draft-ietf-core-resource-directory-13.txt   draft-ietf-core-resource-directory-14.txt 
CoRE Z. Shelby CoRE Z. Shelby
Internet-Draft ARM Internet-Draft ARM
Intended status: Standards Track M. Koster Intended status: Standards Track M. Koster
Expires: September 2, 2018 SmartThings Expires: January 3, 2019 SmartThings
C. Bormann C. Bormann
Universitaet Bremen TZI Universitaet Bremen TZI
P. van der Stok P. van der Stok
consultant consultant
C. Amsuess, Ed. C. Amsuess, Ed.
March 01, 2018 July 02, 2018
CoRE Resource Directory CoRE Resource Directory
draft-ietf-core-resource-directory-13 draft-ietf-core-resource-directory-14
Abstract Abstract
In many M2M applications, direct discovery of resources is not In many M2M applications, direct discovery of resources is not
practical due to sleeping nodes, disperse networks, or networks where practical due to sleeping nodes, disperse networks, or networks where
multicast traffic is inefficient. These problems can be solved by multicast traffic is inefficient. These problems can be solved by
employing an entity called a Resource Directory (RD), which hosts employing an entity called a Resource Directory (RD), which hosts
descriptions of resources held on other servers, allowing lookups to descriptions of resources held on other servers, allowing lookups to
be performed for those resources. This document specifies the web be performed for those resources. This document specifies the web
interfaces that a Resource Directory supports in order for web interfaces that a Resource Directory supports in order for web
skipping to change at page 1, line 45 skipping to change at page 1, line 45
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 2, 2018. This Internet-Draft will expire on January 3, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Architecture and Use Cases . . . . . . . . . . . . . . . . . 6 3. Architecture and Use Cases . . . . . . . . . . . . . . . . . 7
3.1. Principles . . . . . . . . . . . . . . . . . . . . . . . 6 3.1. Principles . . . . . . . . . . . . . . . . . . . . . . . 7
3.2. Architecture . . . . . . . . . . . . . . . . . . . . . . 6 3.2. Architecture . . . . . . . . . . . . . . . . . . . . . . 7
3.3. RD Content Model . . . . . . . . . . . . . . . . . . . . 8 3.3. RD Content Model . . . . . . . . . . . . . . . . . . . . 9
3.4. Use Case: Cellular M2M . . . . . . . . . . . . . . . . . 12 3.4. Use Case: Cellular M2M . . . . . . . . . . . . . . . . . 13
3.5. Use Case: Home and Building Automation . . . . . . . . . 13 3.5. Use Case: Home and Building Automation . . . . . . . . . 14
3.6. Use Case: Link Catalogues . . . . . . . . . . . . . . . . 13 3.6. Use Case: Link Catalogues . . . . . . . . . . . . . . . . 14
4. Finding a Resource Directory . . . . . . . . . . . . . . . . 14 4. Finding a Resource Directory . . . . . . . . . . . . . . . . 15
4.1. Resource Directory Address Option (RDAO) . . . . . . . . 15 4.1. Resource Directory Address Option (RDAO) . . . . . . . . 17
5. Resource Directory . . . . . . . . . . . . . . . . . . . . . 17 5. Resource Directory . . . . . . . . . . . . . . . . . . . . . 18
5.1. Payload Content Formats . . . . . . . . . . . . . . . . . 18 5.1. Payload Content Formats . . . . . . . . . . . . . . . . . 19
5.2. URI Discovery . . . . . . . . . . . . . . . . . . . . . . 18 5.2. URI Discovery . . . . . . . . . . . . . . . . . . . . . . 19
5.3. Registration . . . . . . . . . . . . . . . . . . . . . . 21 5.3. Registration . . . . . . . . . . . . . . . . . . . . . . 22
5.3.1. Simple Registration . . . . . . . . . . . . . . . . . 25 5.3.1. Simple Registration . . . . . . . . . . . . . . . . . 27
5.3.2. Third-party registration . . . . . . . . . . . . . . 26 5.3.2. Third-party registration . . . . . . . . . . . . . . 29
5.4. Operations on the Registration Resource . . . . . . . . . 26 6. RD Groups . . . . . . . . . . . . . . . . . . . . . . . . . . 30
5.4.1. Registration Update . . . . . . . . . . . . . . . . . 27 6.1. Register a Group . . . . . . . . . . . . . . . . . . . . 30
5.4.2. Registration Removal . . . . . . . . . . . . . . . . 30 6.2. Group Removal . . . . . . . . . . . . . . . . . . . . . . 32
5.4.3. Read Endpoint Links . . . . . . . . . . . . . . . . . 31 7. RD Lookup . . . . . . . . . . . . . . . . . . . . . . . . . . 33
5.4.4. Update Endpoint Links . . . . . . . . . . . . . . . . 32 7.1. Resource lookup . . . . . . . . . . . . . . . . . . . . . 33
6. RD Groups . . . . . . . . . . . . . . . . . . . . . . . . . . 32 7.2. Lookup filtering . . . . . . . . . . . . . . . . . . . . 34
6.1. Register a Group . . . . . . . . . . . . . . . . . . . . 32 7.3. Resource lookup examples . . . . . . . . . . . . . . . . 36
6.2. Group Removal . . . . . . . . . . . . . . . . . . . . . . 34 8. Security Considerations . . . . . . . . . . . . . . . . . . . 39
7. RD Lookup . . . . . . . . . . . . . . . . . . . . . . . . . . 35 8.1. Endpoint Identification and Authentication . . . . . . . 39
7.1. Resource lookup . . . . . . . . . . . . . . . . . . . . . 36 8.2. Access Control . . . . . . . . . . . . . . . . . . . . . 40
7.2. Endpoint and group lookup . . . . . . . . . . . . . . . . 36 8.3. Denial of Service Attacks . . . . . . . . . . . . . . . . 40
7.3. Lookup filtering . . . . . . . . . . . . . . . . . . . . 37 9. Authorization Server example . . . . . . . . . . . . . . . . 40
7.4. Lookup examples . . . . . . . . . . . . . . . . . . . . . 39 9.1. Registree-ep registers with RD . . . . . . . . . . . . . 42
8. Security Considerations . . . . . . . . . . . . . . . . . . . 43 9.2. Third party Commissioning Tool (CT) registers registree-
8.1. Endpoint Identification and Authentication . . . . . . . 43 ep with RD. . . . . . . . . . . . . . . . . . . . . . . . 42
8.2. Access Control . . . . . . . . . . . . . . . . . . . . . 44 9.3. Updating multiple links . . . . . . . . . . . . . . . . . 43
8.3. Denial of Service Attacks . . . . . . . . . . . . . . . . 44 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 43
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 45 10.1. Resource Types . . . . . . . . . . . . . . . . . . . . . 43
9.1. Resource Types . . . . . . . . . . . . . . . . . . . . . 45 10.2. IPv6 ND Resource Directory Address Option . . . . . . . 44
9.2. IPv6 ND Resource Directory Address Option . . . . . . . . 45 10.3. RD Parameter Registry . . . . . . . . . . . . . . . . . 44
9.3. RD Parameter Registry . . . . . . . . . . . . . . . . . . 45 10.3.1. Full description of the "Endpoint Type" Registration
9.3.1. Full description of the "Endpoint Type" Registration Parameter . . . . . . . . . . . . . . . . . . . . . 46
Parameter . . . . . . . . . . . . . . . . . . . . . . 47 10.4. "Endpoint Type" (et=) RD Parameter values . . . . . . . 46
9.4. "Endpoint Type" (et=) RD Parameter values . . . . . . . . 47 10.5. Multicast Address Registration . . . . . . . . . . . . . 47
9.5. Multicast Address Registration . . . . . . . . . . . . . 48 10.6. CBOR Web Token claims . . . . . . . . . . . . . . . . . 47
10. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 48 11. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 48
10.1. Lighting Installation . . . . . . . . . . . . . . . . . 48 11.1. Lighting Installation . . . . . . . . . . . . . . . . . 48
10.1.1. Installation Characteristics . . . . . . . . . . . . 48 11.1.1. Installation Characteristics . . . . . . . . . . . . 49
10.1.2. RD entries . . . . . . . . . . . . . . . . . . . . . 49 11.1.2. RD entries . . . . . . . . . . . . . . . . . . . . . 50
10.2. OMA Lightweight M2M (LWM2M) Example . . . . . . . . . . 52 11.2. OMA Lightweight M2M (LWM2M) Example . . . . . . . . . . 52
10.2.1. The LWM2M Object Model . . . . . . . . . . . . . . . 53 11.2.1. The LWM2M Object Model . . . . . . . . . . . . . . . 53
10.2.2. LWM2M Register Endpoint . . . . . . . . . . . . . . 54 11.2.2. LWM2M Register Endpoint . . . . . . . . . . . . . . 54
10.2.3. LWM2M Update Endpoint Registration . . . . . . . . . 56 11.2.3. LWM2M Update Endpoint Registration . . . . . . . . . 56
10.2.4. LWM2M De-Register Endpoint . . . . . . . . . . . . . 56 11.2.4. LWM2M De-Register Endpoint . . . . . . . . . . . . . 56
11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 56 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 56
12. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 56 13. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 56
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 62 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 62
13.1. Normative References . . . . . . . . . . . . . . . . . . 62 14.1. Normative References . . . . . . . . . . . . . . . . . . 63
13.2. Informative References . . . . . . . . . . . . . . . . . 63 14.2. Informative References . . . . . . . . . . . . . . . . . 63
Appendix A. Web links and the Resource Directory . . . . . . . . 64 Appendix A. Registration Management . . . . . . . . . . . . . . 65
A.1. A simple example . . . . . . . . . . . . . . . . . . . . 64 A.1. Registration Update . . . . . . . . . . . . . . . . . . . 66
A.1.1. Resolving the URIs . . . . . . . . . . . . . . . . . 64 A.2. Registration Removal . . . . . . . . . . . . . . . . . . 69
A.1.2. Interpreting attributes and relations . . . . . . . . 65 A.3. Read Endpoint Links . . . . . . . . . . . . . . . . . . . 70
A.2. A slightly more complex example . . . . . . . . . . . . . 65 A.4. Update Endpoint Links . . . . . . . . . . . . . . . . . . 71
A.3. Enter the Resource Directory . . . . . . . . . . . . . . 66 A.5. Endpoint and group lookup . . . . . . . . . . . . . . . . 71
A.4. A note on differences between link-format and Link Appendix B. Web links and the Resource Directory . . . . . . . . 73
headers . . . . . . . . . . . . . . . . . . . . . . . . . 67 B.1. A simple example . . . . . . . . . . . . . . . . . . . . 73
Appendix B. Syntax examples for Protocol Negotiation . . . . . . 68 B.1.1. Resolving the URIs . . . . . . . . . . . . . . . . . 73
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 69 B.1.2. Interpreting attributes and relations . . . . . . . . 74
B.2. A slightly more complex example . . . . . . . . . . . . . 74
B.3. Enter the Resource Directory . . . . . . . . . . . . . . 75
B.4. A note on differences between link-format and Link
headers . . . . . . . . . . . . . . . . . . . . . . . . . 76
Appendix C. Syntax examples for Protocol Negotiation . . . . . . 77
Appendix D. Modernized Link Format parsing . . . . . . . . . . . 78
D.1. For endpoint developers . . . . . . . . . . . . . . . . . 79
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 79
1. Introduction 1. Introduction
The work on Constrained RESTful Environments (CoRE) aims at realizing The work on Constrained RESTful Environments (CoRE) aims at realizing
the REST architecture in a suitable form for the most constrained the REST architecture in a suitable form for the most constrained
nodes (e.g., 8-bit microcontrollers with limited RAM and ROM) and nodes (e.g., 8-bit microcontrollers with limited RAM and ROM) and
networks (e.g. 6LoWPAN). CoRE is aimed at machine-to-machine (M2M) networks (e.g. 6LoWPAN). CoRE is aimed at machine-to-machine (M2M)
applications such as smart energy and building automation. applications such as smart energy and building automation.
The discovery of resources offered by a constrained server is very The discovery of resources offered by a constrained server is very
skipping to change at page 5, line 5 skipping to change at page 5, line 17
is used to describe the process of [RFC3986] Section 5.2. is used to describe the process of [RFC3986] Section 5.2.
Noteworthy corner cases are that resolving an absolute URI against Noteworthy corner cases are that resolving an absolute URI against
any base URI gives the original URI, and that resolving an empty any base URI gives the original URI, and that resolving an empty
URI reference gives the base URI. URI reference gives the base URI.
Resource Directory Resource Directory
A web entity that stores information about web resources and A web entity that stores information about web resources and
implements the REST interfaces defined in this specification for implements the REST interfaces defined in this specification for
registration and lookup of those resources. registration and lookup of those resources.
Domain Sector
In the context of a Resource Directory, a domain is a logical In the context of a Resource Directory, a sector is a logical
grouping of endpoints. grouping of endpoints.
The abbreviation "d" is used for the sector in query parameters
for compatibility with deployed implementations.
Group Group
In the context of a Resource Directory, a group is a logical A group in the Resource Directory specifies a set of endpoints
grouping of endpoints for the purpose of group communications. that are enabled with the same multicast address for the purpose
All groups within a domain have unique names. of efficient group communications. All groups within a sector
have unique names.
Endpoint Endpoint
Endpoint (EP) is a term used to describe a web server or client in Endpoint (EP) is a term used to describe a web server or client in
[RFC7252]. In the context of this specification an endpoint is [RFC7252]. In the context of this specification an endpoint is
used to describe a web server that registers resources to the used to describe a web server that registers resources to the
Resource Directory. An endpoint is identified by its endpoint Resource Directory. An endpoint is identified by its endpoint
name, which is included during registration, and has a unique name name, which is included during registration, and has a unique name
within the associated domain of the registration. within the associated sector of the registration.
Registration Base URI
The Base URI of a Registration is a URI that typically gives
scheme and authority information about an Endpoint. The
Registration Base URI is provided by the Endpoint at registration
time, and is used by the Resource Directory to resolve relative
references inside the registration into absolute URIs.
Target
The target of a link is the destination address (URI) of the link.
It is sometimes identified with "href=", or displayed as
"<target>". Relative targets need resolving with respect to the
Base URI (section 5.2 of [RFC3986]).
This use of the term Target is consistent with [RFC8288]'s use of
the term.
Context Context
A Context is a base URL that gives scheme and (typically) The context of a link is the source address (URI) of the link, and
authority information about an Endpoint. The Context of an describes which resource is linked to the target. A link's
Endpoint is provided at registration time, and is used by the context is made explicit in serialized links as the "anchor="
Resource Directory to resolve relative references inside the attribute.
registration into absolute URIs.
This use of the term Context is consistent with [RFC8288]'s use of
the term.
Directory Resource Directory Resource
A resource in the Resource Directory (RD) containing registration A resource in the Resource Directory (RD) containing registration
resources. resources.
Group Resource Group Resource
A resource in the RD containing registration resources of the A resource in the RD containing registration resources of the
Endpoints that form a group. Endpoints that form a group.
Registration Resource Registration Resource
A resource in the RD that contains information about an Endpoint A resource in the RD that contains information about an Endpoint
and its links. and its links.
Commissioning Tool Commissioning Tool
Commissioning Tool (CT) is a device that assists during the Commissioning Tool (CT) is a device that assists during the
installation of the network by assigning values to parameters, installation of the network by assigning values to parameters,
naming endpoints and groups, or adapting the installation to the naming endpoints and groups, or adapting the installation to the
needs of the applications. needs of the applications.
Registree-ep
Registree-ep is the endpoint that is registered into the RD. The
registree-ep can register itself, or a CT registers the registree-
ep.
RDAO RDAO
Resource Directory Address Option. Resource Directory Address Option.
For several operations, interface descriptions are given in list
form; those describe the operation participants, request codes, URIs,
content formats and outcomes. Those templates contain normative
content in their Interaction, Method, URI Template and URI Template
Variables sections as well as the details of the Success condition.
The additional sections on options like Content-Format and on Failure
codes give typical cases that the implementing parties should be
prepared to deal with. Those serve to illustrate the typical
responses to readers who are not yet familiar with all the details of
CoAP based interfaces; they do not limit what a server may respond
under atypical circumstances.
3. Architecture and Use Cases 3. Architecture and Use Cases
3.1. Principles 3.1. Principles
The Resource Directory is primarily a tool to make discovery The Resource Directory is primarily a tool to make discovery
operations more efficient than querying /.well-known/core on all operations more efficient than querying /.well-known/core on all
connected device, or across boundaries that would be limiting those connected device, or across boundaries that would be limiting those
operations. operations.
It provides a cache (in the high-level sense, not as defined in It provides a cache (in the high-level sense, not as defined in
[RFC7252]/[RFC2616]) of data that could otherwise only be obtained by [RFC7252]/[RFC2616]) of data that could otherwise only be obtained by
directly querying the /.well-known/core resource on the target directly querying the /.well-known/core resource on the target
device, or by accessing those resources with a multicast request. device, or by accessing those resources with a multicast request.
From that, it follows that only information should be stored in the From that, it follows that only information should be stored in the
resource directory that is discovered from querying the described resource directory that is discovered from querying the described
device's /.well-known/core resource directly. device's /.well-known/core resource directly.
It also follows that data in the resource directory can only be It also follows that data in the resource directory can only be
provided by the device whose descriptions are cached or a dedicated provided by the device whose descriptions are cached or a dedicated
Commissioning Tool (CT). These CTs are thought to act on behalf Commissioning Tool (CT). These CTs are thought to act on behalf of
agents too constrained, or generally unable, to present that agents too constrained, or generally unable, to present that
information themselves. No other client can modify data in the information themselves. No other client can modify data in the
resource directory. Changes in the Resource Directory do not resource directory. Changes in the Resource Directory do not
propagate automatically back to its source. propagate automatically back to the web server from where the links
originated.
3.2. Architecture 3.2. Architecture
The resource directory architecture is illustrated in Figure 1. A The resource directory architecture is illustrated in Figure 1. A
Resource Directory (RD) is used as a repository for Web Links Resource Directory (RD) is used as a repository for Web Links
[RFC5988] about resources hosted on other web servers, which are [RFC5988] about resources hosted on other web servers, which are
called endpoints (EP). An endpoint is a web server associated with a called endpoints (EP). An endpoint is a web server associated with a
scheme, IP address and port. A physical node may host one or more scheme, IP address and port. A physical node may host one or more
endpoints. The RD implements a set of REST interfaces for endpoints endpoints. The RD implements a set of REST interfaces for endpoints
to register and maintain sets of Web Links (called resource directory to register and maintain sets of Web Links (called resource directory
registration entries), and for clients to lookup resources from the registration entries), and for clients to lookup resources from the
RD or maintain groups. Endpoints themselves can also act as clients. RD or maintain groups. Endpoints themselves can also act as clients.
An RD can be logically segmented by the use of Groups. The group an An RD can be logically segmented by the use of Sectors. The set of
endpoint is part of, can be defined by the RD or configured by a endpoints grouped for group communication can be defined by the RD or
Commissioning Tool. This information hierarchy is shown in Figure 2. configured by a Commissioning Tool. This information hierarchy is
shown in Figure 2.
A mechanism to discover an RD using CoRE Link Format [RFC6690] is A mechanism to discover an RD using CoRE Link Format [RFC6690] is
defined. defined.
Endpoints proactively register and maintain resource directory Endpoints proactively register and maintain resource directory
registration entries on the RD, which are soft state and need to be registration entries on the RD, which are soft state and need to be
periodically refreshed. periodically refreshed.
An endpoint uses specific interfaces to register, update and remove a An endpoint uses specific interfaces to register, update and remove a
resource directory registration entry. It is also possible for an RD resource directory registration entry. It is also possible for an RD
skipping to change at page 9, line 21 skipping to change at page 10, line 21
< contains > < contains >
\\\\\\\\/////// \\\\\\\\///////
| |
| 0+ | 0+
+--------------------+ +--------------------+
| link | | link |
+--------------------+ +--------------------+
| |
| 1 oooooooo | 1 oooooooo
+-----o target o +-----o target o
0+ | oooooooo | oooooooo
oooooooooooo | oooooooooooo 0+ |
o target o--------+ o target o--------+
o attribute o | 0+ oooooo o attribute o | 0+ oooooo
oooooooooooo +-----o rel o oooooooooooo +-----o rel o
| oooooo | oooooo
| |
| 1 ooooooooo | 1 ooooooooo
+-----o context o +-----o context o
ooooooooo ooooooooo
Figure 3: E-R Model of the content of /.well-known/core Figure 3: E-R Model of the content of /.well-known/core
The model shown in Figure 3 models the contents of /.well-known/core The model shown in Figure 3 models the contents of /.well-known/core
which contains: which contains:
o a set of links belonging to the host o a set of links belonging to the hosting web server
The host is free to choose links it deems appropriate to be exposed The web server is free to choose links it deems appropriate to be
in its ".well-known/core". Typically, the links describe resources exposed in its ".well-known/core". Typically, the links describe
that are served by the host, but the set can also contain links to resources that are served by the host, but the set can also contain
resources on other servers (see examples in [RFC6690] page 14). The links to resources on other servers (see examples in [RFC6690] page
set does not necessarily contain links to all resources served by the 14). The set does not necessarily contain links to all resources
host. served by the host.
