| draft-ietf-ace-oscore-profile-03.txt | draft-ietf-ace-oscore-profile-04.txt | |||
|---|---|---|---|---|
| ACE Working Group L. Seitz | ACE Working Group F. Palombini | |||
| Internet-Draft RISE SICS AB | Internet-Draft Ericsson AB | |||
| Intended status: Standards Track F. Palombini | Intended status: Standards Track L. Seitz | |||
| Expires: April 4, 2019 Ericsson AB | Expires: April 11, 2019 RISE SICS AB | |||
| M. Gunnarsson | ||||
| RISE SICS AB | ||||
| G. Selander | G. Selander | |||
| Ericsson AB | Ericsson AB | |||
| October 1, 2018 | M. Gunnarsson | |||
| RISE SICS AB | ||||
| October 8, 2018 | ||||
| OSCORE profile of the Authentication and Authorization for Constrained | OSCORE profile of the Authentication and Authorization for Constrained | |||
| Environments Framework | Environments Framework | |||
| draft-ietf-ace-oscore-profile-03 | draft-ietf-ace-oscore-profile-04 | |||
| Abstract | Abstract | |||
| This memo specifies a profile for the Authentication and | This memo specifies a profile for the Authentication and | |||
| Authorization for Constrained Environments (ACE) framework. It | Authorization for Constrained Environments (ACE) framework. It | |||
| utilizes Object Security for Constrained RESTful Environments | utilizes Object Security for Constrained RESTful Environments | |||
| (OSCORE) to provide communication security, server authentication, | (OSCORE) to provide communication security, server authentication, | |||
| and proof-of-possession for a key owned by the client and bound to an | and proof-of-possession for a key owned by the client and bound to an | |||
| OAuth 2.0 access token. | OAuth 2.0 access token. | |||
| skipping to change at page 1, line 41 ¶ | skipping to change at page 1, line 41 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on April 4, 2019. | This Internet-Draft will expire on April 11, 2019. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2018 IETF Trust and the persons identified as the | Copyright (c) 2018 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 19 ¶ | skipping to change at page 2, line 19 ¶ | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Client-AS Communication . . . . . . . . . . . . . . . . . . . 5 | 3. Client-AS Communication . . . . . . . . . . . . . . . . . . . 5 | |||
| 3.1. C-to-AS: POST /token . . . . . . . . . . . . . . . . . . 5 | 3.1. C-to-AS: POST /token . . . . . . . . . . . . . . . . . . 5 | |||
| 3.2. AS-to-C: Access Token . . . . . . . . . . . . . . . . . . 6 | 3.2. AS-to-C: Access Token . . . . . . . . . . . . . . . . . . 7 | |||
| 4. Client-RS Communication . . . . . . . . . . . . . . . . . . . 11 | 4. Client-RS Communication . . . . . . . . . . . . . . . . . . . 11 | |||
| 4.1. C-to-RS: POST /authz-info . . . . . . . . . . . . . . . . 11 | 4.1. C-to-RS: POST /authz-info . . . . . . . . . . . . . . . . 12 | |||
| 4.2. RS-to-C: 2.01 (Created) . . . . . . . . . . . . . . . . . 11 | 4.2. RS-to-C: 2.01 (Created) . . . . . . . . . . . . . . . . . 12 | |||
| 4.3. OSCORE Setup . . . . . . . . . . . . . . . . . . . . . . 12 | 4.3. OSCORE Setup . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 4.4. Access rights verification . . . . . . . . . . . . . . . 13 | 4.4. Access rights verification . . . . . . . . . . . . . . . 15 | |||
| 5. Secure Communication with AS . . . . . . . . . . . . . . . . 14 | 5. Secure Communication with AS . . . . . . . . . . . . . . . . 15 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 14 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 15 | |||
| 7. Privacy Considerations . . . . . . . . . . . . . . . . . . . 15 | 7. Privacy Considerations . . . . . . . . . . . . . . . . . . . 16 | |||
| 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 | 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . 16 | 9.1. Normative References . . . . . . . . . . . . . . . . . . 18 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . 17 | 9.2. Informative References . . . . . . . . . . . . . . . . . 19 | |||
| Appendix A. Profile Requirements . . . . . . . . . . . . . . . . 17 | Appendix A. Profile Requirements . . . . . . . . . . . . . . . . 19 | |||
| Appendix B. Using the pop-key with EDHOC (EDHOC+OSCORE) . . . . 18 | Appendix B. Using the pop-key with EDHOC (EDHOC+OSCORE) . . . . 20 | |||
| B.1. Using Asymmetric Keys . . . . . . . . . . . . . . . . . . 18 | B.1. Using Asymmetric Keys . . . . . . . . . . . . . . . . . . 20 | |||
| B.2. Using Symmetric Keys . . . . . . . . . . . . . . . . . . 20 | B.2. Using Symmetric Keys . . . . . . . . . . . . . . . . . . 22 | |||
| B.3. Processing . . . . . . . . . . . . . . . . . . . . . . . 22 | B.3. Processing . . . . . . . . . . . . . . . . . . . . . . . 24 | |||
| Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 23 | Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 25 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26 | |||
| 1. Introduction | 1. Introduction | |||
| This memo specifies a profile of the ACE framework | This memo specifies a profile of the ACE framework | |||
| [I-D.ietf-ace-oauth-authz]. In this profile, a client and a resource | [I-D.ietf-ace-oauth-authz]. In this profile, a client and a resource | |||
| server use CoAP [RFC7252] to communicate. The client uses an access | server use CoAP [RFC7252] to communicate. The client uses an access | |||
| token, bound to a key (the proof-of-possession key) to authorize its | token, bound to a key (the proof-of-possession key) to authorize its | |||
| access to the resource server. In order to provide communication | access to the resource server. In order to provide communication | |||
| security, proof of possession, and server authentication they use | security, proof of possession, and server authentication they use | |||
| Object Security for Constrained RESTful Environments (OSCORE) | Object Security for Constrained RESTful Environments (OSCORE) | |||
| skipping to change at page 3, line 36 ¶ | skipping to change at page 3, line 36 ¶ | |||
| Terminology for entities in the architecture is defined in OAuth 2.0 | Terminology for entities in the architecture is defined in OAuth 2.0 | |||
| [RFC6749], such as client (C), resource server (RS), and | [RFC6749], such as client (C), resource server (RS), and | |||
| authorization server (AS). It is assumed in this document that a | authorization server (AS). It is assumed in this document that a | |||
| given resource on a specific RS is associated to a unique AS. | given resource on a specific RS is associated to a unique AS. | |||
| 2. Protocol Overview | 2. Protocol Overview | |||
| This section gives an overview on how to use the ACE Framework | This section gives an overview on how to use the ACE Framework | |||
| [I-D.ietf-ace-oauth-authz] to secure the communication between a | [I-D.ietf-ace-oauth-authz] to secure the communication between a | |||
| client and a resource server using OSCORE | client and a resource server using OSCORE | |||
| [I-D.ietf-core-object-security]. The parameters needed to negotiate | [I-D.ietf-core-object-security]. The parameters needed by the client | |||
| the use of this profile with the token resource at the authorization | to negotiate the use of this profile with the authorization server, | |||
| server as specified in section 5.6 of [I-D.ietf-ace-oauth-authz] are | as well as OSCORE setup process, are described in detail in the | |||
| described in detail in the following sections. | following sections. | |||
| This profile requires a client to retrieve an access token from the | This profile requires a client to retrieve an access token from the | |||
| AS for the resource it wants to access on a RS, using the token | AS for the resource it wants to access on a RS, using the token | |||
| endpoint, as specified in section 5.6.1 of | resource, as specified in section 5.6 of [I-D.ietf-ace-oauth-authz]. | |||
