UZH attended the IETF 90 organized by ERICSSON in Toronto, Ontario, Canada in July 20-25, 2014 as part of WP5 external liaison with FLAMINGO.

UZH was activly involved in organization of presentations during the first official "Authentication and Authorization for Constraint Environments" (ACE) working group (WG) meeting chaired by Hannes Tschofenig and Li Kepeng.

In order to present the community the current work and outcomes of the interim meeting in Stockholm in June 2014 the following presentations were done:

• Problem Description
• Use Cases & Design Patterns
• Design Considerations (presented by UZH)
  
• Cross-domain Support

The discussion outcome for the first presentation can be summarized to the following points: Most of the discussions were about different models: Pull model, Push model, Agent model, Push and Confirm model. Different models can apply to different use cases. WG ACE needs to analyze the use cases to see which model(s) to choose.
The discussion after second presentation can be summarized to the following points: There was discussion that there may be multiple authorization servers, and WG ACE needs to consider the case to change authorization servers. There was discussion that client joining network process should be out of scope at the moment. Hannes Tschofenig mentioned that WG ACE had already called for adoption for use case draft. Three volunteers were identified to review the draft and provide feedback in the mailing list.
UZH presentation entitled "Design Considerations" included aspects of the same entitled drafts and all existing solution drafts, where the draft by UZH is grouped at the moment, did the third presentation. It was discussed that WG ACE should not be scared about asymmetric key, and also we don't force on asymmetric key. It was also discussed that WG ACE should not narrow down to either one of the two mechanisms (symmetric key vs. asymmetric key), different environments require different mechanisms. Finally, it was agreed on the fact that WG ACE needs to get more data to make decision about symmetric key and/or asymmetric key. Furthermore, the community pointed out that it is essential to look on task order: First decide for special use-case, followed by decision on supported security levels and request, and finally select hardware, software, and solution.
The last presentation focused on naming and terminology exported from WG OAuth. It was discussed that WG ACE should consider legacy devices, and consider proxy support.

In total the audience (around 70 people from industry and university) was very active in discussion and pointed out interesting new aspects to look on and supported the core team of ACE not to limited the current ideas and to support a framework development for symmetric and asymmetric cryptography. Also it was mentioned to think about more resource-rich devices (e.g., bigger than class 2), which is very positive for UZH activity and draft development.

Further information about ACE: Datatracker ACE
IETF Draft by UZH: Two-way Authentication for IoT