Presentation is loading. Please wait.

Presentation is loading. Please wait.

ACE BOF, IETF-89 London Authentication and Authorization for Constrained Environments (ACE) BOF Wed 09:00-11:30, Balmoral BOF Chairs: Kepeng Li, Hannes.

Published byArleen Pearson Modified over 8 years ago

Similar presentations

Presentation on theme: "ACE BOF, IETF-89 London Authentication and Authorization for Constrained Environments (ACE) BOF Wed 09:00-11:30, Balmoral BOF Chairs: Kepeng Li, Hannes."— Presentation transcript:

1 ACE BOF, IETF-89 London Authentication and Authorization for Constrained Environments (ACE) BOF Wed 09:00-11:30, Balmoral BOF Chairs: Kepeng Li, Hannes Tschofenig Responsible AD: Barry Leiba Mailing List: ace@ietf.org

2 Note Well This summary is only meant to point you in the right direction, and doesn't have all the nuances. The IETF's IPR Policy is set forth in BCP 79; please read it carefully. The brief summary:  By participating with the IETF, you agree to follow IETF processes.  If you are aware that a contribution of yours (something you write, say, or discuss in any IETF context) is covered by patents or patent applications, you need to disclose that fact.  You understand that meetings might be recorded, broadcast, and publicly archived. For further information, talk to a chair, ask an Area Director, or review the following: BCP 9 (on the Internet Standards Process) BCP 25 (on the Working Group processes) BCP 78 (on the IETF Trust) BCP 79 (on Intellectual Property Rights in the IETF)

3 Agenda Introduction (Chairs) – 5 min Constrained Node Network (Carsten Bormann) -15 min Use Cases and Requirements (Ludwig Seitz) - 30 min Architectural Design Choices (Goran Selander) - 30 min Gap Analysis (Hannes Tschofenig) - 30 min Charter Discussion (Chairs) - 40 min

4 Prior Activities leading to this BOF Smart Object Workshop (March 2011)Smart Object Workshop Smart Object Security Workshop (March 2012)Smart Object Security Workshop Many relevant IETF working group activities this work builds on, including CORE, 6lowpan/6low, lwig, dice, etc. Various interoperability events

5 Problem Statement PUT “1” /lock GET /bloodpressure Resource server, client and network may be constrained.  How to support explicit and dynamic authorization? PUT “2.5mg” /sedative ClientResource Server

6 Related Work Use Cases: – ​ http://tools.ietf.org/id/draft-garcia-core-security ​ http://tools.ietf.org/id/draft-garcia-core-security – ​ http://tools.ietf.org/id/draft-greevenbosch-core-authreq ​ http://tools.ietf.org/id/draft-greevenbosch-core-authreq – ​ http://tools.ietf.org/id/draft-seitz-ace-usecases ​ http://tools.ietf.org/id/draft-seitz-ace-usecases Solutions: – ​ http://tools.ietf.org/id/draft-gerdes-core-dcaf-authorize ​ http://tools.ietf.org/id/draft-gerdes-core-dcaf-authorize – ​ http://tools.ietf.org/id/draft-kang-core-secure-reconfiguration ​ http://tools.ietf.org/id/draft-kang-core-secure-reconfiguration – ​ http://tools.ietf.org/id/draft-selander-core-access-control ​ http://tools.ietf.org/id/draft-selander-core-access-control – ​ http://tools.ietf.org/id/draft-zhu-ace-groupauth ​ http://tools.ietf.org/id/draft-zhu-ace-groupauth – ​ http://tools.ietf.org/id/draft-pporamba-dtls-certkey ​ http://tools.ietf.org/id/draft-pporamba-dtls-certkey – ​ http://tools.ietf.org/id/draft-schmitt-two-way-authentication-for-iot ​ http://tools.ietf.org/id/draft-schmitt-two-way-authentication-for-iot – ​ http://tools.ietf.org/id/draft-seitz-core-security-modes ​ http://tools.ietf.org/id/draft-seitz-core-security-modes – ​ http://tools.ietf.org/id/draft-sarikaya-ace-secure-bootstrapping ​ http://tools.ietf.org/id/draft-sarikaya-ace-secure-bootstrapping – ​ http://tools.ietf.org/id/draft-bormann-core-ace-aif ​ http://tools.ietf.org/id/draft-bormann-core-ace-aif – ​ http://tools.ietf.org/id/draft-porambage-core-ace-x509 ​ http://tools.ietf.org/id/draft-porambage-core-ace-x509 – ​ http://tools.ietf.org/id/draft-tschofenig-ace-overview ​ http://tools.ietf.org/id/draft-tschofenig-ace-overview –http://tools.ietf.org/id/draft-seitz-ace-design-considerationshttp://tools.ietf.org/id/draft-seitz-ace-design-considerations –https://tools.ietf.org/id/draft-mehrtens-core-ace-concerthttps://tools.ietf.org/id/draft-mehrtens-core-ace-concert