| [I-D.ietf-ace-oauth-authz]. To determine the AS in charge of a | To determine the AS in charge of a resource hosted at the RS, the | |||
| resource hosted at the RS, the client C MAY send an initial | client C MAY send an initial Unauthorized Resource Request message to | |||
| Unauthorized Resource Request message to the RS. The RS then denies | the RS. The RS then denies the request and sends the address of its | |||
| the request and sends the address of its AS back to the client C as | AS back to the client C as specified in section 5.1 of | |||
| specified in section 5.1 of [I-D.ietf-ace-oauth-authz]. The access | [I-D.ietf-ace-oauth-authz]. The access token request and response | |||
| token request and response MUST be confidentiality-protected and | MUST be confidentiality-protected and ensure authenticity. This | |||
| ensure authenticity. This profile RECOMMENDS the use of OSCORE | profile RECOMMENDS the use of OSCORE between client and AS, but TLS | |||
| between client and AS, but TLS or DTLS MAY be used additionally or | or DTLS MAY be used additionally or instead. | |||
| instead. | ||||
| Once the client has retrieved the access token, it forwards it to the | Once the client has retrieved the access token, it posts it to the RS | |||
| RS using the authz-info endpoint and mechanisms specified in section | using the authz-info resource and mechanisms specified in section 5.8 | |||
| 5.8.1. of [I-D.ietf-ace-oauth-authz]. If the access token is valid, | of [I-D.ietf-ace-oauth-authz]. If the access token is valid, the RS | |||
| the RS replies to this request with a 2.01 (Created) response, which | replies to this request with a 2.01 (Created) response, which | |||
| contains a nonce N1. | contains a nonce N1. | |||
| After receiving the nonce N1, the client generates a nonce N2, | After receiving the nonce N1, the client generates a nonce N2, | |||
| concatenates it with N1 and sets the ID Context in its Security | concatenates it with N1 and sets the ID Context in its Security | |||
| Context (see section 3 of [I-D.ietf-core-object-security]) to N1 | Context (see section 3 of [I-D.ietf-core-object-security]) to N1 | |||
| concatenated with N2. The client then derives the complete Security | concatenated with N2. The client then derives the complete Security | |||
| Context from the ID Context plus the parameters received from the AS. | Context from the ID Context plus the parameters received from the AS. | |||
| Finally, the client sends a request protected with OSCORE to the RS. | Finally, the client sends a request protected with OSCORE to the RS. | |||
| This message contains the ID Context value. When receiving this | This message contains the ID Context value. When receiving this | |||
| request after the 2.01 (Created) response, the server extract the ID | request after the 2.01 (Created) response, the server extract the ID | |||
| Context from it, verifies that the first part is equal to the nonce | Context from it, verifies that the first part is equal to the nonce | |||
| N1 it previously sent, and if so, sets its own ID Context and derives | N1 it previously sent, and if so, sets its own ID Context and derives | |||
| the complete Security Context from it plus the parameters received in | the complete Security Context from it plus the parameters received in | |||
| the AS, following section 3.2 of [I-D.ietf-core-object-security]. If | the AS, following section 3.2 of [I-D.ietf-core-object-security]. If | |||
| the request verifies, then this Security Context is stored in the | the request verifies, then this Security Context is stored in the | |||
| server, and used in the response, and in further communications with | server, and used in the response, and in further communications with | |||
| the client, until token expiration. The client will not include the | the client, until token expiration. Once the client receives a valid | |||
| ID Context value in further requests. | response, it does not continue to include the ID Context value in | |||
| further requests. | ||||
| An overview of the profile flow for the OSCORE profile is given in | An overview of the profile flow for the OSCORE profile is given in | |||
| Figure 1. | Figure 1. | |||
| C RS AS | C RS AS | |||
| | [-- Resource Request --->] | | | | [-- Resource Request --->] | | | |||
| | | | | | | | | |||
| | [<----- AS Information --] | | | | [<----- AS Information --] | | | |||
| | | | | | | | | |||
| | ----- POST /token ----------------------------> | | | ----- POST /token ----------------------------> | | |||
| skipping to change at page 5, line 38 ¶ | skipping to change at page 5, line 38 ¶ | |||
| | | | | | | | | |||
| | <--- OSCORE Response ----- | | | | <--- OSCORE Response ----- | | | |||
| | ... | | | | ... | | | |||
| Figure 1: Protocol Overview | Figure 1: Protocol Overview | |||
| 3. Client-AS Communication | 3. Client-AS Communication | |||
| The following subsections describe the details of the POST /token | The following subsections describe the details of the POST /token | |||
| request and response between client and AS. Section 3.2 of | request and response between client and AS. Section 3.2 of | |||
| [I-D.ietf-core-object-security] defines how to derive a security | [I-D.ietf-core-object-security] defines how to derive a Security | |||
| context based on a shared master secret and a set of other | Context based on a shared master secret and a set of other | |||
| parameters, established between client and server, which the client | parameters, established between client and server, which the client | |||
| receives from the AS in this exchange. The proof-of-possession key | receives from the AS in this exchange. The proof-of-possession key | |||
| (pop-key) provisioned from the AS MUST be used as master secret in | (pop-key) provisioned from the AS MUST be used as master secret in | |||
| OSCORE. | OSCORE. | |||
| 3.1. C-to-AS: POST /token | 3.1. C-to-AS: POST /token | |||
| The client-to-AS request is specified in Section 5.6.1 of | The client-to-AS request is specified in Section 5.6.1 of | |||
| [I-D.ietf-ace-oauth-authz]. | [I-D.ietf-ace-oauth-authz]. | |||
| If the client wants to update its access rights using the same OSCORE | ||||
| Security Context, it MUST include in its POST /token request a cnf | ||||
| object carrying the Sender ID in the kid field. This identifier can | ||||
| be used by the AS to determine the shared secret to construct the | ||||
| proof-of-possession token and therefore MUST specify a symmetric key | ||||
| that was previously generated by the AS as a shared secret for the | ||||
| communication between the client and the RS. | ||||
| The client MUST send this POST /token request over a secure channel | The client MUST send this POST /token request over a secure channel | |||
| that guarantees authentication, message integrity and confidentiality | that guarantees authentication, message integrity and confidentiality | |||
| (see Section 5). | (see Section 5). | |||
| An example of such a request, in CBOR diagnostic notation without the | An example of such a request, in CBOR diagnostic notation without the | |||
| tag and value abbreviations is reported in Figure 2 | tag and value abbreviations is reported in Figure 2 | |||
| Header: POST (Code=0.02) | Header: POST (Code=0.02) | |||
| Uri-Host: "as.example.com" | Uri-Host: "as.example.com" | |||
| Uri-Path: "token" | Uri-Path: "token" | |||
| Content-Format: "application/ace+cbor" | Content-Format: "application/ace+cbor" | |||
| Payload: | Payload: | |||
| { | { | |||
| "grant_type" : "client_credentials", | "grant_type" : "client_credentials", | |||
| "client_id" : "myclient", | "client_id" : "myclient", | |||
| "aud" : "tempSensor4711" | "req_aud" : "tempSensor4711", | |||
| "scope" : "read" | ||||
| } | } | |||
