Proxy Operations for CoAP Group Communication

Proxy Operations for CoAP Group Communication RISE AB

Isafjordsgatan 22 Kista 16440 Stockholm Sweden marco.tiloca@ri.se

IoTconsultancy.nl

\________________\ Utrecht The Netherlands esko.dijk@iotconsultancy.nl

Internet CoRE Working Group Internet-Draft This document specifies the operations performed by a proxy, when using the Constrained Application Protocol (CoAP) in group communication scenarios. Such a proxy processes a single request sent by a client over unicast, and distributes the request over IP multicast to a group of servers. Then, the proxy collects the individual responses from those servers and relays those responses back to the client, in a way that allows the client to distinguish the responses and their origin servers through embedded addressing information. This document updates RFC7252 with respect to caching of response messages at proxies. Discussion Venues Discussion of this document takes place on the Constrained RESTful Environments Working Group mailing list (core@ietf.org), which is archived at . Source for this draft and an issue tracker can be found at .

Introduction The Constrained Application Protocol (CoAP) allows the presence of proxies, as intermediary entities supporting clients by performing requests on their behalf and relaying back responses. CoAP supports also group communication over IP multicast , where a group request can be addressed to multiple recipient servers, each of which may reply with an individual unicast response. As discussed in , this group communication scenario poses a number of issues and limitations to proxy operations. In particular, the client sends to the proxy a single unicast request, which the proxy forwards to a group of servers over IP multicast. Later on, the proxy replies to the client's original unicast request, by relaying back the responses from the servers. As per , a CoAP-to-CoAP proxy relays those responses to the client as separate CoAP messages, all matching (by Token) with the client's original unicast request. A possible alternative approach for aggregating those responses into a single CoAP response sent to the client would require a specific aggregation content-format, which is not available yet. Both these approaches have open issues. This document considers the former approach. That is, after forwarding a CoAP group request from the client to the group of CoAP servers, the proxy relays the individual responses back to the client as separate CoAP messages. The described method addresses all the related issues raised in . To this end, a dedicated signaling protocol is defined, using two new CoAP options. Using this protocol, the client explicitly confirms its intent to perform a proxied group request and its support for receiving multiple responses as a result, i.e., one or more from each origin server. Also, the client signals for how long it is willing to wait for responses. When relaying to the client a response to the group request, the proxy indicates the addressing information of the origin server. This enables the client to distinguish, multiple diffent responses by origin and to possibly contact one or more of the respective servers by sending individual unicast request(s) to the indicated address(es). In doing these follow-up unicast requests, the client may optionally bypass the proxy. This document also defines how the proposed protocol is used between an HTTP client and an HTTP-CoAP cross-proxy, in order to forward an HTTP group request from the client to a group of CoAP servers, and relay back the individual CoAP responses as HTTP responses. Finally, this document defines a caching model for proxies and specifies how they can serve a group request by using cached responses. Therefore, this document updates .

Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. Readers are expected to be familiar with terms and concepts defined in CoAP , Group Communication for CoAP , CBOR , OSCORE and Group OSCORE . Unless specified otherwise, the term "proxy" refers to a CoAP-to-CoAP forward-proxy, as defined in .

The Multicast-Timeout Option The Multicast-Timeout Option defined in this section has the properties summarized in , which extends Table 4 of . Since the option is not Safe-to-Forward, the column "N" indicates a dash for "not applicable". The value of the Multicast-Timeout Option specifies a timeout value in seconds, encoded as an unsigned integer (see ).

The Multicast-Timeout Option. This document specifically defines how this option is used by a client in a CoAP request, to indicate to a proxy its support for and interest in receiving multiple responses to a proxied CoAP group request, i.e., one or more from each origin server, and for how long it is willing to wait for receiving responses via that proxy (see and ). When sending a CoAP group request to a proxy via IP unicast, to be forwarded by the proxy to a targeted group of servers, the client includes the Multicast-Timeout Option into the request. The option value indicates after how much time in seconds the client will stop accepting responses matching its original unicast request, with the exception of notifications if the CoAP Observe Option is used in the same request. This allows the proxy to stop relaying responses back to the client, if those are received from servers after the indicated amount of time has elapsed. The Multicast-Timeout Option is of class U in terms of OSCORE processing (see ).

