CoRE Resource Directory
draft-ietf-core-resource-directory-18

quot;
   response and a Max-Age option or Retry-After header, the registering

Shelby, et al.            Expires June 23, 2019                [Page 30]
Internet-Draft           CoRE Resource Directory           December 2018

   endpoint SHOULD retry the operation after the time indicated.  If the
   registration fails in another way, including request timeouts, or if
   the time indicated exceeds the remaining lifetime, the registering
   endpoint SHOULD attempt registration again.

   The following example shows how the registering endpoint updates its
   registration resource at an RD using this interface with the example
   location value: /rd/4521.

   Req: POST /rd/4521

   Res: 2.04 Changed

   The following example shows the registering endpoint updating its
   registration resource at an RD using this interface with the example
   location value: /rd/4521.  The initial registration by the
   registering endpoint set the following values:

   o  endpoint name (ep)=endpoint1

   o  lifetime (lt)=500

   o  Base URI (base)=coap://local-proxy-old.example.com:5683

   o  payload of Figure 6

   The initial state of the Resource Directory is reflected in the
   following request:

   Req: GET /rd-lookup/res?ep=endpoint1

   Res: 2.01 Content
   Payload:
   <coap://local-proxy-old.example.com:5683/sensors/temp>;ct=41;
    rt="temperature"; anchor="coap://spurious.example.com:5683",
   <coap://local-proxy-old.example.com:5683/sensors/light>;ct=41;
     rt="light-lux"; if="sensor";
     anchor="coap://local-proxy-old.example.com:5683"

   The following example shows the registering endpoint changing the
   Base URI to "coaps://new.example.com:5684":

   Req: POST /rd/4521?base=coaps://new.example.com:5684

   Res: 2.04 Changed

   The consecutive query returns:

Shelby, et al.            Expires June 23, 2019                [Page 31]
Internet-Draft           CoRE Resource Directory           December 2018

   Req: GET /rd-lookup/res?ep=endpoint1

   Res: 2.01 Content
   Payload:
   <coaps://new.example.com:5684/sensors/temp>;ct=41;rt="temperature";
       anchor="coap://spurious.example.com:5683",
   <coaps://new.example.com:5684/sensors/light>;ct=41;rt="light-lux";
       if="sensor"; anchor="coaps://new.example.com:5684",

5.4.2.  Registration Removal

   Although RD registrations have soft state and will eventually timeout
   after their lifetime, the registering endpoint SHOULD explicitly
   remove an entry from the RD if it knows it will no longer be
   available (for example on shut-down).  This is accomplished using a
   removal interface on the RD by performing a DELETE on the endpoint
   resource.

   The removal request interface is specified as follows:

   Interaction:  EP -> RD

   Method:  DELETE

   URI Template:  {+location}

   URI Template Variables:

      location :=  This is the Location returned by the RD as a result
         of a successful earlier registration.

   The following response codes are defined for this interface:

   Success:  2.02 "Deleted" or 204 "No Content" upon successful deletion

   Failure:  4.00 "Bad Request" or 400 "Bad Request".  Malformed
      request.

   Failure:  4.04 "Not Found" or 404 "Not Found".  Registration does not
      exist (e.g. may already have been removed).

   Failure:  5.03 "Service Unavailable" or 503 "Service Unavailable".
      Service could not perform the operation.

   HTTP support: YES

   The following examples shows successful removal of the endpoint from
   the RD with example location value /rd/4521.

Shelby, et al.            Expires June 23, 2019                [Page 32]
Internet-Draft           CoRE Resource Directory           December 2018

   Req: DELETE /rd/4521

   Res: 2.02 Deleted

5.4.3.  Further operations

   Additional operations on the registration can be specified in future
   documents, for example:

   o  Send iPATCH (or PATCH) updates ([RFC8132]) to add, remove or
      change the links of a registration.

   o  Use GET to read the currently stored set of links in a
      registration resource.

   Those operations are out of scope of this document, and will require
   media types suitable for modifying sets of links.

6.  RD Lookup

   To discover the resources registered with the RD, a lookup interface
   must be provided.  This lookup interface is defined as a default, and
   it is assumed that RDs may also support lookups to return resource
   descriptions in alternative formats (e.g.  JSON or CBOR link format
   [I-D.ietf-core-links-json]) or using more advanced interfaces (e.g.
   supporting context or semantic based lookup) on different resources
   that are discovered independently.

   RD Lookup allows lookups for endpoints and resources using attributes
   defined in this document and for use with the CoRE Link Format.  The
   result of a lookup request is the list of links (if any)
   corresponding to the type of lookup.  Thus, an endpoint lookup MUST
   return a list of endpoints and a resource lookup MUST return a list
   of links to resources.

   The lookup type is selected by a URI endpoint, which is indicated by
   a Resource Type as per Table 1 below:

             +-------------+--------------------+-----------+
             | Lookup Type | Resource Type      | Mandatory |
             +-------------+--------------------+-----------+
             | Resource    | core.rd-lookup-res | Mandatory |
             | Endpoint    | core.rd-lookup-ep  | Mandatory |
             +-------------+--------------------+-----------+

                           Table 1: Lookup Types

Shelby, et al.            Expires June 23, 2019                [Page 33]
Internet-Draft           CoRE Resource Directory           December 2018

6.1.  Resource lookup

   Resource lookup results in links that are semantically equivalent to
   the links submitted to the RD.  The links and link parameters
   returned by the lookup are equal to the submitted ones, except that
   the target and anchor references are fully resolved.

   Links that did not have an anchor attribute are therefore returned
   with the base URI of the registration as the anchor.  Links of which
   href or anchor was submitted as a (full) URI are returned with these
   attributes unmodified.

   Above rules allow the client to interpret the response as links
   without any further knowledge of the storage conventions of the RD.
   The Resource Directory MAY replace the registration base URIs with a
   configured intermediate proxy, e.g. in the case of an HTTP lookup
   interface for CoAP endpoints.

6.2.  Lookup filtering

   Using the Accept Option, the requester can control whether the
   returned list is returned in CoRE Link Format ("application/link-
   format", default) or in alternate content-formats (e.g. from
   [I-D.ietf-core-links-json]).

   The page and count parameters are used to obtain lookup results in
   specified increments using pagination, where count specifies how many
   links to return and page specifies which subset of links organized in
   sequential pages, each containing 'count' links, starting with link
   zero and page zero.  Thus, specifying count of 10 and page of 0 will
   return the first 10 links in the result set (links 0-9).  Count = 10
   and page = 1 will return the next 'page' containing links 10-19, and
   so on.

   Multiple search criteria MAY be included in a lookup.  All included
   criteria MUST match for a link to be returned.  The Resource
   Directory MUST support matching with multiple search criteria.

   A link matches a search criterion if it has an attribute of the same
   name and the same value, allowing for a trailing "*" wildcard
   operator as in Section 4.1 of [RFC6690].  Attributes that are defined
   as "link-type" match if the search value matches any of their values
   (see Section 4.1 of [RFC6690]; e.g. "?if=core.s" matches ";if="abc
   core.s";").  A resource link also matches a search criterion if its
   endpoint would match the criterion, and vice versa, an endpoint link
   matches a search criterion if any of its resource links matches it.

Shelby, et al.            Expires June 23, 2019                [Page 34]
Internet-Draft           CoRE Resource Directory           December 2018

   Note that "href" is a valid search criterion and matches target
   references.  Like all search criteria, on a resource lookup it can
   match the target reference of the resource link itself, but also the
   registration resource of the endpoint that registered it.  Queries
   for resource link targets MUST be in URI form (i.e. not relative
   references) and are matched against a resolved link target.  Queries
   for endpoints SHOULD be expressed in path-absolute form if possible
   and MUST be expressed in URI form otherwise; the RD SHOULD recognize
   either.

   Endpoints that are interested in a lookup result repeatedly or
   continuously can use mechanisms like ETag caching, resource
   observation ([RFC7641]), or any future mechanism that might allow
   more efficient observations of collections.  These are advertised,
   detected and used according to their own specifications and can be
   used with the lookup interface as with any other resource.

   When resource observation is used, every time the set of matching
   links changes, or the content of a matching link changes, the RD
   sends a notification with the matching link set.  The notification
   contains the successful current response to the given request,
   especially with respect to representing zero matching links (see
   "Success" item below).

   The lookup interface is specified as follows:

   Interaction:  Client -> RD

   Method:  GET

   URI Template:  {+type-lookup-location}{?page,count,search*}

   URI Template Variables:

      type-lookup-location :=  RD Lookup URI for a given lookup type
         (mandatory).  The address is discovered as described in
         Section 5.2.

      search :=  Search criteria for limiting the number of results
         (optional).

      page :=  Page (optional).  Parameter cannot be used without the
         count parameter.  Results are returned from result set in pages
         that contain 'count' links starting from index (page * count).
         Page numbering starts with zero.

      count :=  Count (optional).  Number of results is limited to this
         parameter value.  If the page parameter is also present, the

Shelby, et al.            Expires June 23, 2019                [Page 35]
Internet-Draft           CoRE Resource Directory           December 2018

         response MUST only include 'count' links starting with the
         (page * count) link in the result set from the query.  If the
         count parameter is not present, then the response MUST return
         all matching links in the result set.  Link numbering starts
         with zero.

      Accept:  absent, application/link-format or any other indicated
         media type representing web links

   The following responses codes are defined for this interface:

   Success:  2.05 "Content" or 200 "OK" with an "application/link-
      format" or other web link payload containing matching entries for
      the lookup.  The payload can contain zero links (which is an empty
      payload in [RFC6690] link format, but could also be "[]" in JSON
      based formats), indicating that no entities matched the request.

