idnits 2.17.1 draft-ietf-core-resource-directory-25.txt: -(10): Line appears to be too long, but this could be caused by non-ascii characters in UTF-8 encoding Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == There are 3 instances of lines with non-ascii characters in the document. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with multicast IPv4 addresses in the document. If these are generic example addresses, they should be changed to use the 233.252.0.x range defined in RFC 5771 == There are 3 instances of lines with non-RFC3849-compliant IPv6 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 393 has weird spacing: '... target o----...' == Line 395 has weird spacing: '...--o rel o...' == Line 460 has weird spacing: '...o href o----...' == Line 464 has weird spacing: '... o ep o---...' == Line 472 has weird spacing: '... o lt o---...' == (2 more instances...) -- The document date (13 July 2020) is 1382 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC3849' is defined on line 3286, but no explicit reference was found in the text == Outdated reference: A later version (-02) exists of draft-bormann-t2trg-rel-impl-01 == Outdated reference: A later version (-46) exists of draft-ietf-ace-oauth-authz-35 == Outdated reference: A later version (-14) exists of draft-ietf-core-echo-request-tag-09 -- Obsolete informational reference (is this intentional?): RFC 7230 (Obsoleted by RFC 9110, RFC 9112) Summary: 0 errors (**), 0 flaws (~~), 14 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 CoRE Z. Shelby 3 Internet-Draft ARM 4 Intended status: Standards Track M. Koster 5 Expires: 14 January 2021 SmartThings 6 C. Bormann 7 Universitaet Bremen TZI 8 P. van der Stok 9 consultant 10 C. Amsüss, Ed. 11 13 July 2020 13 CoRE Resource Directory 14 draft-ietf-core-resource-directory-25 16 Abstract 18 In many IoT applications, direct discovery of resources is not 19 practical due to sleeping nodes, disperse networks, or networks where 20 multicast traffic is inefficient. These problems can be solved by 21 employing an entity called a Resource Directory (RD), which contains 22 information about resources held on other servers, allowing lookups 23 to be performed for those resources. The input to an RD is composed 24 of links and the output is composed of links constructed from the 25 information stored in the RD. This document specifies the web 26 interfaces that an RD supports for web servers to discover the RD and 27 to register, maintain, lookup and remove information on resources. 28 Furthermore, new target attributes useful in conjunction with an RD 29 are defined. 31 Note to Readers 33 Discussion of this document takes place on the CORE Working Group 34 mailing list (core@ietf.org), which is archived at 35 https://mailarchive.ietf.org/arch/browse/core/ 36 (https://mailarchive.ietf.org/arch/browse/core/). 38 Source for this draft and an issue tracker can be found at 39 https://github.com/core-wg/resource-directory (https://github.com/ 40 core-wg/resource-directory). 42 Status of This Memo 44 This Internet-Draft is submitted in full conformance with the 45 provisions of BCP 78 and BCP 79. 47 Internet-Drafts are working documents of the Internet Engineering 48 Task Force (IETF). Note that other groups may also distribute 49 working documents as Internet-Drafts. The list of current Internet- 50 Drafts is at https://datatracker.ietf.org/drafts/current/. 52 Internet-Drafts are draft documents valid for a maximum of six months 53 and may be updated, replaced, or obsoleted by other documents at any 54 time. It is inappropriate to use Internet-Drafts as reference 55 material or to cite them other than as "work in progress." 57 This Internet-Draft will expire on 14 January 2021. 59 Copyright Notice 61 Copyright (c) 2020 IETF Trust and the persons identified as the 62 document authors. All rights reserved. 64 This document is subject to BCP 78 and the IETF Trust's Legal 65 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 66 license-info) in effect on the date of publication of this document. 67 Please review these documents carefully, as they describe your rights 68 and restrictions with respect to this document. Code Components 69 extracted from this document must include Simplified BSD License text 70 as described in Section 4.e of the Trust Legal Provisions and are 71 provided without warranty as described in the Simplified BSD License. 73 Table of Contents 75 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 76 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 77 3. Architecture and Use Cases . . . . . . . . . . . . . . . . . 6 78 3.1. Principles . . . . . . . . . . . . . . . . . . . . . . . 7 79 3.2. Architecture . . . . . . . . . . . . . . . . . . . . . . 7 80 3.3. RD Content Model . . . . . . . . . . . . . . . . . . . . 8 81 3.4. Link-local addresses and zone identifiers . . . . . . . . 12 82 3.5. Use Case: Cellular M2M . . . . . . . . . . . . . . . . . 12 83 3.6. Use Case: Home and Building Automation . . . . . . . . . 13 84 3.7. Use Case: Link Catalogues . . . . . . . . . . . . . . . . 14 85 4. RD discovery and other interface-independent components . . . 14 86 4.1. Finding a Resource Directory . . . . . . . . . . . . . . 15 87 4.1.1. Resource Directory Address Option (RDAO) . . . . . . 17 88 4.1.2. Using DNS-SD to discover a Resource Directory . . . . 19 89 4.2. Payload Content Formats . . . . . . . . . . . . . . . . . 19 90 4.3. URI Discovery . . . . . . . . . . . . . . . . . . . . . . 19 91 5. Registration . . . . . . . . . . . . . . . . . . . . . . . . 22 92 5.1. Simple Registration . . . . . . . . . . . . . . . . . . . 26 93 5.2. Third-party registration . . . . . . . . . . . . . . . . 29 94 5.3. Operations on the Registration Resource . . . . . . . . . 29 95 5.3.1. Registration Update . . . . . . . . . . . . . . . . . 30 96 5.3.2. Registration Removal . . . . . . . . . . . . . . . . 33 97 5.3.3. Further operations . . . . . . . . . . . . . . . . . 34 98 6. RD Lookup . . . . . . . . . . . . . . . . . . . . . . . . . . 34 99 6.1. Resource lookup . . . . . . . . . . . . . . . . . . . . . 35 100 6.2. Lookup filtering . . . . . . . . . . . . . . . . . . . . 35 101 6.3. Resource lookup examples . . . . . . . . . . . . . . . . 37 102 6.4. Endpoint lookup . . . . . . . . . . . . . . . . . . . . . 40 103 7. Security policies . . . . . . . . . . . . . . . . . . . . . . 41 104 7.1. Endpoint name . . . . . . . . . . . . . . . . . . . . . . 42 105 7.1.1. Random endpoint names . . . . . . . . . . . . . . . . 42 106 7.2. Entered resources . . . . . . . . . . . . . . . . . . . . 42 107 7.3. Link confidentiality . . . . . . . . . . . . . . . . . . 43 108 7.4. Segmentation . . . . . . . . . . . . . . . . . . . . . . 43 109 8. Security Considerations . . . . . . . . . . . . . . . . . . . 44 110 8.1. Endpoint Identification and Authentication . . . . . . . 44 111 8.2. Access Control . . . . . . . . . . . . . . . . . . . . . 45 112 8.3. Denial of Service Attacks . . . . . . . . . . . . . . . . 45 113 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 46 114 9.1. Resource Types . . . . . . . . . . . . . . . . . . . . . 46 115 9.2. IPv6 ND Resource Directory Address Option . . . . . . . . 46 116 9.3. RD Parameter Registry . . . . . . . . . . . . . . . . . . 46 117 9.3.1. Full description of the "Endpoint Type" Registration 118 Parameter . . . . . . . . . . . . . . . . . . . . . . 49 119 9.4. "Endpoint Type" (et=) RD Parameter values . . . . . . . . 49 120 9.5. Multicast Address Registration . . . . . . . . . . . . . 50 121 9.6. Well-Known URIs . . . . . . . . . . . . . . . . . . . . . 50 122 9.7. Service Names and Transport Protocol Port Number 123 Registry . . . . . . . . . . . . . . . . . . . . . . . . 50 124 10. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 51 125 10.1. Lighting Installation . . . . . . . . . . . . . . . . . 51 126 10.1.1. Installation Characteristics . . . . . . . . . . . . 51 127 10.1.2. RD entries . . . . . . . . . . . . . . . . . . . . . 52 128 10.2. OMA Lightweight M2M (LWM2M) Example . . . . . . . . . . 56 129 10.2.1. The LWM2M Object Model . . . . . . . . . . . . . . . 56 130 10.2.2. LWM2M Register Endpoint . . . . . . . . . . . . . . 58 131 10.2.3. LWM2M Update Endpoint Registration . . . . . . . . . 59 132 10.2.4. LWM2M De-Register Endpoint . . . . . . . . . . . . . 60 133 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 60 134 12. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 60 135 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 71 136 13.1. Normative References . . . . . . . . . . . . . . . . . . 71 137 13.2. Informative References . . . . . . . . . . . . . . . . . 72 138 Appendix A. Groups Registration and Lookup . . . . . . . . . . . 75 139 Appendix B. Web links and the Resource Directory . . . . . . . . 76 140 B.1. A simple example . . . . . . . . . . . . . . . . . . . . 77 141 B.1.1. Resolving the URIs . . . . . . . . . . . . . . . . . 77 142 B.1.2. Interpreting attributes and relations . . . . . . . . 78 144 B.2. A slightly more complex example . . . . . . . . . . . . . 78 145 B.3. Enter the Resource Directory . . . . . . . . . . . . . . 79 146 B.4. A note on differences between link-format and Link header 147 fields . . . . . . . . . . . . . . . . . . . . . . . . . 80 148 Appendix C. Limited Link Format . . . . . . . . . . . . . . . . 81 149 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 82 151 1. Introduction 153 In the work on Constrained RESTful Environments (CoRE), a REST 154 architecture suitable for constrained nodes (e.g. with limited RAM 155 and ROM [RFC7228]) and networks (e.g. 6LoWPAN [RFC4944]) has been 156 established and is used in Internet-of-Things (IoT) or machine-to- 157 machine (M2M) applications such as smart energy and building 158 automation. 160 The discovery of resources offered by a constrained server is very 161 important in machine-to-machine applications where there are no 162 humans in the loop and static interfaces result in fragility. The 163 discovery of resources provided by an HTTP Web Server is typically 164 called Web Linking [RFC8288]. The use of Web Linking for the 165 description and discovery of resources hosted by constrained web 166 servers is specified by the CoRE Link Format [RFC6690]. However, 167 [RFC6690] only describes how to discover resources from the web 168 server that hosts them by querying "/.well-known/core". In many 169 constrained scenarios, direct discovery of resources is not practical 170 due to sleeping nodes, disperse networks, or networks where multicast 171 traffic is inefficient. These problems can be solved by employing an 172 entity called a Resource Directory (RD), which contains information 173 about resources held on other servers, allowing lookups to be 174 performed for those resources. 176 This document specifies the web interfaces that an RD supports for 177 web servers to discover the RD and to register, maintain, lookup and 178 remove information on resources. Furthermore, new target attributes 179 useful in conjunction with an RD are defined. Although the examples 180 in this document show the use of these interfaces with CoAP 181 [RFC7252], they can be applied in an equivalent manner to HTTP 182 [RFC7230]. 184 2. Terminology 186 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 187 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 188 "OPTIONAL" in this document are to be interpreted as described in BCP 189 14 [RFC2119] [RFC8174] when, and only when, they appear in all 190 capitals, as shown here. 192 The term "byte" is used in its now customary sense as a synonym for 193 "octet". 195 This specification requires readers to be familiar with all the terms 196 and concepts that are discussed in [RFC3986], [RFC8288] and 197 [RFC6690]. Readers should also be familiar with the terms and 198 concepts discussed in [RFC7252]. To describe the REST interfaces 199 defined in this specification, the URI Template format is used 200 [RFC6570]. 202 This specification makes use of the following additional terminology: 204 resolve against 205 The expression "a URI-reference is _resolved against_ a base URI" 206 is used to describe the process of [RFC3986] Section 5.2. 207 Noteworthy corner cases are that if the URI-reference is a (full) 208 URI and resolved against any base URI, that gives the original 209 full URI, and that resolving an empty URI reference gives the base 210 URI without any fragment identifier. 212 Resource Directory (RD) 213 A web entity that stores information about web resources and 214 implements the REST interfaces defined in this specification for 215 discovery, for the creation, the maintenance and the removal of 216 registrations, and for lookup of the registered resources. 218 Sector 219 In the context of an RD, a sector is a logical grouping of 220 endpoints. 222 The abbreviation "d=" is used for the sector in query parameters 223 for compatibility with deployed implementations. 225 Endpoint 226 Endpoint (EP) is a term used to describe a web server or client in 227 [RFC7252]. In the context of this specification an endpoint is 228 used to describe a web server that registers resources to the RD. 229 An endpoint is identified by its endpoint name, which is included 230 during registration, and has a unique name within the associated 231 sector of the registration. 233 Registration Base URI 234 The Base URI of a Registration is a URI that typically gives 235 scheme and authority information about an Endpoint. The 236 Registration Base URI is provided at registration time, and is 237 used by the RD to resolve relative references of the registration 238 into URIs. 240 Target 241 The target of a link is the destination address (URI) of the link. 242 It is sometimes identified with "href=", or displayed as 243 "". Relative targets need resolving with respect to the 244 Base URI (section 5.2 of [RFC3986]). 246 This use of the term Target is consistent with [RFC8288]'s use of 247 the term. 249 Context 250 The context of a link is the source address (URI) of the link, and 251 describes which resource is linked to the target. A link's 252 context is made explicit in serialized links as the "anchor=" 253 attribute. 255 This use of the term Context is consistent with [RFC8288]'s use of 256 the term. 258 Directory Resource 259 A resource in the RD containing registration resources. 261 Registration Resource 262 A resource in the RD that contains information about an Endpoint 263 and its links. 265 Commissioning Tool 266 Commissioning Tool (CT) is a device that assists during the 267 installation of the network by assigning values to parameters, 268 naming endpoints and groups, or adapting the installation to the 269 needs of the applications. 271 Registrant-ep 272 Registrant-ep is the endpoint that is registered into the RD. The 273 registrant-ep can register itself, or a CT registers the 274 registrant-ep. 276 RDAO 277 Resource Directory Address Option. A new IPv6 Neighbor Discovery 278 option defined for announcing an RD's address. 280 3. Architecture and Use Cases 281 3.1. Principles 283 The RD is primarily a tool to make discovery operations more 284 efficient than querying /.well-known/core on all connected devices, 285 or across boundaries that would be limiting those operations. 287 It provides information about resources hosted by other devices that 288 could otherwise only be obtained by directly querying the /.well- 289 known/core resource on these other devices, either by a unicast 290 request or a multicast request. 292 Information SHOULD only be stored in the RD if it can be obtained by 293 querying the described device's /.well-known/core resource directly. 295 Data in the RD can only be provided by the device which hosts those 296 data or a dedicated Commissioning Tool (CT). These CTs are thought 297 to act on behalf of endpoints too constrained, or generally unable, 298 to present that information themselves. No other client can modify 299 data in the RD. Changes to the information in the RD do not 300 propagate automatically back to the web servers from where the 301 information originated. 303 3.2. Architecture 305 The RD architecture is illustrated in Figure 1. An RD is used as a 306 repository of registrations describing resources hosted on other web 307 servers, also called endpoints (EP). An endpoint is a web server 308 associated with a scheme, IP address and port. A physical node may 309 host one or more endpoints. The RD implements a set of REST 310 interfaces for endpoints to register and maintain RD registrations, 311 and for endpoints to lookup resources from the RD. An RD can be 312 logically segmented by the use of Sectors. 314 A mechanism to discover an RD using CoRE Link Format [RFC6690] is 315 defined. 317 Registrations in the RD are soft state and need to be periodically 318 refreshed. 320 An endpoint uses specific interfaces to register, update and remove a 321 registration. It is also possible for an RD to fetch Web Links from 322 endpoints and add their contents to its registrations. 324 At the first registration of an endpoint, a "registration resource" 325 is created, the location of which is returned to the registering 326 endpoint. The registering endpoint uses this registration resource 327 to manage the contents of registrations. 329 A lookup interface for discovering any of the Web Links stored in the 330 RD is provided using the CoRE Link Format. 332 Registration Lookup 333 Interface Interface 334 +----+ | | 335 | EP |---- | | 336 +----+ ---- | | 337 --|- +------+ | 338 +----+ | ----| | | +--------+ 339 | EP | ---------|-----| RD |----|-----| Client | 340 +----+ | ----| | | +--------+ 341 --|- +------+ | 342 +----+ ---- | | 343 | CT |---- | | 344 +----+ 346 Figure 1: The RD architecture. 348 A Registrant-EP MAY keep concurrent registrations to more than one RD 349 at the same time if explicitly configured to do so, but that is not 350 expected to be supported by typical EP implementations. Any such 351 registrations are independent of each other. The usual expectation 352 when multiple discovery mechanisms or addresses are configured is 353 that they constitute a fall-back path for a single registration. 355 3.3. RD Content Model 357 The Entity-Relationship (ER) models shown in Figure 2 and Figure 3 358 model the contents of /.well-known/core and the RD respectively, with 359 entity-relationship diagrams [ER]. Entities (rectangles) are used 360 for concepts that exist independently. Attributes (ovals) are used 361 for concepts that exist only in connection with a related entity. 362 Relations (diamonds) give a semantic meaning to the relation between 363 entities. Numbers specify the cardinality of the relations. 365 Some of the attribute values are URIs. Those values are always full 366 URIs and never relative references in the information model. They 367 can, however, be expressed as relative references in serializations, 368 and often are. 370 These models provide an abstract view of the information expressed in 371 link-format documents and an RD. They cover the concepts, but not 372 necessarily all details of an RD's operation; they are meant to give 373 an overview, and not be a template for implementations. 