]> Ericsson

jaime@iki.fi

Dogtiger Labs

michaeljohnkoster@gmail.com

Ericsson

ari.keranen@ericsson.com

Applications CoRE Working Group This document describes a publish-subscribe architecture for the Constrained Application Protocol (CoAP), extending the capabilities of CoAP communications for supporting endpoints with long breaks in connectivity and/or up-time. CoAP clients publish on and subscribe to a topic via a corresponding topic resource at a CoAP server acting as broker. Status information for this document may be found at . Discussion of this document takes place on the core Working Group mailing list (), which is archived at . Subscribe at . Source for this draft and an issue tracker can be found at .

Introduction The Constrained Application Protocol (CoAP) supports machine-to-machine communication across networks of constrained devices and constrained networks. CoAP uses a request/response model where clients make requests to servers in order to request actions on resources. Depending on the situation the same device may act either as a server, a client, or both. One important class of constrained devices includes devices that are intended to run for years from a small battery, or by scavenging energy from their environment. These devices have limited up-time because they spend most of their time in a sleeping state with no network connectivity. Another important class of nodes are devices with limited reachability due to middle-boxes like Network Address Translators (NATs) and firewalls. For these nodes, the client/server-oriented architecture of REST can be challenging when interactions are not initiated by the devices themselves. A publish/subscribe-oriented architecture where nodes exchange data via topics through a broker entity might fit these nodes better. This document applies the idea of broker-based publish-subscribe to Constrained RESTful Environments using CoAP. It defines a broker that allows to create, discover subscribe and publish on topics.

Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in () () when, and only when, they appear in all capitals, as shown here. This specification requires readers to be familiar with all the terms and concepts that are discussed in and . Readers should also be familiar with the terms and concepts discussed in , and . The URI template format is used to describe the REST API defined in this specification. This specification makes use of the following terminology:

publish-subscribe (pubsub):

A message communication model where messages associated with specific topics are sent to a broker. Interested parties, i.e. subscribers, receive these topic-based messages from the broker without the original sender knowing the recipients. The broker handles matching and delivering these messages to the appropriate subscribers.

publishers and subscribers:

CoAP clients can act as publishers or as subscribers. Publishers send CoAP messages (publications) to the broker on specific topics. Subscribers have an ongoing observation relation (subscription) to a topic. Both roles operate without any mutual knowledge, guided by their respective topic interests.

topic collection:

A set of topics. A topic collection is hosted as one collection resource (See ) at the broker, and its representation is the list of links to the topic resources corresponding to each topic.

topic:

A set of information concerning a topic, including its configuration and other metadata. A topic is hosted as one topic resource at the broker, and its representation is the set of configuration information concerning the topic. All the topic resources associated with the same topic collection share a common base URI, i.e., the URI of the collection resource.

topic-data resource:

A resource where clients can publish data and/or subscribe to data for a specific topic. The representation of the topic resource corresponding to such a topic also specifies the URI to the present topic-data resource.

broker:

A CoAP server that hosts one or more topic collections with their topics, and also topic-data resources. The broker is responsible for the store-and-forward of state update representations, for the topics for which it hosts the corresponding topic-data resources. The broker is also responsible for handling the topic lifecycle as defined in . The creation, configuration, and discovery of topics at a broker is specified in .

CoAP Publish-Subscribe Architecture shows a simple Publish/Subscribe architecture over CoAP. Topics are created by the broker, but the initial configuration can be proposed by a client (e.g., a publisher or a dedicated administrator) over the RESTful interface of a corresponding topic resource hosted by the broker. Publishers submit their data over the RESTful interface of a topic-data resource corresponding to the topic, which may be hosted by the broker. Subscribers to a topic are notified of new publications by using Observe on the corresponding topic-data resource. The broker is responsible for the store-and-forward of state update representations between CoAP clients. Subscribers observing a resource will receive notifications, the delivery of which is done on a best-effort basis.

+ +---------->| subscriber | | | | +---------->| | '-----------' | | '------------' ... | broker | ... ... | | ... .-----------. | | observe .------------. | | publish | |<----------+ | | publisher +--------->| +---------->| subscriber | | | | +---------->| | '-----------' '----------' '------------' ]]>

This document describes two sets of interactions; interactions to configure topics and their lifecycle (see ) and interactions about the topic-data (see ). Topic interactions are discovery, create, read configuration, update configuration, and delete configuration. These operations handle the management of the topics. Topic-data interactions are publish, subscribe, unsubscribe, read, and delete. These operations are oriented on how data is transferred from a publisher to a subscriber.

Managing Topics shows the resources related to a Topic Collection that can be managed at the Broker.

The Broker exports one or more topic collection resources, with resource type "core.ps.coll" defined in of this document. The interfaces for the topic collection resource is defined in . A topic collection resource can have topic resources as its child resources, with resource type "core.ps.conf".

PubSub Topics The configuration side of a publish and subscribe broker consists of a collection of topics. These topics as well as the collection itself are exposed by a CoAP server as resources (see ). Each topic is associated with a topic resource and a topic-data resource. The topic resource is used by a client creating or administering a topic. The topic-data resource is used by the publishers and the subscribers to a topic.