   Failure:  No error response to a multicast request.

   Failure:  4.00 "Bad Request" or 400 "Bad Request".  Malformed
      request.

   Failure:  5.03 "Service Unavailable" or 503 "Service Unavailable".
      Service could not perform the operation.

   HTTP support:  YES

6.3.  Resource lookup examples

   The examples in this section assume the existence of CoAP hosts with
   a default CoAP port 61616.  HTTP hosts are possible and do not change
   the nature of the examples.

   The following example shows a client performing a resource lookup
   with the example resource look-up locations discovered in Figure 5:

   Req: GET /rd-lookup/res?rt=temperature

   Res: 2.05 Content
   <coap://[2001:db8:3::123]:61616/temp>;rt="temperature";
              anchor="coap://[2001:db8:3::123]:61616"

   A client that wants to be notified of new resources as they show up
   can use observation:

Shelby, et al.            Expires June 23, 2019                [Page 36]
Internet-Draft           CoRE Resource Directory           December 2018

   Req: GET /rd-lookup/res?rt=light
   Observe: 0

   Res: 2.05 Content
   Observe: 23
   Payload: empty

   (at a later point in time)

   Res: 2.05 Content
   Observe: 24
   Payload:
   <coap://[2001:db8:3::124]/west>;rt="light";
       anchor="coap://[2001:db8:3::124]",
   <coap://[2001:db8:3::124]/south>;rt="light";
       anchor="coap://[2001:db8:3::124]",
   <coap://[2001:db8:3::124]/east>;rt="light";
       anchor="coap://[2001:db8:3::124]"

   The following example shows a client performing a paginated resource
   lookup

Shelby, et al.            Expires June 23, 2019                [Page 37]
Internet-Draft           CoRE Resource Directory           December 2018

   Req: GET /rd-lookup/res?page=0&count=5

   Res: 2.05 Content
   <coap://[2001:db8:3::123]:61616/res/0>;rt=sensor;ct=60;
       anchor="coap://[2001:db8:3::123]:61616",
   <coap://[2001:db8:3::123]:61616/res/1>;rt=sensor;ct=60;
       anchor="coap://[2001:db8:3::123]:61616",
   <coap://[2001:db8:3::123]:61616/res/2>;rt=sensor;ct=60;
       anchor="coap://[2001:db8:3::123]:61616",
   <coap://[2001:db8:3::123]:61616/res/3>;rt=sensor;ct=60;
       anchor="coap://[2001:db8:3::123]:61616",
   <coap://[2001:db8:3::123]:61616/res/4>;rt=sensor;ct=60;
       anchor="coap://[2001:db8:3::123]:61616"

   Req: GET /rd-lookup/res?page=1&count=5

   Res: 2.05 Content
   <coap://[2001:db8:3::123]:61616/res/5>;rt=sensor;ct=60;
       anchor="coap://[2001:db8:3::123]:61616",
   <coap://[2001:db8:3::123]:61616/res/6>;rt=sensor;ct=60;
       anchor="coap://[2001:db8:3::123]:61616",
   <coap://[2001:db8:3::123]:61616/res/7>;rt=sensor;ct=60;
       anchor="coap://[2001:db8:3::123]:61616",
   <coap://[2001:db8:3::123]:61616/res/8>;rt=sensor;ct=60;
       anchor="coap://[2001:db8:3::123]:61616",
   <coap://[2001:db8:3::123]:61616/res/9>;rt=sensor;ct=60;
       anchor="coap://[2001:db8:3::123]:61616"

   The following example shows a client performing a lookup of all
   resources from endpoints of all endpoints of a given endpoint type.
   It assumes that two endpoints (with endpoint names "sensor1" and
   "sensor2") have previously registered with their respective addresses
   "coap://sensor1.example.com" and "coap://sensor2.example.com", and
   posted the very payload of the 6th request of section 5 of [RFC6690].

   It demonstrates how absolute link targets stay unmodified, while
   relative ones are resolved:

Shelby, et al.            Expires June 23, 2019                [Page 38]
Internet-Draft           CoRE Resource Directory           December 2018

   Req: GET /rd-lookup/res?et=oic.d.sensor

   <coap://sensor1.example.com/sensors>;ct=40;title="Sensor Index";
       anchor="coap://sensor1.example.com",
   <coap://sensor1.example.com/sensors/temp>;rt="temperature-c";
       if="sensor"; anchor="coap://sensor1.example.com",
   <coap://sensor1.example.com/sensors/light>;rt="light-lux";
       if="sensor"; anchor="coap://sensor1.example.com",
   <http://www.example.com/sensors/t123>;rel="describedby";
       anchor="coap://sensor1.example.com/sensors/temp",
   <coap://sensor1.example.com/t>;rel="alternate";
       anchor="coap://sensor1.example.com/sensors/temp",
   <coap://sensor2.example.com/sensors>;ct=40;title="Sensor Index";
       anchor="coap://sensor2.example.com",
   <coap://sensor2.example.com/sensors/temp>;rt="temperature-c";
       if="sensor"; anchor="coap://sensor2.example.com",
   <coap://sensor2.example.com/sensors/light>;rt="light-lux";
       if="sensor"; anchor="coap://sensor2.example.com",
   <http://www.example.com/sensors/t123>;rel="describedby";
       anchor="coap://sensor2.example.com/sensors/temp",
   <coap://sensor2.example.com/t>;rel="alternate";
       anchor="coap://sensor2.example.com/sensors/temp"

6.4.  Endpoint lookup

   The endpoint lookup returns registration resources which can only be
   manipulated by the registering endpoint.

   Endpoint registration resources are annotated with their endpoint
   names (ep), sectors (d, if present) and registration base URI (base;
   reports the registrant-ep's address if no explicit base was given) as
   well as a constant resource type (rt="core.rd-ep"); the lifetime (lt)
   is not reported.  Additional endpoint attributes are added as target
   attributes to their endpoint link unless their specification says
   otherwise.

   Links to endpoints SHOULD be presented in path-absolute form or, if
   required, as absolute references.  (This avoids the RFC6690
   ambiguities.)

   While Endpoint Lookup does expose the registration resources, the RD
   does not need to make them accessible to clients.  Clients SHOULD NOT
   attempt to dereference or manipulate them.

   A Resource Directory can report endpoints in lookup that are not
   hosted at the same address.  Lookup clients MUST be prepared to see
   arbitrary URIs as registration resources in the results and treat

Shelby, et al.            Expires June 23, 2019                [Page 39]
Internet-Draft           CoRE Resource Directory           December 2018

   them as opaque identifiers; the precise semantics of such links are
   left to future specifications.

   The following example shows a client performing an endpoint type (et)
   lookup with the value oic.d.sensor (which is currently a registered
   rt value):

   Req: GET /rd-lookup/ep?et=oic.d.sensor

   Res: 2.05 Content
   </rd/1234>;base="coap://[2001:db8:3::127]:61616";ep="node5";
   et="oic.d.sensor";ct="40";rt="core.rd-ep",
   </rd/4521>;base="coap://[2001:db8:3::129]:61616";ep="node7";
   et="oic.d.sensor";ct="40";d="floor-3";rt="core.rd-ep"

7.  Security policies

   The Resource Directory (RD) provides assistance to applications
   situated on a selection of nodes to discover endpoints on connected
   nodes.  This section discusses different security aspects of
   accessing the RD.

   The contents of the RD are inserted in two ways:

   1.  The node hosting the discoverable endpoint fills the RD with the
       contents of /.well-known/core by:

       *  Storing the contents directly into RD (see Section 5.3)

       *  Requesting the RD to load the contents from /.well-known/core
          (see Section 5.3.1)

   2.  A Commissioning Tool (CT) fills the RD with endpoint information
       for a set of discoverable nodes. (see Section 5.3 with
       base=authority parameter value)

   In both cases, the nodes filling the RD should be authenticated and
   authorized to change the contents of the RD.  An Authorization Server
   (AS) is responsible to assign a token to the registering node to
   authorize the node to discover or register endpoints in a given RD
   [I-D.ietf-ace-oauth-authz].

   It can be imagined that an installation is divided in a set of
   security regions, each one with its own RD(s) to discover the
   endpoints that are part of a given security region.  An endpoint that
   wants to discover an RD, responsible for a given region, needs to be
   authorized to learn the contents of a given RD.  Within a region, for
   a given RD, a more fine-grained security division is possible based

Shelby, et al.            Expires June 23, 2019                [Page 40]
Internet-Draft           CoRE Resource Directory           December 2018

   on the values of the endpoint registration parameters.  Authorization
   to discover endpoints with a given set of filter values is
   recommended for those cases.

   When a node registers its endpoints, criteria are needed to authorize
   the node to enter them.  An important aspect is the uniqueness of the
   (endpoint name, and optional sector) pair within the RD.  Consider
   the two cases separately: (1) CT registers endpoints, and (2) the
   registering node registers its own endpoint(s).

   o  A CT needs authorization to register a set of endpoints.  This
      authorization can be based on the region, i.e. a given CT is
      authorized to register any endpoint (endpoint name, sector) into a
      given RD, or to register an endpoint with (endpoint name, sector)
      value pairs assigned by the AS, or can be more fine-grained,
      including a subset of registration parameter values.

   o  A given endpoint that registers itself, needs to proof its
      possession of its unique (endpoint name, sector) value pair.
      Alternatively, the AS can authorize the endpoint to register with
      an (endpoint name, sector) value pair assigned by the AS.

   A separate document needs to specify these aspects to ensure
   interoperability between registering nodes and RD.  The subsections
   below give some hints how to handle a subset of the different
   aspects.