375 +----------------------+ 376 | /.well-known/core | 377 +----------------------+ 378 | 379 | 1 380 ////////\\\\\\\ 381 < contains > 382 \\\\\\\\/////// 383 | 384 | 0+ 385 +--------------------+ 386 | link | 387 +--------------------+ 388 | 389 | 1 oooooooo 390 +-----o target o 391 | oooooooo 392 oooooooooooo 0+ | 393 o target o--------+ 394 o attribute o | 0+ oooooo 395 oooooooooooo +-----o rel o 396 | oooooo 397 | 398 | 1 ooooooooo 399 +-----o context o 400 ooooooooo 402 Figure 2: ER Model of the content of /.well-known/core 404 The model shown in Figure 2 models the contents of /.well-known/core 405 which contains: 407 * a set of links belonging to the hosting web server 409 The web server is free to choose links it deems appropriate to be 410 exposed in its ".well-known/core". Typically, the links describe 411 resources that are served by the host, but the set can also contain 412 links to resources on other servers (see examples in [RFC6690] page 413 14). The set does not necessarily contain links to all resources 414 served by the host. 416 A link has the following attributes (see [RFC8288]): 418 * Zero or more link relations: They describe relations between the 419 link context and the link target. 421 In link-format serialization, they are expressed as space- 422 separated values in the "rel" attribute, and default to "hosts". 424 * A link context URI: It defines the source of the relation, e.g. 425 _who_ "hosts" something. 427 In link-format serialization, it is expressed in the "anchor" 428 attribute. It defaults to that document's URI. 430 * A link target URI: It defines the destination of the relation 431 (e.g. _what_ is hosted), and is the topic of all target 432 attributes. 434 In link-format serialization, it is expressed between angular 435 brackets, and sometimes called the "href". 437 * Other target attributes (e.g. resource type (rt), interface (if), 438 or content format (ct)). These provide additional information 439 about the target URI. 441 +--------------+ 442 + RD + 443 +--------------+ 444 | 1 445 | 446 | 447 | 448 | 449 //////\\\\ 450 < contains > 451 \\\\\///// 452 | 453 0+ | 454 ooooooo 1 +---------------+ 455 o base o-------| registration | 456 ooooooo +---------------+ 457 | | 1 458 | +--------------+ 459 oooooooo 1 | | 460 o href o----+ /////\\\\ 461 oooooooo | < contains > 462 | \\\\\///// 463 oooooooo 1 | | 464 o ep o----+ | 0+ 465 oooooooo | +------------------+ 466 | | link | 467 oooooooo 0-1 | +------------------+ 468 o d o----+ | 469 oooooooo | | 1 oooooooo 470 | +-----o target o 471 oooooooo 1 | | oooooooo 472 o lt o----+ ooooooooooo 0+ | 473 oooooooo | o target o-----+ 474 | o attribute o | 0+ oooooo 475 ooooooooooo 0+ | ooooooooooo +-----o rel o 476 o endpoint o----+ | oooooo 477 o attribute o | 478 ooooooooooo | 1 ooooooooo 479 +----o context o 480 ooooooooo 482 Figure 3: ER Model of the content of the RD 484 The model shown in Figure 3 models the contents of the RD which 485 contains in addition to /.well-known/core: 487 * 0 to n Registrations of endpoints, 488 A registration is associated with one endpoint. A registration 489 defines a set of links as defined for /.well-known/core. A 490 Registration has six types of attributes: 492 * an endpoint name ("ep", a Unicode string) unique within a sector 494 * a Registration Base URI ("base", a URI typically describing the 495 scheme://authority part) 497 * a lifetime ("lt"), 499 * a registration resource location inside the RD ("href"), 501 * optionally a sector ("d", a Unicode string) 503 * optional additional endpoint attributes (from Section 9.3) 505 The cardinality of "base" is currently 1; future documents are 506 invited to extend the RD specification to support multiple values 507 (e.g. [I-D.silverajan-core-coap-protocol-negotiation]). Its value 508 is used as a Base URI when resolving URIs in the links contained in 509 the endpoint. 511 Links are modelled as they are in Figure 2. 513 3.4. Link-local addresses and zone identifiers 515 Registration Base URIs can contain link-local IP addresses. To be 516 usable across hosts, those can not be serialized to contain zone 517 identifiers (see [RFC6874] Section 1). 519 Link-local addresses can only be used on a single link (therefore RD 520 servers can not announce them when queried on a different link), and 521 lookup clients using them need to keep track of which interface they 522 got them from. 524 Therefore, it is advisable in many scenarios to use addresses with 525 larger scope if available. 527 3.5. Use Case: Cellular M2M 529 Over the last few years, mobile operators around the world have 530 focused on development of M2M solutions in order to expand the 531 business to the new type of users: machines. The machines are 532 connected directly to a mobile network using an appropriate embedded 533 wireless interface (GSM/GPRS, WCDMA, LTE) or via a gateway providing 534 short and wide range wireless interfaces. From the system design 535 point of view, the ambition is to design horizontal solutions that 536 can enable utilization of machines in different applications 537 depending on their current availability and capabilities as well as 538 application requirements, thus avoiding silo like solutions. One of 539 the crucial enablers of such design is the ability to discover 540 resources (and thus the endpoints they are hosted on) capable of 541 providing required information at a given time or acting on 542 instructions from the end users. 544 Imagine a scenario where endpoints installed on vehicles enable 545 tracking of the position of these vehicles for fleet management 546 purposes and allow monitoring of environment parameters. During the 547 boot-up process endpoints register with an RD, which is hosted by the 548 mobile operator or somewhere in the cloud. Periodically, these 549 endpoints update their registration and may modify resources they 550 offer. 552 When endpoints are not always connected, for example because they 553 enter a sleep mode, a remote server is usually used to provide proxy 554 access to the endpoints. Mobile apps or web applications for 555 environment monitoring contact the RD, look up the endpoints capable 556 of providing information about the environment using an appropriate 557 set of link parameters, obtain information on how to contact them 558 (URLs of the proxy server), and then initiate interaction to obtain 559 information that is finally processed, displayed on the screen and 560 usually stored in a database. Similarly, fleet management systems 561 provide the appropriate link parameters to the RD to look up for EPs 562 deployed on the vehicles the application is responsible for. 564 3.6. Use Case: Home and Building Automation 566 Home and commercial building automation systems can benefit from the 567 use of M2M web services. The discovery requirements of these 568 applications are demanding. Home automation usually relies on run- 569 time discovery to commission the system, whereas in building 570 automation a combination of professional commissioning and run-time 571 discovery is used. Both home and building automation involve peer- 572 to-peer interactions between endpoints, and involve battery-powered 573 sleeping devices. 575 Two phases can be discerned for a network servicing the system: (1) 576 installation and (2) operation. During the operational phase, the 577 network is connected to the Internet with a Border router (6LBR) and 578 the nodes connected to the network can use the Internet services that 579 are provided by the Internet Provider or the network administrator. 580 During the installation phase, the network is completely stand-alone, 581 no 6LBR is connected, and the network only supports the IP 582 communication between the connected nodes. The installation phase is 583 usually followed by the operational phase. 585 3.7. Use Case: Link Catalogues 587 Resources may be shared through data brokers that have no knowledge 588 beforehand of who is going to consume the data. An RD can be used to 589 hold links about resources and services hosted anywhere to make them 590 discoverable by a general class of applications. 592 For example, environmental and weather sensors that generate data for 593 public consumption may provide data to an intermediary server, or 594 broker. Sensor data are published to the intermediary upon changes 595 or at regular intervals. Descriptions of the sensors that resolve to 596 links to sensor data may be published to an RD. Applications wishing 597 to consume the data can use RD Lookup to discover and resolve links 598 to the desired resources and endpoints. The RD service need not be 599 coupled with the data intermediary service. Mapping of RDs to data 600 intermediaries may be many-to-many. 602 Metadata in web link formats like [RFC6690] which may be internally 603 stored as triples, or relation/attribute pairs providing metadata 604 about resource links, need to be supported by RDs. External 605 catalogues that are represented in other formats may be converted to 606 common web linking formats for storage and access by RDs. Since it 607 is common practice for these to be encoded in URNs [RFC8141], simple 608 and lossless structural transforms should generally be sufficient to 609 store external metadata in RDs. 611 The additional features of an RD allow sectors to be defined to 612 enable access to a particular set of resources from particular 613 applications. This provides isolation and protection of sensitive 614 data when needed. Application groups with multicast addresses may be 615 defined to support efficient data transport. 617 4. RD discovery and other interface-independent components 619 This and the following sections define the required set of REST 620 interfaces between an RD, endpoints and lookup clients. Although the 621 examples throughout these sections assume the use of CoAP [RFC7252], 622 these REST interfaces can also be realized using HTTP [RFC7230]. 623 Only multicast discovery operations are not possible on HTTP, and 624 Simple Registration can not be executed as base attribute (which is 625 mandatory for HTTP) can not be used there. In all definitions in 626 these sections, both CoAP response codes (with dot notation) and HTTP 627 response codes (without dot notation) are shown. An RD implementing 628 this specification MUST support the discovery, registration, update, 629 lookup, and removal interfaces. 631 All operations on the contents of the RD MUST be atomic and 632 idempotent. 634 For several operations, interface templates are given in list form; 635 those describe the operation participants, request codes, URIs, 636 content formats and outcomes. Sections of those templates contain 637 normative content about Interaction, Method, URI Template and URI 638 Template Variables as well as the details of the Success condition. 639 The additional sections on options like Content-Format and on Failure 640 codes give typical cases that an implementation of the RD should deal 641 with. Those serve to illustrate the typical responses to readers who 642 are not yet familiar with all the details of CoAP based interfaces; 643 they do not limit what a server may respond under atypical 644 circumstances. 646 REST clients (registrant-EPs and CTs during registration and 647 maintenance, lookup clients, RD servers during simple registrations) 648 MUST be prepared to receive any unsuccessful code and act upon it 649 according to its definition, options and/or payload to the best of 650 their capabilities, falling back to failing the operation if recovery 651 is not possible. In particular, they should retry the request upon 652 5.03 (Service Unavailable; 503 in HTTP) according to the Max-Age 653 (Retry-After in HTTP) option, and fall back to link-format when 654 receiving 4.15 (Unsupported Content-Format; 415 in HTTP). 656 An RD MAY make the information submitted to it available to further 657 directories, if it can ensure that a loop does not form. The 658 protocol used between directories to ensure loop-free operation is 659 outside the scope of this document. 661 4.1. Finding a Resource Directory 663 A (re-)starting device may want to find one or more RDs for discovery 664 purposes. Dependent on the operational conditions, one or more of 665 the techniques below apply. 667 The device may be pre-configured to exercise specific mechanisms for 668 finding the RD: 670 1. It may be configured with a specific IP address for the RD. That 671 IP address may also be an anycast address, allowing the network 672 to forward RD requests to an RD that is topologically close; each 673 target network environment in which some of these preconfigured 674 nodes are to be brought up is then configured with a route for 675 this anycast address that leads to an appropriate RD. (Instead 676 of using an anycast address, a multicast address can also be 677 preconfigured. The RD servers then need to configure one of 678 their interfaces with this multicast address.) 680 2. It may be configured with a DNS name for the RD and use DNS to 681 return the IP address of the RD; it can find a DNS server to 682 perform the lookup using the usual mechanisms for finding DNS 683 servers. 685 3. It may be configured to use a service discovery mechanism such as 686 DNS-SD, as outlined in Section 4.1.2. 688 For cases where the device is not specifically configured with a way 689 to find an RD, the network may want to provide a suitable default. 691 1. If the address configuration of the network is performed via 692 SLAAC, this is provided by the RDAO option Section 4.1.1. 694 2. If the address configuration of the network is performed via 695 DHCP, this could be provided via a DHCP option (no such option is 696 defined at the time of writing). 698 Finally, if neither the device nor the network offers any specific 699 configuration, the device may want to employ heuristics to find a 700 suitable RD. 702 The present specification does not fully define these heuristics, but 703 suggests a number of candidates: 705 1. In a 6LoWPAN, just assume the Border Router (6LBR) can act as an 706 RD (using the ABRO option to find that [RFC6775]). Confirmation 707 can be obtained by sending a Unicast to "coap://[6LBR]/.well- 708 known/core?rt=core.rd*". 710 2. In a network that supports multicast well, discovering the RD 711 using a multicast query for /.well-known/core as specified in 712 CoRE Link Format [RFC6690]: Sending a Multicast GET to 713 "coap://[MCD1]/.well-known/core?rt=core.rd*". RDs within the 714 multicast scope will answer the query. 716 When answering a multicast request directed at a link-local address, 717 the RD may want to respond from a routable address; this makes it 718 easier for registrants to use one of their own routable addresses for 719 registration. 721 As some of the RD addresses obtained by the methods listed here are 722 just (more or less educated) guesses, endpoints MUST make use of any 723 error messages to very strictly rate-limit requests to candidate IP 724 addresses that don't work out. For example, an ICMP Destination 725 Unreachable message (and, in particular, the port unreachable code 726 for this message) may indicate the lack of a CoAP server on the 727 candidate host, or a CoAP error response code such as 4.05 "Method 728 Not Allowed" may indicate unwillingness of a CoAP server to act as a 729 directory server. 731 The following RD discovery mechanisms are recommended: 733 * In managed networks with border routers that need stand-alone 734 operation, the RDAO option is recommended (e.g. operational phase 735 described in Section 3.6). 737 * In managed networks without border router (no Internet services 738 available), the use of a preconfigured anycast address is 739 recommended (e.g. installation phase described in Section 3.6). 741 * In networks managed using DNS-SD, the use of DNS-SD for discovery 742 as described in Section 4.1.2 is recommended. 744 The use of multicast discovery in mesh networks is NOT recommended. 746 4.1.1. Resource Directory Address Option (RDAO) 748 The Resource Directory Address Option (RDAO) using IPv6 Neighbor 749 Discovery (ND) carries information about the address of the RD. This 750 information is needed when endpoints cannot discover the RD with a 751 link-local or realm-local scope multicast address, for instance 752 because the endpoint and the RD are separated by a Border Router 753 (6LBR). In many circumstances the availability of DHCP cannot be 754 guaranteed either during commissioning of the network. The presence 755 and the use of the RD is essential during commissioning. 757 It is possible to send multiple RDAO options in one message, 758 indicating as many RD addresses. 760 The RDAO format is: 762 0 1 2 3 763 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 764 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 765 | Type | Length = 3 | Valid Lifetime | 766 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 767 | Reserved | 768 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 769 | | 770 + + 771 | | 772 + RD Address + 773 | | 774 + + 775 | | 776 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 778 Fields: 780 Type: TBD38 782 Length: 8-bit unsigned integer. The length of 783 the option in units of 8 bytes. 784 Always 3. 786 Valid Lifetime: 16-bit unsigned integer. The length of 787 time in units of 60 seconds (relative to 788 the time the packet is received) that 789 this RD address is valid. 790 A value of all zero bits (0x0) indicates 791 that this RD address 792 is not valid anymore. 794 Reserved: This field is unused. It MUST be 795 initialized to zero by the sender and 796 MUST be ignored by the receiver. 798 RD Address: IPv6 address of the RD. 800 Figure 4: Resource Directory Address Option 802 4.1.2. Using DNS-SD to discover a Resource Directory 804 An RD can advertise its presence in DNS-SD [RFC6763] using the 805 service name "_core-rd._udp" (for CoAP), "_core-rd-dtls._udp" (for 806 CoAP over DTLS), "_core-rd._tcp" (for CoAP over TCP) or "_core-rd- 807 tls._tcp" (for CoAP over TLS) defined in this document. (For the 808 WebSocket transports of CoAP, no service is defined as DNS-SD is 809 typically unavailable in environments where CoAP over WebSockets is 810 used). 812 The selection of the service indicates the protocol used, and the SRV 813 record points the client to a host name and port to use as a starting 814 point for the URI discovery steps of Section 4.3. 816 This section is a simplified concrete application of the more generic 817 mechanism specified in [I-D.ietf-core-rd-dns-sd]. 819 4.2. Payload Content Formats 821 RDs implementing this specification MUST support the application/ 822 link-format content format (ct=40). 824 RDs implementing this specification MAY support additional content 825 formats. 827 Any additional content format supported by an RD implementing this 828 specification SHOULD be able to express all the information 829 expressible in link-format. It MAY be able to express information 830 that is inexpressible in link-format, but those expressions SHOULD be 831 avoided where possible. 