7 ACE BOF, IETF-89 London Constrained Node Network Carsten Bormann

8 ACE BOF, IETF-89 London Use Case and Requirements Ludwig Seitz http://datatracker.ietf.org/doc/draft-seitz-ace-usecases/

9 ACE BOF, IETF-89 London Architectural Design Choices Göran Selander http://tools.ietf.org/id/draft-seitz-ace-design-considerations http://tools.ietf.org/id/draft-gerdes-core-dcaf-authorize http://datatracker.ietf.org/doc/draft-selander-core-access-control/

10 ACE BOF, IETF-89 London Gap Analysis Hannes Tschofenig http://tools.ietf.org/id/draft-tschofenig-ace-overview/

11 ACE BOF, IETF-89 London Charter Discussion Kepeng Li, Hannes Tschofenig http://trac.tools.ietf.org/wg/core/trac/wiki/ACE_charter

12 An Important Question a) Is this a topic the IETF should try to address? b) Is this a topic the IETF should not try to address?

13 Charter: Narrative (Constrained Environments) standardized solution for authentication and authorization authorized access to resources use CoAP and leverage DTLS security where possible employ additional less-constrained devices in order to relieve the constrained nodes existing authentication and authorization protocols are used and re-applied... restricting the options within each of the specifications operate across multiple domains

14 Charter: Tasks Document the use cases and high-level requirements for secured communication between constrained devices. Define profiles for encoding authentication and authorization data. Document design criteria for the required security protocols with respect to resource usage ( RAM, message round trips, power consumption etc. ). Define a mechanism for authenticated and protected transfer of authorization information suitable for constrained environments, and taking into account expiry/revocation. Define formats for access tokens and for authorization information that are suitable for constrained devices. Define bootstrapping for authorization information using the Resource Directory (see draft-ietf-core-resource-directory).draft-ietf-core-resource-directory

15 Charter Question The draft charter: –http://trac.tools.ietf.org/wg/core/trac/wiki/ACE_charterhttp://trac.tools.ietf.org/wg/core/trac/wiki/ACE_charter a) Is the scope of the charter clear enough? b) Is the scope of the charter not clear enough?

16 Engagement a)How many are willing to review? b)How many are interested to work on documents?

Download ppt "ACE BOF, IETF-89 London Authentication and Authorization for Constrained Environments (ACE) BOF Wed 09:00-11:30, Balmoral BOF Chairs: Kepeng Li, Hannes."

Similar presentations

Service Function Chaining (SFC) BoF

Service Function Chaining (SFC) BoF
SACM IETF-92 Meeting March 23 and 27, 2015 Dan Romascanu Adam Montville.

SACM IETF-92 Meeting March 23 and 27, 2015 Dan Romascanu Adam Montville.
DDoS Open Threat Signaling BOF (DOTS) IETF 92, Dallas, Texas

DDoS Open Threat Signaling BOF (DOTS) IETF 92, Dallas, Texas
OAuth/UMA for ACE 24 th March 2015 draft-maler-ace-oauth-uma-00.txt Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig.