Collection Representation Each topic is represented as a link, where the link target is the URI of the corresponding topic resource. Publication and subscription to a topic occur at a link, where the link target is the URI of the corresponding topic-data resource. Such a link is specified by the topic-data entry within the topic resource (see ). A topic resource with a topic-data link can also be simply called "topic". The list of links to the topic resources can be retrieved from the associated topic collection resource, and represented as a Link Format document where each such link specifies the link target attribute 'rt' (Resource Type), with value "core.ps.conf" defined in this document.

Topic Representation A CoAP client can create a new topic by submitting an initial configuration for the topic (see ). It can also read and update the configuration of existing topics and topic properties as well as delete them when they are no longer needed (see ). The configuration of a topic itself consists of a set of properties that can be set by a client or by the broker. The topic is represented as a CBOR map containing the configuration properties of the topic as top-level elements. Unless specified otherwise, these are defined in this document and their CBOR abbreviations are defined in .

Topic Properties The CBOR map includes the following configuration parameters, whose CBOR abbreviations are defined in of this document. 'topic-name': A required field used as an application identifier. It encodes the topic name as a CBOR text string. Examples of topic names include human-readable strings (e.g., "room2"), UUIDs, or other values. 'topic-data': A required field (optional during creation) containing the URI of the topic-data resource for publishing/subscribing to this topic. It encodes the URI as a CBOR text string. 'resource-type': A required field used to indicate the resource type of the topic-data resource for the topic. It encodes the resource type as a CBOR text string. The value should be "core.ps.data". 'topic-content-format': This optional field specifies the CoAP Content-Format identifier of the topic-data resource representation, e.g., 60 for the media-type "application/cbor". 'topic-type': An optional field used to indicate the attribute or property of the topic-data resource for the topic. It encodes the attribute as a CBOR text string. Example attributes include "temperature". 'expiration-date': An optional field used to indicate the expiration date of the topic. It encodes the expiration date as a CBOR text string. The value should be a date string as defined in Section of RFC 8949 (e.g., the CBOR encoded version of "2023-03-31T23:59:59Z"). If this field is not present, the topic will not expire automatically. 'max-subscribers': An optional field used to indicate the maximum number of simultaneous subscribers allowed for the topic. It encodes the maximum number as an unsigned CBOR integer. If this field is not present or if the field is empty, then there is no limit to the number of simultaneous subscribers allowed. The broker can use this field to limit the number of subscribers for the topic. 'observer-check': An optional field that controls the maximum number of seconds between two consecutive Observe notifications sent as Confirmable messages to each topic subscriber (see ). Encoded as a CBOR unsigned integer greater than 0, it ensures subscribers who have lost interest and silently forgotten the observation do not remain indefinitely on the server's observer list. If another CoAP server hosts the topic-data resource, that server is responsible for applying the observer-check value. The default value for this field is 86400, as defined in , which corresponds to 24 hours. 'topic-history': An optional field used to indicate how many previous resource representations the broker shall store for a topic. Encoded as an unsigned CBOR integer, it defines a counter representing the number of historical resource states the broker retains. This enables subscribers to retrieve past states of the topic data when necessary, useful in scenarios where historical context is required (e.g., for data analytics or auditing). If this field is not present, no historical data will be stored. 'initialize': An optional boolean field that, when set to true, allows the topic-data path to be pre-populated with a zero-length (empty) payload without an explicit Content-Format. This behavior facilitates one-shot publication and topic creation, enabling CoAP clients to subscribe by default without encountering a 4.04 Not Found error. If this field is not present, the broker behaves as usual, and the topic-data path is not initialized.

Discovery A client can perform a discovery of: the broker; the topic collection resources and topic resources hosted by the broker; and the topic-data resources associated with those topic resources.

Broker Discovery CoAP clients MAY discover brokers by using CoAP Simple Discovery, via multicast, through a Resource Directory (RD) or by other means specified in extensions to . Brokers MAY register with a RD by following the steps on with the resource type set to "core.ps" as defined in of this document. The following example shows an endpoint discovering a broker using the "core.ps" resource type over a multicast network. Brokers within the multicast scope will answer the query.

;rt="core.ps" ]]>

Topic Collection Discovery A Broker SHOULD offer a topic discovery entry point to enable clients to find topics of interest. The resource entry point is the topic collection resource collecting the topics for those topics (see ) and is identified by the resource type "core.ps.coll". The specific resource path is left for implementations, examples in this document use the "/ps" path. The interactions with a topic collection are further defined in . Since the representation of the topic collection resource includes the links to the associated topic resources, it is not required to locate those links under "/.well-known/core", also in order to limit the size of the Link Format document returned as result of the discovery. Example:

;rt="core.ps.coll";ct=40, ;rt="core.ps.coll";ct=40 ]]>

Topic Discovery Each topic collection is associated with a group of topic resources, each detailing the configuration of its respective topic (refer to ). Each topic resource is identified by the resource type "core.ps.conf". Below is an example of discovery via /.well-known/core with rt=core.ps.conf that returns a list of topics, as the list of links to the corresponding topic resources.

