LudwigSeitz
commented
7 years ago Wouldn't that be the information in section 5.5.4.5 of the ACE draft?
Closed obgm closed 6 years ago
LudwigSeitz
commented
7 years ago Wouldn't that be the information in section 5.5.4.5 of the ACE draft?
obgm
commented
6 years ago I think this now is sufficiently handled in the framework draft.
Add a description of the access token generation by AS and processing by RS.
Rationale: The key point of this profile is to cryptographically bind a DTLS session to an access token. This token is created by the authorization server in a way that ensures that the DTLS handshake succeeds only for C (having this token) and RS. This can be achieved by transferring an encrypted session key or including sufficient information in the access token for RS to derive a key (which would be the preferred solution). See DCAF Section 4.1 and DCAF Section 6 how to do this.