A link has the following attributes (see [RFC5988]): A link has the following attributes (see [RFC5988]):
o Zero or more link relations: They describe relations between the o Zero or more link relations: They describe relations between the
link context and the link target. link context and the link target.
In link-format serialization, they are expressed as space- In link-format serialization, they are expressed as space-
separated values in the "rel" attribute, and default to "hosts". separated values in the "rel" attribute, and default to "hosts".
o A link context URI: It defines the source of the relation, eg. o A link context URI: It defines the source of the relation, eg.
_who_ "hosts" something. _who_ "hosts" something.
In link-format serialization, it is expressed in the "anchor" In link-format serialization, it is expressed in the "anchor"
attribute. There, it can be a relative reference, in which case attribute. It defaults to that document's URI.
it gets resolved against the URI of the ".well-known/core"
document it was obtained from. It defaults to that document's
URI.
o A link target URI: It defines the destination of the relation (eg. o A link target URI: It defines the destination of the relation (eg.
_what_ is hosted), and is the topic of all target attributes. _what_ is hosted), and is the topic of all target attributes.
In link-format serialization, it is expressed between angular In link-format serialization, it is expressed between angular
brackets, and sometimes called the "href". brackets, and sometimes called the "href".
If there is an anchor attribute present and the link is serialized in
[RFC6690] link format, this document will require that the link is an
absolute reference to avoid the ambiguities outlined in Appendix A.4.
Otherwise, it can be serialized as a relative URI, and gets resolved
against the document's URI.
o Other target attributes (eg. resource type (rt), interface (if), o Other target attributes (eg. resource type (rt), interface (if),
cor content-type (ct)). These provide additional information or content-type (ct)). These provide additional information about
about the target URI. the target URI.
+----------------------+ +----------------------+ 1 ooooooo
| resource-directory | | resource-directory | +--o href o
+----------------------+ +----------------------+ | ooooooo
| | 1 |
| oooooooooooo 0-1 | oooooooooo 0-1 | 1 oooooo
| o MC address o---+ | o base o---+ | +------o gp o
| oooooooooooo | | ooooooooooo | | | oooooo
| | | | | |
//////\\\\ 0+ +--------+ //////\\\\ 0+ +--------+ 0-1 ooooo
< contains >----------------| group | < contains >----------------| group |------o d o
\\\\\///// +--------+ \\\\\///// +--------+ ooooo
| | | | 0+
0-n | | 1+ 0+ | |
ooooooo 1 +---------------+ ///////\\\\\\ ooooooo 1 +---------------+ 1+ ///////\\\\\\
o con o-------| registration |---------< composed of > o base o-------| registration |---------< composed of >
ooooooo +---------------+ \\\\\\\////// ooooooo +---------------+ \\\\\\\//////
| | | | 1
| +--------------+ | +--------------+
oooooooo 1 | | oooooooo 1 | |
o loc o----+ /////\\\\ o href o----+ /////\\\\
oooooooo | < contains > oooooooo | < contains >
| \\\\\///// | \\\\\/////
oooooooo 1 | | oooooooo 1 | |
o ep o----+ | 0+ o ep o----+ | 0+
oooooooo | +------------------+ oooooooo | +------------------+
| | link | | | link |
oooooooo 0-1 | +------------------+ oooooooo 0-1 | +------------------+
o d o----+ | o d o----+ |
oooooooo | | 1 oooooooo oooooooo | | 1 oooooooo
| +-----o target o | +-----o target o
oooooooo 0-1 | | oooooooo oooooooo 1 | | oooooooo
o lt o----+ ooooooooooo 0+ | o lt o----+ ooooooooooo 0+ |
oooooooo | o target o-----+ oooooooo | o target o-----+
| o attribute o | 0+ oooooo | o attribute o | 0+ oooooo
ooooooooooo 0+ | ooooooooooo +-----o rel o ooooooooooo 0+ | ooooooooooo +-----o rel o
o endpoint o----+ | oooooo o endpoint o----+ | oooooo
o attribute o | o attribute o |
ooooooooooo | 1 ooooooooo ooooooooooo | 1 ooooooooo
+----o context o +----o context o
ooooooooo ooooooooo
Figure 4: E-R Model of the content of the Resource Directory Figure 4: E-R Model of the content of the Resource Directory
The model shown in Figure 4 models the contents of the resource The model shown in Figure 4 models the contents of the resource
directory which contains in addition to /.well-known/core: directory which contains in addition to /.well-known/core:
o 0 to n Registration (entries), o 0 to n Registration (entries) of endpoints,
o 0 or more Groups o 0 or more Groups
A Group has no or one Multicast address attribute and is composed of A Group has:
0 or more endpoints. A registration is associated with one endpoint
(ep). An endpoint can be part of 0 or more Groups . A registration
defines a set of links as defined for /.well-known/core. A
Registration has six attributes:
o one ep (endpoint with a unique name) o a group name ("gp"),
o one con (a string describing the scheme://authority part) o optionally a sector (abbreviated "d" for historical reasons),
o one lt (lifetime), o a group resource location inside the RD ("href"),
o one loc (location in the RD) o zero or one multicast addresses expressed as a base URI ("base"),
o optional one d (domain for query filtering), o and is composed of zero or more registrations (endpoints).
o optional additional endpoint attributes (from Section 9.3) A registration is associated with one endpoint. A registration can
be part of 0 or more Groups . A registration defines a set of links
as defined for /.well-known/core. A Registration has six types of
attributes:
The cardinality of con is currently 1; future documents are invited o a unique endpoint name ("ep")
to extend the RD specification to support multiple values (eg.
[I-D.silverajan-core-coap-protocol-negotiation]). Its value is used o a Registration Base URI ("base", a URI typically describing the
as a Base URI when resolving URIs in the links contained in the scheme://authority part)
o a lifetime ("lt"),
o a registration resource location inside the RD ("href"),
o optionally a sector ("d")
o optional additional endpoint attributes (from Section 10.3)
The cardinality of "base" is currently 1; future documents are
invited to extend the RD specification to support multiple values
(eg. [I-D.silverajan-core-coap-protocol-negotiation]). Its value is
used as a Base URI when resolving URIs in the links contained in the
endpoint. endpoint.
Links are modelled as they are in Figure 3. Links are modelled as they are in Figure 3.
3.4. Use Case: Cellular M2M 3.4. Use Case: Cellular M2M
Over the last few years, mobile operators around the world have Over the last few years, mobile operators around the world have
focused on development of M2M solutions in order to expand the focused on development of M2M solutions in order to expand the
business to the new type of users: machines. The machines are business to the new type of users: machines. The machines are
connected directly to a mobile network using an appropriate embedded connected directly to a mobile network using an appropriate embedded
skipping to change at page 14, line 8 skipping to change at page 15, line 19
links to sensor data may be published to a Resource Directory. links to sensor data may be published to a Resource Directory.
Applications wishing to consume the data can use RD Lookup to Applications wishing to consume the data can use RD Lookup to
discover and resolve links to the desired resources and endpoints. discover and resolve links to the desired resources and endpoints.
The Resource Directory service need not be coupled with the data The Resource Directory service need not be coupled with the data
intermediary service. Mapping of Resource Directories to data intermediary service. Mapping of Resource Directories to data
intermediaries may be many-to-many. intermediaries may be many-to-many.
Metadata in web link formats like [RFC6690] are supplied by Resource Metadata in web link formats like [RFC6690] are supplied by Resource
Directories, which may be internally stored as triples, or relation/ Directories, which may be internally stored as triples, or relation/
attribute pairs providing metadata about resource links. External attribute pairs providing metadata about resource links. External
catalogs that are represented in other formats may be converted to catalogues that are represented in other formats may be converted to
common web linking formats for storage and access by Resource common web linking formats for storage and access by Resource
Directories. Since it is common practice for these to be URN Directories. Since it is common practice for these to be URN
encoded, simple and lossless structural transforms should generally encoded, simple and lossless structural transforms should generally
be sufficient to store external metadata in Resource Directories. be sufficient to store external metadata in Resource Directories.
The additional features of Resource Directory allow domains to be The additional features of Resource Directory allow sectors to be
defined to enable access to a particular set of resources from defined to enable access to a particular set of resources from
particular applications. This provides isolation and protection of particular applications. This provides isolation and protection of
sensitive data when needed. Resource groups may defined to allow sensitive data when needed. Groups may be defined to support
batched reads from multiple resources. efficient data transport.
4. Finding a Resource Directory 4. Finding a Resource Directory
A (re-e)starting device may want to find one or more resource A (re-)starting device may want to find one or more resource
directories to make itself known with. directories to make itself known with.
The device may be pre-configured to exercise specific mechanisms for The device may be pre-configured to exercise specific mechanisms for
finding the resource directory: finding the resource directory:
o It may be configured with a specific IP address for the RD. That 1. It may be configured with a specific IP address for the RD. That
IP address may also be an anycast address, allowing the network to IP address may also be an anycast address, allowing the network
forward RD requests to an RD that is topologically close; each to forward RD requests to an RD that is topologically close; each
target network environment in which some of these preconfigured target network environment in which some of these preconfigured
nodes are to be brought up is then configured with a route for nodes are to be brought up is then configured with a route for
this anycast address that leads to an appropriate RD. (Instead of this anycast address that leads to an appropriate RD. (Instead
using an anycast address, a multicast address can also be of using an anycast address, a multicast address can also be
preconfigured. The RD directory servers then need to configure preconfigured. The RD servers then need to configure one of
one of their interfaces with this multicast address.) their interfaces with this multicast address.)
o It may be configured with a DNS name for the RD and a resource- 2. It may be configured with a DNS name for the RD and a resource-
record type to look up under this name; it can find a DNS server record type to look up under this name; it can find a DNS server
to perform the lookup using the usual mechanisms for finding DNS to perform the lookup using the usual mechanisms for finding DNS
servers. servers.
o It may be configured to use a service discovery mechanism such as 3. It may be configured to use a service discovery mechanism such as
DNS-SD [RFC6763]. The present specification suggests configuring DNS-SD [RFC6763]. The present specification suggests configuring
the service with name rd._sub._coap._udp, preferably within the the service with name rd._sub._coap._udp, preferably within the
domain of the querying nodes. domain of the querying nodes.
For cases where the device is not specifically configured with a way For cases where the device is not specifically configured with a way
to find a resource directory, the network may want to provide a to find a resource directory, the network may want to provide a
suitable default. suitable default.
o If the address configuration of the network is performed via 1. If the address configuration of the network is performed via
SLAAC, this is provided by the RDAO option Section 4.1. SLAAC, this is provided by the RDAO option Section 4.1.
o If the address configuration of the network is performed via DHCP, 2. If the address configuration of the network is performed via
this could be provided via a DHCP option (no such option is DHCP, this could be provided via a DHCP option (no such option is
defined at the time of writing). defined at the time of writing).
Finally, if neither the device nor the network offer any specific Finally, if neither the device nor the network offers any specific
configuration, the device may want to employ heuristics to find a configuration, the device may want to employ heuristics to find a
suitable resource directory. suitable resource directory.
The present specification does not fully define these heuristics, but The present specification does not fully define these heuristics, but
suggests a number of candidates: suggests a number of candidates:
o In a 6LoWPAN, just assume the Edge Router (6LBR) can act as a 1. In a 6LoWPAN, just assume the Border Router (6LBR) can act as a
resource directory (using the ABRO option to find that [RFC6775]). resource directory (using the ABRO option to find that
Confirmation can be obtained by sending a Unicast to [RFC6775]). Confirmation can be obtained by sending a Unicast to
"coap://[6LBR]/.well-known/core?rt=core.rd*". "coap://[6LBR]/.well-known/core?rt=core.rd*".
o In a network that supports multicast well, discovering the RD 2. In a network that supports multicast well, discovering the RD
using a multicast query for /.well-known/core as specified in CoRE using a multicast query for /.well-known/core as specified in
Link Format [RFC6690]: Sending a Multicast GET to CoRE Link Format [RFC6690]: Sending a Multicast GET to
"coap://[MCD1]/.well-known/core?rt=core.rd*". RDs within the "coap://[MCD1]/.well-known/core?rt=core.rd*". RDs within the
multicast scope will answer the query. multicast scope will answer the query.
As some of the RD addresses obtained by the methods listed here are As some of the RD addresses obtained by the methods listed here are
just (more or less educated) guesses, endpoints MUST make use of any just (more or less educated) guesses, endpoints MUST make use of any
error messages to very strictly rate-limit requests to candidate IP error messages to very strictly rate-limit requests to candidate IP
addresses that don't work out. For example, an ICMP Destination addresses that don't work out. For example, an ICMP Destination
Unreachable message (and, in particular, the port unreachable code Unreachable message (and, in particular, the port unreachable code
for this message) may indicate the lack of a CoAP server on the for this message) may indicate the lack of a CoAP server on the
candidate host, or a CoAP error response code such as 4.05 "Method candidate host, or a CoAP error response code such as 4.05 "Method
Not Allowed" may indicate unwillingness of a CoAP server to act as a Not Allowed" may indicate unwillingness of a CoAP server to act as a
directory server. directory server.
If multiple candidate addresses are discovered, the device may pick If multiple candidate addresses are discovered, the device may pick
any of them initially, unless the discovery method indicates a more any of them initially, unless the discovery method indicates a more
precise selection scheme. precise selection scheme.
4.1. Resource Directory Address Option (RDAO) 4.1. Resource Directory Address Option (RDAO)
The Resource Directory Address Option (RDAO) using IPv6 neighbor The Resource Directory Address Option (RDAO) using IPv6 neighbor
Discovery (ND) carries information about the address of the Resource Discovery (ND) carries information about the address of the Resource
Directory (RD). This information is needed when endpoints cannot Directory (RD). This information is needed when endpoints cannot
discover the Resource Directory with a link-local multicast address discover the Resource Directory with a link-local or realm-local
because the endpoint and the RD are separated by a border Router scope multicast address because the endpoint and the RD are separated
(6LBR). In many circumstances the availability of DHCP cannot be by a Border Router (6LBR). In many circumstances the availability of
guaranteed either during commissioning of the network. The presence DHCP cannot be guaranteed either during commissioning of the network.
and the use of the RD is essential during commissioning. The presence and the use of the RD is essential during commissioning.
It is possible to send multiple RDAO options in one message, It is possible to send multiple RDAO options in one message,
indicating as many resource directory addresses. indicating as many resource directory addresses.
The lifetime 0x0 means that the RD address is invalid and to be
removed.
The RDAO format is: The RDAO format is:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length = 3 | Valid Lifetime | | Type | Length = 3 | Valid Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
skipping to change at page 19, line 26 skipping to change at page 20, line 26
While the link targets in this discovery step are often expressed in While the link targets in this discovery step are often expressed in
path-absolute form, this is not a requirement. Clients SHOULD path-absolute form, this is not a requirement. Clients SHOULD
therefore accept URIs of all schemes they support, both in absolute therefore accept URIs of all schemes they support, both in absolute
and relative forms, and not limit the set of discovered URIs to those and relative forms, and not limit the set of discovered URIs to those
hosted at the address used for URI discovery. hosted at the address used for URI discovery.
The URI Discovery operation can yield multiple URIs of a given The URI Discovery operation can yield multiple URIs of a given
resource type. The client can use any of the discovered addresses resource type. The client can use any of the discovered addresses
initially. initially.
The discovery request interface is specified as follows: The discovery request interface is specified as follows (this is
exactly the Well-Known Interface of [RFC6690] Section 4, with the
additional requirement that the server MUST support query filtering):
Interaction: EP -> RD Interaction: EP and Client -> RD
Method: GET Method: GET
URI Template: /.well-known/core{?rt} URI Template: /.well-known/core{?rt}
URI Template Variables: URI Template Variables:
rt := Resource Type (optional). MAY contain one of the values rt := Resource Type (optional). MAY contain one of the values
"core.rd", "core.rd-lookup*", "core.rd-lookup-res", "core.rd- "core.rd", "core.rd-lookup*", "core.rd-lookup-res", "core.rd-
lookup-ep", "core.rd-lookup-gp", "core.rd-group" or "core.rd*" lookup-ep", "core.rd-lookup-gp", "core.rd-group" or "core.rd*"
skipping to change at page 20, line 35 skipping to change at page 21, line 37
</rd-group>;rt="core.rd-group";ct=40 </rd-group>;rt="core.rd-group";ct=40
Figure 6: Example discovery exchange Figure 6: Example discovery exchange
The following example shows the way of indicating that a client may The following example shows the way of indicating that a client may
request alternate content-formats. The Content-Format code attribute request alternate content-formats. The Content-Format code attribute
"ct" MAY include a space-separated sequence of Content-Format codes "ct" MAY include a space-separated sequence of Content-Format codes
as specified in Section 7.2.1 of [RFC7252], indicating that multiple as specified in Section 7.2.1 of [RFC7252], indicating that multiple
content-formats are available. The example below shows the required content-formats are available. The example below shows the required
Content-Format 40 (application/link-format) indicated as well as the Content-Format 40 (application/link-format) indicated as well as the
the CBOR and JSON representation of link format. The RD resource CBOR and JSON representation of link format. The RD resource paths
paths /rd, /rd-lookup, and /rd-group are example values. The server /rd, /rd-lookup, and /rd-group are example values. The server in
in this example also indicates that it is capable of providing this example also indicates that it is capable of providing
observation on resource lookups. observation on resource lookups.
[ The RFC editor is asked to replace these and later occurrences of [ The RFC editor is asked to replace these and later occurrences of
TBD64 and TBD504 with the numeric ID values assigned by IANA to TBD64 and TBD504 with the numeric ID values assigned by IANA to
application/link-format+cbor and application/link-format+json, application/link-format+cbor and application/link-format+json,
respectively, as they are defined in I-D.ietf-core-links-json. ] respectively, as they are defined in I-D.ietf-core-links-json. ]
Req: GET coap://[MCD1]/.well-known/core?rt=core.rd* Req: GET coap://[MCD1]/.well-known/core?rt=core.rd*
Res: 2.05 Content Res: 2.05 Content
</rd>;rt="core.rd";ct="40 65225", </rd>;rt="core.rd";ct="40 65225",
</rd-lookup/res>;rt="core.rd-lookup-res";ct="40 TBD64 TBD504";obs, </rd-lookup/res>;rt="core.rd-lookup-res";ct="40 TBD64 TBD504";obs,
</rd-lookup/ep>;rt="core.rd-lookup-ep";ct="40 TBD64 TBD504", </rd-lookup/ep>;rt="core.rd-lookup-ep";ct="40 TBD64 TBD504",
</rd-lookup/gp>;rt="core.rd-lookup-gp";ct=40 TBD64 TBD504", </rd-lookup/gp>;rt="core.rd-lookup-gp";ct=40 TBD64 TBD504",
</rd-group>;rt="core.rd-group";ct="40 TBD64 TBD504" </rd-group>;rt="core.rd-group";ct="40 TBD64 TBD504"
From a management and maintenance perspective, it is necessary to From a management and maintenance perspective, it is necessary to
identify the components that constitute the server. The identify the components that constitute the server. The
identification refers to information about for example client-server identification refers to information about for example client-server
incompatibilities, supported features, required updates and other incompatibilities, supported features, required updates and other
aspects. The URI discovery address, a described in section 4 of aspects. The URI discovery address, a described in section 4 of
[RFC6690] can be used to find the identification. [RFC6690] can be used to find the identification.
It would typically be stored in an implementation information link It would typically be stored in an implementation information link
(as described in [I-D.bormann-t2trg-rel-impl]): (as described in [I-D.bormann-t2trg-rel-impl]):
skipping to change at page 21, line 28 skipping to change at page 22, line 37
rel="impl-info" rel="impl-info"
Note that depending on the particular server's architecture, such a Note that depending on the particular server's architecture, such a
link could be anchored at the server's root, at the discovery site link could be anchored at the server's root, at the discovery site
(as in this example) or at individual RD components. The latter is (as in this example) or at individual RD components. The latter is
to be expected when different applications are run on the same to be expected when different applications are run on the same
server. server.