| Figure 2: Example C-to-AS POST /token request for an access token | Figure 2: Example C-to-AS POST /token request for an access token | |||
| bound to a symmetric key. | bound to a symmetric key. | |||
| If the client wants to update its access rights without changing an | ||||
| existing OSCORE Security Context, it MUST include in its POST /token | ||||
| request a req_cnf object carrying the client's identifier (that was | ||||
| assigned in section Section 3.2) in the kid field. This identifier | ||||
| can be used by the AS to determine the shared secret to construct the | ||||
| proof-of-possession token and therefore MUST identify a symmetric key | ||||
| that was previously generated by the AS as a shared secret for the | ||||
| communication between the client and the RS. The AS MUST verify that | ||||
| the received value identifies a proof-of-possession key and token | ||||
| that have previously been issued to the requesting client. If that | ||||
| is not the case, the Client-to-AS request MUST be declined with the | ||||
| error code 'invalid_request' as defined in Section 5.6.3 of | ||||
| [I-D.ietf-ace-oauth-authz]. | ||||
| An example of such a request, in CBOR diagnostic notation without the | ||||
| tag and value abbreviations is reported in Figure 3 | ||||
| Header: POST (Code=0.02) | ||||
| Uri-Host: "as.example.com" | ||||
| Uri-Path: "token" | ||||
| Content-Format: "application/ace+cbor" | ||||
| Payload: | ||||
| { | ||||
| "grant_type" : "client_credentials", | ||||
| "client_id" : "myclient", | ||||
| "req_aud" : "tempSensor4711", | ||||
| "scope" : "write", | ||||
| "req_cnf" : { | ||||
| "kid" : b64'Qg' | ||||
| } | ||||
| Figure 3: Example C-to-AS POST /token request for updating rights to | ||||
| an access token bound to a symmetric key. | ||||
| 3.2. AS-to-C: Access Token | 3.2. AS-to-C: Access Token | |||
| After verifying the POST /token request and that the client is | After verifying the POST /token request and that the client is | |||
| authorized to obtain an access token corresponding to its access | authorized to obtain an access token corresponding to its access | |||
| token request, the AS responds as defined in section 5.6.2 of | token request, the AS responds as defined in section 5.6.2 of | |||
| [I-D.ietf-ace-oauth-authz]. It signals that the use of OSCORE is | [I-D.ietf-ace-oauth-authz]. If the client request was invalid, or | |||
| REQUIRED for a specific access token by including the "profile" | not authorized, the AS returns an error response as described in | |||
| parameter with the value "coap_oscore" in the access token response. | section 5.6.3 of [I-D.ietf-ace-oauth-authz]. | |||
| This means that the client MUST use OSCORE towards all resource | ||||
| servers for which this access token is valid, and follow Section 4.3 | ||||
| to derive the security context to run OSCORE. | ||||
| The error response procedures defined in section 5.6.3 of the ACE | The AS signals that the use of OSCORE is REQUIRED for a specific | |||
| framework are unchanged by this profile. | access token by including the "profile" parameter with the value | |||
| "coap_oscore" in the access token response. This means that the | ||||
| client MUST use OSCORE towards all resource servers for which this | ||||
| access token is valid, and follow Section 4.3 to derive the security | ||||
| context to run OSCORE. | ||||
| Moreover, the AS MUST provision the following data: | Moreover, the AS MUST provision the following data: | |||
| o a master secret | o a master secret | |||
| o a client identifier | o a client identifier | |||
| o a server identifier | o a server identifier | |||
| Additionally, the AS MAY provision the following data, in the same | Additionally, the AS MAY provision the following data, in the same | |||
| response. | response. | |||
| o an AEAD algorithm | o an AEAD algorithm | |||
| o an HKDF algorithm | o an HKDF algorithm | |||
| o a salt | o a salt | |||
| o a replay window type and size | o a replay window type and size | |||
| The master secret MUST be communicated as COSE_Key in the 'cnf' | The master secret MUST be communicated as COSE_Key in the 'cnf' | |||
| parameter of the access token response as defined in Section 5.6.4.5 | parameter of the access token response as defined in Section 3.2 of | |||
| of [I-D.ietf-ace-oauth-authz]. The AEAD algorithm MAY be included as | [I-D.ietf-ace-oauth-params]. The AEAD algorithm MAY be included as | |||
| the 'alg' parameter in the COSE_Key; the HKDF algorithm MAY be | the 'alg' parameter in the COSE_Key; the HKDF algorithm MAY be | |||
| included as the 'hkdf' parameter of the COSE_Key and the salt MAY be | included as the 'hkdf' parameter of the COSE_Key and the salt MAY be | |||
| included as the 'slt' parameter of the COSE_Key as defined in | included as the 'slt' parameter of the COSE_Key as defined in | |||
| Figure 3. | Figure 4. | |||
| The same parameters MUST be included as metadata of the access token. | The same parameters MUST be included as metadata of the access token. | |||
| This profile RECOMMENDS the use of CBOR web token (CWT) as specified | This profile RECOMMENDS the use of CBOR web token (CWT) as specified | |||
| in [RFC8392]. If the token is a CWT, the same COSE_Key structure | in [RFC8392]. If the token is a CWT, the same COSE_Key structure | |||
| defined above MUST be placed in the 'cnf' claim of this token. | defined above MUST be placed in the 'cnf' claim of this token. | |||
| The AS MUST also assign identifiers to both client and RS, which are | The AS MUST also assign identifiers to both client and RS, which are | |||
| then used as Sender ID and Recipient ID in the OSCORE context as | then used as Sender ID and Recipient ID in the OSCORE context as | |||
| described in section 3.1 of [I-D.ietf-core-object-security]. These | described in section 3.1 of [I-D.ietf-core-object-security]. These | |||
| identifiers MUST be unique in the set of all clients and RS | identifiers MUST be unique in the set of all clients and RS | |||
| identifiers for a certain AS. Moreover, these MUST be included in | identifiers for a certain AS. Moreover, these MUST be included in | |||
| the COSE_Key as header parameters, as defined in Figure 3. | the COSE_Key as header parameters, as defined in Figure 4. | |||
| We assume in this document that a resource is associated to one | We assume in this document that a resource is associated to one | |||
| single AS, which makes it possible to assume unique identifiers for | single AS, which makes it possible to assume unique identifiers for | |||
| each client requesting a particular resource to a RS. If this is not | each client requesting a particular resource to a RS. If this is not | |||
| the case, collisions of identifiers may appear in the RS, in which | the case, collisions of identifiers may appear in the RS, in which | |||
| case the RS needs to have a mechanism in place to disambiguate | case the RS needs to have a mechanism in place to disambiguate | |||
| identifiers or mitigate their effect. | identifiers or mitigate their effect. | |||
| Note that C should set the Sender ID of its Security Context to the | Note that in Section 4.3 C sets the Sender ID of its Security Context | |||
| clientId value received and the Recipient ID to the serverId value, | to the clientId value received and the Recipient ID to the serverId | |||
| and RS should do the opposite. | value, and RS does the opposite. | |||
| +----------+-------+--------------+------------+-------------------+ | +----------+-------+--------------+------------+-------------------+ | |||
| | name | label | CBOR type | registry | description | | | name | label | CBOR type | registry | description | | |||
| +----------+-------+--------------+------------+-------------------+ | +----------+-------+--------------+------------+-------------------+ | |||
