| draft-ietf-ace-oscore-profile-09.txt | draft-ietf-ace-oscore-profile-10.txt | |||
|---|---|---|---|---|
| ACE Working Group F. Palombini | ACE Working Group F. Palombini | |||
| Internet-Draft Ericsson AB | Internet-Draft Ericsson AB | |||
| Intended status: Standards Track L. Seitz | Intended status: Standards Track L. Seitz | |||
| Expires: September 3, 2020 Combitech | Expires: September 10, 2020 Combitech | |||
| G. Selander | G. Selander | |||
| Ericsson AB | Ericsson AB | |||
| M. Gunnarsson | M. Gunnarsson | |||
| RISE | RISE | |||
| March 2, 2020 | March 9, 2020 | |||
| OSCORE profile of the Authentication and Authorization for Constrained | OSCORE profile of the Authentication and Authorization for Constrained | |||
| Environments Framework | Environments Framework | |||
| draft-ietf-ace-oscore-profile-09 | draft-ietf-ace-oscore-profile-10 | |||
| Abstract | Abstract | |||
| This memo specifies a profile for the Authentication and | This memo specifies a profile for the Authentication and | |||
| Authorization for Constrained Environments (ACE) framework. It | Authorization for Constrained Environments (ACE) framework. It | |||
| utilizes Object Security for Constrained RESTful Environments | utilizes Object Security for Constrained RESTful Environments | |||
| (OSCORE) to provide communication security, server authentication, | (OSCORE) to provide communication security, server authentication, | |||
| and proof-of-possession for a key owned by the client and bound to an | and proof-of-possession for a key owned by the client and bound to an | |||
| OAuth 2.0 access token. | OAuth 2.0 access token. | |||
| skipping to change at page 1, line 41 ¶ | skipping to change at page 1, line 41 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on September 3, 2020. | This Internet-Draft will expire on September 10, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2020 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3. Client-AS Communication . . . . . . . . . . . . . . . . . . . 6 | 3. Client-AS Communication . . . . . . . . . . . . . . . . . . . 6 | |||
| 3.1. C-to-AS: POST to token endpoint . . . . . . . . . . . . . 6 | 3.1. C-to-AS: POST to token endpoint . . . . . . . . . . . . . 6 | |||
| 3.2. AS-to-C: Access Token . . . . . . . . . . . . . . . . . . 8 | 3.2. AS-to-C: Access Token . . . . . . . . . . . . . . . . . . 8 | |||
| 3.2.1. OSCORE_Security_Context Object . . . . . . . . . . . 13 | 3.2.1. OSCORE_Security_Context Object . . . . . . . . . . . 13 | |||
| 4. Client-RS Communication . . . . . . . . . . . . . . . . . . . 16 | 4. Client-RS Communication . . . . . . . . . . . . . . . . . . . 16 | |||
| 4.1. C-to-RS: POST to authz-info endpoint . . . . . . . . . . 17 | 4.1. C-to-RS: POST to authz-info endpoint . . . . . . . . . . 17 | |||
| 4.1.1. The Nonce 1 Parameter . . . . . . . . . . . . . . . . 18 | ||||
| 4.2. RS-to-C: 2.01 (Created) . . . . . . . . . . . . . . . . . 18 | 4.2. RS-to-C: 2.01 (Created) . . . . . . . . . . . . . . . . . 18 | |||
| 4.2.1. The Nonce 2 Parameter . . . . . . . . . . . . . . . . 19 | ||||
| 4.3. OSCORE Setup . . . . . . . . . . . . . . . . . . . . . . 19 | 4.3. OSCORE Setup . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 4.4. Access rights verification . . . . . . . . . . . . . . . 21 | 4.4. Access rights verification . . . . . . . . . . . . . . . 21 | |||
| 5. Secure Communication with AS . . . . . . . . . . . . . . . . 21 | 5. Secure Communication with AS . . . . . . . . . . . . . . . . 21 | |||
| 6. Discarding the Security Context . . . . . . . . . . . . . . . 21 | 6. Discarding the Security Context . . . . . . . . . . . . . . . 21 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 22 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 22 | |||
| 8. Privacy Considerations . . . . . . . . . . . . . . . . . . . 23 | 8. Privacy Considerations . . . . . . . . . . . . . . . . . . . 23 | |||
| 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 | |||
| 9.1. ACE OAuth Profile Registry . . . . . . . . . . . . . . . 24 | 9.1. ACE OAuth Profile Registry . . . . . . . . . . . . . . . 24 | |||
| 9.2. OSCORE Security Context Parameters Registry . . . . . . . 24 | 9.2. OAuth Parameters Registry . . . . . . . . . . . . . . . . 24 | |||
| 9.3. CWT Confirmation Methods Registry . . . . . . . . . . . . 25 | 9.3. OAuth Parameters CBOR Mappings Registry . . . . . . . . . 24 | |||
| 9.4. JWT Confirmation Methods Registry . . . . . . . . . . . . 25 | 9.4. OSCORE Security Context Parameters Registry . . . . . . . 25 | |||
| 9.5. Expert Review Instructions . . . . . . . . . . . . . . . 25 | 9.5. CWT Confirmation Methods Registry . . . . . . . . . . . . 25 | |||
| 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 26 | 9.6. JWT Confirmation Methods Registry . . . . . . . . . . . . 26 | |||
| 10.1. Normative References . . . . . . . . . . . . . . . . . . 26 | 9.7. Expert Review Instructions . . . . . . . . . . . . . . . 26 | |||
| 10.2. Informative References . . . . . . . . . . . . . . . . . 27 | 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 27 | |||
| 10.1. Normative References . . . . . . . . . . . . . . . . . . 27 | ||||
| 10.2. Informative References . . . . . . . . . . . . . . . . . 28 | ||||
