Authentication and Authorization for Constrained Environments (ACE)
- Created
- 2021-07-27
- Last Updated
- 2024-10-25
- Available Formats
-
XML
HTML
Plain text
Registries Included Below
- ACE Authorization Server Request Creation Hints
- OAuth Error Code CBOR Mappings
- OAuth Grant Type CBOR Mappings
- OAuth Access Token Type CBOR Mappings
- ACE Profiles
- OAuth Parameters CBOR Mappings
- OAuth Token Introspection Response CBOR Mappings
- OSCORE Security Context Parameters
- ACE Groupcomm Parameters
- ACE Groupcomm Key Types
- ACE Groupcomm Profiles
- ACE Groupcomm Policies
- Sequence Number Synchronization Methods
- ACE Groupcomm Errors
- ACE Groupcomm Rekeying Schemes
- ACE Token Revocation List Parameters
- ACE Token Revocation List Errors
ACE Authorization Server Request Creation Hints
- Expert(s)
-
Göran Selander, Cigdem Sengul
- Reference
- [RFC9200]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 to -257 | Specification Required |
| -256 to 255 | Standards Action |
| 256 to 65535 | Specification Required |
| greater than 65535 | Expert Review |
| Name | CBOR Key | Value Type | Reference |
|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9200] | |
| AS | 1 | text string | [RFC9200] |
| kid | 2 | byte string | [RFC9200] |
| audience | 5 | text string | [RFC9200] |
| scope | 9 | text or byte string | [RFC9200] |
| cnonce | 39 | byte string | [RFC9200] |
OAuth Error Code CBOR Mappings
- Expert(s)
-
Göran Selander, Cigdem Sengul
- Reference
- [RFC9200]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 or greater | Expert Review |
| Name | CBOR Value | Reference | Original Specification |
|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9200] | |
| invalid_request | 1 | [RFC9200] | [RFC 6749, Section 5.2] |
| invalid_client | 2 | [RFC9200] | [RFC 6749, Section 5.2] |
| invalid_grant | 3 | [RFC9200] | [RFC 6749, Section 5.2] |
| unauthorized_client | 4 | [RFC9200] | [RFC 6749, Section 5.2] |
| unsupported_grant_type | 5 | [RFC9200] | [RFC 6749, Section 5.2] |
| invalid_scope | 6 | [RFC9200] | [RFC 6749, Section 5.2] |
| unsupported_pop_key | 7 | [RFC9200] | [RFC9200] |
| incompatible_ace_profiles | 8 | [RFC9200] | [RFC9200] |
OAuth Grant Type CBOR Mappings
- Expert(s)
-
Göran Selander, Cigdem Sengul
- Reference
- [RFC9200]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 or greater | Expert Review |
| Name | CBOR Value | Reference | Original Specification |
|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9200] | |
| password | 0 | [RFC9200] | [RFC 6749, Section 4.3.2] |
| authorization_code | 1 | [RFC9200] | [RFC 6749, Section 4.1.3] |
| client_credentials | 2 | [RFC9200] | [RFC 6749, Section 4.4.2] |
| refresh_token | 3 | [RFC9200] | [RFC 6749, Section 6] |
OAuth Access Token Type CBOR Mappings
- Expert(s)
-
Göran Selander, Cigdem Sengul
- Reference
- [RFC9200]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 or greater | Expert Review |
| Name | CBOR Value | Reference | Original Specification |
|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9200] | |
| Bearer | 1 | [RFC9200] | [RFC6749] |
| PoP | 2 | [RFC9200] | [RFC9200] |
ACE Profiles
- Expert(s)
-
Göran Selander, Cigdem Sengul
- Reference
- [RFC9200]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 to -257 | Specification Required |
| -256 to 255 | Standards Action |
| 256 to 65535 | Specification Required |
| greater than 65535 | Expert Review |
| Name | Description | CBOR Value | Reference |
|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9200] | |
| coap_dtls | Profile for delegating client Authentication and Authorization for Constrained Environments by establishing a Datagram Transport Layer Security (DTLS) or Transport Layer Security (TLS) channel between resource-constrained nodes. | 1 | [RFC9202][RFC9430] |
| coap_oscore | Profile for using OSCORE to secure communication between constrained nodes using the Authentication and Authorization for Constrained Environments framework. | 2 | [RFC9203] |
| mqtt_tls | Profile for delegating Client authentication and authorization using MQTT for the Client and Broker (RS) interactions and HTTP for the AS interactions. TLS is used for confidentiality and integrity protection and server authentication. Client authentication can be provided either via TLS or using in-band PoP validation at the MQTT application layer. | 3 | [RFC9431] |
