draft-ietf-ace-usecases-08.txt   draft-ietf-ace-usecases-09.txt 
skipping to change at page 1, line 16 skipping to change at page 1, line 16
Expires: April 9, 2016 Universitaet Bremen TZI Expires: April 9, 2016 Universitaet Bremen TZI
G. Selander G. Selander
Ericsson Ericsson
M. Mani M. Mani
Itron Itron
S. Kumar S. Kumar
Philips Research Philips Research
October 07, 2015 October 07, 2015
ACE use cases ACE use cases
draft-ietf-ace-usecases-08 draft-ietf-ace-usecases-09
Abstract Abstract
Constrained devices are nodes with limited processing power, storage Constrained devices are nodes with limited processing power, storage
space and transmission capacities. These devices in many cases do space and transmission capacities. These devices in many cases do
not provide user interfaces and are often intended to interact not provide user interfaces and are often intended to interact
without human intervention. without human intervention.
This document includes a collection of representative use cases for This document includes a collection of representative use cases for
authentication and authorization in constrained environments. These authentication and authorization in constrained environments. These
skipping to change at page 26, line 47 skipping to change at page 26, line 47
3.4. Proxies 3.4. Proxies
In some cases, the traffic between endpoints might go through In some cases, the traffic between endpoints might go through
intermediary nodes (e.g. proxies, gateways). This might affect the intermediary nodes (e.g. proxies, gateways). This might affect the
function or the security model of authentication and access control function or the security model of authentication and access control
protocols e.g. end-to-end security between endpoints with DTLS might protocols e.g. end-to-end security between endpoints with DTLS might
not be possible (see Section 2.5). not be possible (see Section 2.5).
4. Privacy Considerations 4. Privacy Considerations
Many of the devices that are in focus of this document register data The constrained devices in focus of this document collect data from
from the physical world (sensors) or affect processes in the physical the physical world via sensors or affect their surrounding via
world (actuators), which may involve data or processes belonging to actuators. The collected and processed data often can be associated
individuals. To make matters worse the sensor data may be recorded with individuals. Since sensor data may be collected and distributed
continuously thus allowing to gather significant information about an on a regular interval a significant amount of information about an
individual subject through the sensor readings. Therefore privacy individual can be collected and used as input to learning algorithms
protection is especially important, and Authentication and Access as part of big data analysis and used in an automated decision making
control are important tools for this, since they make it possible to process.
control who gets access to private data.
Privacy protection can also be weighted in when evaluating the need
for end-to-end confidentiality, since otherwise intermediary nodes
will learn the content of potentially sensitive messages sent between
endpoints and thereby threaten the privacy of the individual that may
be subject of this data.
In some cases, even the possession of a certain type of device can be Offering privacy protection for individuals is important to guarantee
confidential, e.g. individuals might not want to others to know that that only authorized entities are allowed to access collected data
they are wearing a certain medical device (see Section 2.3). and to trigger actions, to obtain consent prior to the sharing of
data, and to deal with other privacy-related threats outlined in RFC
6973.
The personal health monitoring use case (see Section 2.3) indicates RFC 6973 was written as guidance for engineers designing technical
the need for secure audit logs which impose specific requirements on solutions. For a short description about the deployment-related
a solution. aspects of privacy and further references relevant for the Internet
Auditing is not in the scope of ACE. However, if an authorization of Things sector please read Section 7 of RFC 7452.
solution provides means for audit logs, it must consider the impact
of logged data for the privacy of all parties involved. Suitable
measures for protecting and purging the logs must be taken during
operation, maintenance and decommissioning of the device.
5. Acknowledgments 5. Acknowledgments
The authors would like to thank Olaf Bergmann, Sumit Singhal, John The authors would like to thank Olaf Bergmann, Sumit Singhal, John
Mattson, Mohit Sethi, Carsten Bormann, Martin Murillo, Corinna Mattson, Mohit Sethi, Carsten Bormann, Martin Murillo, Corinna
Schmitt, Hannes Tschofenig, Erik Wahlstroem, Andreas Baeckman, Samuel Schmitt, Hannes Tschofenig, Erik Wahlstroem, Andreas Baeckman, Samuel
Erdtman, Steve Moore, Thomas Hardjono, Kepeng Li, Jim Schaad, Erdtman, Steve Moore, Thomas Hardjono, Kepeng Li, Jim Schaad,
Prashant Jhingran, Kathleen Moriarty, and Sean Turner for reviewing Prashant Jhingran, Kathleen Moriarty, and Sean Turner for reviewing
and/or contributing to the document. Also, thanks to Markus Becker, and/or contributing to the document. Also, thanks to Markus Becker,
Thomas Poetsch and Koojana Kuladinithi for their input on the Thomas Poetsch and Koojana Kuladinithi for their input on the
 End of changes. 4 change blocks. 
27 lines changed or deleted 18 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/