rfc9176.original   rfc9176.txt 
CoRE C. Amsüss, Ed. Internet Engineering Task Force (IETF) C. Amsüss, Ed.
Internet-Draft Request for Comments: 9176
Intended status: Standards Track Z. Shelby Category: Standards Track Z. Shelby
Expires: 8 September 2021 ARM ISSN: 2070-1721 Edge Impulse
M. Koster M. Koster
SmartThings PassiveLogic
C. Bormann C. Bormann
Universitaet Bremen TZI Universität Bremen TZI
P. van der Stok P. van der Stok
consultant vanderstok consultancy
7 March 2021 April 2022
CoRE Resource Directory Constrained RESTful Environments (CoRE) Resource Directory
draft-ietf-core-resource-directory-28
Abstract Abstract
In many IoT applications, direct discovery of resources is not In many Internet of Things (IoT) applications, direct discovery of
practical due to sleeping nodes, or networks where multicast traffic resources is not practical due to sleeping nodes or networks where
is inefficient. These problems can be solved by employing an entity multicast traffic is inefficient. These problems can be solved by
called a Resource Directory (RD), which contains information about employing an entity called a Resource Directory (RD), which contains
resources held on other servers, allowing lookups to be performed for information about resources held on other servers, allowing lookups
those resources. The input to an RD is composed of links and the to be performed for those resources. The input to an RD is composed
output is composed of links constructed from the information stored of links, and the output is composed of links constructed from the
in the RD. This document specifies the web interfaces that an RD information stored in the RD. This document specifies the web
supports for web servers to discover the RD and to register, interfaces that an RD supports for web servers to discover the RD and
maintain, lookup and remove information on resources. Furthermore, to register, maintain, look up, and remove information on resources.
new target attributes useful in conjunction with an RD are defined. Furthermore, new target attributes useful in conjunction with an RD
are defined.
Note to Readers
Discussion of this document takes place on the CORE Working Group
mailing list (core@ietf.org), which is archived at
https://mailarchive.ietf.org/arch/browse/core/
(https://mailarchive.ietf.org/arch/browse/core/).
Source for this draft and an issue tracker can be found at
https://github.com/core-wg/resource-directory (https://github.com/
core-wg/resource-directory).
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on 8 September 2021. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9176.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. Code Components carefully, as they describe your rights and restrictions with respect
extracted from this document must include Simplified BSD License text to this document. Code Components extracted from this document must
as described in Section 4.e of the Trust Legal Provisions and are include Revised BSD License text as described in Section 4.e of the
provided without warranty as described in the Simplified BSD License. Trust Legal Provisions and are provided without warranty as described
in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology
3. Architecture and Use Cases . . . . . . . . . . . . . . . . . 6 3. Architecture and Use Cases
3.1. Principles . . . . . . . . . . . . . . . . . . . . . . . 6 3.1. Principles
3.2. Architecture . . . . . . . . . . . . . . . . . . . . . . 7 3.2. Architecture
3.3. RD Content Model . . . . . . . . . . . . . . . . . . . . 8 3.3. RD Content Model
3.4. Link-local addresses and zone identifiers . . . . . . . . 12 3.4. Link-Local Addresses and Zone Identifiers
3.5. Use Case: Cellular M2M . . . . . . . . . . . . . . . . . 12 3.5. Use Case: Cellular M2M
3.6. Use Case: Home and Building Automation . . . . . . . . . 13 3.6. Use Case: Home and Building Automation
3.7. Use Case: Link Catalogues . . . . . . . . . . . . . . . . 14 3.7. Use Case: Link Catalogues
4. RD discovery and other interface-independent components . . . 14 4. RD Discovery and Other Interface-Independent Components
4.1. Finding a Resource Directory . . . . . . . . . . . . . . 15 4.1. Finding a Resource Directory
4.1.1. Resource Directory Address Option (RDAO) . . . . . . 17 4.1.1. Resource Directory Address Option (RDAO)
4.1.2. Using DNS-SD to discover a Resource Directory . . . . 19 4.1.2. Using DNS-SD to Discover a Resource Directory
4.2. Payload Content Formats . . . . . . . . . . . . . . . . . 19 4.2. Payload Content Formats
4.3. URI Discovery . . . . . . . . . . . . . . . . . . . . . . 19 4.3. URI Discovery
5. Registration . . . . . . . . . . . . . . . . . . . . . . . . 22 5. Registration
5.1. Simple Registration . . . . . . . . . . . . . . . . . . . 27 5.1. Simple Registration
5.2. Third-party registration . . . . . . . . . . . . . . . . 29 5.2. Third-Party Registration
5.3. Operations on the Registration Resource . . . . . . . . . 30 5.3. Operations on the Registration Resource
5.3.1. Registration Update . . . . . . . . . . . . . . . . . 30 5.3.1. Registration Update
5.3.2. Registration Removal . . . . . . . . . . . . . . . . 34 5.3.2. Registration Removal
5.3.3. Further operations . . . . . . . . . . . . . . . . . 34 5.3.3. Further Operations
5.3.4. Request freshness . . . . . . . . . . . . . . . . . . 35 5.3.4. Request Freshness
6. RD Lookup . . . . . . . . . . . . . . . . . . . . . . . . . . 37 6. RD Lookup
6.1. Resource lookup . . . . . . . . . . . . . . . . . . . . . 37 6.1. Resource Lookup
6.2. Lookup filtering . . . . . . . . . . . . . . . . . . . . 38 6.2. Lookup Filtering
6.3. Resource lookup examples . . . . . . . . . . . . . . . . 40 6.3. Resource Lookup Examples
6.4. Endpoint lookup . . . . . . . . . . . . . . . . . . . . . 42 6.4. Endpoint Lookup
7. Security policies . . . . . . . . . . . . . . . . . . . . . . 43 7. Security Policies
7.1. Endpoint name . . . . . . . . . . . . . . . . . . . . . . 44 7.1. Endpoint Name
7.1.1. Random endpoint names . . . . . . . . . . . . . . . . 44 7.1.1. Random Endpoint Names
7.2. Entered resources . . . . . . . . . . . . . . . . . . . . 44 7.2. Entered Links
7.3. Link confidentiality . . . . . . . . . . . . . . . . . . 45 7.3. Link Confidentiality
7.4. Segmentation . . . . . . . . . . . . . . . . . . . . . . 46 7.4. Segmentation
7.5. First-Come-First-Remembered: A default policy . . . . . . 46 7.5. "First Come First Remembered": A Default Policy
8. Security Considerations . . . . . . . . . . . . . . . . . . . 48 8. Security Considerations
8.1. Discovery . . . . . . . . . . . . . . . . . . . . . . . . 48 8.1. Discovery
8.2. Endpoint Identification and Authentication . . . . . . . 48 8.2. Endpoint Identification and Authentication
8.3. Access Control . . . . . . . . . . . . . . . . . . . . . 49 8.3. Access Control
8.4. Denial of Service Attacks . . . . . . . . . . . . . . . . 49 8.4. Denial-of-Service Attacks
8.5. Skipping freshness checks . . . . . . . . . . . . . . . . 50 8.5. Skipping Freshness Checks
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 50 9. IANA Considerations
9.1. Resource Types . . . . . . . . . . . . . . . . . . . . . 50 9.1. Resource Types
9.2. IPv6 ND Resource Directory Address Option . . . . . . . . 51 9.2. IPv6 ND Resource Directory Address Option
9.3. RD Parameter Registry . . . . . . . . . . . . . . . . . . 51 9.3. RD Parameters Registry
9.3.1. Full description of the "Endpoint Type" RD 9.3.1. Full Description of the "Endpoint Type" RD Parameter
Parameter . . . . . . . . . . . . . . . . . . . . . . 54 9.4. Endpoint Type (et=) RD Parameter Values
9.4. "Endpoint Type" (et=) RD Parameter values . . . . . . . . 54 9.5. Multicast Address Registration
9.5. Multicast Address Registration . . . . . . . . . . . . . 55 9.6. Well-Known URIs
9.6. Well-Known URIs . . . . . . . . . . . . . . . . . . . . . 55 9.7. Service Name and Transport Protocol Port Number Registry
9.7. Service Names and Transport Protocol Port Number 10. Examples
Registry . . . . . . . . . . . . . . . . . . . . . . . . 55 10.1. Lighting Installation
10. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 56 10.1.1. Installation Characteristics
10.1. Lighting Installation . . . . . . . . . . . . . . . . . 56 10.1.2. RD Entries
10.1.1. Installation Characteristics . . . . . . . . . . . . 56 10.2. OMA Lightweight M2M (LwM2M)
10.1.2. RD entries . . . . . . . . . . . . . . . . . . . . . 57 11. References
10.2. OMA Lightweight M2M (LwM2M) . . . . . . . . . . . . . . 60 11.1. Normative References
11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 61 11.2. Informative References
12. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Appendix A. Groups Registration and Lookup
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 76 Appendix B. Web Links and the Resource Directory
13.1. Normative References . . . . . . . . . . . . . . . . . . 76 B.1. A Simple Example
13.2. Informative References . . . . . . . . . . . . . . . . . 77 B.1.1. Resolving the URIs
Appendix A. Groups Registration and Lookup . . . . . . . . . . . 80 B.1.2. Interpreting Attributes and Relations
Appendix B. Web links and the Resource Directory . . . . . . . . 82 B.2. A Slightly More Complex Example
B.1. A simple example . . . . . . . . . . . . . . . . . . . . 82 B.3. Enter the Resource Directory
B.1.1. Resolving the URIs . . . . . . . . . . . . . . . . . 82 B.4. A Note on Differences between Link-Format and Link Header
B.1.2. Interpreting attributes and relations . . . . . . . . 83 Fields
Appendix C. Limited Link Format
B.2. A slightly more complex example . . . . . . . . . . . . . 83 Acknowledgments
B.3. Enter the Resource Directory . . . . . . . . . . . . . . 84 Authors' Addresses
B.4. A note on differences between link-format and Link header
fields . . . . . . . . . . . . . . . . . . . . . . . . . 86
Appendix C. Limited Link Format . . . . . . . . . . . . . . . . 86
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 87
1. Introduction 1. Introduction
In the work on Constrained RESTful Environments (CoRE), a REST In the work on Constrained RESTful Environments (CoRE), a
architecture suitable for constrained nodes (e.g. with limited RAM Representational State Transfer (REST) architecture suitable for
and ROM [RFC7228]) and networks (e.g. 6LoWPAN [RFC4944]) has been constrained nodes (e.g., with limited RAM and ROM [RFC7228]) and
established and is used in Internet-of-Things (IoT) or machine-to- networks (e.g., IPv6 over Low-Power Wireless Personal Area Network
machine (M2M) applications such as smart energy and building (6LoWPAN) [RFC4944]) has been established and is used in Internet of
automation. Things (IoT) or machine-to-machine (M2M) applications, such as smart
energy and building automation.
The discovery of resources offered by a constrained server is very The discovery of resources offered by a constrained server is very
important in machine-to-machine applications where there are no important in machine-to-machine applications where there are no
humans in the loop and static interfaces result in fragility. The humans in the loop and static interfaces result in fragility. The
discovery of resources provided by an HTTP Web Server is typically discovery of resources provided by an HTTP web server is typically
called Web Linking [RFC8288]. The use of Web Linking for the called web linking [RFC8288]. The use of web linking for the
description and discovery of resources hosted by constrained web description and discovery of resources hosted by constrained web
servers is specified by the CoRE Link Format [RFC6690]. However, servers is specified by the CoRE Link Format [RFC6690]. However,
[RFC6690] only describes how to discover resources from the web [RFC6690] only describes how to discover resources from the web
server that hosts them by querying "/.well-known/core". In many server that hosts them by querying /.well-known/core. In many
constrained scenarios, direct discovery of resources is not practical constrained scenarios, direct discovery of resources is not practical
due to sleeping nodes, or networks where multicast traffic is due to sleeping nodes or networks where multicast traffic is
inefficient. These problems can be solved by employing an entity inefficient. These problems can be solved by employing an entity
called a Resource Directory (RD), which contains information about called a Resource Directory (RD), which contains information about
resources held on other servers, allowing lookups to be performed for resources held on other servers, allowing lookups to be performed for
those resources. those resources.
This document specifies the web interfaces that an RD supports for This document specifies the web interfaces that an RD supports for
web servers to discover the RD and to register, maintain, lookup and web servers to discover the RD and to register, maintain, look up,
remove information on resources. Furthermore, new target attributes and remove information on resources. Furthermore, new target
useful in conjunction with an RD are defined. Although the examples attributes useful in conjunction with an RD are defined. Although
in this document show the use of these interfaces with CoAP the examples in this document show the use of these interfaces with
[RFC7252], they can be applied in an equivalent manner to HTTP the Constrained Application Protocol (CoAP) [RFC7252], they can be
[RFC7230]. applied in an equivalent manner to HTTP [RFC7230].
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
The term "byte" is used in its now customary sense as a synonym for The term "byte" is used in its now customary sense as a synonym for
"octet". "octet".
This specification requires readers to be familiar with all the terms This specification requires readers to be familiar with all the terms
and concepts that are discussed in [RFC3986], [RFC8288] and and concepts that are discussed in [RFC3986], [RFC8288], and
[RFC6690]. Readers should also be familiar with the terms and [RFC6690]. Readers should also be familiar with the terms and
concepts discussed in [RFC7252]. To describe the REST interfaces concepts discussed in [RFC7252]. To describe the REST interfaces
defined in this specification, the URI Template format is used defined in this specification, the URI Template format is used
[RFC6570]. [RFC6570].
This specification makes use of the following additional terminology: This specification makes use of the following additional terminology:
resolve against Resolve Against
The expression "a URI-reference is _resolved against_ a base URI" The expression "a URI reference is _resolved against_ a base URI"
is used to describe the process of [RFC3986] Section 5.2. is used to describe the process of [RFC3986], Section 5.2.
Noteworthy corner cases are that if the URI-reference is a (full) Noteworthy corner cases include the following: (1) if the URI
URI and resolved against any base URI, that gives the original reference is a (full) URI, resolving against any base URI gives
full URI, and that resolving an empty URI reference gives the base the original full URI and (2) resolving an empty URI reference
URI without any fragment identifier. gives the base URI without any fragment identifier.
Resource Directory (RD) Resource Directory (RD)
A web entity that stores information about web resources and A web entity that stores information about web resources and
implements the REST interfaces defined in this specification for implements the REST interfaces defined in this specification for
discovery, for the creation, maintenance and removal of discovery, for the creation, maintenance, and removal of
registrations, and for lookup of the registered resources. registrations, and for lookup of the registered resources.
Sector Sector
In the context of an RD, a sector is a logical grouping of In the context of an RD, a sector is a logical grouping of
endpoints. endpoints.
The abbreviation "d=" is used for the sector in query parameters The abbreviation "d=" is used for the sector in query parameters
for compatibility with deployed implementations. for compatibility with deployed implementations.
Endpoint Endpoint (EP)
Endpoint (EP) is a term used to describe a web server or client in Endpoint (EP) is a term used to describe a web server or client in
[RFC7252]. In the context of this specification an endpoint is [RFC7252]. In the context of this specification, an endpoint is
used to describe a web server that registers resources to the RD. used to describe a web server that registers resources to the RD.
An endpoint is identified by its endpoint name, which is included An endpoint is identified by its endpoint name, which is included
during registration, and has a unique name within the associated during registration, and has a unique name within the associated
sector of the registration. sector of the registration.
Registration Base URI Registration Base URI
The Base URI of a Registration is a URI that typically gives The base URI of a registration is a URI that typically gives
scheme and authority information about an Endpoint. The scheme and authority information about an endpoint. The
Registration Base URI is provided at registration time, and is registration base URI is provided at registration time and is used
used by the RD to resolve relative references of the registration by the RD to resolve relative references of the registration into
into URIs. URIs.
Target Target
The target of a link is the destination address (URI) of the link. The target of a link is the destination address (URI) of the link.
It is sometimes identified with "href=", or displayed as It is sometimes identified with "href=" or displayed as <target>.
"<target>". Relative targets need resolving with respect to the Relative targets need resolving with respect to the base URI
Base URI (section 5.2 of [RFC3986]). (Section 5.2 of [RFC3986]).
This use of the term Target is consistent with [RFC8288]'s use of This use of the term "target" is consistent with the use in
the term. [RFC8288].
Context Context
The context of a link is the source address (URI) of the link, and The context of a link is the source address (URI) of the link and
describes which resource is linked to the target. A link's describes which resource is linked to the target. A link's
context is made explicit in serialized links as the "anchor=" context is made explicit in serialized links as the "anchor="
attribute. attribute.
This use of the term Context is consistent with [RFC8288]'s use of This use of the term "context" is consistent with the use in
the term. [RFC8288].
Directory Resource Directory Resource
A resource in the RD containing registration resources. A directory resource is a resource in the RD containing
registration resources.
Registration Resource Registration Resource
A resource in the RD that contains information about an Endpoint A registration resource is a resource in the RD that contains
and its links. information about an endpoint and its links.
Commissioning Tool Commissioning Tool (CT)
Commissioning Tool (CT) is a device that assists during A Commissioning Tool (CT) is a device that assists during
installation events by assigning values to parameters, naming installation events by assigning values to parameters, naming
endpoints and groups, or adapting the installation to the needs of endpoints and groups, or adapting the installation to the needs of
the applications. the applications.
Registrant-ep Registrant-EP
Registrant-ep is the endpoint that is registered into the RD. The A registrant-EP is the endpoint that is registered into the RD.
registrant-ep can register itself, or a CT registers the The registrant-EP can register itself, or a CT registers the
registrant-ep. registrant-EP.
RDAO Resource Directory Address Option (RDAO)
Resource Directory Address Option. A new IPv6 Neighbor Discovery A Resource Directory Address Option (RDAO) is a new IPv6 Neighbor
option defined for announcing an RD's address. Discovery option defined for announcing an RD's address.
3. Architecture and Use Cases 3. Architecture and Use Cases
3.1. Principles 3.1. Principles
The RD is primarily a tool to make discovery operations more The RD is primarily a tool to make discovery operations more
efficient than querying /.well-known/core on all connected devices, efficient than querying /.well-known/core on all connected devices or
or across boundaries that would limit those operations. across boundaries that would limit those operations.
It provides information about resources hosted by other devices that It provides information about resources hosted by other devices that
could otherwise only be obtained by directly querying the /.well- could otherwise only be obtained by directly querying the /.well-
known/core resource on these other devices, either by a unicast known/core resource on these other devices, either by a unicast
request or a multicast request. request or a multicast request.
Information SHOULD only be stored in the RD if it can be obtained by Information SHOULD only be stored in the RD if it can be obtained by
querying the described device's /.well-known/core resource directly. querying the described device's /.well-known/core resource directly.
Data in the RD can only be provided by the device which hosts those Data in the RD can only be provided by the device that hosts the data
data or a dedicated Commissioning Tool (CT). These CTs act on behalf or a dedicated Commissioning Tool (CT). These CTs act on behalf of
of endpoints too constrained, or generally unable, to present that endpoints too constrained, or generally unable, to present that
information themselves. No other client can modify data in the RD. information themselves. No other client can modify data in the RD.
Changes to the information in the RD do not propagate automatically Changes to the information in the RD do not propagate automatically
back to the web servers from where the information originated. back to the web servers from where the information originated.
3.2. Architecture 3.2. Architecture
The RD architecture is illustrated in Figure 1. An RD is used as a The RD architecture is illustrated in Figure 1. An RD is used as a
repository of registrations describing resources hosted on other web repository of registrations describing resources hosted on other web
servers, also called endpoints (EP). An endpoint is a web server servers, also called endpoints (EPs). An endpoint is a web server
associated with a scheme, IP address and port. A physical node may associated with a scheme, IP address, and port. A physical node may
host one or more endpoints. The RD implements a set of REST host one or more endpoints. The RD implements a set of REST
interfaces for endpoints to register and maintain RD registrations, interfaces for endpoints to register and maintain RD registrations
and for endpoints to lookup resources from the RD. An RD can be and for endpoints to look up resources from the RD. An RD can be
logically segmented by the use of Sectors. logically segmented by the use of sectors.
A mechanism to discover an RD using CoRE Link Format [RFC6690] is A mechanism to discover an RD using CoRE Link Format [RFC6690] is
defined. defined.
Registrations in the RD are soft state and need to be periodically Registrations in the RD are soft state and need to be periodically
refreshed. refreshed.
An endpoint uses specific interfaces to register, update and remove a An endpoint uses specific interfaces to register, update, and remove
registration. It is also possible for an RD to fetch Web Links from a registration. It is also possible for an RD to fetch web links
endpoints and add their contents to its registrations. from endpoints and add their contents to its registrations.
At the first registration of an endpoint, a "registration resource" At the first registration of an endpoint, a "registration resource"
is created, the location of which is returned to the registering is created, the location of which is returned to the registering
endpoint. The registering endpoint uses this registration resource endpoint. The registering endpoint uses this registration resource
to manage the contents of registrations. to manage the contents of registrations.
A lookup interface for discovering any of the Web Links stored in the A lookup interface for discovering any of the web links stored in the
RD is provided using the CoRE Link Format. RD is provided using the CoRE Link Format.
Registration Lookup Registration Lookup
Interface Interface Interface Interface
+----+ | | +----+ | |
| EP |---- | | | EP |---- | |
+----+ ---- | | +----+ ---- | |
--|- +------+ | --|- +------+ |
+----+ | ----| | | +--------+ +----+ | ----| | | +--------+
| EP | ---------|-----| RD |----|-----| Client | | EP | ---------|-----| RD |----|-----| Client |
+----+ | ----| | | +--------+ +----+ | ----| | | +--------+
--|- +------+ | --|- +------+ |
+----+ ---- | | +----+ ---- | |
| CT |---- | | | CT |---- | |
+----+ +----+
Figure 1: The RD architecture. Figure 1: The RD Architecture
A Registrant-EP MAY keep concurrent registrations to more than one RD A registrant-EP MAY keep concurrent registrations to more than one RD
at the same time if explicitly configured to do so, but that is not at the same time if explicitly configured to do so, but that is not
expected to be supported by typical EP implementations. Any such expected to be supported by typical EP implementations. Any such
registrations are independent of each other. The usual expectation registrations are independent of each other. The usual expectation
when multiple discovery mechanisms or addresses are configured is when multiple discovery mechanisms or addresses are configured is
that they constitute a fall-back path for a single registration. that they constitute a fall-back path for a single registration.
3.3. RD Content Model 3.3. RD Content Model
The Entity-Relationship (ER) models shown in Figure 2 and Figure 3 The Entity-Relationship (ER) models shown in Figures 2 and 3 model
model the contents of /.well-known/core and the RD respectively, with the contents of /.well-known/core and the RD respectively, with
entity-relationship diagrams [ER]. Entities (rectangles) are used entity-relationship diagrams [ER]. Entities (rectangles) are used
for concepts that exist independently. Attributes (ovals) are used for concepts that exist independently. Attributes (ovals) are used
for concepts that exist only in connection with a related entity. for concepts that exist only in connection with a related entity.
Relations (diamonds) give a semantic meaning to the relation between Relations (diamonds) give a semantic meaning to the relation between
entities. Numbers specify the cardinality of the relations. entities. Numbers specify the cardinality of the relations.
Some of the attribute values are URIs. Those values are always full Some of the attribute values are URIs. Those values are always full
URIs and never relative references in the information model. They URIs and never relative references in the information model.
can, however, be expressed as relative references in serializations, However, they can be expressed as relative references in
and often are. serializations, and they often are.
These models provide an abstract view of the information expressed in These models provide an abstract view of the information expressed in
link-format documents and an RD. They cover the concepts, but not link-format documents and an RD. They cover the concepts but not
necessarily all details of an RD's operation; they are meant to give necessarily all details of an RD's operation; they are meant to give
an overview, and not be a template for implementations. an overview and not be a template for implementations.
+----------------------+
| /.well-known/core |
+----------------------+
|
| 1
////////\\\\\\\
< contains >
\\\\\\\\///////
|
| 0+
+--------------------+
| link |
+--------------------+
|
| 1 oooooooo
+-----o target o
| oooooooo
oooooooooooo 0+ |
o target o--------+
o attribute o | 0+ oooooo
oooooooooooo +-----o rel o
| oooooo
|
| 1 ooooooooo
+-----o context o
ooooooooo
Figure 2: ER Model of the content of /.well-known/core +----------------------+
| /.well-known/core |
+----------------------+
|
| 1
////////\\\\\\\
< contains >
\\\\\\\\///////
|
| 0+
+--------------------+
| link |
+--------------------+
|
| 1 oooooooo
+-----o target o
| oooooooo
oooooooooooo 0+ |
o target o--------+
o attribute o | 0+ oooooo
oooooooooooo +-----o rel o
| oooooo
|
| 1 ooooooooo
+-----o context o
ooooooooo
The model shown in Figure 2 models the contents of /.well-known/core Figure 2: ER Model of the Content of /.well-known/core
which contains:
* a set of links belonging to the hosting web server Figure 2 models the contents of /.well-known/core, which contains a
set of links belonging to the hosting web server.
The web server is free to choose links it deems appropriate to be The web server is free to choose links it deems appropriate to be
exposed in its "/.well-known/core". Typically, the links describe exposed in its /.well-known/core. Typically, the links describe
resources that are served by the host, but the set can also contain resources that are served by the host, but the set can also contain
links to resources on other servers (see examples in [RFC6690] page links to resources on other servers (see examples in Section 5 of
14). The set does not necessarily contain links to all resources [RFC6690]). The set does not necessarily contain links to all
served by the host. resources served by the host.
A link has the following attributes (see [RFC8288]): A link has the following attributes (see Section 5 of [RFC8288]):
* Zero or more link relations: They describe relations between the * Zero or more link relations: They describe relations between the
link context and the link target. link context and the link target.
In link-format serialization, they are expressed as space- In link-format serialization, they are expressed as space-
separated values in the "rel" attribute, and default to "hosts". separated values in the "rel" attribute and default to "hosts".
* A link context URI: It defines the source of the relation, e.g. * A link context URI: It defines the source of the relation, e.g.,
_who_ "hosts" something. _who_ "hosts" something.
In link-format serialization, it is expressed in the "anchor" In link-format serialization, it is expressed in the "anchor"
attribute and defaults to the Origin of the target (practically: attribute and defaults to the Origin of the target (practically,
the target with its path and later components removed) the target with its path and later components removed).
* A link target URI: It defines the destination of the relation * A link target URI: It defines the destination of the relation
(e.g. _what_ is hosted), and is the topic of all target (e.g., _what_ is hosted) and is the topic of all target
attributes. attributes.
In link-format serialization, it is expressed between angular In link-format serialization, it is expressed between angular
brackets, and sometimes called the "href". brackets and sometimes called the "href".
* Other target attributes (e.g. resource type (rt), interface (if), * Other target attributes (e.g., resource type (rt), interface (if),
or content format (ct)). These provide additional information or content format (ct)): These provide additional information
about the target URI. about the target URI.
+--------------+ +--------------+
+ RD + + RD +
+--------------+ +--------------+
| 1 | 1
| |
| |
| |
| |
skipping to change at page 11, line 46 skipping to change at line 466
o lt o----+ ooooooooooo 0+ | o lt o----+ ooooooooooo 0+ |
oooooooo | o target o-----+ oooooooo | o target o-----+
| o attribute o | 0+ oooooo | o attribute o | 0+ oooooo
ooooooooooo 0+ | ooooooooooo +-----o rel o ooooooooooo 0+ | ooooooooooo +-----o rel o
o endpoint o----+ | oooooo o endpoint o----+ | oooooo
o attribute o | o attribute o |
ooooooooooo | 1 ooooooooo ooooooooooo | 1 ooooooooo
+----o context o +----o context o
ooooooooo ooooooooo
Figure 3: ER Model of the content of the RD Figure 3: ER Model of the Content of the RD
The model shown in Figure 3 models the contents of the RD which Figure 3 models the contents of the RD, which contains, in addition
contains in addition to /.well-known/core: to /.well-known/core, 0 to n registrations of endpoints.
