<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE rfc [
<!ENTITY nbsp " ">
<!ENTITY zwsp "​">
<!ENTITY nbhy "‑">
<!ENTITY wj "⁠">
]>
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-core-resource-directory-28" number="9176" obsoletes="" updates="" submissionType="IETF" category="std" consensus="true" xml:lang="en" tocInclude="true"
tocDepth="3" symRefs="true" sortRefs="true" version="3">
<!-- xml2rfc v2v3 conversion 2.47.0 -->
<front>
<title abbrev="CoRE Resource Directory">Constrained RESTful Environments (CoRE) Resource
Directory</title>
<seriesInfo name="RFC" value="9176"/>
<author initials="C." surname="Amsüss" fullname="Christian Amsüss" role="editor">
<organization/>
<address>
<postal>
<street>Hollandstr. 12/4</street>
<code>1020</code>
<country>Austria</country>
</postal>
<phone>+43-664-9790639</phone>
<email>christian@amsuess.com</email>
</address>
</author>
<author initials="Z." surname="Shelby" fullname="Zach Shelby">
<organization>ARM</organization>
<organization>Edge Impulse</organization>
<address>
<postal>
<street>150 Rose Orchard</street>
<street>3031 Tisch Way</street>
<city>San Jose</city>
<code>95134</code>
<code>95128</code>
<country>United States of America</country>
</postal>
<phone>+1-408-203-9434</phone>
<email>zach.shelby@arm.com</email>
<email>zach@edgeimpulse.com</email>
</address>
</author>
<author initials="M." surname="Koster" fullname="Michael Koster"
role="editor"> Koster">
<organization>PassiveLogic</organization>
<address>
<postal>
<street>524 H Street</street>
<city>Antioch</city>
<region>CA</region>
<code>94509</code>
<country>United States of America</country>
</postal>
<phone>+1-707-502-5136</phone>
<email>michaeljohnkoster@gmail.com</email>
</address>
</author>
<author initials="C." surname="Bormann" fullname="Carsten Bormann">
<organization>Universitaet Bremen TZI</organization>
<address>
<postal>
<street>Postfach 330440</street>
<city>Bremen</city>
<code>D-28359</code>
<country>Germany</country>
</postal>
<phone>+49-421-218-63921</phone>
<email>cabo@tzi.org</email>
</address>
</author>
<author initials="P." surname="van der Stok" fullname="Peter van der Stok">
<organization abbrev="Consultant">Consultant</organization>
<organization>vanderstok consultancy</organization>
<address>
<phone>+31-492474673 (Netherlands), +33-966015248 (France)</phone>
<email>consultancy@vanderstok.org</email>
<uri>www.vanderstok.org</uri>
<email>stokcons@bbhmail.nl</email>
</address>
</author>
<date year="2022" month="February"/> month="March"/>
<area>Internet</area>
<workgroup>CoRE</workgroup>
<keyword>CoRE</keyword>
<keyword>Web Linking</keyword>
<keyword>Resource Discovery</keyword>
<keyword>Resource Directory</keyword>
<abstract>
<t>In many Internet of Things (IoT) applications, direct discovery of resources is not
practical due to sleeping nodes or networks where multicast traffic
is inefficient. These problems can be solved by employing an entity called
a Resource Directory (RD), which contains information about resources held on
other servers, allowing lookups to be performed for those resources. The input to an RD is composed of links, and the output is composed of links constructed from the information stored in the RD. This
document specifies the web interfaces that an RD supports for web servers to discover the RD and to register, maintain, look up,
and remove information on resources. Furthermore, new target attributes useful
in conjunction with an RD are defined.</t>
</abstract>
</front>
<middle>
<section anchor="introduction" numbered="true" toc="default">
<name>Introduction</name>
<t>In the work on Constrained RESTful Environments (CoRE), a Representational State Transfer (REST) architecture
suitable for constrained nodes (e.g., with limited RAM and ROM <xref target="RFC7228" format="default"/>)
and networks (e.g., IPv6 over Low-Power Wireless Personal Area Network (6LoWPAN) <xref target="RFC4944" format="default"/>)
has been established and is used in
Internet of Things (IoT) or
machine-to-machine (M2M) applications, such as smart energy
and building automation.</t>
<t>The discovery of resources offered by a constrained server is very important
in machine-to-machine applications where there are no humans in the loop and
static interfaces result in fragility. The discovery of resources provided by
an HTTP web server is typically called web linking <xref target="RFC8288" format="default"/>. The use of
web linking for the description and discovery of resources hosted by
constrained web servers is specified by the CoRE Link Format
<xref target="RFC6690" format="default"/>. However, <xref target="RFC6690" format="default"/> only describes how to discover
resources from the web server that hosts them by querying
<tt>/.well-known/core</tt>. In many constrained scenarios, direct discovery of resources is
not practical due to sleeping nodes or networks where
multicast traffic is inefficient. These problems can be solved by employing
an entity called a Resource Directory (RD), which contains information about resources held on
other servers, allowing lookups to be performed for those resources.</t>
<t>This document specifies the web interfaces that an RD supports for web servers to discover the RD and to register, maintain, look up,
and remove information on resources. Furthermore, new target attributes useful in
conjunction with an RD are defined. Although the examples in
this document show the use of these interfaces with the Constrained Application Protocol (CoAP) <xref target="RFC7252" format="default"/>, they
can be applied in an equivalent manner to HTTP <xref target="RFC7230" format="default"/>.</t>
</section>
<section anchor="terminology" numbered="true" toc="default">
<name>Terminology</name>
<t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>",
"<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>"
in this
document are to be interpreted as described in BCP 14 <xref target="RFC2119" format="default"/> <xref target="RFC8174" format="default"/>
when, and only when, they appear in all capitals, as shown here.</t>
<t>The term "byte" is used in its now customary sense as a synonym for "octet".</t>
<t>This specification requires readers to be familiar with all the terms and
concepts that are discussed in <xref target="RFC3986" format="default"/>, <xref target="RFC8288" format="default"/>, and <xref target="RFC6690" format="default"/>. Readers should
also be familiar with the terms and concepts discussed in <xref target="RFC7252" format="default"/>. To
describe the REST interfaces defined in this specification, the URI Template
format is used <xref target="RFC6570" format="default"/>.</t>
<t>This specification makes use of the following additional terminology:</t>
<dl newline="true">
<dt>Resolve Against</dt>
<dd>The expression "a URI reference is <em>resolved against</em> a base URI" is used
to describe the process of <xref target="RFC3986" section="5.2" sectionFormat="comma"/>.
Noteworthy corner cases include the following: (1) if the URI reference is a (full)
URI, resolving against any base URI gives the original
full URI and (2) resolving an empty URI reference gives the base
URI without any fragment identifier.</dd>
<dt>Resource Directory (RD)</dt>
<dd>
<t>A web entity that stores information about web resources and
implements the REST interfaces defined in this specification for
discovery, for the creation, maintenance, and removal of
registrations, and for lookup of the registered resources.</t>
</dd>
<dt>Sector</dt>
<dd>
<t>In the context of an RD, a sector is a logical grouping of endpoints.</t>
<t>The abbreviation "d=" is used for the sector in query parameters for
compatibility with deployed implementations.</t>
</dd>
<dt>Endpoint (EP)</dt>
<dd>
<t>Endpoint (EP) is a term used to describe a web server or client
in <xref target="RFC7252" format="default"/>. In the context of
this specification, an endpoint is used to describe a web server
that registers resources to the RD. An endpoint is identified by its
endpoint name, which is included during registration, and has a
unique name within the associated sector of the registration.</t>
</dd>
<dt>Registration Base URI</dt>
<dd>
<t>The base URI of a registration is a URI that typically gives scheme and
authority information about an endpoint. The registration base URI is provided at
registration time and is used by the RD to
resolve relative references of the registration into URIs.</t>
</dd>
<dt>Target</dt>
<dd>
<t>The target of a link is the destination address (URI) of the link. It is
sometimes identified with "href=" or displayed as <tt><target></tt>.
Relative targets need resolving with respect to the base URI (<xref
target="RFC3986" sectionFormat="of" section="5.2"/>).</t>
<t>This use of the term "target" is consistent with the use in <xref target="RFC8288"
format="default"/>.</t>
</dd>
<dt>Context</dt>
<dd>
<t>The context of a link is the source address (URI) of the link
and describes which resource is linked to the target.
A link's context is made explicit in serialized links as the "anchor=" attribute.</t>
<t>This use of the term "context" is consistent with the use in <xref target="RFC8288"
format="default"/>.</t>
</dd>
<dt>Directory Resource</dt>
<dd>
<t>A directory resource is a resource in the RD containing registration resources.</t>
</dd>
<dt>Registration Resource</dt>
<dd>
<t>A registration resource is a resource in the RD that contains information about an
endpoint and its links.</t>
</dd>
<dt>Commissioning Tool (CT)</dt>
<dd>
<t>A Commissioning Tool (CT) is a device that assists during installation events
by assigning values to parameters, naming endpoints and groups, or adapting
the installation to the needs of the applications.</t>
</dd>
<dt>Registrant-EP</dt>
<dd>
<t>A registrant-EP is the endpoint that is registered into the RD. The registrant-EP can
register itself, or a CT registers the registrant-EP.</t>
</dd>
<dt>Resource Directory Address Option (RDAO)</dt>
<dd>
<t>A Resource Directory Address Option (RDAO) is a new IPv6 Neighbor Discovery option defined
for announcing an RD's address.</t>
</dd>
</dl>
</section>
<section anchor="arch" numbered="true" toc="default">
<name>Architecture and Use Cases</name>
<section anchor="principles" numbered="true" toc="default">
<name>Principles</name>
<t>The RD is primarily a tool to make discovery operations more
efficient than querying /.well-known/core <tt>/.well-known/core</tt> on all connected devices or across
boundaries that would limit those operations.</t>
<t>It provides information about resources hosted by other devices that could otherwise only be obtained by
directly querying the /.well-known/core <tt>/.well-known/core</tt> resource on these other devices, either by a unicast request or a multicast request.</t>
<t>Information <bcp14>SHOULD</bcp14> only be stored in the RD
if it can be obtained by querying the described device's
/.well-known/core
<tt>/.well-known/core</tt> resource directly.</t>
<t>Data in the RD can only be provided by the
device that hosts the data or a dedicated Commissioning Tool (CT).
These CTs act on behalf of endpoints too constrained, or generally
unable, to present that information themselves. No other client can modify data
in the RD. Changes to the information in the RD do not propagate automatically back to the web servers from where the information originated.</t>
</section>
<section anchor="architecture" numbered="true" toc="default">
<name>Architecture</name>
<t>The RD architecture is illustrated in <xref target="fig-arch" format="default"/>. An
RD is used as a repository of registrations
describing resources hosted on other web servers, also called endpoints
(EPs).
An endpoint is a web server associated with a scheme, IP address, and port. A physical node may host one or more endpoints. The
RD implements a set of REST interfaces for endpoints to register and maintain
RD registrations and for endpoints to
look up resources from the RD. An RD can be logically segmented by the use of sectors.</t>
<t>A mechanism to discover an RD using CoRE Link Format <xref target="RFC6690" format="default"/> is defined.</t>
<t>Registrations in the RD are soft state and need to be periodically refreshed.</t>
<t>An endpoint uses specific interfaces to register, update, and remove a registration. It is also possible for an RD to fetch web links
from endpoints and add their contents to its registrations.</t>
<t>At the first registration of an endpoint, a "registration resource" is created,
the location of which is returned to the registering endpoint. The registering
endpoint uses this registration resource to manage the contents of registrations.</t>
<t>A lookup interface for discovering any of the web links stored in the RD is
provided using the CoRE Link Format.</t>
<figure anchor="fig-arch">
<name>The RD Architecture</name>
<artwork name="" type="ascii-art" align="left" alt=""><![CDATA[
Registration Lookup
Interface Interface
+----+ | |
| EP |---- | |
+----+ ---- | |
--|- +------+ |
+----+ | ----| | | +--------+
| EP | ---------|-----| RD |----|-----| Client |
+----+ | ----| | | +--------+
--|- +------+ |
+----+ ---- | |
| CT |---- | |
+----+
]]></artwork>
</figure>
<t>A registrant-EP <bcp14>MAY</bcp14> keep concurrent registrations to more than one RD at the same time
if explicitly configured to do so,
but that is not expected to be supported by typical EP implementations.
Any such registrations are independent of each other.
The usual expectation when multiple discovery mechanisms or addresses are configured
is that they constitute a fall-back path for a single registration.</t>
</section>
<section anchor="ER-model" numbered="true" toc="default">
<name>RD Content Model</name>
<t>The Entity-Relationship (ER) models shown in Figures <xref target="fig-ER-WKC" format="counter"/> and <xref target="fig-ER-RD" format="counter"/> model the contents of /.well-known/core <tt>/.well-known/core</tt> and the RD respectively, with entity-relationship diagrams <xref target="ER" format="default"/>. Entities (rectangles) are used for concepts that exist independently. Attributes (ovals) are used for concepts that exist only in connection with a related entity. Relations (diamonds) give a semantic meaning to the relation between entities. Numbers specify the cardinality of the relations.</t>
<t>Some of the attribute values are URIs. Those values are always full URIs and never relative references in the information model.
However, they can be expressed as relative references in serializations, and they often are.</t>
<t>These models provide an abstract view of the information expressed in link-format documents and an RD. They cover the concepts but not necessarily all details of an RD's operation; they are meant to give an overview and not be a template for implementations.</t>
<figure anchor="fig-ER-WKC">
<name>ER Model of the Content of /.well-known/core</name> <tt>/.well-known/core</tt></name>
<artwork name="" type="ascii-art" align="left" alt=""><![CDATA[
+----------------------+
| /.well-known/core |
+----------------------+
|
| 1
////////\\\\\\\
< contains >
\\\\\\\\///////
|
| 0+
+--------------------+
| link |
+--------------------+
|
| 1 oooooooo
+-----o target o
| oooooooo
oooooooooooo 0+ |
o target o--------+
o attribute o | 0+ oooooo
oooooooooooo +-----o rel o
| oooooo
|
| 1 ooooooooo
+-----o context o
ooooooooo
]]></artwork>
</figure>
<t><xref target="fig-ER-WKC" format="default"/> models the contents of
/.well-known/core,
<tt>/.well-known/core</tt>, which contains a set of links belonging to the hosting web server.</t>
<t>The web server is free to choose links it deems appropriate to be exposed in its <tt>/.well-known/core</tt>.
Typically, the links describe resources that are served by the host, but the set can also contain links to resources on other servers (see examples in <xref target="RFC6690" sectionFormat="of" section="5"/>).
The set does not necessarily contain links to all resources served by the host.</t>
<t>A link has the following attributes (see <xref target="RFC8288" sectionFormat="of" section="5"/>):</t>
<ul>
<li><t>Zero or more link relations:
They describe relations between the link context and the link target.</t>
<t>In link-format serialization, they are expressed as space-separated values in the
"rel" attribute and default to "hosts".</t>
</li>
<li><t>A link context URI: It defines the source of the relation, e.g., <em>who</em> "hosts" something.</t>
<t>In link-format serialization, it is expressed in the "anchor" attribute and defaults
to the Origin of the target (practically, the target with its path and later components
removed).</t>
</li>
<li><t>A link target URI: It defines the destination of the relation (e.g., <em>what</em> is hosted) and is
the topic of all target attributes.</t>
<t>In link-format serialization, it is expressed between angular brackets and
sometimes called the "href".</t>
</li>
<li>Other target attributes (e.g., resource type (rt), interface (if), or content
format (ct)): These provide additional information about the target URI.</li>
</ul>
<figure anchor="fig-ER-RD">
<name>ER Model of the Content of the RD</name>
<artwork name="" type="ascii-art" align="left" alt=""><![CDATA[
+--------------+
+ RD +
+--------------+
| 1
|
|
|
|
//////\\\\
< contains >
\\\\\/////
|
0+ |
ooooooo 1 +---------------+
o base o-------| registration |
ooooooo +---------------+
| | 1
| +--------------+
oooooooo 1 | |
o href o----+ /////\\\\
oooooooo | < contains >
| \\\\\/////
oooooooo 1 | |
o ep o----+ | 0+
oooooooo | +------------------+
| | link |
oooooooo 0-1 | +------------------+
o d o----+ |
oooooooo | | 1 oooooooo
| +-----o target o
oooooooo 1 | | oooooooo
o lt o----+ ooooooooooo 0+ |
oooooooo | o target o-----+
| o attribute o | 0+ oooooo
ooooooooooo 0+ | ooooooooooo +-----o rel o
o endpoint o----+ | oooooo
o attribute o |
ooooooooooo | 1 ooooooooo
+----o context o
ooooooooo
]]></artwork>
</figure>
<t><xref target="fig-ER-RD" format="default"/> models the contents of
the RD, which contains, in addition to /.well-known/core, <tt>/.well-known/core</tt>, 0 to n registrations of
endpoints.</t>
<t>A registration is associated with one endpoint. A registration defines a set of links,
as defined for /.well-known/core. <tt>/.well-known/core</tt>. A registration has six types of attributes:</t>
<ul spacing="normal">
<li>an endpoint name ("ep", a Unicode string) unique within a sector</li>
<li>a registration base URI ("base", a URI typically describing the scheme://authority part)</li>
<li>a lifetime ("lt")</li>
<li>a registration resource location inside the RD ("href")</li>
<li>optionally, a sector ("d", a Unicode string)</li>
<li>optional additional endpoint attributes (from <xref target="iana-registry" format="default"/>)</li>
</ul>
<t>The cardinality of "base" is currently 1;
future documents are invited to extend the RD specification to support multiple values (e.g., <xref target="I-D.silverajan-core-coap-protocol-negotiation" format="default"/>).