The Response-Forwarding Option The Response-Forwarding Option defined in this section has the properties summarized in , which extends Table 4 of . The option is intended only for inclusion in CoAP responses, and builds on the Base-Uri option from . Since the option is intended only for responses, the column "N" indicates a dash for "not applicable".

The Response-Forwarding Option. This document specifically defines how this option is used by a proxy that can perform proxied CoAP group requests. Upon receiving a response to such request from a server, the proxy includes the Response-Forwarding Option into the response sent to the origin client (see ). The proxy uses the option to indicate the addressing information where the client can send an individual request intended to that origin server. In particular, the client can use the addressing information specified in the option to identify the response originator and possibly send it individual requests later on, either directly, or indirectly via the proxy, as unicast requests. The option value is set to the byte serialization of the CBOR array 'tp_info' defined in , including only the set of elements 'srv_addr'. In turn, the set includes the integer 'tp_id' identifying the used transport protocol, and further elements whose number, format and encoding depend on the value of 'tp_id'. The value of 'tp_id' MUST be taken from the "Value" column of the "CoAP Transport Information" registry defined in . The elements of 'srv_addr' following 'tp_id' are specified in the corresponding entry of the Registry, under the "Server Addr" column. If the server is reachable through CoAP transported over UDP, the 'tp_info' array includes the following elements, encoded as defined in .

'tp_id': the CBOR integer with value 1. This element MUST be present.
'srv_host': a CBOR byte string, encoding the unicast IP address of the server. This element is tagged and identified by the CBOR tag 260 "Network Address (IPv4 or IPv6 or MAC Address)". This element MUST be present.
'srv_port': a CBOR unsigned integer or the CBOR simple value "null" (0xf6). This element MAY be present. If present as a CBOR unsigned integer, it has as value the destination UDP port number to use for individual requests to the server. If present as the CBOR simple value "null" (0xf6), the client MUST assume that the same port number specified in the group URI of the original unicast CoAP group request sent to the proxy (see ) can be used for individual requests to the server. If not present, the client MUST assume that the default port number 5683 defined in can be used as the destination UDP port number for individual requests to the server.

The CDDL notation provided below describes the 'tp_info' CBOR array using the format defined above. At present, 'tp_id' is expected to take only value 1 (UDP) when using forward proxies, UDP being the only currently available transport for CoAP to work over IP multicast. While additional multicast-friendly transports may be defined in the future, other current tranport protocols can still be useful in applications relying on a reverse-proxy (see ). The rest of this section considers the new values of 'tp_id' registered by this document (see ), and specifies:

The encoding for the elements of 'tp_info' following 'tp_id' (see ).
The port number assumed by the client if the element 'srv_port' of 'tp_info' is not present (see ).

The Response-Forwarding Option is of class U in terms of OSCORE processing (see ).

Encoding of Server Address This document defines some values used as transport protocol identifiers, whose respective new entries are included in the "CoAP Transport Information" registry defined in . For each of these values, the following table summarizes the elements specified under the "Srv Addr" and "Req Info" columns of the registry, together with their CBOR encoding and short description. While not listed here for brevity, the element 'tp_id' is always present as a CBOR integer in the element set "Srv Addr".

Default Values of the Server Port Number If the 'srv_port' element of the 'tp_info' array is not present, the client MUST assume the following value as port number where to send individual requests intended to the server, based on the value of 'tp_id'.

If 'tp_id' is equal to 1, i.e., CoAP over UDP, the default port number 5683 as defined in .
If 'tp_id' is equal to 2, i.e., CoAP over UDP secured with DTLS, the default port number 5684 as defined in .
If 'tp_id' is equal to 3, i.e., CoAP over TCP, the default port number 5683 as defined in .
If 'tp_id' is equal to 4, i.e., CoAP over TCP secured with TLS, the default port number 5684 as defined in .
If 'tp_id' is equal to 5, i.e., CoAP over WebSockets, the default port number 80 as defined in .
If 'tp_id' is equal to 6, i.e., CoAP over WebSockets secured with TLS, the default port number 443 as defined in .

