draft-ietf-core-resource-directory-14.txt   draft-ietf-core-resource-directory-15.txt 
CoRE Z. Shelby CoRE Z. Shelby
Internet-Draft ARM Internet-Draft ARM
Intended status: Standards Track M. Koster Intended status: Standards Track M. Koster
Expires: January 3, 2019 SmartThings Expires: April 6, 2019 SmartThings
C. Bormann C. Bormann
Universitaet Bremen TZI Universitaet Bremen TZI
P. van der Stok P. van der Stok
consultant consultant
C. Amsuess, Ed. C. Amsuess, Ed.
July 02, 2018 October 03, 2018
CoRE Resource Directory CoRE Resource Directory
draft-ietf-core-resource-directory-14 draft-ietf-core-resource-directory-15
Abstract Abstract
In many M2M applications, direct discovery of resources is not In many M2M applications, direct discovery of resources is not
practical due to sleeping nodes, disperse networks, or networks where practical due to sleeping nodes, disperse networks, or networks where
multicast traffic is inefficient. These problems can be solved by multicast traffic is inefficient. These problems can be solved by
employing an entity called a Resource Directory (RD), which hosts employing an entity called a Resource Directory (RD), which hosts
descriptions of resources held on other servers, allowing lookups to registrations of resources held on other servers, allowing lookups to
be performed for those resources. This document specifies the web be performed for those resources. This document specifies the web
interfaces that a Resource Directory supports in order for web interfaces that a Resource Directory supports for web servers to
servers to discover the RD and to register, maintain, lookup and discover the RD and to register, maintain, lookup and remove resource
remove resource descriptions. Furthermore, new link attributes descriptions. Furthermore, new link attributes useful in conjunction
useful in conjunction with an RD are defined. with an RD are defined.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 3, 2019. This Internet-Draft will expire on April 6, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Architecture and Use Cases . . . . . . . . . . . . . . . . . 7 3. Architecture and Use Cases . . . . . . . . . . . . . . . . . 7
3.1. Principles . . . . . . . . . . . . . . . . . . . . . . . 7 3.1. Principles . . . . . . . . . . . . . . . . . . . . . . . 7
3.2. Architecture . . . . . . . . . . . . . . . . . . . . . . 7 3.2. Architecture . . . . . . . . . . . . . . . . . . . . . . 7
3.3. RD Content Model . . . . . . . . . . . . . . . . . . . . 9 3.3. RD Content Model . . . . . . . . . . . . . . . . . . . . 9
3.4. Use Case: Cellular M2M . . . . . . . . . . . . . . . . . 13 3.4. Use Case: Cellular M2M . . . . . . . . . . . . . . . . . 13
3.5. Use Case: Home and Building Automation . . . . . . . . . 14 3.5. Use Case: Home and Building Automation . . . . . . . . . 14
3.6. Use Case: Link Catalogues . . . . . . . . . . . . . . . . 14 3.6. Use Case: Link Catalogues . . . . . . . . . . . . . . . . 14
4. Finding a Resource Directory . . . . . . . . . . . . . . . . 15 4. Finding a Resource Directory . . . . . . . . . . . . . . . . 15
4.1. Resource Directory Address Option (RDAO) . . . . . . . . 17 4.1. Resource Directory Address Option (RDAO) . . . . . . . . 17
skipping to change at page 2, line 46 skipping to change at page 2, line 46
5.3. Registration . . . . . . . . . . . . . . . . . . . . . . 22 5.3. Registration . . . . . . . . . . . . . . . . . . . . . . 22
5.3.1. Simple Registration . . . . . . . . . . . . . . . . . 27 5.3.1. Simple Registration . . . . . . . . . . . . . . . . . 27
5.3.2. Third-party registration . . . . . . . . . . . . . . 29 5.3.2. Third-party registration . . . . . . . . . . . . . . 29
6. RD Groups . . . . . . . . . . . . . . . . . . . . . . . . . . 30 6. RD Groups . . . . . . . . . . . . . . . . . . . . . . . . . . 30
6.1. Register a Group . . . . . . . . . . . . . . . . . . . . 30 6.1. Register a Group . . . . . . . . . . . . . . . . . . . . 30
6.2. Group Removal . . . . . . . . . . . . . . . . . . . . . . 32 6.2. Group Removal . . . . . . . . . . . . . . . . . . . . . . 32
7. RD Lookup . . . . . . . . . . . . . . . . . . . . . . . . . . 33 7. RD Lookup . . . . . . . . . . . . . . . . . . . . . . . . . . 33
7.1. Resource lookup . . . . . . . . . . . . . . . . . . . . . 33 7.1. Resource lookup . . . . . . . . . . . . . . . . . . . . . 33
7.2. Lookup filtering . . . . . . . . . . . . . . . . . . . . 34 7.2. Lookup filtering . . . . . . . . . . . . . . . . . . . . 34
7.3. Resource lookup examples . . . . . . . . . . . . . . . . 36 7.3. Resource lookup examples . . . . . . . . . . . . . . . . 36
8. Security Considerations . . . . . . . . . . . . . . . . . . . 39 8. Security policies . . . . . . . . . . . . . . . . . . . . . . 39
8.1. Endpoint Identification and Authentication . . . . . . . 39 8.1. Secure RD discovery . . . . . . . . . . . . . . . . . . . 40
8.2. Access Control . . . . . . . . . . . . . . . . . . . . . 40 8.2. Secure RD filtering . . . . . . . . . . . . . . . . . . . 41
8.3. Denial of Service Attacks . . . . . . . . . . . . . . . . 40 8.3. Secure endpoint Name assignment . . . . . . . . . . . . . 41
9. Authorization Server example . . . . . . . . . . . . . . . . 40 9. Security Considerations . . . . . . . . . . . . . . . . . . . 41
9.1. Registree-ep registers with RD . . . . . . . . . . . . . 42 9.1. Endpoint Identification and Authentication . . . . . . . 41
9.2. Third party Commissioning Tool (CT) registers registree- 9.2. Access Control . . . . . . . . . . . . . . . . . . . . . 42
ep with RD. . . . . . . . . . . . . . . . . . . . . . . . 42 9.3. Denial of Service Attacks . . . . . . . . . . . . . . . . 42
9.3. Updating multiple links . . . . . . . . . . . . . . . . . 43
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 43 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 43
10.1. Resource Types . . . . . . . . . . . . . . . . . . . . . 43 10.1. Resource Types . . . . . . . . . . . . . . . . . . . . . 43
10.2. IPv6 ND Resource Directory Address Option . . . . . . . 44 10.2. IPv6 ND Resource Directory Address Option . . . . . . . 43
10.3. RD Parameter Registry . . . . . . . . . . . . . . . . . 44 10.3. RD Parameter Registry . . . . . . . . . . . . . . . . . 43
10.3.1. Full description of the "Endpoint Type" Registration 10.3.1. Full description of the "Endpoint Type" Registration
Parameter . . . . . . . . . . . . . . . . . . . . . 46 Parameter . . . . . . . . . . . . . . . . . . . . . 46
10.4. "Endpoint Type" (et=) RD Parameter values . . . . . . . 46 10.4. "Endpoint Type" (et=) RD Parameter values . . . . . . . 46
10.5. Multicast Address Registration . . . . . . . . . . . . . 47 10.5. Multicast Address Registration . . . . . . . . . . . . . 47
10.6. CBOR Web Token claims . . . . . . . . . . . . . . . . . 47 11. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 47
11. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 48 11.1. Lighting Installation . . . . . . . . . . . . . . . . . 47
11.1. Lighting Installation . . . . . . . . . . . . . . . . . 48 11.1.1. Installation Characteristics . . . . . . . . . . . . 47
11.1.1. Installation Characteristics . . . . . . . . . . . . 49 11.1.2. RD entries . . . . . . . . . . . . . . . . . . . . . 48
11.1.2. RD entries . . . . . . . . . . . . . . . . . . . . . 50 11.2. OMA Lightweight M2M (LWM2M) Example . . . . . . . . . . 51
11.2. OMA Lightweight M2M (LWM2M) Example . . . . . . . . . . 52 11.2.1. The LWM2M Object Model . . . . . . . . . . . . . . . 52
11.2.1. The LWM2M Object Model . . . . . . . . . . . . . . . 53 11.2.2. LWM2M Register Endpoint . . . . . . . . . . . . . . 53
11.2.2. LWM2M Register Endpoint . . . . . . . . . . . . . . 54 11.2.3. LWM2M Update Endpoint Registration . . . . . . . . . 54
11.2.3. LWM2M Update Endpoint Registration . . . . . . . . . 56 11.2.4. LWM2M De-Register Endpoint . . . . . . . . . . . . . 55
11.2.4. LWM2M De-Register Endpoint . . . . . . . . . . . . . 56 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 55
12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 56 13. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 55
13. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 56
14. References . . . . . . . . . . . . . . . . . . . . . . . . . 62 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 62
14.1. Normative References . . . . . . . . . . . . . . . . . . 63 14.1. Normative References . . . . . . . . . . . . . . . . . . 62
14.2. Informative References . . . . . . . . . . . . . . . . . 63 14.2. Informative References . . . . . . . . . . . . . . . . . 62
Appendix A. Registration Management . . . . . . . . . . . . . . 65 Appendix A. Registration Management . . . . . . . . . . . . . . 64
A.1. Registration Update . . . . . . . . . . . . . . . . . . . 66 A.1. Registration Update . . . . . . . . . . . . . . . . . . . 65
A.2. Registration Removal . . . . . . . . . . . . . . . . . . 69 A.2. Registration Removal . . . . . . . . . . . . . . . . . . 68
A.3. Read Endpoint Links . . . . . . . . . . . . . . . . . . . 70 A.3. Read Endpoint Links . . . . . . . . . . . . . . . . . . . 69
A.4. Update Endpoint Links . . . . . . . . . . . . . . . . . . 71 A.4. Update Endpoint Links . . . . . . . . . . . . . . . . . . 70
A.5. Endpoint and group lookup . . . . . . . . . . . . . . . . 71 A.5. Endpoint and group lookup . . . . . . . . . . . . . . . . 70
Appendix B. Web links and the Resource Directory . . . . . . . . 73 Appendix B. Web links and the Resource Directory . . . . . . . . 72
B.1. A simple example . . . . . . . . . . . . . . . . . . . . 73 B.1. A simple example . . . . . . . . . . . . . . . . . . . . 72
B.1.1. Resolving the URIs . . . . . . . . . . . . . . . . . 73 B.1.1. Resolving the URIs . . . . . . . . . . . . . . . . . 72
B.1.2. Interpreting attributes and relations . . . . . . . . 74 B.1.2. Interpreting attributes and relations . . . . . . . . 73
B.2. A slightly more complex example . . . . . . . . . . . . . 74 B.2. A slightly more complex example . . . . . . . . . . . . . 73
B.3. Enter the Resource Directory . . . . . . . . . . . . . . 75 B.3. Enter the Resource Directory . . . . . . . . . . . . . . 74
B.4. A note on differences between link-format and Link B.4. A note on differences between link-format and Link
headers . . . . . . . . . . . . . . . . . . . . . . . . . 76 headers . . . . . . . . . . . . . . . . . . . . . . . . . 75
Appendix C. Syntax examples for Protocol Negotiation . . . . . . 77 Appendix C. Syntax examples for Protocol Negotiation . . . . . . 76
Appendix D. Modernized Link Format parsing . . . . . . . . . . . 78 Appendix D. Modernized Link Format parsing . . . . . . . . . . . 77
D.1. For endpoint developers . . . . . . . . . . . . . . . . . 79 D.1. For endpoint developers . . . . . . . . . . . . . . . . . 78
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 79 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 78
1. Introduction 1. Introduction
The work on Constrained RESTful Environments (CoRE) aims at realizing The work on Constrained RESTful Environments (CoRE) aims at realizing
the REST architecture in a suitable form for the most constrained the REST architecture in a suitable form for the most constrained
nodes (e.g., 8-bit microcontrollers with limited RAM and ROM) and nodes (e.g., 8-bit microcontrollers with limited RAM and ROM) and
networks (e.g. 6LoWPAN). CoRE is aimed at machine-to-machine (M2M) networks (e.g. 6LoWPAN). CoRE is aimed at machine-to-machine (M2M)
applications such as smart energy and building automation. applications such as smart energy and building automation.
The discovery of resources offered by a constrained server is very The discovery of resources offered by a constrained server is very
skipping to change at page 4, line 25 skipping to change at page 4, line 19
humans in the loop and static interfaces result in fragility. The humans in the loop and static interfaces result in fragility. The
discovery of resources provided by an HTTP Web Server is typically discovery of resources provided by an HTTP Web Server is typically
called Web Linking [RFC5988]. The use of Web Linking for the called Web Linking [RFC5988]. The use of Web Linking for the
description and discovery of resources hosted by constrained web description and discovery of resources hosted by constrained web
servers is specified by the CoRE Link Format [RFC6690]. However, servers is specified by the CoRE Link Format [RFC6690]. However,
[RFC6690] only describes how to discover resources from the web [RFC6690] only describes how to discover resources from the web
server that hosts them by querying "/.well-known/core". In many M2M server that hosts them by querying "/.well-known/core". In many M2M
scenarios, direct discovery of resources is not practical due to scenarios, direct discovery of resources is not practical due to
sleeping nodes, disperse networks, or networks where multicast sleeping nodes, disperse networks, or networks where multicast
traffic is inefficient. These problems can be solved by employing an traffic is inefficient. These problems can be solved by employing an
entity called a Resource Directory (RD), which hosts descriptions of entity called a Resource Directory (RD), which hosts registrations of
resources held on other servers, allowing lookups to be performed for resources held on other servers, allowing lookups to be performed for
those resources. those resources.
This document specifies the web interfaces that a Resource Directory This document specifies the web interfaces that a Resource Directory
supports in order for web servers to discover the RD and to register, supports for web servers to discover the RD and to register,
maintain, lookup and remove resource descriptions. Furthermore, new maintain, lookup and remove resource descriptions. Furthermore, new
link attributes useful in conjunction with a Resource Directory are link attributes useful in conjunction with a Resource Directory are
defined. Although the examples in this document show the use of defined. Although the examples in this document show the use of
these interfaces with CoAP [RFC7252], they can be applied in an these interfaces with CoAP [RFC7252], they can be applied in an
equivalent manner to HTTP [RFC7230]. equivalent manner to HTTP [RFC7230].
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
skipping to change at page 5, line 8 skipping to change at page 4, line 51
[RFC6690]. Readers should also be familiar with the terms and [RFC6690]. Readers should also be familiar with the terms and
concepts discussed in [RFC7252]. To describe the REST interfaces concepts discussed in [RFC7252]. To describe the REST interfaces
defined in this specification, the URI Template format is used defined in this specification, the URI Template format is used
[RFC6570]. [RFC6570].
This specification makes use of the following additional terminology: This specification makes use of the following additional terminology:
resolve against resolve against
The expression "a URI-reference is _resolved against_ a base URI" The expression "a URI-reference is _resolved against_ a base URI"
is used to describe the process of [RFC3986] Section 5.2. is used to describe the process of [RFC3986] Section 5.2.
Noteworthy corner cases are that resolving an absolute URI against Noteworthy corner cases are that if the URI-reference is a (full)
any base URI gives the original URI, and that resolving an empty URI and resolved against any base URI, that gives the original
URI reference gives the base URI. full URI, and that resolving an empty URI reference gives the base
URI without any fragment identifier.
Resource Directory Resource Directory
A web entity that stores information about web resources and A web entity that stores information about web resources and
implements the REST interfaces defined in this specification for implements the REST interfaces defined in this specification for
registration and lookup of those resources. registration and lookup of those resources.
Sector Sector
In the context of a Resource Directory, a sector is a logical In the context of a Resource Directory, a sector is a logical
grouping of endpoints. grouping of endpoints.
The abbreviation "d" is used for the sector in query parameters The abbreviation "d=" is used for the sector in query parameters
for compatibility with deployed implementations. for compatibility with deployed implementations.
Group Group
A group in the Resource Directory specifies a set of endpoints A group in the Resource Directory specifies a set of endpoints
that are enabled with the same multicast address for the purpose that are enabled with the same multicast address for the purpose
of efficient group communications. All groups within a sector of efficient group communications. All groups within a sector
have unique names. have unique names.
