 and set the Recipient ID to the | |||
ace_client_recipientid sent in Section 4.1. The client MUST set the | ace_client_recipientid sent in Section 4.1. The client MUST set the | |||
Master Secret from the parameter received from the AS in Section 3.2. | Master Secret from the parameter received from the AS in Section 3.2. | |||
The client MUST set the AEAD Algorithm, ID Context, HKDF, and OSCORE | The client MUST set the AEAD algorithm, ID Context, HKDF, and OSCORE | |||
Version from the parameters received from the AS in Section 3.2, if | version from the parameters received from the AS in Section 3.2, if | |||
present. In case an optional parameter is omitted, the default value | present. In case an optional parameter is omitted, the default value | |||
SHALL be used as described in sections 3.2 and 5.4 of [RFC8613]. | SHALL be used as described in Sections 3.2 and 5.4 of [RFC8613]. | |||
After that, the client MUST derive the complete Security Context | After that, the client MUST derive the complete Security Context | |||
following section 3.2.1 of [RFC8613]. From this point on, the client | following Section 3.2.1 of [RFC8613]. From this point on, the client | |||
MUST use this Security Context to communicate with the RS when | MUST use this Security Context to communicate with the RS when | |||
accessing the resources as specified by the authorization | accessing the resources as specified by the authorization | |||
information. | information. | |||
If any of the expected parameters is missing (e.g., any of the | If any of the expected parameters are missing (e.g., any of the | |||
mandatory parameters from the AS or the RS), or if | mandatory parameters from the AS or the RS), or if | |||
ace_client_recipientid equals ace_server_recipientid (and as a | ace_client_recipientid equals ace_server_recipientid (and as a | |||
consequence the Sender and Recipient Keys derived would be equal, see | consequence, the Sender and Recipient Keys derived would be equal; | |||
section 3.3 of [RFC8613]), then the client MUST stop the exchange, | see Section 3.3 of [RFC8613]), then the client MUST stop the exchange | |||
and MUST NOT derive the Security Context. The client MAY restart the | and MUST NOT derive the Security Context. The client MAY restart the | |||
exchange, to get the correct security material. | exchange, to get the correct security material. | |||
The client then uses this Security Context to send requests to the RS | The client then uses this Security Context to send requests to the RS | |||
using OSCORE. | using OSCORE. | |||
After sending the 2.01 (Created) response, the RS MUST set the Master | After sending the 2.01 (Created) response, the RS MUST set the Master | |||
Salt of the Security Context created to communicate with the client | Salt of the Security Context created to communicate with the client | |||
to the concatenation of salt, N1, and N2, in the same way described | to the concatenation of salt, N1, and N2 in the same way described | |||
above. An example of Master Salt construction using CBOR encoding is | above. An example of Master Salt construction using CBOR encoding is | |||
given in Figure 12 and using Base64 encoding is given in Figure 13. | given in Figure 12 and using base64 encoding is given in Figure 13. | |||
The RS MUST set the Sender ID from the ace_client_recipientid | The RS MUST set the Sender ID from the ace_client_recipientid | |||
received in Section 4.1, and the Recipient ID from the | received in Section 4.1 and set the Recipient ID from the | |||
ace_server_recipientid sent in Section 4.2. The RS MUST set the | ace_server_recipientid sent in Section 4.2. The RS MUST set the | |||
Master Secret from the parameter received from the AS and forwarded | Master Secret from the parameter received from the AS and forwarded | |||
by the client in the access token in Section 4.1 after validation of | by the client in the access token in Section 4.1 after validation of | |||
the token as specified in Section 4.2. The RS MUST set the AEAD | the token as specified in Section 4.2. The RS MUST set the AEAD | |||
Algorithm, ID Context, HKDF, and OSCORE Version from the parameters | algorithm, ID Context, HKDF, and OSCORE version from the parameters | |||
received from the AS and forwarded by the client in the access token | received from the AS and forwarded by the client in the access token | |||
in Section 4.1 after validation of the token as specified in | in Section 4.1 after validation of the token as specified in | |||
Section 4.2, if present. In case an optional parameter is omitted, | Section 4.2, if present. In case an optional parameter is omitted, | |||
the default value SHALL be used as described in sections 3.2 and 5.4 | the default value SHALL be used as described in Sections 3.2 and 5.4 | |||
of [RFC8613]. After that, the RS MUST derive the complete Security | of [RFC8613]. After that, the RS MUST derive the complete Security | |||
Context following section 3.2.1 of [RFC8613], and MUST associate this | Context following Section 3.2.1 of [RFC8613] and MUST associate this | |||
Security Context with the authorization information from the access | Security Context with the authorization information from the access | |||
token. | token. | |||
The RS then uses this Security Context to verify requests and send | The RS then uses this Security Context to verify requests and send | |||
responses to the client using OSCORE. If OSCORE verification fails, | responses to the client using OSCORE. If OSCORE verification fails, | |||
error responses are used, as specified in section 8 of [RFC8613]. | error responses are used, as specified in Section 8 of [RFC8613]. | |||
Additionally, if OSCORE verification succeeds, the verification of | Additionally, if OSCORE verification succeeds, the verification of | |||
access rights is performed as described in section Section 4.4. The | access rights is performed as described in Section 4.4. The RS MUST | |||
RS MUST NOT use the Security Context after the related token has | NOT use the Security Context after the related token has expired and | |||
expired, and MUST respond with a unprotected 4.01 (Unauthorized) | MUST respond with an unprotected 4.01 (Unauthorized) error message to | |||
error message to requests received that correspond to a Security | requests received that correspond to a Security Context with an | |||
Context with an expired token. | expired token. | |||
Note that the ID Context can be assigned by the AS, communicated and | Note that the ID Context can be assigned by the AS, communicated and | |||
set in both the RS and client after the exchange specified in this | set in both the RS and client after the exchange specified in this | |||