OAuth/UMA for ACE 24 th March 2015 draft-maler-ace-oauth-uma-00.txt Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig.
CCAMP Working Group Online Agenda and Slides at: ccamp Data tracker:

CCAMP Working Group Online Agenda and Slides at: ccamp Data tracker:
Authorization architecture sketches draft-selander-core-access-control-02 draft-gerdes-core-dcaf-authorize-02 draft-seitz-ace-design-considerations-00.

Authorization architecture sketches draft-selander-core-access-control-02 draft-gerdes-core-dcaf-authorize-02 draft-seitz-ace-design-considerations-00.
CCAMP Working Group Online Agenda and Slides at: ccamp Data tracker:

CCAMP Working Group Online Agenda and Slides at: ccamp Data tracker:
IETF-88 AQM WG Wesley Eddy Richard Scheffenegger 1 05.

IETF-88 AQM WG Wesley Eddy Richard Scheffenegger
DetNet BoF Chairs: Lou Berger Pat Thaler Online Agenda and Slides at: https://datatracker.ietf.org/meeting/93/materials.html#detnet.

DetNet BoF Chairs: Lou Berger Pat Thaler Online Agenda and Slides at:
July 2013IETF TRILL WG1 TRILL Working Group TRansparent Interconnection of Lots of Links Mailing list address: Tools site:

July 2013IETF TRILL WG1 TRILL Working Group TRansparent Interconnection of Lots of Links Mailing list address: Tools site:
Audio/Video Transport Extensions (AVTEXT). Administrivia Notetakers? Jabber scribe? Jabber Chat Room

Audio/Video Transport Extensions (AVTEXT). Administrivia Notetakers? Jabber scribe? Jabber Chat Room
Network Virtualization Overlays (NVO3) NVO3 Meeting, IETF 88, Vancouver Benson Schliesser Matthew Bocci

Network Virtualization Overlays (NVO3) NVO3 Meeting, IETF 88, Vancouver Benson Schliesser Matthew Bocci
CCAMP Working Group Online Agenda and Slides at: https://datatracker.ietf.org/meeting/90/agenda/ccamp/ Data tracker:

CCAMP Working Group Online Agenda and Slides at: Data tracker:
LMAP WG IETF 89, London, UK Dan Romascanu Jason Weil.

LMAP WG IETF 89, London, UK Dan Romascanu Jason Weil.
Dnssd WG Chairs: Tim Chown Ralph Droms IETF 89, London, 3 rd March 2014.

Dnssd WG Chairs: Tim Chown Ralph Droms IETF 89, London, 3 rd March 2014.
Wed 31 Jul & Fri 2 Aug 2013SIDR IETF 87 Berlin, German1 SIDR Working Group IETF 87 Berlin, Germany Wednesday, 31 Jul 2013 Friday, 2 Aug 2013.

Wed 31 Jul & Fri 2 Aug 2013SIDR IETF 87 Berlin, German1 SIDR Working Group IETF 87 Berlin, Germany Wednesday, 31 Jul 2013 Friday, 2 Aug 2013.
CCAMP Working Group Online Agenda and Slides at: Data tracker:

CCAMP Working Group Online Agenda and Slides at: Data tracker:
ForCES WG Status Forwarding and Control Element Separation (IETF88 Vancouver, CA 2013) Chair: Jamal Hadi Salim Damascene.

ForCES WG Status Forwarding and Control Element Separation (IETF88 Vancouver, CA 2013) Chair: Jamal Hadi Salim Damascene.
SACM IETF-91Meeting November 10 and 14, 2014 Dan Romascanu Adam Montville.

SACM IETF-91Meeting November 10 and 14, 2014 Dan Romascanu Adam Montville.
Note Well This summary is only meant to point you in the right direction, and doesn't have all the nuances. The IETF's IPR Policy is set forth in BCP 79;

Note Well This summary is only meant to point you in the right direction, and doesn't have all the nuances. The IETF's IPR Policy is set forth in BCP 79;

Similar presentations

Ads by Google