rfc9203.original.xml   rfc9203.xml 
<?xml version='1.0' encoding='utf-8'?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent"> <!DOCTYPE rfc [
<?rfc toc="yes"?> <!ENTITY nbsp "&#160;">
<?rfc sortrefs="yes"?> <!ENTITY zwsp "&#8203;">
<?rfc symrefs="yes"?> <!ENTITY nbhy "&#8209;">
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft <!ENTITY wj "&#8288;">
-ietf-ace-oscore-profile-19" category="std" obsoletes="" updates="" submissionTy ]>
pe="IETF" xml:lang="en" tocInclude="true" sortRefs="true" symRefs="true" version
="3"> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft
<!-- xml2rfc v2v3 conversion 2.39.0 --> -ietf-ace-oscore-profile-19" number="9203" obsoletes="" updates="" submissionTyp
e="IETF" category="std" consensus="true" xml:lang="en" tocInclude="true" sortRef
s="true" symRefs="true" version="3">
<front> <front>
<title abbrev="OSCORE Profile of ACE">OSCORE Profile of the Authentication a <title abbrev="OSCORE Profile of ACE">The Object Security for Constrained RE
nd Authorization for Constrained Environments Framework</title> STful Environments (OSCORE) Profile of the Authentication and Authorization for
<seriesInfo name="Internet-Draft" value="draft-ietf-ace-oscore-profile-19"/> Constrained Environments (ACE) Framework</title>
<seriesInfo name="RFC" value="9203"/>
<author initials="F." surname="Palombini" fullname="Francesca Palombini"> <author initials="F." surname="Palombini" fullname="Francesca Palombini">
<organization>Ericsson AB</organization> <organization>Ericsson AB</organization>
<address> <address>
<email>francesca.palombini@ericsson.com</email> <email>francesca.palombini@ericsson.com</email>
</address> </address>
</author> </author>
<author fullname="Ludwig Seitz" initials="L." surname="Seitz"> <author fullname="Ludwig Seitz" initials="L." surname="Seitz">
<organization>Combitech</organization> <organization>Combitech</organization>
<address> <address>
<postal> <postal>
<street>Djaeknegatan 31</street> <street>Djäknegatan 31</street>
<!-- Reorder these if your country does things differently --> <city>Malmö</city>
<city>Malmoe</city>
<code>211 35</code> <code>211 35</code>
<country>Sweden</country> <country>Sweden</country>
</postal> </postal>
<email>ludwig.seitz@combitech.com</email> <email>ludwig.seitz@combitech.com</email>
<!-- uri and facsimile elements may also be added -->
</address> </address>
</author> </author>
<author fullname="Göran Selander" initials="G." surname="Selander"> <author fullname="Göran Selander" initials="G." surname="Selander">
<organization>Ericsson AB</organization> <organization>Ericsson AB</organization>
<address> <address>
<email>goran.selander@ericsson.com</email> <email>goran.selander@ericsson.com</email>
<!-- uri and facsimile elements may also be added -->
</address> </address>
</author> </author>
<author fullname="Martin Gunnarsson" initials="M." surname="Gunnarsson"> <author fullname="Martin Gunnarsson" initials="M." surname="Gunnarsson">
<organization>RISE</organization> <organization>RISE</organization>
<address> <address>
<postal> <postal>
<street>Scheelevagen 17</street> <street>Scheelevägen 17</street>
<!-- Reorder these if your country does things differently -->
<city>Lund</city> <city>Lund</city>
<code>22370</code> <code>22370</code>
<country>Sweden</country> <country>Sweden</country>
</postal> </postal>
<email>martin.gunnarsson@ri.se</email> <email>martin.gunnarsson@ri.se</email>
<!-- uri and facsimile elements may also be added -->
</address> </address>
</author> </author>
<date/> <date year="2022" month="August" />
<area>Security</area> <area>Security</area>
<workgroup>ACE Working Group</workgroup> <workgroup>ACE</workgroup>
<keyword>CoAP</keyword>
<keyword>OAuth 2.0</keyword>
<keyword>Access Control</keyword>
<keyword>Authorization</keyword>
<keyword>Internet of Things</keyword>
<abstract> <abstract>
<t> <t>
This document specifies a profile for the Authentication and Authorizati on for Constrained Environments (ACE) framework. It utilizes Object Security fo r Constrained RESTful Environments (OSCORE) to provide communication security an d proof-of-possession for a key owned by the client and bound to an OAuth 2.0 ac cess token. This document specifies a profile for the Authentication and Authorizati on for Constrained Environments (ACE) framework. It utilizes Object Security fo r Constrained RESTful Environments (OSCORE) to provide communication security an d proof-of-possession for a key owned by the client and bound to an OAuth 2.0 ac cess token.
</t> </t>
<!--
Jim: Lookup on the RFC Editor page if you need to expand OAuth
From editor's list of well known:
OAuth *- [seems to be more of a name rather than an abbreviation]
-->
</abstract> </abstract>
</front> </front>
<middle> <middle>
<section anchor="introduction" numbered="true" toc="default"> <section anchor="introduction" numbered="true" toc="default">
<name>Introduction</name> <name>Introduction</name>
<t> <t>
This document specifies the "coap_oscore" profile of the ACE framework < xref target="I-D.ietf-ace-oauth-authz" format="default"/>. In this profile, a c lient and a resource server use the Constrained Application Protocol (CoAP) <xre f target="RFC7252" format="default"/> to communicate. The client uses an access token, bound to a symmetric key (the proof-of-possession key) to authorize its access to the resource server. Note that this profile uses a symmetric-crypto-b ased scheme, where the symmetric secret is used as input material for keying mat erial derivation. In order to provide communication security and proof of posse ssion, the client and resource server use Object Security for Constrained RESTfu l Environments (OSCORE) <xref target="RFC8613" format="default"/>. Note that th e proof of possession is not achieved through a dedicated protocol element, but rather occurs after the first message exchange using OSCORE. This document specifies the <tt>coap_oscore</tt> profile of the ACE fram ework <xref target="RFC9200" format="default"/>. In this profile, a client (C) and a resource server (RS) use the Constrained Application Protocol (CoAP) <xref target="RFC7252" format="default"/> to communicate. The client uses an access token, bound to a symmetric key (the proof-of-possession (PoP) key) to authorize its access to the resource server. Note that this profile uses a symmetric-cry pto-based scheme, where the symmetric secret is used as input material for keyin g material derivation. In order to provide communication security and PoP, the client and resource server use Object Security for Constrained RESTful Environme nts (OSCORE) as defined in <xref target="RFC8613" format="default"/>. Note that the PoP is not achieved through a dedicated protocol element but rather occurs after the first message exchange using OSCORE.
</t> </t>
<t> <t>
OSCORE specifies how to use CBOR Object Signing and Encryption (COSE) <x OSCORE specifies how to use CBOR Object Signing and Encryption (COSE) <x
ref target="I-D.ietf-cose-rfc8152bis-struct" format="default"/><xref target="I-D ref target="RFC9052" format="default"/> <xref target="RFC9053" format="default"/
.ietf-cose-rfc8152bis-algs" format="default"/> to secure CoAP messages. > to secure CoAP messages.
Note that OSCORE can be used to secure CoAP messages, as well as HTTP an Note that OSCORE can be used to secure CoAP messages, as well as HTTP an
d combinations of HTTP and CoAP; a profile of ACE similar to the one described i d combinations of HTTP and CoAP; a profile of ACE similar to the one described i
n this document, with the difference of using HTTP instead of CoAP as communicat n this document, with the difference of using HTTP instead of CoAP as the commun
ion protocol, could be specified analogously to this one. ication protocol, could be specified analogously to this one.
</t> </t>
<section anchor="terminology" numbered="true" toc="default"> <section anchor="terminology" numbered="true" toc="default">
<name>Terminology</name> <name>Terminology</name>
<t> <t>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQU
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", IRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
"MAY", and "OPTIONAL" in this document are to be interpreted as NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>
described in BCP 14 <xref target="RFC2119" format="default"/> <xref target RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
="RFC8174" format="default"/> when, and only when, they "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to
appear in all capitals, as shown here. be interpreted as
described in BCP&nbsp;14 <xref target="RFC2119"/> <xref target="RFC8174"/>
when, and only when, they appear in all capitals, as shown here.
</t> </t>
<t> <t>
Certain security-related terms such as "authentication", "authorizatio n", "confidentiality", "(data) integrity", "Message Authentication Code (MAC)", "Hash-based Message Authentication Code (HMAC)", and "verify" are taken from <xr ef target="RFC4949" format="default"/>. Certain security-related terms such as "authentication", "authorizatio n", "confidentiality", "(data) integrity", "Message Authentication Code (MAC)", "Hash-based Message Authentication Code (HMAC)", and "verify" are taken from <xr ef target="RFC4949" format="default"/>.
</t> </t>
<t> <t>
RESTful terminology follows HTTP <xref target="RFC7231" format="defaul t"/>. RESTful terminology follows HTTP <xref target="RFC9110" format="defaul t"/>.
</t> </t>
<t> <t>
Readers are expected to be familiar with the terms and concepts define d in OSCORE <xref target="RFC8613" format="default"/>, such as "Security Context " and "Recipient ID". Readers are expected to be familiar with the terms and concepts define d in OSCORE <xref target="RFC8613" format="default"/>, such as "security context " and "Recipient ID".
</t> </t>
<t> <t>
Terminology for entities in the architecture is defined in OAuth 2.0 < xref target="RFC6749" format="default"/>, such as client (C), resource server (R S), and authorization server (AS). It is assumed in this document that a given r esource on a specific RS is associated to a unique AS. Terminology for entities in the architecture is defined in OAuth 2.0 < xref target="RFC6749" format="default"/>, such as client (C), resource server (R S), and authorization server (AS). It is assumed in this document that a given r esource on a specific RS is associated to a unique AS.
</t> </t>
<t> <t>
Concise Binary Object Representation (CBOR) <xref target="RFC8949" for mat="default"/> and Concise Data Definition Language (CDDL) <xref target="RFC861 0" format="default"/> are used in this document. CDDL predefined type names, esp ecially bstr for CBOR byte strings and tstr for CBOR text strings, are used exte nsively in this document. Concise Binary Object Representation (CBOR) <xref target="RFC8949" for mat="default"/> and Concise Data Definition Language (CDDL) <xref target="RFC861 0" format="default"/> are used in this document. CDDL predefined type names, esp ecially "bstr" for CBOR byte strings and "tstr" for CBOR text strings, are used extensively in this document.
</t> </t>
<t> <t>
Note that the term "endpoint" is used here, as in <xref target="I-D.ie Note that the term "endpoint" is used as in <xref target="RFC9200" for
tf-ace-oauth-authz" format="default"/>, following its OAuth definition, which is mat="default"/>, following its OAuth definition, which is to denote resources su
to denote resources such as token and introspect at the AS and authz-info at th ch as token and introspect at the AS and authz-info at the RS.
e RS. The CoAP <xref target="RFC7252" format="default"/> definition, which is "
An entity participating in the CoAP protocol" is not used in this document. The CoAP definition, which is "[a]n entity participating in the CoAP pr
otocol" <xref target="RFC7252" format="default"/>, is not used in this document.
</t> </t>
<t> <t>Throughout this document, examples for CBOR data items are expressed
Examples throughout this document are expressed in CBOR diagnostic not in
ation without the tag and value abbreviations. CBOR extended diagnostic notation as defined in
<xref section="8" sectionFormat="of" target="RFC8949"/> and
<xref section="G" sectionFormat="of" target="RFC8610"/>
("diagnostic notation"), unless noted otherwise.
We often use diagnostic notation comments to provide
a textual representation of the numeric parameter names and values.
</t>
<t>In this document, the term "base64-encoded" refers to URL-Safe base64
encoding (see <xref section="5" sectionFormat="of" target="RFC4648"/>) without
padding.
</t> </t>
</section> </section>
</section> </section>
<section numbered="true" toc="default"> <section numbered="true" toc="default">
<name>Protocol Overview</name> <name>Protocol Overview</name>
<t> <t>
This section gives an overview of how to use the ACE Framework <xref tar get="I-D.ietf-ace-oauth-authz" format="default"/> to secure the communication be tween a client and a resource server using OSCORE <xref target="RFC8613" format= "default"/>. The parameters needed by the client to negotiate the use of this pr ofile with the authorization server, as well as the OSCORE setup process, are de scribed in detail in the following sections. This section gives an overview of how to use the ACE Framework <xref tar get="RFC9200" format="default"/> to secure the communication between a client an d a resource server using OSCORE <xref target="RFC8613" format="default"/>. The parameters needed by the client to negotiate the use of this profile with the AS , as well as the OSCORE setup process, are described in detail in the following sections.
</t> </t>
<t> <t>
The RS maintains a collection of OSCORE Security Contexts with associate d authorization information for all the clients that it is communicating with. T he The RS maintains a collection of OSCORE security contexts with associate d authorization information for all the clients that it is communicating with. T he
authorization information is maintained as policy that is used as input to processing requests from those clients. authorization information is maintained as policy that is used as input to processing requests from those clients.
</t> </t>
<t> <t>
This profile requires a client to retrieve an access token from the AS f or the resource it wants to access on an RS, by sending an access token request to the token endpoint, as specified in section 5.8 of <xref target="I-D.ietf-ace -oauth-authz" format="default"/>. The access token request and response MUST be confidentiality-protected and ensure authenticity. This profile RECOMMENDS the use of OSCORE between client and AS, to reduce the number of libraries the clien t has to support, but other protocols fulfilling the security requirements defin ed in section 5 of <xref target="I-D.ietf-ace-oauth-authz" format="default"/> MA Y alternatively be used, such as TLS <xref target="RFC8446" format="default"/> o r DTLS <xref target="I-D.ietf-tls-dtls13" format="default"/>. This profile requires a client to retrieve an access token from the AS f or the resource it wants to access on an RS, by sending an access token request to the token endpoint, as specified in <xref target="RFC9200" sectionFormat="of" section="5.8"/>. The access token request and response <bcp14>MUST</bcp14> be c onfidentiality protected and ensure authenticity. The use of OSCORE between the client and AS is <bcp14>RECOMMENDED</bcp14> in this profile, to reduce the numb er of libraries the client has to support, but other protocols fulfilling the se curity requirements defined in <xref target="RFC9200" sectionFormat="of" section ="5"/> <bcp14>MAY</bcp14> alternatively be used, such as TLS <xref target="RFC84 46" format="default"/> or DTLS <xref target="RFC9147" format="default"/>.
</t> </t>
<t> <t>
Once the client has retrieved the access token, it generates a nonce N1, defined in this document (see <xref target="nonce1" format="default"/>). The cl ient also generates its own OSCORE Recipient ID ID1 (see Section 3.1 of <xref ta rget="RFC8613" format="default"/>), for use with the keying material associated to the RS. The client posts the token, N1 and its Recipient ID to the RS using t he authz-info endpoint and mechanisms specified in section 5.8 of <xref target=" I-D.ietf-ace-oauth-authz" format="default"/> and Content-Format = application/ac e+cbor. When using this profile, the communication with the authz-info endpoint is not protected, except for update of access rights. Once the client has retrieved the access token, it generates a nonce N1, as defined in this document (see <xref target="nonce1" format="default"/>). The client also generates its own OSCORE Recipient ID, ID1 (see <xref target="RFC86 13" sectionFormat="of" section="3.1"/>), for use with the keying material associ ated to the RS. The client posts the token, N1, and its Recipient ID to the RS u sing the authz-info endpoint and mechanisms specified in <xref target="RFC9200" sectionFormat="of" section="5.8"/> and Content-Format = application/ace+cbor. Wh en using this profile, the communication with the authz-info endpoint is not pro tected, except for the update of access rights.
</t> </t>
<t> <t>
If the access token is valid, the RS replies to this request with a 2.01 If the access token is valid, the RS replies to this request with a 2.01
(Created) response with Content-Format = application/ace+cbor, which contains a (Created) response with Content-Format = application/ace+cbor, which contains a
nonce N2 and its newly generated OSCORE Recipient ID, ID2, for use with the key nonce N2 and its newly generated OSCORE Recipient ID, ID2, for use with the key
ing material associated to the client. Moreover, the server concatenates the inp ing material associated to the client. Moreover, the server concatenates the inp
ut salt received in the token, N1, and N2 to obtain the Master Salt of the OSCOR ut salt received in the token, N1, and N2 to obtain the Master Salt of the OSCOR
E Security Context (see section 3 of <xref target="RFC8613" format="default"/>). E security context (see <xref target="RFC8613" sectionFormat="of" section="3"/>)
The RS then derives the complete Security Context associated with the re .
ceived token from the Master Salt, the OSCORE Recipient ID generated by the clie The RS then derives the complete security context associated with the re
nt (set as its OSCORE Sender ID), its own OSCORE Recipient ID, plus the paramete ceived token from the Master Salt; the OSCORE Recipient ID generated by the clie
rs received in the access token from the AS, following section 3.2 of <xref targ nt (set as its OSCORE Sender ID); its own OSCORE Recipient ID; plus the paramete
et="RFC8613" format="default"/>. rs received in the access token from the AS, following <xref target="RFC8613" se
ctionFormat="of" section="3.2"/>.
</t> </t>
<t> <t>
In a similar way, after receiving the nonce N2, the client concatenates the input salt, N1 and N2 to obtain the Master Salt of the OSCORE Security Conte xt. The client then derives the complete Security Context from the Master Salt, the OSCORE Recipient ID generated by the RS (set as its OSCORE Sender ID), its o wn OSCORE Recipient ID, plus the parameters received from the AS. In a similar way, after receiving the nonce N2, the client concatenates the input salt, N1, and N2 to obtain the Master Salt of the OSCORE security cont ext. The client then derives the complete security context from the Master Salt; the OSCORE Recipient ID generated by the RS (set as its OSCORE Sender ID); its own OSCORE Recipient ID; plus the parameters received from the AS.
</t> </t>
<t> <t>
Finally, the client starts the communication with the RS by sending a re quest protected with OSCORE to the RS. If the request is successfully verified, the server stores the complete Security Context state that is ready for use in p rotecting messages, and uses it in the response, and in further communications w ith the client, until token deletion due to, for example, expiration. This Secur ity Context is discarded when a token (whether the same or a different one) is u sed to successfully derive a new Security Context for that client. Finally, the client starts the communication with the RS by sending a re quest protected with OSCORE to the RS. If the request is successfully verified, the server stores the complete security context state that is ready for use in p rotecting messages and uses it in the response, and in further communications wi th the client, until token deletion due to, for example, expiration. This securi ty context is discarded when a token (whether the same or a different one) is us ed to successfully derive a new security context for that client.
</t> </t>
<t> <t>
The use of nonces N1 and N2 during the exchange prevents the reuse of an The use of nonces N1 and N2 during the exchange prevents the reuse of an
Authenticated Encryption with Associated Data (AEAD) nonce/key pair Authenticated Encryption with Associated Data (AEAD) nonce/key pair
for two different messages. Reuse might otherwise occur when for two different messages. Reuse might otherwise occur when the
client and RS derive a new Security Context from an existing (non- client and RS derive a new security context from an existing (non-expire
expired) access token, as might occur when either party has just reboote d)
d, and might lead to loss of both confidentiality and integrity. access token, as might occur when either party has just rebooted, and th
Instead, by using the exchanged nonces N1 and N2 as part of the Master S at might lead to loss of both confidentiality and integrity.
alt, the request to the authz-info endpoint posting the same token results in a Instead, by using the exchanged nonces N1 and N2 as part of the Master S
different Security Context, by OSCORE construction, since even though the Master alt, the request to the authz-info endpoint posting the same token results in a
Secret, Sender ID and Recipient ID are the same, the Master Salt is different ( different security context, by OSCORE construction, since even though the Master
see Section 3.2.1 of <xref target="RFC8613" format="default"/>). If the exchange Secret, Sender ID, and Recipient ID are the same, the Master Salt is different
d nonces were reused, a node reusing a non-expired old token would be susceptibl (see <xref target="RFC8613" sectionFormat="of" section="3.2.1"/>). If the exchan
e to on-path attackers provoking the creation of an OSCORE message using an old ged nonces were reused, a node reusing a non-expired old token would be suscepti
AEAD key and nonce. ble to on-path attackers provoking the creation of an OSCORE message using an ol
d AEAD key and nonce.