* 0 to n Registrations of endpoints,
A registration is associated with one endpoint. A registration A registration is associated with one endpoint. A registration
defines a set of links as defined for /.well-known/core. A defines a set of links, as defined for /.well-known/core. A
Registration has six types of attributes: registration has six types of attributes:
* an endpoint name ("ep", a Unicode string) unique within a sector * an endpoint name ("ep", a Unicode string) unique within a sector
* a Registration Base URI ("base", a URI typically describing the * a registration base URI ("base", a URI typically describing the
scheme://authority part) scheme://authority part)
* a lifetime ("lt"), * a lifetime ("lt")
* a registration resource location inside the RD ("href"), * a registration resource location inside the RD ("href")
* optionally a sector ("d", a Unicode string) * optionally, a sector ("d", a Unicode string)
* optional additional endpoint attributes (from Section 9.3) * optional additional endpoint attributes (from Section 9.3)
The cardinality of "base" is currently 1; future documents are The cardinality of "base" is currently 1; future documents are
invited to extend the RD specification to support multiple values invited to extend the RD specification to support multiple values
(e.g. [I-D.silverajan-core-coap-protocol-negotiation]). Its value (e.g., [COAP-PROT-NEG]). Its value is used as a base URI when
is used as a Base URI when resolving URIs in the links contained in resolving URIs in the links contained in the endpoint.
the endpoint.
Links are modelled as they are in Figure 2. Links are modeled as they are in Figure 2.
3.4. Link-local addresses and zone identifiers 3.4. Link-Local Addresses and Zone Identifiers
Registration Base URIs can contain link-local IP addresses. To be Registration base URIs can contain link-local IP addresses. To be
usable across hosts, those cannot be serialized to contain zone usable across hosts, those cannot be serialized to contain zone
identifiers (see [RFC6874] Section 1). identifiers (see [RFC6874], Section 1).
Link-local addresses can only be used on a single link (therefore RD Link-local addresses can only be used on a single link (therefore, RD
servers cannot announce them when queried on a different link), and servers cannot announce them when queried on a different link), and
lookup clients using them need to keep track of which interface they lookup clients using them need to keep track of which interface they
got them from. got them from.
Therefore, it is advisable in many scenarios to use addresses with Therefore, it is advisable in many scenarios to use addresses with
larger scope if available. larger scopes, if available.
3.5. Use Case: Cellular M2M 3.5. Use Case: Cellular M2M
Over the last few years, mobile operators around the world have Over the last few years, mobile operators around the world have
focused on development of M2M solutions in order to expand the focused on development of M2M solutions in order to expand the
business to the new type of users: machines. The machines are business to the new type of users: machines. The machines are
connected directly to a mobile network using an appropriate embedded connected directly to a mobile network using an appropriate embedded
wireless interface (GSM/GPRS, WCDMA, LTE) or via a gateway providing wireless interface (GSM/General Packet Radio Service (GPRS), Wideband
short and wide range wireless interfaces. The ambition in such Code Division Multiple Access (W-CDMA), LTE, etc.) or via a gateway
systems is to build them from reusable components. These speed up providing short- and wide-range wireless interfaces. The ambition in
development and deployment, and enable shared use of machines across such systems is to build them from reusable components. These speed
different applications. One crucial component of such systems is the up development and deployment and enable shared use of machines
discovery of resources (and thus the endpoints they are hosted on) across different applications. One crucial component of such systems
capable of providing required information at a given time or acting is the discovery of resources (and thus the endpoints they are hosted
on instructions from the end users. on) capable of providing required information at a given time or
acting on instructions from the end users.
Imagine a scenario where endpoints installed on vehicles enable Imagine a scenario where endpoints installed on vehicles enable
tracking of the position of these vehicles for fleet management tracking of the position of these vehicles for fleet management
purposes and allow monitoring of environment parameters. During the purposes and allow monitoring of environment parameters. During the
boot-up process endpoints register with an RD, which is hosted by the boot-up process, endpoints register with an RD, which is hosted by
mobile operator or somewhere in the cloud. Periodically, these the mobile operator or somewhere in the cloud. Periodically, these
endpoints update their registration and may modify resources they endpoints update their registration and may modify resources they
offer. offer.
When endpoints are not always connected, for example because they When endpoints are not always connected, for example, because they
enter a sleep mode, a remote server is usually used to provide proxy enter a sleep mode, a remote server is usually used to provide proxy
access to the endpoints. Mobile apps or web applications for access to the endpoints. Mobile apps or web applications for
environment monitoring contact the RD, look up the endpoints capable environment monitoring contact the RD, look up the endpoints capable
of providing information about the environment using an appropriate of providing information about the environment using an appropriate
set of link parameters, obtain information on how to contact them set of link parameters, obtain information on how to contact them
(URLs of the proxy server), and then initiate interaction to obtain (URLs of the proxy server), and then initiate interaction to obtain
information that is finally processed, displayed on the screen and information that is finally processed, displayed on the screen, and
usually stored in a database. Similarly, fleet management systems usually stored in a database. Similarly, fleet management systems
provide the appropriate link parameters to the RD to look up for EPs provide the appropriate link parameters to the RD to look up for EPs
deployed on the vehicles the application is responsible for. deployed on the vehicles the application is responsible for.
3.6. Use Case: Home and Building Automation 3.6. Use Case: Home and Building Automation
Home and commercial building automation systems can benefit from the Home and commercial building automation systems can benefit from the
use of IoT web services. The discovery requirements of these use of IoT web services. The discovery requirements of these
applications are demanding. Home automation usually relies on run- applications are demanding. Home automation usually relies on run-
time discovery to commission the system, whereas in building time discovery to commission the system, whereas, in building
automation a combination of professional commissioning and run-time automation, a combination of professional commissioning and run-time
discovery is used. Both home and building automation involve peer- discovery is used. Both home and building automation involve peer-
to-peer interactions between endpoints, and involve battery-powered to-peer interactions between endpoints and involve battery-powered
sleeping devices. Both can use the common RD infrastructure to sleeping devices. Both can use the common RD infrastructure to
establish device interactions efficiently, but can pick security establish device interactions efficiently but can pick security
policies suitable for their needs. policies suitable for their needs.
Two phases can be discerned for a network servicing the system: (1) Two phases can be discerned for a network servicing the system: (1)
installation and (2) operation. During the operational phase, the installation and (2) operation. During the operational phase, the
network is connected to the Internet with a Border Router (e.g. a network is connected to the Internet with a border router (e.g., a
6LoWPAN Border Router (6LBR), see [RFC6775]) and the nodes connected 6LoWPAN Border Router (6LBR) [RFC6775]), and the nodes connected to
to the network can use the Internet services that are provided by the the network can use the Internet services that are provided by the IP
Internet Provider or the network administrator. During the or network administrator. During the installation phase, the network
installation phase, the network is completely stand-alone, no Border is completely stand-alone, no border router is connected, and the
Router is connected, and the network only supports the IP network only supports the IP communication between the connected
communication between the connected nodes. The installation phase is nodes. The installation phase is usually followed by the operational
usually followed by the operational phase. As an RD's operations phase. As an RD's operations work without hard dependencies on names
work without hard dependencies on names or addresses, it can be used or addresses, it can be used for discovery across both phases.
for discovery across both phases.
3.7. Use Case: Link Catalogues 3.7. Use Case: Link Catalogues
Resources may be shared through data brokers that have no knowledge Resources may be shared through data brokers that have no knowledge
beforehand of who is going to consume the data. An RD can be used to beforehand of who is going to consume the data. An RD can be used to
hold links about resources and services hosted anywhere to make them hold links about resources and services hosted anywhere to make them
discoverable by a general class of applications. discoverable by a general class of applications.
For example, environmental and weather sensors that generate data for For example, environmental and weather sensors that generate data for
public consumption may provide data to an intermediary server, or public consumption may provide data to an intermediary server or
broker. Sensor data are published to the intermediary upon changes broker. Sensor data are published to the intermediary upon changes
or at regular intervals. Descriptions of the sensors that resolve to or at regular intervals. Descriptions of the sensors that resolve to
links to sensor data may be published to an RD. Applications wishing links to sensor data may be published to an RD. Applications wishing
to consume the data can use RD Lookup to discover and resolve links to consume the data can use RD lookup to discover and resolve links
to the desired resources and endpoints. The RD service need not be to the desired resources and endpoints. The RD service need not be
coupled with the data intermediary service. Mapping of RDs to data coupled with the data intermediary service. Mapping of RDs to data
intermediaries may be many-to-many. intermediaries may be many-to-many.
Metadata in web link formats like [RFC6690] which may be internally Metadata in web link formats, such as the one defined in [RFC6690],
stored as triples, or relation/attribute pairs providing metadata which may be internally stored as triples or relation/attribute pairs
about resource links, need to be supported by RDs. External providing metadata about resource links, need to be supported by RDs.
catalogues that are represented in other formats may be converted to External catalogues that are represented in other formats may be
common web linking formats for storage and access by RDs. Since it converted to common web linking formats for storage and access by
is common practice for these to be encoded in URNs [RFC8141], simple RDs. Since it is common practice for these to be encoded in URNs
and lossless structural transforms should generally be sufficient to [RFC8141], simple and lossless structural transforms should generally
store external metadata in RDs. be sufficient to store external metadata in RDs.
The additional features of an RD allow sectors to be defined to The additional features of an RD allow sectors to be defined to
enable access to a particular set of resources from particular enable access to a particular set of resources from particular
applications. This provides isolation and protection of sensitive applications. This provides isolation and protection of sensitive
data when needed. Application groups with multicast addresses may be data when needed. Application groups with multicast addresses may be
defined to support efficient data transport. defined to support efficient data transport.
4. RD discovery and other interface-independent components 4. RD Discovery and Other Interface-Independent Components
This and the following sections define the required set of REST This and the following sections define the required set of REST
interfaces between an RD, endpoints and lookup clients. Although the interfaces between an RD, endpoints, and lookup clients. Although
examples throughout these sections assume the use of CoAP [RFC7252], the examples throughout these sections assume the use of CoAP
these REST interfaces can also be realized using HTTP [RFC7230]. The [RFC7252], these REST interfaces can also be realized using HTTP
multicast discovery and simple registration operations are exceptions [RFC7230]. The multicast discovery and simple registration
to that, as they rely on mechanisms unavailable in HTTP. In all operations are exceptions to that, as they rely on mechanisms
definitions in these sections, both CoAP response codes (with dot unavailable in HTTP. In all definitions in these sections, both CoAP
notation) and HTTP response codes (without dot notation) are shown. response codes (with dot notation) and HTTP response codes (without
An RD implementing this specification MUST support the discovery, dot notation) are shown. An RD implementing this specification MUST
registration, update, lookup, and removal interfaces. support the discovery, registration, update, lookup, and removal
interfaces.
All operations on the contents of the RD MUST be atomic and All operations on the contents of the RD MUST be atomic and
idempotent. idempotent.
For several operations, interface templates are given in list form; For several operations, interface templates are given in list form;
those describe the operation participants, request codes, URIs, those describe the operation participants, request codes, URIs,
content formats and outcomes. Sections of those templates contain content formats, and outcomes. Sections of those templates contain
normative content about Interaction, Method, URI Template and URI normative content about Interaction, Method, URI Template, and URI
Template Variables as well as the details of the Success condition. Template Variables, as well as the details of the Success condition.
The additional sections on options like Content-Format and on Failure The additional sections for options (such as Content-Format) and for
codes give typical cases that an implementation of the RD should deal Failure codes give typical cases that an implementation of the RD
with. Those serve to illustrate the typical responses to readers who should deal with. Those serve to illustrate the typical responses to
are not yet familiar with all the details of CoAP based interfaces; readers who are not yet familiar with all the details of CoAP-based
they do not limit what a server may respond under atypical interfaces; they do not limit how a server may respond under atypical
circumstances. circumstances.
REST clients (registrant-EPs and CTs during registration and REST clients (registrant-EPs and CTs during registration and
maintenance, lookup clients, RD servers during simple registrations) maintenance, lookup clients, and RD servers during simple
must be prepared to receive any unsuccessful code and act upon it registrations) must be prepared to receive any unsuccessful code and
according to its definition, options and/or payload to the best of act upon it according to its definition, options, and/or payload to
their capabilities, falling back to failing the operation if recovery the best of their capabilities, falling back to failing the operation
is not possible. In particular, they SHOULD retry the request upon if recovery is not possible. In particular, they SHOULD retry the
5.03 (Service Unavailable; 503 in HTTP) according to the Max-Age request upon 5.03 (Service Unavailable; 503 in HTTP) according to the
(Retry-After in HTTP) option, and SHOULD fall back to link-format Max-Age (Retry-After in HTTP) option and SHOULD fall back to link
when receiving 4.15 (Unsupported Content-Format; 415 in HTTP). format when receiving 4.15 (Unsupported Content-Format; 415 in HTTP).
An RD MAY make the information submitted to it available to further An RD MAY make the information submitted to it available to further
directories (subject to security policies on link confidentiality), directories (subject to security policies on link confidentiality) if
if it can ensure that a loop does not form. The protocol used it can ensure that a loop does not form. The protocol used between
between directories to ensure loop-free operation is outside the directories to ensure loop-free operation is outside the scope of
scope of this document. this document.
4.1. Finding a Resource Directory 4.1. Finding a Resource Directory
A (re-)starting device may want to find one or more RDs before it can A (re)starting device may want to find one or more RDs before it can
discover their URIs. Dependent on the operational conditions, one or discover their URIs. Dependent on the operational conditions, one or
more of the techniques below apply. more of the techniques below apply.
The device may be pre-configured to exercise specific mechanisms for The device may be preconfigured to exercise specific mechanisms for
finding the RD: finding the RD:
1. It may be configured with a specific IP address for the RD. That 1. It may be configured with a specific IP address for the RD. That
IP address may also be an anycast address, allowing the network IP address may also be an anycast address, allowing the network
to forward RD requests to an RD that is topologically close; each to forward RD requests to an RD that is topologically close; each
target network environment in which some of these preconfigured target network environment in which some of these preconfigured
nodes are to be brought up is then configured with a route for nodes are to be brought up is then configured with a route for
this anycast address that leads to an appropriate RD. (Instead this anycast address that leads to an appropriate RD. (Instead
of using an anycast address, a multicast address can also be of using an anycast address, a multicast address can also be
preconfigured. The RD servers then need to configure one of preconfigured. The RD servers then need to configure one of
their interfaces with this multicast address.) their interfaces with this multicast address.)
2. It may be configured with a DNS name for the RD and use DNS to 2. It may be configured with a DNS name for the RD and use DNS to
return the IP address of the RD; it can find a DNS server to return the IP address of the RD; it can find a DNS server to
perform the lookup using the usual mechanisms for finding DNS perform the lookup using the usual mechanisms for finding DNS
servers. servers.
3. It may be configured to use a service discovery mechanism such as 3. It may be configured to use a service discovery mechanism, such
DNS-SD, as outlined in Section 4.1.2. as DNS-based Service Discovery (DNS-SD), as outlined in
Section 4.1.2.
For cases where the device is not specifically configured with a way For cases where the device is not specifically configured with a way
to find an RD, the network may want to provide a suitable default. to find an RD, the network may want to provide a suitable default.
1. The IPv6 Neighbor Discovery option RDAO Section 4.1.1 can do 1. The IPv6 Neighbor Discovery option RDAO (Section 4.1.1) can do
that. that.
2. When DHCP is in use, this could be provided via a DHCP option (no 2. When DHCP is in use, this could be provided via a DHCP option (no
such option is defined at the time of writing). such option is defined at the time of writing).
Finally, if neither the device nor the network offers any specific Finally, if neither the device nor the network offers any specific
configuration, the device may want to employ heuristics to find a configuration, the device may want to employ heuristics to find a
suitable RD. suitable RD.
The present specification does not fully define these heuristics, but The present specification does not fully define these heuristics but
suggests a number of candidates: suggests a number of candidates:
1. In a 6LoWPAN, just assume the Border Router (6LBR) can act as an 1. In a 6LoWPAN, just assume the 6LBR can act as an RD (using the
RD (using the ABRO option to find that [RFC6775]). Confirmation Authoritative Border Router Option (ABRO) to find that
can be obtained by sending a unicast to "coap://[6LBR]/.well- [RFC6775]). Confirmation can be obtained by sending a unicast to
known/core?rt=core.rd*". coap://[6LBR]/.well-known/core?rt=core.rd*.
2. In a network that supports multicast well, discovering the RD 2. In a network that supports multicast well, discover the RD using
using a multicast query for /.well-known/core as specified in a multicast query for /.well-known/core, as specified in CoRE
CoRE Link Format [RFC6690]: Sending a Multicast GET to Link Format [RFC6690], and send a Multicast GET to
"coap://[MCD1]/.well-known/core?rt=core.rd*". RDs within the coap://[ff0x::fe]/.well-known/core?rt=core.rd*. RDs within the
multicast scope will answer the query. multicast scope will answer the query.
When answering a multicast request directed at a link-local group, When answering a multicast request directed at a link-local group,
the RD may want to respond from a routable address; this makes it the RD may want to respond from a routable address; this makes it
easier for registrants to use one of their own routable addresses for easier for registrants to use one of their own routable addresses for
registration. When [RFC6724] is used for source address selection, registration. When source addresses are selected using the mechanism
this can be achieved by applying the changes of its Section 10.4, described in [RFC6724], this can be achieved by applying the changes
picking public addresses in its Section 5 Rule 7, and superseding of its Section 10.4, picking public addresses in Rule 7 of its
rule 8 with preferring the source address's precedence. Section 5, and superseding Rule 8 with preferring the source
address's precedence.
As some of the RD addresses obtained by the methods listed here are As some of the RD addresses obtained by the methods listed here are
just (more or less educated) guesses, endpoints MUST make use of any just (more or less educated) guesses, endpoints MUST make use of any
error messages to very strictly rate-limit requests to candidate IP error messages to very strictly rate-limit requests to candidate IP
addresses that don't work out. For example, an ICMP Destination addresses that don't work out. For example, an ICMP Destination
Unreachable message (and, in particular, the port unreachable code Unreachable message (and, in particular, the port unreachable code
for this message) may indicate the lack of a CoAP server on the for this message) may indicate the lack of a CoAP server on the
candidate host, or a CoAP error response code such as 4.05 "Method candidate host, or a CoAP error response code, such as 4.05 (Method
Not Allowed" may indicate unwillingness of a CoAP server to act as a Not Allowed), may indicate unwillingness of a CoAP server to act as a
directory server. directory server.
The following RD discovery mechanisms are recommended: The following RD discovery mechanisms are recommended:
* In managed networks with border routers that need stand-alone * In managed networks with border routers that need stand-alone
operation, the RDAO option is recommended (e.g. operational phase operation, the RDAO is recommended (e.g., the operational phase
described in Section 3.6). described in Section 3.6).
* In managed networks without border router (no Internet services * In managed networks without border routers (no Internet services
available), the use of a preconfigured anycast address is available), the use of a preconfigured anycast address is
recommended (e.g. installation phase described in Section 3.6). recommended (e.g., the installation phase described in
Section 3.6).
* In networks managed using DNS-SD, the use of DNS-SD for discovery * In networks managed using DNS-SD, the use of DNS-SD for discovery,
as described in Section 4.1.2 is recommended. as described in Section 4.1.2, is recommended.
The use of multicast discovery in mesh networks is NOT RECOMMENDED. The use of multicast discovery in mesh networks is NOT RECOMMENDED.
4.1.1. Resource Directory Address Option (RDAO) 4.1.1. Resource Directory Address Option (RDAO)
The Resource Directory Address Option (RDAO) carries information The Resource Directory Address Option (RDAO) carries information
about the address of the RD in RAs (Router Advertisements) of IPv6 about the address of the RD in RAs (Router Advertisements) of IPv6
Neighbor Discovery (ND), similar to how RDNSS options [RFC8106] are Neighbor Discovery (ND), similar to how Recursive DNS Server (RDNSS)
sent. This information is needed when endpoints cannot discover the options [RFC8106] are sent. This information is needed when
RD with a link-local or realm-local scope multicast address, for endpoints cannot discover the RD with a link-local or realm-local
instance because the endpoint and the RD are separated by a Border scope multicast address, for instance, because the endpoint and the
Router (6LBR). In many circumstances the availability of DHCP cannot RD are separated by a 6LBR. In many circumstances, the availability
be guaranteed either during commissioning of the network. The of DHCP cannot be guaranteed during commissioning of the network
presence and the use of the RD is essential during commissioning. either. The presence and the use of the RD is essential during
commissioning.
It is possible to send multiple RDAO options in one message, It is possible to send multiple RDAOs in one message, indicating as
indicating as many RD addresses. many RD addresses.
The RDAO format is: The RDAO format is:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length = 3 | Reserved | | Type | Length = 3 | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Valid Lifetime | | Valid Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| | | |
+ RD Address + + RD Address +
| | | |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Fields: Figure 4: Resource Directory Address Option
Type: TBD38 Fields:
Length: 8-bit unsigned integer. The length of Type: 41
the option in units of 8 bytes.
Always 3.
Reserved: This field is unused. It MUST be Length: 8-bit unsigned integer. The length of the option
initialized to zero by the sender and in units of 8 bytes. Always 3.
MUST be ignored by the receiver.
Valid Lifetime: 32-bit unsigned integer. The length of Reserved: This field is unused. It MUST be initialized to
time in seconds (relative to zero by the sender and MUST be ignored by the
the time the packet is received) that receiver.
this RD address is valid.
A value of all zero bits (0x0) indicates
that this RD address
is not valid anymore.
RD Address: IPv6 address of the RD. Valid Lifetime: 32-bit unsigned integer. The length of time in
seconds (relative to the time the packet is
received) that this RD address is valid. A value
of all zero bits (0x0) indicates that this RD
address is not valid anymore.
Figure 4: Resource Directory Address Option RD Address: IPv6 address of the RD.
4.1.2. Using DNS-SD to discover a Resource Directory 4.1.2. Using DNS-SD to Discover a Resource Directory
An RD can advertise its presence in DNS-SD [RFC6763] using the An RD can advertise its presence in DNS-SD [RFC6763] using the
service name "_core-rd._udp" (for CoAP), "_core-rd-dtls._udp" (for service names defined in this document: _core-rd._udp (for CoAP),
CoAP over DTLS), "_core-rd._tcp" (for CoAP over TCP) or "_core-rd- _core-rd-dtls._udp (for CoAP over DTLS), _core-rd._tcp (for CoAP over
tls._tcp" (for CoAP over TLS) defined in this document. (For the TCP), or _core-rd-tls._tcp (for CoAP over TLS). (For the WebSocket
WebSocket transports of CoAP, no service is defined as DNS-SD is transports of CoAP, no service is defined, as DNS-SD is typically
typically unavailable in environments where CoAP over WebSockets is unavailable in environments where CoAP over WebSockets is used.)
used).
The selection of the service indicates the protocol used, and the SRV The selection of the service indicates the protocol used, and the SRV
record points the client to a host name and port to use as a starting record points the client to a host name and port to use as a starting
point for the URI discovery steps of Section 4.3. point for the "URI discovery" steps of Section 4.3.
This section is a simplified concrete application of the more generic This section is a simplified, concrete application of the more
mechanism specified in [I-D.ietf-core-rd-dns-sd]. generic mechanism specified in [CORE-RD-DNS-SD].
4.2. Payload Content Formats 4.2. Payload Content Formats
RDs implementing this specification MUST support the application/ RDs implementing this specification MUST support the application/
link-format content format (ct=40). link-format content format (ct=40).
RDs implementing this specification MAY support additional content RDs implementing this specification MAY support additional content
formats. formats.
Any additional content format supported by an RD implementing this Any additional content format supported by an RD implementing this
specification SHOULD be able to express all the information specification SHOULD be able to express all the information
expressible in link-format. It MAY be able to express information expressible in link format. It MAY be able to express information
that is inexpressible in link-format, but those expressions SHOULD be that is inexpressible in link format, but those expressions SHOULD be
avoided where possible. avoided where possible.
4.3. URI Discovery 4.3. URI Discovery
Before an endpoint can make use of an RD, it must first know the RD's Before an endpoint can make use of an RD, it must first know the RD's
address and port, and the URI path information for its REST APIs. address and port and the URI path information for its REST APIs.
This section defines discovery of the RD and its URIs using the well- This section defines discovery of the RD and its URIs using the well-
known interface of the CoRE Link Format [RFC6690] after having known interface of the CoRE Link Format [RFC6690] after having
discovered a host as described in Section 4.1. discovered a host, as described in Section 4.1.
Discovery of the RD registration URI is performed by sending either a Discovery of the RD registration URI is performed by sending either a
multicast or unicast GET request to "/.well-known/core" and including multicast or unicast GET request to /.well-known/core and including a
a Resource Type (rt) parameter [RFC6690] with the value "core.rd" in resource type (rt) parameter [RFC6690] with the value "core.rd" in
the query string. Likewise, a Resource Type parameter value of the query string. Likewise, a resource type parameter value of
"core.rd-lookup*" is used to discover the URIs for RD Lookup "core.rd-lookup*" is used to discover the URIs for RD lookup
operations, core.rd* is used to discover all URIs for RD operations. operations, and "core.rd*" is used to discover all URIs for RD
Upon success, the response will contain a payload with a link format operations. Upon success, the response will contain a payload with a
entry for each RD function discovered, indicating the URI of the RD link format entry for each RD function discovered, indicating the URI
function returned and the corresponding Resource Type. When of the RD function returned and the corresponding resource type.
performing multicast discovery, the multicast IP address used will When performing multicast discovery, the multicast IP address used
depend on the scope required and the multicast capabilities of the will depend on the scope required and the multicast capabilities of
network (see Section 9.5). the network (see Section 9.5).
An RD MAY provide hints about the content-formats it supports in the An RD MAY provide hints about the content formats it supports in the
links it exposes or registers, using the "ct" target attribute, as links it exposes or registers, using the "ct" target attribute, as
shown in the example below. Clients MAY use these hints to select shown in the example below. Clients MAY use these hints to select
alternate content-formats for interaction with the RD. alternate content formats for interaction with the RD.
HTTP does not support multicast and consequently only unicast HTTP does not support multicast, and, consequently, only unicast
discovery can be supported at the using the HTTP "/.well-known/core" discovery can be supported using the HTTP /.well-known/core resource.
resource.
RDs implementing this specification MUST support query filtering for RDs implementing this specification MUST support query filtering for
the rt parameter as defined in [RFC6690]. the rt parameter, as defined in [RFC6690].
While the link targets in this discovery step are often expressed in While the link targets in this discovery step are often expressed in
path-absolute form, this is not a requirement. Clients of the RD path-absolute form, this is not a requirement. Clients of the RD
SHOULD therefore accept URIs of all schemes they support, both as SHOULD therefore accept URIs of all schemes they support, both as
URIs and relative references, and not limit the set of discovered URIs and relative references, and not limit the set of discovered
URIs to those hosted at the address used for URI discovery. URIs to those hosted at the address used for URI discovery.
With security policies where the client requires the RD to be With security policies where the client requires the RD to be
authorized to act as an RD, that authorization may be limited to authorized to act as an RD, that authorization may be limited to
resources on which the authorized RD advertises the adequate resource resources on which the authorized RD advertises the adequate resource
types. Clients that have obtained links they can not rely on yet can types. Clients that have obtained links they cannot rely on yet can
repeat the URI discovery step at the /.well-known/core resource of repeat the "URI discovery" step at the /.well-known/core resource of
the indicated host to obtain the resource type information from an the indicated host to obtain the resource type information from an
authorized source. authorized source.
The URI Discovery operation can yield multiple URIs of a given The URI discovery operation can yield multiple URIs of a given
resource type. The client of the RD can use any of the discovered resource type. The client of the RD can try out any of the
addresses initially. discovered addresses.
The discovery request interface is specified as follows (this is The discovery request interface is specified as follows (this is
exactly the Well-Known Interface of [RFC6690] Section 4, with the exactly the well-known interface of [RFC6690], Section 4, with the
additional requirement that the server MUST support query filtering): additional requirement that the server MUST support query filtering):
Interaction: EP, CT or Client -> RD Interaction: EP, CT, or Client -> RD
Method: GET Method: GET
URI Template: /.well-known/core{?rt} URI Template: /.well-known/core{?rt}
URI Template Variables: rt := Resource Type. SHOULD contain one of URI Template Variables:
the values "core.rd", "core.rd-lookup*", "core.rd-lookup-res",
"core.rd-lookup-ep", or "core.rd*"
Accept: absent, application/link-format or any other media type rt := Resource Type. SHOULD contain one of the values "core.rd",
"core.rd-lookup*", "core.rd-lookup-res", "core.rd-lookup-ep",
or "core.rd*"
Accept: absent, application/link-format, or any other media type
representing web links representing web links
The following response is expected on this interface: The following response is expected on this interface:
Success: 2.05 "Content" or 200 "OK" with an application/link-format Success: 2.05 (Content) or 200 (OK) with an application/link-format
or other web link payload containing one or more matching entries or other web link payload containing one or more matching entries
for the RD resource. for the RD resource.