| Appendix A. Profile Requirements . . . . . . . . . . . . . . . . 28 | Appendix A. Profile Requirements . . . . . . . . . . . . . . . . 28 | |||
| Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 28 | Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 29 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 29 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 29 | |||
| 1. Introduction | 1. Introduction | |||
| This memo specifies a profile of the ACE framework | This memo specifies a profile of the ACE framework | |||
| [I-D.ietf-ace-oauth-authz]. In this profile, a client and a resource | [I-D.ietf-ace-oauth-authz]. In this profile, a client and a resource | |||
| server use CoAP [RFC7252] to communicate. The client uses an access | server use CoAP [RFC7252] to communicate. The client uses an access | |||
| token, bound to a key (the proof-of-possession key) to authorize its | token, bound to a key (the proof-of-possession key) to authorize its | |||
| access to the resource server. Note that this profile uses a | access to the resource server. Note that this profile uses a | |||
| symmetric-crypto-based scheme, where the symmetric secret is used as | symmetric-crypto-based scheme, where the symmetric secret is used as | |||
| skipping to change at page 9, line 11 ¶ | skipping to change at page 9, line 11 ¶ | |||
| context to run OSCORE. Usually it is assumed that constrained | context to run OSCORE. Usually it is assumed that constrained | |||
| devices will be pre-configured with the necessary profile, so that | devices will be pre-configured with the necessary profile, so that | |||
| this kind of profile negotiation can be omitted. | this kind of profile negotiation can be omitted. | |||
| Moreover, the AS MUST send the following data: | Moreover, the AS MUST send the following data: | |||
| o a master secret | o a master secret | |||
| o a server identifier | o a server identifier | |||
| o a client identifier | ||||
| Additionally, the AS MAY send the following data, in the same | Additionally, the AS MAY send the following data, in the same | |||
| response. | response. | |||
| o a client identifier | ||||
| o a context identifier | o a context identifier | |||
| o an AEAD algorithm | o an AEAD algorithm | |||
| o an HKDF algorithm | o an HKDF algorithm | |||
| o a salt | o a salt | |||
| o the OSCORE version number | o the OSCORE version number | |||
| The OSCORE_Security_Context is a CBOR map object, defined in | The OSCORE_Security_Context is a CBOR map object, defined in | |||
| Section 3.2.1. This object is transported in the 'cnf' parameter of | Section 3.2.1. This object is transported in the 'cnf' parameter of | |||
| the access token response as defined in Section 3.2 of | the access token response as defined in Section 3.2 of | |||
| [I-D.ietf-ace-oauth-params], as value of a field named 'osc' | [I-D.ietf-ace-oauth-params], as value of a field named 'osc' | |||
| registered in Section 9.3 and Section 9.4. The master secret MUST be | registered in Section 9.5 and Section 9.6. The master secret MUST be | |||
| communicated as the 'ms' field in the 'osc' field in the 'cnf' | communicated as the 'ms' field in the 'osc' field in the 'cnf' | |||
| parameter of the access token response as defined in Section 3.2 of | parameter of the access token response as defined in Section 3.2 of | |||
| [I-D.ietf-ace-oauth-params]. The AEAD algorithm may be included as | [I-D.ietf-ace-oauth-params]. The AEAD algorithm may be included as | |||
| the 'alg' parameter in the OSCORE_Security_Context; the HKDF | the 'alg' parameter in the OSCORE_Security_Context; the HKDF | |||
| algorithm may be included as the 'hkdf' parameter of the | algorithm may be included as the 'hkdf' parameter of the | |||
| OSCORE_Security_Context, a salt may be included as the 'salt' | OSCORE_Security_Context, a salt may be included as the 'salt' | |||
| parameter of the OSCORE_Security_Context, and the OSCORE version | parameter of the OSCORE_Security_Context, and the OSCORE version | |||
| number may be included as the 'version' parameter of the | number may be included as the 'version' parameter of the | |||
| OSCORE_Security_Context. | OSCORE_Security_Context. | |||
| The same parameters MUST be included as part of the access token. | The same parameters MUST be included as part of the access token. | |||
| This profile RECOMMENDS the use of CBOR web token (CWT) as specified | This profile RECOMMENDS the use of CBOR web token (CWT) as specified | |||
| in [RFC8392]. If the token is a CWT, the same | in [RFC8392]. If the token is a CWT, the same | |||
| OSCORE_Security_Context structure defined above MUST be placed in the | OSCORE_Security_Context structure defined above MUST be placed in the | |||
| 'osc' field of the 'cnf' claim of this token. The access token MUST | 'osc' field of the 'cnf' claim of this token. The access token MUST | |||
| be encrypted, since it will be transferred from the client to the RS | be encrypted, since it will be transferred from the client to the RS | |||
| over an unprotected channel. | over an unprotected channel. | |||
