<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.3.8) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-ace-authcred-dtls-profile-04" category="std" consensus="true" submissionType="IETF" updates="9202" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="Authentication Credentials DTLS profile">Additional Formats of Authentication Credentials for the Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE)</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-ace-authcred-dtls-profile-04"/>
    <author initials="M." surname="Tiloca" fullname="Marco Tiloca">
      <organization>RISE AB</organization>
      <address>
        <postal>
          <street>Isafjordsgatan 22</street>
          <city>Kista</city>
          <code>164 40</code>
          <country>Sweden</country>
        </postal>
        <email>marco.tiloca@ri.se</email>
      </address>
    </author>
    <author initials="J" surname="Preuß Mattsson" fullname="John Preuß Mattsson">
      <organization>Ericsson AB</organization>
      <address>
        <postal>
          <city>Stockholm</city>
          <code>164 80</code>
          <country>Sweden</country>
        </postal>
        <email>john.mattsson@ericsson.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>Security</area>
    <workgroup>ACE Working Group</workgroup>
    <keyword>Internet-Draft</keyword>
    <abstract>
      <?line 83?>

<t>This document updates the Datagram Transport Layer Security (DTLS) profile for Authentication and Authorization for Constrained Environments (ACE). In particular, it specifies the use of additional formats of authentication credentials for establishing a DTLS session, when peer authentication is based on asymmetric cryptography. Therefore, this document updates RFC 9202. What is defined in this document is seamlessly applicable also if the profile uses Transport Layer Security (TLS) instead of DTLS, as defined in RFC 9430.</t>
    </abstract>
    <note removeInRFC="true">
      <name>Discussion Venues</name>
      <t>Discussion of this document takes place on the
    Authentication and Authorization for Constrained Environments Working Group mailing list (ace@ietf.org),
    which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/ace/"/>.</t>
      <t>Source for this draft and an issue tracker can be found at
    <eref target="https://github.com/ace-wg/ace-authcred-dtls-profile"/>.</t>
    </note>
  </front>
  <middle>
    <?line 88?>

<section anchor="intro">
      <name>Introduction</name>
      <t>The Authentication and Authorization for Constrained Environments (ACE) framework <xref target="RFC9200"/> defines an architecture to enforce access control for constrained devices. A client (C) requests an evidence of granted permissions from an authorization server (AS) in the form of an access token, then uploads the access token to the target resource server (RS), and finally accesses protected resources at the RS according to what is specified in the access token.</t>
      <t>The framework has as main building blocks the OAuth 2.0 framework <xref target="RFC6749"/>, the Constrained Application Protocol (CoAP) <xref target="RFC7252"/> for message transfer, Concise Binary Object Representation (CBOR) <xref target="RFC8949"/> for compact encoding, and CBOR Object Signing and Encryption (COSE) <xref target="RFC9052"/><xref target="RFC9053"/> for self-contained protection of access tokens.</t>
      <t>Separate profile documents define in detail how the participants in the ACE architecture communicate, especially as to the security protocols that they use. In particular, the ACE profile defined in <xref target="RFC9202"/> specifies how Datagram Transport Layer Security (DTLS) <xref target="RFC6347"/><xref target="RFC9147"/> is used to protect communications with transport-layer security in the ACE architecture. The profile has been extended in <xref target="RFC9430"/>, in order to allow the alternative use of Transport Layer Security (TLS) <xref target="RFC8446"/> when CoAP is transported over TCP or WebSockets <xref target="RFC8323"/>.</t>
      <t>The DTLS profile defined in <xref target="RFC9202"/> allows C and the RS to establish a DTLS session with peer authentication based on symmetric or asymmetric cryptography. For the latter case, the profile defines a Raw Public Key (RPK) mode (see <xref section="3.2" sectionFormat="of" target="RFC9202"/>), where authentication relies on the public keys of the two peers as raw public keys <xref target="RFC7250"/>.</t>
      <t>That is, C specifies its public key to the AS when requesting an access token and the AS provides such public key to the target RS as included in the issued access token. When issuing the access token, the AS also provides C with the public key of the RS. Then, C and the RS use their asymmetric keys when performing the DTLS handshake, as defined in <xref target="RFC7250"/>.</t>
      <t>Per <xref target="RFC9202"/>, the DTLS profile admits only a COSE_Key object <xref target="RFC9052"/> as the format of authentication credentials to use for specifying the public keys of C and the RS as raw public keys. However, it is desirable that additional formats of authentication credentials can be used, such as enhanced raw public keys or public key certificates.</t>
      <t>This document enables the use of such additional formats in the DTLS profile, by defining how the public keys of C and the RS can be specified by means of CBOR Web Token (CWT) Claims Sets (CCSs) <xref target="RFC8392"/>, X.509 certificates <xref target="RFC5280"/>, or C509 certificates <xref target="I-D.ietf-cose-cbor-encoded-cert"/>.</t>
      <t>This document also enables the DTLS profile to use the CWT Confirmation Method 'ckt' defined in <xref target="RFC9679"/> when using a COSE_Key object for specifying a raw public key, thus allowing to identifying the COSE_Key object by reference alternatively to transporting it by value.</t>
      <t>In particular, this document updates <xref target="RFC9202"/> as follows.</t>
      <ul spacing="normal">
        <li>
          <t><xref target="sec-rpk-mode"/> of this document extends the RPK mode defined in <xref section="3.2" sectionFormat="of" target="RFC9202"/>, by enabling:  </t>
          <ul spacing="normal">
            <li>
              <t>The use of CCSs to wrap the raw public keys of C and the RS, i.e., as a new format of authentication credentials that can be used for specifying the public keys of C and the RS as raw public keys (see <xref target="sec-rpk-mode-kccs"/>).</t>
            </li>
            <li>
              <t>The use of the CWT Confirmation Method 'ckt' to identify a COSE_Key object by reference, when that is the format of authentication credentials used for specifying the public keys of C and the RS as raw public keys (see <xref target="sec-rpk-mode-ckt"/>).</t>
            </li>
          </ul>
        </li>
        <li>
          <t><xref target="sec-cert-mode"/> of this document defines a new certificate mode, which enables the use of X.509 or C509 certificates to specify the public keys of C and the RS. In either case, certificates can be transported by value or instead identified by reference.</t>
        </li>
      </ul>
      <t>When using the updated RPK mode, the raw public keys of C and the RS do not have to be of the same format. That is, it is possible to have both public keys as a COSE_Key object or as a CCS, or instead one as a COSE_Key object while the other one as a CCS. When both raw public keys are COSE_Keys, it is possible to have both COSE_Keys transported by value, or both identified by reference, or one transported by value while the other one identified by reference.</t>
      <t>When using the certificate mode, the certificates of C and the RS do not have to be of the same format. That is, it is possible to have both as X.509 certificates, or both as C509 certificates, or one as an X.509 certificate while the other one as a C509 certificate. Furthermore, it is possible to have both certificates transported by value, or both identified by reference, or one transported by value while the other one identified by reference.</t>
      <t>Also, the RPK mode and the certificate mode can be combined. That is, it is possible that one of the two authentication credentials is a certificate, while the other one is a raw public key.</t>
      <t>The effective provisioning of an authentication credential identified by reference builds on the assumption that the recipient is storing the authentication credential by value, or is able to retrieve it from a trusted source by means of the reference obtained. If that assumption does not hold, the authentication credential will have to be provided by value.</t>
      <t>The decision about whether providing authentication credentials by value or by reference depending on the specific situation is left to application policies at C and the AS. Furthermore, C and the AS could explicitly coordinate with each other about exchanging the authentication credentials of C and the RS as transported by value or instead identified by reference, e.g., by relying on the coordination method defined in <xref target="I-D.ietf-ace-workflow-and-params"/>.</t>
      <t>When using the formats introduced in this document, authentication credentials are specified by means of the CWT Confirmation Methods "kccs", "x5bag", "x5chain", "x5t", "x5u", "c5b", "c5c", "c5t", and "c5u" that are defined in <xref target="I-D.ietf-ace-edhoc-oscore-profile"/>.</t>
      <t>What is defined in this document is seamlessly applicable if TLS is used instead of DTLS, as defined in <xref target="RFC9430"/>.</t>
      <section anchor="terminology">
        <name>Terminology</name>
        <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
        <?line -18?>

<t>Readers are expected to be familiar with the terms and concepts described in the ACE framework for Authentication and Authorization <xref target="RFC9200"/><xref target="RFC9201"/> and in its DTLS profile <xref target="RFC9202"/>, as well as with terms and concepts related to CBOR Web Tokens (CWTs) <xref target="RFC8392"/> and CWT Confirmation Methods <xref target="RFC8747"/>.</t>
        <t>The terminology for entities in the considered architecture is defined in OAuth 2.0 <xref target="RFC6749"/>. In particular, this includes client (C), resource server (RS), and authorization server (AS).</t>
        <t>Readers are also expected to be familiar with the terms and concepts related to CoAP <xref target="RFC7252"/>, CBOR <xref target="RFC8949"/>, Concise Data Definition Language (CDDL) <xref target="RFC8610"/>, COSE <xref target="RFC9052"/><xref target="RFC9053"/>, DTLS <xref target="RFC6347"/><xref target="RFC9147"/>, and the use of raw public keys in DTLS <xref target="RFC7250"/>.</t>
        <t>Note that the term "endpoint" is used here following its OAuth definition <xref target="RFC6749"/>, aimed at denoting resources such as /token and /introspect at the AS, and /authz-info at the RS. The CoAP definition, which is "[a]n entity participating in the CoAP protocol" <xref target="RFC7252"/>, is not used in this document.</t>
        <t>This document also refers to the term "authentication credential", which denotes the information associated with an entity, including that entity's public key and parameters associated with the public key. Examples of authentication credentials are CWT Claims Sets (CCSs) <xref target="RFC8392"/>, X.509 certificates <xref target="RFC5280"/>, and C509 certificates <xref target="I-D.ietf-cose-cbor-encoded-cert"/>.</t>
      </section>
      <section anchor="notations">
        <name>Notations</name>
        <t>Examples throughout this document are expressed in CBOR diagnostic notation as defined in <xref section="8" sectionFormat="of" target="RFC8949"/> and <xref section="G" sectionFormat="of" target="RFC8610"/>. Diagnostic notation comments are often used to provide a textual representation of the parameters' keys and values.</t>
        <t>In the CBOR diagnostic notation used in this document, constructs of the form e'SOME_NAME' are replaced by the value assigned to SOME_NAME in the CDDL model shown in <xref target="fig-cddl-model"/> of <xref target="sec-cddl-model"/>. For example, {e'x5chain' : h'3081...cb02'} stands for {24 : h'3081...cb02'}.</t>
        <t>Note to RFC Editor: Please delete the paragraph immediately preceding this note. Also, in the CBOR diagnostic notation used in this document, please replace the constructs of the form e'SOME_NAME' with the value assigned to SOME_NAME in the CDDL model shown in <xref target="fig-cddl-model"/> of <xref target="sec-cddl-model"/>. Finally, please delete this note.</t>
      </section>
    </section>
    <section anchor="sec-rpk-mode">
      <name>Updates to the RPK Mode</name>
      <t>This section updates the RPK mode defined in <xref section="3.2" sectionFormat="of" target="RFC9202"/>, as detailed in the following <xref target="sec-rpk-mode-kccs"/> and <xref target="sec-rpk-mode-ckt"/>.</t>
      <section anchor="sec-rpk-mode-kccs">
        <name>Raw Public Keys as CCSs</name>
        <t>This section defines how the raw public key of C and the RS can be provided as wrapped by a CCS <xref target="RFC8392"/>, instead of as a COSE_Key object <xref target="RFC9052"/>. Note that only the differences from <xref target="RFC9202"/> are compiled below.</t>
        <t>If the raw public key of C is wrapped by a CCS, then the following applies.</t>
        <ul spacing="normal">
          <li>
