CoRE | Z. Shelby |
Internet-Draft | ARM |
Intended status: Standards Track | M. Koster |
Expires: September 2, 2018 | SmartThings |
C. Bormann | |
Universitaet Bremen TZI | |
P. van der Stok | |
consultant | |
C. Amsüss, Ed. | |
March 01, 2018 |
CoRE Resource Directory
draft-ietf-core-resource-directory-13
In many M2M applications, direct discovery of resources is not practical due to sleeping nodes, disperse networks, or networks where multicast traffic is inefficient. These problems can be solved by employing an entity called a Resource Directory (RD), which hosts descriptions of resources held on other servers, allowing lookups to be performed for those resources. This document specifies the web interfaces that a Resource Directory supports in order for web servers to discover the RD and to register, maintain, lookup and remove resource descriptions. Furthermore, new link attributes useful in conjunction with an RD are defined.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 2, 2018.
Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
The work on Constrained RESTful Environments (CoRE) aims at realizing the REST architecture in a suitable form for the most constrained nodes (e.g., 8-bit microcontrollers with limited RAM and ROM) and networks (e.g. 6LoWPAN). CoRE is aimed at machine-to-machine (M2M) applications such as smart energy and building automation.
The discovery of resources offered by a constrained server is very important in machine-to-machine applications where there are no humans in the loop and static interfaces result in fragility. The discovery of resources provided by an HTTP Web Server is typically called Web Linking [RFC5988]. The use of Web Linking for the description and discovery of resources hosted by constrained web servers is specified by the CoRE Link Format [RFC6690]. However, [RFC6690] only describes how to discover resources from the web server that hosts them by querying /.well-known/core. In many M2M scenarios, direct discovery of resources is not practical due to sleeping nodes, disperse networks, or networks where multicast traffic is inefficient. These problems can be solved by employing an entity called a Resource Directory (RD), which hosts descriptions of resources held on other servers, allowing lookups to be performed for those resources.
This document specifies the web interfaces that a Resource Directory supports in order for web servers to discover the RD and to register, maintain, lookup and remove resource descriptions. Furthermore, new link attributes useful in conjunction with a Resource Directory are defined. Although the examples in this document show the use of these interfaces with CoAP [RFC7252], they can be applied in an equivalent manner to HTTP [RFC7230].
The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “NOT RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in [RFC2119]. The term “byte” is used in its now customary sense as a synonym for “octet”.
This specification requires readers to be familiar with all the terms and concepts that are discussed in [RFC3986], [RFC5988] and [RFC6690]. Readers should also be familiar with the terms and concepts discussed in [RFC7252]. To describe the REST interfaces defined in this specification, the URI Template format is used [RFC6570].
This specification makes use of the following additional terminology:
The Resource Directory is primarily a tool to make discovery operations more efficient than querying /.well-known/core on all connected device, or across boundaries that would be limiting those operations.
It provides a cache (in the high-level sense, not as defined in [RFC7252]/[RFC2616]) of data that could otherwise only be obtained by directly querying the /.well-known/core resource on the target device, or by accessing those resources with a multicast request.
From that, it follows that only information should be stored in the resource directory that is discovered from querying the described device’s /.well-known/core resource directly.
It also follows that data in the resource directory can only be provided by the device whose descriptions are cached or a dedicated Commissioning Tool (CT). These CTs are thought to act on behalf agents too constrained, or generally unable, to present that information themselves. No other client can modify data in the resource directory. Changes in the Resource Directory do not propagate automatically back to its source.
The resource directory architecture is illustrated in Figure 1. A Resource Directory (RD) is used as a repository for Web Links [RFC5988] about resources hosted on other web servers, which are called endpoints (EP). An endpoint is a web server associated with a scheme, IP address and port. A physical node may host one or more endpoints. The RD implements a set of REST interfaces for endpoints to register and maintain sets of Web Links (called resource directory registration entries), and for clients to lookup resources from the RD or maintain groups. Endpoints themselves can also act as clients. An RD can be logically segmented by the use of Groups. The group an endpoint is part of, can be defined by the RD or configured by a Commissioning Tool. This information hierarchy is shown in Figure 2.
A mechanism to discover an RD using CoRE Link Format [RFC6690] is defined.
Endpoints proactively register and maintain resource directory registration entries on the RD, which are soft state and need to be periodically refreshed.
An endpoint uses specific interfaces to register, update and remove a resource directory registration entry. It is also possible for an RD to fetch Web Links from endpoints and add them as resource directory registration entries.
At the first registration of a set of entries, a “registration resource” is created, the location of which is returned to the registering endpoint. The registering endpoint uses this registration resource to manage the contents of registration entries.
A lookup interface for discovering any of the Web Links held in the RD is provided using the CoRE Link Format.
Registration Lookup, Group Interface Interfaces +----+ | | | EP |---- | | +----+ ---- | | --|- +------+ | +----+ | ----| | | +--------+ | EP | ---------|-----| RD |----|-----| Client | +----+ | ----| | | +--------+ --|- +------+ | +----+ ---- | | | EP |---- | | +----+
Figure 1: The resource directory architecture.
+------------+ | Group | <-- Name, Scheme, IP, Port +------------+ | | +------------+ | Endpoint | <-- Name, Scheme, IP, Port +------------+ | | +------------+ | Resource | <-- Target, Parameters +------------+
Figure 2: The resource directory information hierarchy.
The Entity-Relationship (ER) models shown in Figure 3 and Figure 4 model the contents of /.well-known/core and the resource directory respectively, with entity-relationship diagrams [ER]. Entities (rectangles) are used for concepts that exist independently. Attributes (ovals) are used for concepts that exist only in connection with a related entity. Relations (diamonds) give a semantic meaning to the relation between entities. Numbers specify the cardinality of the relations.
Some of the attribute values are URIs. Those values are always full URIs and never relative references in the information model. They can, however, be expressed as relative references in serializations, and often are.
These models provide an abstract view of the information expressed in link-format documents and a Resource Directory. They cover the concepts, but not necessarily all details of an RD’s operation; they are meant to give an overview, and not be a template for implementations.
+----------------------+ | /.well-known/core | +----------------------+ | | 1 ////////\\\\\\\ < contains > \\\\\\\\/////// | | 0+ +--------------------+ | link | +--------------------+ | | 1 oooooooo +-----o target o 0+ | oooooooo oooooooooooo | o target o--------+ o attribute o | 0+ oooooo oooooooooooo +-----o rel o | oooooo | | 1 ooooooooo +-----o context o ooooooooo
Figure 3: E-R Model of the content of /.well-known/core
The model shown in Figure 3 models the contents of /.well-known/core which contains:
The host is free to choose links it deems appropriate to be exposed in its .well-known/core. Typically, the links describe resources that are served by the host, but the set can also contain links to resources on other servers (see examples in [RFC6690] page 14). The set does not necessarily contain links to all resources served by the host.
A link has the following attributes (see [RFC5988]):
In link-format serialization, it is expressed between angular brackets, and sometimes called the “href”.
If there is an anchor attribute present and the link is serialized in [RFC6690] link format, this document will require that the link is an absolute reference to avoid the ambiguities outlined in Appendix A.4.
Otherwise, it can be serialized as a relative URI, and gets resolved against the document’s URI.
+----------------------+ | resource-directory | +----------------------+ | | oooooooooooo 0-1 | o MC address o---+ | oooooooooooo | | | //////\\\\ 0+ +--------+ < contains >----------------| group | \\\\\///// +--------+ | | 0-n | | 1+ ooooooo 1 +---------------+ ///////\\\\\\ o con o-------| registration |---------< composed of > ooooooo +---------------+ \\\\\\\////// | | | +--------------+ oooooooo 1 | | o loc o----+ /////\\\\ oooooooo | < contains > | \\\\\///// oooooooo 1 | | o ep o----+ | 0+ oooooooo | +------------------+ | | link | oooooooo 0-1 | +------------------+ o d o----+ | oooooooo | | 1 oooooooo | +-----o target o oooooooo 0-1 | | oooooooo o lt o----+ ooooooooooo 0+ | oooooooo | o target o-----+ | o attribute o | 0+ oooooo ooooooooooo 0+ | ooooooooooo +-----o rel o o endpoint o----+ | oooooo o attribute o | ooooooooooo | 1 ooooooooo +----o context o ooooooooo
Figure 4: E-R Model of the content of the Resource Directory
The model shown in Figure 4 models the contents of the resource directory which contains in addition to /.well-known/core:
A Group has no or one Multicast address attribute and is composed of 0 or more endpoints. A registration is associated with one endpoint (ep). An endpoint can be part of 0 or more Groups . A registration defines a set of links as defined for /.well-known/core. A Registration has six attributes:
The cardinality of con is currently 1; future documents are invited to extend the RD specification to support multiple values (eg. [I-D.silverajan-core-coap-protocol-negotiation]). Its value is used as a Base URI when resolving URIs in the links contained in the endpoint.
Links are modelled as they are in Figure 3.