</t> </t>
<t> <t>
After the whole message exchange has taken place, the client can contact
the AS to request an update of its access rights, sending a similar request to After the whole message exchange has taken place, the client can contact
the token endpoint that also includes an identifier so that the AS can find the the AS to request an update of its access rights, sending a similar request to
correct OSCORE security input material it has previously shared with the client. the token endpoint that also includes an identifier so that the AS can find the
This specific identifier, encoded as a byte string, is assigned by the AS to be correct OSCORE Input Material it has previously shared with the client. This spe
unique in the sets of its OSCORE security input materials, and is not used as i cific identifier, encoded as a byte string, is assigned by the AS to be unique i
nput material to derive the full OSCORE Security Context. n the sets of its OSCORE Input Materials, and it is not used as input material t
o derive the full OSCORE security context.
</t> </t>
<t> <t>
An overview of the profile flow for the OSCORE profile is given in <xref target="prof-overview" format="default"/>. The names of messages coincide with those of <xref target="I-D.ietf-ace-oauth-authz" format="default"/> when applica ble. An overview of the profile flow for the OSCORE profile is given in <xref target="prof-overview" format="default"/>. The names of messages coincide with those of <xref target="RFC9200" format="default"/> when applicable.
</t> </t>
<figure anchor="prof-overview"> <figure anchor="prof-overview">
<name>Protocol Overview</name> <name>Protocol Overview</name>
<artwork name="" type="" align="left" alt=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
C RS AS C RS AS
| | | | | |
| ----- POST /token ----------------------------> | | ----- POST /token ----------------------------> |
| | | | | |
| <---------------------------- Access Token ----- | | <---------------------------- Access Token ----- |
| + Access Information | | + Access Information |
skipping to change at line 180 skipping to change at line 190
| <--- OSCORE Response ----- | | | <--- OSCORE Response ----- | |
| | | | | |
/proof-of-possession | | /proof-of-possession | |
Sec Context storage/ | | Sec Context storage/ | |
| | | | | |
| ---- OSCORE Request -----> | | | ---- OSCORE Request -----> | |
| | | | | |
| <--- OSCORE Response ----- | | | <--- OSCORE Response ----- | |
| | | | | |
| ... | | | ... | |
]]></artwork> ]]></artwork>
</figure> </figure>
</section> </section>
<section anchor="client-as" numbered="true" toc="default"> <section anchor="client-as" numbered="true" toc="default">
<name>Client-AS Communication</name> <name>Client-AS Communication</name>
<t> <t>
The following subsections describe the details of the POST request and r esponse to the token endpoint between client and AS. Section 3.2 of <xref target ="RFC8613" format="default"/> defines how to derive a Security Context based on a shared master secret and a set of other parameters, established between client and server, which the client receives from the AS in this exchange. The proof- of-possession key (pop-key) included in the response from the AS MUST be used as master secret in OSCORE. The following subsections describe the details of the POST request and r esponse to the token endpoint between the client and AS. <xref target="RFC8613" sectionFormat="of" section="3.2"/> defines how to derive a security context base d on a shared Master Secret and a set of other parameters, established between t he client and server, which the client receives from the AS in this exchange. T he PoP key included in the response from the AS <bcp14>MUST</bcp14> be used as a Master Secret in OSCORE.
</t> </t>
<section anchor="c-as" numbered="true" toc="default"> <section anchor="c-as" numbered="true" toc="default">
<name>C-to-AS: POST to token endpoint</name> <name>C-to-AS: POST to Token Endpoint</name>
<t> <t>
The client-to-AS request is specified in Section 5.8.1 of <xref target ="I-D.ietf-ace-oauth-authz" format="default"/>. The client-to-AS request is specified in <xref target="RFC9200" sectio nFormat="of" section="5.8.1"/>.
</t> </t>
<t> <t>
The client must send this POST request to the token endpoint over a se cure channel that guarantees authentication, message integrity and confidentiali ty (see <xref target="introsp" format="default"/>). The client must send this POST request to the token endpoint over a se cure channel that guarantees authentication, message integrity, and confidential ity (see <xref target="introsp" format="default"/>).
</t> </t>
<t> <t>
An example of such a request is shown in <xref target="ex0" format="de fault"/> An example of such a request is shown in <xref target="ex0" format="de fault"/>.
</t> </t>
<figure anchor="ex0"> <figure anchor="ex0">
<name>Example C-to-AS POST /token request for an access token bound to <name>Example C-to-AS POST /token Request for an Access Token Bound to
a symmetric key.</name> a Symmetric Key</name>
<artwork name="" type="" align="left" alt=""><![CDATA[
<sourcecode name="" type="cbor-diag"><![CDATA[
Header: POST (Code=0.02) Header: POST (Code=0.02)
Uri-Host: "as.example.com" Uri-Host: "as.example.com"
Uri-Path: "token" Uri-Path: "token"
Content-Format: "application/ace+cbor" Content-Format: application/ace+cbor
Payload: Payload:
{ {
"audience" : "tempSensor4711", / audience / 5 : "tempSensor4711",
"scope" : "read" / scope / 9 : "read"
} }
]]></sourcecode>
]]></artwork>
</figure> </figure>
<t> <t>
If the client wants to update its access rights without changing an ex isting OSCORE Security Context, it MUST include in its POST request to the token endpoint a req_cnf object, with the kid field carrying a CBOR byte string conta ining the OSCORE Input Material Identifier (assigned as discussed in <xref targe t="as-c" format="default"/>). This identifier, together with other information s uch as audience (see Section 5.8.1 of <xref target="I-D.ietf-ace-oauth-authz" fo rmat="default"/>), can be used by the AS to determine the shared secret bound to the proof-of-possession token and therefore MUST identify a symmetric key that was previously generated by the AS as a shared secret for the communication betw een the client and the RS. The AS MUST verify that the received value identifies a proof-of-possession key that has previously been issued to the requesting cli ent. If that is not the case, the Client-to-AS request MUST be declined with the error code <tt>invalid_request</tt> as defined in Section 5.8.3 of <xref target ="I-D.ietf-ace-oauth-authz" format="default"/>. If the client wants to update its access rights without changing an ex isting OSCORE security context, it <bcp14>MUST</bcp14> include a <tt>req_cnf</tt > object in its POST request to the token endpoint, with the <tt>kid</tt> field carrying a CBOR byte string containing the OSCORE Input Material identifier (ass igned as discussed in <xref target="as-c" format="default"/>). This identifier, together with other information such as audience (see <xref target="RFC9200" sec tionFormat="of" section="5.8.1"/>), can be used by the AS to determine the share d secret bound to the proof-of-possession token; therefore, it <bcp14>MUST</bcp1 4> identify a symmetric key that was previously generated by the AS as a shared secret for the communication between the client and the RS. The AS <bcp14>MUST</ bcp14> verify that the received value identifies a proof-of-possession key that has previously been issued to the requesting client. If that is not the case, th e client-to-AS request <bcp14>MUST</bcp14> be declined with the error code <tt>i nvalid_request</tt> as defined in <xref target="RFC9200" sectionFormat="of" sect ion="5.8.3"/>.
</t> </t>
<t> <t>
An example of such a request is shown in <xref target="ex7" format="de fault"/> An example of such a request is shown in <xref target="ex7" format="de fault"/>.
</t> </t>
<figure anchor="ex7"> <figure anchor="ex7">
<name>Example C-to-AS POST /token request for updating rights to an ac <name>Example C-to-AS POST /token Request for Updating Rights to an Ac
cess token bound to a symmetric key.</name> cess Token Bound to a Symmetric Key</name>
<artwork name="" type="" align="left" alt=""><![CDATA[ <sourcecode name="" type="cbor-diag"><![CDATA[
Header: POST (Code=0.02) Header: POST (Code=0.02)
Uri-Host: "as.example.com" Uri-Host: "as.example.com"
Uri-Path: "token" Uri-Path: "token"
Content-Format: "application/ace+cbor" Content-Format: application/ace+cbor
Payload: Payload:
{ {
"audience" : "tempSensor4711", / audience / 5 : "tempSensor4711",
"scope" : "write", / scope / 9 : "write",
"req_cnf" : { / req_cnf / 4 : {
"kid" : h'01' / kid / 3 : h'01'
} }
}
]]></artwork> ]]></sourcecode>
</figure> </figure>
</section> </section>
<section anchor="as-c" numbered="true" toc="default"> <section anchor="as-c" numbered="true" toc="default">
<name>AS-to-C: Access Token</name> <name>AS-to-C: Access Token</name>
<t> <t>
After verifying the POST request to the token endpoint and that the cl ient is authorized to obtain an access token corresponding to its access token r equest, the AS responds as defined in section 5.8.2 of <xref target="I-D.ietf-ac e-oauth-authz" format="default"/>. If the client request was invalid, or not aut horized, the AS returns an error response as described in section 5.8.3 of <xref target="I-D.ietf-ace-oauth-authz" format="default"/>. After verifying the POST request to the token endpoint and that the cl ient is authorized to obtain an access token corresponding to its access token r equest, the AS responds as defined in <xref target="RFC9200" sectionFormat="of" section="5.8.2"/>. If the client request was invalid, or not authorized, the AS returns an error response as described in <xref target="RFC9200" sectionFormat=" of" section="5.8.3"/>.
</t> </t>
<t> <t>
The AS can signal that the use of OSCORE is REQUIRED for a specific ac The AS can signal that the use of OSCORE is <bcp14>REQUIRED</bcp14> fo
cess token by including the "ace_profile" parameter with the value "coap_oscore" r a specific access token by including the <tt>ace_profile</tt> parameter with t
in the access token response. This means that the client MUST use OSCORE towar he value <tt>coap_oscore</tt> in the access token response. This means that the
ds all resource servers for which this access token is valid, and follow <xref t client <bcp14>MUST</bcp14> use OSCORE towards all resource servers for which th
arget="oscore-setup" format="default"/> to derive the security context to run OS is access token is valid, and follow <xref target="oscore-setup" format="default
CORE. "/> to derive the security context to run OSCORE.
Usually it is assumed that constrained devices will be pre-configured with the n Usually, it is assumed that constrained devices will be preconfigured with the n
ecessary profile, so that this kind of profile signaling can be omitted. ecessary profile, so that this kind of profile signaling can be omitted.
</t> </t>
<t> <t>
Moreover, the AS MUST send the following data: Moreover, the AS <bcp14>MUST</bcp14> send the following data:
</t> </t>
<ul spacing="normal"> <ul spacing="normal">
<li>a master secret</li> <li>a Master Secret</li>
<li>an identifier of the OSCORE Input Material</li> <li>an identifier of the OSCORE Input Material</li>
</ul> </ul>
<t> <t>
Additionally, the AS MAY send the following data, in the same response . Additionally, the AS <bcp14>MAY</bcp14> send the following data, in th e same response.
</t> </t>
<ul spacing="normal"> <ul spacing="normal">
<li>a context identifier</li> <li>a context identifier</li>
<li>an AEAD algorithm</li> <li>an AEAD algorithm</li>
<li>an HMAC-based key derivation function (HKDF, <xref target="RFC5869 " format="default"/>) algorithm, see section 3.1 of <xref target="I-D.ietf-cose- rfc8152bis-algs" format="default"/></li> <li>an HMAC-based key derivation function (HKDF) algorithm <xref targe t="RFC5869" format="default"/>. It is specified by the HMAC algorithm value; see <xref target="RFC9053" sectionFormat="of" section="3.1"/>.</li>
<li>a salt</li> <li>a salt</li>
<li>the OSCORE version number</li> <li>the OSCORE version number</li>
</ul> </ul>
<t> <t>
This data is transported in the OSCORE_Input_Material. The OSCORE_Inpu t_Material is a CBOR map object, defined in <xref target="oscore-sec-ctx" format ="default"/>. This object is transported in the <tt>cnf</tt> parameter of the ac cess token response as defined in Section 3.2 of <xref target="I-D.ietf-ace-oaut h-params" format="default"/>, as the value of a field named <tt>osc</tt>, regist ered in <xref target="osc-cwt" format="default"/> and <xref target="osc-jwt" for mat="default"/>. This data is transported in the OSCORE_Input_Material. The OSCORE_Inpu t_Material is a CBOR map object, defined in <xref target="oscore-sec-ctx" format ="default"/>. This object is transported in the <tt>cnf</tt> parameter of the ac cess token response, as defined in <xref target="RFC9201" sectionFormat="of" sec tion="3.2"/>, as the value of a field named <tt>osc</tt>, which is registered in Sections <xref target="osc-cwt" format="counter"/> and <xref target="osc-jwt" f ormat="counter"/>.
</t> </t>
<t> <t>
The AS MAY assign an identifier to the context (context identifier). T his identifier is used as ID Context in the OSCORE context as described in secti on 3.1 of <xref target="RFC8613" format="default"/>. If assigned, this parameter s MUST be communicated as the <tt>contextId</tt> field in the OSCORE_Input_Mater ial. The application needs to consider that this identifier is sent in the clear and may reveal information about the endpoints, as mentioned in section 12.8 of <xref target="RFC8613" format="default"/>. The AS <bcp14>MAY</bcp14> assign an identifier to the context (context identifier). This identifier is used as ID Context in the OSCORE context as des cribed in <xref target="RFC8613" sectionFormat="of" section="3.1"/>. If assigned , these parameters <bcp14>MUST</bcp14> be communicated as the <tt>contextId</tt> field in the OSCORE_Input_Material. The application needs to consider that this identifier is sent in the clear and may reveal information about the endpoints, as mentioned in <xref target="RFC8613" sectionFormat="of" section="12.8"/>.
</t> </t>
<t> <t>
The master secret and the identifier of the OSCORE_Input_Material MUST The Master Secret and the identifier of the OSCORE_Input_Material <bcp
be communicated as the <tt>ms</tt> and <tt>id</tt> field in the <tt>osc</tt> fi 14>MUST</bcp14> be communicated as the <tt>ms</tt> and <tt>id</tt> field in the
eld in the <tt>cnf</tt> parameter of the access token response. <tt>osc</tt> field in the <tt>cnf</tt> parameter of the access token response. I
If included, the AEAD algorithm is sent in the <tt>alg</tt> parameter f included, the following are sent: the AEAD algorithm in the <tt>alg</tt> param
in the OSCORE_Input_Material; the HKDF algorithm in the <tt>hkdf</tt> parameter eter in the OSCORE_Input_Material; the HKDF algorithm in the <tt>hkdf</tt> param
of the OSCORE_Input_Material; a salt in the <tt>salt</tt> parameter of the OSCOR eter of the OSCORE_Input_Material; a salt in the <tt>salt</tt> parameter of the
E_Input_Material; and the OSCORE version in the <tt>version</tt> parameter of th OSCORE_Input_Material; and the OSCORE version in the <tt>version</tt> parameter
e OSCORE_Input_Material. of the OSCORE_Input_Material.
</t> </t>
<t> <t>
The same parameters MUST be included in the claims associated wit The same parameters <bcp14>MUST</bcp14> be included in the claims
h the access token. associated with the access token.
The OSCORE master secret MUST be encrypted by the authorization server The OSCORE Master Secret <bcp14>MUST</bcp14> be encrypted by the autho
so that only the resource server can decrypt it (see Section 6.1. of <xref targ rization server so that only the resource server can decrypt it (see <xref targe
et="I-D.ietf-ace-oauth-authz" format="default"/>). This profile RECOMMENDS the u t="RFC9200" sectionFormat="of" section="6.1"/>). The use of a CBOR Web Token (CW
se of a CBOR web token (CWT) protected with COSE_Encrypt/COSE_Encrypt0 as specif T) protected with COSE_Encrypt/COSE_Encrypt0 as specified in <xref target="RFC83
ied in <xref target="RFC8392" format="default"/>. If the token is a CWT, the sa 92" format="default"/> is <bcp14>RECOMMENDED</bcp14> in this profile. If the tok
me OSCORE_Input_Material structure defined above MUST be placed in the <tt>osc</ en is a CWT, the same OSCORE_Input_Material structure defined above <bcp14>MUST<
tt> field of the <tt>cnf</tt> claim of this token. /bcp14> be placed in the <tt>osc</tt> field of the <tt>cnf</tt> claim of this to
ken.
</t> </t>
<t> <t>
The AS MUST send different OSCORE_Input_Material (and therefore differ ent access tokens) to different authorized clients, in order for the RS to diffe rentiate between clients. The AS <bcp14>MUST</bcp14> send a different OSCORE_Input_Material (and therefore different access tokens) to different authorized clients, in order fo r the RS to differentiate between clients.
</t> </t>
<t> <t>
<xref target="ex1" format="default"/> shows an example of an AS respon se. The access token has been truncated for readability. <xref target="ex1" format="default"/> shows an example of an AS respon se. The access token has been truncated for readability.
</t> </t>
<figure anchor="ex1"> <figure anchor="ex1">
<name>Example AS-to-C Access Token response with OSCORE profile.</name <name>Example AS-to-C Access Token Response with an OSCORE Profile</na
> me>
<artwork name="" type="" align="left" alt=""><![CDATA[ <sourcecode name="" type="cbor-diag"><![CDATA[
Header: Created (Code=2.01) Header: Created (Code=2.01)
Content-Type: "application/ace+cbor" Content-Type: application/ace+cbor
Payload: Payload:
{ {
"access_token" : h'8343a1010aa2044c53 ... / access_token / 1 : h'8343a1010aa2044c53/...
(remainder of access token (CWT) omitted for brevity)', (remainder of access token (CWT) omitted for brevity)/',
"ace_profile" : "coap_oscore", / ace_profile / 38 : / coap_oscore / 2,
"expires_in" : "3600", / expires_in / 2 : 3600,
"cnf" : { / cnf / 8 : {
"osc" : { / osc / 4 : {
"id" : h'01', / id / 0 : h'01',
"ms" : h'f9af838368e353e78888e1426bd94e6f' / ms / 2 : h'f9af838368e353e78888e1426bd94e6f'
} }
} }
} }
]]></sourcecode>
]]></artwork>
</figure> </figure>
<t> <t>
<xref target="ex2" format="default"/> shows an example CWT Claims Set, including the relevant OSCORE parameters in the <tt>cnf</tt> claim. <xref target="ex2" format="default"/> shows an example CWT Claims Set, including the relevant OSCORE parameters in the <tt>cnf</tt> claim.
</t> </t>
<figure anchor="ex2"> <figure anchor="ex2">
<name>Example CWT Claims Set with OSCORE parameters.</name> <name>Example CWT Claims Set with OSCORE Parameters</name>
<artwork name="" type="" align="left" alt=""><![CDATA[ <sourcecode name="" type="cbor-diag"><![CDATA[
{ {
"aud" : "tempSensorInLivingRoom", / aud / 3 : "tempSensorInLivingRoom",
"iat" : "1360189224", / iat / 6 : 1360189224,
"exp" : "1360289224", / exp / 4 : 1360289224,
"scope" : "temperature_g firmware_p", / scope / 9 : "temperature_g firmware_p",
"cnf" : { / cnf / 8 : {
"osc" : { / osc / 4 : {
"ms" : h'f9af838368e353e78888e1426bd94e6f', / id / 0 : h'01',
"id" : h'01' / ms / 2 : h'f9af838368e353e78888e1426bd94e6f'
} }
} }
} }
]]></artwork> ]]></sourcecode>
</figure> </figure>
<t> <t>
The same CWT Claims Set as in <xref target="ex2" format="default"/>, u The same CWT Claims Set as in <xref target="ex2" format="default"/>, u
sing the value abbreviations defined in <xref target="I-D.ietf-ace-oauth-authz" sing the value abbreviations defined in <xref target="RFC9200" format="default"/
format="default"/> and <xref target="RFC8747" format="default"/> and encoded in > and <xref target="RFC8747" format="default"/> and encoded in CBOR, is shown in
CBOR is shown in <xref target="ex2-cbor" format="default"/>. The bytes in hexade <xref target="ex2-cbor" format="default"/>. The bytes in hexadecimal are report
cimal are reported in the first column, while their corresponding CBOR meaning i ed in the first column, while their corresponding CBOR meaning is reported after
s reported after the <tt>#</tt> sign on the second column, for easiness of reada the <tt>#</tt> sign on the second column, for readability.
bility.