            <t>The payload of the access token request (see <xref section="5.8.1" sectionFormat="of" target="RFC9200"/>) is as defined in <xref section="3.2.1" sectionFormat="of" target="RFC9202"/>, with the difference that the "req_cnf" parameter <xref target="RFC9201"/> <bcp14>MUST</bcp14> contain a "kccs" structure, with value a CCS specifying the public key of C that has to be bound to the access token.  </t>
            <t>
In particular, the CCS <bcp14>MUST</bcp14> include the "cnf" claim specifying the public key of C as a COSE_Key object, <bcp14>SHOULD</bcp14> include the "sub" claim specifying the subject name of C associated with the public key of C, and <bcp14>MAY</bcp14> include additional claims.</t>
          </li>
          <li>
            <t>The content of the access token that the AS provides to C in the access token response (see <xref section="5.8.2" sectionFormat="of" target="RFC9200"/>) is as defined in <xref section="3.2.1" sectionFormat="of" target="RFC9202"/>, with the difference that the "cnf" claim of the access token <bcp14>MUST</bcp14> contain a "kccs" structure, with value a CCS specifying the public key of C that is bound to the access token.  </t>
            <t>
In particular, the CCS <bcp14>MUST</bcp14> include the "cnf" claim specifying the public key of C as a COSE_Key object, <bcp14>SHOULD</bcp14> include the "sub" claim specifying the subject name of C associated with the public key of C, and <bcp14>MAY</bcp14> include additional claims.</t>
          </li>
        </ul>
        <t>If the raw public key of the RS is wrapped by a CCS, then the following applies.</t>
        <ul spacing="normal">
          <li>
            <t>The payload of the access token response is as defined in <xref section="3.2.1" sectionFormat="of" target="RFC9202"/>, with the difference that the "rs_cnf" parameter <xref target="RFC9201"/> <bcp14>MUST</bcp14> contain a "kccs" structure, with value a CCS specifying the public key of the RS.  </t>
            <t>
In particular, the CCS <bcp14>MUST</bcp14> include the "cnf" claim specifying the public key of the RS as a COSE_Key object, <bcp14>SHOULD</bcp14> include the "sub" claim specifying the subject name of the RS associated with the public key of the RS, and <bcp14>MAY</bcp14> include additional claims.</t>
          </li>
        </ul>
        <t>For the "req_cnf" parameter of the access token request, the "rs_cnf" parameter of the access token response, and the "cnf" claim of the access token, the Confirmation Method "kccs" structure and its identifier are defined in <xref target="I-D.ietf-ace-edhoc-oscore-profile"/>.</t>
        <t>It is not required that both public keys are wrapped by a CCS. That is, one of the two authentication credentials can be a CCS, while the other one can be a COSE_Key object transported by value as per <xref section="3.2" sectionFormat="of" target="RFC9202"/> or identified by reference as per <xref target="sec-rpk-mode-ckt"/> of this document.</t>
        <section anchor="examples">
          <name>Examples</name>
          <t><xref target="fig-example-C-to-AS-ccs"/> shows an example of access token request from C to the AS.</t>
          <figure anchor="fig-example-C-to-AS-ccs">
            <name>Access Token Request Example for RPK Mode, with the Public Key of C Wrapped by a CCS Conveyed within "req_cnf"</name>
            <artwork><![CDATA[
   POST coaps://as.example.com/token
   Content-Format: 19 (application/ace+cbor)
   Payload:
   {
     / grant_type / 33 : 2 / client_credentials /,
     / audience /    5 : "tempSensor1",
     / req_cnf /     4 : {
       e'kccs' : {
         / sub / 2 : "42-50-31-FF-EF-37-32-39",
         / cnf / 8 : {
           / COSE_Key / 1 : {
             / kty /    1 : 2 / EC2 /,
             / crv /   -1 : 1 / P-256 /,
             / x /     -2 : h'd7cc072de2205bdc1537a543d53c60a6
                              acb62eccd890c7fa27c9e354089bbe13',
             / y /     -3 : h'f95e1d4b851a2cc80fff87d8e23f22af
                              b725d535e515d020731e79a3b4e47120'
           }
         }
       }
     }
   }
]]></artwork>
          </figure>
          <t><xref target="fig-example-AS-to-C-ccs"/> shows an example of access token response from the AS to C.</t>
          <figure anchor="fig-example-AS-to-C-ccs">
            <name>Access Token Response Example for RPK Mode, with the Public Key of the RS Wrapped by a CCS, Conveyed within "rs_cnf"</name>
            <artwork><![CDATA[
   2.01 Created
   Content-Format: 19 (application/ace+cbor)
   Max-Age: 3560
   Payload:
   {
     / access_token / 1 : h'd83dd083...643b',
       / (remainder of CWT omitted for brevity;
       CWT contains the client's RPK in the cnf claim) /
     / expires_in /   2 : 3600,
     / rs_cnf /      41 : {
       e'kccs' : {
         / sub / 2 : "AA-BB-CC-00-01-02-03-04",
         / cnf / 8 : {
           / COSE_Key / 1 : {
             / kty /  1 : 2 / EC2 /,
             / crv / -1 : 1 / P-256 /,
             / x /   -2 : h'bbc34960526ea4d32e940cad2a234148
                            ddc21791a12afbcbac93622046dd44f0',
             / y /   -3 : h'4519e257236b2a0ce2023f0931f1f386
                            ca7afda64fcde0108c224c51eabf6072'
           }
         }
       }
     }
   }
]]></artwork>
          </figure>
        </section>
      </section>
      <section anchor="sec-rpk-mode-ckt">
        <name>Raw Public Keys as COSE_Keys Identified by Reference</name>
        <t>As per <xref section="3.2" sectionFormat="of" target="RFC9202"/>, COSE_Key objects <xref target="RFC9052"/> used for specifying raw public keys are transported by value in the access token request and response messages, as well as within access tokens.</t>
        <t>This section extends the DTLS profile by allowing to identifying those COSE_Key objects by reference, alternatively to transporting those by value. Note that only the differences from <xref target="RFC9202"/> are compiled below.</t>
        <t>The following relies on the CWT Confirmation Method 'ckt' defined in <xref target="RFC9679"/>. When using a 'ckt' structure, this conveys the thumbprint of a COSE_Key object computed as per <xref section="3" sectionFormat="of" target="RFC9679"/>. In particular, the hash function used <bcp14>MUST</bcp14> be SHA-256 <xref target="SHA-256"/>, which is mandatory to support when supporting COSE Key thumbprints.</t>
        <t>If the raw public key of C is specified as a COSE_Key object COSE_KEY_C and the intent is to identify it by reference, then the following applies.</t>
        <ul spacing="normal">
          <li>
            <t>The payload of the access token request (see <xref section="5.8.1" sectionFormat="of" target="RFC9200"/>) is as defined in <xref section="3.2.1" sectionFormat="of" target="RFC9202"/>, with the difference that the "req_cnf" parameter <xref target="RFC9201"/> <bcp14>MUST</bcp14> contain a "ckt" structure, with value the thumbprint of COSE_KEY_C.</t>
          </li>
          <li>
            <t>The content of the access token that the AS provides to C in the access token response (see <xref section="5.8.2" sectionFormat="of" target="RFC9200"/>) is as defined in <xref section="3.2.1" sectionFormat="of" target="RFC9202"/>, with the difference that the "cnf" claim of the access token <bcp14>MUST</bcp14> contain a "ckt" structure, with value the thumbprint of COSE_KEY_C.</t>
          </li>
        </ul>
        <t>If the raw public key of the RS is specified as a COSE_Key object COSE_KEY_RS and the intent is to identify it by reference, then the following applies.</t>
        <ul spacing="normal">
          <li>
            <t>The payload of the access token response is as defined in <xref section="3.2.1" sectionFormat="of" target="RFC9202"/>, with the difference that the "rs_cnf" parameter <xref target="RFC9201"/> <bcp14>MUST</bcp14> contain a "ckt" structure, with value the thumbprint of COSE_KEY_RS.</t>
          </li>
        </ul>
        <t>When both public keys are specified as COSE_Key objects, it is possible to have both transported by value, or both identified by reference, or one transported by value while the other one identified by reference.</t>
        <t>Note that the use of COSE Key thumbprints per <xref target="RFC9679"/> is applicable only to authentication credentials that are COSE_Key objects. That is, the 'ckt' structure <bcp14>MUST NOT</bcp14> be used to identify authentication credentials of other formats and that include a COSE_Key object as part of their content, such as CCSs as defined in <xref target="sec-rpk-mode-kccs"/> of this document.</t>
        <section anchor="examples-1">
          <name>Examples</name>
          <t><xref target="fig-example-C-to-AS-ckt"/> shows an example of access token request from C to the AS.</t>
          <figure anchor="fig-example-C-to-AS-ckt">
            <name>Access Token Request Example for RPK Mode, with the Public Key of C Specified as a COSE_Key Object Identified by Reference within "req_cnf"</name>
            <artwork><![CDATA[
   POST coaps://as.example.com/token
   Content-Format: 19 (application/ace+cbor)
   Payload:
   {
     / grant_type / 33 : 2 / client_credentials /,
     / audience /    5 : "tempSensor2",
     / req_cnf /     4 : {
       / ckt / 5 : h'd3550f1b5b763ee09d058fc7aef69900
                     1279903a4a15bdc3953d32b10f7cb8b1'
     }
   }
]]></artwork>
          </figure>
          <t><xref target="fig-example-AS-to-C-ckt"/> shows an example of access token response from the AS to C.</t>
          <figure anchor="fig-example-AS-to-C-ckt">
            <name>Access Token Response Example for RPK Mode, with the Public Key of the RS Specified as a COSE_Key Object Identified by Reference within "rs_cnf"</name>
            <artwork><![CDATA[
   2.01 Created
   Content-Format: 19 (application/ace+cbor)
   Max-Age: 3560
   Payload:
   {
     / access_token / 1 : h'd83dd083...5532',
       / (remainder of CWT omitted for brevity;
       CWT contains the client's RPK in the cnf claim) /
     / expires_in /   2 : 3600,
     / rs_cnf /      41 : {
       / ckt / 5 : h'db60f4d371fffac3e1040566154a5c36
                     1e0bf835a4ad4c58069cf6edc9ac58a3'
     }
   }
]]></artwork>
          </figure>
        </section>
      </section>
    </section>
    <section anchor="sec-cert-mode">
      <name>Certificate Mode</name>
      <t>This section defines a new certificate mode of the DTLS profile, which enables the use of public key certificates to specify the public keys of C and the RS. Compared to the RPK mode defined in <xref section="3.2" sectionFormat="of" target="RFC9202"/> and extended in <xref target="sec-rpk-mode"/> of this document, the certificate mode displays the differences compiled below.</t>
      <t>The authentication credential of C and/or of the RS is a public key certificate, i.e., an X.509 certificate <xref target="RFC5280"/> or a C509 certificate <xref target="I-D.ietf-cose-cbor-encoded-cert"/>.</t>
      <ul spacing="normal">
        <li>
          <t>The CWT Confirmation Methods "x5chain", "x5bag", "c5c", and "c5b" defined in <xref target="I-D.ietf-ace-edhoc-oscore-profile"/> are used to transport such authentication credentials by value.</t>
        </li>
        <li>
          <t>The CWT Confirmation Methods "x5t", "x5u", "c5t", and "c5u" defined in <xref target="I-D.ietf-ace-edhoc-oscore-profile"/> are used to identify such authentication credentials by reference.</t>
        </li>
      </ul>
      <t>If the authentication credential AUTH_CRED_C of C is a public key certificate, then the following applies.</t>
      <ul spacing="normal">
        <li>
          <t>The "req_cnf" parameter <xref target="RFC9201"/> of the access token request (see <xref section="5.8.1" sectionFormat="of" target="RFC9200"/>) specifies AUTH_CRED_C as follows.  </t>
          <t>
If AUTH_CRED_C is an X.509 certificate, the "req_cnf" parameter <bcp14>MUST</bcp14> contain:  </t>
          <ul spacing="normal">
            <li>
              <t>An "x5chain" or "x5bag" structure, if AUTH_CRED_C is transported by value within a certificate chain or a certificate bag, respectively; or</t>
            </li>
            <li>
              <t>An "x5t" or "x5u" structure, if AUTH_CRED_C is identified by reference through a hash value (a thumbprint) or a URI <xref target="RFC3986"/>, respectively.</t>
            </li>
          </ul>
          <t>
If AUTH_CRED_C is a C509 certificate, the "req_cnf" parameter <bcp14>MUST</bcp14> contain:  </t>
          <ul spacing="normal">
            <li>
              <t>A "c5c" or "c5b" structure, if AUTH_CRED_C is transported by value within a certificate chain or a certificate bag, respectively; or</t>
            </li>
            <li>
              <t>A "c5t" or "c5u" structure, if AUTH_CRED_C is identified by reference through a hash value (a thumbprint) or a URI <xref target="RFC3986"/>, respectively.</t>
            </li>
          </ul>
        </li>
        <li>
          <t>The "cnf" claim of the access token that the AS provides to C in the access token response (see <xref section="5.8.2" sectionFormat="of" target="RFC9200"/>) specifies AUTH_CRED_C as follows.  </t>
          <t>
If AUTH_CRED_C is an X.509 certificate, the "cnf" claim <bcp14>MUST</bcp14> contain:  </t>
          <ul spacing="normal">
            <li>
              <t>An "x5chain" or "x5bag" structure, if AUTH_CRED_C is transported by value within a certificate chain or a certificate bag, respectively; or</t>
            </li>
            <li>