Its value is used as a base URI when resolving URIs in the links contained in the endpoint.</t>
<t>Links are modeled as they are in <xref target="fig-ER-WKC" format="default"/>.</t>
</section>
<section anchor="linklocal" numbered="true" toc="default">
<name>Link-Local Addresses and Zone Identifiers</name>
<t>Registration base URIs can contain link-local IP addresses.
To be usable across hosts, those cannot be serialized to
contain zone identifiers (see <xref target="RFC6874"
section="1" sectionFormat="comma"/>).</t>
<t>Link-local addresses can only be used on a single link
(therefore, RD servers cannot announce them when queried on a different link),
and lookup clients using them need to keep track of which interface they got them from.</t>
<t>Therefore, it is advisable in many scenarios
to use addresses with larger scopes, if available.</t>
</section>
<section anchor="cellular" numbered="true" toc="default">
<name>Use Case: Cellular M2M</name>
<t>Over the last few years, mobile operators around the world
have focused on development of M2M solutions in order to
expand the business to the new type of users: machines. The
machines are connected directly to a mobile network using an appropriate
embedded wireless interface (GSM/General Packet Radio Service (GPRS), Wideband Code Division Multiple Access (W-CDMA), LTE) or via a gateway providing
short- and wide-range wireless interfaces.
The ambition in such systems is to build them from reusable components.
These speed up development and deployment
and enable shared use of machines across different applications.
One crucial component of such systems
is the discovery of resources (and thus the endpoints they are hosted on) capable of providing required
information at a given time or acting on instructions from the end users.</t>
<t>Imagine a scenario where endpoints installed on vehicles enable
tracking of the position of these vehicles for fleet management purposes and allow
monitoring of environment parameters. During the boot-up process,
endpoints register with an RD, which is hosted by the
mobile operator or somewhere in the cloud. Periodically, these endpoints
update their registration and may modify resources they offer.</t>
<t>When endpoints are not always connected, for example, because they enter
a sleep mode, a remote server is usually used to provide proxy access to
the endpoints. Mobile apps or web applications for environment monitoring contact the RD, look up the endpoints capable of providing information about the environment using an appropriate set of link parameters, obtain information on how to contact them (URLs of the proxy server), and then initiate interaction to obtain information that is finally processed, displayed on the screen, and usually stored in a database. Similarly, fleet management systems provide
the appropriate link parameters to the RD to look up for EPs deployed on
the vehicles the application is responsible for.</t>
</section>
<section anchor="automation" numbered="true" toc="default">
<name>Use Case: Home and Building Automation</name>
<t>Home and commercial building automation systems can benefit from the use
of IoT web services. The discovery requirements of these applications are
demanding. Home automation usually relies on run-time discovery to commission
the system, whereas, in building automation, a combination of professional
commissioning and run-time discovery is used. Both home and building automation
involve peer-to-peer interactions between endpoints and involve battery-powered
sleeping devices.
Both can use the common RD infrastructure to establish device interactions efficiently
but can pick security policies suitable for their needs.</t>
<t>Two phases can be discerned for a network servicing the system: (1) installation and (2) operation. During the operational phase, the network is connected to the Internet with a border router (e.g., a 6LoWPAN Border Router (6LBR) <xref target="RFC6775" format="default"/>), and the nodes connected to the network can use the Internet services that are provided by the IP or network administrator. During the installation phase, the network is completely stand-alone, no border router is connected, and the network only supports the IP communication between the connected nodes. The installation phase is usually followed by the operational phase.
As an RD's operations work without hard dependencies on names or addresses,
it can be used for discovery across both phases.</t>
</section>
<section anchor="usecase-catalogues" numbered="true" toc="default">
<name>Use Case: Link Catalogues</name>
<t>Resources may be shared through data brokers that have no knowledge beforehand
of who is going to consume the data. An RD can be used to hold
links about resources and services hosted anywhere to make them discoverable
by a general class of applications.</t>
<t>For example, environmental and weather sensors that generate data for public
consumption may provide data to an intermediary server or broker. Sensor
data are published to the intermediary upon changes or at regular intervals.
Descriptions of the sensors that resolve to links to sensor data may be published
to an RD. Applications wishing to consume the data can use
RD lookup to discover and resolve links
to the desired resources and endpoints. The RD service need
not be coupled with the data intermediary service. Mapping of RDs
to data intermediaries may be many-to-many.</t>
<t>Metadata in web link formats like the one defined in <xref target="RFC6690" format="default"/>, which may be internally stored as triples or relation/attribute
pairs providing metadata about resource links, need to be supported by RDs. External catalogues that are
represented in other formats may be converted to common web linking formats for
storage and access by RDs. Since it is common practice for these
to be encoded in URNs <xref target="RFC8141" format="default"/>, simple and lossless structural transforms should
generally be sufficient to store external metadata in RDs.</t>
<t>The additional features of an RD allow sectors to be defined
to enable access to a particular set of resources from particular applications.
This provides isolation and protection of sensitive data when needed. Application groups with multicast addresses may be defined to support efficient data transport.</t>
</section>
</section>
<section anchor="rd-discovery-and-other-interface-independent-components" numbered="true" toc="default">
<name>RD Discovery and Other Interface-Independent Components</name>
<t>This and the following sections define the required set of REST interfaces between an RD,
endpoints, and lookup clients. Although the examples throughout these sections assume the use of
CoAP <xref target="RFC7252" format="default"/>, these REST interfaces can also be realized using HTTP <xref target="RFC7230" format="default"/>.
The multicast discovery and simple registration operations are exceptions to that,
as they rely on mechanisms unavailable in HTTP.
In all definitions in these sections, both CoAP response codes (with dot notation) and HTTP response codes
(without dot notation) are shown. An RD implementing this specification <bcp14>MUST</bcp14> support
the discovery, registration, update, lookup, and removal interfaces.</t>
<t>All operations on the contents of the RD <bcp14>MUST</bcp14> be atomic and idempotent.</t>
<t>For several operations, interface templates are given in list form;
those describe the operation participants, request codes, URIs, content formats, and outcomes.
Sections of those templates contain normative content about
Interaction, Method, URI Template, and URI Template Variables,
as well as the details of the Success condition.
The additional sections
for options (like Content-Format) and for Failure codes
give typical cases that an implementation of the RD should deal with.
Those serve to illustrate the typical responses
to readers who are not yet familiar with all the details of CoAP-based interfaces;
they do not limit how a server may respond under atypical circumstances.</t>
<t>REST clients (registrant-EPs and CTs during registration and maintenance, lookup clients, and RD servers during simple registrations)
must be prepared to receive any unsuccessful code and act upon it
according to its definition, options, and/or payload to the best of their capabilities,
falling back to failing the operation if recovery is not possible.
In particular, they <bcp14>SHOULD</bcp14> retry the request upon 5.03 (Service Unavailable; 503 in HTTP)
according to the Max-Age (Retry-After in HTTP) option
and <bcp14>SHOULD</bcp14> fall back to link format when receiving 4.15 (Unsupported Content-Format; 415 in HTTP).</t>
<t>An RD <bcp14>MAY</bcp14> make the information submitted to it available to further
directories (subject to security policies on link confidentiality)
if it can ensure that a loop does not form. The protocol used
between directories to ensure loop-free operation is outside the scope of
this document.</t>
<section anchor="finding_an_rd" numbered="true" toc="default">
<name>Finding a Resource Directory</name>
<t>A (re)starting device may want to find one or more RDs
before it can discover their URIs. Dependent on the operational conditions, one or more of the techniques below apply.</t>
<t>The device may be preconfigured to exercise specific mechanisms for
finding the RD:</t>
<ol spacing="normal" type="1">
<li>It may be configured with a specific IP address for the RD. That IP
address may also be an anycast address, allowing the network to
forward RD requests to an RD that is topologically close; each
target network environment in which some of these preconfigured
nodes are to be brought up is then configured with a route for this
anycast address that leads to an appropriate RD. (Instead of using
an anycast address, a multicast address can also be preconfigured.
The RD servers then need to configure one of their
interfaces with this multicast address.)</li>
<li>It may be configured with a DNS name for the RD and use DNS to return
the IP address of the RD; it can find a DNS server to perform the lookup using the usual mechanisms for finding DNS servers.</li>
<li>It may be configured to use a service discovery mechanism, such as
DNS-based Service Discovery (DNS-SD), as outlined in <xref target="rd-using-dnssd" format="default"/>.</li>
</ol>
<t>For cases where the device is not specifically configured with a way
to find an RD, the network may want to provide a
suitable default.</t>
<ol spacing="normal" type="1">
<li>The IPv6 Neighbor Discovery option RDAO (<xref target="rdao" format="default"/>) can do that.</li>
<li>When DHCP is in use,
this could be provided via a DHCP option (no such option is defined
at the time of writing).</li>
</ol>
<t>Finally, if neither the device nor the network offers any specific
configuration, the device may want to employ heuristics to find a
suitable RD.</t>
<t>The present specification does not fully define these heuristics but
suggests a number of candidates:</t>
<ol spacing="normal" type="1">
<li>In a 6LoWPAN, just assume the 6LBR can act as an
RD (using the Authoritative Border Router Option (ABRO) to find that <xref target="RFC6775" format="default"/>).
Confirmation can be obtained by sending a unicast to
<tt>coap://[6LBR]/.well-known/core?rt=core.rd*</tt>.</li>
<li>In a network that supports multicast well, discover the RD using
a multicast query for /.well-known/core, <tt>/.well-known/core</tt>, as specified in CoRE Link
Format <xref target="RFC6690" format="default"/>, and send a Multicast GET to
<tt>coap://[ff0x::fe]/.well-known/core?rt=core.rd*</tt>. RDs within the
multicast scope will answer the query.</li>
</ol>
<t>When answering a multicast request directed at a link-local group,
the RD may want to respond from a routable address;
this makes it easier for registrants to use one of their own routable addresses for registration.
When source addresses are selected using the mechanism described in <xref target="RFC6724" format="default"/>,
this can be achieved by applying the changes of its Section <xref target="RFC6724" section="10.4" sectionFormat="bare"/>,
picking public addresses in Rule 7 of its Section <xref target="RFC6724" section="5" sectionFormat="bare"/>,
and superseding Rule 8 with preferring the source address's precedence.</t>
<t>As some of the RD addresses obtained by the methods listed here are
just (more or less educated) guesses, endpoints <bcp14>MUST</bcp14> make use of any
error messages to very strictly rate-limit requests to candidate IP
addresses that don't work out. For example, an ICMP Destination
Unreachable message (and, in particular, the port unreachable code for
this message) may indicate the lack of a CoAP server on the candidate
host, or a CoAP error response code, such as 4.05 (Method Not Allowed),
may indicate unwillingness of a CoAP server to act as a directory
server.</t>
<t>The following RD discovery mechanisms are recommended:</t>
<ul spacing="normal">
<li>In managed networks with border routers that need stand-alone operation, the RDAO is recommended (e.g., the operational phase described in <xref target="automation" format="default"/>).</li>
<li>In managed networks without border routers (no Internet services available), the use of a preconfigured anycast address is recommended (e.g., the installation phase described in <xref target="automation" format="default"/>).</li>
<li>In networks managed using DNS-SD, the use of DNS-SD for discovery, as described in <xref target="rd-using-dnssd" format="default"/>, is recommended.</li>
</ul>
<t>The use of multicast discovery in mesh networks is <bcp14>NOT RECOMMENDED</bcp14>.</t>
<section anchor="rdao" numbered="true" toc="default">
<name>Resource Directory Address Option (RDAO)</name>
<t>The Resource Directory Address Option (RDAO) carries
information about the address of the RD in RAs (Router Advertisements) of IPv6 Neighbor Discovery (ND),
similar to how Recursive DNS Server (RDNSS) options <xref target="RFC8106" format="default"/> are sent. This information is
needed when endpoints cannot discover the RD with a link-local
or realm-local scope multicast address, for instance, because the
endpoint and the RD are separated by a
6LBR. In many circumstances, the availability of DHCP cannot be guaranteed
during commissioning of the network either. The presence and the use of the RD is
essential during commissioning.</t>
<t>It is possible to send multiple RDAOs in one message,
indicating as many RD addresses.</t>
<t>The RDAO format is:</t>
<figure anchor="fig-rdao">
<name>Resource Directory Address Option</name>
<artwork name="" type="ascii-art" align="left" alt=""><![CDATA[
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length = 3 | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Valid Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ RD Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
]]></artwork>
</figure>
<t>Fields:</t>
<dl indent="18">
<dt>Type:</dt>
<dd>41</dd>
<dt>Length:</dt>
<dd> 8-bit unsigned integer. The length of
the option in units of 8 bytes.
Always 3.</dd>
<dt>Reserved:</dt>
<dd>This field is unused. It <bcp14>MUST</bcp14> be
initialized to zero by the sender and
<bcp14>MUST</bcp14> be ignored by the receiver.</dd>
<dt>Valid Lifetime:</dt>
<dd>32-bit unsigned integer. The length of
time in seconds (relative to
the time the packet is received) that
this RD address is valid.
A value of all zero bits (0x0) indicates
that this RD address
is not valid anymore.</dd>
<dt>RD Address:</dt>
<dd> IPv6 address of the RD.</dd>
</dl>
</section>
<section anchor="rd-using-dnssd" numbered="true" toc="default">
<name>Using DNS-SD to Discover a Resource Directory</name>
<t>An RD can advertise its presence in DNS-SD <xref target="RFC6763" format="default"/>
using the service names defined in this document: <tt>_core-rd._udp</tt> (for CoAP), <tt>_core-rd-dtls._udp</tt>
(for CoAP over DTLS), <tt>_core-rd._tcp</tt> (for CoAP over TCP), or
<tt>_core-rd-tls._tcp</tt> (for CoAP over TLS).
(For the WebSocket transports of CoAP, no service is defined,
as DNS-SD is typically unavailable in environments where CoAP over WebSockets is
used.)</t>
<t>The selection of the service indicates the protocol used, and
the SRV record points the client to a host name and port to use as a starting point for
the "URI discovery" steps of <xref target="discovery" format="default"/>.</t>
<t>This section is a simplified, concrete application of the more generic mechanism
specified in <xref target="I-D.ietf-core-rd-dns-sd" format="default"/>.</t>
</section>
</section>
<section anchor="payload-content-formats" numbered="true" toc="default">
<name>Payload Content Formats</name>
<t>RDs implementing this specification <bcp14>MUST</bcp14> support the
application/link-format
<tt>application/link-format</tt> content format (ct=40).</t>
<t>RDs implementing this specification <bcp14>MAY</bcp14> support additional content formats.</t>
<t>Any additional content format supported by an RD implementing this
specification <bcp14>SHOULD</bcp14> be able to express all the information expressible in link format.
It <bcp14>MAY</bcp14> be able to express information that is inexpressible in link format,
but those expressions <bcp14>SHOULD</bcp14> be avoided where possible.</t>
</section>
<section anchor="discovery" numbered="true" toc="default">
<name>URI Discovery</name>
<t>Before an endpoint can make use of an RD, it must first know the RD's address
and port and the URI path information for its REST APIs. This section defines
discovery of the RD and its URIs using the well-known interface of the
CoRE Link Format <xref target="RFC6690" format="default"/> after having discovered a host, as described in <xref target="finding_an_rd" format="default"/>.</t>
<t>Discovery of the RD registration URI is performed by sending either a multicast or
unicast GET request to <tt>/.well-known/core</tt> and including a resource type (rt)
parameter <xref target="RFC6690" format="default"/> with the value "core.rd" in the query string. Likewise, a
resource type parameter value of "core.rd-lookup*" is used to discover the
URIs for RD lookup operations, and core.rd* is used to discover all URIs for RD operations.
Upon success, the response will contain a payload with
a link format entry for each RD function discovered, indicating the URI
of the RD function returned and the corresponding resource type. When performing
multicast discovery, the multicast IP address used will depend on the scope required
and the multicast capabilities of the network (see <xref target="mc-registration" format="default"/>).</t>
<t>An RD <bcp14>MAY</bcp14> provide hints about the content-formats it supports in the links it exposes or registers, using the "ct" target attribute, as shown in the example below. Clients <bcp14>MAY</bcp14> use these hints to select alternate content-formats for interaction with the RD.</t>
<t>HTTP does not support multicast, and, consequently, only unicast discovery can be
supported using the HTTP <tt>/.well-known/core</tt> resource.</t>
<t>RDs implementing this specification <bcp14>MUST</bcp14> support query filtering for
the rt parameter, as defined in <xref target="RFC6690" format="default"/>.</t>
<t>While the link targets in this discovery step are often expressed in path-absolute form,
this is not a requirement.
Clients of the RD <bcp14>SHOULD</bcp14> therefore accept URIs of all schemes they support,
both as URIs and relative references,
and not limit the set of discovered URIs to those hosted at the address used for URI discovery.</t>
<t>With security policies where the client requires the RD to be authorized to act as an RD,
that authorization may be limited to resources on which the authorized RD advertises the adequate resource types.
Clients that have obtained links they cannot rely on yet
can repeat the "URI discovery" step at the /.well-known/core resource <tt>/.well-known/core resource</tt> of the indicated host
to obtain the resource type information from an authorized source.</t>
<t>The URI discovery operation can yield multiple URIs of a given resource type.