| The AS MUST also assign an identifier to the RS (serverId), MAY | The AS MUST also assign an identifier to the RS (serverId), and to | |||
| assign an identifier to the client (clientId), and MAY assign an | the client (clientId), and MAY assign an identifier to the context | |||
| identifier to the context (contextId). These identifiers are then | (contextId). These identifiers are then used as Sender ID, Recipient | |||
| used as Sender ID, Recipient ID and ID Context in the OSCORE context | ID and ID Context in the OSCORE context as described in section 3.1 | |||
| as described in section 3.1 of [RFC8613]. Applications need to | of [RFC8613]. Applications need to consider that these identifiers | |||
| consider that these identifiers are sent in the clear and may reveal | are sent in the clear and may reveal information about the endpoints, | |||
| information about the endpoints, as mentioned in section 12.8 of | as mentioned in section 12.8 of [RFC8613]. The pair (client | |||
| [RFC8613]. The pair (client identifier, context identifier) MUST be | identifier, context identifier) MUST be unique in the set of all | |||
| unique in the set of all clients for a single RS. Moreover, | clients for a single RS. Moreover, clientId, serverId and (when | |||
| clientId, serverId and (when assigned) contextId MUST be included in | assigned) contextId MUST be included in the OSCORE_Security_Context, | |||
| the OSCORE_Security_Context, as defined in Section 3.2.1. | as defined in Section 3.2.1. | |||
| We assume in this document that a resource is associated to one | We assume in this document that a resource is associated to one | |||
| single AS, which makes it possible for the AS to enforce uniqueness | single AS, which makes it possible for the AS to enforce uniqueness | |||
| of identifiers for each client requesting a particular resource to a | of identifiers for each client requesting a particular resource to a | |||
| RS. If this is not the case, collisions of identifiers may occur at | RS. If this is not the case, collisions of identifiers may occur at | |||
| the RS, in which case the RS needs to have a mechanism in place to | the RS, in which case the RS needs to have a mechanism in place to | |||
| disambiguate identifiers or mitigate the effect of the collisions. | disambiguate identifiers or mitigate the effect of the collisions. | |||
| Moreover, implementers of this specification need to be aware that if | ||||
| other authentication mechanisms are used to set up OSCORE between the | ||||
| same client and RS, that do not rely on AS assigning identifiers, | ||||
| collisions may happen and need to be mitigated. | ||||
| Note that in Section 4.3 C sets the Sender ID of its Security Context | Note that in Section 4.3 C sets the Sender ID of its Security Context | |||
| to the clientId value received and the Recipient ID to the serverId | to the clientId value received and the Recipient ID to the serverId | |||
| value, and RS does the opposite. | value, and RS does the opposite. | |||
| Figure 5 shows an example of an AS response, with payload in CBOR | Figure 5 shows an example of an AS response, with payload in CBOR | |||
| diagnostic notation without the tag and value abbreviations. The | diagnostic notation without the tag and value abbreviations. The | |||
| access token has been truncated for readability. | access token has been truncated for readability. | |||
| Header: Created (Code=2.01) | Header: Created (Code=2.01) | |||
| Content-Type: "application/ace+cbor" | Content-Type: "application/ace+cbor" | |||
| skipping to change at page 13, line 47 ¶ | skipping to change at page 13, line 47 ¶ | |||
| An OSCORE_Security_Context is an object that represents part or all | An OSCORE_Security_Context is an object that represents part or all | |||
| of an OSCORE Security Context, i.e., the local set of information | of an OSCORE Security Context, i.e., the local set of information | |||
| elements necessary to carry out the cryptographic operations in | elements necessary to carry out the cryptographic operations in | |||
| OSCORE (Section 3.1 of [RFC8613]). In particular, the | OSCORE (Section 3.1 of [RFC8613]). In particular, the | |||
| OSCORE_Security_Context object is defined to be serialized and | OSCORE_Security_Context object is defined to be serialized and | |||
| transported between nodes, as specified by this document, but can | transported between nodes, as specified by this document, but can | |||
| also be used in this way by other specifications if needed. The | also be used in this way by other specifications if needed. The | |||
| OSCORE_Security_Context object can either be encoded as a JSON object | OSCORE_Security_Context object can either be encoded as a JSON object | |||
| or as a CBOR map. The set of common parameters that can appear in an | or as a CBOR map. The set of common parameters that can appear in an | |||
| OSCORE_Security_Context object can be found in the IANA "OSCORE | OSCORE_Security_Context object can be found in the IANA "OSCORE | |||
| Security Context Parameters" registry (Section 9.2), defined for | Security Context Parameters" registry (Section 9.4), defined for | |||