833 4.3. URI Discovery 835 Before an endpoint can make use of an RD, it must first know the RD's 836 address and port, and the URI path information for its REST APIs. 837 This section defines discovery of the RD and its URIs using the well- 838 known interface of the CoRE Link Format [RFC6690] after having 839 discovered a host as described in Section 4.1. 841 Discovery of the RD registration URI path is performed by sending 842 either a multicast or unicast GET request to "/.well-known/core" and 843 including a Resource Type (rt) parameter [RFC6690] with the value 844 "core.rd" in the query string. Likewise, a Resource Type parameter 845 value of "core.rd-lookup*" is used to discover the URIs for RD Lookup 846 operations, core.rd* is used to discover all URI paths for RD 847 operations. Upon success, the response will contain a payload with a 848 link format entry for each RD function discovered, indicating the URI 849 of the RD function returned and the corresponding Resource Type. 851 When performing multicast discovery, the multicast IP address used 852 will depend on the scope required and the multicast capabilities of 853 the network (see Section 9.5). 855 An RD MAY provide hints about the content-formats it supports in the 856 links it exposes or registers, using the "ct" target attribute, as 857 shown in the example below. Clients MAY use these hints to select 858 alternate content-formats for interaction with the RD. 860 HTTP does not support multicast and consequently only unicast 861 discovery can be supported at the using the HTTP "/.well-known/core" 862 resource. 864 RDs implementing this specification MUST support query filtering for 865 the rt parameter as defined in [RFC6690]. 867 While the link targets in this discovery step are often expressed in 868 path-absolute form, this is not a requirement. Clients of the RD 869 SHOULD therefore accept URIs of all schemes they support, both as 870 URIs and relative references, and not limit the set of discovered 871 URIs to those hosted at the address used for URI discovery. 873 The URI Discovery operation can yield multiple URIs of a given 874 resource type. The client of the RD can use any of the discovered 875 addresses initially. 877 The discovery request interface is specified as follows (this is 878 exactly the Well-Known Interface of [RFC6690] Section 4, with the 879 additional requirement that the server MUST support query filtering): 881 Interaction: EP and Client -> RD 883 Method: GET 885 URI Template: /.well-known/core{?rt} 887 URI Template Variables: rt := Resource Type. SHOULD contain one of 888 the values "core.rd", "core.rd-lookup*", "core.rd-lookup-res", 889 "core.rd-lookup-ep", or "core.rd*" 891 Accept: absent, application/link-format or any other media type 892 representing web links 894 The following response is expected on this interface: 896 Success: 2.05 "Content" or 200 "OK" with an application/link-format 897 or other web link payload containing one or more matching entries 898 for the RD resource. 900 The following example shows an endpoint discovering an RD using this 901 interface, thus learning that the directory resource location, in 902 this example, is /rd, and that the content-format delivered by the 903 server hosting the resource is application/link-format (ct=40). Note 904 that it is up to the RD to choose its RD locations. 906 Req: GET coap://[MCD1]/.well-known/core?rt=core.rd* 908 Res: 2.05 Content 909 ;rt="core.rd";ct=40, 910 ;rt="core.rd-lookup-ep";ct=40, 911 ;rt="core.rd-lookup-res";ct=40 913 Figure 5: Example discovery exchange 915 The following example shows the way of indicating that a client may 916 request alternate content-formats. The Content-Format code attribute 917 "ct" MAY include a space-separated sequence of Content-Format codes 918 as specified in Section 7.2.1 of [RFC7252], indicating that multiple 919 content-formats are available. The example below shows the required 920 Content-Format 40 (application/link-format) indicated as well as a 921 CBOR and JSON representation from [I-D.ietf-core-links-json] (which 922 have no numeric values assigned yet, so they are shown as TBD64 and 923 TBD504 as in that draft). The RD resource locations /rd, and /rd- 924 lookup are example values. The server in this example also indicates 925 that it is capable of providing observation on resource lookups. 927 Req: GET coap://[MCD1]/.well-known/core?rt=core.rd* 929 Res: 2.05 Content 930 ;rt="core.rd";ct="40 65225", 931 ;rt="core.rd-lookup-res";ct="40 TBD64 TBD504";obs, 932 ;rt="core.rd-lookup-ep";ct="40 TBD64 TBD504" 934 Figure 6: Example discovery exchange indicating additional 935 content-formats 937 From a management and maintenance perspective, it is necessary to 938 identify the components that constitute the RD server. The 939 identification refers to information about for example client-server 940 incompatibilities, supported features, required updates and other 941 aspects. The URI discovery address, a described in section 4 of 942 [RFC6690] can be used to find the identification. 944 It would typically be stored in an implementation information link 945 (as described in [I-D.bormann-t2trg-rel-impl]): 947 Req: GET /.well-known/core?rel=impl-info 949 Res: 2.05 Content 950 ; 951 rel="impl-info" 953 Figure 7: Example exchange of obtaining implementation information 955 Note that depending on the particular server's architecture, such a 956 link could be anchored at the RD server's root, at the discovery site 957 (as in this example) or at individual RD components. The latter is 958 to be expected when different applications are run on the same 959 server. 961 5. Registration 963 After discovering the location of an RD, a registrant-ep or CT MAY 964 register the resources of the registrant-ep using the registration 965 interface. This interface accepts a POST from an endpoint containing 966 the list of resources to be added to the directory as the message 967 payload in the CoRE Link Format [RFC6690] or other representations of 968 web links, along with query parameters indicating the name of the 969 endpoint, and optionally the sector, lifetime and base URI of the 970 registration. It is expected that other specifications will define 971 further parameters (see Section 9.3). The RD then creates a new 972 registration resource in the RD and returns its location. The 973 receiving endpoint MUST use that location when refreshing 974 registrations using this interface. Registration resources in the RD 975 are kept active for the period indicated by the lifetime parameter. 976 The creating endpoint is responsible for refreshing the registration 977 resource within this period using either the registration or update 978 interface. The registration interface MUST be implemented to be 979 idempotent, so that registering twice with the same endpoint 980 parameters ep and d (sector) does not create multiple registration 981 resources. 983 The following rules apply for a registration request targeting a 984 given (ep, d) value pair: 986 * When the (ep, d) value pair of the registration-request is 987 different from any existing registration, a new registration is 988 generated. 990 * When the (ep, d) value pair of the registration-request is equal 991 to an existing registration, the content and parameters of the 992 existing registration are replaced with the content of the 993 registration request. 995 The posted link-format document can (and typically does) contain 996 relative references both in its link targets and in its anchors, or 997 contain empty anchors. The RD server needs to resolve these 998 references in order to faithfully represent them in lookups. They 999 are resolved against the base URI of the registration, which is 1000 provided either explicitly in the "base" parameter or constructed 1001 implicitly from the requester's URI as constructed from its network 1002 address and scheme. 1004 For media types to which Appendix C applies (i.e. documents in 1005 application/link-format), the RD only needs to accept representations 1006 in Limited Link Format as described there. Its behavior with 1007 representations outside that subset is implementation defined. 1009 The registration request interface is specified as follows: 1011 Interaction: EP -> RD 1013 Method: POST 1015 URI Template: {+rd}{?ep,d,lt,base,extra-attrs*} 1017 URI Template Variables: rd := RD registration URI (mandatory). 1018 This is the location of the RD, as obtained from discovery. 1020 ep := Endpoint name (mostly mandatory). 1021 The endpoint name is an identifier that MUST be unique within a 1022 sector. As the endpoint name is a Unicode string, it is 1023 encoded in UTF-8 (and possibly pct-encoded) during variable 1024 expansion (see [RFC6570] Section 3.2.1). The endpoint name 1025 MUST NOT contain any character in the inclusive ranges 0-31 or 1026 127-159. The maximum length of this parameter is 63 UTF-8 1027 encoded bytes. If the RD is configured to recognize the 1028 endpoint (e.g. based on its security context), the RD assigns 1029 an endpoint name based on a set of configuration parameter 1030 values. 1032 d := Sector (optional). The sector to 1033 which this endpoint belongs. When this parameter is not 1034 present, the RD MAY associate the endpoint with a configured 1035 default sector or leave it empty. The sector is encoded like 1036 the ep parameter, and is limited to 63 UTF-8 encoded bytes as 1037 well. The endpoint name and sector name are not set when one 1038 or both are set in an accompanying authorization token. 1040 lt := Lifetime (optional). Lifetime of the 1042 registration in seconds. Range of 1-4294967295. If no 1043 lifetime is included in the initial registration, a default 1044 value of 90000 (25 hours) SHOULD be assumed. 1046 base := Base URI (optional). This 1047 parameter sets the base URI of the registration, under which 1048 the relative links in the payload are to be interpreted. The 1049 specified URI typically does not have a path component of its 1050 own, and MUST be suitable as a base URI to resolve any relative 1051 references given in the registration. The parameter is 1052 therefore usually of the shape "scheme://authority" for HTTP 1053 and CoAP URIs. The URI SHOULD NOT have a query or fragment 1054 component as any non-empty relative part in a reference would 1055 remove those parts from the resulting URI. 1057 In the absence of this parameter the scheme of the protocol, 1058 source address and source port of the registration request are 1059 assumed. The Base URI is consecutively constructed by 1060 concatenating the used protocol's scheme with the characters 1061 "://", the requester's source address as an address literal and 1062 ":" followed by its port (if it was not the protocol's default 1063 one) in analogy to [RFC7252] Section 6.5. 1065 This parameter is mandatory when the directory is filled by a 1066 third party such as an commissioning tool. 1068 If the registrant-ep uses an ephemeral port to register with, 1069 it MUST include the base parameter in the registration to 1070 provide a valid network path. 1072 A registrant that can not be reached by potential lookup 1073 clients at the address it registers from (e.g. because it is 1074 behind some form of Network Address Translation (NAT)) MUST 1075 provide a reachable base address with its registration. 1077 If the Base URI contains a link-local IP literal, it MUST NOT 1078 contain a Zone Identifier, and MUST be local to the link on 1079 which the registration request is received. 1081 Endpoints that register with a base that contains a path 1082 component can not meaningfully use [RFC6690] Link Format due to 1083 its prevalence of the Origin concept in relative reference 1084 resolution. Those applications should use different 1085 representations of links to which Appendix C is not applicable 1086 (e.g. [I-D.hartke-t2trg-coral]). 1088 extra-attrs := Additional registration 1090 attributes (optional). The endpoint can pass any parameter 1091 registered at Section 9.3 to the directory. If the RD is aware 1092 of the parameter's specified semantics, it processes it 1093 accordingly. Otherwise, it MUST store the unknown key and its 1094 value(s) as an endpoint attribute for further lookup. 1096 Content-Format: application/link-format or any other indicated media 1097 type representing web links 1099 The following response is expected on this interface: 1101 Success: 2.01 "Created" or 201 "Created". The Location-Path option 1102 or Location header field MUST be included in the response. This 1103 location MUST be a stable identifier generated by the RD as it is 1104 used for all subsequent operations on this registration resource. 1105 The registration resource location thus returned is for the 1106 purpose of updating the lifetime of the registration and for 1107 maintaining the content of the registered links, including 1108 updating and deleting links. 1110 A registration with an already registered ep and d value pair 1111 responds with the same success code and location as the original 1112 registration; the set of links registered with the endpoint is 1113 replaced with the links from the payload. 1115 The location MUST NOT have a query or fragment component, as that 1116 could conflict with query parameters during the Registration 1117 Update operation. Therefore, the Location-Query option MUST NOT 1118 be present in a successful response. 1120 If the registration fails, including request timeouts, or if delays 1121 from Service Unavailable responses with Max-Age or Retry-After 1122 accumulate to exceed the registrant's configured timeouts, it SHOULD 1123 pick another registration URI from the "URI Discovery" step and if 1124 there is only one or the list is exhausted, pick other choices from 1125 the "Finding a Resource Directory" step. Care has to be taken to 1126 consider the freshness of results obtained earlier, e.g. of the 1127 result of a "/.well-known/core" response, the lifetime of an RDAO 1128 option and of DNS responses. Any rate limits and persistent errors 1129 from the "Finding a Resource Directory" step must be considered for 1130 the whole registration time, not only for a single operation. 1132 The following example shows a registrant-ep with the name "node1" 1133 registering two resources to an RD using this interface. The 1134 location "/rd" is an example RD location discovered in a request 1135 similar to Figure 5. 1137 Req: POST coap://rd.example.com/rd?ep=node1 1138 Content-Format: 40 1139 Payload: 1140 ;ct=41;rt="temperature-c";if="sensor", 1141 ; 1142 anchor="/sensors/temp";rel="describedby" 1144 Res: 2.01 Created 1145 Location-Path: /rd/4521 1147 Figure 8: Example registration payload 1149 An RD may optionally support HTTP. Here is an example of almost the 1150 same registration operation above, when done using HTTP. 1152 Req: 1153 POST /rd?ep=node1&base=http://[2001:db8:1::1] HTTP/1.1 1154 Host: example.com 1155 Content-Type: application/link-format 1157 ;ct=41;rt="temperature-c";if="sensor", 1158 ; 1159 anchor="/sensors/temp";rel="describedby" 1161 Res: 1162 HTTP/1.1 201 Created 1163 Location: /rd/4521 1165 Figure 9: Example registration payload as expressed using HTTP 1167 5.1. Simple Registration 1169 Not all endpoints hosting resources are expected to know how to 1170 upload links to an RD as described in Section 5. Instead, simple 1171 endpoints can implement the Simple Registration approach described in 1172 this section. An RD implementing this specification MUST implement 1173 Simple Registration. However, there may be security reasons why this 1174 form of directory discovery would be disabled. 1176 This approach requires that the registrant-ep makes available the 1177 hosted resources that it wants to be discovered, as links on its 1178 "/.well-known/core" interface as specified in [RFC6690]. The links 1179 in that document are subject to the same limitations as the payload 1180 of a registration (with respect to Appendix C). 1182 * The registrant-ep finds one or more addresses of the directory 1183 server as described in Section 4.1. 1185 * The registrant-ep sends (and regularly refreshes with) a POST 1186 request to the "/.well-known/core" URI of the directory server of 1187 choice. The body of the POST request is empty, and triggers the 1188 resource directory server to perform GET requests at the 1189 requesting registrant-ep's /.well-known/core to obtain the link- 1190 format payload to register. 1192 The registrant-ep includes the same registration parameters in the 1193 POST request as it would per Section 5. The registration base URI 1194 of the registration is taken from the registrant-ep's network 1195 address (as is default with regular registrations). 1197 Example request from registrant-EP to RD (unanswered until the 1198 next step): 1200 Req: POST /.well-known/core?lt=6000&ep=node1 1201 (No payload) 1203 Figure 10: First half example exchange of a simple registration 1205 * The RD queries the registrant-ep's discovery resource to determine 1206 the success of the operation. It SHOULD keep a cache of the 1207 discovery resource and not query it again as long as it is fresh. 1209 Example request from the RD to the registrant-EP: 1211 Req: GET /.well-known/core 1212 Accept: 40 1214 Res: 2.05 Content 1215 Content-Format: 40 1216 Payload: 1217 1219 Figure 11: Example exchange of the RD querying the simple endpoint 1221 With this response, the RD would answer the previous step's request: 1223 Res: 2.04 Changed 1225 Figure 12: Second half example exchange of a simple registration 1227 The sequence of fetching the registration content before sending a 1228 successful response was chosen to make responses reliable, and the 1229 caching item was chosen to still allow very constrained registrants. 1230 Registrants MUST be able to serve a GET request to "/.well-known/ 1231 core" after having requested registration. Constrained devices MAY 1232 regard the initial request as temporarily failed when they need RAM 1233 occupied by their own request to serve the RD's GET, and retry later 1234 when the RD already has a cached representation of their discovery 1235 resources. Then, the RD can reply immediately and the registrant can 1236 receive the response. 1238 The simple registration request interface is specified as follows: 1240 Interaction: EP -> RD 1242 Method: POST 1244 URI Template: /.well-known/core{?ep,d,lt,extra-attrs*} 1246 URI Template Variables are as they are for registration in Section 5. 1247 The base attribute is not accepted to keep the registration interface 1248 simple; that rules out registration over CoAP-over-TCP or HTTP that 1249 would need to specify one. 1251 The following response is expected on this interface: 1253 Success: 2.04 "Changed". 1255 For the second interaction triggered by the above, the registrant-ep 1256 takes the role of server and the RD the role of client. (Note that 1257 this is exactly the Well-Known Interface of [RFC6690] Section 4): 1259 Interaction: RD -> EP 1261 Method: GET 1263 URI Template: /.well-known/core 1265 The following response is expected on this interface: 1267 Success: 2.05 "Content". 