;rt="core.ps.conf";ct=TBD606, ;rt="core.ps.conf";ct=TBD606 ]]>

Topic-Data Discovery Within a topic, there is the topic-data property containing the URI of the topic-data resource that a CoAP client can subscribe and publish to. Resources exposing resources of the topic-data type are expected to use the resource type 'core.ps.data'. The topic-data contains the URI of the topic-data resource for publishing and subscribing. So retrieving the topic will also provide the URL of the topic-data (see ). It is also possible to discover a list of topic-data resources by sending a request to the collection with rt=core.ps.data resources as shown below.

;rt="core.ps.data";obs ]]>

Topic Collection Interactions These are the interactions that can happen directly with a specific topic collection.

Retrieving all topics A client can request a collection of the topics present in the broker by making a GET request to the collection URI. On success, the broker returns a 2.05 (Content) response, specifying the list of links to topic resources associated with this topic collection (see ). A client MAY retrieve a list of links to topics it is authorized to access, based on its permissions. Example:

;rt="core.ps.conf", ;rt="core.ps.conf" ]]>

Getting topics by Properties A client can filter a collection of topics by submitting the representation of a topic filter (see ) in a FETCH request to the topic collection URI. On success, the broker returns a 2.05 (Content) response with a representation of a list of topics in the collection (see ) that match the filter in CoRE link format . Upon success, the broker responds with a 2.05 (Content), providing a list of links to topic resources associated with this topic collection that match the request's filter criteria (refer to ). A positive match happens only when each request parameter is present with the indicated value in the topic resource representation. Example:

;rt="core.ps.conf" ]]>

Creating a Topic A client can add a new topics to a collection of topics by submitting an initial representation of the initial topic resource (see ) in a POST request to the topic collection URI. The request MUST specify at least a subset of the properties in , namely: topic-name and resource-type. Please note that the topic will NOT be fully created until a publisher has published some data to it (See ). To facilitate immediate subscription and allow clients to observe the topic before data has been published, the client can include the "initialize" set to "true". When supported, the broker will create the topic and pre-populate the "topic-data" field with a zero-length (empty) payload without an explicit Content-Format. That is, a subscribing client would get this zero-length representation without an associated Content-Format Option in the CoAP resonse. This means “indeterminate” per . When "initialize" is set to "false" or omitted, the topic will only be fully created after data is published to it. On success, the broker returns a 2.01 (Created) response, indicating the Location-Path of the new topic and the current representation of the topic resource. The response payload includes a CBOR map with key-value pairs. The response MUST include the required topic properties (see ), namely: "topic-name", "resource-type" and "topic-data". It MAY also include a number of optional properties too. If requirements are defined for the client to create the topic as requested and the broker does not successfully assess that those requirements are met, then the broker MUST respond with a 4.03 (Forbidden) error. The response MUST have Content-Format set to "application/core-pubsub+cbor". The broker MUST issue a 4.00 (Bad Request) error if a received parameter is invalid, unrecognized, or if the topic-name is already in use or otherwise invalid.

Topic Interactions These are the interactions that can happen at the topic resource level.

Getting a topic A client can read the configuration of a topic by making a GET request to the topic resource URI. On success, the broker returns a 2.05 (Content) response with a representation of the topic resource, as specified in . If requirements are defined for the client to read the topic as requested and the broker does not successfully assess that those requirements are met, then the broker MUST respond with a 4.03 (Forbidden) error. The response payload is a CBOR map, whose possible entries are specified in and use the same abbreviations defined in . For example, below is a request on the topic "ps/h9392":

Getting part of a topic A client can read the configuration of a topic by making a FETCH request to the topic resource URI with a filter for specific parameters. This is done in order to retrieve part of the current topic resource. The request contains a CBOR map with a configuration filter or 'conf-filter', a CBOR array of configuration parameters, as defined in . Each element of the array specifies one requested configuration parameter of the current topic resource (see ). On success, the broker returns a 2.05 (Content) response with a representation of the topic resource. The response has as payload the partial representation of the topic resource as specified in . If requirements are defined for the client to read the topic as requested and the broker does not successfully assess that those requirements are met, then the broker MUST respond with a 4.03 (Forbidden) error. The response payload is a CBOR map, whose possible entries are specified in and use the same abbreviations defined in . Both request and response MUST have Content-Format set to "application/core-pubsub+cbor". Example:

Updating the topic A client can update a topic's configuration by submitting the updated topic representation in a PUT request to the topic URI. However, the parameters "topic-name", "topic-data", and "resource-type" are immutable post-creation, and any request attempting to change them will be deemed invalid by the broker. On success, the topic is overwritten and broker returns a 2.04 (Changed) response and the current full resource representation. The broker may choose not to overwrite parameters that are not explicitly modified in the request. Note that updating the "topic-data" path will automatically cancel all existing observations on it and thus will unsubscribe all subscribers. Updating the "topic-data" may happen also after it being deleted, as described on , this will in turn create a new "topic-data" path for that topic. Similarly, decreasing max-subscribers will also cause that some subscribers get unsubscribed. Unsubscribed endpoints receive a final 4.04 (Not Found) response as per . The specific queue management for unsubscribing is left for implementors. Please note that when using PUT the topic is being overwritten, thus some of the optional parameters (e.g., "max-subscribers", "observer-check") not included in the PUT message will be reset to their default values. Example:

Note that when a topic changes, it may result in disruptions for the subscribers. Some potential issues that may arise include: Limiting the number of subscribers will cause cancellation of ongoing subscriptions until max-subscribers has been reached. Changing the topic-data value will cancel all ongoing subscriptions. Changing of the expiration-date may cause cancellation of ongoing subscriptions if the topic expires at an earlier data.

Updating the topic with iPATCH A client can partially update a topic's configuration by submitting a partial topic representation in an iPATCH request to the topic URI. The iPATCH request allows for updating only specific fields of the topic while leaving the others unchanged. As with the PUT method, the parameters "topic-name", "topic-data", and "resource-type" are immutable post-creation, and any request attempting to change them will be deemed invalid by the broker. On success, the broker returns a 2.04 (Changed) response and the current full resource representation. The broker only updates parameters that are explicitly mentioned in the request. As with the PUT method, updating the "topic-data" path will automatically cancel all existing observations on it and thus will unsubscribe all subscribers. Decreasing max-subscribers will also cause some subscribers to get unsubscribed. Unsubscribed endpoints receive a final 4.04 (Not Found) response as per . Contrary to PUT, iPATCH operations will explicitly update some parameters, leaving others unmodified.

Note that when a topic changes through an iPATCH request, it may result in disruptions for the subscribers. For example, limiting the number of subscribers will cause cancellation of ongoing subscriptions until max-subscribers has been reached.

Deleting a topic A client can delete a topic by making a CoAP DELETE request on the topic resource URI. On success, the broker returns a 2.02 (Deleted) response. When a topic resource is deleted, the broker MUST also delete the topic-data resource, unsubscribe all subscribers by removing them from the list of observers and returning a final 4.04 (Not Found) response as per . Example:

Publish and Subscribe The overview of the publish/subscribe mechanism over CoAP is as follows: a publisher publishes to a topic by submitting the data in a PUT request to a topic-data resource and subscribers subscribe to a topic by submitting a GET request with Observe option set to 0 (register) to a topic-data resource. When resource state changes, subscribers observing the resource at that time will receive a notification. A topic-data resource does not exist until some initial data has been published to it. Before initial data publication, a GET request to the topic-data resource URI results in a 4.04 (Not Found) response. If such a "half created" topic is undesired, the creator of the topic can simply immediately publish some initial placeholder data to make the topic "fully created" (see ). URIs for topic resources are broker-generated (see ). There is no necessary URI pattern dependence between the URI where the topic-data exists and the URI of the topic resource.

Topic Lifecycle When a topic is newly created, it is first placed by the broker into the HALF CREATED state (see ). In this state, a client can read and update the configuration of the topic and delete the topic. A publisher can publish to the topic-data resource. However, a subscriber cannot yet subscribe to the topic-data resource nor read the latest data.

| | <------------------- | | ------------. Create | | | | | |____| -------------------> |____| <-----------' \ Publish / Subscribe | ^ \ ___ / | ^ Read/ | | '--> | | <--' | | Read/ Update | | Delete |___| Delete | | Update Topic '-' Topic Topic '-' topic-data DELETED ]]>

After a publisher publishes to the topic-data for the first time, the topic is placed into the FULLY CREATED state. In this state, a client can read data by means of a GET request without observe. A publisher can publish to the topic-data resource and a subscriber can observe the topic-data resource. When a client deletes a topic resource, the topic is placed into the DELETED state and shortly after removed from the server. In this state, all subscribers are removed from the list of observers of the topic-data resource and no further interactions with the topic are possible. When a client deletes a topic-data, the topic is placed into the HALF CREATED state, where clients can read, update and delete the topic and await for a publisher to begin publication.

Topic-Data Interactions Interactions with the topic-data resource are covered in this section.

Publish A topic with a topic-data resource must have been created in order to publish data to it (See ) and be in the half-created or fully-created state in order to the publish operation to work (see ). A client can publish data to a topic by submitting the data in a PUT request to the topic-data URI as indicated in its topic resource property. Please note that the topic-data URI is not the same as the topic URI used for configuring the topic (see ). On success, the broker returns a 2.04 (Changed) response. However, when data is published to the topic for the first time, the broker instead MUST return a 2.01 (Created) response and set the topic in the fully-created state (see ). If the request does not have an acceptable content-format, the broker returns a 4.15 (Unsupported Content-Format) response. If the client is sending publications too fast, the broker returns a 4.29 (Too Many Requests) response . Example of first publication:

Example of subsequent publication:

Subscribe A client can subscribe to a topic-data by sending a CoAP GET request with the CoAP Observe Option set to 0 to subscribe to resource updates . On success, the server hosting the topic-data resource MUST return 2.05 (Content) notifications with the data and the Observe Option. Otherwise, if no Observe Option is present the client should assume that the subscription was not successful. If the topic is not yet in the fully created state (see ) the broker MUST return a response code 4.04 (Not Found). The following response codes are defined for the Subscribe operation:

Success:

2.05 "Content". Successful subscribe with observe response, current value included in the response.