              <t>An "x5t" or "x5u" structure, if AUTH_CRED_C is identified by reference through a hash value (a thumbprint) or a URI <xref target="RFC3986"/>, respectively.</t>
            </li>
          </ul>
          <t>
If AUTH_CRED_C is a C509 certificate, the "cnf" claim <bcp14>MUST</bcp14> contain:  </t>
          <ul spacing="normal">
            <li>
              <t>A "c5c" or "c5b" structure, if AUTH_CRED_C is transported by value within a certificate chain or a certificate bag, respectively; or</t>
            </li>
            <li>
              <t>A "c5t" or "c5u" structure, if AUTH_CRED_C is identified by reference through a hash value (a thumbprint) or a URI <xref target="RFC3986"/>, respectively.</t>
            </li>
          </ul>
        </li>
      </ul>
      <t>If the authentication credential AUTH_CRED_RS of the RS is a public key certificate, then the following applies.</t>
      <ul spacing="normal">
        <li>
          <t>The "rs_cnf" parameter <xref target="RFC9201"/> of the access token response specifies AUTH_CRED_RS as follows.  </t>
          <t>
If AUTH_CRED_RS is an X.509 certificate, the "rs_cnf" parameter <bcp14>MUST</bcp14> contain:  </t>
          <ul spacing="normal">
            <li>
              <t>An "x5chain" or "x5bag" structure, if AUTH_CRED_RS is transported by value within a certificate chain or a certificate bag, respectively; or</t>
            </li>
            <li>
              <t>An "x5t" or "x5u" structure, if AUTH_CRED_RS is identified by reference through a hash value (a thumbprint) or a URI <xref target="RFC3986"/>, respectively.</t>
            </li>
          </ul>
          <t>
If AUTH_CRED_RS is a C509 certificate, the "rs_cnf" parameter <bcp14>MUST</bcp14> contain:  </t>
          <ul spacing="normal">
            <li>
              <t>A "c5c" or "c5b" structure, if AUTH_CRED_RS is transported by value within a certificate chain or a certificate bag, respectively; or</t>
            </li>
            <li>
              <t>A "c5t" or "c5u" structure, if AUTH_CRED_RS is identified by reference through a hash value (a thumbprint) or a URI <xref target="RFC3986"/>, respectively.</t>
            </li>
          </ul>
        </li>
      </ul>
      <t>For the "req_cnf" parameter of the access token request, the "rs_cnf" parameter of the access token response, and the "cnf" claim of the access token, the structures "x5bag", "x5chain", "x5t", "x5u", "c5b", "c5c", "c5t", and "c5u" are defined in <xref target="I-D.ietf-ace-edhoc-oscore-profile"/>, together with their identifiers.</t>
      <t>When using either of the structures, the specified authentication credential is just the end-entity certificate.</t>
      <t>As per <xref target="RFC6347"/> and <xref target="RFC9147"/>, a public key certificate is specified in the Certificate message of the DTLS handshake. For X.509 certificates, the TLS Certificate Type is "X509", as defined in <xref target="RFC6091"/>. For C509 certificates, the TLS certificate type is "C509 Certificate", as defined in <xref target="I-D.ietf-cose-cbor-encoded-cert"/>.</t>
      <t>It is not required that AUTH_CRED_C and AUTH_CRED_RS are both X.509 certificates or both C509 certificates. Also, it is not required that AUTH_CRED_C and AUTH_CRED_RS are both transported by value or both identified by reference.</t>
      <t>Finally, one of the two authentication credentials can be a public key certificate, while the other one can be a raw public key. This is consistent with the admitted, combined use of raw public keys and certificates, as discussed in <xref section="5.3" sectionFormat="of" target="RFC7250"/>.</t>
      <section anchor="examples-2">
        <name>Examples</name>
        <t><xref target="fig-example-C-to-AS-x509"/> shows an example of access token request from C to the AS. In the example, C specifies its authentication credential by means of an "x5chain" structure, transporting by value only its X.509 certificate.</t>
        <figure anchor="fig-example-C-to-AS-x509">
          <name>Access Token Request Example for Certificate Mode with an X.509 Certificate as Authentication Credential of C, Transported by Value within "req_cnf"</name>
          <artwork><![CDATA[
   POST coaps://as.example.com/token
   Content-Format: 19 (application/ace+cbor)
   Payload:
   {
     / grant_type / 33 : 2 / client_credentials /,
     / audience /    5 : "tempSensor3",
     / req_cnf /     4 : {
       e'x5chain' : h'3081ee3081a1a003020102020462319ec430
                      0506032b6570301d311b301906035504030c
                      124544484f4320526f6f7420456432353531
                      39301e170d3232303331363038323433365a
                      170d3239313233313233303030305a302231
                      20301e06035504030c174544484f43205265
                      73706f6e6465722045643235353139302a30
                      0506032b6570032100a1db47b95184854ad1
                      2a0c1a354e418aace33aa0f2c662c00b3ac5
                      5de92f9359300506032b6570034100b723bc
                      01eab0928e8b2b6c98de19cc3823d46e7d69
                      87b032478fecfaf14537a1af14cc8be829c6
                      b73044101837eb4abc949565d86dce51cfae
                      52ab82c152cb02'
     }
   }
]]></artwork>
        </figure>
        <t><xref target="fig-example-AS-to-C-x509"/> shows an example of access token response from the AS to C. In the example, the AS specifies the authentication credential of the RS by means of an "x5chain" structure, transporting by value only the X.509 certificate of the RS.</t>
        <figure anchor="fig-example-AS-to-C-x509">
          <name>Access Token Response Example for Certificate Mode with an X.509 Certificate as Authentication Credential of the RS, Transported by Value within "rs_cnf"</name>
          <artwork><![CDATA[
   2.01 Created
   Content-Format: 19 (application/ace+cbor)
   Max-Age: 3560
   Payload:
   {
     / access_token / 1 : h'd83dd083...2fa6',
       / (remainder of CWT omitted for brevity;
       CWT contains the client's X.509 certificate in the cnf claim) /
     / expires_in /   2 : 3600,
     / rs_cnf /      41 : {
       e'x5chain' : h'3081ee3081a1a003020102020462319ea030
                      0506032b6570301d311b301906035504030c
                      124544484f4320526f6f7420456432353531
                      39301e170d3232303331363038323430305a
                      170d3239313233313233303030305a302231
                      20301e06035504030c174544484f4320496e
                      69746961746f722045643235353139302a30
                      0506032b6570032100ed06a8ae61a829ba5f
                      a54525c9d07f48dd44a302f43e0f23d8cc20
                      b73085141e300506032b6570034100521241
                      d8b3a770996bcfc9b9ead4e7e0a1c0db353a
                      3bdf2910b39275ae48b756015981850d27db
                      6734e37f67212267dd05eeff27b9e7a813fa
                      574b72a00b430b'
     }
   }
]]></artwork>
        </figure>
        <t>The following shows a variation of the two previous examples, where X.509 certificates used as authentication credentials are instead identified by reference.</t>
        <t><xref target="fig-example-C-to-AS-x509-ref"/> shows an example of access token request from C to the AS. In the example, C specifies its authentication credential by means of an "x5t" structure, identifying by reference its X.509 certificate.</t>
        <figure anchor="fig-example-C-to-AS-x509-ref">
          <name>Access Token Request Example for Certificate Mode with an X.509 Certificate as Authentication Credential of C, Identified by Reference within "req_cnf"</name>
          <artwork><![CDATA[
   POST coaps://as.example.com/token
   Content-Format: 19 (application/ace+cbor)
   Payload:
   {
     / grant_type / 33 : 2 / client_credentials /,
     / audience /    5 : "tempSensor4",
     / req_cnf /     4 : {
       e'x5t' : [-15, h'79f2a41b510c1f9b']
       / SHA-2 256-bit Hash truncated to 64-bits /
     }
   }
]]></artwork>
        </figure>
        <t><xref target="fig-example-AS-to-C-x509-ref"/> shows an example of access token response from the AS to C. In the example, the AS specifies the authentication credential of the RS by means of an "x5t" structure, identifying by reference the X.509 certificate of the RS.</t>
        <figure anchor="fig-example-AS-to-C-x509-ref">
          <name>Access Token Response Example for Certificate Mode with an X.509 Certificate as Authentication Credential of the RS, Identified by Reference within "rs_cnf"</name>
          <artwork><![CDATA[
   2.01 Created
   Content-Format: 19 (application/ace+cbor)
   Max-Age: 3560
   Payload:
   {
     / access_token / 1 : h'd83dd083...cda0',
       / (remainder of CWT omitted for brevity;
       CWT contains the client's X.509 certificate in the cnf claim) /
     / expires_in /   2 : 3600,
     / rs_cnf /      41 : {
       e'x5t' : [-15, h'c24ab2fd7643c79f']
       / SHA-2 256-bit Hash truncated to 64-bits /
     }
   }
]]></artwork>
        </figure>
      </section>
    </section>
    <section anchor="sec-security-considerations">
      <name>Security Considerations</name>
      <t>The security considerations from <xref target="RFC9200"/> and <xref target="RFC9202"/> apply to this document as well. Furthermore:</t>
      <ul spacing="normal">
        <li>
          <t>When using the CWT Confirmation Method 'ckt' for identifying by reference a COSE_Key object that is used for specifying a raw public key, the security considerations from <xref target="RFC9679"/> apply.</t>
        </li>
        <li>
          <t>When using public key certificates as authentication credentials, the security considerations from <xref section="C.2" sectionFormat="of" target="RFC8446"/> apply.</t>
        </li>
        <li>
          <t>When using X.509 certificates as authentication credentials, the security considerations from <xref target="RFC5280"/>, <xref target="RFC6818"/>, <xref target="RFC9549"/>, <xref target="RFC9598"/>, <xref target="RFC9608"/>, and <xref target="RFC9618"/> apply.</t>
        </li>
        <li>
          <t>When using C509 certificates as authentication credentials, the security considerations from <xref target="I-D.ietf-cose-cbor-encoded-cert"/> apply.</t>
        </li>
      </ul>
      <t>Consistent with the ACE architecture, C and the RS securely obtain each others' authentication credential from the AS acting as trusted third party, i.e., through the access token response sent to C and through the issued access token uploaded to the RS, respectively.</t>
      <t>Nevertheless, C and the RS are responsible for verifying the integrity and validity of obtained authentication credentials when those are CCSs or public key certificates as defined in this document.</t>
      <t>For public key certificates, verifying their validity may require using a Real-Time Clock (RTC). Trusted certification authorities (CAs) should be selected very carefully and certificate revocation should be supported. The revocation mechanism specifically used depends on the application. For example Certificate Revocation Lists <xref target="RFC5280"/> or the Online Certificate Status Protocol (OCSP) <xref target="RFC6960"/> may be used when authentication credentials are X.509 certificates.</t>
      <t>Similarly for CCSs, verifying their validity and handling their revocation require C and the RS to very carefully select relevant trust anchors and to have a well-defined trust-establishment process.</t>
      <t>Note that self-signed certificates or CCSs provided to C and the RS cannot result in modifying the set of trust anchors. A common way for a new trust anchor to be added to (or removed from) a device is by performing a firmware upgrade. A longer discussion on trust and validation in constrained devices is provided by <xref target="RFC9360"/>.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document has no actions for IANA.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="I-D.ietf-cose-cbor-encoded-cert">
          <front>
            <title>CBOR Encoded X.509 Certificates (C509 Certificates)</title>
            <author fullname="John Preuß Mattsson" initials="J. P." surname="Mattsson">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Shahid Raza" initials="S." surname="Raza">
              <organization>University of Glasgow</organization>
            </author>
            <author fullname="Joel Höglund" initials="J." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Martin Furuhed" initials="M." surname="Furuhed">
              <organization>IN Groupe</organization>
            </author>
            <author fullname="Lijun Liao" initials="L." surname="Liao">
              <organization>NIO</organization>
            </author>
            <date day="30" month="June" year="2026"/>
            <abstract>
              <t>   This document specifies a CBOR encoding of X.509 certificates.  The
   resulting certificates are called C509 certificates.  The CBOR
   encoding supports a large subset of RFC 5280 and common certificate
   profiles, and it is extensible.

   Two types of C509 certificates are defined.  One type is an
   invertible CBOR re-encoding of DER-encoded X.509 certificates with
   the signature field copied from the DER encoding.  The other type is
   identical except that the signature is computed over the CBOR
   encoding instead of the DER encoding, thereby avoiding the use of
   ASN.1.  Both types of certificates have the same semantics as X.509
   while providing comparable size reduction.