</t>
<t>
NOTE TO THE RFC EDITOR: before publishing, it should be checked (and i
n case fixed) that the values used below (which are not yet registered) are the
final values registered in IANA.
</t> </t>
<figure anchor="ex2-cbor"> <figure anchor="ex2-cbor">
<name>Example CWT Claims Set with OSCORE parameters, CBOR encoded.</na <name>Example CWT Claims Set with OSCORE Parameters Using CBOR Encodin
me> g</name>
<artwork name="" type="" align="left" alt=""><![CDATA[ <sourcecode name="" type="cbor-pretty"><![CDATA[
A5 # map(5) A5 # map(5)
63 # text(3) 03 # unsigned(3)
617564 # "aud" 76 # text(22)
76 # text(22)
74656D7053656E736F72496E4C6976696E67526F6F6D 74656D7053656E736F72496E4C6976696E67526F6F6D
# "tempSensorInLivingRoom" # "tempSensorInLivingRoom"
63 # text(3) 06 # unsigned(6)
696174 # "iat" 1A 5112D728 # unsigned(1360189224)
6A # text(10) 04 # unsigned(4)
31333630313839323234 # "1360189224" 1A 51145DC8 # unsigned(1360289224)
63 # text(3) 09 # unsigned(9)
657870 # "exp" 78 18 # text(24)
6A # text(10)
31333630323839323234 # "1360289224"
65 # text(5)
73636F7065 # "scope"
78 18 # text(24)
74656D70657261747572655F67206669726D776172655F70 74656D70657261747572655F67206669726D776172655F70
# "temperature_g firmware_p" # "temperature_g firmware_p"
63 # text(3) 08 # unsigned(8)
636E66 # "cnf" A1 # map(1)
A1 # map(1) 04 # unsigned(4)
63 # text(3) A2 # map(2)
6F7363 # "osc" 00 # unsigned(0)
A2 # map(2) 41 # bytes(1)
62 # text(2) 01
6D73 # "ms" 02 # unsigned(2)
50 # bytes(16) 50 # bytes(16)
F9AF838368E353E78888E1426BD94E6F F9AF838368E353E78888E1426BD94E6F
# "\xF9\xAF\x83\x83h\xE3S\xE7 ]]></sourcecode>
\x88\x88\xE1Bk\xD9No"
62 # text(2)
6964 # "id"
41 # bytes(1)
01 # "\x01"
]]></artwork>
</figure> </figure>
<t> <t>
If the client has requested an update to its access rights using the s ame OSCORE Security Context, which is valid and authorized, the AS MUST omit the <tt>cnf</tt> parameter in the response, and MUST carry the OSCORE Input Materia l identifier in the <tt>kid</tt> field in the <tt>cnf</tt> claim of the token. T his identifier needs to be included in the token in order for the RS to identify the correct OSCORE Input Material. If the client has requested an update to its access rights using the s ame OSCORE security context, which is valid and authorized, the AS <bcp14>MUST</ bcp14> omit the <tt>cnf</tt> parameter in the response and <bcp14>MUST</bcp14> c arry the OSCORE Input Material identifier in the <tt>kid</tt> field in the <tt>c nf</tt> claim of the token. This identifier needs to be included in the token in order for the RS to identify the correct OSCORE Input Material.
</t> </t>
<t> <t>
<xref target="ex5" format="default"/> shows an example of such an AS r esponse The access token has been truncated for readability. <xref target="ex5" format="default"/> shows an example of such an AS r esponse. The access token has been truncated for readability.
</t> </t>
<figure anchor="ex5"> <figure anchor="ex5">
<name>Example AS-to-C Access Token response with OSCORE profile, for u <name>Example AS-to-C Access Token Response with an OSCORE Profile for
pdate of access rights.</name> the Update of Access Rights</name>
<artwork name="" type="" align="left" alt=""><![CDATA[ <sourcecode name="" type="cbor-diag"><![CDATA[
Header: Created (Code=2.01) Header: Created (Code=2.01)
Content-Type: "application/ace+cbor" Content-Type: application/ace+cbor
Payload: Payload:
{ {
"access_token" : h'8343a1010aa2044c53 ... / access_token / 1 : h'8343a1010aa2044c53/ ...
(remainder of access token (CWT) omitted for brevity)', (remainder of access token (CWT) omitted for brevity)/',
"ace_profile" : "coap_oscore", / ace_profile / 38 : / coap_oscore / 2,
"expires_in" : "3600" / expires_in / 2 : 3600
} }
]]></sourcecode>
]]></artwork>
</figure> </figure>
<t> <t>
<xref target="ex6" format="default"/> shows an example CWT Claims Set, containing the necessary OSCORE parameters in the <tt>cnf</tt> claim for update of access rights. <xref target="ex6" format="default"/> shows an example CWT Claims Set that contains the necessary OSCORE parameters in the <tt>cnf</tt> claim for the update of access rights.
</t> </t>
<figure anchor="ex6"> <figure anchor="ex6">
<name>Example CWT Claims Set with OSCORE parameters for update of acce <name>Example CWT Claims Set with OSCORE Parameters for the Update of
ss rights.</name> Access Rights</name>
<artwork name="" type="" align="left" alt=""><![CDATA[ <sourcecode name="" type="cbor-diag"><![CDATA[
{ {
"aud" : "tempSensorInLivingRoom", / aud / 3 : "tempSensorInLivingRoom",
"iat" : "1360189224", / iat / 6 : 1360189224,
"exp" : "1360289224", / exp / 4 : 1360289224,
"scope" : "temperature_h", / scope / 9 : "temperature_h",
"cnf" : { / cnf / 8 : {
"kid" : h'01' / kid / 3 : h'01'
} }
} }
]]></sourcecode>
]]></artwork>
</figure> </figure>
<!-- Client rejecting OSCORE_Security_Context if invalid <- This is not
done as the client does not verify the token, so it would be easy for an attacke
r to interrupt ACE by just injecting unexisting fields.
<t>
When receiving the access token response, the client MUST verify the O
SCORE_Security_Context. If any of the expected parameters in the OSCORE_Security
_Context is missing (e.g. any of the mandatory parameters from the AS), or if an
y parameters received in the OSCORE_Security_Context is unrecognized, the client
MUST NOT continue processing, and MAY attempt to retrieve a new token from the
AS.
<t>
-->
<section anchor="oscore-sec-ctx" numbered="true" toc="default"> <section anchor="oscore-sec-ctx" numbered="true" toc="default">
<name>The OSCORE_Input_Material</name> <name>The OSCORE_Input_Material</name>
<t> <t>
An OSCORE_Input_Material is an object that represents the input mate rial to derive an OSCORE Security Context, i.e., the local set of information el ements necessary to carry out the cryptographic operations in OSCORE (Section 3. 1 of <xref target="RFC8613" format="default"/>). In particular, the OSCORE_Input _Material is defined to be serialized and transported between nodes, as specifie d by this document, but can also be used by other specifications if needed. The OSCORE_Input_Material can either be encoded as a JSON object or as a CBOR map. T he set of common parameters that can appear in an OSCORE_Input_Material can be f ound in the IANA "OSCORE Security Context Parameters" registry (<xref target="se c-ctx-params-reg" format="default"/>), defined for extensibility, and the initia l set of parameters defined in this document is specified below. An OSCORE_Input_Material is an object that represents the input mate rial to derive an OSCORE security context, i.e., the local set of information el ements necessary to carry out the cryptographic operations in OSCORE (<xref targ et="RFC8613" sectionFormat="of" section="3.1"/>). In particular, the OSCORE_Inpu t_Material is defined to be serialized and transported between nodes, as specifi ed by this document, but it can also be used by other specifications if needed. The OSCORE_Input_Material can be encoded as either a JSON object or a CBOR map. The set of common parameters that can appear in an OSCORE_Input_Material can be found in the IANA "OSCORE Security Context Parameters" registry (<xref target="s ec-ctx-params-reg" format="default"/>), defined for extensibility, and the initi al set of parameters defined in this document is specified below.
All parameters are optional. All parameters are optional.
<xref target="key-labels" format="default"/> provides a summary of t he OSCORE_Input_Material parameters defined in this section. <xref target="key-labels" format="default"/> provides a summary of t he OSCORE_Input_Material parameters defined in this section.
</t> </t>
<table anchor="key-labels" align="center"> <table anchor="key-labels" align="center">
<name>OSCORE_Input_Material Parameters</name> <name>OSCORE_Input_Material Parameters</name>
<thead> <thead>
<tr> <tr>
<th align="left">name</th> <th align="left">name</th>
<th align="left">CBOR label</th> <th align="left">CBOR label</th>
<th align="left">CBOR type</th> <th align="left">CBOR type</th>
<th align="left">registry</th> <th align="left">registry</th>
<th align="left">description</th> <th align="left">description</th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<tr> <tr>
<td align="left">id</td> <td align="left">id</td>
<td align="left">0</td> <td align="left">0</td>
<td align="left">byte string</td> <td align="left">byte string</td>
<td align="left"/> <td align="left"/>
<td align="left">OSCORE Input Material Identifier</td> <td align="left">OSCORE Input Material identifier</td>
</tr> </tr>
<tr> <tr>
<td align="left">version</td> <td align="left">version</td>
<td align="left">1</td> <td align="left">1</td>
<td align="left">unsigned integer</td> <td align="left">unsigned integer</td>
<td align="left"/> <td align="left"/>
<td align="left">OSCORE Version</td> <td align="left">OSCORE version</td>
</tr> </tr>
<tr> <tr>
<td align="left">ms</td> <td align="left">ms</td>
<td align="left">2</td> <td align="left">2</td>
<td align="left">byte string</td> <td align="left">byte string</td>
<td align="left"/> <td align="left"/>
<td align="left">OSCORE Master Secret value</td> <td align="left">OSCORE Master Secret value</td>
</tr> </tr>
<tr> <tr>
<td align="left">hkdf</td> <td align="left">hkdf</td>
<td align="left">3</td> <td align="left">3</td>
<td align="left">text string / integer</td> <td align="left">text string / integer</td>
<td align="left"> <td align="left">
<xref target="COSE.Algorithms" format="default"/> Values (HMAC -based)</td> <xref target="COSE.Algorithms" format="default"/> values (HMAC -based)</td>
<td align="left">OSCORE HKDF value</td> <td align="left">OSCORE HKDF value</td>
</tr> </tr>
<tr> <tr>
<td align="left">alg</td> <td align="left">alg</td>
<td align="left">4</td> <td align="left">4</td>
<td align="left">text string / integer</td> <td align="left">text string / integer</td>
<td align="left"> <td align="left">
<xref target="COSE.Algorithms" format="default"/> Values (AEAD )</td> <xref target="COSE.Algorithms" format="default"/> values (AEAD )</td>
<td align="left">OSCORE AEAD Algorithm value</td> <td align="left">OSCORE AEAD Algorithm value</td>
</tr> </tr>
<tr> <tr>
<td align="left">salt</td> <td align="left">salt</td>
<td align="left">5</td> <td align="left">5</td>
<td align="left">byte string</td> <td align="left">byte string</td>
<td align="left"/> <td align="left"/>
<td align="left">an input to OSCORE Master Salt value</td> <td align="left">an input to OSCORE Master Salt value</td>
</tr> </tr>
<tr> <tr>
skipping to change at line 495 skipping to change at line 482
<td align="left">byte string</td> <td align="left">byte string</td>
<td align="left"/> <td align="left"/>
<td align="left">OSCORE ID Context value</td> <td align="left">OSCORE ID Context value</td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
<dl newline="false" spacing="normal"> <dl newline="false" spacing="normal">
<dt>id:</dt> <dt>id:</dt>
<dd> <dd>
This parameter identifies the OSCORE_Input_Material and is encod ed as a byte string. This parameter identifies the OSCORE_Input_Material and is encod ed as a byte string.
In JSON, the "id" value is a Base64 encoded byte string. In JSON, the <tt>id</tt> value is a base64-encoded byte string.
In CBOR, the "id" type is byte string, and has label 0. In CBOR, the <tt>id</tt> type is a byte string, and it has label
0.
</dd> </dd>
<dt>version:</dt> <dt>version:</dt>
<dd> <dd>
This parameter identifies the OSCORE Version number, which is an This parameter identifies the OSCORE version number, which is an
unsigned integer. For more information about this field, see section 5.4 of <xr unsigned integer. For more information about this field, see <xref target="RFC8
ef target="RFC8613" format="default"/>. 613" sectionFormat="of" section="5.4"/>.
In JSON, the "version" value is an integer. In JSON, the <tt>version</tt> value is an integer.
In CBOR, the "version" type is integer, and has label 1. In CBOR, the <tt>version</tt> type is an integer, and it has lab
el 1.
</dd> </dd>
<dt>ms:</dt> <dt>ms:</dt>
<dd> <dd>
This parameter identifies the OSCORE Master Secret value, which This parameter identifies the OSCORE Master Secret value, which
is a byte string. For more information about this field, see section 3.1 of <xre is a byte string. For more information about this field, see <xref target="RFC86
f target="RFC8613" format="default"/>. 13" sectionFormat="of" section="3.1"/>.
In JSON, the "ms" value is a Base64 encoded byte string. In JSON, the <tt>ms</tt> value is a base64-encoded byte string.
In CBOR, the "ms" type is byte string, and has label 2. In CBOR, the <tt>ms</tt> type is byte string, and it has label 2
.
</dd> </dd>
<dt>hkdf:</dt> <dt>hkdf:</dt>
<dd> <dd>
This parameter identifies the OSCORE HKDF Algorithm. For more in This parameter identifies the OSCORE HKDF Algorithm. For more in
formation about this field, see section 3.1 of <xref target="RFC8613" format="de formation about this field, see <xref target="RFC8613" sectionFormat="of" sectio
fault"/>. n="3.1"/>.
The values used MUST be registered in the IANA "COSE Algorithms" The values used <bcp14>MUST</bcp14> be registered in the IANA "C
registry (see <xref target="COSE.Algorithms" format="default"/>) and MUST be HM OSE Algorithms" registry (see <xref target="COSE.Algorithms" format="default"/>)
AC-based HKDF algorithms (see section 3.1 of <xref target="I-D.ietf-cose-rfc8152 and <bcp14>MUST</bcp14> be HMAC-based HKDF algorithms (see <xref target="RFC905
bis-algs" format="default"/>). The value can either be the integer or the text s 3" sectionFormat="of" section="3.1"/>). The value can be either the integer or t
tring value of the HMAC-based HKDF algorithm in the "COSE Algorithms" registry. he text-string value of the HMAC-based HKDF algorithm in the "COSE Algorithms" r
In JSON, the "hkdf" value is a case-sensitive ASCII string or an egistry.
integer. In JSON, the <tt>hkdf</tt> value is a case-sensitive ASCII strin
In CBOR, the "hkdf" type is text string or integer, and has labe g or an integer.
l 3. In CBOR, the <tt>hkdf</tt> type is a text string or integer, and
it has label 3.
</dd> </dd>
<dt>alg:</dt> <dt>alg:</dt>
<dd> <dd>
This parameter identifies the OSCORE AEAD Algorithm. For more in This parameter identifies the OSCORE AEAD Algorithm. For more in
formation about this field, see section 3.1 of <xref target="RFC8613" format="de formation about this field, see <xref target="RFC8613" sectionFormat="of" sectio
fault"/> n="3.1"/>.
The values used MUST be registered in the IANA "COSE Algorithms" The values used <bcp14>MUST</bcp14> be registered in the IANA "C
registry (see <xref target="COSE.Algorithms" format="default"/>) and MUST be AE OSE Algorithms" registry (see <xref target="COSE.Algorithms" format="default"/>)
AD algorithms. The value can either be the integer or the text string value of t and <bcp14>MUST</bcp14> be AEAD algorithms. The value can be either the integer
he HMAC-based HKDF algorithm in the "COSE Algorithms" registry. or the text-string value of the HMAC-based HKDF algorithm in the "COSE Algorith
In JSON, the "alg" value is a case-sensitive ASCII string or an ms" registry.
integer. In JSON, the <tt>alg</tt> value is a case-sensitive ASCII string
In CBOR, the "alg" type is text string or integer, and has label or an integer.
4. In CBOR, the <tt>alg</tt> type is a text string or integer, and
it has label 4.
</dd> </dd>
<dt>salt:</dt> <dt>salt:</dt>
<dd> <dd>
This parameter identifies an input to the OSCORE Master Salt val This parameter identifies an input to the OSCORE Master Salt val
ue, which is a byte string. For more information about this field, see section 3 ue, which is a byte string. For more information about this field, see <xref tar
.1 of <xref target="RFC8613" format="default"/>. get="RFC8613" sectionFormat="of" section="3.1"/>.
In JSON, the "salt" value is a Base64 encoded byte string. In JSON, the <tt>salt</tt> value is a base64-encoded byte string
In CBOR, the "salt" type is byte string, and has label 5. .
In CBOR, the <tt>salt</tt> type is a byte string, and it has lab
el 5.
</dd> </dd>
<dt>contextId:</dt> <dt>contextId:</dt>
<dd> <dd>
This parameter identifies the security context as a byte string. This parameter identifies the security context as a byte string.
This identifier is used as OSCORE ID Context. For more information about this f This identifier is used as OSCORE ID Context. For more information about this f
ield, see section 3.1 of <xref target="RFC8613" format="default"/>. ield, see <xref target="RFC8613" sectionFormat="of" section="3.1"/>.
In JSON, the "contextID" value is a Base64 encoded byte string. In JSON, the <tt>contextID</tt> value is a base64-encoded byte s
In CBOR, the "contextID" type is byte string, and has label 6. tring.
In CBOR, the <tt>contextID</tt> type is a byte string, and it ha
s label 6.
</dd> </dd>
</dl> </dl>
<t> <t>
An example of JSON OSCORE_Input_Material is given in <xref target="J SON-osc" format="default"/>. An example of JSON OSCORE_Input_Material is given in <xref target="J SON-osc" format="default"/>.
</t> </t>
<figure anchor="JSON-osc"> <figure anchor="JSON-osc">
<name>Example JSON OSCORE_Input_Material</name> <name>Example JSON OSCORE_Input_Material</name>
<artwork name="" type="" align="left" alt=""><![CDATA[ <sourcecode name="" type="json"><![CDATA[
"osc" : { "osc" : {
"alg" : "AES-CCM-16-64-128", "alg" : "AES-CCM-16-64-128",
"id" : b64'AQ==' "id" : "AQ",
"ms" : b64'+a+Dg2jjU+eIiOFCa9lObw' "ms" : "-a-Dg2jjU-eIiOFCa9lObw"
} }
]]></sourcecode>
]]></artwork>
</figure> </figure>
<t> <t>
The CDDL grammar describing the CBOR OSCORE_Input_Material is: The CDDL grammar describing the CBOR OSCORE_Input_Material is shown in <xref target="CDDL-osc" format="default"/>.