The client of the RD can use any of the discovered addresses initially.</t>
<t>The discovery request interface is specified as follows
(this is exactly the well-known interface of <xref target="RFC6690" section="4" sectionFormat="comma"/>,
with the additional requirement that the server <bcp14>MUST</bcp14> support query filtering):</t>
<dl>
<dt>Interaction:</dt>
<dd> EP, CT, or Client -> RD </dd>
<dt>Method:</dt>
<dd>GET</dd>
<dt>URI Template:</dt>
<dd>/.well-known/core{?rt}</dd>
<dd><tt>/.well-known/core{?rt}</tt></dd>
<dt>URI Template Variables:</dt>
<dd>
<t><br/></t>
<dl>
<dt>rt := </dt>
<dd>Resource Type. <bcp14>SHOULD</bcp14> contain one of the values "core.rd",
"core.rd-lookup*",
"core.rd-lookup-res", "core.rd-lookup-ep", or "core.rd*"</dd>
</dl>
</dd>
<dt>Accept:</dt>
<dd>absent, application/link-format, <tt>application/link-format</tt>, or any other media type representing web links</dd>
</dl>
<t>The following response is expected on this interface:</t>
<dl>
<dt>Success:</dt>
<dd>2.05 (Content) or 200 (OK) with an
application/link-format
<tt>application/link-format</tt> or other web link payload containing one or more matching entries for the RD resource.</dd>
</dl>
<t>The following example shows an endpoint discovering an RD using this interface,
thus learning that the directory resource location in this example is /rd and that the
content-format delivered by the server hosting the resource is application/link-format <tt>application/link-format</tt>
(ct=40). Note that it is up to the RD to choose its RD locations.</t>
<figure anchor="example-discovery">
<name>Example Discovery Exchange</name>
<sourcecode type=""><![CDATA[
Req: GET coap://[ff02::fe]/.well-known/core?rt=core.rd*
Res: 2.05 Content
Payload:
</rd>;rt=core.rd;ct=40,
</rd-lookup/ep>;rt=core.rd-lookup-ep;ct=40,
</rd-lookup/res>;rt=core.rd-lookup-res;ct=40
]]></sourcecode>
</figure>
<t>The following example shows the way of indicating that a client may request
alternate content-formats. The Content-Format code attribute "ct" <bcp14>MAY</bcp14>
include a space-separated sequence of Content-Format codes, as specified in <xref
target="RFC7252" section="7.2.1" sectionFormat="of"/>, indicating that multiple
content-formats are available. The example below shows the required Content-Format 40
(application/link-format)
(<tt>application/link-format</tt>) indicated, as well as Concise Binary Object Representation (CBOR)
and JSON representations in the style of <xref target="I-D.ietf-core-links-json" format="default"/>
(for which the experimental values 65060 and 65050 are used in this example). The RD resource locations /rd
and /rd-lookup are example values. The server in this example also indicates that
it is capable of providing observation on resource lookups.</t>
<figure anchor="example-discovery-ct">
<name>Example Discovery Exchange Indicating Additional Content-Formats</name>
<sourcecode type=""><![CDATA[
Req: GET coap://[ff02::fe]/.well-known/core?rt=core.rd*
Res: 2.05 Content
Payload:
</rd>;rt=core.rd;ct="40 65225",
</rd-lookup/res>;rt=core.rd-lookup-res;ct="40 65060 65050";obs,
</rd-lookup/ep>;rt=core.rd-lookup-ep;ct="40 65060 65050"
]]></sourcecode>
</figure>
<t>For maintenance, management, and debugging,
it can be useful to identify the components that constitute the RD server.
The identification can be used to find client-server incompatibilities,
supported features, required updates, and other aspects.
The well-known interface described in <xref target="RFC6690" section="4" sectionFormat="of"/> can be used to find such data.</t>
<t>It would typically be stored in an implementation information link
(as described in <xref target="I-D.bormann-t2trg-rel-impl" format="default"/>).</t>
<figure anchor="example-impl-discovery">
<name>Example Exchange of Obtaining Implementation Information Using the Relation Type Currently Proposed in <xref target="I-D.bormann-t2trg-rel-impl" format="default"/></name>
<sourcecode type=""><![CDATA[
Req: GET /.well-known/core?rel=impl-info
Res: 2.05 Content
Payload:
<http://software.example.com/shiny-resource-directory/1.0beta1>;
rel=impl-info
]]></sourcecode>
</figure>
<t>Note that, depending on the particular server's architecture,
such a link could be anchored at the RD server's root
(as in this example) or
at individual RD components.
The latter is to be expected when different applications
are run on the same server.</t>
</section>
</section>
<section anchor="registration" numbered="true" toc="default">
<name>Registration</name>
<t>After discovering the location of an RD, a registrant-EP or CT <bcp14>MAY</bcp14>
register the resources of the registrant-EP using the registration interface. This interface
accepts a POST from an endpoint containing the list of resources to be added
to the directory as the message payload in the CoRE Link Format <xref target="RFC6690" format="default"/> or other representations of web links, along with query
parameters indicating the name of the endpoint and, optionally, the sector,
lifetime, and base URI of the registration.
It is expected that other specifications will define further parameters (see
<xref target="iana-registry" format="default"/>). The RD then creates a new registration resource in the RD and returns its location. The receiving endpoint <bcp14>MUST</bcp14> use that
location when refreshing registrations using this interface. Registration
resources in the RD are kept active for the period indicated by the lifetime
parameter. The creating endpoint is responsible for refreshing the registration resource within this
period, using either the registration or update interface. The registration
interface <bcp14>MUST</bcp14> be implemented to be idempotent, so that registering twice
with the same endpoint parameters ep and d (sector) does not create multiple registration resources.</t>
<t>The following rules apply for a registration request targeting a given (ep, d) value pair:</t>
<ul spacing="normal">
<li>When the (ep, d) value pair of the registration request is different from any existing registration,
a new registration is generated.</li>
<li>When the (ep, d) value pair of the registration request is equal to an existing registration,
the content and parameters of the existing registration are replaced with the content of the registration request.
Like the later changes to registration resources, security policies (<xref target="policies" format="default"/>) usually require such requests to come from the same device.</li>
</ul>
<t>The posted link-format document can (and typically does) contain relative references
both in its link targets and in its anchors; it can also contain empty anchors.
The RD server needs to resolve these references in order to faithfully represent them in lookups.
They are resolved against the base URI of the registration,
which is provided either explicitly in the <tt>base</tt> parameter or constructed implicitly from the requester's URI, as constructed from its network address and scheme.</t>
<t>For media types to which <xref target="limitedlinkformat" format="default"/> applies
(i.e., documents in application/link-format), <tt>application/link-format</tt>),
request bodies <bcp14>MUST</bcp14> be expressed in Limited Link Format.</t>
<t>The registration request interface is specified as follows:</t>
<dl>
<dt>Interaction:</dt>
<dd>EP or CT -> RD</dd>
<dt>Method:</dt>
<dd>POST</dd>
<dt>URI Template:</dt>
<dd>{+rd}{?ep,d,lt,base,extra-attrs*}</dd>
<dt>URI Template Variables:</dt>
<dd>
<t><br/></t>
<dl>
<dt>rd :=</dt>
<dd>RD registration URI
(mandatory). This is the location of
the RD, as obtained from discovery.</dd>
<dt>ep :=</dt>
<dd><t>Endpoint name (mostly mandatory). The endpoint name is an identifier
that <bcp14>MUST</bcp14> be unique within a sector.</t>
<t>As the endpoint name is a Unicode string, it is
encoded in UTF-8 (and possibly encoded in pct) during
variable expansion (see <xref target="RFC6570" section="3.2.1"
sectionFormat="comma"/>). The endpoint name <bcp14>MUST NOT</bcp14> contain any
character in the inclusive ranges 0-31 or 127-159.</t>
<t>The maximum length of this parameter is 63 bytes encoded in UTF-8.</t>
<t>If the RD is configured to recognize the endpoint that is to be authorized to use
exactly
one endpoint name, the RD assigns that name. In that case, giving the endpoint name
becomes optional for the client; if the client gives any other endpoint name, it is
not authorized to perform the registration.</t>
</dd>
<dt>d :=</dt>
<dd><t>Sector (optional). This is the sector to which this endpoint belongs.
When this parameter is not present, the
RD <bcp14>MAY</bcp14> associate the endpoint with a configured default sector
(possibly based on the endpoint's authorization)
or leave it empty.</t>
<t>The sector is encoded like the ep parameter and is limited to 63 bytes encoded in
UTF-8 as well.</t>
</dd>
<dt>lt := </dt>
<dd>Lifetime (optional). This is the lifetime of the registration in seconds, with a
range of 1-4294967295.
If no lifetime is included in the initial registration, a default value of
90000 (25 hours) <bcp14>SHOULD</bcp14> be assumed.</dd>
<dt>base :=</dt>
<dd>
<t>Base URI (optional). This parameter sets the base URI of the registration, under
which the relative links in the payload are to be interpreted. The specified URI
typically does not have a path component of its own and <bcp14>MUST</bcp14> be
suitable as a base URI to resolve any relative references given in the registration.
The parameter is therefore usually of the shape "scheme://authority" for
HTTP and CoAP URIs.
The URI <bcp14>SHOULD NOT</bcp14> have a query or fragment component,
as any non-empty relative part in a reference would remove those parts from the
resulting URI.</t>
<t>In the absence of this parameter, the scheme of the protocol, the source address,
and the source port of the registration request are assumed.
The base URI is consecutively constructed by concatenating the used protocol's scheme
with the characters "://", the requester's source address as an address literal,
and ":" followed by its port (if it was not the protocol's default
one). This is analogous to the process described in <xref target="RFC7252" section="6.5" sectionFormat="comma"/>.</t>
<t>This parameter is
mandatory when the directory is filled by a third party, such as a
commissioning tool.</t>
<t>If the registrant-EP uses an ephemeral port to register with, it
<bcp14>MUST</bcp14> include the base
parameter in the registration to provide a valid network path.</t>
<t>A registrant that cannot be reached by potential lookup clients at the address it
registers from
(e.g., because it is behind some form of Network Address Translation (NAT))
<bcp14>MUST</bcp14> provide a reachable base address with its registration.</t>
<t>If the base URI contains a link-local IP literal, it <bcp14>MUST NOT</bcp14>
contain a Zone Identifier
and <bcp14>MUST</bcp14> be local to the link on which the registration request is
received.</t>
<t>Endpoints that register with a base that contains a path component
cannot efficiently express their registrations in Limited Link Format (<xref
target="limitedlinkformat" format="default"/>).
Those applications should use different representations of links to which <xref
target="limitedlinkformat" format="default"/> is not applicable
(e.g., <xref target="I-D.ietf-core-coral" format="default"/>). </t>
</dd>
<dt>extra-attrs :=</dt>
<dd>Additional registration attributes (optional). The endpoint can pass any
parameter registered in <xref target="iana-registry" format="default"/> to the
directory. If the RD is
aware of the parameter's specified semantics, it processes the parameter accordingly.
Otherwise, it <bcp14>MUST</bcp14> store the unknown key and its value(s) as an
endpoint attribute for further lookup.</dd>
</dl>
</dd>
<dt>Content-Format:</dt>
<dd>application/link-format
<dd><tt>application/link-format</tt> or any other indicated media type representing web links</dd>
</dl>
<t>The following response is expected on this interface:</t>
<dl>
<dt>Success:</dt>
<dd>
<t>2.01 (Created) or 201 (Created). The Location-Path option or Location header
field <bcp14>MUST</bcp14> be included in the response. This location
<bcp14>MUST</bcp14> be a stable identifier generated by the RD, as it is used
for all subsequent operations on this registration resource. The registration
resource location thus returned is for the purpose of updating the lifetime
of the registration and for maintaining the content of the
registered links, including updating and deleting links.</t>
<t>A registration with an already-registered ep and d value pair
responds with the same success code and location as the original registration;
the set of links registered with the endpoint is replaced with the links
from the payload.</t>
<t>The location <bcp14>MUST NOT</bcp14> have a query or fragment component,
as that could conflict with query parameters during the registration update
operation. Therefore, the Location-Query option <bcp14>MUST NOT</bcp14> be
present in a successful response.</t>
</dd>
</dl>
<t>If the registration fails, including request timeouts,
or if delays from Service Unavailable responses with Max-Age or Retry-After
accumulate to exceed the registrant's configured timeouts,
it <bcp14>SHOULD</bcp14> pick another registration URI from the "URI discovery" step of <xref target="discovery"/>,
and, if there is only one or the list is exhausted,
pick other choices from the "finding a resource directory" step of <xref target="finding_an_rd"/>.
Care has to be taken to consider the freshness of results obtained earlier,
e.g., the result of a <tt>/.well-known/core</tt> response,
the lifetime of an RDAO, and DNS responses.
Any rate limits and persistent errors from the "finding a resource directory" step
must be considered for the whole registration time,
not only for a single operation.</t>
<t>The following example shows a registrant-EP with the name "node1" registering
two resources to an RD using this interface. The location "/rd"
is an example RD location discovered in a request similar to <xref
target="example-discovery" format="default"/>.</t>
<figure anchor="example-payload">
<name>Example Registration Payload</name>
<sourcecode type=""><![CDATA[
Req: POST coap://rd.example.com/rd?ep=node1
Content-Format: 40
Payload:
</sensors/temp>;rt=temperature-c;if=sensor,
<http://www.example.com/sensors/temp>;
anchor="/sensors/temp";rel=describedby
Res: 2.01 Created
Location-Path: /rd/4521
]]></sourcecode>
</figure>
<t>An RD may optionally support HTTP. Here is an example of almost the same registration operation above when done using HTTP.</t>
<figure anchor="example-payload-http">
<name>Example Registration Payload as Expressed Using HTTP</name>
<sourcecode type=""><![CDATA[
Req:
POST /rd?ep=node1&base=http://[2001:db8:1::1] HTTP/1.1
Host: rd.example.com
Content-Type: application/link-format
</sensors/temp>;rt=temperature-c;if=sensor,
<http://www.example.com/sensors/temp>;
anchor="/sensors/temp";rel=describedby
Res:
HTTP/1.1 201 Created
Location: /rd/4521
]]></sourcecode>
</figure>
<section anchor="simple" numbered="true" toc="default">
<name>Simple Registration</name>
<t>Not all endpoints hosting resources are expected to know how to upload links to an RD, as described in <xref target="registration" format="default"/>. Instead, simple endpoints can implement the simple registration approach described in this section. An RD implementing this specification <bcp14>MUST</bcp14> implement simple registration. However, there may
be security reasons why this form of directory discovery would be disabled.</t>
<t>This approach requires that the registrant-EP makes available the hosted resources
that it wants to be discovered as links on its <tt>/.well-known/core</tt> interface, as
specified in <xref target="RFC6690" format="default"/>.
The links in that document are subject to the same limitations as the payload of a registration
(with respect to <xref target="limitedlinkformat" format="default"/>).</t>
<ul spacing="normal">
<li>The registrant-EP finds one or more addresses of the directory server, as described in <xref target="finding_an_rd" format="default"/>.</li>
<li>
<t>The registrant-EP sends (and regularly refreshes with) a POST
request to the <tt>/.well-known/rd</tt> URI of the directory server of choice. The
body of the POST request is empty and triggers the resource
directory server to perform GET requests at the requesting registrant-EP's
/.well-known/core
<tt>/.well-known/core</tt> to obtain the link-format payload to register. </t>
<t>The registrant-EP includes the same registration parameters in the POST request as
it would with a regular registration, per <xref target="registration"
format="default"/>. The registration base URI of the registration is taken from the
registrant-EP's network address (as is default with regular registrations). </t>
<t>The following is an example request from the registrant-EP to the RD (unanswered
until the next step):</t>
<figure anchor="example-simple1">
<name>First-Half Example Exchange of a Simple Registration</name>
<sourcecode type=""><![CDATA[
Req: POST /.well-known/rd?lt=6000&ep=node1
(No payload)
]]></sourcecode>
</figure>
</li>
<li>
<t>The RD queries the registrant-EP's discovery resource to determine the success of
the operation. It <bcp14>SHOULD</bcp14> keep a cache of the discovery resource and not
query it again as long as it is fresh. </t>
<t>The following is an example request from the RD to the registrant-EP:</t>
<figure anchor="example-simple2">
<name>Example Exchange of the RD Querying the Simple Endpoint</name>
<sourcecode type=""><![CDATA[
Req: GET /.well-known/core
Accept: 40
Res: 2.05 Content
Content-Format: 40
Payload:
</sen/temp>
]]></sourcecode>
</figure>
</li>
</ul>
<t>With this response, the RD would answer the previous step's request:</t>
<figure anchor="example-simple3">
<name>Second-Half Example Exchange of a Simple Registration</name>
<sourcecode type=""><![CDATA[
Res: 2.04 Changed
]]></sourcecode>
</figure>
<t>The sequence of fetching the registration content before sending a successful response
was chosen to make responses reliable,
and the point about caching was chosen to still allow very constrained registrants.
Registrants <bcp14>MUST</bcp14> be able to serve a GET request to <tt>/.well-known/core</tt> after having requested registration.
Constrained devices <bcp14>MAY</bcp14> regard the initial request as temporarily failed when they need RAM occupied by their own request to serve the RD's GET
and retry later when the RD already has a cached representation of their discovery resources.
Then, the RD can reply immediately, and the registrant can receive the response.</t>
<t>The simple registration request interface is specified as follows:</t>
<dl>
<dt>Interaction:</dt>
<dd>EP -> RD</dd>
<dt>Method: </dt>
<dd>POST</dd>
<dt>URI Template: </dt>
<dd>/.well-known/rd{?ep,d,lt,extra-attrs*}</dd>
<dd><tt>/.well-known/rd{?ep,d,lt,extra-attrs*}</tt></dd>
</dl>
<t>URI Template Variables are the same as for registration in <xref target="registration" format="default"/>.
The base attribute is not accepted to keep the registration interface simple;
that rules out registration over CoAP-over-TCP or HTTP that would need to specify one.