   This document also specifies CBOR-encoded data structures for
   certification requests and certification request templates, new COSE
   headers, as well as a TLS certificate type and a file format for
   C509.  This document updates RFC 6698 by extending the TLSA selectors
   registry to include C509 certificates.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-cose-cbor-encoded-cert-20"/>
        </reference>
        <reference anchor="I-D.ietf-ace-edhoc-oscore-profile">
          <front>
            <title>Ephemeral Diffie-Hellman Over COSE (EDHOC) and Object Security for Constrained Environments (OSCORE) Profile for Authentication and Authorization for Constrained Environments (ACE)</title>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson</organization>
            </author>
            <author fullname="John Preuß Mattsson" initials="J. P." surname="Mattsson">
              <organization>Ericsson</organization>
            </author>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE</organization>
            </author>
            <date day="1" month="March" year="2026"/>
            <abstract>
              <t>   This document specifies a profile for the Authentication and
   Authorization for Constrained Environments (ACE) framework.  It
   utilizes Ephemeral Diffie-Hellman Over COSE (EDHOC) for achieving
   mutual authentication between an ACE-OAuth client and resource
   server, and it binds an authentication credential of the client to an
   ACE-OAuth access token.  EDHOC also establishes an Object Security
   for Constrained RESTful Environments (OSCORE) Security Context, which
   is used to secure communications between the client and resource
   server when accessing protected resources according to the
   authorization information indicated in the access token.  This
   profile can be used to delegate management of authorization
   information from a resource-constrained server to a trusted host with
   less severe limitations regarding processing power and memory.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-ace-edhoc-oscore-profile-10"/>
        </reference>
        <reference anchor="RFC3986">
          <front>
            <title>Uniform Resource Identifier (URI): Generic Syntax</title>
            <author fullname="T. Berners-Lee" initials="T." surname="Berners-Lee"/>
            <author fullname="R. Fielding" initials="R." surname="Fielding"/>
            <author fullname="L. Masinter" initials="L." surname="Masinter"/>
            <date month="January" year="2005"/>
            <abstract>
              <t>A Uniform Resource Identifier (URI) is a compact sequence of characters that identifies an abstract or physical resource. This specification defines the generic URI syntax and a process for resolving URI references that might be in relative form, along with guidelines and security considerations for the use of URIs on the Internet. The URI syntax defines a grammar that is a superset of all valid URIs, allowing an implementation to parse the common components of a URI reference without knowing the scheme-specific requirements of every possible identifier. This specification does not define a generative grammar for URIs; that task is performed by the individual specifications of each URI scheme. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="66"/>
          <seriesInfo name="RFC" value="3986"/>
          <seriesInfo name="DOI" value="10.17487/RFC3986"/>
        </reference>
        <reference anchor="RFC5280">
          <front>
            <title>Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</title>
            <author fullname="D. Cooper" initials="D." surname="Cooper"/>
            <author fullname="S. Santesson" initials="S." surname="Santesson"/>
            <author fullname="S. Farrell" initials="S." surname="Farrell"/>
            <author fullname="S. Boeyen" initials="S." surname="Boeyen"/>
            <author fullname="R. Housley" initials="R." surname="Housley"/>
            <author fullname="W. Polk" initials="W." surname="Polk"/>
            <date month="May" year="2008"/>
            <abstract>
              <t>This memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet. An overview of this approach and model is provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail along with standard and Internet-specific extensions. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5280"/>
          <seriesInfo name="DOI" value="10.17487/RFC5280"/>
        </reference>
        <reference anchor="RFC6347">
          <front>
            <title>Datagram Transport Layer Security Version 1.2</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <author fullname="N. Modadugu" initials="N." surname="Modadugu"/>
            <date month="January" year="2012"/>
            <abstract>
              <t>This document specifies version 1.2 of the Datagram Transport Layer Security (DTLS) protocol. The DTLS protocol provides communications privacy for datagram protocols. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the Transport Layer Security (TLS) protocol and provides equivalent security guarantees. Datagram semantics of the underlying transport are preserved by the DTLS protocol. This document updates DTLS 1.0 to work with TLS version 1.2. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6347"/>
          <seriesInfo name="DOI" value="10.17487/RFC6347"/>
        </reference>
        <reference anchor="RFC6749">
          <front>
            <title>The OAuth 2.0 Authorization Framework</title>
            <author fullname="D. Hardt" initials="D." role="editor" surname="Hardt"/>
            <date month="October" year="2012"/>
            <abstract>
              <t>The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6749"/>
          <seriesInfo name="DOI" value="10.17487/RFC6749"/>
        </reference>
        <reference anchor="RFC6818">
          <front>
            <title>Updates to the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</title>
            <author fullname="P. Yee" initials="P." surname="Yee"/>
            <date month="January" year="2013"/>
            <abstract>
              <t>This document updates RFC 5280, the "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile". This document changes the set of acceptable encoding methods for the explicitText field of the user notice policy qualifier and clarifies the rules for converting internationalized domain name labels to ASCII. This document also provides some clarifications on the use of self-signed certificates, trust anchors, and some updated security considerations. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6818"/>
          <seriesInfo name="DOI" value="10.17487/RFC6818"/>
        </reference>
        <reference anchor="RFC7250">
          <front>
            <title>Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)</title>
            <author fullname="P. Wouters" initials="P." role="editor" surname="Wouters"/>
            <author fullname="H. Tschofenig" initials="H." role="editor" surname="Tschofenig"/>
            <author fullname="J. Gilmore" initials="J." surname="Gilmore"/>
            <author fullname="S. Weiler" initials="S." surname="Weiler"/>
            <author fullname="T. Kivinen" initials="T." surname="Kivinen"/>
            <date month="June" year="2014"/>
            <abstract>
              <t>This document specifies a new certificate type and two TLS extensions for exchanging raw public keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). The new certificate type allows raw public keys to be used for authentication.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7250"/>
          <seriesInfo name="DOI" value="10.17487/RFC7250"/>
        </reference>
        <reference anchor="RFC7252">
          <front>
            <title>The Constrained Application Protocol (CoAP)</title>
            <author fullname="Z. Shelby" initials="Z." surname="Shelby"/>
            <author fullname="K. Hartke" initials="K." surname="Hartke"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="June" year="2014"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks. The nodes often have 8-bit microcontrollers with small amounts of ROM and RAM, while constrained networks such as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) often have high packet error rates and a typical throughput of 10s of kbit/s. The protocol is designed for machine- to-machine (M2M) applications such as smart energy and building automation.</t>
              <t>CoAP provides a request/response interaction model between application endpoints, supports built-in discovery of services and resources, and includes key concepts of the Web such as URIs and Internet media types. CoAP is designed to easily interface with HTTP for integration with the Web while meeting specialized requirements such as multicast support, very low overhead, and simplicity for constrained environments.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7252"/>
          <seriesInfo name="DOI" value="10.17487/RFC7252"/>
        </reference>
        <reference anchor="RFC8323">
          <front>
            <title>CoAP (Constrained Application Protocol) over TCP, TLS, and WebSockets</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="S. Lemay" initials="S." surname="Lemay"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <author fullname="K. Hartke" initials="K." surname="Hartke"/>
            <author fullname="B. Silverajan" initials="B." surname="Silverajan"/>
            <author fullname="B. Raymor" initials="B." role="editor" surname="Raymor"/>
            <date month="February" year="2018"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP), although inspired by HTTP, was designed to use UDP instead of TCP. The message layer of CoAP over UDP includes support for reliable delivery, simple congestion control, and flow control.</t>
              <t>Some environments benefit from the availability of CoAP carried over reliable transports such as TCP or Transport Layer Security (TLS). This document outlines the changes required to use CoAP over TCP, TLS, and WebSockets transports. It also formally updates RFC 7641 for use with these transports and RFC 7959 to enable the use of larger messages over a reliable transport.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8323"/>
          <seriesInfo name="DOI" value="10.17487/RFC8323"/>
        </reference>
        <reference anchor="RFC8392">
          <front>
            <title>CBOR Web Token (CWT)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="E. Wahlstroem" initials="E." surname="Wahlstroem"/>
            <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="May" year="2018"/>
            <abstract>
              <t>CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR), and CBOR Object Signing and Encryption (COSE) is used for added application-layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value. CWT is derived from JSON Web Token (JWT) but uses CBOR rather than JSON.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8392"/>
          <seriesInfo name="DOI" value="10.17487/RFC8392"/>
        </reference>
        <reference anchor="RFC9549">
          <front>
            <title>Internationalization Updates to RFC 5280</title>
            <author fullname="R. Housley" initials="R." surname="Housley"/>
            <date month="March" year="2024"/>
            <abstract>
              <t>The updates to RFC 5280 described in this document provide alignment with the 2008 specification for Internationalized Domain Names (IDNs) and includes support for internationalized email addresses in X.509 certificates. The updates ensure that name constraints for email addresses that contain only ASCII characters and internationalized email addresses are handled in the same manner. This document obsoletes RFC 8399.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9549"/>
          <seriesInfo name="DOI" value="10.17487/RFC9549"/>
        </reference>
        <reference anchor="RFC8446">
          <front>
            <title>The Transport Layer Security (TLS) Protocol Version 1.3</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <date month="August" year="2018"/>
            <abstract>
              <t>This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