Over the last few years, mobile operators around the world have focused on development of M2M solutions in order to expand the business to the new type of users: machines. The machines are connected directly to a mobile network using an appropriate embedded wireless interface (GSM/GPRS, WCDMA, LTE) or via a gateway providing short and wide range wireless interfaces. From the system design point of view, the ambition is to design horizontal solutions that can enable utilization of machines in different applications depending on their current availability and capabilities as well as application requirements, thus avoiding silo like solutions. One of the crucial enablers of such design is the ability to discover resources (machines — endpoints) capable of providing required information at a given time or acting on instructions from the end users.
Imagine a scenario where endpoints installed on vehicles enable tracking of the position of these vehicles for fleet management purposes and allow monitoring of environment parameters. During the boot-up process endpoints register with a Resource Directory, which is hosted by the mobile operator or somewhere in the cloud. Periodically, these endpoints update their registration and may modify resources they offer.
When endpoints are not always connected, for example because they enter a sleep mode, a remote server is usually used to provide proxy access to the endpoints. Mobile apps or web applications for environment monitoring contact the RD, look up the endpoints capable of providing information about the environment using an appropriate set of link parameters, obtain information on how to contact them (URLs of the proxy server), and then initiate interaction to obtain information that is finally processed, displayed on the screen and usually stored in a database. Similarly, fleet management systems provide the appropriate link parameters to the RD to look up for EPs deployed on the vehicles the application is responsible for.
Home and commercial building automation systems can benefit from the use of M2M web services. The discovery requirements of these applications are demanding. Home automation usually relies on run-time discovery to commission the system, whereas in building automation a combination of professional commissioning and run-time discovery is used. Both home and building automation involve peer-to-peer interactions between endpoints, and involve battery-powered sleeping devices.
Resources may be shared through data brokers that have no knowledge beforehand of who is going to consume the data. Resource Directory can be used to hold links about resources and services hosted anywhere to make them discoverable by a general class of applications.
For example, environmental and weather sensors that generate data for public consumption may provide the data to an intermediary server, or broker. Sensor data are published to the intermediary upon changes or at regular intervals. Descriptions of the sensors that resolve to links to sensor data may be published to a Resource Directory. Applications wishing to consume the data can use RD Lookup to discover and resolve links to the desired resources and endpoints. The Resource Directory service need not be coupled with the data intermediary service. Mapping of Resource Directories to data intermediaries may be many-to-many.
Metadata in web link formats like [RFC6690] are supplied by Resource Directories, which may be internally stored as triples, or relation/attribute pairs providing metadata about resource links. External catalogs that are represented in other formats may be converted to common web linking formats for storage and access by Resource Directories. Since it is common practice for these to be URN encoded, simple and lossless structural transforms should generally be sufficient to store external metadata in Resource Directories.
The additional features of Resource Directory allow domains to be defined to enable access to a particular set of resources from particular applications. This provides isolation and protection of sensitive data when needed. Resource groups may defined to allow batched reads from multiple resources.
A (re-e)starting device may want to find one or more resource directories to make itself known with.
The device may be pre-configured to exercise specific mechanisms for finding the resource directory:
For cases where the device is not specifically configured with a way to find a resource directory, the network may want to provide a suitable default.
Finally, if neither the device nor the network offer any specific configuration, the device may want to employ heuristics to find a suitable resource directory.
The present specification does not fully define these heuristics, but suggests a number of candidates:
As some of the RD addresses obtained by the methods listed here are just (more or less educated) guesses, endpoints MUST make use of any error messages to very strictly rate-limit requests to candidate IP addresses that don’t work out. For example, an ICMP Destination Unreachable message (and, in particular, the port unreachable code for this message) may indicate the lack of a CoAP server on the candidate host, or a CoAP error response code such as 4.05 “Method Not Allowed” may indicate unwillingness of a CoAP server to act as a directory server.
If multiple candidate addresses are discovered, the device may pick any of them initially, unless the discovery method indicates a more precise selection scheme.
The Resource Directory Address Option (RDAO) using IPv6 neighbor Discovery (ND) carries information about the address of the Resource Directory (RD). This information is needed when endpoints cannot discover the Resource Directory with a link-local multicast address because the endpoint and the RD are separated by a border Router (6LBR). In many circumstances the availability of DHCP cannot be guaranteed either during commissioning of the network. The presence and the use of the RD is essential during commissioning.
It is possible to send multiple RDAO options in one message, indicating as many resource directory addresses.
The lifetime 0x0 means that the RD address is invalid and to be removed.
The RDAO format is:
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length = 3 | Valid Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + RD Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Fields: Type: 38 Length: 8-bit unsigned integer. The length of the option in units of 8 bytes. Always 3. Valid Lifetime: 16-bit unsigned integer. The length of time in units of 60 seconds (relative to the time the packet is received) that this Resource Directory address is valid. A value of all zero bits (0x0) indicates that this Resource Directory address is not valid anymore. Reserved: This field is unused. It MUST be initialized to zero by the sender and MUST be ignored by the receiver. RD Address: IPv6 address of the RD.
Figure 5: Resource Directory Address Option
This section defines the required set of REST interfaces between a Resource Directory (RD) and endpoints. Although the examples throughout this section assume the use of CoAP [RFC7252], these REST interfaces can also be realized using HTTP [RFC7230]. In all definitions in this section, both CoAP response codes (with dot notation) and HTTP response codes (without dot notation) are shown. An RD implementing this specification MUST support the discovery, registration, update, lookup, and removal interfaces defined in this section.
All operations on the contents of the Resource Directory MUST be atomic and idempotent.
A resource directory MAY make the information submitted to it available to further directories, if it can ensure that a loop does not form. The protocol used between directories to ensure loop-free operation is outside the scope of this document.
Resource Directory implementations using this specification MUST support the application/link-format content format (ct=40).
Resource Directories implementing this specification MAY support additional content formats.
Any additional content format supported by a Resource Directory implementing this specification MUST have an equivalent serialization in the application/link-format content format.
Before an endpoint can make use of an RD, it must first know the RD’s address and port, and the URI path information for its REST APIs. This section defines discovery of the RD and its URIs using the well-known interface of the CoRE Link Format [RFC6690]. A complete set of RD discovery methods is described in Section 4.
Discovery of the RD registration URI path is performed by sending either a multicast or unicast GET request to /.well-known/core and including a Resource Type (rt) parameter [RFC6690] with the value “core.rd” in the query string. Likewise, a Resource Type parameter value of “core.rd-lookup*” is used to discover the URIs for RD Lookup operations, and “core.rd-group” is used to discover the URI path for RD Group operations. Upon success, the response will contain a payload with a link format entry for each RD function discovered, indicating the URI of the RD function returned and the corresponding Resource Type. When performing multicast discovery, the multicast IP address used will depend on the scope required and the multicast capabilities of the network.
A Resource Directory MAY provide hints about the content-formats it supports in the links it exposes or registers, using the “ct” link attribute, as shown in the example below. Clients MAY use these hints to select alternate content-formats for interaction with the Resource Directory.
HTTP does not support multicast and consequently only unicast discovery can be supported using HTTP. Links to Resource Directories MAY be registered in other Resource Directories. The well-known entry points SHOULD be provided to enable the bootstrapping of unicast discovery.
An implementation of this resource directory specification MUST support query filtering for the rt parameter as defined in [RFC6690].
While the link targets in this discovery step are often expressed in path-absolute form, this is not a requirement. Clients SHOULD therefore accept URIs of all schemes they support, both in absolute and relative forms, and not limit the set of discovered URIs to those hosted at the address used for URI discovery.
The URI Discovery operation can yield multiple URIs of a given resource type. The client can use any of the discovered addresses initially.
The discovery request interface is specified as follows:
The following response codes are defined for this interface:
The following example shows an endpoint discovering an RD using this interface, thus learning that the directory resource is, in this example, at /rd, and that the content-format delivered by the server hosting the resource is application/link-format (ct=40). Note that it is up to the RD to choose its RD resource paths.
Req: GET coap://[MCD1]/.well-known/core?rt=core.rd* Res: 2.05 Content </rd>;rt="core.rd";ct=40, </rd-lookup/ep>;rt="core.rd-lookup-ep";ct=40, </rd-lookup/res>;rt="core.rd-lookup-res";ct=40, </rd-lookup/gp>;rt="core.rd-lookup-gp";ct=40, </rd-group>;rt="core.rd-group";ct=40
Figure 6: Example discovery exchange
The following example shows the way of indicating that a client may request alternate content-formats. The Content-Format code attribute “ct” MAY include a space-separated sequence of Content-Format codes as specified in Section 7.2.1 of [RFC7252], indicating that multiple content-formats are available. The example below shows the required Content-Format 40 (application/link-format) indicated as well as the the CBOR and JSON representation of link format. The RD resource paths /rd, /rd-lookup, and /rd-group are example values. The server in this example also indicates that it is capable of providing observation on resource lookups.
