Authentication and Authorization for Constrained Environments (ACE)
- Created
- 2021-07-27
- Last Updated
- 2023-03-21
- Available Formats
-
XML
HTML
Plain text
Registries included below
- ACE Authorization Server Request Creation Hints
- OAuth Error Code CBOR Mappings
- OAuth Grant Type CBOR Mappings
- OAuth Access Token Type CBOR Mappings
- ACE Profiles
- OAuth Parameters CBOR Mappings
- OAuth Token Introspection Response CBOR Mappings
- OSCORE Security Context Parameters
ACE Authorization Server Request Creation Hints
- Expert(s)
-
Göran Selander, Cigdem Sengul
- Reference
- [RFC9200]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 to -257 | Specification Required |
| -256 to 255 | Standards Action |
| 256 to 65535 | Specification Required |
| greater than 65535 | Expert Review |
| Name | CBOR Key | Value Type | Reference |
|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9200] | |
| AS | 1 | text string | [RFC9200] |
| kid | 2 | byte string | [RFC9200] |
| audience | 5 | text string | [RFC9200] |
| scope | 9 | text or byte string | [RFC9200] |
| cnonce | 39 | byte string | [RFC9200] |
OAuth Error Code CBOR Mappings
- Expert(s)
-
Göran Selander, Cigdem Sengul
- Reference
- [RFC9200]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 or greater | Expert Review |
| Name | CBOR Value | Reference | Original Specification |
|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9200] | |
| invalid_request | 1 | [RFC9200] | [RFC 6749, Section 5.2] |
| invalid_client | 2 | [RFC9200] | [RFC 6749, Section 5.2] |
| invalid_grant | 3 | [RFC9200] | [RFC 6749, Section 5.2] |
| unauthorized_client | 4 | [RFC9200] | [RFC 6749, Section 5.2] |
| unsupported_grant_type | 5 | [RFC9200] | [RFC 6749, Section 5.2] |
| invalid_scope | 6 | [RFC9200] | [RFC 6749, Section 5.2] |
| unsupported_pop_key | 7 | [RFC9200] | [RFC9200] |
| incompatible_ace_profiles | 8 | [RFC9200] | [RFC9200] |
OAuth Grant Type CBOR Mappings
- Expert(s)
-
Göran Selander, Cigdem Sengul
- Reference
- [RFC9200]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 or greater | Expert Review |
| Name | CBOR Value | Reference | Original Specification |
|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9200] | |
| password | 0 | [RFC9200] | [RFC 6749, Section 4.3.2] |
| authorization_code | 1 | [RFC9200] | [RFC 6749, Section 4.1.3] |
| client_credentials | 2 | [RFC9200] | [RFC 6749, Section 4.4.2] |
| refresh_token | 3 | [RFC9200] | [RFC 6749, Section 6] |
OAuth Access Token Type CBOR Mappings
- Expert(s)
-
Göran Selander, Cigdem Sengul
- Reference
- [RFC9200]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 or greater | Expert Review |
| Name | CBOR Value | Reference | Original Specification |
|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9200] | |
| Bearer | 1 | [RFC9200] | [RFC6749] |
| PoP | 2 | [RFC9200] | [RFC9200] |
ACE Profiles
- Expert(s)
-
Göran Selander, Cigdem Sengul
- Reference
- [RFC9200]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 to -257 | Specification Required |
| -256 to 255 | Standards Action |
| 256 to 65535 | Specification Required |
| greater than 65535 | Expert Review |
| Name | Description | CBOR Value | Reference |
|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9200] | |
| coap_dtls | Profile for delegating client Authentication and Authorization for Constrained Environments by establishing a Datagram Transport Layer Security (DTLS) or Transport Layer Security (TLS) channel between resource-constrained nodes. | 1 | [RFC9202][RFC-ietf-ace-extend-dtls-authorize-07] |
| coap_oscore | Profile for using OSCORE to secure communication between constrained nodes using the Authentication and Authorization for Constrained Environments framework. | 2 | [RFC9203] |
| mqtt_tls | Profile for delegating Client authentication and authorization using MQTT for the Client and Broker (RS) interactions, and HTTP for the AS interactions. TLS is used for confidentiality and integrity protection and server authentication. Client authentication can be provided either via TLS or using in-band PoP validation at the MQTT application layer. | 3 | [RFC-ietf-ace-mqtt-tls-profile-17] |
OAuth Parameters CBOR Mappings
- Expert(s)
-
Göran Selander, Cigdem Sengul
- Reference
- [RFC9200]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 or greater | Expert Review |
| Name | CBOR Key | Value Type | Reference | Original Specification |
