| rfc9594v4.txt | rfc9594.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) F. Palombini | Internet Engineering Task Force (IETF) F. Palombini | |||
| Request for Comments: 9594 Ericsson AB | Request for Comments: 9594 Ericsson AB | |||
| Category: Standards Track M. Tiloca | Category: Standards Track M. Tiloca | |||
| ISSN: 2070-1721 RISE AB | ISSN: 2070-1721 RISE AB | |||
| July 2024 | August 2024 | |||
| Key Provisioning for Group Communication Using Authentication and | Key Provisioning for Group Communication Using Authentication and | |||
| Authorization for Constrained Environments (ACE) | Authorization for Constrained Environments (ACE) | |||
| Abstract | Abstract | |||
| This document defines how to use the Authentication and Authorization | This document defines how to use the Authentication and Authorization | |||
| for Constrained Environments (ACE) framework to distribute keying | for Constrained Environments (ACE) framework to distribute keying | |||
| material and configuration parameters for secure group communication. | material and configuration parameters for secure group communication. | |||
| Candidate group members that act as Clients and are authorized to | Candidate group members that act as Clients and are authorized to | |||
| skipping to change at line 1318 ¶ | skipping to change at line 1318 ¶ | |||
| Response: | Response: | |||
| Header: Service Unavailable (Code=5.03) | Header: Service Unavailable (Code=5.03) | |||
| Content-Format: application/concise-problem-details+cbor | Content-Format: application/concise-problem-details+cbor | |||
| Payload: | Payload: | |||
| { | { | |||
| / title / -1: "No available node identifiers", | / title / -1: "No available node identifiers", | |||
| / detail / -2: "Things will change after a | / detail / -2: "Things will change after a | |||
| group rekeying; try later", | group rekeying; try later", | |||
| / ace-groupcomm-error / 0: { | / ace-groupcomm-error / 0: { | |||
| / error-id / 0: 4 / "No available node identifiers" /, | / error-id / 0: 4 / "No available node identifiers" / | |||
| } | } | |||
| } | } | |||
| Figure 6: Example of an Error Response with Problem Details | Figure 6: Example of an Error Response with Problem Details | |||
| The problem-details format (in general) and the Custom Problem Detail | The problem-details format (in general) and the Custom Problem Detail | |||
| entry 'ace-groupcomm-error' (in particular) are OPTIONAL for Clients | entry 'ace-groupcomm-error' (in particular) are OPTIONAL for Clients | |||
| to support. A Client supporting the entry 'ace-groupcomm-error' and | to support. A Client supporting the entry 'ace-groupcomm-error' and | |||
| that can understand the specified error may use that information to | that can understand the specified error may use that information to | |||
| determine what actions to take next. | determine what actions to take next. | |||
| skipping to change at line 1540 ¶ | skipping to change at line 1540 ¶ | |||
| inclusion_flag = bool | inclusion_flag = bool | |||
| role = tstr | role = tstr | |||
| comb_role = [ 2*role ] | comb_role = [ 2*role ] | |||
| role_filter = [ *(role / comb_role) ] | role_filter = [ *(role / comb_role) ] | |||
| id = bstr | id = bstr | |||
| id_filter = [ *id ] | id_filter = [ *id ] | |||
| get_creds = null / [ inclusion_flag, role_filter, id_filter] | get_creds = null / [ inclusion_flag, role_filter, id_filter ] | |||
| Figure 9: CDDL Definition of 'get_creds', Using an Example | Figure 9: CDDL Definition of 'get_creds', Using an Example | |||
| Node Identifier Encoded as bstr and Role as tstr | Node Identifier Encoded as bstr and Role as tstr | |||
