Automatic IETF Minutes

Markdown Version | Session Recording

Session Date/Time: 10 Nov 2023 14:30

# ace

## Summary

The ACE working group meeting covered updates on several drafts, including Popsup, OSCAR, EST over OSCAR, and Group Management. Discussions focused on technical details, open issues, and next steps for each draft.  A presentation on distributed authorization capabilities was given, leading to a discussion on potential overlap with existing ACE work.  The group also addressed pending adoption calls from the previous meeting.

## Key Discussion Points

*   **Popsup Profile:** Sigm provided updates on the Popsup profile, highlighting changes related to keygroupcom requirements and options.  The authorization flow has been completed and work remains on discovery of the KDC and support for group policies.
*   **OSCAR Profile:** Karen presented updates on the OSCAR profile. A key point of discussion was the transport of access tokens, specifically whether to remove the option of transporting them unprotected in EAD1.  Marco noted that the alternative workflow for uploading the initial access token via GAS warrants keeping the option of plaintext upload.
*   **EST over OSCAR:** Molly updated the group on the EST over OSCAR draft, addressing issues raised by John Mattsson's review. Discussion centered on normative requirements for content format support (ASN.1 and CBOR) and explicit mention of CBOR-encoded objects in payload formats.
*   **Group Management:** Marco provided updates on the JemaHi group management document, highlighting editorial improvements and clarifications regarding group configuration.  The document is considered ready for working group last call.
*   **Workflows and Parameters:** Marco presented an update on the "workflows and parameters" draft, focusing on new parameters for supporting multiple authentication credentials of resource servers. The alternative workflow where the AS uploads the token on behalf of the client was also discussed.
*   **Distributed Auth Caps:** Gencio presented distributed auth caps, leading to a discussion about how it might be implemented and if it overlaps in intent with ACE protocols.
*   **Adoption Call for Group OSCORE:** Goran inquired about the status of the adoption call for the Group OSCORE profile draft, which was agreed upon in the last meeting.

## Decisions and Action Items

*   **OSCAR Profile:** Remove transport of tokens in EAD1
*   **EST over OSCAR:**
    *   Add exception text for the "should" statement regarding server-side support for both ASN.1 and CBOR formats. Also, need to verify that the `/search` endpoint supports different client vs. server content types. Action item assigned to Molly and team.
    *   Marco will investigate and resolve the issue related to missing media type registrations for PKCS#10 and PKCS#8 for CBOR encoding.
    *   Address the issue regarding RFC 9148 by adding a security consideration in the EST over OSCAR draft.
*   **Group Management:** Ryan to look into the issue with the GitHub repo where the HTML editor's copy is not deployed.

## Next Steps

*   **Popsup Profile:** Prepare the next version of the draft, addressing the remaining requirements related to KDC discovery and group policies.
*   **OSCAR Profile:** Address the feedback on access token transport and consider the use of application profiles for compression.
*   **EST over OSCAR:** Resolve the open issues discussed during the meeting and prepare for another round of reviews before working group last call.
*   **Group Management:** The chairs will schedule a working group last call for the JemaHi group management document.
*   **Workflows and Parameters:** Incorporate the comments discussed and update the document.
*   **Distributed Auth Caps:** Gencio to continue the discussion on the mailing list with the ACE working group to identify areas of potential collaboration and feedback on his work.
*   The ACE chairs will review the list of remaining items from the last meeting and schedule call for adoption for any outstanding drafts.