</t> </t>
<artwork type="CDDL" name="" align="left" alt=""><![CDATA[ <figure anchor="CDDL-osc">
<name>CDDL Grammar of the OSCORE_Input_Material</name>
<sourcecode name="" type="cddl"><![CDATA[
OSCORE_Input_Material = { OSCORE_Input_Material = {
? 0 => bstr, ; id ? 0 => bstr, ; id
? 1 => int, ; version ? 1 => int, ; version
? 2 => bstr, ; ms ? 2 => bstr, ; ms
? 3 => tstr / int, ; hkdf ? 3 => tstr / int, ; hkdf
? 4 => tstr / int, ; alg ? 4 => tstr / int, ; alg
? 5 => bstr, ; salt ? 5 => bstr, ; salt
? 6 => bstr, ; contextId ? 6 => bstr, ; contextId
* int / tstr => any * (int / tstr) => any
} }
]]></artwork> ]]></sourcecode>
</figure>
</section> </section>
</section> </section>
</section> </section>
<section anchor="c-rs1" numbered="true" toc="default"> <section anchor="c-rs1" numbered="true" toc="default">
<name>Client-RS Communication</name> <name>Client-RS Communication</name>
<t> <t>
The following subsections describe the details of the POST request and r esponse to the authz-info endpoint between client and RS. The client generates a nonce N1 and an identifier ID1 unique in the sets of its own Recipient IDs, and posts them together with the token that includes the materials (e.g., OSCORE pa rameters) received from the AS to the RS. The RS then generates a nonce N2 and a n identifier ID2 unique in the sets of its own Recipient IDs, and uses Section 3 .2 of <xref target="RFC8613" format="default"/> to derive a security context bas ed on a shared master secret, the two exchanged nonces and the two identifiers, established between client and server. The exchanged nonces and identifiers are encoded as CBOR byte string if CBOR is used, and as Base64 string if JSON is use d. This security context is used to protect all future communication between cli ent and RS using OSCORE, as long as the access token is valid. The following subsections describe the details of the POST request and r esponse to the authz-info endpoint between the client and RS. The client generat es a nonce N1 and an identifier ID1 that is unique in the sets of its own Recipi ent IDs and posts them together with the token that includes the materials (e.g. , OSCORE parameters) received from the AS to the RS. The RS then generates a non ce N2 and an identifier ID2 that is unique in the sets of its own Recipient IDs and uses <xref target="RFC8613" sectionFormat="of" section="3.2"/> to derive a s ecurity context based on a shared Master Secret, the two exchanged nonces, and t he two identifiers, established between the client and server. The exchanged non ces and identifiers are encoded as a CBOR byte string if CBOR is used and as a b ase64 string if JSON is used. This security context is used to protect all futur e communication between the client and RS using OSCORE, as long as the access to ken is valid.
</t> </t>
<!-- <t>
Note that the proof-of-possession required to bind the access token to t
he
client is implicitly performed by generating the shared OSCORE Security
Context using
the pop-key as master secret, for both client and RS. An attacker
using a stolen token will not be able to generate a valid OSCORE context
and
thus not be able to prove possession of the pop-key.
</t> -->
<t> <t>
Note that the RS and client authenticate each other Note that the RS and client authenticate each other
by generating the shared OSCORE Security Context using by generating the shared OSCORE security context using
the pop-key as master secret. An attacker the PoP key as the Master Secret. An attacker
posting a valid token to the RS will not be able to generate a valid OSC posting a valid token to the RS will not be able to generate a valid OSC
ORE Security Context and ORE security context and
thus not be able to prove possession of the pop-key. Additionally, the m thus will not be able to prove possession of the PoP key. Additionally,
utual authentication is only achieved after the client has successfully verified the mutual authentication is only achieved after the client has successfully ver
a response from the RS protected with the generated OSCORE Security Context. ified a response from the RS protected with the generated OSCORE security contex
t.
</t> </t>
<section anchor="c-rs" numbered="true" toc="default"> <section anchor="c-rs" numbered="true" toc="default">
<name>C-to-RS: POST to authz-info endpoint</name> <name>C-to-RS: POST to authz-info Endpoint</name>
<t> <t>
The client MUST generate a nonce value N1 very unlikely to have been p reviously used with the same input keying material. This profile RECOMMENDS usin g a 64-bit long random number as the nonce's value. The client MUST store the no nce N1 as long as the response from the RS is not received and the access token related to it is still valid (to the best of the client's knowledge). The client <bcp14>MUST</bcp14> generate a nonce value N1 that is very unlikely to have been previously used with the same input keying material. The u se of a 64-bit long random number as the nonce's value is <bcp14>RECOMMENDED</bc p14> in this profile. The client <bcp14>MUST</bcp14> store the nonce N1 as long as the response from the RS is not received and the access token related to it i s still valid (to the best of the client's knowledge).
</t> </t>
<t> <t>
The client generates its own Recipient ID, ID1, for the OSCORE Securit y Context that it is establishing with the RS. By generating its own Recipient I D, the client makes sure that it does not collide with any of its Recipient IDs, nor with any other identifier ID1 if the client is executing this exchange with a different RS at the same time. The client generates its own Recipient ID, ID1, for the OSCORE securit y context that it is establishing with the RS. By generating its own Recipient I D, the client makes sure that it does not collide with any of its Recipient IDs, nor with any other identifier ID1 if the client is executing this exchange with a different RS at the same time.
</t> </t>
<t> <t>
The client MUST use CoAP and the Authorization Information resource as described in section 5.8.1 of <xref target="I-D.ietf-ace-oauth-authz" format="d efault"/> to transport the token, N1 and ID1 to the RS. The client <bcp14>MUST</bcp14> use CoAP and the authorization informat ion resource as described in <xref target="RFC9200" sectionFormat="of" section=" 5.8.1"/> to transport the token, N1, and ID1 to the RS.
</t> </t>
<t> <t>
Note that the use of the payload and the Content-Format is different Note that the use of the payload and the Content-Format is different f
from what is described in section 5.8.1 of <xref target="I-D.ietf-ace-oauth-auth rom what is described in <xref target="RFC9200" sectionFormat="of" section="5.8.
z" format="default"/>, which only transports the token without any CBOR wrapping 1"/>, which only transports the token without any CBOR wrapping. In this profile
. In this profile, the client MUST wrap the token, N1 and ID1 in a CBOR map. The , the client <bcp14>MUST</bcp14> wrap the token, N1, and ID1 in a CBOR map.
client MUST use the Content-Format "application/ace+cbor" defined in section 8. The client <bcp14>MUST</bcp14> use the Content-Format application/ace+cbor defin
14 of <xref target="I-D.ietf-ace-oauth-authz" format="default"/>. The client MUS ed in <xref target="RFC9200" sectionFormat="of" section="8.16"/>. The client <bc
T include the access token using the <tt>access_token</tt> parameter, N1 using t p14>MUST</bcp14> include the access token using the <tt>access_token</tt> parame
he <tt>nonce1</tt> parameter defined in <xref target="nonce1" format="default"/> ter; N1 using the <tt>nonce1</tt> parameter defined in <xref target="nonce1" for
, and ID1 using the <tt>ace_client_recipientid</tt> parameter defined in <xref t mat="default"/>; and ID1 using the <tt>ace_client_recipientid</tt> parameter def
arget="id1" format="default"/>. ined in <xref target="id1" format="default"/>.
</t> </t>
<t> <t>
The communication with the authz-info endpoint does not have to be pro tected, except for the update of access rights case described below. The communication with the authz-info endpoint does not have to be pro tected, except for the update of access rights case described below.
</t> </t>
<t> <t>
Note that a client may be required to re-POST the access token in orde r to complete a request, since an RS may delete a stored access token (and assoc iated Security Context) at any time, for example due to all storage space being consumed. This situation is detected by the client when it receives an AS Reques t Creation Hints response. Reposting the same access token will result in derivi ng a new OSCORE Security Context to be used with the RS, as different exchanged nonces will be used. Note that a client may be required to repost the access token in order to complete a request, since an RS may delete a stored access token (and associ ated security context) at any time, for example, due to all storage space being consumed. This situation is detected by the client when it receives an AS Reques t Creation Hints response. Reposting the same access token will result in derivi ng a new OSCORE security context to be used with the RS, as different exchanged nonces will be used.
</t> </t>
<t> <t>
The client may also choose to re-POST the access token in order to upd ate its OSCORE Security Context. In that case, the client and the RS will exchan ge newly generated nonces, re-negotiate identifiers, and derive new keying mater ial. The client and RS might decide to keep the same identifiers or renew them d uring the re-negotiation. The client may also choose to repost the access token in order to upda te its OSCORE security context. In that case, the client and the RS will exchang e newly generated nonces, renegotiate identifiers, and derive new keying materia l. The client and RS might decide to keep the same identifiers or renew them dur ing the renegotiation.
</t> </t>
<t> <t>
<xref target="ex3" format="default"/> shows an example of the request sent from the client to the RS. The access token has been truncated for readabil ity. <xref target="ex3" format="default"/> shows an example of the request sent from the client to the RS. The access token has been truncated for readabil ity.
</t> </t>
<figure anchor="ex3"> <figure anchor="ex3">
<name>Example C-to-RS POST /authz-info request using CWT</name> <name>Example C-to-RS POST /authz-info Request Using CWT</name>
<artwork name="" type="" align="left" alt=""><![CDATA[ <sourcecode name="" type="cbor-diag"><![CDATA[
Header: POST (Code=0.02) Header: POST (Code=0.02)
Uri-Host: "rs.example.com" Uri-Host: "rs.example.com"
Uri-Path: "authz-info" Uri-Path: "authz-info"
Content-Format: "application/ace+cbor" Content-Format: application/ace+cbor
Payload: Payload:
{ {
"access_token": h'8343a1010aa2044c53 ... / access_token / 1 : h'8343a1010aa2044c53/...
(remainder of access token (CWT) omitted for brevity)', (remainder of access token (CWT) omitted for brevity)/',
"nonce1": h'018a278f7faab55a', / nonce1 / 40 : h'018a278f7faab55a',
"ace_client_recipientid" : h'1645' / ace_client_recipientid / 43 : h'1645'
} }
]]></sourcecode>
]]></artwork>
</figure> </figure>
<t> <t>
If the client has already posted a valid token, has already establishe d a security association with the RS, and wants to update its access rights, the client can do so by posting the new token (retrieved from the AS and containing the update of access rights) to the /authz-info endpoint. The client MUST prote ct the request using the OSCORE Security Context established during the first to ken exchange. The client MUST only send the <tt>access_token</tt> field in the C BOR map in the payload, no nonce or identifier are sent. After proper verificati on (see <xref target="rs-c" format="default"/>), the RS will replace the old tok en with the new one, maintaining the same Security Context. If the client has already posted a valid token, has already establishe d a security association with the RS, and wants to update its access rights, the client can do so by posting the new token (retrieved from the AS and containing the update of access rights) to the /authz-info endpoint. The client <bcp14>MUS T</bcp14> protect the request using the OSCORE security context established duri ng the first token exchange. The client <bcp14>MUST</bcp14> only send the <tt>ac cess_token</tt> field in the CBOR map in the payload; no nonce or identifier is sent. After proper verification (see <xref target="rs-c" format="default"/>), th e RS will replace the old token with the new one, maintaining the same security context.
</t> </t>
<section anchor="nonce1" numbered="true" toc="default"> <section anchor="nonce1" numbered="true" toc="default">
<name>The Nonce 1 Parameter</name> <name>The Nonce 1 Parameter</name>
<t> <t>
This parameter MUST be sent from the client to the RS, together wit The <tt>nonce1</tt> parameter <bcp14>MUST</bcp14> be sent from the
h the access token, if the ace profile used is coap_oscore, and the message is n client to the RS, together with the access token, if the ACE profile used is <tt
ot an update of access rights, protected with an existing OSCORE Security Contex >coap_oscore</tt>, and the message is not an update of access rights, protected
t. The parameter is encoded as a byte string for with an existing OSCORE security context. The parameter is encoded as a byte st
CBOR-based interactions, and as a string (Base64 encoded binary) for ring for
CBOR-based interactions and as a string (base64-encoded binary) for
JSON-based interactions. This parameter is registered in <xref target="iana-n onces-ids" format="default"/>. JSON-based interactions. This parameter is registered in <xref target="iana-n onces-ids" format="default"/>.
</t> </t>
</section> </section>
<section anchor="id1" numbered="true" toc="default"> <section anchor="id1" numbered="true" toc="default">
<name>The ace_client_recipientid Parameter</name> <name>The ace_client_recipientid Parameter</name>
<t> <t>
This parameter MUST be sent from the client to the RS, together wit The <tt>ace_client_recipientid</tt> parameter <bcp14>MUST</bcp14> b
h the access token, if the ace profile used is coap_oscore, and the message is n e sent from the client to the RS, together with the access token, if the ACE pro
ot an update of access rights, protected with an existing OSCORE Security Contex file used is <tt>coap_oscore</tt>, and the message is not an update of access ri
t. The parameter is encoded as a byte string for ghts, protected with an existing OSCORE security context. The parameter is enco
CBOR-based interactions, and as a string (Base64 encoded binary) for ded as a byte string for
CBOR-based interactions and as a string (base64-encoded binary) for
JSON-based interactions. This parameter is registered in <xref target="iana-n onces-ids" format="default"/>. JSON-based interactions. This parameter is registered in <xref target="iana-n onces-ids" format="default"/>.
</t> </t>
</section> </section>
</section> </section>
<section anchor="rs-c" numbered="true" toc="default"> <section anchor="rs-c" numbered="true" toc="default">
<name>RS-to-C: 2.01 (Created)</name> <name>RS-to-C: 2.01 (Created)</name>
<t> <t>
The RS MUST follow the procedures defined in section 5.8.1 of <xref ta The RS <bcp14>MUST</bcp14> follow the procedures defined in <xref targ
rget="I-D.ietf-ace-oauth-authz" format="default"/>: the RS must verify the valid et="RFC9200" sectionFormat="of" section="5.8.1"/>: the RS must verify the validi
ity of the token. If the token is valid, the RS must respond to the POST request ty of the token. If the token is valid, the RS must respond to the POST request
with 2.01 (Created). If the token is valid but is associated to claims that the with 2.01 (Created).
RS cannot process (e.g., an unknown scope), or if any of the expected parameter If the token is valid but is associated to claims that the RS cannot pr
s is missing (e.g., any of the mandatory parameters from the AS or the identifie ocess (e.g., an unknown scope), or if any of the expected parameters are missing
r <tt>id1</tt>), or if any parameters received in the <tt>osc</tt> field is unre (e.g., any of the mandatory parameters from the AS or the identifier ID1), or i
cognized, the RS must respond with an error response code equivalent to the CoAP f any parameters received in the <tt>osc</tt> field are unrecognized, the RS mus
code 4.00 (Bad Request). In the latter two cases, the RS may provide additional t respond with an error response code equivalent to the CoAP code 4.00 (Bad Requ
information in the error response, in order to clarify what went wrong. est). In the latter two cases, the RS may provide additional information in the
The RS may make an introspection request (see Section 5.9.1 of <xref t error response, in order to clarify what went wrong.
arget="I-D.ietf-ace-oauth-authz" format="default"/>) to validate the token befor The RS may make an introspection request (see <xref target="RFC9200" s
e responding to the POST request to the authz-info endpoint. ectionFormat="of" section="5.9.1"/>) to validate the token before responding to
</t> the POST request to the authz-info endpoint.
<t>
Additionally, the RS MUST generate a nonce N2 very unlikely to have be
en previously used with the same input keying material, and its own Recipient ID
, ID2. The RS makes sure that ID2 does not collide with any of its Recipient IDs
. The RS MUST ensure that ID2 is different from the value received in the ace_cl
ient_recipientid parameter. The RS sends N2 and ID2 within the 2.01 (Created) re
sponse. The payload of the 2.01 (Created) response MUST be a CBOR map containing
the <tt>nonce2</tt> parameter defined in <xref target="nonce2" format="default"
/>, set to N2, and the <tt>ace_server_recipientid</tt> parameter defined in <xre
f target="id2" format="default"/>, set to ID2. This profile RECOMMENDS using a 6
4-bit long random number as the nonce's value. The RS MUST use the Content-Forma
t "application/ace+cbor" defined in section 8.14 of <xref target="I-D.ietf-ace-o
auth-authz" format="default"/>.
</t> </t>
<!--
<t> <t>
Note that, when using this profile, an identifier of the token (e Additionally, the RS <bcp14>MUST</bcp14> generate a nonce N2 that is v
.g., the cti for a CWT) is not transported in the payload of this request, as se ery unlikely to have been previously used with the same input keying material an
ction 5.8.1 of <xref target="I-D.ietf-ace-oauth-authz"/> allows. d its own Recipient ID, ID2. The RS makes sure that ID2 does not collide with an
</t> y of its Recipient IDs. The RS <bcp14>MUST</bcp14> ensure that ID2 is different
from the value received in the <tt>ace_client_recipientid</tt> parameter. The RS
sends N2 and ID2 within the 2.01 (Created) response. The payload of the 2.01 (C
reated) response <bcp14>MUST</bcp14> be a CBOR map containing the <tt>nonce2</tt
> parameter defined in <xref target="nonce2" format="default"/>, set to N2, and
the <tt>ace_server_recipientid</tt> parameter defined in <xref target="id2" form
at="default"/>, set to ID2. The use of a 64-bit long random number as the nonce'
s value is <bcp14>RECOMMENDED</bcp14> in this profile.
The RS <bcp14>MUST</bcp14> use the Content-Format application/ace+cbor
defined in <xref target="RFC9200" sectionFormat="of" section="8.16"/>.
</t>
<t> <t>
<xref target="ex4" format="default"/> shows an example of the response sent from the RS to the client. <xref target="ex4" format="default"/> shows an example of the response sent from the RS to the client.
</t> </t>
<figure anchor="ex4"> <figure anchor="ex4">
<name>Example RS-to-C 2.01 (Created) response</name> <name>Example RS-to-C 2.01 (Created) Response</name>
<artwork name="" type="" align="left" alt=""><![CDATA[ <sourcecode name="" type="cbor-diag"><![CDATA[
Header: Created (Code=2.01) Header: Created (Code=2.01)
Content-Format: "application/ace+cbor" Content-Format: application/ace+cbor
Payload: Payload:
{ {
"nonce2": h'25a8991cd700ac01', / nonce2 / 42 : h'25a8991cd700ac01',
"ace_server_recipientid" : h'0000' / ace_server_recipientid / 44 : h'0000'
} }
]]></sourcecode>
]]></artwork>
</figure> </figure>
<t> <t>
As specified in section 5.8.3 of <xref target="I-D.ietf-ace-oauth-auth z" format="default"/>, the RS must notify the client with an error response with code 4.01 (Unauthorized) for any long running request before terminating the se ssion, when the access token expires. As specified in <xref target="RFC9200" sectionFormat="of" section="5.8 .3"/>, the RS must notify the client with an error response with code 4.01 (Unau thorized) for any long running request before terminating the session, when the access token expires.
</t> </t>
<t> <t>
If the RS receives the token in a OSCORE protected message, it means t hat the client is requesting an update of access rights. The RS MUST ignore any nonce and identifiers in the request, if any was sent. The RS MUST check that th e "kid" of the <tt>cnf</tt> claim of the new access token matches the identifier of the OSCORE Input Material of the context used to protect the message. If tha t is the case, the RS MUST overwrite the old token and associate the new token t o the Security Context identified by the "kid" value in the <tt>cnf</tt> claim. The RS MUST respond with a 2.01 (Created) response protected with the same Secur ity Context, with no payload. If any verification fails, the RS MUST respond wit h a 4.01 (Unauthorized) error response. If the RS receives the token in an OSCORE-protected message, it means that the client is requesting an update of access rights. The RS <bcp14>MUST</bc p14> ignore any nonce and identifiers in the request, if any were sent. The RS < bcp14>MUST</bcp14> check that the <tt>kid</tt> of the <tt>cnf</tt> claim of the new access token matches the identifier of the OSCORE Input Material of the cont ext used to protect the message. If that is the case, the RS <bcp14>MUST</bcp14> overwrite the old token and associate the new token to the security context ide ntified by the <tt>kid</tt> value in the <tt>cnf</tt> claim. The RS <bcp14>MUST< /bcp14> respond with a 2.01 (Created) response protected with the same security context, with no payload. If any verification fails, the RS <bcp14>MUST</bcp14> respond with a 4.01 (Unauthorized) error response.
