posted Mar 3, 2014, 3:48 AM by Corinna Schmitt
[
updated Jul 21, 2014, 7:47 AM
]
UZH is involed in standardization activity by IETF. Currently two drafts are published: - DTLS-based Security with two-way Authentication for IoT
- X.509 Public Key Infrastructure Certificates for the Constrained Application Protocol (CoAP)
Both drafts are linked to the working group Authentication and Authorization for Constrained Environments (ACE) that will have its BoF on upcoming Wednesday (March 5th, 2014) at IETF 89. The ACE WG has the following tasks:
- Document the use cases and high-level requirements for secured communication between constrained devices.
- Define profiles for encoding authentication and authorization data.
- Document design criteria for the required
security protocols with respect to resource usage (RAM, message round
trips, power consumption etc.).
- Define a mechanism for authenticated and
protected transfer of authorization information suitable for constrained
environments, and taking into account expiry/revocation.
- Define formats for access tokens and for authorization information that are suitable for constrained devices.
- Define bootstrapping for authorization information using the Resource Directory.
Further information about the charter and the linked Internet drafts can be found here: http://trac.tools.ietf.org/wg/core/trac/wiki/ACE_charter |
|