Endpoint Endpoint
Endpoint (EP) is a term used to describe a web server or client in Endpoint (EP) is a term used to describe a web server or client in
[RFC7252]. In the context of this specification an endpoint is [RFC7252]. In the context of this specification an endpoint is
used to describe a web server that registers resources to the used to describe a web server that registers resources to the
Resource Directory. An endpoint is identified by its endpoint Resource Directory. An endpoint is identified by its endpoint
name, which is included during registration, and has a unique name name, which is included during registration, and has a unique name
within the associated sector of the registration. within the associated sector of the registration.
Registration Base URI Registration Base URI
The Base URI of a Registration is a URI that typically gives The Base URI of a Registration is a URI that typically gives
scheme and authority information about an Endpoint. The scheme and authority information about an Endpoint. The
Registration Base URI is provided by the Endpoint at registration Registration Base URI is provided at registration time, and is
time, and is used by the Resource Directory to resolve relative used by the Resource Directory to resolve relative references of
references inside the registration into absolute URIs. the registration into URIs.
Target Target
The target of a link is the destination address (URI) of the link. The target of a link is the destination address (URI) of the link.
It is sometimes identified with "href=", or displayed as It is sometimes identified with "href=", or displayed as
"<target>". Relative targets need resolving with respect to the "<target>". Relative targets need resolving with respect to the
Base URI (section 5.2 of [RFC3986]). Base URI (section 5.2 of [RFC3986]).
This use of the term Target is consistent with [RFC8288]'s use of This use of the term Target is consistent with [RFC8288]'s use of
the term. the term.
skipping to change at page 6, line 32 skipping to change at page 6, line 30
Registration Resource Registration Resource
A resource in the RD that contains information about an Endpoint A resource in the RD that contains information about an Endpoint
and its links. and its links.
Commissioning Tool Commissioning Tool
Commissioning Tool (CT) is a device that assists during the Commissioning Tool (CT) is a device that assists during the
installation of the network by assigning values to parameters, installation of the network by assigning values to parameters,
naming endpoints and groups, or adapting the installation to the naming endpoints and groups, or adapting the installation to the
needs of the applications. needs of the applications.
Registree-ep Registrant-ep
Registree-ep is the endpoint that is registered into the RD. The Registrant-ep is the endpoint that is registered into the RD. The
registree-ep can register itself, or a CT registers the registree- registrant-ep can register itself, or a CT registers the
ep. registrant-ep.
RDAO RDAO
Resource Directory Address Option. Resource Directory Address Option.
For several operations, interface descriptions are given in list For several operations, interface descriptions are given in list
form; those describe the operation participants, request codes, URIs, form; those describe the operation participants, request codes, URIs,
content formats and outcomes. Those templates contain normative content formats and outcomes. Those templates contain normative
content in their Interaction, Method, URI Template and URI Template content in their Interaction, Method, URI Template and URI Template
Variables sections as well as the details of the Success condition. Variables sections as well as the details of the Success condition.
The additional sections on options like Content-Format and on Failure The additional sections on options like Content-Format and on Failure
codes give typical cases that the implementing parties should be codes give typical cases that an implementation of the RD should deal
prepared to deal with. Those serve to illustrate the typical with. Those serve to illustrate the typical responses to readers who
responses to readers who are not yet familiar with all the details of are not yet familiar with all the details of CoAP based interfaces;
CoAP based interfaces; they do not limit what a server may respond they do not limit what a server may respond under atypical
under atypical circumstances. circumstances.
3. Architecture and Use Cases 3. Architecture and Use Cases
3.1. Principles 3.1. Principles
The Resource Directory is primarily a tool to make discovery The Resource Directory is primarily a tool to make discovery
operations more efficient than querying /.well-known/core on all operations more efficient than querying /.well-known/core on all
connected device, or across boundaries that would be limiting those connected devices, or across boundaries that would be limiting those
operations. operations.
It provides a cache (in the high-level sense, not as defined in It provides a cache (in the high-level sense, not as defined in
[RFC7252]/[RFC2616]) of data that could otherwise only be obtained by [RFC7252]/[RFC2616]) of data that could otherwise only be obtained by
directly querying the /.well-known/core resource on the target directly querying the /.well-known/core resource on the target
device, or by accessing those resources with a multicast request. device, or by accessing those resources with a multicast request.
From that, it follows that only information should be stored in the Only information SHOULD be stored in the resource directory that is
resource directory that is discovered from querying the described discoverable from querying the described device's /.well-known/core
device's /.well-known/core resource directly. resource directly.
It also follows that data in the resource directory can only be Data in the resource directory can only be provided by the device
provided by the device whose descriptions are cached or a dedicated which hosts those data or a dedicated Commissioning Tool (CT). These
Commissioning Tool (CT). These CTs are thought to act on behalf of CTs are thought to act on behalf of endpoints too constrained, or
agents too constrained, or generally unable, to present that generally unable, to present that information themselves. No other
information themselves. No other client can modify data in the client can modify data in the resource directory. Changes in the
resource directory. Changes in the Resource Directory do not Resource Directory do not propagate automatically back to the web
propagate automatically back to the web server from where the links server from where the links originated.
originated.
3.2. Architecture 3.2. Architecture
The resource directory architecture is illustrated in Figure 1. A The resource directory architecture is illustrated in Figure 1. A
Resource Directory (RD) is used as a repository for Web Links Resource Directory (RD) is used as a repository for Web Links
[RFC5988] about resources hosted on other web servers, which are [RFC5988] describing resources hosted on other web servers, also
called endpoints (EP). An endpoint is a web server associated with a called endpoints (EP). An endpoint is a web server associated with a
scheme, IP address and port. A physical node may host one or more scheme, IP address and port. A physical node may host one or more
endpoints. The RD implements a set of REST interfaces for endpoints endpoints. The RD implements a set of REST interfaces for endpoints
to register and maintain sets of Web Links (called resource directory to register and maintain sets of Web Links (called resource directory
registration entries), and for clients to lookup resources from the registration entries), and for endpoints to lookup resources from the
RD or maintain groups. Endpoints themselves can also act as clients. RD or maintain groups. An RD can be logically segmented by the use
An RD can be logically segmented by the use of Sectors. The set of of Sectors. The set of endpoints grouped for group communication can
endpoints grouped for group communication can be defined by the RD or be defined by the RD or configured by a Commissioning Tool. This
configured by a Commissioning Tool. This information hierarchy is information hierarchy is shown in Figure 2.
shown in Figure 2.
A mechanism to discover an RD using CoRE Link Format [RFC6690] is A mechanism to discover an RD using CoRE Link Format [RFC6690] is
defined. defined.
Endpoints proactively register and maintain resource directory Registration entries in the RD are soft state and need to be
registration entries on the RD, which are soft state and need to be
periodically refreshed. periodically refreshed.
An endpoint uses specific interfaces to register, update and remove a An endpoint uses specific interfaces to register, update and remove a
resource directory registration entry. It is also possible for an RD resource directory registration entry. It is also possible for an RD
to fetch Web Links from endpoints and add them as resource directory to fetch Web Links from endpoints and add them as resource directory
registration entries. registration entries.
At the first registration of a set of entries, a "registration At the first registration of a set of entries, a "registration
resource" is created, the location of which is returned to the resource" is created, the location of which is returned to the
registering endpoint. The registering endpoint uses this registering endpoint. The registering endpoint uses this
skipping to change at page 11, line 8 skipping to change at page 11, line 8
served by the host. served by the host.
A link has the following attributes (see [RFC5988]): A link has the following attributes (see [RFC5988]):
o Zero or more link relations: They describe relations between the o Zero or more link relations: They describe relations between the
link context and the link target. link context and the link target.
In link-format serialization, they are expressed as space- In link-format serialization, they are expressed as space-
separated values in the "rel" attribute, and default to "hosts". separated values in the "rel" attribute, and default to "hosts".
o A link context URI: It defines the source of the relation, eg. o A link context URI: It defines the source of the relation, e.g.
_who_ "hosts" something. _who_ "hosts" something.
In link-format serialization, it is expressed in the "anchor" In link-format serialization, it is expressed in the "anchor"
attribute. It defaults to that document's URI. attribute. It defaults to that document's URI.
o A link target URI: It defines the destination of the relation (eg. o A link target URI: It defines the destination of the relation
_what_ is hosted), and is the topic of all target attributes. (e.g. _what_ is hosted), and is the topic of all target
attributes.
In link-format serialization, it is expressed between angular In link-format serialization, it is expressed between angular
brackets, and sometimes called the "href". brackets, and sometimes called the "href".
o Other target attributes (eg. resource type (rt), interface (if), o Other target attributes (e.g. resource type (rt), interface (if),
or content-type (ct)). These provide additional information about or content-type (ct)). These provide additional information about
the target URI. the target URI.
+----------------------+ 1 ooooooo +----------------------+ 1 ooooooo
| resource-directory | +--o href o | resource-directory | +--o href o
+----------------------+ | ooooooo +----------------------+ | ooooooo
| 1 | | 1 |
| oooooooooo 0-1 | 1 oooooo | oooooooooo 0-1 | 1 oooooo
| o base o---+ | +------o gp o | o base o---+ | +------o gp o
| ooooooooooo | | | oooooo | ooooooooooo | | | oooooo
skipping to change at page 13, line 23 skipping to change at page 13, line 23
o zero or one multicast addresses expressed as a base URI ("base"), o zero or one multicast addresses expressed as a base URI ("base"),
o and is composed of zero or more registrations (endpoints). o and is composed of zero or more registrations (endpoints).
A registration is associated with one endpoint. A registration can A registration is associated with one endpoint. A registration can
be part of 0 or more Groups . A registration defines a set of links be part of 0 or more Groups . A registration defines a set of links
as defined for /.well-known/core. A Registration has six types of as defined for /.well-known/core. A Registration has six types of
attributes: attributes:
o a unique endpoint name ("ep") o a unique endpoint name ("ep") within a sector
o a Registration Base URI ("base", a URI typically describing the o a Registration Base URI ("base", a URI typically describing the
scheme://authority part) scheme://authority part)
o a lifetime ("lt"), o a lifetime ("lt"),
o a registration resource location inside the RD ("href"), o a registration resource location inside the RD ("href"),
o optionally a sector ("d") o optionally a sector ("d")
o optional additional endpoint attributes (from Section 10.3) o optional additional endpoint attributes (from Section 10.3)
The cardinality of "base" is currently 1; future documents are The cardinality of "base" is currently 1; future documents are
invited to extend the RD specification to support multiple values invited to extend the RD specification to support multiple values
(eg. [I-D.silverajan-core-coap-protocol-negotiation]). Its value is (e.g. [I-D.silverajan-core-coap-protocol-negotiation]). Its value
used as a Base URI when resolving URIs in the links contained in the is used as a Base URI when resolving URIs in the links contained in
endpoint. the endpoint.
Links are modelled as they are in Figure 3. Links are modelled as they are in Figure 3.
3.4. Use Case: Cellular M2M 3.4. Use Case: Cellular M2M
Over the last few years, mobile operators around the world have Over the last few years, mobile operators around the world have
focused on development of M2M solutions in order to expand the focused on development of M2M solutions in order to expand the
business to the new type of users: machines. The machines are business to the new type of users: machines. The machines are
connected directly to a mobile network using an appropriate embedded connected directly to a mobile network using an appropriate embedded
wireless interface (GSM/GPRS, WCDMA, LTE) or via a gateway providing wireless interface (GSM/GPRS, WCDMA, LTE) or via a gateway providing
skipping to change at page 15, line 6 skipping to change at page 15, line 6
3.6. Use Case: Link Catalogues 3.6. Use Case: Link Catalogues
Resources may be shared through data brokers that have no knowledge Resources may be shared through data brokers that have no knowledge
beforehand of who is going to consume the data. Resource Directory beforehand of who is going to consume the data. Resource Directory
can be used to hold links about resources and services hosted can be used to hold links about resources and services hosted
anywhere to make them discoverable by a general class of anywhere to make them discoverable by a general class of
applications. applications.
For example, environmental and weather sensors that generate data for For example, environmental and weather sensors that generate data for
public consumption may provide the data to an intermediary server, or public consumption may provide data to an intermediary server, or
broker. Sensor data are published to the intermediary upon changes broker. Sensor data are published to the intermediary upon changes
or at regular intervals. Descriptions of the sensors that resolve to or at regular intervals. Descriptions of the sensors that resolve to
links to sensor data may be published to a Resource Directory. links to sensor data may be published to a Resource Directory.
Applications wishing to consume the data can use RD Lookup to Applications wishing to consume the data can use RD Lookup to
discover and resolve links to the desired resources and endpoints. discover and resolve links to the desired resources and endpoints.
The Resource Directory service need not be coupled with the data The Resource Directory service need not be coupled with the data
intermediary service. Mapping of Resource Directories to data intermediary service. Mapping of Resource Directories to data
intermediaries may be many-to-many. intermediaries may be many-to-many.
Metadata in web link formats like [RFC6690] are supplied by Resource Metadata in web link formats like [RFC6690] which may be internally
Directories, which may be internally stored as triples, or relation/ stored as triples, or relation/attribute pairs providing metadata
attribute pairs providing metadata about resource links. External about resource links, need to be supported by Resource Directories .
catalogues that are represented in other formats may be converted to External catalogues that are represented in other formats may be
common web linking formats for storage and access by Resource converted to common web linking formats for storage and access by
Directories. Since it is common practice for these to be URN Resource Directories. Since it is common practice for these to be
encoded, simple and lossless structural transforms should generally URN encoded, simple and lossless structural transforms should
be sufficient to store external metadata in Resource Directories. generally be sufficient to store external metadata in Resource
Directories.
The additional features of Resource Directory allow sectors to be The additional features of Resource Directory allow sectors to be
defined to enable access to a particular set of resources from defined to enable access to a particular set of resources from
particular applications. This provides isolation and protection of particular applications. This provides isolation and protection of
sensitive data when needed. Groups may be defined to support sensitive data when needed. Groups may be defined to support
efficient data transport. efficient data transport.
4. Finding a Resource Directory 4. Finding a Resource Directory
A (re-)starting device may want to find one or more resource A (re-)starting device may want to find one or more resource
directories to make itself known with. directories for discovery purposes.
The device may be pre-configured to exercise specific mechanisms for The device may be pre-configured to exercise specific mechanisms for
finding the resource directory: finding the resource directory:
1. It may be configured with a specific IP address for the RD. That 1. It may be configured with a specific IP address for the RD. That
IP address may also be an anycast address, allowing the network IP address may also be an anycast address, allowing the network
to forward RD requests to an RD that is topologically close; each to forward RD requests to an RD that is topologically close; each
target network environment in which some of these preconfigured target network environment in which some of these preconfigured
nodes are to be brought up is then configured with a route for nodes are to be brought up is then configured with a route for
this anycast address that leads to an appropriate RD. (Instead this anycast address that leads to an appropriate RD. (Instead
of using an anycast address, a multicast address can also be of using an anycast address, a multicast address can also be
preconfigured. The RD servers then need to configure one of preconfigured. The RD servers then need to configure one of
their interfaces with this multicast address.) their interfaces with this multicast address.)
2. It may be configured with a DNS name for the RD and a resource- 2. It may be configured with a DNS name for the RD and use DNS to
record type to look up under this name; it can find a DNS server return the IP address of the RD; it can find a DNS server to
to perform the lookup using the usual mechanisms for finding DNS perform the lookup using the usual mechanisms for finding DNS
servers. servers.
3. It may be configured to use a service discovery mechanism such as 3. It may be configured to use a service discovery mechanism such as
DNS-SD [RFC6763]. The present specification suggests configuring DNS-SD [RFC6763]. The present specification suggests configuring
the service with name rd._sub._coap._udp, preferably within the the service with name rd._sub._coap._udp, preferably within the
domain of the querying nodes. domain of the querying nodes.
For cases where the device is not specifically configured with a way For cases where the device is not specifically configured with a way
to find a resource directory, the network may want to provide a to find a resource directory, the network may want to provide a
suitable default. suitable default.
skipping to change at page 17, line 7 skipping to change at page 17, line 11
candidate host, or a CoAP error response code such as 4.05 "Method candidate host, or a CoAP error response code such as 4.05 "Method
Not Allowed" may indicate unwillingness of a CoAP server to act as a Not Allowed" may indicate unwillingness of a CoAP server to act as a
directory server. directory server.
If multiple candidate addresses are discovered, the device may pick If multiple candidate addresses are discovered, the device may pick
any of them initially, unless the discovery method indicates a more any of them initially, unless the discovery method indicates a more
precise selection scheme. precise selection scheme.