</t> </t>
<t> <t>
As specified in section 5.8.1 of <xref target="I-D.ietf-ace-oauth-auth z" format="default"/>, when receiving an updated access token with updated autho rization information from the client (see <xref target="c-as" format="default"/> ), it is recommended that the RS overwrites the previous token, that is only the latest authorization information in the token received by the RS is valid. This simplifies the process needed by the RS to keep track of authorization informat ion for a given client. As specified in <xref target="RFC9200" sectionFormat="of" section="5.8 .1"/>, when receiving an updated access token with updated authorization informa tion from the client (see <xref target="c-as" format="default"/>), it is recomme nded that the RS overwrites the previous token; that is, only the latest authori zation information in the token received by the RS is valid. This simplifies the process needed by the RS to keep track of authorization information for a given client.
</t> </t>
<section anchor="nonce2" numbered="true" toc="default"> <section anchor="nonce2" numbered="true" toc="default">
<name>The Nonce 2 Parameter</name> <name>The Nonce 2 Parameter</name>
<t> <t>
This parameter MUST be sent from the RS to the client if the ace pr The <tt>nonce2</tt> parameter <bcp14>MUST</bcp14> be sent from the
ofile used is coap_oscore, and the message is not a response to an update of acc RS to the client if the ACE profile used is <tt>coap_oscore</tt> and the message
ess rights, protected with an existing OSCORE Security Context. The parameter is is not a response to an update of access rights, protected with an existing OSC
encoded as a byte string for ORE security context. The parameter is encoded as a byte string for
CBOR-based interactions, and as a string (Base64 encoded binary) for CBOR-based interactions and as a string (base64-encoded binary) for
JSON-based interactions. This parameter is registered in <xref target="iana-n onces-ids" format="default"/> JSON-based interactions. This parameter is registered in <xref target="iana-n onces-ids" format="default"/>
</t> </t>
</section> </section>
<section anchor="id2" numbered="true" toc="default"> <section anchor="id2" numbered="true" toc="default">
<name>The ace_server_recipientid Parameter</name> <name>The ace_server_recipientid Parameter</name>
<t> <t>
This parameter MUST be sent from the RS to the client if the ace pr The <tt>ace_server_recipientid</tt> parameter <bcp14>MUST</bcp14> b
ofile used is coap_oscore, and the message is not a response to an update of acc e sent from the RS to the client if the ACE profile used is <tt>coap_oscore</tt>
ess rights, protected with an existing OSCORE Security Context. The parameter is and the message is not a response to an update of access rights, protected with
encoded as a byte string for an existing OSCORE security context. The parameter is encoded as a byte string
CBOR-based interactions, and as a string (Base64 encoded binary) for for
CBOR-based interactions and as a string (base64-encoded binary) for
JSON-based interactions. This parameter is registered in <xref target="iana-n onces-ids" format="default"/> JSON-based interactions. This parameter is registered in <xref target="iana-n onces-ids" format="default"/>
</t> </t>
</section> </section>
</section> </section>
<section anchor="oscore-setup" numbered="true" toc="default"> <section anchor="oscore-setup" numbered="true" toc="default">
<name>OSCORE Setup</name> <name>OSCORE Setup</name>
<t> <t>
Once the 2.01 (Created) response is received from the RS, following th e POST request to authz-info endpoint, the client MUST extract the bstr nonce N2 from the <tt>nonce2</tt> parameter in the CBOR map in the payload of the respon se. Then, the client MUST set the Master Salt of the Security Context created to communicate with the RS to the concatenation of salt, N1, and N2, in this order : Master Salt = salt | N1 | N2, where | denotes byte string concatenation, where salt is the CBOR byte string received from the AS in <xref target="as-c" format ="default"/>, and where N1 and N2 are the two nonces encoded as CBOR byte string s. An example of Master Salt construction using CBOR encoding is given in <xref target="ms-ex" format="default"/>. Once the 2.01 (Created) response is received from the RS, following th e POST request to authz-info endpoint, the client <bcp14>MUST</bcp14> extract th e bstr nonce N2 from the <tt>nonce2</tt> parameter in the CBOR map in the payloa d of the response. Then, the client <bcp14>MUST</bcp14> set the Master Salt of t he security context created to communicate with the RS to the concatenation of s alt, N1, and N2 in this order: Master Salt = salt | N1 | N2, where | denotes byt e string concatenation, salt is the CBOR byte string received from the AS in <xr ef target="as-c" format="default"/>, and N1 and N2 are the two nonces encoded as CBOR byte strings. An example of Master Salt construction using CBOR encoding is given in <xref target="ms-ex" format="default"/>.
</t> </t>
<figure anchor="ms-ex"> <figure anchor="ms-ex">
<name>Example of Master Salt construction using CBOR encoding</name> <name>Example of Master Salt Construction Using CBOR Encoding</name>
<artwork name="" type="" align="left" alt=""><![CDATA[ <sourcecode name="" type=""><![CDATA[
N1, N2 and input salt expressed in CBOR diagnostic notation: N1, N2, and input salt expressed in CBOR diagnostic notation:
nonce1 = h'018a278f7faab55a' nonce1 = h'018a278f7faab55a'
nonce2 = h'25a8991cd700ac01' nonce2 = h'25a8991cd700ac01'
input salt = h'f9af838368e353e78888e1426bd94e6f' input salt = h'f9af838368e353e78888e1426bd94e6f'
N1, N2 and input salt as CBOR encoded byte strings: N1, N2, and input salt as CBOR encoded byte strings:
nonce1 = 0x48018a278f7faab55a nonce1 = 0x48018a278f7faab55a
nonce2 = 0x4825a8991cd700ac01 nonce2 = 0x4825a8991cd700ac01
input salt = 0x50f9af838368e353e78888e1426bd94e6f input salt = 0x50f9af838368e353e78888e1426bd94e6f
Master Salt = 0x50 f9af838368e353e78888e1426bd94e6f Master Salt = 0x50 f9af838368e353e78888e1426bd94e6f
48 018a278f7faab55a 48 25a8991cd700ac01 48 018a278f7faab55a 48 25a8991cd700ac01
]]></sourcecode>
]]></artwork>
</figure> </figure>
<t> <t>
If JSON is used instead of CBOR, the Master Salt of the Security Conte xt is the Base64 encoding of the concatenation of the same parameters, each of t hem prefixed by their size, encoded in 1 byte. When using JSON, the nonces and i nput salt have a maximum size of 255 bytes. An example of Master Salt constructi on using Base64 encoding is given in <xref target="ms-ex-2" format="default"/>. If JSON is used instead of CBOR, the Master Salt of the security conte xt is the base64 encoding of the concatenation of the same parameters, each of t hem prefixed by their size, encoded in 1 byte. When using JSON, the nonces and i nput salt have a maximum size of 255 bytes. An example of Master Salt constructi on using base64 encoding is given in <xref target="ms-ex-2" format="default"/>.
</t> </t>
<figure anchor="ms-ex-2"> <figure anchor="ms-ex-2">
<name>Example of Master Salt construction using Base64 encoding</name> <name>Example of Master Salt Construction Using Base64 Encoding</name>
<artwork name="" type="" align="left" alt=""><![CDATA[
N1, N2 and input salt values: <sourcecode name="" type=""><![CDATA[
N1, N2, and input salt values:
nonce1 = 0x018a278f7faab55a (8 bytes) nonce1 = 0x018a278f7faab55a (8 bytes)
nonce2 = 0x25a8991cd700ac01 (8 bytes) nonce2 = 0x25a8991cd700ac01 (8 bytes)
input salt = 0xf9af838368e353e78888e1426bd94e6f (16 bytes) input salt = 0xf9af838368e353e78888e1426bd94e6f (16 bytes)
Input to Base64 encoding: 0x10 f9af838368e353e78888e1426bd94e6f Input to base64 encoding: 0x10 f9af838368e353e78888e1426bd94e6f
08 018a278f7faab55a 08 25a8991cd700ac01 08 018a278f7faab55a 08 25a8991cd700ac01
Master Salt = b64'EPmvg4No41PniIjhQmvZTm8IAYonj3+qtVoIJaiZHNcArAE=' Master Salt = b64'EPmvg4No41PniIjhQmvZTm8IAYonj3+qtVoIJaiZHNcArAE='
]]></sourcecode>
]]></artwork>
</figure> </figure>
<t> <t>
The client MUST set the Sender ID to the ace_server_recipientid recei ved in <xref target="rs-c" format="default"/>, and the Recipient ID to the ace_c lient_recipientid sent in <xref target="c-rs" format="default"/>. The client MUS T set the Master Secret from the parameter received from the AS in <xref target= "as-c" format="default"/>. The client MUST set the AEAD Algorithm, ID Context, H KDF, and OSCORE Version from the parameters received from the AS in <xref target ="as-c" format="default"/>, if present. In case an optional parameter is omitted , the default value SHALL be used as described in sections 3.2 and 5.4 of <xref target="RFC8613" format="default"/>. After that, the client MUST derive the comp lete Security Context following section 3.2.1 of <xref target="RFC8613" format=" default"/>. From this point on, the client MUST use this Security Context to com municate with the RS when accessing the resources as specified by the authorizat ion information. The client <bcp14>MUST</bcp14> set the Sender ID to the <tt>ace_serve r_recipientid</tt> received in <xref target="rs-c" format="default"/> and set th e Recipient ID to the <tt>ace_client_recipientid</tt> sent in <xref target="c-rs " format="default"/>. The client <bcp14>MUST</bcp14> set the Master Secret from the parameter received from the AS in <xref target="as-c" format="default"/>. Th e client <bcp14>MUST</bcp14> set the AEAD algorithm, ID Context, HKDF, and OSCOR E version from the parameters received from the AS in <xref target="as-c" format ="default"/>, if present. In case an optional parameter is omitted, the default value <bcp14>SHALL</bcp14> be used as described in Sections <xref target="RFC861 3" sectionFormat="bare" section="3.2"/> and <xref target="RFC8613" sectionFormat ="bare" section="5.4"/> of <xref target="RFC8613" format="default"/>. After that , the client <bcp14>MUST</bcp14> derive the complete security context following <xref target="RFC8613" sectionFormat="of" section="3.2.1"/>. From this point on, the client <bcp14>MUST</bcp14> use this security context to communicate with th e RS when accessing the resources as specified by the authorization information.
</t> </t>
<t> <t>
If any of the expected parameters is missing (e.g., any of the mandato ry parameters from the AS or the RS), or if ace_client_recipientid equals ace_se rver_recipientid (and as a consequence the Sender and Recipient Keys derived wou ld be equal, see section 3.3 of <xref target="RFC8613" format="default"/>), the n the client MUST stop the exchange, and MUST NOT derive the Security Context. T he client MAY restart the exchange, to get the correct security material. If any of the expected parameters are missing (e.g., any of the mandat ory parameters from the AS or the RS), or if <tt>ace_client_recipientid</tt> equ als <tt>ace_server_recipientid</tt> (and as a consequence, the Sender and Recipi ent Keys derived would be equal; see <xref target="RFC8613" sectionFormat="of" s ection="3.3"/>), then the client <bcp14>MUST</bcp14> stop the exchange and <bcp1 4>MUST NOT</bcp14> derive the security context. The client <bcp14>MAY</bcp14> re start the exchange, to get the correct security material.
</t> </t>
<t> <t>
The client then uses this Security Context to send requests to the RS using OSCORE. The client then uses this security context to send requests to the RS using OSCORE.
</t> </t>
<t> <t>
After sending the 2.01 (Created) response, the RS MUST set the Master Salt of the Security Context created to communicate with the client to the conca tenation of salt, N1, and N2, in the same way described above. An example of Mas ter Salt construction using CBOR encoding is given in <xref target="ms-ex" forma t="default"/> and using Base64 encoding is given in <xref target="ms-ex-2" forma t="default"/>. The RS MUST set the Sender ID from the ace_client_recipientid rec eived in <xref target="c-rs" format="default"/>, and the Recipient ID from the a ce_server_recipientid sent in <xref target="rs-c" format="default"/>. The RS MUS T set the Master Secret from the parameter received from the AS and forwarded by the client in the access token in <xref target="c-rs" format="default"/> after validation of the token as specified in <xref target="rs-c" format="default"/>. The RS MUST set the AEAD Algorithm, ID Context, HKDF, and OSCORE Version from th e parameters received from the AS and forwarded by the client in the access toke n in <xref target="c-rs" format="default"/> after validation of the token as spe cified in <xref target="rs-c" format="default"/>, if present. In case an optiona l parameter is omitted, the default value SHALL be used as described in sections 3.2 and 5.4 of <xref target="RFC8613" format="default"/>. After that, the RS MU ST derive the complete Security Context following section 3.2.1 of <xref target= "RFC8613" format="default"/>, and MUST associate this Security Context with the authorization information from the access token. After sending the 2.01 (Created) response, the RS <bcp14>MUST</bcp14> set the Master Salt of the security context created to communicate with the clie nt to the concatenation of salt, N1, and N2 in the same way described above. An example of Master Salt construction using CBOR encoding is given in <xref target ="ms-ex" format="default"/> and using base64 encoding is given in <xref target=" ms-ex-2" format="default"/>. The RS <bcp14>MUST</bcp14> set the Sender ID from t he <tt>ace_client_recipientid</tt> received in <xref target="c-rs" format="defau lt"/> and set the Recipient ID from the <tt>ace_server_recipientid</tt> sent in <xref target="rs-c" format="default"/>. The RS <bcp14>MUST</bcp14> set the Maste r Secret from the parameter received from the AS and forwarded by the client in the access token in <xref target="c-rs" format="default"/> after validation of t he token as specified in <xref target="rs-c" format="default"/>. The RS <bcp14>M UST</bcp14> set the AEAD algorithm, ID Context, HKDF, and OSCORE version from th e parameters received from the AS and forwarded by the client in the access toke n in <xref target="c-rs" format="default"/> after validation of the token as spe cified in <xref target="rs-c" format="default"/>, if present. In case an optiona l parameter is omitted, the default value <bcp14>SHALL</bcp14> be used as descri bed in Sections <xref target="RFC8613" sectionFormat="bare" section="3.2"/> and <xref target="RFC8613" sectionFormat="bare" section="5.4"/> of <xref target="RFC 8613" format="default"/>. After that, the RS <bcp14>MUST</bcp14> derive the comp lete security context following <xref target="RFC8613" sectionFormat="of" sectio n="3.2.1"/> and <bcp14>MUST</bcp14> associate this security context with the aut horization information from the access token.
</t> </t>
<t> <t>
The RS then uses this Security Context to verify requests and send res The RS then uses this security context to verify requests and send res
ponses to the client using OSCORE. If OSCORE verification fails, error responses ponses to the client using OSCORE. If OSCORE verification fails, error responses
are used, as specified in section 8 of <xref target="RFC8613" format="default"/ are used, as specified in <xref target="RFC8613" sectionFormat="of" section="8"
>. Additionally, if OSCORE verification succeeds, the verification of access rig />. Additionally, if OSCORE verification succeeds, the verification of access ri
hts is performed as described in section <xref target="tok-ver" format="default" ghts is performed as described in <xref target="tok-ver" format="default"/>. The
/>. The RS MUST NOT use the Security Context after the related token has expired RS <bcp14>MUST NOT</bcp14> use the security context after the related token has
, and MUST respond with a unprotected 4.01 (Unauthorized) error message to expired and <bcp14>MUST</bcp14> respond with an unprotected 4.01 (Unauthorized)
requests received that correspond to a Security Context with an expired error message to
requests received that correspond to a security context with an expired
token. token.
</t> </t>
<t> <t>
Note that the ID Context can be assigned by the AS, communicated and s Note that the ID Context can be assigned by the AS, communicated and s
et in both the RS and client after the exchange specified in this profile is exe et in both the RS and client after the exchange specified in this profile is exe
cuted. Subsequently, client and RS can update their ID Context by running a mech cuted. Subsequently, the client and RS can update their ID Context by running a
anism such as the one defined in Appendix B.2 of <xref target="RFC8613" format=" mechanism such as the one defined in <xref target="RFC8613" sectionFormat="of" s
default"/> if they both support it and are configured to do so. In that case, th ection="B.2"/> if they both support it and are configured to do so. In that case
e ID Context in the OSCORE Security Context will not match the "contextId" param , the ID Context in the OSCORE security context will not match the <tt>contextId
eter of the corresponding OSCORE_Input_Material. </tt> parameter of the corresponding OSCORE_Input_Material. Running Appendix <xr
Running Appendix B.2 results in the keying material in the Security Co ef target="RFC8613" sectionFormat="bare" section="B.2"/> results in the keying m
ntexts of client and RS being updated; this same result can also be achieved by aterial being updated in the security contexts of the client and RS; this same r
the client reposting the access token to the unprotected /authz-info endpoint at esult can also be achieved by the client reposting the access token to the unpro
the RS, as described in <xref target="c-rs" format="default"/>, but without upd tected /authz-info endpoint at the RS, as described in <xref target="c-rs" forma
ating the ID Context. t="default"/>, but without updating the ID Context.
</t> </t>
</section> </section>
<section anchor="tok-ver" numbered="true" toc="default"> <section anchor="tok-ver" numbered="true" toc="default">
<name>Access rights verification</name> <name>Access Rights Verification</name>
<t> <t>
The RS MUST follow the procedures defined in section 5.8.2 of <xref ta The RS <bcp14>MUST</bcp14> follow the procedures defined in <xref targ
rget="I-D.ietf-ace-oauth-authz" format="default"/>: if an RS receives an OSCORE- et="RFC9200" sectionFormat="of" section="5.8.2"/>: if an RS receives an OSCORE-p
protected request from a client, then the RS processes it according to <xref tar rotected request from a client, then the RS processes it according to <xref targ
get="RFC8613" format="default"/>. If OSCORE verification succeeds, and the targe et="RFC8613" format="default"/>. If OSCORE verification succeeds, and the target
t resource resource
requires authorization, the RS retrieves the authorization information requires authorization, the RS retrieves the authorization information
using the access token associated to the Security Context. The RS then must ver using the access token associated to the security context. The RS then must ver
ify that the authorization information covers the resource and the action reques ify that the authorization information covers the resource and the action reques
ted. ted.
</t> </t>
</section> </section>
</section> </section>
<section anchor="introsp" numbered="true" toc="default"> <section anchor="introsp" numbered="true" toc="default">
<name>Secure Communication with AS</name> <name>Secure Communication with AS</name>
<t> <t>
As specified in the ACE framework (section 5.9 of <xref target="I-D.ietf -ace-oauth-authz" format="default"/>), the requesting entity (RS and/or client) and the AS communicates via the introspection or token endpoint. The use of CoAP and OSCORE (<xref target="RFC8613" format="default"/>) for this communication i s RECOMMENDED in this profile; other protocols fulfilling the security requireme nts defined in section 5 of <xref target="I-D.ietf-ace-oauth-authz" format="defa ult"/> (such as HTTP and DTLS or TLS) MAY be used instead. As specified in the ACE framework (<xref target="RFC9200" sectionFormat= "of" section="5.9"/>), the requesting entity (RS and/or client) and the AS commu nicates via the introspection or token endpoint. The use of CoAP and OSCORE <xre f target="RFC8613" format="default"/> for this communication is <bcp14>RECOMMEND ED</bcp14> in this profile; other protocols fulfilling the security requirements defined in <xref target="RFC9200" sectionFormat="of" section="5"/> (such as HTT P and DTLS or TLS) <bcp14>MAY</bcp14> be used instead.
</t> </t>
<t> <t>
If OSCORE is used, the requesting entity and the AS are expected to have pre-established security contexts in place. How these security contexts are es tablished is out of scope for this profile. Furthermore the requesting entity a nd the AS communicate through the introspection endpoint as specified in section 5.9 of <xref target="I-D.ietf-ace-oauth-authz" format="default"/> and through t he token endpoint as specified in section 5.8 of <xref target="I-D.ietf-ace-oaut h-authz" format="default"/>. If OSCORE is used, the requesting entity and the AS are expected to have preestablished security contexts in place. How these security contexts are est ablished is out of scope for this profile. Furthermore, the requesting entity a nd the AS communicate through the introspection endpoint as specified in <xref t arget="RFC9200" sectionFormat="of" section="5.9"/> and through the token endpoin t as specified in <xref target="RFC9200" sectionFormat="of" section="5.8"/>.