| | clientId | TBD1 | bstr | | Identifies the | | | clientId | TBD1 | bstr | | Identifies the | | |||
| | | | | | client in an | | | | | | | client in an | | |||
| | | | | | OSCORE context | | | | | | | OSCORE context | | |||
| | | | | | using this key | | | | | | | using this key | | |||
| | | | | | | | | | | | | | | |||
| | serverId | TBD2 | bstr | | Identifies the | | | serverId | TBD2 | bstr | | Identifies the | | |||
| skipping to change at page 8, line 29 ¶ | skipping to change at page 9, line 29 ¶ | |||
| | | | | | KDF algorithm in | | | | | | | KDF algorithm in | | |||
| | | | | | an OSCORE context | | | | | | | an OSCORE context | | |||
| | | | | | using this key | | | | | | | using this key | | |||
| | | | | | | | | | | | | | | |||
| | slt | TBD4 | bstr | | Identifies the | | | slt | TBD4 | bstr | | Identifies the | | |||
| | | | | | master salt in | | | | | | | master salt in | | |||
| | | | | | an OSCORE context | | | | | | | an OSCORE context | | |||
| | | | | | using this key | | | | | | | using this key | | |||
| +----------+-------+--------------+------------+-------------------+ | +----------+-------+--------------+------------+-------------------+ | |||
| Figure 3: Additional COSE_Key Common Parameters | Figure 4: Additional COSE_Key Common Parameters | |||
| Figure 4 shows an example of such an AS response, in CBOR diagnostic | Figure 5 shows an example of such an AS response, in CBOR diagnostic | |||
| notation without the tag and value abbreviations. | notation without the tag and value abbreviations. | |||
| Header: Created (Code=2.01) | Header: Created (Code=2.01) | |||
| Content-Type: "application/cose+cbor" | Content-Type: "application/cose+cbor" | |||
| Payload: | Payload: | |||
| { | { | |||
| "access_token" : b64'SlAV32hkKG ... | "access_token" : b64'SlAV32hkKG ... | |||
| (remainder of access token omitted for brevity)', | (remainder of access token omitted for brevity)', | |||
| "profile" : "coap_oscore", | "profile" : "coap_oscore", | |||
| "expires_in" : "3600", | "expires_in" : "3600", | |||
| skipping to change at page 9, line 24 ¶ | skipping to change at page 10, line 24 ¶ | |||
| "COSE_Key" : { | "COSE_Key" : { | |||
| "kty" : "Symmetric", | "kty" : "Symmetric", | |||
| "alg" : "AES-CCM-16-64-128", | "alg" : "AES-CCM-16-64-128", | |||
| "clientId" : b64'qA', | "clientId" : b64'qA', | |||
| "serverId" : b64'Qg', | "serverId" : b64'Qg', | |||
| "k" : b64'+a+Dg2jjU+eIiOFCa9lObw' | "k" : b64'+a+Dg2jjU+eIiOFCa9lObw' | |||
| } | } | |||
| } | } | |||
| } | } | |||
| Figure 4: Example AS-to-C Access Token response with OSCORE profile. | Figure 5: Example AS-to-C Access Token response with OSCORE profile. | |||
| Figure 5 shows an example CWT, containing the necessary OSCORE | Figure 6 shows an example CWT, containing the necessary OSCORE | |||
| parameters in the 'cnf' claim, in CBOR diagnostic notation without | parameters in the 'cnf' claim, in CBOR diagnostic notation without | |||
| tag and value abbreviations. | tag and value abbreviations. | |||
| { | { | |||
| "aud" : "tempSensorInLivingRoom", | "aud" : "tempSensorInLivingRoom", | |||
| "iat" : "1360189224", | "iat" : "1360189224", | |||
| "exp" : "1360289224", | "exp" : "1360289224", | |||
| "scope" : "temperature_g firmware_p", | "scope" : "temperature_g firmware_p", | |||
| "cnf" : { | "cnf" : { | |||
| "COSE_Key" : { | "COSE_Key" : { | |||
| "kty" : "Symmetric", | "kty" : "Symmetric", | |||
| "alg" : "AES-CCM-16-64-128", | "alg" : "AES-CCM-16-64-128", | |||
| "clientId" : b64'Qg', | "clientId" : b64'Qg', | |||
| "serverId" : b64'qA', | "serverId" : b64'qA', | |||
| "k" : b64'+a+Dg2jjU+eIiOFCa9lObw' | "k" : b64'+a+Dg2jjU+eIiOFCa9lObw' | |||
| } | } | |||
| } | } | |||
| Figure 5: Example CWT with OSCORE parameters. | Figure 6: Example CWT with OSCORE parameters. | |||
| If the client has requested an update to its access rights using the | If the client has requested an update to its access rights using the | |||
| same OSCORE Security Context, and the token associated with it is not | same OSCORE Security Context, which is valid and authorized, the AS | |||
| expired, the AS MAY omit the master secret and server identifier both | MUST omit the 'cnf' parameter in the response, and MUST carry the | |||
| in the COSE_Key in the 'cnf' parameter and in the token. The client | client identifier in the 'kid' field in the 'cnf' parameter of the | |||
| identifier needs to be provisioned, in order for the RS to identify | token. The client identifier needs to be provisioned, in order for | |||
| the previously generated Security Context. | the RS to identify the previously generated Security Context. | |||
| Figure 6 shows an example of such an AS response, in CBOR diagnostic | Figure 7 shows an example of such an AS response, in CBOR diagnostic | |||
| notation without the tag and value abbreviations. | notation without the tag and value abbreviations. | |||
| Header: Created (Code=2.01) | Header: Created (Code=2.01) | |||
| Content-Type: "application/cose+cbor" | Content-Type: "application/cose+cbor" | |||
| Payload: | Payload: | |||
| { | { | |||
| "access_token" : b64'SlAV32hkKG ... | "access_token" : b64'SlAV32hkKG ... | |||
| (remainder of access token omitted for brevity)', | (remainder of access token omitted for brevity)', | |||
| "profile" : "coap_oscore", | "profile" : "coap_oscore", | |||
| "expires_in" : "3600", | "expires_in" : "3600" | |||
| "cnf" : { | ||||
| "COSE_Key" : { | ||||
| "clientId" : b64'qA' | ||||
| } | ||||
| } | ||||
| } | } | |||
| Figure 6: Example AS-to-C Access Token response with OSCORE profile, | Figure 7: Example AS-to-C Access Token response with OSCORE profile, | |||
| for update of access rights. | for update of access rights. | |||
| Figure 7 shows an example CWT, containing the necessary OSCORE | Figure 8 shows an example CWT, containing the necessary OSCORE | |||
| parameters in the 'cnf' claim for update of access rights, in CBOR | parameters in the 'cnf' claim for update of access rights, in CBOR | |||
| diagnostic notation without tag and value abbreviations. | diagnostic notation without tag and value abbreviations. | |||
| { | { | |||
| "aud" : "tempSensorInLivingRoom", | "aud" : "tempSensorInLivingRoom", | |||
| "iat" : "1360189224", | "iat" : "1360189224", | |||
| "exp" : "1360289224", | "exp" : "1360289224", | |||
| "scope" : "temperature_h", | "scope" : "temperature_h", | |||
| "cnf" : { | "cnf" : { | |||
| "COSE_Key" : { | "kid" : b64'Qg' | |||
| "clientId" : b64'Qg' | ||||
| } | } | |||
| } | } | |||
| Figure 7: Example CWT with OSCORE parameters for update of access | Figure 8: Example CWT with OSCORE parameters for update of access | |||
| rights. | rights. | |||
| 4. Client-RS Communication | 4. Client-RS Communication | |||
| The following subsections describe the details of the POST /authz- | The following subsections describe the details of the POST /authz- | |||
| info request and response between client and RS. The client posts | info request and response between client and RS. The client posts | |||
| the token that includes the materials provisioned by the AS to the | the token that includes the materials provisioned by the AS to the | |||
| RS, which can then use Section 3.2 of [I-D.ietf-core-object-security] | RS, which can then use Section 3.2 of [I-D.ietf-core-object-security] | |||
| to derive a security context based on a shared master secret and a | to derive a security context based on a shared master secret and a | |||
| set of other parameters, established between client and server. | set of other parameters, established between client and server. | |||
| Note that the proof-of-possession required to bind the access token | Note that the proof-of-possession required to bind the access token | |||
