**Session Date/Time:** 22 Jul 2024 22:30 # ace ## Summary This ACE working group meeting covered updates on several key drafts, including COAP ESP core, PubSub Profile, OSCORE Group Manager Admin Interface, Workflow and Params, EDOC OSCORE Profile, and Group OSCORE ACE Profile. Discussions focused on addressing open issues, incorporating feedback, and outlining next steps toward working group last call. The bidirectional access control idea in the Workflow and Params draft sparked particular interest. ## Key Discussion Points * **COAP ESP core:** Resolution of closed issues was presented, including clarification on challenge password usage and initial authentication credentials. Two open issues remain regarding CDDL structure and credential type selection. * **PubSub Profile:** Updates included editorial fixes, alignment with ACE Key Cook-Con, and clarification of scope and key management details. Future work will focus on topic discovery and group policies. * **OSCORE Group Manager Admin Interface:** Addressed Carsten's review and other minor issues. Discussion included URI path clarifications, parameter vs. property terminology, and atomic operation requirements. * **Workflow and Params:** Updates cover the alternative execution flow and bidirectional access control. Introduced a new "token_ash" parameter. There was excitement about the bi-directional access control idea. * **EDOC OSCORE Profile:** Updates focused on using the designated notation, editorial fixes, and expanded registration policies. It was clarified that only CWTs are supported as access tokens. Consistency check added for authentication credentials. * **Group OSCORE ACE Profile:** Addressed feedback from an IANA review and added initial roadmap text for enabling dynamic update of access rights. There was discussion about resource servers storing multiple access tokens per proof-of-possession key and how to handle security implications. * **Multi-group access tokens:** How to handle different scope expressions in access tokens targeted to multiple security groups. ## Decisions and Action Items * **COAP ESP core:** Authors to resolve the two open issues on GitHub. * **OSCORE Group Manager Admin Interface:** Move forward with Shepherd review and write-up, contingent on author confirmation that Carsten's comments were adequately addressed. * **OSCORE Group Manager Admin Interface:** Address editorial comments once the other mentioned document is under AD review. * **Workflow and Params:** Authors to address issues from Ayala and Christian. * **EDOC OSCORE Profile:** Authors to elaborate and describe on actions to take if authentication credentials have been invalidated or deleted. * **EDOC OSCORE Profile:** Authors to add consistency checking of the authentication credentials from the different edoc fields. * **Group OSCORE ACE Profile:** Authors to document security considerations regarding multi-group access tokens. * **Group OSCORE ACE Profile:** Authors to add the original specification entry to the old parameter C-BOR mapping strategy. ## Next Steps * **All drafts:** Authors to continue addressing open issues and incorporating feedback. * **COAP ESP core:** Working group last call after open issues are resolved. * **PubSub Profile:** Aim for last call after addressing discovery of topic names and adding information about group policies. * **OSCORE Group Manager Admin Interface:** Proceed with Shepherd review and write-up after addressing author concerns on feedback integration. * **Workflow and Params:** Continue exploring bi-directional access control. * **EDOC OSCORE Profile:** Add further text on the reverse message flow usage and examples. * **Group OSCORE ACE Profile:** Add more text regarding updates to access rights.