OAuth Parameters CBOR Mappings
- Expert(s)
-
Göran Selander, Cigdem Sengul
- Reference
- [RFC9200]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 or greater | Expert Review |
| Name | CBOR Key | Value Type | Reference | Original Specification |
|---|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9200] | ||
| access_token | 1 | byte string | [RFC9200] | [RFC6749] |
| expires_in | 2 | unsigned integer | [RFC9200] | [RFC6749] |
| req_cnf | 4 | map | [RFC9201, Section 3.1] | [RFC9201] |
| audience | 5 | text string | [RFC9200] | [RFC8693] |
| cnf | 8 | map | [RFC9201, Section 3.2] | [RFC9201] |
| scope | 9 | text or byte string | [RFC9200] | [RFC6749] |
| client_id | 24 | text string | [RFC9200] | [RFC6749] |
| client_secret | 25 | byte string | [RFC9200] | [RFC6749] |
| response_type | 26 | text string | [RFC9200] | [RFC6749] |
| redirect_uri | 27 | text string | [RFC9200] | [RFC6749] |
| state | 28 | text string | [RFC9200] | [RFC6749] |
| code | 29 | byte string | [RFC9200] | [RFC6749] |
| error | 30 | integer | [RFC9200] | [RFC6749] |
| error_description | 31 | text string | [RFC9200] | [RFC6749] |
| error_uri | 32 | text string | [RFC9200] | [RFC6749] |
| grant_type | 33 | unsigned integer | [RFC9200] | [RFC6749] |
| token_type | 34 | integer | [RFC9200] | [RFC6749] |
| username | 35 | text string | [RFC9200] | [RFC6749] |
| password | 36 | text string | [RFC9200] | [RFC6749] |
| refresh_token | 37 | byte string | [RFC9200] | [RFC6749] |
| ace_profile | 38 | integer | [RFC9200] | [RFC9200] |
| cnonce | 39 | byte string | [RFC9200] | [RFC9200] |
| nonce1 | 40 | bstr | [RFC9203] | |
| rs_cnf | 41 | map | [RFC9201, Section 3.2] | [RFC9201] |
| nonce2 | 42 | bstr | [RFC9203] | |
| ace_client_recipientid | 43 | bstr | [RFC9203] | |
| ace_server_recipientid | 44 | bstr | [RFC9203] | |
| sign_info | 45 | Null or array | [RFC9594] | |
| kdcchallenge | 46 | byte string | [RFC9594] |
OAuth Token Introspection Response CBOR Mappings
- Expert(s)
-
Göran Selander, Cigdem Sengul
- Reference
- [RFC9200]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 or greater | Expert Review |
| Name | CBOR Key | Value Type | Reference | Original Specification |
|---|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9200] | ||
| iss | 1 | text string | [RFC9200] | [RFC7662] |
| sub | 2 | text string | [RFC9200] | [RFC7662] |
| aud | 3 | text string | [RFC9200] | [RFC7662] |
| exp | 4 | integer or floating-point number | [RFC9200] | [RFC7662] |
| nbf | 5 | integer or floating-point number | [RFC9200] | [RFC7662] |
| iat | 6 | integer or floating-point number | [RFC9200] | [RFC7662] |
| cti | 7 | byte string | [RFC9200] | [RFC9200] |
| cnf | 8 | map | [RFC9201, Section 4] | [RFC8705] |
| scope | 9 | text or byte string | [RFC9200] | [RFC7662] |
| active | 10 | True or False | [RFC9200] | [RFC7662] |
| token | 11 | byte string | [RFC9200] | [RFC7662] |
| client_id | 24 | text string | [RFC9200] | [RFC7662] |
| error | 30 | integer | [RFC9200] | [RFC7662] |
| error_description | 31 | text string | [RFC9200] | [RFC7662] |
| error_uri | 32 | text string | [RFC9200] | [RFC7662] |
| token_type_hint | 33 | text string | [RFC9200] | [RFC7662] |
| token_type | 34 | integer | [RFC9200] | [RFC7662] |
| username | 35 | text string | [RFC9200] | [RFC7662] |
| ace_profile | 38 | integer | [RFC9200] | [RFC9200] |
| cnonce | 39 | byte string | [RFC9200] | [RFC9200] |
| exi | 40 | unsigned integer | [RFC9200] | [RFC9200] |
OSCORE Security Context Parameters
- Expert(s)
-
Göran Selander, Cigdem Sengul
- Reference
- [RFC9203]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 to -257 | Specification Required |
| -256 to 255 | Standards Action With Expert Review |
| 256 to 65535 | Specification Required |
| greater than 65535 | Expert Review |
| Strings of length 1 | Standards Action With Expert Review |
| Strings of length 2 | Specification Required |
| Strings of length greater than 2 | Expert Review |
| Name | CBOR Label | CBOR Type | Registry | Description | Reference |
|---|---|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9203] | |||