5.3. Registration 5.3. Registration
After discovering the location of an RD, an endpoint MAY register its After discovering the location of an RD, a registree-ep or CT MAY
resources using the registration interface. This interface accepts a register the resources of the registree-ep using the registration
POST from an endpoint containing the list of resources to be added to interface. This interface accepts a POST from an endpoint containing
the directory as the message payload in the CoRE Link Format the list of resources to be added to the directory as the message
[RFC6690], JSON CoRE Link Format (application/link-format+json), or payload in the CoRE Link Format [RFC6690], JSON CoRE Link Format
CBOR CoRE Link Format (application/link-format+cbor) (application/link-format+json), or CBOR CoRE Link Format
[I-D.ietf-core-links-json], along with query parameters indicating (application/link-format+cbor) [I-D.ietf-core-links-json], along with
the name of the endpoint, and optionally the domain and the lifetime query parameters indicating the name of the endpoint, and optionally
of the registration. It is expected that other specifications will the sector, lifetime and base URI of the registration. It is
define further parameters (see Section 9.3). The RD then creates a expected that other specifications will define further parameters
new registration resource in the RD and returns its location. An (see Section 10.3). The RD then creates a new registration resource
endpoint MUST use that location when refreshing registrations using in the RD and returns its location. The receiving endpoint MUST use
this interface. Registration resources in the RD are kept active for that location when refreshing registrations using this interface.
the period indicated by the lifetime parameter. The endpoint is Registration resources in the RD are kept active for the period
responsible for refreshing the registration resource within this indicated by the lifetime parameter. The endpoint is responsible for
period using either the registration or update interface. The refreshing the registration resource within this period using either
registration interface MUST be implemented to be idempotent, so that the registration or update interface. The registration interface
registering twice with the same endpoint parameters ep and d does not MUST be implemented to be idempotent, so that registering twice with
create multiple registration resources. A new registration resource the same endpoint parameters ep and d (sector) does not create
may be created at any time to supersede an existing registration, multiple registration resources.
replacing the registration parameters and links.
The following rules apply for an update identified by a given (ep, d)
value pair:
o when the parameter values of the Update generate the same
attribute values as already present, the location of the already
existing registration is returned.
o when for a given (ep, d) value pair the update generates attribute
values which are different from the existing one, the existing
registration is removed and a new registration with a new location
is created.
o when the (ep, d) value pair of the update is different from any
existing registration, a new registration is generated.
The posted link-format document can (and typically does) contain The posted link-format document can (and typically does) contain
relative references both in its link targets and in its anchors, or relative references both in its link targets and in its anchors, or
contain empty anchors. The RD server needs to resolve these contain empty anchors. The RD server needs to resolve these
references in order to faithfully represent them in lookups. The references in order to faithfully represent them in lookups. They
Base URI against which they are resolved is the context of the are resolved against the base URI of the registration, which is
registration, which is provided either explicitly in the "con" provided either explicitly in the "base" parameter or constructed
parameter or constructed implicitly from the requester's network implicitly from the requester's network address.
address.
Documents in [RFC6690] Link Format SHOULD NOT contain links in which Link format documents submitted to the resource directory are
resolving the target literal against the base URI gives a different interpreted as Modernized Link Format (see Appendix D) by the RD. A
result than resolving it against the resolved anchor; this is to registree-ep SHOULD NOT submit documents whose interpretations
avoid the ambiguities described in Appendix A.4. * Entries in which according to [RFC6690] and Appendix D differ and RFC6690
there is no anchor attribute, * entries in which the target is an interpretation is intended to avoid the ambiguities described in
absolute reference and * entries in which both the target and the Appendix B.4.
anchor start with a slash ("/")
never cause that kind of ambiguity. In practice, most links (precisely listed in Appendix D.1) can be
submitted without consideration for those details.
The registration request interface is specified as follows: The registration request interface is specified as follows:
Interaction: EP -> RD Interaction: EP -> RD
Method: POST Method: POST
URI Template: {+rd}{?ep,d,lt,con,extra-attrs*} URI Template: {+rd}{?ep,d,lt,base,extra-attrs*}
URI Template Variables: URI Template Variables:
rd := RD registration URI (mandatory). This is the location of rd := RD registration URI (mandatory). This is the location of
the RD, as obtained from discovery. the RD, as obtained from discovery.
ep := Endpoint name (mostly mandatory). The endpoint name is an ep := Endpoint name (mostly mandatory). The endpoint name is an
identifier that MUST be unique within a domain. The maximum identifier that MUST be unique within a sector. The maximum
length of this parameter is 63 bytes. If the RD is configured length of this parameter is 63 bytes. If the RD is configured
to recognize the endpoint (eg. based on its security context), to recognize the endpoint (eg. based on its security context),
the endpoint can ignore the endpoint name, and assign one based the endpoint sets no endpoint name, and the RD assigns one
on a se of configuration parameter values. based on a set of configuration parameter values.
d := Domain (optional). The domain to which this endpoint d := Sector (optional). The sector to which this endpoint
belongs. The maximum length of this parameter is 63 bytes. belongs. The maximum length of this parameter is 63 bytes.
When this parameter is not present, the RD MAY associate the When this parameter is not present, the RD MAY associate the
endpoint with a configured default domain or leave it empty. endpoint with a configured default sector or leave it empty.
The endpoint name and sector name are not set when one or both
are set in an accompanying authorization token.
lt := Lifetime (optional). Lifetime of the registration in lt := Lifetime (optional). Lifetime of the registration in
seconds. Range of 60-4294967295. If no lifetime is included seconds. Range of 60-4294967295. If no lifetime is included
in the initial registration, a default value of 86400 (24 in the initial registration, a default value of 90000 (25
hours) SHOULD be assumed. hours) SHOULD be assumed.
con := Context (optional). This parameter sets the Default Base base := Base URI (optional). This parameter sets the base URI of
URI under which the request's links are to be interpreted. The the registration, under which the request's links are to be
specified URI MUST NOT have a path component of its own, but interpreted. The specified URI typically does not have a path
MUST be suitable as a base URI to resolve any relative component of its own, and MUST be suitable as a base URI to
references given in the registration. The parameter is resolve any relative references given in the registration. The
therefore of the shape "scheme://authority" for HTTP and CoAP parameter is therefore usually of the shape
URIs. In the absence of this parameter the scheme of the "scheme://authority" for HTTP and CoAP URIs. The URI SHOULD
protocol, source address and source port of the registration NOT have a query or fragment component as any non-empty
request are assumed. This parameter is mandatory when the relative part in a reference would remove those parts from the
directory is filled by a third party such as an commissioning resulting URI.
tool. If the endpoint uses an ephemeral port to register with,
it MUST include the con parameter in the registration to In the absence of this parameter the scheme of the protocol,
provide a valid network path. If the endpoint which is located source address and source port of the registration request are
behind a NAT gateway is registering with a Resource Directory assumed. This parameter is mandatory when the directory is
which is on the network service side of the NAT gateway, the filled by a third party such as an commissioning tool.
endpoint MUST use a persistent port for the outgoing
registration in order to provide the NAT gateway with a valid If the endpoint uses an ephemeral port to register with, it
network address for replies and incoming requests. MUST include the base parameter in the registration to provide
a valid network path.
If the endpoint which is located behind a NAT gateway is
registering with a Resource Directory which is on the network
service side of the NAT gateway, the endpoint MUST use a
persistent port for the outgoing registration in order to
provide the NAT gateway with a valid network address for
replies and incoming requests.
Endpoints that register with a base that contains a path
component can not meaningfully use [RFC6690] Link Format due to
its prevalence of the Origin concept in relative reference
resolution; they can submit payloads for interpretation as
Modernized Link Format. Typically, links submitted by such an
endpoint are of the "path-noscheme" (starts with a path not
preceded by a slash, precisely defined in [RFC3986]
Section 3.3) form.
extra-attrs := Additional registration attributes (optional). extra-attrs := Additional registration attributes (optional).
The endpoint can pass any parameter registered at Section 9.3 The endpoint can pass any parameter registered at Section 10.3
to the directory. If the RD is aware of the parameter's to the directory. If the RD is aware of the parameter's
specified semantics, it processes it accordingly. Otherwise, specified semantics, it processes it accordingly. Otherwise,
it MUST store the unknown key and its value(s) as an endpoint it MUST store the unknown key and its value(s) as an endpoint
attribute for further lookup. attribute for further lookup.
Content-Format: application/link-format Content-Format: application/link-format
Content-Format: application/link-format+json Content-Format: application/link-format+json
Content-Format: application/link-format+cbor Content-Format: application/link-format+cbor
The following response codes are defined for this interface: The following response codes are defined for this interface:
Success: 2.01 "Created" or 201 "Created". The Location header Success: 2.01 "Created" or 201 "Created". The Location-Path option
option MUST be included in the response when a new registration or Location header MUST be included in the response. This
resource is created. This Location MUST be a stable identifier location MUST be a stable identifier generated by the RD as it is
generated by the RD as it is used for all subsequent operations on used for all subsequent operations on this registration resource.
this registration resource. The registration resource location The registration resource location thus returned is for the
thus returned is for the purpose of updating the lifetime of the purpose of updating the lifetime of the registration and for
registration and for maintaining the content of the registered maintaining the content of the registered links, including
links, including updating and deleting links. A registration with updating and deleting links.
an already registered ep and d value pair responds with the same
success code and Location as the original registration; the set of A registration with an already registered ep and d value pair
links registered with the endpoint is replaced with the links from responds with the same success code and location as the original
the payload. registration; the set of links registered with the endpoint is
replaced with the links from the payload.
The location MUST NOT have a query or fragment component, as that
could conflict with query parameters during the Registration
Update operation. Therefore, the Location-Query option MUST NOT
be present in a successful response.
Failure: 4.00 "Bad Request" or 400 "Bad Request". Malformed Failure: 4.00 "Bad Request" or 400 "Bad Request". Malformed
request. request.
Failure: 5.03 "Service Unavailable" or 503 "Service Unavailable". Failure: 5.03 "Service Unavailable" or 503 "Service Unavailable".
Service could not perform the operation. Service could not perform the operation.
HTTP support: YES HTTP support: YES
If the registration fails with a Service Unavailable response and a If the registration fails with a Service Unavailable response and a
Max-Age option or Retry-After header, the client SHOULD retry the Max-Age option or Retry-After header, the registering endpoint SHOULD
operation after the time indicated. If the registration fails in retry the operation after the time indicated. If the registration
another way, including request timeouts, or if the Service fails in another way, including request timeouts, or if the Service
Unavailable error persists after several retries, or indicates a Unavailable error persists after several retries, or indicates a
longer time than the endpoint is willing to wait, it SHOULD pick longer time than the endpoint is willing to wait, it SHOULD pick
another registration URI from the "URI Discovery" step and if there another registration URI from the "URI Discovery" step and if there
is only one or the list is exhausted, pick other choices from the is only one or the list is exhausted, pick other choices from the
"Finding a Resource Directory" step. Care has to be taken to "Finding a Resource Directory" step. Care has to be taken to
consider the freshness of results obtained earlier, eg. of the result consider the freshness of results obtained earlier, eg. of the result
of a "/.well-known/core" response, the lifetime of an RDAO option and of a "/.well-known/core" response, the lifetime of an RDAO option and
of DNS responses. Any rate limits and persistent errors from the of DNS responses. Any rate limits and persistent errors from the
"Finding a Resource Directory" step must be considered for the whole "Finding a Resource Directory" step must be considered for the whole
registration time, not only for a single operation. registration time, not only for a single operation.
The following example shows an endpoint with the name "node1" The following example shows a registree-ep with the name "node1"
registering two resources to an RD using this interface. The registering two resources to an RD using this interface. The
location "/rd" is an example RD location discovered in a request location "/rd" is an example RD location discovered in a request
similar to Figure 6. similar to Figure 6.
Req: POST coap://rd.example.com/rd?ep=node1 Req: POST coap://rd.example.com/rd?ep=node1
Content-Format: 40 Content-Format: 40
Payload: Payload:
</sensors/temp>;ct=41;rt="temperature-c";if="sensor"; </sensors/temp>;ct=41;rt="temperature-c";if="sensor";
anchor="coap://spurious.example.com:5683", anchor="coap://spurious.example.com:5683",
</sensors/light>;ct=41;rt="light-lux";if="sensor" </sensors/light>;ct=41;rt="light-lux";if="sensor"
Res: 2.01 Created Res: 2.01 Created
Location: /rd/4521 Location-Path: /rd/4521
Figure 7: Example registration payload Figure 7: Example registration payload
A Resource Directory may optionally support HTTP. Here is an example A Resource Directory may optionally support HTTP. Here is an example
of almost the same registration operation above, when done using HTTP of almost the same registration operation above, when done using HTTP
and the JSON Link Format. and the JSON Link Format.
Req: POST /rd?ep=node1&con=http://[2001:db8:1::1] HTTP/1.1 Req: POST /rd?ep=node1&base=http://[2001:db8:1::1] HTTP/1.1
Host : example.com Host: example.com
Content-Type: application/link-format+json Content-Type: application/link-format+json
Payload: Payload:
[ [
{"href": "/sensors/temp", "ct": "41", "rt": "temperature-c", "if": "sensor", {"href": "/sensors/temp", "ct": "41", "rt": "temperature-c",
"anchor": "coap://spurious.example.com:5683"}, "if": "sensor", "anchor": "coap://spurious.example.com:5683"},
{"href": "/sensors/light", "ct": "41", "rt": "light-lux", "if": "sensor"} {"href": "/sensors/light", "ct": "41", "rt": "light-lux",
] "if": "sensor"}
]
Res: 201 Created Res: 201 Created
Location: /rd/4521 Location: /rd/4521
5.3.1. Simple Registration 5.3.1. Simple Registration
Not all endpoints hosting resources are expected to know how to Not all endpoints hosting resources are expected to know how to
upload links to a RD as described in Section 5.3. Instead, simple upload links to an RD as described in Section 5.3. Instead, simple
endpoints can implement the Simple Registration approach described in endpoints can implement the Simple Registration approach described in
this section. An RD implementing this specification MUST implement this section. An RD implementing this specification MUST implement
Simple Registration. However, there may be security reasons why this Simple Registration. However, there may be security reasons why this
form of directory discovery would be disabled. form of directory discovery would be disabled.
This approach requires that the endpoint makes available the hosted This approach requires that the registree-ep makes available the
resources that it wants to be discovered, as links on its "/.well- hosted resources that it wants to be discovered, as links on its
known/core" interface as specified in [RFC6690]. The links in that "/.well-known/core" interface as specified in [RFC6690]. The links
document are subject to the same limitations as the payload of a in that document are subject to the same limitations as the payload
registration (no relative target references when anchor is present). of a registration (with respect to Appendix D).
The endpoint then finds one or more addresses of the directory server
as described in Section 4.
An endpoint finally asks the selected directory server to probe it
for resources and publish them as follows:
The endpoint sends (and regularly refreshes with) a POST request to
the "/.well-known/core" URI of the directory server of choice. The
body of the POST request is empty, which triggers the resource
directory server to perform GET requests at the requesting server's
default discovery URI to obtain the link-format payload to register.
The endpoint includes the same registration parameters in the POST
request as it would per Section 5.3. The context of the registration
is taken from the requesting server's URI.
The endpoints MUST be deleted after the expiration of their lifetime.
Additional operations on the registration resource cannot be executed
because no registration location is returned.
The following example shows an endpoint using Simple Registration, by
simply sending an empty POST to a resource directory.
Req:(to RD server from [2001:db8:2::1])
POST /.well-known/core?lt=6000&ep=node1
Content-Format: 40
No payload
Res: 2.04 Changed
(later)
Req: (from RD server to [2001:db8:2::1])
GET /.well-known/core
Accept: 40
Res: 2.05 Content
Payload:
</sen/temp>
5.3.2. Third-party registration
For some applications, even Simple Registration may be too taxing for
some very constrained devices, in particular if the security
requirements become too onerous.
In a controlled environment (e.g. building control), the Resource
Directory can be filled by a third device, called a commissioning
tool. The commissioning tool can fill the Resource Directory from a
database or other means. For that purpose the scheme, IP address and
port of the registered device is indicated in the Context parameter
of the registration described in Section 5.3.
It should be noted that the value of the con parameter applies to all
the links of the registration and has consequences for the anchor
value of the individual links as exemplified in Appendix A. An
eventual (currently non-existing) con attribute of the link is not
affected by the value of con parameter in the registration.
5.4. Operations on the Registration Resource
After the initial registration, an endpoint should retain the
returned location of the Registration Resource for further
operations, including refreshing the registration in order to extend
the lifetime and "keep-alive" the registration. When the lifetime of
the registration has expired, the RD SHOULD NOT respond to discovery
queries concerning this endpoint. The RD SHOULD continue to provide
access to the Registration Resource after a registration time-out
occurs in order to enable the registering endpoint to eventually
refresh the registration. The RD MAY eventually remove the
registration resource for the purpose of garbage collection and
remove it from any group it belongs to. If the Registration Resource
is removed, the endpoint will need to re-register.
The Registration Resource may also be used to inspect the
registration resource using GET, update the registration, or cancel
the registration using DELETE.
These operations are described in this section.
5.4.1. Registration Update The registree-ep then finds one or more addresses of the directory
server as described in Section 4.
The update interface is used by an endpoint to refresh or update its The registree-ep finally asks the selected directory server to probe
registration with an RD. To use the interface, the endpoint sends a it for resources and publish them as follows:
POST request to the registration resource returned by the initial
registration operation.
An update MAY update the lifetime- or the context- registration The registree-ep sends (and regularly refreshes with) a POST request
parameters "lt", "con" as in Section 5.3. Parameters that are not to the "/.well-known/core" URI of the directory server of choice.
being changed SHOULD NOT be included in an update. Adding parameters The body of the POST request is empty, and triggers the resource
that have not changed increases the size of the message but does not directory server to perform GET requests at the requesting registree-
have any other implications. Parameters MUST be included as query ep's default discovery URI to obtain the link-format payload to
parameters in an update operation as in Section 5.3. register.
A registration update resets the timeout of the registration to the The registree-ep includes the same registration parameters in the
(possibly updated) lifetime of the registration, independent of POST request as it would per Section 5.3. The registration base URI
whether a "lt" parameter was given. of the registration is taken from the requesting server's URI.
If the context of the registration is changed in an update explicitly The Resource Directory MUST NOT query the registree-ep's data before
or implicitly, relative references submitted in the original sending the response; this is to accommodate very limited endpoints.
registration or later updates are resolved anew against the new
context (like in the original registration).
The registration update operation only describes the use of POST with The success condition only indicates that the request was valid (ie.
an empty payload. Future standards might describe the semantics of the passed parameters are valid per se), not that the link data could
using content formats and payloads with the POST method to update the be obtained or parsed or was successfully registered into the RD.
links of a registration (see Section 5.4.4).
The update registration request interface is specified as follows: The simple registration request interface is specified as follows:
Interaction: EP -> RD Interaction: EP -> RD
Method: POST Method: POST
URI Template: {+location}{?lt,con,extra-attrs*} URI Template: /.well-known/core{?ep,d,lt,extra-attrs*}
URI Template Variables:
location := This is the Location returned by the RD as a result
of a successful earlier registration.
lt := Lifetime (optional). Lifetime of the registration in
seconds. Range of 60-4294967295. If no lifetime is included,
the previous last lifetime set on a previous update or the
original registration (falling back to 86400) SHOULD be used.
con := Context (optional). This parameter updates the context
established in the original registration to a new value. If
the parameter is set in an update, it is stored by the RD as
the new Base URI under which to interpret the links of the
registration, following the same restrictions as in the
registration. If the parameter is not set and was set
explicitly before, the previous context value is kept
unmodified. If the parameter is not set and was not set
explicitly before either, the source address and source port of
the update request are stored as the context.
extra-attrs := Additional registration attributes (optional). As
with the registration, the RD processes them if it knows their
semantics. Otherwise, unknown attributes are stored as
endpoint attributes, overriding any previously stored endpoint
attributes of the same key.
Content-Format: none (no payload) URI Template Variables are as they are for registration in
Section 5.3. The base attribute is not accepted to keep the
registration interface simple; that rules out registration over CoAP-
over-TCP or HTTP that would need to specify one.
The following response codes are defined for this interface: The following response codes are defined for this interface:
Success: 2.04 "Changed" or 204 "No Content" if the update was Success: 2.04 "Changed".
successfully processed.
Failure: 4.00 "Bad Request" or 400 "Bad Request". Malformed
request.
Failure: 4.04 "Not Found" or 404 "Not Found". Registration does not
exist (e.g. may have expired).
Failure: 5.03 "Service Unavailable" or 503 "Service Unavailable". Failure: 4.00 "Bad Request". Malformed request.
Service could not perform the operation.
HTTP support: YES Failure: 5.03 "Service Unavailable". Service could not perform the
operation.
If the registration update fails with a "Service Unavailable" HTTP support: NO
response and a Max-Age option or Retry-After header, the client
SHOULD retry the operation after the time indicated. If the
registration fails in another way, including request timeouts, or if
the time indicated excedes the remaining lifetime, the client SHOULD
attempt registration again.
The following example shows an endpoint updating its registration For the second interaction triggered by the above, the registree-ep
resource at an RD using this interface with the example location takes the role of server and the RD the role of client. (Note that
value: /rd/4521. this is exactly the Well-Known Interface of [RFC6690] Section 4):
Req: POST /rd/4521 Interaction: RD -> EP
Res: 2.04 Changed Method: GET
The following example shows an endpoint updating its registration URI Template: /.well-known/core
resource at an RD using this interface with the example location
value: /rd/4521. The initial registration by the client set the
following values:
o endpoint name (ep)=endpoint1 The following response codes are defined for this interface:
o lifetime (lt)=500 Success: 2.05 "Content".
o context (con)=coap://local-proxy-old.example.com:5683 Failure: 4.00 "Bad Request". Malformed request.
o payload of Figure 7 Failure: 4.04 "Not Found". /.well-known/core does not exist or is
empty.