4.1. Resource Directory Address Option (RDAO) 4.1. Resource Directory Address Option (RDAO)
The Resource Directory Address Option (RDAO) using IPv6 neighbor The Resource Directory Address Option (RDAO) using IPv6 Neighbor
Discovery (ND) carries information about the address of the Resource Discovery (ND) carries information about the address of the Resource
Directory (RD). This information is needed when endpoints cannot Directory (RD). This information is needed when endpoints cannot
discover the Resource Directory with a link-local or realm-local discover the Resource Directory with a link-local or realm-local
scope multicast address because the endpoint and the RD are separated scope multicast address because the endpoint and the RD are separated
by a Border Router (6LBR). In many circumstances the availability of by a Border Router (6LBR). In many circumstances the availability of
DHCP cannot be guaranteed either during commissioning of the network. DHCP cannot be guaranteed either during commissioning of the network.
The presence and the use of the RD is essential during commissioning. The presence and the use of the RD is essential during commissioning.
It is possible to send multiple RDAO options in one message, It is possible to send multiple RDAO options in one message,
indicating as many resource directory addresses. indicating as many resource directory addresses.
skipping to change at page 19, line 42 skipping to change at page 19, line 42
address and port, and the URI path information for its REST APIs. address and port, and the URI path information for its REST APIs.
This section defines discovery of the RD and its URIs using the well- This section defines discovery of the RD and its URIs using the well-
known interface of the CoRE Link Format [RFC6690]. A complete set of known interface of the CoRE Link Format [RFC6690]. A complete set of
RD discovery methods is described in Section 4. RD discovery methods is described in Section 4.
Discovery of the RD registration URI path is performed by sending Discovery of the RD registration URI path is performed by sending
either a multicast or unicast GET request to "/.well-known/core" and either a multicast or unicast GET request to "/.well-known/core" and
including a Resource Type (rt) parameter [RFC6690] with the value including a Resource Type (rt) parameter [RFC6690] with the value
"core.rd" in the query string. Likewise, a Resource Type parameter "core.rd" in the query string. Likewise, a Resource Type parameter
value of "core.rd-lookup*" is used to discover the URIs for RD Lookup value of "core.rd-lookup*" is used to discover the URIs for RD Lookup
operations, core.rd* is used to discover all URI paths for RD
operations, and "core.rd-group" is used to discover the URI path for operations, and "core.rd-group" is used to discover the URI path for
RD Group operations. Upon success, the response will contain a RD Group operations. Upon success, the response will contain a
payload with a link format entry for each RD function discovered, payload with a link format entry for each RD function discovered,
indicating the URI of the RD function returned and the corresponding indicating the URI of the RD function returned and the corresponding
Resource Type. When performing multicast discovery, the multicast IP Resource Type. When performing multicast discovery, the multicast IP
address used will depend on the scope required and the multicast address used will depend on the scope required and the multicast
capabilities of the network. capabilities of the network (see Section 10.5.
A Resource Directory MAY provide hints about the content-formats it A Resource Directory MAY provide hints about the content-formats it
supports in the links it exposes or registers, using the "ct" link supports in the links it exposes or registers, using the "ct" link
attribute, as shown in the example below. Clients MAY use these attribute, as shown in the example below. Clients MAY use these
hints to select alternate content-formats for interaction with the hints to select alternate content-formats for interaction with the
Resource Directory. Resource Directory.
HTTP does not support multicast and consequently only unicast HTTP does not support multicast and consequently only unicast
discovery can be supported using HTTP. Links to Resource Directories discovery can be supported using HTTP. The well-known entry points
MAY be registered in other Resource Directories. The well-known SHOULD be provided to enable unicast discovery.
entry points SHOULD be provided to enable the bootstrapping of
unicast discovery.
An implementation of this resource directory specification MUST An implementation of this resource directory specification MUST
support query filtering for the rt parameter as defined in [RFC6690]. support query filtering for the rt parameter as defined in [RFC6690].
While the link targets in this discovery step are often expressed in While the link targets in this discovery step are often expressed in
path-absolute form, this is not a requirement. Clients SHOULD path-absolute form, this is not a requirement. Clients of the RD
therefore accept URIs of all schemes they support, both in absolute SHOULD therefore accept URIs of all schemes they support, both as
and relative forms, and not limit the set of discovered URIs to those URIs and relative references, and not limit the set of discovered
hosted at the address used for URI discovery. URIs to those hosted at the address used for URI discovery.
The URI Discovery operation can yield multiple URIs of a given The URI Discovery operation can yield multiple URIs of a given
resource type. The client can use any of the discovered addresses resource type. The client of the RD can use any of the discovered
initially. addresses initially.
The discovery request interface is specified as follows (this is The discovery request interface is specified as follows (this is
exactly the Well-Known Interface of [RFC6690] Section 4, with the exactly the Well-Known Interface of [RFC6690] Section 4, with the
additional requirement that the server MUST support query filtering): additional requirement that the server MUST support query filtering):
Interaction: EP and Client -> RD Interaction: EP and Client -> RD
Method: GET Method: GET
URI Template: /.well-known/core{?rt} URI Template: /.well-known/core{?rt}
URI Template Variables: URI Template Variables:
rt := Resource Type (optional). MAY contain one of the values rt := Resource Type. SHOULD contain one of the values "core.rd",
"core.rd", "core.rd-lookup*", "core.rd-lookup-res", "core.rd- "core.rd-lookup*", "core.rd-lookup-res", "core.rd-lookup-ep",
lookup-ep", "core.rd-lookup-gp", "core.rd-group" or "core.rd*" "core.rd-lookup-gp", "core.rd-group" or "core.rd*"
Content-Format: application/link-format (if any) Content-Format: application/link-format (if any)
Content-Format: application/link-format+json (if any) Content-Format: application/link-format+json (if any)
Content-Format: application/link-format+cbor (if any) Content-Format: application/link-format+cbor (if any)
The following response codes are defined for this interface: The following response codes are defined for this interface:
Success: 2.05 "Content" or 200 "OK" with an application/link-format, Success: 2.05 "Content" or 200 "OK" with an application/link-format,
skipping to change at page 21, line 15 skipping to change at page 21, line 15
resource. resource.
Failure: 4.00 "Bad Request" or 400 "Bad Request" is returned in case Failure: 4.00 "Bad Request" or 400 "Bad Request" is returned in case
of a malformed request for a unicast request. of a malformed request for a unicast request.
Failure: No error response to a multicast request. Failure: No error response to a multicast request.
HTTP support : YES (Unicast only) HTTP support : YES (Unicast only)
The following example shows an endpoint discovering an RD using this The following example shows an endpoint discovering an RD using this
interface, thus learning that the directory resource is, in this interface, thus learning that the directory resource location, in
example, at /rd, and that the content-format delivered by the server this example, is /rd, and that the content-format delivered by the
hosting the resource is application/link-format (ct=40). Note that server hosting the resource is application/link-format (ct=40). Note
it is up to the RD to choose its RD resource paths. that it is up to the RD to choose its RD locations.
Req: GET coap://[MCD1]/.well-known/core?rt=core.rd* Req: GET coap://[MCD1]/.well-known/core?rt=core.rd*
Res: 2.05 Content Res: 2.05 Content
</rd>;rt="core.rd";ct=40, </rd>;rt="core.rd";ct=40,
</rd-lookup/ep>;rt="core.rd-lookup-ep";ct=40, </rd-lookup/ep>;rt="core.rd-lookup-ep";ct=40,
</rd-lookup/res>;rt="core.rd-lookup-res";ct=40, </rd-lookup/res>;rt="core.rd-lookup-res";ct=40,
</rd-lookup/gp>;rt="core.rd-lookup-gp";ct=40, </rd-lookup/gp>;rt="core.rd-lookup-gp";ct=40,
</rd-group>;rt="core.rd-group";ct=40 </rd-group>;rt="core.rd-group";ct=40
Figure 6: Example discovery exchange Figure 6: Example discovery exchange
The following example shows the way of indicating that a client may The following example shows the way of indicating that a client may
request alternate content-formats. The Content-Format code attribute request alternate content-formats. The Content-Format code attribute
"ct" MAY include a space-separated sequence of Content-Format codes "ct" MAY include a space-separated sequence of Content-Format codes
as specified in Section 7.2.1 of [RFC7252], indicating that multiple as specified in Section 7.2.1 of [RFC7252], indicating that multiple
content-formats are available. The example below shows the required content-formats are available. The example below shows the required
Content-Format 40 (application/link-format) indicated as well as the Content-Format 40 (application/link-format) indicated as well as the
CBOR and JSON representation of link format. The RD resource paths CBOR and JSON representation of link format. The RD resource
/rd, /rd-lookup, and /rd-group are example values. The server in locations /rd, /rd-lookup, and /rd-group are example values. The
this example also indicates that it is capable of providing server in this example also indicates that it is capable of providing
observation on resource lookups. observation on resource lookups.
[ The RFC editor is asked to replace these and later occurrences of [ The RFC editor is asked to replace these and later occurrences of
TBD64 and TBD504 with the numeric ID values assigned by IANA to MCD1, TBD64 and TBD504 with the numeric ID values assigned by IANA to
application/link-format+cbor and application/link-format+json, application/link-format+cbor and application/link-format+json,
respectively, as they are defined in I-D.ietf-core-links-json. ] respectively, as they are defined in I-D.ietf-core-links-json. ]
Req: GET coap://[MCD1]/.well-known/core?rt=core.rd* Req: GET coap://[MCD1]/.well-known/core?rt=core.rd*
Res: 2.05 Content Res: 2.05 Content
</rd>;rt="core.rd";ct="40 65225", </rd>;rt="core.rd";ct="40 65225",
</rd-lookup/res>;rt="core.rd-lookup-res";ct="40 TBD64 TBD504";obs, </rd-lookup/res>;rt="core.rd-lookup-res";ct="40 TBD64 TBD504";obs,
</rd-lookup/ep>;rt="core.rd-lookup-ep";ct="40 TBD64 TBD504", </rd-lookup/ep>;rt="core.rd-lookup-ep";ct="40 TBD64 TBD504",
</rd-lookup/gp>;rt="core.rd-lookup-gp";ct=40 TBD64 TBD504", </rd-lookup/gp>;rt="core.rd-lookup-gp";ct=40 TBD64 TBD504",
</rd-group>;rt="core.rd-group";ct="40 TBD64 TBD504" </rd-group>;rt="core.rd-group";ct="40 TBD64 TBD504"
From a management and maintenance perspective, it is necessary to From a management and maintenance perspective, it is necessary to
identify the components that constitute the server. The identify the components that constitute the RD server. The
identification refers to information about for example client-server identification refers to information about for example client-server
incompatibilities, supported features, required updates and other incompatibilities, supported features, required updates and other
aspects. The URI discovery address, a described in section 4 of aspects. The URI discovery address, a described in section 4 of
[RFC6690] can be used to find the identification. [RFC6690] can be used to find the identification.
It would typically be stored in an implementation information link It would typically be stored in an implementation information link
(as described in [I-D.bormann-t2trg-rel-impl]): (as described in [I-D.bormann-t2trg-rel-impl]):
Req: GET /.well-known/core?rel=impl-info Req: GET /.well-known/core?rel=impl-info
Res: 2.05 Content Res: 2.05 Content
<http://software.example.com/shiny-resource-directory/1.0beta1>; <http://software.example.com/shiny-resource-directory/1.0beta1>;
rel="impl-info" rel="impl-info"
Note that depending on the particular server's architecture, such a Note that depending on the particular server's architecture, such a
link could be anchored at the server's root, at the discovery site link could be anchored at the RD server's root, at the discovery site
(as in this example) or at individual RD components. The latter is (as in this example) or at individual RD components. The latter is
to be expected when different applications are run on the same to be expected when different applications are run on the same
server. server.
5.3. Registration 5.3. Registration
After discovering the location of an RD, a registree-ep or CT MAY After discovering the location of an RD, a registrant-ep or CT MAY
register the resources of the registree-ep using the registration register the resources of the registrant-ep using the registration
interface. This interface accepts a POST from an endpoint containing interface. This interface accepts a POST from an endpoint containing
the list of resources to be added to the directory as the message the list of resources to be added to the directory as the message
payload in the CoRE Link Format [RFC6690], JSON CoRE Link Format payload in the CoRE Link Format [RFC6690], JSON CoRE Link Format
(application/link-format+json), or CBOR CoRE Link Format (application/link-format+json), or CBOR CoRE Link Format
(application/link-format+cbor) [I-D.ietf-core-links-json], along with (application/link-format+cbor) [I-D.ietf-core-links-json], along with
query parameters indicating the name of the endpoint, and optionally query parameters indicating the name of the endpoint, and optionally
the sector, lifetime and base URI of the registration. It is the sector, lifetime and base URI of the registration. It is
expected that other specifications will define further parameters expected that other specifications will define further parameters
(see Section 10.3). The RD then creates a new registration resource (see Section 10.3). The RD then creates a new registration resource
in the RD and returns its location. The receiving endpoint MUST use in the RD and returns its location. The receiving endpoint MUST use
that location when refreshing registrations using this interface. that location when refreshing registrations using this interface.
Registration resources in the RD are kept active for the period Registration resources in the RD are kept active for the period
indicated by the lifetime parameter. The endpoint is responsible for indicated by the lifetime parameter. The creating endpoint is
refreshing the registration resource within this period using either responsible for refreshing the registration resource within this
the registration or update interface. The registration interface period using either the registration or update interface. The
MUST be implemented to be idempotent, so that registering twice with registration interface MUST be implemented to be idempotent, so that
the same endpoint parameters ep and d (sector) does not create registering twice with the same endpoint parameters ep and d (sector)
multiple registration resources. does not create multiple registration resources.
The following rules apply for an update identified by a given (ep, d) The following rules apply for an update identified by a given (ep, d)
value pair: value pair:
o when the parameter values of the Update generate the same o when the parameter values of the Update generate the same
attribute values as already present, the location of the already attribute values as already present, the location of the already
existing registration is returned. existing registration is returned.
o when for a given (ep, d) value pair the update generates attribute o when for a given (ep, d) value pair the update generates attribute
values which are different from the existing one, the existing values which are different from the existing one, the existing
skipping to change at page 23, line 31 skipping to change at page 23, line 31
o when the (ep, d) value pair of the update is different from any o when the (ep, d) value pair of the update is different from any
existing registration, a new registration is generated. existing registration, a new registration is generated.
The posted link-format document can (and typically does) contain The posted link-format document can (and typically does) contain
relative references both in its link targets and in its anchors, or relative references both in its link targets and in its anchors, or
contain empty anchors. The RD server needs to resolve these contain empty anchors. The RD server needs to resolve these
references in order to faithfully represent them in lookups. They references in order to faithfully represent them in lookups. They
are resolved against the base URI of the registration, which is are resolved against the base URI of the registration, which is
provided either explicitly in the "base" parameter or constructed provided either explicitly in the "base" parameter or constructed
implicitly from the requester's network address. implicitly from the requester's URI as constructed from its network
address and scheme.
Link format documents submitted to the resource directory are Link format documents submitted to the resource directory are
interpreted as Modernized Link Format (see Appendix D) by the RD. A interpreted as Modernized Link Format (see Appendix D) by the RD. A
registree-ep SHOULD NOT submit documents whose interpretations registrant-ep SHOULD NOT submit documents whose interpretations
according to [RFC6690] and Appendix D differ and RFC6690 according to [RFC6690] and Appendix D differ to avoid the ambiguities
interpretation is intended to avoid the ambiguities described in described in Appendix B.4.
Appendix B.4.
In practice, most links (precisely listed in Appendix D.1) can be In practice, most links (precisely listed in Appendix D.1) can be
submitted without consideration for those details. submitted without consideration for those details.
The registration request interface is specified as follows: The registration request interface is specified as follows:
Interaction: EP -> RD Interaction: EP -> RD
Method: POST Method: POST
URI Template: {+rd}{?ep,d,lt,base,extra-attrs*} URI Template: {+rd}{?ep,d,lt,base,extra-attrs*}
URI Template Variables: URI Template Variables:
rd := RD registration URI (mandatory). This is the location of rd := RD registration URI (mandatory). This is the location of
the RD, as obtained from discovery. the RD, as obtained from discovery.
ep := Endpoint name (mostly mandatory). The endpoint name is an ep := Endpoint name (mostly mandatory). The endpoint name is an
identifier that MUST be unique within a sector. The maximum identifier that MUST be unique within a sector. The maximum
length of this parameter is 63 bytes. If the RD is configured length of this parameter is 63 bytes. If the RD is configured
to recognize the endpoint (eg. based on its security context), to recognize the endpoint (e.g. based on its security context),
the endpoint sets no endpoint name, and the RD assigns one the endpoint sets no endpoint name, and the RD assigns one
based on a set of configuration parameter values. based on a set of configuration parameter values.
d := Sector (optional). The sector to which this endpoint d := Sector (optional). The sector to which this endpoint
belongs. The maximum length of this parameter is 63 bytes. belongs. The maximum length of this parameter is 63 bytes.
