UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF - RFC 9201

Additional OAuth Parameters for Authentication and Authorization for Constrained Environments (ACE)

active, Most Current
Organization: IETF
Publication Date: 1 August 2022
Status: active
Page Count: 11
scope:

This specification defines new parameters and encodings for the OAuth 2.0 token and introspection endpoints when used with the framework for Authentication and Authorization for Constrained Environments (ACE). These are used to express the proof-of-possession (PoP) key the client wishes to use, the PoP key that the authorization server has selected, and the PoP key the resource server uses to authenticate to the client.

Document History

RFC 9201
August 1, 2022
Additional OAuth Parameters for Authentication and Authorization for Constrained Environments (ACE)
This specification defines new parameters and encodings for the OAuth 2.0 token and introspection endpoints when used with the framework for Authentication and Authorization for Constrained...

References

This document references:
RFC 9200 - Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)
Published by IETF on August 1, 2022
This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE‑OAuth. The framework is based on a set of building blocks including...
This document references:
IETF RFC 6749 - The OAuth 2.0 Authorization Framework
Published by IETF on October 1, 2012
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction...
This document references:
IETF RFC 7800 - Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)
Published by IETF on April 1, 2016
This specification describes how to declare in a JSON Web Token (JWT) that the presenter of the JWT possesses a particular proof-ofpossession key and how the recipient can cryptographically confirm...
This document references:
IETF RFC 8152 - CBOR Object Signing and Encryption (COSE)
Published by IETF on July 1, 2017
Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need for the ability to have basic security services defined for this data...
This document references:
IETF RFC 8705 - OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
Published by IETF on February 1, 2020
Abstract This document describes OAuth client authentication and certificate-bound access and refresh tokens using mutual Transport Layer Security (TLS) authentication with X.509 certificates. OAuth...
This document references:
RFC 9200 - Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)
Published by IETF on August 1, 2022
This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE‑OAuth. The framework is based on a set of building blocks including...
This document is referenced by:
RFC 9202 - Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE)
Published by IETF on August 1, 2022
This specification defines a profile of the Authentication and Authorization for Constrained Environments (ACE) framework that allows constrained servers to delegate client authentication and...
This document is referenced by:
RFC 9203 - The Object Security for Constrained RESTful Environments (OSCORE) Profile of the Authentication and Authorization for Constrained Environments (ACE) Framework
Published by IETF on August 1, 2022
This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework. It utilizes Object Security for Constrained RESTful Environments (OSCORE) to...
This document is referenced by:
RFC 9431 - Message Queuing Telemetry Transport (MQTT) and Transport Layer Security (TLS) Profile of Authentication and Authorization for Constrained Environments (ACE) Framework
Published by IETF on July 1, 2023
This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework to enable authorization in a publish-subscribe messaging system based on...
View Less
View All
Advertisement