An Authorization Information Format for Authentication and Authorization for Constrained Environments
RFC 9237, “An Authorization Information Format for Authentication and Authorization for Constrained Environments”, is a Proposed Standard document published in August 2022 by C. Bormann. The canonical text is published by the RFC Editor.
Abstract
Information about which entities are authorized to perform what operations on which constituents of other entities is a crucial component of producing an overall system that is secure. Conveying precise authorization information is especially critical in highly automated systems with large numbers of entities, such as the Internet of Things.
This specification provides a generic information model and format for representing such authorization information, as well as two variants of a specific instantiation of that format for use with Representational State Transfer (REST) resources identified by URI path.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9237 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9236 Architectural Considerations of Information-Centric Networking Using a Name Resolution Service
- RFC 9238 Loading Manufacturer Usage Description URLs from QR Codes
- RFC 9235 TCP Authentication Option Test Vectors
- RFC 9239 Updates to ECMAScript Media Types
- RFC 9234 Route Leak Prevention and Detection Using Roles in UPDATE and OPEN Messages
- RFC 9240 An Extension for Application-Layer Traffic Optimization : Entity Property Maps
- RFC 9233 Internationalized Domain Names for Applications 2008 and Unicode 12.0.0
- RFC 9241 Content Delivery Network Interconnection Footprint and Capabilities Advertisement Using Application-Layer Traffic Optimization