Markdown Version | Session Recording

Session Date/Time: 24 Jul 2025 07:30

ace

Summary

This ACE working group meeting covered updates on several drafts: ad hoc OSCore profile, ACE workflow and params, additional formats for authentication credentials in DTLS profile, and EST OSCore. Key discussions revolved around handling certificates by reference, error handling, and dependencies between drafts. The working group agreed to hold off on a working group last call for one draft until its dependencies progress further. A working group last call was requested for EST OSCore.

Key Discussion Points

• Ad Hoc OSCore Profile: Updates included improvements to information flow with new EAD items for AS request creation hints and authentication credential requests. Discussion focused on use cases like group audience scenarios and optimizing message flows.
• ACE Workflow and Params: Updates included an alternative workflow where the authorization server uploads the access token to the resource server. The document also defines new parameters and improves error handling, specifically adding an error code when the AS fails to confirm proof of possession of the client's private key. Significant changes to the to RS and from RS parameters were discussed, generalizing them for broader application beyond the OSCore profile, including potential use with group communication and key management (RFC 9594).
• DTLS Profile Authentication Credentials: Updates focused on enabling additional formats for authentication credentials (certificates and COSE certificates) in the asymmetric mode. Discussed options for credentials by value and by reference, and security considerations for validating credentials.
• EST OSCore: Updates addressed transporting certificates by reference and the structure of CSR attributes. The absence of the accept option indicates a preference for enrolling a certificate by reference. A resolution was presented on the CSR attributes endpoint.

Decisions and Action Items

• DTLS Profile Authentication Credentials: The working group will hold off on working group last call pending progress of the normative references, specifically the Edhoc OSCore profile and the C509 draft. The authors will coordinate with the chairs to revisit this decision based on the progress of these dependencies.
• EST OSCore: The working group agreed to issue a working group last call.

Next Steps

• Ad Hoc OSCore Profile: Continue iteration on reverse message flow implications and access token handling in different messages. Address corner cases with multiple audiences and client public keys.
• ACE Workflow and Params: Define the processing that happens at the RS when receiving an access token and clarify how to use arcon CNF when the token is issued for a group audience.
• DTLS Profile Authentication Credentials: Coordinate with chairs and AD on the progress of the Edhoc OSCore profile and the C509 draft. Revisit the decision on working group last call.
• EST OSCore: Proceed with working group last call.