</t> </t>
</section> </section>
<section anchor="sec-ctx-discard" numbered="true" toc="default"> <section anchor="sec-ctx-discard" numbered="true" toc="default">
<name>Discarding the Security Context</name> <name>Discarding the Security Context</name>
<t> <t>
There are a number of scenarios where a client or RS needs to discard th e OSCORE security context, and acquire a new one. There are a number of scenarios where a client or RS needs to discard th e OSCORE security context and acquire a new one.
</t> </t>
<t> <t>
The client MUST discard the current Security Context associated with an RS when any of the following occurs: The client <bcp14>MUST</bcp14> discard the current security context asso ciated with an RS when any of the following occurs:
</t> </t>
<ul spacing="normal"> <ul spacing="normal">
<li> the Sequence Number space ends. </li> <li> the sequence number space ends. </li>
<li> the access token associated with the context becomes invalid due to , for example, expiration. </li> <li> the access token associated with the context becomes invalid due to , for example, expiration. </li>
<li> the client receives a number of 4.01 Unauthorized responses to OSCO <li> the client receives a number of 4.01 Unauthorized responses to OSCO
RE requests using the same Security Context. The exact number needs to be specif RE requests using the same security context. The exact number needs to be specif
ied by the application. </li> ied by the application. </li>
<li> the client receives a new nonce in the 2.01 (Created) response (see <li> the client receives a new nonce in the 2.01 (Created) response (see
<xref target="rs-c" format="default"/>) to a POST request to the authz-info end <xref target="rs-c" format="default"/>) to a POST request to the authz-info end
point, when re-posting a (non-expired) token associated to the existing context. point, when reposting a (non-expired) token associated to the existing context.
</li> </li>
</ul> </ul>
<t> <t>
The RS MUST discard the current Security Context associated with a clien t when any of the following occurs: The RS <bcp14>MUST</bcp14> discard the current security context associat ed with a client when any of the following occurs:
</t> </t>
<ul spacing="normal"> <ul spacing="normal">
<li> the Sequence Number space ends. </li> <li> the sequence number space ends. </li>
<li> the access token associated with the context expires. </li> <li> the access token associated with the context expires. </li>
<li> the client has successfully replaced the current security context w ith a newer one by posting an access token to the unprotected /authz-info endpoi nt at the RS, e.g., by re-posting the same token, as specified in <xref target=" c-rs" format="default"/>.</li> <li> the client has successfully replaced the current security context w ith a newer one by posting an access token to the unprotected /authz-info endpoi nt at the RS, e.g., by reposting the same token, as specified in <xref target="c -rs" format="default"/>.</li>
</ul> </ul>
<t> <t>
Whenever one more access token is successfully posted to the RS, and a n ew Security Context is derived between the client and RS, messages in transit th at were protected with the previous Security Context might not pass verification , as the old context is discarded. That means that messages sent shortly before the client posts one more access token to the RS might not successfully reach th e destination. Analogously, implementations may want to cancel CoAP observations at the RS registered before the Security Context is replaced, or conversely the y will need to implement a mechanism to ensure that those observations are to be protected with the newly derived Security Context. Whenever one more access token is successfully posted to the RS, and a n ew security context is derived between the client and RS, messages in transit th at were protected with the previous security context might not pass verification , as the old context is discarded. That means that messages sent shortly before the client posts one more access tokens to the RS might not successfully reach t he destination. Analogously, implementations may want to cancel CoAP observation s at the RS registered before the security context is replaced, or conversely, t hey will need to implement a mechanism to ensure that those observations are to be protected with the newly derived security context.
</t> </t>
</section> </section>
<section anchor="sec-cons" numbered="true" toc="default"> <section anchor="sec-cons" numbered="true" toc="default">
<name>Security Considerations</name> <name>Security Considerations</name>
<t> <t>
This document specifies a profile for the Authentication and This document specifies a profile for the ACE framework
Authorization for Constrained Environments (ACE) framework <xref target="RFC9200" format="default"/>. Thus, the general security
<xref target="I-D.ietf-ace-oauth-authz" format="default"/>. Thus the ge
neral security
considerations from the framework also apply to this profile. considerations from the framework also apply to this profile.
</t> </t>
<t> <t>
Furthermore the general security considerations of OSCORE <xref target=" RFC8613" format="default"/> also apply to this specific Furthermore, the general security considerations of OSCORE <xref target= "RFC8613" format="default"/> also apply to this specific
use of the OSCORE protocol. use of the OSCORE protocol.
</t> </t>
<t> <t>
As previously stated, the proof-of-possession in this profile is perform ed by both parties verifying that they have established the same Security Contex t, as specified in <xref target="oscore-setup" format="default"/>, which means t hat both the OSCORE request and the OSCORE response passes verification. As previously stated, the proof of possession in this profile is perform ed by both parties verifying that they have established the same security contex t, as specified in <xref target="oscore-setup" format="default"/>, which means t hat both the OSCORE request and the OSCORE response passes verification.
RS authentication requires both that the client trusts the AS and that t he OSCORE response from the RS passes verification. RS authentication requires both that the client trusts the AS and that t he OSCORE response from the RS passes verification.
</t> </t>
<t> <t>
OSCORE is designed to secure point-to-point communication, OSCORE is designed to secure point-to-point communication,
providing a secure binding between the request and the response(s). providing a secure binding between the request and the response(s).
Thus the basic OSCORE protocol is not intended for use in Thus, the basic OSCORE protocol is not intended for use in
point-to-multipoint communication (e.g., multicast, publish-subscribe). point-to-multipoint communication (e.g., multicast, publish-subscribe).
Implementers of this profile should make sure that their use case Implementers of this profile should make sure that their use case
corresponds to the expected use of OSCORE, to prevent weakening the corresponds to the expected use of OSCORE, to prevent weakening the
security assurances provided by OSCORE. security assurances provided by OSCORE.
</t> </t>
<t> <t>
Since the use of nonces N1 and N2 during the exchange guarantees uniquen Since the use of nonces N1 and N2 during the exchange guarantees uniquen
ess of AEAD keys and nonces, it is REQUIRED that the exchanged nonces are not re ess of AEAD keys and nonces, it is <bcp14>REQUIRED</bcp14> that the exchanged no
used with the same input keying material even in case of re-boots. This document nces are not reused with the same input keying material even in case of reboots.
RECOMMENDS the exchange of 64 bit random nonces. Considering the birthday parad The exchange of 64-bit random nonces is <bcp14>RECOMMENDED</bcp14> in this docu
ox, the average collision for each nonce will happen after 2^32 messages, which ment. Considering the birthday paradox, the average collision for each nonce wi
is considerably more token provisioned than would be expected for intended appli ll happen after 2<sup>32</sup> messages, which is considerably more token provis
cations. If applications use something else, such as a counter, they need to gua ionings than would be expected for intended applications. If applications use so
rantee that reboot and loss of state on either node does not provoke reuse. mething else, such as a counter, they need to guarantee that reboot and loss of
If that is not guaranteed, nodes are susceptible to reuse of AEAD (nonce state on either node does not provoke reuse.
, key) pairs, especially since an on-path attacker can cause the use of a previo If that is not guaranteed, nodes are susceptible to reuse of AEAD (nonce
usly exchanged client nonce N1 for Security Context establishment by replaying t , key) pairs, especially since an on-path attacker can cause the use of a previo
he corresponding client-to-server message. usly exchanged client nonce N1 for security context establishment by replaying t
he corresponding client-to-server message.
</t> </t>
<t> <t>
This profile RECOMMENDS that the RS maintains a single access token for each client. The use of multiple access tokens for a single client increases the strain on the resource server as it must consider every access token and calcul ate the actual permissions of the client. Also, tokens indicating different or d isjoint permissions from each other may lead the server to enforce wrong permiss ions. If one of the access tokens expires earlier than others, the resulting per missions may offer insufficient protection. Developers SHOULD avoid using multip le access tokens for a same client. In this profile, it is <bcp14>RECOMMENDED</bcp14> that the RS maintains a single access token for each client. The use of multiple access tokens for a s ingle client increases the strain on the resource server as it must consider eve ry access token and calculate the actual permissions of the client. Also, tokens indicating different or disjoint permissions from each other may lead the serve r to enforce wrong permissions. If one of the access tokens expires earlier than others, the resulting permissions may offer insufficient protection. Developers <bcp14>SHOULD</bcp14> avoid using multiple access tokens for the same client.
</t> </t>
<t> <t>
If a single OSCORE Input Material is used with multiple RSs, the RSs can impersonate the client to one of the other RS, and impersonate another RS to th e client. If a master secret is used with several clients, the clients can imper sonate RS to one of the other clients. Similarly if symmetric keys are used to i ntegrity protect the token between AS and RS and the token can be used with mult iple RSs, the RSs can impersonate AS to one of the other RS. If the token key is used for any other communication between the RSs and AS, the RSs can impersonat e each other to the AS. If a single OSCORE Input Material is used with multiple RSs, the RSs can impersonate the client to one of the other RSs and impersonate another RS to th e client. If a Master Secret is used with several clients, the clients can imper sonate RS to one of the other clients. Similarly, if symmetric keys are used to integrity protect the token between AS and RS and the token can be used with mul tiple RSs, the RSs can impersonate AS to one of the other RSs. If the token key is used for any other communication between the RSs and AS, the RSs can imperson ate each other to the AS.
</t> </t>
</section> </section>
<section numbered="true" toc="default"> <section numbered="true" toc="default">
<name>Privacy Considerations</name> <name>Privacy Considerations</name>
<t> <t>
This document specifies a profile for the Authentication and This document specifies a profile for the ACE framework
Authorization for Constrained Environments (ACE) framework <xref target="RFC9200" format="default"/>. Thus, the general privacy
<xref target="I-D.ietf-ace-oauth-authz" format="default"/>. Thus the ge
neral privacy
considerations from the framework also apply to this profile. considerations from the framework also apply to this profile.
</t> </t>
<t> <t>
As this document uses OSCORE, thus the privacy considerations from As this document uses OSCORE, the privacy considerations from
<xref target="RFC8613" format="default"/> apply here as well. <xref target="RFC8613" format="default"/> apply here as well.
</t> </t>
<t> <t>
An unprotected response to an unauthorized request may disclose informati on about the resource server and/or its existing relationship with the client. I t is advisable to include as little information as possible in an unencrypted re sponse. When an OSCORE Security Context already exists between the client and th e resource server, more detailed information may be included. An unprotected response to an unauthorized request may disclose informati on about the resource server and/or its existing relationship with the client. I t is advisable to include as little information as possible in an unencrypted re sponse. When an OSCORE security context already exists between the client and th e resource server, more detailed information may be included.
</t> </t>
<t> <t>
The token is sent in the clear to the authz-info endpoint, so if a clien t uses the same single token from multiple locations with multiple Resource Serv ers, it can risk being tracked by the token's value even when the access token i s encrypted. The token is sent in the clear to the authz-info endpoint, so if a clien t uses the same single token from multiple locations with multiple resource serv ers, it can risk being tracked by the token's value even when the access token i s encrypted.
</t> </t>
<t> <t>
The nonces exchanged in the request and response to the authz-info endpo int are also sent in the clear, so using random nonces is best for privacy (as o pposed to, e.g., a counter, that might leak some information about the client). The nonces exchanged in the request and response to the authz-info endpo int are also sent in the clear, so using random nonces is best for privacy (as o pposed to, e.g., a counter, which might leak some information about the client).
</t> </t>
<t> <t>
The identifiers used in OSCORE, negotiated between client and RS are pri vacy sensitive (see Section 12.8 of <xref target="RFC8613" format="default"/>), and could reveal information about the client, or may be used for correlating re quests from one client. The identifiers used in OSCORE, negotiated between the client and RS, ar e privacy sensitive (see <xref target="RFC8613" sectionFormat="of" section="12.8 "/>) and could reveal information about the client, or they may be used for corr elating requests from one client.
</t> </t>
<t> <t>
Note that some information might still leak after OSCORE is established, due to observable message sizes, the source, and the destination addresses. Note that some information might still leak after OSCORE is established, due to observable message sizes, the source, and the destination addresses.
</t> </t>
</section> </section>
<section numbered="true" toc="default"> <section numbered="true" toc="default">
<name>IANA Considerations</name> <name>IANA Considerations</name>
<t>Note to RFC Editor: Please replace all occurrences of "[[this document]
]"
with the RFC number of this document. Please add a reference to the IANA A
CE Profile registry in the nextt subsection once it has been created by IANA, an
d then delete this paragraph.</t>
<section numbered="true" toc="default"> <section numbered="true" toc="default">
<name>ACE Profile Registry</name> <name>ACE Profile Registry</name>
<t>The following registration is done for the ACE Profile <t>The following registration has been made in the "ACE Profiles"
Registry following the procedure specified in section 8.8 of <xref targe registry following the procedure specified in <xref target="RFC9200" sec
t="I-D.ietf-ace-oauth-authz" format="default"/>:</t> tionFormat="of" section="8.8"/>:</t>
<ul spacing="compact">
<li>Name: coap_oscore</li> <dl spacing="compact">
<li>Description: Profile for using OSCORE to secure communication <dt>Name:</dt><dd> coap_oscore</dd>
<dt>Description:</dt><dd>Profile for using OSCORE to secure communicat
ion
between constrained nodes using the Authentication and Authorization between constrained nodes using the Authentication and Authorization
for Constrained Environments framework.</li> for Constrained Environments framework.</dd>
<li>CBOR Value: TBD (value between 1 and 255)</li> <dt>CBOR Value:</dt><dd>2</dd>
<li>Reference: [[this document]]</li> <dt>Reference:</dt><dd>RFC 9203</dd>
</ul> </dl>
</section> </section>
<section anchor="iana-nonces-ids" numbered="true" toc="default"> <section anchor="iana-nonces-ids" numbered="true" toc="default">
<name>OAuth Parameters Registry</name> <name>OAuth Parameters Registry</name>
<t>The following registrations are done for the OAuth Parameters <t>The following registrations have been made in the "OAuth Parameters"
Registry <xref target="IANA.OAuthParameters" format="default"/> followin registry <xref target="IANA.OAuthParameters" format="default"/> followin
g the procedure specified in section 11.2 of <xref target="RFC6749" format="defa g the procedure specified in <xref target="RFC6749" sectionFormat="of" section="
ult"/>:</t> 11.2"/>:</t>
<ul spacing="compact">
<li>Parameter name: nonce1</li> <dl spacing="compact">
<li>Parameter usage location: client-rs request</li> <dt>Parameter name:</dt><dd>nonce1</dd>
<li>Change Controller: IESG</li> <dt>Parameter usage location:</dt><dd>client-rs request</dd>
<li>Specification Document(s): [[this document]]</li> <dt>Change Controller:</dt><dd>IETF</dd>
</ul> <dt>Specification Document(s):</dt><dd>RFC 9203</dd>
<ul spacing="compact"> </dl>
<li>Parameter name: nonce2</li> <dl spacing="compact">
<li>Parameter usage location: rs-client response</li> <dt>Parameter name:</dt><dd>nonce2</dd>
<li>Change Controller: IESG</li> <dt>Parameter usage location:</dt><dd>rs-client response</dd>
<li>Specification Document(s): [[this document]]</li> <dt>Change Controller:</dt><dd>IETF</dd>
</ul> <dt>Specification Document(s):</dt><dd>RFC 9203</dd>
<ul spacing="compact"> </dl>
<li>Parameter name: ace_client_recipientid</li> <dl spacing="compact">
<li>Parameter usage location: client-rs request</li> <dt>Parameter name:</dt><dd>ace_client_recipientid</dd>
<li>Change Controller: IESG</li> <dt>Parameter usage location:</dt><dd>client-rs request</dd>
<li>Specification Document(s): [[this document]]</li> <dt>Change Controller:</dt><dd>IETF</dd>
</ul> <dt>Specification Document(s):</dt><dd>RFC 9203</dd>
<ul spacing="compact"> </dl>
<li>Parameter name: ace_server_recipientid</li> <dl spacing="compact">
<li>Parameter usage location: rs-client response</li> <dt>Parameter name:</dt><dd>ace_server_recipientid</dd>
<li>Change Controller: IESG</li> <dt>Parameter usage location:</dt><dd>rs-client response</dd>
<li>Specification Document(s): [[this document]]</li> <dt>Change Controller:</dt><dd>IETF</dd>
</ul> <dt>Specification Document(s):</dt><dd>RFC 9203</dd>
</dl>
</section> </section>
<section numbered="true" toc="default"> <section numbered="true" toc="default">
<name>OAuth Parameters CBOR Mappings Registry</name> <name>OAuth Parameters CBOR Mappings Registry</name>
<t>The following registrations are done for the OAuth Parameters CBOR Ma <t>The following registrations have been made in the "OAuth Parameters C
ppings BOR Mappings"
Registry following the procedure specified in section 8.10 of <xref targ registry following the procedure specified in <xref target="RFC9200" sec
et="I-D.ietf-ace-oauth-authz" format="default"/>:</t> tionFormat="of" section="8.10"/>:</t>
<ul spacing="compact"> <dl spacing="compact" indent="12">
<li>Name: nonce1</li> <dt>Name:</dt><dd>nonce1</dd>
<li>CBOR Key: TBD1</li> <dt>CBOR Key:</dt><dd>40</dd>
<li>Value Type: bstr</li> <dt>Value Type:</dt><dd>bstr</dd>
<li>Reference: [[this document]]</li> <dt>Reference:</dt><dd>RFC 9203</dd>
</ul>
<ul spacing="compact"> </dl>
<li>Name: nonce2</li> <dl spacing="compact" indent="12">
<li>CBOR Key: TBD2</li> <dt>Name:</dt><dd>nonce2</dd>
<li>Value Type: bstr</li> <dt>CBOR Key:</dt><dd>42</dd>
<li>Reference: [[this document]]</li> <dt>Value Type:</dt><dd>bstr</dd>
</ul> <dt>Reference:</dt><dd>RFC 9203</dd>
<ul spacing="compact">
<li>Name: ace_client_recipientid</li> </dl>
<li>CBOR Key: TBD3</li> <dl spacing="compact" indent="12">
<li>Value Type: bstr</li> <dt>Name:</dt><dd>ace_client_recipientid</dd>
<li>Reference: [[this document]]</li> <dt>CBOR Key:</dt><dd>43</dd>
</ul> <dt>Value Type:</dt><dd>bstr</dd>
<ul spacing="compact"> <dt>Reference:</dt><dd>RFC 9203</dd>
<li>Name: ace_server_recipientid</li>
<li>CBOR Key: TBD4</li> </dl>
<li>Value Type: bstr</li> <dl spacing="compact" indent="12">
<li>Reference: [[this document]]</li> <dt>Name:</dt><dd>ace_server_recipientid</dd>
</ul> <dt>CBOR Key:</dt><dd>44</dd>
<dt>Value Type:</dt><dd>bstr</dd>
<dt>Reference:</dt><dd>RFC 9203</dd>
</dl>
</section> </section>
<section anchor="sec-ctx-params-reg" numbered="true" toc="default"> <section anchor="sec-ctx-params-reg" numbered="true" toc="default">
<name>OSCORE Security Context Parameters Registry</name> <name>OSCORE Security Context Parameters Registry</name>
<t> <t>
It is requested that IANA create a new registry entitled "OSCORE Secur IANA has created a new registry entitled "OSCORE Security Context Para
ity Context Parameters" registry. meters".
The registry is to be created as Expert Review Required. The registration procedure depends on the range of CBOR label values,
Guidelines for the experts is provided <xref target="review" format="d following <xref target="RFC8126" format="default"/>.
efault"/>. Guidelines for the experts are provided in <xref target="review" forma
It should be noted that in addition to the expert review, some portion t="default"/>.
s of the registry require a specification, potentially on standards track, be su
pplied as well.