| extensibility, and is specified below. All parameters are optional. | extensibility, and is specified below. All parameters are optional. | |||
| Table 1 provides a summary of the OSCORE_Security_Context parameters | Table 1 provides a summary of the OSCORE_Security_Context parameters | |||
| defined in this section. | defined in this section. | |||
| +-----------+-------+----------------+--------------+---------------+ | +-----------+-------+----------------+--------------+---------------+ | |||
| | name | CBOR | CBOR type | registry | description | | | name | CBOR | CBOR type | registry | description | | |||
| | | label | | | | | | | label | | | | | |||
| +-----------+-------+----------------+--------------+---------------+ | +-----------+-------+----------------+--------------+---------------+ | |||
| | version | 0 | int | | OSCORE | | | version | 0 | int | | OSCORE | | |||
| | | | | | Version | | | | | | | Version | | |||
| skipping to change at page 17, line 29 ¶ | skipping to change at page 17, line 29 ¶ | |||
| described in section 5.8.1 of [I-D.ietf-ace-oauth-authz] to transport | described in section 5.8.1 of [I-D.ietf-ace-oauth-authz] to transport | |||
| the token and N1 to the RS. | the token and N1 to the RS. | |||
| Note that the use of the payload and the Content-Format is different | Note that the use of the payload and the Content-Format is different | |||
| from what described in section 5.8.1 of [I-D.ietf-ace-oauth-authz], | from what described in section 5.8.1 of [I-D.ietf-ace-oauth-authz], | |||
| which only transports the token without any CBOR wrapping. In this | which only transports the token without any CBOR wrapping. In this | |||
| profile, the client MUST wrap the token and N1 in a CBOR map. The | profile, the client MUST wrap the token and N1 in a CBOR map. The | |||
| client MUST use the Content-Format "application/ace+cbor" defined in | client MUST use the Content-Format "application/ace+cbor" defined in | |||
| section 8.14 of [I-D.ietf-ace-oauth-authz]. The client MUST include | section 8.14 of [I-D.ietf-ace-oauth-authz]. The client MUST include | |||
| the access token using the correct CBOR label (e.g., "cwt" for CWT, | the access token using the correct CBOR label (e.g., "cwt" for CWT, | |||
| "jwt" for JWT) and N1 using the 'cnonce' parameter defined in section | "jwt" for JWT) and N1 using the 'nonce1' parameter defined in | |||
| 5.1.2 of [I-D.ietf-ace-oauth-authz]. | Section 4.1.1. | |||
| The authz-info endpoint is not protected, nor are the responses from | The authz-info endpoint is not protected, nor are the responses from | |||
| this resource. | this resource. | |||
| The access token MUST be encrypted, since it is transferred from the | The access token MUST be encrypted, since it is transferred from the | |||
| client to the RS over an unprotected channel. | client to the RS over an unprotected channel. | |||
| Note that a client may be required to re-POST the access token in | Note that a client may be required to re-POST the access token in | |||
| order to complete a request, since an RS may delete a stored access | order to complete a request, since an RS may delete a stored access | |||
| token at any time, for example due to all storage space being | token at any time, for example due to all storage space being | |||
| skipping to change at page 18, line 13 ¶ | skipping to change at page 18, line 13 ¶ | |||
| readability. | readability. | |||
| Header: POST (Code=0.02) | Header: POST (Code=0.02) | |||
| Uri-Host: "rs.example.com" | Uri-Host: "rs.example.com" | |||
| Uri-Path: "authz-info" | Uri-Path: "authz-info" | |||
| Content-Format: "application/ace+cbor" | Content-Format: "application/ace+cbor" | |||
| Payload: | Payload: | |||
| { | { | |||
| "access_token": h'a5037674656d7053656e73 ... | "access_token": h'a5037674656d7053656e73 ... | |||
| (remainder of access token (CWT) omitted for brevity)', | (remainder of access token (CWT) omitted for brevity)', | |||
| "cnonce": h'018a278f7faab55a' | "nonce1": h'018a278f7faab55a' | |||
| } | } | |||
| Figure 11: Example C-to-RS POST /authz-info request using CWT | Figure 11: Example C-to-RS POST /authz-info request using CWT | |||
| 4.1.1. The Nonce 1 Parameter | ||||
| This parameter MUST be sent from the client to the RS, together with | ||||
| the access token, if the ace profile used is coap_oscore. The | ||||
| parameter is encoded as a byte string for CBOR-based interactions, | ||||
| and as a string (Base64 encoded binary) for JSON-based interactions. | ||||
| This parameter is registered in Section 9.2. | ||||
| 4.2. RS-to-C: 2.01 (Created) | 4.2. RS-to-C: 2.01 (Created) | |||
| The RS MUST follow the procedures defined in section 5.8.1 of | The RS MUST follow the procedures defined in section 5.8.1 of | |||
| [I-D.ietf-ace-oauth-authz]: the RS must verify the validity of the | [I-D.ietf-ace-oauth-authz]: the RS must verify the validity of the | |||
| token. If the token is valid, the RS must respond to the POST | token. If the token is valid, the RS must respond to the POST | |||
| request with 2.01 (Created). If the token is valid but is associated | request with 2.01 (Created). If the token is valid but is associated | |||