7.1.  Secure RD discovery

   The Resource Server (RS) discussed in [I-D.ietf-ace-oauth-authz] is
   equated to the RD.  The client (C) needs to discover the RD as
   discussed in Section 4.  C can discover the related AS by sending a
   request to the RD.  The RD denies the request by sending the address
   of the related AS, as discussed in section 5.1 of
   [I-D.ietf-ace-oauth-authz].  The client MUST send an authorization
   request to the AS.  When appropriate, the AS returns a token that
   specifies the authorization permission which needs to be specified in
   a separate document.

7.2.  Secure RD filtering

   The authorized parameter values for the queries by a given endpoint
   must be registered by the AS.  The AS communicates the parameter
   values in the token.  A separate document needs to specify the
   parameter value combinations and their storage in the token.  The RD
   decodes the token and checks the validity of the queries of the
   client.

Shelby, et al.            Expires June 23, 2019                [Page 41]
Internet-Draft           CoRE Resource Directory           December 2018

7.3.  Secure endpoint Name assignment

   This section only considers the assignment of a name to the endpoint
   based on an automatic mechanism without use of AS.  More elaborate
   protocols are out of scope.  The registering endpoint is authorized
   by the AS to discover the RD and add registrations.  A token is
   provided by the AS and communicated from registering endpoint to RD.
   It is assumed that DTLS is used to secure the channel between
   registering endpoint and RD, where the registering endpoint is the
   DTLS client.  Assuming that the client is provided by a certificate
   at manufacturing time, the certificate is uniquely identified by the
   CN field and the serial number.  The RD can assign a unique endpoint
   name by using the certificate identifier as endpoint name.  Proof of
   possession of the endpoint name by the registering endpoint is
   checked by encrypting the certificate identifier with the private key
   of the registering endpoint, which the RD can decrypt with the public
   key stored in the certificate.  Even simpler, the authorized
   registering endpoint can generate a random number (or string) that
   identifies the endpoint.  The RD can check for the improbable
   replication of the random value.  The RD MUST check that registering
   endpoint uses only one random value for each authorized endpoint.

8.  Security Considerations

   The security considerations as described in Section 5 of [RFC8288]
   and Section 6 of [RFC6690] apply.  The "/.well-known/core" resource
   may be protected e.g. using DTLS when hosted on a CoAP server as
   described in [RFC7252].  DTLS or TLS based security SHOULD be used on
   all resource directory interfaces defined in this document.

8.1.  Endpoint Identification and Authentication

   An Endpoint (name, sector) pair is unique within the et of endpoints
   registered by the RD.  An Endpoint MUST NOT be identified by its
   protocol, port or IP address as these may change over the lifetime of
   an Endpoint.

   Every operation performed by an Endpoint on a resource directory
   SHOULD be mutually authenticated using Pre-Shared Key, Raw Public Key
   or Certificate based security.

   Consider the following threat: two devices A and B are registered at
   a single server.  Both devices have unique, per-device credentials
   for use with DTLS to make sure that only parties with authorization
   to access A or B can do so.

   Now, imagine that a malicious device A wants to sabotage the device
   B.  It uses its credentials during the DTLS exchange.  Then, it

Shelby, et al.            Expires June 23, 2019                [Page 42]
Internet-Draft           CoRE Resource Directory           December 2018

   specifies the endpoint name of device B as the name of its own
   endpoint in device A.  If the server does not check whether the
   identifier provided in the DTLS handshake matches the identifier used
   at the CoAP layer then it may be inclined to use the endpoint name
   for looking up what information to provision to the malicious device.

   Section 7.3 specifies an example that removes this threat for
   endpoints that have a certificate installed.

8.2.  Access Control

   Access control SHOULD be performed separately for the RD registration
   and Lookup API paths, as different endpoints may be authorized to
   register with an RD from those authorized to lookup endpoints from
   the RD.  Such access control SHOULD be performed in as fine-grained a
   level as possible.  For example access control for lookups could be
   performed either at the sector, endpoint or resource level.

8.3.  Denial of Service Attacks

   Services that run over UDP unprotected are vulnerable to unknowingly
   become part of a DDoS attack as UDP does not require return
   routability check.  Therefore, an attacker can easily spoof the
   source IP of the target entity and send requests to such a service
   which would then respond to the target entity.  This can be used for
   large-scale DDoS attacks on the target.  Especially, if the service
   returns a response that is order of magnitudes larger than the
   request, the situation becomes even worse as now the attack can be
   amplified.  DNS servers have been widely used for DDoS amplification
   attacks.  There is also a danger that NTP Servers could become
   implicated in denial-of-service (DoS) attacks since they run on
   unprotected UDP, there is no return routability check, and they can
   have a large amplification factor.  The responses from the NTP server
   were found to be 19 times larger than the request.  A Resource
   Directory (RD) which responds to wild-card lookups is potentially
   vulnerable if run with CoAP over UDP.  Since there is no return
   routability check and the responses can be significantly larger than
   requests, RDs can unknowingly become part of a DDoS amplification
   attack.

9.  IANA Considerations

9.1.  Resource Types

   IANA is asked to enter the following values into the Resource Type
   (rt=) Link Target Attribute Values sub-registry of the Constrained
   Restful Environments (CoRE) Parameters registry defined in [RFC6690]:

Shelby, et al.            Expires June 23, 2019                [Page 43]
Internet-Draft           CoRE Resource Directory           December 2018

   +--------------------+--------------------------+-------------------+
   | Value              | Description              | Reference         |
   +--------------------+--------------------------+-------------------+
   | core.rd            | Directory resource of an | RFCTHIS Section   |
   |                    | RD                       | 5.2               |
   | core.rd-lookup-res | Resource lookup of an RD | RFCTHIS Section   |
   |                    |                          | 5.2               |
   | core.rd-lookup-ep  | Endpoint lookup of an RD | RFCTHIS Section   |
   |                    |                          | 5.2               |
   | core.rd-ep         | Endpoint resource of an  | RFCTHIS Section 6 |
   |                    | RD                       |                   |
   +--------------------+--------------------------+-------------------+

9.2.  IPv6 ND Resource Directory Address Option

   This document registers one new ND option type under the sub-registry
   "IPv6 Neighbor Discovery Option Formats":

   o  Resource Directory address Option (38)

9.3.  RD Parameter Registry

   This specification defines a new sub-registry for registration and
   lookup parameters called "RD Parameters" under "CoRE Parameters".
   Although this specification defines a basic set of parameters, it is
   expected that other standards that make use of this interface will
   define new ones.

   Each entry in the registry must include

   o  the human readable name of the parameter,

   o  the short name as used in query parameters or target attributes,

   o  indication of whether it can be passed as a query parameter at
      registration of endpoints, as a query parameter in lookups, or be
      expressed as a target attribute,

   o  validity requirements if any, and

   o  a description.

   The query parameter MUST be both a valid URI query key [RFC3986] and
   a token as used in [RFC8288].

   The description must give details on whether the parameter can be
   updated, and how it is to be processed in lookups.

Shelby, et al.            Expires June 23, 2019                [Page 44]
Internet-Draft           CoRE Resource Directory           December 2018

   The mechanisms around new RD parameters should be designed in such a
   way that they tolerate RD implementations that are unaware of the
   parameter and expose any parameter passed at registration or updates
   on in endpoint lookups.  (For example, if a parameter used at
   registration were to be confidential, the registering endpoint should
   be instructed to only set that parameter if the RD advertises support
   for keeping it confidential at the discovery step.)

   Initial entries in this sub-registry are as follows:

   +--------------+-------+---------------+-----+----------------------+
   | Full name    | Short | Validity      | Use | Description          |
   +--------------+-------+---------------+-----+----------------------+
   | Endpoint     | ep    |               | RLA | Name of the          |
   | Name         |       |               |     | endpoint, max 63     |
   |              |       |               |     | bytes                |
   | Lifetime     | lt    | 60-4294967295 | R   | Lifetime of the      |
   |              |       |               |     | registration in      |
   |              |       |               |     | seconds              |
   | Sector       | d     |               | RLA | Sector to which this |
   |              |       |               |     | endpoint belongs     |
   | Registration | base  | URI           | RLA | The scheme, address  |
   | Base URI     |       |               |     | and port and path at |
   |              |       |               |     | which this server is |
   |              |       |               |     | available            |
   | Page         | page  | Integer       | L   | Used for pagination  |
   | Count        | count | Integer       | L   | Used for pagination  |
   | Endpoint     | et    |               | RLA | Semantic name of the |
   | Type         |       |               |     | endpoint (see        |
   |              |       |               |     | Section 9.4)         |
   +--------------+-------+---------------+-----+----------------------+

                          Table 2: RD Parameters

   (Short: Short name used in query parameters or target attributes.
   Use: R = used at registration, L = used at lookup, A = expressed in
   target attribute

   The descriptions for the options defined in this document are only
   summarized here.  To which registrations they apply and when they are
   to be shown is described in the respective sections of this document.

   The IANA policy for future additions to the sub-registry is "Expert
   Review" as described in [RFC8126].  The evaluation should consider
   formal criteria, duplication of functionality (Is the new entry
   redundant with an existing one?), topical suitability (E.g. is the
   described property actually a property of the endpoint and not a
   property of a particular resource, in which case it should go into

Shelby, et al.            Expires June 23, 2019                [Page 45]
Internet-Draft           CoRE Resource Directory           December 2018

   the payload of the registration and need not be registered?), and the
   potential for conflict with commonly used target attributes (For
   example, "if" could be used as a parameter for conditional
   registration if it were not to be used in lookup or attributes, but
   would make a bad parameter for lookup, because a resource lookup with
   an "if" query parameter could ambiguously filter by the registered
   endpoint property or the [RFC6690] target attribute).  It is expected
   that the registry will receive between 5 and 50 registrations in
   total over the next years.