For some time during this document's development, the URI Template <tt>/.well-known/core{?ep,...}</tt> was in use instead.</t>
<t>The following response is expected on this interface:</t>
<dl>
<dt>Success:</dt>
<dd>2.04 (Changed)</dd>
</dl>
<t>For the second interaction triggered by the above, the
registrant-EP takes the role of server and the RD takes the role of
client. (Note that this is exactly the well-known interface
of <xref target="RFC6690" section="4" sectionFormat="comma"/>):
</t>
<dl>
<dt>Interaction:</dt>
<dd>RD -> EP</dd>
<dt>Method:</dt>
<dd>GET</dd>
<dt>URI Template:</dt>
<dd>/.well-known/core</dd>
<dd><tt>/.well-known/core</tt></dd>
</dl>
<t>The following response is expected on this interface:</t>
<dl>
<dt>Success:</dt>
<dd>2.05 (Content)</dd>
</dl>
<t>When the RD uses any authorization credentials to access the endpoint's discovery
resource or when it is deployed in a location where third parties might reach it but not
the endpoint, it <bcp14>SHOULD</bcp14> verify that the apparent registrant-EP intends to
register with the given registration parameters
before revealing the obtained discovery information to lookup clients.
An easy way to do that is to verify the simple registration request's sender address using
the Echo option, as described in <xref target="RFC9175" section="2.4"
sectionFormat="comma"/>.</t>
<t>The RD <bcp14>MUST</bcp14> delete registrations created by simple registration after the expiration of their lifetime. Additional operations on the registration resource cannot be executed because no registration location is returned.</t>
</section>
<section anchor="third-party-registration" numbered="true" toc="default">
<name>Third-Party Registration</name>
<t>For some applications, even simple registration may be too taxing
for some very constrained devices, in particular, if the security requirements
become too onerous.</t>
<t>In a controlled environment (e.g., building control), the RD
can be filled by a third-party device, called a Commissioning Tool (CT). The CT can fill the RD from a database or other means. For
that purpose scheme, the IP address and port of the URI of the registered device is
the value of the "base" parameter of the registration described in <xref target="registration" format="default"/>.</t>
<t>It should be noted that the value of the "base" parameter applies to all the links of the registration and has consequences for the anchor value of the individual links, as exemplified in <xref target="weblink" format="default"/>. An eventual (currently nonexistent) "base" attribute of the link is not affected by the value of "base" parameter in the registration.</t>
</section>
<section anchor="operations-on-the-registration-resource" numbered="true" toc="default">
<name>Operations on the Registration Resource</name>
<t>This section describes how the registering endpoint can maintain the registrations that it created. The registering endpoint can be the registrant-EP or the CT. The registrations are resources of the RD.</t>
<t>An endpoint should not use this interface for registrations that it did not create.
This is usually enforced by security policies,
which, in general, require equivalent credentials for creation of and operations on a
registration.</t>
<t>After the initial registration, the registering endpoint retains the returned location of the registration resource for further operations, including refreshing the registration in order to extend the lifetime and "keep-alive" the registration. When the lifetime of the registration has expired, the RD <bcp14>SHOULD NOT</bcp14> respond to discovery queries concerning this endpoint. The RD <bcp14>SHOULD</bcp14> continue to provide access to the registration resource after a registration timeout occurs in order to enable the registering endpoint to eventually refresh the registration. The RD <bcp14>MAY</bcp14> eventually remove the registration resource for the purpose of garbage collection. If the registration resource is removed, the corresponding endpoint will need to be reregistered.</t>
<t>The registration resource may also be used to cancel the registration using DELETE and to perform further operations beyond the scope of this specification.</t>
<t>Operations on the registration resource are sensitive to reordering;
<xref target="freshness" format="default"/> describes how order is restored.</t>
<t>The operations on the registration resource are described below.</t>
<section anchor="update" numbered="true" toc="default">
<name>Registration Update</name>
<t>The update interface is used by the registering endpoint to refresh or update its
registration with an RD. To use the interface, the registering endpoint sends a POST request to the registration resource returned by the initial registration operation.</t>
<t>An update <bcp14>MAY</bcp14> update registration parameters like lifetime, base URI, or others.
Parameters that are not being changed should not
be included in an update. Adding parameters that have not changed increases
the size of the message but does not have any other implications.
Parameters are included as query parameters in an update operation, as
in <xref target="registration" format="default"/>.</t>
<t>A registration update resets the timeout of the registration to the (possibly
updated) lifetime of the registration, independent of whether an <tt>lt</tt> parameter
was given.</t>
<t>If the base URI of the registration is changed in an update,
relative references submitted in the original registration or later updates are resolved anew against the new base.</t>
<t>The registration update operation only describes the use of POST with an empty payload.
Future standards might describe the semantics of using content formats and payloads
with the POST method to update the links of a registration (see <xref target="link-up" format="default"/>).</t>
<t>The update registration request interface is specified as follows:</t>
<dl>
<dt>Interaction:</dt>
<dd>EP or CT -> RD</dd>
<dt>Method:</dt>
<dd>POST</dd>
<dt>URI Template:</dt>
<dd>{+location}{?lt,base,extra-attrs*}</dd>
<dt>URI Template Variables:</dt>
<dd>
<t><br/></t>
<dl>
<dt>location :=</dt>
<dd>This is the location returned by the RD as a result of a successful
earlier registration.</dd>
<dt>lt :=</dt>
<dd>Lifetime (optional). This is the lifetime of the registration in seconds,
with a range of 1-4294967295. If no lifetime is included, the previous last
lifetime set on a previous update or the original registration
(falling back to 90000) <bcp14>SHOULD</bcp14> be used.</dd>
<dt>base :=</dt>
<dd>
<t>Base URI (optional). This parameter updates the base URI established in the
original registration to a new value and is subject to
the same restrictions as in the registration.</t>
<t>If the parameter is set in an update, it is stored by the RD as the new
base URI under which to interpret the relative links present in the payload of
the original registration.</t>
<t>If the parameter is not set in the request but was set before, the previous
base URI value is kept unmodified.</t>
<t>If the parameter is not set in the request and was not set before either, the
source address and source port of the update request are stored as the
base URI.</t>
</dd>
<dt>extra-attrs :=</dt>
<dd>
<t>Additional registration attributes (optional). As with the registration,
the RD processes them if it knows their semantics. Otherwise, unknown
attributes are stored as endpoint attributes, overriding any previously
stored endpoint attributes of the same key.</t>
<t>Note that this default behavior does not allow removing an endpoint attribute
in an update. For attributes whose functionality depends on the endpoints'
ability to remove them in an update,
it can make sense to define a value whose presence is equivalent to the absence
of a value. As an alternative, an extension can define different updating rules
for their attributes. That necessitates either discovering whether the RD is
aware of that extension or tolerating the default behavior.</t></dd>
</dl>
</dd>
<dt>Content-Format:</dt>
<dd>none (no payload)</dd>
</dl>
<t>The following responses are expected on this interface:</t>
<dl>
<dt>Success:</dt>
<dd>2.04 (Changed) or 204 (No Content) if the update was successfully processed.</dd>
<dt>Failure:</dt>
<dd>4.04 (Not Found) or 404 (Not Found). Registration does not exist (e.g., may have
been removed).</dd>
</dl>
<t>If the registration update fails in any way, including "Not Found" and request timeouts,
or if the time indicated in a Service Unavailable Max-Age/Retry-After exceeds the remaining lifetime,
the registering endpoint <bcp14>SHOULD</bcp14> attempt registration again.</t>
<t>The following example shows how the registering endpoint resets the timeout on its registration resource at
an RD using this interface with the example location value /rd/4521:</t>
<figure anchor="example-update">
<name>Example Update of a Registration</name>
<sourcecode type=""><![CDATA[
Req: POST /rd/4521
Res: 2.04 Changed
]]></sourcecode>
</figure>
<t>The following example shows the registering endpoint updating its registration resource at
an RD using this interface with the example location value /rd/4521. The initial registration by the registering endpoint set the following values:</t>
<ul spacing="normal">
<li>endpoint name (ep)=endpoint1</li>
<li>lifetime (lt)=500</li>
<li>base URI (base)=coap://local-proxy-old.example.com</li>
<li>payload of <xref target="example-payload" format="default"/></li>
</ul>
<t>The initial state of the RD is reflected in the following request:</t>
<figure anchor="example-update-base-lookup-pre">
<name>Example Lookup Before a Change to the Base Address</name>
<sourcecode type=""><![CDATA[
Req: GET /rd-lookup/res?ep=endpoint1
Res: 2.05 Content
Payload:
<coap://local-proxy-old.example.com/sensors/temp>;
rt=temperature-c;if=sensor,
<http://www.example.com/sensors/temp>;
anchor="coap://local-proxy-old.example.com/sensors/temp";
rel=describedby
]]></sourcecode>
</figure>
<t>The following example shows the registering endpoint changing the base URI to <tt>coaps://new.example.com:5684</tt>:</t>
<figure anchor="example-update-base">
<name>Example Registration Update that Changes the Base Address</name>
<sourcecode type=""><![CDATA[
Req: POST /rd/4521?base=coaps://new.example.com
Res: 2.04 Changed
]]></sourcecode>
</figure>
<t>The consecutive query returns:</t>
<figure anchor="example-update-base-lookup-post">
<name>Example Lookup After a Change to the Base Address</name>
<sourcecode type=""><![CDATA[
Req: GET /rd-lookup/res?ep=endpoint1
Res: 2.05 Content
Payload:
<coaps://new.example.com/sensors/temp>;
rt=temperature-c;if=sensor,
<http://www.example.com/sensors/temp>;
anchor="coaps://new.example.com/sensors/temp";
rel=describedby
]]></sourcecode>
</figure>
</section>
<section anchor="removal" numbered="true" toc="default">
<name>Registration Removal</name>
<t>Although RD registrations have soft state and will eventually time out after their
lifetime, the registering endpoint <bcp14>SHOULD</bcp14> explicitly remove an entry from the RD if it
knows it will no longer be available (for example, on shutdown). This is
accomplished using a removal interface on the RD by performing a DELETE on
the endpoint resource.</t>
<t>The removal request interface is specified as follows:</t>
<dl>
<dt>Interaction:</dt>
<dd>EP or CT -> RD</dd>
<dt>Method:</dt>
<dd>DELETE</dd>
<dt>URI Template:</dt>
<dd>{+location}</dd>
<dt>URI Template Variables:</dt>
<dd>
<t><br/></t>
<dl>
<dt>location :=</dt>
<dd>This is the location returned by the RD as a result of a successful
earlier registration.</dd>
</dl>
</dd>
</dl>
<t> The following responses are expected on this interface:</t>
<dl>
<dt>Success:</dt>
<dd>2.02 (Deleted) or 204 (No Content) upon successful deletion.</dd>
<dt>Failure:</dt>
<dd>4.04 (Not Found) or 404 (Not Found). Registration does not exist (e.g., may
already have been removed).</dd>
</dl>
<t>The following example shows successful removal of the endpoint from the RD
with example location value /rd/4521:</t>
<figure anchor="example-removal">
<name>Example of a Registration Removal</name>
<sourcecode type=""><![CDATA[
Req: DELETE /rd/4521
Res: 2.02 Deleted
]]></sourcecode>
</figure>
</section>
<section anchor="link-up" numbered="true" toc="default">
<name>Further Operations</name>
<t>Additional operations on the registration can be specified in future documents, for
example:</t>
<ul spacing="normal">
<li>Send iPATCH (or PATCH) updates <xref target="RFC8132" format="default"/> to add,
remove, or change the links of a registration.</li>
<li>Use GET to read the currently stored set of links in a registration resource.</li>
</ul>
<t>Those operations are out of scope of this document and will require media types suitable for modifying sets of links.</t>
</section>
<section anchor="freshness" numbered="true" toc="default">
<name>Request Freshness</name>
<t>Some security mechanisms usable with an RD allow out-of-order request processing
or do not even mandate replay protection at all.
The RD needs to ensure that operations on the registration resource
are executed in an order that does not distort the client's intentions.</t>
<t>This ordering of operations is expressed in terms of freshness, as defined in <xref target="RFC9175" format="default"/>.
Requests that alter a resource's state need to be fresh relative to the latest request
that altered that state in a conflicting way.</t>
<t>An RD <bcp14>SHOULD</bcp14> determine a request's freshness
and <bcp14>MUST</bcp14> use the Echo option if it requires request freshness and cannot determine it in any other way.
An endpoint <bcp14>MUST</bcp14> support the use of the Echo option.
(One reason why an RD would not require freshness is when no relevant registration properties are covered by is security policies.)</t>
<section anchor="efficient-use-of-echo-by-an-rd" numbered="true" toc="default">
<name>Efficient Use of Echo by an RD</name>
<t>To keep latency and traffic added by the freshness requirements to a minimum,
RDs should avoid naive (sufficient but inefficient) freshness criteria.</t>
<t>Some simple mechanisms the RD can employ are:</t>
<ul spacing="normal">
<li>
<t>State counter. The RD can keep a monotonous counter that increments
whenever a registration changes. For every registration resource, it stores
the post-increment value of that resource's last change. Requests altering
them need to have at least that value encoded in their Echo option
and are otherwise rejected with a 4.01 (Unauthorized) and the current
counter value as the Echo value. If other applications on the same server
use Echo as well, that encoding may include a prefix indicating that it
pertains to the RD's counter.</t>
<t>The value associated with a resource needs to be kept across the removal
of registrations if the same registration resource is to be reused.</t>
<t>The counter can be reset (and the values of removed resources forgotten)
when all previous security associations are reset.</t>
<t>This is the "Persistent Counter" method of <xref target="RFC9175"
section="A" sectionFormat="comma"/>.</t>
</li>
<li>
<t>Preemptive Echo values. The current state counter can be sent in an Echo
option not only when requests are rejected with 4.01 (Unauthorized) but
also with successful responses. Thus, clients can be provided with Echo
values sufficient for their next request on a regular basis. This is also described in <xref target="RFC9175" section="2.3" sectionFormat="of"/> </t>
<t> While endpoints may discard received Echo values at leisure between
requests, they are encouraged to retain these values for the next request
to avoid additional round trips.</t>
</li>
<li>If the RD can ensure that only one security association has modifying access to any registration at any given time
and that security association provides order on the requests,
that order is sufficient to show request freshness.</li>
</ul>
</section>
<section anchor="examples-of-echo-usage" numbered="true" toc="default">
<name>Examples of Echo Usage</name>
<t><xref target="example-freshness" format="default"/> shows the interactions of an endpoint
that has forgotten the server's latest Echo value
and temporarily reduces its registration lifetime:</t>
<figure anchor="example-freshness">
<name>Example Update of a Registration</name>
<sourcecode type=""><![CDATA[
Req: POST /rd/4521?lt=7200
Res: 4.01 Unauthorized
Echo: 0x0123
(EP tries again immediately.)
Req: POST /rd/4521?lt=7200
Echo: 0x0123
Res: 2.04 Changed
Echo: 0x0124
(Later, the EP regains its confidence in its long-term reachability.)
Req: POST /rd/4521?lt=90000
Echo: 0x0124
Res: 2.04 Changed
Echo: 0x0247
]]></sourcecode>
</figure>
<t>The other examples do not show Echo options for two reasons: (1) for simplicity
and (2) because they lack the context for any example values to have meaning.</t>
</section>
</section>
</section>
</section>
<section anchor="lookup" numbered="true" toc="default">
<name>RD Lookup</name>
<t>To discover the resources registered with the RD,
a lookup interface must be provided. This lookup interface
is defined as a default, and it is assumed that RDs may also support lookups
to return resource descriptions in alternative formats (e.g., JSON or CBOR link format <xref target="I-D.ietf-core-links-json" format="default"/>)
or use more advanced interfaces (e.g., supporting context- or semantic-based lookup) on different resources that are discovered independently.</t>
<t>RD lookup allows lookups for endpoints and resources
using attributes defined in this document and for use with the CoRE
Link Format. The result of a lookup request is the list of links (if any)
corresponding to the type of lookup. Thus, an endpoint lookup <bcp14>MUST</bcp14> return a list of endpoints, and a resource lookup <bcp14>MUST</bcp14> return a list of links to resources.</t>
<t>The lookup type is selected by a URI endpoint, which is indicated by a resource type, as per <xref target="lookup-types" format="default"/>:</t>
<table anchor="lookup-types" align="center">
<name>Lookup Types</name>
<thead>
<tr>
<th align="left">Lookup Type</th>
<th align="left">Resource Type</th>
<th align="left">Mandatory</th>
</tr>
</thead>
<tbody>
<tr>
<td align="left">Resource</td>
<td align="left">core.rd-lookup-res</td>
<td align="left">Mandatory</td>
</tr>
<tr>
<td align="left">Endpoint</td>
<td align="left">core.rd-lookup-ep</td>
<td align="left">Mandatory</td>
</tr>
</tbody>
</table>
<section anchor="resource-lookup" numbered="true" toc="default">
<name>Resource Lookup</name>
<t>Resource lookup results in links that are semantically equivalent to the links submitted to the RD by the registrant.
The links and link parameters returned by the lookup are equal to the originally submitted ones,
except that the target reference is fully resolved
and that the anchor reference is fully resolved if it is present in the lookup result at all.</t>
<t>Links that did not have an anchor attribute in the registration are returned without an anchor attribute.
Links of which href or anchor was submitted as a (full) URI are returned with the respective attribute unmodified.</t>
<t>The above rules allow the client to interpret the response as links without any further knowledge of the storage conventions of the RD.
The RD <bcp14>MAY</bcp14> replace the registration base URIs with a configured intermediate proxy, e.g., in the case of an HTTP lookup interface for CoAP endpoints.</t>
<t>If the base URI of a registration contains a link-local address,
the RD <bcp14>MUST NOT</bcp14> show its links unless the lookup was made from the
link on which the registered endpoint can be reached.