Requirements and Objectives In this section, the word "proxy" is not limited to forward-proxies. Instead, it comprises also reverse-proxies and HTTP-to-CoAP proxies. This document assumes that the following requirements are fulfilled.

REQ1. The proxy is explicitly configured (allow-list) to perform proxied group requests on behalf of specific allowed client(s).
REQ2. The proxy MUST identify a client sending a unicast group request to be proxied, in order to verify whether the client is allowed-listed to do so. For example, this can rely on one of the following security associations.
- A TLS or DTLS channel between the client and the proxy, where the client has been authenticated during the secure channel establishment.
- A pairwise OSCORE Security Context between the client and the proxy, as defined in .
REQ3. If secure, end-to-end communication is required between the client and the servers in the CoAP group, exchanged messages MUST be protected by using Group OSCORE , as discussed in . This requires the client and the servers to have previously joined the correct OSCORE group, for instance by using the approach described in . The correct OSCORE group to join can be pre-configured or alternatively discovered, for instance by using the approach described in .

This document defines how to achieve the following objectives.

OBJ1. The proxy gets an indication from the client that the client is in fact interested in and capable to handle multiple responses to a proxied group request. With particular reference to a unicast CoAP group request sent to the proxy, this means that the client is capable to receive those responses as separate CoAP responses, each matching with the original unicast request.
OBJ2. The proxy learns for how long it should wait for responses to a proxied group request, before starting to ignore following responses to it (except for notifications, if a CoAP Observe Option is used ).
OBJ3. The proxy relays to the client any multiple responses to the proxied group request. With particular reference to a client's original CoAP unicast request sent to the proxy, those responses are sent to the client as separate CoAP responses, each matching with the original unicast request.
OBJ4. The client is able to distinguish the different responses to the proxied group request, as well as their corresponding origin servers.
OBJ5. The client is enabled to optionally contact one or more of the responding origin servers in the future, either directly or via the proxy.

Protocol Description This section specifies the steps of the signaling protocol.

Request Sending at the Client This section defines the operations performed by the client, for sending a request targeting a group of servers via the proxy.

Request Sending The client proceeds according to the following steps.

The client prepares a unicast CoAP group request addressed to the proxy. The request specifies the group URI where the request has to be forwarded to, as a string in the Proxi-URI option or by using the Proxy-Scheme option with the group URI constructed from the URI-* options (see ).
The client MUST retain the Token value used for this original unicast request beyond the reception of a first CoAP response matching with it. To this end, the client follows the same rules for Token retention defined for multicast CoAP requests in . In particular, the client picks an amount of time T that it is fine to wait for before freeing up the Token value. Specifically, the value of T MUST be such that:
- T < T_r , where T_r is the amount of time that the client is fine to wait for before potentially reusing the Token value. Note that T_r MUST NOT be less than MIN_TOKEN_REUSE_TIME defined in .
- T should be at least the expected worst-case time taken by the request and response processing on the proxy and on the servers in the addressed CoAP group.
- T should be at least the expected worst-case round-trip delay between the client and the proxy plus the worst-case round-trip delay between the proxy and any one of the origin servers.
The client MUST include the Multicast-Timeout Option defined in into the unicast request to send to the proxy. The option value specifies an amount of time T' < T. The difference (T - T') should be at least the expected worst-case round-trip time between the client and the proxy. The client can specify T' = 0 as option value, thus indicating to be not interested in receiving responses from the origin servers through the proxy. In such a case, the client SHOULD also include a No-Response Option with value 26 (suppress all response codes), if it supports the option. Consistently, if the unicast request to send to the proxy already included a No-Response Option with value 26, the client SHOULD specify T' = 0 as value of the Multicast-Timeout Option.
The client processes the request as defined in , and also as in when secure group communication is used between the client and the servers.
The client sends the request to the proxy as a unicast CoAP message. When doing so, the client protects the request according to the security association it has with the proxy.

The exact method that the client uses to estimate the worst-case processing times and round-trip delays mentioned above is out of the scope of this document. However, such a method is expected to be already used by the client when generally determining an appropriate Token lifetime and reuse interval.

Supporting Observe When using CoAP Observe , the client follows what is specified in , with the difference that it sends a unicast request to the proxy, to be forwarded to the group of servers, as defined in of this document. Furthermore, the client especially follows what is specified in , i.e., it registers its interest to be an observer with the proxy, as if it was communicating with the servers.