1269 When the RD is in a position to successfully execute this second 1270 interaction and other network participants that can reach it are not, 1271 it SHOULD verify that the apparent registrant-ep intends to register 1272 with the given registration parameters before revealing the obtained 1273 discovery information to lookup clients. An easy way to do that is 1274 to verify the simple registration request's sender address using the 1275 Echo option as described in [I-D.ietf-core-echo-request-tag] 1276 Section 2.4. 1278 The RD MUST delete registrations created by simple registration after 1279 the expiration of their lifetime. Additional operations on the 1280 registration resource cannot be executed because no registration 1281 location is returned. 1283 5.2. Third-party registration 1285 For some applications, even Simple Registration may be too taxing for 1286 some very constrained devices, in particular if the security 1287 requirements become too onerous. 1289 In a controlled environment (e.g. building control), the RD can be 1290 filled by a third party device, called a Commissioning Tool (CT). 1291 The commissioning tool can fill the RD from a database or other 1292 means. For that purpose scheme, IP address and port of the URI of 1293 the registered device is the value of the "base" parameter of the 1294 registration described in Section 5. 1296 It should be noted that the value of the "base" parameter applies to 1297 all the links of the registration and has consequences for the anchor 1298 value of the individual links as exemplified in Appendix B. An 1299 eventual (currently non-existing) "base" attribute of the link is not 1300 affected by the value of "base" parameter in the registration. 1302 5.3. Operations on the Registration Resource 1304 This section describes how the registering endpoint can maintain the 1305 registrations that it created. The registering endpoint can be the 1306 registrant-ep or the CT. The registrations are resources of the RD. 1308 An endpoint should not use this interface for registrations that it 1309 did not create. This is usually enforced by security policies, which 1310 in general require equivalent credentials for creation of and 1311 operations on a registration. 1313 After the initial registration, the registering endpoint retains the 1314 returned location of the Registration Resource for further 1315 operations, including refreshing the registration in order to extend 1316 the lifetime and "keep-alive" the registration. When the lifetime of 1317 the registration has expired, the RD SHOULD NOT respond to discovery 1318 queries concerning this endpoint. The RD SHOULD continue to provide 1319 access to the Registration Resource after a registration time-out 1320 occurs in order to enable the registering endpoint to eventually 1321 refresh the registration. The RD MAY eventually remove the 1322 registration resource for the purpose of garbage collection. If the 1323 Registration Resource is removed, the corresponding endpoint will 1324 need to be re-registered. 1326 The Registration Resource may also be used cancel the registration 1327 using DELETE, and to perform further operations beyond the scope of 1328 this specification. 1330 These operations are described below. 1332 5.3.1. Registration Update 1334 The update interface is used by the registering endpoint to refresh 1335 or update its registration with an RD. To use the interface, the 1336 registering endpoint sends a POST request to the registration 1337 resource returned by the initial registration operation. 1339 An update MAY update the lifetime or the base URI registration 1340 parameters "lt", "base" as in Section 5. Parameters that are not 1341 being changed SHOULD NOT be included in an update. Adding parameters 1342 that have not changed increases the size of the message but does not 1343 have any other implications. Parameters MUST be included as query 1344 parameters in an update operation as in Section 5. 1346 A registration update resets the timeout of the registration to the 1347 (possibly updated) lifetime of the registration, independent of 1348 whether a "lt" parameter was given. 1350 If the base URI of the registration is changed in an update, relative 1351 references submitted in the original registration or later updates 1352 are resolved anew against the new base. 1354 The registration update operation only describes the use of POST with 1355 an empty payload. Future standards might describe the semantics of 1356 using content formats and payloads with the POST method to update the 1357 links of a registration (see Section 5.3.3). 1359 The update registration request interface is specified as follows: 1361 Interaction: EP -> RD 1363 Method: POST 1365 URI Template: {+location}{?lt,base,extra-attrs*} 1367 URI Template Variables: location := This is the Location returned 1368 by the RD as a result of a successful earlier registration. 1370 lt := Lifetime (optional). Lifetime of the 1372 registration in seconds. Range of 1-4294967295. If no 1373 lifetime is included, the previous last lifetime set on a 1374 previous update or the original registration (falling back to 1375 90000) SHOULD be used. 1377 base := Base URI (optional). This 1378 parameter updates the Base URI established in the original 1379 registration to a new value. If the parameter is set in an 1380 update, it is stored by the RD as the new Base URI under which 1381 to interpret the relative links present in the payload of the 1382 original registration, following the same restrictions as in 1383 the registration. If the parameter is not set in the request 1384 but was set before, the previous Base URI value is kept 1385 unmodified. If the parameter is not set in the request and was 1386 not set before either, the source address and source port of 1387 the update request are stored as the Base URI. 1389 extra-attrs := Additional registration 1390 attributes (optional). As with the registration, the RD 1391 processes them if it knows their semantics. Otherwise, unknown 1392 attributes are stored as endpoint attributes, overriding any 1393 previously stored endpoint attributes of the same key. 1395 Note that this default behavior does not allow removing an 1396 endpoint attribute in an update. For attributes whose 1397 functionality depends on the endpoints' ability to remove them 1398 in an update, it can make sense to define a value whose 1399 presence is equivalent to the absence of a value. As an 1400 alternative, an extension can define different updating rules 1401 for their attributes. That necessitates either discovery of 1402 whether the RD is aware of that extension, or tolerating the 1403 default behavior. 1405 Content-Format: none (no payload) 1407 The following responses are expected on this interface: 1409 Success: 2.04 "Changed" or 204 "No Content" if the update was 1410 successfully processed. 1412 Failure: 4.04 "Not Found" or 404 "Not Found". Registration does not 1413 exist (e.g. may have been removed). 1415 If the registration fails in any way, including "Not Found" and 1416 request timeouts, or if the time indicated in a Service Unavailable 1417 Max-Age/Retry-After exceeds the remaining lifetime, the registering 1418 endpoint SHOULD attempt registration again. 1420 The following example shows how the registering endpoint updates its 1421 registration resource at an RD using this interface with the example 1422 location value: /rd/4521. 1424 Req: POST /rd/4521 1426 Res: 2.04 Changed 1428 Figure 13: Example update of a registration 1430 The following example shows the registering endpoint updating its 1431 registration resource at an RD using this interface with the example 1432 location value: /rd/4521. The initial registration by the 1433 registering endpoint set the following values: 1435 * endpoint name (ep)=endpoint1 1437 * lifetime (lt)=500 1439 * Base URI (base)=coap://local-proxy-old.example.com:5683 1441 * payload of Figure 8 1443 The initial state of the RD is reflected in the following request: 1445 Req: GET /rd-lookup/res?ep=endpoint1 1447 Res: 2.05 Content 1448 Payload: 1449 ;ct=41; 1450 rt="temperature-c";if="sensor"; 1451 anchor="coap://local-proxy-old.example.com:5683/", 1452 ; 1453 anchor="coap://local-proxy-old.example.com:5683/sensors/temp"; 1454 rel="describedby" 1456 Figure 14: Example lookup before a change to the base address 1458 The following example shows the registering endpoint changing the 1459 Base URI to "coaps://new.example.com:5684": 1461 Req: POST /rd/4521?base=coaps://new.example.com:5684 1463 Res: 2.04 Changed 1465 Figure 15: Example registration update that changes the base address 1467 The consecutive query returns: 1469 Req: GET /rd-lookup/res?ep=endpoint1 1471 Res: 2.05 Content 1472 Payload: 1473 ;ct=41; 1474 rt="temperature-c";if="sensor"; 1475 anchor="coap://new.example.com:5684/", 1476 ; 1477 anchor="coap://new.example.com:5684/sensors/temp"; 1478 rel="describedby" 1480 Figure 16: Example lookup after a change to the base address 1482 5.3.2. Registration Removal 1484 Although RD registrations have soft state and will eventually timeout 1485 after their lifetime, the registering endpoint SHOULD explicitly 1486 remove an entry from the RD if it knows it will no longer be 1487 available (for example on shut-down). This is accomplished using a 1488 removal interface on the RD by performing a DELETE on the endpoint 1489 resource. 1491 The removal request interface is specified as follows: 1493 Interaction: EP -> RD 1495 Method: DELETE 1497 URI Template: {+location} 1499 URI Template Variables: location := This is the Location returned 1500 by the RD as a result of a successful earlier registration. 1502 The following responses are expected on this interface: 1504 Success: 2.02 "Deleted" or 204 "No Content" upon successful deletion 1506 Failure: 4.04 "Not Found" or 404 "Not Found". Registration does not 1507 exist (e.g. may already have been removed). 1509 The following examples shows successful removal of the endpoint from 1510 the RD with example location value /rd/4521. 1512 Req: DELETE /rd/4521 1514 Res: 2.02 Deleted 1516 Figure 17: Example of a registration removal 1518 5.3.3. Further operations 1520 Additional operations on the registration can be specified in future 1521 documents, for example: 1523 * Send iPATCH (or PATCH) updates ([RFC8132]) to add, remove or 1524 change the links of a registration. 1526 * Use GET to read the currently stored set of links in a 1527 registration resource. 1529 Those operations are out of scope of this document, and will require 1530 media types suitable for modifying sets of links. 1532 6. RD Lookup 1534 To discover the resources registered with the RD, a lookup interface 1535 must be provided. This lookup interface is defined as a default, and 1536 it is assumed that RDs may also support lookups to return resource 1537 descriptions in alternative formats (e.g. JSON or CBOR link format 1538 [I-D.ietf-core-links-json]) or using more advanced interfaces (e.g. 1539 supporting context or semantic based lookup) on different resources 1540 that are discovered independently. 1542 RD Lookup allows lookups for endpoints and resources using attributes 1543 defined in this document and for use with the CoRE Link Format. The 1544 result of a lookup request is the list of links (if any) 1545 corresponding to the type of lookup. Thus, an endpoint lookup MUST 1546 return a list of endpoints and a resource lookup MUST return a list 1547 of links to resources. 1549 The lookup type is selected by a URI endpoint, which is indicated by 1550 a Resource Type as per Table 1 below: 1552 +=============+====================+===========+ 1553 | Lookup Type | Resource Type | Mandatory | 1554 +=============+====================+===========+ 1555 | Resource | core.rd-lookup-res | Mandatory | 1556 +-------------+--------------------+-----------+ 1557 | Endpoint | core.rd-lookup-ep | Mandatory | 1558 +-------------+--------------------+-----------+ 1560 Table 1: Lookup Types 1562 6.1. Resource lookup 1564 Resource lookup results in links that are semantically equivalent to 1565 the links submitted to the RD. The links and link parameters 1566 returned by the lookup are equal to the submitted ones, except that 1567 the target and anchor references are fully resolved. 1569 Links that did not have an anchor attribute are therefore returned 1570 with the base URI of the registration as the anchor. Links of which 1571 href or anchor was submitted as a (full) URI are returned with these 1572 attributes unmodified. 1574 Above rules allow the client to interpret the response as links 1575 without any further knowledge of the storage conventions of the RD. 1576 The RD MAY replace the registration base URIs with a configured 1577 intermediate proxy, e.g. in the case of an HTTP lookup interface for 1578 CoAP endpoints. 1580 If the base URI of a registration contains a link-local address, the 1581 RD MUST NOT show its links unless the lookup was made from the same 1582 link. The RD MUST NOT include zone identifiers in the resolved URIs. 1584 6.2. Lookup filtering 1586 Using the Accept Option, the requester can control whether the 1587 returned list is returned in CoRE Link Format ("application/link- 1588 format", default) or in alternate content-formats (e.g. from 1589 [I-D.ietf-core-links-json]). 1591 The page and count parameters are used to obtain lookup results in 1592 specified increments using pagination, where count specifies how many 1593 links to return and page specifies which subset of links organized in 1594 sequential pages, each containing 'count' links, starting with link 1595 zero and page zero. Thus, specifying count of 10 and page of 0 will 1596 return the first 10 links in the result set (links 0-9). Count = 10 1597 and page = 1 will return the next 'page' containing links 10-19, and 1598 so on. 1600 Multiple search criteria MAY be included in a lookup. All included 1601 criteria MUST match for a link to be returned. The RD MUST support 1602 matching with multiple search criteria. 1604 A link matches a search criterion if it has an attribute of the same 1605 name and the same value, allowing for a trailing "*" wildcard 1606 operator as in Section 4.1 of [RFC6690]. Attributes that are defined 1607 as "link-type" match if the search value matches any of their values 1608 (see Section 4.1 of [RFC6690]; e.g. "?if=core.s" matches ";if="abc 1609 core.s";"). A resource link also matches a search criterion if its 1610 endpoint would match the criterion, and vice versa, an endpoint link 1611 matches a search criterion if any of its resource links matches it. 1613 Note that "href" is a valid search criterion and matches target 1614 references. Like all search criteria, on a resource lookup it can 1615 match the target reference of the resource link itself, but also the 1616 registration resource of the endpoint that registered it. Queries 1617 for resource link targets MUST be in URI form (i.e. not relative 1618 references) and are matched against a resolved link target. Queries 1619 for endpoints SHOULD be expressed in path-absolute form if possible 1620 and MUST be expressed in URI form otherwise; the RD SHOULD recognize 1621 either. The "anchor" attribute is usable for resource lookups, and, 1622 if queried, MUST be for in URI form as well. 1624 Endpoints that are interested in a lookup result repeatedly or 1625 continuously can use mechanisms like ETag caching, resource 1626 observation ([RFC7641]), or any future mechanism that might allow 1627 more efficient observations of collections. These are advertised, 1628 detected and used according to their own specifications and can be 1629 used with the lookup interface as with any other resource. 1631 When resource observation is used, every time the set of matching 1632 links changes, or the content of a matching link changes, the RD 1633 sends a notification with the matching link set. The notification 1634 contains the successful current response to the given request, 1635 especially with respect to representing zero matching links (see 1636 "Success" item below). 1638 The lookup interface is specified as follows: 1640 Interaction: Client -> RD 1642 Method: GET 1644 URI Template: {+type-lookup-location}{?page,count,search*} 1646 URI Template Variables: type-lookup-location := RD Lookup URI for a 1647 given lookup type (mandatory). The address is discovered as 1648 described in Section 4.3. 1650 search := Search criteria for limiting the 1651 number of results (optional). 1653 The search criteria are an associative array, expressed in a 1654 form-style query as per the URI template (see [RFC6570] 1655 Sections 2.4.2 and 3.2.8) 1657 page := Page (optional). Parameter cannot 1658 be used without the count parameter. Results are returned from 1659 result set in pages that contain 'count' links starting from 1660 index (page * count). Page numbering starts with zero. 1662 count := Count (optional). Number of 1663 results is limited to this parameter value. If the page 1664 parameter is also present, the response MUST only include 1665 'count' links starting with the (page * count) link in the 1666 result set from the query. If the count parameter is not 1667 present, then the response MUST return all matching links in 1668 the result set. Link numbering starts with zero. 1670 Accept: absent, application/link-format or any other indicated media 1671 type representing web links 1673 The following responses codes are defined for this interface: 1675 Success: 2.05 "Content" or 200 "OK" with an "application/link- 1676 format" or other web link payload containing matching entries for 1677 the lookup. The payload can contain zero links (which is an empty 1678 payload in [RFC6690] link format, but could also be "[]" in JSON 1679 based formats), indicating that no entities matched the request. 1681 6.3. Resource lookup examples 1683 The examples in this section assume the existence of CoAP hosts with 1684 a default CoAP port 61616. HTTP hosts are possible and do not change 1685 the nature of the examples. 