IETF94 M2M Authentication

2015.12.8 ID

kura

ID /

OpenID ISOC-JP

ID

@kura_lab

SEC area

1. ace WG

2. cose WG

3. tokbind WG

4. oauth WG

ART area

1. core WG

ace WG (SEC)Actors in the ACE Architecture https://www.ietf.org/proceedings/94/slides/slides-94-ace-2.pdf

Single-Domain with Single AS Cross-Domain with single AS

https://www.ietf.org/proceedings/94/slides/slides-94-ace-2.pdf

ace WG (SEC)ACE Solutions

https://www.ietf.org/proceedings/94/slides/slides-94-ace-6.pdf

draft-cuellar-ace-solutions-00

PAT Tokens(Privacy-Enhanced-Authorization-Tokens)

https://www.ietf.org/proceedings/94/slides/slides-94-ace-5.pdf

https://www.ietf.org/proceedings/94/slides/slides-94-ace-6.pdfhttps://www.ietf.org/proceedings/94/slides/slides-94-ace-5.pdf

ace WG (SEC)Delegated Authenticated Authorization Framework (DCAF)

https://www.ietf.org/proceedings/94/slides/slides-94-ace-3.pdf

DTLS

https://www.ietf.org/proceedings/94/slides/slides-94-ace-3.pdf

ace WG (SEC)Authorization using OAuth 2.0

https://www.ietf.org/proceedings/94/slides/slides-94-ace-1.pdf

ACRE(ace-core-authz)OAuth(ace-oauth-iot/introspection)draft

https://www.ietf.org/proceedings/94/slides/slides-94-ace-1.pdf

DCAF vs OAuth

ace WG (SEC)1. draft

OAuth - 20% / DCAF -

2.

OAuth - 3 / DCAF - 1

ace WG (SEC)3. 12

1- 12 / 2 - 2 / 10

4. ?

DCAF - 0 / OAuth - 1/2

ace WG (SEC)Using DCAF With CBOR Encoded Message Syntax

https://www.ietf.org/proceedings/94/slides/slides-94-ace-4.pdf

https://www.ietf.org/proceedings/94/slides/slides-94-ace-4.pdf

cose WG (SEC)Object Security of COAP

https://www.ietf.org/proceedings/94/slides/slides-94-cose-1.pdf

COSEHMAC-SHA256/ECDSA with 64 bytes signature

COSE Message Issues

https://www.ietf.org/proceedings/94/slides/slides-94-cose-2.pdf

COSERSA 1.5MIME Type

issueshttps://github.com/cose-wg/cose-issues/issues

https://www.ietf.org/proceedings/94/slides/slides-94-cose-1.pdfhttps://www.ietf.org/proceedings/94/slides/slides-94-cose-2.pdfhttps://github.com/cose-wg/cose-issues/issues

tokbind WG (SEC)Token Binding for HTTPS

draft-ietf-tokbind-https-02

tls_unique Exported Key Material (EKM)

Sensitivity of the Token-Binding HeaderSecuring Federated Sign-On Protocols

LC

tokbind WG (SEC)Token Binding Protocol & TLS Extension

draft-ietf-tokbind-protocol-03

draft-ietf-tokbind-negotiation-01

tls_uniqueExported Key Material (EKM)

rsa2048_pkcs1.5_sha256 rsa2048_pkcs1.5

oauth WG (SEC)Status Update

PoP ArchitecturePoP Key SemanticsIEST

OAuth 2.0 JWT Authorization Request

Request Object URI

PoP Key DistributionToken Endpointaud

oauth WG (SEC)Proof-of-Possession Key Distribution

Refresh Token

Confidential client ID/Client SecretPoP

Public client PKCE(Proof Key for Code Exchange)

oauth WG (SEC)HTTP Signing

HTTPSignaturePoP token

JSONJWSAuthorization

Token Exchange

IETF93@

oauth WG (SEC)Rechartering

OAuth 2.0 for Native Apps

OpenID FoundationSSO

16 for doing the work / 0 against / 2 need more info

Security Extensions & Fixes

asymmetric PKCE extension, token binding for refresh tokens and post message response mode to replace fragment.

17 for/ 0 against/ 0 need more info

oauth WG (SEC)Rechartering

API Management

User-Managed Access(UMA)

6 for / zero against / 9 need more information

JWT Claims

draft-jones-oauth-amr-values draftJWT Claims

9 for / zero against / 6 need more information

oauth WG (SEC)Rechartering

Device Flow

FacebookGoogletvOSOAuth 2.0

16 for / zero against / 2 need more information

Discovery(Oauth Meta)

OAuthURL

19 for / zero against / 4 need more information

core WG (ART)CoRE Resource Directory

draft-ietf-core-resource-directory-05.txt

Resource Directory(RD)M2M

core WG (ART)A TCP and TLS Transport for the Constrained Application Protocol (CoAP)

draft-tschofenig-core-coap-tcp-tls-04.txt

CoAP over TCP / CoAP over TLS

core WG (ART)Reusable Interface Definitions for Constrained RESTful Environments

draft-ietf-core-interfaces-04.txt

Content-FormatsLinksCollection TypesBinding methods(Polloing/Observe/Push)Interface

core WG (ART)Media Types for Sensor Markup Language (SenML)

draft-jennings-core-senml-02.txt

HTTPCoAPJSONCBORXMLEXI

core WG (ART)CoAP Management Interface(COMI)

draft-vanderstok-core-comi-08.txt

CoAPRESTCONF/YANGCBOR

core WG (ART)Patch Method for Constrained Application Protocol (CoAP)

draft-vanderstok-core-patch-02.txt

CoAP PUT method

CoAPmethodPATCHiPATCH

core WG (ART)CoAP FETCH Method

draft-bormann-core-coap-fetch-00.txt

CoAP methodFETCH

Constrained Objects Language

draft-veillette-core-cool-00

core WG (ART)Publish-Subscribe Broker for the Constrained Application Protocol (CoAP)

draft-koster-core-coap-pubsub-03

CoAPPub/Sub broker

SEC area

1. ace WG

OAuth

2. cose WG

JOSEissue

3. tokbind WG

tls_uniqueEKM

4. oauth WG

PoP

ART area

1. core WG

methodPub/Sub brokerdraft