The initial state of the Resource Directory is reflected in the Failure: 5.03 "Service Unavailable". Service could not perform the
following request: operation.
Req: GET /rd-lookup/res?ep=endpoint1 HTTP support: NO
Res: 2.01 Content The registration resources MUST be deleted after the expiration of
Payload: their lifetime. Additional operations on the registration resource
<coap://local-proxy-old.example.com:5683/sensors/temp>;ct=41;rt="temperature"; cannot be executed because no registration location is returned.
anchor="coap://spurious.example.com:5683",
<coap://local-proxy-old.example.com:5683/sensors/light>;ct=41;rt="light-lux";
if="sensor";anchor="coap://local-proxy-old.example.com:5683"
The following example shows an EP changing the context to The following example shows a registree-ep using Simple Registration,
"coaps://new.example.com:5684": by simply sending an empty POST to a resource directory.
Req: POST /rd/4521?con=coaps://new.example.com:5684 Req:(to RD server from [2001:db8:2::1])
POST /.well-known/core?lt=6000&ep=node1
No payload
Res: 2.04 Changed Res: 2.04 Changed
The consecutive query returns: (later)
Req: GET /rd-lookup/res?ep=endpoint1
Res: 2.01 Content
Payload:
<coaps://new.example.com:5684/sensors/temp>;ct=41;rt="temperature";
anchor="coap://spurious.example.com:5683",
<coaps://new.example.com:5684/sensors/light>;ct=41;rt="light-lux";if="sensor";
anchor="coaps://new.example.com:5684",
5.4.2. Registration Removal
Although RD entries have soft state and will eventually timeout after
their lifetime, an endpoint SHOULD explicitly remove its entry from
the RD if it knows it will no longer be available (for example on
shut-down). This is accomplished using a removal interface on the RD
by performing a DELETE on the endpoint resource.
Removed endpoints are implicitly removed from the groups to which
they belong.
The removal request interface is specified as follows:
Interaction: EP -> RD
Method: DELETE
URI Template: {+location}
URI Template Variables:
location := This is the Location returned by the RD as a result
of a successful earlier registration.
The following responses codes are defined for this interface:
Success: 2.02 "Deleted" or 204 "No Content" upon successful deletion
Failure: 4.00 "Bad Request" or 400 "Bad Request". Malformed
request.
Failure: 4.04 "Not Found" or 404 "Not Found". Registration does not
exist (e.g. may have expired).
Failure: 5.03 "Service Unavailable" or 503 "Service Unavailable".
Service could not perform the operation.
HTTP support: YES
The following examples shows successful removal of the endpoint from
the RD with example location value /rd/4521.
Req: DELETE /rd/4521
Res: 2.02 Deleted
5.4.3. Read Endpoint Links
Some endpoints may wish to manage their links as a collection, and
may need to read the current set of links stored in the registration
resource, in order to determine link maintenance operations.
One or more links MAY be selected by using query filtering as
specified in [RFC6690] Section 4.1
If no links are selected, the Resource Directory SHOULD return an
empty payload.
The read request interface is specified as follows:
Interaction: EP -> RD
Method: GET
URI Template: {+location}{?href,rel,rt,if,ct}
URI Template Variables:
location := This is the Location returned by the RD as a result
of a successful earlier registration.
href,rel,rt,if,ct := link relations and attributes specified in
the query in order to select particular links based on their
relations and attributes. "href" denotes the URI target of the
link. See [RFC6690] Sec. 4.1
The following response codes are defined for this interface:
Success: 2.05 "Content" or 200 "OK" upon success with an
"application/link-format", "application/link-format+cbor", or
"application/link-format+json" payload.
Failure: 4.00 "Bad Request" or 400 "Bad Request". Malformed
request.
Failure: 4.04 "Not Found" or 404 "Not Found". Registration does not
exist (e.g. may have expired).
Failure: 5.03 "Service Unavailable" or 503 "Service Unavailable".
Service could not perform the operation.
HTTP support: YES Req: (from RD server to [2001:db8:2::1])
GET /.well-known/core
Accept: 40
The following examples show successful read of the endpoint links Res: 2.05 Content
from the RD, with example location value /rd/4521 and example Content-Format: 40
registration payload of Figure 7. Payload:
</sen/temp>
Req: GET /rd/4521 5.3.2. Third-party registration
Res: 2.01 Content For some applications, even Simple Registration may be too taxing for
Payload: some very constrained devices, in particular if the security
</sensors/temp>;ct=41;rt="temperature-c";if="sensor"; requirements become too onerous.
anchor="coap://spurious.example.com:5683",
</sensors/light>;ct=41;rt="light-lux";if="sensor"
5.4.4. Update Endpoint Links In a controlled environment (e.g. building control), the Resource
Directory can be filled by a third party device, called a
commissioning tool. The commissioning tool can fill the Resource
Directory from a database or other means. For that purpose the
scheme, IP address and port of the registered device is indicated in
the "base" parameter of the registration described in Section 5.3.
An iPATCH (or PATCH) update [RFC8132] adds, removes or changes links It should be noted that the value of the "base" parameter applies to
of a registration by including link update information in the payload all the links of the registration and has consequences for the anchor
of the update with a media type that still needs to be defined. value of the individual links as exemplified in Appendix B. An
eventual (currently non-existing) "base" attribute of the link is not
affected by the value of "base" parameter in the registration.
6. RD Groups 6. RD Groups
This section defines the REST API for the creation, management, and This section defines the REST API for the creation, management, and
lookup of endpoints for group operations. Similar to endpoint lookup of endpoints for group operations. Similar to endpoint
registration entries in the RD, groups may be created or removed. registration entries in the RD, groups may be created or removed.
However unlike an endpoint entry, a group entry consists of a list of However unlike an endpoint entry, a group entry consists of a list of
endpoints and does not have a lifetime associated with it. In order endpoints and does not have a lifetime associated with it. In order
to make use of multicast requests with CoAP, a group MAY have a to make use of multicast requests with CoAP, a group MAY have a
multicast address associated with it. multicast address associated with it.
6.1. Register a Group 6.1. Register a Group
In order to create a group, a commissioning tool (CT) used to In order to create a group, a commissioning tool (CT) used to
configure groups, makes a request to the RD indicating the name of configure groups, makes a request to the RD indicating the name of
the group to create (or update), optionally the domain the group the group to create (or update), optionally the sector the group
belongs to, and optionally the multicast address of the group. This belongs to, and optionally the multicast address of the group. This
specification does not require that the endpoints belong to the same specification does not require that the endpoints belong to the same
domain as the group, but a Resource Directory implementation can sector as the group, but a Resource Directory implementation can
impose requirements on the domains of groups and endpoints depending impose requirements on the sectors of groups and endpoints depending
on its configuration. on its configuration.
The registration message is a list of links to registration resources The registration message is a list of links to registration resources
of the endpoints that belong to that group. The registration of the endpoints that belong to that group. The CT can use any URI
resources MAY be located on different hosts than the group hosting reference discovered using endpoint lookup from the same server or
RD. In that case the endpoint link points to the registration obtained by registering an endpoint using third party registration
resource on the other RD. The commissioning tool SHOULD NOT attempt and enter it into a group. The use of other URIs is not specified in
to enter a foreign registration in a group unless it found it in the this document and can be defined in others.
group RD's lookup results, or has other reasons to assume that the
foreign registration will be accepted.
The commissioning tool SHOULD not send any target attributes with the The commissioning tool SHOULD not send any target attributes with the
links to the registration resources, and the resource directory links to the registration resources, and the resource directory
SHOULD reject registrations that contain links with unprocessable SHOULD reject registrations that contain links with unprocessable
attributes. attributes.
Configuration of the endpoints themselves is out of scope of this Configuration of the endpoints themselves is out of scope of this
specification. Such an interface for managing the group membership specification. Such an interface for managing the group membership
of an endpoint has been defined in [RFC7390]. of an endpoint has been defined in [RFC7390].
The registration request interface is specified as follows: The registration request interface is specified as follows:
Interaction: CT -> RD Interaction: CT -> RD
Method: POST Method: POST
URI Template: {+rd-group}{?gp,d,con} URI Template: {+rd-group}{?gp,d,base}
URI Template Variables: URI Template Variables:
rd-group := RD Group URI (mandatory). This is the location of rd-group := RD Group URI (mandatory). This is the location of
the RD Group REST API. the RD Group REST API.
gp := Group Name (mandatory). The name of the group to be gp := Group Name (mandatory). The name of the group to be
created or replaced, unique within that domain. The maximum created or replaced, unique within that sector. The maximum
length of this parameter is 63 bytes. length of this parameter is 63 bytes.
d := Domain (optional). The domain to which this group belongs. d := Sector (optional). The sector to which this group belongs.
The maximum length of this parameter is 63 bytes. When this The maximum length of this parameter is 63 bytes. When this
parameter is not present, the RD MAY associate the group with a parameter is not present, the RD MAY associate the group with a
configured default domain or leave it empty. configured default sector or leave it empty.
con := Context (optional). This parameter sets the scheme, base := Group Base URI (optional). This parameter sets the
address and port of the multicast address associated with the scheme, address and port of the multicast address associated
group. When con is used, scheme and host are mandatory and with the group. When base is used, scheme and host are
port parameter is optional. mandatory and port parameter is optional.
Content-Format: application/link-format Content-Format: application/link-format
Content-Format: application/link-format+json Content-Format: application/link-format+json
Content-Format: application/link-format+cbor Content-Format: application/link-format+cbor
The following response codes are defined for this interface: The following response codes are defined for this interface:
Success: 2.01 "Created" or 201 "Created". The Location header Success: 2.01 "Created" or 201 "Created". The Location header or
option MUST be returned in response to a successful group CREATE Location-Path option MUST be returned in response to a successful
operation. This Location MUST be a stable identifier generated by group CREATE operation. This location MUST be a stable identifier
the RD as it is used for delete operations of the group resource. generated by the RD as it is used for delete operations of the
group resource.
As with the Registration operation, the location MUST NOT have a
query or fragment component.
Failure: 4.00 "Bad Request" or 400 "Bad Request". Malformed Failure: 4.00 "Bad Request" or 400 "Bad Request". Malformed
request. request.
Failure: 4.04 "Not Found" or 404 "Not Found". An Endpoint is not
registered in the RD (e.g. may have expired).
Failure: 5.03 "Service Unavailable" or 503 "Service Unavailable". Failure: 5.03 "Service Unavailable" or 503 "Service Unavailable".
Service could not perform the operation. Service could not perform the operation.
HTTP support: YES HTTP support: YES
The following example shows an EP registering a group with the name The following example shows an EP registering a group with the name
"lights" which has two endpoints. The RD group path /rd-group is an "lights" which has two endpoints. The RD group path /rd-group is an
example RD location discovered in a request similar to Figure 6. example RD location discovered in a request similar to Figure 6.
Req: POST coap://rd.example.com/rd-group?gp=lights Req: POST coap://rd.example.com/rd-group?gp=lights
&con=coap://[ff35:30:2001:db8::1] &base=coap://[ff35:30:2001:db8::1]
Content-Format: 40 Content-Format: 40
Payload: Payload:
<coap://other-rd/rd/4521>, </rd/4521>,
</rd/4522> </rd/4522>
Res: 2.01 Created Res: 2.01 Created
Location: /rd-group/12 Location-Path: /rd-group/12
A relative href value denotes the path to the registration resource A relative href value denotes the path to the registration resource
of the Endpoint. When pointing to a registration resource on a of the Endpoint. When pointing to a registration resource on a
different RD, the href value is an absolute URI. different RD, the href value is an absolute URI.
6.2. Group Removal 6.2. Group Removal
A group can be removed simply by sending a removal message to the A group can be removed simply by sending a removal message to the
location of the group registration resource which was returned when location of the group registration resource which was returned when
initially registering the group. Removing a group MUST NOT remove initially registering the group. Removing a group MUST NOT remove
skipping to change at page 36, line 24 skipping to change at page 33, line 50
7.1. Resource lookup 7.1. Resource lookup
Resource lookup results in links that are semantically equivalent to Resource lookup results in links that are semantically equivalent to
the links submitted to the RD if they were accessed on the endpoint the links submitted to the RD if they were accessed on the endpoint
itself. The links and link parameters returned are equal to the itself. The links and link parameters returned are equal to the
submitted, except that the target and anchor references are fully submitted, except that the target and anchor references are fully
resolved. resolved.
Links that did not have an anchor attribute are therefore returned Links that did not have an anchor attribute are therefore returned
with the (explicitly or implicitly set) context URI of the with the (explicitly or implicitly set) base URI of the registration
registration as the anchor. Links whose href or anchor was submitted as the anchor. Links whose href or anchor was submitted as an
as an absolute URI are returned with respective attributes absolute URI are returned with respective attributes unmodified.
unmodified.
Above rules allow the client to interpret the response as links Above rules allow the client to interpret the response as links
without any further knowledge of what the RD does. The Resource without any further knowledge of what the RD does. The Resource
Directory MAY replace the contexts with a configured intermediate Directory MAY replace the registration base URIs with a configured
proxy, e.g. in the case of an HTTP lookup interface for CoAP intermediate proxy, e.g. in the case of an HTTP lookup interface for
endpoints. CoAP endpoints.
7.2. Endpoint and group lookup
Endpoint and group lookups result in links to registration resources
and group resources, respectively. Endpoint registration resources
are annotated with their endpoint names (ep), domains (d, if
present), context (con) and lifetime (lt, if present). Additional
endpoint attributes are added as link attributes to their endpoint
link unless their specification says otherwise. Group resources are
annotated with their group names (gp), domain (d, if present) and
multicast address (con, if present).
While Endpoint Lookup does expose the registration resources, the RD
does not need to make them accessible to clients. Clients SHOULD NOT
attempt to dereference or manipulate them.
A Resource Directory can report endpoints or groups in lookup that
are not hosted at the same address. While the setup and management
of such a distributed system is out of scope for this document,
lookup clients MUST be prepared to see arbitrary URIs as registration
or group resources in the results.
For groups, a Resource Directory as specified here does not provide a
lookup mechanism for the resources that can be accessed on a group's
multicast address (ie. no lookup will return links like
"<coap://[ff35:30:2001:db8::1]/light>;..." for a group registered
with "con=coap://[ff35...]"). Such an additional lookup interface
could be specified in an extension document.
7.3. Lookup filtering 7.2. Lookup filtering
Using the Accept Option, the requester can control whether the Using the Accept Option, the requester can control whether the
returned list is returned in CoRE Link Format ("application/link- returned list is returned in CoRE Link Format ("application/link-
format", default) or its alternate content-formats ("application/ format", default) or its alternate content-formats ("application/
link-format+json" or "application/link-format+cbor"). link-format+json" or "application/link-format+cbor").
The page and count parameters are used to obtain lookup results in The page and count parameters are used to obtain lookup results in
specified increments using pagination, where count specifies how many specified increments using pagination, where count specifies how many
links to return and page specifies which subset of links organized in links to return and page specifies which subset of links organized in
sequential pages, each containing 'count' links, starting with link sequential pages, each containing 'count' links, starting with link
skipping to change at page 37, line 51 skipping to change at page 34, line 50
criterion, or an entity contained in it would: A search criterion criterion, or an entity contained in it would: A search criterion
matches an endpoint if it matches the endpoint itself, any of the matches an endpoint if it matches the endpoint itself, any of the
groups it is contained in or any resource it contains. A search groups it is contained in or any resource it contains. A search
criterion matches a resource if it matches the resource itself, the criterion matches a resource if it matches the resource itself, the
resource's endpoint, or any of the endpoint's groups. resource's endpoint, or any of the endpoint's groups.
Note that "href" is also a valid search criterion and matches target Note that "href" is also a valid search criterion and matches target
references. Like all search criteria, on a resource lookup it can references. Like all search criteria, on a resource lookup it can
match the target reference of the resource link itself, but also the match the target reference of the resource link itself, but also the
registration resource of the endpoint that registered it, or any registration resource of the endpoint that registered it, or any
group resource that endpoint is contained in. group resource that endpoint is contained in. Queries for resource
link targets MUST be in absolute form and are matched against a
resolved link target. Queries for groups and endpoints SHOULD be
expressed in path-absolute form if possible and MUST be expressed in
absolute form otherwise; the RD SHOULD recognize either.
Clients that are interested in a lookup result repeatedly or Clients that are interested in a lookup result repeatedly or
continuously can use mechanisms like ETag caching, resource continuously can use mechanisms like ETag caching, resource
observation ([RFC7641]), or any future mechanism that might allow observation ([RFC7641]), or any future mechanism that might allow
more efficient observations of collections. These are advertised, more efficient observations of collections. These are advertised,
detected and used according to their own specifications and can be detected and used according to their own specifications and can be
used with the lookup interface as with any other resource. used with the lookup interface as with any other resource.
When resource observation is used, every time the set of matching When resource observation is used, every time the set of matching
links changes, or the content of a matching link changes, the RD links changes, or the content of a matching link changes, the RD
skipping to change at page 39, line 25 skipping to change at page 36, line 30
Failure: No error response to a multicast request. Failure: No error response to a multicast request.
Failure: 4.00 "Bad Request" or 400 "Bad Request". Malformed Failure: 4.00 "Bad Request" or 400 "Bad Request". Malformed
request. request.
Failure: 5.03 "Service Unavailable" or 503 "Service Unavailable". Failure: 5.03 "Service Unavailable" or 503 "Service Unavailable".
Service could not perform the operation. Service could not perform the operation.
HTTP support: YES HTTP support: YES
7.4. Lookup examples The group and endpoint lookup return registration resources which can
only be manipulated by the registering endpoint. Examples of group
and endpoint lookup belong to the management aspects of the RD and
are shown in Appendix A.5. The resource lookup examples are shown in
this section.
7.3. Resource lookup examples
The examples in this section assume the existence of CoAP hosts with The examples in this section assume the existence of CoAP hosts with
a default CoAP port 61616. HTTP hosts are possible and do not change a default CoAP port 61616. HTTP hosts are possible and do not change
the nature of the examples. the nature of the examples.
