**Session Date/Time:** 20 Feb 2023 14:00 # [ACE](../wg/ace.html) ## Summary This meeting provided status updates on three key ACE Working Group drafts: "Revoke Token Notification", "OSCORE Group Manager Admin Notification", and "CoAP Key Group Com over OSCORE". Progress on editorial changes, security considerations, and alignment with related specifications was discussed. A significant discussion covered the planned split of the OSCORE GM Admin Notification document and the ongoing work on the CoAP Key Group Com draft, including KDC discovery and Nonce construction. The group also received an update on the shepherd review for an existing document and decided to cancel the scheduled March interim meeting. The Chair experienced intermittent audio issues throughout the meeting, but discussions proceeded. ## Key Discussion Points * **ACE Revoke Token Notification Draft (Marco Tiloca)** * **Status**: Significant progress on editorial changes. Examples have been collected in an appendix. Parameters and constants are now defined in an appendix. An inconsistent parameter name was aligned. * **Normative References**: Rephrased text to relax normative language around the CoAP `pmx` parameter, making the CoAP core document an informative reference instead of normative. The draft now has no normative references not already applicable to ACE. * **Remaining Work**: Mostly focused on compiling proper text for security considerations. * **Plan**: Submit a revised version before the cutoff date. If no other issues arise, this version should be ready for a Working Group Last Call (WGLC). * **ACE OSCORE Group Manager Admin Notification Draft (Marco Tiloca)** * **Status**: Ongoing work, including adding a section on considerations for multiple concurrent administrators and fixing issues related to CoAP_ALL. Started translating sample diagnostic notation using CBOR and CoRAL. * **New Error Condition**: Identified a need to define a new error condition for the Group Manager if it receives a request to create or update a group configuration that it doesn't support. This would be an OSCORE GM Admin error code transported in the payload. * **Clarifications**: Discussed clarifications needed for reasons to deviate from recommended default parameter values and for operations affecting multiple resources that should be performed atomically. * **Remaining Work**: Ongoing security considerations, completing CBOR/CoRAL samples. Expects to cover most items before the cutoff, possibly excluding some CoRAL examples. * **Document Split**: Confirmed plans for a future document split after IETF 116. The current document (Doc1) will proceed after CoRAL-related content is removed. A new Working Group document (Doc2) will focus specifically on CoRAL usage with this approach. Daniel indicated that Doc2 could be adopted as a WG document immediately after the split. Marco noted the editorial effort required for the split. * **ACE CoAP Key Group Com over OSCORE Draft (Sigrun Erlingsdottir)** * **Author Update**: Marco Tiloca has joined as an author. * **Terminology Clarification**: Discussions focused on clarifying terminology between "security group" and "application group" to ensure clarity that this document primarily addresses security groups. The distinction from CoAP PubSub groups was emphasized. * **Mapping**: The document currently considers a one-to-one relationship between a security group and an application group. The possibility of one application group being used by multiple security groups remains open for future consideration. * **Resource Registration**: Registered `core.ps.gm` to represent a resource for group membership at the KDC (Key Distribution Center). * **Scope and Formats**: Added support for an extended scope format and registered a content format. Clarified KDC acquisition of credentials for publisher clients. Differentiated between new and returning clients. Enhanced join error handling and token transfer methods using `exporter.sign-challenge` during DTLS handshake. * **Future Work (Planned for Cutoff)**: * Better describe client workflow (AS discovery, optional KDC discovery, token acquisition, key acquisition). * Clean up and expand scope format to flag requests for KDC or broker scopes, and consider other PubSub operations (e.g., admin actions for future proofing). * Finalize handling of join responses, particularly Nonce construction. Two options were considered for Nonce construction: 1. Base IV and Sender ID provided by KDC, partial IV for all senders set by KDC (preferred). 2. Base IV provided by KDC, partial IV space divided among senders (earlier idea, concerns about space exhaustion). Option 1 was generally preferred. * **Future Work (Beyond Current Version)**: Group re-keying (currently point-to-point, needs PubSub-aware solution), other CoAP PubSub related aspects. * **Related CoAP PubSub Updates (Marco Tiloca)**: * `core.ps.gm` is a resource type at the KDC for security group membership, not involved in topic discovery. * Administrative CoAP PubSub operations (`create`, `read`, `remove` for topic configuration) are out of scope for user authorization in this document; this document should focus on user-level `publish`/`subscribe` permissions. * KDC discovery for a topic can be integrated into topic discovery (e.g., via web linking with `Rel Target` attribute) from the broker or resource directory, without requiring extra permissions. * Noted that the "brokerless CoAP PubSub" alternative has been removed from the CoAP PubSub editor's copy. * **Overall Goal**: A clean document describing the most basic CoAP PubSub group communication for IETF 116. * **ACE Key Group Com Draft Shepherd Update (Rikard Höglund)** * The shepherd write-up is finished, awaiting final formatting. * The shepherd review is almost done, focusing on formatting and pointing to correct sections. Expects to submit by tomorrow or latest Wednesday. * **March Interim Meeting Discussion** * A discussion was held regarding the scheduled interim meeting the week before IETF 116. * A sense of those present indicated that it would be more beneficial to focus on the IETF 116 meeting, given the close proximity of the dates and potential conflicts for participants (e.g., Marco had a conflict, another participant was working on EST over OSCORE for IETF 116). ## Decisions and Action Items * **Decision**: The `oscore-gm-admin-notification` draft will be split after IETF 116. The current draft (Doc1) will proceed with CoRAL content removed. A new WG document (Doc2) focusing on CoRAL usage will be adopted. * **Decision**: The March interim meeting, scheduled the week before IETF 116, is cancelled. * **Action Item**: Marco Tiloca to submit a revised version of the "Revoke Token Notification" draft incorporating all updates before the cutoff date. * **Action Item**: Marco Tiloca to submit a revised version of the "OSCORE Group Manager Admin Notification" draft incorporating as many updates as possible before the cutoff date. * **Action Item**: Sigrun Erlingsdottir to submit a new version of the "CoAP Key Group Com over OSCORE" draft by the cutoff date, reflecting the discussed clarifications and updates, including Marco Tiloca as an author. * **Action Item**: Rikard Höglund to submit the shepherd write-up and shepherd review for the ACE Key Group Com draft by Wednesday. * **Action Item**: Daniel to follow up on the publication request for the Key Group Com draft after Rikard's review is addressed. ## Next Steps * Authors will continue working on their respective drafts, aiming to submit updated versions by the upcoming cutoff date. * The shepherd review process for the existing Key Group Com draft will conclude, moving it closer to publication. * Planning for the split of the "OSCORE Group Manager Admin Notification" document will proceed, with the aim of creating two distinct documents after IETF 116. * The Working Group will focus on the scheduled meeting at IETF 116 for further discussions and progress updates.