| * 'client_cred': encoded as a CBOR byte string, whose value is the | * 'client_cred': encoded as a CBOR byte string, whose value is the | |||
| original binary representation of the Client's authentication | original binary representation of the Client's authentication | |||
| credential. This parameter MUST be present if the KDC is managing | credential. This parameter MUST be present if the KDC is managing | |||
| (collecting from and distributing to Clients) the authentication | (collecting from and distributing to Clients) the authentication | |||
| credentials of the group members and the Client's role in the | credentials of the group members and the Client's role in the | |||
| group will require the Client to send messages to one or more | group will require the Client to send messages to one or more | |||
| skipping to change at line 2216 ¶ | skipping to change at line 2216 ¶ | |||
| / client_cred_verify / 24: h'66e6d9b0db009f3e105a673f88556117 | / client_cred_verify / 24: h'66e6d9b0db009f3e105a673f88556117 | |||
| 26caed57f530f8cae9d0b168513ab949 | 26caed57f530f8cae9d0b168513ab949 | |||
| fedc3e80a96ebe94ba08d3f8d3bf8348 | fedc3e80a96ebe94ba08d3f8d3bf8348 | |||
| 7458e2ab4c2f936ff78b50e33c885e35' | 7458e2ab4c2f936ff78b50e33c885e35' | |||
| } | } | |||
| Response: | Response: | |||
| Header: Created (Code=2.01) | Header: Created (Code=2.01) | |||
| Content-Format: application/ace-groupcomm+cbor | Content-Format: application/ace-groupcomm+cbor | |||
| Location-Path: "ace-group" | ||||
| Location-Path: "g1" | Location-Path: "g1" | |||
| Location-Path: "nodes" | Location-Path: "nodes" | |||
| Location-Path: "c101" | Location-Path: "c101" | |||
| Payload (in CBOR diagnostic notation): | Payload (in CBOR diagnostic notation): | |||
| { | { | |||
| / gkty / 7: 65600, | / gkty / 7: 65600, | |||
| / key / 8: h'73657373696f6e6b6579', | / key / 8: h'73657373696f6e6b6579', | |||
| / num / 9: 12, | / num / 9: 12, | |||
| / exp / 11: 1924992000, | / exp / 11: 1924992000, | |||
| / exi / 12: 2592000, | / exi / 12: 2592000, | |||
| skipping to change at line 2546 ¶ | skipping to change at line 2547 ¶ | |||
| 405c47bf16df96660a41298cb4307f7e | 405c47bf16df96660a41298cb4307f7e | |||
| b62258206e5de611388a4b8a8211334a | b62258206e5de611388a4b8a8211334a | |||
| c7d37ecb52a387d257e6db3c2a93df21 | c7d37ecb52a387d257e6db3c2a93df21 | |||
| ff3affc8', | ff3affc8', | |||
| h'a2026008a101a5010202410920012158 | h'a2026008a101a5010202410920012158 | |||
| 206f9702a66602d78f5e81bac1e0af01 | 206f9702a66602d78f5e81bac1e0af01 | |||
| f8b52810c502e87ebb7c926c07426fd0 | f8b52810c502e87ebb7c926c07426fd0 | |||
| 2f225820c8d33274c71c9b3ee57d842b | 2f225820c8d33274c71c9b3ee57d842b | |||
| bf2238b8283cb410eca216fb72a78ea7 | bf2238b8283cb410eca216fb72a78ea7 | |||
| a870f800'], | a870f800'], | |||
| / peer_roles / 14: [ ["sender", "receiver"], "receiver" ], | / peer_roles / 14: [["sender", "receiver"], "receiver"], | |||
| / peer_identifiers / 15: [h'02', h'03'] | / peer_identifiers / 15: [h'02', h'03'] | |||
| } | } | |||
| Figure 17: Example of Authentication Credential Request-Response | Figure 17: Example of Authentication Credential Request-Response | |||
| to Obtain the Authentication Credentials of Specific Group | to Obtain the Authentication Credentials of Specific Group | |||
| Members | Members | |||
| 4.4.2. GET Handler | 4.4.2. GET Handler | |||
| The handler expects a GET request. | The handler expects a GET request. | |||
| End of changes. 5 change blocks. | ||||
| 4 lines changed or deleted | 5 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||