The RD <bcp14>MUST NOT</bcp14> include zone identifiers in the resolved URIs.</t>
</section>
<section anchor="lookup-filtering" numbered="true" toc="default">
<name>Lookup Filtering</name>
<t>Using the Accept option, the requester can control whether the returned list is returned in CoRE Link Format (<tt>application/link-format</tt>, default) or in alternate content-formats (e.g., from <xref target="I-D.ietf-core-links-json" format="default"/>).</t>
<t>Multiple search criteria <bcp14>MAY</bcp14> be included in a lookup. All included criteria <bcp14>MUST</bcp14> match for a link to be returned. The RD <bcp14>MUST</bcp14> support matching with multiple search criteria.</t>
<t>A link matches a search criterion if it has an attribute of
the same name and the same value, allowing for a trailing "*"
wildcard operator, as in <xref target="RFC6690" section="4.1"
sectionFormat="of"/>. Attributes that are defined as
<tt>relation-types</tt> (in the link-format ABNF) match if the
search value matches any of their values (see <xref target="RFC6690" section="4.1" sectionFormat="of"/>;
for example, <tt>?if=tag:example.net,2020:sensor</tt> matches
<tt>;if="example.regname tag:example.net,2020:sensor";</tt>.
A resource link also matches a search criterion if its
endpoint would match the criterion, and vice versa, an
endpoint link matches a search criterion if any of its
resource links matches it.</t>
<t>Note that <tt>href</tt> is a valid search criterion and matches target references. Like all search criteria, on a resource lookup, it can match the target reference of the resource link itself but also the registration resource of the endpoint that registered it.
Queries for resource link targets <bcp14>MUST</bcp14> be in URI form (i.e., not relative references) and are matched against a resolved link target. Queries for endpoints <bcp14>SHOULD</bcp14> be expressed in path-absolute form if possible and <bcp14>MUST</bcp14> be expressed in URI form otherwise; the RD <bcp14>SHOULD</bcp14> recognize either.
The <tt>anchor</tt> attribute is usable for resource lookups and, if queried, <bcp14>MUST</bcp14> be in URI form as well.</t>
<t>Additional query parameters "page" and "count" are used to obtain lookup results in specified increments using pagination, where count specifies how many links to return and page specifies which subset of links organized in sequential pages, each containing 'count' links, starting with link zero and page zero. Thus, specifying a count of 10 and page of 0 will return the first 10 links in the result set (links 0-9). Specifying a count of 10 and page of 1 will return the next 'page' containing links 10-19, and so on.
Unlike block-wise transfer of a complete result set,
these parameters ensure that each chunk of results can be interpreted on its own.
This simplifies the processing
but can result in duplicate or missed items when coinciding with changes from the registration interface.</t>
<t>Endpoints that are interested in a lookup result repeatedly or continuously can use
mechanisms like ETag caching, resource observation <xref target="RFC7641" format="default"/>,
or any future mechanism that might allow more efficient observations of collections.
These are advertised, detected, and used according to their own specifications
and can be used with the lookup interface as with any other resource.</t>
<t>When resource observation is used,
every time the set of matching links changes or the content of a matching link changes, the RD sends a notification with the matching link set.
The notification contains the successful current response to the given request,
especially with respect to representing zero matching links
(see "Success" item below).</t>
<t>The lookup interface is specified as follows:</t>
<dl>
<dt>Interaction:</dt>
<dd>Client -> RD</dd>
<dt>Method:</dt>
<dd>GET</dd>
<dt>URI Template:</dt>
<dd>{+type-lookup-location}{?page,count,search*}</dd>
<dt>URI Template Variables:</dt>
<dd>
<t><br/></t>
<dl>
<dt>type-lookup-location :=</dt>
<dd>RD lookup URI for a given lookup type (mandatory). The address is
discovered as described in <xref target="discovery" format="default"/>.</dd>
<dt>search := </dt>
<dd>
<t> Search criteria for limiting the number of results (optional). The search
criteria are an associative array, expressed in a form-style query,
as per the URI Template (see <xref target="RFC6570" format="default"/>, Sections
<xref target="RFC6570" section="2.4.2" sectionFormat="bare"/> and <xref
target="RFC6570" section=" 3.2.8" sectionFormat="bare"/>).</t>
</dd>
<dt>page :=</dt>
<dd>Page (optional). This parameter cannot be used without the count
parameter. Results are returned from result set in pages that contain
'count' links starting from index (page * count). Page numbering starts
with zero.</dd>
<dt>count := </dt>
<dd>Count (optional). The number of results is limited to this parameter value. If
the page parameter is also present, the response <bcp14>MUST</bcp14> only include
'count' links starting with the (page * count) link in the result set from the
query. If the count parameter is not present, then the response <bcp14>MUST</bcp14>
return all matching links in the result set. Link numbering starts with zero. </dd>
</dl>
</dd>
<dt>Accept:</dt>
<dd>absent, application/link-format, <tt>application/link-format</tt>, or any other indicated media type representing web
links</dd>
</dl>
<t> The following responses codes are defined for this interface:</t>
<dl>
<dt>Success:</dt>
<dd>
<t>2.05 (Content) or 200 (OK) with an <tt>application/link-format</tt> or other
web link payload containing matching entries for the lookup.</t>
<t>The payload can contain zero links (which is an empty payload in the link format described in <xref
target="RFC6690" format="default"/> but could also be <tt>[]</tt>
in JSON-based formats), indicating that no entities matched the request.</t>
</dd>
</dl>
</section>
<section anchor="resource-lookup-examples" numbered="true" toc="default">
<name>Resource Lookup Examples</name>
<t>The examples in this section assume the existence of CoAP hosts with a default CoAP port 61616. HTTP hosts are possible and do not change the nature of the examples.</t>
<t>The following example shows a client performing a resource lookup with the example resource lookup locations discovered in <xref target="example-discovery" format="default"/>:</t>
<figure anchor="example-lookup-res">
<name>Example of a Resource Lookup</name>
<sourcecode type=""><![CDATA[
Req: GET /rd-lookup/res?rt=tag:example.org,2020:temperature
Res: 2.05 Content
Payload:
<coap://[2001:db8:3::123]:61616/temp>;
rt="tag:example.org,2020:temperature"
]]></sourcecode>
</figure>
<t>A client that wants to be notified of new resources as they show up can use
this observation:</t>
<figure anchor="example-lookup-obs">
<name>Example of an Observing Resource Lookup</name>
<sourcecode type=""><![CDATA[
Req: GET /rd-lookup/res?rt=tag:example.org,2020:light
Observe: 0
Res: 2.05 Content
Observe: 23
Payload: empty
(at a later point in time)
Res: 2.05 Content
Observe: 24
Payload:
<coap://[2001:db8:3::124]/west>;rt="tag:example.org,2020:light",
<coap://[2001:db8:3::124]/south>;rt="tag:example.org,2020:light",
<coap://[2001:db8:3::124]/east>;rt="tag:example.org,2020:light"
]]></sourcecode>
</figure>
<t>The following example shows a client performing a paginated resource lookup:</t>
<figure anchor="example-lookup-page">
<name>Example of Paginated Resource Lookup</name>
<sourcecode type=""><![CDATA[
Req: GET /rd-lookup/res?page=0&count=5
Res: 2.05 Content
Payload:
<coap://[2001:db8:3::123]:61616/res/0>;ct=60,
<coap://[2001:db8:3::123]:61616/res/1>;ct=60,
<coap://[2001:db8:3::123]:61616/res/2>;ct=60,
<coap://[2001:db8:3::123]:61616/res/3>;ct=60,
<coap://[2001:db8:3::123]:61616/res/4>;ct=60
Req: GET /rd-lookup/res?page=1&count=5
Res: 2.05 Content
Payload:
<coap://[2001:db8:3::123]:61616/res/5>;ct=60,
<coap://[2001:db8:3::123]:61616/res/6>;ct=60,
<coap://[2001:db8:3::123]:61616/res/7>;ct=60,
<coap://[2001:db8:3::123]:61616/res/8>;ct=60,
<coap://[2001:db8:3::123]:61616/res/9>;ct=60
]]></sourcecode>
</figure>
<t>The following example shows a client performing a lookup of all resources
of all endpoints of a given endpoint type. It assumes that two endpoints (with endpoint
names <tt>sensor1</tt> and <tt>sensor2</tt>) have previously registered with their respective
addresses (<tt>coap://sensor1.example.com</tt> and <tt>coap://sensor2.example.com</tt>) and
posted the very payload of the 6th response of <xref target="RFC6690" sectionFormat="of" section="5"/>.</t>
<t>It demonstrates how absolute link targets stay unmodified, while relative ones
are resolved:</t>
<figure anchor="example-lookup-multiple">
<name>Example of a Resource Lookup from Multiple Endpoints</name>
<sourcecode type=""><![CDATA[
Req: GET /rd-lookup/res?et=tag:example.com,2020:platform
Res: 2.05 Content
Payload:
<coap://sensor1.example.com/sensors>;ct=40;title="Sensor Index",
<coap://sensor1.example.com/sensors/temp>;rt=temperature-c;if=sensor,
<coap://sensor1.example.com/sensors/light>;rt=light-lux;if=sensor,
<http://www.example.com/sensors/t123>;rel=describedby;
anchor="coap://sensor1.example.com/sensors/temp",
<coap://sensor1.example.com/t>;rel=alternate;
anchor="coap://sensor1.example.com/sensors/temp",
<coap://sensor2.example.com/sensors>;ct=40;title="Sensor Index",
<coap://sensor2.example.com/sensors/temp>;rt=temperature-c;if=sensor,
<coap://sensor2.example.com/sensors/light>;rt=light-lux;if=sensor,
<http://www.example.com/sensors/t123>;rel=describedby;
anchor="coap://sensor2.example.com/sensors/temp",
<coap://sensor2.example.com/t>;rel=alternate;
anchor="coap://sensor2.example.com/sensors/temp"
]]></sourcecode>
</figure>
</section>
<section anchor="ep-lookup" numbered="true" toc="default">
<name>Endpoint Lookup</name>
<t>The endpoint lookup returns links to and information about registration resources,
which themselves can only be manipulated by the registering endpoint.</t>
<t>Endpoint registration resources are annotated with their endpoint names (ep), sectors
(d, if present), and registration base URI (base; reports the registrant-EP's address if
no explicit base was given), as well as a constant resource type (rt="core.rd-ep"); the
lifetime (lt) is not reported.
Additional endpoint attributes are added as target attributes to their endpoint link
unless their specification says otherwise.</t>
<t>Links to endpoints <bcp14>SHOULD</bcp14> be presented in path-absolute form or, if
required, as (full) URIs. (This ensures that the output conforms to Limited Link Format,
as described in <xref target="limitedlinkformat" format="default"/>.)</t>
<t>Base addresses that contain link-local addresses <bcp14>MUST NOT</bcp14> include zone
identifiers, and such registrations <bcp14>MUST
NOT</bcp14> be shown unless the lookup was made from the same link from which the
registration was made.</t>
<t>While the endpoint lookup does expose the registration resources,
the RD does not need to make them accessible to clients.
Clients <bcp14>SHOULD NOT</bcp14> attempt to dereference or manipulate them.</t>
<t> An RD can report registrations in lookup whose URI scheme and
authority differ from that of the lookup resource.
Lookup clients <bcp14>MUST</bcp14> be prepared to see arbitrary URIs as registration
resources in the results and treat them as opaque identifiers;
the precise semantics of such links are left to future specifications.</t>
<t>The following example shows a client performing an endpoint lookup that is limited to
endpoints of endpoint type <tt>tag:example.com,2020:platform</tt>:</t>
<figure anchor="example-lookup-ep">
<name>Example of Endpoint Lookup</name>
<sourcecode type=""><![CDATA[
Req: GET /rd-lookup/ep?et=tag:example.com,2020:platform
Res: 2.05 Content
Payload:
</rd/1234>;base="coap://[2001:db8:3::127]:61616";ep=node5;
et="tag:example.com,2020:platform";ct=40;rt=core.rd-ep,
</rd/4521>;base="coap://[2001:db8:3::129]:61616";ep=node7;
et="tag:example.com,2020:platform";ct=40;d=floor-3;
rt=core.rd-ep
]]></sourcecode>
</figure>
</section>
</section>
<section anchor="policies" numbered="true" toc="default">
<name>Security Policies</name>
<t>The security policies that are applicable to an RD strongly depend on the application
and are not set out normatively here.</t>
<t>This section provides a list of aspects that applications should consider when describing their use of the RD,
without claiming to cover all cases.
It uses terminology of <xref target="I-D.ietf-ace-oauth-authz" format="default"/>,
in which the RD acts as the Resource Server (RS), and both registrant-EPs and lookup clients act as Clients (C) with support from an Authorization Server (AS),
without the intention of ruling out other schemes (e.g., those based on certificates/Public Key Infrastructures (PKIs)).</t>
<t>Any, all, or none of the below can apply to an application.
Which are relevant depends on its protection objectives.</t>
<t>Security policies are set by configuration of the RD or by choice of the implementation.
Lookup clients (and, where relevant, endpoints) can only trust an RD to uphold them if it is authenticated
and authorized to serve as an RD according to the application's requirements.</t>
<section anchor="secure-ep" numbered="true" toc="default">
<name>Endpoint Name</name>
<t>Whenever an RD needs to provide trustworthy results to clients doing endpoint lookup
or resource lookup with filtering on the endpoint name,
the RD must ensure that the registrant is authorized to use the given endpoint name.
This applies both to registration and later to operations on the registration resource.
It is immaterial whether the client is the registrant-EP itself or a CT is doing the registration.
The RD cannot tell the difference, and CTs may use authorization credentials authorizing only operations on that particular endpoint name or a wider range of endpoint names.</t>
<t>It is up to the concrete security policy to describe
how the endpoint name and sector are transported when certificates are used.
For example, it may describe how SubjectAltName dNSName entries are mapped to endpoint and domain names.</t>
<section anchor="arbitrary-ep" numbered="true" toc="default">
<name>Random Endpoint Names</name>
<t>Conversely, in applications where the RD does not check the endpoint name,
the authorized registering endpoint can generate a random number (or string) that identifies the endpoint.
The RD should then remember unique properties of the registrant,
associate them with the registration for as long as its registration resource is active (which may be longer than the registration's lifetime),
and require the same properties for operations on the registration resource.</t>
<t>Registrants that are prepared to pick a different identifier when their initial attempt
(or attempts, in the unlikely case of two subsequent collisions)
at registration is unauthorized should pick an identifier at least twice as long as the expected number of registrants;
registrants without any such recovery options should pick significantly longer endpoint names (e.g., using Universally Unique Identifier (UUID) URNs <xref target="RFC4122" format="default"/>).</t>
</section>
</section>
<section anchor="entered-resources" numbered="true" toc="default">
<name>Entered Resources</name>
<t>When lookup clients expect that certain types of links can only originate from certain endpoints,
then the RD needs to apply filtering to the links an endpoint may register.</t>
<t>For example, if clients use an RD to find a server that provides firmware updates,
then any registrant that wants to register (or update) links to firmware sources will need to provide suitable credentials to do so, independently of its endpoint name.</t>
<t>Note that the impact of having undesirable links in the RD depends on the application.
If the client requires the firmware server to present credentials as a firmware server,
a fraudulent link's impact is limited to the client revealing its intention to obtain updates and slowing down the client until it finds a legitimate firmware server;
if the client accepts any credentials from the server as long as they fit the provided URI, the impact is larger.</t>
<t>An RD may also require that links are only registered if the registrant is authorized to publish information about the anchor (or even target) of the link.
One way to do this is to demand that the registrant present the same credentials in its role as a registering client that it would need to present in its role as a server when contacted at the resources' URI. These credentials may include using the address and port that are part of the URI.
Such a restriction places severe practical limitations on the links that can be registered.</t>
<t>As above, the impact of undesirable links depends on the extent to which the lookup client relies on the RD.
To avoid the limitations, RD applications should consider prescribing that lookup clients only use the discovered information as hints
and describe which pieces of information need to be verified because they impact the application's security.
A straightforward way to verify such information is to request it again from an authorized server, typically the one that hosts the target resource.
That is similar to what happens in <xref target="discovery" format="default"/> when the "URI discovery" step is repeated.</t>
</section>
<section anchor="link-confidentiality" numbered="true" toc="default">
<name>Link Confidentiality</name>
<t>When registrants publish information in the RD that is not available to any client that would query the registrant's /.well-known/core <tt>/.well-known/core</tt> interface,
or when lookups to that interface are subject to stricter firewalling than lookups to the RD,
the RD may need to limit which lookup clients may access the information.</t>
<t>In this case, the endpoint (and not the lookup clients) needs to be careful to check the RD's authorization.
The RD needs to check any lookup client's authorization
before revealing information directly (in resource lookup)
or indirectly (when using it to satisfy a resource lookup search criterion).</t>
</section>
<section anchor="segmentation" numbered="true" toc="default">
<name>Segmentation</name>
<t>Within a single RD, different security policies can apply.</t>
<t>One example of this are multi-tenant deployments separated by the sector (d) parameter.
Some sectors might apply limitations on the endpoint names available,
while others use a random identifier approach to endpoint names and place limits on the entered links based on their attributes instead.</t>
<t>Care must be taken in such setups to determine the applicable access control measures to each operation.
One easy way to do that is to mandate the use of the sector parameter on all operations,
as no credentials are suitable for operations across sector borders anyway.</t>
</section>
<section anchor="first-come-first-remembered-a-default-policy" numbered="true" toc="default">
<name>"First Come First Remembered": A Default Policy</name>
<t>The "First Come First Remembered" policy is provided both as a reference example for a
security policy definition and as a policy that implementations may choose to use as
default policy in the absence of another configuration. It is designed to enable efficient
discovery operations even in ad hoc settings.</t>
<t>Under this policy, the RD accepts registrations for any endpoint name that is not assigned to an active registration resource
and only accepts registration updates from the same endpoint.
