UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF - RFC 9237

An Authorization Information Format (AIF) for Authentication and Authorization for Constrained Environments (ACE)

active, Most Current
Organization: IETF
Publication Date: 1 August 2022
Status: active
Page Count: 14
scope:

Information about which entities are authorized to perform what operations on which constituents of other entities is a crucial component of producing an overall system that is secure. Conveying precise authorization information is especially critical in highly automated systems with large numbers of entities, such as the Internet of Things.

This specification provides a generic information model and format for representing such authorization information, as well as two variants of a specific instantiation of that format for use with Representational State Transfer (REST) resources identified by URI path.

Document History

RFC 9237
August 1, 2022
An Authorization Information Format (AIF) for Authentication and Authorization for Constrained Environments (ACE)
Information about which entities are authorized to perform what operations on which constituents of other entities is a crucial component of producing an overall system that is secure. Conveying...

References

This document references:
IETF RFC 6570 - URI Template
Published by IETF on March 1, 2012
A URI Template is a compact sequence of characters for describing a range of Uniform Resource Identifiers through variable expansion. This specification defines the URI Template syntax and the...
This document references:
IETF RFC 7493 - The I‐JSON Message Format
Published by IETF on March 1, 2015
Introduction RFC 7159 describes the JSON data interchange format, which is widely used in Internet protocols. For historical reasons, that specification allows the use of language idioms and text...
This document references:
IETF RFC 8132 - PATCH and FETCH Methods for the Constrained Application Protocol (CoAP)
Published by IETF on April 1, 2017
The methods defined in RFC 7252 for the Constrained Application Protocol (CoAP) only allow access to a complete resource, not to parts of a resource. In case of resources with larger or complex data,...
This document references:
IETF RFC 8610 - Concise Data Definition Language (CDDL): A Notational Convention to Express Concise Binary Object Representation (CBOR) and JSON Data Structures
Published by IETF on June 1, 2019
This document proposes a notational convention to express Concise Binary Object Representation (CBOR) data structures (RFC 7049). Its main goal is to provide an easy and unambiguous way to express...
This document references:
IETF RFC 8881 - Network File System (NFS) Version 4 Minor Version 1 Protocol
Published by IETF on August 1, 2020
Scope of This Document This document describes the NFSv4.1 protocol. With respect to NFSv4.0, this document does not: • describe the NFSv4.0 protocol, except where needed to contrast with NFSv4.1. •...
This document references:
RFC 9165 - Additional Control Operators for the Concise Data Definition Language (CDDL)
Published by IETF on December 1, 2021
Abstract The Concise Data Definition Language (CDDL), standardized in RFC 8610, provides "control operators" as its main language extension point. The present document defines a number of control...
This document references:
RFC 9200 - Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)
Published by IETF on August 1, 2022
This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE‑OAuth. The framework is based on a set of building blocks including...
This document is referenced by:
RFC 9431 - Message Queuing Telemetry Transport (MQTT) and Transport Layer Security (TLS) Profile of Authentication and Authorization for Constrained Environments (ACE) Framework
Published by IETF on July 1, 2023
This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework to enable authorization in a publish-subscribe messaging system based on...
View Less
View All
Advertisement