UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF - RFC 9203

The Object Security for Constrained RESTful Environments (OSCORE) Profile of the Authentication and Authorization for Constrained Environments (ACE) Framework

active, Most Current
Organization: IETF
Publication Date: 1 August 2022
Status: active
Page Count: 28
scope:

This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework. It utilizes Object Security for Constrained RESTful Environments (OSCORE) to provide communication security and proof-of-possession for a key owned by the client and bound to an OAuth 2.0 access token.

Document History

RFC 9203
August 1, 2022
The Object Security for Constrained RESTful Environments (OSCORE) Profile of the Authentication and Authorization for Constrained Environments (ACE) Framework
This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework. It utilizes Object Security for Constrained RESTful Environments (OSCORE) to...

References

This document references:
RFC 9200 - Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)
Published by IETF on August 1, 2022
This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE‑OAuth. The framework is based on a set of building blocks including...
This document references:
IETF RFC 4648 - The Base16, Base32, and Base64 Data Encodings
Published by IETF on October 1, 2006
This document describes the commonly used base 64, base 32, and base 16 encoding schemes. It also discusses the use of line-feeds in encoded data, use of padding in encoded data, use of non-alphabet...
This document references:
IETF RFC 6749 - The OAuth 2.0 Authorization Framework
Published by IETF on October 1, 2012
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction...
This document references:
IETF RFC 7800 - Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)
Published by IETF on April 1, 2016
This specification describes how to declare in a JSON Web Token (JWT) that the presenter of the JWT possesses a particular proof-ofpossession key and how the recipient can cryptographically confirm...
This document references:
IETF RFC 8392 - CBOR Web Token (CWT)
Published by IETF on May 1, 2018
CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR), and CBOR...
This document references:
RFC 9200 - Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)
Published by IETF on August 1, 2022
This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE‑OAuth. The framework is based on a set of building blocks including...
This document is referenced by:
TS 124 547 - 5G; Identity management - Service Enabler Architecture Layer for Verticals (SEAL); Protocol specification
Published by ETSI on July 1, 2023
The present document specifies the protocol aspects for the identity management capability of SEAL to support vertical applications (e.g. V2X) over the 3GPP system. The present document is applicable...
This document is referenced by:
RFC 9430 - Extension of the Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE) to Transport Layer Security (TLS)
Published by IETF on July 1, 2023
This document updates "Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE)" (RFC 9202) by specifying that the profile applies to...
View Less
View All
Advertisement