]> CoRE Target Attribute Registry Universität Bremen TZI
Postfach 330440 Bremen D-28359 Germany +49-421-218-63921 cabo@tzi.org
CoRE Working group Internet-Draft The Constrained RESTful Environments (CoRE) specifications apply Web technologies to constrained environments. One important such technology is Web Linking , which CoRE uses as the basis for a number of discovery protocols, such as the Link Format in CoAP's Resource Discovery Protocol () and the Resource Directory . Web Links can have Target Attributes, the names of which are not generally coordinated by the Web Linking specification (). This short note introduces an IANA registry for coordinating names of Target Attributes when used in Constrained RESTful Environments. About This Document Status information for this document may be found at . Discussion of this document takes place on the core Working Group mailing list (), which is archived at . Subscribe at . Source for this draft and an issue tracker can be found at .
Introduction (Please see abstract.) The original Web Linking specification did not attempt to coordinate names of target attributes except for providing common target attributes for use in the Link HTTP header. The current revision of that specification clarifies ():
This specification does not attempt to coordinate the name of target attributes, their cardinality, or use. Those creating and maintaining serialisations SHOULD coordinate their target attributes to avoid conflicts in semantics or syntax and MAY define their own registries of target attributes.
This short note introduces an IANA registry for coordinating names of Target Attributes when used in Constrained RESTful Environments. With a registry now available, registration of target attributes is strongly encouraged. The incentive is that an unregistered attribute name might be registered with a different meaning at any time. (See also .)
Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.
IANA Considerations This specification defines a new sub-registry for Target Attributes in the CoRE Parameters registry , with the policy "expert review" (). The expert is instructed to be frugal in the allocation of very short target attribute names, keeping them in reserve for applications that are likely to enjoy wide use and can make good use of their shortness. The expert is also instructed to direct the registrant to provide a specification (), but can make exceptions, for instance when a specification is not available at the time of registration but is likely forthcoming. If the expert becomes aware of target attributes that are deployed and in use, they may also initiate a registration on their own if they deem such a registration can avert potential future collisions. Each entry in the registry must include:
Attribute Name:
a lower case ASCII string that starts with a letter and can contain digits and hyphen-minus characters afterwards ([a-z][-a-z0-9]*). (Note that requires target attribute names to be interpreted in a case-insensitive way; the restriction to lower case here ensures that they are registered in a predictable form).
Brief description:
a brief description
Change Controller:
(see )
Reference:
a reference document that provides a description of the target attribute, including the semantics for when the target attribute appears more than once in a link.
Initial entries in this sub-registry are as listed in : Initial Entries in the Target Attributes Registry
Attribute Name Brief description Change Controller Reference
href reserved (not useful as target attribute name) IESG
anchor reserved (not useful as target attribute name) IESG
rel reserved (not useful as target attribute name) IESG
rev reserved (not useful as target attribute name) IESG
hreflang (Web Linking) IESG
media (Web Linking) IESG
title (Web Linking) IESG
type (Web Linking) IESG
rt resource type IESG
if interface description IESG
sz maximum size estimate IESG
ct Content-Format hint IESG
obs observable resource IESG
hct HTTP-CoAP URI mapping template IESG
osc hint: resource only accessible using OSCORE IESG
method A supported authentication method for EDHOC IESG
csuite A supported cipher suite for EDHOC IESG
cred_t A supported type of authentication credential for EDHOC IESG
idcred_t A supported type of authentication credential identifier for EDHOC IESG
ead_1 A supported EDHOC EAD_1 item IESG
ead_2 A supported EDHOC EAD_2 item IESG
ead_3 A supported EDHOC EAD_3 item IESG
ead_4 A supported EDHOC EAD_4 item IESG
comb_req Hint: support for the EDHOC+OSCORE request IESG
sec-gp Name of the security group that can be joined through this resource IESG
app-gp Name of an application group associated with a security group IESG
hkdf The HKDF algorithm to use IESG
cred_fmt The format of authentication credential to use IESG
sign_enc_alg The encryption algorithm to use for encrypting signed messages IESG
sign_alg The signature algorithm to use IESG
sign_alg_crv The elliptic curve of the used signature algorithm IESG
sign_key_kty The key type of the used signing keys IESG
sign_key_crv The curve of the used signing keys IESG
alg The encryption algorithm to use for encrypting non-signed messages IESG
ecdh_alg The ECDH algorithm to use IESG
ecdh_alg_crv The elliptic curve of the used ECDH algorithm IESG
ecdh_key_kty The key type of the used ECDH keys IESG
ecdh_key_crv The curve of the used ECDH keys IESG
det_hash_alg The hash algorithm to use for computing deterministic requests IESG
rekeying_scheme The rekeying scheme used to distribute new keying material IESG
A number of names are reserved as they are used for parameters in links other than target attributes, a further set is predefined in .
Security considerations The security considerations of apply, as do those of the discovery specifications , , and .
