Merge pull request #159 from ace-wg/iana-reviews

IANA reviews

draft-ietf-ace-key-groupcomm.md

@@ -39,6 +39,7 @@ author:
 
 normative:
   RFC2119:
+  RFC6690:
   RFC6749:
   RFC6838:
   RFC8126:
@@ -503,20 +504,62 @@ Later on as a group member, the Client can also rely on the interface at the KDC
 
 ## Interface at the KDC {#kdc-if}
 
-The KDC provides its interface by hosting the following resources. Note that the root url-path "/ace-group" used hereafter is a default name; implementations are not required to use this name, and can define their own instead. The Interface Description (if=) Link Target Attribute value "ace.group" is registered in {{if-ace-group}} and can be used to describe this interface.
+The KDC provides its interface by hosting the following resources. Note that the root url-path "ace-group" used hereafter is a default name; implementations are not required to use this name, and can define their own instead.
 
 If request messages sent to the KDC as well as success response messages from the KDC include a payload and specify a Content-Format, those messages MUST have Content-Format set to application/ace-groupcomm+cbor, defined in {{content-type}}. CBOR labels for the message parameters are defined in {{params}}.
 
-* /ace-group : the path of this resource is invariant once the resource is established, and indicates that this specification is used. If other applications run on a KDC implementing this specification and use this same path, those applications will collide, and a mechanism will be needed to differentiate the endpoints.
+* /ace-group : the path of this root resource is invariant once the resource is established, and indicates that this specification is used. If other applications run on a KDC implementing this specification and use this same path, those applications will collide, and a mechanism will be needed to differentiate the endpoints.
 
   A Client can access this resource in order to retrieve a set of group names, each corresponding to one of the specified group identifiers. This operation is described in {{retrieval-gnames}}.
 
   Clients may be authorized to access this resource even without being members of any group at the KDC, and even if they are not authorized to become group members (e.g., when authorized to be external signature verifiers).
 
-* /ace-group/GROUPNAME : one such sub-resource to /ace-group is hosted for each group with name GROUPNAME that the KDC manages, and contains the symmetric group keying material for that group.
+  The Interface Description (if=) Link Target Attribute value "ace.groups" is registered in {{if-ace-group}} and can be used to describe the interface provided by this root resource.
+
+  The example below shows an exchange with a KDC with address 2001:db8::ab that hosts the resource /ace-group and returns a link to such a resource in link-format {{RFC6690}}.
+
+  ~~~~~~~~~~~
+  Request:
+
+  Header: GET (Code=0.01)
+  Uri-Host: "kdc.example.com"
+  Uri-Path: ".well-known"
+  Uri-Path: "core"
+  Uri-Query: "if=ace.groups"
+
+  Response:
+
+  Header: Content (Code=2.05)
+  Content-Format: 40 (application/link-format)
+  Payload:
+    <coap://[2001:db8::ab]/ace-group>;if="ace.groups"
+  ~~~~~~~~~~~
+
+* /ace-group/GROUPNAME : one such sub-resource to /ace-group is hosted for each group with name GROUPNAME that the KDC manages. In particular, it is the group-membership resource associated with that group, of which it contains the symmetric group keying material.
 
   A Client can access this resource in order to join the group with name GROUPNAME, or later as a group member to retrieve the current group keying material. These operations are described in {{ssec-key-distribution-exchange}} and {{ssec-key-material-retrieval}}, respectively.
 
+  The Interface Description (if=) Link Target Attribute value "ace.group" is registered in {{if-ace-group}} and can be used to describe the interface provided by a group-membership resource.
+
+  The example below shows an exchange with a KDC with address 2001:db8::ab that hosts the group-membership resource /ace-group/gp1 and returns a link to such a resource in link-format {{RFC6690}}.
+
+  ~~~~~~~~~~~
+  Request:
+
+  Header: GET (Code=0.01)
+  Uri-Host: "kdc.example.com"
+  Uri-Path: ".well-known"
+  Uri-Path: "core"
+  Uri-Query: "if=ace.group"
+
+  Response:
+
+  Header: Content (Code=2.05)
+  Content-Format: 40 (application/link-format)
+  Payload:
+    <coap://[2001:db8::ab]/ace-group/gp1>;if="ace.group"
+  ~~~~~~~~~~~
+
   If the value of the GROUPNAME URI path and the group name in the access token scope ('gname' in {{ssec-authorization-response}}) are not required to coincide, the KDC MUST implement a mechanism to map the GROUPNAME value in the URI to the group name, in order to refer to the correct group (REQ7).
 
 * /ace-group/GROUPNAME/creds : the path of this resource is invariant once the resource is established. This resource contains the authentication credentials of all the members of the group with name GROUPNAME.
@@ -910,7 +953,7 @@ Note to RFC Editor: In {{ace-groupcomm-profile-0}}, please replace "{{&SELF}}" w
 | Number       |       |          | group members to     |            |
 | Synchroniza- |       |          | synchronize with     |            |
 | tion Method  |       |          | sequence numbers of  |            |
-|              |       |          | of sender group      |            |
+|              |       |          | sender group         |            |
 |              |       |          | members. Its value   |            |
 |              |       |          | is taken from the    |            |
 |              |       |          | 'Value' column of    |            |
@@ -1987,7 +2030,7 @@ Note that the media type application/ace-groupcomm+cbor MUST be used when these
 +-----------------------+------+---------------------+------------+
 | ace_groupcomm_profile | TBD  | int                 | [RFC-XXXX] |
 +-----------------------+------+---------------------+------------+
-| exp                   | TBD  | int                 | [RFC-XXXX] |
+| exp                   | TBD  | uint                | [RFC-XXXX] |
 +-----------------------+------+---------------------+------------+
 | creds                 | TBD  | array               | [RFC-XXXX] |
 +-----------------------+------+---------------------+------------+
@@ -2202,9 +2245,9 @@ This specification registers the 'application/ace-groupcomm+cbor' media type for
 
 IANA is asked to register the following entry to the "CoAP Content-Formats" registry within the "CoRE Parameters" registry group.
 
-Media Type: application/ace-groupcomm+cbor
+Content Type: application/ace-groupcomm+cbor
 
-Encoding: -
+Content Coding: -
 
 ID: TBD
 
@@ -2247,11 +2290,19 @@ Mappings" registry following the procedure specified in {{Section 8.10 of RFC920
 
 IANA is asked to register the following entry in the "Interface Description (if=) Link Target Attribute Values" registry within the "CoRE Parameters" registry group.
 
-* Attribute Value: ace.group
+* Value: ace.groups
 
-* Description: The 'ace group' interface is used to provision keying material and related information and policies to members of a group using the ACE framework.
+* Description: The KDC interface at the parent resource of group-membership resources is used to retrieve names of security groups using the ACE framework.
 
-* Reference: {{&SELF}}
+* Reference: {{kdc-if}} of {{&SELF}}
+
+&nbsp;
+
+* Value: ace.group
+
+* Description: The KDC interface at a group-membership resource is used to provision keying material and related information and policies to members of the corresponding security group using the ACE framework.
+
+* Reference: {{kdc-if}} of {{&SELF}}
 
 ## Custom Problem Detail Keys Registry {#iana-custom-problem-details}