Diff: rfc9431v3.txt - rfc9431.txt

	rfc9431v3.txt	rfc9431.txt

	Internet Engineering Task Force (IETF) C. Sengul	Internet Engineering Task Force (IETF) C. Sengul
	Request for Comments: 9431 Brunel University	Request for Comments: 9431 Brunel University
	Category: Standards Track A. Kirby	Category: Standards Track A. Kirby
	ISSN: 2070-1721 Oxbotica	ISSN: 2070-1721 Oxbotica

	June 2023	July 2023

	Message Queuing Telemetry Transport (MQTT) and Transport Layer Security	Message Queuing Telemetry Transport (MQTT) and Transport Layer Security
	(TLS) Profile of Authentication and Authorization for Constrained	(TLS) Profile of Authentication and Authorization for Constrained
	Environments (ACE) Framework	Environments (ACE) Framework

	Abstract	Abstract

	This document specifies a profile for the Authentication and	This document specifies a profile for the Authentication and
	Authorization for Constrained Environments (ACE) framework to enable	Authorization for Constrained Environments (ACE) framework to enable
	authorization in a publish-subscribe messaging system based on	authorization in a publish-subscribe messaging system based on

	skipping to change at line 1434 ¶	skipping to change at line 1434 ¶
	Cigdem Sengul <csengul@acm.org>	Cigdem Sengul <csengul@acm.org>

	Intended usage: COMMON	Intended usage: COMMON

	Restrictions on usage: none	Restrictions on usage: none

	Author: Cigdem Sengul <csengul@acm.org>	Author: Cigdem Sengul <csengul@acm.org>

	Change controller: IETF	Change controller: IETF


	Provisional registration? (standards tree only): no

	7.3. ACE OAuth Profile Registration	7.3. ACE OAuth Profile Registration

	The following registrations have been made in the "ACE Profiles"	The following registrations have been made in the "ACE Profiles"
	registry, following the procedure specified in [RFC9200].	registry, following the procedure specified in [RFC9200].

	Name: mqtt_tls	Name: mqtt_tls

	Description: Profile for delegating Client authentication and	Description: Profile for delegating Client authentication and
	authorization using MQTT for the Client and Broker (RS)	authorization using MQTT for the Client and Broker (RS)
	interactions and HTTP for the AS interactions. TLS is used for	interactions and HTTP for the AS interactions. TLS is used for

	skipping to change at line 1468 ¶	skipping to change at line 1466 ¶
	the following entries for the two media type parameters Toid and	the following entries for the two media type parameters Toid and
	Tperm in the respective subregistry defined in Section 5.2 of	Tperm in the respective subregistry defined in Section 5.2 of
	[RFC9237] within the "Media Type Sub-Parameter Registries".	[RFC9237] within the "Media Type Sub-Parameter Registries".

	For Toid:	For Toid:
	Name: mqtt-topic-filter	Name: mqtt-topic-filter

	Description/Specification: Topic Filter, as defined in	Description/Specification: Topic Filter, as defined in
	Section 2.3 of RFC 9431.	Section 2.3 of RFC 9431.


	Reference: RFC 9431 (Section 2.3)	Reference: RFC 9431, Section 2.3

	For Tperm:	For Tperm:
	Name: mqtt-permissions	Name: mqtt-permissions

	Description/Specification: Permissions for the MQTT Client, as	Description/Specification: Permissions for the MQTT Client, as
	defined in Section 2.3 of RFC 9431. Tperm is an array of one	defined in Section 2.3 of RFC 9431. Tperm is an array of one
	or more text strings that each have a value of either "pub" or	or more text strings that each have a value of either "pub" or
	"sub".	"sub".


	Reference: RFC 9431 (Section 2.3)	Reference: RFC 9431, Section 2.3

	8. Security Considerations	8. Security Considerations

	This document specifies a profile for the Authentication and	This document specifies a profile for the Authentication and
	Authorization for Constrained Environments (ACE) framework [RFC9200].	Authorization for Constrained Environments (ACE) framework [RFC9200].
	Therefore, the security considerations outlined in [RFC9200] apply to	Therefore, the security considerations outlined in [RFC9200] apply to
	this work.	this work.