References Normative References Web Linking This specification defines a model for the relationships between resources on the Web ("links") and the type of those relationships ("link relation types"). It also defines the serialisation of such links in HTTP headers with the Link header field. Guidelines for Writing an IANA Considerations Section in RFCs Many protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA). To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry. This is the third edition of this document; it obsoletes RFC 5226. ASCII format for network interchange Key words for use in RFCs to Indicate Requirement Levels In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Constrained RESTful Environments (CoRE) Parameters IANA Informative References Constrained RESTful Environments (CoRE) Link Format This specification defines Web Linking using a link format for use by constrained web servers to describe hosted resources, their attributes, and other relationships between links. Based on the HTTP Link Header field defined in RFC 5988, the Constrained RESTful Environments (CoRE) Link Format is carried as a payload and is assigned an Internet media type. "RESTful" refers to the Representational State Transfer (REST) architecture. A well-known URI is defined as a default entry point for requesting the links hosted by a server. [STANDARDS-TRACK] The Constrained Application Protocol (CoAP) The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks. The nodes often have 8-bit microcontrollers with small amounts of ROM and RAM, while constrained networks such as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) often have high packet error rates and a typical throughput of 10s of kbit/s. The protocol is designed for machine- to-machine (M2M) applications such as smart energy and building automation. CoAP provides a request/response interaction model between application endpoints, supports built-in discovery of services and resources, and includes key concepts of the Web such as URIs and Internet media types. CoAP is designed to easily interface with HTTP for integration with the Web while meeting specialized requirements such as multicast support, very low overhead, and simplicity for constrained environments. Observing Resources in the Constrained Application Protocol (CoAP) The Constrained Application Protocol (CoAP) is a RESTful application protocol for constrained nodes and networks. The state of a resource on a CoAP server can change over time. This document specifies a simple protocol extension for CoAP that enables CoAP clients to "observe" resources, i.e., to retrieve a representation of a resource and keep this representation updated by the server over a period of time. The protocol follows a best-effort approach for sending new representations to clients and provides eventual consistency between the state observed by each client and the actual resource state at the server. Guidelines for Mapping Implementations: HTTP to the Constrained Application Protocol (CoAP) This document provides reference information for implementing a cross-protocol network proxy that performs translation from the HTTP protocol to the Constrained Application Protocol (CoAP). This will enable an HTTP client to access resources on a CoAP server through the proxy. This document describes how an HTTP request is mapped to a CoAP request and how a CoAP response is mapped back to an HTTP response. This includes guidelines for status code, URI, and media type mappings, as well as additional interworking advice. Object Security for Constrained RESTful Environments (OSCORE) This document defines Object Security for Constrained RESTful Environments (OSCORE), a method for application-layer protection of the Constrained Application Protocol (CoAP), using CBOR Object Signing and Encryption (COSE). OSCORE provides end-to-end protection between endpoints communicating using CoAP or CoAP-mappable HTTP. OSCORE is designed for constrained nodes and networks supporting a range of proxy operations, including translation between different transport protocols. Although an optional functionality of CoAP, OSCORE alters CoAP options processing and IANA registration. Therefore, this document updates RFC 7252. Profiling EDHOC for CoAP and OSCORE Ericsson RISE AB RISE AB Fraunhofer AISEC Ericsson The lightweight authenticated key exchange protocol EDHOC can be run over CoAP and used by two peers to establish an OSCORE Security Context. This document further profiles this use of the EDHOC protocol, by specifying a number of additional and optional mechanisms. These especially include an optimization approach for combining the execution of EDHOC with the first subsequent OSCORE transaction. This combination reduces the number of round trips required to set up an OSCORE Security Context and to complete an OSCORE transaction using that Security Context. Discovery of OSCORE Groups with the CoRE Resource Directory RISE AB Consultant Group communication over the Constrained Application Protocol (CoAP) can be secured by means of Group Object Security for Constrained RESTful Environments (Group OSCORE). At deployment time, devices may not know the exact security groups to join, the respective Group Manager, or other information required to perform the joining process. This document describes how a CoAP endpoint can use descriptions and links of resources registered at the CoRE Resource Directory to discover security groups and to acquire information for joining them through the respective Group Manager. A given security group may protect multiple application groups, which are separately announced in the Resource Directory as sets of endpoints sharing a pool of resources. This approach is consistent with, but not limited to, the joining of security groups based on the ACE framework for Authentication and Authorization in constrained environments. Web Linking This document specifies relation types for Web links, and defines a registry for them. It also defines the use of such links in HTTP headers with the Link header field. [STANDARDS-TRACK] Constrained RESTful Environments (CoRE) Resource Directory In many Internet of Things (IoT) applications, direct discovery of resources is not practical due to sleeping nodes or networks where multicast traffic is inefficient. These problems can be solved by employing an entity called a Resource Directory (RD), which contains information about resources held on other servers, allowing lookups to be performed for those resources. The input to an RD is composed of links, and the output is composed of links constructed from the information stored in the RD. This document specifies the web interfaces that an RD supports for web servers to discover the RD and to register, maintain, look up, and remove information on resources. Furthermore, new target attributes useful in conjunction with an RD are defined.
Acknowledgements TBD
Contributors Ericsson
jaime@iki.fi
Jaime provided the list of initial registrations.