| to the client is implicitly performed by generating the shared OSCORE | to the client is implicitly performed by generating the shared OSCORE | |||
| Security Context using the pop-key as master secret, for both client | Security Context using the pop-key as master secret, for both client | |||
| and RS. An attacker using a stolen token will not be able to | and RS. An attacker using a stolen token will not be able to | |||
| generate a valid OSCORE context and thus not be able to prove | generate a valid OSCORE context and thus not be able to prove | |||
| possession of the pop-key. | possession of the pop-key. | |||
| 4.1. C-to-RS: POST /authz-info | 4.1. C-to-RS: POST /authz-info | |||
| The client MUST use CoAP and the Authorization Information endpoint | The client MUST use CoAP and the Authorization Information resource | |||
| as described in section 5.8.1 of [I-D.ietf-ace-oauth-authz] to | as described in section 5.8.1 of [I-D.ietf-ace-oauth-authz] to | |||
| transport the token to the RS. | transport the token to the RS. | |||
| The authz-info endpoint is not protected, nor are the responses from | The authz-info resource is not protected, nor are the responses from | |||
| this endpoint. | this resource. | |||
| The access token MUST be encrypted, since it is transferred from the | The access token MUST be encrypted, since it is transferred from the | |||
| client to the RS over an unprotected channel. | client to the RS over an unprotected channel. | |||
| Figure 8 shows an example of the request sent from the client to the | Note that a client may be required to re-POST the access token, since | |||
| an RS may delete a stored access token, due to lack of memory. | ||||
| Figure 9 shows an example of the request sent from the client to the | ||||
| RS. | RS. | |||
| Header: POST (Code=0.02) | Header: POST (Code=0.02) | |||
| Uri-Host: "rs.example.com" | Uri-Host: "rs.example.com" | |||
| Uri-Path: "authz-info" | Uri-Path: "authz-info" | |||
| Content-Format: "application/cwt" | Content-Format: "application/cwt" | |||
| Payload: | Payload: | |||
| b64'SlAV32hkKG ... | b64'SlAV32hkKG ... | |||
| (remainder of access token omitted for brevity)', | (remainder of access token omitted for brevity)', | |||
| Figure 8: Example C-to-RS POST /authz-info request using CWT | Figure 9: Example C-to-RS POST /authz-info request using CWT | |||
| 4.2. RS-to-C: 2.01 (Created) | 4.2. RS-to-C: 2.01 (Created) | |||
| The RS MUST follow the procedures defined in section 5.8.1 of | The RS MUST follow the procedures defined in section 5.8.1 of | |||
| [I-D.ietf-ace-oauth-authz]: the RS MUST verify the validity of the | [I-D.ietf-ace-oauth-authz]: the RS MUST verify the validity of the | |||
| token. If the token is valid, the RS MUST respond to the POST | token. If the token is valid, the RS MUST respond to the POST | |||
| request with 2.01 (Created). This response MAY contain an identifier | request with 2.01 (Created). If the token is valid but is associated | |||
| of the token (e.g., the cti for a CWT) as a payload, in order to | to claims that the RS cannot process (e.g., an unknown scope) the RS | |||
| allow the client to refer to the token. If the token is valid but is | MUST respond with a response code equivalent to the CoAP code 4.00 | |||
| associated to claims that the RS cannot process (e.g., an unknown | (Bad Request). In the latter case the RS MAY provide additional | |||
| scope) the RS MUST respond with a response code equivalent to the | information in the error response, in order to clarify what went | |||
| CoAP code 4.00 (Bad Request). In the latter case the RS MAY provide | wrong. The RS MAY make an introspection request to validate the | |||
| additional information in the error response, in order to clarify | token before responding to the POST request to the authz-info | |||
| what went wrong. The RS MAY make an introspection request to | resource. | |||
| validate the token before responding to the POST request to the | ||||
| authz-info endpoint. | ||||
| Additionally, the RS MUST generate a nonce (N1) with a good amount of | Additionally, the RS MUST generate a nonce (N1) with a good amount of | |||
| randomness, and include it in the payload of the 2.01 (Created) | randomness, and include it in the payload of the 2.01 (Created) | |||
| response as a CBOR byte string. This profile RECOMMENDS to use a | response as a CBOR byte string. This profile RECOMMENDS to use a | |||
| nonce of 64 bits. The RS MUST store this nonce as long as the access | nonce of 64 bits. The RS MUST store this nonce as long as the access | |||
| token related to it is still valid. | token related to it is still valid. | |||
| Figure 9 shows an example of the response sent from the RS to the | Note that, when using this profile, an identifier of the token (e.g., | |||
| the cti for a CWT) is not transported in the payload of this request, | ||||
| as section 5.8.1 of [I-D.ietf-ace-oauth-authz] allows. | ||||
| Figure 10 shows an example of the response sent from the RS to the | ||||
| client. | client. | |||
| Header: Created (Code=2.01) | Header: Created (Code=2.01) | |||
| Content-Format: "application/cbor" | Content-Format: "application/cbor" | |||
| Payload: | Payload: | |||
| h'018a278f7faab55a', | h'018a278f7faab55a', | |||
| Figure 9: Example RS-to-C 2.01 (Created) response | Figure 10: Example RS-to-C 2.01 (Created) response | |||
| When receiving an updated access token with updated authorization | ||||
| information from the client (see section Section 3.1), it is | ||||
| RECOMMENDED that the RS overwrites the previous token, that is only | ||||
| the latest authorization information in the token received by the RS | ||||
| is valid. This simplifies for the RS to keep track of authorization | ||||
| information for a given client. | ||||
| As specified in section 5.8.3 of [I-D.ietf-ace-oauth-authz], the RS | As specified in section 5.8.3 of [I-D.ietf-ace-oauth-authz], the RS | |||
| MUST notify the client with an error response with code 4.01 | MUST notify the client with an error response with code 4.01 | |||
| (Unauthorized) for any long running request before terminating the | (Unauthorized) for any long running request before terminating the | |||
| session, when the access token expires. | session, when the access token expires. | |||
| 4.3. OSCORE Setup | 4.3. OSCORE Setup | |||
| Once receiving the 2.01 (Created) response from the RS, following the | Once receiving the 2.01 (Created) response from the RS, following the | |||
| POST /authz-info request, the client MUST extract the nonce N1 from | POST /authz-info request, the client MUST extract the nonce N1 from | |||
| skipping to change at page 13, line 48 ¶ | skipping to change at page 15, line 8 ¶ | |||
| responses are used, as specified in section 8 of | responses are used, as specified in section 8 of | |||
| [I-D.ietf-core-object-security]. Additionally, if OSCORE | [I-D.ietf-core-object-security]. Additionally, if OSCORE | |||
| verification succeeds, the verification of access rights is performed | verification succeeds, the verification of access rights is performed | |||
| as described in section Section 4.4. The RS MUST NOT use the | as described in section Section 4.4. The RS MUST NOT use the | |||
| Security Context after the related token has expired, and MUST | Security Context after the related token has expired, and MUST | |||
| respond with a unprotected 4.01 (Unauthorized) error message. | respond with a unprotected 4.01 (Unauthorized) error message. | |||
| 4.4. Access rights verification | 4.4. Access rights verification | |||
| The RS MUST follow the procedures defined in section 5.8.2 of | The RS MUST follow the procedures defined in section 5.8.2 of | |||
| [I-D.ietf-ace-oauth-authz]: if an RS receives a OSCORE-protected | [I-D.ietf-ace-oauth-authz]: if an RS receives an OSCORE-protected | |||