	In addition, the security considerations outlined in the MQTT v5.0	In addition, the security considerations outlined in the MQTT v5.0
	OASIS Standard [MQTT-OASIS-Standard-v5] and MQTT v3.1.1 OASIS	OASIS Standard [MQTT-OASIS-Standard-v5] and MQTT v3.1.1 OASIS

	skipping to change at line 1694 ¶	skipping to change at line 1692 ¶

	[RFC9360] Schaad, J., "CBOR Object Signing and Encryption (COSE):	[RFC9360] Schaad, J., "CBOR Object Signing and Encryption (COSE):
	Header Parameters for Carrying and Referencing X.509	Header Parameters for Carrying and Referencing X.509
	Certificates", RFC 9360, DOI 10.17487/RFC9360, February	Certificates", RFC 9360, DOI 10.17487/RFC9360, February
	2023, <https://www.rfc-editor.org/info/rfc9360>.	2023, <https://www.rfc-editor.org/info/rfc9360>.

	[RFC9430] Bergmann, O., Preuß Mattsson, J., and G. Selander,	[RFC9430] Bergmann, O., Preuß Mattsson, J., and G. Selander,
	"Extension of the Datagram Transport Layer Security (DTLS)	"Extension of the Datagram Transport Layer Security (DTLS)
	Profile for Authentication and Authorization for	Profile for Authentication and Authorization for
	Constrained Environments (ACE) to Transport Layer Security	Constrained Environments (ACE) to Transport Layer Security

	(TLS)", RFC 9430, DOI 10.17487/RFC9430, June 2023,	(TLS)", RFC 9430, DOI 10.17487/RFC9430, July 2023,
	<https://www.rfc-editor.org/info/rfc9430>.	<https://www.rfc-editor.org/info/rfc9430>.

	10.2. Informative References	10.2. Informative References

	[ACE-PUBSUB-PROFILE]	[ACE-PUBSUB-PROFILE]
	Palombini, F., Sengul, C., and M. Tiloca, "Publish-	Palombini, F., Sengul, C., and M. Tiloca, "Publish-
	Subscribe Profile for Authentication and Authorization for	Subscribe Profile for Authentication and Authorization for
	Constrained Environments (ACE)", Work in Progress,	Constrained Environments (ACE)", Work in Progress,
	Internet-Draft, draft-ietf-ace-pubsub-profile-06, 13 March	Internet-Draft, draft-ietf-ace-pubsub-profile-06, 13 March
	2023, <https://datatracker.ietf.org/doc/html/draft-ietf-	2023, <https://datatracker.ietf.org/doc/html/draft-ietf-

	skipping to change at line 1750 ¶	skipping to change at line 1748 ¶
	<https://www.rfc-editor.org/info/rfc8949>.	<https://www.rfc-editor.org/info/rfc8949>.

	[RFC9325] Sheffer, Y., Saint-Andre, P., and T. Fossati,	[RFC9325] Sheffer, Y., Saint-Andre, P., and T. Fossati,
	"Recommendations for Secure Use of Transport Layer	"Recommendations for Secure Use of Transport Layer
	Security (TLS) and Datagram Transport Layer Security	Security (TLS) and Datagram Transport Layer Security
	(DTLS)", BCP 195, RFC 9325, DOI 10.17487/RFC9325, November	(DTLS)", BCP 195, RFC 9325, DOI 10.17487/RFC9325, November
	2022, <https://www.rfc-editor.org/info/rfc9325>.	2022, <https://www.rfc-editor.org/info/rfc9325>.

	[TLS-bis] Rescorla, E., "The Transport Layer Security (TLS) Protocol	[TLS-bis] Rescorla, E., "The Transport Layer Security (TLS) Protocol
	Version 1.3", Work in Progress, Internet-Draft, draft-	Version 1.3", Work in Progress, Internet-Draft, draft-

	ietf-tls-rfc8446bis-07, 26 March 2023,	ietf-tls-rfc8446bis-09, 7 July 2023,
	<https://datatracker.ietf.org/doc/html/draft-ietf-tls-	<https://datatracker.ietf.org/doc/html/draft-ietf-tls-

	rfc8446bis-07>.	rfc8446bis-09>.

	Appendix A. Checklist for Profile Requirements	Appendix A. Checklist for Profile Requirements

	Based on the requirements on profiles for the ACE framework	Based on the requirements on profiles for the ACE framework
	[RFC9200], this document fulfills the following:	[RFC9200], this document fulfills the following:

	* Optional AS discovery: AS discovery is supported with the MQTT	* Optional AS discovery: AS discovery is supported with the MQTT
	v5.0 described in Section 2.2.	v5.0 described in Section 2.2.

	* The communication protocol between the Client and Broker (RS):	* The communication protocol between the Client and Broker (RS):

End of changes. 7 change blocks.
	8 lines changed or deleted	6 lines changed or added
This html diff was produced by rfcdiff 1.48.