[ The RFC editor is asked to replace these and later occurrences of TBD64 and TBD504 with the numeric ID values assigned by IANA to application/link-format+cbor and application/link-format+json, respectively, as they are defined in I-D.ietf-core-links-json. ]
Req: GET coap://[MCD1]/.well-known/core?rt=core.rd* Res: 2.05 Content </rd>;rt="core.rd";ct="40 65225", </rd-lookup/res>;rt="core.rd-lookup-res";ct="40 TBD64 TBD504";obs, </rd-lookup/ep>;rt="core.rd-lookup-ep";ct="40 TBD64 TBD504", </rd-lookup/gp>;rt="core.rd-lookup-gp";ct=40 TBD64 TBD504", </rd-group>;rt="core.rd-group";ct="40 TBD64 TBD504"
From a management and maintenance perspective, it is necessary to identify the components that constitute the server. The identification refers to information about for example client-server incompatibilities, supported features, required updates and other aspects. The URI discovery address, a described in section 4 of [RFC6690] can be used to find the identification.
It would typically be stored in an implementation information link (as described in [I-D.bormann-t2trg-rel-impl]):
Req: GET /.well-known/core?rel=impl-info Res: 2.05 Content <http://software.example.com/shiny-resource-directory/1.0beta1>; rel="impl-info"
Note that depending on the particular server’s architecture, such a link could be anchored at the server’s root, at the discovery site (as in this example) or at individual RD components. The latter is to be expected when different applications are run on the same server.
After discovering the location of an RD, an endpoint MAY register its resources using the registration interface. This interface accepts a POST from an endpoint containing the list of resources to be added to the directory as the message payload in the CoRE Link Format [RFC6690], JSON CoRE Link Format (application/link-format+json), or CBOR CoRE Link Format (application/link-format+cbor) [I-D.ietf-core-links-json], along with query parameters indicating the name of the endpoint, and optionally the domain and the lifetime of the registration. It is expected that other specifications will define further parameters (see Section 9.3). The RD then creates a new registration resource in the RD and returns its location. An endpoint MUST use that location when refreshing registrations using this interface. Registration resources in the RD are kept active for the period indicated by the lifetime parameter. The endpoint is responsible for refreshing the registration resource within this period using either the registration or update interface. The registration interface MUST be implemented to be idempotent, so that registering twice with the same endpoint parameters ep and d does not create multiple registration resources. A new registration resource may be created at any time to supersede an existing registration, replacing the registration parameters and links.
The posted link-format document can (and typically does) contain relative references both in its link targets and in its anchors, or contain empty anchors. The RD server needs to resolve these references in order to faithfully represent them in lookups. The Base URI against which they are resolved is the context of the registration, which is provided either explicitly in the con parameter or constructed implicitly from the requester’s network address.
Documents in [RFC6690] Link Format SHOULD NOT contain links in which resolving the target literal against the base URI gives a different result than resolving it against the resolved anchor; this is to avoid the ambiguities described in Appendix A.4. * Entries in which there is no anchor attribute, * entries in which the target is an absolute reference and * entries in which both the target and the anchor start with a slash (“/”)
never cause that kind of ambiguity.
The registration request interface is specified as follows:
The following response codes are defined for this interface:
If the registration fails with a Service Unavailable response and a Max-Age option or Retry-After header, the client SHOULD retry the operation after the time indicated. If the registration fails in another way, including request timeouts, or if the Service Unavailable error persists after several retries, or indicates a longer time than the endpoint is willing to wait, it SHOULD pick another registration URI from the “URI Discovery” step and if there is only one or the list is exhausted, pick other choices from the “Finding a Resource Directory” step. Care has to be taken to consider the freshness of results obtained earlier, eg. of the result of a /.well-known/core response, the lifetime of an RDAO option and of DNS responses. Any rate limits and persistent errors from the “Finding a Resource Directory” step must be considered for the whole registration time, not only for a single operation.
The following example shows an endpoint with the name “node1” registering two resources to an RD using this interface. The location “/rd” is an example RD location discovered in a request similar to Figure 6.
Req: POST coap://rd.example.com/rd?ep=node1 Content-Format: 40 Payload: </sensors/temp>;ct=41;rt="temperature-c";if="sensor"; anchor="coap://spurious.example.com:5683", </sensors/light>;ct=41;rt="light-lux";if="sensor" Res: 2.01 Created Location: /rd/4521
Figure 7: Example registration payload
A Resource Directory may optionally support HTTP. Here is an example of almost the same registration operation above, when done using HTTP and the JSON Link Format.
Req: POST /rd?ep=node1&con=http://[2001:db8:1::1] HTTP/1.1 Host : example.com Content-Type: application/link-format+json Payload: [ {"href": "/sensors/temp", "ct": "41", "rt": "temperature-c", "if": "sensor", "anchor": "coap://spurious.example.com:5683"}, {"href": "/sensors/light", "ct": "41", "rt": "light-lux", "if": "sensor"} ] Res: 201 Created Location: /rd/4521
Not all endpoints hosting resources are expected to know how to upload links to a RD as described in Section 5.3. Instead, simple endpoints can implement the Simple Registration approach described in this section. An RD implementing this specification MUST implement Simple Registration. However, there may be security reasons why this form of directory discovery would be disabled.
This approach requires that the endpoint makes available the hosted resources that it wants to be discovered, as links on its /.well-known/core interface as specified in [RFC6690]. The links in that document are subject to the same limitations as the payload of a registration (no relative target references when anchor is present).
The endpoint then finds one or more addresses of the directory server as described in Section 4.
An endpoint finally asks the selected directory server to probe it for resources and publish them as follows:
The endpoint sends (and regularly refreshes with) a POST request to the /.well-known/core URI of the directory server of choice. The body of the POST request is empty, which triggers the resource directory server to perform GET requests at the requesting server’s default discovery URI to obtain the link-format payload to register.
The endpoint includes the same registration parameters in the POST request as it would per Section 5.3. The context of the registration is taken from the requesting server’s URI.
The endpoints MUST be deleted after the expiration of their lifetime. Additional operations on the registration resource cannot be executed because no registration location is returned.
The following example shows an endpoint using Simple Registration, by simply sending an empty POST to a resource directory.
Req:(to RD server from [2001:db8:2::1]) POST /.well-known/core?lt=6000&ep=node1 Content-Format: 40 No payload Res: 2.04 Changed (later) Req: (from RD server to [2001:db8:2::1]) GET /.well-known/core Accept: 40 Res: 2.05 Content Payload: </sen/temp>
For some applications, even Simple Registration may be too taxing for some very constrained devices, in particular if the security requirements become too onerous.
In a controlled environment (e.g. building control), the Resource Directory can be filled by a third device, called a commissioning tool. The commissioning tool can fill the Resource Directory from a database or other means. For that purpose the scheme, IP address and port of the registered device is indicated in the Context parameter of the registration described in Section 5.3.
It should be noted that the value of the con parameter applies to all the links of the registration and has consequences for the anchor value of the individual links as exemplified in Appendix A. An eventual (currently non-existing) con attribute of the link is not affected by the value of con parameter in the registration.
After the initial registration, an endpoint should retain the returned location of the Registration Resource for further operations, including refreshing the registration in order to extend the lifetime and “keep-alive” the registration. When the lifetime of the registration has expired, the RD SHOULD NOT respond to discovery queries concerning this endpoint. The RD SHOULD continue to provide access to the Registration Resource after a registration time-out occurs in order to enable the registering endpoint to eventually refresh the registration. The RD MAY eventually remove the registration resource for the purpose of garbage collection and remove it from any group it belongs to. If the Registration Resource is removed, the endpoint will need to re-register.
The Registration Resource may also be used to inspect the registration resource using GET, update the registration, or cancel the registration using DELETE.
These operations are described in this section.
The update interface is used by an endpoint to refresh or update its registration with an RD. To use the interface, the endpoint sends a POST request to the registration resource returned by the initial registration operation.
An update MAY update the lifetime- or the context- registration parameters “lt”, “con” as in Section 5.3. Parameters that are not being changed SHOULD NOT be included in an update. Adding parameters that have not changed increases the size of the message but does not have any other implications. Parameters MUST be included as query parameters in an update operation as in Section 5.3.
A registration update resets the timeout of the registration to the (possibly updated) lifetime of the registration, independent of whether a lt parameter was given.
If the context of the registration is changed in an update explicitly or implicitly, relative references submitted in the original registration or later updates are resolved anew against the new context (like in the original registration).
The registration update operation only describes the use of POST with an empty payload. Future standards might describe the semantics of using content formats and payloads with the POST method to update the links of a registration (see Section 5.4.4).
The update registration request interface is specified as follows:
The following response codes are defined for this interface:
If the registration update fails with a “Service Unavailable” response and a Max-Age option or Retry-After header, the client SHOULD retry the operation after the time indicated. If the registration fails in another way, including request timeouts, or if the time indicated excedes the remaining lifetime, the client SHOULD attempt registration again.
The following example shows an endpoint updating its registration resource at an RD using this interface with the example location value: /rd/4521.