Request Processing at the Proxy This section defines the operations performed by the proxy, when receiving a request to forward to a group of servers.

Request Processing Upon receiving the request from the client, the proxy proceeds according to the following steps.

The proxy decrypts the request, according to the security association it has with the client.
The proxy identifies the client, and verifies that the client is in fact allowed-listed to have its requests proxied to CoAP group URIs.
The proxy verifies the presence of the Multicast-Timeout Option, as a confirmation that the client is fine to receive multiple CoAP responses matching with the same original request. If the Multicast-Timeout Option is not present, the proxy MUST stop processing the request and MUST reply to the client with a 4.00 (Bad Request) response. The response MUST include a Multicast-Timeout Option with an empty (zero-length) value, indicating that the Multicast-Timeout Option was missing and has to be included in the request. As per The response SHOULD include a diagnostic payload.
The proxy retrieves the value T' from the Multicast-Timeout Option, and then removes the option from the client's request.
The proxy forwards the client's request to the group of servers. In particular, the proxy sends it as a CoAP group request over IP multicast, addressed to the group URI specified by the client.
The proxy sets a timeout with the value T' retrieved from the Multicast-Timeout Option of the original unicast request. In case T' > 0, the proxy will ignore responses to the forwarded group request coming from servers, if received after the timeout expiration, with the exception of Observe notifications (see ). In case T' = 0, the proxy will ignore all responses to the forwarded group request coming from servers.

If the proxy supports caching of responses, it can serve the original unicast request also by using cached responses, as per .

Supporting Observe When using CoAP Observe , the proxy takes the role of the client and registers its own interest to observe the target resource with the servers as per . When doing so, the proxy especially follows what is specified for the client in , by forwarding the group request to the servers over IP multicast as defined in of this document.

Request and Response Processing at the Server This section defines the operations performed by the server, when receiving a group request from the proxy.

Request and Response Processing Upon receiving the request from the proxy, the server proceeds according to the following steps.

The server processes the group request as defined in , and also as in when secure group communication is used between the client and the server.
The server processes the response to be relayed to the client as defined in , and also as in when secure group communication is used between the client and the server.

Supporting Observe When using CoAP Observe , the server especially follows what is specified in and .

Response Processing at the Proxy This section defines the operations performed by the proxy, when receiving a response matching with a forwarded group request.

Response Processing Upon receiving a response matching with the group request before the amount of time T' has elapsed, the proxy proceeds according to the following steps.

The proxy MUST include the Response-Forwarding Option defined in into the response. The proxy specifies as option value the addressing information of the server generating the response, encoded as defined in . In particular:
- The 'srv_addr' element of the 'srv_info' array MUST specify the server IPv6 address if the multicast request was destined for an IPv6 multicast address, and MUST specify the server IPv4 address if the multicast request was destined for an IPv4 multicast address.
- If present, the 'srv_port' element of the 'srv_info' array MUST specify the port number of the server as the source port number of the response. This element MUST be present if the source port number of the response differs from the default port number for the transport protocol specified in the 'tp_id' element.
The proxy forwards the response back to the client. When doing so, the proxy protects the response according to the security association it has with the client.

As discussed in , it is possible that a same server replies with multiple responses to the same group request, i.e., with the same Token. As long as the proxy forwards responses to a group request back to the origin client, the proxy MUST follow the steps defined above and forward also such multiple responses "as they come". Upon timeout expiration, i.e., T' seconds after having sent the group request over IP multicast, the proxy frees up its local Token value associated with that request. Thus, following late responses to the same group request will be discarded and not forwarded back to the client.

Supporting Observe When using CoAP Observe , the proxy acts as a client registered with the servers, as described earlier in . Furthermore, the proxy takes the role of a server when forwarding notifications from origin servers back to the client. To this end, the proxy follows what is specified in and , with the following additions.

