The Object Security for Constrained RESTful Environments Profile of the Authentication and Authorization for Constrained Environments Framework
RFC 9203, “The Object Security for Constrained RESTful Environments Profile of the Authentication and Authorization for Constrained Environments Framework”, is a Proposed Standard document published in August 2022 by F. Palombini, L. Seitz, G. Selander, M. Gunnarsson. The canonical text is published by the RFC Editor.
Abstract
This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework. It utilizes Object Security for Constrained RESTful Environments (OSCORE) to provide communication security and proof-of-possession for a key owned by the client and bound to an OAuth 2.0 access token.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9203 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9202 Datagram Transport Layer Security Profile for Authentication and Authorization for Constrained Environments
- RFC 9204 QPACK: Field Compression for HTTP/3
- RFC 9201 Additional OAuth Parameters for Authentication and Authorization for Constrained Environments
- RFC 9205 Building Protocols with HTTP
- RFC 9200 Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework
- RFC 9206 Commercial National Security Algorithm Suite Cryptography for Internet Protocol Security
- RFC 9199 Considerations for Large Authoritative DNS Server Operators
- RFC 9207 OAuth 2.0 Authorization Server Issuer Identification