The policy is minimal in that it does not make any promises to lookup clients about the claims of Sections <xref target="entered-resources" format="counter"/> and <xref target="link-confidentiality" format="counter"/>,
and promises about the claims in <xref target="secure-ep" format="default"/> are limited to the lifetime of that endpoint's registration.
It does however promise the endpoint that, for the duration of its registration, its links will be discoverable on the RD.</t>
<t>When a registration or operation is attempted, the RD <bcp14>MUST</bcp14> determine the client's subject name or public key:</t>
<ul spacing="normal">
<li>If the client's credentials indicate any subject name that is certified by any authority that the RD recognizes (which may be the system's trust anchor store), all such subject names are stored.
With credentials based on CWT or JWT (as common with Authentication and Authorization for Constrained Environments (ACE)), the Subject (sub) claim is stored as a single name, if it exists.
With X.509 certificates, the Common Name (CN) and the complete list of SubjectAltName entries are stored.
In both cases, the authority that certified the claim is stored along with the subject, as the latter may only be locally unique.</li>
<li>Otherwise, if the client proves possession of a private key, the matching public key is stored.
This applies both to raw public keys and to the public keys indicated in certificates that failed the above authority check.</li>
<li>If neither is present, a reference to the security session itself is stored.
With (D)TLS, that is the connection itself or the session resumption information, if available.
With OSCORE, that is the security context.</li>
</ul>
<t>As part of the registration operation, that information is stored along with the registration resource.</t>
<t>The RD <bcp14>MUST</bcp14> accept all registrations whose registration resource is not already active,
as long as they are made using a security layer supported by the RD.</t>
<t>Any operation on a registration resource,
including registrations that lead to an existing registration resource,
<bcp14>MUST</bcp14> be rejected by the RD unless all the stored information is found in the new request's credentials.</t>
<t>Note that, even though subject names are compared in this policy,
they are never directly compared to endpoint names,
and an endpoint cannot expect to "own" any particular endpoint name outside of an active registration --
even if a certificate says so.
It is an accepted shortcoming of this approach that the endpoint has no indication of whether the RD remembers it by its subject name or public key;
recognition by subject happens on a best-effort basis (given the RD may not recognize any authority).
Clients <bcp14>MUST</bcp14> be prepared to pick a different endpoint name when rejected by the RD initially or after a change in their credentials;
picking an endpoint name, as per <xref target="arbitrary-ep" format="default"/>, is an easy option for that.</t>
<t>For this policy to be usable without configuration, clients should not set a sector name in their registrations.
An RD can set a default sector name for registrations accepted under this policy,
which is especially useful in a segmented setup where different policies apply to different sectors.
The configuration of such a behavior, as well as any other configuration applicable to such an RD
(i.e., the set of recognized authorities),
is out of scope for this document.</t>
</section>
</section>
<section anchor="security-considerations" numbered="true" toc="default">
<name>Security Considerations</name>
<t>The security considerations as described in <xref target="RFC8288" section="5" sectionFormat="of"/> and <xref target="RFC6690" section="6" sectionFormat="of"/> apply. The <tt>/.well-known/core</tt> resource may be
protected, e.g., using DTLS when hosted on a CoAP server, as described in
<xref target="RFC7252" format="default"/>.</t>
<t>Access that is limited or affects sensitive data <bcp14>SHOULD</bcp14> be protected,
e.g., using (D)TLS or OSCORE <xref target="RFC8613" format="default"/>;
which aspects of the RD this affects depends on the security policies of the application (see <xref target="policies" format="default"/>).</t>
<section anchor="seccons-discovery" numbered="true" toc="default">
<name>Discovery</name>
<t>Most steps in discovery of the RD, and possibly its resources, are not covered by CoAP's security mechanisms.
This will not endanger the security properties of the registrations and lookup itself
(where the client requires authorization of the RD if it expects any security properties of the operation)
but may leak the client's intention to third parties
and allow them to slow down the process.</t>
<t>To mitigate that, clients can retain the RD's address,
use secure discovery options like configured addresses,
and send queries for RDs in a very general form (e.g., <tt>?rt=core.rd*</tt> rather than <tt>?rt=core.rd-lookup-ep</tt>).</t>
</section>
<section anchor="endpoint_identification" numbered="true" toc="default">
<name>Endpoint Identification and Authentication</name>
<t>An endpoint (name, sector) pair is unique within the set of endpoints registered by the RD. An endpoint <bcp14>MUST NOT</bcp14> be identified by its protocol, port, or IP
address, as these may change over the lifetime of an endpoint.</t>
<t>Every operation performed by an endpoint on an RD
<bcp14>SHOULD</bcp14> be mutually authenticated using a pre-shared key, a raw public key, or
certificate-based security.</t>
<t>Consider the following threat: two devices, A and B, are registered at a single server. Both devices have unique, per-device credentials for use with DTLS to make sure that only parties with authorization to access A or B can do so.</t>
<t>Now, imagine that a malicious device A wants to sabotage the device B. It uses its credentials during the DTLS exchange. Then, it specifies the
endpoint name of device B as the name of its own endpoint in device A. If the server does not check
whether the identifier provided in the DTLS handshake matches the
identifier used at the CoAP layer, then it may be inclined to use the
endpoint name for looking up what information to provision to the malicious device.</t>
<t>Endpoint authorization needs to be checked on registration and registration resource operations
independently of whether there are configured requirements on the credentials for a given endpoint name and sector (<xref target="secure-ep" format="default"/>)
or whether arbitrary names are accepted (<xref target="arbitrary-ep" format="default"/>).</t>
<t>Simple registration could be used to circumvent address-based access control.
An attacker would send a simple registration request with the victim's address as the source address
and later look up the victim's /.well-known/core <tt>/.well-known/core</tt> content in the RD.
Mitigation for this is recommended in <xref target="simple" format="default"/>.</t>
<t>The registration resource path is visible to any client that is allowed endpoint lookup
and can be extracted by resource lookup clients as well.
The same goes for registration attributes that are shown as target attributes or lookup attributes.
The RD needs to consider this in the choice of registration resource paths
and administrators or endpoint in their choice of attributes.</t>
</section>
<section anchor="access-control" numbered="true" toc="default">
<name>Access Control</name>
<t>Access control <bcp14>SHOULD</bcp14> be performed separately for the RD registration and lookup
API paths, as different endpoints may be authorized to register
with an RD from those authorized to look up endpoints from the RD. Such access
control <bcp14>SHOULD</bcp14> be performed in as fine-grained a level as possible. For example,
access control for lookups could be performed either at the sector, endpoint,
or resource level.</t>
<t>The precise access controls necessary (and the consequences of failure to enforce them)
depend on the protection objectives of the application and the security policies (<xref target="policies" format="default"/>) derived from them.</t>
</section>
<section anchor="denial-of-service-attacks" numbered="true" toc="default">
<name>Denial-of-Service Attacks</name>
<t>Services that run over UDP unprotected are vulnerable to unknowingly
amplify and distribute a DoS attack, as UDP does not require a return
routability check.
Since RD lookup responses can be significantly
larger than requests, RDs are prone to this.</t>
<t><xref target="RFC7252" format="default"/> describes this at length in its Section <xref target="RFC7252" section="11.3" sectionFormat="bare"/>,
including some mitigation by using small block sizes in responses.
<xref target="RFC9175" format="default"/> updates that
by describing a source address verification mechanism using the Echo option.</t>
</section>
<section anchor="skipping-freshness-checks" numbered="true" toc="default">
<name>Skipping Freshness Checks</name>
<t>When RD-based applications are built in which request freshness checks are not performed,
these concerns need to be balanced:</t>
<ul spacing="normal">
<li>
<t>When alterations to registration attributes are reordered,
an attacker may create any combination of attributes ever set,
with the attack difficulty determined by the security layer's replay properties. </t>
<t>
For example, if <xref target="example-freshness" format="default"/> were conducted without freshness assurances,
an attacker could later reset the lifetime back to 7200.
Thus, the device is made unreachable to lookup clients.</t>
</li>
<li>
<t>When registration updates without query parameters
(which just serve to restart the lifetime) can be reordered,
an attacker can use intercepted messages to give the appearance of the device being
alive to the RD. </t>
<t>This is unacceptable when the RD's security policy promises reachability of
endpoints (e.g., when disappearing devices would trigger further investigation)
but may be acceptable with other policies.</t>
</li>
</ul>
</section>
</section>
<!-- [rfced] We have included some specific questions about the IANA text in
the document. In addition to responding to those questions, please
review all of the IANA-related updates carefully and let us know if any
updates are needed.
b) In Section 9.3, we would like to confirm that this statement is correct. We
ask because we are unsure if the descriptions in the table in this section
fulfill this requirement.
Original:
The description must give details on whether the parameter can be
updated, and how it is to be processed in lookups.
-->
<section anchor="iana-considerations" numbered="true" toc="default">
<name>IANA Considerations</name>
<section anchor="iana-rt" numbered="true" toc="default">
<name>Resource Types</name>
<t>IANA has added the following values to the "Resource Type (rt=) Link Target Attribute Values"
subregistry of the "Constrained RESTful Environments (CoRE) Parameters"
registry defined in <xref target="RFC6690" format="default"/>:</t>
<table align="center">
<name>Additions to Resource Type (rt=) Link Target Attribute Values Subregistry</name>
<thead>
<tr>
<th align="left">Value</th>
<th align="left">Description</th>
<th align="left">Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td align="left">core.rd</td>
<td align="left">Directory resource of an RD</td>
<td align="left">RFC 9176, <xref target="discovery" format="default"/></td>
</tr>
<tr>
<td align="left">core.rd-lookup-res</td>
<td align="left">Resource lookup of an RD</td>
<td align="left">RFC 9176, <xref target="discovery" format="default"/></td>
</tr>
<tr>
<td align="left">core.rd-lookup-ep</td>
<td align="left">Endpoint lookup of an RD</td>
<td align="left">RFC 9176, <xref target="discovery" format="default"/></td>
</tr>
<tr>
<td align="left">core.rd-ep</td>
<td align="left">Endpoint resource of an RD</td>
<td align="left">RFC 9176, <xref target="lookup" format="default"/></td>
</tr>
</tbody>
</table>
</section>
<section anchor="ipv6-nd-resource-directory-address-option" numbered="true" toc="default">
<name>IPv6 ND Resource Directory Address Option</name>
<t>IANA has registered one new ND option type in the "IPv6 Neighbor
Discovery Option Formats" subregistry of the "Internet Control Message
Protocol version 6 (ICMPv6) Parameters" registry:</t>
<table>
<name>Addition to IPv6 Neighbor Discovery Option Formats Subregistry</name>
<thead>
<tr>
<th>Type</th>
<th>Description</th>
<th>Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td>41</td>
<td>Resource Directory Address Option</td>
<td>RFC 9176</td>
</tr>
</tbody>
</table>
</section>
<section anchor="iana-registry" numbered="true" toc="default">
<name>RD Parameters Registry</name>
<t>This specification defines a new subregistry for registration and
lookup parameters called "RD Parameters" within the "Constrained
RESTful Environments (CoRE) Parameters" registry. Although this
specification defines a basic set of parameters, it is expected that
other standards that make use of this interface will define new
ones.</t>
<t>Each entry in the registry must include:</t>
<ul spacing="normal">
<li>the human-readable name of the parameter,</li>
<li>the short name, as used in query parameters or target attributes,</li>
<li>syntax and validity requirements (if any),</li>
<li>indication of whether it can be passed as a query parameter at registration of
endpoints, passed as a query parameter in lookups, or expressed as a target
attribute,</li>
<li>a description, and</li>
<li>a link to reference documentation.</li>
</ul>
<t>The query parameter <bcp14>MUST</bcp14> be both a valid URI query key <xref target="RFC3986" format="default"/> and a token as used in <xref target="RFC8288" format="default"/>.</t>
<t>The specification must give details on whether the parameter can be updated and how it is to be processed in lookups.</t>
<t>The mechanisms around new RD parameters should be designed in such a way that they tolerate RD implementations that are unaware of the parameter and expose any parameter passed at registration or updates in endpoint lookups. (For example, if a parameter used at registration were to be confidential, the registering endpoint should be instructed to only set that parameter if the RD advertises support for keeping it confidential at the discovery step.)</t>
<t>Initial entries in this subregistry are as follows:</t>
<table anchor="tab-registry" align="center">
<name>New RD Parameters Registry</name>
<thead>
<tr>
<th align="left">Name</th>
<th align="left">Short</th>
<th align="left">Validity</th>
<th align="left">Use</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td align="left">Endpoint Name</td>
<td align="left">ep</td>
<td align="left">Unicode*</td>
<td align="left">RLA</td>
<td align="left">Name of the endpoint</td>
</tr>
<tr>
<td align="left">Lifetime</td>
<td align="left">lt</td>
<td align="left">1-4294967295</td>
<td align="left">R</td>
<td align="left">Lifetime of the registration in seconds</td>
</tr>
<tr>
<td align="left">Sector</td>
<td align="left">d</td>
<td align="left">Unicode*</td>
<td align="left">RLA</td>
<td align="left">Sector to which this endpoint belongs</td>
</tr>
<tr>
<td align="left">Registration Base URI</td>
<td align="left">base</td>
<td align="left">URI</td>
<td align="left">RLA</td>
<td align="left">The scheme, address, port, and path at which this server is
available</td>
</tr>
<tr>
<td align="left">Page</td>
<td align="left">page</td>
<td align="left">Integer</td>
<td align="left">L</td>
<td align="left">Used for pagination</td>
</tr>
<tr>
<td align="left">Count</td>
<td align="left">count</td>
<td align="left">Integer</td>
<td align="left">L</td>
<td align="left">Used for pagination</td>
</tr>
<tr>
<td align="left">Endpoint Type</td>
<td align="left">et</td>
<td align="left">
RFC 9176, <xref target="et-description" format="default"/></td>
<td align="left">RLA</td>
<td align="left">Semantic type of the endpoint (see RFC 9176, <xref target="et-registry" format="default"/>)</td>
</tr>
</tbody>
</table>
<t>Where:</t>
<dl newline="false" spacing="normal">
<dt>Short:</dt>
<dd>Short name used in query parameters or target attributes</dd>
<dt>Validity:</dt>
<dd>
<t><br/></t>
<dl spacing="normal">
<dt>Unicode* = </dt>
<dd>63 bytes of UTF-8-encoded Unicode, with no control characters as per
<xref target="registration" format="default"/></dd>
</dl>
</dd>
<dt>Use:</dt>
<dd>
<t><br/></t>
<dl spacing="compact">
<dt>R =</dt>
<dd>used at registration</dd>
<dt>L =</dt>
<dd>used at lookup</dd>
<dt>A =</dt>
<dd>expressed in the target attribute</dd>
</dl>
</dd>
</dl>
<t>The descriptions for the options defined in this document are only summarized here.
To which registrations they apply and when they are to be shown are described in the respective sections of this document.
All their reference documentation entries point to this document.</t>
<t>The IANA policy for future additions to the subregistry is Expert Review,
as described in <xref target="RFC8126" format="default"/>. The evaluation should consider
formal criteria,
duplication of functionality (i.e., is the new entry redundant with an existing one?),
topical suitability (e.g., is the described property actually a property of the endpoint and not a property of a particular resource, in which case it should go into the payload of the registration and need not be registered?),
and the potential for conflict with commonly used target attributes (e.g., <tt>if</tt> could be used as a parameter for conditional registration if it were not to be used in lookup or attributes but would make a bad parameter for lookup because a resource lookup with an <tt>if</tt> query parameter could ambiguously filter by the registered endpoint property or the target attribute <xref target="RFC6690" format="default"/>).</t>
<section anchor="et-description" numbered="true" toc="default">
<name>Full Description of the "Endpoint Type" RD Parameter</name>
<t>An endpoint registering at an RD can describe itself with
endpoint types, similar to how resources are described with resource
types in <xref target="RFC6690" format="default"/>. An endpoint
type is expressed as a string, which can be either a URI or one of
the values defined in the "Endpoint Type (et=) RD Parameter Values"
subregistry. Endpoint types can be passed in the <tt>et</tt> query
parameter as part of extra-attrs at the "registration" step of <xref target="registration"/>, are shown
on endpoint lookups using the <tt>et</tt> target attribute, and can
be filtered for using <tt>et</tt> as a search criterion in resource
and endpoint lookup. Multiple endpoint types are given as separate
query parameters or link attributes.</t>
<t>Note that the endpoint type differs from the resource type in that it uses multiple
attributes rather than space-separated values.
As a result, RDs implementing this specification automatically support correct
filtering in the lookup interfaces from the rules for unknown endpoint
attributes.</t>
</section>
</section>
<section anchor="et-registry" numbered="true" toc="default">
<name>Endpoint Type (et=) RD Parameter Values</name>
<t>This specification establishes a new subregistry called "Endpoint
Type (et=) RD Parameter Values" within the "Constrained RESTful
Environments (CoRE) Parameters" registry.