At step 1 in , the proxy includes the Response-Forwarding Option in every notification, including non-2.xx notifications resulting in removing the proxy from the list of observers of the origin server.
The proxy frees up its Token value used for a group observation only if, after the timeout expiration, no 2.xx (Success) responses matching with the group request and also including an Observe option have been received from any origin server. After that, as long as observations are active with servers in the group for the target resource of the group request, notifications from those servers are forwarded back to the client, as defined in , and the Token value used for the group observation is not freed during this time.

Finally, the proxy SHOULD regularly verify that the client is still interested in receiving observe notifications for a group observation. To this end, the proxy can rely on the same approach discussed for servers in , with more details available in .

Response Processing at the Client This section defines the operations performed by the client, when receiving a response matching with a request that targeted a group of servers via the proxy.

Response Processing Upon receiving from the proxy a response matching with the original unicast request before the amount of time T has elapsed, the client proceeds according to the following steps.

The client processes the response as defined in . When doing so, the client decrypts the response according to the security association it has with the proxy.
If secure group communication is used end-to-end between the client and the servers, the client processes the response resulting at the end of step 1, as defined in .
The client identifies the origin server, whose addressing information is specified as value of the Response-Forwarding Option. If the 'srv_port' element of the 'tp_info' array in the Response-Forwarding Option is not present or specifies the CBOR simple value "null" (0xf6), then the client determines the port number where to send unicast requests to the server -- in case this is needed -- as defined in . In the former case, the assumed default port number depends on the transport protocol specified by the 'tp_id' element of the 'tp_info' array (see ). In particular, the client is able to distinguish different responses as originated by different servers. Optionally, the client may contact one or more of those servers individually, i.e., directly (bypassing the proxy) or indirectly (via a proxied unicast request). In order to individually reach an origin server again through the proxy, the client is not required to understand or support the transport protocol indicated in the Response-Forwarding Option, as used between the proxy and the origin server, in case it differs from "UDP" (1). That is, using the IPv4/IPv6 address value and optional port value from the Response-Forwarding Option, the client simply creates the correct URI for the individual request, by means of the Proxy-Uri or Uri-Scheme Option in the unicast request to the proxy. The client uses the transport protocol it knows, and has used before, to send the request to the proxy.

As discussed in , it is possible that the client receives multiple responses to the same group request, i.e., with the same Token, from the same origin server. The client normally processes at the CoAP layer each of those responses from the same origin server, and decides how to exactly handle them depending on its available context information (see ). Upon the timeout expiration, i.e., T seconds after having sent the original unicast request to the proxy, the client frees up its local Token value associated with that request. Note that, upon this timeout expiration, the Token value is not eligible for possible reuse yet (see ). Thus, until the actual amount of time before enabling Token reusage has elapsed, any following late responses to the same request forwarded by the proxy will be discarded, as these are not matching (by Token) with any active request from the client.

Supporting Observe When using CoAP Observe , the client frees up its Token value only if, after the timeout T expiration, no 2.xx (Success) responses matching with the original unicast request and also including an Observe option have been received. Instead, if at least one such response has been received, the client continues receiving those notifications as forwarded by the proxy, as long as the observation for the target resource of the original unicast request is active.

Example The example in this section refers to the following actors.

One origin client C, with address C_ADDR and port number C_PORT.
One proxy P, with address P_ADDR and port number P_PORT.
Two origin servers S1 and S2, where the server Sx has address Sx_ADDR and port number Sx_PORT.

The origin servers are members of a CoAP group with IP multicast address G_ADDR and port number G_PORT. Also, the origin servers are members of a same application group, and share the same resource /r. The communication between C and P is based on CoAP over UDP, as per . The communication between P and the origin servers is based on CoAP over UDP and IP multicast, as per . Finally, 'bstr(X)' denotes a CBOR byte string where its value is the byte serialization of X.