              <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8446"/>
          <seriesInfo name="DOI" value="10.17487/RFC8446"/>
        </reference>
        <reference anchor="RFC8610">
          <front>
            <title>Concise Data Definition Language (CDDL): A Notational Convention to Express Concise Binary Object Representation (CBOR) and JSON Data Structures</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="C. Vigano" initials="C." surname="Vigano"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="June" year="2019"/>
            <abstract>
              <t>This document proposes a notational convention to express Concise Binary Object Representation (CBOR) data structures (RFC 7049). Its main goal is to provide an easy and unambiguous way to express structures for protocol messages and data formats that use CBOR or JSON.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8610"/>
          <seriesInfo name="DOI" value="10.17487/RFC8610"/>
        </reference>
        <reference anchor="RFC8747">
          <front>
            <title>Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="March" year="2020"/>
            <abstract>
              <t>This specification describes how to declare in a CBOR Web Token (CWT) (which is defined by RFC 8392) that the presenter of the CWT possesses a particular proof-of-possession key. Being able to prove possession of a key is also sometimes described as being the holder-of-key. This specification provides equivalent functionality to "Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)" (RFC 7800) but using Concise Binary Object Representation (CBOR) and CWTs rather than JavaScript Object Notation (JSON) and JSON Web Tokens (JWTs).</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8747"/>
          <seriesInfo name="DOI" value="10.17487/RFC8747"/>
        </reference>
        <reference anchor="RFC8949">
          <front>
            <title>Concise Binary Object Representation (CBOR)</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
            <date month="December" year="2020"/>
            <abstract>
              <t>The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack.</t>
              <t>This document obsoletes RFC 7049, providing editorial improvements, new details, and errata fixes while keeping full compatibility with the interchange format of RFC 7049. It does not create a new version of the format.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="94"/>
          <seriesInfo name="RFC" value="8949"/>
          <seriesInfo name="DOI" value="10.17487/RFC8949"/>
        </reference>
        <reference anchor="RFC9052">
          <front>
            <title>CBOR Object Signing and Encryption (COSE): Structures and Process</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines the CBOR Object Signing and Encryption (COSE) protocol. This specification describes how to create and process signatures, message authentication codes, and encryption using CBOR for serialization. This specification additionally describes how to represent cryptographic keys using CBOR.</t>
              <t>This document, along with RFC 9053, obsoletes RFC 8152.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="96"/>
          <seriesInfo name="RFC" value="9052"/>
          <seriesInfo name="DOI" value="10.17487/RFC9052"/>
        </reference>
        <reference anchor="RFC9053">
          <front>
            <title>CBOR Object Signing and Encryption (COSE): Initial Algorithms</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines a set of algorithms that can be used with the CBOR Object Signing and Encryption (COSE) protocol (RFC 9052).</t>
              <t>This document, along with RFC 9052, obsoletes RFC 8152.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9053"/>
          <seriesInfo name="DOI" value="10.17487/RFC9053"/>
        </reference>
        <reference anchor="RFC9147">
          <front>
            <title>The Datagram Transport Layer Security (DTLS) Protocol Version 1.3</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <author fullname="N. Modadugu" initials="N." surname="Modadugu"/>
            <date month="April" year="2022"/>
            <abstract>
              <t>This document specifies version 1.3 of the Datagram Transport Layer Security (DTLS) protocol. DTLS 1.3 allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
              <t>The DTLS 1.3 protocol is based on the Transport Layer Security (TLS) 1.3 protocol and provides equivalent security guarantees with the exception of order protection / non-replayability. Datagram semantics of the underlying transport are preserved by the DTLS protocol.</t>
              <t>This document obsoletes RFC 6347.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9147"/>
          <seriesInfo name="DOI" value="10.17487/RFC9147"/>
        </reference>
        <reference anchor="RFC9200">
          <front>
            <title>Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)</title>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="E. Wahlstroem" initials="E." surname="Wahlstroem"/>
            <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE-OAuth. The framework is based on a set of building blocks including OAuth 2.0 and the Constrained Application Protocol (CoAP), thus transforming a well-known and widely used authorization solution into a form suitable for IoT devices. Existing specifications are used where possible, but extensions are added and profiles are defined to better serve the IoT use cases.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9200"/>
          <seriesInfo name="DOI" value="10.17487/RFC9200"/>
        </reference>
        <reference anchor="RFC9201">
          <front>
            <title>Additional OAuth Parameters for Authentication and Authorization for Constrained Environments (ACE)</title>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>This specification defines new parameters and encodings for the OAuth 2.0 token and introspection endpoints when used with the framework for Authentication and Authorization for Constrained Environments (ACE). These are used to express the proof-of-possession (PoP) key the client wishes to use, the PoP key that the authorization server has selected, and the PoP key the resource server uses to authenticate to the client.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9201"/>
          <seriesInfo name="DOI" value="10.17487/RFC9201"/>
        </reference>
        <reference anchor="RFC9202">
          <front>
            <title>Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE)</title>
            <author fullname="S. Gerdes" initials="S." surname="Gerdes"/>
            <author fullname="O. Bergmann" initials="O." surname="Bergmann"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>This specification defines a profile of the Authentication and Authorization for Constrained Environments (ACE) framework that allows constrained servers to delegate client authentication and authorization. The protocol relies on DTLS version 1.2 or later for communication security between entities in a constrained network using either raw public keys or pre-shared keys. A resource-constrained server can use this protocol to delegate management of authorization information to a trusted host with less-severe limitations regarding processing power and memory.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9202"/>
          <seriesInfo name="DOI" value="10.17487/RFC9202"/>
        </reference>
        <reference anchor="RFC9430">
          <front>
            <title>Extension of the Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE) to Transport Layer Security (TLS)</title>
            <author fullname="O. Bergmann" initials="O." surname="Bergmann"/>
            <author fullname="J. Preuß Mattsson" initials="J." surname="Preuß Mattsson"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <date month="July" year="2023"/>
            <abstract>
              <t>This document updates "Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE)" (RFC 9202) by specifying that the profile applies to TLS as well as DTLS.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9430"/>
          <seriesInfo name="DOI" value="10.17487/RFC9430"/>
        </reference>
        <reference anchor="RFC9598">
          <front>
            <title>Internationalized Email Addresses in X.509 Certificates</title>
            <author fullname="A. Melnikov" initials="A." surname="Melnikov"/>
            <author fullname="W. Chuang" initials="W." surname="Chuang"/>
            <author fullname="C. Bonnell" initials="C." surname="Bonnell"/>
            <date month="May" year="2024"/>
            <abstract>
              <t>This document defines a new name form for inclusion in the otherName field of an X.509 Subject Alternative Name and Issuer Alternative Name extension that allows a certificate subject to be associated with an internationalized email address.</t>
              <t>This document updates RFC 5280 and obsoletes RFC 8398.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9598"/>
          <seriesInfo name="DOI" value="10.17487/RFC9598"/>
        </reference>
        <reference anchor="RFC9608">
          <front>
            <title>No Revocation Available for X.509 Public Key Certificates</title>
            <author fullname="R. Housley" initials="R." surname="Housley"/>
            <author fullname="T. Okubo" initials="T." surname="Okubo"/>
            <author fullname="J. Mandel" initials="J." surname="Mandel"/>
            <date month="June" year="2024"/>
            <abstract>
              <t>X.509v3 public key certificates are profiled in RFC 5280. Short-lived certificates are seeing greater use in the Internet. The Certification Authority (CA) that issues these short-lived certificates do not publish revocation information because the certificate lifespan that is shorter than the time needed to detect, report, and distribute revocation information. Some long-lived X.509v3 public key certificates never expire, and they are never revoked. This specification defines the noRevAvail certificate extension so that a relying party can readily determine that the CA does not publish revocation information for the certificate, and it updates the certification path validation algorithm defined in RFC 5280 so that revocation checking is skipped when the noRevAvail certificate extension is present.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9608"/>
          <seriesInfo name="DOI" value="10.17487/RFC9608"/>
        </reference>
        <reference anchor="RFC9618">
          <front>
            <title>Updates to X.509 Policy Validation</title>
            <author fullname="D. Benjamin" initials="D." surname="Benjamin"/>
            <date month="August" year="2024"/>
            <abstract>
              <t>This document updates RFC 5280 to replace the algorithm for X.509 policy validation with an equivalent, more efficient algorithm. The original algorithm built a structure that scaled exponentially in the worst case, leaving implementations vulnerable to denial-of-service attacks.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9618"/>
          <seriesInfo name="DOI" value="10.17487/RFC9618"/>
        </reference>
        <reference anchor="RFC9679">
          <front>
            <title>CBOR Object Signing and Encryption (COSE) Key Thumbprint</title>
            <author fullname="K. Isobe" initials="K." surname="Isobe"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <author fullname="O. Steele" initials="O." surname="Steele"/>
            <date month="December" year="2024"/>
            <abstract>
              <t>This specification defines a method for computing a hash value over a CBOR Object Signing and Encryption (COSE) Key. It specifies which fields within the COSE Key structure are included in the cryptographic hash computation, the process for creating a canonical representation of these fields, and how to hash the resulting byte sequence. The resulting hash value, referred to as a "thumbprint", can be used to identify or select the corresponding key.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9679"/>
          <seriesInfo name="DOI" value="10.17487/RFC9679"/>
        </reference>