1687 The following example shows a client performing a resource lookup 1688 with the example resource look-up locations discovered in Figure 5: 1690 Req: GET /rd-lookup/res?rt=temperature 1692 Res: 2.05 Content 1693 ;rt="temperature"; 1694 anchor="coap://[2001:db8:3::123]:61616" 1696 Figure 18: Example a resource lookup 1698 A client that wants to be notified of new resources as they show up 1699 can use observation: 1701 Req: GET /rd-lookup/res?rt=light 1702 Observe: 0 1704 Res: 2.05 Content 1705 Observe: 23 1706 Payload: empty 1708 (at a later point in time) 1710 Res: 2.05 Content 1711 Observe: 24 1712 Payload: 1713 ;rt="light"; 1714 anchor="coap://[2001:db8:3::124]", 1715 ;rt="light"; 1716 anchor="coap://[2001:db8:3::124]", 1717 ;rt="light"; 1718 anchor="coap://[2001:db8:3::124]" 1720 Figure 19: Example an observing resource lookup 1722 The following example shows a client performing a paginated resource 1723 lookup 1724 Req: GET /rd-lookup/res?page=0&count=5 1726 Res: 2.05 Content 1727 ;rt=sensor;ct=60; 1728 anchor="coap://[2001:db8:3::123]:61616", 1729 ;rt=sensor;ct=60; 1730 anchor="coap://[2001:db8:3::123]:61616", 1731 ;rt=sensor;ct=60; 1732 anchor="coap://[2001:db8:3::123]:61616", 1733 ;rt=sensor;ct=60; 1734 anchor="coap://[2001:db8:3::123]:61616", 1735 ;rt=sensor;ct=60; 1736 anchor="coap://[2001:db8:3::123]:61616" 1738 Req: GET /rd-lookup/res?page=1&count=5 1740 Res: 2.05 Content 1741 ;rt=sensor;ct=60; 1742 anchor="coap://[2001:db8:3::123]:61616", 1743 ;rt=sensor;ct=60; 1744 anchor="coap://[2001:db8:3::123]:61616", 1745 ;rt=sensor;ct=60; 1746 anchor="coap://[2001:db8:3::123]:61616", 1747 ;rt=sensor;ct=60; 1748 anchor="coap://[2001:db8:3::123]:61616", 1749 ;rt=sensor;ct=60; 1750 anchor="coap://[2001:db8:3::123]:61616" 1752 Figure 20: Examples of paginated resource lookup 1754 The following example shows a client performing a lookup of all 1755 resources of all endpoints of a given endpoint type. It assumes that 1756 two endpoints (with endpoint names "sensor1" and "sensor2") have 1757 previously registered with their respective addresses 1758 "coap://sensor1.example.com" and "coap://sensor2.example.com", and 1759 posted the very payload of the 6th request of section 5 of [RFC6690]. 1761 It demonstrates how absolute link targets stay unmodified, while 1762 relative ones are resolved: 1764 Req: GET /rd-lookup/res?et=oic.d.sensor 1766 ;ct=40;title="Sensor Index"; 1767 anchor="coap://sensor1.example.com", 1768 ;rt="temperature-c"; 1769 if="sensor"; anchor="coap://sensor1.example.com", 1770 ;rt="light-lux"; 1771 if="sensor"; anchor="coap://sensor1.example.com", 1772 ;rel="describedby"; 1773 anchor="coap://sensor1.example.com/sensors/temp", 1774 ;rel="alternate"; 1775 anchor="coap://sensor1.example.com/sensors/temp", 1776 ;ct=40;title="Sensor Index"; 1777 anchor="coap://sensor2.example.com", 1778 ;rt="temperature-c"; 1779 if="sensor"; anchor="coap://sensor2.example.com", 1780 ;rt="light-lux"; 1781 if="sensor"; anchor="coap://sensor2.example.com", 1782 ;rel="describedby"; 1783 anchor="coap://sensor2.example.com/sensors/temp", 1784 ;rel="alternate"; 1785 anchor="coap://sensor2.example.com/sensors/temp" 1787 Figure 21: Example of resource lookup from multiple endpoints 1789 6.4. Endpoint lookup 1791 The endpoint lookup returns registration resources which can only be 1792 manipulated by the registering endpoint. 1794 Endpoint registration resources are annotated with their endpoint 1795 names (ep), sectors (d, if present) and registration base URI (base; 1796 reports the registrant-ep's address if no explicit base was given) as 1797 well as a constant resource type (rt="core.rd-ep"); the lifetime (lt) 1798 is not reported. Additional endpoint attributes are added as target 1799 attributes to their endpoint link unless their specification says 1800 otherwise. 1802 Links to endpoints SHOULD be presented in path-absolute form or, if 1803 required, as (full) URIs. (This avoids the RFC6690 ambiguities.) 1805 Base addresses that contain link-local addresses MUST NOT include 1806 zone identifiers, and such registrations MUST NOT be shown unless the 1807 lookup was made from the same link from which the registration was 1808 made. 1810 While Endpoint Lookup does expose the registration resources, the RD 1811 does not need to make them accessible to clients. Clients SHOULD NOT 1812 attempt to dereference or manipulate them. 1814 An RD can report endpoints in lookup that are not hosted at the same 1815 address. Lookup clients MUST be prepared to see arbitrary URIs as 1816 registration resources in the results and treat them as opaque 1817 identifiers; the precise semantics of such links are left to future 1818 specifications. 1820 The following example shows a client performing an endpoint type (et) 1821 lookup with the value oic.d.sensor (which is currently a registered 1822 rt value): 1824 Req: GET /rd-lookup/ep?et=oic.d.sensor 1826 Res: 2.05 Content 1827 ;base="coap://[2001:db8:3::127]:61616";ep="node5"; 1828 et="oic.d.sensor";ct="40";rt="core.rd-ep", 1829 ;base="coap://[2001:db8:3::129]:61616";ep="node7"; 1830 et="oic.d.sensor";ct="40";d="floor-3";rt="core.rd-ep" 1832 Figure 22: Examples of endpoint lookup 1834 7. Security policies 1836 The security policies that are applicable to an RD strongly depend on 1837 the application, and are not set out normatively here. 1839 This section provides a list of aspects that applications should 1840 consider when describing their use of the RD, without claiming to 1841 cover all cases. It is using terminology of 1842 [I-D.ietf-ace-oauth-authz], in which the RD acts as the Resource 1843 Server (RS), and both registrant-eps and lookup clients act as 1844 Clients (C) with support from an Authorization Server (AS), without 1845 the intention of ruling out other (e.g. certificate / public-key 1846 infrastructure (PKI) based) schemes. 1848 Any, all or none of the below can apply to an application. Which are 1849 relevant depends on its protection objectives. 1851 7.1. Endpoint name 1853 Whenever an RD needs to provide trustworthy results to clients doing 1854 endpoint lookup, or resource lookup with filtering on the endpoint 1855 name, the RD must ensure that the registrant is authorized to use the 1856 given endpoint name. This applies both to registration and later to 1857 operations on the registration resource. It is immaterial there 1858 whether the client is the registrant-ep itself or a CT is doing the 1859 registration: The RD can not tell the difference, and CTs may use 1860 authorization credentials authorizing only operations on that 1861 particular endpoint name, or a wider range of endpoint names. 1863 When certificates are used as authorization credentials, the 1864 sector(s) and endpoint name(s) can be transported in the subject. In 1865 an ACE context, those are typically transported in a scope claim. 1867 7.1.1. Random endpoint names 1869 Conversely, in applications where the RD does not check the endpoint 1870 name, the authorized registering endpoint can generate a random 1871 number (or string) that identifies the endpoint. The RD should then 1872 remember unique properties of the registrant, associate them with the 1873 registration for as long as its registration resource is active 1874 (which may be longer than the registration's lifetime), and require 1875 the same properties for operations on the registration resource. 1877 Registrants that are prepared to pick a different identifier when 1878 their initial attempt at registration is unauthorized should pick an 1879 identifier at least twice as long as the expected number of 1880 registrants; registrants without such a recovery options should pick 1881 significantly longer endpoint names (e.g. using UUID URNs [RFC4122]). 1883 7.2. Entered resources 1885 When lookup clients expect that certain types of links can only 1886 originate from certain endpoints, then the RD needs to apply 1887 filtering to the links an endpoint may register. 1889 For example, if clients use an RD to find a server that provides 1890 firmware updates, then any registrant that wants to register (or 1891 update) links to firmware sources will need to provide suitable 1892 credentials to do so, independently of its endpoint name. 1894 Note that the impact of having undesirable links in the RD depends on 1895 the application: if the client requires the firmware server to 1896 present credentials as a firmware server, a fraudulent link's impact 1897 is limited to the client revealing its intention to obtain updates 1898 and slowing down the client until it finds a legitimate firmware 1899 server; if the client accepts any credentials from the server as long 1900 as they fit the provided URI, the impact is larger. 1902 An RD may also require that only links are registered on whose anchor 1903 (or even target) the RD recognizes as authoritative of. One way to 1904 do this is to demand that the registrant present the same credentials 1905 as a client that they'd need to present if contacted as a server at 1906 the resources' URI, which may include using the address and port that 1907 are part of the URI. Such a restriction places severe practical 1908 limitations on the links that can be registered. 1910 As above, the impact of undesirable links depends on the extent to 1911 which the lookup client relies on the RD. To avoid the limitations, 1912 RD applications should consider prescribe that lookup clients only 1913 use the discovered information as hints, and describe which pieces of 1914 information need to be verified with the server because they impact 1915 the application's security. 1917 7.3. Link confidentiality 1919 When registrants publish information in the RD that is not available 1920 to any client that would query the registrant's .well-known/core 1921 interface, or when lookups to that interface are subject so stricter 1922 firewalling than lookups to the RD, the RD may need to limit which 1923 lookup clients may access the information. 1925 In those situations, the registrant needs to be careful to 1926 authenticate the RD as well. The registrant needs to know in advance 1927 which AS, audience and scope values indicate an RD it may trust for 1928 this purpose, and can not rely on the RD to provide AS address and 1929 token details. (In contrast, in the other scenarios it may try to 1930 register, and follow the pointers the RD gives it as to which 1931 credentials it needs to provide in order to perform its 1932 registration). 1934 7.4. Segmentation 1936 Within a single RD, different security policies can apply. 1938 One example of this are multi-tenant deployments separated by the 1939 sector (d) parameter. Some sectors might apply limitations on the 1940 endpoint names available, while others use a random identifier 1941 approach to endpoint names and place limits on the entered links 1942 based on their attributes instead. 1944 Care must be taken in such setups to determine the applicable access 1945 control measures to each operation. One easy way to do that is to 1946 mandate the use of the sector parameter on all operations, as no 1947 credentials are suitable for operations across sector borders anyway. 1949 8. Security Considerations 1951 The security considerations as described in Section 5 of [RFC8288] 1952 and Section 6 of [RFC6690] apply. The "/.well-known/core" resource 1953 may be protected e.g. using DTLS when hosted on a CoAP server as 1954 described in [RFC7252]. DTLS or TLS based security SHOULD be used on 1955 all resource directory interfaces defined in this document. 1957 8.1. Endpoint Identification and Authentication 1959 An Endpoint (name, sector) pair is unique within the set of endpoints 1960 registered by the RD. An Endpoint MUST NOT be identified by its 1961 protocol, port or IP address as these may change over the lifetime of 1962 an Endpoint. 1964 Every operation performed by an Endpoint on an RD SHOULD be mutually 1965 authenticated using Pre-Shared Key, Raw Public Key or Certificate 1966 based security. 1968 Consider the following threat: two devices A and B are registered at 1969 a single server. Both devices have unique, per-device credentials 1970 for use with DTLS to make sure that only parties with authorization 1971 to access A or B can do so. 1973 Now, imagine that a malicious device A wants to sabotage the device 1974 B. It uses its credentials during the DTLS exchange. Then, it 1975 specifies the endpoint name of device B as the name of its own 1976 endpoint in device A. If the server does not check whether the 1977 identifier provided in the DTLS handshake matches the identifier used 1978 at the CoAP layer then it may be inclined to use the endpoint name 1979 for looking up what information to provision to the malicious device. 1981 Endpoint authentication needs to be checked independently of whether 1982 there are configured requirements on the credentials for a given 1983 endpoint name (Section 7.1) or whether arbitrary names are accepted 1984 (Section 7.1.1). 1986 Simple registration could be used to circumvent address based access 1987 control: An attacker would send a simple registration request with 1988 the victim's address as source address, and later look up the 1989 victim's .well-known/core content in the RD. Mitigation for this is 1990 recommended in Section 5.1. 1992 8.2. Access Control 1994 Access control SHOULD be performed separately for the RD registration 1995 and Lookup API paths, as different endpoints may be authorized to 1996 register with an RD from those authorized to lookup endpoints from 1997 the RD. Such access control SHOULD be performed in as fine-grained a 1998 level as possible. For example access control for lookups could be 1999 performed either at the sector, endpoint or resource level. 2001 8.3. Denial of Service Attacks 2003 Services that run over UDP unprotected are vulnerable to unknowingly 2004 become part of a DDoS attack as UDP does not require return 2005 routability check. Therefore, an attacker can easily spoof the 2006 source IP of the target entity and send requests to such a service 2007 which would then respond to the target entity. This can be used for 2008 large-scale DDoS attacks on the target. Especially, if the service 2009 returns a response that is order of magnitudes larger than the 2010 request, the situation becomes even worse as now the attack can be 2011 amplified. DNS servers have been widely used for DDoS amplification 2012 attacks. There is also a danger that NTP Servers could become 2013 implicated in denial-of-service (DoS) attacks since they run on 2014 unprotected UDP, there is no return routability check, and they can 2015 have a large amplification factor. The responses from the NTP server 2016 were found to be 19 times larger than the request. An RD which 2017 responds to wild-card lookups is potentially vulnerable if run with 2018 CoAP over UDP. Since there is no return routability check and the 2019 responses can be significantly larger than requests, RDs can 2020 unknowingly become part of a DDoS amplification attack. 2022 [RFC7252] describes this at length in its Section 11.3, including 2023 some mitigation by using small block sizes in responses. The 2024 upcoming [I-D.ietf-core-echo-request-tag] updates that by describing 2025 a source address verification mechanism using the Echo option. 2027 [ If this document is published together with or after I-D.ietf-core- 2028 echo-request-tag, the above paragraph is replaced with the following: 2030 [RFC7252] describes this at length in its Section 11.3, and 2031 [I-D.ietf-core-echo-request-tag] (which updates the former) 2032 recommends using the Echo option to verify the request's source 2033 address. 2035 ] 2037 9. IANA Considerations 2039 9.1. Resource Types 2041 IANA is asked to enter the following values into the Resource Type 2042 (rt=) Link Target Attribute Values sub-registry of the Constrained 2043 Restful Environments (CoRE) Parameters registry defined in [RFC6690]: 2045 +====================+=============================+=============+ 2046 | Value | Description | Reference | 2047 +====================+=============================+=============+ 2048 | core.rd | Directory resource of an RD | RFCTHIS | 2049 | | | Section 4.3 | 2050 +--------------------+-----------------------------+-------------+ 2051 | core.rd-lookup-res | Resource lookup of an RD | RFCTHIS | 2052 | | | Section 4.3 | 2053 +--------------------+-----------------------------+-------------+ 2054 | core.rd-lookup-ep | Endpoint lookup of an RD | RFCTHIS | 2055 | | | Section 4.3 | 2056 +--------------------+-----------------------------+-------------+ 2057 | core.rd-ep | Endpoint resource of an RD | RFCTHIS | 2058 | | | Section 6 | 2059 +--------------------+-----------------------------+-------------+ 2061 Table 2 2063 9.2. IPv6 ND Resource Directory Address Option 2065 This document registers one new ND option type under the sub-registry 2066 "IPv6 Neighbor Discovery Option Formats": 2068 * Resource Directory Address Option (TBD38) 2070 [ The RFC editor is asked to replace TBD38 with the assigned number 2071 in the document; the value 38 is suggested. ] 2073 9.3. RD Parameter Registry 2075 This specification defines a new sub-registry for registration and 2076 lookup parameters called "RD Parameters" under "CoRE Parameters". 2077 Although this specification defines a basic set of parameters, it is 2078 expected that other standards that make use of this interface will 2079 define new ones. 2081 Each entry in the registry must include 2082 * the human readable name of the parameter, 2084 * the short name as used in query parameters or target attributes, 2086 * indication of whether it can be passed as a query parameter at 2087 registration of endpoints, as a query parameter in lookups, or be 2088 expressed as a target attribute, 2090 * syntax and validity requirements if any, 2092 * a description, 2094 * and a link to reference documentation. 2096 The query parameter MUST be both a valid URI query key [RFC3986] and 2097 a token as used in [RFC8288]. 2099 The description must give details on whether the parameter can be 2100 updated, and how it is to be processed in lookups. 2102 The mechanisms around new RD parameters should be designed in such a 2103 way that they tolerate RD implementations that are unaware of the 2104 parameter and expose any parameter passed at registration or updates 2105 on in endpoint lookups. (For example, if a parameter used at 2106 registration were to be confidential, the registering endpoint should 2107 be instructed to only set that parameter if the RD advertises support 2108 for keeping it confidential at the discovery step.) 2110 Initial entries in this sub-registry are as follows: 2112 +==============+=======+==============+=====+=====================+ 2113 | Full name | Short | Validity | Use | Description | 2114 +==============+=======+==============+=====+=====================+ 2115 | Endpoint | ep | Unicode* | RLA | Name of the | 2116 | Name | | | | endpoint | 2117 +--------------+-------+--------------+-----+---------------------+ 2118 | Lifetime | lt | 1-4294967295 | R | Lifetime of the | 2119 | | | | | registration in | 2120 | | | | | seconds | 2121 +--------------+-------+--------------+-----+---------------------+ 2122 | Sector | d | Unicode* | RLA | Sector to which | 2123 | | | | | this endpoint | 2124 | | | | | belongs | 2125 +--------------+-------+--------------+-----+---------------------+ 2126 | Registration | base | URI | RLA | The scheme, address | 2127 | Base URI | | | | and port and path | 2128 | | | | | at which this | 2129 | | | | | server is available | 2130 +--------------+-------+--------------+-----+---------------------+ 2131 | Page | page | Integer | L | Used for pagination | 2132 +--------------+-------+--------------+-----+---------------------+ 2133 | Count | count | Integer | L | Used for pagination | 2134 +--------------+-------+--------------+-----+---------------------+ 2135 | Endpoint | et | Section | RLA | Semantic type of | 2136 | Type | | 9.3.1 | | the endpoint (see | 2137 | | | | | Section 9.4) | 2138 +--------------+-------+--------------+-----+---------------------+ 2140 Table 3: RD Parameters 2142 (Short: Short name used in query parameters or target attributes. 