When this parameter is not present, the RD MAY associate the When this parameter is not present, the RD MAY associate the
endpoint with a configured default sector or leave it empty. endpoint with a configured default sector or leave it empty.
The endpoint name and sector name are not set when one or both The endpoint name and sector name are not set when one or both
are set in an accompanying authorization token. are set in an accompanying authorization token.
lt := Lifetime (optional). Lifetime of the registration in lt := Lifetime (optional). Lifetime of the registration in
seconds. Range of 60-4294967295. If no lifetime is included seconds. Range of 60-4294967295. If no lifetime is included
in the initial registration, a default value of 90000 (25 in the initial registration, a default value of 90000 (25
hours) SHOULD be assumed. hours) SHOULD be assumed.
base := Base URI (optional). This parameter sets the base URI of base := Base URI (optional). This parameter sets the base URI of
the registration, under which the request's links are to be the registration, under which the relative links in the payload
interpreted. The specified URI typically does not have a path are to be interpreted. The specified URI typically does not
component of its own, and MUST be suitable as a base URI to have a path component of its own, and MUST be suitable as a
resolve any relative references given in the registration. The base URI to resolve any relative references given in the
parameter is therefore usually of the shape registration. The parameter is therefore usually of the shape
"scheme://authority" for HTTP and CoAP URIs. The URI SHOULD "scheme://authority" for HTTP and CoAP URIs. The URI SHOULD
NOT have a query or fragment component as any non-empty NOT have a query or fragment component as any non-empty
relative part in a reference would remove those parts from the relative part in a reference would remove those parts from the
resulting URI. resulting URI.
In the absence of this parameter the scheme of the protocol, In the absence of this parameter the scheme of the protocol,
source address and source port of the registration request are source address and source port of the registration request are
assumed. This parameter is mandatory when the directory is assumed. That Base URI is constructed by concatenating the
filled by a third party such as an commissioning tool. used protcol's scheme with the characters "://", the
requester's source address as an address literal and ":"
followed by its port (if it was not the protocol's default one)
in analogy to [RFC7252] Section 6.5.
If the endpoint uses an ephemeral port to register with, it This parameter is mandatory when the directory is filled by a
MUST include the base parameter in the registration to provide third party such as an commissioning tool.
a valid network path.
If the endpoint which is located behind a NAT gateway is If the registrant-ep uses an ephemeral port to register with,
it MUST include the base parameter in the registration to
provide a valid network path.
If the registrant-ep, located behind a NAT gateway, is
registering with a Resource Directory which is on the network registering with a Resource Directory which is on the network
service side of the NAT gateway, the endpoint MUST use a service side of the NAT gateway, the endpoint MUST use a
persistent port for the outgoing registration in order to persistent port for the outgoing registration in order to
provide the NAT gateway with a valid network address for provide the NAT gateway with a valid network address for
replies and incoming requests. replies and incoming requests.
Endpoints that register with a base that contains a path Endpoints that register with a base that contains a path
component can not meaningfully use [RFC6690] Link Format due to component can not meaningfully use [RFC6690] Link Format due to
its prevalence of the Origin concept in relative reference its prevalence of the Origin concept in relative reference
resolution; they can submit payloads for interpretation as resolution; they can submit payloads for interpretation as
skipping to change at page 26, line 16 skipping to change at page 26, line 24
If the registration fails with a Service Unavailable response and a If the registration fails with a Service Unavailable response and a
Max-Age option or Retry-After header, the registering endpoint SHOULD Max-Age option or Retry-After header, the registering endpoint SHOULD
retry the operation after the time indicated. If the registration retry the operation after the time indicated. If the registration
fails in another way, including request timeouts, or if the Service fails in another way, including request timeouts, or if the Service
Unavailable error persists after several retries, or indicates a Unavailable error persists after several retries, or indicates a
longer time than the endpoint is willing to wait, it SHOULD pick longer time than the endpoint is willing to wait, it SHOULD pick
another registration URI from the "URI Discovery" step and if there another registration URI from the "URI Discovery" step and if there
is only one or the list is exhausted, pick other choices from the is only one or the list is exhausted, pick other choices from the
"Finding a Resource Directory" step. Care has to be taken to "Finding a Resource Directory" step. Care has to be taken to
consider the freshness of results obtained earlier, eg. of the result consider the freshness of results obtained earlier, e.g. of the
of a "/.well-known/core" response, the lifetime of an RDAO option and result of a "/.well-known/core" response, the lifetime of an RDAO
of DNS responses. Any rate limits and persistent errors from the option and of DNS responses. Any rate limits and persistent errors
"Finding a Resource Directory" step must be considered for the whole from the "Finding a Resource Directory" step must be considered for
registration time, not only for a single operation. the whole registration time, not only for a single operation.
The following example shows a registree-ep with the name "node1" The following example shows a registrant-ep with the name "node1"
registering two resources to an RD using this interface. The registering two resources to an RD using this interface. The
location "/rd" is an example RD location discovered in a request location "/rd" is an example RD location discovered in a request
similar to Figure 6. similar to Figure 6.
Req: POST coap://rd.example.com/rd?ep=node1 Req: POST coap://rd.example.com/rd?ep=node1
Content-Format: 40 Content-Format: 40
Payload: Payload:
</sensors/temp>;ct=41;rt="temperature-c";if="sensor"; </sensors/temp>;ct=41;rt="temperature-c";if="sensor";
anchor="coap://spurious.example.com:5683", anchor="coap://spurious.example.com:5683",
</sensors/light>;ct=41;rt="light-lux";if="sensor" </sensors/light>;ct=41;rt="light-lux";if="sensor"
skipping to change at page 27, line 28 skipping to change at page 27, line 28
5.3.1. Simple Registration 5.3.1. Simple Registration
Not all endpoints hosting resources are expected to know how to Not all endpoints hosting resources are expected to know how to
upload links to an RD as described in Section 5.3. Instead, simple upload links to an RD as described in Section 5.3. Instead, simple
endpoints can implement the Simple Registration approach described in endpoints can implement the Simple Registration approach described in
this section. An RD implementing this specification MUST implement this section. An RD implementing this specification MUST implement
Simple Registration. However, there may be security reasons why this Simple Registration. However, there may be security reasons why this
form of directory discovery would be disabled. form of directory discovery would be disabled.
This approach requires that the registree-ep makes available the This approach requires that the registrant-ep makes available the
hosted resources that it wants to be discovered, as links on its hosted resources that it wants to be discovered, as links on its
"/.well-known/core" interface as specified in [RFC6690]. The links "/.well-known/core" interface as specified in [RFC6690]. The links
in that document are subject to the same limitations as the payload in that document are subject to the same limitations as the payload
of a registration (with respect to Appendix D). of a registration (with respect to Appendix D).
The registree-ep then finds one or more addresses of the directory The registrant-ep finds one or more addresses of the directory server
server as described in Section 4. as described in Section 4.
The registree-ep finally asks the selected directory server to probe The registrant-ep asks the selected directory server to probe its
it for resources and publish them as follows: /.well-known/core and publish the links as follows:
The registree-ep sends (and regularly refreshes with) a POST request The registrant-ep sends (and regularly refreshes with) a POST request
to the "/.well-known/core" URI of the directory server of choice. to the "/.well-known/core" URI of the directory server of choice.
The body of the POST request is empty, and triggers the resource The body of the POST request is empty, and triggers the resource
directory server to perform GET requests at the requesting registree- directory server to perform GET requests at the requesting
ep's default discovery URI to obtain the link-format payload to registrant-ep's /.well-known/core to obtain the link-format payload
register. to register.
The registree-ep includes the same registration parameters in the The registrant-ep includes the same registration parameters in the
POST request as it would per Section 5.3. The registration base URI POST request as it would per Section 5.3. The registration base URI
of the registration is taken from the requesting server's URI. of the registration is taken from the requesting server's URI.
The Resource Directory MUST NOT query the registree-ep's data before The Resource Directory MUST NOT query the registrant-ep's data before
sending the response; this is to accommodate very limited endpoints. sending the response; this is to accommodate very limited endpoints.
The success condition only indicates that the request was valid (ie. The success condition only indicates that the request was valid (i.e.
the passed parameters are valid per se), not that the link data could the passed parameters are valid per se), not that the link data could
be obtained or parsed or was successfully registered into the RD. be obtained or parsed or was successfully registered into the RD.
The simple registration request interface is specified as follows: The simple registration request interface is specified as follows:
Interaction: EP -> RD Interaction: EP -> RD
Method: POST Method: POST
URI Template: /.well-known/core{?ep,d,lt,extra-attrs*} URI Template: /.well-known/core{?ep,d,lt,extra-attrs*}
skipping to change at page 28, line 33 skipping to change at page 28, line 33
Success: 2.04 "Changed". Success: 2.04 "Changed".
Failure: 4.00 "Bad Request". Malformed request. Failure: 4.00 "Bad Request". Malformed request.
Failure: 5.03 "Service Unavailable". Service could not perform the Failure: 5.03 "Service Unavailable". Service could not perform the
operation. operation.
HTTP support: NO HTTP support: NO
For the second interaction triggered by the above, the registree-ep For the second interaction triggered by the above, the registrant-ep
takes the role of server and the RD the role of client. (Note that takes the role of server and the RD the role of client. (Note that
this is exactly the Well-Known Interface of [RFC6690] Section 4): this is exactly the Well-Known Interface of [RFC6690] Section 4):
Interaction: RD -> EP Interaction: RD -> EP
Method: GET Method: GET
URI Template: /.well-known/core URI Template: /.well-known/core
The following response codes are defined for this interface: The following response codes are defined for this interface:
skipping to change at page 29, line 14 skipping to change at page 29, line 14
Failure: 5.03 "Service Unavailable". Service could not perform the Failure: 5.03 "Service Unavailable". Service could not perform the
operation. operation.
HTTP support: NO HTTP support: NO
The registration resources MUST be deleted after the expiration of The registration resources MUST be deleted after the expiration of
their lifetime. Additional operations on the registration resource their lifetime. Additional operations on the registration resource
cannot be executed because no registration location is returned. cannot be executed because no registration location is returned.
The following example shows a registree-ep using Simple Registration, The following example shows a registrant-ep using Simple
by simply sending an empty POST to a resource directory. Registration, by simply sending an empty POST to a resource
directory.
Req:(to RD server from [2001:db8:2::1]) Req:(to RD server from [2001:db8:2::1])
POST /.well-known/core?lt=6000&ep=node1 POST /.well-known/core?lt=6000&ep=node1
No payload No payload
Res: 2.04 Changed Res: 2.04 Changed
(later) (later)
Req: (from RD server to [2001:db8:2::1]) Req: (from RD server to [2001:db8:2::1])
skipping to change at page 29, line 42 skipping to change at page 29, line 43
</sen/temp> </sen/temp>
5.3.2. Third-party registration 5.3.2. Third-party registration
For some applications, even Simple Registration may be too taxing for For some applications, even Simple Registration may be too taxing for
some very constrained devices, in particular if the security some very constrained devices, in particular if the security
requirements become too onerous. requirements become too onerous.
In a controlled environment (e.g. building control), the Resource In a controlled environment (e.g. building control), the Resource
Directory can be filled by a third party device, called a Directory can be filled by a third party device, called a
commissioning tool. The commissioning tool can fill the Resource Commissioning Tool (CT). The commissioning tool can fill the
Directory from a database or other means. For that purpose the Resource Directory from a database or other means. For that purpose
scheme, IP address and port of the registered device is indicated in scheme, IP address and port of the URI of the registered device is
the "base" parameter of the registration described in Section 5.3. the value of the "base" parameter of the registration described in
Section 5.3.
It should be noted that the value of the "base" parameter applies to It should be noted that the value of the "base" parameter applies to
all the links of the registration and has consequences for the anchor all the links of the registration and has consequences for the anchor
value of the individual links as exemplified in Appendix B. An value of the individual links as exemplified in Appendix B. An
eventual (currently non-existing) "base" attribute of the link is not eventual (currently non-existing) "base" attribute of the link is not
affected by the value of "base" parameter in the registration. affected by the value of "base" parameter in the registration.
6. RD Groups 6. RD Groups
This section defines the REST API for the creation, management, and This section defines the REST API for the creation, management, and
skipping to change at page 30, line 30 skipping to change at page 30, line 32
belongs to, and optionally the multicast address of the group. This belongs to, and optionally the multicast address of the group. This
specification does not require that the endpoints belong to the same specification does not require that the endpoints belong to the same
sector as the group, but a Resource Directory implementation can sector as the group, but a Resource Directory implementation can
impose requirements on the sectors of groups and endpoints depending impose requirements on the sectors of groups and endpoints depending
on its configuration. on its configuration.
The registration message is a list of links to registration resources The registration message is a list of links to registration resources
of the endpoints that belong to that group. The CT can use any URI of the endpoints that belong to that group. The CT can use any URI
reference discovered using endpoint lookup from the same server or reference discovered using endpoint lookup from the same server or
obtained by registering an endpoint using third party registration obtained by registering an endpoint using third party registration
and enter it into a group. The use of other URIs is not specified in and enter it into a group.
this document and can be defined in others.
The commissioning tool SHOULD not send any target attributes with the The commissioning tool SHOULD not send any target attributes with the
links to the registration resources, and the resource directory links to the registration resources, and the resource directory
SHOULD reject registrations that contain links with unprocessable SHOULD reject registrations that contain links with unprocessable
attributes. attributes.
Configuration of the endpoints themselves is out of scope of this Configuration of the endpoints themselves is out of scope of this
specification. Such an interface for managing the group membership specification. Such an interface for managing the group membership
of an endpoint has been defined in [RFC7390]. of an endpoint has been defined in [RFC7390].
skipping to change at page 32, line 17 skipping to change at page 32, line 17
Content-Format: 40 Content-Format: 40
Payload: Payload:
</rd/4521>, </rd/4521>,
</rd/4522> </rd/4522>
Res: 2.01 Created Res: 2.01 Created
Location-Path: /rd-group/12 Location-Path: /rd-group/12
A relative href value denotes the path to the registration resource A relative href value denotes the path to the registration resource
of the Endpoint. When pointing to a registration resource on a of the Endpoint. When pointing to a registration resource on a
different RD, the href value is an absolute URI. different RD, the href value is a URI.
6.2. Group Removal 6.2. Group Removal
A group can be removed simply by sending a removal message to the A group can be removed simply by sending a removal message to the
location of the group registration resource which was returned when location of the group registration resource which was returned when
initially registering the group. Removing a group MUST NOT remove initially registering the group. Removing a group MUST NOT remove
the endpoints of the group from the RD. the endpoints of the group from the RD.
The removal request interface is specified as follows: The removal request interface is specified as follows:
skipping to change at page 33, line 44 skipping to change at page 33, line 44
| Resource | core.rd-lookup-res | Mandatory | | Resource | core.rd-lookup-res | Mandatory |
| Endpoint | core.rd-lookup-ep | Mandatory | | Endpoint | core.rd-lookup-ep | Mandatory |
| Group | core.rd-lookup-gp | Optional | | Group | core.rd-lookup-gp | Optional |
+-------------+--------------------+-----------+ +-------------+--------------------+-----------+
Table 1: Lookup Types Table 1: Lookup Types
7.1. Resource lookup 7.1. Resource lookup
Resource lookup results in links that are semantically equivalent to Resource lookup results in links that are semantically equivalent to
the links submitted to the RD if they were accessed on the endpoint the links submitted to the RD. The links and link parameters
itself. The links and link parameters returned are equal to the returned by the lookup are equal to the submitted ones, except that
submitted, except that the target and anchor references are fully the target and anchor references are fully resolved.
resolved.
Links that did not have an anchor attribute are therefore returned Links that did not have an anchor attribute are therefore returned
with the (explicitly or implicitly set) base URI of the registration with the base URI of the registration as the anchor. Links of which
as the anchor. Links whose href or anchor was submitted as an href or anchor was submitted as a (full) URI are returned with these
absolute URI are returned with respective attributes unmodified. attributes unmodified.