        <reference anchor="SHA-256" target="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf">
          <front>
            <title>Secure Hash Standard</title>
            <author>
              <organization>NIST</organization>
            </author>
            <date year="2015" month="August"/>
          </front>
          <seriesInfo name="NIST FIPS PUB 180-4, DOI 10.6028/NIST.FIPS.180-4" value=""/>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC6091">
          <front>
            <title>Using OpenPGP Keys for Transport Layer Security (TLS) Authentication</title>
            <author fullname="N. Mavrogiannopoulos" initials="N." surname="Mavrogiannopoulos"/>
            <author fullname="D. Gillmor" initials="D." surname="Gillmor"/>
            <date month="February" year="2011"/>
            <abstract>
              <t>This memo defines Transport Layer Security (TLS) extensions and associated semantics that allow clients and servers to negotiate the use of OpenPGP certificates for a TLS session, and specifies how to transport OpenPGP certificates via TLS. It also defines the registry for non-X.509 certificate types. This document is not an Internet Standards Track specification; it is published for informational purposes.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6091"/>
          <seriesInfo name="DOI" value="10.17487/RFC6091"/>
        </reference>
        <reference anchor="RFC6960">
          <front>
            <title>X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP</title>
            <author fullname="S. Santesson" initials="S." surname="Santesson"/>
            <author fullname="M. Myers" initials="M." surname="Myers"/>
            <author fullname="R. Ankney" initials="R." surname="Ankney"/>
            <author fullname="A. Malpani" initials="A." surname="Malpani"/>
            <author fullname="S. Galperin" initials="S." surname="Galperin"/>
            <author fullname="C. Adams" initials="C." surname="Adams"/>
            <date month="June" year="2013"/>
            <abstract>
              <t>This document specifies a protocol useful in determining the current status of a digital certificate without requiring Certificate Revocation Lists (CRLs). Additional mechanisms addressing PKIX operational requirements are specified in separate documents. This document obsoletes RFCs 2560 and 6277. It also updates RFC 5912.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6960"/>
          <seriesInfo name="DOI" value="10.17487/RFC6960"/>
        </reference>
        <reference anchor="RFC9360">
          <front>
            <title>CBOR Object Signing and Encryption (COSE): Header Parameters for Carrying and Referencing X.509 Certificates</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad"/>
            <date month="February" year="2023"/>
            <abstract>
              <t>The CBOR Object Signing and Encryption (COSE) message structure uses references to keys in general. For some algorithms, additional properties are defined that carry parameters relating to keys as needed. The COSE Key structure is used for transporting keys outside of COSE messages. This document extends the way that keys can be identified and transported by providing attributes that refer to or contain X.509 certificates.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9360"/>
          <seriesInfo name="DOI" value="10.17487/RFC9360"/>
        </reference>
        <reference anchor="I-D.ietf-ace-workflow-and-params">
          <front>
            <title>Short Distribution Chain (SDC) Workflow and New OAuth Parameters for the Authentication and Authorization for Constrained Environments (ACE) Framework</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson AB</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   This document updates the Authentication and Authorization for
   Constrained Environments framework (ACE, RFC 9200) as follows. (1) It
   defines the Short Distribution Chain (SDC) workflow that the
   authorization server (AS) can use for uploading an access token to a
   resource server on behalf of the client. (2) For the OAuth 2.0 token
   endpoint, it defines new parameters and encodings and it extends the
   semantics of the "ace_profile" parameter. (3) For the OAuth 2.0
   authz-info endpoint, it defines a new parameter and its encoding. (4)
   It defines how the client and the AS can coordinate on the exchange
   of the client's and resource server's public authentication
   credentials, when those can be transported by value or identified by
   reference; this extends the semantics of the "rs_cnf" parameter for
   the OAuth 2.0 token endpoint, thus updating RFC 9201. (5) It extends
   the error handling at the AS, for which it defines a new error code.
   (6) It deprecates the original payload format of error responses
   conveying an error code, when CBOR is used to encode message
   payloads.  For those responses, it defines a new payload format
   aligned with RFC 9290, thus updating in this respect also the
   profiles defined in RFC 9202, RFC 9203, and RFC 9431. (7) It amends
   two of the requirements on profiles of the framework.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-ace-workflow-and-params-07"/>
        </reference>
      </references>
    </references>
    <?line 516?>

<section anchor="ssec-example-hybrid">
      <name>Examples with Hybrid Settings</name>
      <t>This section provides additional examples where, within the same ACE execution workflow, C and the RS use different formats of raw public keys (see <xref target="ssec-example-hybrid-1"/>), or different formats of certificates (see <xref target="ssec-example-hybrid-2"/>), or a combination of the RPK mode and certificate mode (see <xref target="ssec-example-hybrid-3"/>).</t>
      <section anchor="ssec-example-hybrid-1">
        <name>RPK Mode (Raw Public Keys of Different Formats)</name>
        <t><xref target="fig-example-C-to-AS-cose-key"/> shows an example of access token request from C to the AS, where the public key of C is conveyed as a COSE Key.</t>
        <figure anchor="fig-example-C-to-AS-cose-key">
          <name>Access Token Request Example for RPK Mode, with the Public Key of C Conveyed as a COSE Key within "req_cnf"</name>
          <artwork><![CDATA[
   POST coaps://as.example.com/token
   Content-Format: 19 (application/ace+cbor)
   Payload:
   {
     / grant_type / 33 : 2 / client_credentials /,
     / audience /    5 : "tempSensor5",
     / req_cnf /     4 : {
       / COSE_Key / 1 : {
         / kty /    1 : 2 / EC2 /,
         / crv /   -1 : 1 / P-256 /,
         / x /     -2 : h'd7cc072de2205bdc1537a543d53c60a6
                          acb62eccd890c7fa27c9e354089bbe13',
         / y /     -3 : h'f95e1d4b851a2cc80fff87d8e23f22af
                          b725d535e515d020731e79a3b4e47120'
       }
     }
   }
]]></artwork>
        </figure>
        <t><xref target="fig-example-AS-to-C-ccs-2"/> shows an example of access token response from the AS to C, where the public key of the RS is wrapped by a CCS.</t>
        <figure anchor="fig-example-AS-to-C-ccs-2">
          <name>Access Token Response Example for RPK Mode, with the Public Key of the RS Wrapped by a CCS within "rs_cnf"</name>
          <artwork><![CDATA[
   2.01 Created
   Content-Format: 19 (application/ace+cbor)
   Max-Age: 3560
   Payload:
   {
     / access_token / 1 : h'd83dd083...c41a',
       / (remainder of CWT omitted for brevity;
       CWT contains the client's RPK in the cnf claim) /
     / expires_in /   2 : 3600,
     / rs_cnf /      41 : {
       e'kccs' : {
         / sub / 2 : "DD-EE-FF-05-06-07-08-09",
         / cnf / 8 : {
           / COSE_Key / 1 : {
             / kty /  1 : 2 / EC2 /,
             / crv / -1 : 1 / P-256 /,
             / x /   -2 : h'ac75e9ece3e50bfc8ed6039988952240
                            5c47bf16df96660a41298cb4307f7eb6',
             / y /   -3 : h'6e5de611388a4b8a8211334ac7d37ecb
                            52a387d257e6db3c2a93df21ff3affc8'
           }
         }
       }
     }
   }
]]></artwork>
        </figure>
      </section>
      <section anchor="ssec-example-hybrid-2">
        <name>Certificate Mode (Certificates of Different Formats)</name>
        <t><xref target="fig-example-C-to-AS-x509-2"/> shows an example of access token request from C to the AS. In the example, C specifies its authentication credential by means of an "x5chain" structure, transporting by value only its X.509 certificate.</t>
        <figure anchor="fig-example-C-to-AS-x509-2">
          <name>Access Token Request Example for Certificate Mode with an X.509 Certificate as Authentication Credential of C, Transported by Value within "req_cnf"</name>
          <artwork><![CDATA[
   POST coaps://as.example.com/token
   Content-Format: 19 (application/ace+cbor)
   Payload:
   {
     / grant_type / 33 : 2 / client_credentials /,
     / audience /    5 : "tempSensor6",
     / req_cnf /     4 : {
       e'x5chain' : h'308201383081dea003020102020301f50d30
                      0a06082a8648ce3d04030230163114301206
                      035504030c0b524643207465737420434130
                      1e170d3233303130313030303030305a170d
                      3236303130313030303030305a3022312030
                      1e06035504030c1730312d32332d34352d46
                      462d46452d36372d38392d41423059301306
                      072a8648ce3d020106082a8648ce3d030107
                      03420004b1216ab96e5b3b3340f5bdf02e69
                      3f16213a04525ed44450b1019c2dfd3838ab
                      ac4e14d86c0983ed5e9eef2448c6861cc406
                      547177e6026030d051f7792ac206a30f300d
                      300b0603551d0f040403020780300a06082a
                      8648ce3d0403020349003046022100d4320b
                      1d6849e309219d30037e138166f2508247dd
                      dae76cceea55053c108e90022100d551f6d6
                      0106f1abb484cfbe6256c178e4ac3314ea19
                      191e8b607da5ae3bda16'
     }
   }
]]></artwork>
        </figure>
        <t><xref target="fig-example-AS-to-C-c509"/> shows an example of access token response from the AS to C. In the example, the AS specifies the authentication credential of the RS by means of a "c5c" structure, transporting by value only the C509 certificate of the RS.</t>
        <figure anchor="fig-example-AS-to-C-c509">
          <name>Access Token Response Example for Certificate Mode with a C509 Certificate as Authentication Credential of the RS, Transported by Value within "rs_cnf"</name>
          <artwork><![CDATA[
   2.01 Created
   Content-Format: 19 (application/ace+cbor)
   Max-Age: 3560
   Payload:
   {
     / access_token / 1 : h'd83dd083...001a',
       / (remainder of CWT omitted for brevity;
       CWT contains the client's C509 certificate in the cnf claim) /
     / expires_in /   2 : 3600,
     / rs_cnf /      41 : {
       e'c5c' : h'03487e7661d7b54e46328a23625553066243
                  41086b4578616d706c6520496e63096d6365
                  7274696669636174696f6e016a3830322e31
                  41522043411a5c52dc0cf68c236255530662
                  434105624c41086b6578616d706c6520496e
                  630963496f542266577431323334015821fd
                  c8b421f11c25e47e3ac57123bf2d9fdc494f
                  028bc351cc80c03f150bf50cff958a042101
                  5496600d8716bf7fd0e752d0ac760777ad66
                  5d02a0075468d16551f951bfc82a431d0d9f
                  08bc2d205b1160210503822082492b060104
                  01b01f0a014401020304005840c0d81996d2
                  507d693f3c48eaa5ee9491bda6db214099d9
                  8117c63b361374cd86a774989f4c321a5cf2
                  5d832a4d336a08ad67df20f1506421188a0a
                  de6d349236'
     }
   }
]]></artwork>
        </figure>
        <t>The following shows a variation of the two previous examples, where certificates used as authentication credentials are instead identified by reference.</t>
        <t><xref target="fig-example-C-to-AS-x509-ref-2"/> shows an example of access token request from C to the AS. In the example, C specifies its authentication credential by means of an "x5t" structure, identifying by reference its X.509 certificate.</t>
        <figure anchor="fig-example-C-to-AS-x509-ref-2">