Workflow example with a forward-proxy | | | | Src: C_ADDR:C_PORT | | | | Dst: P_ADDR:P_PORT | | | | Proxi-URI { | | | | coap://G_ADDR:G_PORT/r | | | | } | | | | Multicast-Timeout: 60 | | | | | | | | | | | | | Src: P_ADDR:P_PORT | | | | Dst: G_ADDR:G_PORT | | | | Uri-Path: /r | | | |---------------+----->| | | | \ | | | | +----------------->| | | | | | | /* t = 0 : P starts | | | | accepting responses | | | | for this request */ | | | | | | | | | | | |<---------------------| | | | Src: S1_ADDR:G_PORT | | | | Dst: P_ADDR:P_PORT | | | | | | | | | | |<-------------------------| | | | Src: P_ADDR:P_PORT | | | | Dst: C_ADDR:C_PORT | | | | Response-Forwarding { | | | | [1, /*CoAP over UDP*/ | | | | #6.260(bstr(S1_ADDR)), | | | | null /* G_PORT */ | | | | ] | | | | } | | | | |<-----------------------------------| | | Src: S2_ADDR:S2_PORT | | | Dst: P_ADDR:P_PORT | | | | | | | | | | | | | |<-------------------------| | | | Src: P_ADDR:P_PORT | | | | Dst: C_ADDR:C_PORT | | | | Response-Forwarding { | | | | [1, /*CoAP over UDP*/ | | | | #6.260(bstr(S2_ADDR)), | | | | S2_PORT | | | | ] | | | | } | | | | /* At t = 60, P stops accepting | | | responses for this request */ | | | | | | ]]>

Reverse-Proxies The use of reverse-proxies in group communication scenarios is defined in . This section clarifies how the Multicast-Timeout Option is effective also in such a context, in order for:

The proxy to explictly reveal itself as a reverse-proxy to the client.
The client to indicate to the proxy of being aware that it is communicating with a reverse-proxy, and for how long it is willing to receive responses to a proxied group request.

This practically addresses the addional issues compared to the case with a forward-proxy, as compiled in . A reverse-proxy may also operate without support of the Multicast-Timeout Option, as defined in that section. provides examples with a reverse-proxy.

Processing on the Client Side If a client sends a CoAP request intended to a group of servers and is aware of actually communicating with a reverse-proxy, then the client SHOULD perform the steps defined in . In particular, this results in a request sent to the proxy including a Multicast-Timeout Option. An exception is the case where the reverse-proxy has a pre-configured timeout value T_PROXY, as the default timeout value to use for when to stop accepting responses from the servers, after the reception of the original unicast request from the client. In this case, a client aware of such a configuration MAY omit the Multicast-Timeout Option in the request sent to the proxy. The client processes the CoAP responses forwarded back by the proxy as defined in .

Processing on the Proxy Side If the proxy receives a CoAP request and determines that it should be forwarded to a group of servers over IP multicast, then the proxy performs the steps defined in . In particular, when such a request does not include a Multicast-Timeout Option, the proxy SHOULD explicitly reveal itself as a reverse-proxy, by sending a 4.00 (Bad Request) response including a Multicast-Timeout Option with empty (zero-length) value. An exception is the case where the reverse-proxy has a pre-configured timeout value T_PROXY, as default timeout value to use for when to stop accepting responses from the servers, after the reception of the original unicast request from the client. In this case, the proxy MAY replace the steps 3 and 4 in with the following step. A. The proxy verifies the presence of the Multicast-Timeout Option, as a confirmation that the client is willing to receive multiple CoAP responses matching with the same original request. Then, the proxy performs the following actions.

If the Multicast-Timeout Option is present, the proxy retrieves the value T' from the Multicast-Timeout Option, and then removes the option from the client's request. That is, the timeout value indicated in the option overrides the pre-configured timeout value T_PROXY.
If the Multicast-Timeout option is not present, the proxy checks that, according to its local configuration, both the following conditions hold for the client (which, at this point, has been successfully authenticated).
- COND_1 : The client is aware of the default timeout value T_PROXY pre-configured at the proxy.
- COND_2 : The client is able to process multiple responses to the same request.
These conditions are expected to hold for clients that are locally registered at the proxy, successfully authenticated and allowed-listed to have their requests proxied to CoAP group URIs. If the proxy is able to successfully assert that both the two conditions hold, then the proxy considers the value T' as equal to T_PROXY and proceeds to step 5. If the proxy is not able to successfully assert that both the two conditions hold, the proxy MUST stop processing the request and MUST reply to the client with a 4.00 (Bad Request) response. The response MUST include a Multicast-Timeout Option with an empty (zero-length) value, indicating that the Multicast-Timeout Option was missing and has to be included in the request. As per The response SHOULD include a diagnostic payload.