Failure:

4.04 "Not Found". The topic-data does not exist.

If the 'max-subscribers' parameter has been reached, the broker must treat that as specified in . The response MUST NOT include an Observe Option, the absence of which signals to the subscriber that the subscription failed. Example of a successful subscription followed by one update:

Unsubscribe A CoAP client can unsubscribe simply by canceling the observation as described in . The client MUST either use CoAP GET with the Observe Option set to 1 or send a CoAP Reset message in response to a notification. Also on the client can simply "forget" the observation and the broker will remove it from the list of observers after the next notification. As per a server that transmits notifications mostly in non-confirmable messages, but it MUST send a notification in a confirmable message instead of a non-confirmable message at least every 24 hours. This value can be modified at the broker by the administrator of a topic by modifying the parameter "observer-check" on . This would allow changing the rate at which different implementations verify that a subscriber is still interested in observing a topic-data resource.

Delete topic-data A publisher MAY delete a topic by making a CoAP DELETE request on the topic-data URI. On success, the broker returns a 2.02 (Deleted) response. When a topic-data resource is deleted, the broker MUST also delete the topic-data parameter in the topic resource, unsubscribe all subscribers by removing them from the list of observers and return a final 4.04 (Not Found) response as per . The topic is then set back to the half created state as per . Example of a successful deletion:

Read the latest data A client can get the latest published topic-data by making a GET request to the topic-data URI in the broker. Please note that discovery of the topic-data parameter is a required previous step (see ). On success, the server MUST return 2.05 (Content) response with the data. If the target URI does not match an existing resource or the topic is not in the fully created state (see ), the broker MUST return a response code 4.04 (Not Found). Example:

Rate Limiting The server hosting the topic-data may have to handle a potentially large number of publishers and subscribers at the same time. This means it could become overwhelmed if it receives too many publications in a short period of time. In this situation, if a publisher is sending publications too fast, the server SHOULD return a 4.29 (Too Many Requests) response . As described in , the Max-Age option in this response indicates the number of seconds after which the client may retry. The broker MAY also stop publishing messages from that publisher for the indicated time. When a publisher receives a 4.29 (Too Many Requests) response, it MUST NOT send any new publication requests to the same topic-data resource before the time indicated by the Max-Age option has passed.

CoAP Pubsub Parameters This document defines parameters used in the messages exchanged between a client and the broker during the topic creation and configuration process (see ). summarizes them and specifies the CBOR key to use instead of the full descriptive name. Note that the media type application/core-pubsub+cbor MUST be used when these parameters are transported in the respective message fields. Reference should always be RFC-XXXX. Name CBOR Key CBOR Type topic-name 0 tstr topic-data 1 tstr resource-type 2 tstr topic-content-format 3 uint topic-type 4 tstr expiration-date 5 tstr max-subscribers 6 uint observer-check 7 uint topic-history 8 uint initialize 9 bool conf-filter 10 array

Security Considerations The architecture presented in this document inherits the security considerations from CoAP and Observe , as well as from Web Linking , Link-Format , and the CoRE Resource Directory . Communications between each client and the broker are RECOMMENDED to be secured, e.g., by using OSCORE or DTLS . Security considerations for the used secure communication protocols apply too. The content published on a topic by a publisher client SHOULD be protected end-to-end between the publisher and all the subscribers to that topic. In such a case, it MUST be possible to assert source authentication of the published data. This can be achieved at the application layer, e.g., by using COSE , . Access control of clients at the broker MAY be enforced for performing discovery operation, and SHOULD be enforced in a fine-grained fashion for operations related to the creation, update, and deletion of topic resources, as well as for operations on topic-data resources such as publication on and subscription to topics. This prevents rogue clients to, among other things, repeatedly create topics at the broker or publish (large) contents, which may result in Denial of Service against the broker and the active subscribers. Building on , its application profile for publish-subscribe communication with CoAP provides a security model that can be used in the architecture presented in this document, in order to enable secure communication between the different parties as well as secure, authorized operations of publishers and subscribers that fulfill the requirements above. In particular, the application profile above relies on the ACE framework for Authentication and Authorization in Constrained Environments (ACE) and defines a method to: authorize publishers and subscribers to perform operations at the broker, with fine-grained access control; authorize publishers and subscribers to obtain the keying material required to take part to a topic managed by the broker; protect published data end-to-end between its publisher and all the subscribers to the targeted topic, ensuring confidentiality, integrity, and source authentication of the published content end-to-end. That approach can be extended to enforce authorization and fine-grained access control for administrator clients that are intended to create, update, and delete topics at the broker.