Above rules allow the client to interpret the response as links Above rules allow the client to interpret the response as links
without any further knowledge of what the RD does. The Resource without any further knowledge of the storage conventions of the RD.
Directory MAY replace the registration base URIs with a configured The Resource Directory MAY replace the registration base URIs with a
intermediate proxy, e.g. in the case of an HTTP lookup interface for configured intermediate proxy, e.g. in the case of an HTTP lookup
CoAP endpoints. interface for CoAP endpoints.
7.2. Lookup filtering 7.2. Lookup filtering
Using the Accept Option, the requester can control whether the Using the Accept Option, the requester can control whether the
returned list is returned in CoRE Link Format ("application/link- returned list is returned in CoRE Link Format ("application/link-
format", default) or its alternate content-formats ("application/ format", default) or its alternate content-formats ("application/
link-format+json" or "application/link-format+cbor"). link-format+json" or "application/link-format+cbor").
The page and count parameters are used to obtain lookup results in The page and count parameters are used to obtain lookup results in
specified increments using pagination, where count specifies how many specified increments using pagination, where count specifies how many
skipping to change at page 34, line 37 skipping to change at page 34, line 35
so on. so on.
Multiple search criteria MAY be included in a lookup. All included Multiple search criteria MAY be included in a lookup. All included
criteria MUST match for a link to be returned. The Resource criteria MUST match for a link to be returned. The Resource
Directory MUST support matching with multiple search criteria. Directory MUST support matching with multiple search criteria.
A link matches a search criterion if it has an attribute of the same A link matches a search criterion if it has an attribute of the same
name and the same value, allowing for a trailing "*" wildcard name and the same value, allowing for a trailing "*" wildcard
operator as in Section 4.1 of [RFC6690]. Attributes that are defined operator as in Section 4.1 of [RFC6690]. Attributes that are defined
as "link-type" match if the search value matches any of their values as "link-type" match if the search value matches any of their values
(see Section 4.1 of [RFC6690]; eg. "?if=core.s" matches ";if="abc (see Section 4.1 of [RFC6690]; e.g. "?if=core.s" matches ";if="abc
core.s";"). A link also matches a search criterion if the link that core.s";"). A link also matches a search criterion if the link that
would be produced for any of its containing entities would match the would be produced for any of its containing entities would match the
criterion, or an entity contained in it would: A search criterion criterion, or an entity contained in it would: A search criterion
matches an endpoint if it matches the endpoint itself, any of the matches an endpoint if it matches the endpoint itself, any of the
groups it is contained in or any resource it contains. A search groups it is contained in or any resource it contains. A search
criterion matches a resource if it matches the resource itself, the criterion matches a resource if it matches the resource itself, the
resource's endpoint, or any of the endpoint's groups. resource's endpoint, or any of the endpoint's groups.
Note that "href" is also a valid search criterion and matches target Note that "href" is a valid search criterion and matches target
references. Like all search criteria, on a resource lookup it can references. Like all search criteria, on a resource lookup it can
match the target reference of the resource link itself, but also the match the target reference of the resource link itself, but also the
registration resource of the endpoint that registered it, or any registration resource of the endpoint that registered it, or any
group resource that endpoint is contained in. Queries for resource group resource that endpoint is contained in. Queries for resource
link targets MUST be in absolute form and are matched against a link targets MUST be in URI form (i.e. not relative references) and
resolved link target. Queries for groups and endpoints SHOULD be are matched against a resolved link target. Queries for groups and
expressed in path-absolute form if possible and MUST be expressed in endpoints SHOULD be expressed in path-absolute form if possible and
absolute form otherwise; the RD SHOULD recognize either. MUST be expressed in URI form otherwise; the RD SHOULD recognize
either.
Clients that are interested in a lookup result repeatedly or Endpoints that are interested in a lookup result repeatedly or
continuously can use mechanisms like ETag caching, resource continuously can use mechanisms like ETag caching, resource
observation ([RFC7641]), or any future mechanism that might allow observation ([RFC7641]), or any future mechanism that might allow
more efficient observations of collections. These are advertised, more efficient observations of collections. These are advertised,
detected and used according to their own specifications and can be detected and used according to their own specifications and can be
used with the lookup interface as with any other resource. used with the lookup interface as with any other resource.
When resource observation is used, every time the set of matching When resource observation is used, every time the set of matching
links changes, or the content of a matching link changes, the RD links changes, or the content of a matching link changes, the RD
sends a notification with the matching link set. The notification sends a notification with the matching link set. The notification
contains the successful current response to the given request, contains the successful current response to the given request,
skipping to change at page 35, line 39 skipping to change at page 35, line 38
URI Template Variables: URI Template Variables:
type-lookup-location := RD Lookup URI for a given lookup type type-lookup-location := RD Lookup URI for a given lookup type
(mandatory). The address is discovered as described in (mandatory). The address is discovered as described in
Section 5.2. Section 5.2.
search := Search criteria for limiting the number of results search := Search criteria for limiting the number of results
(optional). (optional).
page := Page (optional). Parameter can not be used without the page := Page (optional). Parameter cannot be used without the
count parameter. Results are returned from result set in pages count parameter. Results are returned from result set in pages
that contain 'count' links starting from index (page * count). that contain 'count' links starting from index (page * count).
Page numbering starts with zero. Page numbering starts with zero.
count := Count (optional). Number of results is limited to this count := Count (optional). Number of results is limited to this
parameter value. If the page parameter is also present, the parameter value. If the page parameter is also present, the
response MUST only include 'count' links starting with the response MUST only include 'count' links starting with the
(page * count) link in the result set from the query. If the (page * count) link in the result set from the query. If the
count parameter is not present, then the response MUST return count parameter is not present, then the response MUST return
all matching links in the result set. Link numbering starts all matching links in the result set. Link numbering starts
skipping to change at page 39, line 28 skipping to change at page 39, line 28
anchor="coap://sensor2.example.com", anchor="coap://sensor2.example.com",
<coap://sensor2.example.com/sensors/temp>;rt="temperature-c"; <coap://sensor2.example.com/sensors/temp>;rt="temperature-c";
if="sensor"; anchor="coap://sensor2.example.com", if="sensor"; anchor="coap://sensor2.example.com",
<coap://sensor2.example.com/sensors/light>;rt="light-lux"; <coap://sensor2.example.com/sensors/light>;rt="light-lux";
if="sensor"; anchor="coap://sensor2.example.com", if="sensor"; anchor="coap://sensor2.example.com",
<http://www.example.com/sensors/t123>;rel="describedby"; <http://www.example.com/sensors/t123>;rel="describedby";
anchor="coap://sensor2.example.com/sensors/temp", anchor="coap://sensor2.example.com/sensors/temp",
<coap://sensor2.example.com/t>;rel="alternate"; <coap://sensor2.example.com/t>;rel="alternate";
anchor="coap://sensor2.example.com/sensors/temp" anchor="coap://sensor2.example.com/sensors/temp"
8. Security Considerations 8. Security policies
The Resource Directory (RD) provides assistance to applications
situated on a selection of nodes to discover endpoints on connected
nodes. This section discusses different security aspects of
accessing the RD.
The contents of the RD are inserted in two ways:
1. The node hosting the discoverable endpoint fills the RD with the
contents of /.well-known/core by:
* Storing the contents directly into RD (see Section 5.3)
* Requesting the RD to load the contents from /.well-known/core
see (section {{simple})
2. A Commissioning Tool (CT) fills the RD with endpoint information
for a set of discoverable nodes. (see Section 5.3 with
base=authority parameter value)
In both cases, the nodes filling the RD should be authenticated and
authorized to change the contents of the RD. An Authorization Server
(AS) is responsible to assign a token to the registering node to
authorize the node to discover or register endpoints in a given RD
[I-D.ietf-ace-oauth-authz].
It can be imagined that an installation is divided in a set of
security regions, each one with its own RD(s) to discover the
endpoints that are part of a given security region. An endpoint that
wants to discover an RD, responsible for a given region, needs to be
authorized to learn the contents of a given RD. Within a region, for
a given RD, a more fine-grained security division is possible based
on the values of the endpoint registration parameters. Authorization
to discover endpoints with a given set of filter values is
recommended for those cases.
When a node registers its endpoints, criteria are needed to authorize
the node to enter them. An important aspect is the uniqueness of the
(endpoint name, and optional sector) pair within the RD. Consider
the two cases separately: (1) CT registers endpoints, and (2) the
registering node registers its own endpoint(s). * A CT needs
authorization to register a set of endpoints. This authorization can
be based on the region, i.e. a given CT is authorized to register any
endpoint (endpoint name, sector) into a given RD, or to register an
endpoint with (endpoint name, sector) value pairs assigned by the AS,
or can be more fine-grained, including a subset of registration
parameter values. * A given endpoint that registers itself, needs to
proof its possession of its unique (endpoint name, sector) value
pair. Alternatively, the AS can authorize the endpoint to register
with an (endpoint name, sector) value pair assigned by the AS. * A
separate document needs to specify these aspects to ensure
interoperability between registering nodes and RD. The subsections
below give some hints how to handle a subset of the different
aspects.
8.1. Secure RD discovery
The Resource Server (RS) discussed in [I-D.ietf-ace-oauth-authz] is
equated to the RD. The client (C) needs to discover the RD as
discussed in Section 4. C can discover the related AS by sending a
request to the RD. The RD denies the request by sending the address
of the related AS, as discussed in section 5.1 of
[I-D.ietf-ace-oauth-authz]. The client MUST send an authorization
request to the AS. When appropriate, the AS returns a token that
specifies the authorization permission which needs to be specified in
a separate document.
8.2. Secure RD filtering
The authorized parameter values for the queries by a given endpoint
must be registered by the AS. The AS communicates the parameter
values in the token. A separate document needs to specify the
parameter value combinations and their storage in the token. The RD
decodes the token and checks the validity of the queries of the
client.
8.3. Secure endpoint Name assignment
This section only considers the assignment of a name to the endpoint
based on an automatic mechanism without use of AS. More elaborate
protocols are out of scope. The registering endpoint is authorized
by the AS to discover the RD and add registrations. A token is
provided by the AS and communicated from registering endpoint to RD.
It is assumed that DTLS is used to secure the channel between
registering endpoint and RD, where the registering endpoint is the
DTLS client. Assuming that the client is provided by a certificate
at manufacturing time, the certificate is uniquely identified by the
CN field and the serial number. The RD can assign a unique endpoint
name by using the certificate identifier as endpoint name. Proof of
possession of the endpoint name by the registering endpoint is
checked by encrypting the certificate identifier with the private key
of the registering endpoint, which the RD can decrypt with the public
key stored in the certificate. Even simpler, the authorized
registering endpoint can generate a random number (or string) that
identifies the endpoint. The RD can check for the improbable
replication of the random value. The RD MUST check that registering
endpoint uses only one random value for each authorized endpoint.
9. Security Considerations
The security considerations as described in Section 7 of [RFC5988] The security considerations as described in Section 7 of [RFC5988]
and Section 6 of [RFC6690] apply. The "/.well-known/core" resource and Section 6 of [RFC6690] apply. The "/.well-known/core" resource
may be protected e.g. using DTLS when hosted on a CoAP server as may be protected e.g. using DTLS when hosted on a CoAP server as
described in [RFC7252]. DTLS or TLS based security SHOULD be used on described in [RFC7252]. DTLS or TLS based security SHOULD be used on
all resource directory interfaces defined in this document. all resource directory interfaces defined in this document.
8.1. Endpoint Identification and Authentication 9.1. Endpoint Identification and Authentication
An Endpoint is determined to be unique within (the sector of) an RD An Endpoint (name, sector) pair is unique within the et of endpoints
by the Endpoint identifier parameter included during Registration, regsitered by the RD. An Endpoint MUST NOT be identified by its
and any associated TLS or DTLS security bindings. An Endpoint MUST protocol, port or IP address as these may change over the lifetime of
NOT be identified by its protocol, port or IP address as these may an Endpoint.
change over the lifetime of an Endpoint.
Every operation performed by an Endpoint or Client on a resource Every operation performed by an Endpoint on a resource directory
directory SHOULD be mutually authenticated using Pre-Shared Key, Raw SHOULD be mutually authenticated using Pre-Shared Key, Raw Public Key
Public Key or Certificate based security. or Certificate based security.
Consider the following threat: two devices A and B are managed by a Consider the following threat: two devices A and B are registered at
single server. Both devices have unique, per-device credentials for a single server. Both devices have unique, per-device credentials
use with DTLS to make sure that only parties with authorization to for use with DTLS to make sure that only parties with authorization
access A or B can do so. to access A or B can do so.
Now, imagine that a malicious device A wants to sabotage the device Now, imagine that a malicious device A wants to sabotage the device
B. It uses its credentials during the DTLS exchange. Then, it puts B. It uses its credentials during the DTLS exchange. Then, it
the endpoint name of device B. If the server does not check whether specifies the endpoint name of device B as the name of its own
the identifier provided in the DTLS handshake matches the identifier endpoint in device A. If the server does not check whether the
used at the CoAP layer then it may be inclined to use the endpoint identifier provided in the DTLS handshake matches the identifier used
name for looking up what information to provision to the malicious at the CoAP layer then it may be inclined to use the endpoint name
device. for looking up what information to provision to the malicious device.
Section 9 specifies an example that removes this threat by using an Section 8.3 specifies an example that removes this threat for
Authorization Server for endpoints that have a certificate installed. endpoints that have a certificate installed.
8.2. Access Control 9.2. Access Control
Access control SHOULD be performed separately for the RD Access control SHOULD be performed separately for the RD
registration, Lookup, and group API paths, as different endpoints may registration, Lookup, and group API paths, as different endpoints may
be authorized to register with an RD from those authorized to lookup be authorized to register with an RD from those authorized to lookup
endpoints from the RD. Such access control SHOULD be performed in as endpoints from the RD. Such access control SHOULD be performed in as
fine-grained a level as possible. For example access control for fine-grained a level as possible. For example access control for
lookups could be performed either at the sector, endpoint or resource lookups could be performed either at the sector, endpoint or resource
level. level.
8.3. Denial of Service Attacks 9.3. Denial of Service Attacks
Services that run over UDP unprotected are vulnerable to unknowingly Services that run over UDP unprotected are vulnerable to unknowingly
become part of a DDoS attack as UDP does not require return become part of a DDoS attack as UDP does not require return
routability check. Therefore, an attacker can easily spoof the routability check. Therefore, an attacker can easily spoof the
source IP of the target entity and send requests to such a service source IP of the target entity and send requests to such a service
which would then respond to the target entity. This can be used for which would then respond to the target entity. This can be used for
large-scale DDoS attacks on the target. Especially, if the service large-scale DDoS attacks on the target. Especially, if the service
returns a response that is order of magnitudes larger than the returns a response that is order of magnitudes larger than the
request, the situation becomes even worse as now the attack can be request, the situation becomes even worse as now the attack can be
amplified. DNS servers have been widely used for DDoS amplification amplified. DNS servers have been widely used for DDoS amplification
skipping to change at page 40, line 48 skipping to change at page 43, line 8
implicated in denial-of-service (DoS) attacks since they run on implicated in denial-of-service (DoS) attacks since they run on
unprotected UDP, there is no return routability check, and they can unprotected UDP, there is no return routability check, and they can
have a large amplification factor. The responses from the NTP server have a large amplification factor. The responses from the NTP server
were found to be 19 times larger than the request. A Resource were found to be 19 times larger than the request. A Resource
Directory (RD) which responds to wild-card lookups is potentially Directory (RD) which responds to wild-card lookups is potentially
vulnerable if run with CoAP over UDP. Since there is no return vulnerable if run with CoAP over UDP. Since there is no return
routability check and the responses can be significantly larger than routability check and the responses can be significantly larger than
requests, RDs can unknowingly become part of a DDoS amplification requests, RDs can unknowingly become part of a DDoS amplification
attack. attack.
9. Authorization Server example
When threats may occur as described in Section 8.1, an Authorization
Server (AS) as specified in [I-D.ietf-ace-oauth-authz] can be used to
remove the threat. An authorized registry request to the Resource
Directory (RD) is accompanied by an Access Token that validates the
access of the client to the RD. In this example, the contents of the
Access Token is specified by a CBOR Web Token (CWT) [RFC8392].