| request from a client, then it processes according to | request from a client, then it processes according to | |||
| [I-D.ietf-core-object-security]. If OSCORE verification succeeds, | [I-D.ietf-core-object-security]. If OSCORE verification succeeds, | |||
| and the target resource requires authorization, the RS retrieves the | and the target resource requires authorization, the RS retrieves the | |||
| authorization information from the access token associated to the | authorization information from the access token associated to the | |||
| Security Context. The RS then MUST verify that the authorization | Security Context. The RS then MUST verify that the authorization | |||
| information covers the resource and the action requested. | information covers the resource and the action requested. | |||
| The response code MUST be 4.01 (Unauthorized) in case the client has | The response code MUST be 4.01 (Unauthorized) in case the client has | |||
| not used the Security Context associated with the access token, or if | not used the Security Context associated with the access token, or if | |||
| RS has no valid access token for the client. If RS has an access | RS has no valid access token for the client. If RS has an access | |||
| token for the client but not for the resource that was requested, RS | token for the client but not for the resource that was requested, RS | |||
| MUST reject the request with a 4.03 (Forbidden). If RS has an access | MUST reject the request with a 4.03 (Forbidden). If RS has an access | |||
| token for the client but it does not cover the action that was | token for the client but it does not cover the action that was | |||
| requested on the resource, RS MUST reject the request with a 4.05 | requested on the resource, RS MUST reject the request with a 4.05 | |||
| (Method Not Allowed). | (Method Not Allowed). | |||
| 5. Secure Communication with AS | 5. Secure Communication with AS | |||
| As specified in the ACE framework (section 5.7 of | As specified in the ACE framework (section 5.7 of | |||
| [I-D.ietf-ace-oauth-authz]), the requesting entity (RS and/or client) | [I-D.ietf-ace-oauth-authz]), the requesting entity (RS and/or client) | |||
| and the AS communicates via the introspection or token endpoint. The | and the AS communicates via the introspection or token resource. The | |||
| use of CoAP and OSCORE for this communication is RECOMMENDED in this | use of CoAP and OSCORE for this communication is RECOMMENDED in this | |||
| profile, other protocols (such as HTTP and DTLS or TLS) MAY be used | profile, other protocols (such as HTTP and DTLS or TLS) MAY be used | |||
| instead. | instead. | |||
| If OSCORE is used, the requesting entity and the AS are expected to | If OSCORE is used, the requesting entity and the AS are expected to | |||
| have pre-established security contexts in place. How these security | have pre-established security contexts in place. How these security | |||
| contexts are established is out of scope for this profile. | contexts are established is out of scope for this profile. | |||
| Furthermore the requesting entity and the AS communicate using OSCORE | Furthermore the requesting entity and the AS communicate using OSCORE | |||
| ([I-D.ietf-core-object-security]) through the introspection endpoint | ([I-D.ietf-core-object-security]) through the introspection resource | |||
| as specified in section 5.7 of [I-D.ietf-ace-oauth-authz] and through | as specified in section 5.7 of [I-D.ietf-ace-oauth-authz] and through | |||
| the token endpoint as specified in section 5.6 of | the token resource as specified in section 5.6 of | |||
| [I-D.ietf-ace-oauth-authz]. | [I-D.ietf-ace-oauth-authz]. | |||
| 6. Security Considerations | 6. Security Considerations | |||
| This document specifies a profile for the Authentication and | This document specifies a profile for the Authentication and | |||
| Authorization for Constrained Environments (ACE) framework | Authorization for Constrained Environments (ACE) framework | |||
| [I-D.ietf-ace-oauth-authz]. Thus the general security considerations | [I-D.ietf-ace-oauth-authz]. Thus the general security considerations | |||
| from the framework also apply to this profile. | from the framework also apply to this profile. | |||
| Furthermore the general security considerations of OSCORE | Furthermore the general security considerations of OSCORE | |||
| skipping to change at page 15, line 7 ¶ | skipping to change at page 16, line 13 ¶ | |||
| the OSCORE protocol. | the OSCORE protocol. | |||
| OSCORE is designed to secure point-to-point communication, providing | OSCORE is designed to secure point-to-point communication, providing | |||
| a secure binding between the request and the response(s). Thus the | a secure binding between the request and the response(s). Thus the | |||
| basic OSCORE protocol is not intended for use in point-to-multipoint | basic OSCORE protocol is not intended for use in point-to-multipoint | |||
| communication (e.g. multicast, publish-subscribe). Implementers of | communication (e.g. multicast, publish-subscribe). Implementers of | |||
| this profile should make sure that their usecase corresponds to the | this profile should make sure that their usecase corresponds to the | |||
| expected use of OSCORE, to prevent weakening the security assurances | expected use of OSCORE, to prevent weakening the security assurances | |||
| provided by OSCORE. | provided by OSCORE. | |||
| TODO: explain the rationale for the nonces construction, and the | The use of nonces during the OSCORE Setup Section 4.3 prevents the | |||
| security implications for Man-in-the-Middle attacks. | reuse of AEAD nonces in the RS Security Context, in case the RS loses | |||
| the Security Context associated with a client (e.g. in case of | ||||
| unplanned reboot) and receives a replayed access token. In fact, by | ||||
| using random nonces as ID Context, the POST /auth-info request | ||||
| results in a different Security Context, since Master Secret, Sender | ||||
| ID and Recipient ID are the same but ID Context is different. | ||||
| Therefore, the main requirement for the nonces is that they have a | ||||
| good amount of randomness. Moreover, the client echoes the nonce | ||||
| created by the RS, which verifies it before deriving the Security | ||||
| Context, and this protects against an adversary acting as a Man-in- | ||||
| the-Middle and substituting the nonce in transit from client to RS to | ||||
| provoke the creation of different Security Contexts in the client and | ||||
| RS. | ||||
| This profiles recommends that the RS maintains a single access token | ||||
| for a client. The use of multiple access tokens for a single client | ||||
| increases the strain on the resource server as it must consider every | ||||
| access token and calculate the actual permissions of the client. | ||||
| Also, tokens may contradict each other which may lead the server to | ||||
| enforce wrong permissions. If one of the access tokens expires | ||||
| earlier than others, the resulting permissions may offer insufficient | ||||
| protection. Developers should avoid using multiple access tokens for | ||||
| a client. | ||||
| 7. Privacy Considerations | 7. Privacy Considerations | |||
| TBD. | This document specifies a profile for the Authentication and | |||
| Authorization for Constrained Environments (ACE) framework | ||||
| [I-D.ietf-ace-oauth-authz]. Thus the general privacy considerations | ||||
| from the framework also apply to this profile. | ||||
| As this document uses OSCORE, thus the privacy considerations from | ||||
| [I-D.ietf-core-object-security] apply here as well. | ||||
| An unprotected response to an unauthorized request may disclose | ||||
| information about the resource server and/or its existing | ||||