Req: POST /rd/4521 Res: 2.04 Changed
The following example shows an endpoint updating its registration resource at an RD using this interface with the example location value: /rd/4521. The initial registration by the client set the following values:
The initial state of the Resource Directory is reflected in the following request:
Req: GET /rd-lookup/res?ep=endpoint1 Res: 2.01 Content Payload: <coap://local-proxy-old.example.com:5683/sensors/temp>;ct=41;rt="temperature"; anchor="coap://spurious.example.com:5683", <coap://local-proxy-old.example.com:5683/sensors/light>;ct=41;rt="light-lux"; if="sensor";anchor="coap://local-proxy-old.example.com:5683"
The following example shows an EP changing the context to coaps://new.example.com:5684:
Req: POST /rd/4521?con=coaps://new.example.com:5684 Res: 2.04 Changed
The consecutive query returns:
Req: GET /rd-lookup/res?ep=endpoint1 Res: 2.01 Content Payload: <coaps://new.example.com:5684/sensors/temp>;ct=41;rt="temperature"; anchor="coap://spurious.example.com:5683", <coaps://new.example.com:5684/sensors/light>;ct=41;rt="light-lux";if="sensor"; anchor="coaps://new.example.com:5684",
Although RD entries have soft state and will eventually timeout after their lifetime, an endpoint SHOULD explicitly remove its entry from the RD if it knows it will no longer be available (for example on shut-down). This is accomplished using a removal interface on the RD by performing a DELETE on the endpoint resource.
Removed endpoints are implicitly removed from the groups to which they belong.
The removal request interface is specified as follows:
The following responses codes are defined for this interface:
HTTP support: YES
The following examples shows successful removal of the endpoint from the RD with example location value /rd/4521.
Req: DELETE /rd/4521 Res: 2.02 Deleted
Some endpoints may wish to manage their links as a collection, and may need to read the current set of links stored in the registration resource, in order to determine link maintenance operations.
One or more links MAY be selected by using query filtering as specified in [RFC6690] Section 4.1
If no links are selected, the Resource Directory SHOULD return an empty payload.
The read request interface is specified as follows:
The following response codes are defined for this interface:
HTTP support: YES
The following examples show successful read of the endpoint links from the RD, with example location value /rd/4521 and example registration payload of Figure 7.
Req: GET /rd/4521 Res: 2.01 Content Payload: </sensors/temp>;ct=41;rt="temperature-c";if="sensor"; anchor="coap://spurious.example.com:5683", </sensors/light>;ct=41;rt="light-lux";if="sensor"
An iPATCH (or PATCH) update [RFC8132] adds, removes or changes links of a registration by including link update information in the payload of the update with a media type that still needs to be defined.
This section defines the REST API for the creation, management, and lookup of endpoints for group operations. Similar to endpoint registration entries in the RD, groups may be created or removed. However unlike an endpoint entry, a group entry consists of a list of endpoints and does not have a lifetime associated with it. In order to make use of multicast requests with CoAP, a group MAY have a multicast address associated with it.
In order to create a group, a commissioning tool (CT) used to configure groups, makes a request to the RD indicating the name of the group to create (or update), optionally the domain the group belongs to, and optionally the multicast address of the group. This specification does not require that the endpoints belong to the same domain as the group, but a Resource Directory implementation can impose requirements on the domains of groups and endpoints depending on its configuration.
The registration message is a list of links to registration resources of the endpoints that belong to that group. The registration resources MAY be located on different hosts than the group hosting RD. In that case the endpoint link points to the registration resource on the other RD. The commissioning tool SHOULD NOT attempt to enter a foreign registration in a group unless it found it in the group RD’s lookup results, or has other reasons to assume that the foreign registration will be accepted.
The commissioning tool SHOULD not send any target attributes with the links to the registration resources, and the resource directory SHOULD reject registrations that contain links with unprocessable attributes.
Configuration of the endpoints themselves is out of scope of this specification. Such an interface for managing the group membership of an endpoint has been defined in [RFC7390].
The registration request interface is specified as follows:
The following response codes are defined for this interface:
The following example shows an EP registering a group with the name “lights” which has two endpoints. The RD group path /rd-group is an example RD location discovered in a request similar to Figure 6.
Req: POST coap://rd.example.com/rd-group?gp=lights &con=coap://[ff35:30:2001:db8::1] Content-Format: 40 Payload: <coap://other-rd/rd/4521>, </rd/4522> Res: 2.01 Created Location: /rd-group/12
A relative href value denotes the path to the registration resource of the Endpoint. When pointing to a registration resource on a different RD, the href value is an absolute URI.
A group can be removed simply by sending a removal message to the location of the group registration resource which was returned when initially registering the group. Removing a group MUST NOT remove the endpoints of the group from the RD.
The removal request interface is specified as follows:
The following responses codes are defined for this interface:
The following examples shows successful removal of the group from the RD with the example location value /rd-group/12.
Req: DELETE /rd-group/12 Res: 2.02 Deleted
To discover the resources registered with the RD, a lookup interface must be provided. This lookup interface is defined as a default, and it is assumed that RDs may also support lookups to return resource descriptions in alternative formats (e.g. Atom or HTML Link) or using more advanced interfaces (e.g. supporting context or semantic based lookup).
RD Lookup allows lookups for groups, endpoints and resources using attributes defined in this document and for use with the CoRE Link Format. The result of a lookup request is the list of links (if any) corresponding to the type of lookup. Thus, a group lookup MUST return a list of groups, an endpoint lookup MUST return a list of endpoints and a resource lookup MUST return a list of links to resources.
The lookup type is selected by a URI endpoint, which is indicated by a Resource Type as per Table 1 below:
Lookup Type | Resource Type | Mandatory |
---|---|---|
Resource | core.rd-lookup-res | Mandatory |
Endpoint | core.rd-lookup-ep | Mandatory |
Group | core.rd-lookup-gp | Optional |
Resource lookup results in links that are semantically equivalent to the links submitted to the RD if they were accessed on the endpoint itself. The links and link parameters returned are equal to the submitted, except that the target and anchor references are fully resolved.
Links that did not have an anchor attribute are therefore returned with the (explicitly or implicitly set) context URI of the registration as the anchor. Links whose href or anchor was submitted as an absolute URI are returned with respective attributes unmodified.
Above rules allow the client to interpret the response as links without any further knowledge of what the RD does. The Resource Directory MAY replace the contexts with a configured intermediate proxy, e.g. in the case of an HTTP lookup interface for CoAP endpoints.
Endpoint and group lookups result in links to registration resources and group resources, respectively. Endpoint registration resources are annotated with their endpoint names (ep), domains (d, if present), context (con) and lifetime (lt, if present). Additional endpoint attributes are added as link attributes to their endpoint link unless their specification says otherwise. Group resources are annotated with their group names (gp), domain (d, if present) and multicast address (con, if present).
While Endpoint Lookup does expose the registration resources, the RD does not need to make them accessible to clients. Clients SHOULD NOT attempt to dereference or manipulate them.
A Resource Directory can report endpoints or groups in lookup that are not hosted at the same address. While the setup and management of such a distributed system is out of scope for this document, lookup clients MUST be prepared to see arbitrary URIs as registration or group resources in the results.
For groups, a Resource Directory as specified here does not provide a lookup mechanism for the resources that can be accessed on a group’s multicast address (ie. no lookup will return links like <coap://[ff35:30:2001:db8::1]/light>;... for a group registered with con=coap://[ff35...]). Such an additional lookup interface could be specified in an extension document.
Using the Accept Option, the requester can control whether the returned list is returned in CoRE Link Format (application/link-format, default) or its alternate content-formats (application/link-format+json or application/link-format+cbor).
The page and count parameters are used to obtain lookup results in specified increments using pagination, where count specifies how many links to return and page specifies which subset of links organized in sequential pages, each containing ‘count’ links, starting with link zero and page zero. Thus, specifying count of 10 and page of 0 will return the first 10 links in the result set (links 0-9). Count = 10 and page = 1 will return the next ‘page’ containing links 10-19, and so on.
Multiple search criteria MAY be included in a lookup. All included criteria MUST match for a link to be returned. The Resource Directory MUST support matching with multiple search criteria.
A link matches a search criterion if it has an attribute of the same name and the same value, allowing for a trailing “*” wildcard operator as in Section 4.1 of [RFC6690]. Attributes that are defined as “link-type” match if the search value matches any of their values (see Section 4.1 of [RFC6690]; eg. ?if=core.s matches ;if="abc core.s";). A link also matches a search criterion if the link that would be produced for any of its containing entities would match the criterion, or an entity contained in it would: A search criterion matches an endpoint if it matches the endpoint itself, any of the groups it is contained in or any resource it contains. A search criterion matches a resource if it matches the resource itself, the resource’s endpoint, or any of the endpoint’s groups.
Note that href is also a valid search criterion and matches target references. Like all search criteria, on a resource lookup it can match the target reference of the resource link itself, but also the registration resource of the endpoint that registered it, or any group resource that endpoint is contained in.