Selecting one of the scenarios of
[I-D.ietf-anima-bootstrapping-keyinfra], the registree-ep has a
certificate that has been inserted at manufacturing time. The
contents of the certificate will be used to generate the unique
endpoint name. The certificate is uniquely identified by the
leftmost CNcomponent of the subject name appended with the serial
number. The unique certificate identifier is used as the unique
endpoint name. The same unique identification is used for the
registree-ep and the Commissioning Tool.
The case of using RPK or PSK is outside the scope of this example.
Figure 8 shows the example certificate used to specify the claim
values in the CWT. Serial number 01:02:03:04:05:06:07:08, and CN
field, Fairhair, in the subject field are concatenated to create a
unique certificate identifier: Fairhair-01:02:03:04:05:06:07:08,
which is used in Figure 9 and Figure 10 as "sub" claim and "epn"
claim values respectively.
Certificate: Data:
Version: 3 (0x2)
Serial Number: 01:02:03:04:05:06:07:08
Signature Algorithm: md5WithRSA
Encryption Issuer: C=US, ST=Florida, O=Acme, Inc., OU=Security,
CN=CA
Authority/emailAddress=ca@acme.com
Validity Not Before: Aug 20 12:59:55 2013 GMT
Not After : Aug 20 12:59:55 2013 GMT
Subject: C=US, ST=Florida, O=Acme, Inc., OU=Sales, CN=Fairhair
Subject Public Key
Info: Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit) Modulus (1024 bit):
00:be:5e:6e:f8:2c:c7:8c:07:7e:f0:ab:a5:12:db:
fc:5a:1e:27:ba:49:b0:2c:e1:cb:4b:05:f2:23:09:
77:13:75:57:08:29:45:29:d0:db:8c:06:4b:c3:10:
88:e1:ba:5e:6f:1e:c0:2e:42:82:2b:e4:fa:ba:bc:
45:e9:98:f8:e9:00:84:60:53:a6:11:2e:18:39:6e:
ad:76:3e:75:8d:1e:b1:b2:1e:07:97:7f:49:31:35:
25:55:0a:28:11:20:a6:7d:85:76:f7:9f:c4:66:90:
e6:2d:ce:73:45:66:be:56:aa:ee:93:ae:10:f9:ba:
24:fe:38:d0:f0:23:d7:a1:3b
Exponent: 65537 (0x10001)
Figure 8: Sample X.509 version 3 certificate for Fairhair device
issued by the Acme corporation.
Three sections for as many authorized RD registration scenarios
describe: (1) the registree-ep registers itself with the RD, (2) a
3rd party Commissioning Tool (CT) registers the registree-ep with the
RD, and (3) A client updates multiple links in an RD.
9.1. Registree-ep registers with RD
The registree-ep sends a Request to the RD accompanied by a CBOR Web
Token (CWT). To prevent ambiguities, the URI of the authorized
request cannot contain the ep= or the d= parameters which are
specified in the CWT. When these parameters are present in the URI,
the request is rejected with CoAP response code 4.00 (bad request).
The CWT of Figure 9 authorizes the registree-ep to register itself in
the RD by specifying the certificate identifier of the registree-ep
in the sub claim. The same value is assigned to the endpoint name of
the registree-ep in the RD.
The claim set of the CWT is represented in CBOR diagnostic notation
{
/iss/ 1: "coaps://as.example.com", / identifies the AS/
/sub/ 2: "Fairhair_01:02:03:04:05:06:07:08",
/ certificate identifier uniquely identifies registree-ep/
/aud/ 3: "coaps://rd.example.com" / audience is the RD/
}
Figure 9: Claim set of CWT for registering registree-ep
9.2. Third party Commissioning Tool (CT) registers registree-ep with
RD.
The CT sends a Request to the RD accompanied by a CBOR Web Token
(CWT). To prevent ambiguities, the URI of an authorized request
cannot contain the ep= or the d= parameters which are specified in
the CWT. When these parameters are present in the URI, the request
is rejected with CoAP response code 4.00 (bad request). The CWT of
Figure 10 authorizes the CT to register the registree-ep by
specifying the certificate identifier,
Fairhair_08:07:06:05:04:03:02:01, of the CT in the "sub" claim. Next
to the certificate identifier of the CT, the CWT needs to specify the
security identifier of the registree-ep. The new "rd_epn" claim is
used to specify the value of the certificate identifier
Fairhair_01:02:03:04:05:06:07:08, of the registree-ep. The CWT may
contain the optional new "rd_sct" claim to assign a sector name to
the registree-ep.
The claim set is represented in CBOR diagnostic notation
{
/iss/ 1: "coaps://as.example.com", / identifies the AS/
/sub/ 2: "Fairhair_08:07:06:05:04:03:02:01",
/ certificate identifier uniquely identifies CT/
/aud/ 3: "coaps://rd.example.com", / audience is the RD/
/rd_epn/ y: "Fairhair_01:02:03:04:05:06:07:08",
/certificate identifier uniquely identifies registree-ep/
/rd_sct/ z: "my-devices" /optional sector name/
}
Figure 10: Claim set of CWT for registering registree-ep by CT
9.3. Updating multiple links
Appendix A.4 of RD specifies that multiple links can be updated with
a media format to be specified. The updating endpoint sends a
Request to the RD accompanied by a CWT. The "sub" claim of the CWT
contains the certificate identifier of the updating endpoint.
Updating registrations and links cannot not change or delete the
endpoint names. Consequently, the updating endpoint is authorized by
the CWT to change all links of its registrations but cannot delete or
add registrations. The CWT of Figure 9 and Figure 10 authorize an
updating registree-ep or an updating CT respectively.
10. IANA Considerations 10. IANA Considerations
10.1. Resource Types 10.1. Resource Types
IANA is asked to enter the following values into the Resource Type IANA is asked to enter the following values into the Resource Type
(rt=) Link Target Attribute Values subregistry of the Constrained (rt=) Link Target Attribute Values sub-registry of the Constrained
Restful Environments (CoRE) Parameters registry defined in [RFC6690]: Restful Environments (CoRE) Parameters registry defined in [RFC6690]:
+--------------------+----------------------------+-----------------+ +--------------------+----------------------------+-----------------+
| Value | Description | Reference | | Value | Description | Reference |
+--------------------+----------------------------+-----------------+ +--------------------+----------------------------+-----------------+
| core.rd | Directory resource of an | RFCTHIS Section | | core.rd | Directory resource of an | RFCTHIS Section |
| | RD | 5.2 | | | RD | 5.2 |
| core.rd-group | Group directory resource | RFCTHIS Section | | core.rd-group | Group directory resource | RFCTHIS Section |
| | of an RD | 5.2 | | | of an RD | 5.2 |
| core.rd-lookup-res | Resource lookup of an RD | RFCTHIS Section | | core.rd-lookup-res | Resource lookup of an RD | RFCTHIS Section |
skipping to change at page 44, line 26 skipping to change at page 43, line 37
| core.rd-lookup-gp | Group lookup of an RD | RFCTHIS Section | | core.rd-lookup-gp | Group lookup of an RD | RFCTHIS Section |
| | | 5.2 | | | | 5.2 |
| core.rd-ep | Endpoint resource of an RD | RFCTHIS Section | | core.rd-ep | Endpoint resource of an RD | RFCTHIS Section |
| | | 7 | | | | 7 |
| core.rd-gp | Group resource of an RD | RFCTHIS Section | | core.rd-gp | Group resource of an RD | RFCTHIS Section |
| | | 7 | | | | 7 |
+--------------------+----------------------------+-----------------+ +--------------------+----------------------------+-----------------+
10.2. IPv6 ND Resource Directory Address Option 10.2. IPv6 ND Resource Directory Address Option
This document registers one new ND option type under the subregistry This document registers one new ND option type under the sub-registry
"IPv6 Neighbor Discovery Option Formats": "IPv6 Neighbor Discovery Option Formats":
o Resource Directory address Option (38) o Resource Directory address Option (38)
10.3. RD Parameter Registry 10.3. RD Parameter Registry
This specification defines a new sub-registry for registration and This specification defines a new sub-registry for registration and
lookup parameters called "RD Parameters" under "CoRE Parameters". lookup parameters called "RD Parameters" under "CoRE Parameters".
Although this specification defines a basic set of parameters, it is Although this specification defines a basic set of parameters, it is
expected that other standards that make use of this interface will expected that other standards that make use of this interface will
skipping to change at page 46, line 4 skipping to change at page 45, line 34
| Endpoint | et | | RLA | Semantic name of the | | Endpoint | et | | RLA | Semantic name of the |
| Type | | | | endpoint (see | | Type | | | | endpoint (see |
| | | | | Section 10.4) | | | | | | Section 10.4) |
+--------------+-------+---------------+-----+----------------------+ +--------------+-------+---------------+-----+----------------------+
Table 2: RD Parameters Table 2: RD Parameters
(Short: Short name used in query parameters or link attributes. Use: (Short: Short name used in query parameters or link attributes. Use:
R = used at registration, L = used at lookup, A = expressed in link R = used at registration, L = used at lookup, A = expressed in link
attribute attribute
The descriptions for the options defined in this document are only The descriptions for the options defined in this document are only
summarized here. To which registrations they apply and when they are summarized here. To which registrations they apply and when they are
to be shown is described in the respective sections of this document. to be shown is described in the respective sections of this document.
The IANA policy for future additions to the sub-registry is "Expert The IANA policy for future additions to the sub-registry is "Expert
Review" as described in [RFC8126]. The evaluation should consider Review" as described in [RFC8126]. The evaluation should consider
formal criteria, duplication of functionality (Is the new entry formal criteria, duplication of functionality (Is the new entry
redundant with an existing one?), topical suitability (Eg. is the redundant with an existing one?), topical suitability (E.g. is the
described property actually a property of the endpoint and not a described property actually a property of the endpoint and not a
property of a particular resource, in which case it should go into property of a particular resource, in which case it should go into
the payload of the registration and need not be registered?), and the the payload of the registration and need not be registered?), and the
potential for conflict with commonly used link attributes (For potential for conflict with commonly used link attributes (For
example, "if" could be used as a parameter for conditional example, "if" could be used as a parameter for conditional
registration if it were not to be used in lookup or attributes, but registration if it were not to be used in lookup or attributes, but
would make a bad parameter for lookup, because a resource lookup with would make a bad parameter for lookup, because a resource lookup with
an "if" query parameter could ambiguously filter by the registered an "if" query parameter could ambiguously filter by the registered
endpoint property or the [RFC6690] link attribute). It is expected endpoint property or the [RFC6690] link attribute). It is expected
that the registry will receive between 5 and 50 registrations in that the registry will receive between 5 and 50 registrations in
total over the next years. total over the next years.
10.3.1. Full description of the "Endpoint Type" Registration Parameter 10.3.1. Full description of the "Endpoint Type" Registration Parameter
An endpoint registering at an RD can describe itself with endpoint An endpoint registering at an RD can describe itself with endpoint
types, similar to how resources are described with Resource Types in types, similar to how resources are described with Resource Types in
[RFC6690]. An endpoint type is expressed as a string, which can be [RFC6690]. An endpoint type is expressed as a string, which can be
either a URI or one of the values defined in the Endpoint Type either a URI or one of the values defined in the Endpoint Type sub-
subregistry. Endpoint types can be passed in the "et" query registry. Endpoint types can be passed in the "et" query parameter
parameter as part of extra-attrs at the Registration step, are shown as part of extra-attrs at the Registration step, are shown on
on endpoint lookups using the "et" target attribute, and can be endpoint lookups using the "et" target attribute, and can be filtered
filtered for using "et" as a search criterion in resource and for using "et" as a search criterion in resource and endpoint lookup.
endpoint lookup. Multiple endpoint types are given as separate query Multiple endpoint types are given as separate query parameters or
parameters or link attributes. link attributes.
Note that Endpoint Type differs from Resource Type in that it uses Note that Endpoint Type differs from Resource Type in that it uses
multiple attributes rather than space separated values. As a result, multiple attributes rather than space separated values. As a result,
Resource Directory implementations automatically support correct Resource Directory implementations automatically support correct
filtering in the lookup interfaces from the rules for unknown filtering in the lookup interfaces from the rules for unknown
endpoint attributes. endpoint attributes.
10.4. "Endpoint Type" (et=) RD Parameter values 10.4. "Endpoint Type" (et=) RD Parameter values
This specification establishes a new sub-registry under "CoRE This specification establishes a new sub-registry under "CoRE
skipping to change at page 47, line 39 skipping to change at page 47, line 23
beyond a single network, it has come from the Internetwork Control beyond a single network, it has come from the Internetwork Control
Block (224.0.1.x, RFC 5771). Block (224.0.1.x, RFC 5771).
IPv6 - "all CoRE resource directories" address MCD1 (suggestions IPv6 - "all CoRE resource directories" address MCD1 (suggestions
FF0X::FE), from the "IPv6 Multicast Address Space Registry", in the FF0X::FE), from the "IPv6 Multicast Address Space Registry", in the
"Variable Scope Multicast Addresses" space (RFC 3307). Note that "Variable Scope Multicast Addresses" space (RFC 3307). Note that
there is a distinct multicast address for each scope that interested there is a distinct multicast address for each scope that interested
CoAP nodes should listen to; CoAP needs the Link-Local and Site-Local CoAP nodes should listen to; CoAP needs the Link-Local and Site-Local
scopes only. scopes only.
10.6. CBOR Web Token claims
This specification registers the following new claims in the CBOR Web
Token (CWT) registry of CBOR Web Token Claims:
Claim "rd_epn"
o Claim Name: "rd_epn"
o Claim Description: The endpoint name of the RD entry as described
in Section 9 of RFCTHIS.
o JWT Claim Name: N/A
o Claim Key: y
o Claim Value Type(s): 0 (uint), 2 (byte string), 3 (text string)
o Change Controller: IESG
o Specification Document(s): Section 9 of RFCTHIS
Claim "rd_sct"
o Claim Name: "rd_sct"
o Claim Description: The sector name of the RD entry as described in
Section 9 of RFCTHIS.
o JWT Claim Name: N/A
o Claim Key: z
o Claim Value Type(s): 0 (uint), 2 (byte string), 3 (text string)
o Change Controller: IESG
o Specification Document(s): Section 9 of RFCTHIS
Mapping of claim name to CWT key
+----------------+----------+-------------+
| Parameter name | CBOR key | Value type |
+----------------+----------+-------------+
| rd_epn | y | Text string |
| rd_sct | z | Text string |
+----------------+----------+-------------+
11. Examples 11. Examples
Two examples are presented: a Lighting Installation example in Two examples are presented: a Lighting Installation example in
Section 11.1 and a LWM2M example in Section 11.2. Section 11.1 and a LWM2M example in Section 11.2.
11.1. Lighting Installation 11.1. Lighting Installation
This example shows a simplified lighting installation which makes use This example shows a simplified lighting installation which makes use
of the Resource Directory (RD) with a CoAP interface to facilitate of the Resource Directory (RD) with a CoAP interface to facilitate
the installation and start up of the application code in the lights the installation and start up of the application code in the lights
skipping to change at page 56, line 48 skipping to change at page 55, line 32
Oscar Novo, Srdjan Krco, Szymon Sasin, Kerry Lynn, Esko Dijk, Anders Oscar Novo, Srdjan Krco, Szymon Sasin, Kerry Lynn, Esko Dijk, Anders
Brandt, Matthieu Vial, Jim Schaad, Mohit Sethi, Hauke Petersen, Brandt, Matthieu Vial, Jim Schaad, Mohit Sethi, Hauke Petersen,
Hannes Tschofenig, Sampo Ukkola, Linyi Tian, and Jan Newmarch have Hannes Tschofenig, Sampo Ukkola, Linyi Tian, and Jan Newmarch have
provided helpful comments, discussions and ideas to improve and shape provided helpful comments, discussions and ideas to improve and shape
this document. Zach would also like to thank his colleagues from the this document. Zach would also like to thank his colleagues from the
EU FP7 SENSEI project, where many of the resource directory concepts EU FP7 SENSEI project, where many of the resource directory concepts
were originally developed. were originally developed.
