Hello ACE,We have recently submitted a new version of draft-tiloca-ace-workflow-and-params [1].
* In Section 3.2, the old parameter "subject_ids" has been replaced by the alternative new parameter "aud2", with a simpler and more generally applicable semantics. The example showing its combined use with the new parameter "rs_cnf2" has been updated accordingly. This change builds on input from Christian Amsüss during and around IETF 117 (thanks!).
* In Section 3.3, we have defined the new parameter "anchor_cnf", which allows the Authorization Server to provide the Client with the authentication credentials of trusted parties acting as trust anchors.
The Client can use such authentication credentials to verify the authentication credentials of Resource Servers, which the Client may obtain through different means than the Access Token Response from the Authorization Server. An example is also provided.
No changes have been made to the alternative ACE workflow, where the Authorization Server uploads the access token to the Resource Server on behalf of the Client.
Comments are welcome! Best, /Marco [1] https://datatracker.ietf.org/doc/draft-tiloca-ace-workflow-and-params/ -------- Forwarded Message --------Subject: New Version Notification for draft-tiloca-ace-workflow-and-params-01.txt
Date: Mon, 23 Oct 2023 05:55:31 -0700 From: [email protected]To: Göran Selander <[email protected]>, Goeran Selander <[email protected]>, Marco Tiloca <[email protected]>
A new version of Internet-Draft draft-tiloca-ace-workflow-and-params-01.txt has been successfully submitted by Marco Tiloca and posted to the IETF repository. Name: draft-tiloca-ace-workflow-and-params Revision: 01Title: Alternative Workflow and OAuth Parameters for the Authentication and Authorization for Constrained Environments (ACE) Framework
Date: 2023-10-23 Group: Individual Submission Pages: 25URL: https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-tiloca-ace-workflow-and-params-01.txt&data=05%7C01%7Cmarco.tiloca%40ri.se%7C58b1b6dd0dc34107e31308dbd3c7586c%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638336625516607772%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=4aQi2%2FtVz5g8ZY%2FvCvz2vArUaETWPVLksuQaBrOoCKs%3D&reserved=0 Status: https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-tiloca-ace-workflow-and-params%2F&data=05%7C01%7Cmarco.tiloca%40ri.se%7C58b1b6dd0dc34107e31308dbd3c7586c%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638336625516764021%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=LwJ7n3IZveDfAORMliNUJnZnmMxWJTAkh9EQ5ku%2BRig%3D&reserved=0 HTML: https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-tiloca-ace-workflow-and-params-01.html&data=05%7C01%7Cmarco.tiloca%40ri.se%7C58b1b6dd0dc34107e31308dbd3c7586c%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638336625516764021%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=z%2BDhPc1KqEb%2FJfk02UNx3Q5XueuwxPevACfEct2haJ4%3D&reserved=0 HTMLized: https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-tiloca-ace-workflow-and-params&data=05%7C01%7Cmarco.tiloca%40ri.se%7C58b1b6dd0dc34107e31308dbd3c7586c%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638336625516764021%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=UYO%2FlZxtxWHV43fc12DjxYTe%2BmZv8N6FOMsYWvr60xk%3D&reserved=0 Diff: https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fauthor-tools.ietf.org%2Fiddiff%3Furl2%3Ddraft-tiloca-ace-workflow-and-params-01&data=05%7C01%7Cmarco.tiloca%40ri.se%7C58b1b6dd0dc34107e31308dbd3c7586c%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638336625516764021%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=9xrJra5bagV%2FGQiKEjN75%2F4DDNMjQDfRxwg41u%2BFy4w%3D&reserved=0
Abstract: This document updates the Authentication and Authorization for Constrained Environments Framework (ACE, RFC 9200) as follows. First, it defines a new, alternative workflow that the Authorization Server can use for uploading an access token to a Resource Server on behalf of the Client. Second, it defines new parameters and encodings for the OAuth 2.0 token endpoint at the Authorization Server. The IETF Secretariat
OpenPGP_0xEE2664B40E58DA43.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
