idnits 2.17.1 draft-hartke-core-pending-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 27, 2017) is 2615 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: 'RFCXXXX' is mentioned on line 201, but not defined == Outdated reference: A later version (-04) exists of draft-vanderstok-ace-coap-est-00 -- Obsolete informational reference (is this intentional?): RFC 7231 (Obsoleted by RFC 9110) Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 CoRE Working Group P. van der Stok 3 Internet-Draft consultant 4 Intended status: Informational K. Hartke 5 Expires: August 31, 2017 Universitaet Bremen TZI 6 February 27, 2017 8 The 'Pending' Response Code for the Constrained Application Protocol 9 (CoAP) 10 draft-hartke-core-pending-00 12 Abstract 14 This document proposes a new CoAP response code, 2.06 Pending. A 15 CoAP server can use this response code to signal that it has accepted 16 the request but has not yet started processing it or that processing 17 the request will take longer than a client is typically willing to 18 wait for a response. A 2.06 response can include status information 19 and indicate a location where the result will become available. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at http://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on August 31, 2017. 38 Copyright Notice 40 Copyright (c) 2017 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (http://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 56 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 57 2. 2.06 Pending . . . . . . . . . . . . . . . . . . . . . . . . 3 58 2.1. Observing Resources . . . . . . . . . . . . . . . . . . . 4 59 3. Security Considerations . . . . . . . . . . . . . . . . . . . 4 60 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 61 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 62 5.1. Normative References . . . . . . . . . . . . . . . . . . 5 63 5.2. Informative References . . . . . . . . . . . . . . . . . 5 64 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 66 1. Introduction 68 The Constrained Application Protocol (CoAP) [RFC7252] is a request/ 69 response protocol not unlike HTTP. CoAP defines no upper bound for 70 the time between a request and the resulting response. E.g., in CoAP 71 over UDP, a server is expected to return an empty Acknowledgement to 72 the client if it cannot provide a response right away, but there is 73 no limit on when the server should return the Separate Response. 75 In particular in the case of requests with long processing times, a 76 CoAP client faces the problem that it cannot easily determine how 77 long it should wait for the response and whether the CoAP server is 78 even still processing the request. Long processing times occur, for 79 example, when requests need manual intervention to authorize their 80 processing, or when they perform a long sequence of remote actions. 81 An example is provided by the "possibly long" authorization request 82 specified in EST-coaps [I-D.vanderstok-ace-coap-est]. 84 This document proposes a new CoAP response code, 2.06 Pending. The 85 semantics of this response code are modelled after the HTTP [RFC7231] 86 202 (Accepted) status code: 88 The 202 (Accepted) status code indicates that the request has been 89 accepted for processing, but the processing has not been 90 completed. The request might or might not eventually be acted 91 upon, as it might be disallowed when processing actually takes 92 place. [...] The representation sent with this response ought to 93 describe the request's current status and point to (or embed) a 94 status monitor that can provide the user with an estimate of when 95 the request will be fulfilled. 97 The 2.06 (Pending) response code is not meant for overload cases, 98 which are better handled by the 5.03 (Service Unavailable) response 99 code. 101 1.1. Terminology 103 Readers are expected to be familiar with the terms and concepts 104 described in [RFC7252] and [RFC7641]. 106 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 107 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 108 "OPTIONAL" in this document are to be interpreted as described in 109 [RFC2119]. 111 2. 2.06 Pending 113 A 2.06 (Pending) response in reply to a GET request indicates that 114 the target resource exists but no representation of the resource is 115 available yet. The Max-Age Option indicates after what time a client 116 should retry its GET request to retrieve the representation. The 117 client MAY observe the resource (see Section 2.1) to be notified when 118 the representation becomes available. 