profile is executed. Subsequently, client and RS can update their ID | profile is executed. Subsequently, the client and RS can update | |||
Context by running a mechanism such as the one defined in | their ID Context by running a mechanism such as the one defined in | |||
Appendix B.2 of [RFC8613] if they both support it and are configured | Appendix B.2 of [RFC8613] if they both support it and are configured | |||
to do so. In that case, the ID Context in the OSCORE Security | to do so. In that case, the ID Context in the OSCORE Security | |||
Context will not match the "contextId" parameter of the corresponding | Context will not match the contextId parameter of the corresponding | |||
OSCORE_Input_Material. Running Appendix B.2 results in the keying | OSCORE_Input_Material. Running Appendix B.2 results in the keying | |||
material in the Security Contexts of client and RS being updated; | material being updated in the Security Contexts of the client and RS; | |||
this same result can also be achieved by the client reposting the | this same result can also be achieved by the client reposting the | |||
access token to the unprotected /authz-info endpoint at the RS, as | access token to the unprotected /authz-info endpoint at the RS, as | |||
described in Section 4.1, but without updating the ID Context. | described in Section 4.1, but without updating the ID Context. | |||
4.4. Access rights verification | 4.4. Access Rights Verification | |||
The RS MUST follow the procedures defined in section 5.8.2 of | The RS MUST follow the procedures defined in Section 5.8.2 of | |||
[I-D.ietf-ace-oauth-authz]: if an RS receives an OSCORE-protected | [RFC9200]: if an RS receives an OSCORE-protected request from a | |||
request from a client, then the RS processes it according to | client, then the RS processes it according to [RFC8613]. If OSCORE | |||
[RFC8613]. If OSCORE verification succeeds, and the target resource | verification succeeds, and the target resource requires | |||
requires authorization, the RS retrieves the authorization | authorization, the RS retrieves the authorization information using | |||
information using the access token associated to the Security | the access token associated to the Security Context. The RS then | |||
Context. The RS then must verify that the authorization information | must verify that the authorization information covers the resource | |||
covers the resource and the action requested. | and the action requested. | |||
5. Secure Communication with AS | 5. Secure Communication with AS | |||
As specified in the ACE framework (section 5.9 of | As specified in the ACE framework (Section 5.9 of [RFC9200]), the | |||
[I-D.ietf-ace-oauth-authz]), the requesting entity (RS and/or client) | requesting entity (RS and/or client) and the AS communicates via the | |||
and the AS communicates via the introspection or token endpoint. The | introspection or token endpoint. The use of CoAP and OSCORE | |||
use of CoAP and OSCORE ([RFC8613]) for this communication is | [RFC8613] for this communication is RECOMMENDED in this profile; | |||
RECOMMENDED in this profile; other protocols fulfilling the security | other protocols fulfilling the security requirements defined in | |||
requirements defined in section 5 of [I-D.ietf-ace-oauth-authz] (such | Section 5 of [RFC9200] (such as HTTP and DTLS or TLS) MAY be used | |||
as HTTP and DTLS or TLS) MAY be used instead. | instead. | |||
If OSCORE is used, the requesting entity and the AS are expected to | If OSCORE is used, the requesting entity and the AS are expected to | |||
have pre-established security contexts in place. How these security | have preestablished security contexts in place. How these security | |||
contexts are established is out of scope for this profile. | contexts are established is out of scope for this profile. | |||
Furthermore the requesting entity and the AS communicate through the | Furthermore, the requesting entity and the AS communicate through the | |||
introspection endpoint as specified in section 5.9 of | introspection endpoint as specified in Section 5.9 of [RFC9200] and | |||
[I-D.ietf-ace-oauth-authz] and through the token endpoint as | through the token endpoint as specified in Section 5.8 of [RFC9200]. | |||
specified in section 5.8 of [I-D.ietf-ace-oauth-authz]. | ||||
6. Discarding the Security Context | 6. Discarding the Security Context | |||
There are a number of scenarios where a client or RS needs to discard | There are a number of scenarios where a client or RS needs to discard | |||
the OSCORE security context, and acquire a new one. | the OSCORE security context and acquire a new one. | |||
The client MUST discard the current Security Context associated with | The client MUST discard the current Security Context associated with | |||
an RS when any of the following occurs: | an RS when any of the following occurs: | |||
* the Sequence Number space ends. | * the sequence number space ends. | |||
* the access token associated with the context becomes invalid due | * the access token associated with the context becomes invalid due | |||
to, for example, expiration. | to, for example, expiration. | |||
* the client receives a number of 4.01 Unauthorized responses to | * the client receives a number of 4.01 Unauthorized responses to | |||
OSCORE requests using the same Security Context. The exact number | OSCORE requests using the same Security Context. The exact number | |||
needs to be specified by the application. | needs to be specified by the application. | |||
* the client receives a new nonce in the 2.01 (Created) response | * the client receives a new nonce in the 2.01 (Created) response | |||
(see Section 4.2) to a POST request to the authz-info endpoint, | (see Section 4.2) to a POST request to the authz-info endpoint, | |||
when re-posting a (non-expired) token associated to the existing | when reposting a (non-expired) token associated to the existing | |||
context. | context. | |||
The RS MUST discard the current Security Context associated with a | The RS MUST discard the current Security Context associated with a | |||
client when any of the following occurs: | client when any of the following occurs: | |||
* the Sequence Number space ends. | * the sequence number space ends. | |||
* the access token associated with the context expires. | * the access token associated with the context expires. | |||
* the client has successfully replaced the current security context | * the client has successfully replaced the current security context | |||
with a newer one by posting an access token to the unprotected | with a newer one by posting an access token to the unprotected | |||