The following example shows a client performing a resource lookup The following example shows a client performing a resource lookup
with the example resource look-up locations discovered in Figure 6: with the example resource look-up locations discovered in Figure 6:
Req: GET /rd-lookup/res?rt=temperature Req: GET /rd-lookup/res?rt=temperature
Res: 2.05 Content Res: 2.05 Content
<coap://[2001:db8:3::123]:61616/temp>;rt="temperature";anchor="coap://[2001:db8:3::123]:61616" <coap://[2001:db8:3::123]:61616/temp>;rt="temperature";
anchor="coap://[2001:db8:3::123]:61616"
The same lookup using the CBOR Link Format media type: The same lookup using the CBOR Link Format media type:
Req: GET /rd-lookup/res?rt=temperature Req: GET /rd-lookup/res?rt=temperature
Accept: TBD64 Accept: TBD64
Res: 2.05 Content Res: 2.05 Content
Content-Format: TBD64 Content-Format: TBD64
Payload in Hex notation: Payload in Hex notation:
81A3017823636F61703A2F2F5B323030313A6462383A333A3A3132335D3A36313631362F 81A3017823636F61703A2F2F5B323030313A6462383A333A3A3132335D3A363136313
74656D7003781E636F61703A2F2F5B323030313A6462383A333A3A3132335D3A36313631 62F74656D7003781E636F61703A2F2F5B323030313A6462383A333A3A3132335D3A36
36096B74656D7065726174757265 31363136096B74656D7065726174757265
Decoded payload: Decoded payload:
[{1: "coap://[2001:db8:3::123]:61616/temp", 9: "temperature", [{1: "coap://[2001:db8:3::123]:61616/temp", 9: "temperature",
3: "coap://[2001:db8:3::123]:61616"}] 3: "coap://[2001:db8:3::123]:61616"}]
A client that wants to be notified of new resources as they show up A client that wants to be notified of new resources as they show up
can use observation: can use observation:
Req: GET /rd-lookup/res?rt=light Req: GET /rd-lookup/res?rt=light
Observe: 0 Observe: 0
Res: 2.05 Content Res: 2.05 Content
Observe: 23 Observe: 23
Payload: empty Payload: empty
skipping to change at page 40, line 40 skipping to change at page 37, line 40
Res: 2.05 Content Res: 2.05 Content
Observe: 24 Observe: 24
Payload: Payload:
<coap://[2001:db8:3::124]/west>;rt="light"; <coap://[2001:db8:3::124]/west>;rt="light";
anchor="coap://[2001:db8:3::124]", anchor="coap://[2001:db8:3::124]",
<coap://[2001:db8:3::124]/south>;rt="light"; <coap://[2001:db8:3::124]/south>;rt="light";
anchor="coap://[2001:db8:3::124]", anchor="coap://[2001:db8:3::124]",
<coap://[2001:db8:3::124]/east>;rt="light"; <coap://[2001:db8:3::124]/east>;rt="light";
anchor="coap://[2001:db8:3::124]" anchor="coap://[2001:db8:3::124]"
The following example shows a client performing an endpoint type (et)
lookup with the value oic.d.sensor (which is currently a registered
rt value):
Req: GET /rd-lookup/ep?et=oic.d.sensor
Res: 2.05 Content
</rd/1234>;con="coap://[2001:db8:3::127]:61616";ep="node5";
et="oic.d.sensor";ct="40";lt="600",
</rd/4521>;con="coap://[2001:db8:3::129]:61616";ep="node7";
et="oic.d.sensor";ct="40";lt="600";d="floor-3"
The following example shows a client performing a group lookup for
all groups:
Req: GET /rd-lookup/gp
Res: 2.05 Content
</rd-group/1>;gp="lights1";d="example.com";con="coap://[ff35:30:2001:db8::1]",
</rd-group/2>;gp="lights2";d="example.com";con="coap://[ff35:30:2001:db8::2]"
The following example shows a client performing a lookup for all
endpoints in a particular group, with one endpoint hosted by another
RD:
Req: GET /rd-lookup/ep?gp=lights1
Res: 2.05 Content
<coap://[other-rd]/rd/abcd>;con="coap://[2001:db8:3::123]:61616";
anchor="coap://[other-rd]";ep="node1";et="oic.d.sensor";ct="40";lt="600",
</rd/efgh>;con="coap://[2001:db8:3::124]:61616";
ep="node2";et="oic.d.sensor";ct="40";lt="600"
The following example shows a client performing a lookup for all
groups the endpoint "node1" belongs to:
Req: GET /rd-lookup/gp?ep=node1
Res: 2.05 Content
</rd-group/1>;gp="lights1"
The following example shows a client performing a paginated resource The following example shows a client performing a paginated resource
lookup lookup
Req: GET /rd-lookup/res?page=0&count=5 Req: GET /rd-lookup/res?page=0&count=5
Res: 2.05 Content Res: 2.05 Content
<coap://[2001:db8:3::123]:61616/res/0>;rt=sensor;ct=60; <coap://[2001:db8:3::123]:61616/res/0>;rt=sensor;ct=60;
anchor="coap://[2001:db8:3::123]:61616", anchor="coap://[2001:db8:3::123]:61616",
<coap://[2001:db8:3::123]:61616/res/1>;rt=sensor;ct=60; <coap://[2001:db8:3::123]:61616/res/1>;rt=sensor;ct=60;
anchor="coap://[2001:db8:3::123]:61616", anchor="coap://[2001:db8:3::123]:61616",
<coap://[2001:db8:3::123]:61616/res/2>;rt=sensor;ct=60; <coap://[2001:db8:3::123]:61616/res/2>;rt=sensor;ct=60;
skipping to change at page 43, line 5 skipping to change at page 39, line 5
The following example shows a client performing a lookup of all The following example shows a client performing a lookup of all
resources from endpoints of all endpoints of a given endpoint type. resources from endpoints of all endpoints of a given endpoint type.
It assumes that two endpoints (with endpoint names "sensor1" and It assumes that two endpoints (with endpoint names "sensor1" and
"sensor2") have previously registered with their respective addresses "sensor2") have previously registered with their respective addresses
"coap://sensor1.example.com" and "coap://sensor2.example.com", and "coap://sensor1.example.com" and "coap://sensor2.example.com", and
posted the very payload of the 6th request of section 5 of [RFC6690]. posted the very payload of the 6th request of section 5 of [RFC6690].
It demonstrates how absolute link targets stay unmodified, while It demonstrates how absolute link targets stay unmodified, while
relative ones are resolved: relative ones are resolved:
Req: GET /rd-lookup/res?et=oic.d.sensor Req: GET /rd-lookup/res?et=oic.d.sensor
<coap://sensor1.example.com/sensors>;ct=40;title="Sensor Index"; <coap://sensor1.example.com/sensors>;ct=40;title="Sensor Index";
anchor="coap://sensor1.example.com", anchor="coap://sensor1.example.com",
<coap://sensor1.example.com/sensors/temp>;rt="temperature-c";if="sensor"; <coap://sensor1.example.com/sensors/temp>;rt="temperature-c";
anchor="coap://sensor1.example.com", if="sensor"; anchor="coap://sensor1.example.com",
<coap://sensor1.example.com/sensors/light>;rt="light-lux";if="sensor"; <coap://sensor1.example.com/sensors/light>;rt="light-lux";
anchor="coap://sensor1.example.com", if="sensor"; anchor="coap://sensor1.example.com",
<http://www.example.com/sensors/t123>;rel="describedby"; <http://www.example.com/sensors/t123>;rel="describedby";
anchor="coap://sensor1.example.com/sensors/temp", anchor="coap://sensor1.example.com/sensors/temp",
<coap://sensor1.example.com/t>;rel="alternate"; <coap://sensor1.example.com/t>;rel="alternate";
anchor="coap://sensor1.example.com/sensors/temp", anchor="coap://sensor1.example.com/sensors/temp",
<coap://sensor2.example.com/sensors>;ct=40;title="Sensor Index"; <coap://sensor2.example.com/sensors>;ct=40;title="Sensor Index";
anchor="coap://sensor2.example.com", anchor="coap://sensor2.example.com",
<coap://sensor2.example.com/sensors/temp>;rt="temperature-c";if="sensor"; <coap://sensor2.example.com/sensors/temp>;rt="temperature-c";
anchor="coap://sensor2.example.com", if="sensor"; anchor="coap://sensor2.example.com",
<coap://sensor2.example.com/sensors/light>;rt="light-lux";if="sensor"; <coap://sensor2.example.com/sensors/light>;rt="light-lux";
anchor="coap://sensor2.example.com", if="sensor"; anchor="coap://sensor2.example.com",
<http://www.example.com/sensors/t123>;rel="describedby"; <http://www.example.com/sensors/t123>;rel="describedby";
anchor="coap://sensor2.example.com/sensors/temp", anchor="coap://sensor2.example.com/sensors/temp",
<coap://sensor2.example.com/t>;rel="alternate"; <coap://sensor2.example.com/t>;rel="alternate";
anchor="coap://sensor2.example.com/sensors/temp" anchor="coap://sensor2.example.com/sensors/temp"
8. Security Considerations 8. Security Considerations
The security considerations as described in Section 7 of [RFC5988] The security considerations as described in Section 7 of [RFC5988]
and Section 6 of [RFC6690] apply. The "/.well-known/core" resource and Section 6 of [RFC6690] apply. The "/.well-known/core" resource
may be protected e.g. using DTLS when hosted on a CoAP server as may be protected e.g. using DTLS when hosted on a CoAP server as
described in [RFC7252]. DTLS or TLS based security SHOULD be used on described in [RFC7252]. DTLS or TLS based security SHOULD be used on
all resource directory interfaces defined in this document. all resource directory interfaces defined in this document.
8.1. Endpoint Identification and Authentication 8.1. Endpoint Identification and Authentication
An Endpoint is determined to be unique within (the domain of) an RD An Endpoint is determined to be unique within (the sector of) an RD
by the Endpoint identifier parameter included during Registration, by the Endpoint identifier parameter included during Registration,
and any associated TLS or DTLS security bindings. An Endpoint MUST and any associated TLS or DTLS security bindings. An Endpoint MUST
NOT be identified by its protocol, port or IP address as these may NOT be identified by its protocol, port or IP address as these may
change over the lifetime of an Endpoint. change over the lifetime of an Endpoint.
Every operation performed by an Endpoint or Client on a resource Every operation performed by an Endpoint or Client on a resource
directory SHOULD be mutually authenticated using Pre-Shared Key, Raw directory SHOULD be mutually authenticated using Pre-Shared Key, Raw
Public Key or Certificate based security. Public Key or Certificate based security.
Consider te following threat: two devices A and B are managed by a Consider the following threat: two devices A and B are managed by a
single server. Both devices have unique, per-device credentials for single server. Both devices have unique, per-device credentials for
use with DTLS to make sure that only parties with authorization to use with DTLS to make sure that only parties with authorization to
access A or B can do so. access A or B can do so.
Now, imagine that a malicious device A wants to sabotage the device Now, imagine that a malicious device A wants to sabotage the device
B. It uses its credentials during the DTLS exchange. Then, it puts B. It uses its credentials during the DTLS exchange. Then, it puts
the endpoint name of device B. If the server does not check whether the endpoint name of device B. If the server does not check whether
the identifier provided in the DTLS handshake matches the identifier the identifier provided in the DTLS handshake matches the identifier
used at the CoAP layer then it may be inclined to use the endpoint used at the CoAP layer then it may be inclined to use the endpoint
name for looking up what information to provision to the malicious name for looking up what information to provision to the malicious
device. device.
Therfore, Endpoints MUST include the Endpoint identifier in the Section 9 specifies an example that removes this threat by using an
message, and this identifier MUST be checked by a resource directory Authorization Server for endpoints that have a certificate installed.
to match the Endpoint identifier included in the Registration
message.
8.2. Access Control 8.2. Access Control
Access control SHOULD be performed separately for the RD Access control SHOULD be performed separately for the RD
registration, Lookup, and group API paths, as different endpoints may registration, Lookup, and group API paths, as different endpoints may
be authorized to register with an RD from those authorized to lookup be authorized to register with an RD from those authorized to lookup
endpoints from the RD. Such access control SHOULD be performed in as endpoints from the RD. Such access control SHOULD be performed in as
fine-grained a level as possible. For example access control for fine-grained a level as possible. For example access control for
lookups could be performed either at the domain, endpoint or resource lookups could be performed either at the sector, endpoint or resource
level. level.
8.3. Denial of Service Attacks 8.3. Denial of Service Attacks
Services that run over UDP unprotected are vulnerable to unknowingly Services that run over UDP unprotected are vulnerable to unknowingly
become part of a DDoS attack as UDP does not require return become part of a DDoS attack as UDP does not require return
routability check. Therefore, an attacker can easily spoof the routability check. Therefore, an attacker can easily spoof the
source IP of the target entity and send requests to such a service source IP of the target entity and send requests to such a service
which would then respond to the target entity. This can be used for which would then respond to the target entity. This can be used for
large-scale DDoS attacks on the target. Especially, if the service large-scale DDoS attacks on the target. Especially, if the service
skipping to change at page 45, line 5 skipping to change at page 40, line 48
implicated in denial-of-service (DoS) attacks since they run on implicated in denial-of-service (DoS) attacks since they run on
unprotected UDP, there is no return routability check, and they can unprotected UDP, there is no return routability check, and they can
have a large amplification factor. The responses from the NTP server have a large amplification factor. The responses from the NTP server
were found to be 19 times larger than the request. A Resource were found to be 19 times larger than the request. A Resource
Directory (RD) which responds to wild-card lookups is potentially Directory (RD) which responds to wild-card lookups is potentially
vulnerable if run with CoAP over UDP. Since there is no return vulnerable if run with CoAP over UDP. Since there is no return
routability check and the responses can be significantly larger than routability check and the responses can be significantly larger than
requests, RDs can unknowingly become part of a DDoS amplification requests, RDs can unknowingly become part of a DDoS amplification
attack. attack.
9. IANA Considerations 9. Authorization Server example
9.1. Resource Types When threats may occur as described in Section 8.1, an Authorization
Server (AS) as specified in [I-D.ietf-ace-oauth-authz] can be used to
remove the threat. An authorized registry request to the Resource
Directory (RD) is accompanied by an Access Token that validates the
access of the client to the RD. In this example, the contents of the
Access Token is specified by a CBOR Web Token (CWT) [RFC8392].
Selecting one of the scenarios of
[I-D.ietf-anima-bootstrapping-keyinfra], the registree-ep has a
certificate that has been inserted at manufacturing time. The
contents of the certificate will be used to generate the unique
endpoint name. The certificate is uniquely identified by the
leftmost CNcomponent of the subject name appended with the serial
number. The unique certificate identifier is used as the unique
endpoint name. The same unique identification is used for the
registree-ep and the Commissioning Tool.
"core.rd", "core.rd-group", "core.rd-lookup-ep", "core.rd-lookup- The case of using RPK or PSK is outside the scope of this example.
res", and "core.rd-lookup-gp" resource types need to be registered
with the resource type registry defined by [RFC6690].
9.2. IPv6 ND Resource Directory Address Option Figure 8 shows the example certificate used to specify the claim
values in the CWT. Serial number 01:02:03:04:05:06:07:08, and CN
field, Fairhair, in the subject field are concatenated to create a
unique certificate identifier: Fairhair-01:02:03:04:05:06:07:08,
which is used in Figure 9 and Figure 10 as "sub" claim and "epn"
claim values respectively.
Certificate: Data:
Version: 3 (0x2)
Serial Number: 01:02:03:04:05:06:07:08
Signature Algorithm: md5WithRSA
Encryption Issuer: C=US, ST=Florida, O=Acme, Inc., OU=Security,
CN=CA
Authority/emailAddress=ca@acme.com
Validity Not Before: Aug 20 12:59:55 2013 GMT
Not After : Aug 20 12:59:55 2013 GMT
Subject: C=US, ST=Florida, O=Acme, Inc., OU=Sales, CN=Fairhair
Subject Public Key
Info: Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit) Modulus (1024 bit):
00:be:5e:6e:f8:2c:c7:8c:07:7e:f0:ab:a5:12:db:
fc:5a:1e:27:ba:49:b0:2c:e1:cb:4b:05:f2:23:09:
77:13:75:57:08:29:45:29:d0:db:8c:06:4b:c3:10:
88:e1:ba:5e:6f:1e:c0:2e:42:82:2b:e4:fa:ba:bc:
45:e9:98:f8:e9:00:84:60:53:a6:11:2e:18:39:6e:
ad:76:3e:75:8d:1e:b1:b2:1e:07:97:7f:49:31:35:
25:55:0a:28:11:20:a6:7d:85:76:f7:9f:c4:66:90:
e6:2d:ce:73:45:66:be:56:aa:ee:93:ae:10:f9:ba:
24:fe:38:d0:f0:23:d7:a1:3b
Exponent: 65537 (0x10001)
Figure 8: Sample X.509 version 3 certificate for Fairhair device
issued by the Acme corporation.
Three sections for as many authorized RD registration scenarios
describe: (1) the registree-ep registers itself with the RD, (2) a
3rd party Commissioning Tool (CT) registers the registree-ep with the
RD, and (3) A client updates multiple links in an RD.
9.1. Registree-ep registers with RD
The registree-ep sends a Request to the RD accompanied by a CBOR Web
Token (CWT). To prevent ambiguities, the URI of the authorized
request cannot contain the ep= or the d= parameters which are
specified in the CWT. When these parameters are present in the URI,
the request is rejected with CoAP response code 4.00 (bad request).
The CWT of Figure 9 authorizes the registree-ep to register itself in
the RD by specifying the certificate identifier of the registree-ep
in the sub claim. The same value is assigned to the endpoint name of
the registree-ep in the RD.
The claim set of the CWT is represented in CBOR diagnostic notation
{
/iss/ 1: "coaps://as.example.com", / identifies the AS/
/sub/ 2: "Fairhair_01:02:03:04:05:06:07:08",
/ certificate identifier uniquely identifies registree-ep/
/aud/ 3: "coaps://rd.example.com" / audience is the RD/
}
Figure 9: Claim set of CWT for registering registree-ep
9.2. Third party Commissioning Tool (CT) registers registree-ep with
RD.
The CT sends a Request to the RD accompanied by a CBOR Web Token
(CWT). To prevent ambiguities, the URI of an authorized request
cannot contain the ep= or the d= parameters which are specified in
the CWT. When these parameters are present in the URI, the request
is rejected with CoAP response code 4.00 (bad request). The CWT of
Figure 10 authorizes the CT to register the registree-ep by
specifying the certificate identifier,
Fairhair_08:07:06:05:04:03:02:01, of the CT in the "sub" claim. Next
to the certificate identifier of the CT, the CWT needs to specify the
security identifier of the registree-ep. The new "rd_epn" claim is
used to specify the value of the certificate identifier
Fairhair_01:02:03:04:05:06:07:08, of the registree-ep. The CWT may
contain the optional new "rd_sct" claim to assign a sector name to
the registree-ep.
The claim set is represented in CBOR diagnostic notation
{
/iss/ 1: "coaps://as.example.com", / identifies the AS/
/sub/ 2: "Fairhair_08:07:06:05:04:03:02:01",
/ certificate identifier uniquely identifies CT/
/aud/ 3: "coaps://rd.example.com", / audience is the RD/
/rd_epn/ y: "Fairhair_01:02:03:04:05:06:07:08",
/certificate identifier uniquely identifies registree-ep/
/rd_sct/ z: "my-devices" /optional sector name/
}
Figure 10: Claim set of CWT for registering registree-ep by CT
9.3. Updating multiple links
Appendix A.4 of RD specifies that multiple links can be updated with
a media format to be specified. The updating endpoint sends a
Request to the RD accompanied by a CWT. The "sub" claim of the CWT
contains the certificate identifier of the updating endpoint.
Updating registrations and links cannot not change or delete the
endpoint names. Consequently, the updating endpoint is authorized by
the CWT to change all links of its registrations but cannot delete or
add registrations. The CWT of Figure 9 and Figure 10 authorize an
updating registree-ep or an updating CT respectively.
10. IANA Considerations
10.1. Resource Types
IANA is asked to enter the following values into the Resource Type
(rt=) Link Target Attribute Values subregistry of the Constrained
Restful Environments (CoRE) Parameters registry defined in [RFC6690]:
+--------------------+----------------------------+-----------------+
| Value | Description | Reference |
+--------------------+----------------------------+-----------------+
| core.rd | Directory resource of an | RFCTHIS Section |
| | RD | 5.2 |
| core.rd-group | Group directory resource | RFCTHIS Section |
| | of an RD | 5.2 |
| core.rd-lookup-res | Resource lookup of an RD | RFCTHIS Section |
| | | 5.2 |
| core.rd-lookup-ep | Endpoint lookup of an RD | RFCTHIS Section |
| | | 5.2 |
| core.rd-lookup-gp | Group lookup of an RD | RFCTHIS Section |
| | | 5.2 |
| core.rd-ep | Endpoint resource of an RD | RFCTHIS Section |
| | | 7 |
| core.rd-gp | Group resource of an RD | RFCTHIS Section |
| | | 7 |
+--------------------+----------------------------+-----------------+
10.2. IPv6 ND Resource Directory Address Option
This document registers one new ND option type under the subregistry This document registers one new ND option type under the subregistry
"IPv6 Neighbor Discovery Option Formats": "IPv6 Neighbor Discovery Option Formats":
o Resource Directory address Option (38) o Resource Directory address Option (38)
9.3. RD Parameter Registry 10.3. RD Parameter Registry
This specification defines a new sub-registry for registration and This specification defines a new sub-registry for registration and
lookup parameters called "RD Parameters" under "CoRE Parameters". lookup parameters called "RD Parameters" under "CoRE Parameters".
Although this specification defines a basic set of parameters, it is Although this specification defines a basic set of parameters, it is
expected that other standards that make use of this interface will expected that other standards that make use of this interface will
define new ones. define new ones.
Each entry in the registry must include Each entry in the registry must include
o the human readable name of the parameter, o the human readable name of the parameter,
skipping to change at page 46, line 10 skipping to change at page 45, line 22
The mechanisms around new RD parameters should be designed in such a The mechanisms around new RD parameters should be designed in such a
way that they tolerate RD implementations that are unaware of the way that they tolerate RD implementations that are unaware of the
parameter and expose any parameter passed at registration or updates parameter and expose any parameter passed at registration or updates
on in endpoint lookups. (For example, if a parameter used at on in endpoint lookups. (For example, if a parameter used at
registration were to be confidential, the registering endpoint should registration were to be confidential, the registering endpoint should
be instructed to only set that parameter if the RD advertises support be instructed to only set that parameter if the RD advertises support
for keeping it confidential at the discovery step.) for keeping it confidential at the discovery step.)
