The Delegated CoAP Authentication and Authorization Framework (DCAF) provides a protocol for the secure distribution of authorization information and keying material to constrained devices. It thereby enables constrained clients and servers to validate the authorization of their peers and allows them to communicate securely with them. Our DCAF implementation can be found at the DCAF Repository.
In DCAF, each constrained device has an own less-constrained device, the authorization manager, that helps with difficult authentication and authorization tasks. The manager provides its device with all necessary authorization information and keying material for certain devices. The device owners are thereby enabled to keep the control over their devices. DCAF thus does not only support constrained servers but also constrained clients and allows for secure thing to thing communication across company boundaries.
DCAF employs the Constrained Application Protocol (CoAP, RFC 7252) as transfer protocol. CoAP is similar to HTTP, but was specifically designed for constrained environments, i.e., for devices with only limited hardware and energy resources that communicate over low-power, lossy networks.