IANA Considerations This document has the following actions for IANA. Note to RFC Editor: Please replace all occurrences of "&SELF;" with the RFC number of this specification and delete this paragraph.

Media Type Registrations This specification registers the 'application/core-pubsub+cbor' media type for messages of the protocols defined in this document and carrying parameters encoded in CBOR. This registration follows the procedures specified in .

Type name:

application

Subtype name:

core-pubsub+cbor

Required parameters:

N/A

Optional parameters:

N/A

Encoding considerations:

Must be encoded as a CBOR map containing the parameters defined in &SELF;.

Security considerations:

See of &SELF;.

Interoperability considerations:

none

Published specification:

&SELF;

Applications that use this media type:

This type is used by clients that create, retrieve, and update topics at servers acting as a broker.

Fragment identifier considerations:

N/A

Additional information:

N/A

Person & email address to contact for further information:

CoRE WG mailing list (core@ietf.org), or IETF Web and Internet Transport (WIT) Area (wit@ietf.org)

Intended usage:

COMMON

Restrictions on usage:

none

Author/Change controller:

IETF

Provisional registration:

no

CoAP Content-Formats IANA is asked to register the following entry to the "CoAP Content-Formats" registry within the "CoRE Parameters" registry group.

Content Type:

application/core-pubsub+cbor

Content Coding:

-

ID:

TBD606

Reference:

&SELF;

Resource Types IANA is asked to enter the following values from in the "Resource Type (rt=) Link Target Attribute Values" registry within the "Constrained Restful Environments (CoRE) Parameters" registry group. Reference should always be RFC-XXXX. Value Description core.ps publish-subscribe broker core.ps.coll Topic collection resource of a publish-subscribe broker core.ps.conf Topic resource of a publish-subscribe broker core.ps.data Topic-data resource of a broker

CoAP Pubsub Parameters This specification establishes the "CoAP Pubsub topic configuration Parameters" IANA registry within the "Constrained RESTful Environments (CoRE) Parameters" registry group. The registration policy is either "Private Use", "Standards Action with Expert Review", or "Specification Required" or "Expert Review" per . "Expert Review" guidelines are provided in . All assignments according to "Standards Action with Expert Review" are made on a "Standards Action" basis per Section of RFC 8126 with "Expert Review" additionally required per Section of RFC 8126 . The procedure for early IANA allocation of "standards track code points" defined in also applies. When such a procedure is used, IANA will ask the designated expert(s) to approve the early allocation before registration. In addition, working group chairs are encouraged to consult the expert(s) early during the process outlined in Section of RFC 7120 . The columns of this registry are: Name: This is a descriptive name that enables easier reference to the item. The name MUST be unique. It is not used in the encoding. CBOR Key: This is the value used as the CBOR key of the item. These values MUST be unique. The value can be a positive integer, a negative integer, or a text string. Different ranges of values use different registration policies . Integer values from -256 to 255 as well as text strings of length 1 are designated as "Standards Action With Expert Review". Integer values from -65536 to -257 and from 256 to 65535, as well as text strings of length 2 are designated as "Specification Required". Integer values greater than 65535 as well as text strings of length greater than 2 are designated as "Expert Review". Integer values less than -65536 are marked as "Private Use". CBOR Type: This contains the CBOR type of the item, or a pointer to the registry that defines its type, when that depends on another item. Reference: This contains a pointer to the public specification for the item. This registry has been initially populated with the values in .

Expert Review Instructions The registration policy for the IANA registry established in is defined as "Expert Review". This section gives some general guidelines for what the experts should be looking for; however, they are being designated as experts for a reason, so they should be given substantial latitude. Expert reviewers should take into consideration the following points: The registration policy for the IANA registry established in is defined as one of "Standards Action with Expert Review", "Specification Required", and "Expert Review". This section gives some general guidelines for what the experts should be looking for; however, they are being designated as experts for a reason, so they should be given substantial latitude. These registration policies are designed to accommodate different use cases; “Standards Action with Expert Review” allows for further IETF standards and extensions, maintaining consistency and alignment with established protocols; “Specification Required” allows third-party specifications from Standards Development Organizations (SDOs) to register parameters, enabling interoperability and broader applicability; and “Expert Review” provides a flexible mechanism for exposing new parameters that implementors do not want to keep in a private range. Expert reviewers should take into consideration the following points: Clarity and correctness of registrations. Experts are expected to check the clarity of purpose and use of the requested entries. Experts need to make sure that registered parameters are clearly defined in the corresponding specification. Parameters that do not meet these objectives of clarity and completeness must not be registered. Point squatting should be discouraged. Reviewers are encouraged to get sufficient information for registration requests to ensure that the usage is not going to duplicate one that is already registered and that the point is likely to be used in deployments. The zones tagged as "Private Use" are intended for testing purposes and closed environments. Code points in other ranges should not be assigned for testing. Specifications are required for the "Standards Action With Expert Review" range of point assignment. Specifications should exist for "Specification Required" ranges, but early assignment before a specification is available is considered to be permissible. When specifications are not provided, the description provided needs to have sufficient information to identify what the point is being used for. Experts should take into account the expected usage of fields when approving point assignment. Documents published via Standards Action can also register points outside the Standards Action range. The length of the encoded value should be weighed against how many code points of that length are left, the size of device it will be used on, and the number of code points left that encode to that size.