13. Changelog 13. Changelog
changes from -13 to -14 changes from -14 to -15
o Rewrite of section "Security policies"
o Clarify that the "base" parameter text applies both to relative
references both in anchor and href
o Renamed "Registree-EP" to Registrant-EP"
o Talk of "relative references" and "URIs" rather than "relative"
and "absolute" URIs. (The concept of "absolute URIs" of [RFC3986]
is not needed in RD).
o Fixed examples
o Editorial changes
changes from -13 to -14
o Rename "registration context" to "registration base URI" (and o Rename "registration context" to "registration base URI" (and
"con" to "base") and "domain" to "sector" (where the abbreviation "con" to "base") and "domain" to "sector" (where the abbreviation
"d" stays for compatibility reasons) "d" stays for compatibility reasons)
o Introduced resource types core.rd-ep and core.rd-gp o Introduced resource types core.rd-ep and core.rd-gp
o Registration management moved to appendix A, including endpoint o Registration management moved to appendix A, including endpoint
and group lookup and group lookup
o Minor editorial changes o Minor editorial changes
skipping to change at page 64, line 19 skipping to change at page 63, line 19
[I-D.bormann-t2trg-rel-impl] [I-D.bormann-t2trg-rel-impl]
Bormann, C., "impl-info: A link relation type for Bormann, C., "impl-info: A link relation type for
disclosing implementation information", draft-bormann- disclosing implementation information", draft-bormann-
t2trg-rel-impl-00 (work in progress), January 2018. t2trg-rel-impl-00 (work in progress), January 2018.
[I-D.ietf-ace-oauth-authz] [I-D.ietf-ace-oauth-authz]
Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and
H. Tschofenig, "Authentication and Authorization for H. Tschofenig, "Authentication and Authorization for
Constrained Environments (ACE) using the OAuth 2.0 Constrained Environments (ACE) using the OAuth 2.0
Framework (ACE-OAuth)", draft-ietf-ace-oauth-authz-12 Framework (ACE-OAuth)", draft-ietf-ace-oauth-authz-16
(work in progress), May 2018. (work in progress), October 2018.
[I-D.ietf-anima-bootstrapping-keyinfra] [I-D.ietf-anima-bootstrapping-keyinfra]
Pritikin, M., Richardson, M., Behringer, M., Bjarnason, Pritikin, M., Richardson, M., Behringer, M., Bjarnason,
S., and K. Watsen, "Bootstrapping Remote Secure Key S., and K. Watsen, "Bootstrapping Remote Secure Key
Infrastructures (BRSKI)", draft-ietf-anima-bootstrapping- Infrastructures (BRSKI)", draft-ietf-anima-bootstrapping-
keyinfra-16 (work in progress), June 2018. keyinfra-16 (work in progress), June 2018.
[I-D.silverajan-core-coap-protocol-negotiation] [I-D.silverajan-core-coap-protocol-negotiation]
Silverajan, B. and M. Ocak, "CoAP Protocol Negotiation", Silverajan, B. and M. Ocak, "CoAP Protocol Negotiation",
draft-silverajan-core-coap-protocol-negotiation-08 (work draft-silverajan-core-coap-protocol-negotiation-09 (work
in progress), March 2018. in progress), July 2018.
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
Transfer Protocol -- HTTP/1.1", RFC 2616, Transfer Protocol -- HTTP/1.1", RFC 2616,
DOI 10.17487/RFC2616, June 1999, DOI 10.17487/RFC2616, June 1999,
<https://www.rfc-editor.org/info/rfc2616>. <https://www.rfc-editor.org/info/rfc2616>.
[RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C. [RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C.
Bormann, "Neighbor Discovery Optimization for IPv6 over Bormann, "Neighbor Discovery Optimization for IPv6 over
Low-Power Wireless Personal Area Networks (6LoWPANs)", Low-Power Wireless Personal Area Networks (6LoWPANs)",
skipping to change at page 65, line 37 skipping to change at page 64, line 37
<https://www.rfc-editor.org/info/rfc8288>. <https://www.rfc-editor.org/info/rfc8288>.
[RFC8392] Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig, [RFC8392] Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig,
"CBOR Web Token (CWT)", RFC 8392, DOI 10.17487/RFC8392, "CBOR Web Token (CWT)", RFC 8392, DOI 10.17487/RFC8392,
May 2018, <https://www.rfc-editor.org/info/rfc8392>. May 2018, <https://www.rfc-editor.org/info/rfc8392>.
Appendix A. Registration Management Appendix A. Registration Management
This section describes how the registering endpoint can maintain the This section describes how the registering endpoint can maintain the
registries that it created. The registering endpoint can be the registries that it created. The registering endpoint can be the
registree-ep or the CT. An endpoint SHOULD NOT use this interface registrant-ep or the CT. An endpoint SHOULD NOT use this interface
for registries that it did not create. The registries are resources for registries that it did not create. The registries are resources
of the RD. of the RD.
After the initial registration, the registering endpoint retains the After the initial registration, the registering endpoint retains the
returned location of the Registration Resource for further returned location of the Registration Resource for further
operations, including refreshing the registration in order to extend operations, including refreshing the registration in order to extend
the lifetime and "keep-alive" the registration. When the lifetime of the lifetime and "keep-alive" the registration. When the lifetime of
the registration has expired, the RD SHOULD NOT respond to discovery the registration has expired, the RD SHOULD NOT respond to discovery
queries concerning this endpoint. The RD SHOULD continue to provide queries concerning this endpoint. The RD SHOULD continue to provide
access to the Registration Resource after a registration time-out access to the Registration Resource after a registration time-out
skipping to change at page 66, line 29 skipping to change at page 65, line 29
parameters "lt", "base" as in Section 5.3. Parameters that are not parameters "lt", "base" as in Section 5.3. Parameters that are not
being changed SHOULD NOT be included in an update. Adding parameters being changed SHOULD NOT be included in an update. Adding parameters
that have not changed increases the size of the message but does not that have not changed increases the size of the message but does not
have any other implications. Parameters MUST be included as query have any other implications. Parameters MUST be included as query
parameters in an update operation as in Section 5.3. parameters in an update operation as in Section 5.3.
A registration update resets the timeout of the registration to the A registration update resets the timeout of the registration to the
(possibly updated) lifetime of the registration, independent of (possibly updated) lifetime of the registration, independent of
whether a "lt" parameter was given. whether a "lt" parameter was given.
If the context of the registration is changed in an update explicitly If the context of the registration is changed in an update, relative
or implicitly, relative references submitted in the original references submitted in the original registration or later updates
registration or later updates are resolved anew against the new are resolved anew against the new context.
context (like in the original registration).
The registration update operation only describes the use of POST with The registration update operation only describes the use of POST with
an empty payload. Future standards might describe the semantics of an empty payload. Future standards might describe the semantics of
using content formats and payloads with the POST method to update the using content formats and payloads with the POST method to update the
links of a registration (see Appendix A.4). links of a registration (see Appendix A.4).
The update registration request interface is specified as follows: The update registration request interface is specified as follows:
Interaction: EP -> RD Interaction: EP -> RD
skipping to change at page 67, line 10 skipping to change at page 66, line 7
URI Template Variables: URI Template Variables:
location := This is the Location returned by the RD as a result location := This is the Location returned by the RD as a result
of a successful earlier registration. of a successful earlier registration.
lt := Lifetime (optional). Lifetime of the registration in lt := Lifetime (optional). Lifetime of the registration in
seconds. Range of 60-4294967295. If no lifetime is included, seconds. Range of 60-4294967295. If no lifetime is included,
the previous last lifetime set on a previous update or the the previous last lifetime set on a previous update or the
original registration (falling back to 90000) SHOULD be used. original registration (falling back to 90000) SHOULD be used.
base := Base URI (optional). This parameter updates the context base := Base URI (optional). This parameter updates the Base URI
established in the original registration to a new value. If established in the original registration to a new value. If
the parameter is set in an update, it is stored by the RD as the parameter is set in an update, it is stored by the RD as
the new Base URI under which to interpret the links of the the new Base URI under which to interpret the relative links
registration, following the same restrictions as in the present in the payload of the original registration, following
registration. If the parameter is not set and was set the same restrictions as in the registration. If the parameter
explicitly before, the previous Base URI value is kept is not set in the request but was set before, the previous Base
unmodified. If the parameter is not set and was not set URI value is kept unmodified. If the parameter is not set in
explicitly before either, the source address and source port of the request and was not set before either, the source address
the update request are stored as the Base URI. and source port of the update request are stored as the Base
URI.
extra-attrs := Additional registration attributes (optional). As extra-attrs := Additional registration attributes (optional). As
with the registration, the RD processes them if it knows their with the registration, the RD processes them if it knows their
semantics. Otherwise, unknown attributes are stored as semantics. Otherwise, unknown attributes are stored as
endpoint attributes, overriding any previously stored endpoint endpoint attributes, overriding any previously stored endpoint
attributes of the same key. attributes of the same key.
Content-Format: none (no payload) Content-Format: none (no payload)
The following response codes are defined for this interface: The following response codes are defined for this interface:
skipping to change at page 67, line 49 skipping to change at page 66, line 47
Failure: 5.03 "Service Unavailable" or 503 "Service Unavailable". Failure: 5.03 "Service Unavailable" or 503 "Service Unavailable".
Service could not perform the operation. Service could not perform the operation.
HTTP support: YES HTTP support: YES
If the registration update fails with a "Service Unavailable" If the registration update fails with a "Service Unavailable"
response and a Max-Age option or Retry-After header, the registering response and a Max-Age option or Retry-After header, the registering
endpoint SHOULD retry the operation after the time indicated. If the endpoint SHOULD retry the operation after the time indicated. If the
registration fails in another way, including request timeouts, or if registration fails in another way, including request timeouts, or if
the time indicated excedes the remaining lifetime, the registering the time indicated exceeds the remaining lifetime, the registering
endpoint SHOULD attempt registration again. endpoint SHOULD attempt registration again.
The following example shows the registering endpoint updates its The following example shows how the registering endpoint updates its
registration resource at an RD using this interface with the example registration resource at an RD using this interface with the example
location value: /rd/4521. location value: /rd/4521.
Req: POST /rd/4521 Req: POST /rd/4521
Res: 2.04 Changed Res: 2.04 Changed
The following example shows the registering endpoint updating its The following example shows the registering endpoint updating its
registration resource at an RD using this interface with the example registration resource at an RD using this interface with the example
location value: /rd/4521. The initial registration by the location value: /rd/4521. The initial registration by the
registering endpoint set the following values: registering endpoint set the following values:
o endpoint name (ep)=endpoint1 o endpoint name (ep)=endpoint1
o lifetime (lt)=500 o lifetime (lt)=500
o context (con)=coap://local-proxy-old.example.com:5683 o Base URI (base)=coap://local-proxy-old.example.com:5683
o payload of Figure 7 o payload of Figure 7
The initial state of the Resource Directory is reflected in the The initial state of the Resource Directory is reflected in the
following request: following request:
Req: GET /rd-lookup/res?ep=endpoint1 Req: GET /rd-lookup/res?ep=endpoint1
Res: 2.01 Content Res: 2.01 Content
Payload: Payload:
<coap://local-proxy-old.example.com:5683/sensors/temp>;ct=41; <coap://local-proxy-old.example.com:5683/sensors/temp>;ct=41;
rt="temperature"; anchor="coap://spurious.example.com:5683", rt="temperature"; anchor="coap://spurious.example.com:5683",
<coap://local-proxy-old.example.com:5683/sensors/light>;ct=41; <coap://local-proxy-old.example.com:5683/sensors/light>;ct=41;
rt="light-lux"; if="sensor"; rt="light-lux"; if="sensor";
anchor="coap://local-proxy-old.example.com:5683" anchor="coap://local-proxy-old.example.com:5683"
The following example shows the registering endpoint changing the The following example shows the registering endpoint changing the
context to "coaps://new.example.com:5684": Base URI to "coaps://new.example.com:5684":
Req: POST /rd/4521?con=coaps://new.example.com:5684 Req: POST /rd/4521?base=coaps://new.example.com:5684
Res: 2.04 Changed Res: 2.04 Changed
The consecutive query returns: The consecutive query returns:
Req: GET /rd-lookup/res?ep=endpoint1 Req: GET /rd-lookup/res?ep=endpoint1
Res: 2.01 Content Res: 2.01 Content
Payload: Payload:
<coaps://new.example.com:5684/sensors/temp>;ct=41;rt="temperature"; <coaps://new.example.com:5684/sensors/temp>;ct=41;rt="temperature";
skipping to change at page 72, line 16 skipping to change at page 71, line 16
attempt to dereference or manipulate them. attempt to dereference or manipulate them.
A Resource Directory can report endpoints or groups in lookup that A Resource Directory can report endpoints or groups in lookup that
are not hosted at the same address. Lookup clients MUST be prepared are not hosted at the same address. Lookup clients MUST be prepared
to see arbitrary URIs as registration or group resources in the to see arbitrary URIs as registration or group resources in the
results and treat them as opaque identifiers; the precise semantics results and treat them as opaque identifiers; the precise semantics
of such links are left to future specifications. of such links are left to future specifications.
For groups, a Resource Directory as specified here does not provide a For groups, a Resource Directory as specified here does not provide a
lookup mechanism for the resources that can be accessed on a group's lookup mechanism for the resources that can be accessed on a group's
multicast address (ie. no lookup will return links like multicast address (i.e. no lookup will return links like
"<coap://[ff35:30:2001:db8::1]/light>;..." for a group registered "<coap://[ff35:30:2001:db8::1]/light>;..." for a group registered
with "base=coap://[ff35...]"). Such an additional lookup interface with "base=coap://[ff35...]"). Such an additional lookup interface
could be specified in an extension document. could be specified in an extension document.
The following example shows a client performing an endpoint type (et) The following example shows a client performing an endpoint type (et)
lookup with the value oic.d.sensor (which is currently a registered lookup with the value oic.d.sensor (which is currently a registered
rt value): rt value):
Req: GET /rd-lookup/ep?et=oic.d.sensor Req: GET /rd-lookup/ep?et=oic.d.sensor
skipping to change at page 73, line 36 skipping to change at page 72, line 36
GET coap://[ff02::fd]:5683/.well-known/core?rt=temperature GET coap://[ff02::fd]:5683/.well-known/core?rt=temperature
RES 2.05 Content RES 2.05 Content
</temp>;rt=temperature;ct=0 </temp>;rt=temperature;ct=0
where the response is sent by the server, "[2001:db8:f0::1]:5683". where the response is sent by the server, "[2001:db8:f0::1]:5683".
While the client - on the practical or implementation side - can just While the client - on the practical or implementation side - can just
go ahead and create a new request to "[2001:db8:f0::1]:5683" with go ahead and create a new request to "[2001:db8:f0::1]:5683" with
Uri-Path: "temp", the full resolution steps without any shortcuts Uri-Path: "temp", the full resolution steps for insertion into and
are: retrieval from the RD without any shortcuts are:
B.1.1. Resolving the URIs B.1.1. Resolving the URIs
The client parses the single returned record. The link's target The client parses the single returned record. The link's target
(sometimes called "href") is ""/temp"", which is a relative URI that (sometimes called "href") is ""/temp"", which is a relative URI that
needs resolving. As long as all involved links follow the needs resolving. As long as all involved links follow the
restrictions set forth for this document (see Appendix B.4), the base restrictions set forth for this document (see Appendix B.4), the base
URI to resolve this against the requested URI. URI <coap://[ff02::fd]:5683/.well-known/core> is used to resolve the
reference /temp against.
The URI of the requested resource can be composed by following the The Base URI of the requested resource can be composed from the
steps of [RFC7252] section 6.5 (with an addition at the end of 8.2) header options of the CoAP GET request by following the steps of
into ""coap://[2001:db8:f0::1]/.well-known/core"". [RFC7252] section 6.5 (with an addition at the end of 8.2) into
""coap://[2001:db8:f0::1]/.well-known/core"".
The record's target is resolved by replacing the path ""/.well-known/ The record's target is resolved by replacing the path ""/.well-known/
core"" from the Base URI (section 5.2 [RFC3986]) with the relative core"" from the Base URI (section 5.2 [RFC3986]) with the relative
target URI ""/temp"" into ""coap://[2001:db8:f0::1]/temp"". target URI ""/temp"" into ""coap://[2001:db8:f0::1]/temp"".
B.1.2. Interpreting attributes and relations B.1.2. Interpreting attributes and relations
Some more information but the record's target can be obtained from Some more information but the record's target can be obtained from
the payload: the resource type of the target is "temperature", and the payload: the resource type of the target is "temperature", and
its content type is text/plain (ct=0). its content type is text/plain (ct=0).
A relation in a web link is a three-part statement that the context A relation in a web link is a three-part statement that specifies a
resource has a named relation to the target resource, like "_This named relation between the so-called "context resource" and the
page_ has _its table of contents_ at _/toc.html_". In [RFC6690] target resource, like "_This page_ has _its table of contents_ at _/
link-format documents, there is an implicit "host relation" specified toc.html_". In [RFC6690] link-format documents, there is an implicit
with default parameter: rel="hosts". "host relation" specified with default parameter: rel="hosts".