The following example shows an endpoint discovering an RD using this The following example shows an endpoint discovering an RD using this
interface, thus learning that the directory resource location, in interface, thus learning that the directory resource location in this
this example, is /rd, and that the content-format delivered by the example is /rd and that the content format delivered by the server
server hosting the resource is application/link-format (ct=40). Note hosting the resource is application/link-format (ct=40). Note that
that it is up to the RD to choose its RD locations. it is up to the RD to choose its RD locations.
Req: GET coap://[MCD1]/.well-known/core?rt=core.rd* Req: GET coap://[ff02::fe]/.well-known/core?rt=core.rd*
Res: 2.05 Content Res: 2.05 Content
Payload: Payload:
</rd>;rt=core.rd;ct=40, </rd>;rt=core.rd;ct=40,
</rd-lookup/ep>;rt=core.rd-lookup-ep;ct=40, </rd-lookup/ep>;rt=core.rd-lookup-ep;ct=40,
</rd-lookup/res>;rt=core.rd-lookup-res;ct=40 </rd-lookup/res>;rt=core.rd-lookup-res;ct=40
Figure 5: Example discovery exchange Figure 5: Example Discovery Exchange
The following example shows the way of indicating that a client may The following example shows the way of indicating that a client may
request alternate content-formats. The Content-Format code attribute request alternate content formats. The Content-Format code attribute
"ct" MAY include a space-separated sequence of Content-Format codes "ct" MAY include a space-separated sequence of Content-Format codes,
as specified in Section 7.2.1 of [RFC7252], indicating that multiple as specified in Section 7.2.1 of [RFC7252], indicating that multiple
content-formats are available. The example below shows the required content formats are available. The example below shows the required
Content-Format 40 (application/link-format) indicated as well as a Content-Format 40 (application/link-format) indicated, as well as
CBOR and JSON representation from [I-D.ietf-core-links-json] (which Concise Binary Object Representation (CBOR) and JSON representations
have no numeric values assigned yet, so they are shown as TBD64 and in the style of [CORE-LINKS-JSON] (for which the experimental values
TBD504 as in that draft). The RD resource locations /rd, and /rd- 65060 and 65050 are used in this example). The RD resource locations
lookup are example values. The server in this example also indicates /rd and /rd-lookup are example values. The server in this example
that it is capable of providing observation on resource lookups. also indicates that it is capable of providing observation on
resource lookups.
Req: GET coap://[MCD1]/.well-known/core?rt=core.rd* Req: GET coap://[ff02::fe]/.well-known/core?rt=core.rd*
Res: 2.05 Content Res: 2.05 Content
Payload: Payload:
</rd>;rt=core.rd;ct="40 65225", </rd>;rt=core.rd;ct=40,
</rd-lookup/res>;rt=core.rd-lookup-res;ct="40 TBD64 TBD504";obs, </rd-lookup/res>;rt=core.rd-lookup-res;ct="40 65060 65050";obs,
</rd-lookup/ep>;rt=core.rd-lookup-ep;ct="40 TBD64 TBD504" </rd-lookup/ep>;rt=core.rd-lookup-ep;ct="40 65060 65050"
Figure 6: Example discovery exchange indicating additional Figure 6: Example Discovery Exchange Indicating Additional
content-formats Content-Formats
For maintenance, management and debugging, it can be useful to For maintenance, management, and debugging, it can be useful to
identify the components that constitute the RD server. The identify the components that constitute the RD server. The
identification can be used to find client-server incompatibilities, identification can be used to find client-server incompatibilities,
supported features, required updates and other aspects. The Well- supported features, required updates, and other aspects. The well-
Known interface described in Section 4 of [RFC6690] can be used to known interface described in Section 4 of [RFC6690] can be used to
find such data. find such data.
It would typically be stored in an implementation information link It would typically be stored in an implementation information link
(as described in [I-D.bormann-t2trg-rel-impl]): (as described in [T2TRG-REL-IMPL]).
Req: GET /.well-known/core?rel=impl-info Req: GET /.well-known/core?rel=impl-info
Res: 2.05 Content Res: 2.05 Content
Payload: Payload:
<http://software.example.com/shiny-resource-directory/1.0beta1>; <http://software.example.com/shiny-resource-directory/1.0beta1>;
rel=impl-info rel=impl-info
Figure 7: Example exchange of obtaining implementation Figure 7: Example Exchange of Obtaining Implementation
information, using the relation type currently proposed in the Information Using the Relation Type Currently Proposed in
work-in-progress document [T2TRG-REL-IMPL]
Note that depending on the particular server's architecture, such a Note that, depending on the particular server's architecture, such a
link could be anchored at the RD server's root (as in this example), link could be anchored at the RD server's root (as in this example)
or at individual RD components. The latter is to be expected when or at individual RD components. The latter is to be expected when
different applications are run on the same server. different applications are run on the same server.
5. Registration 5. Registration
After discovering the location of an RD, a registrant-ep or CT MAY After discovering the location of an RD, a registrant-EP or CT MAY
register the resources of the registrant-ep using the registration register the resources of the registrant-EP using the registration
interface. This interface accepts a POST from an endpoint containing interface. This interface accepts a POST from an endpoint containing
the list of resources to be added to the directory as the message the list of resources to be added to the directory as the message
payload in the CoRE Link Format [RFC6690] or other representations of payload in the CoRE Link Format [RFC6690] or other representations of
web links, along with query parameters indicating the name of the web links, along with query parameters indicating the name of the
endpoint, and optionally the sector, lifetime and base URI of the endpoint and, optionally, the sector, lifetime, and base URI of the
registration. It is expected that other specifications will define registration. It is expected that other specifications will define
further parameters (see Section 9.3). The RD then creates a new further parameters (see Section 9.3). The RD then creates a new
registration resource in the RD and returns its location. The registration resource in the RD and returns its location. The
receiving endpoint MUST use that location when refreshing receiving endpoint MUST use that location when refreshing
registrations using this interface. Registration resources in the RD registrations using this interface. Registration resources in the RD
are kept active for the period indicated by the lifetime parameter. are kept active for the period indicated by the lifetime parameter.
The creating endpoint is responsible for refreshing the registration The creating endpoint is responsible for refreshing the registration
resource within this period using either the registration or update resource within this period, using either the registration or update
interface. The registration interface MUST be implemented to be interface. The registration interface MUST be implemented to be
idempotent, so that registering twice with the same endpoint idempotent, so that registering twice with the same endpoint
parameters ep and d (sector) does not create multiple registration parameters ep and d (sector) does not create multiple registration
resources. resources.
The following rules apply for a registration request targeting a The following rules apply for a registration request targeting a
given (ep, d) value pair: given (ep, d) value pair:
* When the (ep, d) value pair of the registration-request is * When the (ep, d) value pair of the registration request is
different from any existing registration, a new registration is different from any existing registration, a new registration is
generated. generated.
* When the (ep, d) value pair of the registration-request is equal * When the (ep, d) value pair of the registration request is equal
to an existing registration, the content and parameters of the to an existing registration, the content and parameters of the
existing registration are replaced with the content of the existing registration are replaced with the content of the
registration request. Like the later changes to registration registration request. As with changes to registration resources,
resources, security policies (Section 7) usually require such security policies (Section 7) usually require such requests to
requests to come from the same device. come from the same device.
The posted link-format document can (and typically does) contain The posted link-format document can (and typically does) contain
relative references both in its link targets and in its anchors, or relative references both in its link targets and in its anchors; it
contain empty anchors. The RD server needs to resolve these can also contain empty anchors. The RD server needs to resolve these
references in order to faithfully represent them in lookups. They references in order to faithfully represent them in lookups. They
are resolved against the base URI of the registration, which is are resolved against the base URI of the registration, which is
provided either explicitly in the "base" parameter or constructed provided either explicitly in the base parameter or constructed
implicitly from the requester's URI as constructed from its network implicitly from the requester's URI, as constructed from its network
address and scheme. address and scheme.
For media types to which Appendix C applies (i.e. documents in For media types to which Appendix C applies (i.e., documents in
application/link-format), request bodies MUST be expressed in Limited application/link-format), request bodies MUST be expressed in Limited
Link Format. Link Format.
The registration request interface is specified as follows: The registration request interface is specified as follows:
Interaction: EP or CT -> RD Interaction: EP or CT -> RD
Method: POST Method: POST
URI Template: {+rd}{?ep,d,lt,base,extra-attrs*} URI Template: {+rd}{?ep,d,lt,base,extra-attrs*}
URI Template Variables: rd := RD registration URI (mandatory). URI Template Variables:
This is the location of the RD, as obtained from discovery.
ep := Endpoint name (mostly mandatory). rd := RD registration URI (mandatory). This is the location of
The endpoint name is an identifier that MUST be unique within a the RD, as obtained from discovery.
sector.
ep := Endpoint name (mostly mandatory). The endpoint name is an
identifier that MUST be unique within a sector.
As the endpoint name is a Unicode string, it is encoded in As the endpoint name is a Unicode string, it is encoded in
UTF-8 (and possibly pct-encoded) during variable expansion (see UTF-8 (and possibly percent encoded) during variable expansion
[RFC6570] Section 3.2.1). The endpoint name MUST NOT contain (see [RFC6570], Section 3.2.1). The endpoint name MUST NOT
any character in the inclusive ranges 0-31 or 127-159. contain any character in the inclusive ranges 0-31 or 127-159.
The maximum length of this parameter is 63 UTF-8 encoded bytes. The maximum length of this parameter is 63 bytes encoded in
UTF-8.
If the RD is configured to recognize the endpoint to be If the RD is configured to recognize the endpoint that is to be
authorized to use exactly one endpoint name, the RD assigns authorized to use exactly one endpoint name, the RD assigns
that name. In that case, giving the endpoint name becomes that name. In that case, giving the endpoint name becomes
optional for the client; if the client gives any other endpoint optional for the client; if the client gives any other endpoint
name, it is not authorized to perform the registration. name, it is not authorized to perform the registration.
d := Sector (optional). The sector to d := Sector (optional). This is the sector to which this
which this endpoint belongs. When this parameter is not endpoint belongs. When this parameter is not present, the RD
present, the RD MAY associate the endpoint with a configured MAY associate the endpoint with a configured default sector
default sector (possibly based on the endpoint's authorization) (possibly based on the endpoint's authorization) or leave it
or leave it empty. empty.
The sector is encoded like the ep parameter, and is limited to The sector is encoded like the ep parameter and is limited to
63 UTF-8 encoded bytes as well. 63 bytes encoded in UTF-8 as well.
lt := Lifetime (optional). Lifetime of the lt := Lifetime (optional). This is the lifetime of the
registration in seconds. Range of 1-4294967295. If no registration in seconds, with a range of 1-4294967295. If no
lifetime is included in the initial registration, a default lifetime is included in the initial registration, a default
value of 90000 (25 hours) SHOULD be assumed. value of 90000 (25 hours) SHOULD be assumed.
base := Base URI (optional). This base := Base URI (optional). This parameter sets the base URI of
parameter sets the base URI of the registration, under which the registration, under which the relative links in the payload
the relative links in the payload are to be interpreted. The are to be interpreted. The specified URI typically does not
specified URI typically does not have a path component of its have a path component of its own and MUST be suitable as a base
own, and MUST be suitable as a base URI to resolve any relative URI to resolve any relative references given in the
references given in the registration. The parameter is registration. The parameter is therefore usually of the shape
therefore usually of the shape "scheme://authority" for HTTP "scheme://authority" for HTTP and CoAP URIs. The URI SHOULD
and CoAP URIs. The URI SHOULD NOT have a query or fragment NOT have a query or fragment component, as any non-empty
component as any non-empty relative part in a reference would relative part in a reference would remove those parts from the
remove those parts from the resulting URI. resulting URI.
In the absence of this parameter the scheme of the protocol, In the absence of this parameter, the scheme of the protocol,
source address and source port of the registration request are the source address, and the source port of the registration
assumed. The Base URI is consecutively constructed by request are assumed. The base URI is consecutively constructed
concatenating the used protocol's scheme with the characters by concatenating the used protocol's scheme with the characters
"://", the requester's source address as an address literal and "://", the requester's source address as an address literal,
":" followed by its port (if it was not the protocol's default and ":" followed by its port (if it was not the protocol's
one) in analogy to [RFC7252] Section 6.5. default one). This is analogous to the process described in
[RFC7252], Section 6.5.
This parameter is mandatory when the directory is filled by a This parameter is mandatory when the directory is filled by a
third party such as an commissioning tool. third party, such as a commissioning tool.
If the registrant-ep uses an ephemeral port to register with, If the registrant-EP uses an ephemeral port to register with,
it MUST include the base parameter in the registration to it MUST include the base parameter in the registration to
provide a valid network path. provide a valid network path.
A registrant that cannot be reached by potential lookup clients A registrant that cannot be reached by potential lookup clients
at the address it registers from (e.g. because it is behind at the address it registers from (e.g., because it is behind
some form of Network Address Translation (NAT)) MUST provide a some form of Network Address Translation (NAT)) MUST provide a
reachable base address with its registration. reachable base address with its registration.
If the Base URI contains a link-local IP literal, it MUST NOT If the base URI contains a link-local IP literal, it MUST NOT
contain a Zone Identifier, and MUST be local to the link on contain a Zone Identifier and MUST be local to the link on
which the registration request is received. which the registration request is received.
Endpoints that register with a base that contains a path Endpoints that register with a base that contains a path
component cannot efficiently express their registrations in component cannot efficiently express their registrations in
Limited Link Format (Appendix C). Those applications should Limited Link Format (Appendix C). Those applications should
use different representations of links to which Appendix C is use different representations of links to which Appendix C is
not applicable (e.g. [I-D.hartke-t2trg-coral]). not applicable (e.g., [CORE-CORAL]).
extra-attrs := Additional registration extra-attrs := Additional registration attributes (optional).
attributes (optional). The endpoint can pass any parameter The endpoint can pass any parameter registered in Section 9.3
registered at Section 9.3 to the directory. If the RD is aware to the directory. If the RD is aware of the parameter's
of the parameter's specified semantics, it processes it specified semantics, it processes the parameter accordingly.
accordingly. Otherwise, it MUST store the unknown key and its Otherwise, it MUST store the unknown key and its value(s) as an
value(s) as an endpoint attribute for further lookup. endpoint attribute for further lookup.
Content-Format: application/link-format or any other indicated media Content-Format: application/link-format or any other indicated media
type representing web links type representing web links
The following response is expected on this interface: The following response is expected on this interface:
Success: 2.01 "Created" or 201 "Created". The Location-Path option Success: 2.01 (Created) or 201 (Created). The Location-Path option
or Location header field MUST be included in the response. This or Location header field MUST be included in the response. This
location MUST be a stable identifier generated by the RD as it is location MUST be a stable identifier generated by the RD, as it is
used for all subsequent operations on this registration resource. used for all subsequent operations on this registration resource.
The registration resource location thus returned is for the The registration resource location thus returned is for the
purpose of updating the lifetime of the registration and for purpose of updating the lifetime of the registration and for
maintaining the content of the registered links, including maintaining the content of the registered links, including
updating and deleting links. updating and deleting links.
A registration with an already registered ep and d value pair A registration with an already-registered ep and d value pair
responds with the same success code and location as the original responds with the same success code and location as the original
registration; the set of links registered with the endpoint is registration; the set of links registered with the endpoint is
replaced with the links from the payload. replaced with the links from the payload.
The location MUST NOT have a query or fragment component, as that The location MUST NOT have a query or fragment component, as that
could conflict with query parameters during the Registration could conflict with query parameters during the registration
Update operation. Therefore, the Location-Query option MUST NOT update operation. Therefore, the Location-Query option MUST NOT
be present in a successful response. be present in a successful response.
If the registration fails, including request timeouts, or if delays If the registration fails, including request timeouts, or if delays
from Service Unavailable responses with Max-Age or Retry-After from Service Unavailable responses with Max-Age or Retry-After
accumulate to exceed the registrant's configured timeouts, it SHOULD accumulate to exceed the registrant's configured timeouts, it SHOULD
pick another registration URI from the "URI Discovery" step and if pick another registration URI from the "URI discovery" step of
there is only one or the list is exhausted, pick other choices from Section 4.3, and, if there is only one or the list is exhausted, pick
the "Finding a Resource Directory" step. Care has to be taken to other choices from the "finding a resource directory" step of
consider the freshness of results obtained earlier, e.g. of the Section 4.1. Care has to be taken to consider the freshness of
result of a "/.well-known/core" response, the lifetime of an RDAO results obtained earlier, e.g., the result of a /.well-known/core
option and of DNS responses. Any rate limits and persistent errors response, the lifetime of an RDAO, and DNS responses. Any rate
from the "Finding a Resource Directory" step must be considered for limits and persistent errors from the "finding a resource directory"
the whole registration time, not only for a single operation. step must be considered for the whole registration time, not only for
a single operation.
The following example shows a registrant-ep with the name "node1" The following example shows a registrant-EP with the name "node1"
registering two resources to an RD using this interface. The registering two resources to an RD using this interface. The
location "/rd" is an example RD location discovered in a request location "/rd" is an example RD location discovered in a request
similar to Figure 5. similar to Figure 5.
Req: POST coap://rd.example.com/rd?ep=node1 Req: POST coap://rd.example.com/rd?ep=node1
Content-Format: 40 Content-Format: 40
Payload: Payload:
</sensors/temp>;rt=temperature-c;if=sensor, </sensors/temp>;rt=temperature-c;if=sensor,
<http://www.example.com/sensors/temp>; <http://www.example.com/sensors/temp>;
anchor="/sensors/temp";rel=describedby anchor="/sensors/temp";rel=describedby
Res: 2.01 Created Res: 2.01 Created
Location-Path: /rd/4521 Location-Path: /rd/4521
Figure 8: Example registration payload Figure 8: Example Registration Payload
An RD may optionally support HTTP. Here is an example of almost the An RD may optionally support HTTP. Here is an example of almost the
same registration operation above, when done using HTTP. same registration operation above when done using HTTP.
Req: Req:
POST /rd?ep=node1&base=http://[2001:db8:1::1] HTTP/1.1 POST /rd?ep=node1&base=http://[2001:db8:1::1] HTTP/1.1
Host: rd.example.com Host: rd.example.com
Content-Type: application/link-format Content-Type: application/link-format
</sensors/temp>;rt=temperature-c;if=sensor, </sensors/temp>;rt=temperature-c;if=sensor,
<http://www.example.com/sensors/temp>; <http://www.example.com/sensors/temp>;
anchor="/sensors/temp";rel=describedby anchor="/sensors/temp";rel=describedby
Res: Res:
HTTP/1.1 201 Created HTTP/1.1 201 Created
Location: /rd/4521 Location: /rd/4521
Figure 9: Example registration payload as expressed using HTTP Figure 9: Example Registration Payload as Expressed Using HTTP
5.1. Simple Registration 5.1. Simple Registration
Not all endpoints hosting resources are expected to know how to Not all endpoints hosting resources are expected to know how to
upload links to an RD as described in Section 5. Instead, simple upload links to an RD, as described in Section 5. Instead, simple
endpoints can implement the Simple Registration approach described in endpoints can implement the simple registration approach described in
this section. An RD implementing this specification MUST implement this section. An RD implementing this specification MUST implement
Simple Registration. However, there may be security reasons why this simple registration. However, there may be security reasons why this
form of directory discovery would be disabled. form of directory discovery would be disabled.
This approach requires that the registrant-ep makes available the This approach requires that the registrant-EP makes available the
hosted resources that it wants to be discovered, as links on its hosted resources that it wants to be discovered as links on its
"/.well-known/core" interface as specified in [RFC6690]. The links /.well-known/core interface, as specified in [RFC6690]. The links in
in that document are subject to the same limitations as the payload that document are subject to the same limitations as the payload of a
of a registration (with respect to Appendix C). registration (with respect to Appendix C).
* The registrant-ep finds one or more addresses of the directory * The registrant-EP finds one or more addresses of the directory
server as described in Section 4.1. server, as described in Section 4.1.
* The registrant-ep sends (and regularly refreshes with) a POST * The registrant-EP sends (and regularly refreshes with) a POST
request to the "/.well-known/rd" URI of the directory server of request to the /.well-known/rd URI of the directory server of
choice. The body of the POST request is empty, and triggers the choice. The body of the POST request is empty and triggers the
resource directory server to perform GET requests at the resource directory server to perform GET requests (redone before
requesting registrant-ep's /.well-known/core to obtain the link- lifetime expiry) at the requesting registrant-EP's /.well-known/
format payload to register. core to obtain the link-format payload to register.
The registrant-ep includes the same registration parameters in the The registrant-EP includes the same registration parameters in the
POST request as it would with a regular registration per POST request as it would with a regular registration, per
Section 5. The registration base URI of the registration is taken Section 5. The registration base URI of the registration is taken
from the registrant-ep's network address (as is default with from the registrant-EP's network address (as is default with
regular registrations). regular registrations).
Example request from registrant-EP to RD (unanswered until the The following is an example request from the registrant-EP to the
next step): RD (unanswered until the next step):
Req: POST /.well-known/rd?lt=6000&ep=node1 Req: POST /.well-known/rd?lt=6000&ep=node1
(No payload) (No payload)
Figure 10: First half example exchange of a simple registration Figure 10: First-Half Example Exchange of a Simple Registration
* The RD queries the registrant-ep's discovery resource to determine * The RD queries the registrant-EP's discovery resource to determine
the success of the operation. It SHOULD keep a cache of the the success of the operation. It SHOULD keep a cache of the
discovery resource and not query it again as long as it is fresh. discovery resource and not query it again as long as it is fresh.
Example request from the RD to the registrant-EP: The following is an example request from the RD to the registrant-
EP:
Req: GET /.well-known/core Req: GET /.well-known/core
Accept: 40 Accept: 40
Res: 2.05 Content Res: 2.05 Content
Content-Format: 40 Content-Format: 40
Payload: Payload:
</sen/temp> </sen/temp>
Figure 11: Example exchange of the RD querying the simple endpoint Figure 11: Example Exchange of the RD Querying the Simple Endpoint
With this response, the RD would answer the previous step's request: With this response, the RD would answer the previous step's request:
Res: 2.04 Changed Res: 2.04 Changed
Figure 12: Second half example exchange of a simple registration Figure 12: Second-Half Example Exchange of a Simple Registration
The sequence of fetching the registration content before sending a The sequence of fetching the registration content before sending a
successful response was chosen to make responses reliable, and the successful response was chosen to make responses reliable, and the
point about caching was chosen to still allow very constrained point about caching was chosen to still allow very constrained
registrants. Registrants MUST be able to serve a GET request to registrants. Registrants MUST be able to serve a GET request to
"/.well-known/core" after having requested registration. Constrained /.well-known/core after having requested registration. Constrained
devices MAY regard the initial request as temporarily failed when devices MAY regard the initial request as temporarily failed when
they need RAM occupied by their own request to serve the RD's GET, they need RAM occupied by their own request to serve the RD's GET and
and retry later when the RD already has a cached representation of retry later when the RD already has a cached representation of their
their discovery resources. Then, the RD can reply immediately and discovery resources. Then, the RD can reply immediately, and the
the registrant can receive the response. registrant can receive the response.
The simple registration request interface is specified as follows: The simple registration request interface is specified as follows:
Interaction: EP -> RD Interaction: EP -> RD
Method: POST Method: POST
URI Template: /.well-known/rd{?ep,d,lt,extra-attrs*} URI Template: /.well-known/rd{?ep,d,lt,extra-attrs*}
URI Template Variables are as they are for registration in Section 5. URI Template Variables are the same as for registration in Section 5.
The base attribute is not accepted to keep the registration interface The base attribute is not accepted to keep the registration interface
simple; that rules out registration over CoAP-over-TCP or HTTP that simple; that rules out registration over CoAP-over-TCP or HTTP that
would need to specify one. For some time during this document's would need to specify one. For some time during this document's
development, the URI template "/.well-known/core{?ep,...}" has been development, the URI Template /.well-known/core{?ep,...} was in use
in use instead. instead.
The following response is expected on this interface: The following response is expected on this interface:
Success: 2.04 "Changed". Success: 2.04 (Changed)
For the second interaction triggered by the above, the registrant-ep For the second interaction triggered by the above, the registrant-EP
takes the role of server and the RD the role of client. (Note that takes the role of server and the RD takes the role of client. (Note
this is exactly the Well-Known Interface of [RFC6690] Section 4): that this is exactly the well-known interface of [RFC6690],
Section 4):
Interaction: RD -> EP Interaction: RD -> EP
Method: GET Method: GET
URI Template: /.well-known/core URI Template: /.well-known/core
The following response is expected on this interface: The following response is expected on this interface:
Success: 2.05 "Content". Success: 2.05 (Content)
When the RD uses any authorization credentials to access the When the RD uses any authorization credentials to access the
endpoint's discovery resource, or when it is deployed in a location endpoint's discovery resource or when it is deployed in a location
where third parties might reach it but not the endpoint, it SHOULD where third parties might reach it but not the endpoint, it SHOULD
verify that the apparent registrant-ep intends to register with the verify that the apparent registrant-EP intends to register with the
given registration parameters before revealing the obtained discovery given registration parameters before revealing the obtained discovery
information to lookup clients. An easy way to do that is to verify information to lookup clients. An easy way to do that is to verify
the simple registration request's sender address using the Echo the simple registration request's sender address using the Echo
option as described in [I-D.ietf-core-echo-request-tag] Section 2.4. option, as described in [RFC9175], Section 2.4.
The RD MUST delete registrations created by simple registration after The RD MUST delete registrations created by simple registration after
the expiration of their lifetime. Additional operations on the the expiration of their lifetime. Additional operations on the
registration resource cannot be executed because no registration registration resource cannot be executed because no registration
location is returned. location is returned.
5.2. Third-party registration 5.2. Third-Party Registration
For some applications, even Simple Registration may be too taxing for For some applications, even simple registration may be too taxing for
some very constrained devices, in particular if the security some very constrained devices, in particular, if the security
requirements become too onerous. requirements become too onerous.
In a controlled environment (e.g. building control), the RD can be In a controlled environment (e.g., building control), the RD can be
filled by a third party device, called a Commissioning Tool (CT). filled by a third-party device, called a Commissioning Tool (CT).
The commissioning tool can fill the RD from a database or other The CT can fill the RD from a database or other means. For that
means. For that purpose scheme, IP address and port of the URI of purpose scheme, the IP address and port of the URI of the registered
the registered device is the value of the "base" parameter of the device is the value of the "base" parameter of the registration
registration described in Section 5. described in Section 5.
It should be noted that the value of the "base" parameter applies to It should be noted that the value of the "base" parameter applies to
all the links of the registration and has consequences for the anchor all the links of the registration and has consequences for the anchor
value of the individual links as exemplified in Appendix B. An value of the individual links, as exemplified in Appendix B. A
eventual (currently non-existing) "base" attribute of the link is not potential (currently nonexistent) "base" attribute of the link is not
affected by the value of "base" parameter in the registration. affected by the value of "base" parameter in the registration.
5.3. Operations on the Registration Resource 5.3. Operations on the Registration Resource
This section describes how the registering endpoint can maintain the This section describes how the registering endpoint can maintain the
registrations that it created. The registering endpoint can be the registrations that it created. The registering endpoint can be the
registrant-ep or the CT. The registrations are resources of the RD. registrant-EP or the CT. The registrations are resources of the RD.
An endpoint should not use this interface for registrations that it An endpoint should not use this interface for registrations that it
did not create. This is usually enforced by security policies, which did not create. This is usually enforced by security policies,
in general require equivalent credentials for creation of and which, in general, require equivalent credentials for creation of and
operations on a registration. operations on a registration.
After the initial registration, the registering endpoint retains the After the initial registration, the registering endpoint retains the
returned location of the registration resource for further returned location of the registration resource for further
operations, including refreshing the registration in order to extend operations, including refreshing the registration in order to extend
the lifetime and "keep-alive" the registration. When the lifetime of the lifetime and "keep-alive" the registration. When the lifetime of
the registration has expired, the RD SHOULD NOT respond to discovery the registration has expired, the RD SHOULD NOT respond to discovery
queries concerning this endpoint. The RD SHOULD continue to provide queries concerning this endpoint. The RD SHOULD continue to provide
access to the registration resource after a registration time-out access to the registration resource after a registration timeout
occurs in order to enable the registering endpoint to eventually occurs in order to enable the registering endpoint to eventually
refresh the registration. The RD MAY eventually remove the refresh the registration. The RD MAY eventually remove the
registration resource for the purpose of garbage collection. If the registration resource for the purpose of garbage collection. If the
registration resource is removed, the corresponding endpoint will registration resource is removed, the corresponding endpoint will
need to be re-registered. need to be reregistered.