          <name>Access Token Request Example for Certificate Mode with an X.509 Certificate as Authentication Credential of C, Identified by Reference within "req_cnf"</name>
          <artwork><![CDATA[
   POST coaps://as.example.com/token
   Content-Format: 19 (application/ace+cbor)
   Payload:
   {
     / grant_type / 33 : 2 / client_credentials /,
     / audience /    5 : "tempSensor7",
     / req_cnf /     4 : {
       e'x5t' : [-15, h'6ac62b8f41ba5d99']
       / SHA-2 256-bit Hash truncated to 64-bits /
     }
   }
]]></artwork>
        </figure>
        <t><xref target="fig-example-AS-to-C-c509-ref-2"/> shows an example of access token response from the AS to C. In the example, the AS specifies the authentication credential of the RS by means of a "c5t" structure, identifying by reference the C509 certificate of the RS.</t>
        <figure anchor="fig-example-AS-to-C-c509-ref-2">
          <name>Access Token Response Example for Certificate Mode with a C509 Certificate as Authentication Credential of the RS, Identified by Reference within "rs_cnf"</name>
          <artwork><![CDATA[
   2.01 Created
   Content-Format: 19 (application/ace+cbor)
   Max-Age: 3560
   Payload:
   {
     / access_token / 1 : h'd83dd083...cc04',
       / (remainder of CWT omitted for brevity;
       CWT contains the client's X.509 certificate in the cnf claim) /
     / expires_in /   2 : 3600,
     / rs_cnf /      41 : {
       e'c5t' : [-15, h'cb247f29c82b933a']
       / SHA-2 256-bit Hash truncated to 64-bits /
     }
   }
]]></artwork>
        </figure>
      </section>
      <section anchor="ssec-example-hybrid-3">
        <name>Combination of RPK Mode and Certificate Mode</name>
        <t><xref target="fig-example-C-to-AS-ccs-2"/> shows an example of access token request from C to the AS, where the public key of C is wrapped by a CCS.</t>
        <figure anchor="fig-example-C-to-AS-ccs-2">
          <name>Access Token Request Example for RPK Mode, with the Public Key of C Wrapped by a CCS within "req_cnf"</name>
          <artwork><![CDATA[
   POST coaps://as.example.com/token
   Content-Format: 19 (application/ace+cbor)
   Payload:
   {
     / grant_type / 33 : 2 / client_credentials /,
     / audience /    5 : "tempSensor8",
     / req_cnf /     4 : {
       e'kccs' : {
         / sub / 2 : "55-11-44-AB-CD-EF-00-00",
         / cnf / 8 : {
           / COSE_Key / 1 : {
             / kty /    1 : 2 / EC2 /,
             / crv /   -1 : 1 / P-256 /,
             / x /     -2 : h'cd4177ba62433375ede279b5e18e8b91
                              bc3ed8f1e174474a26fc0edb44ea5373',
             / y /     -3 : h'a0391de29c5c5badda610d4e301eaaa1
                              8422367722289cd18cbe6624e89b9cfd'
           }
         }
       }
     }
   }
]]></artwork>
        </figure>
        <t><xref target="fig-example-AS-to-C-x509-3"/> shows an example of access token response from the AS to C. In the example, the AS specifies the authentication credential of the RS by means of an "x5chain" structure, transporting by value only the X.509 certificate of the RS.</t>
        <figure anchor="fig-example-AS-to-C-x509-3">
          <name>Access Token Response Example for Certificate Mode with an X.509 Certificate as Authentication Credential of the RS, Transported by Value within "rs_cnf"</name>
          <artwork><![CDATA[
   2.01 Created
   Content-Format: 19 (application/ace+cbor)
   Max-Age: 3560
   Payload:
   {
     / access_token / 1 : h'd83dd083...0f7b',
       / (remainder of CWT omitted for brevity;
       CWT contains the client's X.509 certificate in the cnf claim) /
     / expires_in /   2 : 3600,
     / rs_cnf /      41 : {
       e'x5chain' : h'3082023d308201e2a00302010202087e7661
                      d7b54e4632300a06082a8648ce3d04030230
                      5d310b3009060355040613025553310b3009
                      06035504080c02434131143012060355040a
                      0c0b4578616d706c6520496e633116301406
                      0355040b0c0d63657274696669636174696f
                      6e3113301106035504030c0a3830322e3141
                      522043413020170d31393031333131313239
                      31365a180f39393939313233313233353935
                      395a305c310b300906035504061302555331
                      0b300906035504080c024341310b30090603
                      5504070c024c4131143012060355040a0c0b
                      6578616d706c6520496e63310c300a060355
                      040b0c03496f54310f300d06035504051306
                      5774313233343059301306072a8648ce3d02
                      0106082a8648ce3d03010703420004c8b421
                      f11c25e47e3ac57123bf2d9fdc494f028bc3
                      51cc80c03f150bf50cff958d75419d81a6a2
                      45dffae790be95cf75f602f9152618f816a2
                      b23b5638e59fd9a3818a3081873009060355
                      1d1304023000301d0603551d0e0416041496
                      600d8716bf7fd0e752d0ac760777ad665d02
                      a0301f0603551d2304183016801468d16551
                      f951bfc82a431d0d9f08bc2d205b1160300e
                      0603551d0f0101ff0404030205a0302a0603
                      551d1104233021a01f06082b060105050708
                      04a013301106092b06010401b43b0a010404
                      01020304300a06082a8648ce3d0403020349
                      003046022100c0d81996d2507d693f3c48ea
                      a5ee9491bda6db214099d98117c63b361374
                      cd86022100a774989f4c321a5cf25d832a4d
                      336a08ad67df20f1506421188a0ade6d3492
                      36'
     }
   }
]]></artwork>
        </figure>
        <t>The following shows a variation of the two previous examples, where one authentication credential is a raw public key specified by a COSE_Key Object and the other authentication credential is an X.509 certificate, with both credentials identified by reference.</t>
        <t><xref target="fig-example-C-to-AS-ckt-2"/> shows an example of access token request from C to the AS. In the example, C specifies its authentication credential by means of a "ckt" structure, identifying by reference the COSE_Key Object that specifies its public key.</t>
        <figure anchor="fig-example-C-to-AS-ckt-2">
          <name>Access Token Request Example for RPK Mode, with the Public Key of C Specified as a COSE_Key Object Identified by Reference within "req_cnf"</name>
          <artwork><![CDATA[
   POST coaps://as.example.com/token
   Content-Format: 19 (application/ace+cbor)
   Payload:
   {
     / grant_type / 33 : 2 / client_credentials /,
     / audience /    5 : "tempSensor9",
     / req_cnf /     4 : {
       / ckt / 5 : h'29e8a588da26249fc88f3b3f059f2144
                     475c895619d64b2ad4aa2f8a051e8dc9'
     }
   }
]]></artwork>
        </figure>
        <t><xref target="fig-example-AS-to-C-x509-ref-2"/> shows an example of access token response from the AS to C. In the example, the AS specifies the authentication credential of the RS by means of an "x5t" structure, identifying by reference the X.509 certificate of the RS.</t>
        <figure anchor="fig-example-AS-to-C-x509-ref-2">
          <name>Access Token Response Example for Certificate Mode with an X.509 Certificate as Authentication Credential of the RS, Identified by Reference within "rs_cnf"</name>
          <artwork><![CDATA[
   2.01 Created
   Content-Format: 19 (application/ace+cbor)
   Max-Age: 3560
   Payload:
   {
     / access_token / 1 : h'd83dd083...f3c5',
       / (remainder of CWT omitted for brevity;
       CWT contains the client's X.509 certificate in the cnf claim) /
     / expires_in /   2 : 3600,
     / rs_cnf /      41 : {
       e'x5t' : [-15, h'e35464981de8d29c']
       / SHA-2 256-bit Hash truncated to 64-bits /
     }
   }
]]></artwork>
        </figure>
      </section>
    </section>
    <section anchor="sec-cddl-model" removeInRFC="true">
      <name>CDDL Model</name>
      <figure anchor="fig-cddl-model">
        <name>CDDL Model</name>
        <artwork type="cddl" align="left"><![CDATA[
; CWT Confirmation Methods
x5t = 6
c5t = 8
kccs = 11
x5chain = 24
c5c = 26
]]></artwork>
      </figure>
    </section>
    <section anchor="sec-document-updates" removeInRFC="true">
      <name>Document Updates</name>
      <section anchor="sec-03-04">
        <name>Version -03 to -04</name>
        <ul spacing="normal">
          <li>
            <t>Editorial fixes and improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-02-03">
        <name>Version -02 to -03</name>
        <ul spacing="normal">
          <li>
            <t>Editorial fixes and improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-01-02">
        <name>Version -01 to -02</name>
        <ul spacing="normal">
          <li>
            <t>Considerations on providing credentials by value or by reference.</t>
          </li>
          <li>
            <t>Minor fixes in examples.</t>
          </li>
          <li>
            <t>Added more examples with hybrid settings.</t>
          </li>
          <li>
            <t>Extended security considerations.</t>
          </li>
          <li>
            <t>Updated CBOR abbreviations for a more efficient use of codepoints.</t>
          </li>
          <li>
            <t>Updated references.</t>
          </li>
          <li>
            <t>Editorial improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-00-01">
        <name>Version -00 to -01</name>
        <ul spacing="normal">
          <li>
            <t>Enabled use of COSE Keys identified by reference with a thumbprint.</t>
          </li>
          <li>
            <t>Changed CBOR abbreviations to not collide with existing codepoints.</t>
          </li>
          <li>
            <t>Fixes in the examples in CBOR diagnostic notation.</t>
          </li>
          <li>
            <t>Updated references.</t>
          </li>
          <li>
            <t>Editorial improvements.</t>
          </li>
        </ul>
      </section>
    </section>
    <section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>The authors sincerely thank <contact fullname="Rikard Höglund"/> and <contact fullname="Göran Selander"/> for their comments and feedback.</t>
      <t>This work was supported by the Sweden's Innovation Agency VINNOVA within the EUREKA CELTIC-NEXT project CYPRESS; and by the H2020 project SIFIS-Home (Grant agreement 952652).</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA+1963rcuJXg/3oKrvzD9qxYBninMpkZdVlOe+PbSup08iX5
+gMBUGJcVawtsixr/HlfZfcp5gE2L7bnAOC1yFJJlm9Ju9tWqUgABwcH534A
27Yn744sdzIps3Iuj6xjIbIyy5dsbj3L1wtWFlaeWseb8lIuy4wzfGbN1lLg
r2xeWGm+tuCh9ZSV7GLNFtb5mi2LVb4urRfsWq6tM8k366y8th49PX9x9th6
s87TbC5Vw16/bCnUV/k6+0/9Db40y5dFuWbZUgrrZPkuW+fLBTQqrEfHs5PH
E5Ykawlz2AEjDmyt9LgTkfMlW8BUxZqlpZ3JMrUZlzaD9hwa2aKcF7Z5256z
UhblZJKt1kdWud4UpUNITJwJW0t2VE9ucnUBEMxOrJ/z9dtseWH9bp1vVpO3
V0fW82Up10tZ2k9xvAmAd2QVpZgUm2SRFQXAWl6vAJznJ+fPJpuVwAGPrNiB
MSY8F9DZkbUBGKPJhCncHE0s9cc2Py0rW0KLl1PrPJvnnNVf62m+ZGue9x/l
a+j19PnZiXX8Q/0lYFlKgO55wdK/5WtRXMCaLi3Hqd/gMNUj6/dZUTZdAYww
ytmJTQPP8kjr+82yXMPrZ1e4EvX3csGy+ZG1QLCmpQLrP9bZtJBb09Lw/4/8
cglEIzd//z8wl7IsinzZmnmmlhhea6axWeuWY43U5E/WGcdv2wjQ0zsrc/72
Mp8vhqcY7T3FvwHk04UZ/T+kGXDK88VkslSbK3sncTWf20+nig55XkibJ/na
lkscVNhcrsvOK0iqUlzm3M4Lnq9lRan40umzmRtHgfnoOxExHwPXC6uPoRdX
HyMamY+h45Pmo2M+Rq7j1h/j6tvYr3uIPK8aLQpo1UMU1qNFcf1uTOp+4WPV
b0zrd4HkSfORNh/rZp5bv+DHFehxQJqPtPkYqoHPfjy2HT/Qe6a7fxQZvHp+
dq5+N/xPbWhp/ciKSyAEYEhsLdTzAtZPFtkyzXUj69nzN2fWm59+sGhEbO/Q
evr6uUXJNCBO9ARfmOILU/VQdYAbG7nUBfAQC+bn62HZ+gL33GVZroqjJ0+W
7+arTVJMl7DHphf5uyf4Ab95gt31O56uRAq8CYBqUROuLIkr/AWAnwonrv7Y
oaUrYFjpPL+yYa72igEHL44mE+ScsBcQgScvnh1ZB3+G9vYf4c9fDyYT27Yt
liBT5sAazy+zwgKuukGubBkOdjuZsLpfmTAFpmvBXKCTzZytD62stIqV5Fma
Gcg2hUS5xhpplzbSjnUh4D1pB/KAJfOsuEQ+z7RwKaTi5IfWFbS0VhLm2OsF
cJSwAsDFORXXi4UsgSFA59erMgckrS6vgYFfyrWEMeQhQDmEVVgFJRqm1s+X
rMROhUwVFrJlrwl8LiRbzAGy+bXFVqs5gJIAkmEeuZWlCg8V4gEfxY5VUosE
UqaUTCCGcM6HMI326Ao02KHTiSaQRSYEiNvJA5SA61xsuMLDA+vDgwy/+IiU
I+9jua0UaEwiIVsfPhhG8vGjga2ALi2QNZdZKXmJe7vMLYk7hgMqOAf0AB9H
gBQN4Od6KCHfZfDC1Dq2+DxDpD6aPbbW8n9tgAZUx/AC0AZXxASLCKJewOqv
jWAHelnnCwVAZ0rAS94Bfh8dK6yqhUDyU7S3rIAq87dyiXQABLVZzXMmNOm2
H+Nc8DvNRQCyIt/gvKoBTs8eHyqUAibYHMlANQakwMIjPgDcqhHMp1SdnZ7h
ayD/kb5hgCtDadUOEhXMbUimejWblbgE6oD/QRIurWSTzVVvCUj7t3oar3GV
LWdK+quHAurjRzXxzrofawpWCAQdEoQ0rNijWX785rFuiIILlh0XcQFwsQvA
C1J0KoEDQE88g03/AyBifW29Tv4Gs7dO5QqmDwuru300++H1qekNJZfpDQT2
CjidpWQyTEOjFN+t+jnLLpaKGyyRPtWe1v29Pjsx/aH4+/ix+uiargs5R6kP