Initial entries in this sub-registry are as follows: Initial entries in this sub-registry are as follows:
+----------+-------+---------------+-----+--------------------------+ +--------------+-------+---------------+-----+----------------------+
| Full | Short | Validity | Use | Description | | Full name | Short | Validity | Use | Description |
| name | | | | | +--------------+-------+---------------+-----+----------------------+
+----------+-------+---------------+-----+--------------------------+ | Endpoint | ep | | RLA | Name of the |
| Endpoint | ep | | RLA | Name of the endpoint, | | Name | | | | endpoint, max 63 |
| Name | | | | max 63 bytes | | | | | | bytes |
| Lifetime | lt | 60-4294967295 | RLA | Lifetime of the | | Lifetime | lt | 60-4294967295 | R | Lifetime of the |
| | | | | registration in seconds | | | | | | registration in |
| Domain | d | | RLA | Domain to which this | | | | | | seconds |
| | | | | endpoint belongs | | Sector | d | | RLA | Sector to which this |
| Context | con | URI | RLA | The scheme, address and | | | | | | endpoint belongs |
| | | | | port and path at which | | Registration | base | URI | RLA | The scheme, address |
| | | | | this server is available | | Base URI | | | | and port and path at |
| Group | gp | | RLA | Name of a group in the | | | | | | which this server is |
| Name | | | | RD | | | | | | available |
| Page | page | Integer | L | Used for pagination | | Group Name | gp | | RLA | Name of a group in |
| Count | count | Integer | L | Used for pagination | | | | | | the RD |
| Endpoint | et | | RLA | Semantic name of the | | Page | page | Integer | L | Used for pagination |
| Type | | | | endpoint (see Section | | Count | count | Integer | L | Used for pagination |
| | | | | 9.4) | | Endpoint | et | | RLA | Semantic name of the |
+----------+-------+---------------+-----+--------------------------+ | Type | | | | endpoint (see |
| | | | | Section 10.4) |
+--------------+-------+---------------+-----+----------------------+
Table 2: RD Parameters Table 2: RD Parameters
(Short: Short name used in query parameters or link attributes. Use: (Short: Short name used in query parameters or link attributes. Use:
R = used at registration, L = used at lookup, A = expressed in link R = used at registration, L = used at lookup, A = expressed in link
attribute attribute
The descriptions for the options defined in this document are only The descriptions for the options defined in this document are only
summarized here. To which registrations they apply and when they are summarized here. To which registrations they apply and when they are
to be shown is described in the respective sections of this document. to be shown is described in the respective sections of this document.
The IANA policy for future additions to the sub-registry is "Expert The IANA policy for future additions to the sub-registry is "Expert
Review" as described in [RFC8126]. The evaluation should consider Review" as described in [RFC8126]. The evaluation should consider
formal criteria, duplication of functionality (Is the new entry formal criteria, duplication of functionality (Is the new entry
redundant with an existing one?), topical suitability (Eg. is the redundant with an existing one?), topical suitability (Eg. is the
described property actually a property of the endpoint and not a described property actually a property of the endpoint and not a
property of a particular resource, in which case it should go into property of a particular resource, in which case it should go into
skipping to change at page 47, line 10 skipping to change at page 46, line 24
the payload of the registration and need not be registered?), and the the payload of the registration and need not be registered?), and the
potential for conflict with commonly used link attributes (For potential for conflict with commonly used link attributes (For
example, "if" could be used as a parameter for conditional example, "if" could be used as a parameter for conditional
registration if it were not to be used in lookup or attributes, but registration if it were not to be used in lookup or attributes, but
would make a bad parameter for lookup, because a resource lookup with would make a bad parameter for lookup, because a resource lookup with
an "if" query parameter could ambiguously filter by the registered an "if" query parameter could ambiguously filter by the registered
endpoint property or the [RFC6690] link attribute). It is expected endpoint property or the [RFC6690] link attribute). It is expected
that the registry will receive between 5 and 50 registrations in that the registry will receive between 5 and 50 registrations in
total over the next years. total over the next years.
9.3.1. Full description of the "Endpoint Type" Registration Parameter 10.3.1. Full description of the "Endpoint Type" Registration Parameter
An endpoint registering at an RD can describe itself with endpoint An endpoint registering at an RD can describe itself with endpoint
types, similar to how resources are described with Resource Types in types, similar to how resources are described with Resource Types in
[RFC6690]. An endpoint type is expressed as a string, which can be [RFC6690]. An endpoint type is expressed as a string, which can be
either a URI or one of the values defined in the Endpoint Type either a URI or one of the values defined in the Endpoint Type
subregistry. Endpoint types can be passed in the "et" query subregistry. Endpoint types can be passed in the "et" query
parameter as part of extra-attrs at the Registration step, are shown parameter as part of extra-attrs at the Registration step, are shown
on endpoint lookups using the "et" target attribute, and can be on endpoint lookups using the "et" target attribute, and can be
filtered for using "et" as a search criterion in resource and filtered for using "et" as a search criterion in resource and
endpoint lookup. Multiple endpoint types are given as separate query endpoint lookup. Multiple endpoint types are given as separate query
parameters or link attributes. parameters or link attributes.
Note that Endpoint Type differs from Resource Type in that it uses Note that Endpoint Type differs from Resource Type in that it uses
multiple attributes rather than space separated values. As a result, multiple attributes rather than space separated values. As a result,
Resource Directory implementations automatically support correct Resource Directory implementations automatically support correct
filtering in the lookup interfaces from the rules for unknown filtering in the lookup interfaces from the rules for unknown
endpoint attributes. endpoint attributes.
9.4. "Endpoint Type" (et=) RD Parameter values 10.4. "Endpoint Type" (et=) RD Parameter values
This specification establishes a new sub-registry under "CoRE This specification establishes a new sub-registry under "CoRE
Parameters" called '"Endpoint Type" (et=) RD Parameter values'. The Parameters" called '"Endpoint Type" (et=) RD Parameter values'. The
registry properties (required policy, requirements, template) are registry properties (required policy, requirements, template) are
identical to those of the Resource Type parameters in [RFC6690], in identical to those of the Resource Type parameters in [RFC6690], in
short: short:
The review policy is IETF Review for values starting with "core", and The review policy is IETF Review for values starting with "core", and
Specification Required for others. Specification Required for others.
The requirements to be enforced are: The requirements to be enforced are:
o The values MUST be related to the purpose described in o The values MUST be related to the purpose described in
Section 9.3.1. Section 10.3.1.
o The registered values MUST conform to the ABNF reg-rel-type o The registered values MUST conform to the ABNF reg-rel-type
definition of [RFC6690] and MUST NOT be a URI. definition of [RFC6690] and MUST NOT be a URI.
o It is recommended to use the period "." character for o It is recommended to use the period "." character for
segmentation. segmentation.
The registry is initially empty. The registry is initially empty.
9.5. Multicast Address Registration 10.5. Multicast Address Registration
IANA has assigned the following multicast addresses for use by CoAP IANA has assigned the following multicast addresses for use by CoAP
nodes: nodes:
IPv4 - "all CoRE resource directories" address, from the "IPv4 IPv4 - "all CoRE resource directories" address, from the "IPv4
Multicast Address Space Registry" equal to "All CoAP Nodes", Multicast Address Space Registry" equal to "All CoAP Nodes",
224.0.1.187. As the address is used for discovery that may span 224.0.1.187. As the address is used for discovery that may span
beyond a single network, it has come from the Internetwork Control beyond a single network, it has come from the Internetwork Control
Block (224.0.1.x, RFC 5771). Block (224.0.1.x, RFC 5771).
IPv6 - "all CoRE resource directories" address MCD1 (uggestions IPv6 - "all CoRE resource directories" address MCD1 (suggestions
FF0X::FE), from the "IPv6 Multicast Address Space Registry", in the FF0X::FE), from the "IPv6 Multicast Address Space Registry", in the
"Variable Scope Multicast Addresses" space (RFC 3307). Note that "Variable Scope Multicast Addresses" space (RFC 3307). Note that
there is a distinct multicast address for each scope that interested there is a distinct multicast address for each scope that interested
CoAP nodes should listen to; CoAP needs the Link-Local and Site-Local CoAP nodes should listen to; CoAP needs the Link-Local and Site-Local
scopes only. scopes only.
10. Examples 10.6. CBOR Web Token claims
This specification registers the following new claims in the CBOR Web
Token (CWT) registry of CBOR Web Token Claims:
Claim "rd_epn"
o Claim Name: "rd_epn"
o Claim Description: The endpoint name of the RD entry as described
in Section 9 of RFCTHIS.
o JWT Claim Name: N/A
o Claim Key: y
o Claim Value Type(s): 0 (uint), 2 (byte string), 3 (text string)
o Change Controller: IESG
o Specification Document(s): Section 9 of RFCTHIS
Claim "rd_sct"
o Claim Name: "rd_sct"
o Claim Description: The sector name of the RD entry as described in
Section 9 of RFCTHIS.
o JWT Claim Name: N/A
o Claim Key: z
o Claim Value Type(s): 0 (uint), 2 (byte string), 3 (text string)
o Change Controller: IESG
o Specification Document(s): Section 9 of RFCTHIS
Mapping of claim name to CWT key
+----------------+----------+-------------+
| Parameter name | CBOR key | Value type |
+----------------+----------+-------------+
| rd_epn | y | Text string |
| rd_sct | z | Text string |
+----------------+----------+-------------+
11. Examples
Two examples are presented: a Lighting Installation example in Two examples are presented: a Lighting Installation example in
Section 10.1 and a LWM2M example in Section 10.2. Section 11.1 and a LWM2M example in Section 11.2.
10.1. Lighting Installation 11.1. Lighting Installation
This example shows a simplified lighting installation which makes use This example shows a simplified lighting installation which makes use
of the Resource Directory (RD) with a CoAP interface to facilitate of the Resource Directory (RD) with a CoAP interface to facilitate
the installation and start up of the application code in the lights the installation and start up of the application code in the lights
and sensors. In particular, the example leads to the definition of a and sensors. In particular, the example leads to the definition of a
group and the enabling of the corresponding multicast address. No group and the enabling of the corresponding multicast address. No
conclusions must be drawn on the realization of actual installation conclusions must be drawn on the realization of actual installation
or naming procedures, because the example only "emphasizes" some of or naming procedures, because the example only "emphasizes" some of
the issues that may influence the use of the RD and does not pretend the issues that may influence the use of the RD and does not pretend
to be normative. to be normative.
10.1.1. Installation Characteristics 11.1.1. Installation Characteristics
The example assumes that the installation is managed. That means The example assumes that the installation is managed. That means
that a Commissioning Tool (CT) is used to authorize the addition of that a Commissioning Tool (CT) is used to authorize the addition of
nodes, name them, and name their services. The CT can be connected nodes, name them, and name their services. The CT can be connected
to the installation in many ways: the CT can be part of the to the installation in many ways: the CT can be part of the
installation network, connected by WiFi to the installation network, installation network, connected by WiFi to the installation network,
or connected via GPRS link, or other method. or connected via GPRS link, or other method.
It is assumed that there are two naming authorities for the It is assumed that there are two naming authorities for the
installation: (1) the network manager that is responsible for the installation: (1) the network manager that is responsible for the
skipping to change at page 49, line 38 skipping to change at page 50, line 16
| Name | IPv6 address | | Name | IPv6 address |
+--------------------+----------------+ +--------------------+----------------+
| luminary1 | 2001:db8:4::1 | | luminary1 | 2001:db8:4::1 |
| luminary2 | 2001:db8:4::2 | | luminary2 | 2001:db8:4::2 |
| Presence sensor | 2001:db8:4::3 | | Presence sensor | 2001:db8:4::3 |
| Resource directory | 2001:db8:4::ff | | Resource directory | 2001:db8:4::ff |
+--------------------+----------------+ +--------------------+----------------+
Table 3: interface SLAAC addresses Table 3: interface SLAAC addresses
In Section 10.1.2 the use of resource directory during installation In Section 11.1.2 the use of resource directory during installation
is presented. is presented.
10.1.2. RD entries 11.1.2. RD entries
It is assumed that access to the DNS infrastructure is not always It is assumed that access to the DNS infrastructure is not always
possible during installation. Therefore, the SLAAC addresses are possible during installation. Therefore, the SLAAC addresses are
used in this section. used in this section.
For discovery, the resource types (rt) of the devices are important. For discovery, the resource types (rt) of the devices are important.
The lamps in the luminaries have rt: light, and the presence sensor The lamps in the luminaries have rt: light, and the presence sensor
has rt: p-sensor. The endpoints have names which are relevant to the has rt: p-sensor. The endpoints have names which are relevant to the
light installation manager. In this case luminary1, luminary2, and light installation manager. In this case luminary1, luminary2, and
the presence sensor are located in room 2-4-015, where luminary1 is the presence sensor are located in room 2-4-015, where luminary1 is
skipping to change at page 50, line 31 skipping to change at page 51, line 10
| sensor | | | | | sensor | | | |
+----------------+------------------+---------------+---------------+ +----------------+------------------+---------------+---------------+
Table 4: Resource Directory identifiers Table 4: Resource Directory identifiers
It is assumed that the CT knows the RD's address, and has performed It is assumed that the CT knows the RD's address, and has performed
URI discovery on it that returned a response like the one in the URI discovery on it that returned a response like the one in the
Section 5.2 example. Section 5.2 example.
The CT inserts the endpoints of the luminaries and the sensor in the The CT inserts the endpoints of the luminaries and the sensor in the
RD using the Context parameter (con) to specify the interface RD using the registration base URI parameter (base) to specify the
address: interface address:
Req: POST coap://[2001:db8:4::ff]/rd Req: POST coap://[2001:db8:4::ff]/rd
?ep=lm_R2-4-015_wndw&con=coap://[2001:db8:4::1]&d=R2-4-015 ?ep=lm_R2-4-015_wndw&base=coap://[2001:db8:4::1]&d=R2-4-015
Payload: Payload:
</light/left>;rt="light", </light/left>;rt="light",
</light/middle>;rt="light", </light/middle>;rt="light",
</light/right>;rt="light" </light/right>;rt="light"
Res: 2.01 Created Res: 2.01 Created
Location: /rd/4521 Location-Path: /rd/4521
Req: POST coap://[2001:db8:4::ff]/rd Req: POST coap://[2001:db8:4::ff]/rd
?ep=lm_R2-4-015_door&con=coap://[2001:db8:4::2]&d=R2-4-015 ?ep=lm_R2-4-015_door&base=coap://[2001:db8:4::2]&d=R2-4-015
Payload: Payload:
</light/left>;rt="light", </light/left>;rt="light",
</light/middle>;rt="light", </light/middle>;rt="light",
</light/right>;rt="light" </light/right>;rt="light"
Res: 2.01 Created Res: 2.01 Created
Location: /rd/4522 Location-Path: /rd/4522
Req: POST coap://[2001:db8:4::ff]/rd Req: POST coap://[2001:db8:4::ff]/rd
?ep=ps_R2-4-015_door&con=coap://[2001:db8:4::3]d&d=R2-4-015 ?ep=ps_R2-4-015_door&base=coap://[2001:db8:4::3]d&d=R2-4-015
Payload: Payload:
</ps>;rt="p-sensor" </ps>;rt="p-sensor"
Res: 2.01 Created Res: 2.01 Created
Location: /rd/4523 Location-Path: /rd/4523
The domain name d=R2-4-015 has been added for an efficient lookup The sector name d=R2-4-015 has been added for an efficient lookup
because filtering on "ep" name is more awkward. The same domain name because filtering on "ep" name is more awkward. The same sector name
is communicated to the two luminaries and the presence sensor by the is communicated to the two luminaries and the presence sensor by the
CT. CT.
The group is specified in the RD. The Context parameter is set to The group is specified in the RD. The base parameter is set to the
the site-local multicast address allocated to the group. In the POST site-local multicast address allocated to the group. In the POST in
in the example below, these two endpoints and the endpoint of the the example below, these two endpoints and the endpoint of the
presence sensor are registered as members of the group. presence sensor are registered as members of the group.
Req: POST coap://[2001:db8:4::ff]/rd-group Req: POST coap://[2001:db8:4::ff]/rd-group
?gp=grp_R2-4-015&con=coap://[ff05::1] ?gp=grp_R2-4-015&base=coap://[ff05::1]
Payload: Payload:
</rd/4521>, </rd/4521>,
</rd/4522>, </rd/4522>,
</rd/4523> </rd/4523>
Res: 2.01 Created Res: 2.01 Created
Location: /rd-group/501 Location-Path: /rd-group/501
After the filling of the RD by the CT, the application in the After the filling of the RD by the CT, the application in the
luminaries can learn to which groups they belong, and enable their luminaries can learn to which groups they belong, and enable their
interface for the multicast address. interface for the multicast address.
The luminary, knowing its domain, queries the RD for the endpoint The luminary, knowing its sector and own IPv6 address, looks up the
with rt=light and d=R2-4-015. The RD returns all endpoints in the groups containing light resources it is assigned to:
domain.
Req: GET coap://[2001:db8:4::ff]/rd-lookup/ep
?d=R2-4-015&rt=light
Res: 2.05 Content
</rd/4521>;con="coap://[2001:db8:4::1]";
ep="lm_R2-4-015_wndw",
</rd/4522>;con="coap://[2001:db8:4::2]";
ep="lm_R2-4-015_door"
Knowing its own IPv6 address, the luminary discovers its endpoint
name. With the endpoint name the luminary queries the RD for all
groups to which the endpoint belongs.
Req: GET coap://[2001:db8:4::ff]/rd-lookup/gp Req: GET coap://[2001:db8:4::ff]/rd-lookup/gp
?ep=lm_R2-4-015_wndw ?d=R2-4-015&base=coap://[2001:db8:4::1]&rt=light
Res: 2.05 Content Res: 2.05 Content
</rd-group/501>;gp="grp_R2-4-015";con="coap://[ff05::1]" </rd-group/501>;gp="grp_R2-4-015";base="coap://[ff05::1]"
From the context parameter value, the luminary learns the multicast From the returned base parameter value, the luminary learns the
address of the multicast group. multicast address of the multicast group.
Alternatively, the CT can communicate the multicast address directly Alternatively, the CT can communicate the multicast address directly
to the luminaries by using the "coap-group" resource specified in to the luminaries by using the "coap-group" resource specified in
[RFC7390]. [RFC7390].
Req: POST coap://[2001:db8:4::1]/coap-group Req: POST coap://[2001:db8:4::1]/coap-group
Content-Format: application/coap-group+json Content-Format: application/coap-group+json
Payload: Payload:
{ "a": "[ff05::1]", "n": "grp_R2-4-015"} { "a": "[ff05::1]", "n": "grp_R2-4-015"}
Res: 2.01 Created Res: 2.01 Created
Location-Path: /coap-group/1 Location-Path: /coap-group/1
Dependent on the situation, only the address, "a", or the name, "n", Dependent on the situation, only the address, "a", or the name, "n",
is specified in the coap-group resource. is specified in the coap-group resource.
10.2. OMA Lightweight M2M (LWM2M) Example 11.2. OMA Lightweight M2M (LWM2M) Example
This example shows how the OMA LWM2M specification makes use of This example shows how the OMA LWM2M specification makes use of
Resource Directory (RD). Resource Directory (RD).
OMA LWM2M is a profile for device services based on CoAP(OMA Name OMA LWM2M is a profile for device services based on CoAP(OMA Name
Authority). LWM2M defines a simple object model and a number of Authority). LWM2M defines a simple object model and a number of
abstract interfaces and operations for device management and device abstract interfaces and operations for device management and device
service enablement. service enablement.
An LWM2M server is an instance of an LWM2M middleware service layer, An LWM2M server is an instance of an LWM2M middleware service layer,
containing a Resource Directory along with other LWM2M interfaces containing a Resource Directory along with other LWM2M interfaces
defined by the LWM2M specification. defined by the LWM2M specification.
CoRE Resource Directory (RD) is used to provide the LWM2M CoRE Resource Directory (RD) is used to provide the LWM2M
Registration interface. Registration interface.
LWM2M does not provide for registration domains and does not LWM2M does not provide for registration sectors and does not
currently use the rd-group or rd-lookup interfaces. currently use the rd-group or rd-lookup interfaces.
The LWM2M specification describes a set of interfaces and a resource The LWM2M specification describes a set of interfaces and a resource
model used between a LWM2M device and an LWM2M server. Other model used between a LWM2M device and an LWM2M server. Other
interfaces, proxies, and applications are currently out of scope for interfaces, proxies, and applications are currently out of scope for
LWM2M. LWM2M.
The location of the LWM2M Server and RD URI path is provided by the The location of the LWM2M Server and RD URI path is provided by the
LWM2M Bootstrap process, so no dynamic discovery of the RD is used. LWM2M Bootstrap process, so no dynamic discovery of the RD is used.
LWM2M Servers and endpoints are not required to implement the /.well- LWM2M Servers and endpoints are not required to implement the /.well-
known/core resource. known/core resource.
10.2.1. The LWM2M Object Model 11.2.1. The LWM2M Object Model
The OMA LWM2M object model is based on a simple 2 level class The OMA LWM2M object model is based on a simple 2 level class
hierarchy consisting of Objects and Resources. hierarchy consisting of Objects and Resources.
An LWM2M Resource is a REST endpoint, allowed to be a single value or An LWM2M Resource is a REST endpoint, allowed to be a single value or
an array of values of the same data type. an array of values of the same data type.