The registration resource may also be used cancel the registration The registration resource may also be used to cancel the registration
using DELETE, and to perform further operations beyond the scope of using DELETE and to perform further operations beyond the scope of
this specification. this specification.
Operations on the registration resource are sensitive to reordering; Operations on the registration resource are sensitive to reordering;
Section 5.3.4 describes how order is restored. Section 5.3.4 describes how order is restored.
The operations on the registration resource are described below. The operations on the registration resource are described below.
5.3.1. Registration Update 5.3.1. Registration Update
The update interface is used by the registering endpoint to refresh The update interface is used by the registering endpoint to refresh
or update its registration with an RD. To use the interface, the or update its registration with an RD. To use the interface, the
registering endpoint sends a POST request to the registration registering endpoint sends a POST request to the registration
resource returned by the initial registration operation. resource returned by the initial registration operation.
An update MAY update registration parameters like lifetime, base URI An update MAY update registration parameters, such as lifetime, base
or others. Parameters that are not being changed should not be URI, or others. Parameters that are not being changed should not be
included in an update. Adding parameters that have not changed included in an update. Adding parameters that have not changed
increases the size of the message but does not have any other increases the size of the message but does not have any other
implications. Parameters are included as query parameters in an implications. Parameters are included as query parameters in an
update operation as in Section 5. update operation, as in Section 5.
A registration update resets the timeout of the registration to the A registration update resets the timeout of the registration to the
(possibly updated) lifetime of the registration, independent of (possibly updated) lifetime of the registration, independent of
whether a "lt" parameter was given. whether an lt parameter was given.
If the base URI of the registration is changed in an update, relative If the base URI of the registration is changed in an update, relative
references submitted in the original registration or later updates references submitted in the original registration or later updates
are resolved anew against the new base. are resolved anew against the new base.
The registration update operation only describes the use of POST with The registration update operation only describes the use of POST with
an empty payload. Future standards might describe the semantics of an empty payload. Future standards might describe the semantics of
using content formats and payloads with the POST method to update the using content formats and payloads with the POST method to update the
links of a registration (see Section 5.3.3). links of a registration (see Section 5.3.3).
The update registration request interface is specified as follows: The update registration request interface is specified as follows:
Interaction: EP or CT -> RD Interaction: EP or CT -> RD
Method: POST Method: POST
URI Template: {+location}{?lt,base,extra-attrs*} URI Template: {+location}{?lt,base,extra-attrs*}
URI Template Variables: location := This is the Location returned URI Template Variables:
by the RD as a result of a successful earlier registration.
lt := Lifetime (optional). Lifetime of the location := This is the location returned by the RD as a result
registration in seconds. Range of 1-4294967295. If no of a successful earlier registration.
lt := Lifetime (optional). This is the lifetime of the
registration in seconds, with a range of 1-4294967295. If no
lifetime is included, the previous last lifetime set on a lifetime is included, the previous last lifetime set on a
previous update or the original registration (falling back to previous update or the original registration (falling back to
90000) SHOULD be used. 90000) SHOULD be used.
base := Base URI (optional). This base := Base URI (optional). This parameter updates the base URI
parameter updates the Base URI established in the original established in the original registration to a new value and is
registration to a new value, and is subject to the same subject to the same restrictions as in the registration.
restrictions as in the registration.
If the parameter is set in an update, it is stored by the RD as If the parameter is set in an update, it is stored by the RD as
the new Base URI under which to interpret the relative links the new base URI under which to interpret the relative links
present in the payload of the original registration. present in the payload of the original registration.
If the parameter is not set in the request but was set before, If the parameter is not set in the request but was set before,
the previous Base URI value is kept unmodified. the previous base URI value is kept unmodified.
If the parameter is not set in the request and was not set If the parameter is not set in the request and was not set
before either, the source address and source port of the update before either, the source address and source port of the update
request are stored as the Base URI. request are stored as the base URI.
extra-attrs := Additional registration
attributes (optional). As with the registration, the RD extra-attrs := Additional registration attributes (optional). As
processes them if it knows their semantics. Otherwise, unknown with the registration, the RD processes them if it knows their
attributes are stored as endpoint attributes, overriding any semantics. Otherwise, unknown attributes are stored as
previously stored endpoint attributes of the same key. endpoint attributes, overriding any previously stored endpoint
attributes of the same key.
Note that this default behavior does not allow removing an Note that this default behavior does not allow removing an
endpoint attribute in an update. For attributes whose endpoint attribute in an update. For attributes whose
functionality depends on the endpoints' ability to remove them functionality depends on the endpoints' ability to remove them
in an update, it can make sense to define a value whose in an update, it can make sense to define a value whose
presence is equivalent to the absence of a value. As an presence is equivalent to the absence of a value. As an
alternative, an extension can define different updating rules alternative, an extension can define different updating rules
for their attributes. That necessitates either discovery of for their attributes. That necessitates either discovering
whether the RD is aware of that extension, or tolerating the whether the RD is aware of that extension or tolerating the
default behavior. default behavior.
Content-Format: none (no payload) Content-Format: none (no payload)
The following responses are expected on this interface: The following responses are expected on this interface:
Success: 2.04 "Changed" or 204 "No Content" if the update was Success: 2.04 (Changed) or 204 (No Content) if the update was
successfully processed. successfully processed.
Failure: 4.04 "Not Found" or 404 "Not Found". Registration does not Failure: 4.04 (Not Found) or 404 (Not Found). Registration does not
exist (e.g. may have been removed). exist (e.g., may have been removed).
If the registration update fails in any way, including "Not Found" If the registration update fails in any way, including "Not Found"
and request timeouts, or if the time indicated in a Service and request timeouts, or if the time indicated in a Service
Unavailable Max-Age/Retry-After exceeds the remaining lifetime, the Unavailable Max-Age/Retry-After exceeds the remaining lifetime, the
registering endpoint SHOULD attempt registration again. registering endpoint SHOULD attempt registration again.
The following example shows how the registering endpoint resets the The following example shows how the registering endpoint resets the
timeout on its registration resource at an RD using this interface timeout on its registration resource at an RD using this interface
with the example location value: /rd/4521. with the example location value /rd/4521:
Req: POST /rd/4521 Req: POST /rd/4521
Res: 2.04 Changed Res: 2.04 Changed
Figure 13: Example update of a registration Figure 13: Example Update of a Registration
The following example shows the registering endpoint updating its The following example shows the registering endpoint updating its
registration resource at an RD using this interface with the example registration resource at an RD using this interface with the example
location value: /rd/4521. The initial registration by the location value /rd/4521. The initial registration by the registering
registering endpoint set the following values: endpoint set the following values:
* endpoint name (ep)=endpoint1 * endpoint name (ep)=endpoint1
* lifetime (lt)=500 * lifetime (lt)=500
* Base URI (base)=coap://local-proxy-old.example.com
* base URI (base)=coap://local-proxy-old.example.com
* payload of Figure 8 * payload of Figure 8
The initial state of the RD is reflected in the following request: The initial state of the RD is reflected in the following request:
Req: GET /rd-lookup/res?ep=endpoint1 Req: GET /rd-lookup/res?ep=endpoint1
Res: 2.05 Content Res: 2.05 Content
Payload: Payload:
<coap://local-proxy-old.example.com/sensors/temp>; <coap://local-proxy-old.example.com/sensors/temp>;
rt=temperature-c;if=sensor, rt=temperature-c;if=sensor,
<http://www.example.com/sensors/temp>; <http://www.example.com/sensors/temp>;
anchor="coap://local-proxy-old.example.com/sensors/temp"; anchor="coap://local-proxy-old.example.com/sensors/temp";
rel=describedby rel=describedby
Figure 14: Example lookup before a change to the base address Figure 14: Example Lookup Before a Change to the Base Address
The following example shows the registering endpoint changing the The following example shows the registering endpoint changing the
Base URI to "coaps://new.example.com:5684": base URI to coaps://new.example.com:5684:
Req: POST /rd/4521?base=coaps://new.example.com Req: POST /rd/4521?base=coaps://new.example.com
Res: 2.04 Changed Res: 2.04 Changed
Figure 15: Example registration update that changes the base address Figure 15: Example Registration Update that Changes the Base Address
The consecutive query returns: The consecutive query returns:
Req: GET /rd-lookup/res?ep=endpoint1 Req: GET /rd-lookup/res?ep=endpoint1
Res: 2.05 Content Res: 2.05 Content
Payload: Payload:
<coaps://new.example.com/sensors/temp>; <coaps://new.example.com/sensors/temp>;
rt=temperature-c;if=sensor, rt=temperature-c;if=sensor,
<http://www.example.com/sensors/temp>; <http://www.example.com/sensors/temp>;
anchor="coaps://new.example.com/sensors/temp"; anchor="coaps://new.example.com/sensors/temp";
rel=describedby rel=describedby
Figure 16: Example lookup after a change to the base address Figure 16: Example Lookup After a Change to the Base Address
5.3.2. Registration Removal 5.3.2. Registration Removal
Although RD registrations have soft state and will eventually timeout Although RD registrations have soft state and will eventually time
after their lifetime, the registering endpoint SHOULD explicitly out after their lifetime, the registering endpoint SHOULD explicitly
remove an entry from the RD if it knows it will no longer be remove an entry from the RD if it knows it will no longer be
available (for example on shut-down). This is accomplished using a available (for example, on shutdown). This is accomplished using a
removal interface on the RD by performing a DELETE on the endpoint removal interface on the RD by performing a DELETE on the endpoint
resource. resource.
The removal request interface is specified as follows: The removal request interface is specified as follows:
Interaction: EP or CT -> RD Interaction: EP or CT -> RD
Method: DELETE Method: DELETE
URI Template: {+location} URI Template: {+location}
URI Template Variables: location := This is the Location returned URI Template Variables:
by the RD as a result of a successful earlier registration.
location := This is the location returned by the RD as a result
of a successful earlier registration.
The following responses are expected on this interface: The following responses are expected on this interface:
Success: 2.02 "Deleted" or 204 "No Content" upon successful deletion Success: 2.02 (Deleted) or 204 (No Content) upon successful
deletion.
Failure: 4.04 "Not Found" or 404 "Not Found". Registration does not Failure: 4.04 (Not Found) or 404 (Not Found). Registration does not
exist (e.g. may already have been removed). exist (e.g., may already have been removed).
The following examples shows successful removal of the endpoint from The following example shows successful removal of the endpoint from
the RD with example location value /rd/4521. the RD with example location value /rd/4521:
Req: DELETE /rd/4521 Req: DELETE /rd/4521
Res: 2.02 Deleted Res: 2.02 Deleted
Figure 17: Example of a registration removal Figure 17: Example of a Registration Removal
5.3.3. Further operations 5.3.3. Further Operations
Additional operations on the registration can be specified in future Additional operations on the registration can be specified in future
documents, for example: documents, for example:
* Send iPATCH (or PATCH) updates ([RFC8132]) to add, remove or * Send iPATCH (or PATCH) updates [RFC8132] to add, remove, or change
change the links of a registration. the links of a registration.
* Use GET to read the currently stored set of links in a * Use GET to read the currently stored set of links in a
registration resource. registration resource.
Those operations are out of scope of this document, and will require Those operations are out of scope of this document and will require
media types suitable for modifying sets of links. media types suitable for modifying sets of links.
5.3.4. Request freshness 5.3.4. Request Freshness
Some security mechanisms usable with an RD allow out of order request Some security mechanisms usable with an RD allow out-of-order request
processing, or do not even mandate replay protection at all. The RD processing or do not even mandate replay protection at all. The RD
needs to ensure that operations on the registration resource are needs to ensure that operations on the registration resource are
executed in an order that does not distort the client's intentions. executed in an order that does not distort the client's intentions.
This ordering of operations is expressed in terms of freshness as This ordering of operations is expressed in terms of freshness, as
defined in [I-D.ietf-core-echo-request-tag]. Requests that alter a defined in [RFC9175]. Requests that alter a resource's state need to
resource's state need to be fresh relative to the latest request that be fresh relative to the latest request that altered that state in a
altered that state in a conflicting way. conflicting way.
An RD SHOULD determine a request's freshness, and MUST use the Echo An RD SHOULD determine a request's freshness and MUST use the Echo
option if it requires request freshness and can not determine the it option if it requires request freshness and cannot determine it in
in any other way. An endpoint MUST support the use of the Echo any other way. An endpoint MUST support the use of the Echo option.
option. (One reason why an RD would not require freshness is when no (One reason why an RD would not require freshness is when no relevant
relevant registration properties are covered by is security registration properties are covered by its security policies.)
policies.)
5.3.4.1. Efficient use of Echo by an RD 5.3.4.1. Efficient Use of Echo by an RD
To keep latency and traffic added by the freshness requirements to a To keep latency and traffic added by the freshness requirements to a
minimum, RDs should avoid naive (sufficient but inefficient) minimum, RDs should avoid naive (sufficient but inefficient)
freshness criteria. freshness criteria.
Some simple mechanisms the RD can employ are: Some simple mechanisms the RD can employ are:
* State counter. The RD can keep a monotonous counter that * State counter. The RD can keep a monotonous counter that
increments whenever a registration changes. For every increments whenever a registration changes. For every
registration resource, it stores the post-increment value of that registration resource, it stores the post-increment value of that
resource's last change. Requests altering them need to have at resource's last change. Requests altering them need to have at
least that value encoded in their Echo option, and are otherwise least that value encoded in their Echo option and are otherwise
rejected with a 4.01 Unauthorized and the current counter value as rejected with a 4.01 (Unauthorized) and the current counter value
the Echo value. If other applications on the same server use Echo as the Echo value. If other applications on the same server use
as well, that encoding may include a prefix indicating that it Echo as well, that encoding may include a prefix indicating that
pertains to the RD's counter. it pertains to the RD's counter.
The value associated with a resource needs to be kept across the The value associated with a resource needs to be kept across the
removal of registrations if the same registration resource is to removal of registrations if the same registration resource is to
be reused. be reused.
The counter can be reset (and the values of removed resources The counter can be reset (and the values of removed resources
forgotten) when all previous security associations are reset. forgotten) when all previous security associations are reset.
This is the "Persistent Counter" method of This is the "Persistent Counter" method of [RFC9175], Appendix A.
[I-D.ietf-core-echo-request-tag] Appendix A.
* Preemptive Echo values. The current state counter can be sent in * Preemptive Echo values. The current state counter can be sent in
an Echo option not only when requests are rejected with 4.01 an Echo option not only when requests are rejected with 4.01
Unauthorized, but also with successful responses. Thus, clients (Unauthorized) but also with successful responses. Thus, clients
can be provided with Echo values sufficient for their next request can be provided with Echo values sufficient for their next request
on a regular basis. on a regular basis. This is also described in Section 2.3 of
[RFC9175]
While endpoints may discard received Echo values at leisure While endpoints may discard received Echo values at leisure
between requests, they are encouraged to retain these values for between requests, they are encouraged to retain these values for
the next request to avoid additional round trips. the next request to avoid additional round trips.
* If the RD can ensure that only one security association has * If the RD can ensure that only one security association has
modifying access to any registration at any given time, and that modifying access to any registration at any given time and that
security association provides order on the requests, that order is security association provides order on the requests, that order is
sufficient to show request freshness. sufficient to show request freshness.
5.3.4.2. Examples of Echo usage 5.3.4.2. Examples of Echo Usage
Figure 18 shows the interactions of an endpoint that has forgotten Figure 18 shows the interactions of an endpoint that has forgotten
the server's latest Echo value and temporarily reduces its the server's latest Echo value and temporarily reduces its
registration lifetime: registration lifetime:
Req: POST /rd/4521?lt=7200 Req: POST /rd/4521?lt=7200
Res: 4.01 Unauthorized Res: 4.01 Unauthorized
Echo: 0x0123 Echo: 0x0123
(EP tries again immediately) (EP tries again immediately.)
Req: POST /rd/4521?lt=7200 Req: POST /rd/4521?lt=7200
Echo: 0x0123 Echo: 0x0123
Res: 2.04 Changed Res: 2.04 Changed
Echo: 0x0124 Echo: 0x0124
(Later the EP regains its confidence in its long-term reachability) (Later, the EP regains its confidence in its long-term reachability.)
Req: POST /rd/4521?lt=90000 Req: POST /rd/4521?lt=90000
Echo: 0x0124 Echo: 0x0124
Res: 2.04 Changed Res: 2.04 Changed
Echo: 0x0247 Echo: 0x0247
Figure 18: Example update of a registration Figure 18: Example Update of a Registration
The other examples do not show Echo options for simplicity, and The other examples do not show Echo options for two reasons: (1) for
because they lack the context for any example values to have meaning. simplicity and (2) because they lack the context for any example
values to have meaning.
6. RD Lookup 6. RD Lookup
To discover the resources registered with the RD, a lookup interface To discover the resources registered with the RD, a lookup interface
must be provided. This lookup interface is defined as a default, and must be provided. This lookup interface is defined as a default, and
it is assumed that RDs may also support lookups to return resource it is assumed that RDs may also support lookups to return resource
descriptions in alternative formats (e.g. JSON or CBOR link format descriptions in alternative formats (e.g., JSON or CBOR link format
[I-D.ietf-core-links-json]) or using more advanced interfaces (e.g. [CORE-LINKS-JSON]) or use more advanced interfaces (e.g., supporting
supporting context or semantic based lookup) on different resources context- or semantic-based lookup) on different resources that are
that are discovered independently. discovered independently.
RD Lookup allows lookups for endpoints and resources using attributes RD lookup allows lookups for endpoints and resources using attributes
defined in this document and for use with the CoRE Link Format. The defined in this document and for use with the CoRE Link Format. The
result of a lookup request is the list of links (if any) result of a lookup request is the list of links (if any)
corresponding to the type of lookup. Thus, an endpoint lookup MUST corresponding to the type of lookup. Thus, an endpoint lookup MUST
return a list of endpoints and a resource lookup MUST return a list return a list of endpoints, and a resource lookup MUST return a list
of links to resources. of links to resources.
The lookup type is selected by a URI endpoint, which is indicated by The lookup type implemented by a lookup resource is indicated by a
a Resource Type as per Table 1 below: resource type, as per Table 1:
+=============+====================+===========+ +=============+====================+===========+
| Lookup Type | Resource Type | Mandatory | | Lookup Type | Resource Type | Mandatory |
+=============+====================+===========+ +=============+====================+===========+
| Resource | core.rd-lookup-res | Mandatory | | Resource | core.rd-lookup-res | Mandatory |
+-------------+--------------------+-----------+ +-------------+--------------------+-----------+
| Endpoint | core.rd-lookup-ep | Mandatory | | Endpoint | core.rd-lookup-ep | Mandatory |
+-------------+--------------------+-----------+ +-------------+--------------------+-----------+
Table 1: Lookup Types Table 1: Lookup Types
6.1. Resource lookup 6.1. Resource Lookup
Resource lookup results in links that are semantically equivalent to Resource lookup results in links that are semantically equivalent to
the links submitted to the RD by the registrant. The links and link the links submitted to the RD by the registrant. The links and link
parameters returned by the lookup are equal to the originally parameters returned by the lookup are equal to the originally
submitted ones, except that the target reference is fully resolved, submitted ones, except that the target reference is fully resolved
and that the anchor reference is fully resolved if it is present in and that the anchor reference is fully resolved if it is present in
the lookup result at all. the lookup result at all.
Links that did not have an anchor attribute in the registration are Links that did not have an anchor attribute in the registration are
returned without an anchor attribute. Links of which href or anchor returned without an anchor attribute. Links of which href or anchor
was submitted as a (full) URI are returned with the respective was submitted as a (full) URI are returned with the respective
attribute unmodified. attribute unmodified.
The above rules allow the client to interpret the response as links The above rules allow the client to interpret the response as links
without any further knowledge of the storage conventions of the RD. without any further knowledge of the storage conventions of the RD.
The RD MAY replace the registration base URIs with a configured The RD MAY replace the registration base URIs with a configured
intermediate proxy, e.g. in the case of an HTTP lookup interface for intermediate proxy, e.g., in the case of an HTTP lookup interface for
CoAP endpoints. CoAP endpoints.
If the base URI of a registration contains a link-local address, the If the base URI of a registration contains a link-local address, the
RD MUST NOT show its links unless the lookup was made from the link RD MUST NOT show its links unless the lookup was made from the link
on which the registered endpoint can be reached. The RD MUST NOT on which the registered endpoint can be reached. The RD MUST NOT
include zone identifiers in the resolved URIs. include zone identifiers in the resolved URIs.
6.2. Lookup filtering 6.2. Lookup Filtering
Using the Accept Option, the requester can control whether the Using the Accept option, the requester can control whether the
returned list is returned in CoRE Link Format ("application/link- returned list is returned in CoRE Link Format (application/link-
format", default) or in alternate content-formats (e.g. from format, default) or in alternate content formats (e.g., from
[I-D.ietf-core-links-json]). [CORE-LINKS-JSON]).
Multiple search criteria MAY be included in a lookup. All included Multiple search criteria MAY be included in a lookup. All included
criteria MUST match for a link to be returned. The RD MUST support criteria MUST match for a link to be returned. The RD MUST support
matching with multiple search criteria. matching with multiple search criteria.
A link matches a search criterion if it has an attribute of the same A link matches a search criterion if it has an attribute of the same
name and the same value, allowing for a trailing "*" wildcard name and the same value, allowing for a trailing "*" wildcard
operator as in Section 4.1 of [RFC6690]. Attributes that are defined operator, as in Section 4.1 of [RFC6690]. Attributes that are
as "relation-types" (in the link-format ABNF) match if the search defined as relation-types (in the link-format ABNF) match if the
value matches any of their values (see Section 4.1 of [RFC6690]; e.g. search value matches any of their values (see Section 4.1 of
"?if=tag:example.net,2020:sensor" matches ";if="example.regname [RFC6690]; for example, ?if=tag:example.net,2020:sensor matches
tag:example.net,2020:sensor";"). A resource link also matches a ;if="example.regname tag:example.net,2020:sensor";. A resource link
search criterion if its endpoint would match the criterion, and vice also matches a search criterion if its endpoint would match the
versa, an endpoint link matches a search criterion if any of its criterion, and vice versa, an endpoint link matches a search
resource links matches it. criterion if any of its resource links matches it.
Note that "href" is a valid search criterion and matches target Note that href is a valid search criterion and matches target
references. Like all search criteria, on a resource lookup it can references. Like all search criteria, on a resource lookup, it can
match the target reference of the resource link itself, but also the match the target reference of the resource link itself but also the
registration resource of the endpoint that registered it. Queries registration resource of the endpoint that registered it. Queries
for resource link targets MUST be in URI form (i.e. not relative for resource link targets MUST be in URI form (i.e., not relative
references) and are matched against a resolved link target. Queries references) and are matched against a resolved link target. Queries
for endpoints SHOULD be expressed in path-absolute form if possible for endpoints SHOULD be expressed in path-absolute form if possible
and MUST be expressed in URI form otherwise; the RD SHOULD recognize and MUST be expressed in URI form otherwise; the RD SHOULD recognize
either. The "anchor" attribute is usable for resource lookups, and, either. The anchor attribute is usable for resource lookups and, if
if queried, MUST be in URI form as well. queried, MUST be in URI form as well.
Additional query parameters "page" and "count" are used to obtain Additional query parameters "page" and "count" are used to obtain
lookup results in specified increments using pagination, where count lookup results in specified increments using pagination, where count
specifies how many links to return and page specifies which subset of specifies how many links to return and page specifies which subset of
links organized in sequential pages, each containing 'count' links, links organized in sequential pages, each containing 'count' links,
starting with link zero and page zero. Thus, specifying count of 10 starting with link zero and page zero. Thus, specifying a count of
and page of 0 will return the first 10 links in the result set (links 10 and page of 0 will return the first 10 links in the result set
0-9). Count = 10 and page = 1 will return the next 'page' containing (links 0-9). Specifying a count of 10 and page of 1 will return the
links 10-19, and so on. Unlike block-wise transfer of a compelte next 'page' containing links 10-19, and so on. Unlike block-wise
result set, these parameters ensure that each chunk of results can be transfer of a complete result set, these parameters ensure that each
interpreted on its own. This simplifies the processing, but can chunk of results can be interpreted on its own. This simplifies the
result in duplicate or missed items when coinciding with changes from processing but can result in duplicate or missed items when
the registration interface. coinciding with changes from the registration interface.
Endpoints that are interested in a lookup result repeatedly or Endpoints that are interested in a lookup result repeatedly or
continuously can use mechanisms like ETag caching, resource continuously can use mechanisms such as ETag caching, resource
observation ([RFC7641]), or any future mechanism that might allow observation [RFC7641], or any future mechanism that might allow more
more efficient observations of collections. These are advertised, efficient observations of collections. These are advertised,
detected and used according to their own specifications and can be detected, and used according to their own specifications and can be
used with the lookup interface as with any other resource. used with the lookup interface as with any other resource.
When resource observation is used, every time the set of matching When resource observation is used, every time the set of matching
links changes, or the content of a matching link changes, the RD links changes or the content of a matching link changes, the RD sends
sends a notification with the matching link set. The notification a notification with the matching link set. The notification contains
contains the successful current response to the given request, the successful current response to the given request, especially with
especially with respect to representing zero matching links (see respect to representing zero matching links (see "Success" item
"Success" item below). below).
The lookup interface is specified as follows: The lookup interface is specified as follows:
Interaction: Client -> RD Interaction: Client -> RD
Method: GET Method: GET
URI Template: {+type-lookup-location}{?page,count,search*} URI Template: {+type-lookup-location}{?page,count,search*}
URI Template Variables: type-lookup-location := RD Lookup URI for a URI Template Variables:
given lookup type (mandatory). The address is discovered as
described in Section 4.3.
search := Search criteria for limiting the
number of results (optional).
The search criteria are an associative array, expressed in a type-lookup-location := RD lookup URI for a given lookup type
form-style query as per the URI template (see [RFC6570] (mandatory). The address is discovered as described in
Sections 2.4.2 and 3.2.8) Section 4.3.
page := Page (optional). Parameter cannot search := Search criteria for limiting the number of results
be used without the count parameter. Results are returned from (optional). The search criteria are an associative array,
result set in pages that contain 'count' links starting from expressed in a form-style query, as per the URI Template (see
index (page * count). Page numbering starts with zero. [RFC6570], Sections 2.4.2 and 3.2.8).
count := Count (optional). Number of page := Page (optional). This parameter cannot be used without
the count parameter. Results are returned from result set in
pages that contain 'count' links starting from index (page *
count). Page numbering starts with zero.
results is limited to this parameter value. If the page count := Count (optional). The number of results is limited to
parameter is also present, the response MUST only include this parameter value. If the page parameter is also present,
'count' links starting with the (page * count) link in the the response MUST only include 'count' links starting with the
result set from the query. If the count parameter is not (page * count) link in the result set from the query. If the
present, then the response MUST return all matching links in count parameter is not present, then the response MUST return
the result set. Link numbering starts with zero. all matching links in the result set. Link numbering starts
with zero.
Accept: absent, application/link-format or any other indicated media Accept: absent, application/link-format, or any other indicated
type representing web links media type representing web links
The following responses codes are defined for this interface: The following responses codes are defined for this interface:
Success: 2.05 "Content" or 200 "OK" with an "application/link- Success: 2.05 (Content) or 200 (OK) with an application/link-format
format" or other web link payload containing matching entries for or other web link payload containing matching entries for the
the lookup. lookup.
The payload can contain zero links (which is an empty payload in The payload can contain zero links (which is an empty payload in
[RFC6690] link format, but could also be "[]" in JSON based the link format described in [RFC6690] but could also be [] in
formats), indicating that no entities matched the request. JSON-based formats), indicating that no entities matched the
request.
6.3. Resource lookup examples 6.3. Resource Lookup Examples
The examples in this section assume the existence of CoAP hosts with The examples in this section assume the existence of CoAP hosts with
a default CoAP port 61616. HTTP hosts are possible and do not change a default CoAP port 61616. HTTP hosts are possible and do not change
the nature of the examples. the nature of the examples.