| to claims that the RS cannot process (e.g., an unknown scope), or if | to claims that the RS cannot process (e.g., an unknown scope), or if | |||
| any of the expected parameters in the 'osc' is missing (e.g., any of | any of the expected parameters in the 'osc' is missing (e.g., any of | |||
| the mandatory parameters from the AS), or if any parameters received | the mandatory parameters from the AS), or if any parameters received | |||
| in the 'osc' is unrecognized, the RS must respond with an error | in the 'osc' is unrecognized, the RS must respond with an error | |||
| response code equivalent to the CoAP code 4.00 (Bad Request). In the | response code equivalent to the CoAP code 4.00 (Bad Request). In the | |||
| latter two cases, the RS may provide additional information in the | latter two cases, the RS may provide additional information in the | |||
| error response, in order to clarify what went wrong. The RS may make | error response, in order to clarify what went wrong. The RS may make | |||
| an introspection request to validate the token before responding to | an introspection request to validate the token before responding to | |||
| the POST request to the authz-info endpoint. | the POST request to the authz-info endpoint. | |||
| Additionally, the RS MUST generate a nonce N2 very unlikely to have | Additionally, the RS MUST generate a nonce N2 very unlikely to have | |||
| been previously used with the same input keying material, and send it | been previously used with the same input keying material, and send it | |||
| within the 2.01 (Created) response. The payload of the 2.01 | within the 2.01 (Created) response. The payload of the 2.01 | |||
| (Created) response MUST be a CBOR map containing the 'cnonce' | (Created) response MUST be a CBOR map containing the 'nonce2' | |||
| parameter defined in section 5.1.2 of [I-D.ietf-ace-oauth-authz], set | parameter defined in Section 4.2.1, set to N2. This profile | |||
| to N2. This profile RECOMMENDS to use a 64-bit long random number as | RECOMMENDS to use a 64-bit long random number as nonce's value. The | |||
| nonce's value. Moreover, if the 'osc' field in the token did not | RS MUST use the Content-Format "application/ace+cbor" defined in | |||
| contain a 'clientId' parameter, the RS MUST generate an identifier, | section 8.14 of [I-D.ietf-ace-oauth-authz]. | |||
| unique in the set of all its existing client identifiers, and send it | ||||
| in a 'clientId' parameter in the CBOR map as a CBOR bstr. The RS MAY | ||||
| generate and send a 'ClientId' identifier even though the 'osc' field | ||||
| contained such a parameter, in order to guarantee the uniqueness of | ||||
| the client identifier. The RS MUST use the Content-Format | ||||
| "application/ace+cbor" defined in section 8.14 of | ||||
| [I-D.ietf-ace-oauth-authz]. | ||||
| Figure 12 shows an example of the response sent from the RS to the | Figure 12 shows an example of the response sent from the RS to the | |||
| client, with payload in CBOR diagnostic notation without the tag and | client, with payload in CBOR diagnostic notation without the tag and | |||
| value abbreviations. | value abbreviations. | |||
| Header: Created (Code=2.01) | Header: Created (Code=2.01) | |||
| Content-Format: "application/ace+cbor" | Content-Format: "application/ace+cbor" | |||
| Payload: | Payload: | |||
| { | { | |||
| "cnonce": h'25a8991cd700ac01' | "nonce2": h'25a8991cd700ac01' | |||
| } | } | |||
| Figure 12: Example RS-to-C 2.01 (Created) response | Figure 12: Example RS-to-C 2.01 (Created) response | |||
| As specified in section 5.8.1 of [I-D.ietf-ace-oauth-authz], when | As specified in section 5.8.1 of [I-D.ietf-ace-oauth-authz], when | |||
| receiving an updated access token with updated authorization | receiving an updated access token with updated authorization | |||
| information from the client (see Section 3.1), it is recommended that | information from the client (see Section 3.1), it is recommended that | |||
| the RS overwrites the previous token, that is only the latest | the RS overwrites the previous token, that is only the latest | |||
| authorization information in the token received by the RS is valid. | authorization information in the token received by the RS is valid. | |||
| This simplifies for the RS to keep track of authorization information | This simplifies for the RS to keep track of authorization information | |||
| for a given client. | for a given client. | |||
| As specified in section 5.8.3 of [I-D.ietf-ace-oauth-authz], the RS | As specified in section 5.8.3 of [I-D.ietf-ace-oauth-authz], the RS | |||
| must notify the client with an error response with code 4.01 | must notify the client with an error response with code 4.01 | |||
| (Unauthorized) for any long running request before terminating the | (Unauthorized) for any long running request before terminating the | |||
| session, when the access token expires. | session, when the access token expires. | |||
| 4.2.1. The Nonce 2 Parameter | ||||
| This parameter MUST be sent from the RS to the Client if the ace | ||||
| profile used is coap_oscore. The parameter is encoded as a byte | ||||
| string for CBOR-based interactions, and as a string (Base64 encoded | ||||