/authz-info endpoint at the RS, e.g., by re-posting the same | /authz-info endpoint at the RS, e.g., by reposting the same token, | |||
token, as specified in Section 4.1. | as specified in Section 4.1. | |||
Whenever one more access token is successfully posted to the RS, and | Whenever one more access token is successfully posted to the RS, and | |||
a new Security Context is derived between the client and RS, messages | a new Security Context is derived between the client and RS, messages | |||
in transit that were protected with the previous Security Context | in transit that were protected with the previous Security Context | |||
might not pass verification, as the old context is discarded. That | might not pass verification, as the old context is discarded. That | |||
means that messages sent shortly before the client posts one more | means that messages sent shortly before the client posts one more | |||
access token to the RS might not successfully reach the destination. | access tokens to the RS might not successfully reach the destination. | |||
Analogously, implementations may want to cancel CoAP observations at | Analogously, implementations may want to cancel CoAP observations at | |||
the RS registered before the Security Context is replaced, or | the RS registered before the Security Context is replaced, or | |||
conversely they will need to implement a mechanism to ensure that | conversely, they will need to implement a mechanism to ensure that | |||
those observations are to be protected with the newly derived | those observations are to be protected with the newly derived | |||
Security Context. | Security Context. | |||
7. Security Considerations | 7. Security Considerations | |||
This document specifies a profile for the Authentication and | This document specifies a profile for the ACE framework [RFC9200]. | |||
Authorization for Constrained Environments (ACE) framework | Thus, the general security considerations from the framework also | |||
[I-D.ietf-ace-oauth-authz]. Thus the general security considerations | apply to this profile. | |||
from the framework also apply to this profile. | ||||
Furthermore the general security considerations of OSCORE [RFC8613] | Furthermore, the general security considerations of OSCORE [RFC8613] | |||
also apply to this specific use of the OSCORE protocol. | also apply to this specific use of the OSCORE protocol. | |||
As previously stated, the proof-of-possession in this profile is | As previously stated, the proof of possession in this profile is | |||
performed by both parties verifying that they have established the | performed by both parties verifying that they have established the | |||
same Security Context, as specified in Section 4.3, which means that | same Security Context, as specified in Section 4.3, which means that | |||
both the OSCORE request and the OSCORE response passes verification. | both the OSCORE request and the OSCORE response passes verification. | |||
RS authentication requires both that the client trusts the AS and | RS authentication requires both that the client trusts the AS and | |||
that the OSCORE response from the RS passes verification. | that the OSCORE response from the RS passes verification. | |||
OSCORE is designed to secure point-to-point communication, providing | OSCORE is designed to secure point-to-point communication, providing | |||
a secure binding between the request and the response(s). Thus the | a secure binding between the request and the response(s). Thus, the | |||
basic OSCORE protocol is not intended for use in point-to-multipoint | basic OSCORE protocol is not intended for use in point-to-multipoint | |||
communication (e.g., multicast, publish-subscribe). Implementers of | communication (e.g., multicast, publish-subscribe). Implementers of | |||
this profile should make sure that their use case corresponds to the | this profile should make sure that their use case corresponds to the | |||
expected use of OSCORE, to prevent weakening the security assurances | expected use of OSCORE, to prevent weakening the security assurances | |||
provided by OSCORE. | provided by OSCORE. | |||
Since the use of nonces N1 and N2 during the exchange guarantees | Since the use of nonces N1 and N2 during the exchange guarantees | |||
uniqueness of AEAD keys and nonces, it is REQUIRED that the exchanged | uniqueness of AEAD keys and nonces, it is REQUIRED that the exchanged | |||
nonces are not reused with the same input keying material even in | nonces are not reused with the same input keying material even in | |||
case of re-boots. This document RECOMMENDS the exchange of 64 bit | case of reboots. The exchange of 64-bit random nonces is RECOMMENDED | |||
random nonces. Considering the birthday paradox, the average | in this document. Considering the birthday paradox, the average | |||
collision for each nonce will happen after 2^32 messages, which is | collision for each nonce will happen after 2^32 messages, which is | |||
considerably more token provisioned than would be expected for | considerably more token provisionings than would be expected for | |||
intended applications. If applications use something else, such as a | intended applications. If applications use something else, such as a | |||
counter, they need to guarantee that reboot and loss of state on | counter, they need to guarantee that reboot and loss of state on | |||
either node does not provoke reuse. If that is not guaranteed, nodes | either node does not provoke reuse. If that is not guaranteed, nodes | |||
are susceptible to reuse of AEAD (nonce, key) pairs, especially since | are susceptible to reuse of AEAD (nonce, key) pairs, especially since | |||
an on-path attacker can cause the use of a previously exchanged | an on-path attacker can cause the use of a previously exchanged | |||
client nonce N1 for Security Context establishment by replaying the | client nonce N1 for Security Context establishment by replaying the | |||
corresponding client-to-server message. | corresponding client-to-server message. | |||
This profile RECOMMENDS that the RS maintains a single access token | In this profile, it is RECOMMENDED that the RS maintains a single | |||
for each client. The use of multiple access tokens for a single | access token for each client. The use of multiple access tokens for | |||
client increases the strain on the resource server as it must | a single client increases the strain on the resource server as it | |||
consider every access token and calculate the actual permissions of | must consider every access token and calculate the actual permissions | |||