The following example shows a client performing a resource lookup The following example shows a client performing a resource lookup
with the example resource look-up locations discovered in Figure 5: with the example resource lookup locations discovered in Figure 5:
Req: GET /rd-lookup/res?rt=tag:example.org,2020:temperature Req: GET /rd-lookup/res?rt=tag:example.org,2020:temperature
Res: 2.05 Content Res: 2.05 Content
Payload: Payload:
<coap://[2001:db8:3::123]:61616/temp>; <coap://[2001:db8:3::123]:61616/temp>;
rt="tag:example.org,2020:temperature" rt="tag:example.org,2020:temperature"
Figure 19: Example a resource lookup Figure 19: Example of a Resource Lookup
A client that wants to be notified of new resources as they show up A client that wants to be notified of new resources as they show up
can use observation: can use this observation:
Req: GET /rd-lookup/res?rt=tag:example.org,2020:light Req: GET /rd-lookup/res?rt=tag:example.org,2020:light
Observe: 0 Observe: 0
Res: 2.05 Content Res: 2.05 Content
Observe: 23 Observe: 23
Payload: empty Payload: empty
(at a later point in time) (at a later point in time)
Res: 2.05 Content Res: 2.05 Content
Observe: 24 Observe: 24
Payload: Payload:
<coap://[2001:db8:3::124]/west>;rt="tag:example.org,2020:light", <coap://[2001:db8:3::124]/west>;rt="tag:example.org,2020:light",
<coap://[2001:db8:3::124]/south>;rt="tag:example.org,2020:light", <coap://[2001:db8:3::124]/south>;rt="tag:example.org,2020:light",
<coap://[2001:db8:3::124]/east>;rt="tag:example.org,2020:light" <coap://[2001:db8:3::124]/east>;rt="tag:example.org,2020:light"
Figure 20: Example an observing resource lookup Figure 20: Example of an Observing Resource Lookup
The following example shows a client performing a paginated resource The following example shows a client performing a paginated resource
lookup lookup:
Req: GET /rd-lookup/res?page=0&count=5 Req: GET /rd-lookup/res?page=0&count=5
Res: 2.05 Content Res: 2.05 Content
Payload: Payload:
<coap://[2001:db8:3::123]:61616/res/0>;ct=60, <coap://[2001:db8:3::123]:61616/res/0>;ct=60,
<coap://[2001:db8:3::123]:61616/res/1>;ct=60, <coap://[2001:db8:3::123]:61616/res/1>;ct=60,
<coap://[2001:db8:3::123]:61616/res/2>;ct=60, <coap://[2001:db8:3::123]:61616/res/2>;ct=60,
<coap://[2001:db8:3::123]:61616/res/3>;ct=60, <coap://[2001:db8:3::123]:61616/res/3>;ct=60,
<coap://[2001:db8:3::123]:61616/res/4>;ct=60 <coap://[2001:db8:3::123]:61616/res/4>;ct=60
skipping to change at page 41, line 46 skipping to change at line 1872
Req: GET /rd-lookup/res?page=1&count=5 Req: GET /rd-lookup/res?page=1&count=5
Res: 2.05 Content Res: 2.05 Content
Payload: Payload:
<coap://[2001:db8:3::123]:61616/res/5>;ct=60, <coap://[2001:db8:3::123]:61616/res/5>;ct=60,
<coap://[2001:db8:3::123]:61616/res/6>;ct=60, <coap://[2001:db8:3::123]:61616/res/6>;ct=60,
<coap://[2001:db8:3::123]:61616/res/7>;ct=60, <coap://[2001:db8:3::123]:61616/res/7>;ct=60,
<coap://[2001:db8:3::123]:61616/res/8>;ct=60, <coap://[2001:db8:3::123]:61616/res/8>;ct=60,
<coap://[2001:db8:3::123]:61616/res/9>;ct=60 <coap://[2001:db8:3::123]:61616/res/9>;ct=60
Figure 21: Examples of paginated resource lookup Figure 21: Example of Paginated Resource Lookup
The following example shows a client performing a lookup of all The following example shows a client performing a lookup of all
resources of all endpoints of a given endpoint type. It assumes that resources of all endpoints of a given endpoint type. It assumes that
two endpoints (with endpoint names "sensor1" and "sensor2") have two endpoints (with endpoint names sensor1 and sensor2) have
previously registered with their respective addresses previously registered with their respective addresses
"coap://sensor1.example.com" and "coap://sensor2.example.com", and (coap://sensor1.example.com and coap://sensor2.example.com) and
posted the very payload of the 6th response of section 5 of posted the very payload of the 6th response of Section 5 of
[RFC6690]. [RFC6690].
It demonstrates how absolute link targets stay unmodified, while It demonstrates how absolute link targets stay unmodified, while
relative ones are resolved: relative ones are resolved:
Req: GET /rd-lookup/res?et=tag:example.com,2020:platform Req: GET /rd-lookup/res?et=tag:example.com,2020:platform
Res: 2.05 Content Res: 2.05 Content
Payload: Payload:
<coap://sensor1.example.com/sensors>;ct=40;title="Sensor Index", <coap://sensor1.example.com/sensors>;ct=40;title="Sensor Index",
skipping to change at page 42, line 35 skipping to change at line 1904
<coap://sensor1.example.com/t>;rel=alternate; <coap://sensor1.example.com/t>;rel=alternate;
anchor="coap://sensor1.example.com/sensors/temp", anchor="coap://sensor1.example.com/sensors/temp",
<coap://sensor2.example.com/sensors>;ct=40;title="Sensor Index", <coap://sensor2.example.com/sensors>;ct=40;title="Sensor Index",
<coap://sensor2.example.com/sensors/temp>;rt=temperature-c;if=sensor, <coap://sensor2.example.com/sensors/temp>;rt=temperature-c;if=sensor,
<coap://sensor2.example.com/sensors/light>;rt=light-lux;if=sensor, <coap://sensor2.example.com/sensors/light>;rt=light-lux;if=sensor,
<http://www.example.com/sensors/t123>;rel=describedby; <http://www.example.com/sensors/t123>;rel=describedby;
anchor="coap://sensor2.example.com/sensors/temp", anchor="coap://sensor2.example.com/sensors/temp",
<coap://sensor2.example.com/t>;rel=alternate; <coap://sensor2.example.com/t>;rel=alternate;
anchor="coap://sensor2.example.com/sensors/temp" anchor="coap://sensor2.example.com/sensors/temp"
Figure 22: Example of resource lookup from multiple endpoints Figure 22: Example of a Resource Lookup from Multiple Endpoints
6.4. Endpoint lookup 6.4. Endpoint Lookup
The endpoint lookup returns links to and information about The endpoint lookup returns links to and information about
registration resources, which themselves can only be manipulated by registration resources, which themselves can only be manipulated by
the registering endpoint. the registering endpoint.
Endpoint registration resources are annotated with their endpoint Endpoint registration resources are annotated with their endpoint
names (ep), sectors (d, if present) and registration base URI (base; names (ep), sectors (d, if present), and registration base URI (base;
reports the registrant-ep's address if no explicit base was given) as reports the registrant-EP's address if no explicit base was given),
well as a constant resource type (rt="core.rd-ep"); the lifetime (lt) as well as a constant resource type (rt="core.rd-ep"); the lifetime
is not reported. Additional endpoint attributes are added as target (lt) is not reported. Additional endpoint attributes are added as
attributes to their endpoint link unless their specification says target attributes to their endpoint link unless their specification
otherwise. says otherwise.
Links to endpoints SHOULD be presented in path-absolute form or, if Links to endpoints SHOULD be presented in path-absolute form or, if
required, as (full) URIs. (This ensures that the output conforms to required, as (full) URIs. (This ensures that the output conforms to
Limited Link Format as described in Appendix C.) Limited Link Format, as described in Appendix C.)
Base addresses that contain link-local addresses MUST NOT include Base addresses that contain link-local addresses MUST NOT include
zone identifiers, and such registrations MUST NOT be shown unless the zone identifiers, and such registrations MUST NOT be shown unless the
lookup was made from the same link from which the registration was lookup was made from the same link from which the registration was
made. made.
While Endpoint Lookup does expose the registration resources, the RD While the endpoint lookup does expose the registration resources, the
does not need to make them accessible to clients. Clients SHOULD NOT RD does not need to make them accessible to clients. Clients SHOULD
attempt to dereference or manipulate them. NOT attempt to dereference or manipulate them.
An RD can report registrations in lookup whose URI scheme and An RD can report registrations in lookup whose URI scheme and
authority differ from the lookup resource's. Lookup clients MUST be authority differ from that of the lookup resource. Lookup clients
prepared to see arbitrary URIs as registration resources in the MUST be prepared to see arbitrary URIs as registration resources in
results and treat them as opaque identifiers; the precise semantics the results and treat them as opaque identifiers; the precise
of such links are left to future specifications. semantics of such links are left to future specifications.
The following example shows a client performing an endpoint lookup The following example shows a client performing an endpoint lookup
limited to endpoints of endpoint type that is limited to endpoints of endpoint type
"tag:example.com,2020:platform": tag:example.com,2020:platform:
Req: GET /rd-lookup/ep?et=tag:example.com,2020:platform Req: GET /rd-lookup/ep?et=tag:example.com,2020:platform
Res: 2.05 Content Res: 2.05 Content
Payload: Payload:
</rd/1234>;base="coap://[2001:db8:3::127]:61616";ep=node5; </rd/1234>;base="coap://[2001:db8:3::127]:61616";ep=node5;
et="tag:example.com,2020:platform";ct=40;rt=core.rd-ep, et="tag:example.com,2020:platform";ct=40;rt=core.rd-ep,
</rd/4521>;base="coap://[2001:db8:3::129]:61616";ep=node7; </rd/4521>;base="coap://[2001:db8:3::129]:61616";ep=node7;
et="tag:example.com,2020:platform";ct=40;d=floor-3; et="tag:example.com,2020:platform";ct=40;d=floor-3;
rt=core.rd-ep rt=core.rd-ep
Figure 23: Examples of endpoint lookup Figure 23: Example of Endpoint Lookup
7. Security policies 7. Security Policies
The security policies that are applicable to an RD strongly depend on The security policies that are applicable to an RD strongly depend on
the application, and are not set out normatively here. the application and are not set out normatively here.
This section provides a list of aspects that applications should This section provides a list of aspects that applications should
consider when describing their use of the RD, without claiming to consider when describing their use of the RD, without claiming to
cover all cases. It is using terminology of cover all cases. It uses terminology of [ACE-OAUTH-AUTHZ], in which
[I-D.ietf-ace-oauth-authz], in which the RD acts as the Resource the RD acts as the Resource Server (RS), and both registrant-EPs and
Server (RS), and both registrant-eps and lookup clients act as lookup clients act as Clients (C) with support from an Authorization
Clients (C) with support from an Authorization Server (AS), without Server (AS), without the intention of ruling out other schemes (e.g.,
the intention of ruling out other (e.g. certificate / public-key those based on certificates/Public Key Infrastructures (PKIs)).
infrastructure (PKI) based) schemes.
Any, all or none of the below can apply to an application. Which are Any, all, or none of the below can apply to an application. Which
relevant depends on its protection objectives. are relevant depends on its protection objectives.
Security policies are set by configuration of the RD, or by choice of Security policies are set by configuration of the RD or by choice of
the implementation. Lookup clients (and, where relevant, endpoints) the implementation. Lookup clients (and, where relevant, endpoints)
can only trust an RD to uphold them if it is authenticated, and can only trust an RD to uphold them if it is authenticated and
authorized to serve as an RD according to the application's authorized to serve as an RD according to the application's
requirements. requirements.
7.1. Endpoint name 7.1. Endpoint Name
Whenever an RD needs to provide trustworthy results to clients doing Whenever an RD needs to provide trustworthy results to clients doing
endpoint lookup, or resource lookup with filtering on the endpoint endpoint lookup or resource lookup with filtering on the endpoint
name, the RD must ensure that the registrant is authorized to use the name, the RD must ensure that the registrant is authorized to use the
given endpoint name. This applies both to registration and later to given endpoint name. This applies both to registration and later to
operations on the registration resource. It is immaterial whether operations on the registration resource. It is immaterial whether
the client is the registrant-ep itself or a CT is doing the the client is the registrant-EP itself or a CT is doing the
registration: The RD cannot tell the difference, and CTs may use registration. The RD cannot tell the difference, and CTs may use
authorization credentials authorizing only operations on that authorization credentials authorizing only operations on that
particular endpoint name, or a wider range of endpoint names. particular endpoint name or a wider range of endpoint names.
It is up to the concrete security policy to describe how endpoint It is up to the concrete security policy to describe how the endpoint
name and sector are transported when certificates are used. For name and sector are transported when certificates are used. For
example, it may describe how SubjectAltName dNSName entries are example, it may describe how SubjectAltName dNSName entries are
mapped to endpoint and domain names. mapped to endpoint and domain names.
7.1.1. Random endpoint names 7.1.1. Random Endpoint Names
Conversely, in applications where the RD does not check the endpoint Conversely, in applications where the RD does not check the endpoint
name, the authorized registering endpoint can generate a random name, the authorized registering endpoint can generate a random
number (or string) that identifies the endpoint. The RD should then number (or string) that identifies the endpoint. The RD should then
remember unique properties of the registrant, associate them with the remember unique properties of the registrant, associate them with the
registration for as long as its registration resource is active registration for as long as its registration resource is active
(which may be longer than the registration's lifetime), and require (which may be longer than the registration's lifetime), and require
the same properties for operations on the registration resource. the same properties for operations on the registration resource.
Registrants that are prepared to pick a different identifier when Registrants that are prepared to pick a different identifier when
their initial attempt (or attempts, in the unlikely case of two their initial attempt (or attempts, in the unlikely case of two
subsequent collisions) at registration is unauthorized should pick an subsequent collisions) at registration is unauthorized should pick an
identifier at least twice as long as the expected number of identifier at least twice as long as would be needed to enumerate the
registrants; registrants without such a recovery options should pick expected number of registrants; registrants without any such recovery
significantly longer endpoint names (e.g. using UUID URNs [RFC4122]). options should pick significantly longer endpoint names (e.g., using
Universally Unique Identifier (UUID) URNs [RFC4122]).
7.2. Entered resources 7.2. Entered Links
When lookup clients expect that certain types of links can only When lookup clients expect that certain types of links can only
originate from certain endpoints, then the RD needs to apply originate from certain endpoints, then the RD needs to apply
filtering to the links an endpoint may register. filtering to the links an endpoint may register.
For example, if clients use an RD to find a server that provides For example, if clients use an RD to find a server that provides
firmware updates, then any registrant that wants to register (or firmware updates, then any registrant that wants to register (or
update) links to firmware sources will need to provide suitable update) links to firmware sources will need to provide suitable
credentials to do so, independently of its endpoint name. credentials to do so, independently of its endpoint name.
Note that the impact of having undesirable links in the RD depends on Note that the impact of having undesirable links in the RD depends on
the application: if the client requires the firmware server to the application. If the client requires the firmware server to
present credentials as a firmware server, a fraudulent link's impact present credentials as a firmware server, a fraudulent link's impact
is limited to the client revealing its intention to obtain updates is limited to the client revealing its intention to obtain updates
and slowing down the client until it finds a legitimate firmware and slowing down the client until it finds a legitimate firmware
server; if the client accepts any credentials from the server as long server; if the client accepts any credentials from the server as long
as they fit the provided URI, the impact is larger. as they fit the provided URI, the impact is larger.
An RD may also require that links are only registered if the An RD may also require that links are only registered if the
registrant is authorized to publish information about the anchor (or registrant is authorized to publish information about the anchor (or
even target) of the link. One way to do this is to demand that the even target) of the link. One way to do this is to demand that the
registrant present the same credentials as a client that they'd need registrant present the same credentials in its role as a registering
to present if contacted as a server at the resources' URI, which may client that it would need to present in its role as a server when
include using the address and port that are part of the URI. Such a contacted at the resources' URI. These credentials may include using
restriction places severe practical limitations on the links that can the address and port that are part of the URI. Such a restriction
be registered. places severe practical limitations on the links that can be
registered.
As above, the impact of undesirable links depends on the extent to As above, the impact of undesirable links depends on the extent to
which the lookup client relies on the RD. To avoid the limitations, which the lookup client relies on the RD. To avoid the limitations,
RD applications should consider prescribing that lookup clients only RD applications should consider prescribing that lookup clients only
use the discovered information as hints, and describe which pieces of use the discovered information as hints and describe which pieces of
information need to be verified because they impact the application's information need to be verified because they impact the application's
security. A straightforward way to verify such information is to security. A straightforward way to verify such information is to
request it again from an authorized server, typically the one that request it again from an authorized server, typically the one that
hosts the target resource. That similar to what happens in hosts the target resource. That is similar to what happens in
Section 4.3 when the URI discovery step is repeated. Section 4.3 when the "URI discovery" step is repeated.
7.3. Link confidentiality 7.3. Link Confidentiality
When registrants publish information in the RD that is not available When registrants publish information in the RD that is not available
to any client that would query the registrant's /.well-known/core to any client that would query the registrant's /.well-known/core
interface, or when lookups to that interface are subject so stricter interface, or when lookups to that interface are subject to stricter
firewalling than lookups to the RD, the RD may need to limit which firewalling than lookups to the RD, the RD may need to limit which
lookup clients may access the information. lookup clients may access the information.
In this case, the endpoint (and not the lookup clients) needs to be In this case, the endpoint (and not the lookup clients) needs to be
careful to check the RD's authorization. The RD needs to check any careful to check the RD's authorization. The RD needs to check any
lookup client's authorization before revealing information directly lookup client's authorization before revealing information directly
(in resource lookup) or indirectly (when using it to satisfy a (in resource lookup) or indirectly (when using it to satisfy a
resource lookup search criterion). resource lookup search criterion).
7.4. Segmentation 7.4. Segmentation
skipping to change at page 46, line 20 skipping to change at line 2080
sector (d) parameter. Some sectors might apply limitations on the sector (d) parameter. Some sectors might apply limitations on the
endpoint names available, while others use a random identifier endpoint names available, while others use a random identifier
approach to endpoint names and place limits on the entered links approach to endpoint names and place limits on the entered links
based on their attributes instead. based on their attributes instead.
Care must be taken in such setups to determine the applicable access Care must be taken in such setups to determine the applicable access
control measures to each operation. One easy way to do that is to control measures to each operation. One easy way to do that is to
mandate the use of the sector parameter on all operations, as no mandate the use of the sector parameter on all operations, as no
credentials are suitable for operations across sector borders anyway. credentials are suitable for operations across sector borders anyway.
7.5. First-Come-First-Remembered: A default policy 7.5. "First Come First Remembered": A Default Policy
The First-Come-First-Remembered policy is provided both as a The "First Come First Remembered" policy is provided both as a
reference example for a security policy definition, and as a policy reference example for a security policy definition and as a policy
that implementations may choose to use as default policy in absence that implementations may choose to use as default policy in the
of other configuration. It is designed to enable efficient discovery absence of any other configuration. It is designed to enable
operations even in ad-hoc settings. efficient discovery operations even in ad hoc settings.
Under this policy, the RD accepts registrations for any endpoint name Under this policy, the RD accepts registrations for any endpoint name
that is not assigned to an active registration resource, and only that is not assigned to an active registration resource and only
accepts registration updates from the same endpoint. The policy is accepts registration updates from the same endpoint. The policy is
minimal in that towards lookup clients it does not make any of the minimal in that it does not make any promises to lookup clients about
claims of Section 7.2 and Section 7.3, and its claims on Section 7.1 the claims of Sections 7.2 and 7.3, and promises about the claims in
are limited to the lifetime of that endpoint's registration. It Section 7.1 are limited to the lifetime of that endpoint's
does, however, guarantee towards any endpoint that for the duration registration. It does however promise the endpoint that, for the
of its registration, its links will be discoverable on the RD. duration of its registration, its links will be discoverable on the
RD.
When a registration or operation is attempted, the RD MUST determine When a registration or operation is attempted, the RD MUST determine
the client's subject name or public key: the client's subject name or public key:
* If the client's credentials indicate any subject name that is * If the client's credentials indicate any subject name that is
certified by any authority which the RD recognizes (which may be certified by any authority that the RD recognizes (which may be
the system's trust anchor store), all such subject names are the system's trust anchor store), all such subject names are
stored. With CWT or JWT based credentials (as common with ACE), stored. With credentials based on CWT or JWT (as common with
the Subject (sub) claim is stored as a single name, if it exists. Authentication and Authorization for Constrained Environments
With X.509 certificates, the Common Name (CN) and the complete (ACE)), the Subject (sub) claim is stored as a single name, if it
list of SubjectAltName entries are stored. In both cases, the exists. With X.509 certificates, the Common Name (CN) and the
authority that certified the claim is stored along with the complete list of SubjectAltName entries are stored. In both
subject, as the latter may only be locally unique. cases, the authority that certified the claim is stored along with
the subject, as the latter may only be locally unique.
* Otherwise, if the client proves possession of a private key, the * Otherwise, if the client proves possession of a private key, the
matching public key is stored. This applies both to raw public matching public key is stored. This applies both to raw public
keys and to the public keys indicated in certificates that failed keys and to the public keys indicated in certificates that failed
the above authority check. the above authority check.
* If neither is present, a reference to the security session itself * If neither is present, a reference to the security session itself
is stored. With (D)TLS, that is the connection itself, or the is stored. With (D)TLS, that is the connection itself or the
session resumption information if available. With OSCORE, that is session resumption information, if available. With OSCORE, that
the security context. is the security context.
As part of the registration operation, that information is stored As part of the registration operation, that information is stored
along with the registration resource. along with the registration resource.
The RD MUST accept all registrations whose registration resource is The RD MUST accept all registrations whose registration resource is
not already active, as long as they are made using a security layer not already active, as long as they are made using a security layer
supported by the RD. supported by the RD.
Any operation on a registration resource, including registrations Any operation on a registration resource, including registrations
that lead to an existing registration resource, MUST be rejected by that lead to an existing registration resource, MUST be rejected by
the RD unless all the stored information is found in the new the RD unless all the stored information is found in the new
request's credentials. request's credentials.
Note that even though subject names are compared in this policy, they Note that, even though subject names are compared in this policy,
are never directly compared to endpoint names, and an endpoint can they are never directly compared to endpoint names, and an endpoint
not expect to "own" any particular endpoint name outside of an active cannot expect to "own" any particular endpoint name outside of an
registration -- even if a certificate says so. It is an accepted active registration -- even if a certificate says so. It is an
shortcoming of this approach that the endpoint has no indication of accepted shortcoming of this approach that the endpoint has no
whether the RD remembers it by its subject name or public key; indication of whether the RD remembers it by its subject name or
recognition by subject happens on a best-effort base (given the RD public key; recognition by subject happens on a best-effort basis
may not recognize any authority). Clients MUST be prepared to pick a (given the RD may not recognize any authority). Clients MUST be
different endpoint name when rejected by the RD initially or after a prepared to pick a different endpoint name when rejected by the RD
change in their credentials; picking an endpoint name as per initially or after a change in their credentials; picking an endpoint
Section 7.1.1 is an easy option for that. name, as per Section 7.1.1, is an easy option for that.
For this policy to be usable without configuration, clients should For this policy to be usable without configuration, clients should
not set a sector name in their registrations. An RD can set a not set a sector name in their registrations. An RD can set a
default sector name for registrations accepted under this policy, default sector name for registrations accepted under this policy,
which is useful especially in a segmented setup where different which is especially useful in a segmented setup where different
policies apply to different sectors. The configuration of such a policies apply to different sectors. The configuration of such a
behavior, as well as any other configuration applicable to such an RD behavior, as well as any other configuration applicable to such an RD
(i.e. the set of recognized authorities) is out of scope for this (i.e., the set of recognized authorities), is out of scope for this
document. document.
8. Security Considerations 8. Security Considerations
The security considerations as described in Section 5 of [RFC8288] The security considerations as described in Section 5 of [RFC8288]
and Section 6 of [RFC6690] apply. The "/.well-known/core" resource and Section 6 of [RFC6690] apply. The /.well-known/core resource may
may be protected e.g. using DTLS when hosted on a CoAP server as be protected, e.g., using DTLS when hosted on a CoAP server, as
described in [RFC7252]. described in [RFC7252].
Access that is limited or affects sensitive data SHOULD be protected, Access that is limited or affects sensitive data SHOULD be protected,
e.g. using (D)TLS or OSCORE ([RFC8613]; which aspects of the RD this e.g., using (D)TLS or OSCORE [RFC8613]; which aspects of the RD this
affects depends on the security policies of the application (see affects depends on the security policies of the application (see
Section 7). Section 7).
8.1. Discovery 8.1. Discovery
Most steps in discovery of the RD, and possibly its resources, are Most steps in discovery of the RD, and possibly its resources, are
not covered by CoAP's security mechanisms. This will not endanger not covered by CoAP's security mechanisms. This will not endanger
the security properties of the registrations and lookup itself (where the security properties of the registrations and lookup itself (where
the client requires authorization of the RD if it expects any the client requires authorization of the RD if it expects any
security properties of the operation), but may leak the client's security properties of the operation) but may leak the client's
intention to third parties, and allow them to slow down the process. intention to third parties and allow them to slow down the process.
To mitigate that, clients can retain the RD's address, use secure To mitigate that, clients can retain the RD's address, use secure
discovery options like configured addresses, and send queries for RDs discovery options (such as configured addresses), and send queries
in a very general form ("?rt=core.rd*" rather than "?rt=core.rd- for RDs in a very general form (e.g., ?rt=core.rd* rather than
lookup-ep"). ?rt=core.rd-lookup-ep).
8.2. Endpoint Identification and Authentication 8.2. Endpoint Identification and Authentication
An Endpoint (name, sector) pair is unique within the set of endpoints An endpoint (name, sector) pair is unique within the set of endpoints
registered by the RD. An Endpoint MUST NOT be identified by its registered by the RD. An endpoint MUST NOT be identified by its
protocol, port or IP address as these may change over the lifetime of protocol, port, or IP address, as these may change over the lifetime
an Endpoint. of an endpoint.
Every operation performed by an Endpoint on an RD SHOULD be mutually Every operation performed by an endpoint on an RD SHOULD be mutually
authenticated using Pre-Shared Key, Raw Public Key or Certificate authenticated using a pre-shared key, a raw public key, or
based security. certificate-based security.
Consider the following threat: two devices A and B are registered at Consider the following threat: two devices, A and B, are registered
a single server. Both devices have unique, per-device credentials at a single server. Both devices have unique, per-device credentials
for use with DTLS to make sure that only parties with authorization for use with DTLS to make sure that only parties with authorization
to access A or B can do so. to access A or B can do so.
Now, imagine that a malicious device A wants to sabotage the device Now, imagine that a malicious device A wants to sabotage the device
B. It uses its credentials during the DTLS exchange. Then, it B. It uses its credentials during the DTLS exchange. Then, it
specifies the endpoint name of device B as the name of its own specifies the endpoint name of device B as the name of its own
endpoint in device A. If the server does not check whether the endpoint in device A. If the server does not check whether the
identifier provided in the DTLS handshake matches the identifier used identifier provided in the DTLS handshake matches the identifier used
at the CoAP layer then it may be inclined to use the endpoint name at the CoAP layer, then it may be inclined to use the endpoint name
for looking up what information to provision to the malicious device. for looking up what information to provision to the malicious device.
Endpoint authorization needs to be checked on registration and Endpoint authorization needs to be checked on registration and
registration resource operations independently of whether there are registration resource operations independently of whether there are
configured requirements on the credentials for a given endpoint name configured requirements on the credentials for a given endpoint name
(and sector; Section 7.1) or whether arbitrary names are accepted and sector (Section 7.1) or whether arbitrary names are accepted
(Section 7.1.1). (Section 7.1.1).
Simple registration could be used to circumvent address-based access Simple registration could be used to circumvent address-based access
control: An attacker would send a simple registration request with control. An attacker would send a simple registration request with
the victim's address as source address, and later look up the the victim's address as the source address and later look up the
victim's /.well-known/core content in the RD. Mitigation for this is victim's /.well-known/core content in the RD. Mitigation for this is
recommended in Section 5.1. recommended in Section 5.1.