The registry properties (required policy, requirements, and template) are
identical to those of the "Resource Type (rt=) Link Target Attribute
Values" subregistry defined in <xref target="RFC6690" format="default"/>;
in short, the review policy is IETF Review for
values starting with "core" and Specification Required for others.</t>
<t>The requirements to be enforced are:</t>
<ul spacing="normal">
<li>The values <bcp14>MUST</bcp14> be related to the purpose described in <xref target="et-description" format="default"/>.</li>
<li>The registered values <bcp14>MUST</bcp14> conform to the ABNF reg-rel-type definition of
<xref target="RFC6690" format="default"/> and <bcp14>MUST NOT</bcp14> be a URI.</li>
<li>It is recommended to use the period "." character for segmentation.</li>
</ul>
<t>The initial contents of the registry are as follows:</t>
<table>
<name>New Endpoint Type (et=) RD Parameter Values Registry</name>
<thead>
<tr>
<th>Value</th>
<th>Description</th>
<th>Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td>core.rd-group</td>
<td>An application group, as described in RFC 9176, <xref target="groups" format="default"/>.</td>
<td>RFC 9176</td>
</tr>
</tbody>
</table>
</section>
<section anchor="mc-registration" numbered="true" toc="default">
<name>Multicast Address Registration</name>
<t>
IANA has assigned
the following multicast addresses for use by CoAP nodes:</t>
<dl newline="false" spacing="normal">
<dt>IPv4</dt>
<dd>-- "All CoRE Resource Directories" address 224.0.1.190, in the
"Internetwork Control Block (224.0.1.0 - 224.0.1.255 (224.0.1/24))"
subregistry within the "IPv4 Multicast Address Space Registry". As
the address is used for discovery that may span beyond a single
network, it has come from the Internetwork Control Block (224.0.1.x)
<xref target="RFC5771" format="default"/>.</dd>
<dt>IPv6</dt>
<dd>-- "All CoRE Resource Directories" address ff0x::fe, in
the "Variable Scope Multicast Addresses" subregistry within the "IPv6
Multicast Address Space Registry" <xref target="RFC3307"
format="default"/>. Note that there is a distinct multicast address for
each scope that interested CoAP nodes should
listen to; CoAP needs the
link-local and site-local scopes only.</dd>
</dl>
</section>
<section anchor="well-known-uris" numbered="true" toc="default">
<name>Well-Known URIs</name>
<t>IANA has registered the URI suffix "rd" in the "Well-Known URIs"
registry as follows: </t>
<table>
<name>Addition to Well-Known URIs Registry</name>
<thead>
<tr>
<th>URI Suffix</th>
<th>Change Controller</th>
<th>Reference</th>
<th>Status</th>
</tr>
</thead>
<tbody>
<tr>
<td>rd</td>
<td>IETF</td>
<td>RFC 9176</td>
<td>permanent</td>
</tr>
</tbody>
</table>
</section>
<section anchor="service-names-and-transport-protocol-port-number-registry" numbered="true" toc="default">
<name>Service Name and Transport Protocol Port Number Registry</name>
<t>IANA has added four new items to the "Service Name and Transport Protocol Port Number Registry" as follows:</t>
<table>
<name>Additions to Service Name and Transport Protocol Port Number Registry</name>
<thead>
<tr>
<th>Service Name</th>
<th>Transport Protocol</th>
<th>Description</th>
<th>Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td>core-rd</td>
<td>udp</td>
<td>Resource Directory accessed using CoAP</td>
<td>RFC 9176</td>
</tr>
<tr>
<td>core-rd-dtls</td>
<td>udp</td>
<td>Resource Directory accessed using CoAP over DTLS</td>
<td>RFC 9176</td>
</tr>
<tr>
<td>core-rd</td>
<td>tcp</td>
<td>Resource Directory accessed using CoAP over TCP</td>
<td>RFC 9176</td>
</tr>
<tr>
<td>core-rd-tls</td>
<td>tcp</td>
<td>Resource Directory accessed using CoAP over TLS</td>
<td>RFC 9176</td>
</tr>
</tbody>
</table>
</section>
</section>
<section anchor="examples" numbered="true" toc="default">
<name>Examples</name>
<t>Two examples are presented: a lighting installation example in <xref target="lt-ex" format="default"/> and a Lightweight M2M (LwM2M) example in <xref target="lwm2m-ex" format="default"/>.</t>
<section anchor="lt-ex" numbered="true" toc="default">
<name>Lighting Installation</name>
<t>This example shows a simplified lighting installation that makes use of
the RD with a CoAP interface to facilitate the installation and startup of
the application code in the lights and sensors. In particular, the example
leads to the definition of a group and the enabling of the corresponding
multicast address, as described in <xref target="groups" format="default"/>. No conclusions must be drawn on the realization of actual
installation or naming procedures, because the example only "emphasizes" some of the issues
that may influence the use of the RD and does not pretend to be normative.</t>
<section anchor="lt-in-ch" numbered="true" toc="default">
<name>Installation Characteristics</name>
<t>The example assumes that the installation is managed. That means that a Commissioning
Tool (CT) is used to authorize the addition of nodes, name them, and name
their services. The CT can be connected to the installation in many ways:
the CT can be part of the installation network, connected by Wi-Fi to the
installation network, connected via GPRS link, or connected by another method.</t>
<t>It is assumed that there are two naming authorities for the installation:
(1) the network manager that is responsible for the correct operation of
the network and the connected interfaces and (2) the lighting manager that
is responsible for the correct functioning of networked lights and sensors.
The result is the existence of two naming schemes coming from the two managing
entities.</t>
<t>The example installation consists of one presence sensor and two luminaries,
luminary1 and luminary2, each with their own wireless interface. Each luminary
contains three lamps: left, right, and middle. Each luminary is accessible
through one endpoint. For each lamp, a resource exists to modify the settings
of a lamp in a luminary. The purpose of the installation is that the presence
sensor notifies the presence of persons to a group of lamps. The group of
lamps consists of the middle and left lamps of luminary1 and the right lamp of luminary2.</t>
<t>Before commissioning by the lighting manager, the network is installed, and
access to the interfaces is proven to work by the network manager.</t>
<t>At the moment of installation, the network under installation is not necessarily
connected to the DNS infrastructure. Therefore, Stateless Address Autoconfiguration (SLAAC) IPv6 addresses are
assigned to CT, RD, luminaries, and the sensor.
The addresses shown in <xref target="interface-S" format="default"/> below stand in for these in the following examples.</t>
<table anchor="interface-S" align="center">
<name>Addresses Used in the Examples</name>
<thead>
<tr>
<th align="left">Name</th>
<th align="left">IPv6 address</th>
</tr>
</thead>
<tbody>
<tr>
<td align="left">luminary1</td>
<td align="left">2001:db8:4::1</td>
</tr>
<tr>
<td align="left">luminary2</td>
<td align="left">2001:db8:4::2</td>
</tr>
<tr>
<td align="left">Presence sensor</td>
<td align="left">2001:db8:4::3</td>
</tr>
<tr>
<td align="left">RD</td>
<td align="left">2001:db8:4::ff</td>
</tr>
</tbody>
</table>
<t>In <xref target="rd-en" format="default"/>, the use of RD during installation is
presented.</t>
</section>
<section anchor="rd-en" numbered="true" toc="default">
<name>RD Entries</name>
<t>It is assumed that access to the DNS infrastructure is not always possible
during installation. Therefore, the SLAAC addresses are used in this section.</t>
<t>For discovery, the resource types (rt) of the devices are important. The
lamps in the luminaries have rt=tag:example.com,2020:light, and the presence sensor has rt=tag:example.com,2020:p-sensor.
The endpoints have names that are relevant to the light installation manager.
In this case, luminary1, luminary2, and the presence sensor are located in
room 2-4-015, where luminary1 is located at the window and luminary2 and
the presence sensor are located at the door. The endpoint names reflect
this physical location. The middle, left, and right lamps are accessed via
path /light/middle, /light/left, and /light/right, respectively. The identifiers
relevant to the RD are shown in <xref target="endpoint" format="default"/>.</t>
<table anchor="endpoint" align="center">
<name>RD Identifiers</name>
<thead>
<tr>
<th align="left">Name</th>
<th align="left">Endpoint</th>
<th align="left">Resource Path</th>
<th align="left">Resource Type</th>
</tr>
</thead>
<tbody>
<tr>
<td align="left">luminary1</td>
<td align="left">lm_R2-4-015_wndw</td>
<td align="left">/light/left</td>
<td align="left">tag:example.com,2020:light</td>
</tr>
<tr>
<td align="left">luminary1</td>
<td align="left">lm_R2-4-015_wndw</td>
<td align="left">/light/middle</td>
<td align="left">tag:example.com,2020:light</td>
</tr>
<tr>
<td align="left">luminary1</td>
<td align="left">lm_R2-4-015_wndw</td>
<td align="left">/light/right</td>
<td align="left">tag:example.com,2020:light</td>
</tr>
<tr>
<td align="left">luminary2</td>
<td align="left">lm_R2-4-015_door</td>
<td align="left">/light/left</td>
<td align="left">tag:example.com,2020:light</td>
</tr>
<tr>
<td align="left">luminary2</td>
<td align="left">lm_R2-4-015_door</td>
<td align="left">/light/middle</td>
<td align="left">tag:example.com,2020:light</td>
</tr>
<tr>
<td align="left">luminary2</td>
<td align="left">lm_R2-4-015_door</td>
<td align="left">/light/right</td>
<td align="left">tag:example.com,2020:light</td>
</tr>
<tr>
<td align="left">Presence sensor</td>
<td align="left">ps_R2-4-015_door</td>
<td align="left">/ps</td>
<td align="left">tag:example.com,2020:p-sensor</td>
</tr>
</tbody>
</table>
<t>It is assumed that the CT has performed RD discovery and has received a response like the one in the example in <xref target="discovery" format="default"/>.</t>
<t>The CT inserts the endpoints of the luminaries and the sensor in the RD
using the registration base URI parameter (base) to specify the interface address:</t>
<figure anchor="example-lighting-1">
<name>Example of Registrations a CT Enters into an RD</name>
<sourcecode type=""><![CDATA[
Req: POST coap://[2001:db8:4::ff]/rd
?ep=lm_R2-4-015_wndw&base=coap://[2001:db8:4::1]&d=R2-4-015
Payload:
</light/left>;rt="tag:example.com,2020:light",
</light/middle>;rt="tag:example.com,2020:light",
</light/right>;rt="tag:example.com,2020:light"
Res: 2.01 Created
Location-Path: /rd/4521
Req: POST coap://[2001:db8:4::ff]/rd
?ep=lm_R2-4-015_door&base=coap://[2001:db8:4::2]&d=R2-4-015
Payload:
</light/left>;rt="tag:example.com,2020:light",
</light/middle>;rt="tag:example.com,2020:light",
</light/right>;rt="tag:example.com,2020:light"
Res: 2.01 Created
Location-Path: /rd/4522
Req: POST coap://[2001:db8:4::ff]/rd
?ep=ps_R2-4-015_door&base=coap://[2001:db8:4::3]&d=R2-4-015
Payload:
</ps>;rt="tag:example.com,2020:p-sensor"
Res: 2.01 Created
Location-Path: /rd/4523
]]></sourcecode>
</figure>
<t>The sector name d=R2-4-015 has been added for an efficient lookup because
filtering on the "ep" name is more awkward. The same sector name is communicated to
the two luminaries and the presence sensor by the CT.</t>
<t>The group is specified in the RD. The base parameter is set to the site-local
multicast address allocated to the group.
In the POST in the example below, the resources supported by all group members are published.</t>
<figure anchor="example-lighting-2">
<name>Example of a Multicast Group a CT Enters into an RD</name>
<sourcecode type=""><![CDATA[
Req: POST coap://[2001:db8:4::ff]/rd
?ep=grp_R2-4-015&et=core.rd-group&base=coap://[ff05::1]
Payload:
</light/left>;rt="tag:example.com,2020:light",
</light/middle>;rt="tag:example.com,2020:light",
</light/right>;rt="tag:example.com,2020:light"
Res: 2.01 Created
Location-Path: /rd/501
]]></sourcecode>
</figure>
<t>After the filling of the RD by the CT, the application in the luminaries
can learn to which groups they belong and enable their interface for the
multicast address.</t>
<t>The luminary, knowing its sector and being configured to join any group
containing lights, searches for candidate groups and joins them:</t>
<figure anchor="example-lighting-3">
<name>Example of a Lookup Exchange to Find Suitable Multicast Addresses</name>
<sourcecode type=""><![CDATA[
Req: GET coap://[2001:db8:4::ff]/rd-lookup/ep
?d=R2-4-015&et=core.rd-group&rt=light
Res: 2.05 Content
Payload:
</rd/501>;ep=grp_R2-4-015;et=core.rd-group;
base="coap://[ff05::1]";rt=core.rd-ep
]]></sourcecode>
</figure>
<t>From the returned base parameter value, the luminary learns the multicast address
of the multicast group.</t>
<t>The presence sensor can learn the presence of groups that support resources with rt=tag:example.com,2020:light in its own sector by sending the same request, as used by the luminary. The presence sensor learns the multicast address to use for sending messages to the luminaries.</t>
</section>
</section>
<section anchor="lwm2m-ex" numbered="true" toc="default">
<name>OMA Lightweight M2M (LwM2M)</name>
<t>OMA LwM2M is a profile for device services based on CoAP, providing interfaces and operations for device management and device service enablement.</t>
<t>An LwM2M server is an instance of an LwM2M middleware service layer, containing an RD (<xref target="LwM2M" format="default"/>, page 36f).</t>
<t>That RD only implements the registration interface, and no lookup is implemented.
Instead, the LwM2M server provides access to the registered resources in a similar way to a reverse proxy.</t>
<t>The location of the LwM2M server and RD URI path is provided by the LwM2M bootstrap process, so no dynamic discovery of the RD is used. LwM2M servers and endpoints are not required to implement the /.well-known/core <tt>/.well-known/core</tt> resource.</t>
</section>
</section>
</middle>
<back>
<displayreference target="I-D.silverajan-core-coap-protocol-negotiation" to="COAP-PROT-NEG"/>
<displayreference target="I-D.ietf-ace-oauth-authz" to="ACE-OAUTH-AUTHZ"/>
<displayreference target="I-D.ietf-core-links-json" to="CORE-LINKS-JSON"/>
<displayreference target="I-D.ietf-core-rd-dns-sd" to="CORE-RD-DNS-SD"/>
<displayreference target="I-D.bormann-t2trg-rel-impl" to="T2TRG-REL-IMPL"/>
<displayreference target="I-D.ietf-core-coral" to="CORE-CORAL"/>
<references>
<name>References</name>
<references>
<name>Normative References</name>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6690.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3986.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8126.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6570.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6763.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7230.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7252.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8288.xml"/>
<!-- [I-D.ietf-core-echo-request-tag] RFC Ed Queue; RFC-EDITOR state; companion document RFC 9175 -->
<reference anchor='RFC9175'>
<front>
<title>Constrained Application Protocol (CoAP): Echo, Request-Tag, and Token Processing</title>
<author initials='C' surname='Amsüss' fullname='Christian Amsüss'>
<organization />
</author>
<author initials='J' surname='Preuß Mattsson' fullname='John Preuß Mattsson'>
<organization />
</author>
<author initials='G' surname='Selander' fullname='Goeran Selander'>
<organization />
</author>
<date month='February' year='2022' />
</front>
<seriesInfo name="RFC" value="9175"/>
<seriesInfo name="DOI" value="10.17487/RFC9175"/>
</reference>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/>
</references>
<references>
<name>Informative References</name>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6775.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6874.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8132.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7641.xml"/>
<reference anchor="ER">
<front>
<title>The entity-relationship model--toward a unified view of data</title>
<author fullname="Peter Pin-Shan Chen" initials="P." surname="Chen">
<organization/>
</author>
<date month="March" year="1976"/>
</front>
<seriesInfo name="DOI" value="10.1145/320434.320440"/>
<refcontent>ACM Transactions on Database Systems, Vol. 1, pp. 9-36</refcontent>
</reference>
<!-- [I-D.silverajan-core-coap-protocol-negotiation] IESG state Expired -->
<xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.silverajan-core-coap-protocol-negotiation.xml"/>
<!-- [I-D.ietf-ace-oauth-authz] RFC Ed Queue; IANA state -->
<xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.ietf-ace-oauth-authz.xml"/>
<!-- [I-D.ietf-core-links-json] IESG state Expired (IESG: Dead) -->
<reference anchor='I-D.ietf-core-links-json'>
<front>
<title>Representing Constrained RESTful Environments (CoRE) Link Format in JSON and CBOR</title>
<author initials='K' surname='Li' fullname='Kepeng Li'>
<organization />
</author>
<author initials='A' surname='Rahman' fullname='Akbar Rahman'>
<organization />
</author>
<author initials='C' surname='Bormann' fullname='Carsten Bormann' role="editor">
<organization />
</author>
<date month='February' day='26' year='2018' />
</front>
<seriesInfo name='Internet-Draft' value='draft-ietf-core-links-json-10' />
<format type='TXT'
target='http://www.ietf.org/internet-drafts/draft-ietf-core-links-json-10.txt' />
</reference>
<!-- [I-D.ietf-core-rd-dns-sd] IESG state Expired -->
<reference anchor='I-D.ietf-core-rd-dns-sd'>
<front>
<title>CoRE Resource Directory: DNS-SD mapping</title>
<author initials='P' surname='van der Stok' fullname='Peter van der Stok'>
<organization />
</author>
<author initials='M' surname='Koster' fullname='Michael Koster'>
<organization />
</author>
<author initials='C' surname='Amsuess' fullname='Christian Amsuess'>
<organization />
</author>
<date month='July' day='7' year='2019' />
</front>
<seriesInfo name='Internet-Draft' value='draft-ietf-core-rd-dns-sd-05' />
<format type='TXT'
target='http://www.ietf.org/internet-drafts/draft-ietf-core-rd-dns-sd-05.txt' />
</reference>
<reference anchor="LwM2M" target="https://openmobilealliance.org/RELEASE/LightweightM2M/V1_1-20180612-C/OMA-TS-LightweightM2M_Transport-V1_1-20180612-C.pdf">
<front>
<title>Lightweight Machine to Machine Technical Specification: Transport Bindings (Candidate Version 1.1)</title>
<author>
<organization>Open Mobile Alliance</organization>
</author>
<date year="2018" month="June"/>
</front>
</reference>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7228.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4944.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8141.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6724.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8106.xml"/>
<!-- [I-D.bormann-t2trg-rel-impl] IESG state Expired -->
<xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.bormann-t2trg-rel-impl.xml"/>
<!-- [I-D.hartke-t2trg-coral] Replaced by draft-ietf-core-coral; IESG state Expired -->
<xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.ietf-core-coral.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4122.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8613.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5771.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3849.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3306.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3307.xml"/>
</references>
</references>
<section anchor="groups" numbered="true" toc="default">
<name>Groups Registration and Lookup</name>
<t>The RD-Group's usage pattern allows announcing application groups inside an RD.</t>
<t>Groups are represented by endpoint registrations.