| id | 0 | byte string | OSCORE Input Material Identifier | [RFC9203] | |
| version | 1 | unsigned integer | OSCORE Version | [RFC9203] | |
| ms | 2 | byte string | OSCORE Master Secret value | [RFC9203] | |
| hkdf | 3 | text string / integer | [COSE Algorithms] Values (HMAC-based) | OSCORE HKDF value | [RFC9203] |
| alg | 4 | text string / integer | [COSE Algorithms] Values (AEAD) | OSCORE AEAD Algorithm value | [RFC9203] |
| salt | 5 | byte string | an input to OSCORE Master Salt value | [RFC9203] | |
| contextId | 6 | byte string | OSCORE ID Context value | [RFC9203] |
ACE Groupcomm Parameters
- Expert(s)
-
Francesca Palombini, Marco Tiloca, Rikard Höglund
- Reference
- [RFC9594]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 to -257 | Specification Required |
| -256 to 255 | Standards Action With Expert Review |
| 256 to 65535 | Specification Required |
| greater than 65535 | Expert Review |
| Strings of length 1 | Standards Action With Expert Review |
| Strings of length 2 | Specification Required |
| Strings of length greater than 2 | Expert Review |
| Name | CBOR Key | CBOR Type | Reference |
|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9594] | |
| gid | 0 | array | [RFC9594] |
| gname | 1 | array of tstr | [RFC9594] |
| guri | 2 | array of tstr | [RFC9594] |
| scope | 3 | bstr | [RFC9594] |
| get_creds | 4 | Null or array | [RFC9594] |
| client_cred | 5 | bstr | [RFC9594] |
| cnonce | 6 | bstr | [RFC9594] |
| gkty | 7 | int or tstr | [RFC9594] |
| key | 8 | See the [ACE Groupcomm Key Types] registry | [RFC9594] |
| num | 9 | int | [RFC9594] |
| ace_groupcomm_profile | 10 | int | [RFC9594] |
| exp | 11 | uint | [RFC9594] |
| exi | 12 | uint | [RFC9594] |
| creds | 13 | array | [RFC9594] |
| peer_roles | 14 | array | [RFC9594] |
| peer_identifiers | 15 | array | [RFC9594] |
| group_policies | 16 | map | [RFC9594] |
| kdc_cred | 17 | bstr | [RFC9594] |
| kdc_nonce | 18 | bstr | [RFC9594] |
| kdc_cred_verify | 19 | bstr | [RFC9594] |
| rekeying_scheme | 20 | int | [RFC9594] |
| client_cred_verify | 24 | bstr | [RFC9594] |
| creds_repo | 25 | tstr | [RFC9594] |
| control_uri | 26 | tstr | [RFC9594] |
| mgt_key_material | 27 | bstr | [RFC9594] |
| control_group_uri | 28 | tstr | [RFC9594] |
| sign_info | 29 | Null or array | [RFC9594] |
| kdcchallenge | 30 | bstr | [RFC9594] |
ACE Groupcomm Key Types
- Expert(s)
-
Francesca Palombini, Marco Tiloca, Rikard Höglund
- Reference
- [RFC9594]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 to -257 | Specification Required |
| -256 to 255 | Standards Action With Expert Review |
| 256 to 65535 | Specification Required |
| greater than 65535 | Expert Review |
| Strings of length 1 | Standards Action With Expert Review |
| Strings of length 2 | Specification Required |
| Strings of length greater than 2 | Expert Review |
| Name | Key Type Value | Profile | Description | Reference |
|---|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9594] | ||
| Reserved | 0 | This value is reserved | [RFC9594] |
ACE Groupcomm Profiles
- Expert(s)
-
Francesca Palombini, Marco Tiloca, Rikard Höglund
- Reference
- [RFC9594]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 to -257 | Specification Required |
| -256 to 255 | Standards Action With Expert Review |
| 256 to 65535 | Specification Required |
| greater than 65535 | Expert Review |
| Name | Description | CBOR Value | Reference |
|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9594] | |
| Reserved | This value is reserved | 0 | [RFC9594] |
ACE Groupcomm Policies
- Expert(s)
-
Francesca Palombini, Marco Tiloca, Rikard Höglund
- Reference
- [RFC9594]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 to -257 | Specification Required |
| -256 to 255 | Standards Action With Expert Review |
| 256 to 65535 | Specification Required |
| greater than 65535 | Expert Review |
| Strings of length 1 | Standards Action With Expert Review |
| Strings of length 2 | Specification Required |
| Strings of length greater than 2 | Expert Review |
| Name | CBOR Label | CBOR Type | Description | Reference |
|---|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9594] | ||