| binary) for JSON-based interactions. This parameter is registered in | ||||
| Section 9.2 | ||||
| 4.3. OSCORE Setup | 4.3. OSCORE Setup | |||
| Once receiving the 2.01 (Created) response from the RS, following the | Once receiving the 2.01 (Created) response from the RS, following the | |||
| POST request to authz-info endpoint, the client MUST extract the CBOR | POST request to authz-info endpoint, the client MUST extract the CBOR | |||
| bstr nonce N2 from the 'cnonce' parameter and the client identifier | bstr nonce N2 from the 'nonce2' parameter in the CBOR map in the | |||
| from the 'clientId' in the CBOR map in the payload of the response. | payload of the response. Then, the client MUST set the Master Salt | |||
| Then, the client MUST set the Master Salt of the Security Context | of the Security Context created to communicate with the RS to the | |||
| created to communicate with the RS to the concatenation of salt, N1, | concatenation of salt, N1, and N2, in this order: Master Salt = | |||
| and N2, in this order: Master Salt = salt | N1 | N2, where | denotes | salt | N1 | N2, where | denotes byte string concatenation, where salt | |||
| byte string concatenation, where salt was received from the AS in | was received from the AS in Section 3.2, and where N1 and N2 are the | |||
| Section 3.2, and where N1 and N2 are the two nonces encoded as CBOR | two nonces encoded as CBOR bstr. The client MUST set the Master | |||
| bstr. The client MUST set the Master Secret and Recipient ID from | Secret, Sender ID and Recipient ID from the parameters received from | |||
| the parameters received from the AS in Section 3.2. The client MUST | the AS in Section 3.2. The client MUST set the AEAD Algorithm, ID | |||
| set the AEAD Algorithm, ID Context, HKDF, and OSCORE Version from the | Context, HKDF, and OSCORE Version from the parameters received from | |||
| parameters received from the AS in Section 3.2, if present. In case | the AS in Section 3.2, if present. In case these parameters are | |||
| these parameters are omitted, the default values are used as | omitted, the default values are used as described in sections 3.2 and | |||
| described in sections 3.2 and 5.4 of [RFC8613]. The client MUST set | 5.4 of [RFC8613]. After that, the client MUST derive the complete | |||
| the Sender ID from the 'clientId in the 2.01 (Created) response, if | Security Context following section 3.2.1 of [RFC8613]. From this | |||
| present; otherwise, the client MUST set the Sender ID from the | point on, the client MUST use this Security Context to communicate | |||
| parameters received from the AS in Section 3.2. After that, the | with the RS when accessing the resources as specified by the | |||
| client MUST derive the complete Security Context following section | authorization information. | |||
| 3.2.1 of [RFC8613]. From this point on, the client MUST use this | ||||
| Security Context to communicate with the RS when accessing the | ||||
| resources as specified by the authorization information. | ||||
| If any of the expected parameters is missing (e.g., any of the | If any of the expected parameters is missing (e.g., any of the | |||
| mandatory parameters from the AS, or the 'clientId', either received | mandatory parameters from the AS, the client MUST stop the exchange, | |||
| from the AS or in the 2.01 (Created) response from the RS), the | and MUST NOT derive the Security Context. The client MAY restart the | |||
| client MUST stop the exchange, and MUST NOT derive the Security | exchange, to get the correct security material. | |||
| Context. The client MAY restart the exchange, to get the correct | ||||
| security material. | ||||
| The client then uses this Security Context to send requests to RS | The client then uses this Security Context to send requests to RS | |||
| using OSCORE. | using OSCORE. | |||
| After sending the 2.01 (Created) response, the RS MUST set the Master | After sending the 2.01 (Created) response, the RS MUST set the Master | |||
| Salt of the Security Context created to communicate with the client | Salt of the Security Context created to communicate with the client | |||
| to the concatenation of salt, N1, and N2, in this order: Master Salt | to the concatenation of salt, N1, and N2, in this order: Master Salt | |||
| = salt | N1 | N2, where | denotes byte string concatenation, where | = salt | N1 | N2, where | denotes byte string concatenation, where | |||
| salt was received from the AS in Section 4.2, and where N1 and N2 are | salt was received from the AS in Section 4.2, and where N1 and N2 are | |||
| the two nonces encoded as CBOR bstr. The RS MUST set the Master | the two nonces encoded as CBOR bstr. The RS MUST set the Master | |||
| skipping to change at page 20, line 49 ¶ | skipping to change at page 21, line 4 ¶ | |||
| responses are used, as specified in section 8 of [RFC8613]. | responses are used, as specified in section 8 of [RFC8613]. | |||
| Additionally, if OSCORE verification succeeds, the verification of | Additionally, if OSCORE verification succeeds, the verification of | |||