120 A 2.06 (Pending) response in reply to a POST request indicates that 121 the result of processing the request is not available yet, for 122 example, because the server needs more time to process the request 123 than a client is typically willing to wait for a response. The 124 server MAY specify a location using the Location-* options where the 125 result will become available. If the server does not specify a 126 location, the result will become available at the target resource of 127 the POST request. To receive the result, the client MAY poll or 128 observe the resource at the specified location using a GET request. 129 The Max-Age Option indicates how long the client should wait before 130 making the GET request. 132 A 2.06 (Pending) response MAY contain a payload that represents the 133 progress of processing the original request or any other status 134 information. The content format of this representation is specified 135 by the Content-Format Option. 137 A 2.06 (Pending) response is cacheable, but cannot be validated. If 138 it contains Location-* options, it invalidates any cached response 139 for the resource at the specified location; otherwise, it invalidates 140 any cached response for the target resource of the request. 142 As a consequence of being cacheable, a 2.06 (Pending) response in 143 reply to a POST request makes the POST method temporarily idempotent: 144 until Max-Age expires, any POST request with the same cache-key -- be 145 it from the same client or any another client -- can yield the same 146 2.06 (Pending) response. (This is the same behavior as for 4.xx and 147 5.xx error responses in reply to POST requests.) 149 2.1. Observing Resources 151 When a client registers to observe [RFC7641] a resource for which no 152 representation is available yet, the server MAY send one or more 2.06 153 (Pending) notifications before sending the first 2.05 (Content) or 154 2.03 (Valid) notification. The possible resulting sequence of 155 notifications is shown in Figure 1. 157 __________ __________ __________ 158 | | | | | | 159 ---->| 2.06 |---->| 2.05 / |---->| 4.xx / | 160 | Pending | | 2.03 | | 5.xx | 161 |__________| |__________| |__________| 162 ^ \ \ ^ \ ^ 163 \__/ \ \___/ / 164 \_______________________/ 166 Figure 1: Sequence of Notifications 168 Unless the server is not willing to add the client to the list of 169 observers, each 2.06 (Pending) notification MUST include an Observe 170 Option with a sequence number as specified in [RFC7641]. Otherwise, 171 the registration request falls back to a normal GET request. 173 3. Security Considerations 175 This section analyses the possible threats related to 2.06 (Pending) 176 responses. It is meant to inform protocol and application developers 177 about the security limitations of the response code as described in 178 this document. 180 A 2.06 (Pending) response is subject to the same general security 181 considerations as all CoAP responses as described in Section 11 of 182 [RFC7252]. Specifically, the security considerations for the 183 response code are closest to those of the Observe Option as stated in 184 Section 7 of [RFC7641], because the server stores additional state 185 over an extended period. 187 2.06 (Pending) responses are secured following the recommendations 188 for the existing CoAP response codes as specified in Section 9 of 189 [RFC7252]. When additional security techniques are standardized for 190 CoAP (e.g., based on object security), these are then also available 191 for securing the responses. 193 4. IANA Considerations 195 This document adds the 2.06 (Pending) response code to the "CoAP 196 Response Codes" registry. 198 +------+-------------+-----------+ 199 | Code | Description | Reference | 200 +------+-------------+-----------+ 201 | 2.06 | Pending | [RFCXXXX] | 202 +------+-------------+-----------+ 204 Table 1: New CoAP Response Codes 206 5. References 208 5.1. Normative References 210 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 211 Requirement Levels", BCP 14, RFC 2119, 212 DOI 10.17487/RFC2119, March 1997, 213 . 215 [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained 216 Application Protocol (CoAP)", RFC 7252, 217 DOI 10.17487/RFC7252, June 2014, 218 . 220 [RFC7641] Hartke, K., "Observing Resources in the Constrained 221 Application Protocol (CoAP)", RFC 7641, 222 DOI 10.17487/RFC7641, September 2015, 223 . 225 5.2. Informative References 227 [I-D.vanderstok-ace-coap-est] 228 Kumar, S. and P. Stok, "EST based on DTLS secured CoAP 229 (EST-coaps)", draft-vanderstok-ace-coap-est-00 (work in 230 progress), December 2016. 232 [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 233 Protocol (HTTP/1.1): Semantics and Content", RFC 7231, 234 DOI 10.17487/RFC7231, June 2014, 235 . 237 Authors' Addresses 239 Peter van der Stok 240 consultant 242 Phone: +31-492474673 (Netherlands), +33-966015248 (France) 243 Email: consultancy@vanderstok.org 244 URI: www.vanderstok.org 246 Klaus Hartke 247 Universitaet Bremen TZI 248 Postfach 330440 249 Bremen D-28359 250 Germany 252 Phone: +49-421-218-63905 253 Email: hartke@tzi.org