Clients that are interested in a lookup result repeatedly or continuously can use mechanisms like ETag caching, resource observation ([RFC7641]), or any future mechanism that might allow more efficient observations of collections. These are advertised, detected and used according to their own specifications and can be used with the lookup interface as with any other resource.
When resource observation is used, every time the set of matching links changes, or the content of a matching link changes, the RD sends a notification with the matching link set. The notification contains the successful current response to the given request, especially with respect to representing zero matching links (see “Success” item below).
The lookup interface is specified as follows:
The following responses codes are defined for this interface:
The examples in this section assume the existence of CoAP hosts with a default CoAP port 61616. HTTP hosts are possible and do not change the nature of the examples.
The following example shows a client performing a resource lookup with the example resource look-up locations discovered in Figure 6:
Req: GET /rd-lookup/res?rt=temperature Res: 2.05 Content <coap://[2001:db8:3::123]:61616/temp>;rt="temperature";anchor="coap://[2001:db8:3::123]:61616"
The same lookup using the CBOR Link Format media type:
Req: GET /rd-lookup/res?rt=temperature Accept: TBD64 Res: 2.05 Content Content-Format: TBD64 Payload in Hex notation: 81A3017823636F61703A2F2F5B323030313A6462383A333A3A3132335D3A36313631362F 74656D7003781E636F61703A2F2F5B323030313A6462383A333A3A3132335D3A36313631 36096B74656D7065726174757265 Decoded payload: [{1: "coap://[2001:db8:3::123]:61616/temp", 9: "temperature", 3: "coap://[2001:db8:3::123]:61616"}]
A client that wants to be notified of new resources as they show up can use observation:
Req: GET /rd-lookup/res?rt=light Observe: 0 Res: 2.05 Content Observe: 23 Payload: empty (at a later point in time) Res: 2.05 Content Observe: 24 Payload: <coap://[2001:db8:3::124]/west>;rt="light"; anchor="coap://[2001:db8:3::124]", <coap://[2001:db8:3::124]/south>;rt="light"; anchor="coap://[2001:db8:3::124]", <coap://[2001:db8:3::124]/east>;rt="light"; anchor="coap://[2001:db8:3::124]"
The following example shows a client performing an endpoint type (et) lookup with the value oic.d.sensor (which is currently a registered rt value):
Req: GET /rd-lookup/ep?et=oic.d.sensor Res: 2.05 Content </rd/1234>;con="coap://[2001:db8:3::127]:61616";ep="node5"; et="oic.d.sensor";ct="40";lt="600", </rd/4521>;con="coap://[2001:db8:3::129]:61616";ep="node7"; et="oic.d.sensor";ct="40";lt="600";d="floor-3"
The following example shows a client performing a group lookup for all groups:
Req: GET /rd-lookup/gp Res: 2.05 Content </rd-group/1>;gp="lights1";d="example.com";con="coap://[ff35:30:2001:db8::1]", </rd-group/2>;gp="lights2";d="example.com";con="coap://[ff35:30:2001:db8::2]"
The following example shows a client performing a lookup for all endpoints in a particular group, with one endpoint hosted by another RD:
Req: GET /rd-lookup/ep?gp=lights1 Res: 2.05 Content <coap://[other-rd]/rd/abcd>;con="coap://[2001:db8:3::123]:61616"; anchor="coap://[other-rd]";ep="node1";et="oic.d.sensor";ct="40";lt="600", </rd/efgh>;con="coap://[2001:db8:3::124]:61616"; ep="node2";et="oic.d.sensor";ct="40";lt="600"
The following example shows a client performing a lookup for all groups the endpoint “node1” belongs to:
Req: GET /rd-lookup/gp?ep=node1 Res: 2.05 Content </rd-group/1>;gp="lights1"
The following example shows a client performing a paginated resource lookup
Req: GET /rd-lookup/res?page=0&count=5 Res: 2.05 Content <coap://[2001:db8:3::123]:61616/res/0>;rt=sensor;ct=60; anchor="coap://[2001:db8:3::123]:61616", <coap://[2001:db8:3::123]:61616/res/1>;rt=sensor;ct=60; anchor="coap://[2001:db8:3::123]:61616", <coap://[2001:db8:3::123]:61616/res/2>;rt=sensor;ct=60; anchor="coap://[2001:db8:3::123]:61616", <coap://[2001:db8:3::123]:61616/res/3>;rt=sensor;ct=60; anchor="coap://[2001:db8:3::123]:61616", <coap://[2001:db8:3::123]:61616/res/4>;rt=sensor;ct=60; anchor="coap://[2001:db8:3::123]:61616" Req: GET /rd-lookup/res?page=1&count=5 Res: 2.05 Content <coap://[2001:db8:3::123]:61616/res/5>;rt=sensor;ct=60; anchor="coap://[2001:db8:3::123]:61616", <coap://[2001:db8:3::123]:61616/res/6>;rt=sensor;ct=60; anchor="coap://[2001:db8:3::123]:61616", <coap://[2001:db8:3::123]:61616/res/7>;rt=sensor;ct=60; anchor="coap://[2001:db8:3::123]:61616", <coap://[2001:db8:3::123]:61616/res/8>;rt=sensor;ct=60; anchor="coap://[2001:db8:3::123]:61616", <coap://[2001:db8:3::123]:61616/res/9>;rt=sensor;ct=60; anchor="coap://[2001:db8:3::123]:61616"
The following example shows a client performing a lookup of all resources from endpoints of all endpoints of a given endpoint type. It assumes that two endpoints (with endpoint names sensor1 and sensor2) have previously registered with their respective addresses coap://sensor1.example.com and coap://sensor2.example.com, and posted the very payload of the 6th request of section 5 of [RFC6690].
It demonstrates how absolute link targets stay unmodified, while relative ones are resolved:
Req: GET /rd-lookup/res?et=oic.d.sensor <coap://sensor1.example.com/sensors>;ct=40;title="Sensor Index"; anchor="coap://sensor1.example.com", <coap://sensor1.example.com/sensors/temp>;rt="temperature-c";if="sensor"; anchor="coap://sensor1.example.com", <coap://sensor1.example.com/sensors/light>;rt="light-lux";if="sensor"; anchor="coap://sensor1.example.com", <http://www.example.com/sensors/t123>;rel="describedby"; anchor="coap://sensor1.example.com/sensors/temp", <coap://sensor1.example.com/t>;rel="alternate"; anchor="coap://sensor1.example.com/sensors/temp", <coap://sensor2.example.com/sensors>;ct=40;title="Sensor Index"; anchor="coap://sensor2.example.com", <coap://sensor2.example.com/sensors/temp>;rt="temperature-c";if="sensor"; anchor="coap://sensor2.example.com", <coap://sensor2.example.com/sensors/light>;rt="light-lux";if="sensor"; anchor="coap://sensor2.example.com", <http://www.example.com/sensors/t123>;rel="describedby"; anchor="coap://sensor2.example.com/sensors/temp", <coap://sensor2.example.com/t>;rel="alternate"; anchor="coap://sensor2.example.com/sensors/temp"
The security considerations as described in Section 7 of [RFC5988] and Section 6 of [RFC6690] apply. The /.well-known/core resource may be protected e.g. using DTLS when hosted on a CoAP server as described in [RFC7252]. DTLS or TLS based security SHOULD be used on all resource directory interfaces defined in this document.
An Endpoint is determined to be unique within (the domain of) an RD by the Endpoint identifier parameter included during Registration, and any associated TLS or DTLS security bindings. An Endpoint MUST NOT be identified by its protocol, port or IP address as these may change over the lifetime of an Endpoint.
Every operation performed by an Endpoint or Client on a resource directory SHOULD be mutually authenticated using Pre-Shared Key, Raw Public Key or Certificate based security.
Consider te following threat: two devices A and B are managed by a single server. Both devices have unique, per-device credentials for use with DTLS to make sure that only parties with authorization to access A or B can do so.
Now, imagine that a malicious device A wants to sabotage the device B. It uses its credentials during the DTLS exchange. Then, it puts the endpoint name of device B. If the server does not check whether the identifier provided in the DTLS handshake matches the identifier used at the CoAP layer then it may be inclined to use the endpoint name for looking up what information to provision to the malicious device.
Therfore, Endpoints MUST include the Endpoint identifier in the message, and this identifier MUST be checked by a resource directory to match the Endpoint identifier included in the Registration message.
Access control SHOULD be performed separately for the RD registration, Lookup, and group API paths, as different endpoints may be authorized to register with an RD from those authorized to lookup endpoints from the RD. Such access control SHOULD be performed in as fine-grained a level as possible. For example access control for lookups could be performed either at the domain, endpoint or resource level.