| access rights is performed as described in section Section 4.4. The | access rights is performed as described in section Section 4.4. The | |||
| RS MUST NOT use the Security Context after the related token has | RS MUST NOT use the Security Context after the related token has | |||
| expired, and MUST respond with a unprotected 4.01 (Unauthorized) | expired, and MUST respond with a unprotected 4.01 (Unauthorized) | |||
| error message to requests received that correspond to a Security | error message to requests received that correspond to a Security | |||
| Context with an expired token. | Context with an expired token. | |||
| If the exchange was an update of access rights, i.e., a new Security | If the exchange was an update of access rights, i.e., a new Security | |||
| Context was derived from a client that already had a Security Context | Context was derived from a client that already had a Security Context | |||
| in place, the is RECOMMENDED to delete the old Security Context after | in place, the RS is RECOMMENDED to delete the old Security Context | |||
| OSCORE verification and verification of access rights succeed. The | after OSCORE verification and verification of access rights succeed. | |||
| RS MUST delete the Security Context if it deletes the access token | The RS MUST delete the Security Context if it deletes the access | |||
| associated to it. | token associated to it. | |||
| 4.4. Access rights verification | 4.4. Access rights verification | |||
| The RS MUST follow the procedures defined in section 5.8.2 of | The RS MUST follow the procedures defined in section 5.8.2 of | |||
| [I-D.ietf-ace-oauth-authz]: if an RS receives an OSCORE-protected | [I-D.ietf-ace-oauth-authz]: if an RS receives an OSCORE-protected | |||
| request from a client, then the RS processes it according to | request from a client, then the RS processes it according to | |||
| [RFC8613]. If OSCORE verification succeeds, and the target resource | [RFC8613]. If OSCORE verification succeeds, and the target resource | |||
| requires authorization, the RS retrieves the authorization | requires authorization, the RS retrieves the authorization | |||
| information using the access token associated to the Security | information using the access token associated to the Security | |||
| Context. The RS then must verify that the authorization information | Context. The RS then must verify that the authorization information | |||
| skipping to change at page 24, line 25 ¶ | skipping to change at page 24, line 25 ¶ | |||
| [I-D.ietf-ace-oauth-authz]: | [I-D.ietf-ace-oauth-authz]: | |||
| o Profile name: coap_oscore | o Profile name: coap_oscore | |||
| o Profile Description: Profile for using OSCORE to secure | o Profile Description: Profile for using OSCORE to secure | |||
| communication between constrained nodes using the Authentication | communication between constrained nodes using the Authentication | |||
| and Authorization for Constrained Environments framework. | and Authorization for Constrained Environments framework. | |||
| o Profile ID: TBD (value between 1 and 255) | o Profile ID: TBD (value between 1 and 255) | |||
| o Change Controller: IESG | o Change Controller: IESG | |||
| o Specification Document(s): [[this specification]] | o Specification Document(s): [[this specification]] | |||
| 9.2. OSCORE Security Context Parameters Registry | 9.2. OAuth Parameters Registry | |||
| The following registrations are done for the OAuth Parameters | ||||
| Registry following the procedure specified in section 11.2 of | ||||
| [RFC6749]: | ||||
| o Parameter name: nonce1 | ||||
| o Parameter usage location: token request | ||||
| o Change Controller: IESG | ||||
| o Specification Document(s): [[this specification]] | ||||
| o Parameter name: nonce2 | ||||
| o Parameter usage location: token response | ||||
| o Change Controller: IESG | ||||
| o Specification Document(s): [[this specification]] | ||||
| 9.3. OAuth Parameters CBOR Mappings Registry | ||||
| The following registrations are done for the OAuth Parameters CBOR | ||||
| Mappings Registry following the procedure specified in section 8.9 of | ||||
| [I-D.ietf-ace-oauth-authz]: | ||||
| o Name: nonce1 | ||||
| o CBOR Key: TBD1 | ||||
| o Value Type: bstr | ||||
| o Reference: [[this specification]] | ||||
| o Name: nonce2 | ||||
| o CBOR Key: TBD2 | ||||
| o Value Type: IESG | ||||
| o Reference: [[this specification]] | ||||
| 9.4. OSCORE Security Context Parameters Registry | ||||
| It is requested that IANA create a new registry entitled "OSCORE | It is requested that IANA create a new registry entitled "OSCORE | |||
| Security Context Parameters" registry. The registry is to be created | Security Context Parameters" registry. The registry is to be created | |||
| as Expert Review Required. Guidelines for the experts is provided | as Expert Review Required. Guidelines for the experts is provided | |||
| Section 9.5. It should be noted that in addition to the expert | Section 9.7. It should be noted that in addition to the expert | |||
| review, some portions of the registry require a specification, | review, some portions of the registry require a specification, | |||
| potentially on standards track, be supplied as well. | potentially on standards track, be supplied as well. | |||