| relationship with the client. It is advisable to include as little | ||||
| information as possible in an unencrypted response. When an OSCORE | ||||
| Security Context already exists between the client and the resource | ||||
| server, more detailed information may be included. | ||||
| Note that some information might still leak after OSCORE is | ||||
| established, due to observable message sizes, the source, and the | ||||
| destination addresses. | ||||
| 8. IANA Considerations | 8. IANA Considerations | |||
| Note to RFC Editor: Please replace all occurrences of "[[this | Note to RFC Editor: Please replace all occurrences of "[[this | |||
| specification]]" with the RFC number of this specification and delete | specification]]" with the RFC number of this specification and delete | |||
| this paragraph. | this paragraph. | |||
| The following registration is done for the ACE OAuth Profile Registry | The following registration is done for the ACE OAuth Profile Registry | |||
| following the procedure specified in section 8.6 of | following the procedure specified in section 8.7 of | |||
| [I-D.ietf-ace-oauth-authz]: | [I-D.ietf-ace-oauth-authz]: | |||
| o Profile name: coap_oscore | o Profile name: coap_oscore | |||
| o Profile Description: Profile for using OSCORE to secure | o Profile Description: Profile for using OSCORE to secure | |||
| communication between constrained nodes using the Authentication | communication between constrained nodes using the Authentication | |||
| and Authorization for Constrained Environments framework. | and Authorization for Constrained Environments framework. | |||
| o Profile ID: TBD (value between 1 and 255) | o Profile ID: TBD (value between 1 and 255) | |||
| o Change Controller: IESG | o Change Controller: IESG | |||
| o Specification Document(s): [[this specification]] | o Specification Document(s): [[this specification]] | |||
| skipping to change at page 16, line 28 ¶ | skipping to change at page 18, line 26 ¶ | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [I-D.ietf-ace-oauth-authz] | [I-D.ietf-ace-oauth-authz] | |||
| Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and | Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and | |||
| H. Tschofenig, "Authentication and Authorization for | H. Tschofenig, "Authentication and Authorization for | |||
| Constrained Environments (ACE) using the OAuth 2.0 | Constrained Environments (ACE) using the OAuth 2.0 | |||
| Framework (ACE-OAuth)", draft-ietf-ace-oauth-authz-15 | Framework (ACE-OAuth)", draft-ietf-ace-oauth-authz-15 | |||
| (work in progress), September 2018. | (work in progress), September 2018. | |||
| [I-D.ietf-ace-oauth-params] | ||||
| Seitz, L., "Additional OAuth Parameters for Authorization | ||||
| in Constrained Environments (ACE)", draft-ietf-ace-oauth- | ||||
| params-00 (work in progress), September 2018. | ||||
| [I-D.ietf-core-object-security] | [I-D.ietf-core-object-security] | |||
| Selander, G., Mattsson, J., Palombini, F., and L. Seitz, | Selander, G., Mattsson, J., Palombini, F., and L. Seitz, | |||
| "Object Security for Constrained RESTful Environments | "Object Security for Constrained RESTful Environments | |||
| (OSCORE)", draft-ietf-core-object-security-15 (work in | (OSCORE)", draft-ietf-core-object-security-15 (work in | |||
| progress), August 2018. | progress), August 2018. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| skipping to change at page 18, line 34 ¶ | skipping to change at page 20, line 38 ¶ | |||
| asymmetric) is used to authenticate the messages in EDHOC, then the | asymmetric) is used to authenticate the messages in EDHOC, then the | |||
| AS MUST provision the following data, in response to the access token | AS MUST provision the following data, in response to the access token | |||
| request: | request: | |||
| o a symmetric or public key (associated to the RS) | o a symmetric or public key (associated to the RS) | |||
| o a key identifier; | o a key identifier; | |||
| How these parameters are communicated depends on the type of key | How these parameters are communicated depends on the type of key | |||
| (asymmetric or symmetric). Moreover, the AS MUST signal the use of | (asymmetric or symmetric). Moreover, the AS MUST signal the use of | |||
| OSCORE + EDHOC with the 'profile' parameter set to | OSCORE + EDHOC with the 'profile' parameter set to | |||
| "coap_oscore_edhoc" and follow Appendix B to derive the security | "coap_oscore_edhoc". | |||
| context to run OSCORE. | ||||
| Note that in the case described in this section, the 'expires_in' | Note that in the case described in this section, the 'expires_in' | |||
| parameter, defined in Section 4.2.2. of [RFC6749] defines the | parameter, defined in Section 4.2.2. of [RFC6749] defines the | |||
| lifetime in seconds of both the access token and the shared secret. | lifetime in seconds of both the access token and the shared secret. | |||
| After expiration, C MUST acquire a new access token from the AS, and | After expiration, C MUST acquire a new access token from the AS, and | |||
| run EDHOC again, as specified in this section | run EDHOC again, as specified in this section | |||
| B.1. Using Asymmetric Keys | B.1. Using Asymmetric Keys | |||
| In case of an asymmetric key, C MUST communicate its own asymmetric | In case of an asymmetric key, C MUST communicate its own asymmetric | |||
| key to the AS in the 'cnf' parameter of the access token request, as | key to the AS in the 'req_cnf' parameter of the access token request, | |||
| specified in Section 5.6.1 of [I-D.ietf-ace-oauth-authz]; the AS MUST | as specified in Section 3.1 of [I-D.ietf-ace-oauth-params]; the AS | |||
| communicate the RS's public key to C in the response, in the 'rs_cnf' | MUST communicate the RS's public key to C in the response, in the | |||
| parameter, as specified in Section 5.6.1 of | 'rs_cnf' parameter, as specified in Section 3.2 of | |||
| [I-D.ietf-ace-oauth-authz]. Note that the RS's public key MUST | [I-D.ietf-ace-oauth-params]. Note that the RS's public key MUST | |||
| include a 'kid' parameter, and that the value of the 'kid' MUST be | include a 'kid' parameter, and that the value of the 'kid' MUST be | |||
| included in the access token, to let the RS know which of its public | included in the access token, to let the RS know which of its public | |||
| keys C used. If the access token is a CWT [RFC8392], the key | keys C used. If the access token is a CWT [RFC8392], the key | |||
| identifier MUST be placed directly in the 'cnf' structure (if the key | identifier MUST be placed directly in the 'cnf' structure (if the key | |||
| is only referenced). | is only referenced). | |||
| Figure 3 shows an example of such a request in CBOR diagnostic | Figure 3 shows an example of such a request in CBOR diagnostic | |||
| notation without tag and value abbreviations. | notation without tag and value abbreviations. | |||
| Header: POST (Code=0.02) | Header: POST (Code=0.02) | |||
| Uri-Host: "server.example.com" | Uri-Host: "server.example.com" | |||
| Uri-Path: "token" | Uri-Path: "token" | |||
| Content-Type: "application/cose+cbor" | Content-Type: "application/cose+cbor" | |||
| Payload: | Payload: | |||
| { | { | |||
| "grant_type" : "client_credentials", | "grant_type" : "client_credentials", | |||
| "cnf" : { | "req_cnf" : { | |||
| "COSE_Key" : { | "COSE_Key" : { | |||
| "kid" : "client_key" | "kid" : "client_key" | |||
| "kty" : "EC", | "kty" : "EC", | |||
| "crv" : "P-256", | "crv" : "P-256", | |||
| "x" : b64'usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8', | "x" : b64'usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8', | |||
| "y" : b64'IBOL+C3BttVivg+lSreASjpkttcsz+1rb7btKLv8EX4' | "y" : b64'IBOL+C3BttVivg+lSreASjpkttcsz+1rb7btKLv8EX4' | |||
| } | } | |||
| } | } | |||
| } | } | |||