Services that run over UDP unprotected are vulnerable to unknowingly become part of a DDoS attack as UDP does not require return routability check. Therefore, an attacker can easily spoof the source IP of the target entity and send requests to such a service which would then respond to the target entity. This can be used for large-scale DDoS attacks on the target. Especially, if the service returns a response that is order of magnitudes larger than the request, the situation becomes even worse as now the attack can be amplified. DNS servers have been widely used for DDoS amplification attacks. There is also a danger that NTP Servers could become implicated in denial-of-service (DoS) attacks since they run on unprotected UDP, there is no return routability check, and they can have a large amplification factor. The responses from the NTP server were found to be 19 times larger than the request. A Resource Directory (RD) which responds to wild-card lookups is potentially vulnerable if run with CoAP over UDP. Since there is no return routability check and the responses can be significantly larger than requests, RDs can unknowingly become part of a DDoS amplification attack.
“core.rd”, “core.rd-group”, “core.rd-lookup-ep”, “core.rd-lookup-res”, and “core.rd-lookup-gp” resource types need to be registered with the resource type registry defined by [RFC6690].
This document registers one new ND option type under the subregistry “IPv6 Neighbor Discovery Option Formats”:
This specification defines a new sub-registry for registration and lookup parameters called “RD Parameters” under “CoRE Parameters”. Although this specification defines a basic set of parameters, it is expected that other standards that make use of this interface will define new ones.
Each entry in the registry must include
The query parameter MUST be both a valid URI query key [RFC3986] and a parmname as used in [RFC5988].
The description must give details on which registrations they apply to (Endpoint, group registrations or both? Can they be updated?), and how they are to be processed in lookups.
The mechanisms around new RD parameters should be designed in such a way that they tolerate RD implementations that are unaware of the parameter and expose any parameter passed at registration or updates on in endpoint lookups. (For example, if a parameter used at registration were to be confidential, the registering endpoint should be instructed to only set that parameter if the RD advertises support for keeping it confidential at the discovery step.)
Initial entries in this sub-registry are as follows:
Full name | Short | Validity | Use | Description |
---|---|---|---|---|
Endpoint Name | ep | RLA | Name of the endpoint, max 63 bytes | |
Lifetime | lt | 60-4294967295 | RLA | Lifetime of the registration in seconds |
Domain | d | RLA | Domain to which this endpoint belongs | |
Context | con | URI | RLA | The scheme, address and port and path at which this server is available |
Group Name | gp | RLA | Name of a group in the RD | |
Page | page | Integer | L | Used for pagination |
Count | count | Integer | L | Used for pagination |
Endpoint Type | et | RLA | Semantic name of the endpoint (see Section 9.4) |
(Short: Short name used in query parameters or link attributes. Use: R = used at registration, L = used at lookup, A = expressed in link attribute
The descriptions for the options defined in this document are only summarized here. To which registrations they apply and when they are to be shown is described in the respective sections of this document.
The IANA policy for future additions to the sub-registry is “Expert Review” as described in [RFC8126]. The evaluation should consider formal criteria, duplication of functionality (Is the new entry redundant with an existing one?), topical suitability (Eg. is the described property actually a property of the endpoint and not a property of a particular resource, in which case it should go into the payload of the registration and need not be registered?), and the potential for conflict with commonly used link attributes (For example, if could be used as a parameter for conditional registration if it were not to be used in lookup or attributes, but would make a bad parameter for lookup, because a resource lookup with an if query parameter could ambiguously filter by the registered endpoint property or the [RFC6690] link attribute). It is expected that the registry will receive between 5 and 50 registrations in total over the next years.
An endpoint registering at an RD can describe itself with endpoint types, similar to how resources are described with Resource Types in [RFC6690]. An endpoint type is expressed as a string, which can be either a URI or one of the values defined in the Endpoint Type subregistry. Endpoint types can be passed in the et query parameter as part of extra-attrs at the Registration step, are shown on endpoint lookups using the et target attribute, and can be filtered for using et as a search criterion in resource and endpoint lookup. Multiple endpoint types are given as separate query parameters or link attributes.
Note that Endpoint Type differs from Resource Type in that it uses multiple attributes rather than space separated values. As a result, Resource Directory implementations automatically support correct filtering in the lookup interfaces from the rules for unknown endpoint attributes.
This specification establishes a new sub-registry under “CoRE Parameters” called ‘“Endpoint Type” (et=) RD Parameter values’. The registry properties (required policy, requirements, template) are identical to those of the Resource Type parameters in [RFC6690], in short:
The review policy is IETF Review for values starting with “core”, and Specification Required for others.
The requirements to be enforced are:
The registry is initially empty.
IANA has assigned the following multicast addresses for use by CoAP nodes:
IPv4 – “all CoRE resource directories” address, from the “IPv4 Multicast Address Space Registry” equal to “All CoAP Nodes”, 224.0.1.187. As the address is used for discovery that may span beyond a single network, it has come from the Internetwork Control Block (224.0.1.x, RFC 5771).
IPv6 – “all CoRE resource directories” address MCD1 (uggestions FF0X::FE), from the “IPv6 Multicast Address Space Registry”, in the “Variable Scope Multicast Addresses” space (RFC 3307). Note that there is a distinct multicast address for each scope that interested CoAP nodes should listen to; CoAP needs the Link-Local and Site-Local scopes only.
Two examples are presented: a Lighting Installation example in Section 10.1 and a LWM2M example in Section 10.2.
This example shows a simplified lighting installation which makes use of the Resource Directory (RD) with a CoAP interface to facilitate the installation and start up of the application code in the lights and sensors. In particular, the example leads to the definition of a group and the enabling of the corresponding multicast address. No conclusions must be drawn on the realization of actual installation or naming procedures, because the example only “emphasizes” some of the issues that may influence the use of the RD and does not pretend to be normative.
The example assumes that the installation is managed. That means that a Commissioning Tool (CT) is used to authorize the addition of nodes, name them, and name their services. The CT can be connected to the installation in many ways: the CT can be part of the installation network, connected by WiFi to the installation network, or connected via GPRS link, or other method.
It is assumed that there are two naming authorities for the installation: (1) the network manager that is responsible for the correct operation of the network and the connected interfaces, and (2) the lighting manager that is responsible for the correct functioning of networked lights and sensors. The result is the existence of two naming schemes coming from the two managing entities.
The example installation consists of one presence sensor, and two luminaries, luminary1 and luminary2, each with their own wireless interface. Each luminary contains three lamps: left, right and middle. Each luminary is accessible through one endpoint. For each lamp a resource exists to modify the settings of a lamp in a luminary. The purpose of the installation is that the presence sensor notifies the presence of persons to a group of lamps. The group of lamps consists of: middle and left lamps of luminary1 and right lamp of luminary2.
Before commissioning by the lighting manager, the network is installed and access to the interfaces is proven to work by the network manager.
At the moment of installation, the network under installation is not necessarily connected to the DNS infra structure. Therefore, SLAAC IPv6 addresses are assigned to CT, RD, luminaries and sensor shown in Table 3 below:
Name | IPv6 address |
---|---|
luminary1 | 2001:db8:4::1 |
luminary2 | 2001:db8:4::2 |
Presence sensor | 2001:db8:4::3 |
Resource directory | 2001:db8:4::ff |
In Section 10.1.2 the use of resource directory during installation is presented.
It is assumed that access to the DNS infrastructure is not always possible during installation. Therefore, the SLAAC addresses are used in this section.
For discovery, the resource types (rt) of the devices are important. The lamps in the luminaries have rt: light, and the presence sensor has rt: p-sensor. The endpoints have names which are relevant to the light installation manager. In this case luminary1, luminary2, and the presence sensor are located in room 2-4-015, where luminary1 is located at the window and luminary2 and the presence sensor are located at the door. The endpoint names reflect this physical location. The middle, left and right lamps are accessed via path /light/middle, /light/left, and /light/right respectively. The identifiers relevant to the Resource Directory are shown in Table 4 below:
Name | endpoint | resource path | resource type |
---|---|---|---|
luminary1 | lm_R2-4-015_wndw | /light/left | light |
luminary1 | lm_R2-4-015_wndw | /light/middle | light |
luminary1 | lm_R2-4-015_wndw | /light/right | light |
luminary2 | lm_R2-4-015_door | /light/left | light |
luminary2 | lm_R2-4-015_door | /light/middle | light |
luminary2 | lm_R2-4-015_door | /light/right | light |
Presence sensor | ps_R2-4-015_door | /ps | p-sensor |
It is assumed that the CT knows the RD’s address, and has performed URI discovery on it that returned a response like the one in the Section 5.2 example.
The CT inserts the endpoints of the luminaries and the sensor in the RD using the Context parameter (con) to specify the interface address:
Req: POST coap://[2001:db8:4::ff]/rd ?ep=lm_R2-4-015_wndw&con=coap://[2001:db8:4::1]&d=R2-4-015 Payload: </light/left>;rt="light", </light/middle>;rt="light", </light/right>;rt="light" Res: 2.01 Created Location: /rd/4521
Req: POST coap://[2001:db8:4::ff]/rd ?ep=lm_R2-4-015_door&con=coap://[2001:db8:4::2]&d=R2-4-015 Payload: </light/left>;rt="light", </light/middle>;rt="light", </light/right>;rt="light" Res: 2.01 Created Location: /rd/4522
Req: POST coap://[2001:db8:4::ff]/rd ?ep=ps_R2-4-015_door&con=coap://[2001:db8:4::3]d&d=R2-4-015 Payload: </ps>;rt="p-sensor" Res: 2.01 Created Location: /rd/4523
The domain name d=R2-4-015 has been added for an efficient lookup because filtering on “ep” name is more awkward. The same domain name is communicated to the two luminaries and the presence sensor by the CT.