| Sequence Number Synchronization Method | 0 | int or tstr | Method for recipient group members to synchronize with sequence numbers of sender group members. Its value is taken from the "Value" column of the "Sequence Number Synchronization Method" registry | [RFC9594] |
| Key Update Check Interval | 1 | int | Polling interval in seconds, for group members to check at the KDC if the latest group keying material is the one that they store | [RFC9594] |
| Expiration Delta | 2 | uint | Number of seconds from 'exp' until a UTC date/time, after which group members MUST stop using the group keying material that they store to decrypt incoming messages | [RFC9594] |
Sequence Number Synchronization Methods
- Expert(s)
-
Francesca Palombini, Marco Tiloca, Rikard Höglund
- Reference
- [RFC9594]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 to -257 | Specification Required |
| -256 to 255 | Standards Action With Expert Review |
| 256 to 65535 | Specification Required |
| greater than 65535 | Expert Review |
| Strings of length 1 | Standards Action With Expert Review |
| Strings of length 2 | Specification Required |
| Strings of length greater than 2 | Expert Review |
| Name | Value | Description | Reference |
|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9594] |
ACE Groupcomm Errors
- Expert(s)
-
Francesca Palombini, Marco Tiloca, Rikard Höglund
- Reference
- [RFC9594]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 to -257 | Specification Required |
| -256 to 255 | Standards Action With Expert Review |
| 256 to 65535 | Specification Required |
| greater than 65535 | Expert Review |
| Value | Description | Reference |
|---|---|---|
| less than -65536 | Reserved for Private Use | [RFC9594] |
| 0 | Operation permitted only to group members | [RFC9594] |
| 1 | Request inconsistent with the current roles | [RFC9594] |
| 2 | Authentication credential incompatible with the group configuration | [RFC9594] |
| 3 | Invalid proof-of-possession evidence | [RFC9594] |
| 4 | No available individual keying material | [RFC9594] |
| 5 | Group membership terminated | [RFC9594] |
| 6 | Group deleted | [RFC9594] |
ACE Groupcomm Rekeying Schemes
- Expert(s)
-
Francesca Palombini, Marco Tiloca, Rikard Höglund
- Reference
- [RFC9594]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 to -257 | Specification Required |
| -256 to 255 | Standards Action With Expert Review |
| 256 to 65535 | Specification Required |
| greater than 65535 | Expert Review |
| Value | Name | Description | Reference |
|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9594] | |
| 0 | Point-to-Point | The KDC individually targets each node to rekey, using the pairwise secure communication association with that node | [RFC9594] |
ACE Token Revocation List Parameters
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-ace-revoked-token-notification-09]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 to -257 | Specification Required |
| -256 to 255 | Standards Action With Expert Review |
| 256 to 65535 | Specification Required |
| greater than 65535 | Expert Review |
| Name | CBOR Key | CBOR Type | Reference |
|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC-ietf-ace-revoked-token-notification-09] | |
| Unassigned | -65536..-1 | ||
| full_set | 0 | array | [RFC-ietf-ace-revoked-token-notification-09] |
| diff_set | 1 | array | [RFC-ietf-ace-revoked-token-notification-09] |
| cursor | 2 | Null or unsigned integer | [RFC-ietf-ace-revoked-token-notification-09] |
| more | 3 | True or False | [RFC-ietf-ace-revoked-token-notification-09] |
ACE Token Revocation List Errors
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-ace-revoked-token-notification-09]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 to -257 | Specification Required |
| -256 to 255 | Standards Action With Expert Review |
| 256 to 65535 | Specification Required |
| greater than 65535 | Expert Review |
| Value | Description | Reference |
|---|---|---|
| less than -65536 | Reserved for Private Use | [RFC-ietf-ace-revoked-token-notification-09] |
| -65536..-1 | Unassigned | |
| 0 | Invalid parameter value | [RFC-ietf-ace-revoked-token-notification-09] |
| 1 | Invalid set of parameters | [RFC-ietf-ace-revoked-token-notification-09] |
| 2 | Out of bound cursor value | [RFC-ietf-ace-revoked-token-notification-09] |