Their base address is a multicast address,
and they <bcp14>SHOULD</bcp14> be entered with the endpoint type <tt>core.rd-group</tt>.
The endpoint name can also be referred to as a group name in this context.</t>
<t>The registration is inserted into the RD by a Commissioning Tool,
which might also be known as a group manager here.
It performs third-party registration and registration updates.</t>
<t>The links it registers <bcp14>SHOULD</bcp14> be available on all members that join the group.
Depending on the application, members that lack some resources
<bcp14>MAY</bcp14> be permissible if requests to them fail gracefully.</t>
<t>The following example shows a CT registering a group with the name "lights", which provides two resources.
The directory resource path /rd
is an example RD location discovered in a request similar to <xref target="example-discovery" format="default"/>.
The group address in the example is constructed from the reserved 2001:db8:: prefix in <xref target="RFC3849" format="default"/> as a unicast-prefix-based site-local address (see <xref target="RFC3306" format="default"/>).</t>
<figure anchor="example-group-registration">
<name>Example Registration of a Group</name>
<sourcecode type=""><![CDATA[
Req: POST coap://rd.example.com/rd?ep=lights&et=core.rd-group
&base=coap://[ff35:30:2001:db8:f1::8000:1]
Content-Format: 40
Payload:
</light>;rt="tag:example.com,2020:light";
if="tag:example.net,2020:actuator",
</color-temperature>;if="tag:example.net,2020:parameter";u=K
Res: 2.01 Created
Location-Path: /rd/12
]]></sourcecode>
</figure>
<t>In this example, the group manager can easily permit devices that have no
writable color-temperature to join, as they would still respond to brightness-changing commands. Had the group instead contained a single resource that sets
brightness and color-temperature atomically, endpoints would need to support
both properties.</t>
<t>The resources of a group can be looked up like any other resource,
and the group registrations (along with any additional registration parameters)
can be looked up using the endpoint lookup interface.</t>
<t>The following example shows a client performing an endpoint lookup for all groups:</t>
<figure anchor="example-group-lookup">
<name>Example Lookup of Groups</name>
<sourcecode type=""><![CDATA[
Req: GET /rd-lookup/ep?et=core.rd-group
Res: 2.05 Content
Payload:
</rd/12>;ep=lights&et=core.rd-group;
base="coap://[ff35:30:2001:f1:db8::8000:1]";rt=core.rd-ep
]]></sourcecode>
</figure>
<t>The following example shows a client performing a lookup of all resources of all endpoints (groups) with et=core.rd-group:</t>
<figure anchor="example-group-lookup-res">
<name>Example Lookup of Resources Inside Groups</name>
<sourcecode type=""><![CDATA[
Req: GET /rd-lookup/res?et=core.rd-group
Res: 2.05 Content
Payload:
<coap://[ff35:30:2001:db8:f1::8000:1]/light>;
rt="tag:example.com,2020:light";
if="tag:example.net,2020:actuator",
<coap://[ff35:30:2001:db8:f1::8000:1]/color-temperature>;
if="tag:example.net,2020:parameter";u=K,
]]></sourcecode>
</figure>
</section>
<section anchor="weblink" numbered="true" toc="default">
<name>Web Links and the Resource Directory</name>
<t>Understanding the semantics of a link-format document and its URI references is
a journey through different documents (<xref target="RFC3986" format="default"/> defining URIs, <xref target="RFC6690" format="default"/>
defining link-format documents based on <xref target="RFC8288" format="default"/>, which defines Link header fields,
and <xref target="RFC7252" format="default"/> providing the transport). This appendix summarizes
the mechanisms and semantics at play from an entry in <tt>/.well-known/core</tt> to a
resource lookup.</t>
<t>This text is primarily aimed at people entering the field of Constrained
Restful Environments from applications that previously did not use web
mechanisms.</t>
<section anchor="a-simple-example" numbered="true" toc="default">
<name>A Simple Example</name>
<t>Let's start this example with a very simple host, <tt>2001:db8:f0::1</tt>. A client
that follows classical CoAP discovery (<xref target="RFC7252" section="7" sectionFormat="comma"/>) sends the
following multicast request to learn about neighbors supporting resources with
resource-type "temperature".</t>
<t>The client sends a link-local multicast:</t>
<figure anchor="example-weblink-wkc">
<name>Example of Direct Resource Discovery</name>
<sourcecode type=""><![CDATA[
Req: GET coap://[ff02::fd]:5683/.well-known/core?rt=temperature
Res: 2.05 Content
Payload:
</sensors/temp>;rt=temperature;ct=0
]]></sourcecode>
</figure>
<t>where the response is sent by the server, <tt>[2001:db8:f0::1]:5683</tt>.</t>
<t>While the client -- on the practical or implementation side -- can just go
ahead and create a new request to <tt>[2001:db8:f0::1]:5683</tt> with Uri-Path
<tt>sensors</tt> and <tt>temp</tt>, the full resolution steps for insertion into and retrieval from the RD without any shortcuts are as follows.</t>
<section anchor="resolveURI" numbered="true" toc="default">
<name>Resolving the URIs</name>
<t>The client parses the single returned record. The link's target (sometimes
called "href") is <tt>/sensors/temp</tt>, which is a relative URI that needs resolving.
The base
URI <coap://[ff02::fd]:5683/.well-known/core> <tt>coap://[ff02::fd]:5683/.well-known/core</tt> is used to resolve the
reference against /sensors/temp.</t>
<t>The base URI of the requested resource can be composed from the options of the CoAP GET request by following the steps of
<xref target="RFC7252" sectionFormat="comma" section="6.5"/> (with an addition at the end of Section <xref target="RFC7252" sectionFormat="bare" section="8.2"/>) into
<tt>coap://[2001:db8:f0::1]/.well-known/core</tt>.</t>
<t>Because <tt>/sensors/temp</tt> starts with a single slash,
the record's target is resolved by replacing the path <tt>/.well-known/core</tt>
from the base URI (<xref target="RFC3986" sectionFormat="comma" section="5.2"/>) with the relative target URI <tt>/sensors/temp</tt> into
<tt>coap://[2001:db8:f0::1]/sensors/temp</tt>.</t>
</section>
<section anchor="interpreting-attributes-and-relations" numbered="true" toc="default">
<name>Interpreting Attributes and Relations</name>
<t>Some more information about the record's target can be obtained from the payload:
the resource type of the target is "temperature", and its content format is
text/plain (ct=0).</t>
<t>A relation in a web link is a three-part statement that specifies a named relation between the so-called "context resource"
and the target resource, like "<em>This page</em> has <em>its table
of contents</em> at <em>/toc.html</em>". In link-format documents,
there is an implicit "host relation" specified with default parameter rel="hosts".</t>
<t>In our example, the context resource of the link is implied to be "coap:://[2001:db8:f0::1]" <tt>coap:://[2001:db8:f0::1]</tt>
by the default value of the anchor (see <xref target="resolution-rules" format="default"/>).
A full English expression of the "host relation" is:</t>
<t indent="3"><tt>coap://[2001:db8:f0::1]</tt> is hosting the resource
<tt>coap://[2001:db8:f0::1]/sensors/temp</tt>, which is of the resource type "temperature" and
can be accessed using the text/plain content format.</t>
</section>
</section>
<section anchor="a-slightly-more-complex-example" numbered="true" toc="default">
<name>A Slightly More Complex Example</name>
<t>Omitting the <tt>rt=temperature</tt> filter, the discovery query would
have given some more records in the payload:</t>
<figure anchor="example-weblink-wkc-extended">
<name>Extended Example of Direct Resource Discovery</name>
<sourcecode type=""><![CDATA[
Req: GET coap://[ff02::fd]:5683/.well-known/core
Res: 2.05 Content
Payload:
</sensors/temp>;rt=temperature;ct=0,
</sensors/light>;rt=light-lux;ct=0,
</t>;anchor="/sensors/temp";rel=alternate,
<http://www.example.com/sensors/t123>;anchor="/sensors/temp";
rel=describedby
]]></sourcecode>
</figure>
<t>Parsing the third record, the client encounters the "anchor" parameter. It is
a URI relative to the base URI of the request and is thus resolved to
<tt>coap://[2001:db8:f0::1]/sensors/temp</tt>.
That is the context resource of the link, so the "rel" statement is not about
the target and the base URI any more but about the target and the resolved
URI. Thus, the third record could be read as
<tt>coap://[2001:db8:f0::1]/sensors/temp</tt> has an alternate representation at
<tt>coap://[2001:db8:f0::1]/t</tt>.</t>
<t>Following the same resolution steps, the fourth record can be read as <tt>coap://[2001:db8:f0::1]/sensors/temp</tt> is
described by <tt>http://www.example.com/sensors/t123</tt>.</t>
</section>
<section anchor="enter-the-resource-directory" numbered="true" toc="default">
<name>Enter the Resource Directory</name>
<t>The RD tries to carry the semantics obtainable by classical
CoAP discovery over to the resource lookup interface as faithfully as possible.</t>
<t>For the following queries, we will assume that the simple host has used simple
registration to register at the RD that was announced to it,
sending this request from its UDP port <tt>[2001:db8:f0::1]:6553</tt>:</t>
<figure anchor="example-weblink-simple">
<name>Example of a Simple Registration</name>
<sourcecode type=""><![CDATA[
Req: POST coap://[2001:db8:f01::ff]/.well-known/rd?ep=simple-host1
Res: 2.04 Changed
]]></sourcecode>
</figure>
<t>The RD would have accepted the registration and queried the
simple host's <tt>/.well-known/core</tt> by itself. As a result, the host is registered
as an endpoint in the RD with the name "simple-host1". The registration is
active for 90000 seconds, and the endpoint registration base URI is
<tt>coap://[2001:db8:f0::1]</tt>, following the resolution steps described in <xref target="resolveURI" format="default"/>. It should be remarked that the base URI constructed that way always yields a URI of the form scheme://authority without path suffix.</t>
<t>If the client now queries the RD as it would previously have issued a multicast
request, it would go through the RD discovery steps by fetching
<tt>coap://[2001:db8:f0::ff]/.well-known/core?rt=core.rd-lookup-res</tt>, obtain
<tt>coap://[2001:db8:f0::ff]/rd-lookup/res</tt> as the resource lookup endpoint, and
ask it for all temperature resources:</t>
<figure anchor="example-weblink-lookup-result">
<name>Example Exchange Performing Resource Lookup</name>
<sourcecode type=""><![CDATA[
Req: GET coap://[2001:db8:f0::ff]/rd-lookup/res?rt=temperature
Res: 2.05 Content
Payload:
<coap://[2001:db8:f0::1]/sensors/temp>;rt=temperature;ct=0
]]></sourcecode>
</figure>
<t>This is not <em>literally</em> the same response that it would have received from a
multicast request, but it contains the equivalent statement:</t>
<t indent="3"><tt>coap://[2001:db8:f0::1]</tt> is hosting the resource
<tt>coap://[2001:db8:f0::1]/sensors/temp</tt>, which is of the resource type "temperature" and
can be accessed using the text/plain content format.</t>
<t>To complete the examples, the client could also query all resources hosted at
the endpoint with the known endpoint name "simple-host1":</t>
<figure anchor="example-weblink-lookup-result-extended">
<name>Extended Example Exchange Performing Resource Lookup</name>
<sourcecode type=""><![CDATA[
Req: GET coap://[2001:db8:f0::ff]/rd-lookup/res?ep=simple-host1
Res: 2.05 Content
Payload:
<coap://[2001:db8:f0::1]/sensors/temp>;rt=temperature;ct=0,
<coap://[2001:db8:f0::1]/sensors/light>;rt=light-lux;ct=0,
<coap://[2001:db8:f0::1]/t>;
anchor="coap://[2001:db8:f0::1]/sensors/temp";rel=alternate,
<http://www.example.com/sensors/t123>;
anchor="coap://[2001:db8:f0::1]/sensors/temp";rel=describedby
]]></sourcecode>
</figure>
<t>All the target and anchor references are already in absolute form there, which
don't need to be resolved any further.</t>
<t>Had the simple host done an equivalent full registration with a base= parameter (e.g.,
<tt>?ep=simple-host1&base=coap+tcp://sh1.example.com</tt>), that context would
have been used to resolve the relative anchor values instead, giving the following and analogous records:</t>
<figure anchor="example-weblink-lookup-result-base">
<name>Example Payload of a Response to a Resource Lookup with a Dedicated Base URI</name>
<sourcecode type=""><![CDATA[
<coap+tcp://sh1.example.com/sensors/temp>;rt=temperature;ct=0
]]></sourcecode>
</figure>
</section>
<section anchor="resolution-rules" numbered="true" toc="default">
<name>A Note on Differences between Link-Format and Link Header Fields</name>
<t>While link-format and Link header fields look very similar and are based on the same
model of typed links, there are some differences between <xref target="RFC6690" format="default"/> and
<xref target="RFC8288" format="default"/>.
When implementing an RD or interacting with an RD,
care must be taken to follow the behavior described in <xref target="RFC6690" format="default"/>
whenever application/link-format <tt>application/link-format</tt> representations are used.</t>
<ul spacing="normal">
<li>
<t>"Default value of anchor":
Under both <xref target="RFC6690" format="default"/> and <xref target="RFC8288" format="default"/>,
relative references in the term inside the angle brackets (the target)
and the anchor attribute are resolved against the relevant base URI
(which usually is the URI used to retrieve the entity)
and independent of each other. </t>
<t>
When, in a Link header <xref target="RFC8288" format="default"/>, the anchor attribute is absent,
the link's context is the URI of the selected representation
(and usually equal to the base URI). </t>
<t>
In links per <xref target="RFC6690" format="default"/>, if the anchor attribute is absent,
the default value is the Origin of
(for all relevant cases, the URI reference <tt>/</tt> resolved against)
the link's target.</t>
</li>
<li>
<t>There is no percent encoding in link-format documents. </t>
<t>A link-format document is a UTF-8-encoded string of Unicode characters and
does not have percent encoding, while Link header fields are practically ASCII
strings that use percent encoding for non-ASCII characters, stating the
encoding explicitly when required. </t>
<t>For example, while a Link header field in a page about a Swedish city might
read:</t>
<sourcecode name="" type="http-message"><![CDATA[
Link: </temperature/Malm%C3%B6>;rel=live-environment-data
]]></sourcecode>
<t>
a link-format document from the same source might describe the link as: </t>
<sourcecode name="" type=""><![CDATA[
</temperature/Malmö>;rel=live-environment-data
]]></sourcecode>
</li>
</ul>
</section>
</section>
<section anchor="limitedlinkformat" numbered="true" toc="default">
<name>Limited Link Format</name>
<t>The CoRE Link Format, as described in <xref target="RFC6690" format="default"/>,
has been interpreted differently by implementers,
and a strict implementation
rules out some use cases of an RD
(e.g., base values with path components in combination with absent anchors).</t>
<t>This appendix describes
a subset of link format documents called the Limited Link Format.
The one rule herein is not very limiting in practice --
all examples in <xref target="RFC6690" format="default"/> and all deployments the authors are aware of already stick to them --
but eases the implementation of RD servers.</t>
<t>It is applicable to representations in the application/link-format <tt>application/link-format</tt> media type
and any other media types that inherit <xref target="RFC6690" section="2.1" sectionFormat="comma"/>. </t>
<t>A link format representation is in the Limited Link Format if,
for each link in it,
the following applies:</t>
<t>All URI references either follow the URI or the path-absolute ABNF rule of
<xref target="RFC3986" format="default"/> (i.e, the target and anchor each either start with a scheme or with a
single slash).</t>
</section>
<section anchor="acknowledgments" numbered="false" toc="default">
<name>Acknowledgments</name>
<t> <contact fullname="Oscar Novo"/>, <contact fullname="Srdjan Krco"/>, <contact fullname="Szymon Sasin"/>, <contact fullname="Kerry Lynn"/>, <contact fullname="Esko Dijk"/>, <contact fullname="Anders
Brandt"/>, <contact fullname="Matthieu Vial"/>, <contact fullname="Jim Schaad"/>, <contact fullname="Mohit Sethi"/>, <contact fullname="Hauke Petersen"/>, <contact fullname="Hannes Tschofenig"/>, <contact fullname="Sampo Ukkola"/>, <contact fullname="Linyi Tian"/>, <contact fullname="Jan Newmarch"/>, <contact fullname="Matthias Kovatsch"/>, <contact fullname="Jaime Jimenez"/>, and <contact fullname="Ted Lemon"/> have provided helpful comments, discussions, and ideas to improve and shape this document. Zach would also like to thank his colleagues from the EU FP7 SENSEI project, where many of the RD concepts were originally developed.</t>
</section>
<!--[rfced] Terminology
Content-Format vs. content format vs. content-format
-->
</back> </rfc>