the client. Also, tokens indicating different or disjoint | of the client. Also, tokens indicating different or disjoint | |||
permissions from each other may lead the server to enforce wrong | permissions from each other may lead the server to enforce wrong | |||
permissions. If one of the access tokens expires earlier than | permissions. If one of the access tokens expires earlier than | |||
others, the resulting permissions may offer insufficient protection. | others, the resulting permissions may offer insufficient protection. | |||
Developers SHOULD avoid using multiple access tokens for a same | Developers SHOULD avoid using multiple access tokens for the same | |||
client. | client. | |||
If a single OSCORE Input Material is used with multiple RSs, the RSs | If a single OSCORE Input Material is used with multiple RSs, the RSs | |||
can impersonate the client to one of the other RS, and impersonate | can impersonate the client to one of the other RSs and impersonate | |||
another RS to the client. If a master secret is used with several | another RS to the client. If a Master Secret is used with several | |||
clients, the clients can impersonate RS to one of the other clients. | clients, the clients can impersonate RS to one of the other clients. | |||
Similarly, if symmetric keys are used to integrity protect the token | ||||
Similarly if symmetric keys are used to integrity protect the token | ||||
between AS and RS and the token can be used with multiple RSs, the | between AS and RS and the token can be used with multiple RSs, the | |||
RSs can impersonate AS to one of the other RS. If the token key is | RSs can impersonate AS to one of the other RSs. If the token key is | |||
used for any other communication between the RSs and AS, the RSs can | used for any other communication between the RSs and AS, the RSs can | |||
impersonate each other to the AS. | impersonate each other to the AS. | |||
8. Privacy Considerations | 8. Privacy Considerations | |||
This document specifies a profile for the Authentication and | This document specifies a profile for the ACE framework [RFC9200]. | |||
Authorization for Constrained Environments (ACE) framework | Thus, the general privacy considerations from the framework also | |||
[I-D.ietf-ace-oauth-authz]. Thus the general privacy considerations | apply to this profile. | |||
from the framework also apply to this profile. | ||||
As this document uses OSCORE, thus the privacy considerations from | As this document uses OSCORE, the privacy considerations from | |||
[RFC8613] apply here as well. | [RFC8613] apply here as well. | |||
An unprotected response to an unauthorized request may disclose | An unprotected response to an unauthorized request may disclose | |||
information about the resource server and/or its existing | information about the resource server and/or its existing | |||
relationship with the client. It is advisable to include as little | relationship with the client. It is advisable to include as little | |||
information as possible in an unencrypted response. When an OSCORE | information as possible in an unencrypted response. When an OSCORE | |||
Security Context already exists between the client and the resource | Security Context already exists between the client and the resource | |||
server, more detailed information may be included. | server, more detailed information may be included. | |||
The token is sent in the clear to the authz-info endpoint, so if a | The token is sent in the clear to the authz-info endpoint, so if a | |||
client uses the same single token from multiple locations with | client uses the same single token from multiple locations with | |||
multiple Resource Servers, it can risk being tracked by the token's | multiple resource servers, it can risk being tracked by the token's | |||
value even when the access token is encrypted. | value even when the access token is encrypted. | |||
The nonces exchanged in the request and response to the authz-info | The nonces exchanged in the request and response to the authz-info | |||
endpoint are also sent in the clear, so using random nonces is best | endpoint are also sent in the clear, so using random nonces is best | |||
for privacy (as opposed to, e.g., a counter, that might leak some | for privacy (as opposed to, e.g., a counter, which might leak some | |||
information about the client). | information about the client). | |||
The identifiers used in OSCORE, negotiated between client and RS are | The identifiers used in OSCORE, negotiated between the client and RS, | |||
privacy sensitive (see Section 12.8 of [RFC8613]), and could reveal | are privacy sensitive (see Section 12.8 of [RFC8613]) and could | |||
information about the client, or may be used for correlating requests | reveal information about the client, or they may be used for | |||
from one client. | correlating requests from one client. | |||
Note that some information might still leak after OSCORE is | Note that some information might still leak after OSCORE is | |||
established, due to observable message sizes, the source, and the | established, due to observable message sizes, the source, and the | |||
destination addresses. | destination addresses. | |||
9. IANA Considerations | 9. IANA Considerations | |||
Note to RFC Editor: Please replace all occurrences of "[[this | ||||
document]]" with the RFC number of this document. Please add a | ||||
reference to the IANA ACE Profile registry in the nextt subsection | ||||
once it has been created by IANA, and then delete this paragraph. | ||||
9.1. ACE Profile Registry | 9.1. ACE Profile Registry | |||
The following registration is done for the ACE Profile Registry | The following registration has been made in the "ACE Profiles" | |||
following the procedure specified in section 8.8 of | registry following the procedure specified in Section 8.8 of | |||
[I-D.ietf-ace-oauth-authz]: | [RFC9200]: | |||
* Name: coap_oscore | Name: coap_oscore | |||
* Description: Profile for using OSCORE to secure communication | Description: Profile for using OSCORE to secure communication | |||
between constrained nodes using the Authentication and | between constrained nodes using the Authentication and | |||
Authorization for Constrained Environments framework. | Authorization for Constrained Environments framework. | |||
* CBOR Value: TBD (value between 1 and 255) | CBOR Value: 2 | |||
* Reference: [[this document]] | Reference: RFC 9203 | |||
9.2. OAuth Parameters Registry | 9.2. OAuth Parameters Registry | |||
The following registrations are done for the OAuth Parameters | The following registrations have been made in the "OAuth Parameters" | |||