AKg5mlXBtkgLLfwWgOAzify5bHZttderfYgLIyT0Nbcu8yu9wRUXzFYM3zLr
hnpqZ0fABBebJSIXGI9U66yppagIrKhYwcpgHhdR08s1Mo8tjluNU4PaMIpq
j+JiNVwZAd5bXmhCAaWmwijFj0ikG2SxALTBZGtqaj9eZUB0ZdU7aPfYez25
EfwovlzPBAk7kbD35PtSLkV7TsD9kHLhd9g90DHAAXg0K8HmaAcoKV2JnxsY
rqZDULFgakquILHjJOsJoDjBjX4+ewNDWj/L5Aw2mISl1m1Bf/v40WzNthE0
thwK2sKaKUI2vADZZSXxeuJOo3NI2tWirpF0AN+o3HtmjEiwtgBJFofWhx35
VPNy65RdWW82AA23fg+09+j0ze8fWwvQla1HhZQwmzOzgdypgziuJ/dYCWeg
9h6oazlH+sv12q9012/ltVIFFHO9ytUcFT9bw/DtdyrOQwyeFasEdtOi7AyW
o2lS7ajjM72mRppo7tFl7tUiHKt1Q0kDTHjDLwd6MwIAWTducz7fiIZPgzDa
wG8ddg36g1yqJ4rL97j5YTWu0hXqwWdm/3TwVKHp9Eztk+Vhl3yQ1OFj1ll9
hTqjKq1R9FVAKOq6hObFJXsr+ypGF9lvgFJaxHvYdFBRDRMLRH6+RF5mITP+
BWkm10y7xZYVpzNSGFZwtw4IKMdJKfatFvm6gr5HPB08bNPO1Poxv5LvpNZP
lSpXZGuloineemvllAMBJYq5iENNKDCoXAI6Ocr5HuUC+K1FRDsTyBVFQDHt
6/RyiVB1NGfd/TaEhuTay3BoJdd6FRFPtWDagSszkUbhgA4WEnieehPlLnA6
61xtkkezn88fW7M5yxYFMFDUCWezs6LinmC2Imn8ceqTuDNJ/RxtZHyOOubA
GzcY5mbPt1GlNkwbXx2CNKSjVJufz1EpSTNlucFKvpSgIgrrIX9bPtzmz2DO
VlJgU2jDo0/PPYJkvRXH/bEpNIs3ml2mSKeh336PgHYwR4Bnoobbkl9zzXcq
KYTNM/X2OzbfSMDJljIwZMt0BA+aVkr4QOt/gUcgk+316q2NnB2eKx7TIUkl
fDWKQQRoCdDB2pgcUOSoVghdaxMwcW0l3w1hI/EorRdEk+p9a990iRU271RO
Fadi1lJe7clDcIO39uunc5NK/LURZ7/lvADJN92a5c0U2CKPAVprU4Yxektj
JuzNRz/jvGEGetoVKeFuHaWlRrnA9WuxAEVVOL0MmN0AE9RcZZB3APrMtG6a
k1KdJcjVWvHpdGSIpK3yVRsNR66McrNWhlnWawMo+LnhGQp0tftEvWkO9yFy
wJW1zEuQzO8UE0tqIirAdjPLjeLfqD9anq1y0BITzfZUyyQvLzvDqE3Tpy2l
KOL3s7PD9hRzMHAGG8D6zDVTzRUWmxdnZ0bRUSP3J8nWDcu7Aej6tcGFUGCq
90aWQb2AYA0u4xD8e6/nNrn2vv2siwlo3hatDTrg8dbWqHHBlAdlq/mO5ey9
CXbDZo2vLJTHbBec3b35tZfwGJSEw67oqpanv5zV/gc7NkHZtmNd8Hsct2W2
7OC+GWK0Ndrh8ByKLT3CmJMyTVHAvpPaPEBzEEnSuLDGxh1DinYR1VYYA7tk
oX0olZsB3uXZKqs8m2W+rg2X0cE6i4tTMXSxRisENG9EofbQ6dAeAGUcaG2F
Uw9eAZon2lcDbDs1enoDrMiBvNTeyufi8AborrL5vL0JjZkl2ooUYlrAxJW1
zZJ8g9xOquXRrytNb3yV26Kig28hV6A/qRXTKDfKNreKrNzULuu5TEvlxmg5
31Y5fMy0v3DWMlJ727H9CCNlcwFKG/aSlaA/8lw5GNV+R5tSMhCxmu70NOV7
DobLxY2LPKgj3FFaHlpyejE91N/Nr1vYqcHFwRdaT+pomzfFVJSp0GPdjc2k
/eMDXvzDXRNH+TVsI+1Q7wrrALXCg0Pr4L2fsAv9AXCdLfXHUv/Y4A/uJ/oH
1z/wGWIaPm4ODPWv5Q5MDEUqDSruGr7IUgtNqsrXd0NUouWYg1EfPLDO0Tu/
zOf5xbX1AIMRZfOFCUmgPXyF8W/r4OVPZ+c4dfxpvXqtPp+e/M+fnp+ePMXP
Zz8ev3hRf5iYN85+fP3Ti6fNp6bl7PXLlyevnurG8K3V+Wpy8PL4TxWKX785
f/761fGLg23csHXFMzJMLlgBP0P/TjERsuDrLNFT/2H25v/9X+oBCv4b4MCh
FC1I/UtEQ8+Yk3o05SLRv6JLdwL4lgz3C9qLIINWWQkUp5BbgAW/tNCThvr1
nxEzfz2y/jXhK+r9m/kCJ9z5ssJZ50uFs+1vthprJA58NTBMjc3O9z1Md+E9
/lPn9wrvrS//9d/n6F23afTv/zaZTE6B3pQ7EJYBWJoOo+j1SNkim2eAudpR
huRVKBzzHFjMSjnrW6tUOZybKMheQdBWoKv6SNGOXqpO0evVcTx0/GSwiFcS
lpVV/vBtEIH9MTOrrr+lUA6XrntFh0PG2I1+MUQHvRForR2nA6oYbFae0orZ
Lgvg0Guk6XaYossumgBSK2w0EIfIaodo0YriHe4Ilo0G66bdtde+njsQQBu7
6NJvha8ONb5bIagmdoXhEeupcqQpyF6AfNxgmOvR7OnTF9WSBFR5tNBiGYk8
HWraGA6iHNai1Bi5fasJUN80r52xr/JSNroaztk6AAVjlQOHOqiZtfK/a0eP
dhoVZhlFM6tOEJBlC6QCtNFBrcI2Tbiy8nA+abzlT5QoRZlYVtHM4zM9oye4
qv9pY65EE+jUkR21Bg0ElcEPQB/85c/sL39dagq9boJp2uW1NDFKaF2FxQ66
a5lpbdAIqi4XH3YdKl2kDrtpPI6qAAcVqAo7xjdRZ4OoRIMi55miNUWPrJrK
odkTWhVhpfn6YSdSgWhT2guIFxX96HbW9WtMrZP3bLGay5u81MrqRmbxiS5b
xXTu6LMFwQ8Eq2OCk0kNeHm5zjcXl6h+bgtc2OhrjJ2rlVSbVGTsYpkXMEtc
5Qrjw17IyPggTVgZgf/w4XillPD31u+qp2rzTq2nAz1jJFPFehGYPC2VKlkH
O9FyQDNGvgftfQ5k1AlsG5WwWcyHxgMCYCjluNBOW0XPY1MbpOJDkzCx4WWt
eapcBvnw7PXLk19eHb88eahABpDmjGtFFd/SSjkQVXax1NOoG9RbC9iasoLn
RutQKE2zC5sLMVf+vLl26BkvX+tbHVSUemkPrQ/yodFyH1pH1uVDl0R0Op3y
hDgPP4I5iSEnJYw+ON72CzWDy1Way4nIwP48st7MJStQ/Z3LUtYYVkFNK4PV
Erhb5hg0lzBxvdc0S5BTSzsBsrshfaVHNjitpeZN61Dv28+PfJ1wUkNa46ia
PyYG/VTliuW1M+Ql+jxQLe8EAAyrLMxmaueY3db5rzYopkg06lcjkAbd52az
bjuYNSPpBqSVT1PFEPqT0L31ZlK5nquoWFfYjgXGak8BanBr1NXVrlIOzy4T
bVlHg67TloIwtRoZrswBHFNkqbGNTS5TJ2ijU0dWCpeJBBwiF0lHJ5JtQ2vy
m7qroIw9qSNB52pTXWP6U0XWnRi5CZ/3g//+NJrSZuWBqT5WDqAR7gxk0n5d
oa7eKw0OGgXnAMb9hS/Tg4anWm09XBlBJq8HZqpNbkvvzw16R1TvZheqZRsN
gmjcqZEvdUJOgk7NzVJU+6aXh2UN5eLgEAooowvrWagZcBTEN40/RD2HljHD
On0Wm2SkT3iiiA6zs6ted6kU6h0t6MFIq0dpRZ3VMA2hIMJRXA8RSr107WwK
VMCHstlQy1wBP91KKkG6cj4nXbVWZGgWn4euMDf1V4LqENQoGzOc+PPwMkN0
98upii/IqIxZ9VlopnHv3jvh1F3fRD2lifnvQ0JVUtuQrNghyg7Hlm0XyTRW
+w0cpM6r3Qr795de+5LQPV05y9d3dfY+LytLGOeYoWNH0ed2PBj672+rVsRr
/+iWUZTMvhyKbDVv9FSiwdgBEN1K7ZwxxVJFF0ZiW3XjbRVyKxlB6ZQPalt6
MtEqt7Fj7Jld5vbxma0VU9TLdRq6ftxPGq61I6W6zZrUQxjlfzd/sBDlzWvF
B5gqQmHF1PSIxUrav4IvzbR8tXVl4JFFY+tRKzL0BIjgv6PB/Vj1qDmdqrb5
oEtunugc+V+w4A1+cV2wtBz4oN1yv7QX8Mlh1YRtRKbQ+AR/96HJQSkXqzO5
LPI1PajfM7tMv2ahEfehKsiSD5G2H7a/whbABeBfB3v0HNsntkvtZ8/sk2e2
G9quY7tx1bt+X/cedbvBBzUJPbFo/yk+f1tea7ComfDJzKln2Op//U69ZuNr
FD6+wdKlgRffm0najjJVRcg5CR0hHYf4ieDUd0Pme67wXR4QFnSbb/1hPAkc
ybmIYsLDlDkhj6XreySKk0RS9+HW+NfV+K4aP419SYWXRD5lDucRSdM0CkUk
HTd1HJbeMH4SOj6A6kuf+oI4JHSpDGPmJp70QuqQh+32HyfbH80H9eNjh7A/
HFkPRraPLvj67cGx3i86mfDU7Bez/ZRDoLJKW3K2lX+stI6f+zYYbJR38tqI
EWCUf6lkwF8ODj729zTAA1DN9t/TRktQm9potKjIbm9qZ0ooFsKiRLv1/n3J
3tvHF/LIcv2AjG5oDdovGjRN/kCQkSsEidzpdBp4btIQ0BPr0RqLI5dCyzP0
A+aLrCxNJhhW8mbl9W+q9/G5UU60ta85xcNCrUoVLoBtqeTdY+tJBZZ8vwIx
U/ySLRWp4j5xA0IaZlG0eIXl0dtxi+Nj+4cf7NnMJsQm1CaOTVybePfLLfbh
FXtyCsMnkoS7XhyAtR9I5gnXkbFHOBMOc1yPetHOfSoEd2gYU0ZhRyc8YTx2
A2A4XiCE56VkjEsYHuH5NJaOHzpukDiMcAlS001J7NKUpm60m0dxFrJUsMBL
uZCEkog7jsd9KlmSBsD57pFDtDbjCIcwu+9WLMLol30+cTjEKIqGT4x4l4B+
/qKT0Z53NI7TWuPY8j2hsjGZHN+kxRz2taGi7SEazNgcSqobVKGGzWzNb1HV
rPmaKd4qtgKV2XKrJKrjTGvnBHein4jv0bTnvNhKfC56WSG7U591F3XSzv24
0c47VmS3RuUuqeMmD7LKHdevtsw8pYRyRY0ageXlZpGs1pl2p2yryQjxRqcd
9ImqIikz8IAheInl1elmyRsft7ILQSE3BdvYn/6kLNwqILfAiuwyX6tVKDYr
VTyl0o/NLzg9FfpEUJs57DTpZ93qxkFHqf795E+/NP7YTDubsqKTK531k6P/
ORycQE9jboNtamqQ+U/surs7xvbwTe1Lzej0+MLk/PV9XHfDvHJrNcnkfZnX
wXhfnuxOTv7q+cjd5I2qEGaAixpO3xQk4So2qXla3u10zNQ5g30Utdw8CERP
QFlVVlldMNOpT9mZHKoxUCVbanLHkSrX3dbuQIkGAsvQb7aumFNTVKcCfH3y
HQod3tW9o3xDv7p3nL3cOzDC2xL+9bXx6fo+SWniJ2HgSkliQfwo5SGTaRDH
hAxbGtQJ4aHLPEbRheLGvgsGUkJJGvIkSujD2/sYAKZ79DGcjXB0cwLBmCVw
KwfEvlT3PTkgfN91vjMHRI+ek4CkYK2HNE1Txl1JiUf8IKC+x3zujljOVJIk
jVwfCFqAqRyRIOZpIAWPGfzG3P3puUUd928RfzJVt61la9YqnukkkjTlfyP5
F8OlfxWg3Wrm0XLAkXLqW9UCzvCskbWsQ7G3S29RXXXPpbihkHarXMyMlhWr
OTOmYNt6HTRUx2tcqvk9ydddBZWNYKsupx2qDGvl/6kqwa38vz3T/7SaOl4g
0amHMDUSugbCFD8kB7cOgymlp9Jcap3NaBQ3F/DsBXW3dKNbrPFJ8Naa1h7g
thVLY6mM08fxT+c//jI7PXkKdnVliY+Txk7bQ9c332S3fqKJ3Zzq0Ya8U71u
YWFY+2k2XOdYxXm34W3bK6ZA/XjZUCWSvqHLthWTbY06bBkYR1pn26iO9ZZq
fw1DqDz5la70m1//Bt5pA1RWwGxuAGUsNGoybmFc5RLSID5iLZvjsQbrp9Pn
eh3xgEM0CNtgjWF9iz/cDud606sZqi3/9ZCtt7OB5Kvj2uy0G/wdn89rc/+b
sDWVXzffZ958N+D61003jONbiFLQsPbUtfYSqDt9azt9fEMbVWdwje5UA/EO
ebkFzj3sWD3qt7FlNSxfes9WlDImMffC+r579wuge9/N+4Ww/Q3nAtaYKT69
Ivwu+YEARX6hjzSofAVZK5duXXQL581JOdWJJTXwZjKNP2H8CIrC+huewYzv
g6Fsm+K+9sEirVB5XSNpykDahZIjfHXwsNS2b6I6nrTtXqgPvdOFS0OnquC7
+Gq7q3P0tWKl4h/h/YPB6nc8DLqqhxo4jaXqtT2BsupVvd8ab2CEfQzusQTQ
jv6GNc4dMbE28ZGBSsAqOLI1n7qu6pNGHDs/YldABnd5VfR0h0TVMRG9M3e1
dzKLpXxbOpBfZIWK59X+N3UYYolHA1ZnyYxV+Kpa5Q6N4JpnBd9U5Y9t/bwK
99elwHvEN97Dsn1SgMMyxYp1fV//wM2dh8LU52Swtp7QzoZo53c0BIDhLex8
iyD/YQIu7p75tFu1lFLiv4wyQlwCqiH8xdwwx6Wx5J47EnWxiE8C4jpJ4IfQ
jgqX0gR+xvit7xMPvuQjTanj+Z7nRV7quQ7mtKVBGnowqB/AF64P/9GRpm4M
Y0gaEgEvOi5xXZe6AfzEA3M9+C3w2dioulEMDRzVDP8l+j+fwdSd0VEdnKFs
z4yGvSn4I01DNyQwPxl4gCinO0ecjMP2wjD8pIQwKhIvTGKfRl7ke0yMAswA
ROb6nvRoxIAYXZcxkjo8CBxOSOIyPgawL2TspLHrA3BdCDyAIAkdNxlbV4Jp
fSR2Ihkl0IjHkZA05tyNHFd4gQxFEI80jcIEBvLCKJU8ZSn1MBGa4gfOo0RG
TszHEg2T0CUewEYjN5SJxxIee7Ef+CIKBJc+hf7k2FwdlkQOp76jioVvHShE
Zrh3pHArxFHV9Wue1H4MTHv0ThxTCXXelXN/aKvge4UM92fkYzHDLU5uHnbv
a9gZYTCW7icyduxlO+TQrmn69oKbTsqCzxHc3MbDZ8u1vpUkYeT7kiRKKHx5
SeLFwRizCuLQC+IA3oc5fqokkYIELGIyoAx4a8L8sVIP5nu+4/NYkDD1IkwY
xwkCrBLEiSsizp2xUZExRz71qBySJL4DizeGJhGBiApDEsdBwlMeJ0BAwpOh
BBHIiUhgzmOL4yYidWIKMi52Qp9JL0pC2KjUjyMa+UQ4oUjGMBy6nnTDNAgB
NicIYa/6UqapAyJXhiyibjo2qh96IBqB8BMgneT2IfodkmQgRn+PoqQ0ZZE3
yJNWsL6b32zkB7DjddY5sUSdvY9sK98UlYgoqoP8B+xCFbBkO9R/nax386m5
43aLDa99O7ZLN5OxndnecWT9Y1st3t5WS4ly5s829Q9B2oRx6jCPJj4FBprG
ycO/NpJUJZ9bjh/YSVbq68AAzUtendsVePigqKTgLdU9pKGvpPLdR6LY7bbB
19D89twW36POxwUj373O19mH3AF7y0lFCKoIh035efdhn4i/qsC8ZYJbfUHQ
zByRaK41qvLcqpuMbN55buRtfc9R92m3Iol0PN0mqwwo2lw10zkVTZdndc79
PcI8pd45t7vrldKmcn57gw6U55sDS4Zq0YauvNhr2jqZXU1z2pvAWFLfTiVj
r4ErF+qsTnAwdz0NwjGg7Hw6CK3j9HSoALTb+he857P1S9x6EpCoOoLPfIHt
hgHfPqPv0+G+MeZQgzIb8IT37/fq3VikxsZCP33Ud+to6uLhDnHUlm+M6wud
ivpccdg5a3Waojp7UaU4VsHFHfFzBFulzGjwmvcHrnQylwS2UkfPtsKQr/C6
IXiGpyr3Zq2P6FMDqwoV3FrwcuvQFCwQulCLYo4NzAT+ghUW5kz0XWq3uSME
SyVV+QdWUIxfQdSLMvVrKJ6NtzzsQp2tG0gX7LqKBtWFkKeSze3zbAEQ4d2E
1qPT89njKRgyetmantXhjvpgWHVW7aPZcfEY1R882BwvKwKkqnNgYXiACOaY
btQdet1gCgDwLjfdtRrr4kV9vH/nnYXEY9CzYlEf0K5u5lPcT5/h3hya3+gd
ncMPO4LptOn6RVaURT+nFjt6vVTHHbebnZWsBAusuXfx9eysuncRb5iFxojd
qjhHLfYNNtg2Q8MrDrNFNmfruT4YGIlkx3oiajFsOm+etTBXrXT/Mrve+uh1
wwpb+Y7hdsOVhyYcVtpUC5laLaaknV2RpXrRrq/GUxJxtc5xQ3ZKqtQVj+ac
xX4MU+2C+jS/1k6vTvvTAcxiM8d6JUzNbh9iJHWJUhtgdVVpvljg3XxMI1Gn
trffMmfIMWEGfZQj4hb5O5SowMUeQxt99ak6Gey6fUkbs1CMX6nk4BXYcQJP
srTm+fIC9E8TI1T2+7Ie0vAKc6fAcuiGVVUb17r+QAsVNzABRev58avjns7T
Pz0Xz8Zb5orzKkEBc8JWU30ZbcL4W+yoPupVCYMfr5N1JvAIWmTXRo1CParS
FS/VC/2igTqbsXXqk6w7RtfEYaXAqXXCQ6ZQ5sj3IFlUD9UFAQN35VXJ9mX7
0rexO4+2YbWpuukwXw931CHAHb04VS/MRIs7XpnOrSVbtQM7unX1rUx4rkF1
1uej/gkHeJB/Dbq2q4DRjiwNTHe0hg5VA8DWp/hqKk9Tebl9gF1dL98uXsEp
/MO4Vfw9q+/GDzTZ4+ijvY49us8jj25z3NF9HnW09zFHdzjOyJD6fdYbzgZp
+7YHGtnOJ/mIxvdfk926dV7cN+m08Sj7zqoQbz4G6elT++QET0wjvk0Cm4Q2
iWxyz4em3f8xSIyHvowll670SZLySIqAuHEcRbHvON5YIEr/8bkXJikNRBoH
AXAajzpxxDFeE6ahTIIbjkEKpC9kQKkbRQy4CIsc+Ox6AJJwQ8nHYkpmbIe5
wGwcP5SBSFzusNgVqUPT1GUpzOPzHIMEWPvsByGNHn+05XJ7NOuo0LfSFZxR
XUH5AvdkVb9mpH1RJSS4Y0aaQ2CTYSaBkJ1MApfQ1CdiPMrNSACtWRR4EbAI
oeLrDrQKXEphm4OkHtMumnA8SXzHw8A6CTFjy1XZBK5HR0etcwgwBYCav6RJ
B8CnY6FqRyUcDDTSOQTOeM5EP4cAu3AUFPCv5/qO8Mbm6gX40INXYHRQxFw8
cV541ANUYdIXgDKKprCFXVyWLr6hLQlHMQyIJMRLqEMDlsTAThM3AQZKUtAC
U+LI0dwwF5i2Q11GMBNBCs/zgPlTQmPuiBTBj9gY92Xck9QTUcBJHLlSoPSQ
qeMBwEEUUM690bn6oNqFwK6JA4gmgvg0DcPYYRyoCNYndcn4uhKS6OWhgqSw
RIoQSRjBj4pIx/LgOrQLSItxB3gABWZtCKTLsblSEUQe6MMkdmgMu4SAWIKN
RIMgdXwY0gvFGMCCyTAAXikZUBTo4ZREEgbWY8Is0kCMkgQQQUpZkniRx9NE
BiDGgR4jCZLRdaknGR1bVxpTGSUBCQXzmXQTwWhwtxy8UUH3zWfh8W81C88U
BO2fgLdV0P9tx2IJ+Txq/RYaPpuOD+ujRSZwiSiEDRxQESaY8hu4TsRAtji+
7wMzDxzPHdiCHuzyIPH8EBhhIEIS8MDXCWgglGLY8e5gUnPoqDS0AP66Khkt
xvRmELIMhbbrOHIw+c2jvqMlKWU+B+HDCU+DiLfBHGqGuWI+zIBrcIMBcAea
qRngiamp7zlOAK1Cz+TpeYT6oLunQ7yQR4kHjyjlIGi8UGKaNBj4bpI6Ik4F
92JvyE9AnCjhrk/Rq8AJiCs0TnyYXxr7EYgtYKNDKPEBPlhuEYU0SNIwFUSG
gBgCJgUwxTBkIhjiuuiCAL0o9L0gEjRA9hz7FK0hh8EkBQFQh4AEGB2BPhdK
QZwAVokbwZKAYIgdFFeUeEPNaAJqF0gt6nlKDwNpRIgfeTBTEdEYCGVo3XyC
yd5u6nIvkoz5UsZeTIHFg/njUI/EsRgSCxGlIQ9ALwgoaF4cBDeDlYujOPW4
6yDlpIOjwcZ28FxcN2AkAryFYFwRXIcAkE/BYiNDAhfsOVCWYiDBO5ypcx8J
e1a/SOsbTdf7Gol635JR92uqHphz4d1S9QLGAyeJUo8mzBdx/GVT9b6aZngv
p7rdcit8BRXxFtl635mCyDnxvvNkPd5L1kvABkydGBSFJHZd9mWS9fhNO/FL
iMvbJes9wLPc2pHTOuSpbi4dPKpuMGS64w6YTxNvN0Q3bw6sfKcyKLqnS2N8
36bU9jz7+Ad79hTvjcH7IMj3cWkMFx4Nw4ShXee6oQ9YdMI48SXFwst4rKam
+gOmihRRin5Lzws95gQpJ1IknieZ74Y3XxrDiBtTGDMGC9RPmAClnhLhSaxs
YozdNH4EFpkbhKHjOFHMBY14ItFGlVGcxDwVn+fSmFsoAne5NubWOfjuNynS
/zlqL0kafpabbb5i7SXeySJ07EQ6naiJcQ2NeX5rj1Hjmu7HT8Yc5MLFKjtC
mkJNsNqJ8uZUT8acxlUD9Jc4KrxSR2jMkzEHOUZohn1W0EUAXYx79E3PCXou
0Lk15MkaaRpIF6O9hNJ22IW0XF6jpYyV20utCEaKVLEm/IuFo1Q5pUYDHxSP
M6ARSaGJ/q9dcerD72NV/G6MQSSf71qiMTR1G7SWqHkyNldsEKoGfGhNcfHG
MDyypoQbwoQuxgDWa2rcfdBExWbqUf0dAa22X7CJfnXDXDsCH9vRryrMpT2J
I013Oxi1N3EM4GEnowh9j8YioixgYwB7vkhTJsOYJDL2eRr6aUCcNKa+E9Ao
jeh40wQg9AM3kj4AGQPV04hhgDYKG1IZjUpR9Bgie1HF3XVcTBKPBvAXVm2M
JG7wjfrji8NUsLgaCwb3aISB4Aj4Q+U1HVucLWdq13MKExmr0G7F/CgM30T+
fITHYTt3DiCKEg8okTiUaeAj45f14b+QjF3yRTx4veJNtSuX0MRzE/TbIhTj
NKwcumO8H/fUWNNWWLLxBHfdvmOLM+gN7rp+R5qiR1iPue0XrpzAYxxxh2+4
cgSPNb2Df1gref9EJd14utXOk9v6JV6tg9a0Gt07Qb7KrtaHZ+3uevDQSYVB
de5X29K8rT+avy2/EVf09vU3u/1tPXzqkobOwK0DyP5RPATxHe4dcWIZMT+K
BNjCjhcD849SYEQpKAQpsKcRZuSFPo9iPwC5G3iJw4THmJMCO/GpjASP73Tv
yP2aqV/g5pHbhmt+LSm/V1MWJK3/3ZuyHS81JvQHINqpgF3kxPzLlpTfg5f6
CxaVz54+faGGnjf3pQgxVzeGzD/CZHVtWLZcp/xjh3zrPxY2mPxm9HKKCSyP
9VsrmHD1M5qgaxU+UDoxPgj4xfHgMccPweAgNdob6Co0N1PAM2hLLK+y2Ty7
WP72YC7TUs/zaVUq9tNKqBh0Nduqhsze6Afbc37wwPqDXKvCNpu4SCQ28awH
VQfq9t+PWPd8IrIyX6ty4Oy91PWD2QILxiSOUEx7fTm6L7fVF14mfKe+qO7L
afWFdxOrvnrnBdRFbMi+hq4bUYeddhWbf7FeZkv4WgOT1exZ3/t3rIoJ8QSA
VikcUrIOY2CxoqqxUy+fVDfUjJR5q5f0Kglr9sPrU4sliutUVeCqME0PlsLm
QHZTHWaKVeCr3Fz52fRSz8RAUON2F0aJxihtYRQvfNaro+7/Ef3b8sbPkjbR
p+boaAXI7JItL4ZnCWNj+ScHlTqr+IJ8nxXKf9qb5rNqUVrST/2u+hUZu1jm
0JBjj7pC+E7IsY7522V+BfO+UN+pLcS63+HuWcIcoUfx24MUqEpW1oGuny6s
IoOxVIk9qJPLt9aHDx9Os7dsLawf//5fF/PNUnysT6H48Lu//xdod9aZnDOU
SPgk1YXK6ma+hQYEX06lFFjoWd0LjGzAugKuWZdX44oghs6ukORBQj1fLvN3
mlWBGF1yMHCev3r1+g/H7QLOk59OT35/bM1OXpw/n9mvTv54jrtHX6T5pzen
J2dnv1Hjm85/RIdp/cbZ82fPz+wf84W0Hv0O1VSLXaylQqkV45GfzuPp5P8D
nEwYEoe5AAA=

-->

</rfc>