| The columns of the registry are: | The columns of the registry are: | |||
| name The JSON name requested (e.g., "ms"). Because a core goal of | name The JSON name requested (e.g., "ms"). Because a core goal of | |||
| this specification is for the resulting representations to be | this specification is for the resulting representations to be | |||
| compact, it is RECOMMENDED that the name be short. This name is | compact, it is RECOMMENDED that the name be short. This name is | |||
| case sensitive. Names may not match other registered names in a | case sensitive. Names may not match other registered names in a | |||
| case-insensitive manner unless the Designated Experts determine | case-insensitive manner unless the Designated Experts determine | |||
| skipping to change at page 25, line 15 ¶ | skipping to change at page 25, line 46 ¶ | |||
| registry This field denotes the registry that values may come from, | registry This field denotes the registry that values may come from, | |||
| if one exists. | if one exists. | |||
| description This field contains a brief description for the field. | description This field contains a brief description for the field. | |||
| specification This contains a pointer to the public specification | specification This contains a pointer to the public specification | |||
| for the field if one exists | for the field if one exists | |||
| This registry will be initially populated by the values in Table 1. | This registry will be initially populated by the values in Table 1. | |||
| The specification column for all of these entries will be this | The specification column for all of these entries will be this | |||
| document and [RFC8613]. | document and [RFC8613]. | |||
| 9.3. CWT Confirmation Methods Registry | 9.5. CWT Confirmation Methods Registry | |||
| The following registration is done for the CWT Confirmation Methods | The following registration is done for the CWT Confirmation Methods | |||
| Registry following the procedure specified in section 7.2.1 of | Registry following the procedure specified in section 7.2.1 of | |||
| [I-D.ietf-ace-cwt-proof-of-possession]: | [I-D.ietf-ace-cwt-proof-of-possession]: | |||
| o Confirmation Method Name: "osc" | o Confirmation Method Name: "osc" | |||
| o Confirmation Method Description: OSCORE_Security_Context carrying | o Confirmation Method Description: OSCORE_Security_Context carrying | |||
| the parameters for using OSCORE per-message security with implicit | the parameters for using OSCORE per-message security with implicit | |||
| key confirmation | key confirmation | |||
| o Confirmation Key: TBD (value between 4 and 255) | o Confirmation Key: TBD (value between 4 and 255) | |||
| o Confirmation Value Type(s): map | o Confirmation Value Type(s): map | |||
| o Change Controller: IESG | o Change Controller: IESG | |||
| o Specification Document(s): Section 3.2.1 of [[this specification]] | o Specification Document(s): Section 3.2.1 of [[this specification]] | |||
| 9.4. JWT Confirmation Methods Registry | 9.6. JWT Confirmation Methods Registry | |||
| The following registration is done for the JWT Confirmation Methods | The following registration is done for the JWT Confirmation Methods | |||
| Registry following the procedure specified in section 6.2.1 of | Registry following the procedure specified in section 6.2.1 of | |||
| [RFC7800]: | [RFC7800]: | |||
| o Confirmation Method Value: "osc" | o Confirmation Method Value: "osc" | |||
| o Confirmation Method Description: OSCORE_Security_Context carrying | o Confirmation Method Description: OSCORE_Security_Context carrying | |||
| the parameters for using OSCORE per-message security with implicit | the parameters for using OSCORE per-message security with implicit | |||
| key confirmation | key confirmation | |||
| o Change Controller: IESG | o Change Controller: IESG | |||
| o Specification Document(s): Section 3.2.1 of [[this specification]] | o Specification Document(s): Section 3.2.1 of [[this specification]] | |||
| 9.5. Expert Review Instructions | 9.7. Expert Review Instructions | |||
| The IANA registry established in this document is defined to use the | The IANA registry established in this document is defined to use the | |||
| Expert Review registration policy. This section gives some general | Expert Review registration policy. This section gives some general | |||
| guidelines for what the experts should be looking for, but they are | guidelines for what the experts should be looking for, but they are | |||
| being designated as experts for a reason so they should be given | being designated as experts for a reason so they should be given | |||
| substantial latitude. | substantial latitude. | |||
| Expert reviewers should take into consideration the following points: | Expert reviewers should take into consideration the following points: | |||
| o Point squatting should be discouraged. Reviewers are encouraged | o Point squatting should be discouraged. Reviewers are encouraged | |||
| End of changes. 29 change blocks. | ||||
| 78 lines changed or deleted | 123 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||