The registration resource path is visible to any client that is The registration resource path is visible to any client that is
allowed endpoint lookup, and can be extracted by resource lookup allowed endpoint lookup and can be extracted by resource lookup
clients as well. The same goes for registration attributes that are clients as well. The same goes for registration attributes that are
shown as target attributes or lookup attributes. The RD needs to shown as target attributes or lookup attributes. The RD needs to
consider this in the choice of registration resource paths, and consider this in the choice of registration resource paths, as do
administrators or endpoint in their choice of attributes. administrators or endpoints in their choice of attributes.
8.3. Access Control 8.3. Access Control
Access control SHOULD be performed separately for the RD registration Access control SHOULD be performed separately for the RD registration
and Lookup API paths, as different endpoints may be authorized to and lookup API paths, as different endpoints may be authorized to
register with an RD from those authorized to lookup endpoints from register with an RD from those authorized to look up endpoints from
the RD. Such access control SHOULD be performed in as fine-grained a the RD. Such access control SHOULD be performed in as fine-grained a
level as possible. For example access control for lookups could be level as possible. For example, access control for lookups could be
performed either at the sector, endpoint or resource level. performed either at the sector, endpoint, or resource level.
The precise access controls necessary (and the consequences of The precise access controls necessary (and the consequences of
failure to enforce them) depend on the protection objectives of the failure to enforce them) depend on the protection objectives of the
application and the security policies (Section 7) derived from them. application and the security policies (Section 7) derived from them.
8.4. Denial of Service Attacks 8.4. Denial-of-Service Attacks
Services that run over UDP unprotected are vulnerable to unknowingly Services that run over UDP unprotected are vulnerable to unknowingly
amplify and distribute a DoS attack as UDP does not require return amplify and distribute a DoS attack, as UDP does not require a return
routability check. Since RD lookup responses can be significantly routability check. Since RD lookup responses can be significantly
larger than requests, RDs are prone to this. larger than requests, RDs are prone to this.
[RFC7252] describes this at length in its Section 11.3, including [RFC7252] describes this at length in its Section 11.3, including
some mitigation by using small block sizes in responses. The some mitigation by using small block sizes in responses. [RFC9175]
upcoming [I-D.ietf-core-echo-request-tag] updates that by describing updates that by describing a source address verification mechanism
a source address verification mechanism using the Echo option. using the Echo option.
[ If this document is published together with or after I-D.ietf-core-
echo-request-tag, the above paragraph is replaced with the following:
[RFC7252] describes this at length in its Section 11.3, and
[I-D.ietf-core-echo-request-tag] (which updates the former)
recommends using the Echo option to verify the request's source
address.
]
8.5. Skipping freshness checks 8.5. Skipping Freshness Checks
When RD based applications are built in which request freshness When RD-based applications are built in which request freshness
checks are not performed, these concerns need to be balanced: checks are not performed, these concerns need to be balanced:
* When alterations to registration attributes are reordered, an * When alterations to registration attributes are reordered, an
attacker may create any combination of attributes ever set, with attacker may create any combination of attributes ever set, with
the attack difficulty determined by the security layer's replay the attack difficulty determined by the security layer's replay
properties. properties.
For example, if Figure 18 were conducted without freshness For example, if Figure 18 were conducted without freshness
assurances, an attacker could later reset the lifetime back to assurances, an attacker could later reset the lifetime back to
7200. Thus, the device is made unreachable to lookup clients. 7200. Thus, the device is made unreachable to lookup clients.
* When registration updates without query parameters (which just * When registration updates without query parameters (which just
serve to restart the lifetime) can be reordered, an attacker can serve to restart the lifetime) can be reordered, an attacker can
use intercepted messages to give the appearance of the device use intercepted messages to give the appearance of the device
being alive to the RD. being alive to the RD.
This is unacceptable when when the RD's security policy promises This is unacceptable when the RD's security policy promises
reachability of endpoints (e.g. when disappearing devices would reachability of endpoints (e.g., when disappearing devices would
trigger further investigation), but may be acceptable with other trigger further investigation) but may be acceptable with other
policies. policies.
9. IANA Considerations 9. IANA Considerations
9.1. Resource Types 9.1. Resource Types
IANA is asked to enter the following values into the Resource Type IANA has added the following values to the "Resource Type (rt=) Link
(rt=) Link Target Attribute Values sub-registry of the Constrained Target Attribute Values" subregistry of the "Constrained RESTful
Restful Environments (CoRE) Parameters registry defined in [RFC6690]: Environments (CoRE) Parameters" registry defined in [RFC6690]:
+====================+=============================+=============+ +====================+=============================+=============+
| Value | Description | Reference | | Value | Description | Reference |
+====================+=============================+=============+ +====================+=============================+=============+
| core.rd | Directory resource of an RD | RFCTHIS | | core.rd | Directory resource of an RD | RFC 9176, |
| | | Section 4.3 | | | | Section 4.3 |
+--------------------+-----------------------------+-------------+ +--------------------+-----------------------------+-------------+
| core.rd-lookup-res | Resource lookup of an RD | RFCTHIS | | core.rd-lookup-res | Resource lookup of an RD | RFC 9176, |
| | | Section 4.3 | | | | Section 4.3 |
+--------------------+-----------------------------+-------------+ +--------------------+-----------------------------+-------------+
| core.rd-lookup-ep | Endpoint lookup of an RD | RFCTHIS | | core.rd-lookup-ep | Endpoint lookup of an RD | RFC 9176, |
| | | Section 4.3 | | | | Section 4.3 |
+--------------------+-----------------------------+-------------+ +--------------------+-----------------------------+-------------+
| core.rd-ep | Endpoint resource of an RD | RFCTHIS | | core.rd-ep | Endpoint resource of an RD | RFC 9176, |
| | | Section 6 | | | | Section 6 |
+--------------------+-----------------------------+-------------+ +--------------------+-----------------------------+-------------+
Table 2 Table 2: Additions to Resource Type (rt=) Link Target
Attribute Values Subregistry
9.2. IPv6 ND Resource Directory Address Option 9.2. IPv6 ND Resource Directory Address Option
This document registers one new ND option type under the sub-registry IANA has registered one new ND option type in the "IPv6 Neighbor
"IPv6 Neighbor Discovery Option Formats" of the "Internet Control Discovery Option Formats" subregistry of the "Internet Control
Message Protocol version 6 (ICMPv6) Parameters" registry: Message Protocol version 6 (ICMPv6) Parameters" registry:
* Resource Directory Address Option (TBD38) +======+===================================+===========+
| Type | Description | Reference |
+======+===================================+===========+
| 41 | Resource Directory Address Option | RFC 9176 |
+------+-----------------------------------+-----------+
[ The RFC editor is asked to replace TBD38 with the assigned number Table 3: Addition to IPv6 Neighbor Discovery Option
in the document; the value 38 is suggested. ] Formats Subregistry
9.3. RD Parameter Registry 9.3. RD Parameters Registry
This specification defines a new sub-registry for registration and This specification defines a new subregistry for registration and
lookup parameters called "RD Parameters" under "CoRE Parameters". lookup parameters called "RD Parameters" within the "Constrained
Although this specification defines a basic set of parameters, it is RESTful Environments (CoRE) Parameters" registry. Although this
expected that other standards that make use of this interface will specification defines a basic set of parameters, it is expected that
define new ones. other standards that make use of this interface will define new ones.
Each entry in the registry must include Each entry in the registry must include:
* the human readable name of the parameter, * the human-readable name of the parameter,
* the short name as used in query parameters or target attributes, * the short name, as used in query parameters or target attributes,
* syntax and validity requirements (if any),
* indication of whether it can be passed as a query parameter at * indication of whether it can be passed as a query parameter at
registration of endpoints, as a query parameter in lookups, or be registration of endpoints, passed as a query parameter in lookups,
expressed as a target attribute, or expressed as a target attribute,
* syntax and validity requirements if any, * a description, and
* a description,
* and a link to reference documentation. * a link to reference documentation.
The query parameter MUST be both a valid URI query key [RFC3986] and The query parameter MUST be both a valid URI query key [RFC3986] and
a token as used in [RFC8288]. a token as used in [RFC8288].
The description must give details on whether the parameter can be The reference documentation must give details on whether the
updated, and how it is to be processed in lookups. parameter can be updated and how it is to be processed in lookups.
The mechanisms around new RD parameters should be designed in such a The mechanisms around new RD parameters should be designed in such a
way that they tolerate RD implementations that are unaware of the way that they tolerate RD implementations that are unaware of the
parameter and expose any parameter passed at registration or updates parameter and expose any parameter passed at registration or updates
on in endpoint lookups. (For example, if a parameter used at in endpoint lookups. (For example, if a parameter used at
registration were to be confidential, the registering endpoint should registration were to be confidential, the registering endpoint should
be instructed to only set that parameter if the RD advertises support be instructed to only set that parameter if the RD advertises support
for keeping it confidential at the discovery step.) for keeping it confidential at the discovery step.)
Initial entries in this sub-registry are as follows: Initial entries in this subregistry are as follows:
+==============+=======+==============+=====+=====================+ +==============+=======+==============+=====+=====================+
| Full name | Short | Validity | Use | Description | | Name | Short | Validity | Use | Description |
+==============+=======+==============+=====+=====================+ +==============+=======+==============+=====+=====================+
| Endpoint | ep | Unicode* | RLA | Name of the | | Endpoint | ep | Unicode* | RLA | Name of the |
| Name | | | | endpoint | | Name | | | | endpoint |
+--------------+-------+--------------+-----+---------------------+ +--------------+-------+--------------+-----+---------------------+
| Lifetime | lt | 1-4294967295 | R | Lifetime of the | | Lifetime | lt | 1-4294967295 | R | Lifetime of the |
| | | | | registration in | | | | | | registration in |
| | | | | seconds | | | | | | seconds |
+--------------+-------+--------------+-----+---------------------+ +--------------+-------+--------------+-----+---------------------+
| Sector | d | Unicode* | RLA | Sector to which | | Sector | d | Unicode* | RLA | Sector to which |
| | | | | this endpoint | | | | | | this endpoint |
| | | | | belongs | | | | | | belongs |
+--------------+-------+--------------+-----+---------------------+ +--------------+-------+--------------+-----+---------------------+
| Registration | base | URI | RLA | The scheme, address | | Registration | base | URI | RLA | The scheme, |
| Base URI | | | | and port and path | | Base URI | | | | address, port, and |
| | | | | at which this | | | | | | path at which this |
| | | | | server is available | | | | | | server is available |
+--------------+-------+--------------+-----+---------------------+ +--------------+-------+--------------+-----+---------------------+
| Page | page | Integer | L | Used for pagination | | Page | page | Integer | L | Used for pagination |
+--------------+-------+--------------+-----+---------------------+ +--------------+-------+--------------+-----+---------------------+
| Count | count | Integer | L | Used for pagination | | Count | count | Integer | L | Used for pagination |
+--------------+-------+--------------+-----+---------------------+ +--------------+-------+--------------+-----+---------------------+
| Endpoint | et | Section | RLA | Semantic type of | | Endpoint | et | RFC 9176, | RLA | Semantic type of |
| Type | | 9.3.1 | | the endpoint (see | | Type | | Section | | the endpoint (see |
| | | 9.3.1 | | RFC 9176, |
| | | | | Section 9.4) | | | | | | Section 9.4) |
+--------------+-------+--------------+-----+---------------------+ +--------------+-------+--------------+-----+---------------------+
Table 3: RD Parameters Table 4: New RD Parameters Registry
(Short: Short name used in query parameters or target attributes. Where:
Validity: Unicode* = 63 Bytes of UTF-8 encoded Unicode, with no
control characters as per Section 5. Use: R = used at registration, Short: Short name used in query parameters or target attributes
L = used at lookup, A = expressed in target attribute.)
Validity:
Unicode* = up to 63 bytes of UTF-8-encoded Unicode, with no
control characters as per Section 5
Use:
R = used at registration
L = used at lookup
A = expressed in the target attribute
The descriptions for the options defined in this document are only The descriptions for the options defined in this document are only
summarized here. To which registrations they apply and when they are summarized here. To which registrations they apply and when they are
to be shown is described in the respective sections of this document. to be shown are described in the respective sections of this
All their reference documentation entries point to this document. document. All their reference documentation entries point to this
document.
The IANA policy for future additions to the sub-registry is "Expert The IANA policy for future additions to the subregistry is Expert
Review" as described in [RFC8126]. The evaluation should consider Review, as described in [RFC8126]. The evaluation should consider
formal criteria, duplication of functionality (Is the new entry formal criteria, duplication of functionality (i.e., is the new entry
redundant with an existing one?), topical suitability (E.g. is the redundant with an existing one?), topical suitability (e.g., is the
described property actually a property of the endpoint and not a described property actually a property of the endpoint and not a
property of a particular resource, in which case it should go into property of a particular resource, in which case it should go into
the payload of the registration and need not be registered?), and the the payload of the registration and need not be registered?), and the
potential for conflict with commonly used target attributes (For potential for conflict with commonly used target attributes (e.g., if
example, "if" could be used as a parameter for conditional could be used as a parameter for conditional registration if it were
registration if it were not to be used in lookup or attributes, but not to be used in lookup or attributes but would make a bad parameter
would make a bad parameter for lookup, because a resource lookup with for lookup because a resource lookup with an if query parameter could
an "if" query parameter could ambiguously filter by the registered ambiguously filter by the registered endpoint property or the target
endpoint property or the [RFC6690] target attribute). attribute [RFC6690]).
9.3.1. Full description of the "Endpoint Type" RD Parameter 9.3.1. Full Description of the "Endpoint Type" RD Parameter
An endpoint registering at an RD can describe itself with endpoint An endpoint registering at an RD can describe itself with endpoint
types, similar to how resources are described with Resource Types in types, similar to how resources are described with resource types in
[RFC6690]. An endpoint type is expressed as a string, which can be [RFC6690]. An endpoint type is expressed as a string, which can be
either a URI or one of the values defined in the Endpoint Type sub- either a URI or one of the values defined in the "Endpoint Type (et=)
registry. Endpoint types can be passed in the "et" query parameter RD Parameter Values" subregistry. Endpoint types can be passed in
as part of extra-attrs at the Registration step, are shown on the et query parameter as part of extra-attrs at the "registration"
endpoint lookups using the "et" target attribute, and can be filtered step of Section 5, are shown on endpoint lookups using the et target
for using "et" as a search criterion in resource and endpoint lookup. attribute, and can be filtered for using et as a search criterion in
Multiple endpoint types are given as separate query parameters or resource and endpoint lookup. Multiple endpoint types are given as
link attributes. separate query parameters or link attributes.
Note that Endpoint Type differs from Resource Type in that it uses Note that the endpoint type differs from the resource type in that it
multiple attributes rather than space separated values. As a result, uses multiple attributes rather than space-separated values. As a
RDs implementing this specification automatically support correct result, RDs implementing this specification automatically support
filtering in the lookup interfaces from the rules for unknown correct filtering in the lookup interfaces from the rules for unknown
endpoint attributes. endpoint attributes.
9.4. "Endpoint Type" (et=) RD Parameter values 9.4. Endpoint Type (et=) RD Parameter Values
This specification establishes a new sub-registry under "CoRE
Parameters" called '"Endpoint Type" (et=) RD Parameter values'. The
registry properties (required policy, requirements, template) are
identical to those of the Resource Type parameters in [RFC6690], in
short:
The review policy is IETF Review for values starting with "core", and This specification establishes a new subregistry called "Endpoint
Specification Required for others. Type (et=) RD Parameter Values" within the "Constrained RESTful
Environments (CoRE) Parameters" registry. The registry properties
(required policy, requirements, and template) are identical to those
of the "Resource Type (rt=) Link Target Attribute Values" subregistry
defined in [RFC6690]; in short, the review policy is IETF Review for
values starting with "core" and Specification Required for others.
The requirements to be enforced are: The requirements to be enforced are:
* The values MUST be related to the purpose described in * The values MUST be related to the purpose described in
Section 9.3.1. Section 9.3.1.
* The registered values MUST conform to the ABNF reg-rel-type * The registered values MUST conform to the ABNF reg-rel-type
definition of [RFC6690] and MUST NOT be a URI. definition of [RFC6690] and MUST NOT be a URI.
* It is recommended to use the period "." character for * It is recommended to use the period "." character for
segmentation. segmentation.
The registry initially contains one value: The initial contents of the registry are as follows:
* "core.rd-group": An application group as described in Appendix A. +===============+====================================+===========+
| Value | Description | Reference |
+===============+====================================+===========+
| core.rd-group | An application group, as described | RFC 9176 |
| | in RFC 9176, Appendix A. | |
+---------------+------------------------------------+-----------+
9.5. Multicast Address Registration Table 5: New Endpoint Type (et=) RD Parameter Values Registry
IANA is asked to assign the following multicast addresses for use by 9.5. Multicast Address Registration
CoAP nodes:
IPv4 -- "all CoRE Resource Directories" address MCD2 (suggestion: IANA has assigned the following multicast addresses for use by CoAP
224.0.1.189), from the "IPv4 Multicast Address Space Registry". As nodes:
the address is used for discovery that may span beyond a single
network, it has come from the Internetwork Control Block (224.0.1.x)
[RFC5771].
IPv6 -- "all CoRE Resource Directories" address MCD1 (suggestions IPv4 -- "All CoRE Resource Directories" address 224.0.1.190, in the
FF0X::FE), from the "IPv6 Multicast Address Space Registry", in the "Internetwork Control Block (224.0.1.0 - 224.0.1.255
"Variable Scope Multicast Addresses" space (RFC 3307). Note that (224.0.1/24))" subregistry within the "IPv4 Multicast Address
there is a distinct multicast address for each scope that interested Space Registry". As the address is used for discovery that may
CoAP nodes should listen to; CoAP needs the Link-Local and Site-Local span beyond a single network, it has come from the Internetwork
scopes only. Control Block (224.0.1.x) [RFC5771].
[ The RFC editor is asked to replace MCD1 and MCD2 with the assigned IPv6 -- "All CoRE Resource Directories" address ff0x::fe, in the
addresses throughout the document. ] "Variable Scope Multicast Addresses" subregistry within the "IPv6
Multicast Address Space Registry" [RFC3307]. Note that there is a
distinct multicast address for each scope that interested CoAP
nodes should listen to; CoAP needs the link-local and site-local
scopes only.
9.6. Well-Known URIs 9.6. Well-Known URIs
IANA is asked to permanently register the URI suffix "rd" in the IANA has registered the URI suffix "rd" in the "Well-Known URIs"
"Well-Known URIs" registry. The change controller is the IETF, this registry as follows:
document is the reference.
9.7. Service Names and Transport Protocol Port Number Registry
IANA is asked to enter four new items into the Service Names and +============+===================+===========+===========+
Transport Protocol Port Number Registry: | URI Suffix | Change Controller | Reference | Status |
+============+===================+===========+===========+
| rd | IETF | RFC 9176 | permanent |
+------------+-------------------+-----------+-----------+
* Service name: "core-rd", Protocol: "udp", Description: "Resource Table 6: Addition to Well-Known URIs Registry
Directory accessed using CoAP"
* Service name "core-rd-dtls", Protocol: "udp", Description: 9.7. Service Name and Transport Protocol Port Number Registry
"Resource Directory accessed using CoAP over DTLS"
* Service name: "core-rd", Protocol: "tcp", Description: "Resource IANA has added four new items to the "Service Name and Transport
Directory accessed using CoAP over TCP" Protocol Port Number Registry" as follows:
* Service name "core-rd-tls", Protocol: "tcp", Description: +==============+===========+=====================+===========+
"Resource Directory accessed using CoAP over TLS" | Service Name | Transport | Description | Reference |
| | Protocol | | |
+==============+===========+=====================+===========+
| core-rd | udp | Resource Directory | RFC 9176 |
| | | accessed using CoAP | |
+--------------+-----------+---------------------+-----------+
| core-rd-dtls | udp | Resource Directory | RFC 9176 |
| | | accessed using CoAP | |
| | | over DTLS | |
+--------------+-----------+---------------------+-----------+
| core-rd | tcp | Resource Directory | RFC 9176 |
| | | accessed using CoAP | |
| | | over TCP | |
+--------------+-----------+---------------------+-----------+
| core-rd-tls | tcp | Resource Directory | RFC 9176 |
| | | accessed using CoAP | |
| | | over TLS | |
+--------------+-----------+---------------------+-----------+
All in common have this document as their reference. Table 7: Additions to Service Name and Transport Protocol
Port Number Registry
10. Examples 10. Examples
Two examples are presented: a Lighting Installation example in Two examples are presented: a lighting installation example in
Section 10.1 and a LwM2M example in Section 10.2. Section 10.1 and a Lightweight M2M (LwM2M) example in Section 10.2.
10.1. Lighting Installation 10.1. Lighting Installation
This example shows a simplified lighting installation which makes use This example shows a simplified lighting installation that makes use
of the RD with a CoAP interface to facilitate the installation and of the RD with a CoAP interface to facilitate the installation and
start-up of the application code in the lights and sensors. In startup of the application code in the lights and sensors. In
particular, the example leads to the definition of a group and the particular, the example leads to the definition of a group and the
enabling of the corresponding multicast address as described in enabling of the corresponding multicast address, as described in
Appendix A. No conclusions must be drawn on the realization of Appendix A. No conclusions must be drawn on the realization of
actual installation or naming procedures, because the example only actual installation or naming procedures, because the example only
"emphasizes" some of the issues that may influence the use of the RD emphasizes some of the issues that may influence the use of the RD
and does not pretend to be normative. and does not pretend to be normative.
10.1.1. Installation Characteristics 10.1.1. Installation Characteristics
The example assumes that the installation is managed. That means The example assumes that the installation is managed. That means
that a Commissioning Tool (CT) is used to authorize the addition of that a Commissioning Tool (CT) is used to authorize the addition of
nodes, name them, and name their services. The CT can be connected nodes, name them, and name their services. The CT can be connected
to the installation in many ways: the CT can be part of the to the installation in many ways: the CT can be part of the
installation network, connected by WiFi to the installation network, installation network, connected by Wi-Fi to the installation network,
or connected via GPRS link, or other method. connected via GPRS link, or connected by another method.
It is assumed that there are two naming authorities for the It is assumed that there are two naming authorities for the
installation: (1) the network manager that is responsible for the installation: (1) the network manager that is responsible for the
correct operation of the network and the connected interfaces, and correct operation of the network and the connected interfaces and (2)
(2) the lighting manager that is responsible for the correct the lighting manager that is responsible for the correct functioning
functioning of networked lights and sensors. The result is the of networked lights and sensors. The result is the existence of two
existence of two naming schemes coming from the two managing naming schemes coming from the two managing entities.
entities.
The example installation consists of one presence sensor, and two The example installation consists of one presence sensor and two
luminaries, luminary1 and luminary2, each with their own wireless luminaries, luminary1 and luminary2, each with their own wireless
interface. Each luminary contains three lamps: left, right and interface. Each luminary contains three lamps: left, right, and
middle. Each luminary is accessible through one endpoint. For each middle. Each luminary is accessible through one endpoint. For each
lamp a resource exists to modify the settings of a lamp in a lamp, a resource exists to modify the settings of a lamp in a
luminary. The purpose of the installation is that the presence luminary. The purpose of the installation is that the presence
sensor notifies the presence of persons to a group of lamps. The sensor notifies the presence of persons to a group of lamps. The
group of lamps consists of: middle and left lamps of luminary1 and group of lamps consists of the middle and left lamps of luminary1 and
right lamp of luminary2. the right lamp of luminary2.
Before commissioning by the lighting manager, the network is Before commissioning by the lighting manager, the network is
installed and access to the interfaces is proven to work by the installed, and access to the interfaces is proven to work by the
network manager. network manager.
At the moment of installation, the network under installation is not At the moment of installation, the network under installation is not
necessarily connected to the DNS infrastructure. Therefore, SLAAC necessarily connected to the DNS infrastructure. Therefore,
IPv6 addresses are assigned to CT, RD, luminaries and the sensor. Stateless Address Autoconfiguration (SLAAC) IPv6 addresses are
The addresses shown in Table 4 below stand in for these in the assigned to CT, RD, luminaries, and the sensor. The addresses shown
following examples. in Table 8 below stand in for these in the following examples.
+=================+================+ +=================+================+
| Name | IPv6 address | | Name | IPv6 address |
+=================+================+ +=================+================+
| luminary1 | 2001:db8:4::1 | | luminary1 | 2001:db8:4::1 |
+-----------------+----------------+ +-----------------+----------------+
| luminary2 | 2001:db8:4::2 | | luminary2 | 2001:db8:4::2 |
+-----------------+----------------+ +-----------------+----------------+
| Presence sensor | 2001:db8:4::3 | | Presence sensor | 2001:db8:4::3 |
+-----------------+----------------+ +-----------------+----------------+
| RD | 2001:db8:4::ff | | RD | 2001:db8:4::ff |
+-----------------+----------------+ +-----------------+----------------+
Table 4: Addresses used in the Table 8: Addresses Used in the
examples Examples
In Section 10.1.2 the use of RD during installation is presented. In Section 10.1.2, the use of RD during installation is presented.
10.1.2. RD entries 10.1.2. RD Entries
It is assumed that access to the DNS infrastructure is not always It is assumed that access to the DNS infrastructure is not always
possible during installation. Therefore, the SLAAC addresses are possible during installation. Therefore, the SLAAC addresses are
used in this section. used in this section.
For discovery, the resource types (rt) of the devices are important. For discovery, the resource types (rt) of the devices are important.
The lamps in the luminaries have rt=tag:example.com,2020:light, and The lamps in the luminaries have rt=tag:example.com,2020:light, and
the presence sensor has rt=tag:example.com,2020:p-sensor. The the presence sensor has rt=tag:example.com,2020:p-sensor. The
endpoints have names which are relevant to the light installation endpoints have names that are relevant to the light installation
manager. In this case luminary1, luminary2, and the presence sensor manager. In this case, luminary1, luminary2, and the presence sensor
are located in room 2-4-015, where luminary1 is located at the window are located in room 2-4-015, where luminary1 is located at the window
and luminary2 and the presence sensor are located at the door. The and luminary2 and the presence sensor are located at the door. The
endpoint names reflect this physical location. The middle, left and endpoint names reflect this physical location. The middle, left, and
right lamps are accessed via path /light/middle, /light/left, and right lamps are accessed via path /light/middle, /light/left, and
/light/right respectively. The identifiers relevant to the RD are /light/right, respectively. The identifiers relevant to the RD are
shown in Table 5 below: shown in Table 9.
+=========+================+========+===============================+ +=========+================+========+===============================+
|Name |endpoint |resource| resource type | |Name |Endpoint |Resource| Resource Type |
| | |path | | | | |Path | |
+=========+================+========+===============================+ +=========+================+========+===============================+
|luminary1|lm_R2-4-015_wndw|/light/ | tag:example.com,2020:light | |luminary1|lm_R2-4-015_wndw|/light/ | tag:example.com,2020:light |
| | |left | | | | |left | |
+---------+----------------+--------+-------------------------------+ +---------+----------------+--------+-------------------------------+
|luminary1|lm_R2-4-015_wndw|/light/ | tag:example.com,2020:light | |luminary1|lm_R2-4-015_wndw|/light/ | tag:example.com,2020:light |
| | |middle | | | | |middle | |
+---------+----------------+--------+-------------------------------+ +---------+----------------+--------+-------------------------------+
|luminary1|lm_R2-4-015_wndw|/light/ | tag:example.com,2020:light | |luminary1|lm_R2-4-015_wndw|/light/ | tag:example.com,2020:light |
| | |right | | | | |right | |
+---------+----------------+--------+-------------------------------+ +---------+----------------+--------+-------------------------------+
skipping to change at page 58, line 31 skipping to change at line 2646
|luminary2|lm_R2-4-015_door|/light/ | tag:example.com,2020:light | |luminary2|lm_R2-4-015_door|/light/ | tag:example.com,2020:light |
| | |middle | | | | |middle | |
+---------+----------------+--------+-------------------------------+ +---------+----------------+--------+-------------------------------+
|luminary2|lm_R2-4-015_door|/light/ | tag:example.com,2020:light | |luminary2|lm_R2-4-015_door|/light/ | tag:example.com,2020:light |
| | |right | | | | |right | |
+---------+----------------+--------+-------------------------------+ +---------+----------------+--------+-------------------------------+
|Presence |ps_R2-4-015_door|/ps | tag:example.com,2020:p-sensor | |Presence |ps_R2-4-015_door|/ps | tag:example.com,2020:p-sensor |
|sensor | | | | |sensor | | | |
+---------+----------------+--------+-------------------------------+ +---------+----------------+--------+-------------------------------+
Table 5: RD identifiers Table 9: RD Identifiers
It is assumed that the CT has performed RD discovery and has received It is assumed that the CT has performed RD discovery and has received
a response like the one in the Section 4.3 example. a response like the one in the example in Section 4.3.