The group is specified in the RD. The Context parameter is set to the site-local multicast address allocated to the group. In the POST in the example below, these two endpoints and the endpoint of the presence sensor are registered as members of the group.
Req: POST coap://[2001:db8:4::ff]/rd-group ?gp=grp_R2-4-015&con=coap://[ff05::1] Payload: </rd/4521>, </rd/4522>, </rd/4523> Res: 2.01 Created Location: /rd-group/501
After the filling of the RD by the CT, the application in the luminaries can learn to which groups they belong, and enable their interface for the multicast address.
The luminary, knowing its domain, queries the RD for the endpoint with rt=light and d=R2-4-015. The RD returns all endpoints in the domain.
Req: GET coap://[2001:db8:4::ff]/rd-lookup/ep ?d=R2-4-015&rt=light Res: 2.05 Content </rd/4521>;con="coap://[2001:db8:4::1]"; ep="lm_R2-4-015_wndw", </rd/4522>;con="coap://[2001:db8:4::2]"; ep="lm_R2-4-015_door"
Knowing its own IPv6 address, the luminary discovers its endpoint name. With the endpoint name the luminary queries the RD for all groups to which the endpoint belongs.
Req: GET coap://[2001:db8:4::ff]/rd-lookup/gp ?ep=lm_R2-4-015_wndw Res: 2.05 Content </rd-group/501>;gp="grp_R2-4-015";con="coap://[ff05::1]"
From the context parameter value, the luminary learns the multicast address of the multicast group.
Alternatively, the CT can communicate the multicast address directly to the luminaries by using the “coap-group” resource specified in [RFC7390].
Req: POST coap://[2001:db8:4::1]/coap-group Content-Format: application/coap-group+json Payload: { "a": "[ff05::1]", "n": "grp_R2-4-015"} Res: 2.01 Created Location-Path: /coap-group/1
Dependent on the situation, only the address, “a”, or the name, “n”, is specified in the coap-group resource.
This example shows how the OMA LWM2M specification makes use of Resource Directory (RD).
OMA LWM2M is a profile for device services based on CoAP(OMA Name Authority). LWM2M defines a simple object model and a number of abstract interfaces and operations for device management and device service enablement.
An LWM2M server is an instance of an LWM2M middleware service layer, containing a Resource Directory along with other LWM2M interfaces defined by the LWM2M specification.
CoRE Resource Directory (RD) is used to provide the LWM2M Registration interface.
LWM2M does not provide for registration domains and does not currently use the rd-group or rd-lookup interfaces.
The LWM2M specification describes a set of interfaces and a resource model used between a LWM2M device and an LWM2M server. Other interfaces, proxies, and applications are currently out of scope for LWM2M.
The location of the LWM2M Server and RD URI path is provided by the LWM2M Bootstrap process, so no dynamic discovery of the RD is used. LWM2M Servers and endpoints are not required to implement the /.well-known/core resource.
The OMA LWM2M object model is based on a simple 2 level class hierarchy consisting of Objects and Resources.
An LWM2M Resource is a REST endpoint, allowed to be a single value or an array of values of the same data type.
An LWM2M Object is a resource template and container type that encapsulates a set of related resources. An LWM2M Object represents a specific type of information source; for example, there is a LWM2M Device Management object that represents a network connection, containing resources that represent individual properties like radio signal strength.
Since there may potentially be more than one of a given type object, for example more than one network connection, LWM2M defines instances of objects that contain the resources that represent a specific physical thing.
The URI template for LWM2M consists of a base URI followed by Object, Instance, and Resource IDs:
{/base-uri}{/object-id}{/object-instance}{/resource-id}{/resource-instance}
The five variables given here are strings. base-uri can also have the special value “undefined” (sometimes called “null” in RFC 6570). Each of the variables object-instance, resource-id, and resource-instance can be the special value “undefined” only if the values behind it in this sequence also are “undefined”. As a special case, object-instance can be “empty” (which is different from “undefined”) if resource-id is not “undefined”.
base-uri := Base URI for LWM2M resources or “undefined” for default (empty) base URI
object-id := OMNA (OMA Name Authority) registered object ID (0-65535)
object-instance := Object instance identifier (0-65535) or “undefined”/”empty” (see above)) to refer to all instances of an object ID
resource-id := OMNA (OMA Name Authority) registered resource ID (0-65535) or “undefined” to refer to all resources within an instance
resource-instance := Resource instance identifier or “undefined” to refer to single instance of a resource
LWM2M IDs are 16 bit unsigned integers represented in decimal (no leading zeroes except for the value 0) by URI format strings. For example, a LWM2M URI might be:
/1/0/1
The base uri is empty, the Object ID is 1, the instance ID is 0, the resource ID is 1, and the resource instance is “undefined”. This example URI points to internal resource 1, which represents the registration lifetime configured, in instance 0 of a type 1 object (LWM2M Server Object).
LWM2M defines a registration interface based on the REST API, described in Section 5. The RD registration URI path of the LWM2M Resource Directory is specified to be “/rd”.
LWM2M endpoints register object IDs, for example </1>, to indicate that a particular object type is supported, and register object instances, for example </1/0>, to indicate that a particular instance of that object type exists.
Resources within the LWM2M object instance are not registered with the RD, but may be discovered by reading the resource links from the object instance using GET with a CoAP Content-Format of application/link-format. Resources may also be read as a structured object by performing a GET to the object instance with a Content-Format of senml+json.
When an LWM2M object or instance is registered, this indicates to the LWM2M server that the object and its resources are available for management and service enablement (REST API) operations.
LWM2M endpoints may use the following RD registration parameters as defined in Table 2 :
ep - Endpoint Name lt - registration lifetime
Endpoint Name, Lifetime, and LWM2M Version are mandatory parameters for the register operation, all other registration parameters are optional.
Additional optional LWM2M registration parameters are defined:
Name | Query | Validity | Description |
---|---|---|---|
Binding Mode | b | {“U”,UQ”,”S”,”SQ”,”US”,”UQS”} | Available Protocols |
LWM2M Version | ver | 1.0 | Spec Version |
SMS Number | sms | MSISDN |
The following RD registration parameters are not currently specified for use in LWM2M:
et - Endpoint Type con - Context
The endpoint registration must include a payload containing links to all supported objects and existing object instances, optionally including the appropriate link-format relations.
Here is an example LWM2M registration payload:
</1>,</1/0>,</3/0>,</5>
This link format payload indicates that object ID 1 (LWM2M Server Object) is supported, with a single instance 0 existing, object ID 3 (LWM2M Device object) is supported, with a single instance 0 existing, and object 5 (LWM2M Firmware Object) is supported, with no existing instances.
The LwM2M update is really very similar to the registration update as described in Section 5.4.1, with the only difference that there are more parameters defined and available. All the parameters listed in that section are also available with the initial registration but are all optional:
lt - Registration Lifetime b - Protocol Binding sms - MSISDN link payload - new or modified links
A Registration update is also specified to be used to update the LWM2M server whenever the endpoint’s UDP port or IP address are changed.
LWM2M allows for de-registration using the delete method on the returned location from the initial registration operation. LWM2M de-registration proceeds as described in Section 5.4.2.
Oscar Novo, Srdjan Krco, Szymon Sasin, Kerry Lynn, Esko Dijk, Anders Brandt, Matthieu Vial, Jim Schaad, Mohit Sethi, Hauke Petersen, Hannes Tschofenig, Sampo Ukkola, Linyi Tian, and Jan Newmarch have provided helpful comments, discussions and ideas to improve and shape this document. Zach would also like to thank his colleagues from the EU FP7 SENSEI project, where many of the resource directory concepts were originally developed.