| skipping to change at page 20, line 30 ¶ | skipping to change at page 22, line 30 ¶ | |||
| } | } | |||
| } | } | |||
| } | } | |||
| Figure 4: Example AS response (EDHOC+OSCORE, asymmetric). | Figure 4: Example AS response (EDHOC+OSCORE, asymmetric). | |||
| B.2. Using Symmetric Keys | B.2. Using Symmetric Keys | |||
| In the case of a symmetric key, the AS MUST communicate the key to | In the case of a symmetric key, the AS MUST communicate the key to | |||
| the client in the 'cnf' parameter of the access token response, as | the client in the 'cnf' parameter of the access token response, as | |||
| specified in Section 5.6.2. of [I-D.ietf-ace-oauth-authz]. AS MUST | specified in Section 3.2. of [I-D.ietf-ace-oauth-params]. The AS | |||
| also select a key identifier, that MUST be included as the 'kid' | MUST also select a key identifier, that MUST be included as the 'kid' | |||
| parameter either directly in the 'cnf' structure, as in figure 4 of | parameter of the COSE_key, as in figure 9 of | |||
| [I-D.ietf-ace-oauth-authz], or as the 'kid' parameter of the | [I-D.ietf-ace-oauth-authz]. | |||
| COSE_key, as in figure 6 of [I-D.ietf-ace-oauth-authz]. | ||||
| Figure 5 shows an example of the necessary parameters in the AS | Figure 5 shows an example of the necessary parameters in the AS | |||
| response to the access token request when EDHOC is used. The example | response to the access token request when EDHOC is used. The example | |||
| uses CBOR diagnostic notation without tag and value abbreviations. | uses CBOR diagnostic notation without tag and value abbreviations. | |||
| Header: Created (Code=2.01) | Header: Created (Code=2.01) | |||
| Content-Type: "application/cose+cbor" | Content-Type: "application/cose+cbor" | |||
| Payload: | Payload: | |||
| { | { | |||
| "access_token" : b64'SlAV32hkKG ... | "access_token" : b64'SlAV32hkKG ... | |||
| skipping to change at page 21, line 51 ¶ | skipping to change at page 23, line 51 ¶ | |||
| "kty" : "Symmetric", | "kty" : "Symmetric", | |||
| "kid" : b64'5tOS+h42dkw', | "kid" : b64'5tOS+h42dkw', | |||
| "k" : b64'+a+Dg2jjU+eIiOFCa9lObw' | "k" : b64'+a+Dg2jjU+eIiOFCa9lObw' | |||
| } | } | |||
| } | } | |||
| Figure 6: Example CWT with EDHOC+OSCORE, symmetric case. | Figure 6: Example CWT with EDHOC+OSCORE, symmetric case. | |||
| All other parameters defining OSCORE security context are derived | All other parameters defining OSCORE security context are derived | |||
| from EDHOC message exchange, including the master secret (see | from EDHOC message exchange, including the master secret (see | |||
| Appendix C.2 of [I-D.selander-ace-cose-ecdhe]). | Appendix D.2 of [I-D.selander-ace-cose-ecdhe]). | |||
| B.3. Processing | B.3. Processing | |||
| To provide forward secrecy and mutual authentication in the case of | To provide forward secrecy and mutual authentication in the case of | |||
| pre-shared keys, pre-established raw public keys or with X.509 | pre-shared keys, pre-established raw public keys or with X.509 | |||
| certificates it is RECOMMENDED to use EDHOC | certificates it is RECOMMENDED to use EDHOC | |||
| [I-D.selander-ace-cose-ecdhe] to generate the keying material. EDHOC | [I-D.selander-ace-cose-ecdhe] to generate the keying material. EDHOC | |||
| MUST be used as defined in Appendix C of | MUST be used as defined in Appendix D of | |||
| [I-D.selander-ace-cose-ecdhe], with the following additions and | [I-D.selander-ace-cose-ecdhe], with the following additions and | |||
| modifications. | modifications. | |||
| The first EDHOC message is sent after the access token is posted to | The first EDHOC message is sent after the access token is posted to | |||
| the /authz-info resource of the RS as specified in Section 5.8.1 of | the /authz-info resource of the RS as specified in Section 5.8.1 of | |||
| [I-D.ietf-ace-oauth-authz]. Then the EDHOC message_1 is sent and the | [I-D.ietf-ace-oauth-authz]. Then the EDHOC message_1 is sent and the | |||
| EDHOC protocol is initiated [I-D.selander-ace-cose-ecdhe]). | EDHOC protocol is initiated [I-D.selander-ace-cose-ecdhe]). | |||
| Before the RS continues with the EDHOC protocol and responds to this | Before the RS continues with the EDHOC protocol and responds to this | |||
| token submission request, additional verifications on the access | token submission request, additional verifications on the access | |||
| token are done: the RS SHALL process the access token according to | token are done: the RS SHALL process the access token according to | |||
| [I-D.ietf-ace-oauth-authz]. If the token is valid then the RS | [I-D.ietf-ace-oauth-authz]. If the token is valid then the RS | |||
| continues processing EDHOC following Appendix C of | continues processing EDHOC following Appendix D of | |||
| [I-D.selander-ace-cose-ecdhe], otherwise it discontinues EDHOC and | [I-D.selander-ace-cose-ecdhe], otherwise it discontinues EDHOC and | |||
| responds with the error code as specified in | responds with the error code as specified in | |||
| [I-D.ietf-ace-oauth-authz]. | [I-D.ietf-ace-oauth-authz]. | |||
| o In case the EDHOC verification fails, the RS MUST return an error | o In case the EDHOC verification fails, the RS MUST return an error | |||
| response to the client with code 4.01 (Unauthorized). | response to the client with code 4.01 (Unauthorized). | |||
| o If RS has an access token for C but not for the resource that C | o If RS has an access token for C but not for the resource that C | |||
| has requested, RS MUST reject the request with a 4.03 (Forbidden). | has requested, RS MUST reject the request with a 4.03 (Forbidden). | |||
| o If RS has an access token for C but it does not cover the action C | o If RS has an access token for C but it does not cover the action C | |||
| requested on the resource, RS MUST reject the request with a 4.05 | requested on the resource, RS MUST reject the request with a 4.05 | |||
| skipping to change at page 23, line 48 ¶ | skipping to change at page 25, line 48 ¶ | |||
| |<---------+ CoAP response + | |<---------+ CoAP response + | |||
| | OSCORE | Object-Security option | | OSCORE | Object-Security option | |||
| | response | | | response | | |||
| | | | | | | |||
| Figure 7: Access token and key establishment with EDHOC | Figure 7: Access token and key establishment with EDHOC | |||
| Acknowledgments | Acknowledgments | |||
| The authors wish to thank Jim Schaad and Marco Tiloca for the input | The authors wish to thank Jim Schaad and Marco Tiloca for the input | |||
| on this memo. The error responses specified in Appendix B.3 were | on this memo. | |||
| originally specified by Gerdes et al. in | ||||
| [I-D.gerdes-ace-dcaf-authorize]. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Francesca Palombini | ||||
| Ericsson AB | ||||
| Email: francesca.palombini@ericsson.com | ||||
| Ludwig Seitz | Ludwig Seitz | |||
| RISE SICS AB | RISE SICS AB | |||
| Scheelevagen 17 | Scheelevagen 17 | |||
| Lund 22370 | Lund 22370 | |||
| Sweden | Sweden | |||
| Email: ludwig.seitz@ri.se | Email: ludwig.seitz@ri.se | |||
| Francesca Palombini | Goeran Selander | |||
| Ericsson AB | Ericsson AB | |||
| Farogatan 6 | ||||
| Kista SE-16480 Stockholm | ||||
| Sweden | ||||
| Email: francesca.palombini@ericsson.com | Email: goran.selander@ericsson.com | |||
| Martin Gunnarsson | Martin Gunnarsson | |||
| RISE SICS AB | RISE SICS AB | |||
| Scheelevagen 17 | Scheelevagen 17 | |||
| Lund 22370 | Lund 22370 | |||
| Sweden | Sweden | |||
| Email: martin.gunnarsson@ri.se | Email: martin.gunnarsson@ri.se | |||
| Goeran Selander | ||||
| Ericsson AB | ||||
| Farogatan 6 | ||||
| Kista SE-16480 Stockholm | ||||
| Sweden | ||||
| Email: goran.selander@ericsson.com | ||||
| End of changes. 62 change blocks. | ||||
| 146 lines changed or deleted | 221 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||