A URI Template is a compact sequence of characters for describing a range of Uniform Resource Identifiers through variable expansion. This specification defines the URI Template syntax and the process for expanding a URI Template into a URI reference, along with guidelines for the use of URI Templates on the Internet. [STANDARDS-TRACK] This specification defines Web Linking using a link format for use by constrained web servers to describe hosted resources, their attributes, and other relationships between links. Based on the HTTP Link Header field defined in RFC 5988, the Constrained RESTful Environments (CoRE) Link Format is carried as a payload and is assigned an Internet media type. "RESTful" refers to the Representational State Transfer (REST) architecture. A well-known URI is defined as a default entry point for requesting the links hosted by a server. [STANDARDS-TRACK] The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks. The nodes often have 8-bit microcontrollers with small amounts of ROM and RAM, while constrained networks such as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) often have high packet error rates and a typical throughput of 10s of kbit/s. The protocol is designed for machine- to-machine (M2M) applications such as smart energy and building automation. CoAP provides a request/response interaction model between application endpoints, supports built-in discovery of services and resources, and includes key concepts of the Web such as URIs and Internet media types. CoAP is designed to easily interface with HTTP for integration with the Web while meeting specialized requirements such as multicast support, very low overhead, and simplicity for constrained environments. This specification defines a model for the relationships between resources on the Web ("links") and the type of those relationships ("link relation types"). It also defines the serialisation of such links in HTTP headers with the Link header field. A Constrained Application Protocol (CoAP) server can experience temporary overload because one or more clients are sending requests to the server at a higher rate than the server is capable or willing to handle. This document defines a new CoAP response code for a server to indicate that a client should reduce the rate of requests. The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack. This document obsoletes RFC 7049, providing editorial improvements, new details, and errata fixes while keeping full compatibility with the interchange format of RFC 7049. It does not create a new version of the format. In many Internet of Things (IoT) applications, direct discovery of resources is not practical due to sleeping nodes or networks where multicast traffic is inefficient. These problems can be solved by employing an entity called a Resource Directory (RD), which contains information about resources held on other servers, allowing lookups to be performed for those resources. The input to an RD is composed of links, and the output is composed of links constructed from the information stored in the RD. This document specifies the web interfaces that an RD supports for web servers to discover the RD and to register, maintain, look up, and remove information on resources. Furthermore, new target attributes useful in conjunction with an RD are defined. The Constrained Application Protocol (CoAP) is a RESTful application protocol for constrained nodes and networks. The state of a resource on a CoAP server can change over time. This document specifies a simple protocol extension for CoAP that enables CoAP clients to "observe" resources, i.e., to retrieve a representation of a resource and keep this representation updated by the server over a period of time. The protocol follows a best-effort approach for sending new representations to clients and provides eventual consistency between the state observed by each client and the actual resource state at the server. Many protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA). To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry. This is the third edition of this document; it obsoletes RFC 5226. This document specifies IANA registration procedures for MIME external body access types and content-transfer-encodings. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. This document defines procedures for the specification and registration of media types for use in HTTP, MIME, and other Internet protocols. This memo documents an Internet Best Current Practice. This memo describes the process for early allocation of code points by IANA from registries for which "Specification Required", "RFC Required", "IETF Review", or "Standards Action" policies apply. This process can be used to alleviate the problem where code point allocation is needed to facilitate desired or required implementation and deployment experience prior to publication of an RFC, which would normally trigger code point allocation. The procedures in this document are intended to apply only to IETF Stream documents. In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. This document defines Object Security for Constrained RESTful Environments (OSCORE), a method for application-layer protection of the Constrained Application Protocol (CoAP), using CBOR Object Signing and Encryption (COSE). OSCORE provides end-to-end protection between endpoints communicating using CoAP or CoAP-mappable HTTP. OSCORE is designed for constrained nodes and networks supporting a range of proxy operations, including translation between different transport protocols. Although an optional functionality of CoAP, OSCORE alters CoAP options processing and IANA registration. Therefore, this document updates RFC 7252. Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines the CBOR Object Signing and Encryption (COSE) protocol. This specification describes how to create and process signatures, message authentication codes, and encryption using CBOR for serialization. This specification additionally describes how to represent cryptographic keys using CBOR. This document, along with RFC 9053, obsoletes RFC 8152. Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. CBOR Object Signing and Encryption (COSE) defines a set of security services for CBOR. This document defines a countersignature algorithm along with the needed header parameters and CBOR tags for COSE. This document updates RFC 9052. This document specifies version 1.3 of the Datagram Transport Layer Security (DTLS) protocol. DTLS 1.3 allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. The DTLS 1.3 protocol is based on the Transport Layer Security (TLS) 1.3 protocol and provides equivalent security guarantees with the exception of order protection / non-replayability. Datagram semantics of the underlying transport are preserved by the DTLS protocol. This document obsoletes RFC 6347. Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines a set of algorithms that can be used with the CBOR Object Signing and Encryption (COSE) protocol (RFC 9052). This document, along with RFC 9052, obsoletes RFC 8152. This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE-OAuth. The framework is based on a set of building blocks including OAuth 2.0 and the Constrained Application Protocol (CoAP), thus transforming a well-known and widely used authorization solution into a form suitable for IoT devices. Existing specifications are used where possible, but extensions are added and profiles are defined to better serve the IoT use cases. This document defines how to use the Authentication and Authorization for Constrained Environments (ACE) framework to distribute keying material and configuration parameters for secure group communication. Candidate group members that act as Clients and are authorized to join a group can do so by interacting with a Key Distribution Center (KDC) acting as the Resource Server, from which they obtain the keying material to communicate with other group members. While defining general message formats as well as the interface and operations available at the KDC, this document supports different approaches and protocols for secure group communication. Therefore, details are delegated to separate application profiles of this document as specialized instances that target a particular group communication approach and define how communications in the group are protected. Compliance requirements for such application profiles are also specified. Ericsson This document explores how the Constrained RESTful Application Language (CoRAL) might be used for enabling publish/subscribe-style communication over the Constrained Application Protocol (CoAP), which allows CoAP nodes with long breaks in connectivity and/or up-time to exchange data via a publish/subscribe broker. RISE AB RISE AB Ericsson AB Group communication for CoAP can be secured using Group Object Security for Constrained RESTful Environments (Group OSCORE). A Group Manager is responsible for handling the joining of new group members, as well as managing and distributing the group keying material. This document defines a RESTful admin interface at the Group Manager that allows an Administrator entity to create and delete OSCORE groups, as well as to retrieve and update their configuration. The ACE framework for Authentication and Authorization is used to enforce authentication and authorization of the Administrator at the Group Manager. Protocol-specific transport profiles of ACE are used to achieve communication security, proof-of- possession, and server authentication. Ericsson Brunel University RISE AB This document defines an application profile of the Authentication and Authorization for Constrained Environments (ACE) framework, to enable secure group communication in the Publish-Subscribe (Pub-Sub) architecture for the Constrained Application Protocol (CoAP) [draft- ietf-core-coap-pubsub], where Publishers and Subscribers communicate through a Broker. This profile relies on protocol-specific transport profiles of ACE to achieve communication security, server authentication, and proof-of-possession for a key owned by the Client and bound to an OAuth 2.0 access token. This document specifies the provisioning and enforcement of authorization information for Clients to act as Publishers and/or Subscribers, as well as the provisioning of keying material and security parameters that Clients use for protecting their communications end-to-end through the Broker. Note to RFC Editor: Please replace "[draft-ietf-core-coap-pubsub]" with the RFC number of that document and delete this paragraph. ARM SmartThings Huawei Tampere University This document defines a set of Constrained RESTful Environments (CoRE) Link Format Interface Descriptions [RFC6690] applicable for use in constrained environments. These include the: Actuator, Parameter, Read-only parameter, Sensor, Batch, Linked Batch and Link List interfaces. The Batch, Linked Batch and Link List interfaces make use of resource collections. This document further describes how collections relate to interfaces. Many applications require a set of interface descriptions in order provide the required functionality. This document defines an Interface Description attribute value to describe resources conforming to a particular interface. Editor's notes: o The git repository for the draft is found at https://github.com/