Registry [IANA.OAuthParameters] following the procedure specified in | registry [IANA.OAuthParameters] following the procedure specified in | |||
section 11.2 of [RFC6749]: | Section 11.2 of [RFC6749]: | |||
* Parameter name: nonce1 | Parameter name: nonce1 | |||
* Parameter usage location: client-rs request | Parameter usage location: client-rs request | |||
* Change Controller: IESG | Change Controller: IETF | |||
* Specification Document(s): [[this document]] | Specification Document(s): RFC 9203 | |||
* Parameter name: nonce2 | Parameter name: nonce2 | |||
* Parameter usage location: rs-client response | Parameter usage location: rs-client response | |||
* Change Controller: IESG | Change Controller: IETF | |||
* Specification Document(s): [[this document]] | Specification Document(s): RFC 9203 | |||
* Parameter name: ace_client_recipientid | Parameter name: ace_client_recipientid | |||
* Parameter usage location: client-rs request | Parameter usage location: client-rs request | |||
* Change Controller: IESG | Change Controller: IETF | |||
* Specification Document(s): [[this document]] | Specification Document(s): RFC 9203 | |||
* Parameter name: ace_server_recipientid | Parameter name: ace_server_recipientid | |||
* Parameter usage location: rs-client response | Parameter usage location: rs-client response | |||
* Change Controller: IESG | Change Controller: IETF | |||
* Specification Document(s): [[this document]] | Specification Document(s): RFC 9203 | |||
9.3. OAuth Parameters CBOR Mappings Registry | 9.3. OAuth Parameters CBOR Mappings Registry | |||
The following registrations are done for the OAuth Parameters CBOR | The following registrations have been made in the "OAuth Parameters | |||
Mappings Registry following the procedure specified in section 8.10 | CBOR Mappings" registry following the procedure specified in | |||
of [I-D.ietf-ace-oauth-authz]: | Section 8.10 of [RFC9200]: | |||
* Name: nonce1 | Name: nonce1 | |||
* CBOR Key: TBD1 | CBOR Key: 40 | |||
* Value Type: bstr | Value Type: bstr | |||
* Reference: [[this document]] | Reference: RFC 9203 | |||
Original Specification: RFC 9203 | ||||
* Name: nonce2 | Name: nonce2 | |||
* CBOR Key: TBD2 | CBOR Key: 42 | |||
* Value Type: bstr | Value Type: bstr | |||
* Reference: [[this document]] | Reference: RFC 9203 | |||
Original Specification: RFC 9203 | ||||
* Name: ace_client_recipientid | Name: ace_client_recipientid | |||
* CBOR Key: TBD3 | CBOR Key: 43 | |||
* Value Type: bstr | Value Type: bstr | |||
* Reference: [[this document]] | Reference: RFC 9203 | |||
Original Specification: RFC 9203 | ||||
* Name: ace_server_recipientid | Name: ace_server_recipientid | |||
* CBOR Key: TBD4 | CBOR Key: 44 | |||
* Value Type: bstr | Value Type: bstr | |||
* Reference: [[this document]] | Reference: RFC 9203 | |||
Original Specification: RFC 9203 | ||||
9.4. OSCORE Security Context Parameters Registry | 9.4. OSCORE Security Context Parameters Registry | |||
It is requested that IANA create a new registry entitled "OSCORE | IANA has created a new registry entitled "OSCORE Security Context | |||
Security Context Parameters" registry. The registry is to be created | Parameters". The registration procedure is Expert Review [RFC8126]. | |||
as Expert Review Required. Guidelines for the experts is provided | Guidelines for the experts are provided in Section 9.7. It should be | |||
Section 9.7. It should be noted that in addition to the expert | noted that in addition to the Expert Review, some portions of the | |||
review, some portions of the registry require a specification, | registry require a specification, potentially on the Standards Track, | |||
potentially on standards track, be supplied as well. | be supplied as well. | |||
The columns of the registry are: | The columns of the registry are: | |||
name The JSON name requested (e.g., "ms"). Because a core goal of | Name: The JSON name requested (e.g., "ms"). Because a core goal of | |||
this document is for the resulting representations to be compact, | this document is for the resulting representations to be compact, | |||
it is RECOMMENDED that the name be short. This name is case | it is RECOMMENDED that the name be short. This name is case | |||
sensitive. Names may not match other registered names in a case- | sensitive. Names may not match other registered names in a case- | |||
insensitive manner unless the Designated Experts determine that | insensitive manner unless the designated experts determine that | |||
there is a compelling reason to allow an exception. The name is | there is a compelling reason to allow an exception. The name is | |||
not used in the CBOR encoding. | not used in the CBOR encoding. | |||
CBOR label The value to be used to identify this algorithm. Map key | ||||
labels MUST be unique. The label can be a positive integer, a | CBOR Label: The value to be used to identify this algorithm. Map | |||
negative integer or a string. Integer values between -256 and 255 | key labels MUST be unique. The label can be a positive integer, a | |||
and strings of length 1 are designated as Standards Track Document | negative integer, or a string. Integer values between -256 and | |||
required. Integer values from -65536 to -257 and from 256 to | 255 and strings of length 1 are designated as Standards Track | |||
65535 and strings of length 2 are designated as Specification | document required. Integer values from -65536 to -257 and from | |||
Required. Integer values greater than 65535 and strings of length | 256 to 65535 and strings of length 2 are designated as | |||
greater than 2 are designated as expert review. Integer values | Specification Required. Integer values greater than 65535 and | |||
less than -65536 are marked as private use. | strings of length greater than 2 are designated as Expert Review. | |||
CBOR Type This field contains the CBOR type for the field. | Integer values less than -65536 are marked as Private Use. | |||
registry This field denotes the registry that values may come from, | ||||
CBOR Type: This field contains the CBOR type for the field. | ||||
Registry: This field denotes the registry that values may come from, | ||||
if one exists. | if one exists. | |||
description This field contains a brief description for the field. | ||||
specification This contains a pointer to the public specification | Description: This field contains a brief description for the field. | |||
for the field if one exists | ||||
This registry will be initially populated by the values in Table 1. | Reference: This contains a pointer to the public specification for | |||
The specification column for all of these entries will be this | the field, if one exists. | |||