changes from -12 to -13
changes from -11 to -12
changes from -09 to -10
changes from -08 to -09
changes from -07 to -08
changes from -06 to -07
Changes from -05 to -06
changes from -04 to -05
Changes from -03 to -04:
Changes from -02 to -03:
Changes from -01 to -02:
Changes from -00 to -01:
Changes from -05 to WG Document -00:
Changes from -04 to -05:
Changes from -03 to -04:
Changes from -02 to -03:
Changes from -01 to -02:
[ER] | Chen, P., "The entity-relationship model---toward a unified view of data", ACM Transactions on Database Systems Vol. 1, pp. 9-36, DOI 10.1145/320434.320440, March 1976. |
[I-D.arkko-core-dev-urn] | Arkko, J., Jennings, C. and Z. Shelby, "Uniform Resource Names for Device Identifiers", Internet-Draft draft-arkko-core-dev-urn-05, October 2017. |
[I-D.bormann-t2trg-rel-impl] | Bormann, C., "impl-info: A link relation type for disclosing implementation information", Internet-Draft draft-bormann-t2trg-rel-impl-00, January 2018. |
[I-D.silverajan-core-coap-protocol-negotiation] | Silverajan, B. and M. Ocak, "CoAP Protocol Negotiation", Internet-Draft draft-silverajan-core-coap-protocol-negotiation-07, October 2017. |
[RFC2616] | Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, DOI 10.17487/RFC2616, June 1999. |
[RFC6775] | Shelby, Z., Chakrabarti, S., Nordmark, E. and C. Bormann, "Neighbor Discovery Optimization for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs)", RFC 6775, DOI 10.17487/RFC6775, November 2012. |
[RFC7230] | Fielding, R. and J. Reschke, "Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing", RFC 7230, DOI 10.17487/RFC7230, June 2014. |
[RFC7252] | Shelby, Z., Hartke, K. and C. Bormann, "The Constrained Application Protocol (CoAP)", RFC 7252, DOI 10.17487/RFC7252, June 2014. |
[RFC7390] | Rahman, A. and E. Dijk, "Group Communication for the Constrained Application Protocol (CoAP)", RFC 7390, DOI 10.17487/RFC7390, October 2014. |
[RFC7641] | Hartke, K., "Observing Resources in the Constrained Application Protocol (CoAP)", RFC 7641, DOI 10.17487/RFC7641, September 2015. |
[RFC8288] | Nottingham, M., "Web Linking", RFC 8288, DOI 10.17487/RFC8288, October 2017. |
Understanding the semantics of a link-format document and its URI references is a journey through different documents ([RFC3986] defining URIs, [RFC6690] defining link-format documents based on [RFC8288] which defines link headers, and [RFC7252] providing the transport). This appendix summarizes the mechanisms and semantics at play from an entry in .well-known/core to a resource lookup.
This text is primarily aimed at people entering the field of Constrained Restful Environments from applications that previously did not use web mechanisms.
Let’s start this example with a very simple host, 2001:db8:f0::1. A client that follows classical CoAP Discovery ([RFC7252] Section 7), sends the following multicast request to learn about neighbours supporting resources with resource-type “temperature”.
The client sends a link-local multicast:
GET coap://[ff02::fd]:5683/.well-known/core?rt=temperature RES 2.05 Content </temp>;rt=temperature;ct=0
where the response is sent by the server, [2001:db8:f0::1]:5683.
While the client – on the practical or implementation side – can just go ahead and create a new request to [2001:db8:f0::1]:5683 with Uri-Path: temp, the full resolution steps without any shortcuts are:
The client parses the single returned record. The link’s target (sometimes called “href”) is “/temp”, which is a relative URI that needs resolving. As long as all involved links follow the restrictions set forth for this document (see Appendix A.4), the base URI to resolve this against the requested URI.
The URI of the requested resource can be composed by following the steps of [RFC7252] section 6.5 (with an addition at the end of 8.2) into “coap://[2001:db8:f0::1]/.well-known/core”.
The record’s target is resolved by replacing the path “/.well-known/core” from the Base URI (section 5.2 [RFC3986]) with the relative target URI “/temp” into “coap://[2001:db8:f0::1]/temp”.
Some more information but the record’s target can be obtained from the payload: the resource type of the target is “temperature”, and its content type is text/plain (ct=0).
A relation in a web link is a three-part statement that the context resource has a named relation to the target resource, like “This page has its table of contents at /toc.html”. In [RFC6690] link-format documents, there is an implicit “host relation” specified with default parameter: rel=”hosts”.
In our example, the context of the link is the URI of the requested document itself. A full English expression of the “host relation” is:
‘coap://[2001:db8:f0::1]/.well-known/core is hosting the resource coap://[2001:db8:f0::1]/temp, which is of the resource type “temperature” and can be accessed using the text/plain content format.’
Omitting the rt=temperature filter, the discovery query would have given some more records in the payload:
</temp>;rt=temperature;ct=0, </light>;rt=light-lux;ct=0, </t>;anchor="/sensors/temp";rel=alternate, <http://www.example.com/sensors/t123>;anchor="/sensors/temp"; rel="describedby"
Parsing the third record, the client encounters the “anchor” parameter. It is a URI relative to the document’s Base URI and is thus resolved to “coap://[2001:db8:f0::1]/sensors/temp”. That is the context resource of the link, so the “rel” statement is not about the target and the document Base URI any more, but about the target and that address.
Thus, the third record could be read as “coap://[2001:db8:f0::1]/sensors/temp has an alternate representation at coap://[2001:db8:f0::1]/t”.
The fourth record can be read as “coap://[2001:db8:f0::1]/sensors/temp is described by http://www.example.com/sensors/t123”.
The resource directory tries to carry the semantics obtainable by classical CoAP discovery over to the resource lookup interface as faithfully as possible.
For the following queries, we will assume that the simple host has used Simple Registration to register at the resource directory that was announced to it, sending this request from its UDP port [2001:db8:f0::1]:6553:
POST coap://[2001:db8:f01::ff]/.well-known/core?ep=simple-host1
The resource directory would have accepted the registration, and queried the simple host’s .well-known/core by itself. As a result, the host is registered as an endpoint in the RD with the name “simple-host1”. The registration is active for 86400 seconds, and the endpoint registration Base URI is “coap://[2001:db8:f0::1]/” because that is the address the registration was sent from (and no explicit con= was given).
If the client now queries the RD as it would previously have issued a multicast request, it would go through the RD discovery steps by fetching coap://[2001:db8:f0::ff]/.well-known/core?rt=core.rd-lookup-res, obtain coap://[2001:db8:f0::ff]/rd-lookup/res as the resource lookup endpoint, and issue a request to coap://[2001:db8:f0::ff]/rd-lookup/res?rt=temperature to receive the following data:
<coap://[2001:db8:f0::1]/temp>;rt=temperature;ct=0; anchor="coap://[2001:db8:f0::1]"
This is not literally the same response that it would have received from a multicast request, but it would contain the (almost) same statement:
‘coap://[2001:db8:f0::1] is hosting the resource coap://[2001:db8:f0::1]/temp, which is of the resource type “temperature” and can be accessed using the text/plain content format.’
(The difference is whether / or /.well-known/core hosts the resources, which is subject of ongoing discussion about RFC6690).
To complete the examples, the client could also query all resources hosted at the endpoint with the known endpoint name “simple-host1”. A request to coap://[2001:db8:f0::ff]/rd-lookup/res?ep=simple-host1 would return
<coap://[2001:db8:f0::1]/temp>;rt=temperature;ct=0; anchor="coap://[2001:db8:f0::1]", <coap://[2001:db8:f0::1]/light>;rt=light-lux;ct=0; anchor="coap://[2001:db8:f0::1]", <coap://[2001:db8:f0::1]/t>; anchor="coap://[2001:db8:f0::1]/sensors/temp";rel=alternate, <http://www.example.com/sensors/t123>; anchor="coap://[2001:db8:f0::1]/sensors/temp";rel="describedby"
All the target and anchor references are already in absolute form there, which don’t need to be resolved any further.
Had the simple host registered with an explicit context (eg. ?ep=simple-host1&con=coap+tcp://simple-host1.example.com), that context would have been used to resolve the relative anchor values instead, giving
<coap+tcp://simple-host1.example.com/temp>;rt=temperature;ct=0; anchor="coap+tcp://simple-host1.example.com"
and analogous records.
While link-format and Link headers look very similar and are based on the same model of typed links, there are some differences between [RFC6690] and [RFC5988], which are dealt with differently:
[ This appendix should not show up in a published version of this document. ]
The protocol negotiation that is being worked on in [I-D.silverajan-core-coap-protocol-negotiation] makes use of the Resource Directory.
Until that document is update to use the latest resource-directory specification, here are some examples of protocol negotiation with the current Resource Directory:
An endpoint could register as follows from its address [2001:db8:f1::2]:5683:
Req: POST coap://rd.example.com/rd?ep=node1 &at=coap+tcp://[2001:db8:f1::2] Content-Format: 40 Payload: </temperature>;ct=0;rt="temperature";if="core.s" Res: 2.01 Created Location: /rd/1234
An endpoint lookup would just reflect the registered attributes:
Req: GET /rd-lookup/ep Res: 2.05 Content </rd/1234>;ep="node1";con="coap://[2001:db8:f1::2]:5683"; at="coap+tcp://[2001:db8:f1::2]"
A UDP client would then see the following in a resource lookup:
Req: GET /rd-lookup/res?rt=temperature Res: 2.05 Content <coap://[2001:db8:f1::2]/temperature>;ct=0;rt="temperature";if="core.s"; anchor="coap://[2001:db8:f1::2]"
while a TCP capable client could say:
Req: GET /rd-lookup/res?rt=temperature&tt=tcp Res: 2.05 Content <coap+tcp://[2001:db8:f1::2]/temperature>;ct=0;rt="temperature"; if="core.s";anchor="coap+tcp://[2001:db8:f1::2]"