ace-wg / pubsub-profile

Other
0 stars 0 forks source link

Rewording suggestions #12

Closed ciseng closed 1 year ago

ciseng commented 2 years ago

[Marco Review]

[Cigdem]

"... it describes the use of application layer security to protect

the content of the pub-sub client message exchange through the broker."

ciseng commented 2 years ago

[Marco Review] While it is mentioned later in Section 1, I think that the abstract should already mention that this profile covers both CoAP and MQTT.

[Cigdem] - added The profile covers pub-sub scenarios using either the Constrained Application Protocol (CoAP) {{I-D.ietf-core-coap-pubsub}} or the Message Queue Telemetry Transport (MQTT) {{MQTT-OASIS-Standard-v5}} protocol.

ciseng commented 2 years ago

[Marco Review] "This document defines a way to authorize pub-sub clients using the ACE framework ...".

 Please, clarify what they are authorized to do. Conceptually, it

should be about joining a security group that uses certain key material and is associated to one or more topics (application groups). Practically, this should mean being authorized to getting access to the broker and to obtaining the key material for protecting the topic content exchanged through the broker.

[Cigdem: Reworded as This document defines a way to authorize pub-sub clients using the ACE framework {{I-D.ietf-ace-oauth-authz}} to obtain the keys for protecting the content of their pub-sub messages when communicating through the broker.]

ciseng commented 2 years ago

[Marco Review] I suggest to expand as follows: Note that both publishers and subscribers use the same pub-sub communication protocol and the same transport profile of ACE in their interaction with the broker. The same profile of ACE is also used in the interaction with the KDC

[Cigdem] Yes, except the KDC bit. For the KDC regardless of MQTT or CoAP, the CoAP profile is used as it is what is supported by the KDC. (KDC doesn't speak MQTT like the MQTT broker, which is the resource server)

Added: Note that both publishers and subscribers use the same pub-sub communication protocol and the same transport profile of ACE in their interaction with the broker. However, all clients need to use CoAP when communicating to the KDC.

ciseng commented 2 years ago

[Marco Review] Caption of Figure 1: s/Authorization Servers/Authorization Server

[Cigdem] Done. Added Key Distribution Center instead.

ciseng commented 2 years ago

[Marco Review]

"... so that RS can authorize the Clients ..."

Well, the AS is the one authorizing the Clients. I think you mean "... so that RS can assert the Clients to be authorized ..."

[Cigdem] - changed to: so that RS can verify that the Clients are authorized

ciseng commented 2 years ago

[Cigdem] - Added after the suggested location: The Broker acts as the ACE RS, and also corresponds to the Dispatcher in {{I-D.ietf-ace-key-groupcomm}}).

ciseng commented 2 years ago

[Marco -Review]

ciseng commented 2 years ago

[Marco Review] Consistently with the first paragraph, the section title can be "Authorising to the KDC and the Broker".

[Cigdem] Done

ciseng commented 2 years ago

[Marco Review]

ciseng commented 2 years ago

[Marco Review] Section 3.2

[Cigdem - Done]

ciseng commented 2 years ago

[Marco Review]

[Section 4.1]

[CS: Will revise those parts more carefully]

[CS fixed to - format of public keys]

ciseng commented 2 years ago

[CS: Yes, the language used is weird, what is meant is the KDC verifies the token]

[CS: Changed to: The KDC verifies the token to check of the Client is authorized to access the topic ]

ciseng commented 2 years ago

[Marco Review] [Section 4.2]

[Cigdem: Done]

ciseng commented 2 years ago

[Marco Review] [Section 4.2]

[Cigdem: Fixed]

ciseng commented 2 years ago

[Marco Review] [Section 4.2]

[Cigdem - Fixed to:] 'scope' parameter set to the specific group that the Client is attempting to join, i.e., the group name, and the roles it wishes to have in the group. This value corresponds to one scope entry, as defined in {{auth-request}}.

ciseng commented 2 years ago

[Marco Review]

[CS: fixed]

ciseng commented 2 years ago

[CS: Done]

ciseng commented 2 years ago

[CS: It seems it is in 4.3.1 now]

ciseng commented 2 years ago

[CS: Fixed]

ciseng commented 2 years ago

[CS: Fixed to AS]

ciseng commented 2 years ago

[CS: yes, changed to publishers]

ciseng commented 2 years ago

[CS: Done]

ciseng commented 2 years ago

[CS: Done]

ciseng commented 2 years ago

[Section 5.1]

[CS: Done]

ciseng commented 2 years ago

[Revised as: MUST contain the kid parameter if it was provided in the Joining Response

ciseng commented 2 years ago

"For implementation simplicity, it is RECOMMENDED that the ACE transport profile used and this specification use the same format of "scope".

Is this actually meaningful and enforceable?

The format of scope is related to the application that the Client

and the RS want to run. In fact, these application profiles for group communication are defining formats to use for scope, in Tokens used to access resources related to such applications.

In other words, I think the format of scope is orthogonal to the

used transport profile, that basically does not care (and should not). I also can't find anything suggesting otherwise in the ACE framework [7] or in the DTLS and OSCORE profiles.

Unless I'm missing something, it's probably just fine to remove the

sentence.

[7]

https://datatracker.ietf.org/doc/html/draft-ietf-ace-oauth-authz-45#appendix-C

[CS: I think this was triggered by MQTT-TLS Profile providing a scope format to be used in access tokens, and it would be useful the scope format is used towards KDC. But, it may not be necessary at the end. Removed]

ciseng commented 2 years ago

[Marco Review] Section 7 "... by the same entity having control of the topic, i.e. KDC."

Perhaps here you mean "... by the same entity having control of the

key material for that topic, i.e. KDC."

[CS: Yes]

ciseng commented 2 years ago

Section 8.2]

[CS: Yes]

ciseng commented 2 years ago

== Nits ==

[Section 3.2]

s/data model is described/data model described

[Section 4.2]

s/singature/signature

[Section 6.2] s/To be able join/To be able to join

Appendix A]

s/Specity/Specify

s/tranport/transport