</t> </t>
<t> <t>
The columns of the registry are: The columns of the registry are:
</t> </t>
<dl newline="false" spacing="compact"> <dl newline="false" spacing="normal">
<dt>name</dt> <dt>Name:</dt>
<dd> <dd>
The JSON name requested (e.g., "ms"). The JSON name requested (e.g., "ms").
Because a core goal of this document is for the resulting represen tations to be compact, it is RECOMMENDED that the name be short. Because a core goal of this document is for the resulting represen tations to be compact, it is <bcp14>RECOMMENDED</bcp14> that the name be short.
This name is case sensitive. This name is case sensitive.
Names may not match other registered names in a case-insensitive m anner unless the Designated Experts determine that there is a compelling reason to allow an exception. Names may not match other registered names in a case-insensitive m anner unless the designated experts determine that there is a compelling reason to allow an exception.
The name is not used in the CBOR encoding. The name is not used in the CBOR encoding.
</dd> </dd>
<dt>CBOR label</dt> <dt>CBOR Label:</dt>
<dd> <dd>
The value to be used to identify this algorithm. The value to be used to identify this name.
Map key labels MUST be unique. Map key labels <bcp14>MUST</bcp14> be unique.
The label can be a positive integer, a negative integer or a strin The label can be a positive integer, a negative integer, or a stri
g. ng.
Integer values between -256 and 255 and strings of length 1 are de Integer values between -256 and 255 and strings of length 1 are de
signated as Standards Track Document required. signated as Standards Track document required.
Integer values from -65536 to -257 and from 256 to 65535 and strin gs of length 2 are designated as Specification Required. Integer values from -65536 to -257 and from 256 to 65535 and strin gs of length 2 are designated as Specification Required.
Integer values greater than 65535 and strings of length greater th Integer values greater than 65535 and strings of length greater th
an 2 are designated as expert review. an 2 are designated as Expert Review.
Integer values less than -65536 are marked as private use. Integer values less than -65536 are marked as Private Use.
</dd> </dd>
<dt>CBOR Type</dt> <dt>CBOR Type:</dt>
<dd> <dd>
This field contains the CBOR type for the field. This field contains the CBOR type for the field.
</dd> </dd>
<dt>registry</dt> <dt>Registry:</dt>
<dd> <dd>
This field denotes the registry that values may come from, if one exists. This field denotes the registry that values may come from, if one exists.
</dd> </dd>
<dt>description</dt> <dt>Description:</dt>
<dd> <dd>
This field contains a brief description for the field. This field contains a brief description for the field.
</dd> </dd>
<dt>specification</dt> <dt>Reference:</dt>
<dd> <dd>
This contains a pointer to the public specification for the field if one exists This contains a pointer to the public specification for the field, if one exists.
</dd> </dd>
</dl> </dl>
<t> <t>
This registry will be initially populated by the values in <xref targe This registry has been initially populated by the values in <xref targ
t="key-labels" format="default"/>. et="key-labels" format="default"/>.
The specification column for all of these entries will be this documen
t and <xref target="RFC8613" format="default"/>. The Reference column for all of these entries is this document.
</t> </t>
</section> </section>
<section anchor="osc-cwt" numbered="true" toc="default"> <section anchor="osc-cwt" numbered="true" toc="default">
<name>CWT Confirmation Methods Registry</name> <name>CWT Confirmation Methods Registry</name>
<t>The following registration is done for the CWT Confirmation Methods R <t>The following registration has been made in the "CWT Confirmation Met
egistry <xref target="IANA.CWTConfirmationMethods" format="default"/> following hods" registry <xref target="IANA.CWTConfirmationMethods" format="default"/> fol
the procedure specified in section 7.2.1 of <xref target="RFC8747" format="defau lowing the procedure specified in <xref target="RFC8747" sectionFormat="of" sect
lt"/>:</t> ion="7.2.1"/>:</t>
<ul spacing="compact"> <dl spacing="compact">
<li>Confirmation Method Name: "osc"</li> <dt>Confirmation Method Name:</dt><dd>osc</dd>
<li>Confirmation Method Description: OSCORE_Input_Material carrying th <dt>Confirmation Method Description:</dt><dd>OSCORE_Input_Material car
e parameters for using OSCORE per-message security with implicit key confirmatio rying the parameters for using OSCORE per-message security with implicit key con
n</li> firmation</dd>
<li>Confirmation Key: TBD (value between 4 and 255)</li> <dt>JWT Confirmation Method Name:</dt><dd>osc</dd>
<li>Confirmation Value Type(s): map</li> <dt>Confirmation Key:</dt><dd>4</dd>
<li>Change Controller: IESG</li> <dt>Confirmation Value Type(s):</dt><dd>map</dd>
<li>Specification Document(s): <xref target="oscore-sec-ctx" format="d <dt>Change Controller:</dt><dd>IETF</dd>
efault"/> of [[this document]]</li> <dt>Specification Document(s):</dt><dd><xref target="oscore-sec-ctx" f
</ul> ormat="default"/> of RFC 9203</dd>
</dl>
</section> </section>
<section anchor="osc-jwt" numbered="true" toc="default"> <section anchor="osc-jwt" numbered="true" toc="default">
<name>JWT Confirmation Methods Registry</name> <name>JWT Confirmation Methods Registry</name>
<t>The following registration is done for the JWT Confirmation Methods R <t>The following registration has been made in the "JWT Confirmation Met
egistry <xref target="IANA.JWTConfirmationMethods" format="default"/> following hods" registry <xref target="IANA.JWTConfirmationMethods" format="default"/> fol
the procedure specified in section 6.2.1 of <xref target="RFC7800" format="defau lowing the procedure specified in <xref target="RFC7800" sectionFormat="of" sect
lt"/>:</t> ion="6.2.1"/>:</t>
<ul spacing="compact"> <dl spacing="compact">
<li>Confirmation Method Value: "osc"</li> <dt>Confirmation Method Value:</dt><dd>osc</dd>
<li>Confirmation Method Description: OSCORE_Input_Material carrying th <dt>Confirmation Method Description:</dt><dd>OSCORE_Input_Material car
e parameters for using OSCORE per-message security with implicit key confirmatio rying the parameters for using OSCORE per-message security with implicit key con
n</li> firmation</dd>
<li>Change Controller: IESG</li> <dt>Change Controller:</dt><dd>IETF</dd>
<li>Specification Document(s): <xref target="oscore-sec-ctx" format="d <dt>Specification Document(s):</dt><dd><xref target="oscore-sec-ctx" f
efault"/> of [[this document]]</li> ormat="default"/> of RFC 9203</dd>
</ul> </dl>
</section> </section>
<section anchor="review" numbered="true" toc="default"> <section anchor="review" numbered="true" toc="default">
<name>Expert Review Instructions</name> <name>Expert Review Instructions</name>
<t> <t>
The IANA registry established in this document is defined to use the E xpert Review registration policy. The IANA registry established in this document is defined to use the E xpert Review registration policy.
This section gives some general guidelines for what the experts should be looking for, but they are being designated as experts for a reason so they s hould be given substantial latitude. This section gives some general guidelines for what the experts should be looking for, but they are being designated as experts for a reason, so they should be given substantial latitude.
</t> </t>
<t> <t>
Expert reviewers should take into consideration the following points: Expert reviewers should take into consideration the following points:
</t> </t>
<ul spacing="compact"> <ul spacing="normal">
<li> <li>
Point squatting should be discouraged. Point squatting should be discouraged. Reviewers are encouraged to
Reviewers are encouraged to get sufficient information for registr get sufficient information for registration requests to ensure that the usage i
ation requests to ensure that the usage is not going to duplicate one that is al s not going to duplicate one that is already registered and that the point is li
ready registered and that the point is likely to be used in deployments. kely to be used in deployments. The zones tagged as Private Use are intended for
The zones tagged as private use are intended for testing purposes testing purposes and closed environments. Code points in other ranges should no
and closed environments. Code points in other ranges should not be assigned for t be assigned for testing.
testing.
</li> </li>
<li> <li>
Specifications are required for the standards track range of point Specifications are required for the Standards Track range of point
assignment. assignment.
Specifications should exist for specification required ranges, but Specifications should exist for specification required ranges, but
early assignment before a specification is available is considered to be permis early assignment before a specification is available is considered to be permis
sible. sible. Specifications are needed for the First Come First Served range if they a
Specifications are needed for the first-come, first-serve range if re expected to be used outside of closed environments in an interoperable way. W
they are expected to be used outside of closed environments in an interoperable hen specifications are not provided, the description provided needs to have suff
way. icient information to identify what the point is being used for.
When specifications are not provided, the description provided nee
ds to have sufficient information to identify what the point is being used for.
</li> </li>
<li> <li>
Experts should take into account the expected usage of fields when approving point assignment. Experts should take into account the expected usage of fields when approving point assignment.
The fact that there is a range for standards track documents does not mean that a standards track document cannot have points assigned outside of that range. The fact that there is a range for Standards Track documents does not mean that a Standards Track document cannot have points assigned outside of that range.
The length of the encoded value should be weighed against how many code points of that length are left, the size of device it will be used on, and the number of code points left that encode to that size. The length of the encoded value should be weighed against how many code points of that length are left, the size of device it will be used on, and the number of code points left that encode to that size.
</li> </li>
</ul> </ul>
</section> </section>
</section> </section>
</middle> </middle>
<back> <back>
<references> <references>
<name>References</name> <name>References</name>
<references> <references>
<name>Normative References</name> <name>Normative References</name>
<reference anchor="RFC8613" target="https://www.rfc-editor.org/info/rfc8
613" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.86
13.xml">
<front>
<title>Object Security for Constrained RESTful Environments (OSCORE)
</title>
<seriesInfo name="DOI" value="10.17487/RFC8613"/>
<seriesInfo name="RFC" value="8613"/>
<author initials="G." surname="Selander" fullname="G. Selander">
<organization/>
</author>
<author initials="J." surname="Mattsson" fullname="J. Mattsson">
<organization/>
</author>
<author initials="F." surname="Palombini" fullname="F. Palombini">
<organization/>
</author>
<author initials="L." surname="Seitz" fullname="L. Seitz">
<organization/>
</author>
<date year="2019" month="July"/>
<abstract>
<t>This document defines Object Security for Constrained RESTful E
nvironments (OSCORE), a method for application-layer protection of the Constrain
ed Application Protocol (CoAP), using CBOR Object Signing and Encryption (COSE).
OSCORE provides end-to-end protection between endpoints communicating using Co
AP or CoAP-mappable HTTP. OSCORE is designed for constrained nodes and networks
supporting a range of proxy operations, including translation between different
transport protocols.</t>
<t>Although an optional functionality of CoAP, OSCORE alters CoAP
options processing and IANA registration. Therefore, this document updates RFC
7252.</t>
</abstract>
</front>
</reference>
<reference anchor="I-D.ietf-ace-oauth-authz" xml:base="https://xml2rfc.t
ools.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-ace-oauth-authz.xml" target=
"https://www.ietf.org/archive/id/draft-ietf-ace-oauth-authz-40.txt">
<front>
<title>Authentication and Authorization for Constrained Environments
(ACE) using the OAuth 2.0 Framework (ACE-OAuth)</title>
<seriesInfo name="Internet-Draft" value="draft-ietf-ace-oauth-authz-
40"/>
<author fullname="Ludwig Seitz">
<organization>Combitech</organization>
</author>
<author fullname="Goeran Selander">
<organization>Ericsson</organization>
</author>
<author fullname="Erik Wahlstroem">
</author>
<author fullname="Samuel Erdtman">
<organization>Spotify AB</organization>
</author>
<author fullname="Hannes Tschofenig">
<organization>Arm Ltd.</organization>
</author>
<date month="April" day="26" year="2021"/>
<abstract>
<t> This specification defines a framework for authentication an
d
authorization in Internet of Things (IoT) environments called ACE-
OAuth. The framework is based on a set of building blocks including
OAuth 2.0 and the Constrained Application Protocol (CoAP), thus
transforming a well-known and widely used authorization solution into
a form suitable for IoT devices. Existing specifications are used
where possible, but extensions are added and profiles are defined to
better serve the IoT use cases.
</t> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8613.
</abstract> xml"/>
</front>
</reference>
<reference anchor="I-D.ietf-ace-oauth-params" xml:base="https://xml2rfc.
tools.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-ace-oauth-params.xml" targe
t="https://www.ietf.org/archive/id/draft-ietf-ace-oauth-params-14.txt">
<front>
<title>Additional OAuth Parameters for Authorization in Constrained
Environments (ACE)</title>
<seriesInfo name="Internet-Draft" value="draft-ietf-ace-oauth-params
-14"/>
<author fullname="Ludwig Seitz">
<organization>Combitech</organization>
</author>
<date month="March" day="25" year="2021"/>
<abstract>
<t> This specification defines new parameters and encodings for
the OAuth
2.0 token and introspection endpoints when used with the framework
for authentication and authorization for constrained environments
(ACE). These are used to express the proof-of-possession key the
client wishes to use, the proof-of-possession key that the
Authorization Server has selected, and the key the Resource Server
uses to authenticate to the client.
</t> <!-- [I-D.ietf-ace-oauth-authz-43] companion document RFC 9200 -->
</abstract> <reference anchor='RFC9200' target='https://www.rfc-editor.org/info/rfc9200'>
</front> <front>
</reference> <title>Authentication and Authorization for Constrained Environments Using the O
<reference anchor="RFC8949" target="https://www.rfc-editor.org/info/rfc8 Auth 2.0 Framework (ACE-OAuth)</title>
949" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.89 <author initials='L' surname='Seitz' fullname='Ludwig Seitz'>
49.xml"> <organization />
<front> </author>
<title>Concise Binary Object Representation (CBOR)</title> <author initials='G' surname='Selander' fullname='Goeran Selander'>
<seriesInfo name="DOI" value="10.17487/RFC8949"/> <organization />
<seriesInfo name="RFC" value="8949"/> </author>
<seriesInfo name="STD" value="94"/> <author initials='E' surname='Wahlstroem' fullname='Erik Wahlstroem'>
<author initials="C." surname="Bormann" fullname="C. Bormann"> <organization />
<organization/> </author>
</author> <author initials='S' surname='Erdtman' fullname='Samuel Erdtman'>
<author initials="P." surname="Hoffman" fullname="P. Hoffman"> <organization />
<organization/> </author>
</author> <author initials='H' surname='Tschofenig' fullname='Hannes Tschofenig'>
<date year="2020" month="December"/> <organization />
<abstract> </author>
<t>The Concise Binary Object Representation (CBOR) is a data forma <date year='2022' month='August' />
t whose design goals include the possibility of extremely small code size, fairl </front>
y small message size, and extensibility without the need for version negotiation <seriesInfo name="RFC" value="9200"/>
. These design goals make it different from earlier binary serializations such a <seriesInfo name="DOI" value="10.17487/RFC9200"/>
s ASN.1 and MessagePack.</t> </reference>
<t>This document obsoletes RFC 7049, providing editorial improveme
nts, new details, and errata fixes while keeping full compatibility with the int
erchange format of RFC 7049. It does not create a new version of the format.</t
>
</abstract>
</front>
</reference>
<reference anchor="RFC8392" target="https://www.rfc-editor.org/info/rfc8
392" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.83
92.xml">
<front>
<title>CBOR Web Token (CWT)</title>
<seriesInfo name="DOI" value="10.17487/RFC8392"/>
<seriesInfo name="RFC" value="8392"/>
<author initials="M." surname="Jones" fullname="M. Jones">
<organization/>
</author>
<author initials="E." surname="Wahlstroem" fullname="E. Wahlstroem">
<organization/>
</author>
<author initials="S." surname="Erdtman" fullname="S. Erdtman">
<organization/>
</author>
<author initials="H." surname="Tschofenig" fullname="H. Tschofenig">
<organization/>
</author>
<date year="2018" month="May"/>
<abstract>
<t>CBOR Web Token (CWT) is a compact means of representing claims
to be transferred between two parties. The claims in a CWT are encoded in the C
oncise Binary Object Representation (CBOR), and CBOR Object Signing and Encrypti
on (COSE) is used for added application-layer security protection. A claim is a
piece of information asserted about a subject and is represented as a name/valu
e pair consisting of a claim name and a claim value. CWT is derived from JSON W
eb Token (JWT) but uses CBOR rather than JSON.</t>
</abstract>
</front>
</reference>
<reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2
119" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.21
19.xml">
<front>
<title>Key words for use in RFCs to Indicate Requirement Levels</tit
le>
<seriesInfo name="DOI" value="10.17487/RFC2119"/>
<seriesInfo name="RFC" value="2119"/>
<seriesInfo name="BCP" value="14"/>
<author initials="S." surname="Bradner" fullname="S. Bradner">
<organization/>
</author>
<date year="1997" month="March"/>
<abstract>
<t>In many standards track documents several words are used to sig
nify the requirements in the specification. These words are often capitalized.
This document defines these words as they should be interpreted in IETF document
s. This document specifies an Internet Best Current Practices for the Internet
Community, and requests discussion and suggestions for improvements.</t>
</abstract>
</front>
</reference>
<reference anchor="RFC7252" target="https://www.rfc-editor.org/info/rfc7
252" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.72
52.xml">
<front>
<title>The Constrained Application Protocol (CoAP)</title>
<seriesInfo name="DOI" value="10.17487/RFC7252"/>
<seriesInfo name="RFC" value="7252"/>
<author initials="Z." surname="Shelby" fullname="Z. Shelby">
<organization/>
</author>
<author initials="K." surname="Hartke" fullname="K. Hartke">
<organization/>
</author>
<author initials="C." surname="Bormann" fullname="C. Bormann">
<organization/>
</author>
<date year="2014" month="June"/>
<abstract>
<t>The Constrained Application Protocol (CoAP) is a specialized we
b transfer protocol for use with constrained nodes and constrained (e.g., low-po
wer, lossy) networks. The nodes often have 8-bit microcontrollers with small am
ounts of ROM and RAM, while constrained networks such as IPv6 over Low-Power Wir
eless Personal Area Networks (6LoWPANs) often have high packet error rates and a
typical throughput of 10s of kbit/s. The protocol is designed for machine- to-
machine (M2M) applications such as smart energy and building automation.</t>
<t>CoAP provides a request/response interaction model between appl
ication endpoints, supports built-in discovery of services and resources, and in
cludes key concepts of the Web such as URIs and Internet media types. CoAP is d
esigned to easily interface with HTTP for integration with the Web while meeting
specialized requirements such as multicast support, very low overhead, and simp
licity for constrained environments.</t>
</abstract>
</front>
</reference>
<reference anchor="I-D.ietf-cose-rfc8152bis-struct" xml:base="https://xm
l2rfc.tools.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-cose-rfc8152bis-struc
t.xml" target="https://www.ietf.org/archive/id/draft-ietf-cose-rfc8152bis-struct
-15.txt">
<front>
<title>CBOR Object Signing and Encryption (COSE): Structures and Pro
cess</title>
<seriesInfo name="Internet-Draft" value="draft-ietf-cose-rfc8152bis-
struct-15"/>
<author fullname="Jim Schaad">
<organization>August Cellars</organization>
</author>
<date month="February" day="1" year="2021"/>
<abstract>
<t> Concise Binary Object Representation (CBOR) is a data format
designed
for small code size and small message size. There is a need for the
ability to have basic security services defined for this data format.
This document defines the CBOR Object Signing and Encryption (COSE)
protocol. This specification describes how to create and process
signatures, message authentication codes, and encryption using CBOR
for serialization. This specification additionally describes how to
represent cryptographic keys using CBOR.
This document along with [I-D.ietf-cose-rfc8152bis-algs] obsoletes <!-- [I-D.ietf-ace-oauth-params] companion document RFC 9201 -->
RFC8152. <reference anchor='RFC9201' target='https://www.rfc-editor.org/info/rfc9201'>
<front>
<title>Additional OAuth Parameters for Authentication and Authorization for Cons
trained Environments (ACE)</title>
<author initials='L' surname='Seitz' fullname='Ludwig Seitz'>
<organization />
</author>
<date year='2022' month='August' />
</front>
<seriesInfo name="RFC" value="9201"/>
<seriesInfo name="DOI" value="10.17487/RFC9201"/>
</reference>
</t> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8949.