The CT inserts the endpoints of the luminaries and the sensor in the The CT inserts the endpoints of the luminaries and the sensor in the
RD using the registration base URI parameter (base) to specify the RD using the registration base URI parameter (base) to specify the
interface address: interface address:
Req: POST coap://[2001:db8:4::ff]/rd Req: POST coap://[2001:db8:4::ff]/rd
?ep=lm_R2-4-015_wndw&base=coap://[2001:db8:4::1]&d=R2-4-015 ?ep=lm_R2-4-015_wndw&base=coap://[2001:db8:4::1]&d=R2-4-015
Payload: Payload:
</light/left>;rt="tag:example.com,2020:light", </light/left>;rt="tag:example.com,2020:light",
</light/middle>;rt="tag:example.com,2020:light", </light/middle>;rt="tag:example.com,2020:light",
skipping to change at page 59, line 33 skipping to change at line 2683
Location-Path: /rd/4522 Location-Path: /rd/4522
Req: POST coap://[2001:db8:4::ff]/rd Req: POST coap://[2001:db8:4::ff]/rd
?ep=ps_R2-4-015_door&base=coap://[2001:db8:4::3]&d=R2-4-015 ?ep=ps_R2-4-015_door&base=coap://[2001:db8:4::3]&d=R2-4-015
Payload: Payload:
</ps>;rt="tag:example.com,2020:p-sensor" </ps>;rt="tag:example.com,2020:p-sensor"
Res: 2.01 Created Res: 2.01 Created
Location-Path: /rd/4523 Location-Path: /rd/4523
Figure 24: Example of registrations a CT enters into an RD Figure 24: Example of Registrations a CT Enters into an RD
The sector name d=R2-4-015 has been added for an efficient lookup The sector name d=R2-4-015 has been added for an efficient lookup
because filtering on "ep" name is more awkward. The same sector name because filtering on the "ep" name is more awkward. The same sector
is communicated to the two luminaries and the presence sensor by the name is communicated to the two luminaries and the presence sensor by
CT. the CT.
The group is specified in the RD. The base parameter is set to the The group is specified in the RD. The base parameter is set to the
site-local multicast address allocated to the group. In the POST in site-local multicast address allocated to the group. In the POST in
the example below, the resources supported by all group members are the example below, the resources supported by all group members are
published. published.
Req: POST coap://[2001:db8:4::ff]/rd Req: POST coap://[2001:db8:4::ff]/rd
?ep=grp_R2-4-015&et=core.rd-group&base=coap://[ff05::1] ?ep=grp_R2-4-015&et=core.rd-group&base=coap://[ff05::1]
Payload: Payload:
</light/left>;rt="tag:example.com,2020:light", </light/left>;rt="tag:example.com,2020:light",
</light/middle>;rt="tag:example.com,2020:light", </light/middle>;rt="tag:example.com,2020:light",
</light/right>;rt="tag:example.com,2020:light" </light/right>;rt="tag:example.com,2020:light"
Res: 2.01 Created Res: 2.01 Created
Location-Path: /rd/501 Location-Path: /rd/501
Figure 25: Example of a multicast group a CT enters into an RD Figure 25: Example of a Multicast Group a CT Enters into an RD
After the filling of the RD by the CT, the application in the After the filling of the RD by the CT, the application in the
luminaries can learn to which groups they belong, and enable their luminaries can learn to which groups they belong and enable their
interface for the multicast address. interface for the multicast address.
The luminary, knowing its sector and being configured to join any The luminary, knowing its sector and being configured to join any
group containing lights, searches for candidate groups and joins group containing lights, searches for candidate groups and joins
them: them:
Req: GET coap://[2001:db8:4::ff]/rd-lookup/ep Req: GET coap://[2001:db8:4::ff]/rd-lookup/ep
?d=R2-4-015&et=core.rd-group&rt=light ?d=R2-4-015&et=core.rd-group&rt=light
Res: 2.05 Content Res: 2.05 Content
Payload: Payload:
</rd/501>;ep=grp_R2-4-015;et=core.rd-group; </rd/501>;ep=grp_R2-4-015;et=core.rd-group;
base="coap://[ff05::1]";rt=core.rd-ep base="coap://[ff05::1]";rt=core.rd-ep
Figure 26: Example of a lookup exchange to find suitable Figure 26: Example of a Lookup Exchange to Find Suitable
multicast addresses Multicast Addresses
From the returned base parameter value, the luminary learns the From the returned base parameter value, the luminary learns the
multicast address of the multicast group. multicast address of the multicast group.
The presence sensor can learn the presence of groups that support The presence sensor can learn the presence of groups that support
resources with rt=tag:example.com,2020:light in its own sector by resources with rt=tag:example.com,2020:light in its own sector by
sending the same request, as used by the luminary. The presence sending the same request, as used by the luminary. The presence
sensor learns the multicast address to use for sending messages to sensor learns the multicast address to use for sending messages to
the luminaries. the luminaries.
10.2. OMA Lightweight M2M (LwM2M) 10.2. OMA Lightweight M2M (LwM2M)
OMA LwM2M is a profile for device services based on CoAP, providing OMA LwM2M is a profile for device services based on CoAP, providing
interfaces and operations for device management and device service interfaces and operations for device management and device service
enablement. enablement.
An LwM2M server is an instance of an LwM2M middleware service layer, An LwM2M server is an instance of an LwM2M middleware service layer,
containing an RD ([LwM2M] page 36f). containing an RD ([LwM2M], starting at page 36).
That RD only implements the registration interface, and no lookup is That RD only implements the registration interface, and no lookup is
implemented. Instead, the LwM2M server provides access to the implemented. Instead, the LwM2M server provides access to the
registered resources, in a similar way to a reverse proxy. registered resources in a similar way to a reverse proxy.
The location of the LwM2M Server and RD URI path is provided by the The location of the LwM2M server and RD URI path is provided by the
LwM2M Bootstrap process, so no dynamic discovery of the RD is used. LwM2M bootstrap process, so no dynamic discovery of the RD is used.
LwM2M Servers and endpoints are not required to implement the /.well- LwM2M servers and endpoints are not required to implement the /.well-
known/core resource. known/core resource.
11. Acknowledgments 11. References
Oscar Novo, Srdjan Krco, Szymon Sasin, Kerry Lynn, Esko Dijk, Anders
Brandt, Matthieu Vial, Jim Schaad, Mohit Sethi, Hauke Petersen,
Hannes Tschofenig, Sampo Ukkola, Linyi Tian, Jan Newmarch, Matthias
Kovatsch, Jaime Jimenez and Ted Lemon have provided helpful comments,
discussions and ideas to improve and shape this document. Zach would
also like to thank his colleagues from the EU FP7 SENSEI project,
where many of the RD concepts were originally developed.
12. Changelog
changes from -27 to -28
* Security policies / link confidentiality: Point out the RD's
obligations that follow from such a policy.
* Simple registration: clarify term "regular registration" by
introducing it along with the reference to Section 5
* Wording fix in first-come-first-remembered
* Wording fixes in RD definition
* Capitalization: Consistently using "registration resource"
changes from -26 to -27
* In general, this addresses the points that were pointed out in
https://mailarchive.ietf.org/arch/msg/core/xWLomwwhovkU-
CPGNxnvs40BhaM/ as having "evolved from the review comments being
discussed in the interim meetings", and the review comments from
Esko Dijk that were largely entangled in these points.
* Relaxation of the serialization rules for link-format
The interpretation of RFC6690 used in Appendix B.4 was shown to be
faulty. Along with a correction, the common implementations of
link-format were surveyed again and it was found that the only one
that employed the faulty interpretation can still safely be
upgraded. These were removed from the set considered for Limited
Link Format, making the set of valid Limited Link Format documents
larger.
As a consequence, the prescribed serialization of RD output can be
roughly halved in bytes.
There might be additional usage patterns that are possible with
the new set of constraints, but there is insufficient
implementation and deployment experience with them to warrant a
change changes on that front at this point. The specification can
later be extended compatibly to allow these cases and drop the
requirement of Limited Link Format.
* Add Request freshness subsection
It is now recommended (with security considerations on
consequences of not doing it) to require ordering of RD
operations.
The Echo mechanism (previously suggested in various places but
never exclusively) is the one prescribed way of getting this
ordering, making the echo-request-tag reference normative.
* Improved expression about when an RD needs to verify simple
registration.
The simple wording missed the authorization part, and did not
emphasize that this is a per-deployment property.
* Point out the non-atomic properties of paginated access.
* Clarification around impl-info reference.
* Inconsistencies and extraneous quotings removed from examples.
changes from -25 to -26
* Security policies:
- The First-Come-First-Remembered policy is added as an example
and a potential default behavior.
- Clarify that the mapping between endpoint names and subject
fields is up to a policy that defines reliance on names, and
give an example.
- Random EP names: Point that multiple collisions are possible
but unlikely.
- Add pointers to policies:
o RD replication: Point out that policies may limit that.
o Registration: Reword (ep, d) mapping to a previous
registration's resource that could have been read as another
endpoint taking over an existing registration.
- Clarify that the security policy is a property of the RD the
any client may need to verify by checking the RD's
authorization.
- Clarify how information from an untrusted RD can be verified
- Remove speculation about how in detail ACE scopes are obtained.
* Security considerations:
- Generalize to all current options for security layers usable
with CoAP (OSCORE was missing as the text predated RFC8613)
- Relax the previous SHOULD on secure access to SHOULD where
protection is indicated by security policies (bringing the text
in line with the -25 changes)
- Point out that failure to follow the security considerations
has implications depending on the protection objective
described with the security policies
- Shorten amplification mitigation
- Add note about information in Registration Resource path.
- Acknowledge that most host discovery operations are not
secured; mention consequences and mitigation.
* Abstract, introduction: removed "or disperse networks"
* RD discovery:
- Drop the previously stated assumption that RDAO and any DHCP
options would only be used together with SLAAC and DHCP for
address configuration, respectivly.
- Give concrete guidance for address selection based on RFC6724
when responding to multicasts
- RDAO:
o Clarify that it is an option for RAs and not other ND
messages.
o Change Lifetime from 16-bit minutes to 32-bit seconds and
swap it with Reserved (aligning it with RDNSS which it
shares other properties as well).
- Point out that clients may need to check RD authorization
already in last discovery step
* Registration:
- Wording around "mostly mandatory" has been improved, conflicts
clarified and sector default selection adjusted.
* Simple registration: Rather than coopting POSTs to /.well-known/
core, a new resource /.well-known/rd is registered. A historical
note in the text documents the change.
* Examples:
- Use example URIs rather than unclear reg names (unless it's
RFC6690 examples, which were kept for continuity)
- The LwM2M example was reduced from an outdated explanation of
the complete LwM2M model to a summary of how RD is used in
there, with a reference to the current specification.
- Luminary example: Explain example addresses
- Luminary example: Drop reference to coap-group mechanism that's
becoming obsolete, and thus also to RFC7390
- Multicast addresses in the examples were changed from
ff35:30:2001:db8::x to ff35:30:2001:db8:f1::8000:x; the 8000 is
to follow RFC 3307, and the f1 is for consistency with all the
other example addresses where 2001:db8::/32 is subnetted to
2001:db8:x::/48 by groups of internally consistent examples.
* Use case text enhancements
- Home and building automation: Tie in with RD
- M2M: Move system design paragraph towards the topic of
reusability.
* Various editorial fixes in response to Gen-ART and IESG reviews.
* Rename 'Full description of the "Endpoint Type" Registration
Parameter' section to '... RD Parameter'
* Error handling: Place a SHOULD around the likely cases, and make
the previous "MUST to the best of their capabilities" a "must".
* impl-info: Add note about the type being WIP
* Interaction tables: list CTs as possible initiators where
applicable
* Registration update: Relax requirement to not send parameters
needlessly
* Terminology: Clarify that the CTs' installation events can occur
multiple times.
* Promote RFCs 7252, 7230 and 8288 to normative references
* Moved Christian Amsuess to first author
changes from -24 to -25
* Large rework of section 7 (Security policies)
Rather than prescribing which data in the RD _is_ authenticated
(and how), it now describes what applications built on an RD _can_
choose to authenticate, show possibilities on how to do it and
outline what it means for clients.
This addresses Russ' Genart review points on details in the text
in a rather broad fashion. That is because the discussion on the
topic inside the WG showed that that text on security has been
driven more review-by-review than by an architectural plan of the
authors and WG.
* Add concrete suggestions (twice as long as registrant number with
retries, or UUIDs without) for random endpoint names
* Point out that simple registration can have faked origins,
RECOMMEND mitigation when applicable and suggest the Echo
mechanism to implement it.
* Reference existing and upcoming specifications for DDOS mitigation
in CoAP.
* Explain the provenance of the example's multicast address.
* Make "SHOULD" of not manipulating foreign registrations a "should"
and explain how it is enforced
* Clarify application of RFC6570 to search parameters
* Syntactic fixes in examples
* IANA:
- Don't announce expected number of registrations (goes to write-
up)
- Include syntax as part of a field's validity in entry
requirements
* Editorial changes
- Align wording between abstract and introduction
- Abbreviation normalization: "ER model", "RD"
- RFC8174 boilerplate update
- Minor clarity fixes
- Markup and layouting
changes from -23 to -24
* Discovery using DNS-SD added again
* Minimum lifetime (lt) reduced from 60 to 1
* References added
* IANA considerations
- added about .well-known/core resource
- added DNS-SD service names
- made RDAO option number a suggestion
- added "reference" field to endpoint type registry
* Lookup: mention that anchor is a legitimate lookup attribute
* Terminology and example fixes
* Layout fixes, esp. the use of non-ASCII characters in figures
changes from -22 to -23
* Explain that updates can not remove attributes
* Typo fixes
changes from -21 to -22
* Request a dedicated IPv4 address from IANA (rather than sharing
with All CoAP nodes)
* Fix erroneous examples
* Editorial changes
- Add figure numbers to examples
- Update RD parameters table to reflect changes of earlier
versions in the text
- Typos and minor wording
changes from -20 to -21
(Processing comments during WGLC)
* Defer outdated description of using DNS-SD to find an RD to the
defining document
* Describe operational conditions in automation example
* Recommend particular discovery mechanisms for some managed network
scenarios
changes from -19 to -20
(Processing comments from the WG chair review)
* Define the permissible characters in endpoint and sector names
* Express requirements on NAT situations in more abstract terms
* Shifted heading levels to have the interfaces on the same level
* Group instructions for error handling into general section
* Simple Registration: process reflowed into items list
* Updated introduction to reflect state of CoRE in general,
reference RFC7228 (defining "constrained") and use "IoT" term in
addition to "M2M"
* Update acknowledgements
* Assorted editorial changes
- Unify examples style
- Terminology: RDAO defined and not only expanded
- Add CT to Figure 1
- Consistency in the use of the term "Content Format"
changes from -18 to -19
* link-local addresses: allow but prescribe split-horizon fashion
when used, disallow zone identifiers
* Remove informative references to documents not mentioned any more
changes from -17 to -18
* Rather than re-specifying link format (Modernized Link Format),
describe a Limited Link Format that's the uncontested subset of
Link Format
* Acknowledging the -17 version as part of the draft
* Move "Read endpoint links" operation to future specification like
PATCH
* Demote links-json to an informative reference, and removed them
from exchange examples
* Add note on unusability of link-local IP addresses, and describe
mitigation.
* Reshuffling of sections: Move additional operations and endpoint
lookup back from appendix, and groups into one
* Lookup interface tightened to not imply applicability for non
link-format lookups (as those can have vastly different views on
link cardinality)
* Simple registration: Change sequence of GET and POST-response,
ensuring unsuccessful registrations are reported as such, and
suggest how devices that would have required the inverse behavior
can still cope with it.
* Abstract and introduction reworded to avoid the impression that
resources are stored in full in the RD
* Simplify the rules governing when a registration resource can or
must be changed.
* Drop a figure that has become useless due to the changes of and
-13 and -17
* Wording consistency fixes: Use "Registrations" and "target
attributes"
* Fix incorrect use of content negotiation in discovery interface
description (Content-Format -> Accept)
* State that the base attribute value is part of endpoint lookup
even when implicit in the registration
* Update references from RFC5988 to its update RFC8288
* Remove appendix on protocol-negotiation (which had a note to be
removed before publication)
changes from -16 to -17
(Note that -17 is published as a direct follow-up to -16, containing
a single change to be discussed at IETF103)
* Removed groups that are enumerations of registrations and have
dedicated mechanism
* Add groups that are enumerations of shared resources and are a
special case of endpoint registrations
changes from -15 to -16
* Recommend a common set of resources for members of a group
* Clarified use of multicast group in lighting example
* Add note on concurrent registrations from one EP being possible
but not expected
* Refresh web examples appendix to reflect current use of Modernized
Link Format
* Add examples of URIs where Modernized Link Format matters
* Editorial changes
changes from -14 to -15
* Rewrite of section "Security policies"
* Clarify that the "base" parameter text applies both to relative
references both in anchor and href
* Renamed "Registree-EP" to Registrant-EP"
* Talk of "relative references" and "URIs" rather than "relative"
and "absolute" URIs. (The concept of "absolute URIs" of [RFC3986]
is not needed in RD).
* Fixed examples
* Editorial changes
changes from -13 to -14
* Rename "registration context" to "registration base URI" (and
"con" to "base") and "domain" to "sector" (where the abbreviation
"d" stays for compatibility reasons)
* Introduced resource types core.rd-ep and core.rd-gp
* Registration management moved to appendix A, including endpoint
and group lookup
* Minor editorial changes
- PATCH/iPATCH is clearly deferred to another document
- Recommend against query / fragment identifier in con=
- Interface description lists are described as illustrative
- Rewording of Simple Registration
* Simple registration carries no error information and succeeds
immediately (previously, sequence was unspecified)
* Lookup: href are matched against resolved values (previously, this
was unspecified)
* Lookup: lt are not exposed any more
* con/base: Paths are allowed
* Registration resource locations can not have query or fragment
parts
* Default life time extended to 25 hours
* clarified registration update rules
* lt-value semantics for lookup clarified.
* added template for simple registration
changes from -12 to -13
* Added "all resource directory" nodes MC address
* Clarified observation behavior
* version identification
* example rt= and et= values
* domain from figure 2
* more explanatory text
* endpoints of a groups hosted by different RD
* resolve RFC6690-vs-8288 resolution ambiguities:
- require registered links not to be relative when using anchor
- return absolute URIs in resource lookup
changes from -11 to -12
* added Content Model section, including ER diagram
* removed domain lookup interface; domains are now plain attributes
of groups and endpoints
* updated chapter "Finding a Resource Directory"; now distinguishes
configuration-provided, network-provided and heuristic sources
* improved text on: atomicity, idempotency, lookup with multiple
parameters, endpoint removal, simple registration
* updated LWM2M description
* clarified where relative references are resolved, and how context
and anchor interact
* new appendix on the interaction with RFCs 6690, 5988 and 3986
* lookup interface: group and endpoint lookup return group and
registration resources as link targets
* lookup interface: search parameters work the same across all
entities
* removed all methods that modify links in an existing registration
(POST with payload, PATCH and iPATCH)
* removed plurality definition (was only needed for link
modification)
* enhanced IANA registry text
* state that lookup resources can be observable
* More examples and improved text
changes from -09 to -10
* removed "ins" and "exp" link-format extensions.
* removed all text concerning DNS-SD.
* removed inconsistency in RDAO text.
* suggestions taken over from various sources
* replaced "Function Set" with "REST API", "base URI", "base path"
* moved simple registration to registration section
changes from -08 to -09
* clarified the "example use" of the base RD resource values /rd,
/rd-lookup, and /rd-group.
* changed "ins" ABNF notation.
* various editorial improvements, including in examples
* clarifications for RDAO
changes from -07 to -08
* removed link target value returned from domain and group lookup
types
* Maximum length of domain parameter 63 bytes for consistency with
group
* removed option for simple POST of link data, don't require a
.well-known/core resource to accept POST data and handle it in a
special way; we already have /rd for that
* add IPv6 ND Option for discovery of an RD
* clarify group configuration section 6.1 that endpoints must be
registered before including them in a group
* removed all superfluous client-server diagrams
* simplified lighting example
* introduced Commissioning Tool
* RD-Look-up text is extended.
changes from -06 to -07
* added text in the discovery section to allow content format hints
to be exposed in the discovery link attributes
* editorial updates to section 9
* update author information
* minor text corrections
Changes from -05 to -06
* added note that the PATCH section is contingent on the progress of
the PATCH method
changes from -04 to -05
* added Update Endpoint Links using PATCH
* http access made explicit in interface specification
* Added http examples
Changes from -03 to -04:
* Added http response codes
* Clarified endpoint name usage
* Add application/link-format+cbor content-format
Changes from -02 to -03:
* Added an example for lighting and DNS integration
* Added an example for RD use in OMA LWM2M
* Added Read Links operation for link inspection by endpoints
* Expanded DNS-SD section
* Added draft authors Peter van der Stok and Michael Koster
Changes from -01 to -02:
* Added a catalogue use case.
* Changed the registration update to a POST with optional link
format payload. Removed the endpoint type update from the update.
* Additional examples section added for more complex use cases.
* New DNS-SD mapping section.
* Added text on endpoint identification and authentication.
* Error code 4.04 added to Registration Update and Delete requests.
* Made 63 bytes a SHOULD rather than a MUST for endpoint name and
resource type parameters.
Changes from -00 to -01:
* Removed the ETag validation feature.
* Place holder for the DNS-SD mapping section.
* Explicitly disabled GET or POST on returned Location.
* New registry for RD parameters.
* Added support for the JSON Link Format.
* Added reference to the Groupcomm WG draft.
Changes from -05 to WG Document -00:
* Updated the version and date.
Changes from -04 to -05:
* Restricted Update to parameter updates.
* Added pagination support for the Lookup interface.
* Minor editing, bug fixes and reference updates.
* Added group support.
* Changed rt to et for the registration and update interface.
Changes from -03 to -04:
* Added the ins= parameter back for the DNS-SD mapping.
* Integrated the Simple Directory Discovery from Carsten.
* Editorial improvements.
* Fixed the use of ETags.
* Fixed tickets 383 and 372
Changes from -02 to -03:
* Changed the endpoint name back to a single registration parameter
ep= and removed the h= and ins= parameters.
* Updated REST interface descriptions to use RFC6570 URI Template
format.
* Introduced an improved RD Lookup design as its own function set.
* Improved the security considerations section.
* Made the POST registration interface idempotent by requiring the
ep= parameter to be present.
Changes from -01 to -02:
* Added a terminology section.
* Changed the inclusion of an ETag in registration or update to a
MAY.
* Added the concept of an RD Domain and a registration parameter for
it.
* Recommended the Location returned from a registration to be
stable, allowing for endpoint and Domain information to be changed
during updates.
* Changed the lookup interface to accept endpoint and Domain as
query string parameters to control the scope of a lookup.
13. References
13.1. Normative References
[I-D.ietf-core-echo-request-tag] 11.1. Normative References
Amsüss, C., Mattsson, J. P., and G. Selander, "CoAP: Echo,
Request-Tag, and Token Processing", Work in Progress,
Internet-Draft, draft-ietf-core-echo-request-tag-12, 1
February 2021, <https://www.ietf.org/archive/id/draft-
ietf-core-echo-request-tag-12.txt>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005, RFC 3986, DOI 10.17487/RFC3986, January 2005,
<https://www.rfc-editor.org/info/rfc3986>. <https://www.rfc-editor.org/info/rfc3986>.
skipping to change at page 77, line 46 skipping to change at line 2803
<https://www.rfc-editor.org/info/rfc8126>. <https://www.rfc-editor.org/info/rfc8126>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8288] Nottingham, M., "Web Linking", RFC 8288, [RFC8288] Nottingham, M., "Web Linking", RFC 8288,
DOI 10.17487/RFC8288, October 2017, DOI 10.17487/RFC8288, October 2017,
<https://www.rfc-editor.org/info/rfc8288>. <https://www.rfc-editor.org/info/rfc8288>.
13.2. Informative References [RFC9175] Amsüss, C., Preuß Mattsson, J., and G. Selander,
"Constrained Application Protocol (CoAP): Echo, Request-
[ER] Chen, P., "The entity-relationship model--toward a unified Tag, and Token Processing", RFC 9175,
view of data", DOI 10.1145/320434.320440, ACM Transactions DOI 10.17487/RFC9175, February 2022,
on Database Systems Vol. 1, pp. 9-36, March 1976, <https://www.rfc-editor.org/info/rfc9175>.
<https://doi.org/10.1145/320434.320440>.
[I-D.bormann-t2trg-rel-impl]
Bormann, C., "impl-info: A link relation type for
disclosing implementation information", Work in Progress,
Internet-Draft, draft-bormann-t2trg-rel-impl-02, 27
September 2020, <https://www.ietf.org/archive/id/draft-
bormann-t2trg-rel-impl-02.txt>.
[I-D.hartke-t2trg-coral] 11.2. Informative References
Hartke, K., "The Constrained RESTful Application Language
(CoRAL)", Work in Progress, Internet-Draft, draft-hartke-
t2trg-coral-09, 8 July 2019,
<https://www.ietf.org/archive/id/draft-hartke-t2trg-coral-
09.txt>.
[I-D.ietf-ace-oauth-authz] [ACE-OAUTH-AUTHZ]
Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and
H. Tschofenig, "Authentication and Authorization for H. Tschofenig, "Authentication and Authorization for
Constrained Environments (ACE) using the OAuth 2.0 Constrained Environments Using the OAuth 2.0 Framework
Framework (ACE-OAuth)", Work in Progress, Internet-Draft, (ACE-OAuth)", Work in Progress, Internet-Draft, draft-
draft-ietf-ace-oauth-authz-37, 4 February 2021, ietf-ace-oauth-authz-46, 8 November 2021,
<https://www.ietf.org/archive/id/draft-ietf-ace-oauth- <https://datatracker.ietf.org/doc/html/draft-ietf-ace-
authz-37.txt>. oauth-authz-46>.
[I-D.ietf-core-links-json] [COAP-PROT-NEG]
LI, K., Rahman, A., and C. Bormann, "Representing Silverajan, B. and M. Ocak, "CoAP Protocol Negotiation",
Work in Progress, Internet-Draft, draft-silverajan-core-
coap-protocol-negotiation-09, 2 July 2018,
<https://datatracker.ietf.org/doc/html/draft-silverajan-
core-coap-protocol-negotiation-09>.
[CORE-CORAL]
Amsüss, C. and T. Fossati, "The Constrained RESTful
Application Language (CoRAL)", Work in Progress, Internet-
Draft, draft-ietf-core-coral-05, 7 March 2022,
<https://datatracker.ietf.org/doc/html/draft-ietf-core-
coral-05>.
[CORE-LINKS-JSON]
Li, K., Rahman, A., and C. Bormann, Ed., "Representing
Constrained RESTful Environments (CoRE) Link Format in Constrained RESTful Environments (CoRE) Link Format in
JSON and CBOR", Work in Progress, Internet-Draft, draft- JSON and CBOR", Work in Progress, Internet-Draft, draft-
ietf-core-links-json-10, 26 February 2018, ietf-core-links-json-10, 26 February 2018,
<https://www.ietf.org/archive/id/draft-ietf-core-links- <https://datatracker.ietf.org/doc/html/draft-ietf-core-
json-10.txt>. links-json-10>.
[I-D.ietf-core-rd-dns-sd] [CORE-RD-DNS-SD]
Stok, P. V. D., Koster, M., and C. Amsüss, "CoRE Resource van der Stok, P., Koster, M., and C. Amsuess, "CoRE
Directory: DNS-SD mapping", Work in Progress, Internet- Resource Directory: DNS-SD mapping", Work in Progress,
Draft, draft-ietf-core-rd-dns-sd-05, 7 July 2019, Internet-Draft, draft-ietf-core-rd-dns-sd-05, 7 July 2019,
<https://www.ietf.org/archive/id/draft-ietf-core-rd-dns- <https://datatracker.ietf.org/doc/html/draft-ietf-core-rd-
sd-05.txt>. dns-sd-05>.
[I-D.silverajan-core-coap-protocol-negotiation] [ER] Chen, P., "The entity-relationship model--toward a unified
Silverajan, B. and M. Ocak, "CoAP Protocol Negotiation", view of data", ACM Transactions on Database Systems, Vol.