In our example, the context of the link is the URI of the requested In our example, the context resource of the link is the URI specified
document itself. A full English expression of the "host relation" in the GET request "coap:://[2001:db8:f0::1]/.well-known/core". A
is: full English expression of the "host relation" is:
'"coap://[2001:db8:f0::1]/.well-known/core" is hosting the resource '"coap://[2001:db8:f0::1]/.well-known/core" is hosting the resource
"coap://[2001:db8:f0::1]/temp", which is of the resource type "coap://[2001:db8:f0::1]/temp", which is of the resource type
"temperature" and can be accessed using the text/plain content "temperature" and can be accessed using the text/plain content
format.' format.'
B.2. A slightly more complex example B.2. A slightly more complex example
Omitting the "rt=temperature" filter, the discovery query would have Omitting the "rt=temperature" filter, the discovery query would have
given some more records in the payload: given some more records in the payload:
GET coap://[ff02::fd]:5683/.well-known/core
RES 2.05 Content
</temp>;rt=temperature;ct=0, </temp>;rt=temperature;ct=0,
</light>;rt=light-lux;ct=0, </light>;rt=light-lux;ct=0,
</t>;anchor="/sensors/temp";rel=alternate, </t>;anchor="/sensors/temp";rel=alternate,
<http://www.example.com/sensors/t123>;anchor="/sensors/temp"; <http://www.example.com/sensors/t123>;anchor="/sensors/temp";
rel="describedby" rel="describedby"
Parsing the third record, the client encounters the "anchor" Parsing the third record, the client encounters the "anchor"
parameter. It is a URI relative to the document's Base URI and is parameter. It is a URI relative to the Base URI of the request and
thus resolved to ""coap://[2001:db8:f0::1]/sensors/temp"". That is is thus resolved to ""coap://[2001:db8:f0::1]/sensors/temp"". That
the context resource of the link, so the "rel" statement is not about is the context resource of the link, so the "rel" statement is not
the target and the document Base URI any more, but about the target about the target and the Base URI any more, but about the target and
and that address. the resolved URI. Thus, the third record could be read as
Thus, the third record could be read as
""coap://[2001:db8:f0::1]/sensors/temp" has an alternate ""coap://[2001:db8:f0::1]/sensors/temp" has an alternate
representation at "coap://[2001:db8:f0::1]/t"". representation at "coap://[2001:db8:f0::1]/t"".
The fourth record can be read as ""coap://[2001:db8:f0::1]/sensors/ Following the same resolution steps, the fourth record can be read as
temp" is described by "http://www.example.com/sensors/t123"". ""coap://[2001:db8:f0::1]/sensors/temp" is described by
"http://www.example.com/sensors/t123"".
B.3. Enter the Resource Directory B.3. Enter the Resource Directory
The resource directory tries to carry the semantics obtainable by The resource directory tries to carry the semantics obtainable by
classical CoAP discovery over to the resource lookup interface as classical CoAP discovery over to the resource lookup interface as
faithfully as possible. faithfully as possible.
For the following queries, we will assume that the simple host has For the following queries, we will assume that the simple host has
used Simple Registration to register at the resource directory that used Simple Registration to register at the resource directory that
was announced to it, sending this request from its UDP port was announced to it, sending this request from its UDP port
"[2001:db8:f0::1]:6553": "[2001:db8:f0::1]:6553":
POST coap://[2001:db8:f01::ff]/.well-known/core?ep=simple-host1 POST coap://[2001:db8:f01::ff]/.well-known/core?ep=simple-host1
The resource directory would have accepted the registration, and The resource directory would have accepted the registration, and
queried the simple host's ".well-known/core" by itself. As a result, queried the simple host's ".well-known/core" by itself. As a result,
the host is registered as an endpoint in the RD with the name the host is registered as an endpoint in the RD with the name
"simple-host1". The registration is active for 90000 seconds, and "simple-host1". The registration is active for 90000 seconds, and
the endpoint registration Base URI is ""coap://[2001:db8:f0::1]/"" the endpoint registration Base URI is ""coap://[2001:db8:f0::1]/""
because that is the address the registration was sent from (and no following the resolution steps described in Appendix B.1.1. It
explicit "con=" was given). should be remarked that the Base URI constructed that way always
yields a URI of the form: scheme://authority without path suffix.
If the client now queries the RD as it would previously have issued a If the client now queries the RD as it would previously have issued a
multicast request, it would go through the RD discovery steps by multicast request, it would go through the RD discovery steps by
fetching "coap://[2001:db8:f0::ff]/.well-known/core?rt=core.rd- fetching "coap://[2001:db8:f0::ff]/.well-known/core?rt=core.rd-
lookup-res", obtain "coap://[2001:db8:f0::ff]/rd-lookup/res" as the lookup-res", obtain "coap://[2001:db8:f0::ff]/rd-lookup/res" as the
resource lookup endpoint, and issue a request to resource lookup endpoint, and issue a request to
"coap://[2001:db8:f0::ff]/rd-lookup/res?rt=temperature" to receive "coap://[2001:db8:f0::ff]/rd-lookup/res?rt=temperature" to receive
the following data: the following data:
<coap://[2001:db8:f0::1]/temp>;rt=temperature;ct=0; <coap://[2001:db8:f0::1]/temp>;rt=temperature;ct=0;
anchor="coap://[2001:db8:f0::1]" anchor="coap://[2001:db8:f0::1]"
This is not _literally_ the same response that it would have received This is not _literally_ the same response that it would have received
from a multicast request, but it would contain the (almost) same from a multicast request, but it contains the equivalent statement:
statement:
'"coap://[2001:db8:f0::1]" is hosting the resource '"coap://[2001:db8:f0::1]" is hosting the resource
"coap://[2001:db8:f0::1]/temp", which is of the resource type "coap://[2001:db8:f0::1]/temp", which is of the resource type
"temperature" and can be accessed using the text/plain content "temperature" and can be accessed using the text/plain content
format.' format.'
(The difference is whether "/" or "/.well-known/core" hosts the (The difference is whether "/" or "/.well-known/core" hosts the
resources, which is subject of ongoing discussion about RFC6690). resources, which is subject of ongoing discussion about RFC6690).
Actually, /.well-known/core does NOT host the resource but stores a
URI reference to the resource.
To complete the examples, the client could also query all resources To complete the examples, the client could also query all resources
hosted at the endpoint with the known endpoint name "simple-host1". hosted at the endpoint with the known endpoint name "simple-host1".
A request to "coap://[2001:db8:f0::ff]/rd-lookup/res?ep=simple-host1" A request to "coap://[2001:db8:f0::ff]/rd-lookup/res?ep=simple-host1"
would return would return
<coap://[2001:db8:f0::1]/temp>;rt=temperature;ct=0; <coap://[2001:db8:f0::1]/temp>;rt=temperature;ct=0;
anchor="coap://[2001:db8:f0::1]", anchor="coap://[2001:db8:f0::1]",
<coap://[2001:db8:f0::1]/light>;rt=light-lux;ct=0; <coap://[2001:db8:f0::1]/light>;rt=light-lux;ct=0;
anchor="coap://[2001:db8:f0::1]", anchor="coap://[2001:db8:f0::1]",
<coap://[2001:db8:f0::1]/t>; <coap://[2001:db8:f0::1]/t>;
anchor="coap://[2001:db8:f0::1]/sensors/temp";rel=alternate, anchor="coap://[2001:db8:f0::1]/sensors/temp";rel=alternate,
<http://www.example.com/sensors/t123>; <http://www.example.com/sensors/t123>;
anchor="coap://[2001:db8:f0::1]/sensors/temp";rel="describedby" anchor="coap://[2001:db8:f0::1]/sensors/temp";rel="describedby"
All the target and anchor references are already in absolute form All the target and anchor references are already in absolute form
there, which don't need to be resolved any further. there, which don't need to be resolved any further.
Had the simple host registered with an explicit context (eg. Had the simple host registered with a base= parameter (e.g.
"?ep=simple-host1&con=coap+tcp://simple-host1.example.com"), that "?ep=simple-host1&base=coap+tcp://simple-host1.example.com"), that
context would have been used to resolve the relative anchor values context would have been used to resolve the relative anchor values
instead, giving instead, giving
<coap+tcp://simple-host1.example.com/temp>;rt=temperature;ct=0; <coap+tcp://simple-host1.example.com/temp>;rt=temperature;ct=0;
anchor="coap+tcp://simple-host1.example.com" anchor="coap+tcp://simple-host1.example.com"
and analogous records. and analogous records.
B.4. A note on differences between link-format and Link headers B.4. A note on differences between link-format and Link headers
While link-format and Link headers look very similar and are based on While link-format and Link headers look very similar and are based on
the same model of typed links, there are some differences between the same model of typed links, there are some differences between
[RFC6690] and [RFC5988], which are dealt with differently: [RFC6690] and [RFC5988], which are dealt with differently:
o "Resolving the target against the anchor": [RFC6690] Section 2.1 o "Resolving the target against the anchor": [RFC6690] Section 2.1
states that the anchor of a link is used as the Base URI against states that the anchor of a link is used as the Base URI against
which the term inside the angle brackets (the target) is resolved, which the term inside the angle brackets (the target) is resolved,
falling back to the resource's URI with paths stripped off (its falling back to the resource's URI with paths stripped off (its
"Origin"). [RFC8288] Section B.2 describes that the anchor is "Origin"). In contrast to that, [RFC8288] Section B.2 describes
immaterial to the resolution of the target reference. that the anchor is immaterial to the resolution of the target
reference.
RFC6690, in the same section, also states that absent anchors set RFC6690, in the same section, also states that absent anchors set
the context of the link to the target's URI with its path stripped the context of the link to the target's URI with its path stripped
off, while according to [RFC8288] Section 3.2, the context is the off, while according to [RFC8288] Section 3.2, the context is the
resource's base URI. resource's base URI.
In the context of a Resource Directory, the authors decided not to In the context of a Resource Directory, the authors decided to not
not let this become an issue by requiring that RFC6690 links be let this become an issue by recommending that links in the
serialized in a way that either rule set can be applied and give Resource Directory be _deserializable_ by either rule set to give
the same results. Note that all examples of [RFC6690], [RFC8288] the same results. Note that all examples of [RFC6690], [RFC8288]
and this document comply with that rule. and this document comply with that rule.
The Modernized Link Format is introduced in Appendix D to The Modernized Link Format is introduced in Appendix D to
formalize what it means to apply the ruleset of RFC8288 to Link formalize what it means to apply the ruleset of RFC8288 to Link
Format documents. Format documents.
o There is no percent encoding in link-format documents. o There is no percent encoding in link-format documents.
A link-format document is a UTF-8 encoded string of Unicode A link-format document is a UTF-8 encoded string of Unicode
skipping to change at page 77, line 45 skipping to change at page 76, line 49
The protocol negotiation that is being worked on in The protocol negotiation that is being worked on in
[I-D.silverajan-core-coap-protocol-negotiation] makes use of the [I-D.silverajan-core-coap-protocol-negotiation] makes use of the
Resource Directory. Resource Directory.
Until that document is update to use the latest resource-directory Until that document is update to use the latest resource-directory
specification, here are some examples of protocol negotiation with specification, here are some examples of protocol negotiation with
the current Resource Directory: the current Resource Directory:
An endpoint could register as follows from its address An endpoint could register as follows from its address
"[2001:db8:f1::2]:5683": [2001:db8:f1::2]:5683:
Req: POST coap://rd.example.com/rd?ep=node1 Req: POST coap://rd.example.com/rd?ep=node1
&at=coap+tcp://[2001:db8:f1::2] &at=coap+tcp://[2001:db8:f1::2]
Content-Format: 40 Content-Format: 40
Payload: Payload:
</temperature>;ct=0;rt="temperature";if="core.s" </temperature>;ct=0;rt="temperature";if="core.s"
Res: 2.01 Created Res: 2.01 Created
Location-Path: /rd/1234 Location-Path: /rd/1234
An endpoint lookup would just reflect the registered attributes: An endpoint lookup would just reflect the registered attributes:
Req: GET /rd-lookup/ep Req: GET /rd-lookup/ep
Res: 2.05 Content Res: 2.05 Content
</rd/1234>;ep="node1";con="coap://[2001:db8:f1::2]:5683"; </rd/1234>;ep="node1";base="coap://[2001:db8:f1::2]:5683";
at="coap+tcp://[2001:db8:f1::2]" at="coap+tcp://[2001:db8:f1::2]"
A UDP client would then see the following in a resource lookup: A UDP client would then see the following in a resource lookup:
Req: GET /rd-lookup/res?rt=temperature Req: GET /rd-lookup/res?rt=temperature
Res: 2.05 Content Res: 2.05 Content
<coap://[2001:db8:f1::2]/temperature>;ct=0;rt="temperature"; <coap://[2001:db8:f1::2]/temperature>;ct=0;rt="temperature";
if="core.s"; anchor="coap://[2001:db8:f1::2]" if="core.s"; anchor="coap://[2001:db8:f1::2]"
skipping to change at page 78, line 50 skipping to change at page 77, line 50
The CoRE Link Format as described in [RFC6690] is unsuitable for some The CoRE Link Format as described in [RFC6690] is unsuitable for some
use cases of the Resource Directory, and their resolution scheme is use cases of the Resource Directory, and their resolution scheme is
often misunderstood by developers familiar with [RFC8288]. often misunderstood by developers familiar with [RFC8288].
For the correct application of base URIs, we describe the For the correct application of base URIs, we describe the
interpretation of a Link Format document as a Modernized Link Format. interpretation of a Link Format document as a Modernized Link Format.
In Modernized Link Format, the document is processed as in Link In Modernized Link Format, the document is processed as in Link
Format, with the exception of Section 2.1 of [RFC6690]: Format, with the exception of Section 2.1 of [RFC6690]:
o The URI-reference inside angle brackets ("<>") describes the o The URI-reference inside angle brackets ("<>") describes the
target URI of the link. If it is a relative reference, it is target URI of the link.
resolved against the base URI of the document.
o The context of the link is expressed by the "anchor" parameter; if o The context of the link is expressed by the "anchor" parameter.
it is a relative reference, it is resolved against the document's If the anchor attribute is absent, it defaults to the empty
base URI. In absence of the "anchor" attribute, the base URI is reference ("").
the link's context.
o Both these references are resolved according to Section 5 of
[RFC3986].
Content formats derived from [RFC6690] which inherit its resolution Content formats derived from [RFC6690] which inherit its resolution
rules, like JSON and CBOR link format of [I-D.ietf-core-links-json], rules, like JSON and CBOR link format of [I-D.ietf-core-links-json],
can be interpreted in analogy to that. can be interpreted in analogy to that.
For where the Resource Directory is concerned, all common forms of For where the Resource Directory is concerned, all common forms of
links (eg. all the examples of RFC6690) yield identical results. links (e.g. all the examples of RFC6690) yield identical results.
When interpreting data read from ".well-known/core", differences in When interpreting data read from ".well-known/core", differences in
interpretation only affect links where the absent anchor attribute interpretation only affect links where the absent anchor attribute
means "coap://host/" according to RFC6690 and "coap://host/.well- means "coap://host/" according to RFC6690 and "coap://host/.well-
known/core" according to Modernized Link format; those typically only known/core" according to Modernized Link format; those typically only
occur in conjunction with the vaguely defined implicit "hosts" occur in conjunction with the vaguely defined implicit "hosts"
relationship. relationship.
D.1. For endpoint developers D.1. For endpoint developers
When developing endpoints, ie. when generating documents that will be When developing endpoints, i.e. when generating documents that will
submitted to a Resource Directory, the differences between Modernized be submitted to a Resource Directory, the differences between
Link Format and RFC6690 can be ignored as long as all relative Modernized Link Format and RFC6690 can be ignored as long as all
references start with a slash, and any of the following applies: relative references start with a slash, and any of the following
applies:
o There is no anchor attribute, and the context of the link does not o There is no anchor attribute, and the context of the link does not
matter to the application. matter to the application.
Example: "</sensors>;ct=40" Example: "</sensors>;ct=40"
o The anchor is a relative reference. o The anchor is a relative reference.
Example: "</t>;anchor="/sensors/temp";rel="alternate" Example: "</t>;anchor="/sensors/temp";rel="alternate"
 End of changes. 128 change blocks. 
485 lines changed or deleted 443 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/