|---|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9200] | ||
| access_token | 1 | byte string | [RFC9200] | [RFC6749] |
| expires_in | 2 | unsigned integer | [RFC9200] | [RFC6749] |
| req_cnf | 4 | map | [RFC9201, Section 3.1] | [RFC9201] |
| audience | 5 | text string | [RFC9200] | [RFC8693] |
| cnf | 8 | map | [RFC9201, Section 3.2] | [RFC9201] |
| scope | 9 | text or byte string | [RFC9200] | [RFC6749] |
| client_id | 24 | text string | [RFC9200] | [RFC6749] |
| client_secret | 25 | byte string | [RFC9200] | [RFC6749] |
| response_type | 26 | text string | [RFC9200] | [RFC6749] |
| redirect_uri | 27 | text string | [RFC9200] | [RFC6749] |
| state | 28 | text string | [RFC9200] | [RFC6749] |
| code | 29 | byte string | [RFC9200] | [RFC6749] |
| error | 30 | integer | [RFC9200] | [RFC6749] |
| error_description | 31 | text string | [RFC9200] | [RFC6749] |
| error_uri | 32 | text string | [RFC9200] | [RFC6749] |
| grant_type | 33 | unsigned integer | [RFC9200] | [RFC6749] |
| token_type | 34 | integer | [RFC9200] | [RFC6749] |
| username | 35 | text string | [RFC9200] | [RFC6749] |
| password | 36 | text string | [RFC9200] | [RFC6749] |
| refresh_token | 37 | byte string | [RFC9200] | [RFC6749] |
| ace_profile | 38 | integer | [RFC9200] | [RFC9200] |
| cnonce | 39 | byte string | [RFC9200] | [RFC9200] |
| nonce1 | 40 | bstr | [RFC9203] | |
| rs_cnf | 41 | map | [RFC9201, Section 3.2] | [RFC9201] |
| nonce2 | 42 | bstr | [RFC9203] | |
| ace_client_recipientid | 43 | bstr | [RFC9203] | |
| ace_server_recipientid | 44 | bstr | [RFC9203] |
OAuth Token Introspection Response CBOR Mappings
- Expert(s)
-
Göran Selander, Cigdem Sengul
- Reference
- [RFC9200]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 or greater | Expert Review |
| Name | CBOR Key | Value Type | Reference | Original Specification |
|---|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9200] | ||
| iss | 1 | text string | [RFC9200] | [RFC7662] |
| sub | 2 | text string | [RFC9200] | [RFC7662] |
| aud | 3 | text string | [RFC9200] | [RFC7662] |
| exp | 4 | integer or floating-point number | [RFC9200] | [RFC7662] |
| nbf | 5 | integer or floating-point number | [RFC9200] | [RFC7662] |
| iat | 6 | integer or floating-point number | [RFC9200] | [RFC7662] |
| cti | 7 | byte string | [RFC9200] | [RFC9200] |
| cnf | 8 | map | [RFC9201, Section 4] | [RFC8705] |
| scope | 9 | text or byte string | [RFC9200] | [RFC7662] |
| active | 10 | True or False | [RFC9200] | [RFC7662] |
| token | 11 | byte string | [RFC9200] | [RFC7662] |
| client_id | 24 | text string | [RFC9200] | [RFC7662] |
| error | 30 | integer | [RFC9200] | [RFC7662] |
| error_description | 31 | text string | [RFC9200] | [RFC7662] |
| error_uri | 32 | text string | [RFC9200] | [RFC7662] |
| token_type_hint | 33 | text string | [RFC9200] | [RFC7662] |
| token_type | 34 | integer | [RFC9200] | [RFC7662] |
| username | 35 | text string | [RFC9200] | [RFC7662] |
| ace_profile | 38 | integer | [RFC9200] | [RFC9200] |
| cnonce | 39 | byte string | [RFC9200] | [RFC9200] |
| exi | 40 | unsigned integer | [RFC9200] | [RFC9200] |
OSCORE Security Context Parameters
- Expert(s)
-
Göran Selander, Cigdem Sengul
- Reference
- [RFC9203]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| less than -65536 | Private Use |
| -65536 to -257 | Specification Required |
| -256 to 255 | Standards Action With Expert Review |
| 256 to 65535 | Specification Required |
| greater than 65535 | Expert Review |
| Strings of length 1 | Standards Action With Expert Review |
| Strings of length 2 | Specification Required |
| Strings of length greater than 2 | Expert Review |
| Name | CBOR Label | CBOR Type | Registry | Description | Reference |
|---|---|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9203] | |||
| id | 0 | byte string | OSCORE Input Material Identifier | [RFC9203] | |
| version | 1 | unsigned integer | OSCORE Version | [RFC9203] | |
| ms | 2 | byte string | OSCORE Master Secret value | [RFC9203] | |
| hkdf | 3 | text string / integer | [COSE Algorithms] Values (HMAC-based) | OSCORE HKDF value | [RFC9203] |
| alg | 4 | text string / integer | [COSE Algorithms] Values (AEAD) | OSCORE AEAD Algorithm value | [RFC9203] |
| salt | 5 | byte string | an input to OSCORE Master Salt value | [RFC9203] | |
| contextId | 6 | byte string | OSCORE ID Context value | [RFC9203] |