2143 Validity: Unicode* = 63 Bytes of UTF-8 encoded Unicode, with no 2144 control characters as per Section 5. Use: R = used at registration, 2145 L = used at lookup, A = expressed in target attribute 2147 The descriptions for the options defined in this document are only 2148 summarized here. To which registrations they apply and when they are 2149 to be shown is described in the respective sections of this document. 2150 All their reference documentation entries point to this document. 2152 The IANA policy for future additions to the sub-registry is "Expert 2153 Review" as described in [RFC8126]. The evaluation should consider 2154 formal criteria, duplication of functionality (Is the new entry 2155 redundant with an existing one?), topical suitability (E.g. is the 2156 described property actually a property of the endpoint and not a 2157 property of a particular resource, in which case it should go into 2158 the payload of the registration and need not be registered?), and the 2159 potential for conflict with commonly used target attributes (For 2160 example, "if" could be used as a parameter for conditional 2161 registration if it were not to be used in lookup or attributes, but 2162 would make a bad parameter for lookup, because a resource lookup with 2163 an "if" query parameter could ambiguously filter by the registered 2164 endpoint property or the [RFC6690] target attribute). 2166 9.3.1. Full description of the "Endpoint Type" Registration Parameter 2168 An endpoint registering at an RD can describe itself with endpoint 2169 types, similar to how resources are described with Resource Types in 2170 [RFC6690]. An endpoint type is expressed as a string, which can be 2171 either a URI or one of the values defined in the Endpoint Type sub- 2172 registry. Endpoint types can be passed in the "et" query parameter 2173 as part of extra-attrs at the Registration step, are shown on 2174 endpoint lookups using the "et" target attribute, and can be filtered 2175 for using "et" as a search criterion in resource and endpoint lookup. 2176 Multiple endpoint types are given as separate query parameters or 2177 link attributes. 2179 Note that Endpoint Type differs from Resource Type in that it uses 2180 multiple attributes rather than space separated values. As a result, 2181 RDs implementing this specification automatically support correct 2182 filtering in the lookup interfaces from the rules for unknown 2183 endpoint attributes. 2185 9.4. "Endpoint Type" (et=) RD Parameter values 2187 This specification establishes a new sub-registry under "CoRE 2188 Parameters" called '"Endpoint Type" (et=) RD Parameter values'. The 2189 registry properties (required policy, requirements, template) are 2190 identical to those of the Resource Type parameters in [RFC6690], in 2191 short: 2193 The review policy is IETF Review for values starting with "core", and 2194 Specification Required for others. 2196 The requirements to be enforced are: 2198 * The values MUST be related to the purpose described in 2199 Section 9.3.1. 2201 * The registered values MUST conform to the ABNF reg-rel-type 2202 definition of [RFC6690] and MUST NOT be a URI. 2204 * It is recommended to use the period "." character for 2205 segmentation. 2207 The registry initially contains one value: 2209 * "core.rd-group": An application group as described in Appendix A. 2211 9.5. Multicast Address Registration 2213 IANA is asked to assign the following multicast addresses for use by 2214 CoAP nodes: 2216 IPv4 - "all CoRE Resource Directories" address MCD2 (suggestion: 2217 224.0.1.189), from the "IPv4 Multicast Address Space Registry". As 2218 the address is used for discovery that may span beyond a single 2219 network, it has come from the Internetwork Control Block (224.0.1.x) 2220 [RFC5771]. 2222 IPv6 - "all CoRE Resource Directories" address MCD1 (suggestions 2223 FF0X::FE), from the "IPv6 Multicast Address Space Registry", in the 2224 "Variable Scope Multicast Addresses" space (RFC 3307). Note that 2225 there is a distinct multicast address for each scope that interested 2226 CoAP nodes should listen to; CoAP needs the Link-Local and Site-Local 2227 scopes only. 2229 [ The RFC editor is asked to replace MCD1 and MCD2 with the assigned 2230 addresses throughout the document. ] 2232 9.6. Well-Known URIs 2234 IANA is asked to extend the reference for the "core" URI suffix in 2235 the "Well-Known URIs" registry to reference this document next to 2236 [RFC6690], as this defines the resource's behavior for POST requests. 2238 9.7. Service Names and Transport Protocol Port Number Registry 2240 IANA is asked to enter four new items into the Service Names and 2241 Transport Protocol Port Number Registry: 2243 * Service name: "core-rd", Protocol: "udp", Description: "Resource 2244 Directory accessed using CoAP" 2246 * Service name "core-rd-dtls", Protocol: "udp", Description: 2247 "Resource Directory accessed using CoAP over DTLS" 2249 * Service name: "core-rd", Protocol: "tcp", Description: "Resource 2250 Directory accessed using CoAP over TCP" 2252 * Service name "core-rd-tls", Protocol: "tcp", Description: 2253 "Resource Directory accessed using CoAP over TLS" 2255 All in common have this document as their reference. 2257 10. Examples 2259 Two examples are presented: a Lighting Installation example in 2260 Section 10.1 and a LWM2M example in Section 10.2. 2262 10.1. Lighting Installation 2264 This example shows a simplified lighting installation which makes use 2265 of the RD with a CoAP interface to facilitate the installation and 2266 start-up of the application code in the lights and sensors. In 2267 particular, the example leads to the definition of a group and the 2268 enabling of the corresponding multicast address as described in 2269 Appendix A. No conclusions must be drawn on the realization of 2270 actual installation or naming procedures, because the example only 2271 "emphasizes" some of the issues that may influence the use of the RD 2272 and does not pretend to be normative. 2274 10.1.1. Installation Characteristics 2276 The example assumes that the installation is managed. That means 2277 that a Commissioning Tool (CT) is used to authorize the addition of 2278 nodes, name them, and name their services. The CT can be connected 2279 to the installation in many ways: the CT can be part of the 2280 installation network, connected by WiFi to the installation network, 2281 or connected via GPRS link, or other method. 2283 It is assumed that there are two naming authorities for the 2284 installation: (1) the network manager that is responsible for the 2285 correct operation of the network and the connected interfaces, and 2286 (2) the lighting manager that is responsible for the correct 2287 functioning of networked lights and sensors. The result is the 2288 existence of two naming schemes coming from the two managing 2289 entities. 2291 The example installation consists of one presence sensor, and two 2292 luminaries, luminary1 and luminary2, each with their own wireless 2293 interface. Each luminary contains three lamps: left, right and 2294 middle. Each luminary is accessible through one endpoint. For each 2295 lamp a resource exists to modify the settings of a lamp in a 2296 luminary. The purpose of the installation is that the presence 2297 sensor notifies the presence of persons to a group of lamps. The 2298 group of lamps consists of: middle and left lamps of luminary1 and 2299 right lamp of luminary2. 2301 Before commissioning by the lighting manager, the network is 2302 installed and access to the interfaces is proven to work by the 2303 network manager. 2305 At the moment of installation, the network under installation is not 2306 necessarily connected to the DNS infra structure. Therefore, SLAAC 2307 IPv6 addresses are assigned to CT, RD, luminaries and sensor shown in 2308 Table 4 below: 2310 +=================+================+ 2311 | Name | IPv6 address | 2312 +=================+================+ 2313 | luminary1 | 2001:db8:4::1 | 2314 +-----------------+----------------+ 2315 | luminary2 | 2001:db8:4::2 | 2316 +-----------------+----------------+ 2317 | Presence sensor | 2001:db8:4::3 | 2318 +-----------------+----------------+ 2319 | RD | 2001:db8:4::ff | 2320 +-----------------+----------------+ 2322 Table 4: interface SLAAC addresses 2324 In Section 10.1.2 the use of RD during installation is presented. 2326 10.1.2. RD entries 2328 It is assumed that access to the DNS infrastructure is not always 2329 possible during installation. Therefore, the SLAAC addresses are 2330 used in this section. 2332 For discovery, the resource types (rt) of the devices are important. 2333 The lamps in the luminaries have rt: light, and the presence sensor 2334 has rt: p-sensor. The endpoints have names which are relevant to the 2335 light installation manager. In this case luminary1, luminary2, and 2336 the presence sensor are located in room 2-4-015, where luminary1 is 2337 located at the window and luminary2 and the presence sensor are 2338 located at the door. The endpoint names reflect this physical 2339 location. The middle, left and right lamps are accessed via path 2340 /light/middle, /light/left, and /light/right respectively. The 2341 identifiers relevant to the RD are shown in Table 5 below: 2343 +===========+==================+===============+===============+ 2344 | Name | endpoint | resource path | resource type | 2345 +===========+==================+===============+===============+ 2346 | luminary1 | lm_R2-4-015_wndw | /light/left | light | 2347 +-----------+------------------+---------------+---------------+ 2348 | luminary1 | lm_R2-4-015_wndw | /light/middle | light | 2349 +-----------+------------------+---------------+---------------+ 2350 | luminary1 | lm_R2-4-015_wndw | /light/right | light | 2351 +-----------+------------------+---------------+---------------+ 2352 | luminary2 | lm_R2-4-015_door | /light/left | light | 2353 +-----------+------------------+---------------+---------------+ 2354 | luminary2 | lm_R2-4-015_door | /light/middle | light | 2355 +-----------+------------------+---------------+---------------+ 2356 | luminary2 | lm_R2-4-015_door | /light/right | light | 2357 +-----------+------------------+---------------+---------------+ 2358 | Presence | ps_R2-4-015_door | /ps | p-sensor | 2359 | sensor | | | | 2360 +-----------+------------------+---------------+---------------+ 2362 Table 5: RD identifiers 2364 It is assumed that the CT knows the RD's address, and has performed 2365 URI discovery on it that returned a response like the one in the 2366 Section 4.3 example. 2368 The CT inserts the endpoints of the luminaries and the sensor in the 2369 RD using the registration base URI parameter (base) to specify the 2370 interface address: 2372 Req: POST coap://[2001:db8:4::ff]/rd 2373 ?ep=lm_R2-4-015_wndw&base=coap://[2001:db8:4::1]&d=R2-4-015 2374 Payload: 2375 ;rt="light", 2376 ;rt="light", 2377 ;rt="light" 2379 Res: 2.01 Created 2380 Location-Path: /rd/4521 2382 Req: POST coap://[2001:db8:4::ff]/rd 2383 ?ep=lm_R2-4-015_door&base=coap://[2001:db8:4::2]&d=R2-4-015 2384 Payload: 2385 ;rt="light", 2386 ;rt="light", 2387 ;rt="light" 2389 Res: 2.01 Created 2390 Location-Path: /rd/4522 2392 Req: POST coap://[2001:db8:4::ff]/rd 2393 ?ep=ps_R2-4-015_door&base=coap://[2001:db8:4::3]d&d=R2-4-015 2394 Payload: 2395 ;rt="p-sensor" 2397 Res: 2.01 Created 2398 Location-Path: /rd/4523 2400 Figure 23: Example of registrations a CT enters into an RD 2402 The sector name d=R2-4-015 has been added for an efficient lookup 2403 because filtering on "ep" name is more awkward. The same sector name 2404 is communicated to the two luminaries and the presence sensor by the 2405 CT. 2407 The group is specified in the RD. The base parameter is set to the 2408 site-local multicast address allocated to the group. In the POST in 2409 the example below, the resources supported by all group members are 2410 published. 2412 Req: POST coap://[2001:db8:4::ff]/rd 2413 ?ep=grp_R2-4-015&et=core.rd-group&base=coap://[ff05::1] 2414 Payload: 2415 ;rt="light", 2416 ;rt="light", 2417 ;rt="light" 2419 Res: 2.01 Created 2420 Location-Path: /rd/501 2422 Figure 24: Example of a multicast group a CT enters into an RD 2424 After the filling of the RD by the CT, the application in the 2425 luminaries can learn to which groups they belong, and enable their 2426 interface for the multicast address. 2428 The luminary, knowing its sector and being configured to join any 2429 group containing lights, searches for candidate groups and joins 2430 them: 2432 Req: GET coap://[2001:db8:4::ff]/rd-lookup/ep 2433 ?d=R2-4-015&et=core.rd-group&rt=light 2435 Res: 2.05 Content 2436 ;ep="grp_R2-4-015";et="core.rd-group"; 2437 base="coap://[ff05::1]";rt="core.rd-ep" 2439 Figure 25: Example of a lookup exchange to find suitable 2440 multicast addresses 2442 From the returned base parameter value, the luminary learns the 2443 multicast address of the multicast group. 2445 Alternatively, the CT can communicate the multicast address directly 2446 to the luminaries by using the "coap-group" resource specified in 2447 [RFC7390]. 2449 Req: POST coap://[2001:db8:4::1]/coap-group 2450 Content-Format: application/coap-group+json 2451 Payload: 2452 { "a": "[ff05::1]", "n": "grp_R2-4-015"} 2454 Res: 2.01 Created 2455 Location-Path: /coap-group/1 2457 Figure 26: Example use of direct multicast address configuration 2459 Dependent on the situation, only the address, "a", or the name, "n", 2460 is specified in the coap-group resource. 2462 The presence sensor can learn the presence of groups that support 2463 resources with rt=light in its own sector by sending the same 2464 request, as used by the luminary. The presence sensor learns the 2465 multicast address to use for sending messages to the luminaries. 2467 10.2. OMA Lightweight M2M (LWM2M) Example 2469 This example shows how the OMA LWM2M specification makes use of RDs. 2471 OMA LWM2M is a profile for device services based on CoAP(OMA Name 2472 Authority). LWM2M defines a simple object model and a number of 2473 abstract interfaces and operations for device management and device 2474 service enablement. 2476 An LWM2M server is an instance of an LWM2M middleware service layer, 2477 containing an RD along with other LWM2M interfaces defined by the 2478 LWM2M specification. 2480 The registration interface of this specification is used to provide 2481 the LWM2M Registration interface. 2483 LWM2M does not provide for registration sectors and does not 2484 currently use the rd-lookup interface. 2486 The LWM2M specification describes a set of interfaces and a resource 2487 model used between a LWM2M device and an LWM2M server. Other 2488 interfaces, proxies, and applications are currently out of scope for 2489 LWM2M. 2491 The location of the LWM2M Server and RD URI path is provided by the 2492 LWM2M Bootstrap process, so no dynamic discovery of the RD is used. 2493 LWM2M Servers and endpoints are not required to implement the /.well- 2494 known/core resource. 2496 10.2.1. The LWM2M Object Model 2498 The OMA LWM2M object model is based on a simple 2 level class 2499 hierarchy consisting of Objects and Resources. 2501 An LWM2M Resource is a REST endpoint, allowed to be a single value or 2502 an array of values of the same data type. 2504 An LWM2M Object is a resource template and container type that 2505 encapsulates a set of related resources. An LWM2M Object represents 2506 a specific type of information source; for example, there is a LWM2M 2507 Device Management object that represents a network connection, 2508 containing resources that represent individual properties like radio 2509 signal strength. 2511 Since there may potentially be more than one of a given type object, 2512 for example more than one network connection, LWM2M defines instances 2513 of objects that contain the resources that represent a specific 2514 physical thing. 2516 The URI template for LWM2M consists of a base URI followed by Object, 2517 Instance, and Resource IDs: 2519 {/base-uri}{/object-id}{/object-instance}{/resource-id}{/resource- 2520 instance} 2522 The five variables given here are strings. base-uri can also have 2523 the special value "undefined" (sometimes called "null" in RFC 6570). 2524 Each of the variables object-instance, resource-id, and resource- 2525 instance can be the special value "undefined" only if the values 2526 behind it in this sequence also are "undefined". As a special case, 2527 object-instance can be "empty" (which is different from "undefined") 2528 if resource-id is not "undefined". 2530 base-uri := Base URI for LWM2M resources or "undefined" for default 2531 (empty) base URI 2533 object-id := OMNA (OMA Name Authority) registered object ID (0-65535) 2535 object-instance := Object instance identifier (0-65535) or 2536 "undefined"/"empty" (see above)) to refer to all instances of an 2537 object ID 2539 resource-id := OMNA (OMA Name Authority) registered resource ID 2540 (0-65535) or "undefined" to refer to all resources within an instance 2542 resource-instance := Resource instance identifier or "undefined" to 2543 refer to single instance of a resource 2545 LWM2M IDs are 16 bit unsigned integers represented in decimal (no 2546 leading zeroes except for the value 0) by URI format strings. For 2547 example, a LWM2M URI might be: 2549 /1/0/1 2550 The base URI is empty, the Object ID is 1, the instance ID is 0, the 2551 resource ID is 1, and the resource instance is "undefined". This 2552 example URI points to internal resource 1, which represents the 2553 registration lifetime configured, in instance 0 of a type 1 object 2554 (LWM2M Server Object). 2556 10.2.2. LWM2M Register Endpoint 2558 LWM2M defines a registration interface based on the REST API, 2559 described in Section 5. The RD registration URI path of the LWM2M RD 2560 is specified to be "/rd". 2562 LWM2M endpoints register object IDs, for example , to indicate 2563 that a particular object type is supported, and register object 2564 instances, for example , to indicate that a particular instance 2565 of that object type exists. 2567 Resources within the LWM2M object instance are not registered with 2568 the RD, but may be discovered by reading the resource links from the 2569 object instance using GET with a CoAP Content-Format of application/ 2570 link-format. Resources may also be read as a structured object by 2571 performing a GET to the object instance with a Content-Format of 2572 senml+json. 2574 When an LWM2M object or instance is registered, this indicates to the 2575 LWM2M server that the object and its resources are available for 2576 management and service enablement (REST API) operations. 2578 LWM2M endpoints may use the following RD registration parameters as 2579 defined in Table 3 : 2581 ep - Endpoint Name 2582 lt - registration lifetime 2584 Endpoint Name, Lifetime, and LWM2M Version are mandatory parameters 2585 for the register operation, all other registration parameters are 2586 optional. 