Message Queuing Telemetry Transport (MQTT) and Transport Layer Security (TLS) Profile of Authentication and Authorization for Constrained Environments (ACE) Framework, July 2023
- File formats:
- Also available: XML file for editing
- PROPOSED STANDARD
- C. Sengul
- ace (sec)
Discuss this RFC: Send questions or comments to the mailing list [email protected]
This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework to enable authorization in a publish-subscribe messaging system based on Message Queuing Telemetry Transport (MQTT). Proof-of-Possession keys, bound to OAuth 2.0 access tokens, are used to authenticate and authorize MQTT Clients. The protocol relies on TLS for confidentiality and MQTT server (Broker) authentication.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.