Document Updates

Version -13 to -14 Section restructuring for better readability. Updated topic configuration interactions. Introduced iPATCH section. Various clarifications of default values for parameters. New examples for several interactions. Updated topic discovery section. Other editorial changes

Version -14 to -15 Code bug fix https://github.com/jaimejim/aiocoap-pubsub-broker/commit/f32ce4866a81319238d6e905de439c9410cce175 Added two new optional topic configuration parameters; ‘initialize,’ and ‘topic-history’. Modified all examples to conform to RFC9594. Added the explicit cancellation of ongoing subscriptions when topic configuration parameters are changed. Added editorial changes based on feedback. Clarifications on Topic Configuration creation. Other editorial changes

Version -15 to -16 Various updates throughout the document based on AD review. IANA clarifications

Version -16 to -17 Addressing Esko's and Ari's review. Fixing formatting

Acknowledgements The current version of this document contains a substantial contribution by Klaus Hartke's proposal , which defines the topic resource model and structure as well as the topic lifecycle and interactions. It also follows a similar architectural design as that provided by Marco Tiloca's . The authors would like to also thank , , , , , , , Peter van der Stok, Tim Kellogg, Anders Eriksson, , Mikko Majanen, , , Oscar Novo and Lorenzo Corneo for their valuable contributions and reviews.

Contributors RISE AB

marco.tiloca@ri.se

Marco offered comprehensive reviews and insightful guidance on the recent iterations of this document. His contributions were particularly notable in the Security Considerations section, among others.