2588 Additional optional LWM2M registration parameters are defined: 2590 +=========+=======+===============================+=============+ 2591 | Name | Query | Validity | Description | 2592 +=========+=======+===============================+=============+ 2593 | Binding | b | {"U",UQ","S","SQ","US","UQS"} | Available | 2594 | Mode | | | Protocols | 2595 +---------+-------+-------------------------------+-------------+ 2596 +---------+-------+-------------------------------+-------------+ 2597 | LWM2M | ver | 1.0 | Spec | 2598 | Version | | | Version | 2599 +---------+-------+-------------------------------+-------------+ 2600 +---------+-------+-------------------------------+-------------+ 2601 | SMS | sms | | MSISDN | 2602 | Number | | | | 2603 +---------+-------+-------------------------------+-------------+ 2605 Table 6: LWM2M Additional Registration Parameters 2607 The following RD registration parameters are not currently specified 2608 for use in LWM2M: 2610 et - Endpoint Type 2611 base - Registration Base URI 2613 The endpoint registration must include a payload containing links to 2614 all supported objects and existing object instances, optionally 2615 including the appropriate link-format relations. 2617 Here is an example LWM2M registration payload: 2619 ,,, 2621 This link format payload indicates that object ID 1 (LWM2M Server 2622 Object) is supported, with a single instance 0 existing, object ID 3 2623 (LWM2M Device object) is supported, with a single instance 0 2624 existing, and object 5 (LWM2M Firmware Object) is supported, with no 2625 existing instances. 2627 10.2.3. LWM2M Update Endpoint Registration 2629 The LwM2M update is really very similar to the registration update as 2630 described in Section 5.3.1, with the only difference that there are 2631 more parameters defined and available. All the parameters listed in 2632 that section are also available with the initial registration but are 2633 all optional: 2635 lt - Registration Lifetime 2636 b - Protocol Binding 2637 sms - MSISDN 2638 link payload - new or modified links 2640 A Registration update is also specified to be used to update the 2641 LWM2M server whenever the endpoint's UDP port or IP address are 2642 changed. 2644 10.2.4. LWM2M De-Register Endpoint 2646 LWM2M allows for de-registration using the delete method on the 2647 returned location from the initial registration operation. LWM2M de- 2648 registration proceeds as described in Section 5.3.2. 2650 11. Acknowledgments 2652 Oscar Novo, Srdjan Krco, Szymon Sasin, Kerry Lynn, Esko Dijk, Anders 2653 Brandt, Matthieu Vial, Jim Schaad, Mohit Sethi, Hauke Petersen, 2654 Hannes Tschofenig, Sampo Ukkola, Linyi Tian, Jan Newmarch, Matthias 2655 Kovatsch, Jaime Jimenez and Ted Lemon have provided helpful comments, 2656 discussions and ideas to improve and shape this document. Zach would 2657 also like to thank his colleagues from the EU FP7 SENSEI project, 2658 where many of the RD concepts were originally developed. 2660 12. Changelog 2662 changes from -24 to -25 2664 * Large rework of section 7 (Security policies) 2666 Rather than prescribing which data in the RD _is_ authenticated 2667 (and how), it now describes what applications built on an RD _can_ 2668 choose to authenticate, show possibilities on how to do it and 2669 outline what it means for clients. 2671 This addresses Russ' Genart review points on details in the text 2672 in a rather broad fashion. That is because the discussion on the 2673 topic inside the WG showed that that text on security has been 2674 driven more review-by-review than by an architectural plan of the 2675 authors and WG. 2677 * Add concrete suggestions (twice as long as registrant number with 2678 retries, or UUIDs without) for random endpoint names 2680 * Point out that simple registration can have faked origins, 2681 RECOMMEND mitigation when applicable and suggest the Echo 2682 mechanism to implement it. 2684 * Reference existing and upcoming specifications for DDOS mitigation 2685 in CoAP. 2687 * Explain the provenance of the example's multicast address. 2689 * Make "SHOULD" of not manipulating foreign registrations a "should" 2690 and explain how it is enforced 2692 * Clarify application of RFC6570 to search parameters 2694 * Syntactic fixes in examples 2696 * IANA: 2698 - Don't announce expected number of registrations (goes to write- 2699 up) 2701 - Include syntax as part of a field's validity in entry 2702 requirements 2704 * Editorial changes 2706 - Align wording between abstract and introduction 2708 - Abbreviation normalization: "ER model", "RD" 2710 - RFC8174 boilerplate update 2712 - Minor clarity fixes 2714 - Markup and layouting 2716 changes from -23 to -24 2718 * Discovery using DNS-SD added again 2720 * Minimum lifetime (lt) reduced from 60 to 1 2722 * References added 2724 * IANA considerations 2726 - added about .well-known/core resource 2728 - added DNS-SD service names 2730 - made RDAO option number a suggestion 2731 - added "reference" field to endpoint type registry 2733 * Lookup: mention that anchor is a legitimate lookup attribute 2735 * Terminology and example fixes 2737 * Layout fixes, esp. the use of non-ASCII characters in figures 2739 changes from -22 to -23 2741 * Explain that updates can not remove attributes 2743 * Typo fixes 2745 changes from -21 to -22 2747 * Request a dedicated IPv4 address from IANA (rather than sharing 2748 with All CoAP nodes) 2750 * Fix erroneous examples 2752 * Editorial changes 2754 - Add figure numbers to examples 2756 - Update RD parameters table to reflect changes of earlier 2757 versions in the text 2759 - Typos and minor wording 2761 changes from -20 to -21 2763 (Processing comments during WGLC) 2765 * Defer outdated description of using DNS-SD to find an RD to the 2766 defining document 2768 * Describe operational conditions in automation example 2770 * Recommend particular discovery mechanisms for some managed network 2771 scenarios 2773 changes from -19 to -20 2775 (Processing comments from the WG chair review) 2777 * Define the permissible characters in endpoint and sector names 2778 * Express requirements on NAT situations in more abstract terms 2780 * Shifted heading levels to have the interfaces on the same level 2782 * Group instructions for error handling into general section 2784 * Simple Registration: process reflowed into items list 2786 * Updated introduction to reflect state of CoRE in general, 2787 reference RFC7228 (defining "constrained") and use "IoT" term in 2788 addition to "M2M" 2790 * Update acknowledgements 2792 * Assorted editorial changes 2794 - Unify examples style 2796 - Terminology: RDAO defined and not only expanded 2798 - Add CT to Figure 1 2800 - Consistency in the use of the term "Content Format" 2802 changes from -18 to -19 2804 * link-local addresses: allow but prescribe split-horizon fashion 2805 when used, disallow zone identifiers 2807 * Remove informative references to documents not mentioned any more 2809 changes from -17 to -18 2811 * Rather than re-specifying link format (Modernized Link Format), 2812 describe a Limited Link Format that's the uncontested subset of 2813 Link Format 2815 * Acknowledging the -17 version as part of the draft 2817 * Move "Read endpoint links" operation to future specification like 2818 PATCH 2820 * Demote links-json to an informative reference, and removed them 2821 from exchange examples 2823 * Add note on unusability of link-local IP addresses, and describe 2824 mitigation. 2826 * Reshuffling of sections: Move additional operations and endpoint 2827 lookup back from appendix, and groups into one 2829 * Lookup interface tightened to not imply applicability for non 2830 link-format lookups (as those can have vastly different views on 2831 link cardinality) 2833 * Simple registration: Change sequence of GET and POST-response, 2834 ensuring unsuccessful registrations are reported as such, and 2835 suggest how devices that would have required the inverse behavior 2836 can still cope with it. 2838 * Abstract and introduction reworded to avoid the impression that 2839 resources are stored in full in the RD 2841 * Simplify the rules governing when a registration resource can or 2842 must be changed. 2844 * Drop a figure that has become useless due to the changes of and 2845 -13 and -17 2847 * Wording consistency fixes: Use "Registrations" and "target 2848 attributes" 2850 * Fix incorrect use of content negotiation in discovery interface 2851 description (Content-Format -> Accept) 2853 * State that the base attribute value is part of endpoint lookup 2854 even when implicit in the registration 2856 * Update references from RFC5988 to its update RFC8288 2858 * Remove appendix on protocol-negotiation (which had a note to be 2859 removed before publication) 2861 changes from -16 to -17 2863 (Note that -17 is published as a direct follow-up to -16, containing 2864 a single change to be discussed at IETF103) 2866 * Removed groups that are enumerations of registrations and have 2867 dedicated mechanism 2869 * Add groups that are enumerations of shared resources and are a 2870 special case of endpoint registrations 2872 changes from -15 to -16 2873 * Recommend a common set of resources for members of a group 2875 * Clarified use of multicast group in lighting example 2877 * Add note on concurrent registrations from one EP being possible 2878 but not expected 2880 * Refresh web examples appendix to reflect current use of Modernized 2881 Link Format 2883 * Add examples of URIs where Modernized Link Format matters 2885 * Editorial changes 2887 changes from -14 to -15 2889 * Rewrite of section "Security policies" 2891 * Clarify that the "base" parameter text applies both to relative 2892 references both in anchor and href 2894 * Renamed "Registree-EP" to Registrant-EP" 2896 * Talk of "relative references" and "URIs" rather than "relative" 2897 and "absolute" URIs. (The concept of "absolute URIs" of [RFC3986] 2898 is not needed in RD). 2900 * Fixed examples 2902 * Editorial changes 2904 changes from -13 to -14 2906 * Rename "registration context" to "registration base URI" (and 2907 "con" to "base") and "domain" to "sector" (where the abbreviation 2908 "d" stays for compatibility reasons) 2910 * Introduced resource types core.rd-ep and core.rd-gp 2912 * Registration management moved to appendix A, including endpoint 2913 and group lookup 2915 * Minor editorial changes 2917 - PATCH/iPATCH is clearly deferred to another document 2919 - Recommend against query / fragment identifier in con= 2920 - Interface description lists are described as illustrative 2922 - Rewording of Simple Registration 2924 * Simple registration carries no error information and succeeds 2925 immediately (previously, sequence was unspecified) 2927 * Lookup: href are matched against resolved values (previously, this 2928 was unspecified) 2930 * Lookup: lt are not exposed any more 2932 * con/base: Paths are allowed 2934 * Registration resource locations can not have query or fragment 2935 parts 2937 * Default life time extended to 25 hours 2939 * clarified registration update rules 2941 * lt-value semantics for lookup clarified. 2943 * added template for simple registration 2945 changes from -12 to -13 2947 * Added "all resource directory" nodes MC address 2949 * Clarified observation behavior 2951 * version identification 2953 * example rt= and et= values 2955 * domain from figure 2 2957 * more explanatory text 2959 * endpoints of a groups hosted by different RD 2961 * resolve RFC6690-vs-8288 resolution ambiguities: 2963 - require registered links not to be relative when using anchor 2965 - return absolute URIs in resource lookup 2967 changes from -11 to -12 2968 * added Content Model section, including ER diagram 2970 * removed domain lookup interface; domains are now plain attributes 2971 of groups and endpoints 2973 * updated chapter "Finding a Resource Directory"; now distinguishes 2974 configuration-provided, network-provided and heuristic sources 2976 * improved text on: atomicity, idempotency, lookup with multiple 2977 parameters, endpoint removal, simple registration 2979 * updated LWM2M description 2981 * clarified where relative references are resolved, and how context 2982 and anchor interact 2984 * new appendix on the interaction with RFCs 6690, 5988 and 3986 2986 * lookup interface: group and endpoint lookup return group and 2987 registration resources as link targets 2989 * lookup interface: search parameters work the same across all 2990 entities 2992 * removed all methods that modify links in an existing registration 2993 (POST with payload, PATCH and iPATCH) 2995 * removed plurality definition (was only needed for link 2996 modification) 2998 * enhanced IANA registry text 3000 * state that lookup resources can be observable 3002 * More examples and improved text 3004 changes from -09 to -10 3006 * removed "ins" and "exp" link-format extensions. 3008 * removed all text concerning DNS-SD. 3010 * removed inconsistency in RDAO text. 3012 * suggestions taken over from various sources 3014 * replaced "Function Set" with "REST API", "base URI", "base path" 3015 * moved simple registration to registration section 3017 changes from -08 to -09 3019 * clarified the "example use" of the base RD resource values /rd, 3020 /rd-lookup, and /rd-group. 3022 * changed "ins" ABNF notation. 3024 * various editorial improvements, including in examples 3026 * clarifications for RDAO 3028 changes from -07 to -08 3030 * removed link target value returned from domain and group lookup 3031 types 3033 * Maximum length of domain parameter 63 bytes for consistency with 3034 group 3036 * removed option for simple POST of link data, don't require a 3037 .well-known/core resource to accept POST data and handle it in a 3038 special way; we already have /rd for that 3040 * add IPv6 ND Option for discovery of an RD 3042 * clarify group configuration section 6.1 that endpoints must be 3043 registered before including them in a group 3045 * removed all superfluous client-server diagrams 3047 * simplified lighting example 3049 * introduced Commissioning Tool 3051 * RD-Look-up text is extended. 3053 changes from -06 to -07 3055 * added text in the discovery section to allow content format hints 3056 to be exposed in the discovery link attributes 3058 * editorial updates to section 9 3060 * update author information 3062 * minor text corrections 3063 Changes from -05 to -06 3065 * added note that the PATCH section is contingent on the progress of 3066 the PATCH method 3068 changes from -04 to -05 3070 * added Update Endpoint Links using PATCH 3072 * http access made explicit in interface specification 3074 * Added http examples 3076 Changes from -03 to -04: 3078 * Added http response codes 3080 * Clarified endpoint name usage 3082 * Add application/link-format+cbor content-format 3084 Changes from -02 to -03: 3086 * Added an example for lighting and DNS integration 3088 * Added an example for RD use in OMA LWM2M 3090 * Added Read Links operation for link inspection by endpoints 3092 * Expanded DNS-SD section 3094 * Added draft authors Peter van der Stok and Michael Koster 3096 Changes from -01 to -02: 3098 * Added a catalogue use case. 3100 * Changed the registration update to a POST with optional link 3101 format payload. Removed the endpoint type update from the update. 3103 * Additional examples section added for more complex use cases. 3105 * New DNS-SD mapping section. 3107 * Added text on endpoint identification and authentication. 3109 * Error code 4.04 added to Registration Update and Delete requests. 3111 * Made 63 bytes a SHOULD rather than a MUST for endpoint name and 3112 resource type parameters. 3114 Changes from -00 to -01: 3116 * Removed the ETag validation feature. 3118 * Place holder for the DNS-SD mapping section. 3120 * Explicitly disabled GET or POST on returned Location. 3122 * New registry for RD parameters. 3124 * Added support for the JSON Link Format. 3126 * Added reference to the Groupcomm WG draft. 3128 Changes from -05 to WG Document -00: 3130 * Updated the version and date. 3132 Changes from -04 to -05: 3134 * Restricted Update to parameter updates. 3136 * Added pagination support for the Lookup interface. 3138 * Minor editing, bug fixes and reference updates. 3140 * Added group support. 3142 * Changed rt to et for the registration and update interface. 3144 Changes from -03 to -04: 3146 * Added the ins= parameter back for the DNS-SD mapping. 3148 * Integrated the Simple Directory Discovery from Carsten. 3150 * Editorial improvements. 3152 * Fixed the use of ETags. 3154 * Fixed tickets 383 and 372 3156 Changes from -02 to -03: 3158 * Changed the endpoint name back to a single registration parameter 3159 ep= and removed the h= and ins= parameters. 3161 * Updated REST interface descriptions to use RFC6570 URI Template 3162 format. 3164 * Introduced an improved RD Lookup design as its own function set. 3166 * Improved the security considerations section. 3168 * Made the POST registration interface idempotent by requiring the 3169 ep= parameter to be present. 3171 Changes from -01 to -02: 3173 * Added a terminology section. 3175 * Changed the inclusion of an ETag in registration or update to a 3176 MAY. 3178 * Added the concept of an RD Domain and a registration parameter for 3179 it. 3181 * Recommended the Location returned from a registration to be 3182 stable, allowing for endpoint and Domain information to be changed 3183 during updates. 3185 * Changed the lookup interface to accept endpoint and Domain as 3186 query string parameters to control the scope of a lookup. 3188 13. References 3190 13.1. Normative References 3192 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 3193 Requirement Levels", BCP 14, RFC 2119, 3194 DOI 10.17487/RFC2119, March 1997, 3195 . 3197 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 3198 Resource Identifier (URI): Generic Syntax", STD 66, 3199 RFC 3986, DOI 10.17487/RFC3986, January 2005, 3200 . 3202 [RFC6570] Gregorio, J., Fielding, R., Hadley, M., Nottingham, M., 3203 and D. Orchard, "URI Template", RFC 6570, 3204 DOI 10.17487/RFC6570, March 2012, 3205 . 3207 [RFC6690] Shelby, Z., "Constrained RESTful Environments (CoRE) Link 3208 Format", RFC 6690, DOI 10.17487/RFC6690, August 2012, 3209 . 3211 [RFC6763] Cheshire, S. and M. Krochmal, "DNS-Based Service 3212 Discovery", RFC 6763, DOI 10.17487/RFC6763, February 2013, 3213 . 3215 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 3216 Writing an IANA Considerations Section in RFCs", BCP 26, 3217 RFC 8126, DOI 10.17487/RFC8126, June 2017, 3218 . 3220 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 3221 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 3222 May 2017, . 3224 13.2. Informative References 3226 [ER] Chen, P., "The entity-relationship model--toward a unified 3227 view of data", DOI 10.1145/320434.320440, ACM Transactions 3228 on Database Systems Vol. 1, pp. 9-36, March 1976, 3229 . 3231 [I-D.bormann-t2trg-rel-impl] 3232 Bormann, C., "impl-info: A link relation type for 3233 disclosing implementation information", Work in Progress, 3234 Internet-Draft, draft-bormann-t2trg-rel-impl-01, 27 March 3235 2020, . 