9.3.1.  Full description of the "Endpoint Type" Registration Parameter

   An endpoint registering at an RD can describe itself with endpoint
   types, similar to how resources are described with Resource Types in
   [RFC6690].  An endpoint type is expressed as a string, which can be
   either a URI or one of the values defined in the Endpoint Type sub-
   registry.  Endpoint types can be passed in the "et" query parameter
   as part of extra-attrs at the Registration step, are shown on
   endpoint lookups using the "et" target attribute, and can be filtered
   for using "et" as a search criterion in resource and endpoint lookup.
   Multiple endpoint types are given as separate query parameters or
   link attributes.

   Note that Endpoint Type differs from Resource Type in that it uses
   multiple attributes rather than space separated values.  As a result,
   Resource Directory implementations automatically support correct
   filtering in the lookup interfaces from the rules for unknown
   endpoint attributes.

9.4.  "Endpoint Type" (et=) RD Parameter values

   This specification establishes a new sub-registry under "CoRE
   Parameters" called '"Endpoint Type" (et=) RD Parameter values'.  The
   registry properties (required policy, requirements, template) are
   identical to those of the Resource Type parameters in [RFC6690], in
   short:

   The review policy is IETF Review for values starting with "core", and
   Specification Required for others.

   The requirements to be enforced are:

   o  The values MUST be related to the purpose described in
      Section 9.3.1.

   o  The registered values MUST conform to the ABNF reg-rel-type
      definition of [RFC6690] and MUST NOT be a URI.

Shelby, et al.            Expires June 23, 2019                [Page 46]
Internet-Draft           CoRE Resource Directory           December 2018

   o  It is recommended to use the period "." character for
      segmentation.

   The registry initially contains one value:

   o  "core.rd-group": An application group as described in Appendix A.

9.5.  Multicast Address Registration

   IANA has assigned the following multicast addresses for use by CoAP
   nodes:

   IPv4 - "all CoRE resource directories" address, from the "IPv4
   Multicast Address Space Registry" equal to "All CoAP Nodes",
   224.0.1.187.  As the address is used for discovery that may span
   beyond a single network, it has come from the Internetwork Control
   Block (224.0.1.x, RFC 5771).

   IPv6 - "all CoRE resource directories" address MCD1 (suggestions
   FF0X::FE), from the "IPv6 Multicast Address Space Registry", in the
   "Variable Scope Multicast Addresses" space (RFC 3307).  Note that
   there is a distinct multicast address for each scope that interested
   CoAP nodes should listen to; CoAP needs the Link-Local and Site-Local
   scopes only.

10.  Examples

   Two examples are presented: a Lighting Installation example in
   Section 10.1 and a LWM2M example in Section 10.2.

10.1.  Lighting Installation

   This example shows a simplified lighting installation which makes use
   of the Resource Directory (RD) with a CoAP interface to facilitate
   the installation and start-up of the application code in the lights
   and sensors.  In particular, the example leads to the definition of a
   group and the enabling of the corresponding multicast address as
   described in Appendix A.  No conclusions must be drawn on the
   realization of actual installation or naming procedures, because the
   example only "emphasizes" some of the issues that may influence the
   use of the RD and does not pretend to be normative.

10.1.1.  Installation Characteristics

   The example assumes that the installation is managed.  That means
   that a Commissioning Tool (CT) is used to authorize the addition of
   nodes, name them, and name their services.  The CT can be connected
   to the installation in many ways: the CT can be part of the

Shelby, et al.            Expires June 23, 2019                [Page 47]
Internet-Draft           CoRE Resource Directory           December 2018

   installation network, connected by WiFi to the installation network,
   or connected via GPRS link, or other method.

   It is assumed that there are two naming authorities for the
   installation: (1) the network manager that is responsible for the
   correct operation of the network and the connected interfaces, and
   (2) the lighting manager that is responsible for the correct
   functioning of networked lights and sensors.  The result is the
   existence of two naming schemes coming from the two managing
   entities.

   The example installation consists of one presence sensor, and two
   luminaries, luminary1 and luminary2, each with their own wireless
   interface.  Each luminary contains three lamps: left, right and
   middle.  Each luminary is accessible through one endpoint.  For each
   lamp a resource exists to modify the settings of a lamp in a
   luminary.  The purpose of the installation is that the presence
   sensor notifies the presence of persons to a group of lamps.  The
   group of lamps consists of: middle and left lamps of luminary1 and
   right lamp of luminary2.

   Before commissioning by the lighting manager, the network is
   installed and access to the interfaces is proven to work by the
   network manager.

   At the moment of installation, the network under installation is not
   necessarily connected to the DNS infra structure.  Therefore, SLAAC
   IPv6 addresses are assigned to CT, RD, luminaries and sensor shown in
   Table 3 below:

                  +--------------------+----------------+
                  | Name               | IPv6 address   |
                  +--------------------+----------------+
                  | luminary1          | 2001:db8:4::1  |
                  | luminary2          | 2001:db8:4::2  |
                  | Presence sensor    | 2001:db8:4::3  |
                  | Resource directory | 2001:db8:4::ff |
                  +--------------------+----------------+

                    Table 3: interface SLAAC addresses

   In Section 10.1.2 the use of resource directory during installation
   is presented.

Shelby, et al.            Expires June 23, 2019                [Page 48]
Internet-Draft           CoRE Resource Directory           December 2018

10.1.2.  RD entries

   It is assumed that access to the DNS infrastructure is not always
   possible during installation.  Therefore, the SLAAC addresses are
   used in this section.

   For discovery, the resource types (rt) of the devices are important.
   The lamps in the luminaries have rt: light, and the presence sensor
   has rt: p-sensor.  The endpoints have names which are relevant to the
   light installation manager.  In this case luminary1, luminary2, and
   the presence sensor are located in room 2-4-015, where luminary1 is
   located at the window and luminary2 and the presence sensor are
   located at the door.  The endpoint names reflect this physical
   location.  The middle, left and right lamps are accessed via path
   /light/middle, /light/left, and /light/right respectively.  The
   identifiers relevant to the Resource Directory are shown in Table 4
   below:

   +----------------+------------------+---------------+---------------+
   | Name           | endpoint         | resource path | resource type |
   +----------------+------------------+---------------+---------------+
   | luminary1      | lm_R2-4-015_wndw | /light/left   | light         |
   | luminary1      | lm_R2-4-015_wndw | /light/middle | light         |
   | luminary1      | lm_R2-4-015_wndw | /light/right  | light         |
   | luminary2      | lm_R2-4-015_door | /light/left   | light         |
   | luminary2      | lm_R2-4-015_door | /light/middle | light         |
   | luminary2      | lm_R2-4-015_door | /light/right  | light         |
   | Presence       | ps_R2-4-015_door | /ps           | p-sensor      |
   | sensor         |                  |               |               |
   +----------------+------------------+---------------+---------------+

                  Table 4: Resource Directory identifiers

   It is assumed that the CT knows the RD's address, and has performed
   URI discovery on it that returned a response like the one in the
   Section 5.2 example.

   The CT inserts the endpoints of the luminaries and the sensor in the
   RD using the registration base URI parameter (base) to specify the
   interface address:

Shelby, et al.            Expires June 23, 2019                [Page 49]
Internet-Draft           CoRE Resource Directory           December 2018

   Req: POST coap://[2001:db8:4::ff]/rd
     ?ep=lm_R2-4-015_wndw&base=coap://[2001:db8:4::1]&d=R2-4-015
   Payload:
   </light/left>;rt="light",
   </light/middle>;rt="light",
   </light/right>;rt="light"

   Res: 2.01 Created
   Location-Path: /rd/4521

   Req: POST coap://[2001:db8:4::ff]/rd
     ?ep=lm_R2-4-015_door&base=coap://[2001:db8:4::2]&d=R2-4-015
   Payload:
   </light/left>;rt="light",
   </light/middle>;rt="light",
   </light/right>;rt="light"

   Res: 2.01 Created
   Location-Path: /rd/4522

   Req: POST coap://[2001:db8:4::ff]/rd
     ?ep=ps_R2-4-015_door&base=coap://[2001:db8:4::3]d&d=R2-4-015
   Payload:
   </ps>;rt="p-sensor"

   Res: 2.01 Created
   Location-Path: /rd/4523

   The sector name d=R2-4-015 has been added for an efficient lookup
   because filtering on "ep" name is more awkward.  The same sector name
   is communicated to the two luminaries and the presence sensor by the
   CT.

   The group is specified in the RD.  The base parameter is set to the
   site-local multicast address allocated to the group.  In the POST in
   the example below, the resources supported by all group members are
   published.

   Req: POST coap://[2001:db8:4::ff]/rd
   ?ep=grp_R2-4-015&et=core.rd-group&base=coap://[ff05::1]
   Payload:
   </light/left>;rt="light",
   </light/middle>;rt="light",
   </light/right>;rt="light"

   Res: 2.01 Created
   Location-Path: /rd/501

Shelby, et al.            Expires June 23, 2019                [Page 50]
Internet-Draft           CoRE Resource Directory           December 2018

   After the filling of the RD by the CT, the application in the
   luminaries can learn to which groups they belong, and enable their
   interface for the multicast address.

   The luminary, knowing its sector and being configured to join any
   group containing lights, searches for candidate groups and joins
   them:

   Req: GET coap://[2001:db8:4::ff]/rd-lookup/ep
     ?d=R2-4-015&et=core.rd-group&rt=light

   Res: 2.05 Content
   </rd/501>;ep="grp_R2-4-015";et="core.rd-group";
             base="coap://[ff05::1]";rt="core.rd-ep"

   From the returned base parameter value, the luminary learns the
   multicast address of the multicast group.