An LWM2M Object is a resource template and container type that An LWM2M Object is a resource template and container type that
encapsulates a set of related resources. An LWM2M Object represents encapsulates a set of related resources. An LWM2M Object represents
a specific type of information source; for example, there is a LWM2M a specific type of information source; for example, there is a LWM2M
skipping to change at page 54, line 38 skipping to change at page 54, line 39
example, a LWM2M URI might be: example, a LWM2M URI might be:
/1/0/1 /1/0/1
The base uri is empty, the Object ID is 1, the instance ID is 0, the The base uri is empty, the Object ID is 1, the instance ID is 0, the
resource ID is 1, and the resource instance is "undefined". This resource ID is 1, and the resource instance is "undefined". This
example URI points to internal resource 1, which represents the example URI points to internal resource 1, which represents the
registration lifetime configured, in instance 0 of a type 1 object registration lifetime configured, in instance 0 of a type 1 object
(LWM2M Server Object). (LWM2M Server Object).
10.2.2. LWM2M Register Endpoint 11.2.2. LWM2M Register Endpoint
LWM2M defines a registration interface based on the REST API, LWM2M defines a registration interface based on the REST API,
described in Section 5. The RD registration URI path of the LWM2M described in Section 5. The RD registration URI path of the LWM2M
Resource Directory is specified to be "/rd". Resource Directory is specified to be "/rd".
LWM2M endpoints register object IDs, for example </1>, to indicate LWM2M endpoints register object IDs, for example </1>, to indicate
that a particular object type is supported, and register object that a particular object type is supported, and register object
instances, for example </1/0>, to indicate that a particular instance instances, for example </1/0>, to indicate that a particular instance
of that object type exists. of that object type exists.
skipping to change at page 55, line 42 skipping to change at page 55, line 44
| SMS | sms | | MSISDN | | SMS | sms | | MSISDN |
| Number | | | | | Number | | | |
+-----------+-------+-------------------------------+---------------+ +-----------+-------+-------------------------------+---------------+
Table 5: LWM2M Additional Registration Parameters Table 5: LWM2M Additional Registration Parameters
The following RD registration parameters are not currently specified The following RD registration parameters are not currently specified
for use in LWM2M: for use in LWM2M:
et - Endpoint Type et - Endpoint Type
con - Context base - Registration Base URI
The endpoint registration must include a payload containing links to The endpoint registration must include a payload containing links to
all supported objects and existing object instances, optionally all supported objects and existing object instances, optionally
including the appropriate link-format relations. including the appropriate link-format relations.
Here is an example LWM2M registration payload: Here is an example LWM2M registration payload:
</1>,</1/0>,</3/0>,</5> </1>,</1/0>,</3/0>,</5>
This link format payload indicates that object ID 1 (LWM2M Server This link format payload indicates that object ID 1 (LWM2M Server
Object) is supported, with a single instance 0 existing, object ID 3 Object) is supported, with a single instance 0 existing, object ID 3
(LWM2M Device object) is supported, with a single instance 0 (LWM2M Device object) is supported, with a single instance 0
existing, and object 5 (LWM2M Firmware Object) is supported, with no existing, and object 5 (LWM2M Firmware Object) is supported, with no
existing instances. existing instances.
10.2.3. LWM2M Update Endpoint Registration 11.2.3. LWM2M Update Endpoint Registration
The LwM2M update is really very similar to the registration update as The LwM2M update is really very similar to the registration update as
described in Section 5.4.1, with the only difference that there are described in Appendix A.1, with the only difference that there are
more parameters defined and available. All the parameters listed in more parameters defined and available. All the parameters listed in
that section are also available with the initial registration but are that section are also available with the initial registration but are
all optional: all optional:
lt - Registration Lifetime lt - Registration Lifetime
b - Protocol Binding b - Protocol Binding
sms - MSISDN sms - MSISDN
link payload - new or modified links link payload - new or modified links
A Registration update is also specified to be used to update the A Registration update is also specified to be used to update the
LWM2M server whenever the endpoint's UDP port or IP address are LWM2M server whenever the endpoint's UDP port or IP address are
changed. changed.
10.2.4. LWM2M De-Register Endpoint 11.2.4. LWM2M De-Register Endpoint
LWM2M allows for de-registration using the delete method on the LWM2M allows for de-registration using the delete method on the
returned location from the initial registration operation. LWM2M de- returned location from the initial registration operation. LWM2M de-
registration proceeds as described in Section 5.4.2. registration proceeds as described in Appendix A.2.
11. Acknowledgments 12. Acknowledgments
Oscar Novo, Srdjan Krco, Szymon Sasin, Kerry Lynn, Esko Dijk, Anders Oscar Novo, Srdjan Krco, Szymon Sasin, Kerry Lynn, Esko Dijk, Anders
Brandt, Matthieu Vial, Jim Schaad, Mohit Sethi, Hauke Petersen, Brandt, Matthieu Vial, Jim Schaad, Mohit Sethi, Hauke Petersen,
Hannes Tschofenig, Sampo Ukkola, Linyi Tian, and Jan Newmarch have Hannes Tschofenig, Sampo Ukkola, Linyi Tian, and Jan Newmarch have
provided helpful comments, discussions and ideas to improve and shape provided helpful comments, discussions and ideas to improve and shape
this document. Zach would also like to thank his colleagues from the this document. Zach would also like to thank his colleagues from the
EU FP7 SENSEI project, where many of the resource directory concepts EU FP7 SENSEI project, where many of the resource directory concepts
were originally developed. were originally developed.
12. Changelog 13. Changelog
changes from -13 to -14
o Rename "registration context" to "registration base URI" (and
"con" to "base") and "domain" to "sector" (where the abbreviation
"d" stays for compatibility reasons)
o Introduced resource types core.rd-ep and core.rd-gp
o Registration management moved to appendix A, including endpoint
and group lookup
o Minor editorial changes
* PATCH/iPATCH is clearly deferred to another document
* Recommend against query / fragment identifier in con=
* Interface description lists are described as illustrative
* Rewording of Simple Registration
o Simple registration carries no error information and succeeds
immediately (previously, sequence was unspecified)
o Lookup: href are matched against resolved values (previously, this
was unspecified)
o Lookup: lt are not exposed any more
o con/base: Paths are allowed
o Registration resource locations can not have query or fragment
parts
o Default life time extended to 25 hours
o clarified registration update rules
o lt-value semantics for lookup clarified.
o added template for simple registration
changes from -12 to -13 changes from -12 to -13
o Added "all resource directory" nodes MC address o Added "all resource directory" nodes MC address
o Clarified observation behavior o Clarified observation behavior
o version identification o version identification
o example rt= and et= values o example rt= and et= values
o domain from figure 2 o domain from figure 2
o more explanatory text o more explanatory text
o endpoints of a groups hosted by different RD o endpoints of a groups hosted by different RD
o resolve RFC6690-vs-8288 resolution ambiguities: o resolve RFC6690-vs-8288 resolution ambiguities:
* require registered links not to be relative when using anchor * require registered links not to be relative when using anchor
* return absolute URIs in resource lookup * return absolute URIs in resource lookup
skipping to change at page 62, line 5 skipping to change at page 62, line 47
o Added the concept of an RD Domain and a registration parameter for o Added the concept of an RD Domain and a registration parameter for
it. it.
o Recommended the Location returned from a registration to be o Recommended the Location returned from a registration to be
stable, allowing for endpoint and Domain information to be changed stable, allowing for endpoint and Domain information to be changed
during updates. during updates.
o Changed the lookup interface to accept endpoint and Domain as o Changed the lookup interface to accept endpoint and Domain as
query string parameters to control the scope of a lookup. query string parameters to control the scope of a lookup.
13. References 14. References
14.1. Normative References
13.1. Normative References
[I-D.ietf-core-links-json] [I-D.ietf-core-links-json]
Li, K., Rahman, A., and C. Bormann, "Representing Li, K., Rahman, A., and C. Bormann, "Representing
Constrained RESTful Environments (CoRE) Link Format in Constrained RESTful Environments (CoRE) Link Format in
JSON and CBOR", draft-ietf-core-links-json-10 (work in JSON and CBOR", draft-ietf-core-links-json-10 (work in
progress), February 2018. progress), February 2018.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
skipping to change at page 62, line 47 skipping to change at page 63, line 44
[RFC6763] Cheshire, S. and M. Krochmal, "DNS-Based Service [RFC6763] Cheshire, S. and M. Krochmal, "DNS-Based Service
Discovery", RFC 6763, DOI 10.17487/RFC6763, February 2013, Discovery", RFC 6763, DOI 10.17487/RFC6763, February 2013,
<https://www.rfc-editor.org/info/rfc6763>. <https://www.rfc-editor.org/info/rfc6763>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26, Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017, RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>. <https://www.rfc-editor.org/info/rfc8126>.
[RFC8132] van der Stok, P., Bormann, C., and A. Sehgal, "PATCH and 14.2. Informative References
FETCH Methods for the Constrained Application Protocol
(CoAP)", RFC 8132, DOI 10.17487/RFC8132, April 2017,
<https://www.rfc-editor.org/info/rfc8132>.
13.2. Informative References
[ER] Chen, P., "The entity-relationship model---toward a [ER] Chen, P., "The entity-relationship model---toward a
unified view of data", ACM Transactions on Database unified view of data", ACM Transactions on Database
Systems Vol. 1, pp. 9-36, DOI 10.1145/320434.320440, March Systems Vol. 1, pp. 9-36, DOI 10.1145/320434.320440, March
1976. 1976.
[I-D.arkko-core-dev-urn] [I-D.arkko-core-dev-urn]
Arkko, J., Jennings, C., and Z. Shelby, "Uniform Resource Arkko, J., Jennings, C., and Z. Shelby, "Uniform Resource
Names for Device Identifiers", draft-arkko-core-dev-urn-05 Names for Device Identifiers", draft-arkko-core-dev-urn-05
(work in progress), October 2017. (work in progress), October 2017.
[I-D.bormann-t2trg-rel-impl] [I-D.bormann-t2trg-rel-impl]
Bormann, C., "impl-info: A link relation type for Bormann, C., "impl-info: A link relation type for
disclosing implementation information", draft-bormann- disclosing implementation information", draft-bormann-
t2trg-rel-impl-00 (work in progress), January 2018. t2trg-rel-impl-00 (work in progress), January 2018.
[I-D.ietf-ace-oauth-authz]
Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and
H. Tschofenig, "Authentication and Authorization for
Constrained Environments (ACE) using the OAuth 2.0
Framework (ACE-OAuth)", draft-ietf-ace-oauth-authz-12
(work in progress), May 2018.
[I-D.ietf-anima-bootstrapping-keyinfra]
Pritikin, M., Richardson, M., Behringer, M., Bjarnason,
S., and K. Watsen, "Bootstrapping Remote Secure Key
Infrastructures (BRSKI)", draft-ietf-anima-bootstrapping-
keyinfra-16 (work in progress), June 2018.
[I-D.silverajan-core-coap-protocol-negotiation] [I-D.silverajan-core-coap-protocol-negotiation]
Silverajan, B. and M. Ocak, "CoAP Protocol Negotiation", Silverajan, B. and M. Ocak, "CoAP Protocol Negotiation",
draft-silverajan-core-coap-protocol-negotiation-07 (work draft-silverajan-core-coap-protocol-negotiation-08 (work
in progress), October 2017. in progress), March 2018.
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
Transfer Protocol -- HTTP/1.1", RFC 2616, Transfer Protocol -- HTTP/1.1", RFC 2616,
DOI 10.17487/RFC2616, June 1999, DOI 10.17487/RFC2616, June 1999,
<https://www.rfc-editor.org/info/rfc2616>. <https://www.rfc-editor.org/info/rfc2616>.
[RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C. [RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C.
Bormann, "Neighbor Discovery Optimization for IPv6 over Bormann, "Neighbor Discovery Optimization for IPv6 over
Low-Power Wireless Personal Area Networks (6LoWPANs)", Low-Power Wireless Personal Area Networks (6LoWPANs)",
skipping to change at page 64, line 10 skipping to change at page 65, line 20
[RFC7390] Rahman, A., Ed. and E. Dijk, Ed., "Group Communication for [RFC7390] Rahman, A., Ed. and E. Dijk, Ed., "Group Communication for
the Constrained Application Protocol (CoAP)", RFC 7390, the Constrained Application Protocol (CoAP)", RFC 7390,
DOI 10.17487/RFC7390, October 2014, DOI 10.17487/RFC7390, October 2014,
<https://www.rfc-editor.org/info/rfc7390>. <https://www.rfc-editor.org/info/rfc7390>.
[RFC7641] Hartke, K., "Observing Resources in the Constrained [RFC7641] Hartke, K., "Observing Resources in the Constrained
Application Protocol (CoAP)", RFC 7641, Application Protocol (CoAP)", RFC 7641,
DOI 10.17487/RFC7641, September 2015, DOI 10.17487/RFC7641, September 2015,
<https://www.rfc-editor.org/info/rfc7641>. <https://www.rfc-editor.org/info/rfc7641>.
[RFC8132] van der Stok, P., Bormann, C., and A. Sehgal, "PATCH and
FETCH Methods for the Constrained Application Protocol
(CoAP)", RFC 8132, DOI 10.17487/RFC8132, April 2017,
<https://www.rfc-editor.org/info/rfc8132>.
[RFC8288] Nottingham, M., "Web Linking", RFC 8288, [RFC8288] Nottingham, M., "Web Linking", RFC 8288,
DOI 10.17487/RFC8288, October 2017, DOI 10.17487/RFC8288, October 2017,
<https://www.rfc-editor.org/info/rfc8288>. <https://www.rfc-editor.org/info/rfc8288>.
Appendix A. Web links and the Resource Directory [RFC8392] Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig,
"CBOR Web Token (CWT)", RFC 8392, DOI 10.17487/RFC8392,
May 2018, <https://www.rfc-editor.org/info/rfc8392>.
Appendix A. Registration Management
This section describes how the registering endpoint can maintain the
registries that it created. The registering endpoint can be the
registree-ep or the CT. An endpoint SHOULD NOT use this interface
for registries that it did not create. The registries are resources
of the RD.
After the initial registration, the registering endpoint retains the
returned location of the Registration Resource for further
operations, including refreshing the registration in order to extend
the lifetime and "keep-alive" the registration. When the lifetime of
the registration has expired, the RD SHOULD NOT respond to discovery
queries concerning this endpoint. The RD SHOULD continue to provide
access to the Registration Resource after a registration time-out
occurs in order to enable the registering endpoint to eventually
refresh the registration. The RD MAY eventually remove the
registration resource for the purpose of garbage collection and
remove it from any group it belongs to. If the Registration Resource
is removed, the corresponding endpoint will need to be re-registered.
The Registration Resource may also be used to inspect the
registration resource using GET, update the registration, cancel the
registration using DELETE, do an endpoint lookup, or a group lookup.
These operations are described below.
A.1. Registration Update
The update interface is used by the registering endpoint to refresh
or update its registration with an RD. To use the interface, the
registering endpoint sends a POST request to the registration
resource returned by the initial registration operation.
An update MAY update the lifetime- or the context- registration
parameters "lt", "base" as in Section 5.3. Parameters that are not
being changed SHOULD NOT be included in an update. Adding parameters
that have not changed increases the size of the message but does not
have any other implications. Parameters MUST be included as query
parameters in an update operation as in Section 5.3.
A registration update resets the timeout of the registration to the
(possibly updated) lifetime of the registration, independent of
whether a "lt" parameter was given.
If the context of the registration is changed in an update explicitly
or implicitly, relative references submitted in the original
registration or later updates are resolved anew against the new
context (like in the original registration).
The registration update operation only describes the use of POST with
an empty payload. Future standards might describe the semantics of
using content formats and payloads with the POST method to update the
links of a registration (see Appendix A.4).
The update registration request interface is specified as follows:
Interaction: EP -> RD
Method: POST
URI Template: {+location}{?lt,con,extra-attrs*}
URI Template Variables:
location := This is the Location returned by the RD as a result
of a successful earlier registration.
lt := Lifetime (optional). Lifetime of the registration in
seconds. Range of 60-4294967295. If no lifetime is included,
the previous last lifetime set on a previous update or the
original registration (falling back to 90000) SHOULD be used.
base := Base URI (optional). This parameter updates the context
established in the original registration to a new value. If
the parameter is set in an update, it is stored by the RD as
the new Base URI under which to interpret the links of the
registration, following the same restrictions as in the
registration. If the parameter is not set and was set
explicitly before, the previous Base URI value is kept
unmodified. If the parameter is not set and was not set
explicitly before either, the source address and source port of
the update request are stored as the Base URI.
extra-attrs := Additional registration attributes (optional). As
with the registration, the RD processes them if it knows their
semantics. Otherwise, unknown attributes are stored as
endpoint attributes, overriding any previously stored endpoint
attributes of the same key.
Content-Format: none (no payload)
The following response codes are defined for this interface:
Success: 2.04 "Changed" or 204 "No Content" if the update was
successfully processed.
Failure: 4.00 "Bad Request" or 400 "Bad Request". Malformed
request.
Failure: 4.04 "Not Found" or 404 "Not Found". Registration does not
exist (e.g. may have expired).
Failure: 5.03 "Service Unavailable" or 503 "Service Unavailable".
Service could not perform the operation.
HTTP support: YES
If the registration update fails with a "Service Unavailable"
response and a Max-Age option or Retry-After header, the registering
endpoint SHOULD retry the operation after the time indicated. If the
registration fails in another way, including request timeouts, or if
the time indicated excedes the remaining lifetime, the registering
endpoint SHOULD attempt registration again.
The following example shows the registering endpoint updates its
registration resource at an RD using this interface with the example
location value: /rd/4521.
Req: POST /rd/4521
Res: 2.04 Changed
The following example shows the registering endpoint updating its
registration resource at an RD using this interface with the example
location value: /rd/4521. The initial registration by the
registering endpoint set the following values:
o endpoint name (ep)=endpoint1
o lifetime (lt)=500
o context (con)=coap://local-proxy-old.example.com:5683
o payload of Figure 7
The initial state of the Resource Directory is reflected in the
following request:
Req: GET /rd-lookup/res?ep=endpoint1
Res: 2.01 Content
Payload:
<coap://local-proxy-old.example.com:5683/sensors/temp>;ct=41;
rt="temperature"; anchor="coap://spurious.example.com:5683",
<coap://local-proxy-old.example.com:5683/sensors/light>;ct=41;
rt="light-lux"; if="sensor";
anchor="coap://local-proxy-old.example.com:5683"
The following example shows the registering endpoint changing the
context to "coaps://new.example.com:5684":
Req: POST /rd/4521?con=coaps://new.example.com:5684
Res: 2.04 Changed
The consecutive query returns:
Req: GET /rd-lookup/res?ep=endpoint1
Res: 2.01 Content
Payload:
<coaps://new.example.com:5684/sensors/temp>;ct=41;rt="temperature";
anchor="coap://spurious.example.com:5683",
<coaps://new.example.com:5684/sensors/light>;ct=41;rt="light-lux";
if="sensor"; anchor="coaps://new.example.com:5684",
A.2. Registration Removal
Although RD entries have soft state and will eventually timeout after
their lifetime, the registering endpoint SHOULD explicitly remove an
entry from the RD if it knows it will no longer be available (for
example on shut-down). This is accomplished using a removal
interface on the RD by performing a DELETE on the endpoint resource.
Removed registrations are implicitly removed from the groups to which
they belong.
The removal request interface is specified as follows:
Interaction: EP -> RD
Method: DELETE
URI Template: {+location}
URI Template Variables:
location := This is the Location returned by the RD as a result
of a successful earlier registration.
The following response codes are defined for this interface:
Success: 2.02 "Deleted" or 204 "No Content" upon successful deletion
Failure: 4.00 "Bad Request" or 400 "Bad Request". Malformed
request.
Failure: 4.04 "Not Found" or 404 "Not Found". Registration does not
exist (e.g. may have expired).
Failure: 5.03 "Service Unavailable" or 503 "Service Unavailable".
Service could not perform the operation.
HTTP support: YES
The following examples shows successful removal of the endpoint from
the RD with example location value /rd/4521.
Req: DELETE /rd/4521
Res: 2.02 Deleted
A.3. Read Endpoint Links
Some registering endpoints may wish to manage their links as a
collection, and may need to read the current set of links stored in
the registration resource, in order to determine link maintenance
operations.
One or more links MAY be selected by using query filtering as
specified in [RFC6690] Section 4.1
If no links are selected, the Resource Directory SHOULD return an
empty payload.
The read request interface is specified as follows:
Interaction: EP -> RD
Method: GET
URI Template: {+location}{?href,rel,rt,if,ct}
URI Template Variables:
location := This is the Location returned by the RD as a result
of a successful earlier registration.
href,rel,rt,if,ct := link relations and attributes specified in
the query in order to select particular links based on their
relations and attributes. "href" denotes the URI target of the
link. See [RFC6690] Sec. 4.1
The following response codes are defined for this interface:
Success: 2.05 "Content" or 200 "OK" upon success with an
"application/link-format", "application/link-format+cbor", or
"application/link-format+json" payload.
Failure: 4.00 "Bad Request" or 400 "Bad Request". Malformed
request.
Failure: 4.04 "Not Found" or 404 "Not Found". Registration does not
exist (e.g. may have expired).