</abstract> xml"/>
</front> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8392.
</reference> xml"/>
<reference anchor="I-D.ietf-cose-rfc8152bis-algs" xml:base="https://xml2 <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.
rfc.tools.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-cose-rfc8152bis-algs.xm xml"/>
l" target="https://www.ietf.org/archive/id/draft-ietf-cose-rfc8152bis-algs-12.tx <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7252.
t"> xml"/>
<front>
<title>CBOR Object Signing and Encryption (COSE): Initial Algorithms
</title>
<seriesInfo name="Internet-Draft" value="draft-ietf-cose-rfc8152bis-
algs-12"/>
<author fullname="Jim Schaad">
<organization>August Cellars</organization>
</author>
<date month="September" day="24" year="2020"/>
<abstract>
<t> Concise Binary Object Representation (CBOR) is a data format
designed
for small code size and small message size. There is a need for the
ability to have basic security services defined for this data format.
THis document defines a set of algorithms that can be used with the
CBOR Object Signing and Encryption (COSE) protocol RFC XXXX.
</t> <!-- [I-D.ietf-cose-rfc8152bis-struct] companion document RFC 9052 -->
</abstract> <reference anchor='RFC9052' target='https://www.rfc-editor.org/info/rfc9052'>
</front> <front>
</reference> <title>CBOR Object Signing and Encryption (COSE): Structures and Process</title>
<reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8 <author initials='J' surname='Schaad' fullname='Jim Schaad'>
174" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.81 <organization />
74.xml"> </author>
<front> <date year='2022' month='August' />
<title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</ti </front>
tle> <seriesInfo name="STD" value="96"/>
<seriesInfo name="DOI" value="10.17487/RFC8174"/> <seriesInfo name="RFC" value="9052"/>
<seriesInfo name="RFC" value="8174"/> <seriesInfo name="DOI" value="10.17487/RFC9052"/>
<seriesInfo name="BCP" value="14"/> </reference>
<author initials="B." surname="Leiba" fullname="B. Leiba">
<organization/> <!-- [I-D.ietf-cose-rfc8152bis-algs] companion document
</author> RFC 9053 -->
<date year="2017" month="May"/> <reference anchor='RFC9053' target='https://www.rfc-editor.org/info/rfc9053'>
<abstract> <front>
<t>RFC 2119 specifies common key words that may be used in protoco <title>CBOR Object Signing and Encryption (COSE): Initial Algorithms</title>
l specifications. This document aims to reduce the ambiguity by clarifying tha <author initials='J' surname='Schaad' fullname='Jim Schaad'>
t only UPPERCASE usage of the key words have the defined special meanings.</t> <organization />
</abstract> </author>
</front> <date year='2022' month='August' />
</reference> </front>
<reference anchor="RFC8610" target="https://www.rfc-editor.org/info/rfc8 <seriesInfo name="RFC" value="9053"/>
610" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.86 <seriesInfo name="DOI" value="10.17487/RFC9053"/>
10.xml"> </reference>
<front>
<title>Concise Data Definition Language (CDDL): A Notational Convent <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.
ion to Express Concise Binary Object Representation (CBOR) and JSON Data Structu xml"/>
res</title> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8610.
<seriesInfo name="DOI" value="10.17487/RFC8610"/> xml"/>
<seriesInfo name="RFC" value="8610"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5869.
<author initials="H." surname="Birkholz" fullname="H. Birkholz"> xml"/>
<organization/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4648.
</author> xml"/>
<author initials="C." surname="Vigano" fullname="C. Vigano">
<organization/> <reference anchor="IANA.OAuthParameters" target="https://www.iana.org/as
</author> signments/oauth-parameters">
<author initials="C." surname="Bormann" fullname="C. Bormann">
<organization/>
</author>
<date year="2019" month="June"/>
<abstract>
<t>This document proposes a notational convention to express Conci
se Binary Object Representation (CBOR) data structures (RFC 7049). Its main goa
l is to provide an easy and unambiguous way to express structures for protocol m
essages and data formats that use CBOR or JSON.</t>
</abstract>
</front>
</reference>
<reference anchor="RFC5869" target="https://www.rfc-editor.org/info/rfc5
869" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.58
69.xml">
<front>
<title>HMAC-based Extract-and-Expand Key Derivation Function (HKDF)<
/title>
<seriesInfo name="DOI" value="10.17487/RFC5869"/>
<seriesInfo name="RFC" value="5869"/>
<author initials="H." surname="Krawczyk" fullname="H. Krawczyk">
<organization/>
</author>
<author initials="P." surname="Eronen" fullname="P. Eronen">
<organization/>
</author>
<date year="2010" month="May"/>
<abstract>
<t>This document specifies a simple Hashed Message Authentication
Code (HMAC)-based key derivation function (HKDF), which can be used as a buildin
g block in various protocols and applications. The key derivation function (KDF
) is intended to support a wide range of applications and requirements, and is c
onservative in its use of cryptographic hash functions. This document is not an
Internet Standards Track specification; it is published for informational pur
poses.</t>
</abstract>
</front>
</reference>
<reference anchor="IANA.OAuthParameters" target="https://www.iana.org/as
signments/oauth-parameters/oauth-parameters.xhtml#parameters">
<front> <front>
<title>OAuth Parameters</title> <title>OAuth Parameters</title>
<author> <author>
<organization>IANA</organization> <organization>IANA</organization>
</author> </author>
<date/> <date/>
</front> </front>
</reference> </reference>
<reference anchor="IANA.CWTConfirmationMethods" target="https://www.iana
.org/assignments/cwt/cwt.xhtml#confirmation-methods"> <reference anchor="IANA.CWTConfirmationMethods" target="https://www.iana
.org/assignments/cwt">
<front> <front>
<title>CWT Confirmation Methods</title> <title>CWT Confirmation Methods</title>
<author> <author>
<organization>IANA</organization> <organization>IANA</organization>
</author> </author>
<date/> <date/>
</front> </front>
</reference> </reference>
<reference anchor="IANA.JWTConfirmationMethods" target="https://www.iana
.org/assignments/jwt/jwt.xhtml#confirmation-methods"> <reference anchor="IANA.JWTConfirmationMethods" target="https://www.iana
.org/assignments/jwt">
<front> <front>
<title>JWT Confirmation Methods</title> <title>JWT Confirmation Methods</title>
<author> <author>
<organization>IANA</organization> <organization>IANA</organization>
</author> </author>
<date/> <date/>
</front> </front>
</reference> </reference>
<reference anchor="COSE.Algorithms" target="https://www.iana.org/assignm
ents/cose/cose.xhtml#algorithms"> <reference anchor="COSE.Algorithms" target="https://www.iana.org/assignm
ents/cose">
<front> <front>
<title>COSE Algorithms</title> <title>COSE Algorithms</title>
<author> <author>
<organization>IANA</organization> <organization>IANA</organization>
</author> </author>
<date/> <date/>
</front> </front>
</reference> </reference>
</references> </references>
<references> <references>
<name>Informative References</name> <name>Informative References</name>
<reference anchor="RFC8747" target="https://www.rfc-editor.org/info/rfc8
747" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.87 <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8747.
47.xml"> xml"/>
<front> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7800.
<title>Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)< xml"/>
/title> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4949.
<seriesInfo name="DOI" value="10.17487/RFC8747"/> xml"/>
<seriesInfo name="RFC" value="8747"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6749.
<author initials="M." surname="Jones" fullname="M. Jones"> xml"/>
<organization/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.9110.
</author> xml"/>
<author initials="L." surname="Seitz" fullname="L. Seitz"> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8126.
<organization/> xml"/>
</author> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.9147.
<author initials="G." surname="Selander" fullname="G. Selander"> xml"/>
<organization/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8446.
</author> xml"/>
<author initials="S." surname="Erdtman" fullname="S. Erdtman">
<organization/>
</author>
<author initials="H." surname="Tschofenig" fullname="H. Tschofenig">
<organization/>
</author>
<date year="2020" month="March"/>
<abstract>
<t>This specification describes how to declare in a CBOR Web Token
(CWT) (which is defined by RFC 8392) that the presenter of the CWT possesses a
particular proof-of-possession key. Being able to prove possession of a key is a
lso sometimes described as being the holder-of-key. This specification provides
equivalent functionality to "Proof-of-Possession Key Semantics for JSON Web Toke
ns (JWTs)" (RFC 7800) but using Concise Binary Object Representation (CBOR) and
CWTs rather than JavaScript Object Notation (JSON) and JSON Web Tokens (JWTs).</
t>
</abstract>
</front>
</reference>
<reference anchor="RFC7800" target="https://www.rfc-editor.org/info/rfc7
800" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.78
00.xml">
<front>
<title>Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)<
/title>
<seriesInfo name="DOI" value="10.17487/RFC7800"/>
<seriesInfo name="RFC" value="7800"/>
<author initials="M." surname="Jones" fullname="M. Jones">
<organization/>
</author>
<author initials="J." surname="Bradley" fullname="J. Bradley">
<organization/>
</author>
<author initials="H." surname="Tschofenig" fullname="H. Tschofenig">
<organization/>
</author>
<date year="2016" month="April"/>
<abstract>
<t>This specification describes how to declare in a JSON Web Token
(JWT) that the presenter of the JWT possesses a particular proof-of- possession
key and how the recipient can cryptographically confirm proof of possession of
the key by the presenter. Being able to prove possession of a key is also somet
imes described as the presenter being a holder-of-key.</t>
</abstract>
</front>
</reference>
<reference anchor="RFC4949" target="https://www.rfc-editor.org/info/rfc4
949" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.49
49.xml">
<front>
<title>Internet Security Glossary, Version 2</title>
<seriesInfo name="DOI" value="10.17487/RFC4949"/>
<seriesInfo name="RFC" value="4949"/>
<seriesInfo name="FYI" value="36"/>
<author initials="R." surname="Shirey" fullname="R. Shirey">
<organization/>
</author>
<date year="2007" month="August"/>
<abstract>
<t>This Glossary provides definitions, abbreviations, and explanat
ions of terminology for information system security. The 334 pages of entries of
fer recommendations to improve the comprehensibility of written material that is
generated in the Internet Standards Process (RFC 2026). The recommendations fol
low the principles that such writing should (a) use the same term or definition
whenever the same concept is mentioned; (b) use terms in their plainest, diction
ary sense; (c) use terms that are already well-established in open publications;
and (d) avoid terms that either favor a particular vendor or favor a particular
technology or mechanism over other, competing techniques that already exist or
could be developed. This memo provides information for the Internet community.<
/t>
</abstract>
</front>
</reference>
<reference anchor="RFC6749" target="https://www.rfc-editor.org/info/rfc6
749" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.67
49.xml">
<front>
<title>The OAuth 2.0 Authorization Framework</title>
<seriesInfo name="DOI" value="10.17487/RFC6749"/>
<seriesInfo name="RFC" value="6749"/>
<author initials="D." surname="Hardt" fullname="D. Hardt" role="edit
or">
<organization/>
</author>
<date year="2012" month="October"/>
<abstract>
<t>The OAuth 2.0 authorization framework enables a third-party app
lication to obtain limited access to an HTTP service, either on behalf of a reso
urce owner by orchestrating an approval interaction between the resource owner a
nd the HTTP service, or by allowing the third-party application to obtain access
on its own behalf. This specification replaces and obsoletes the OAuth 1.0 pro
tocol described in RFC 5849. [STANDARDS-TRACK]</t>
</abstract>
</front>
</reference>
<reference anchor="RFC7231" target="https://www.rfc-editor.org/info/rfc7
231" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.72
31.xml">
<front>
<title>Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
</title>
<seriesInfo name="DOI" value="10.17487/RFC7231"/>
<seriesInfo name="RFC" value="7231"/>
<author initials="R." surname="Fielding" fullname="R. Fielding" role
="editor">
<organization/>
</author>
<author initials="J." surname="Reschke" fullname="J. Reschke" role="
editor">
<organization/>
</author>
<date year="2014" month="June"/>
<abstract>
<t>The Hypertext Transfer Protocol (HTTP) is a stateless \%applica
tion- level protocol for distributed, collaborative, hypertext information syste
ms. This document defines the semantics of HTTP/1.1 messages, as expressed by r
equest methods, request header fields, response status codes, and response heade
r fields, along with the payload of messages (metadata and body content) and mec
hanisms for content negotiation.</t>
</abstract>
</front>
</reference>
<reference anchor="I-D.ietf-tls-dtls13" xml:base="https://xml2rfc.tools.
ietf.org/public/rfc/bibxml3/reference.I-D.ietf-tls-dtls13.xml" target="https://w
ww.ietf.org/internet-drafts/draft-ietf-tls-dtls13-43.txt">
<front>
<title>The Datagram Transport Layer Security (DTLS) Protocol Version
1.3</title>
<seriesInfo name="Internet-Draft" value="draft-ietf-tls-dtls13-43"/>
<author initials="E" surname="Rescorla" fullname="Eric Rescorla">
<organization/>
</author>
<author initials="H" surname="Tschofenig" fullname="Hannes Tschofeni
g">
<organization/>
</author>
<author initials="N" surname="Modadugu" fullname="Nagendra Modadugu"
>
<organization/>
</author>
<date year="2021" month="April" day="30"/>
<abstract>
<t>This document specifies Version 1.3 of the Datagram Transport L
ayer Security (DTLS) protocol. DTLS 1.3 allows client/server applications to co
mmunicate over the Internet in a way that is designed to prevent eavesdropping,
tampering, and message forgery.</t>
<t> The DTLS 1.3 protocol is intentionally based on the Transport
Layer Security (TLS) 1.3 protocol and provides equivalent security guarantees wi
th the exception of order protection/non-replayability. Datagram semantics of th
e underlying transport are preserved by the DTLS protocol.</t>
<t> This document obsoletes RFC 6347.</t>
</abstract>
</front>
</reference>
<reference anchor="RFC8446" target="https://www.rfc-editor.org/info/rfc8
446" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.84
46.xml">
<front>
<title>The Transport Layer Security (TLS) Protocol Version 1.3</titl
e>
<seriesInfo name="DOI" value="10.17487/RFC8446"/>
<seriesInfo name="RFC" value="8446"/>
<author initials="E." surname="Rescorla" fullname="E. Rescorla">
<organization/>
</author>
<date year="2018" month="August"/>
<abstract>
<t>This document specifies version 1.3 of the Transport Layer Secu
rity (TLS) protocol. TLS allows client/server applications to communicate over
the Internet in a way that is designed to prevent eavesdropping, tampering, and
message forgery.</t>
<t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 50
77, 5246, and 6961. This document also specifies new requirements for TLS 1.2 i
mplementations.</t>
</abstract>
</front>
</reference>
</references> </references>
</references> </references>
<section numbered="true" toc="default"> <section numbered="true" toc="default">
<name>Profile Requirements</name> <name>Profile Requirements</name>
<t> <t>
This section lists the specifications on this profile based on the requi rements on the framework, as requested in Appendix C of <xref target="I-D.ietf-a ce-oauth-authz" format="default"/>. This section lists the specifications of this profile based on the requi rements of the framework, as requested in <xref target="RFC9200" sectionFormat=" of" section="C"/>.
</t> </t>
<ul spacing="compact">
<ul spacing="normal">
<li> <li>
Optionally define new methods for the client to discover the Optionally, define new methods for the client to discover the
necessary permissions and AS for accessing a resource, different necessary permissions and AS for accessing a resource, different
from the one proposed in: Not specified from the one proposed in <xref target="RFC9200" format="default"/>: Not specified
</li> </li>
<li> <li>
Optionally specify new grant types: Not specified Optionally, specify new grant types: Not specified
</li> </li>
<li> <li>
Optionally define the use of client certificates as client Optionally, define the use of client certificates as client
credential type: Not specified credential type: Not specified
</li> </li>
<li> <li>
Specify the communication protocol the client and RS the must use: C oAP Specify the communication protocol the client and RS must use: CoAP
</li> </li>
<li> <li>
Specify the security protocol the client and RS must use to Specify the security protocol the client and RS must use to
protect their communication: OSCORE protect their communication: OSCORE
</li> </li>
<li> <li>
Specify how the client and the RS mutually authenticate: Implicitly by possession of a common OSCORE security context. Note that the mutual authenti cation is not completed before the client has verified an OSCORE response using this security context. Specify how the client and the RS mutually authenticate: Implicitly by possession of a common OSCORE security context. Note that the mutual authenti cation is not completed before the client has verified an OSCORE response using this security context.
</li> </li>
<li> <li>
Specify the proof-of-possession protocol(s) and how to select one, Specify the proof-of-possession protocol(s) and how to select one,
if several are available. Also specify which key types (e.g., if several are available. Also specify which key types (e.g.,
symmetric/asymmetric) are supported by a specific proof-of- symmetric/asymmetric) are supported by a specific proof-of-
possession protocol: OSCORE algorithms; pre-established symmetric ke ys possession protocol: OSCORE algorithms; preestablished symmetric key s
</li> </li>
<li> <li>
Specify a unique ace_profile identifier: coap_oscore Specify a unique ace_profile identifier: coap_oscore
</li> </li>
<li> <li>
If introspection is supported: Specify the communication and If introspection is supported, specify the communication and
security protocol for introspection: HTTP/CoAP (+ TLS/DTLS/OSCORE) security protocol for introspection: HTTP/CoAP (+ TLS/DTLS/OSCORE)
</li> </li>
<li> <li>
Specify the communication and security protocol for interactions Specify the communication and security protocol for interactions
between client and AS: HTTP/CoAP (+ TLS/DTLS/OSCORE) between client and AS: HTTP/CoAP (+ TLS/DTLS/OSCORE)
</li> </li>
<li> <li>
Specify how/if the authz-info endpoint is protected, including how Specify if/how the authz-info endpoint is protected, including how
error responses are protected: Not protected. error responses are protected: Not protected
</li> </li>
<li> <li>
Optionally define other methods of token transport than the authz- Optionally, define methods of token transport other than the authz-i
info endpoint: Not defined nfo
endpoint: Not defined
</li> </li>
</ul> </ul>
</section> </section>
<section numbered="false" toc="default"> <section numbered="false" toc="default">
<name>Acknowledgments</name> <name>Acknowledgments</name>
<t> <t>
The authors wish to thank Jim Schaad and Marco Tiloca for the substantia The authors wish to thank <contact fullname="Jim Schaad"/> and <contact
l input to this document, as well as Elwyn Davies, Linda Dunbar, Roman Danyliw, fullname="Marco Tiloca"/> for the substantial input to this document, as well as
Martin Duke, Lars Eggert, Murray Kucherawy, and Zaheduzzaman Sarker for their re <contact fullname="Carsten Bormann"/>, <contact fullname="Elwyn Davies"/>, <con
views and feedback. Special thanks to the responsible area director Benjamin Kad tact fullname="Linda Dunbar"/>, <contact fullname="Roman Danyliw"/>, <contact fu
uk for his extensive review and contributed text. llname="Martin Duke"/>, <contact fullname="Lars Eggert"/>, <contact fullname="Mu
Ludwig Seitz worked on this document as part of the CelticNext projects rray Kucherawy"/>, and <contact fullname="Zaheduzzaman Sarker"/> for their revie
CyberWI, and CRITISEC with funding from Vinnova. ws and feedback. Special thanks to the responsible area director <contact fullna
me="Benjamin Kaduk"/> for his extensive review and contributed text.
<contact fullname="Ludwig Seitz"/> worked on this document as part of th
e CelticNext projects CyberWI and CRITISEC with funding from Vinnova.
The work on this document has been partly supported also by the H2020 pr oject SIFIS-Home (Grant agreement 952652). The work on this document has been partly supported also by the H2020 pr oject SIFIS-Home (Grant agreement 952652).
</t> </t>
</section> </section>
</back> </back>
</rfc> </rfc>
 End of changes. 217 change blocks. 
1238 lines changed or deleted 798 lines changed or added

This html diff was produced by rfcdiff 1.48.