3238 [I-D.hartke-t2trg-coral] 3239 Hartke, K., "The Constrained RESTful Application Language 3240 (CoRAL)", Work in Progress, Internet-Draft, draft-hartke- 3241 t2trg-coral-09, 8 July 2019, . 3244 [I-D.ietf-ace-oauth-authz] 3245 Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and 3246 H. Tschofenig, "Authentication and Authorization for 3247 Constrained Environments (ACE) using the OAuth 2.0 3248 Framework (ACE-OAuth)", Work in Progress, Internet-Draft, 3249 draft-ietf-ace-oauth-authz-35, 24 June 2020, 3250 . 3253 [I-D.ietf-core-echo-request-tag] 3254 Amsuess, C., Mattsson, J., and G. Selander, "CoAP: Echo, 3255 Request-Tag, and Token Processing", Work in Progress, 3256 Internet-Draft, draft-ietf-core-echo-request-tag-09, 9 3257 March 2020, . 3260 [I-D.ietf-core-links-json] 3261 Li, K., Rahman, A., and C. Bormann, "Representing 3262 Constrained RESTful Environments (CoRE) Link Format in 3263 JSON and CBOR", Work in Progress, Internet-Draft, draft- 3264 ietf-core-links-json-10, 26 February 2018, 3265 . 3268 [I-D.ietf-core-rd-dns-sd] 3269 Stok, P., Koster, M., and C. Amsuess, "CoRE Resource 3270 Directory: DNS-SD mapping", Work in Progress, Internet- 3271 Draft, draft-ietf-core-rd-dns-sd-05, 7 July 2019, 3272 . 3275 [I-D.silverajan-core-coap-protocol-negotiation] 3276 Silverajan, B. and M. Ocak, "CoAP Protocol Negotiation", 3277 Work in Progress, Internet-Draft, draft-silverajan-core- 3278 coap-protocol-negotiation-09, 2 July 2018, 3279 . 3282 [RFC3306] Haberman, B. and D. Thaler, "Unicast-Prefix-based IPv6 3283 Multicast Addresses", RFC 3306, DOI 10.17487/RFC3306, 3284 August 2002, . 3286 [RFC3849] Huston, G., Lord, A., and P. Smith, "IPv6 Address Prefix 3287 Reserved for Documentation", RFC 3849, 3288 DOI 10.17487/RFC3849, July 2004, 3289 . 3291 [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally 3292 Unique IDentifier (UUID) URN Namespace", RFC 4122, 3293 DOI 10.17487/RFC4122, July 2005, 3294 . 3296 [RFC4944] Montenegro, G., Kushalnagar, N., Hui, J., and D. Culler, 3297 "Transmission of IPv6 Packets over IEEE 802.15.4 3298 Networks", RFC 4944, DOI 10.17487/RFC4944, September 2007, 3299 . 3301 [RFC5771] Cotton, M., Vegoda, L., and D. Meyer, "IANA Guidelines for 3302 IPv4 Multicast Address Assignments", BCP 51, RFC 5771, 3303 DOI 10.17487/RFC5771, March 2010, 3304 . 3306 [RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C. 3307 Bormann, "Neighbor Discovery Optimization for IPv6 over 3308 Low-Power Wireless Personal Area Networks (6LoWPANs)", 3309 RFC 6775, DOI 10.17487/RFC6775, November 2012, 3310 . 3312 [RFC6874] Carpenter, B., Cheshire, S., and R. Hinden, "Representing 3313 IPv6 Zone Identifiers in Address Literals and Uniform 3314 Resource Identifiers", RFC 6874, DOI 10.17487/RFC6874, 3315 February 2013, . 3317 [RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for 3318 Constrained-Node Networks", RFC 7228, 3319 DOI 10.17487/RFC7228, May 2014, 3320 . 3322 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 3323 Protocol (HTTP/1.1): Message Syntax and Routing", 3324 RFC 7230, DOI 10.17487/RFC7230, June 2014, 3325 . 3327 [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained 3328 Application Protocol (CoAP)", RFC 7252, 3329 DOI 10.17487/RFC7252, June 2014, 3330 . 3332 [RFC7390] Rahman, A., Ed. and E. Dijk, Ed., "Group Communication for 3333 the Constrained Application Protocol (CoAP)", RFC 7390, 3334 DOI 10.17487/RFC7390, October 2014, 3335 . 3337 [RFC7641] Hartke, K., "Observing Resources in the Constrained 3338 Application Protocol (CoAP)", RFC 7641, 3339 DOI 10.17487/RFC7641, September 2015, 3340 . 3342 [RFC8132] van der Stok, P., Bormann, C., and A. Sehgal, "PATCH and 3343 FETCH Methods for the Constrained Application Protocol 3344 (CoAP)", RFC 8132, DOI 10.17487/RFC8132, April 2017, 3345 . 3347 [RFC8141] Saint-Andre, P. and J. Klensin, "Uniform Resource Names 3348 (URNs)", RFC 8141, DOI 10.17487/RFC8141, April 2017, 3349 . 3351 [RFC8288] Nottingham, M., "Web Linking", RFC 8288, 3352 DOI 10.17487/RFC8288, October 2017, 3353 . 3355 Appendix A. Groups Registration and Lookup 3357 The RD-Groups usage pattern allows announcing application groups 3358 inside an RD. 3360 Groups are represented by endpoint registrations. Their base address 3361 is a multicast address, and they SHOULD be entered with the endpoint 3362 type "core.rd-group". The endpoint name can also be referred to as a 3363 group name in this context. 3365 The registration is inserted into the RD by a Commissioning Tool, 3366 which might also be known as a group manager here. It performs third 3367 party registration and registration updates. 3369 The links it registers SHOULD be available on all members that join 3370 the group. Depending on the application, members that lack some 3371 resource MAY be permissible if requests to them fail gracefully. 3373 The following example shows a CT registering a group with the name 3374 "lights" which provides two resources. The directory resource path 3375 /rd is an example RD location discovered in a request similar to 3376 Figure 5. The group address in the example is constructed from 3377 [RFC3849]'s reserved 2001:db8:: prefix as a unicast-prefix based 3378 site-local address (see [RFC3306]. 3380 Req: POST coap://rd.example.com/rd?ep=lights&et=core.rd-group 3381 &base=coap://[ff35:30:2001:db8::1] 3382 Content-Format: 40 3383 Payload: 3384 ;rt="light";if="core.a", 3385 ;if="core.p";u="K" 3387 Res: 2.01 Created 3388 Location-Path: /rd/12 3390 Figure 27: Example registration of a group 3392 In this example, the group manager can easily permit devices that 3393 have no writable color-temperature to join, as they would still 3394 respond to brightness changing commands. Had the group instead 3395 contained a single resource that sets brightness and color 3396 temperature atomically, endpoints would need to support both 3397 properties. 3399 The resources of a group can be looked up like any other resource, 3400 and the group registrations (along with any additional registration 3401 parameters) can be looked up using the endpoint lookup interface. 3403 The following example shows a client performing and endpoint lookup 3404 for all groups. 3406 Req: GET /rd-lookup/ep?et=core.rd-group 3408 Res: 2.05 Content 3409 Payload: 3410 ;ep="GRP_R2-4-015";et="core.rd-group"; 3411 base="coap://[ff05::1]", 3412 ;ep=lights&et=core.rd-group; 3413 base="coap://[ff35:30:2001:db8::1]";rt="core.rd-ep" 3415 Figure 28: Example lookup of groups 3417 The following example shows a client performing a lookup of all 3418 resources of all endpoints (groups) with et=core.rd-group. 3420 Req: GET /rd-lookup/res?et=core.rd-group 3422 ;rt="light";if="core.a"; 3423 et="core.rd-group";anchor="coap://[ff35:30:2001:db8::1]", 3424 ;if="core.p";u="K"; 3425 et="core.rd-group"; 3426 anchor="coap://[ff35:30:2001:db8::1]" 3428 Figure 29: Example lookup of resources inside groups 3430 Appendix B. Web links and the Resource Directory 3432 Understanding the semantics of a link-format document and its URI 3433 references is a journey through different documents ([RFC3986] 3434 defining URIs, [RFC6690] defining link-format documents based on 3435 [RFC8288] which defines Link header fields, and [RFC7252] providing 3436 the transport). This appendix summarizes the mechanisms and 3437 semantics at play from an entry in ".well-known/core" to a resource 3438 lookup. 3440 This text is primarily aimed at people entering the field of 3441 Constrained Restful Environments from applications that previously 3442 did not use web mechanisms. 3444 The explanation of the steps makes some shortcuts in the more 3445 confusing details of [RFC6690], which are justified as all examples 3446 being in Limited Link Format. 3448 B.1. A simple example 3450 Let's start this example with a very simple host, "2001:db8:f0::1". 3451 A client that follows classical CoAP Discovery ([RFC7252] Section 7), 3452 sends the following multicast request to learn about neighbours 3453 supporting resources with resource-type "temperature". 3455 The client sends a link-local multicast: 3457 GET coap://[ff02::fd]:5683/.well-known/core?rt=temperature 3459 RES 2.05 Content 3460 ;rt=temperature;ct=0 3462 Figure 30: Example of direct resource discovery 3464 where the response is sent by the server, "[2001:db8:f0::1]:5683". 3466 While the client - on the practical or implementation side - can just 3467 go ahead and create a new request to "[2001:db8:f0::1]:5683" with 3468 Uri-Path: "temp", the full resolution steps for insertion into and 3469 retrieval from the RD without any shortcuts are: 3471 B.1.1. Resolving the URIs 3473 The client parses the single returned record. The link's target 3474 (sometimes called "href") is ""/temp"", which is a relative URI that 3475 needs resolving. The base URI is used to resolve the reference /temp against. 3478 The Base URI of the requested resource can be composed from the 3479 options of the CoAP GET request by following the steps of [RFC7252] 3480 section 6.5 (with an addition at the end of 8.2) into 3481 ""coap://[2001:db8:f0::1]/.well-known/core"". 3483 Because ""/temp"" starts with a single slash, the record's target is 3484 resolved by replacing the path ""/.well-known/core"" from the Base 3485 URI (section 5.2 [RFC3986]) with the relative target URI ""/temp"" 3486 into ""coap://[2001:db8:f0::1]/temp"". 3488 B.1.2. Interpreting attributes and relations 3490 Some more information but the record's target can be obtained from 3491 the payload: the resource type of the target is "temperature", and 3492 its content format is text/plain (ct=0). 3494 A relation in a web link is a three-part statement that specifies a 3495 named relation between the so-called "context resource" and the 3496 target resource, like "_This page_ has _its table of contents_ at _/ 3497 toc.html_". In link format documents, there is an implicit "host 3498 relation" specified with default parameter: rel="hosts". 3500 In our example, the context resource of the link is the URI specified 3501 in the GET request "coap:://[2001:db8:f0::1]/.well-known/core". A 3502 full English expression of the "host relation" is: 3504 '"coap://[2001:db8:f0::1]/.well-known/core" is hosting the resource 3505 "coap://[2001:db8:f0::1]/temp", which is of the resource type 3506 "temperature" and can be accessed using the text/plain content 3507 format.' 3509 B.2. A slightly more complex example 3511 Omitting the "rt=temperature" filter, the discovery query would have 3512 given some more records in the payload: 3514 GET coap://[ff02::fd]:5683/.well-known/core 3516 RES 2.05 Content 3517 ;rt=temperature;ct=0, 3518 ;rt=light-lux;ct=0, 3519 ;anchor="/sensors/temp";rel=alternate, 3520 ;anchor="/temp"; 3521 rel="describedby" 3523 Figure 31: Extended example of direct resource discovery 3525 Parsing the third record, the client encounters the "anchor" 3526 parameter. It is a URI relative to the Base URI of the request and 3527 is thus resolved to ""coap://[2001:db8:f0::1]/sensors/temp"". That 3528 is the context resource of the link, so the "rel" statement is not 3529 about the target and the Base URI any more, but about the target and 3530 the resolved URI. Thus, the third record could be read as 3531 ""coap://[2001:db8:f0::1]/sensors/temp" has an alternate 3532 representation at "coap://[2001:db8:f0::1]/t"". 3534 Following the same resolution steps, the fourth record can be read as 3535 ""coap://[2001:db8:f0::1]/sensors/temp" is described by 3536 "http://www.example.com/sensors/t123"". 3538 B.3. Enter the Resource Directory 3540 The RD tries to carry the semantics obtainable by classical CoAP 3541 discovery over to the resource lookup interface as faithfully as 3542 possible. 3544 For the following queries, we will assume that the simple host has 3545 used Simple Registration to register at the RD that was announced to 3546 it, sending this request from its UDP port "[2001:db8:f0::1]:6553": 3548 POST coap://[2001:db8:f01::ff]/.well-known/core?ep=simple-host1 3550 Figure 32: Example request starting a simple registration 3552 The RD would have accepted the registration, and queried the simple 3553 host's ".well-known/core" by itself. As a result, the host is 3554 registered as an endpoint in the RD with the name "simple-host1". 3555 The registration is active for 90000 seconds, and the endpoint 3556 registration Base URI is ""coap://[2001:db8:f0::1]"" following the 3557 resolution steps described in Appendix B.1.1. It should be remarked 3558 that the Base URI constructed that way always yields a URI of the 3559 form: scheme://authority without path suffix. 3561 If the client now queries the RD as it would previously have issued a 3562 multicast request, it would go through the RD discovery steps by 3563 fetching "coap://[2001:db8:f0::ff]/.well-known/core?rt=core.rd- 3564 lookup-res", obtain "coap://[2001:db8:f0::ff]/rd-lookup/res" as the 3565 resource lookup endpoint, and issue a request to 3566 "coap://[2001:db8:f0::ff]/rd-lookup/res?rt=temperature" to receive 3567 the following data: 3569 ;rt=temperature;ct=0; 3570 anchor="coap://[2001:db8:f0::1]" 3572 Figure 33: Example payload of a response to a resource lookup 3574 This is not _literally_ the same response that it would have received 3575 from a multicast request, but it contains the equivalent statement: 3577 '"coap://[2001:db8:f0::1]" is hosting the resource 3578 "coap://[2001:db8:f0::1]/temp", which is of the resource type 3579 "temperature" and can be accessed using the text/plain content 3580 format.' 3581 (The difference is whether "/" or "/.well-known/core" hosts the 3582 resources, which does not matter in this application; if it did, the 3583 endpoint would have been more explicit. Actually, /.well-known/core 3584 does NOT host the resource but stores a URI reference to the 3585 resource.) 3587 To complete the examples, the client could also query all resources 3588 hosted at the endpoint with the known endpoint name "simple-host1". 3589 A request to "coap://[2001:db8:f0::ff]/rd-lookup/res?ep=simple-host1" 3590 would return 3592 ;rt=temperature;ct=0; 3593 anchor="coap://[2001:db8:f0::1]", 3594 ;rt=light-lux;ct=0; 3595 anchor="coap://[2001:db8:f0::1]", 3596 ; 3597 anchor="coap://[2001:db8:f0::1]/sensors/temp";rel=alternate, 3598 ; 3599 anchor="coap://[2001:db8:f0::1]/sensors/temp";rel="describedby" 3601 Figure 34: Extended example payload of a response to a resource 3602 lookup 3604 All the target and anchor references are already in absolute form 3605 there, which don't need to be resolved any further. 3607 Had the simple host done an equivalent full registration with a base= 3608 parameter (e.g. "?ep=simple-host1&base=coap+tcp://simple- 3609 host1.example.com"), that context would have been used to resolve the 3610 relative anchor values instead, giving 3612 ;rt=temperature;ct=0; 3613 anchor="coap+tcp://simple-host1.example.com" 3615 Figure 35: Example payload of a response to a resource lookup 3616 with a dedicated base URI 3618 and analogous records. 3620 B.4. A note on differences between link-format and Link header fields 3622 While link-format and Link header fields look very similar and are 3623 based on the same model of typed links, there are some differences 3624 between [RFC6690] and [RFC8288], which are dealt with differently: 3626 * "Resolving the target against the anchor": [RFC6690] Section 2.1 3627 states that the anchor of a link is used as the Base URI against 3628 which the term inside the angle brackets (the target) is resolved, 3629 falling back to the resource's URI with paths stripped off (its 3630 "Origin"). In contrast to that, [RFC8288] Section B.2 describes 3631 that the anchor is immaterial to the resolution of the target 3632 reference. 3634 RFC6690, in the same section, also states that absent anchors set 3635 the context of the link to the target's URI with its path stripped 3636 off, while according to [RFC8288] Section 3.2, the context is the 3637 resource's base URI. 3639 The rules introduced in Appendix C ensure that an RD does not need 3640 to deal with those differences when processing input data. Lookup 3641 results are required to be absolute references for the same 3642 reason. 3644 * There is no percent encoding in link-format documents. 3646 A link-format document is a UTF-8 encoded string of Unicode 3647 characters and does not have percent encoding, while Link header 3648 fields are practically ASCII strings that use percent encoding for 3649 non-ASCII characters, stating the encoding explicitly when 3650 required. 3652 For example, while a Link header field in a page about a Swedish 3653 city might read 3655 Link: ;rel="live-environment-data" 3657 a link-format document from the same source might describe the 3658 link as 3660 ;rel="live-environment-data" 3662 Parsers and producers of link-format and header fields need to be 3663 aware of this difference. 3665 Appendix C. Limited Link Format 3667 The CoRE Link Format as described in [RFC6690] has been interpreted 3668 differently by implementers, and a strict implementation rules out 3669 some use cases of an RD (e.g. base values with path components). 3671 This appendix describes a subset of link format documents called 3672 Limited Link Format. The rules herein are not very limiting in 3673 practice - all examples in RFC6690, and all deployments the authors 3674 are aware of already stick to them - but ease the implementation of 3675 RD servers. 3677 It is applicable to representations in the application/link-format 3678 media type, and any other media types that inherit [RFC6690] 3679 Section 2.1. 3681 A link format representation is in Limited Link format if, for each 3682 link in it, the following applies: 3684 * All URI references either follow the URI or the path-absolute ABNF 3685 rule of RFC3986 (i.e. target and anchor each either start with a 3686 scheme or with a single slash), 3688 * if the anchor reference starts with a scheme, the target reference 3689 starts with a scheme as well (i.e. relative references in target 3690 cannot be used when the anchor is a full URI), and 3692 * the application does not care whether links without an explicitly 3693 given anchor have the origin's "/" or "/.well-known/core" resource 3694 as their link context. 3696 Authors' Addresses 3698 Zach Shelby 3699 ARM 3700 150 Rose Orchard 3701 San Jose, 95134 3702 United States of America 3704 Phone: +1-408-203-9434 3705 Email: zach.shelby@arm.com 3707 Michael Koster 3708 SmartThings 3709 665 Clyde Avenue 3710 Mountain View, 94043 3711 United States of America 3713 Phone: +1-707-502-5136 3714 Email: Michael.Koster@smartthings.com 3716 Carsten Bormann 3717 Universitaet Bremen TZI 3718 Postfach 330440 3719 D-28359 Bremen 3720 Germany 3722 Phone: +49-421-218-63921 3723 Email: cabo@tzi.org 3725 Peter van der Stok 3726 consultant 3728 Phone: +31-492474673 (Netherlands), +33-966015248 (France) 3729 Email: consultancy@vanderstok.org 3730 URI: www.vanderstok.org 3732 Christian Amsüss (editor) 3733 Hollandstr. 12/4 3734 1020 3735 Austria 3737 Phone: +43-664-9790639 3738 Email: christian@amsuess.com