Work in Progress, Internet-Draft, draft-silverajan-core- 1, pp. 9-36, DOI 10.1145/320434.320440, March 1976,
coap-protocol-negotiation-09, 2 July 2018, <https://doi.org/10.1145/320434.320440>.
<https://www.ietf.org/archive/id/draft-silverajan-core-
coap-protocol-negotiation-09.txt>.
[LwM2M] Open Mobile Alliance, "Lightweight Machine to Machine [LwM2M] Open Mobile Alliance, "Lightweight Machine to Machine
Technical Specification: Transport Bindings (Candidate Technical Specification: Transport Bindings (Candidate
Version 1.1)", 12 June 2018, Version 1.1)", June 2018,
<https://openmobilealliance.org/RELEASE/LightweightM2M/ <https://openmobilealliance.org/RELEASE/LightweightM2M/
V1_1-20180612-C/OMA-TS-LightweightM2M_Transport- V1_1-20180612-C/OMA-TS-LightweightM2M_Transport-
V1_1-20180612-C.pdf>. V1_1-20180612-C.pdf>.
[RFC3306] Haberman, B. and D. Thaler, "Unicast-Prefix-based IPv6 [RFC3306] Haberman, B. and D. Thaler, "Unicast-Prefix-based IPv6
Multicast Addresses", RFC 3306, DOI 10.17487/RFC3306, Multicast Addresses", RFC 3306, DOI 10.17487/RFC3306,
August 2002, <https://www.rfc-editor.org/info/rfc3306>. August 2002, <https://www.rfc-editor.org/info/rfc3306>.
[RFC3307] Haberman, B., "Allocation Guidelines for IPv6 Multicast
Addresses", RFC 3307, DOI 10.17487/RFC3307, August 2002,
<https://www.rfc-editor.org/info/rfc3307>.
[RFC3849] Huston, G., Lord, A., and P. Smith, "IPv6 Address Prefix [RFC3849] Huston, G., Lord, A., and P. Smith, "IPv6 Address Prefix
Reserved for Documentation", RFC 3849, Reserved for Documentation", RFC 3849,
DOI 10.17487/RFC3849, July 2004, DOI 10.17487/RFC3849, July 2004,
<https://www.rfc-editor.org/info/rfc3849>. <https://www.rfc-editor.org/info/rfc3849>.
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally
Unique IDentifier (UUID) URN Namespace", RFC 4122, Unique IDentifier (UUID) URN Namespace", RFC 4122,
DOI 10.17487/RFC4122, July 2005, DOI 10.17487/RFC4122, July 2005,
<https://www.rfc-editor.org/info/rfc4122>. <https://www.rfc-editor.org/info/rfc4122>.
skipping to change at page 80, line 29 skipping to change at line 2934
[RFC8141] Saint-Andre, P. and J. Klensin, "Uniform Resource Names [RFC8141] Saint-Andre, P. and J. Klensin, "Uniform Resource Names
(URNs)", RFC 8141, DOI 10.17487/RFC8141, April 2017, (URNs)", RFC 8141, DOI 10.17487/RFC8141, April 2017,
<https://www.rfc-editor.org/info/rfc8141>. <https://www.rfc-editor.org/info/rfc8141>.
[RFC8613] Selander, G., Mattsson, J., Palombini, F., and L. Seitz, [RFC8613] Selander, G., Mattsson, J., Palombini, F., and L. Seitz,
"Object Security for Constrained RESTful Environments "Object Security for Constrained RESTful Environments
(OSCORE)", RFC 8613, DOI 10.17487/RFC8613, July 2019, (OSCORE)", RFC 8613, DOI 10.17487/RFC8613, July 2019,
<https://www.rfc-editor.org/info/rfc8613>. <https://www.rfc-editor.org/info/rfc8613>.
[T2TRG-REL-IMPL]
Bormann, C., "impl-info: A link relation type for
disclosing implementation information", Work in Progress,
Internet-Draft, draft-bormann-t2trg-rel-impl-02, 27
September 2020, <https://datatracker.ietf.org/doc/html/
draft-bormann-t2trg-rel-impl-02>.
Appendix A. Groups Registration and Lookup Appendix A. Groups Registration and Lookup
The RD-Groups usage pattern allows announcing application groups The RD-Group's usage pattern allows announcing application groups
inside an RD. inside an RD.
Groups are represented by endpoint registrations. Their base address Groups are represented by endpoint registrations. Their base address
is a multicast address, and they SHOULD be entered with the endpoint is a multicast address, and they SHOULD be entered with the endpoint
type "core.rd-group". The endpoint name can also be referred to as a type core.rd-group. The endpoint name can also be referred to as a
group name in this context. group name in this context.
The registration is inserted into the RD by a Commissioning Tool, The registration is inserted into the RD by a Commissioning Tool,
which might also be known as a group manager here. It performs third which might also be known as a group manager here. It performs
party registration and registration updates. third-party registration and registration updates.
The links it registers SHOULD be available on all members that join The links it registers SHOULD be available on all members that join
the group. Depending on the application, members that lack some the group. Depending on the application, members that lack some
resource MAY be permissible if requests to them fail gracefully. resources MAY be permissible if requests to them fail gracefully.
The following example shows a CT registering a group with the name The following example shows a CT registering a group with the name
"lights" which provides two resources. The directory resource path "lights", which provides two resources. The directory resource path
/rd is an example RD location discovered in a request similar to /rd is an example RD location discovered in a request similar to
Figure 5. The group address in the example is constructed from Figure 5. The group address in the example is constructed from the
[RFC3849]'s reserved 2001:db8:: prefix as a unicast-prefix based reserved 2001:db8:: prefix in [RFC3849] as a unicast-prefix-based
site-local address (see [RFC3306]. site-local address (see [RFC3306]).
Req: POST coap://rd.example.com/rd?ep=lights&et=core.rd-group Req: POST coap://rd.example.com/rd?ep=lights&et=core.rd-group
&base=coap://[ff35:30:2001:db8:f1::8000:1] &base=coap://[ff35:30:2001:db8:f1::8000:1]
Content-Format: 40 Content-Format: 40
Payload: Payload:
</light>;rt="tag:example.com,2020:light"; </light>;rt="tag:example.com,2020:light";
if="tag:example.net,2020:actuator", if="tag:example.net,2020:actuator",
</color-temperature>;if="tag:example.net,2020:parameter";u=K </color-temperature>;if="tag:example.net,2020:parameter";u=K
Res: 2.01 Created Res: 2.01 Created
Location-Path: /rd/12 Location-Path: /rd/12
Figure 27: Example registration of a group Figure 27: Example Registration of a Group
In this example, the group manager can easily permit devices that In this example, the group manager can easily permit devices that
have no writable color-temperature to join, as they would still have no writable color-temperature to join, as they would still
respond to brightness changing commands. Had the group instead respond to brightness-changing commands. Had the group instead
contained a single resource that sets brightness and color contained a single resource that sets brightness and color-
temperature atomically, endpoints would need to support both temperature atomically, endpoints would need to support both
properties. properties.
The resources of a group can be looked up like any other resource, The resources of a group can be looked up like any other resource,
and the group registrations (along with any additional registration and the group registrations (along with any additional registration
parameters) can be looked up using the endpoint lookup interface. parameters) can be looked up using the endpoint lookup interface.
The following example shows a client performing an endpoint lookup The following example shows a client performing an endpoint lookup
for all groups. for all groups:
Req: GET /rd-lookup/ep?et=core.rd-group Req: GET /rd-lookup/ep?et=core.rd-group
Res: 2.05 Content Res: 2.05 Content
Payload: Payload:
</rd/12>;ep=lights&et=core.rd-group; </rd/12>;ep=lights&et=core.rd-group;
base="coap://[ff35:30:2001:f1:db8::8000:1]";rt=core.rd-ep base="coap://[ff35:30:2001:f1:db8::8000:1]";rt=core.rd-ep
Figure 28: Example lookup of groups Figure 28: Example Lookup of Groups
The following example shows a client performing a lookup of all The following example shows a client performing a lookup of all
resources of all endpoints (groups) with et=core.rd-group. resources of all endpoints (groups) with et=core.rd-group:
Req: GET /rd-lookup/res?et=core.rd-group Req: GET /rd-lookup/res?et=core.rd-group
Res: 2.05 Content Res: 2.05 Content
Payload: Payload:
<coap://[ff35:30:2001:db8:f1::8000:1]/light>; <coap://[ff35:30:2001:db8:f1::8000:1]/light>;
rt="tag:example.com,2020:light"; rt="tag:example.com,2020:light";
if="tag:example.net,2020:actuator", if="tag:example.net,2020:actuator",
<coap://[ff35:30:2001:db8:f1::8000:1]/color-temperature>; <coap://[ff35:30:2001:db8:f1::8000:1]/color-temperature>;
if="tag:example.net,2020:parameter";u=K, if="tag:example.net,2020:parameter";u=K,
Figure 29: Example lookup of resources inside groups
Appendix B. Web links and the Resource Directory Figure 29: Example Lookup of Resources Inside Groups
Appendix B. Web Links and the Resource Directory
Understanding the semantics of a link-format document and its URI Understanding the semantics of a link-format document and its URI
references is a journey through different documents ([RFC3986] references is a journey through different documents ([RFC3986]
defining URIs, [RFC6690] defining link-format documents based on defining URIs, [RFC6690] defining link-format documents based on
[RFC8288] which defines Link header fields, and [RFC7252] providing [RFC8288], which defines Link header fields, and [RFC7252] providing
the transport). This appendix summarizes the mechanisms and the transport). This appendix summarizes the mechanisms and
semantics at play from an entry in "/.well-known/core" to a resource semantics at play from an entry in /.well-known/core to a resource
lookup. lookup.
This text is primarily aimed at people entering the field of This text is primarily aimed at people entering the field of
Constrained Restful Environments from applications that previously Constrained Restful Environments from applications that previously
did not use web mechanisms. did not use web mechanisms.
B.1. A simple example B.1. A Simple Example
Let's start this example with a very simple host, "2001:db8:f0::1". Let's start this example with a very simple host, 2001:db8:f0::1. A
A client that follows classical CoAP Discovery ([RFC7252] Section 7), client that follows classical CoAP discovery ([RFC7252], Section 7)
sends the following multicast request to learn about neighbours sends the following multicast request to learn about neighbors
supporting resources with resource-type "temperature". supporting resources with resource-type "temperature".
The client sends a link-local multicast: The client sends a link-local multicast:
Req: GET coap://[ff02::fd]:5683/.well-known/core?rt=temperature Req: GET coap://[ff02::fd]:5683/.well-known/core?rt=temperature
Res: 2.05 Content Res: 2.05 Content
Payload: Payload:
</sensors/temp>;rt=temperature;ct=0 </sensors/temp>;rt=temperature;ct=0
Figure 30: Example of direct resource discovery Figure 30: Example of Direct Resource Discovery
where the response is sent by the server, "[2001:db8:f0::1]:5683". where the response is sent by the server, [2001:db8:f0::1]:5683.
While the client -- on the practical or implementation side -- can While a practical client side implementation might just go ahead and
just go ahead and create a new request to "[2001:db8:f0::1]:5683" create a new request to [2001:db8:f0::1]:5683 with Uri-Path sensors
with Uri-Path: "sensors" and "temp", the full resolution steps for and temp, the full resolution steps for insertion into and retrieval
insertion into and retrieval from the RD without any shortcuts are: from the RD without any shortcuts are as follows.
B.1.1. Resolving the URIs B.1.1. Resolving the URIs
The client parses the single returned record. The link's target The client parses the single returned link. Its target (sometimes
(sometimes called "href") is ""/sensors/temp"", which is a relative called "href") is /sensors/temp, which is a relative URI that needs
URI that needs resolving. The base URI resolving. The base URI coap://[ff02::fd]:5683/.well-known/core is
<coap://[ff02::fd]:5683/.well-known/core> is used to resolve the used to resolve the reference against /sensors/temp.
reference /sensors/temp against.
The Base URI of the requested resource can be composed from the The base URI of the requested resource can be composed from the
options of the CoAP GET request by following the steps of [RFC7252] options of the CoAP GET request by following the steps of [RFC7252],
section 6.5 (with an addition at the end of 8.2) into Section 6.5 (with an addition at the end of Section 8.2) into
""coap://[2001:db8:f0::1]/.well-known/core"". coap://[2001:db8:f0::1]/.well-known/core.
Because ""/sensors/temp"" starts with a single slash, the record's Because /sensors/temp starts with a single slash, the link's target
target is resolved by replacing the path ""/.well-known/core"" from is resolved by replacing the path /.well-known/core from the base URI
the Base URI (section 5.2 [RFC3986]) with the relative target URI ([RFC3986], Section 5.2) with the relative target URI /sensors/temp
""/sensors/temp"" into ""coap://[2001:db8:f0::1]/sensors/temp"". into coap://[2001:db8:f0::1]/sensors/temp.
B.1.2. Interpreting attributes and relations B.1.2. Interpreting Attributes and Relations
Some more information but the record's target can be obtained from Some more information about the link's target can be obtained from
the payload: the resource type of the target is "temperature", and the payload: the resource type of the target is "temperature", and
its content format is text/plain (ct=0). its content format is text/plain (ct=0).
A relation in a web link is a three-part statement that specifies a A relation in a web link is a three-part statement that specifies a
named relation between the so-called "context resource" and the named relation between the so-called "context resource" and the
target resource, like "_This page_ has _its table of contents_ at _/ target resource, like "_This page_ has _its table of contents_ at _/
toc.html_". In link format documents, there is an implicit "host toc.html_". In link-format documents, there is an implicit "host
relation" specified with default parameter: rel="hosts". relation" specified with default parameter rel="hosts".
In our example, the context resource of the link is implied to be In our example, the context resource of the link is implied to be
"coap:://[2001:db8:f0::1]" by the default value of the anchor (see coap:://[2001:db8:f0::1] by the default value of the anchor (see
Appendix B.4). A full English expression of the "host relation" is: Appendix B.4). A full English expression of the "host relation" is:
'"coap://[2001:db8:f0::1]" is hosting the resource coap://[2001:db8:f0::1] is hosting the resource
"coap://[2001:db8:f0::1]/sensors/temp", which is of the resource type coap://[2001:db8:f0::1]/sensors/temp, which is of the resource
"temperature" and can be accessed using the text/plain content type "temperature" and can be read in the text/plain content
format.' format.
B.2. A slightly more complex example B.2. A Slightly More Complex Example
Omitting the "rt=temperature" filter, the discovery query would have Omitting the rt=temperature filter, the discovery query would have
given some more records in the payload: given some more links in the payload:
Req: GET coap://[ff02::fd]:5683/.well-known/core Req: GET coap://[ff02::fd]:5683/.well-known/core
Res: 2.05 Content Res: 2.05 Content
Payload: Payload:
</sensors/temp>;rt=temperature;ct=0, </sensors/temp>;rt=temperature;ct=0,
</sensors/light>;rt=light-lux;ct=0, </sensors/light>;rt=light-lux;ct=0,
</t>;anchor="/sensors/temp";rel=alternate, </t>;anchor="/sensors/temp";rel=alternate,
<http://www.example.com/sensors/t123>;anchor="/sensors/temp"; <http://www.example.com/sensors/t123>;anchor="/sensors/temp";
rel=describedby rel=describedby
Figure 31: Extended example of direct resource discovery Figure 31: Extended Example of Direct Resource Discovery
Parsing the third record, the client encounters the "anchor" Parsing the third link, the client encounters the "anchor" parameter.
parameter. It is a URI relative to the Base URI of the request and It is a URI relative to the base URI of the request and is thus
is thus resolved to ""coap://[2001:db8:f0::1]/sensors/temp"". That resolved to coap://[2001:db8:f0::1]/sensors/temp. That is the
is the context resource of the link, so the "rel" statement is not context resource of the link, so the "rel" statement is not about the
about the target and the Base URI any more, but about the target and target and the base URI any more but about the target and the
the resolved URI. Thus, the third record could be read as resolved URI. Thus, the third link could be read as:
""coap://[2001:db8:f0::1]/sensors/temp" has an alternate
representation at "coap://[2001:db8:f0::1]/t"".
Following the same resolution steps, the fourth record can be read as coap://[2001:db8:f0::1]/sensors/temp has an alternate
""coap://[2001:db8:f0::1]/sensors/temp" is described by representation at coap://[2001:db8:f0::1]/t.
"http://www.example.com/sensors/t123"".
Following the same resolution steps, the fourth link can be read as
coap://[2001:db8:f0::1]/sensors/temp is described by
http://www.example.com/sensors/t123.
B.3. Enter the Resource Directory B.3. Enter the Resource Directory
The RD tries to carry the semantics obtainable by classical CoAP The RD tries to carry the semantics obtainable by classical CoAP
discovery over to the resource lookup interface as faithfully as discovery over to the resource lookup interface as faithfully as
possible. possible.
For the following queries, we will assume that the simple host has For the following queries, we will assume that the simple host has
used Simple Registration to register at the RD that was announced to used simple registration to register at the RD that was announced to
it, sending this request from its UDP port "[2001:db8:f0::1]:6553": it, sending this request from its UDP port [2001:db8:f0::1]:6553:
Req: POST coap://[2001:db8:f01::ff]/.well-known/rd?ep=simple-host1 Req: POST coap://[2001:db8:f0::ff]/.well-known/rd?ep=simple-host1
Res: 2.04 Changed Res: 2.04 Changed
Figure 32: Example of a simple registration Figure 32: Example of a Simple Registration
The RD would have accepted the registration, and queried the simple The RD would have accepted the registration and queried the simple
host's "/.well-known/core" by itself. As a result, the host is host's /.well-known/core by itself. As a result, the host is
registered as an endpoint in the RD with the name "simple-host1". registered as an endpoint in the RD with the name "simple-host1".
The registration is active for 90000 seconds, and the endpoint The registration is active for 90000 seconds, and the endpoint
registration Base URI is ""coap://[2001:db8:f0::1]"" following the registration base URI is coap://[2001:db8:f0::1], following the
resolution steps described in Appendix B.1.1. It should be remarked resolution steps described in Appendix B.1.1. It should be remarked
that the Base URI constructed that way always yields a URI of the that the base URI constructed that way always yields a URI of the
form: scheme://authority without path suffix. form scheme://authority without path suffix.
If the client now queries the RD as it would previously have issued a If the client now queries the RD as it would previously have issued a
multicast request, it would go through the RD discovery steps by multicast request, it would go through the RD discovery steps by
fetching "coap://[2001:db8:f0::ff]/.well-known/core?rt=core.rd- fetching coap://[2001:db8:f0::ff]/.well-known/core?rt=core.rd-lookup-
lookup-res", obtain "coap://[2001:db8:f0::ff]/rd-lookup/res" as the res, obtain coap://[2001:db8:f0::ff]/rd-lookup/res as the resource
resource lookup endpoint, and ask it for all temperature resources: lookup endpoint, and ask it for all temperature resources:
Req: GET coap://[2001:db8:f0::ff]/rd-lookup/res?rt=temperature Req: GET coap://[2001:db8:f0::ff]/rd-lookup/res?rt=temperature
Res: 2.05 Content Res: 2.05 Content
Payload: Payload:
<coap://[2001:db8:f0::1]/sensors/temp>;rt=temperature;ct=0 <coap://[2001:db8:f0::1]/sensors/temp>;rt=temperature;ct=0
Figure 33: Example exchange performing resource lookup Figure 33: Example Exchange Performing Resource Lookup
This is not _literally_ the same response that it would have received This is not _literally_ the same response that it would have received
from a multicast request, but it contains the equivalent statement: from a multicast request, but it contains the equivalent statement:
'"coap://[2001:db8:f0::1]" is hosting the resource coap://[2001:db8:f0::1] is hosting the resource
"coap://[2001:db8:f0::1]/sensors/temp", which is of the resource type coap://[2001:db8:f0::1]/sensors/temp, which is of the resource
"temperature" and can be accessed using the text/plain content type "temperature" and can be accessed using the text/plain
format.' content format.
To complete the examples, the client could also query all resources To complete the examples, the client could also query all resources
hosted at the endpoint with the known endpoint name "simple-host1": hosted at the endpoint with the known endpoint name "simple-host1":
Req: GET coap://[2001:db8:f0::ff]/rd-lookup/res?ep=simple-host1 Req: GET coap://[2001:db8:f0::ff]/rd-lookup/res?ep=simple-host1
Res: 2.05 Content Res: 2.05 Content
Payload: Payload:
<coap://[2001:db8:f0::1]/sensors/temp>;rt=temperature;ct=0, <coap://[2001:db8:f0::1]/sensors/temp>;rt=temperature;ct=0,
<coap://[2001:db8:f0::1]/sensors/light>;rt=light-lux;ct=0, <coap://[2001:db8:f0::1]/sensors/light>;rt=light-lux;ct=0,
<coap://[2001:db8:f0::1]/t>; <coap://[2001:db8:f0::1]/t>;
anchor="coap://[2001:db8:f0::1]/sensors/temp";rel=alternate, anchor="coap://[2001:db8:f0::1]/sensors/temp";rel=alternate,
<http://www.example.com/sensors/t123>; <http://www.example.com/sensors/t123>;
anchor="coap://[2001:db8:f0::1]/sensors/temp";rel=describedby anchor="coap://[2001:db8:f0::1]/sensors/temp";rel=describedby
Figure 34: Extended example exchange performing resource lookup Figure 34: Extended Example Exchange Performing Resource Lookup
All the target and anchor references are already in absolute form All the target and anchor references are already in absolute form
there, which don't need to be resolved any further. there, which don't need to be resolved any further.
Had the simple host done an equivalent full registration with a base= Had the simple host done an equivalent full registration with a base=
parameter (e.g. "?ep=simple-host1&base=coap+tcp://simple- parameter (e.g., ?ep=simple-host1&base=coap+tcp://sh1.example.com),
host1.example.com"), that context would have been used to resolve the that context would have been used to resolve the relative anchor
relative anchor values instead, giving values instead, giving the following and analogous links:
<coap+tcp://simple-host1.example.com/sensors/temp>;rt=temperature;ct=0
Figure 35: Example payload of a response to a resource lookup <coap+tcp://sh1.example.com/sensors/temp>;rt=temperature;ct=0
with a dedicated base URI
and analogous records. Figure 35: Example Payload of a Response to a Resource Lookup
with a Dedicated Base URI
B.4. A note on differences between link-format and Link header fields B.4. A Note on Differences between Link-Format and Link Header Fields
While link-format and Link header fields look very similar and are While link-format and Link header fields look very similar and are
based on the same model of typed links, there are some differences based on the same model of typed links, there are some differences
between [RFC6690] and [RFC8288]. When implementing an RD or between [RFC6690] and [RFC8288]. When implementing an RD or
interacting with an RD, care must be taken to follow the [RFC6690] interacting with an RD, care must be taken to follow the behavior
behavior whenever application/link-format representations are used. described in [RFC6690] whenever application/link-format
representations are used.
* "Default value of anchor": Both under [RFC6690] and [RFC8288], * "Default value of anchor": Under both [RFC6690] and [RFC8288],
relative references in the term inside the angle brackets (the relative references in the term inside the angle brackets (the
target) and the anchor attribute are resolved against the relevant target) and the anchor attribute are resolved against the relevant
base URI (which usually is the URI used to retrieve the entity), base URI (which usually is the URI used to retrieve the entity)
and independent of each other. and independent of each other.
When, in an [RFC8288] Link header, the anchor attribute is absent, When, in a Link header [RFC8288], the anchor attribute is absent,
the link's context is the URI of the selected representation (and the link's context is the URI of the selected representation (and
usually equal to the base URI). usually equal to the base URI).
In [RFC6690] links, if the anchor attribute is absent, the default In links per [RFC6690], if the anchor attribute is absent, the
value is the Origin of (for all relevant cases: the URI reference default value is the Origin of (for all relevant cases, the URI
"/" resolved against) the link's target. reference / resolved against) the link's target.
* There is no percent encoding in link-format documents. * There is no percent encoding in link-format documents.
A link-format document is a UTF-8 encoded string of Unicode A link-format document is a UTF-8-encoded string of Unicode
characters and does not have percent encoding, while Link header characters and does not have percent encoding, while Link header
fields are practically ASCII strings that use percent encoding for fields are practically ASCII strings that use percent encoding for
non-ASCII characters, stating the encoding explicitly when non-ASCII characters, stating the encoding explicitly when
required. required.
For example, while a Link header field in a page about a Swedish For example, while a Link header field in a page about a Swedish
city might read city might read:
Link: </temperature/Malm%C3%B6>;rel=live-environment-data Link: </temperature/Malm%C3%B6>;rel=live-environment-data
a link-format document from the same source might describe the a link-format document from the same source might describe the
link as link as:
</temperature/Malmö>;rel=live-environment-data </temperature/Malmö>;rel=live-environment-data
Appendix C. Limited Link Format Appendix C. Limited Link Format
The CoRE Link Format as described in [RFC6690] has been interpreted The CoRE Link Format, as described in [RFC6690], has been interpreted
differently by implementers, and a strict implementation rules out differently by implementers, and a strict implementation rules out
some use cases of an RD (e.g. base values with path components in some use cases of an RD (e.g., base values with path components in
combination with absent anchors). combination with absent anchors).
This appendix describes a subset of link format documents called This appendix describes a subset of link format documents called the
Limited Link Format. The one rule herein is not very limiting in Limited Link Format. The one rule herein is not very limiting in
practice -- all examples in RFC6690, and all deployments the authors practice -- all examples in [RFC6690] and all deployments the authors
are aware of already stick to them -- but ease the implementation of are aware of already stick to them -- but eases the implementation of
RD servers. RD servers.
It is applicable to representations in the application/link-format It is applicable to representations in the application/link-format
media type, and any other media types that inherit [RFC6690] media type and any other media types that inherit [RFC6690],
Section 2.1. Section 2.1.
A link format representation is in Limited Link format if, for each A link format representation is in the Limited Link Format if, for
link in it, the following applies: each link in it, the following applies:
All URI references either follow the URI or the path-absolute ABNF All URI references either follow the URI or the path-absolute ABNF
rule of RFC3986 (i.e. target and anchor each either start with a rule of [RFC3986] (i.e., the target and anchor each either start with
scheme or with a single slash). a scheme or with a single slash).
Acknowledgments
Oscar Novo, Srdjan Krco, Szymon Sasin, Kerry Lynn, Esko Dijk, Anders
Brandt, Matthieu Vial, Jim Schaad, Mohit Sethi, Hauke Petersen,
Hannes Tschofenig, Sampo Ukkola, Linyi Tian, Jan Newmarch, Matthias
Kovatsch, Jaime Jimenez, and Ted Lemon have provided helpful
comments, discussions, and ideas to improve and shape this document.
Zach would also like to thank his colleagues from the EU FP7 SENSEI
project, where many of the RD concepts were originally developed.
Authors' Addresses Authors' Addresses
Christian Amsüss (editor) Christian Amsüss (editor)
Hollandstr. 12/4
1020
Austria
Phone: +43-664-9790639
Email: christian@amsuess.com Email: christian@amsuess.com
Zach Shelby Zach Shelby
ARM Edge Impulse
150 Rose Orchard 3031 Tisch Way
San Jose, 95134 San Jose, 95128
United States of America United States of America
Email: zach@edgeimpulse.com
Phone: +1-408-203-9434
Email: zach.shelby@arm.com
Michael Koster Michael Koster
SmartThings PassiveLogic
665 Clyde Avenue 524 H Street
Mountain View, 94043 Antioch, CA 94509
United States of America United States of America
Phone: +1-707-502-5136 Phone: +1-707-502-5136
Email: Michael.Koster@smartthings.com Email: michaeljohnkoster@gmail.com
Carsten Bormann Carsten Bormann
Universitaet Bremen TZI Universität Bremen TZI
Postfach 330440 Postfach 330440
D-28359 Bremen D-28359 Bremen
Germany Germany
Phone: +49-421-218-63921 Phone: +49-421-218-63921
Email: cabo@tzi.org Email: cabo@tzi.org
Peter van der Stok Peter van der Stok
consultant vanderstok consultancy
Email: stokcons@bbhmail.nl
Phone: +31-492474673 (Netherlands), +33-966015248 (France)
Email: consultancy@vanderstok.org
URI: www.vanderstok.org
 End of changes. 510 change blocks. 
1990 lines changed or deleted 1286 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/