document and [RFC8613]. | ||||
This registry has been initially populated by the values in Table 1. | ||||
The Reference column for all of these entries is this document and | ||||
[RFC8613]. | ||||
9.5. CWT Confirmation Methods Registry | 9.5. CWT Confirmation Methods Registry | |||
The following registration is done for the CWT Confirmation Methods | The following registration has been made in the "CWT Confirmation | |||
Registry [IANA.CWTConfirmationMethods] following the procedure | Methods" registry [IANA.CWTConfirmationMethods] following the | |||
specified in section 7.2.1 of [RFC8747]: | procedure specified in Section 7.2.1 of [RFC8747]: | |||
* Confirmation Method Name: "osc" | Confirmation Method Name: "osc" | |||
* Confirmation Method Description: OSCORE_Input_Material carrying | Confirmation Method Description: OSCORE_Input_Material carrying the | |||
the parameters for using OSCORE per-message security with implicit | parameters for using OSCORE per-message security with implicit key | |||
key confirmation | confirmation | |||
* Confirmation Key: TBD (value between 4 and 255) | JWT Confirmation Method Name: osc | |||
* Confirmation Value Type(s): map | Confirmation Key: 4 | |||
* Change Controller: IESG | Confirmation Value Type(s): map | |||
* Specification Document(s): Section 3.2.1 of [[this document]] | Change Controller: IETF | |||
Specification Document(s): Section 3.2.1 of RFC 9203 | ||||
9.6. JWT Confirmation Methods Registry | 9.6. JWT Confirmation Methods Registry | |||
The following registration is done for the JWT Confirmation Methods | The following registration has been made in the "JWT Confirmation | |||
Registry [IANA.JWTConfirmationMethods] following the procedure | Methods" registry [IANA.JWTConfirmationMethods] following the | |||
specified in section 6.2.1 of [RFC7800]: | procedure specified in Section 6.2.1 of [RFC7800]: | |||
* Confirmation Method Value: "osc" | Confirmation Method Value: "osc" | |||
* Confirmation Method Description: OSCORE_Input_Material carrying | Confirmation Method Description: OSCORE_Input_Material carrying the | |||
the parameters for using OSCORE per-message security with implicit | parameters for using OSCORE per-message security with implicit key | |||
key confirmation | confirmation | |||
* Change Controller: IESG | Change Controller: IETF | |||
* Specification Document(s): Section 3.2.1 of [[this document]] | Specification Document(s): Section 3.2.1 of RFC 9203 | |||
9.7. Expert Review Instructions | 9.7. Expert Review Instructions | |||
The IANA registry established in this document is defined to use the | The IANA registry established in this document is defined to use the | |||
Expert Review registration policy. This section gives some general | Expert Review registration policy. This section gives some general | |||
guidelines for what the experts should be looking for, but they are | guidelines for what the experts should be looking for, but they are | |||
being designated as experts for a reason so they should be given | being designated as experts for a reason, so they should be given | |||
substantial latitude. | substantial latitude. | |||
Expert reviewers should take into consideration the following points: | Expert reviewers should take into consideration the following points: | |||
* Point squatting should be discouraged. Reviewers are encouraged | * Point squatting should be discouraged. Reviewers are encouraged | |||
to get sufficient information for registration requests to ensure | to get sufficient information for registration requests to ensure | |||
that the usage is not going to duplicate one that is already | that the usage is not going to duplicate one that is already | |||
registered and that the point is likely to be used in deployments. | registered and that the point is likely to be used in deployments. | |||
The zones tagged as private use are intended for testing purposes | The zones tagged as Private Use are intended for testing purposes | |||
and closed environments. Code points in other ranges should not | and closed environments. Code points in other ranges should not | |||
be assigned for testing. | be assigned for testing. | |||
* Specifications are required for the standards track range of point | * Specifications are required for the Standards Track range of point | |||
assignment. Specifications should exist for specification | assignment. Specifications should exist for specification | |||
required ranges, but early assignment before a specification is | required ranges, but early assignment before a specification is | |||
available is considered to be permissible. Specifications are | available is considered to be permissible. Specifications are | |||
needed for the first-come, first-serve range if they are expected | needed for the First Come First Served range if they are expected | |||
to be used outside of closed environments in an interoperable way. | to be used outside of closed environments in an interoperable way. | |||
When specifications are not provided, the description provided | When specifications are not provided, the description provided | |||
needs to have sufficient information to identify what the point is | needs to have sufficient information to identify what the point is | |||
being used for. | being used for. | |||
* Experts should take into account the expected usage of fields when | * Experts should take into account the expected usage of fields when | |||
approving point assignment. The fact that there is a range for | approving point assignment. The fact that there is a range for | |||
standards track documents does not mean that a standards track | Standards Track documents does not mean that a Standards Track | |||
document cannot have points assigned outside of that range. The | document cannot have points assigned outside of that range. The | |||
length of the encoded value should be weighed against how many | length of the encoded value should be weighed against how many | |||
code points of that length are left, the size of device it will be | code points of that length are left, the size of device it will be | |||
used on, and the number of code points left that encode to that | used on, and the number of code points left that encode to that | |||
size. | size. | |||
10. References | 10. References | |||
10.1. Normative References | 10.1. Normative References | |||
[COSE.Algorithms] | [COSE.Algorithms] | |||
IANA, "COSE Algorithms", | IANA, "COSE Algorithms", | |||
<https://www.iana.org/assignments/cose/ | <https://www.iana.org/assignments/cose>. | |||
cose.xhtml#algorithms>. | ||||
[I-D.ietf-ace-oauth-authz] | ||||
Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and | ||||
H. Tschofenig, "Authentication and Authorization for | ||||
Constrained Environments (ACE) using the OAuth 2.0 | ||||
Framework (ACE-OAuth)", Work in Progress, Internet-Draft, | ||||
draft-ietf-ace-oauth-authz-40, 26 April 2021, | ||||
<https://www.ietf.org/archive/id/draft-ietf-ace-oauth- | ||||
authz-40.txt>. | ||||
[I-D.ietf-ace-oauth-params] | ||||
Seitz, L., "Additional OAuth Parameters for Authorization | ||||
in Constrained Environments (ACE)", Work in Progress, | ||||
Internet-Draft, draft-ietf-ace-oauth-params-14, 25 March | ||||
2021, <https://www.ietf.org/archive/id/draft-ietf-ace- | ||||
oauth-params-14.txt>. | ||||
[I-D.ietf-cose-rfc8152bis-algs] | ||||
Schaad, J., "CBOR Object Signing and Encryption (COSE): | ||||
Initial Algorithms", Work in Progress, Internet-Draft, | ||||
draft-ietf-cose-rfc8152bis-algs-12, 24 September 2020, | ||||
<https://www.ietf.org/archive/id/draft-ietf-cose- | ||||
rfc8152bis-algs-12.txt>. | ||||
[I-D.ietf-cose-rfc8152bis-struct] | ||||
Schaad, J., "CBOR Object Signing and Encryption (COSE): | ||||
Structures and Process", Work in Progress, Internet-Draft, | ||||
draft-ietf-cose-rfc8152bis-struct-15, 1 February 2021, | ||||
<https://www.ietf.org/archive/id/draft-ietf-cose- | ||||
rfc8152bis-struct-15.txt>. | ||||
[IANA.CWTConfirmationMethods] | [IANA.CWTConfirmationMethods] | |||
IANA, "CWT Confirmation Methods", | IANA, "CWT Confirmation Methods", | |||
<https://www.iana.org/assignments/cwt/ | <https://www.iana.org/assignments/cwt>. | |||
cwt.xhtml#confirmation-methods>. | ||||
[IANA.JWTConfirmationMethods] | [IANA.JWTConfirmationMethods] | |||
IANA, "JWT Confirmation Methods", | IANA, "JWT Confirmation Methods", | |||
<https://www.iana.org/assignments/jwt/ | <https://www.iana.org/assignments/jwt>. | |||
jwt.xhtml#confirmation-methods>. | ||||
[IANA.OAuthParameters] | [IANA.OAuthParameters] | |||
IANA, "OAuth Parameters", | IANA, "OAuth Parameters", | |||
<https://www.iana.org/assignments/oauth-parameters/oauth- | <https://www.iana.org/assignments/oauth-parameters>. | |||
parameters.xhtml#parameters>. | ||||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
<https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
[RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand | [RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand | |||
Key Derivation Function (HKDF)", RFC 5869, | Key Derivation Function (HKDF)", RFC 5869, | |||
DOI 10.17487/RFC5869, May 2010, | DOI 10.17487/RFC5869, May 2010, | |||
<https://www.rfc-editor.org/info/rfc5869>. | <https://www.rfc-editor.org/info/rfc5869>. | |||
skipping to change at page 32, line 25 ¶ | skipping to change at line 1398 ¶ | |||
[RFC8613] Selander, G., Mattsson, J., Palombini, F., and L. Seitz, | [RFC8613] Selander, G., Mattsson, J., Palombini, F., and L. Seitz, | |||
"Object Security for Constrained RESTful Environments | "Object Security for Constrained RESTful Environments | |||
(OSCORE)", RFC 8613, DOI 10.17487/RFC8613, July 2019, | (OSCORE)", RFC 8613, DOI 10.17487/RFC8613, July 2019, | |||
<https://www.rfc-editor.org/info/rfc8613>. | <https://www.rfc-editor.org/info/rfc8613>. | |||
[RFC8949] Bormann, C. and P. Hoffman, "Concise Binary Object | [RFC8949] Bormann, C. and P. Hoffman, "Concise Binary Object | |||
Representation (CBOR)", STD 94, RFC 8949, | Representation (CBOR)", STD 94, RFC 8949, | |||
DOI 10.17487/RFC8949, December 2020, | DOI 10.17487/RFC8949, December 2020, | |||
<https://www.rfc-editor.org/info/rfc8949>. | <https://www.rfc-editor.org/info/rfc8949>. | |||
10.2. Informative References | [RFC9052] Schaad, J., "CBOR Object Signing and Encryption (COSE): | |||
Structures and Process", RFC 9052, DOI 10.17487/RFC9052, | ||||
March 2022, <https://www.rfc-editor.org/info/rfc9052>. | ||||
[I-D.ietf-tls-dtls13] | [RFC9053] Schaad, J., "CBOR Object Signing and Encryption (COSE): | |||
Rescorla, E., Tschofenig, H., and N. Modadugu, "The | Initial Algorithms", RFC 9053, DOI 10.17487/RFC9053, March | |||
Datagram Transport Layer Security (DTLS) Protocol Version | 2022, <https://www.rfc-editor.org/info/rfc9053>. | |||
1.3", Work in Progress, Internet-Draft, draft-ietf-tls- | ||||
dtls13-43, 30 April 2021, <https://www.ietf.org/internet- | [RFC9200] Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and | |||
drafts/draft-ietf-tls-dtls13-43.txt>. | H. Tschofenig, "Authentication and Authorization for | |||
Constrained Environments (ACE) Using the OAuth 2.0 | ||||
Framework (ACE-OAuth)", RFC 9200, DOI 10.17487/RFC9200, | ||||
September 2021, <https://www.rfc-editor.org/info/rfc9200>. | ||||
[RFC9201] Seitz, L., "Additional OAuth Parameters for Authentication | ||||
and Authorization for Constrained Environments (ACE)", | ||||
RFC 9201, DOI 10.17487/RFC9201, September 2021, | ||||
<https://www.rfc-editor.org/info/rfc9201>. | ||||
10.2. Informative References | ||||
[RFC4949] Shirey, R., "Internet Security Glossary, Version 2", | [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", | |||
FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, | FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, | |||
<https://www.rfc-editor.org/info/rfc4949>. | <https://www.rfc-editor.org/info/rfc4949>. | |||
[RFC6749] Hardt, D., Ed., "The OAuth 2.0 Authorization Framework", | [RFC6749] Hardt, D., Ed., "The OAuth 2.0 Authorization Framework", | |||
RFC 6749, DOI 10.17487/RFC6749, October 2012, | RFC 6749, DOI 10.17487/RFC6749, October 2012, | |||
<https://www.rfc-editor.org/info/rfc6749>. | <https://www.rfc-editor.org/info/rfc6749>. | |||
[RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | |||
Protocol (HTTP/1.1): Semantics and Content", RFC 7231, | Protocol (HTTP/1.1): Semantics and Content", RFC 7231, | |||
DOI 10.17487/RFC7231, June 2014, | DOI 10.17487/RFC7231, June 2014, | |||
<https://www.rfc-editor.org/info/rfc7231>. | <https://www.rfc-editor.org/info/rfc7231>. | |||
[RFC7800] Jones, M., Bradley, J., and H. Tschofenig, "Proof-of- | [RFC7800] Jones, M., Bradley, J., and H. Tschofenig, "Proof-of- | |||
Possession Key Semantics for JSON Web Tokens (JWTs)", | Possession Key Semantics for JSON Web Tokens (JWTs)", | |||
RFC 7800, DOI 10.17487/RFC7800, April 2016, | RFC 7800, DOI 10.17487/RFC7800, April 2016, | |||
<https://www.rfc-editor.org/info/rfc7800>. | <https://www.rfc-editor.org/info/rfc7800>. | |||
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | ||||
Writing an IANA Considerations Section in RFCs", BCP 26, | ||||
RFC 8126, DOI 10.17487/RFC8126, June 2017, | ||||
<https://www.rfc-editor.org/info/rfc8126>. | ||||
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | |||