   Alternatively, the CT can communicate the multicast address directly
   to the luminaries by using the "coap-group" resource specified in
   [RFC7390].

   Req: POST coap://[2001:db8:4::1]/coap-group
   Content-Format: application/coap-group+json
   Payload:
   { "a": "[ff05::1]", "n": "grp_R2-4-015"}

   Res: 2.01 Created
   Location-Path: /coap-group/1

   Dependent on the situation, only the address, "a", or the name, "n",
   is specified in the coap-group resource.

   The presence sensor can learn the presence of groups that support
   resources with rt=light in its own sector by sending the same
   request, as used by the luminary.  The presence sensor learns the
   multicast address to use for sending messages to the luminaries.

10.2.  OMA Lightweight M2M (LWM2M) Example

   This example shows how the OMA LWM2M specification makes use of
   Resource Directory (RD).

   OMA LWM2M is a profile for device services based on CoAP(OMA Name
   Authority).  LWM2M defines a simple object model and a number of
   abstract interfaces and operations for device management and device
   service enablement.

Shelby, et al.            Expires June 23, 2019                [Page 51]
Internet-Draft           CoRE Resource Directory           December 2018

   An LWM2M server is an instance of an LWM2M middleware service layer,
   containing a Resource Directory along with other LWM2M interfaces
   defined by the LWM2M specification.

   CoRE Resource Directory (RD) is used to provide the LWM2M
   Registration interface.

   LWM2M does not provide for registration sectors and does not
   currently use the rd-lookup interface.

   The LWM2M specification describes a set of interfaces and a resource
   model used between a LWM2M device and an LWM2M server.  Other
   interfaces, proxies, and applications are currently out of scope for
   LWM2M.

   The location of the LWM2M Server and RD URI path is provided by the
   LWM2M Bootstrap process, so no dynamic discovery of the RD is used.
   LWM2M Servers and endpoints are not required to implement the /.well-
   known/core resource.

10.2.1.  The LWM2M Object Model

   The OMA LWM2M object model is based on a simple 2 level class
   hierarchy consisting of Objects and Resources.

   An LWM2M Resource is a REST endpoint, allowed to be a single value or
   an array of values of the same data type.

   An LWM2M Object is a resource template and container type that
   encapsulates a set of related resources.  An LWM2M Object represents
   a specific type of information source; for example, there is a LWM2M
   Device Management object that represents a network connection,
   containing resources that represent individual properties like radio
   signal strength.

   Since there may potentially be more than one of a given type object,
   for example more than one network connection, LWM2M defines instances
   of objects that contain the resources that represent a specific
   physical thing.

   The URI template for LWM2M consists of a base URI followed by Object,
   Instance, and Resource IDs:

   {/base-uri}{/object-id}{/object-instance}{/resource-id}{/resource-
   instance}

   The five variables given here are strings.  base-uri can also have
   the special value "undefined" (sometimes called "null" in RFC 6570).

Shelby, et al.            Expires June 23, 2019                [Page 52]
Internet-Draft           CoRE Resource Directory           December 2018

   Each of the variables object-instance, resource-id, and resource-
   instance can be the special value "undefined" only if the values
   behind it in this sequence also are "undefined".  As a special case,
   object-instance can be "empty" (which is different from "undefined")
   if resource-id is not "undefined".

   base-uri := Base URI for LWM2M resources or "undefined" for default
   (empty) base URI

   object-id := OMNA (OMA Name Authority) registered object ID (0-65535)

   object-instance := Object instance identifier (0-65535) or
   "undefined"/"empty" (see above)) to refer to all instances of an
   object ID

   resource-id := OMNA (OMA Name Authority) registered resource ID
   (0-65535) or "undefined" to refer to all resources within an instance

   resource-instance := Resource instance identifier or "undefined" to
   refer to single instance of a resource

   LWM2M IDs are 16 bit unsigned integers represented in decimal (no
   leading zeroes except for the value 0) by URI format strings.  For
   example, a LWM2M URI might be:

   /1/0/1

   The base uri is empty, the Object ID is 1, the instance ID is 0, the
   resource ID is 1, and the resource instance is "undefined".  This
   example URI points to internal resource 1, which represents the
   registration lifetime configured, in instance 0 of a type 1 object
   (LWM2M Server Object).

10.2.2.  LWM2M Register Endpoint

   LWM2M defines a registration interface based on the REST API,
   described in Section 5.  The RD registration URI path of the LWM2M
   Resource Directory is specified to be "/rd".

   LWM2M endpoints register object IDs, for example </1>, to indicate
   that a particular object type is supported, and register object
   instances, for example </1/0>, to indicate that a particular instance
   of that object type exists.

   Resources within the LWM2M object instance are not registered with
   the RD, but may be discovered by reading the resource links from the
   object instance using GET with a CoAP Content-Format of application/
   link-format.  Resources may also be read as a structured object by

Shelby, et al.            Expires June 23, 2019                [Page 53]
Internet-Draft           CoRE Resource Directory           December 2018

   performing a GET to the object instance with a Content-Format of
   senml+json.

   When an LWM2M object or instance is registered, this indicates to the
   LWM2M server that the object and its resources are available for
   management and service enablement (REST API) operations.

   LWM2M endpoints may use the following RD registration parameters as
   defined in Table 2 :

   ep - Endpoint Name
   lt - registration lifetime

   Endpoint Name, Lifetime, and LWM2M Version are mandatory parameters
   for the register operation, all other registration parameters are
   optional.

   Additional optional LWM2M registration parameters are defined:

   +-----------+-------+-------------------------------+---------------+
   | Name      | Query | Validity                      | Description   |
   +-----------+-------+-------------------------------+---------------+
   | Binding   | b     | {"U",UQ","S","SQ","US","UQS"} | Available     |
   | Mode      |       |                               | Protocols     |
   |           |       |                               |               |
   | LWM2M     | ver   | 1.0                           | Spec Version  |
   | Version   |       |                               |               |
   |           |       |                               |               |
   | SMS       | sms   |                               | MSISDN        |
   | Number    |       |                               |               |
   +-----------+-------+-------------------------------+---------------+

             Table 5: LWM2M Additional Registration Parameters

   The following RD registration parameters are not currently specified
   for use in LWM2M:

   et - Endpoint Type
   base - Registration Base URI

   The endpoint registration must include a payload containing links to
   all supported objects and existing object instances, optionally
   including the appropriate link-format relations.

   Here is an example LWM2M registration payload:

   </1>,</1/0>,</3/0>,</5>

Shelby, et al.            Expires June 23, 2019                [Page 54]
Internet-Draft           CoRE Resource Directory           December 2018

   This link format payload indicates that object ID 1 (LWM2M Server
   Object) is supported, with a single instance 0 existing, object ID 3
   (LWM2M Device object) is supported, with a single instance 0
   existing, and object 5 (LWM2M Firmware Object) is supported, with no
   existing instances.

10.2.3.  LWM2M Update Endpoint Registration

   The LwM2M update is really very similar to the registration update as
   described in Section 5.4.1, with the only difference that there are
   more parameters defined and available.  All the parameters listed in
   that section are also available with the initial registration but are
   all optional:

   lt - Registration Lifetime
   b - Protocol Binding
   sms - MSISDN
   link payload - new or modified links

   A Registration update is also specified to be used to update the
   LWM2M server whenever the endpoint's UDP port or IP address are
   changed.

10.2.4.  LWM2M De-Register Endpoint

   LWM2M allows for de-registration using the delete method on the
   returned location from the initial registration operation.  LWM2M de-
   registration proceeds as described in Section 5.4.2.

11.  Acknowledgments

   Oscar Novo, Srdjan Krco, Szymon Sasin, Kerry Lynn, Esko Dijk, Anders
   Brandt, Matthieu Vial, Jim Schaad, Mohit Sethi, Hauke Petersen,
   Hannes Tschofenig, Sampo Ukkola, Linyi Tian, and Jan Newmarch have
   provided helpful comments, discussions and ideas to improve and shape
   this document.  Zach would also like to thank his colleagues from the
   EU FP7 SENSEI project, where many of the resource directory concepts
   were originally developed.

12.  Changelog

   changes from -17 to -18

   o  Rather than re-specifying link format (Modernized Link Format),
      describe a Limited Link Format that's the uncontested subset of
      Link Format

   o  Acknowledging the -17 version as part of the draft

Shelby, et al.            Expires June 23, 2019                [Page 55]
Internet-Draft           CoRE Resource Directory           December 2018

   o  Move "Read endpoint links" operation to future specification like
      PATCH

   o  Demote links-json to an informative reference, and removed them
      from exchange examples

   o  Add note on unusability of link-local IP addresses, and describe
      mitigation.

   o  Reshuffling of sections: Move additional operations and endpoint
      lookup back from appendix, and groups into one

   o  Lookup interface tightened to not imply applicability for non
      link-format lookups (as those can have vastly different views on
      link cardinality)

   o  Simple registration: Change sequence of GET and POST-response,
      ensuring unsuccessful registrations are reported as such, and
      suggest how devices that would have required the inverse behavior
      can still cope with it.

   o  Abstract and introduction reworded to avoid the impression that
      resources are stored in full in the RD

   o  Simplify the rules governing when a registration resource can or
      must be changed.

   o  Drop a figure that has become useless due to the changes of and
      -13 and -17

   o  Wording consistency fixes: Use "Registrations" and "target
      attributes"

   o  Fix incorrect use of content negotiation in discovery interface
      description (Content-Format -> Accept)

   o  State that the base attribute value is part of endpoint lookup
      even when implicit in the registration

   o  Update references from RFC5988 to its update RFC8288

   o  Remove appendix on protocol-negotiation (which had a note to be
      removed before publication)

   changes from -16 to -17

   (Note that -17 is published as a direct follow-up to -16, containing
   a single change to be discussed at IETF103)

Shelby, et al.            Expires June 23, 2019                [Page 56]
Internet-Draft           CoRE Resource Directory           December 2018

   o  Removed groups that are enumerations of registrations and have
      dedicated mechanism

   o  Add groups that are enumerations of shared resources and are a
      special case of endpoint registrations

   changes from -15 to -16

   o  Recommend a common set of resources for members of a group

   o  Clarified use of multicast group in lighting example

   o  Add note on concurrent registrations from one EP being possible
      but not expected

   o  Refresh web examples appendix to reflect current use of Modernized
      Link Format

   o  Add examples of URIs where Modernized Link Format matters

   o  Editorial changes

   changes from -14 to -15

   o  Rewrite of section "Security policies"

   o  Clarify that the "base" parameter text applies both to relative
      references both in anchor and href

   o  Renamed "Registree-EP" to Registrant-EP"

   o  Talk of "relative references" and "URIs" rather than "relative"
      and "absolute" URIs.  (The concept of "absolute URIs" of [RFC3986]
      is not needed in RD).

   o  Fixed examples

   o  Editorial changes

   changes from -13 to -14

   o  Rename "registration context" to "registration base URI" (and
      "con" to "base") and "domain" to "sector" (where the abbreviation
      "d" stays for compatibility reasons)

   o  Introduced resource types core.rd-ep and core.rd-gp

Shelby, et al.            Expires June 23, 2019                [Page 57]
Internet-Draft           CoRE Resource Directory           December 2018

   o  Registration management moved to appendix A, including endpoint
      and group lookup

   o  Minor editorial changes

      *  PATCH/iPATCH is clearly deferred to another document

      *  Recommend against query / fragment identifier in con=

      *  Interface description lists are described as illustrative

      *  Rewording of Simple Registration

   o  Simple registration carries no error information and succeeds
      immediately (previously, sequence was unspecified)

   o  Lookup: href are matched against resolved values (previously, this
      was unspecified)

   o  Lookup: lt are not exposed any more

   o  con/base: Paths are allowed

   o  Registration resource locations can not have query or fragment
      parts

   o  Default life time extended to 25 hours

   o  clarified registration update rules

   o  lt-value semantics for lookup clarified.

   o  added template for simple registration

   changes from -12 to -13

   o  Added "all resource directory" nodes MC address

   o  Clarified observation behavior

   o  version identification

   o  example rt= and et= values

   o  domain from figure 2

   o  more explanatory text

Shelby, et al.            Expires June 23, 2019                [Page 58]
Internet-Draft           CoRE Resource Directory           December 2018

   o  endpoints of a groups hosted by different RD

   o  resolve RFC6690-vs-8288 resolution ambiguities:

      *  require registered links not to be relative when using anchor

      *  return absolute URIs in resource lookup

   changes from -11 to -12

   o  added Content Model section, including ER diagram

   o  removed domain lookup interface; domains are now plain attributes
      of groups and endpoints

   o  updated chapter "Finding a Resource Directory"; now distinguishes
      configuration-provided, network-provided and heuristic sources

   o  improved text on: atomicity, idempotency, lookup with multiple
      parameters, endpoint removal, simple registration

   o  updated LWM2M description

   o  clarified where relative references are resolved, and how context
      and anchor interact

   o  new appendix on the interaction with RFCs 6690, 5988 and 3986

   o  lookup interface: group and endpoint lookup return group and
      registration resources as link targets

   o  lookup interface: search parameters work the same across all
      entities

   o  removed all methods that modify links in an existing registration
      (POST with payload, PATCH and iPATCH)

   o  removed plurality definition (was only needed for link
      modification)

   o  enhanced IANA registry text

   o  state that lookup resources can be observable

   o  More examples and improved text

   changes from -09 to -10

Shelby, et al.            Expires June 23, 2019                [Page 59]
Internet-Draft           CoRE Resource Directory           December 2018

   o  removed "ins" and "exp" link-format extensions.

   o  removed all text concerning DNS-SD.

   o  removed inconsistency in RDAO text.

   o  suggestions taken over from various sources

   o  replaced "Function Set" with "REST API", "base URI", "base path"

   o  moved simple registration to registration section

   changes from -08 to -09

   o  clarified the "example use" of the base RD resource values /rd,
      /rd-lookup, and /rd-group.

   o  changed "ins" ABNF notation.

   o  various editorial improvements, including in examples

   o  clarifications for RDAO

   changes from -07 to -08

   o  removed link target value returned from domain and group lookup
      types

   o  Maximum length of domain parameter 63 bytes for consistency with
      group

   o  removed option for simple POST of link data, don't require a
      .well-known/core resource to accept POST data and handle it in a
      special way; we already have /rd for that

   o  add IPv6 ND Option for discovery of an RD

   o  clarify group configuration section 6.1 that endpoints must be
      registered before including them in a group

   o  removed all superfluous client-server diagrams

   o  simplified lighting example

   o  introduced Commissioning Tool

   o  RD-Look-up text is extended.

Shelby, et al.            Expires June 23, 2019                [Page 60]
Internet-Draft           CoRE Resource Directory           December 2018

   changes from -06 to -07

   o  added text in the discovery section to allow content format hints
      to be exposed in the discovery link attributes

   o  editorial updates to section 9

   o  update author information

   o  minor text corrections

   Changes from -05 to -06

   o  added note that the PATCH section is contingent on the progress of
      the PATCH method

   changes from -04 to -05

   o  added Update Endpoint Links using PATCH

   o  http access made explicit in interface specification

   o  Added http examples

   Changes from -03 to -04:

   o  Added http response codes

   o  Clarified endpoint name usage

   o  Add application/link-format+cbor content-format

   Changes from -02 to -03:

   o  Added an example for lighting and DNS integration

   o  Added an example for RD use in OMA LWM2M

   o  Added Read Links operation for link inspection by endpoints

   o  Expanded DNS-SD section

   o  Added draft authors Peter van der Stok and Michael Koster

   Changes from -01 to -02:

   o  Added a catalogue use case.

Shelby, et al.            Expires June 23, 2019                [Page 61]
Internet-Draft           CoRE Resource Directory           December 2018

   o  Changed the registration update to a POST with optional link
      format payload.  Removed the endpoint type update from the update.

   o  Additional examples section added for more complex use cases.

   o  New DNS-SD mapping section.

   o  Added text on endpoint identification and authentication.

   o  Error code 4.04 added to Registration Update and Delete requests.

   o  Made 63 bytes a SHOULD rather than a MUST for endpoint name and
      resource type parameters.

   Changes from -00 to -01:

   o  Removed the ETag validation feature.

   o  Place holder for the DNS-SD mapping section.

   o  Explicitly disabled GET or POST on returned Location.

   o  New registry for RD parameters.

   o  Added support for the JSON Link Format.

   o  Added reference to the Groupcomm WG draft.

   Changes from -05 to WG Document -00:

   o  Updated the version and date.

   Changes from -04 to -05:

   o  Restricted Update to parameter updates.

   o  Added pagination support for the Lookup interface.

   o  Minor editing, bug fixes and reference updates.

   o  Added group support.

   o  Changed rt to et for the registration and update interface.

   Changes from -03 to -04:

   o  Added the ins= parameter back for the DNS-SD mapping.

Shelby, et al.            Expires June 23, 2019                [Page 62]
Internet-Draft           CoRE Resource Directory           December 2018

   o  Integrated the Simple Directory Discovery from Carsten.

   o  Editorial improvements.

   o  Fixed the use of ETags.

   o  Fixed tickets 383 and 372

   Changes from -02 to -03:

   o  Changed the endpoint name back to a single registration parameter
      ep= and removed the h= and ins= parameters.

   o  Updated REST interface descriptions to use RFC6570 URI Template
      format.

   o  Introduced an improved RD Lookup design as its own function set.

   o  Improved the security considerations section.

   o  Made the POST registration interface idempotent by requiring the
      ep= parameter to be present.

   Changes from -01 to -02:

   o  Added a terminology section.

   o  Changed the inclusion of an ETag in registration or update to a
      MAY.

   o  Added the concept of an RD Domain and a registration parameter for
      it.

   o  Recommended the Location returned from a registration to be
      stable, allowing for endpoint and Domain information to be changed
      during updates.

   o  Changed the lookup interface to accept endpoint and Domain as
      query string parameters to control the scope of a lookup.

13.  References

13.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

Shelby, et al.            Expires June 23, 2019                [Page 63]
Internet-Draft           CoRE Resource Directory           December 2018

   [RFC3986]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
              Resource Identifier (URI): Generic Syntax", STD 66,
              RFC 3986, DOI 10.17487/RFC3986, January 2005,
              <https://www.rfc-editor.org/info/rfc3986>.

   [RFC6570]  Gregorio, J., Fielding, R., Hadley, M., Nottingham, M.,
              and D. Orchard, "URI Template", RFC 6570,
              DOI 10.17487/RFC6570, March 2012,
              <https://www.rfc-editor.org/info/rfc6570>.

   [RFC6690]  Shelby, Z., "Constrained RESTful Environments (CoRE) Link
              Format", RFC 6690, DOI 10.17487/RFC6690, August 2012,
              <https://www.rfc-editor.org/info/rfc6690>.

   [RFC6763]  Cheshire, S. and M. Krochmal, "DNS-Based Service
              Discovery", RFC 6763, DOI 10.17487/RFC6763, February 2013,
              <https://www.rfc-editor.org/info/rfc6763>.

   [RFC8126]  Cotton, M., Leiba, B., and T. Narten, "Guidelines for
              Writing an IANA Considerations Section in RFCs", BCP 26,
              RFC 8126, DOI 10.17487/RFC8126, June 2017,
              <https://www.rfc-editor.org/info/rfc8126>.

13.2.  Informative References

   [ER]       Chen, P., "The entity-relationship model---toward a
              unified view of data", ACM Transactions on Database
              Systems Vol. 1, pp. 9-36, DOI 10.1145/320434.320440, March
              1976.

   [I-D.arkko-core-dev-urn]
              Arkko, J., Jennings, C., and Z. Shelby, "Uniform Resource
              Names for Device Identifiers", draft-arkko-core-dev-urn-05
              (work in progress), October 2017.

   [I-D.bormann-t2trg-rel-impl]
              Bormann, C., "impl-info: A link relation type for
              disclosing implementation information", draft-bormann-
              t2trg-rel-impl-00 (work in progress), January 2018.

   [I-D.hartke-t2trg-coral]
              Hartke, K., "The Constrained RESTful Application Language
              (CoRAL)", draft-hartke-t2trg-coral-06 (work in progress),
              October 2018.

Shelby, et al.            Expires June 23, 2019                [Page 64]
Internet-Draft           CoRE Resource Directory           December 2018

   [I-D.ietf-ace-oauth-authz]
              Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and
              H. Tschofenig, "Authentication and Authorization for
              Constrained Environments (ACE) using the OAuth 2.0
              Framework (ACE-OAuth)", draft-ietf-ace-oauth-authz-17
              (work in progress), November 2018.

   [I-D.ietf-anima-bootstrapping-keyinfra]
              Pritikin, M., Richardson, M., Behringer, M., Bjarnason,
              S., and K. Watsen, "Bootstrapping Remote Secure Key
              Infrastructures (BRSKI)", draft-ietf-anima-bootstrapping-
              keyinfra-17 (work in progress), November 2018.

   [I-D.ietf-core-links-json]
              Li, K., Rahman, A., and C. Bormann, "Representing
              Constrained RESTful Environments (CoRE) Link Format in
              JSON and CBOR", draft-ietf-core-links-json-10 (work in
              progress), February 2018.

   [I-D.silverajan-core-coap-protocol-negotiation]
              Silverajan, B. and M. Ocak, "CoAP Protocol Negotiation",
              draft-silverajan-core-coap-protocol-negotiation-09 (work
              in progress), July 2018.

   [RFC6775]  Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C.
              Bormann, "Neighbor Discovery Optimization for IPv6 over
              Low-Power Wireless Personal Area Networks (6LoWPANs)",
              RFC 6775, DOI 10.17487/RFC6775, November 2012,
              <https://www.rfc-editor.org/info/rfc6775>.

   [RFC6874]  Carpenter, B., Cheshire, S., and R. Hinden, "Representing
              IPv6 Zone Identifiers in Address Literals and Uniform
              Resource Identifiers", RFC 6874, DOI 10.17487/RFC6874,
              February 2013, <https://www.rfc-editor.org/info/rfc6874>.

   [RFC7230]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
              Protocol (HTTP/1.1): Message Syntax and Routing",
              RFC 7230, DOI 10.17487/RFC7230, June 2014,
              <https://www.rfc-editor.org/info/rfc7230>.

   [RFC7252]  Shelby, Z., Hartke, K., and C. Bormann, "The Constrained
              Application Protocol (CoAP)", RFC 7252,
              DOI 10.17487/RFC7252, June 2014,
              <https://www.rfc-editor.org/info/rfc7252>.

Shelby, et al.            Expires June 23, 2019                [Page 65]
Internet-Draft           CoRE Resource Directory           December 2018

   [RFC7390]  Rahman, A., Ed. and E. Dijk, Ed., "Group Communication for
              the Constrained Application Protocol (CoAP)", RFC 7390,
              DOI 10.17487/RFC7390, October 2014,
              <https://www.rfc-editor.org/info/rfc7390>.

   [RFC7641]  Hartke, K., "Observing Resources in the Constrained
              Application Protocol (CoAP)", RFC 7641,
              DOI 10.17487/RFC7641, September 2015,
              <https://www.rfc-editor.org/info/rfc7641>.

   [RFC8132]  van der Stok, P., Bormann, C., and A. Sehgal, "PATCH and
              FETCH Methods for the Constrained Application Protocol
              (CoAP)", RFC 8132, DOI 10.17487/RFC8132, April 2017,
              <https://www.rfc-editor.org/info/rfc8132>.

   [RFC8288]  Nottingham, M., "Web Linking", RFC 8288,
              DOI 10.17487/RFC8288, October 2017,
              <https://www.rfc-editor.org/info/rfc8288>.

   [RFC8392]  Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig,
              "CBOR Web Token (CWT)", RFC 8392, DOI 10.17487/RFC8392,
              May 2018, <https://www.rfc-editor.org/info/rfc8392>.

Appendix A.  Groups Registration and Lookup

   The RD-Groups usage pattern allows announcing application groups
   inside a Resource Directory.

   Groups are represented by endpoint registrations.  Their base address
   is a multicast address, and they SHOULD be entered with the endpoint
   type "core.rd-group".  The endpoint name can also be referred to as a
   group name in this context.

   The registration is inserted into the RD by a Commissioning Tool,
   which might also be known as a group manager here.  It performs third
   party registration and registration updates.

   The links it registers SHOULD be available on all members that join
   the group.  Depending on the application, members that lack some
   resource MAY be permissible if requests to them fail gracefully.

   The following example shows a CT registering a group with the name
   "lights" which provides two resources.  The directory resource path
   /rd is an example RD location discovered in a request similar to
   Figure 5.

Shelby, et al.            Expires June 23, 2019                [Page 66]
Internet-Draft           CoRE Resource Directory           December 2018

   Req: POST coap://rd.example.com/rd?ep=lights&et=core.rd-group
                                     &base=coap://[ff35:30:2001:db8::1]
   Content-Format: 40
   Payload:
   </light>;rt="light";if="core.a",
   </color-temperature>;if="core.p";u="K"

   Res: 2.01 Created
   Location-Path: /rd/12

   In this example, the group manager can easily permit devices that
   have no writable color-temperature to join, as they would still
   respond to brightness changing commands.  Had the group instead
   contained a single resource that sets brightness and color
   temperature atomically, endpoints would need to support both
   properties.

   The resources of a group can be looked up like any other resource,
   and the group registrations (along with any additional registration
   parameters) can be looked up using the endpoint lookup interface.

   The following example shows a client performing and endpoint lookup
   for all groups.

   Req: GET /rd-lookup/ep?et=core.rd-group

   Res: 2.01 Content
   Payload:
   </rd/501>;ep="GRP_R2-4-015";et="core.rd-group";
                                      base="coap://[ff05::1]",
   </rd/12>;ep=lights&et=core.rd-group;
            base="coap://[ff35:30:2001:db8::1]";rt="core.rd-ep"

   The following example shows a client performing a lookup of all
   resources of all endpoints (groups) with et=core.rd-group.

   Req: GET /rd-lookup/res?et=core.rd-group

   <coap://[ff35:30:2001:db8::1]/light>;rt="light";if="core.a";
        et="core.rd-group";anchor="coap://[ff35:30:2001:db8::1]",
   <coap://[ff35:30:2001:db8::1]/color-temperature>;if="core.p";u="K";
        et="core.rd-group";
        anchor="coap://[ff35:30:2001:db8::1]"

Shelby, et al.            Expires June 23, 2019                [Page 67]
Internet-Draft           CoRE Resource Directory           December 2018

Appendix B.  Web links and the Resource Directory

   Understanding the semantics of a link-format document and its URI
   references is a journey through different documents ([RFC3986]
   defining URIs, [RFC6690] defining link-format documents based on
   [RFC8288] which defines link headers, and [RFC7252] providing the
   transport).  This appendix summarizes the mechanisms and semantics at
   play from an entry in ".well-known/core" to a resource lookup.

   This text is primarily aimed at people entering the field of
   Constrained Restful Environments from applications that previously
   did not use web mechanisms.

   The explanation of the steps makes some shortcuts in the more
   confusing details of [RFC6690], which are justified as all examples
   being in Limited Link Format.

B.1.  A simple example

   Let's start this example with a very simple host, "2001:db8:f0::1".
   A client that follows classical CoAP Discovery ([RFC7252] Section 7),
   sends the following multicast request to learn about neighbours
   supporting resources with resource-type "temperature".

   The client sends a link-local multicast:

   GET coap://[ff02::fd]:5683/.well-known/core?rt=temperature

   RES 2.05 Content
   </temp>;rt=temperature;ct=0

   where the response is sent by the server, "[2001:db8:f0::1]:5683".

   While the client - on the practical or implementation side - can just
   go ahead and create a new request to "[2001:db8:f0::1]:5683" with
   Uri-Path: "temp", the full resolution steps for insertion into and
   retrieval from the RD without any shortcuts are:

B.1.1.  Resolving the URIs

   The client parses the single returned record.  The link's target
   (sometimes called "href") is ""/temp"", which is a relative URI that
   needs resolving.  The base URI <coap://[ff02::fd]:5683/.well-known/
   core> is used to resolve the reference /temp against.

   The Base URI of the requested resource can be composed from the
   header options of the CoAP GET request by following the steps of

Shelby, et al.            Expires June 23, 2019                [Page 68]
Internet-Draft           CoRE Resource Directory           December 2018

   [RFC7252] section 6.5 (with an addition at the end of 8.2) into
   ""coap://[2001:db8:f0::1]/.well-known/core"".

   Because ""/temp"" starts with a single slash, the record's target is
   resolved by replacing the path ""/.well-known/core"" from the Base
   URI (section 5.2 [RFC3986]) with the relative target URI ""/temp""
   into ""coap://[2001:db8:f0::1]/temp"".

B.1.2.  Interpreting attributes and relations

   Some more information but the record's target can be obtained from
   the payload: the resource type of the target is "temperature", and
   its content type is text/plain (ct=0).

   A relation in a web link is a three-part statement that specifies a
   named relation between the so-called "context resource" and the
   target resource, like "_This page_ has _its table of contents_ at _/
   toc.html_".  In link format documents, there is an implicit "host
   relation" specified with default parameter: rel="hosts".

   In our example, the context resource of the link is the URI specified
   in the GET request "coap:://[2001:db8:f0::1]/.well-known/core".  A
   full English expression of the "host relation" is:

   '"coap://[2001:db8:f0::1]/.well-known/core" is hosting the resource
   "coap://[2001:db8:f0::1]/temp", which is of the resource type
   "temperature" and can be accessed using the text/plain content
   format.'

B.2.  A slightly more complex example

   Omitting the "rt=temperature" filter, the discovery query would have
   given some more records in the payload:

   GET coap://[ff02::fd]:5683/.well-known/core

   RES 2.05 Content
   </temp>;rt=temperature;ct=0,
   </light>;rt=light-lux;ct=0,
   </t>;anchor="/sensors/temp";rel=alternate,
   <http://www.example.com/sensors/t123>;anchor="/sensors/temp";
       rel="describedby"

   Parsing the third record, the client encounters the "anchor"
   parameter.  It is a URI relative to the Base URI of the request and
   is thus resolved to ""coap://[2001:db8:f0::1]/sensors/temp"".  That
   is the context resource of the link, so the "rel" statement is not
   about the target and the Base URI any more, but about the target and

Shelby, et al.            Expires June 23, 2019                [Page 69]
Internet-Draft           CoRE Resource Directory           December 2018

   the resolved URI.  Thus, the third record could be read as
   ""coap://[2001:db8:f0::1]/sensors/temp" has an alternate
   representation at "coap://[2001:db8:f0::1]/t"".

   Following the same resolution steps, the fourth record can be read as
   ""coap://[2001:db8:f0::1]/sensors/temp" is described by
   "http://www.example.com/sensors/t123"".

B.3.  Enter the Resource Directory

   The resource directory tries to carry the semantics obtainable by
   classical CoAP discovery over to the resource lookup interface as
   faithfully as possible.

   For the following queries, we will assume that the simple host has
   used Simple Registration to register at the resource directory that
   was announced to it, sending this request from its UDP port
   "[2001:db8:f0::1]:6553":

   POST coap://[2001:db8:f01::ff]/.well-known/core?ep=simple-host1

   The resource directory would have accepted the registration, and
   queried the simple host's ".well-known/core" by itself.  As a result,
   the host is registered as an endpoint in the RD with the name
   "simple-host1".  The registration is active for 90000 seconds, and
   the endpoint registration Base URI is ""coap://[2001:db8:f0::1]""
   following the resolution steps described in Appendix B.1.1.  It
   should be remarked that the Base URI constructed that way always
   yields a URI of the form: scheme://authority without path suffix.

   If the client now queries the RD as it would previously have issued a
   multicast request, it would go through the RD discovery steps by
   fetching "coap://[2001:db8:f0::ff]/.well-known/core?rt=core.rd-
   lookup-res", obtain "coap://[2001:db8:f0::ff]/rd-lookup/res" as the
   resource lookup endpoint, and issue a request to
   "coap://[2001:db8:f0::ff]/rd-lookup/res?rt=temperature" to receive
   the following data:

   <coap://[2001:db8:f0::1]/temp>;rt=temperature;ct=0;
       anchor="coap://[2001:db8:f0::1]"

   This is not _literally_ the same response that it would have received
   from a multicast request, but it contains the equivalent statement:

   '"coap://[2001:db8:f0::1]" is hosting the resource
   "coap://[2001:db8:f0::1]/temp", which is of the resource type
   "temperature" and can be accessed using the text/plain content
   format.'

Shelby, et al.            Expires June 23, 2019                [Page 70]
Internet-Draft           CoRE Resource Directory           December 2018

   (The difference is whether "/" or "/.well-known/core" hosts the
   resources, which does not matter in this application; if it did, the
   endpoint would have been more explicit.  Actually, /.well-known/core
   does NOT host the resource but stores a URI reference to the
   resource.)

   To complete the examples, the client could also query all resources
   hosted at the endpoint with the known endpoint name "simple-host1".
   A request to "coap://[2001:db8:f0::ff]/rd-lookup/res?ep=simple-host1"
   would return

   <coap://[2001:db8:f0::1]/temp>;rt=temperature;ct=0;
       anchor="coap://[2001:db8:f0::1]",
   <coap://[2001:db8:f0::1]/light>;rt=light-lux;ct=0;
       anchor="coap://[2001:db8:f0::1]",
   <coap://[2001:db8:f0::1]/t>;
       anchor="coap://[2001:db8:f0::1]/sensors/temp";rel=alternate,
   <http://www.example.com/sensors/t123>;
       anchor="coap://[2001:db8:f0::1]/sensors/temp";rel="describedby"

   All the target and anchor references are already in absolute form
   there, which don't need to be resolved any further.

   Had the simple host done an equivalent full registration with a base=
   parameter (e.g.  "?ep=simple-host1&base=coap+tcp://simple-
   host1.example.com"), that context would have been used to resolve the
   relative anchor values instead, giving

   <coap+tcp://simple-host1.example.com/temp>;rt=temperature;ct=0;
       anchor="coap+tcp://simple-host1.example.com"

   and analogous records.

B.4.  A note on differences between link-format and Link headers

   While link-format and Link headers look very similar and are based on
   the same model of typed links, there are some differences between
   [RFC6690] and [RFC8288], which are dealt with differently:

   o  "Resolving the target against the anchor": [RFC6690] Section 2.1
      states that the anchor of a link is used as the Base URI against
      which the term inside the angle brackets (the target) is resolved,
      falling back to the resource's URI with paths stripped off (its
      "Origin").  In contrast to that, [RFC8288] Section B.2 describes
      that the anchor is immaterial to the resolution of the target
      reference.

Shelby, et al.            Expires June 23, 2019                [Page 71]
Internet-Draft           CoRE Resource Directory           December 2018

      RFC6690, in the same section, also states that absent anchors set
      the context of the link to the target's URI with its path stripped
      off, while according to [RFC8288] Section 3.2, the context is the
      resource's base URI.

      The rules introduced in Appendix C ensure that an RD does not need
      to deal with those differences when processing input data.  Lookup
      results are required to be absolute references for the same
      reason.

   o  There is no percent encoding in link-format documents.

      A link-format document is a UTF-8 encoded string of Unicode
      characters and does not have percent encoding, while Link headers
      are practically ASCII strings that use percent encoding for non-
      ASCII characters, stating the encoding explicitly when required.

      For example, while a Link header in a page about a Swedish city
      might read

      "Link: </temperature/Malm%C3%B6>;rel="live-environment-data""

      a link-format document from the same source might describe the
      link as

      "</temperature/Malmoe>;rel="live-environment-data""

      Parsers and producers of link-format and header data need to be
      aware of this difference.

Appendix C.  Limited Link Format

   The CoRE Link Format as described in [RFC6690] has been interpreted
   differently by implementers, and a strict implementation rules out
   some use cases of a Resource Directory (e.g. base values with path
   components).

   This appendix describes a subset of link format documents called
   Limited Link Format.  The rules herein are not very limiting in
   practice - all examples in RFC6690, and all deployments the authors
   are aware of already stick to them - but ease the implementation of
   resource directory servers.

   It is applicable to representations in the application/link-format
   media type, and any other media types that inherit [RFC6690]
   Section 2.1.

Shelby, et al.            Expires June 23, 2019                [Page 72]
Internet-Draft           CoRE Resource Directory           December 2018

   A link format representation is in Limited Link format if, for each
   link in it, the following applies:

   o  All URI references either follow the URI or the path-absolute ABNF
      rule of RFC3986 (i.e. target and anchor each either start with a
      scheme or with a single slash),

   o  if the anchor reference starts with a scheme, the target reference
      starts with a scheme as well (i.e. relative references in target
      cannot be used when the anchor is a full URI), and

   o  the application does not care whether links without an explicitly
      given anchor have the origin's "/" or "/.well-known/core" resource
      as their link context.

Authors' Addresses

   Zach Shelby
   ARM
   150 Rose Orchard
   San Jose  95134
   USA

   Phone: +1-408-203-9434
   Email: zach.shelby@arm.com

   Michael Koster
   SmartThings
   665 Clyde Avenue
   Mountain View  94043
   USA

   Phone: +1-707-502-5136
   Email: Michael.Koster@smartthings.com

   Carsten Bormann
   Universitaet Bremen TZI
   Postfach 330440
   Bremen  D-28359
   Germany

   Phone: +49-421-218-63921
   Email: cabo@tzi.org

Shelby, et al.            Expires June 23, 2019                [Page 73]
Internet-Draft           CoRE Resource Directory           December 2018

   Peter van der Stok
   consultant

   Phone: +31-492474673 (Netherlands), +33-966015248 (France)
   Email: consultancy@vanderstok.org
   URI:   www.vanderstok.org

   Christian Amsuess (editor)
   Hollandstr. 12/4
   1020
   Austria

   Phone: +43-664-9790639
   Email: christian@amsuess.com

Shelby, et al.            Expires June 23, 2019                [Page 74]