Failure: 5.03 "Service Unavailable" or 503 "Service Unavailable".
Service could not perform the operation.
HTTP support: YES
The following examples show successful read of the endpoint links
from the RD, with example location value /rd/4521 and example
registration payload of Figure 7.
Req: GET /rd/4521
Res: 2.01 Content
Payload:
</sensors/temp>;ct=41;rt="temperature-c";if="sensor";
anchor="coap://spurious.example.com:5683",
</sensors/light>;ct=41;rt="light-lux";if="sensor"
A.4. Update Endpoint Links
An iPATCH (or PATCH) update ([RFC8132]) can add, remove or change the
links of a registration.
Those operations are out of scope of this document, and will require
media types suitable for modifying sets of links.
A.5. Endpoint and group lookup
Endpoint and group lookups result in links to registration resources
and group resources, respectively. Endpoint registration resources
are annotated with their endpoint names (ep), sectors (d, if present)
and registration base URI (base) as well as a constant resource type
(rt="core.rd-ep"); the lifetime (lt) is not reported. Additional
endpoint attributes are added as link attributes to their endpoint
link unless their specification says otherwise.
Group resources are annotated with their group names (gp), sector (d,
if present) and multicast address (base, if present) as well as a
constant resource type (rt="core.rd-gp").
Serializations derived from Link Format, SHOULD present links to
groups and endpoints in path-absolute form or, if required, as
absolute references. (This approach avoids the RFC6690 ambiguities.)
While Endpoint Lookup does expose the registration resources, the RD
does not need to make them accessible to clients. Clients SHOULD NOT
attempt to dereference or manipulate them.
A Resource Directory can report endpoints or groups in lookup that
are not hosted at the same address. Lookup clients MUST be prepared
to see arbitrary URIs as registration or group resources in the
results and treat them as opaque identifiers; the precise semantics
of such links are left to future specifications.
For groups, a Resource Directory as specified here does not provide a
lookup mechanism for the resources that can be accessed on a group's
multicast address (ie. no lookup will return links like
"<coap://[ff35:30:2001:db8::1]/light>;..." for a group registered
with "base=coap://[ff35...]"). Such an additional lookup interface
could be specified in an extension document.
The following example shows a client performing an endpoint type (et)
lookup with the value oic.d.sensor (which is currently a registered
rt value):
Req: GET /rd-lookup/ep?et=oic.d.sensor
Res: 2.05 Content
</rd/1234>;base="coap://[2001:db8:3::127]:61616";ep="node5";
et="oic.d.sensor";ct="40",
</rd/4521>;base="coap://[2001:db8:3::129]:61616";ep="node7";
et="oic.d.sensor";ct="40";d="floor-3"
The following example shows a client performing a group lookup for
all groups:
Req: GET /rd-lookup/gp
Res: 2.05 Content
</rd-group/1>;gp="lights1";d="example.com";
base="coap://[ff35:30:2001:db8::1]",
</rd-group/2>;gp="lights2";d="example.com";
base="coap://[ff35:30:2001:db8::2]"
The following example shows a client performing a lookup for all
groups the endpoint "node1" belongs to:
Req: GET /rd-lookup/gp?ep=node1
Res: 2.05 Content
</rd-group/1>;gp="lights1"
Appendix B. Web links and the Resource Directory
Understanding the semantics of a link-format document and its URI Understanding the semantics of a link-format document and its URI
references is a journey through different documents ([RFC3986] references is a journey through different documents ([RFC3986]
defining URIs, [RFC6690] defining link-format documents based on defining URIs, [RFC6690] defining link-format documents based on
[RFC8288] which defines link headers, and [RFC7252] providing the [RFC8288] which defines link headers, and [RFC7252] providing the
transport). This appendix summarizes the mechanisms and semantics at transport). This appendix summarizes the mechanisms and semantics at
play from an entry in ".well-known/core" to a resource lookup. play from an entry in ".well-known/core" to a resource lookup.
This text is primarily aimed at people entering the field of This text is primarily aimed at people entering the field of
Constrained Restful Environments from applications that previously Constrained Restful Environments from applications that previously
did not use web mechanisms. did not use web mechanisms.
A.1. A simple example B.1. A simple example
Let's start this example with a very simple host, "2001:db8:f0::1". Let's start this example with a very simple host, "2001:db8:f0::1".
A client that follows classical CoAP Discovery ([RFC7252] Section 7), A client that follows classical CoAP Discovery ([RFC7252] Section 7),
sends the following multicast request to learn about neighbours sends the following multicast request to learn about neighbours
supporting resources with resource-type "temperature". supporting resources with resource-type "temperature".
The client sends a link-local multicast: The client sends a link-local multicast:
GET coap://[ff02::fd]:5683/.well-known/core?rt=temperature GET coap://[ff02::fd]:5683/.well-known/core?rt=temperature
RES 2.05 Content RES 2.05 Content
</temp>;rt=temperature;ct=0 </temp>;rt=temperature;ct=0
where the response is sent by the server, "[2001:db8:f0::1]:5683". where the response is sent by the server, "[2001:db8:f0::1]:5683".
While the client - on the practical or implementation side - can just While the client - on the practical or implementation side - can just
go ahead and create a new request to "[2001:db8:f0::1]:5683" with go ahead and create a new request to "[2001:db8:f0::1]:5683" with
Uri-Path: "temp", the full resolution steps without any shortcuts Uri-Path: "temp", the full resolution steps without any shortcuts
are: are:
A.1.1. Resolving the URIs B.1.1. Resolving the URIs
The client parses the single returned record. The link's target The client parses the single returned record. The link's target
(sometimes called "href") is ""/temp"", which is a relative URI that (sometimes called "href") is ""/temp"", which is a relative URI that
needs resolving. As long as all involved links follow the needs resolving. As long as all involved links follow the
restrictions set forth for this document (see Appendix A.4), the base restrictions set forth for this document (see Appendix B.4), the base
URI to resolve this against the requested URI. URI to resolve this against the requested URI.
The URI of the requested resource can be composed by following the The URI of the requested resource can be composed by following the
steps of [RFC7252] section 6.5 (with an addition at the end of 8.2) steps of [RFC7252] section 6.5 (with an addition at the end of 8.2)
into ""coap://[2001:db8:f0::1]/.well-known/core"". into ""coap://[2001:db8:f0::1]/.well-known/core"".
The record's target is resolved by replacing the path ""/.well-known/ The record's target is resolved by replacing the path ""/.well-known/
core"" from the Base URI (section 5.2 [RFC3986]) with the relative core"" from the Base URI (section 5.2 [RFC3986]) with the relative
target URI ""/temp"" into ""coap://[2001:db8:f0::1]/temp"". target URI ""/temp"" into ""coap://[2001:db8:f0::1]/temp"".
A.1.2. Interpreting attributes and relations B.1.2. Interpreting attributes and relations
Some more information but the record's target can be obtained from Some more information but the record's target can be obtained from
the payload: the resource type of the target is "temperature", and the payload: the resource type of the target is "temperature", and
its content type is text/plain (ct=0). its content type is text/plain (ct=0).
A relation in a web link is a three-part statement that the context A relation in a web link is a three-part statement that the context
resource has a named relation to the target resource, like "_This resource has a named relation to the target resource, like "_This
page_ has _its table of contents_ at _/toc.html_". In [RFC6690] page_ has _its table of contents_ at _/toc.html_". In [RFC6690]
link-format documents, there is an implicit "host relation" specified link-format documents, there is an implicit "host relation" specified
with default parameter: rel="hosts". with default parameter: rel="hosts".
In our example, the context of the link is the URI of the requested In our example, the context of the link is the URI of the requested
document itself. A full English expression of the "host relation" document itself. A full English expression of the "host relation"
is: is:
'"coap://[2001:db8:f0::1]/.well-known/core" is hosting the resource '"coap://[2001:db8:f0::1]/.well-known/core" is hosting the resource
"coap://[2001:db8:f0::1]/temp", which is of the resource type "coap://[2001:db8:f0::1]/temp", which is of the resource type
"temperature" and can be accessed using the text/plain content "temperature" and can be accessed using the text/plain content
format.' format.'
A.2. A slightly more complex example B.2. A slightly more complex example
Omitting the "rt=temperature" filter, the discovery query would have Omitting the "rt=temperature" filter, the discovery query would have
given some more records in the payload: given some more records in the payload:
</temp>;rt=temperature;ct=0, </temp>;rt=temperature;ct=0,
</light>;rt=light-lux;ct=0, </light>;rt=light-lux;ct=0,
</t>;anchor="/sensors/temp";rel=alternate, </t>;anchor="/sensors/temp";rel=alternate,
<http://www.example.com/sensors/t123>;anchor="/sensors/temp"; <http://www.example.com/sensors/t123>;anchor="/sensors/temp";
rel="describedby" rel="describedby"
skipping to change at page 66, line 14 skipping to change at page 75, line 8
the target and the document Base URI any more, but about the target the target and the document Base URI any more, but about the target
and that address. and that address.
Thus, the third record could be read as Thus, the third record could be read as
""coap://[2001:db8:f0::1]/sensors/temp" has an alternate ""coap://[2001:db8:f0::1]/sensors/temp" has an alternate
representation at "coap://[2001:db8:f0::1]/t"". representation at "coap://[2001:db8:f0::1]/t"".
The fourth record can be read as ""coap://[2001:db8:f0::1]/sensors/ The fourth record can be read as ""coap://[2001:db8:f0::1]/sensors/
temp" is described by "http://www.example.com/sensors/t123"". temp" is described by "http://www.example.com/sensors/t123"".
A.3. Enter the Resource Directory B.3. Enter the Resource Directory
The resource directory tries to carry the semantics obtainable by The resource directory tries to carry the semantics obtainable by
classical CoAP discovery over to the resource lookup interface as classical CoAP discovery over to the resource lookup interface as
faithfully as possible. faithfully as possible.
For the following queries, we will assume that the simple host has For the following queries, we will assume that the simple host has
used Simple Registration to register at the resource directory that used Simple Registration to register at the resource directory that
was announced to it, sending this request from its UDP port was announced to it, sending this request from its UDP port
"[2001:db8:f0::1]:6553": "[2001:db8:f0::1]:6553":
POST coap://[2001:db8:f01::ff]/.well-known/core?ep=simple-host1 POST coap://[2001:db8:f01::ff]/.well-known/core?ep=simple-host1
The resource directory would have accepted the registration, and The resource directory would have accepted the registration, and
queried the simple host's ".well-known/core" by itself. As a result, queried the simple host's ".well-known/core" by itself. As a result,
the host is registered as an endpoint in the RD with the name the host is registered as an endpoint in the RD with the name
"simple-host1". The registration is active for 86400 seconds, and "simple-host1". The registration is active for 90000 seconds, and
the endpoint registration Base URI is ""coap://[2001:db8:f0::1]/"" the endpoint registration Base URI is ""coap://[2001:db8:f0::1]/""
because that is the address the registration was sent from (and no because that is the address the registration was sent from (and no
explicit "con=" was given). explicit "con=" was given).
If the client now queries the RD as it would previously have issued a If the client now queries the RD as it would previously have issued a
multicast request, it would go through the RD discovery steps by multicast request, it would go through the RD discovery steps by
fetching "coap://[2001:db8:f0::ff]/.well-known/core?rt=core.rd- fetching "coap://[2001:db8:f0::ff]/.well-known/core?rt=core.rd-
lookup-res", obtain "coap://[2001:db8:f0::ff]/rd-lookup/res" as the lookup-res", obtain "coap://[2001:db8:f0::ff]/rd-lookup/res" as the
resource lookup endpoint, and issue a request to resource lookup endpoint, and issue a request to
"coap://[2001:db8:f0::ff]/rd-lookup/res?rt=temperature" to receive "coap://[2001:db8:f0::ff]/rd-lookup/res?rt=temperature" to receive
skipping to change at page 67, line 37 skipping to change at page 76, line 32
Had the simple host registered with an explicit context (eg. Had the simple host registered with an explicit context (eg.
"?ep=simple-host1&con=coap+tcp://simple-host1.example.com"), that "?ep=simple-host1&con=coap+tcp://simple-host1.example.com"), that
context would have been used to resolve the relative anchor values context would have been used to resolve the relative anchor values
instead, giving instead, giving
<coap+tcp://simple-host1.example.com/temp>;rt=temperature;ct=0; <coap+tcp://simple-host1.example.com/temp>;rt=temperature;ct=0;
anchor="coap+tcp://simple-host1.example.com" anchor="coap+tcp://simple-host1.example.com"
and analogous records. and analogous records.
A.4. A note on differences between link-format and Link headers B.4. A note on differences between link-format and Link headers
While link-format and Link headers look very similar and are based on While link-format and Link headers look very similar and are based on
the same model of typed links, there are some differences between the same model of typed links, there are some differences between
[RFC6690] and [RFC5988], which are dealt with differently: [RFC6690] and [RFC5988], which are dealt with differently:
o "Resolving the target against the anchor": [RFC6690] Section 2.1 o "Resolving the target against the anchor": [RFC6690] Section 2.1
states that the anchor of a link uses the Base URI against which states that the anchor of a link is used as the Base URI against
the term inside the angle brackets (the target) is resolved. which the term inside the angle brackets (the target) is resolved,
[RFC8288] Section B.2 describes that the anchor is immaterial to falling back to the resource's URI with paths stripped off (its
the resolution of the target reference. "Origin"). [RFC8288] Section B.2 describes that the anchor is
immaterial to the resolution of the target reference.
RFC6690, in the same section, also states that absent anchors set
the context of the link to the target's URI with its path stripped
off, while according to [RFC8288] Section 3.2, the context is the
resource's base URI.
In the context of a Resource Directory, the authors decided not to In the context of a Resource Directory, the authors decided not to
not let this become an issue by requiring that RFC6690 links be not let this become an issue by requiring that RFC6690 links be
serialized in a way that either rule set can be applied and give serialized in a way that either rule set can be applied and give
the same results. Note that all examples of [RFC6690], [RFC8288] the same results. Note that all examples of [RFC6690], [RFC8288]
and this document comply with that rule. and this document comply with that rule.
Applications that would prefer to transport references with a The Modernized Link Format is introduced in Appendix D to
relative target and an absolute anchor are advised to use a formalize what it means to apply the ruleset of RFC8288 to Link
different serialization of the links. [I-D.ietf-core-links-json] Format documents.
might provide such formats.
o There is no percent encoding in link-format documents. o There is no percent encoding in link-format documents.
A link-format document is a UTF-8 encoded string of Unicode A link-format document is a UTF-8 encoded string of Unicode
characters and does not have percent encoding, while Link headers characters and does not have percent encoding, while Link headers
are practically ASCII strings that use percent encoding for non- are practically ASCII strings that use percent encoding for non-
ASCII characters, stating the encoding explictly when required. ASCII characters, stating the encoding explicitly when required.
For example, while a Link header in a page about a Swedish city For example, while a Link header in a page about a Swedish city
might read might read
"Link: </temperature/Malm%C3%B6>;rel="live-environment-data"" "Link: </temperature/Malm%C3%B6>;rel="live-environment-data""
a link-format document from the same source might describe the a link-format document from the same source might describe the
link as link as
"</temperature/Malmoe>;rel="live-environment-data"" "</temperature/Malmoe>;rel="live-environment-data""
Parsers and producers of link-format and header data need to be Parsers and producers of link-format and header data need to be
aware of this difference. aware of this difference.
Appendix B. Syntax examples for Protocol Negotiation Appendix C. Syntax examples for Protocol Negotiation
[ This appendix should not show up in a published version of this [ This appendix should not show up in a published version of this
document. ] document. ]
The protocol negotiation that is being worked on in The protocol negotiation that is being worked on in
[I-D.silverajan-core-coap-protocol-negotiation] makes use of the [I-D.silverajan-core-coap-protocol-negotiation] makes use of the
Resource Directory. Resource Directory.
Until that document is update to use the latest resource-directory Until that document is update to use the latest resource-directory
specification, here are some examples of protocol negotiation with specification, here are some examples of protocol negotiation with
skipping to change at page 69, line 12 skipping to change at page 78, line 12
An endpoint could register as follows from its address An endpoint could register as follows from its address
"[2001:db8:f1::2]:5683": "[2001:db8:f1::2]:5683":
Req: POST coap://rd.example.com/rd?ep=node1 Req: POST coap://rd.example.com/rd?ep=node1
&at=coap+tcp://[2001:db8:f1::2] &at=coap+tcp://[2001:db8:f1::2]
Content-Format: 40 Content-Format: 40
Payload: Payload:
</temperature>;ct=0;rt="temperature";if="core.s" </temperature>;ct=0;rt="temperature";if="core.s"
Res: 2.01 Created Res: 2.01 Created
Location: /rd/1234 Location-Path: /rd/1234
An endpoint lookup would just reflect the registered attributes: An endpoint lookup would just reflect the registered attributes:
Req: GET /rd-lookup/ep Req: GET /rd-lookup/ep
Res: 2.05 Content Res: 2.05 Content
</rd/1234>;ep="node1";con="coap://[2001:db8:f1::2]:5683"; </rd/1234>;ep="node1";con="coap://[2001:db8:f1::2]:5683";
at="coap+tcp://[2001:db8:f1::2]" at="coap+tcp://[2001:db8:f1::2]"
A UDP client would then see the following in a resource lookup: A UDP client would then see the following in a resource lookup:
Req: GET /rd-lookup/res?rt=temperature Req: GET /rd-lookup/res?rt=temperature
Res: 2.05 Content Res: 2.05 Content
<coap://[2001:db8:f1::2]/temperature>;ct=0;rt="temperature";if="core.s"; <coap://[2001:db8:f1::2]/temperature>;ct=0;rt="temperature";
anchor="coap://[2001:db8:f1::2]" if="core.s"; anchor="coap://[2001:db8:f1::2]"
while a TCP capable client could say: while a TCP capable client could say:
Req: GET /rd-lookup/res?rt=temperature&tt=tcp Req: GET /rd-lookup/res?rt=temperature&tt=tcp
Res: 2.05 Content Res: 2.05 Content
<coap+tcp://[2001:db8:f1::2]/temperature>;ct=0;rt="temperature"; <coap+tcp://[2001:db8:f1::2]/temperature>;ct=0;rt="temperature";
if="core.s";anchor="coap+tcp://[2001:db8:f1::2]" if="core.s";anchor="coap+tcp://[2001:db8:f1::2]"
Authors' Addresses Appendix D. Modernized Link Format parsing
The CoRE Link Format as described in [RFC6690] is unsuitable for some
use cases of the Resource Directory, and their resolution scheme is
often misunderstood by developers familiar with [RFC8288].
For the correct application of base URIs, we describe the
interpretation of a Link Format document as a Modernized Link Format.
In Modernized Link Format, the document is processed as in Link
Format, with the exception of Section 2.1 of [RFC6690]:
o The URI-reference inside angle brackets ("<>") describes the
target URI of the link. If it is a relative reference, it is
resolved against the base URI of the document.
o The context of the link is expressed by the "anchor" parameter; if
it is a relative reference, it is resolved against the document's
base URI. In absence of the "anchor" attribute, the base URI is
the link's context.
Content formats derived from [RFC6690] which inherit its resolution
rules, like JSON and CBOR link format of [I-D.ietf-core-links-json],
can be interpreted in analogy to that.
For where the Resource Directory is concerned, all common forms of
links (eg. all the examples of RFC6690) yield identical results.
When interpreting data read from ".well-known/core", differences in
interpretation only affect links where the absent anchor attribute
means "coap://host/" according to RFC6690 and "coap://host/.well-
known/core" according to Modernized Link format; those typically only
occur in conjunction with the vaguely defined implicit "hosts"
relationship.
D.1. For endpoint developers
When developing endpoints, ie. when generating documents that will be
submitted to a Resource Directory, the differences between Modernized
Link Format and RFC6690 can be ignored as long as all relative
references start with a slash, and any of the following applies:
o There is no anchor attribute, and the context of the link does not
matter to the application.
Example: "</sensors>;ct=40"
o The anchor is a relative reference.
Example: "</t>;anchor="/sensors/temp";rel="alternate"
o The target is an absolute reference.
Example: "<http://www.example.com/sensors/t123>;anchor="/sensors/
temp";rel="describedby""
Authors' Addresses
Zach Shelby Zach Shelby
ARM ARM
150 Rose Orchard 150 Rose Orchard
San Jose 95134 San Jose 95134
USA USA
Phone: +1-408-203-9434 Phone: +1-408-203-9434
Email: zach.shelby@arm.com Email: zach.shelby@arm.com
Michael Koster Michael Koster
SmartThings SmartThings
665 Clyde Avenue 665 Clyde Avenue
Mountain View 94043 Mountain View 94043
USA USA
Phone: +1-707-502-5136 Phone: +1-707-502-5136
Email: Michael.Koster@smartthings.com Email: Michael.Koster@smartthings.com
Carsten Bormann Carsten Bormann
 End of changes. 207 change blocks. 
846 lines changed or deleted 1302 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/