<https://www.rfc-editor.org/info/rfc8446>. | <https://www.rfc-editor.org/info/rfc8446>. | |||
[RFC8747] Jones, M., Seitz, L., Selander, G., Erdtman, S., and H. | [RFC8747] Jones, M., Seitz, L., Selander, G., Erdtman, S., and H. | |||
Tschofenig, "Proof-of-Possession Key Semantics for CBOR | Tschofenig, "Proof-of-Possession Key Semantics for CBOR | |||
Web Tokens (CWTs)", RFC 8747, DOI 10.17487/RFC8747, March | Web Tokens (CWTs)", RFC 8747, DOI 10.17487/RFC8747, March | |||
2020, <https://www.rfc-editor.org/info/rfc8747>. | 2020, <https://www.rfc-editor.org/info/rfc8747>. | |||
[RFC9147] Rescorla, E., Tschofenig, H., and N. Modadugu, "The | ||||
Datagram Transport Layer Security (DTLS) Protocol Version | ||||
1.3", RFC 9147, DOI 10.17487/RFC9147, March 2022, | ||||
<https://www.rfc-editor.org/info/rfc9147>. | ||||
Appendix A. Profile Requirements | Appendix A. Profile Requirements | |||
This section lists the specifications on this profile based on the | This section lists the specifications of this profile based on the | |||
requirements on the framework, as requested in Appendix C of | requirements of the framework, as requested in Appendix C of | |||
[I-D.ietf-ace-oauth-authz]. | [RFC9200]. | |||
* Optionally define new methods for the client to discover the | * Optionally, define new methods for the client to discover the | |||
necessary permissions and AS for accessing a resource, different | necessary permissions and AS for accessing a resource, different | |||
from the one proposed in: Not specified | from the one proposed in: Not specified | |||
* Optionally specify new grant types: Not specified | * Optionally, specify new grant types: Not specified | |||
* Optionally define the use of client certificates as client | * Optionally, define the use of client certificates as client | |||
credential type: Not specified | credential type: Not specified | |||
* Specify the communication protocol the client and RS the must use: | * Specify the communication protocol the client and RS must use: | |||
CoAP | CoAP | |||
* Specify the security protocol the client and RS must use to | * Specify the security protocol the client and RS must use to | |||
protect their communication: OSCORE | protect their communication: OSCORE | |||
* Specify how the client and the RS mutually authenticate: | * Specify how the client and the RS mutually authenticate: | |||
Implicitly by possession of a common OSCORE security context. | Implicitly by possession of a common OSCORE security context. | |||
Note that the mutual authentication is not completed before the | Note that the mutual authentication is not completed before the | |||
client has verified an OSCORE response using this security | client has verified an OSCORE response using this security | |||
context. | context. | |||
* Specify the proof-of-possession protocol(s) and how to select one, | * Specify the proof-of-possession protocol(s) and how to select one, | |||
if several are available. Also specify which key types (e.g., | if several are available. Also specify which key types (e.g., | |||
symmetric/asymmetric) are supported by a specific proof-of- | symmetric/asymmetric) are supported by a specific proof-of- | |||
possession protocol: OSCORE algorithms; pre-established symmetric | possession protocol: OSCORE algorithms; preestablished symmetric | |||
keys | keys | |||
* Specify a unique ace_profile identifier: coap_oscore | * Specify a unique ace_profile identifier: coap_oscore | |||
* If introspection is supported: Specify the communication and | * If introspection is supported, specify the communication and | |||
security protocol for introspection: HTTP/CoAP (+ TLS/DTLS/OSCORE) | security protocol for introspection: HTTP/CoAP (+ TLS/DTLS/OSCORE) | |||
* Specify the communication and security protocol for interactions | * Specify the communication and security protocol for interactions | |||
between client and AS: HTTP/CoAP (+ TLS/DTLS/OSCORE) | between client and AS: HTTP/CoAP (+ TLS/DTLS/OSCORE) | |||
* Specify how/if the authz-info endpoint is protected, including how | * Specify if/how the authz-info endpoint is protected, including how | |||
error responses are protected: Not protected. | error responses are protected: Not protected | |||
* Optionally define other methods of token transport than the authz- | * Optionally, define methods of token transport other than the | |||
info endpoint: Not defined | authz-info endpoint: Not defined | |||
Acknowledgments | Acknowledgments | |||
The authors wish to thank Jim Schaad and Marco Tiloca for the | The authors wish to thank Jim Schaad and Marco Tiloca for the | |||
substantial input to this document, as well as Elwyn Davies, Linda | substantial input to this document, as well as Elwyn Davies, Linda | |||
Dunbar, Roman Danyliw, Martin Duke, Lars Eggert, Murray Kucherawy, | Dunbar, Roman Danyliw, Martin Duke, Lars Eggert, Murray Kucherawy, | |||
and Zaheduzzaman Sarker for their reviews and feedback. Special | and Zaheduzzaman Sarker for their reviews and feedback. Special | |||
thanks to the responsible area director Benjamin Kaduk for his | thanks to the responsible area director Benjamin Kaduk for his | |||
extensive review and contributed text. Ludwig Seitz worked on this | extensive review and contributed text. Ludwig Seitz worked on this | |||
document as part of the CelticNext projects CyberWI, and CRITISEC | document as part of the CelticNext projects CyberWI and CRITISEC with | |||
with funding from Vinnova. The work on this document has been partly | funding from Vinnova. The work on this document has been partly | |||
supported also by the H2020 project SIFIS-Home (Grant agreement | supported also by the H2020 project SIFIS-Home (Grant agreement | |||
952652). | 952652). | |||
Authors' Addresses | Authors' Addresses | |||
Francesca Palombini | Francesca Palombini | |||
Ericsson AB | Ericsson AB | |||
Email: francesca.palombini@ericsson.com | Email: francesca.palombini@ericsson.com | |||
Ludwig Seitz | Ludwig Seitz | |||
Combitech | Combitech | |||
Djaeknegatan 31 | Djäknegatan 31 | |||
SE-211 35 Malmoe | SE-211 35 Malmö | |||
Sweden | Sweden | |||
Email: ludwig.seitz@combitech.com | Email: ludwig.seitz@combitech.com | |||
Göran Selander | Göran Selander | |||
Ericsson AB | Ericsson AB | |||
Email: goran.selander@ericsson.com | Email: goran.selander@ericsson.com | |||
Martin Gunnarsson | Martin Gunnarsson | |||
RISE | RISE | |||
Scheelevagen 17 | Scheelevagen 17 | |||
SE-22370 Lund | SE-22370 Lund | |||
Sweden | Sweden | |||
Email: martin.gunnarsson@ri.se | Email: martin.gunnarsson@ri.se | |||
End of changes. 202 change blocks. | ||||
616 lines changed or deleted | 592 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |