rfc9770v2.txt   rfc9770.txt 
skipping to change at line 88 skipping to change at line 88
6.1. Error Responses with Problem Details 6.1. Error Responses with Problem Details
6.2. Supporting Diff Queries 6.2. Supporting Diff Queries
6.2.1. Supporting the "Cursor" Extension 6.2.1. Supporting the "Cursor" Extension
6.3. Query Parameters 6.3. Query Parameters
7. Full Query of the TRL 7. Full Query of the TRL
8. Diff Query of the TRL 8. Diff Query of the TRL
9. Response Messages when Using the "Cursor" Extension 9. Response Messages when Using the "Cursor" Extension
9.1. Response to Full Query 9.1. Response to Full Query
9.2. Response to Diff Query 9.2. Response to Diff Query
9.2.1. Empty Collection 9.2.1. Empty Collection
9.2.2. Cursor Not Specified in the Diff Query Request 9.2.2. Cursor Not Included in the Diff Query Request
9.2.3. Cursor Specified in the Diff Query Request 9.2.3. Cursor Included in the Diff Query Request
10. Registration at the Authorization Server 10. Registration at the Authorization Server
11. Notification of Revoked Access Tokens 11. Notification of Revoked Access Tokens
11.1. Handling of Revoked Access Tokens and Token Hashes 11.1. Handling of Revoked Access Tokens and Token Hashes
12. ACE Token Revocation List Parameters 12. ACE Token Revocation List Parameters
13. ACE Token Revocation List Error Identifiers 13. ACE Token Revocation List Error Identifiers
14. Security Considerations 14. Security Considerations
14.1. Content Retrieval from the TRL 14.1. Content Retrieval from the TRL
14.2. Size of the TRL 14.2. Size of the TRL
14.3. Communication Patterns 14.3. Communication Patterns
14.4. Request of New Access Tokens 14.4. Request of New Access Tokens
skipping to change at line 123 skipping to change at line 123
16.2. Informative References 16.2. Informative References
Appendix A. On Using the Series Transfer Pattern Appendix A. On Using the Series Transfer Pattern
Appendix B. Local Supportive Parameters of the TRL Endpoint Appendix B. Local Supportive Parameters of the TRL Endpoint
Appendix C. Interaction Examples Appendix C. Interaction Examples
C.1. Full Query with Observe C.1. Full Query with Observe
C.2. Diff Query with Observe C.2. Diff Query with Observe
C.3. Full Query with Observe and Diff Query C.3. Full Query with Observe and Diff Query
C.4. Diff Query with Observe and "Cursor" Extension C.4. Diff Query with Observe and "Cursor" Extension
C.5. Full Query with Observe and Diff Query with "Cursor" C.5. Full Query with Observe and Diff Query with "Cursor"
Extension Extension
Appendix D. CDDL Model
Acknowledgments Acknowledgments
Authors' Addresses Authors' Addresses
1. Introduction 1. Introduction
Authentication and Authorization for Constrained Environments (ACE) Authentication and Authorization for Constrained Environments (ACE)
[RFC9200] is a framework that enforces access control on Internet of [RFC9200] is a framework that enforces access control on Internet of
Things (IoT) devices acting as Resource Servers (RSs). In order to Things (IoT) devices acting as resource servers (RSs). In order to
use ACE, both clients and RSs have to register with an Authorization use ACE, both clients and RSs have to register with an authorization
Server (AS) and become registered devices. Once registered, a client server (AS) and become registered devices. Once registered, a client
can send a request to the AS to obtain an access token for an RS. can send a request to the AS to obtain an access token for an RS.
For a client to access the RS, the client must present the issued For a client to access the RS, the client must present the issued
access token at the RS, which then validates it before storing it access token at the RS, which then validates it before storing it
(see Section 5.10.1.1 of [RFC9200]). (see Section 5.10.1.1 of [RFC9200]).
Even though access tokens have expiration times, there are Even though access tokens have expiration times, there are
circumstances by which an access token may need to be revoked before circumstances by which an access token may need to be revoked before
its expiration time, such as when: its expiration time, such as when:
1. a registered device has been compromised or is suspected of being 1. a registered device has been compromised or is suspected of being
skipping to change at line 297 skipping to change at line 296
TRL and containing a set of token hashes pertaining to the TRL and containing a set of token hashes pertaining to the
requester. Further details are specified in Sections 6 and 8. requester. Further details are specified in Sections 6 and 8.
See Section 4 for further terminology used throughout that section. See Section 4 for further terminology used throughout that section.
Examples throughout this document are expressed in CBOR diagnostic Examples throughout this document are expressed in CBOR diagnostic
notation as defined in Section 8 of [RFC8949] and Appendix G of notation as defined in Section 8 of [RFC8949] and Appendix G of
[RFC8610]. Diagnostic notation comments are often used to provide a [RFC8610]. Diagnostic notation comments are often used to provide a
textual representation of the numeric parameter names and values. textual representation of the numeric parameter names and values.
In the CBOR diagnostic notation used in this document, constructs of
the form e'SOME_NAME' are replaced by the value assigned to SOME_NAME
in the CDDL model shown in Figure 15 of Appendix D. For example,
{e'full_set': [], e'cursor': 3} stands for {0: [], 2: 3}.
Note to RFC Editor: Please delete the paragraph immediately preceding
this note. Also, in the CBOR diagnostic notation used in this
document, please replace the constructs of the form e'SOME_NAME' with
the value assigned to SOME_NAME in the CDDL model shown in Figure 15
of Appendix D. Finally, please delete this note.
2. Protocol Overview 2. Protocol Overview
This protocol defines how a CoAP-based AS informs clients and RSs, This protocol defines how a CoAP-based AS informs clients and RSs,
i.e., registered devices, about pertaining revoked access tokens. i.e., registered devices, about pertaining revoked access tokens.
How the relationship between a registered device and the AS is How the relationship between a registered device and the AS is
established is out of the scope of this specification. established is out of the scope of this specification.
At a high level, the steps of this protocol are as follows: At a high level, the steps of this protocol are as follows:
1. Upon startup, the AS creates a single TRL accessible through the 1. Upon startup, the AS creates a single TRL accessible through the
skipping to change at line 451 skipping to change at line 439
Consistent with the ACE framework [RFC9200], this document Consistent with the ACE framework [RFC9200], this document
specifically considers JWTs, which are always represented using specifically considers JWTs, which are always represented using
the JSON Web Signature (JWS) Compact Serialization from [RFC7515] the JSON Web Signature (JWS) Compact Serialization from [RFC7515]
or the JSON Web Encryption (JWE) Compact Serialization from or the JSON Web Encryption (JWE) Compact Serialization from
[RFC7516]. Consequently, all the header parameters are specified [RFC7516]. Consequently, all the header parameters are specified
within integrity-protected fields. within integrity-protected fields.
In case alternative access tokens were used, the following In case alternative access tokens were used, the following
applies: applies:
- If the access token uses the JWS Compact Serialization from - If the access token uses the JWS JSON Serialization from
[RFC7515], it MUST NOT include the JWS Unprotected Header. [RFC7515], it MUST NOT include the JWS Unprotected Header.
- If the access token uses the JWE Compact Serialization from - If the access token uses the JWE JSON Serialization from
[RFC7516], it MUST NOT include the JWE Shared Unprotected [RFC7516], it MUST NOT include the JWE Shared Unprotected
Header and it MUST NOT include the "header" member in any of Header and it MUST NOT include the "header" member in any of
the elements of the "recipients" array. the elements of the "recipients" array.
/ CWT CBOR tag / 61( / CWT CBOR tag / 61(
/ COSE_Encrypt0 CBOR tag / 16( / COSE_Encrypt0 CBOR tag / 16(
/ COSE_Encrypt0 object / [ / COSE_Encrypt0 object / [
/ protected / h'a3010a044c53796d6d65747269633132 / protected / h'a3010a044c53796d6d65747269633132
38054d99a0d7846e762c49ffe8a63e0b', 38054d99a0d7846e762c49ffe8a63e0b',
/ unprotected / {}, / unprotected / {},
skipping to change at line 642 skipping to change at line 630
parameter in the AS-to-Client response, in which the access token is parameter in the AS-to-Client response, in which the access token is
included and provided to the requester client. Note that, if the included and provided to the requester client. Note that, if the
access token is a CWT, it is specifically tagged as defined in access token is a CWT, it is specifically tagged as defined in
Section 3. Section 3.
The following defines how the client and the AS determine the The following defines how the client and the AS determine the
HASH_INPUT value to use as input for computing the token hash of the HASH_INPUT value to use as input for computing the token hash of the
conveyed access token, depending on the AS-to-Client response being conveyed access token, depending on the AS-to-Client response being
encoded in CBOR (see Section 4.2.1) or in JSON (see Section 4.2.2). encoded in CBOR (see Section 4.2.1) or in JSON (see Section 4.2.2).
Once the HASH_INPUT is determined, the client and the AS use it to Once HASH_INPUT is determined, the client and the AS use it to
compute the token hash of the conveyed access token as defined in compute the token hash of the conveyed access token as defined in
Section 4.4. Section 4.4.
4.2.1. AS-to-Client Response Encoded in CBOR 4.2.1. AS-to-Client Response Encoded in CBOR
If the AS-to-Client response is encoded in CBOR, then HASH_INPUT is If the AS-to-Client response is encoded in CBOR, then HASH_INPUT is
defined as follows: defined as follows:
* BYTES denotes the value of the CBOR byte string conveyed in the * BYTES denotes the value of the CBOR byte string conveyed in the
'access_token' parameter. 'access_token' parameter.
skipping to change at line 667 skipping to change at line 655
Note that BYTES is the binary representation of the tagged access Note that BYTES is the binary representation of the tagged access
token if this is a CWT (as per Section 3) or of the access token token if this is a CWT (as per Section 3) or of the access token
if this is a JWT. if this is a JWT.
* HASH_INPUT_TEXT is the base64url-encoded text string that encodes * HASH_INPUT_TEXT is the base64url-encoded text string that encodes
BYTES. BYTES.
* HASH_INPUT is the binary representation of HASH_INPUT_TEXT. * HASH_INPUT is the binary representation of HASH_INPUT_TEXT.
Header: Created (Code=2.01) Header: Created (Code=2.01)
Content-Format: application/ace+cbor Content-Format: 19 (application/ace+cbor)
Max-Age: 85800 Max-Age: 85800
Payload: Payload:
{ {
/ access_token / 1 : h'd83dd0835820a3010a044c53796d6d / access_token / 1 : h'd83dd0835820a3010a044c53796d6d
6574726963313238054d99a0d7846e 6574726963313238054d99a0d7846e
762c49ffe8a63e0ba05858b918a11f 762c49ffe8a63e0ba05858b918a11f
d81e438b7f973d9e2e119bcb22424b d81e438b7f973d9e2e119bcb22424b
a0f38a80f27562f400ee1d0d6c0fdb a0f38a80f27562f400ee1d0d6c0fdb
559c02421fd384fc2ebe22d7071378 559c02421fd384fc2ebe22d7071378
b0ea7428fff157444d45f7e6afcda1 b0ea7428fff157444d45f7e6afcda1
aae5f6495830c58627087fc5b4974f aae5f6495830c58627087fc5b4974f
319a8707a635dd643b', 319a8707a635dd643b',
/ token_type / 34 : 2 / PoP /, / token_type / 34 : 2 / PoP /,
/ expires_in / 2 : 86400, / expires_in / 2 : 86400,
/ ace_profile / 38 : 1 / coap_dtls /, / ace_profile / 38 : 1 / coap_dtls /
/ (remainder of the response omitted for brevity) / / (remainder of the response omitted for brevity) /
} }
Figure 3: Example of AS-to-Client CoAP Response Using CBOR Figure 3: Example of AS-to-Client CoAP Response Using CBOR
4.2.2. AS-to-Client Response Encoded in JSON 4.2.2. AS-to-Client Response Encoded in JSON
If the AS-to-Client response is encoded in JSON, then HASH_INPUT is If the AS-to-Client response is encoded in JSON, then HASH_INPUT is
the binary representation of the text string conveyed by the the binary representation of the text string conveyed by the
'access_token' parameter. 'access_token' parameter.
skipping to change at line 764 skipping to change at line 752
Section 4.1.2). Section 4.1.2).
2. The RS assumes that the client received the access token in an 2. The RS assumes that the client received the access token in an
AS-to-Client response encoded in CBOR (see Section 4.2.1). AS-to-Client response encoded in CBOR (see Section 4.2.1).
Hence, the RS assumes TOKEN_INFO to be the binary representation Hence, the RS assumes TOKEN_INFO to be the binary representation
of the tagged access token with the CWT as the innermost tag of the tagged access token with the CWT as the innermost tag
content (as per Section 3). content (as per Section 3).
3. The RS verifies the access token as per Section 5.10.1.1 of 3. The RS verifies the access token as per Section 5.10.1.1 of
[RFC9200]. If the verification fails, then the RS does not [RFC9200]. If the verification fails, then the RS does not
discard the access token yet; instead, it moves to step 4. discard the access token yet; instead, it moves to Step 4.
Otherwise, the RS stores the access token and computes the Otherwise, the RS stores the access token and computes the
corresponding token hash as defined in Section 4.4. In corresponding token hash as defined in Section 4.4. In
particular, the RS considers HASH_INPUT_TEXT as the base64url- particular, the RS considers HASH_INPUT_TEXT as the base64url-
encoded text string that encodes TOKEN_INFO. Then, HASH_INPUT is encoded text string that encodes TOKEN_INFO. Then, HASH_INPUT is
the binary representation of HASH_INPUT_TEXT. the binary representation of HASH_INPUT_TEXT.
After that, the RS stores the computed token hash as associated After that, the RS stores the computed token hash as associated
with the access token; then, it terminates this algorithm. with the access token; then, it terminates this algorithm.
skipping to change at line 833 skipping to change at line 821
In particular, the RS assumes that the client received the access In particular, the RS assumes that the client received the access
token in an AS-to-Client response encoded in CBOR (see token in an AS-to-Client response encoded in CBOR (see
Section 4.2.1). Hence, HASH_INPUT is the binary representation Section 4.2.1). Hence, HASH_INPUT is the binary representation
of HASH_INPUT_TEXT, which, in turn, is the base64url-encoded text of HASH_INPUT_TEXT, which, in turn, is the base64url-encoded text
string that encodes TOKEN_INFO. string that encodes TOKEN_INFO.
After that, the RS stores the computed token hash as associated After that, the RS stores the computed token hash as associated
with the access token. with the access token.
The RS skips step 3 only if it is certain that all its pertaining The RS skips Step 3 only if it is certain that all its pertaining
access tokens are provided to any client by means of AS-to-Client access tokens are provided to any client by means of AS-to-Client
responses encoded as CBOR messages. Otherwise, the RS MUST perform responses encoded as CBOR messages. Otherwise, the RS MUST perform
step 3. Step 3.
The RS skips step 4 only if it is certain that all its pertaining The RS skips Step 4 only if it is certain that all its pertaining
access tokens are provided to any client by means of AS-to-Client access tokens are provided to any client by means of AS-to-Client
responses encoded as JSON messages. Otherwise, the RS MUST perform responses encoded as JSON messages. Otherwise, the RS MUST perform
step 4. Step 4.
If the RS performs both steps 3 and 4 above, then the RS MUST store, If the RS performs both Steps 3 and 4 above, then the RS MUST store,
maintain, and rely on both token hashes as associated with the access maintain, and rely on both token hashes as associated with the access
token, consistent with what is specified in Section 11.1. token, consistent with what is specified in Section 11.1.
Section 14.7 discusses how computing and storing both token hashes Section 14.7 discusses how computing and storing both token hashes
neutralizes an attack against the RS, where a dishonest client can neutralizes an attack against the RS, where a dishonest client can
induce the RS to compute a token hash different from the correct one. induce the RS to compute a token hash different from the correct one.
4.4. Computing the Token Hash 4.4. Computing the Token Hash
Once HASH_INPUT is determined as defined in Sections 4.2 and 4.3, a Once HASH_INPUT is determined as defined in Sections 4.2 and 4.3, a
skipping to change at line 1014 skipping to change at line 1002
software engineers as well as for device and network operators in software engineers as well as for device and network operators in
order to aid in debugging and provide context for possible order to aid in debugging and provide context for possible
intervention. The diagnostic message SHOULD be logged by the AS. intervention. The diagnostic message SHOULD be logged by the AS.
The 'detail' entry is unlikely to be relevant in an unattended The 'detail' entry is unlikely to be relevant in an unattended
setup where human intervention is not expected. setup where human intervention is not expected.
An example of an error response using the problem-details format is An example of an error response using the problem-details format is
shown in Figure 5. shown in Figure 5.
Header: Bad Request (Code=4.00) Header: Bad Request (Code=4.00)
Content-Format: application/concise-problem-details+cbor Content-Format: 257 (application/concise-problem-details+cbor)
Payload: Payload:
{ {
/ title / -1: "Invalid parameter value", / title / -1: "Invalid parameter value",
/ detail / -2: "Invalid value for 'cursor': -53", / detail / -2: "Invalid value for 'cursor': -53",
/ ace-trl-error / e'ace-trl-error': { / ace-trl-error / 1:{
/ error-id / 0: 0 / "Invalid parameter value" /, / error-id / 0: 0 / "Invalid parameter value" /,
/ cursor / 1: 42 / cursor / 1: 42
} }
} }
Figure 5: Example of Error Response with Problem Details Figure 5: Example of Error Response with Problem Details
The problem-details format in general and the Custom Problem Detail The problem-details format in general and the Custom Problem Detail
entry 'ace-trl-error' in particular are OPTIONAL to support for entry 'ace-trl-error' in particular are OPTIONAL to support for
registered devices. A registered device supporting the entry 'ace- registered devices. A registered device supporting the entry 'ace-
trl-error' and that is able to understand the specified error may use trl-error' and that is able to understand the specified error may use
that information to determine what actions to take next. that information to determine what actions to take next.
6.2. Supporting Diff Queries 6.2. Supporting Diff Queries
If the AS supports diff queries, it is able to transfer a list of If the AS supports diff queries, it is able to transfer a list of
diff entries, each of which is related to one update that occurred to diff entries, each of which is related to one update that occurred to
the TRL (see Section 6). That is, when replying to a diff query the TRL (see Section 6). That is, when replying to a diff query
performed by a requester, the AS specifies the diff entries related performed by a requester, the AS provides the diff entries related to
to the most recent TRL updates pertaining to the requester. the most recent TRL updates pertaining to the requester.
The following defines how the AS builds and maintains an ordered list The following defines how the AS builds and maintains an ordered list
of diff entries, for each registered device and administrator, of diff entries, for each registered device and administrator,
hereafter referred to as "requesters". In particular, a requester's hereafter referred to as "requesters". In particular, a requester's
diff entry associated with a TRL update contains a set of token diff entry associated with a TRL update contains a set of token
hashes pertaining to that requester, each of which was added to the hashes pertaining to that requester, each of which was added to the
TRL or removed from the TRL at that update. TRL or removed from the TRL at that update.
The AS defines the single constant positive integer MAX_N >= 1. For The AS defines the single constant positive integer MAX_N >= 1. For
each requester, the AS maintains an updated collection of maximum each requester, the AS maintains an update collection of maximum
MAX_N series items, each of which is a diff entry. For each MAX_N series items, each of which is a diff entry. For each
requester, the AS MUST keep track of the MAX_N most recent TRL requester, the AS MUST keep track of the MAX_N most recent TRL
updates pertaining to the requester. If the AS supports diff updates pertaining to the requester. If the AS supports diff
queries, the AS MUST provide requesters with the value of MAX_N upon queries, the AS MUST provide requesters with the value of MAX_N upon
their registration (see Section 10). their registration (see Section 10).
The series of items in the update collection MUST be strictly The series of items in the update collection MUST be strictly
chronologically ordered. That is, at any point in time, the first chronologically ordered. That is, at any point in time, the first
series item would be the one least recently added to the update series item is the one least recently added to the update collection
collection and still retained by the AS; the last series item would and still retained by the AS; the last series item is the one most
be the one most recently added to the update collection. The recently added to the update collection. The particular method used
particular method used to achieve this is implementation specific. to achieve this is implementation specific.
Each time the TRL changes, the AS performs the following operations Each time the TRL changes, the AS performs the following operations
for each requester: for each requester:
1. The AS considers the subset of the TRL pertaining to that 1. The AS considers the subset of the TRL pertaining to that
requester. If the TRL subset is not affected by this TRL update, requester. If the TRL subset is not affected by this TRL update,
the AS stops the processing for that requester. Otherwise, the the AS stops the processing for that requester. Otherwise, the
AS moves to step 2. AS moves to Step 2.
2. The AS creates two trl_patch sets of token hashes, i.e., one 2. The AS creates two trl_patch sets of token hashes, i.e., one
"removed" set and one "added" set, as related to this TRL update. 'removed' set and one 'added' set, as related to this TRL update.
3. The AS fills the two sets with the token hashes of the removed 3. The AS fills the two sets with the token hashes of the removed
and added access tokens, respectively, from/to the TRL subset and added access tokens, respectively, from/to the TRL subset
considered at step 1. considered at Step 1.
4. The AS creates a new series item that includes the two sets from 4. The AS creates a new series item that includes the two sets from
step 3. Step 3.
5. If the update collection associated with the requester currently 5. If the update collection associated with the requester currently
includes MAX_N series items, the AS MUST delete the oldest series includes MAX_N series items, the AS MUST delete the oldest series
item in the update collection. item in the update collection.
6. The AS adds the series item to the update collection associated 6. The AS adds the series item to the update collection associated
with the requester as the last (most recent) entry. with the requester as the last (most recent) series item.
6.2.1. Supporting the "Cursor" Extension 6.2.1. Supporting the "Cursor" Extension
If it supports the "Cursor" extension for diff queries, the AS also If it supports the "Cursor" extension for diff queries, the AS also
performs the following actions: performs the following actions:
The AS defines the single constant unsigned integer MAX_INDEX <= The AS defines the single constant unsigned integer MAX_INDEX <=
((2^64) - 1). The value of MAX_INDEX is REQUIRED to be at least ((2^64) - 1). The value of MAX_INDEX is REQUIRED to be at least
(MAX_N - 1) and is RECOMMENDED to be at least ((2^32) - 1). (MAX_N - 1) and is RECOMMENDED to be at least ((2^32) - 1).
MAX_INDEX SHOULD be orders of magnitude greater than MAX_N. MAX_INDEX SHOULD be orders of magnitude greater than MAX_N.
skipping to change at line 1165 skipping to change at line 1153
update collection in question. If supporting the "Cursor" extension, update collection in question. If supporting the "Cursor" extension,
the AS MUST provide registered devices and administrators with the the AS MUST provide registered devices and administrators with the
corresponding value of MAX_DIFF_BATCH upon their registration (see corresponding value of MAX_DIFF_BATCH upon their registration (see
Section 10). Section 10).
6.3. Query Parameters 6.3. Query Parameters
A GET request to the TRL endpoint can include the following query A GET request to the TRL endpoint can include the following query
parameters. The AS MUST silently ignore unknown query parameters. parameters. The AS MUST silently ignore unknown query parameters.
* 'diff': if included, perform a diff query of the TRL (see * 'diff': if included, it indicates to perform a diff query of the
Section 8). Its value MUST be either: TRL (see Section 8). Its value MUST be either:
- the integer 0, indicating that a (notification) response should - the integer 0, indicating that a (notification) response should
include as many diff entries as the AS can provide in the include as many diff entries as the AS can provide in the
response; or response; or
- a positive integer strictly greater than 0, indicating the - a positive integer strictly greater than 0, indicating the
maximum number of diff entries that a (notification) response maximum number of diff entries that a (notification) response
should include. should include.
If the AS does not support diff queries, it ignores the 'diff' If the AS does not support diff queries, it ignores the 'diff'
query parameter when present in the GET request and proceeds like query parameter when present in the GET request and proceeds like
when processing a full query of the TRL (see Section 7). when processing a full query of the TRL (see Section 7).
Otherwise, the AS MUST return a 4.00 (Bad Request) response in Otherwise, the AS MUST return a 4.00 (Bad Request) response in
case the 'diff' query parameter of the GET request specifies a case the 'diff' query parameter of the GET request has a value
value that is neither 0 nor a positive integer, irrespective of that is neither 0 nor a positive integer, irrespective of the
the presence of the 'cursor' query parameter and its value (see presence of the 'cursor' query parameter and its value (see
below). The response MUST have Content-Format set to below). The response MUST have Content-Format set to
"application/concise-problem-details+cbor", and its payload is "application/concise-problem-details+cbor", and its payload is
formatted as defined in Section 6.1. Within the Custom Problem formatted as defined in Section 6.1. Within the Custom Problem
Detail entry 'ace-trl-error', the value of the 'error-id' field Detail entry 'ace-trl-error', the value of the 'error-id' field
MUST be set to 0 ("Invalid parameter value"), and the 'cursor' MUST be set to 0 ("Invalid parameter value"), and the 'cursor'
field MUST NOT be present. field MUST NOT be present.
* 'cursor': if included, perform a diff query of the TRL together * 'cursor': if included, it indicates to perform a diff query of the
with the "Cursor" extension, as defined in Section 9.2. Its value TRL together with the "Cursor" extension, as defined in
MUST be either 0 or a positive integer. If the 'cursor' query Section 9.2. Its value MUST be either 0 or a positive integer.
parameter is included, then the 'diff' query parameter MUST also If the 'cursor' query parameter is included, then the 'diff' query
be included. parameter MUST also be included.
If included, the 'cursor' query parameter specifies an unsigned If included, the 'cursor' query parameter has an unsigned integer
integer value that was provided by the AS in a previous response value that was provided by the AS in a previous response from the
from the TRL endpoint (see Sections 9.1, 9.2.2, and 9.2.3). TRL endpoint (see Sections 9.1, 9.2.2, and 9.2.3).
If the AS does not support the "Cursor" extension, it ignores the If the AS does not support the "Cursor" extension, it ignores the
'cursor' query parameter when present in the GET request. In such 'cursor' query parameter when present in the GET request. In such
a case, the AS proceeds as specified elsewhere in this document, a case, the AS proceeds as specified elsewhere in this document,
that is: that is:
1. it performs a diff query of the TRL (see Section 8), if it 1. it performs a diff query of the TRL (see Section 8), if it
supports diff queries and the 'diff' query parameter is supports diff queries and the 'diff' query parameter is
present in the GET request; or present in the GET request; otherwise,
2. it performs a full query of the TRL (see Section 7). 2. it performs a full query of the TRL (see Section 7).
If the AS supports both diff queries and the "Cursor" extension, If the AS supports both diff queries and the "Cursor" extension,
and the GET request specifies the 'cursor' query parameter, then and the GET request includes the 'cursor' query parameter, then
the AS MUST return a 4.00 (Bad Request) response in case any of the AS MUST return a 4.00 (Bad Request) response in case any of
the conditions below holds. the conditions below holds.
The 4.00 (Bad Request) response MUST have Content-Format set to The 4.00 (Bad Request) response MUST have Content-Format set to
"application/concise-problem-details+cbor", and its payload is "application/concise-problem-details+cbor", and its payload is
formatted as defined in Section 6.1. formatted as defined in Section 6.1.
- The GET request does not specify the 'diff' query parameter, - The GET request does not include the 'diff' query parameter,
irrespective of the value of the 'cursor' query parameter. irrespective of the value of the 'cursor' query parameter.
Within the Custom Problem Detail entry 'ace-trl-error', the Within the Custom Problem Detail entry 'ace-trl-error', the
value of the 'error-id' field MUST be set to 1 ("Invalid set of value of the 'error-id' field MUST be set to 1 ("Invalid set of
parameters"), and the 'cursor' field MUST NOT be present. parameters"), and the 'cursor' field MUST NOT be present.
- The 'cursor' query parameter has a value that is neither 0 nor - The 'cursor' query parameter has a value that is neither 0 nor
a positive integer; otherwise, it has a value strictly greater a positive integer; or it has a value strictly greater than
than MAX_INDEX (see Section 6.2.1). MAX_INDEX (see Section 6.2.1).
Within the Custom Problem Detail entry 'ace-trl-error', the Within the Custom Problem Detail entry 'ace-trl-error', the
value of the 'error-id' field MUST be set to 0 ("Invalid value of the 'error-id' field MUST be set to 0 ("Invalid
parameter value"). The entry 'ace-trl-error' MUST include the parameter value"). The entry 'ace-trl-error' MUST include the
'cursor' field, whose value is either: 'cursor' field, whose value is either:
o the CBOR simple value null (0xf6), if the update collection o the CBOR simple value null (0xf6), if the update collection
associated with the requester is empty; or associated with the requester is empty; otherwise,
o the corresponding current value of 'last_index'. o the corresponding current value of 'last_index'.
- All of the following hold: the update collection associated - All of the following hold: the update collection associated
with the requester is not empty; no wraparound of the 'index' with the requester is not empty; no wraparound of the 'index'
value has occurred; and the 'cursor' query parameter has a value has occurred; and the 'cursor' query parameter has a
value strictly greater than the current 'last_index' on the value strictly greater than the current 'last_index' on the
update collection (see Section 6.2.1). update collection (see Section 6.2.1).
Within the Custom Problem Detail entry 'ace-trl-error', the Within the Custom Problem Detail entry 'ace-trl-error', the
value of the 'error-id' field MUST be set to 2 ("Out of bound value of the 'error-id' field MUST be set to 2 ("Out of bound
cursor value"), and the 'cursor' field MUST NOT be present. cursor value"), and the 'cursor' field MUST NOT be present.
7. Full Query of the TRL 7. Full Query of the TRL
In order to produce a (notification) response to a GET request asking In order to produce a (notification) response to a GET request asking
for a full query of the TRL, the AS performs the following actions: for a full query of the TRL, the AS performs the following actions:
1. From the TRL, the AS builds a set of HASHES such that: 1. From the TRL, the AS builds a set HASHES such that:
* If the requester is a registered device, HASHES specifies the * If the requester is a registered device, HASHES specifies the
token hashes currently in the TRL and associated with the token hashes currently in the TRL and associated with the
access tokens pertaining to that registered device. The AS access tokens pertaining to that registered device. The AS
can always use the authenticated identity of the registered can always use the authenticated identity of the registered
device to perform the necessary filtering on the TRL content. device to perform the necessary filtering on the TRL content.
* If the requester is an administrator, HASHES specifies all the * If the requester is an administrator, HASHES specifies all the
token hashes currently in the TRL. token hashes currently in the TRL.
2. The AS sends a 2.05 (Content) response to the requester. The 2. The AS sends a 2.05 (Content) response to the requester. The
response MUST have Content-Format set to "application/ace- response MUST have Content-Format set to "application/ace-
trl+cbor". The payload of the response is a CBOR map, which MUST trl+cbor". The payload of the response is a CBOR map, which MUST
be formatted as follows. be formatted as follows.
* The 'full_set' parameter MUST be included and MUST encode a * The 'full_set' parameter MUST be included and MUST encode a
CBOR array 'full_set_value'. Each element of 'full_set_value' CBOR array 'full_set_value'. Each element of 'full_set_value'
is a CBOR byte string with a value of one of the token hashes is a CBOR byte string, whose value is one of the token hashes
from the set HASHES. If the set HASHES is empty, the from the set HASHES. If the set HASHES is empty, the
'full_set' parameter specifies the empty CBOR array. 'full_set' parameter specifies the empty CBOR array.
The CBOR array MUST be treated as a set, i.e., the order of The CBOR array MUST be treated as a set, i.e., the order of
its elements has no meaning. its elements has no meaning.
* The 'cursor' parameter MUST be included if the AS supports * The 'cursor' parameter MUST be included if the AS supports
both diff queries and the related "Cursor" extension (see both diff queries and the related "Cursor" extension (see
Sections 6.2 and 6.2.1). Its value is set as specified in Sections 6.2 and 6.2.1). Its value is set as specified in
Section 9.1 and provides the requester with information for Section 9.1 and provides the requester with information for
skipping to change at line 1304 skipping to change at line 1292
Figure 6 provides the CDDL definition [RFC8610] of the CBOR array Figure 6 provides the CDDL definition [RFC8610] of the CBOR array
'full_set_value' specified in the response from the AS as the value 'full_set_value' specified in the response from the AS as the value
of the 'full_set' parameter. of the 'full_set' parameter.
token_hash = bytes token_hash = bytes
full_set_value = [* token_hash] full_set_value = [* token_hash]
Figure 6: CDDL Definition of 'full_set_value' Figure 6: CDDL Definition of 'full_set_value'
Figure 7 shows an example response from the AS following a full query Figure 7 shows an example of a response from the AS following a full
request to the TRL endpoint. In this example, the AS does not query request to the TRL endpoint. In this example, the AS does not
support diff queries nor the "Cursor" extension; hence the 'cursor' support diff queries nor the "Cursor" extension; hence the 'cursor'
parameter is not included in the payload of the response. Also, full parameter is not included in the payload of the response. Also, full
token hashes are omitted for brevity. token hashes are omitted for brevity.
Header: Content (Code=2.05) Header: Content (Code=2.05)
Content-Format: application/ace-trl+cbor Content-Format: 262 (application/ace-trl+cbor)
Payload: Payload:
{ {
e'full_set' : [ / full_set / 0: [
h'01fa51cc...4819', / elided for brevity / h'01fa51cc...4819', / elided for brevity /
h'01748190...223d' / elided for brevity / h'01748190...223d' / elided for brevity /
] ]
} }
Figure 7: Example of Response Following a Full Query Request to Figure 7: Example of a Response Following a Full Query Request to
the TRL Endpoint the TRL Endpoint
8. Diff Query of the TRL 8. Diff Query of the TRL
In order to produce a (notification) response to a GET request asking In order to produce a (notification) response to a GET request asking
for a diff query of the TRL, the AS performs the following actions: for a diff query of the TRL, the AS performs the following actions:
Note that, if the AS supports both diff queries and the related Note that, if the AS supports both diff queries and the related
"Cursor" extension, steps 3 and 4 defined below are extended as "Cursor" extension, Steps 3 and 4 defined below are extended as
defined in Section 9.2. defined in Section 9.2.
1. The AS defines the positive integer NUM as follows: if the value 1. The AS defines the positive integer NUM as follows: if the value
N specified in the 'diff' query parameter in the GET request is N specified in the 'diff' query parameter in the GET request is
equal to 0 or greater than the predefined positive integer MAX_N equal to 0 or greater than the predefined positive integer MAX_N
(see Section 6.2), then NUM takes the value of MAX_N. Otherwise, (see Section 6.2), then NUM takes the value of MAX_N. Otherwise,
NUM takes N. NUM takes N.
2. The AS determines U = min(NUM, SIZE), where SIZE <= MAX_N. In 2. The AS determines U = min(NUM, SIZE), where SIZE <= MAX_N. In
particular, SIZE is the number of diff entries currently stored particular, SIZE is the number of diff entries currently stored
in the requester's update collection. in the requester's update collection.
3. The AS prepares U diff entries. If U is equal to 0 (e.g., 3. The AS prepares U diff entries. If U is equal to 0 (e.g.,
because SIZE is equal to 0 at step 2), then no diff entries are because SIZE is equal to 0 at Step 2), then no diff entries are
prepared. prepared.
The prepared diff entries are related to the U most recent TRL The prepared diff entries are related to the U most recent TRL
updates pertaining to the requester, as maintained in the update updates pertaining to the requester, as maintained in the update
collection for that requester (see Section 6.2). In particular, collection for that requester (see Section 6.2). In particular,
the first diff entry refers to the most recent of such updates, the first diff entry refers to the most recent of such updates,
the second diff entry refers to the second from last of such the second diff entry refers to the second-to-last of such
updates, and so on. updates, and so on.
Each diff entry is a CBOR array 'diff_entry', which includes the Each diff entry is a CBOR array 'diff_entry', which includes the
following two elements: following two elements:
a. A trl_patch set of token hashes encoded as a CBOR array a. A trl_patch set of token hashes encoded as a CBOR array
'removed'. Each element of the array is a CBOR byte string, 'removed'. Each element of the array is a CBOR byte string,
whose value is the token hash of an access token such that it whose value is the token hash of an access token such that it
pertains to the requester and was removed from the TRL during pertains to the requester and was removed from the TRL during
the update associated with the diff entry. the update associated with the diff entry.
skipping to change at line 1383 skipping to change at line 1371
trl+cbor". The payload of the response is a CBOR map, which MUST trl+cbor". The payload of the response is a CBOR map, which MUST
be formatted as follows: be formatted as follows:
* The 'diff_set' parameter MUST be present and MUST encode a * The 'diff_set' parameter MUST be present and MUST encode a
CBOR array 'diff_set_value' of U elements. Each element of CBOR array 'diff_set_value' of U elements. Each element of
'diff_set_value' specifies one of the CBOR arrays 'diff_entry' 'diff_set_value' specifies one of the CBOR arrays 'diff_entry'
prepared above as a diff entry. Note that U might have a prepared above as a diff entry. Note that U might have a
value of 0; in this case, 'diff_set_value' is the empty CBOR value of 0; in this case, 'diff_set_value' is the empty CBOR
array. array.
Within 'diff_set_value', any 'diff_entry' CBOR arrays MUST be Within 'diff_set_value', the 'diff_entry' CBOR arrays MUST be
sorted to reflect the corresponding updates to the TRL in sorted to reflect the corresponding updates to the TRL in
reverse chronological order. That is, the first 'diff_entry' reverse chronological order. That is, the first 'diff_entry'
element of 'diff_set_value' relates to the most recent TRL element of 'diff_set_value' relates to the most recent TRL
update pertaining to the requester. The second 'diff_entry' update pertaining to the requester. The second 'diff_entry'
element relates to the second-to-last most recent TRL update element relates to the second-to-last most recent TRL update
pertaining to the requester, and so on. pertaining to the requester, and so on.
* The 'cursor' parameter and the 'more' parameter MUST be * The 'cursor' parameter and the 'more' parameter MUST be
included if the AS supports both diff queries and the related included if the AS supports both diff queries and the related
"Cursor" extension (see Section 6.2.1). Their values are set "Cursor" extension (see Section 6.2.1). Their values are set
as specified in Section 9.2 and provide the requester with as specified in Section 9.2 and provide the requester with
information for performing a follow-up query of the TRL (see information for performing a follow-up query of the TRL (see
Section 9.2). Section 9.2).
In case the AS supports diff queries but not the "Cursor" In case the AS supports diff queries but not the "Cursor"
extension, these parameters MUST NOT be included, and the AS extension, these parameters MUST NOT be included. In case the
MUST silently ignore the 'cursor' parameter and the 'more' requester supports diff queries but not the "Cursor"
parameter if present. extension, the requester MUST silently ignore the 'cursor'
parameter and the 'more' parameter, if present.
Figure 8 provides the CDDL definition [RFC8610] of the CBOR array Figure 8 provides the CDDL definition [RFC8610] of the CBOR array
'diff_set_value' specified in the response from the AS, as the value 'diff_set_value' specified in the response from the AS, as the value
of the 'diff_set' parameter. of the 'diff_set' parameter.
token_hash = bytes token_hash = bytes
trl_patch = [* token_hash] trl_patch = [* token_hash]
diff_entry = [removed: trl_patch, added: trl_patch] diff_entry = [removed: trl_patch, added: trl_patch]
diff_set_value = [* diff_entry] diff_set_value = [* diff_entry]
Figure 8: CDDL Definition of 'diff_set_value' Figure 8: CDDL Definition of 'diff_set_value'
Figure 9 shows an example response from the AS following a diff query Figure 9 shows an example of a response from the AS following a diff
request to the TRL endpoint, where U = 3 diff entries are specified. query request to the TRL endpoint, where U = 3 diff entries are
In this example, the AS does not support the "Cursor" extension; included. In this example, the AS does not support the "Cursor"
hence, the 'cursor' parameter and the 'more' parameter are not extension; hence, the 'cursor' parameter and the 'more' parameter are
included in the payload of the response. Also, full token hashes are not included in the payload of the response. Also, full token hashes
omitted for brevity. are omitted for brevity.
Header: Content (Code=2.05) Header: Content (Code=2.05)
Content-Format: application/ace-trl+cbor Content-Format: 262 (application/ace-trl+cbor)
Payload: Payload:
{ {
e'diff_set' : [ / diff_set / 1: [
[ [
[ h'01fa51cc...0f6a', / elided for brevity / [ h'01fa51cc...0f6a', / elided for brevity /
h'01748190...8bce' / elided for brevity / h'01748190...8bce' / elided for brevity /
], ],
[ h'01cdf1ca...563d', / elided for brevity / [ h'01cdf1ca...563d', / elided for brevity /
h'01be41a6...a057' / elided for brevity / h'01be41a6...a057' / elided for brevity /
] ]
], ],
[ [
[ h'0144dd12...77bc', / elided for brevity / [ h'0144dd12...77bc', / elided for brevity /
skipping to change at line 1524 skipping to change at line 1513
simple value null (0xf6). simple value null (0xf6).
* The 'more' parameter MUST be included and MUST encode the CBOR * The 'more' parameter MUST be included and MUST encode the CBOR
simple value false (0xf4). simple value false (0xf4).
Note that the above applies when the update collection associated Note that the above applies when the update collection associated
with the requester has no elements, regardless of whether or not the with the requester has no elements, regardless of whether or not the
'cursor' query parameter is included in the diff query request and 'cursor' query parameter is included in the diff query request and
irrespective of the specified unsigned integer value if present. irrespective of the specified unsigned integer value if present.
9.2.2. Cursor Not Specified in the Diff Query Request 9.2.2. Cursor Not Included in the Diff Query Request
If the update collection associated with the requester is not empty If the update collection associated with the requester is not empty
and the diff query request does not include the 'cursor' query and the diff query request does not include the 'cursor' query
parameter, the AS performs the actions defined in Section 8, with the parameter, the AS performs the actions defined in Section 8, with the
following differences: following differences:
* At step 3, the AS considers the value MAX_DIFF_BATCH (see * At Step 3, the AS considers the value MAX_DIFF_BATCH (see
Section 6.2.1) and prepares L = min(U, MAX_DIFF_BATCH) diff Section 6.2.1) and prepares L = min(U, MAX_DIFF_BATCH) diff
entries. entries.
If U <= MAX_DIFF_BATCH, the prepared diff entries are the last If U <= MAX_DIFF_BATCH, the prepared diff entries are the last
series items in the update collection associated with the series items in the update collection associated with the
requester, corresponding to the L most recent TRL updates requester, corresponding to the L most recent TRL updates
pertaining to the requester. pertaining to the requester.
If U > MAX_DIFF_BATCH, the prepared diff entries are the eldest of If U > MAX_DIFF_BATCH, the prepared diff entries are the eldest of
the last U series items in the update collection associated with the last U series items in the update collection associated with
the requester, as corresponding to the first L of the U most the requester, as corresponding to the first L of the U most
recent TRL updates pertaining to the requester. recent TRL updates pertaining to the requester.
* At step 4, the CBOR map to carry in the payload of the 2.05 * At Step 4, the CBOR map to carry in the payload of the 2.05
(Content) response MUST be formatted as follows: (Content) response MUST be formatted as follows:
- The 'diff_set' parameter MUST be present and MUST encode a CBOR - The 'diff_set' parameter MUST be present and MUST encode a CBOR
array 'diff_set_value' of L elements. Each element of array 'diff_set_value' of L elements. Each element of
'diff_set_value' specifies one of the CBOR arrays 'diff_entry' 'diff_set_value' specifies one of the CBOR arrays 'diff_entry'
prepared as a diff entry. prepared as a diff entry.
- The 'cursor' parameter MUST be present and MUST encode a CBOR - The 'cursor' parameter MUST be present and MUST encode a CBOR
unsigned integer. The unsigned integer MUST take the 'index' unsigned integer. The unsigned integer MUST take the 'index'
value of the series item of the update collection included as value of the series item of the update collection included as
skipping to change at line 1580 skipping to change at line 1569
true (0xf5). true (0xf5).
If the 'more' parameter in the payload of the received 2.05 (Content) If the 'more' parameter in the payload of the received 2.05 (Content)
response has a value of true, the requester can send a follow-up diff response has a value of true, the requester can send a follow-up diff
query request including the 'cursor' query parameter with the same query request including the 'cursor' query parameter with the same
value of the 'cursor' parameter specified in this diff query value of the 'cursor' parameter specified in this diff query
response. As defined in Section 9.2.3, this would result in the AS response. As defined in Section 9.2.3, this would result in the AS
transferring the following subset of series items as diff entries, transferring the following subset of series items as diff entries,
thus resuming from where interrupted in the previous transfer. thus resuming from where interrupted in the previous transfer.
9.2.3. Cursor Specified in the Diff Query Request 9.2.3. Cursor Included in the Diff Query Request
If the update collection associated with the requester is not empty If the update collection associated with the requester is not empty
and the diff query request includes the 'cursor' query parameter with and the diff query request includes the 'cursor' query parameter with
value P, the AS proceeds as follows, depending on which of the value P, the AS proceeds as follows, depending on which of the
following two cases hold: following two cases hold:
Case A: The series item X with 'index' having value P and the series Case A: The series item X with 'index' having value P and the series
item Y with 'index' having value (P + 1) % (MAX_INDEX + 1) item Y with 'index' having value (P + 1) % (MAX_INDEX + 1)
are both not found in the update collection associated with are both not found in the update collection associated with
the requester. This occurs when the item Y (and possibly the requester. This occurs when the item Y (and possibly
further ones after it) has been previously removed from the further ones after it) has been previously removed from the
update collection for that requester (see step 5 at update collection for that requester (see Step 5 at
Section 6.2). Section 6.2).
In this case, the AS returns a 2.05 (Content) response. The In this case, the AS returns a 2.05 (Content) response. The
response MUST have Content-Format set to "application/ace- response MUST have Content-Format set to "application/ace-
trl+cbor", and its payload MUST be a CBOR map formatted as trl+cbor", and its payload MUST be a CBOR map formatted as
follows: follows:
* The 'diff_set' parameter MUST be included and MUST encode * The 'diff_set' parameter MUST be included and MUST encode
the empty CBOR array. the empty CBOR array.
skipping to change at line 1626 skipping to change at line 1615
When receiving this diff query response, the requester When receiving this diff query response, the requester
SHOULD send a new full query request to the AS. A SHOULD send a new full query request to the AS. A
successful response provides the requester with the full successful response provides the requester with the full
current pertaining subset of the TRL as well as a valid current pertaining subset of the TRL as well as a valid
value of the 'cursor' parameter (see Section 9.1) to be, value of the 'cursor' parameter (see Section 9.1) to be,
possibly, used as query parameter in a following diff query possibly, used as query parameter in a following diff query
request. request.
Case B: The series item X with 'index' having value P is found in Case B: The series item X with 'index' having value P is found in
the update collection associated with the requester or the the update collection associated with the requester, or
series item X is not found and the series item Y with instead the series item X is not found and the series item Y
'index' having value (P + 1) % (MAX_INDEX + 1) is found in with 'index' having value (P + 1) % (MAX_INDEX + 1) is found
the update collection associated with the requester. in the update collection associated with the requester.
In this case, the AS performs the actions defined in In this case, the AS performs the actions defined in
Section 8 with the following differences: Section 8 with the following differences:
* At step 3, the AS considers the value MAX_DIFF_BATCH (see * At Step 3, the AS considers the value MAX_DIFF_BATCH (see
Section 6.2.1) and prepares L = min(SUB_U, Section 6.2.1) and prepares L = min(SUB_U,
MAX_DIFF_BATCH) diff entries, where SUB_U = min(NUM, MAX_DIFF_BATCH) diff entries, where SUB_U = min(NUM,
SUB_SIZE) and SUB_SIZE is the number of series items in SUB_SIZE) and SUB_SIZE is the number of series items in
the update collection starting from and including the the update collection starting from and including the
series item added immediately after X. If L is equal to series item added immediately after X. If L is equal to
0 (e.g., because SUB_U is equal to 0), then no diff 0 (e.g., because SUB_U is equal to 0), then no diff
entries are prepared. entries are prepared.
If SUB_U <= MAX_DIFF_BATCH, the prepared diff entries are If SUB_U <= MAX_DIFF_BATCH, the prepared diff entries are
the last series items in the update collection associated the last series items in the update collection associated
with the requester, corresponding to the L most recent with the requester, corresponding to the L most recent
TRL updates pertaining to the requester. TRL updates pertaining to the requester.
If SUB_U > MAX_DIFF_BATCH, the prepared diff entries are If SUB_U > MAX_DIFF_BATCH, the prepared diff entries are
the eldest of the last SUB_U series items in the update the eldest of the last SUB_U series items in the update
collection associated with the requester, corresponding collection associated with the requester, corresponding
to the first L of the SUB_U most recent TRL updates to the first L of the SUB_U most recent TRL updates
pertaining to the requester. pertaining to the requester.
* At step 4, the CBOR map to carry in the payload of the * At Step 4, the CBOR map to carry in the payload of the
2.05 (Content) response MUST be formatted as follows: 2.05 (Content) response MUST be formatted as follows:
- The 'diff_set' parameter MUST be present and MUST - The 'diff_set' parameter MUST be present and MUST
encode a CBOR array 'diff_set_value' of L elements. encode a CBOR array 'diff_set_value' of L elements.
Each element of 'diff_set_value' specifies one of the Each element of 'diff_set_value' specifies one of the
CBOR arrays 'diff_entry' prepared as a diff entry. CBOR arrays 'diff_entry' prepared as a diff entry.
Note that L might have value 0, in which case Note that L might have value 0, in which case
'diff_set_value' is the empty CBOR array. 'diff_set_value' is the empty CBOR array.
- The 'cursor' parameter MUST be present and MUST encode - The 'cursor' parameter MUST be present and MUST encode
skipping to change at line 1699 skipping to change at line 1688
MUST encode the CBOR simple value false (0xf4) if MUST encode the CBOR simple value false (0xf4) if
SUB_U <= MAX_DIFF_BATCH; otherwise, it MUST encode the SUB_U <= MAX_DIFF_BATCH; otherwise, it MUST encode the
CBOR simple value true (0xf5). CBOR simple value true (0xf5).
If the 'more' parameter in the payload of the received 2.05 If the 'more' parameter in the payload of the received 2.05
(Content) response has value true, the requester can send a (Content) response has value true, the requester can send a
follow-up diff query request including the 'cursor' query follow-up diff query request including the 'cursor' query
parameter with the same value of the 'cursor' parameter parameter with the same value of the 'cursor' parameter
specified in this diff query response. This would result in specified in this diff query response. This would result in
the AS transferring the following subset of series items as the AS transferring the following subset of series items as
diff entries, thus, resuming from where interrupted in the diff entries, thus resuming from where interrupted in the
previous transfer. previous transfer.
10. Registration at the Authorization Server 10. Registration at the Authorization Server
During the registration process at the AS, an administrator or a During the registration process at the AS, an administrator or a
registered device receives the following information as part of the registered device receives the following information as part of the
registration response: registration response:
* The url-path to the TRL endpoint at the AS. * The url-path to the TRL endpoint at the AS.
skipping to change at line 1724 skipping to change at line 1713
* A positive integer MAX_N, if the AS supports diff queries of the * A positive integer MAX_N, if the AS supports diff queries of the
TRL (see Sections 6.2 and 8). TRL (see Sections 6.2 and 8).
* A positive integer MAX_DIFF_BATCH, if the AS supports diff queries * A positive integer MAX_DIFF_BATCH, if the AS supports diff queries
of the TRL as well as the related "Cursor" extension (see Sections of the TRL as well as the related "Cursor" extension (see Sections
6.2.1 and 9). 6.2.1 and 9).
Once the registration process is completed, the AS maintains the Once the registration process is completed, the AS maintains the
registration and related information until a possible deregistration registration and related information until a possible deregistration
occurs, hence, keeping track of active administrators and registered occurs, hence keeping track of active administrators and registered
devices. The particular way to achieve this is implementation devices. The particular way to achieve this is implementation
specific. In any case, such a mechanism to maintain registrations is specific. In any case, such a mechanism to maintain registrations is
enforced at the AS in order to ensure that requests sent by clients enforced at the AS in order to ensure that requests sent by clients
to the /token endpoint (see Section 5.8 of [RFC9200]) and by RSs to to the /token endpoint (see Section 5.8 of [RFC9200]) and by RSs to
the /introspect endpoint (see Section 5.9 of [RFC9200]) are processed the /introspect endpoint (see Section 5.9 of [RFC9200]) are processed
as intended. as intended.
When communicating with one another, the registered devices and the When communicating with one another, the registered devices and the
AS have to use a secure communication association and be mutually AS have to use a secure communication association and be mutually
authenticated (see Section 5 of [RFC9200]). authenticated (see Section 5 of [RFC9200]).
skipping to change at line 1801 skipping to change at line 1790
does not make any assumptions or draw any conclusions regarding the does not make any assumptions or draw any conclusions regarding the
revocation or expiration of its pertaining access tokens. The revocation or expiration of its pertaining access tokens. The
requester MAY try again by sending a new request to the TRL endpoint. requester MAY try again by sending a new request to the TRL endpoint.
When the TRL is updated (see Section 5.1), the AS sends Observe When the TRL is updated (see Section 5.1), the AS sends Observe
notifications to the observers whose pertaining subset of the TRL has notifications to the observers whose pertaining subset of the TRL has
changed. Observe notifications are sent as per Section 4.2 of changed. Observe notifications are sent as per Section 4.2 of
[RFC7641]. If supported by the AS, an observer may configure the [RFC7641]. If supported by the AS, an observer may configure the
behavior according to which the AS sends those Observe notifications. behavior according to which the AS sends those Observe notifications.
To this end, a possible way relies on the conditional control To this end, a possible way relies on the conditional control
attribute "c.pmax" defined in [CoRE-ATTRIBUTES], which can be parameter "c.pmax" defined in [COND-PARAMETERS], which can be
included as a "name=value" query parameter in an Observation Request. included as a "name=value" query parameter in an Observation Request.
This ensures that no more than c.pmax seconds elapse between two This ensures that no more than c.pmax seconds elapse between two
consecutive notifications sent to that observer, regardless of consecutive notifications sent to that observer, regardless of
whether or not the TRL has changed. whether or not the TRL has changed.
Following a first exchange with the AS, an administrator or a Following a first exchange with the AS, an administrator or a
registered device can send additional GET requests to the TRL registered device can send additional GET requests to the TRL
endpoint at any time, analogously to what is defined above. When endpoint at any time, analogously to what is defined above. When
doing so, the requester towards the TRL endpoint can perform a full doing so, the requester towards the TRL endpoint can perform a full
query (see Section 7) or a diff query (see Section 8) of the TRL. In query (see Section 7) or a diff query (see Section 8) of the TRL. In
skipping to change at line 1932 skipping to change at line 1921
AS. AS.
The RS MUST NOT delete the stored token hashes whose corresponding The RS MUST NOT delete the stored token hashes whose corresponding
access tokens do not fulfill both the two conditions above, unless it access tokens do not fulfill both the two conditions above, unless it
becomes necessary due to memory limitations. In such a case, the RS becomes necessary due to memory limitations. In such a case, the RS
MUST delete the earliest stored token hashes first. MUST delete the earliest stored token hashes first.
Retaining the stored token hashes as specified above limits the Retaining the stored token hashes as specified above limits the
impact from a (dishonest) client whose pertaining access token: impact from a (dishonest) client whose pertaining access token:
1. specifies the 'exi' claim, 1. includes the 'exi' claim,
2. is uploaded at the RS for the first time after it has been 2. is uploaded at the RS for the first time after it has been
revoked and later expired, and revoked and later expired, and
3. has the sequence number encoded in the 'cti' claim (for CWTs) or 3. has the sequence number encoded in the 'cti' claim (for CWTs) or
in the 'jti' claim (for JWTs) greater than the highest sequence in the 'jti' claim (for JWTs) greater than the highest sequence
number among the expired access tokens specifying the 'exi' claim number among the expired access tokens including the 'exi' claim
for the RS (see Section 5.10.3 of [RFC9200]). That is, the RS for the RS (see Section 5.10.3 of [RFC9200]).
would not accept such a revoked and expired access token as long
as it stores the corresponding token hash. That is, the RS would not accept such a revoked and expired access
token as long as it stores the corresponding token hash.
This risk can be further limited. Specifically, if token This risk can be further limited. Specifically, if token
introspection is implemented by both the RS and the AS, the RS can introspection is implemented by both the RS and the AS, the RS can
introspect the access token (see Section 5.9 of [RFC9200]) when introspect the access token (see Section 5.9 of [RFC9200]) when
receiving an access token that specifies the 'exi' claim and for receiving an access token that includes the 'exi' claim and for which
which a corresponding token hash is not stored. a corresponding token hash is not stored.
When, due to the stored and corresponding token hash th2, an access When, due to the stored and corresponding token hash th2, an access
token t2 that includes the 'exi' claim is expunged or is not accepted token t2 that includes the 'exi' claim is expunged or is not accepted
upon its upload, the RS retrieves the sequence number sn2 encoded in upon its upload, the RS retrieves the sequence number sn2 encoded in
the 'cti' claim (for CWTs) or in the 'jti' claim (for JWTs) (see the 'cti' claim (for CWTs) or in the 'jti' claim (for JWTs) (see
Section 5.10.3 of [RFC9200]). Then, the RS stores sn2 as associated Section 5.10.3 of [RFC9200]). Then, the RS stores sn2 as associated
with th2. If expunging or not accepting t2 yields the deletion of with th2. If expunging or not accepting t2 yields the deletion of
th2, then the RS MUST associate sn2 with th2 before continuing with th2, then the RS MUST associate sn2 with th2 before continuing with
the deletion of th2. the deletion of th2.
When deleting any token hash, the RS checks whether the token hash is When deleting any token hash, the RS checks whether the token hash is
associated with a sequence number sn_th. In such a case, the RS associated with a sequence number sn_th. In such a case, the RS
checks whether sn_th is greater than the highest sequence number sn* checks whether sn_th is greater than the highest sequence number sn*
among the expired access tokens specifying the 'exi' claim for the among the expired access tokens including the 'exi' claim for the RS.
RS. If that is the case, sn* MUST take the value of sn_th. If that is the case, sn* MUST take the value of sn_th.
By virtue of what is defined in Section 5.10.3 of [RFC9200], this By virtue of what is defined in Section 5.10.3 of [RFC9200], this
ensures that, following the deletion of the token hash associated ensures that, following the deletion of the token hash associated
with an access token specifying the 'exi' claim and uploaded for the with an access token including the 'exi' claim and uploaded for the
first time after it has been revoked and later expired, the RS will first time after it has been revoked and later expired, the RS will
not accept the access token at that point in time or in the future. not accept the access token at that point in time or in the future.
12. ACE Token Revocation List Parameters 12. ACE Token Revocation List Parameters
This specification defines a number of parameters that can be This specification defines a number of parameters that can be
transported in the response from the TRL endpoint, when the response transported in the response from the TRL endpoint, when the response
payload is a CBOR map. Note that such a response MUST use the payload is a CBOR map. Note that such a response MUST use the
Content-Format "application/ace-trl+cbor" defined in Section 15.2 of Content-Format "application/ace-trl+cbor" defined in Section 15.2 of
this specification. this specification.
skipping to change at line 2023 skipping to change at line 2013
+-------+---------------------------+ +-------+---------------------------+
| 2 | Out of bound cursor value | | 2 | Out of bound cursor value |
+-------+---------------------------+ +-------+---------------------------+
Table 2: ACE Token Revocation Table 2: ACE Token Revocation
List Error Identifiers List Error Identifiers
14. Security Considerations 14. Security Considerations
The protocol defined in this document inherits the security The protocol defined in this document inherits the security
considerations from the ACE framework [RFC9200], the usage of CWTs considerations from the ACE framework [RFC9200] and those about the
from [RFC8392], the usage of JWTs from [RFC7519] and [RFC8725], the usage of CWTs from [RFC8392], the usage of JWTs from [RFC7519] and
usage of CoAP Observe from [RFC7641], and computation of the token [RFC8725], the usage of CoAP Observe from [RFC7641], and the
hashes from [RFC6920]. The following considerations also apply. computation of the token hashes from [RFC6920]. The following
considerations also apply.
14.1. Content Retrieval from the TRL 14.1. Content Retrieval from the TRL
The AS MUST ensure that each registered device can access and The AS MUST ensure that each registered device can access and
retrieve only its pertaining subset of the TRL. To this end, the AS retrieve only its pertaining subset of the TRL. To this end, the AS
can always perform the required filtering based on the authenticated can always perform the required filtering based on the authenticated
identity of the registered device, i.e., a (non-public) identifier identity of the registered device, i.e., a (non-public) identifier
that the AS can securely relate to the registered device and the that the AS can securely relate to the registered device and the
secure association that they use to communicate. secure association that they use to communicate.
skipping to change at line 2050 skipping to change at line 2041
(see Section 10). (see Section 10).
Note that the TRL endpoint supports only the GET method (see Note that the TRL endpoint supports only the GET method (see
Section 6). Therefore, as detailed in Sections 7 and 8, access to Section 6). Therefore, as detailed in Sections 7 and 8, access to
the TRL endpoint is performed only by means of protected and the TRL endpoint is performed only by means of protected and
authenticated GET requests, which, by definition, are safe in the authenticated GET requests, which, by definition, are safe in the
REST sense and do not alter the content of the TRL. That is, REST sense and do not alter the content of the TRL. That is,
registered devices and administrators can perform exclusively read- registered devices and administrators can perform exclusively read-
only operations when accessing the TRL endpoint. only operations when accessing the TRL endpoint.
In the two circumstances described in Section 5.1, the content of the In fact, the content of the TRL can be updated only internally by the
TRL can be updated only internally by the AS. Therefore, an AS, in the two circumstances described in Section 5.1. Therefore, an
adversary that is not in control of the AS cannot manipulate the adversary that is not in control of the AS cannot manipulate the
content of the TRL, e.g., by removing a token hash and thereby content of the TRL, e.g., by removing a token hash and thereby
fraudulently allowing a client to access protected resources in spite fraudulently allowing a client to access protected resources in spite
of a revoked access token or by adding a token hash and thereby of a revoked access token or by adding a token hash and thereby
fraudulently stopping a client from accessing protected resources in fraudulently stopping a client from accessing protected resources in
spite of an access token being still valid. spite of an access token being still valid.
14.2. Size of the TRL 14.2. Size of the TRL
If many non-expired access tokens associated with a registered device If many non-expired access tokens associated with a registered device
skipping to change at line 2176 skipping to change at line 2167
After that, the adversary sends the manipulated access token to the After that, the adversary sends the manipulated access token to the
RS. RS.
After having successfully validated the manipulated access token, the After having successfully validated the manipulated access token, the
RS computes a corresponding token hash different from the one RS computes a corresponding token hash different from the one
computed and stored by C and the AS. Finally, the RS stores the computed and stored by C and the AS. Finally, the RS stores the
manipulated access token and the corresponding wrong token hash. manipulated access token and the corresponding wrong token hash.
Later on, if the access token is revoked and the AS provides the RS Later on, if the access token is revoked and the AS provides the RS
with the corresponding correct token hash, the RS does not recognize with the corresponding correct token hash, the RS does not recognize
the received token hash among the stored ones; therefore, it does not the received token hash among the stored ones; therefore, the RS does
delete the revoked access token. not delete the revoked access token.
14.7. Two Token Hashes at the RS Using JWTs 14.7. Two Token Hashes at the RS Using JWTs
Section 4.3.2 states that an RS using JWTs as access tokens has to Section 4.3.2 states that an RS using JWTs as access tokens has to
compute and store two token hashes associated with the same access compute and store two token hashes associated with the same access
token. This is because, when using JWTs, the RS does not know for token. This is because the RS does not know for sure if the AS
sure if the AS provided the access token to the client by means of an provided the access token to the client by means of an AS-to-Client
AS-to-Client response encoded in CBOR or in JSON. response encoded in CBOR or in JSON.
Taking advantage of that, a dishonest client can attempt to perform Taking advantage of that, a dishonest client can attempt to perform
an attack against the RS. That is, the client can first receive the an attack against the RS. That is, the client can first receive the
JWT in an AS-to-Client response encoded in CBOR (JSON). Then, the JWT in an AS-to-Client response encoded in CBOR (JSON). Then, the
client can upload the JWT to the RS in a way that makes the RS client can upload the JWT to the RS in a way that makes the RS
believe that the client instead received the JWT in an AS-to-Client believe that the client instead received the JWT in an AS-to-Client
response encoded in JSON (CBOR). response encoded in JSON (CBOR).
Consequently, the RS considers a HASH_INPUT different from the one Consequently, the RS considers a HASH_INPUT different from the one
considered by the AS and the client (see Section 4.2). Hence, the RS considered by the AS and the client (see Section 4.2). Hence, the RS
computes a token hash h' different from the token hash h computed by computes a token hash h' different from the token hash h computed by
the AS and the client. It follows that, if the AS revokes the access the AS and the client. It follows that, if the AS revokes the access
token and advertises the right token hash h, then the RS will not token and advertises the right token hash h, then the RS will not
learn about the access token revocation; thus, it will not delete the learn about the access token revocation; therefore, the RS will not
access token. delete the access token.
Fundamentally, this would happen because the HASH_INPUT used to Fundamentally, this would happen because the HASH_INPUT used to
compute the token hash of a JWT depends on whether the AS-to-Client compute the token hash of a JWT depends on whether the AS-to-Client
response is encoded in CBOR or in JSON. This makes the RS vulnerable response is encoded in CBOR or in JSON. This makes the RS vulnerable
to the attack described above when JWTs are used as access tokens. to the attack described above when JWTs are used as access tokens.
However, this is not a problem if the access token is a CWT since the However, this is not a problem if the access token is a CWT since the
HASH_INPUT used to compute the token hash of a CWT does not depend on HASH_INPUT used to compute the token hash of a CWT does not depend on
whether the AS-to-Client response is encoded in CBOR or in JSON. whether the AS-to-Client response is encoded in CBOR or in JSON.
While this asymmetry cannot be avoided altogether, the method defined While this asymmetry cannot be avoided altogether, the method defined
skipping to change at line 2222 skipping to change at line 2213
case where the RS uses JWTs as access tokens. In such a case, the RS case where the RS uses JWTs as access tokens. In such a case, the RS
effectively neutralizes the attack described above by computing and effectively neutralizes the attack described above by computing and
storing two token hashes associated with the same access token (see storing two token hashes associated with the same access token (see
Section 4.3.2). Section 4.3.2).
Conversely, this design deliberately favors the case where the RS Conversely, this design deliberately favors the case where the RS
uses CWTs as access tokens, which is a preferable option for uses CWTs as access tokens, which is a preferable option for
resource-constrained RSs as well as the default case in the ACE resource-constrained RSs as well as the default case in the ACE
framework (see Section 3 of [RFC9200]). That is, if an RS uses CWTs framework (see Section 3 of [RFC9200]). That is, if an RS uses CWTs
as access tokens, then the RS is not exposed to the attack described as access tokens, then the RS is not exposed to the attack described
above; thus, it safely computes and stores only one token hash per above; therefore, the RS safely computes and stores only one token
access token (see Section 4.3.1). hash per access token (see Section 4.3.1).
14.8. Additional Security Measures 14.8. Additional Security Measures
By accessing the TRL at the AS, registered devices and administrators By accessing the TRL at the AS, registered devices and administrators
are able to learn that their pertaining access tokens have been are able to learn that their pertaining access tokens have been
revoked. However, they cannot learn the reason why, including when revoked. However, they cannot learn the reason why, including when
that reason is the compromise, misbehavior, or decommissioning of a that reason is the compromise, misbehavior, or decommissioning of a
registered device. registered device.
In fact, even the AS might not know that a registered device to which In fact, even the AS might not know that a registered device to which
skipping to change at line 2278 skipping to change at line 2269
Subtype name: ace-trl+cbor Subtype name: ace-trl+cbor
Required parameters: N/A Required parameters: N/A
Optional parameters: N/A Optional parameters: N/A
Encoding considerations: Must be encoded as a CBOR map containing Encoding considerations: Must be encoded as a CBOR map containing
the protocol parameters defined in RFC 9770. the protocol parameters defined in RFC 9770.
Security considerations: See Section 14 of this document. Security considerations: See Section 14 of RFC 9770.
Interoperability considerations: N/A Interoperability considerations: N/A
Published specification: RFC 9770 Published specification: RFC 9770
Applications that use this media type: The type is used by Applications that use this media type: The type is used by
authorization servers, clients, and RSs that support the authorization servers, clients, and RSs that support the
notification of revoked access tokens according to a Token notification of revoked access tokens according to a Token
Revocation List maintained by the authorization server as Revocation List maintained by the authorization server as
specified in RFC 9770. specified in RFC 9770.
skipping to change at line 2306 skipping to change at line 2297
Area (art@ietf.org) Area (art@ietf.org)
Intended usage: COMMON Intended usage: COMMON
Restrictions on usage: None Restrictions on usage: None
Author/Change controller: IETF Author/Change controller: IETF
15.2. CoAP Content-Formats Registry 15.2. CoAP Content-Formats Registry
IANA has added the following entry to the "CoAP Content-Formats" IANA has registered the following entry to the "CoAP Content-Formats"
registry within the "Constrained RESTful Environments (CoRE) registry within the "Constrained RESTful Environments (CoRE)
Parameters" registry group. Parameters" registry group.
Content Type: application/ace-trl+cbor Content Type: application/ace-trl+cbor
Content Coding: - Content Coding: -
ID: 262 ID: 262
Reference: RFC 9770 Reference: RFC 9770
15.3. Custom Problem Detail Keys Registry 15.3. Custom Problem Detail Keys Registry
skipping to change at line 2620 skipping to change at line 2611
DOI 10.17487/RFC9528, March 2024, DOI 10.17487/RFC9528, March 2024,
<https://www.rfc-editor.org/info/rfc9528>. <https://www.rfc-editor.org/info/rfc9528>.
[SHA-256] NIST, "Secure Hash Standard", NIST FIPS PUB 180-4, [SHA-256] NIST, "Secure Hash Standard", NIST FIPS PUB 180-4,
DOI 10.6028/NIST.FIPS.180-4, August 2015, DOI 10.6028/NIST.FIPS.180-4, August 2015,
<https://nvlpubs.nist.gov/nistpubs/FIPS/ <https://nvlpubs.nist.gov/nistpubs/FIPS/
NIST.FIPS.180-4.pdf>. NIST.FIPS.180-4.pdf>.
16.2. Informative References 16.2. Informative References
[CoRE-ATTRIBUTES] [COND-PARAMETERS]
Silverajan, B., Koster, M., and A. Soloway, "Conditional Silverajan, B., Koster, M., and A. Soloway, "Conditional
Query Parameters for CoAP Observe", Work in Progress, Query Parameters for CoAP Observe", Work in Progress,
Internet-Draft, draft-ietf-core-conditional-attributes-11, Internet-Draft, draft-ietf-core-conditional-attributes-11,
16 March 2025, <https://datatracker.ietf.org/doc/html/ 16 March 2025, <https://datatracker.ietf.org/doc/html/
draft-ietf-core-conditional-attributes-11>. draft-ietf-core-conditional-attributes-11>.
[RFC7009] Lodderstedt, T., Ed., Dronia, S., and M. Scurtescu, "OAuth [RFC7009] Lodderstedt, T., Ed., Dronia, S., and M. Scurtescu, "OAuth
2.0 Token Revocation", RFC 7009, DOI 10.17487/RFC7009, 2.0 Token Revocation", RFC 7009, DOI 10.17487/RFC7009,
August 2013, <https://www.rfc-editor.org/info/rfc7009>. August 2013, <https://www.rfc-editor.org/info/rfc7009>.
[STP] Bormann, C. and K. Hartke, "The Series Transfer Pattern [STP] Bormann, C. and K. Hartke, "The Series Transfer Pattern
(STP)", Work in Progress, Internet-Draft, draft-bormann- (STP)", Work in Progress, Internet-Draft, draft-bormann-
t2trg-stp-03, 7 April 2020, t2trg-stp-03, 7 April 2020,
<https://datatracker.ietf.org/doc/html/draft-bormann- <https://datatracker.ietf.org/doc/html/draft-bormann-
t2trg-stp-03>. t2trg-stp-03>.
Appendix A. On Using the Series Transfer Pattern Appendix A. On Using the Series Transfer Pattern
Performing a diff query of the TRL as specified in Section 8 is, in Performing a diff query of the TRL as specified in Section 8 is, in
fact, a usage example of the Series Transfer Pattern defined in fact, a usage example of the Series Transfer Pattern (STP) defined in
[STP]. [STP].
That is, a diff query enables the transfer of a series of diff That is, a diff query enables the transfer of a series of diff
entries with the AS specifying U <= MAX_N diff entries as related to entries with the AS providing U <= MAX_N diff entries as related to
the U most recent TRL updates pertaining to a requester, i.e., a the U most recent TRL updates pertaining to a requester, i.e., a
registered device or an administrator. registered device or an administrator.
When responding to a diff query request from a requester (see When responding to a diff query request from a requester (see
Section 8), 'diff_set' is a subset of the update collection Section 8), 'diff_set' is a subset of the update collection
associated with the requester where each 'diff_entry' record is a associated with the requester where each 'diff_entry' record is a
series item from that update collection. Note that 'diff_set' series item from that update collection. Note that 'diff_set'
specifies the whole current update collection when the value of U is specifies the whole current update collection when the value of U is
equal to SIZE, i.e., the current number of series items in the update equal to SIZE, i.e., the current number of series items in the update
collection. collection.
skipping to change at line 2669 skipping to change at line 2660
Since the update collection associated with each requester includes Since the update collection associated with each requester includes
up to MAX_N series items, the AS deletes the oldest series item when up to MAX_N series items, the AS deletes the oldest series item when
a new one is generated and added to the end of the update collection, a new one is generated and added to the end of the update collection,
due to a new TRL update pertaining to that requester (see due to a new TRL update pertaining to that requester (see
Section 6.2). This addresses the question "When can the server Section 6.2). This addresses the question "When can the server
decide to no longer retain older items?" raised in Section 3.2 of decide to no longer retain older items?" raised in Section 3.2 of
[STP]. [STP].
Furthermore, performing a diff query of the TRL together with the Furthermore, performing a diff query of the TRL together with the
"Cursor" extension, as specified in Section 9, in fact, relies on the "Cursor" extension as specified in Section 9 relies, in fact, on the
"cursor" pattern of the STP (see Section 3.3 of [STP]). "cursor" pattern of the STP (see Section 3.3 of [STP]).
Appendix B. Local Supportive Parameters of the TRL Endpoint Appendix B. Local Supportive Parameters of the TRL Endpoint
Table 3 provides an aggregated overview of the local supportive Table 3 provides an aggregated overview of the local supportive
parameters that the AS internally uses at its TRL endpoint when parameters that the AS internally uses at its TRL endpoint when
supporting diff queries (see Section 6) and the "Cursor" extension supporting diff queries (see Section 6) and the "Cursor" extension
(see Section 6.2.1). (see Section 6.2.1).
Except for MAX_N defined in Section 6.2, all the other parameters are Except for MAX_N defined in Section 6.2, all the other parameters are
defined in Section 6.2.1 and are used only if the AS supports the defined in Section 6.2.1 and are used only if the AS supports the
"Cursor" extension. "Cursor" extension.
For each parameter, the columns of the table specify the following For each parameter, the columns of the table provide the following
information. Both a registered device and an administrator are information. Both a registered device and an administrator are
referred to as "requester". referred to as "requester".
Name: The parameter name. A name with letters in uppercase denotes Name: The parameter name. A name with letters in uppercase denotes
a parameter whose value does not change after its initialization. a parameter whose value does not change after its initialization.
Single instance: "Y" if there is a single parameter instance Single instance: "Y" if there is a single parameter instance
associated with the TRL or "N" if there is one parameter instance associated with the TRL or "N" if there is one parameter instance
per update collection (i.e., per requester). per update collection (i.e., per requester).
skipping to change at line 2768 skipping to change at line 2759
* a 'max_n' parameter specifying the value of MAX_N, i.e., the * a 'max_n' parameter specifying the value of MAX_N, i.e., the
maximum number of series items that the AS retains in the update maximum number of series items that the AS retains in the update
collection associated with a registered device (see Section 8); collection associated with a registered device (see Section 8);
* possible further parameters related to the registration process. * possible further parameters related to the registration process.
Furthermore, 'h(x)' refers to the hash function used to compute the Furthermore, 'h(x)' refers to the hash function used to compute the
token hashes, as defined in Section 4 of this specification and token hashes, as defined in Section 4 of this specification and
according to [RFC6920]. Assuming the usage of CWTs transported in according to [RFC6920]. Assuming the usage of CWTs transported in
AS-to-Client responses encoded in CBOR (see Section 4.2.1), AS-to-Client responses encoded in CBOR (see Section 4.2.1),
'bstr.h(t1)' and 'bstr.h(t2)' denote the CBOR byte strings, whose 'bstr.h(t1)' and 'bstr.h(t2)' denote CBOR byte strings, whose values
values are the token hashes of the access tokens t1 and t2, are the token hashes of the access tokens t1 and t2, respectively.
respectively.
C.1. Full Query with Observe C.1. Full Query with Observe
Figure 10 shows an interaction example considering a CoAP observation Figure 10 shows an interaction example a CoAP observation and a full
and a full query of the TRL. query of the TRL.
In this example, the AS does not support the "Cursor" extension. In this example, the AS does not support the "Cursor" extension.
Hence, the 'cursor' parameter is not included in the payload of the Hence, the 'cursor' parameter is not included in the payload of the
responses to a full query request. responses to a full query request.
RS AS RS AS
| | | |
| Registration: POST | | Registration: POST |
+--------------------------------------------------->| +--------------------------------------------------->|
| | | |
skipping to change at line 2802 skipping to change at line 2792
| "max_n" : 10 | | "max_n" : 10 |
| } | | } |
| | | |
| GET coap://as.example.com/revoke/trl/ | | GET coap://as.example.com/revoke/trl/ |
| Observe: 0 | | Observe: 0 |
+--------------------------------------------------->| +--------------------------------------------------->|
| | | |
|<---------------------------------------------------+ |<---------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 42 | | Observe: 42 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [] | | / full_set / 0: [] |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access tokens t1 and t2 issued | | (Access tokens t1 and t2 issued |
| and successfully submitted to RS) | | and successfully submitted to RS) |
| | | |
| ... | | ... |
| | | |
| (Access token t1 is revoked) | | (Access token t1 is revoked) |
| | | |
|<---------------------------------------------------+ |<---------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 53 | | Observe: 53 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [bstr.h(t1)] | | / full_set / 0: [bstr.h(t1)] |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t2 is revoked) | | (Access token t2 is revoked) |
| | | |
|<---------------------------------------------------+ |<---------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 64 | | Observe: 64 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [bstr.h(t1), bstr.h(t2)] | | / full_set / 0: [bstr.h(t1), bstr.h(t2)] |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t1 expires) | | (Access token t1 expires) |
| | | |
|<---------------------------------------------------+ |<---------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 75 | | Observe: 75 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [bstr.h(t2)] | | / full_set / 0: [bstr.h(t2)] |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t2 expires) | | (Access token t2 expires) |
| | | |
|<---------------------------------------------------+ |<---------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 86 | | Observe: 86 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [] | | / full_set / 0: [] |
| } | | } |
| | | |
Figure 10: Interaction for Full Query with Observe Figure 10: Interaction for Full Query with Observe
C.2. Diff Query with Observe C.2. Diff Query with Observe
Figure 11 shows an interaction example of a CoAP observation and a Figure 11 shows an interaction example of a CoAP observation and a
diff query of the TRL. diff query of the TRL.
The RS indicates N = 3 as the value of the 'diff' query parameter, The RS indicates N = 3 as the value of the 'diff' query parameter,
i.e., as the maximum number of diff entries to be specified in a i.e., as the maximum number of diff entries to be included in a
response from the AS. response from the AS.
In this example, the AS does not support the "Cursor" extension. In this example, the AS does not support the "Cursor" extension.
Hence, the 'cursor' parameter and the 'more' parameter are not Hence, the 'cursor' parameter and the 'more' parameter are not
included in the payload of the responses to a diff query request. included in the payload of the responses to a diff query request.
RS AS RS AS
| | | |
| Registration: POST | | Registration: POST |
+--------------------------------------------------->| +--------------------------------------------------->|
skipping to change at line 2897 skipping to change at line 2887
| "max_n" : 10 | | "max_n" : 10 |
| } | | } |
| | | |
| GET coap://as.example.com/revoke/trl?diff=3 | | GET coap://as.example.com/revoke/trl?diff=3 |
| Observe: 0 | | Observe: 0 |
+--------------------------------------------------->| +--------------------------------------------------->|
| | | |
|<---------------------------------------------------+ |<---------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 42 | | Observe: 42 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'diff_set' : [] | | / diff_set / 1: [] |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access tokens t1 and t2 issued | | (Access tokens t1 and t2 issued |
| and successfully submitted to RS) | | and successfully submitted to RS) |
| | | |
| ... | | ... |
| | | |
| (Access token t1 is revoked) | | (Access token t1 is revoked) |
| | | |
|<---------------------------------------------------+ |<---------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 53 | | Observe: 53 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'diff_set' : [ | | / diff_set / 1: [ |
| [ [], [bstr.h(t1)] ] | | [ [], [bstr.h(t1)] ] |
| ] | | ] |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t2 is revoked) | | (Access token t2 is revoked) |
| | | |
|<---------------------------------------------------+ |<---------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 64 | | Observe: 64 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'diff_set' : [ | | / diff_set / 1: [ |
| [ [], [bstr.h(t2)] ], | | [ [], [bstr.h(t2)] ], |
| [ [], [bstr.h(t1)] ] | | [ [], [bstr.h(t1)] ] |
| ] | | ] |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t1 expires) | | (Access token t1 expires) |
| | | |
|<---------------------------------------------------+ |<---------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 75 | | Observe: 75 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'diff_set' : [ | | / diff_set / 1: [ |
| [ [bstr.h(t1)], [] ], | | [ [bstr.h(t1)], [] ], |
| [ [], [bstr.h(t2)] ], | | [ [], [bstr.h(t2)] ], |
| [ [], [bstr.h(t1)] ] | | [ [], [bstr.h(t1)] ] |
| ] | | ] |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t2 expires) | | (Access token t2 expires) |
| | | |
|<---------------------------------------------------+ |<---------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 86 | | Observe: 86 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'diff_set' : [ | | / diff_set / 1: [ |
| [ [bstr.h(t2)], [] ], | | [ [bstr.h(t2)], [] ], |
| [ [bstr.h(t1)], [] ], | | [ [bstr.h(t1)], [] ], |
| [ [], [bstr.h(t2)] ] | | [ [], [bstr.h(t2)] ] |
| ] | | ] |
| } | | } |
| | | |
Figure 11: Interaction for Diff Query with Observe Figure 11: Interaction for Diff Query with Observe
C.3. Full Query with Observe and Diff Query C.3. Full Query with Observe and Diff Query
Figure 12 shows an interaction example of a CoAP observation and a Figure 12 shows an interaction example of a CoAP observation and a
full query of the TRL. full query of the TRL.
The example also shows one of the notifications from the AS getting The example also shows one of the notifications from the AS getting
lost in transmission; thus, it does not reach the RS. lost in transmission; thus, that notification does not reach the RS.
When this happens, and after a waiting time defined by the When this happens, and after a waiting time defined by the
application has elapsed, the RS sends a GET request with no Observe application has elapsed, the RS sends a GET request with no Observe
Option to the AS to perform a diff query of the TRL. The RS Option to the AS to perform a diff query of the TRL. The RS
indicates N = 8 as the value of the 'diff' query parameter, i.e., as indicates N = 8 as the value of the 'diff' query parameter, i.e., as
the maximum number of diff entries to be specified in a response from the maximum number of diff entries to be included in a response from
the AS. the AS.
In this example, the AS does not support the "Cursor" extension. In this example, the AS does not support the "Cursor" extension.
Hence, the 'cursor' parameter is not included in the payload of the Hence, the 'cursor' parameter is not included in the payload of the
responses to a full query request. Also, the 'cursor' parameter and responses to a full query request. Also, the 'cursor' parameter and
the 'more' parameter are not included in the payload of the responses the 'more' parameter are not included in the payload of the responses
to a diff query request. to a diff query request.
RS AS RS AS
| | | |
skipping to change at line 3013 skipping to change at line 3003
| "max_n" : 10 | | "max_n" : 10 |
| } | | } |
| | | |
| GET coap://as.example.com/revoke/trl/ | | GET coap://as.example.com/revoke/trl/ |
| Observe: 0 | | Observe: 0 |
+--------------------------------------------------->| +--------------------------------------------------->|
| | | |
|<---------------------------------------------------+ |<---------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 42 | | Observe: 42 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [] | | / full_set / 0: [] |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access tokens t1 and t2 issued | | (Access tokens t1 and t2 issued |
| and successfully submitted to RS) | | and successfully submitted to RS) |
| | | |
| ... | | ... |
| | | |
| (Access token t1 is revoked) | | (Access token t1 is revoked) |
| | | |
|<---------------------------------------------------+ |<---------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 53 | | Observe: 53 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [bstr.h(t1)] | | / full_set / 0: [bstr.h(t1)] |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t2 is revoked) | | (Access token t2 is revoked) |
| | | |
|<---------------------------------------------------+ |<---------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 64 | | Observe: 64 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [bstr.h(t1), bstr.h(t2)] | | / full_set / 0: [bstr.h(t1), bstr.h(t2)] |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t1 expires) | | (Access token t1 expires) |
| | | |
|<---------------------------------------------------+ |<---------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 75 | | Observe: 75 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [bstr.h(t2)] | | / full_set / 0: [bstr.h(t2)] |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t2 expires) | | (Access token t2 expires) |
| | | |
| Lost X <------------------------------------------+ | Lost X <------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 86 | | Observe: 86 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [] | | / full_set / 0: [] |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Enough time has passed since | | (Enough time has passed since |
| the latest received notification) | | the latest received notification) |
| | | |
| | | |
| GET coap://as.example.com/revoke/trl?diff=8 | | GET coap://as.example.com/revoke/trl?diff=8 |
+--------------------------------------------------->| +--------------------------------------------------->|
| | | |
|<---------------------------------------------------+ |<---------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'diff_set' : [ | | / diff_set / 1: [ |
| [ [bstr.h(t2)], [] ], | | [ [bstr.h(t2)], [] ], |
| [ [bstr.h(t1)], [] ], | | [ [bstr.h(t1)], [] ], |
| [ [], [bstr.h(t2)] ], | | [ [], [bstr.h(t2)] ], |
| [ [], [bstr.h(t1)] ] | | [ [], [bstr.h(t1)] ] |
| ] | | ] |
| } | | } |
| | | |
Figure 12: Interaction for Full Query with Observe and Diff Query Figure 12: Interaction for Full Query with Observe and Diff Query
skipping to change at line 3108 skipping to change at line 3098
CBOR map conveyed as payload of the registration response CBOR map conveyed as payload of the registration response
additionally includes a "max_diff_batch" parameter. This specifies additionally includes a "max_diff_batch" parameter. This specifies
the value of MAX_DIFF_BATCH, i.e., the maximum number of diff entries the value of MAX_DIFF_BATCH, i.e., the maximum number of diff entries
that can be included in a response to a diff query request from this that can be included in a response to a diff query request from this
RS. RS.
Figure 13 shows an interaction example of a CoAP observation and a Figure 13 shows an interaction example of a CoAP observation and a
diff query of the TRL. diff query of the TRL.
The RS specifies the 'diff' query parameter with a value of 3, i.e., The RS specifies the 'diff' query parameter with a value of 3, i.e.,
the maximum number of diff entries to be specified in a response from the maximum number of diff entries to be included in a response from
the AS. the AS.
If the RS has not received a notification from the AS after a waiting If the RS has not received a notification from the AS for a waiting
time defined by the application, the RS sends a GET request with no time defined by the application, the RS sends a GET request with no
Observe Option to the AS to perform a diff query of the TRL. Observe Option to the AS to perform a diff query of the TRL.
This is followed up by a further diff query request that specifies This is followed up by a further diff query request that includes the
the 'cursor' query parameter. Note that the payload of the 'cursor' query parameter. Note that the payload of the corresponding
corresponding response differs from the payload of the response to response differs from the payload of the response to the previous
the previous diff query request. diff query request.
RS AS RS AS
| | | |
| Registration: POST | | Registration: POST |
+------------------------------------------------------->| +------------------------------------------------------->|
| | | |
|<-------------------------------------------------------+ |<-------------------------------------------------------+
| 2.01 Created | | 2.01 Created |
| Payload: { | | Payload: { |
| / ... / | | / ... / |
| "trl_path" : "/revoke/trl", | | "trl_path" : "/revoke/trl", |
| "trl_hash" : "sha-256", | | "trl_hash" : "sha-256", |
| "max_n" : 10, | | "max_n" : 10, |
| "max_diff_batch": 5 | | "max_diff_batch" : 5 |
| } | | } |
| | | |
| GET coap://as.example.com/revoke/trl?diff=3 | | GET coap://as.example.com/revoke/trl?diff=3 |
| Observe: 0 | | Observe: 0 |
+------------------------------------------------------->| +------------------------------------------------------->|
| | | |
|<-------------------------------------------------------+ |<-------------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 42 | | Observe: 42 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'diff_set' : [], | | / diff_set / 1: [], |
| e'cursor' : null, | | / cursor / 2: null, |
| e'more' : false | | / more / 3: false |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access tokens t1 and t2 issued | | (Access tokens t1 and t2 issued |
| and successfully submitted to RS) | | and successfully submitted to RS) |
| | | |
| ... | | ... |
| | | |
| (Access token t1 is revoked) | | (Access token t1 is revoked) |
| | | |
|<-------------------------------------------------------+ |<-------------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 53 | | Observe: 53 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'diff_set' : [ | | / diff_set / 1: [ |
| [ [], [bstr.h(t1)] ] | | [ [], [bstr.h(t1)] ] |
| ], | | ], |
| e'cursor' : 0, | | / cursor / 2: 0, |
| e'more' : false | | / more / 3: false |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t2 is revoked) | | (Access token t2 is revoked) |
| | | |
|<-------------------------------------------------------+ |<-------------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 64 | | Observe: 64 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'diff_set' : [ | | / diff_set / 1: [ |
| [ [], [bstr.h(t2)] ], | | [ [], [bstr.h(t2)] ], |
| [ [], [bstr.h(t1)] ] | | [ [], [bstr.h(t1)] ] |
| ], | | ], |
| e'cursor' : 1, | | / cursor / 2: 1, |
| e'more' : false | | / more / 3: false |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t1 expires) | | (Access token t1 expires) |
| | | |
|<-------------------------------------------------------+ |<-------------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 75 | | Observe: 75 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'diff_set' : [ | | / diff_set / 1: [ |
| [ [bstr.h(t1)], [] ], | | [ [bstr.h(t1)], [] ], |
| [ [], [bstr.h(t2)] ], | | [ [], [bstr.h(t2)] ], |
| [ [], [bstr.h(t1)] ] | | [ [], [bstr.h(t1)] ] |
| ], | | ], |
| e'cursor' : 2, | | / cursor / 2: 2, |
| e'more' : false | | / more / 3: false |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t2 expires) | | (Access token t2 expires) |
| | | |
|<-------------------------------------------------------+ |<-------------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 86 | | Observe: 86 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'diff_set' : [ | | / diff_set / 1: [ |
| [ [bstr.h(t2)], [] ], | | [ [bstr.h(t2)], [] ], |
| [ [bstr.h(t1)], [] ], | | [ [bstr.h(t1)], [] ], |
| [ [], [bstr.h(t2)] ] | | [ [], [bstr.h(t2)] ] |
| ], | | ], |
| e'cursor' : 3, | | / cursor / 2: 3, |
| e'more' : false | | / more / 3: false |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Enough time has passed since | | (Enough time has passed since |
| the latest received notification) | | the latest received notification) |
| | | |
| | | |
| GET coap://as.example.com/revoke/trl?diff=3 | | GET coap://as.example.com/revoke/trl?diff=3 |
+------------------------------------------------------->| +------------------------------------------------------->|
| | | |
|<-------------------------------------------------------+ |<-------------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'diff_set' : [ | | / diff_set / 1: [ |
| [ [bstr.h(t2)], [] ], | | [ [bstr.h(t2)], [] ], |
| [ [bstr.h(t1)], [] ], | | [ [bstr.h(t1)], [] ], |
| [ [], [bstr.h(t2)] ] | | [ [], [bstr.h(t2)] ] |
| ], | | ], |
| e'cursor' : 3, | | / cursor / 2: 3, |
| e'more' : false | | / more / 3: false |
| } | | } |
| | | |
| GET coap://as.example.com/revoke/trl?diff=3&cursor=3 | | GET coap://as.example.com/revoke/trl?diff=3&cursor=3 |
+------------------------------------------------------->| +------------------------------------------------------->|
| | | |
|<-------------------------------------------------------+ |<-------------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'diff_set' : [], | | / diff_set / 1: [], |
| e'cursor' : 3, | | / cursor / 2: 3, |
| e'more' : false | | / more / 3: false |
| } | | } |
| | | |
Figure 13: Interaction for Diff Query with Observe and "Cursor" Figure 13: Interaction for Diff Query with Observe and "Cursor"
Extension Extension
C.5. Full Query with Observe and Diff Query with "Cursor" Extension C.5. Full Query with Observe and Diff Query with "Cursor" Extension
In this example, the AS supports the "Cursor" extension. Hence, the In this example, the AS supports the "Cursor" extension. Hence, the
CBOR map conveyed as payload of the registration response CBOR map conveyed as payload of the registration response
additionally includes a "max_diff_batch" parameter. This specifies additionally includes a "max_diff_batch" parameter. This specifies
the value of MAX_DIFF_BATCH, i.e., the maximum number of diff entries the value of MAX_DIFF_BATCH, i.e., the maximum number of diff entries
that can be included in a response to a diff query request from this that can be included in a response to a diff query request from this
RS. RS.
Figure 14 shows an interaction example of a CoAP observation and a Figure 14 shows an interaction example of a CoAP observation and a
full query of the TRL. full query of the TRL.
The example also shows some of the notifications from the AS getting The example also shows some of the notifications from the AS getting
lost in transmission; thus, they do not reach the RS. lost in transmission; thus, those notifications do not reach the RS.
When this happens, and after a waiting time defined by the When this happens, and after a waiting time defined by the
application has elapsed, the RS sends a GET request with no Observe application has elapsed, the RS sends a GET request with no Observe
Option to the AS, to perform a diff query of the TRL. In particular, Option to the AS, to perform a diff query of the TRL. In particular,
the RS specifies: the RS specifies:
* The 'diff' query parameter with a value of 8, i.e., the maximum * The 'diff' query parameter with a value of 8, i.e., the maximum
number of diff entries to be specified in a response from the AS. number of diff entries to be included in a response from the AS.
* The 'cursor' query parameter with a value of 2, thus requesting * The 'cursor' query parameter with a value of 2, thus requesting
from the update collection the series items following the one with from the update collection the series items following the one with
the 'index' value equal to 2 (i.e., following the last series item the 'index' value equal to 2 (i.e., following the last series item
that the RS successfully received in an earlier notification that the RS successfully received in an earlier notification
response). response).
The response from the AS conveys a first batch of MAX_DIFF_BATCH = 5 The response from the AS conveys a first batch of MAX_DIFF_BATCH = 5
series items from the update collection corresponding to the RS. The series items from the update collection corresponding to the RS. The
AS indicates that further series items are actually available in the AS indicates that further series items are actually available in the
update collection by setting the 'more' parameter of the response to update collection by setting the 'more' parameter of the response to
true. Also, the 'cursor' parameter of the response is set to 7, true. Also, the 'cursor' parameter of the response is set to 7,
i.e., to the 'index' value of the most recent series item included in i.e., to the 'index' value of the most recent series item included in
the response. the response.
After that, the RS follows up with a further diff query request After that, the RS follows up with a further diff query request
specifying the 'cursor' query parameter with a value of 7 in order to including the 'cursor' query parameter with a value of 7 in order to
retrieve the next and last batch of series items from the update retrieve the next and last batch of series items from the update
collection. collection.
RS AS RS AS
| | | |
| Registration: POST | | Registration: POST |
+-------------------------------------------------------------->| +-------------------------------------------------------------->|
| | | |
|<--------------------------------------------------------------+ |<--------------------------------------------------------------+
| 2.01 Created | | 2.01 Created |
| Payload: { | | Payload: { |
| / ... / | | / ... / |
| "trl_path" : "/revoke/trl", | | "trl_path" : "/revoke/trl", |
| "trl_hash" : "sha-256", | | "trl_hash" : "sha-256", |
| "max_n" : 10, | | "max_n" : 10, |
| "max_diff_batch": 5 | | "max_diff_batch" : 5 |
| } | | } |
| | | |
| GET coap://as.example.com/revoke/trl/ | | GET coap://as.example.com/revoke/trl/ |
| Observe: 0 | | Observe: 0 |
+-------------------------------------------------------------->| +-------------------------------------------------------------->|
| | | |
|<--------------------------------------------------------------+ |<--------------------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 42 | | Observe: 42 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [], | | / full_set / 0: [], |
| e'cursor' : null | | / cursor / 2: null |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access tokens t1, t2, t3 issued | | (Access tokens t1, t2, t3 issued |
| and successfully submitted to RS) | | and successfully submitted to RS) |
| | | |
| ... | | ... |
| | | |
| (Access tokens t4, t5, t6 issued | | (Access tokens t4, t5, t6 issued |
| and successfully submitted to RS) | | and successfully submitted to RS) |
| | | |
| ... | | ... |
| | | |
| (Access token t1 is revoked) | | (Access token t1 is revoked) |
| | | |
|<--------------------------------------------------------------+ |<--------------------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 53 | | Observe: 53 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [bstr.h(t1)], | | / full_set / 0: [bstr.h(t1)], |
| e'cursor' : 0 | | / cursor /2: 0 |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t2 is revoked) | | (Access token t2 is revoked) |
| | | |
|<--------------------------------------------------------------+ |<--------------------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 64 | | Observe: 64 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [bstr.h(t1), bstr.h(t2)], | | / full_set / 0: [bstr.h(t1), bstr.h(t2)], |
| e'cursor' : 1 | | / cursor / 2: 1 |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t1 expires) | | (Access token t1 expires) |
| | | |
|<--------------------------------------------------------------+ |<--------------------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 75 | | Observe: 75 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [bstr.h(t2)], | | / full_set / 0: [bstr.h(t2)], |
| e'cursor' : 2 | | / cursor / 2: 2 |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t2 expires) | | (Access token t2 expires) |
| | | |
| Lost X <-----------------------------------------------------+ | Lost X <-----------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 86 | | Observe: 86 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [], | | / full_set / 0: [], |
| e'cursor' : 3 | | / cursor / 2: 3 |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t3 is revoked) | | (Access token t3 is revoked) |
| | | |
| Lost X <-----------------------------------------------------+ | Lost X <-----------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 88 | | Observe: 88 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [bstr.h(t3)], | | / full_set / 0: [bstr.h(t3)], |
| e'cursor' : 4 | | / cursor / 2: 4 |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t4 is revoked) | | (Access token t4 is revoked) |
| | | |
| Lost X <-----------------------------------------------------+ | Lost X <-----------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 89 | | Observe: 89 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [bstr.h(t3), bstr.h(t4)], | | / full_set / 0: [bstr.h(t3), bstr.h(t4)], |
| e'cursor' : 5 | | / cursor / 2: 5 |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t3 expires) | | (Access token t3 expires) |
| | | |
| Lost X <-----------------------------------------------------+ | Lost X <-----------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 90 | | Observe: 90 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [bstr.h(t4)], | | / full_set / 0: [bstr.h(t4)], |
| e'cursor' : 6 | | / cursor / 2: 6 |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t4 expires) | | (Access token t4 expires) |
| | | |
| Lost X <-----------------------------------------------------+ | Lost X <-----------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 91 | | Observe: 91 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [], | | / full_set / 0: [], |
| e'cursor' : 7 | | / cursor / 2: 7 |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access tokens t5 and t6 are revoked) | | (Access tokens t5 and t6 are revoked) |
| | | |
| Lost X <-----------------------------------------------------+ | Lost X <-----------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 92 | | Observe: 92 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [bstr.h(t5), bstr.h(t6)], | | /full_set / 0: [bstr.h(t5), bstr.h(t6)], |
| e'cursor' : 8 | | / cursor / 2: 8 |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t5 expires) | | (Access token t5 expires) |
| | | |
| Lost X <-----------------------------------------------------+ | Lost X <-----------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 93 | | Observe: 93 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [bstr.h(t6)], | | / full_set / 0: [bstr.h(t6)], |
| e'cursor' : 9 | | / cursor / 2: 9 |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Access token t6 expires) | | (Access token t6 expires) |
| | | |
| Lost X <-----------------------------------------------------+ | Lost X <-----------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Observe: 94 | | Observe: 94 |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'full_set' : [], | | / full_set / 0: [], |
| e'cursor' : 10 | | / cursor / 2: 10 |
| } | | } |
| | | |
| ... | | ... |
| | | |
| (Enough time has passed since | | (Enough time has passed since |
| the latest received notification) | | the latest received notification) |
| | | |
| | | |
| GET coap://as.example.com/revoke/trl?diff=8&cursor=2 | | GET coap://as.example.com/revoke/trl?diff=8&cursor=2 |
+-------------------------------------------------------------->| +-------------------------------------------------------------->|
| | | |
|<--------------------------------------------------------------+ |<--------------------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor)|
| Payload: { | | Payload: { |
| e'diff_set' : [ | | / diff_set / 1: [ |
| [ [bstr.h(t4)], [] ], | | [ [bstr.h(t4)], [] ], |
| [ [bstr.h(t3)], [] ], | | [ [bstr.h(t3)], [] ], |
| [ [], [bstr.h(t4)] ], | | [ [], [bstr.h(t4)] ], |
| [ [], [bstr.h(t3)] ], | | [ [], [bstr.h(t3)] ], |
| [ [bstr.h(t2)], [] ] | | [ [bstr.h(t2)], [] ] |
| ], | | ], |
| e'cursor' : 7, | | / cursor / 2: 7, |
| e'more' : true | | / more / 3: true |
| } | | } |
| | | |
| GET coap://as.example.com/revoke/trl?diff=8&cursor=7 | | GET coap://as.example.com/revoke/trl?diff=8&cursor=7 |
+-------------------------------------------------------------->| +-------------------------------------------------------------->|
| | | |
|<--------------------------------------------------------------+ |<--------------------------------------------------------------+
| 2.05 Content | | 2.05 Content |
| Content-Format: application/ace-trl+cbor | | Content-Format:262(application/ace-trl+cbor) |
| Payload: { | | Payload: { |
| e'diff_set' : [ | | / diff_set / 1: [ |
| [ [bstr.h(t6)], [] ], | | [ [bstr.h(t6)], [] ], |
| [ [bstr.h(t5)], [] ], | | [ [bstr.h(t5)], [] ], |
| [ [], [bstr.h(t5), bstr.h(t6)] ] | | [ [], [bstr.h(t5), bstr.h(t6)] ] |
| ], | | ], |
| e'cursor' : 10, | | / cursor / 2: 10, |
| e'more' : false | | / more / 3: false |
| } | | } |
| | | |
Figure 14: Interaction for Full Query with Observe and Diff Query Figure 14: Interaction for Full Query with Observe and Diff Query
with "Cursor" Extension with "Cursor" Extension
Appendix D. CDDL Model
full_set = 0
diff_set = 1
cursor = 2
more = 3
ace-trl-error = 1
Figure 15: CDDL Model
Acknowledgments Acknowledgments
Ludwig Seitz contributed as a coauthor of initial versions of this Ludwig Seitz contributed as a coauthor of initial versions of this
document. document.
The authors sincerely thank Christian Amsüss, Carsten Bormann, Deb The authors sincerely thank Christian Amsüss, Carsten Bormann, Deb
Cooley, Roman Danyliw, Dhruv Dhody, Rikard Höglund, Benjamin Kaduk, Cooley, Roman Danyliw, Dhruv Dhody, Rikard Höglund, Benjamin Kaduk,
David Navarro, Joerg Ott, Marco Rasori, Michael Richardson, Kyle David Navarro, Joerg Ott, Marco Rasori, Michael Richardson, Kyle
Rose, Zaheduzzaman Sarker, Jim Schaad, Göran Selander, Travis Rose, Zaheduzzaman Sarker, Jim Schaad, Göran Selander, Travis
Spencer, Orie Steele, Éric Vyncke, Niklas Widell, Dale Worley, and Spencer, Orie Steele, Éric Vyncke, Niklas Widell, Dale Worley, and
skipping to change at line 3561 skipping to change at line 3540
The work on this document has been partly supported by the Sweden's The work on this document has been partly supported by the Sweden's
Innovation Agency VINNOVA and the Celtic-Next projects CRITISEC and Innovation Agency VINNOVA and the Celtic-Next projects CRITISEC and
CYPRESS; and by the H2020 project SIFIS-Home (Grant agreement CYPRESS; and by the H2020 project SIFIS-Home (Grant agreement
952652). 952652).
Authors' Addresses Authors' Addresses
Marco Tiloca Marco Tiloca
RISE AB RISE AB
Isafjordsgatan 22 Isafjordsgatan 22
SE-16440 Kista SE-SE-164 40 Kista
Sweden Sweden
Email: marco.tiloca@ri.se Email: marco.tiloca@ri.se
Francesca Palombini Francesca Palombini
Ericsson AB Ericsson AB
Torshamnsgatan 23 Torshamnsgatan 23
SE-16440 Kista SE-16440 Kista
Sweden Sweden
Email: francesca.palombini@ericsson.com Email: francesca.palombini@ericsson.com
 End of changes. 173 change blocks. 
264 lines changed or deleted 243 lines changed or added

This html diff was produced by rfcdiff 1.48.