The proxy processes the CoAP responses forwarded back to the client as defined in .

Caching A proxy MAY cache responses to a group request, as defined in . In particular, the same rules apply to determine the set of request options used as "Cache-Key", and to determine the max-age values offered for responses served from the cache. A cache entry is associated with one server and stores one response from that server, regardless whether it is a response to a unicast request or to a group request. The following two types of requests can produce a hit to a cache entry.

A matching request intended to that server, i.e., to the corresponding unicast URI. When the stored response is a response to a unicast request to the server, the unicast URI of the matching request is the same target URI used for the original unicast request. When the stored response is a response to a group request to the CoAP group, the unicast URI of the matching request is the target URI obtained by replacing the authority part of the group URI in the original group request with the transport-layer source address and port number of the response.
A matching group request intended to the CoAP group, i.e., to the corresponding group URI. That is, a matching group request produces a hit to multiple cache entries, each of which associated with one of the CoAP servers currently member of the CoAP group. Note that, as per the freshness model defined in , the proxy might serve a group request exclusively from its cached responses only when it knows all the CoAP servers that are current members of the CoAP group and it has a valid cache entry for each of them.

When forwarding a GET or FETCH group request to the servers in the CoAP group, the proxy behaves like a CoAP client as defined in , with the following additions.

As discussed in , the proxy can receive multiple responses to the same group request from a same origin server, and forwards them back to the origin client "as they come". When this happens, each of such multiple responses is stored in the cache entry associated with the server "as it comes", possibly replacing an already stored response from that server.
As discussed in , when communications in the group are secured with Group OSCORE , additional means are required to enable cacheability of responses at the proxy.

The following subsections define the freshness model and validation model that the proxy uses for cached responses.

Freshness Model The proxy relies on the same freshness model defined in , by taking the role of a CoAP client with respect to the servers in the CoAP group. In particular, when receiving a unicast group request from the client, the proxy MAY serve it by using exclusively cached responses without forwarding the group request to the servers in the CoAP group, but only if both the following conditions hold.

The proxy knows all the CoAP servers that are currently members of the CoAP group for which the group request is intended to.
The proxy's cache currently stores a fresh response for each of those CoAP servers.

The specific way that the proxy uses to determine the CoAP servers currently members of the target CoAP group is out of scope for this document. As possible examples, the proxy can synchronize with a group manager server; rely on well-known time patterns used in the application or in the network for the addition of new CoAP group members; observe group join requests or IGMP/MLD multicast group join messages, e.g., if embedded in a multicast router. When forwarding the group request to the servers, the proxy may have fresh responses stored in its cache for (some of) those servers. In such a case, the proxy uses (also) those cached responses to serve the original unicast group request, as defined below.

The request processing in is extended as follows. After setting the timeout with value T' > 0 in step 6, the proxy checks whether its cache currently stores fresh responses to the group request. For each of such responses, the proxy compares the residual lifetime L of the corresponding cache entry against the value T'. If a cached response X is such that L < T', then the proxy forwards X back to the client at its earliest convenience. Otherwise, the proxy does not forward X back to the client right away, and rather waits for approaching the timeout expiration, as discussed in the next point.
The response processing in is extended as follows. Before the timeout with original value T' > 0 expires and the proxy stops accepting responses to the group request, the proxy checks whether it stores in its cache any fresh response X to the group request such that both the following conditions hold.
- The cache entry E storing X was already existing when the proxy forwarded the group request.
- The proxy has received no response to the forwarded group request from the server associated with E.
Then, the proxy sends back to the client each response X stored in its cache and selected as above, before the timeout expires. Note that, from the forwarding of the group request until the timeout expiration, the proxy still forwards responses to the group request back to the client "as they come" (see ). Also, such responses possibly refresh older responses from the same servers that the proxy has stored in its cache, as defined earlier in .

Validation Model This section defines the revalidation of responses, separately between the proxy and the origin servers, as well as between the origin client and the proxy.

Proxy-Servers Revalidation with Unicast Requests The proxy MAY revalidate a cached response by making a GET or FETCH request on the related unicast request URI, i.e., by taking the role of a CoAP client with respect to a server in the CoAP group. As discussed in , this is however not possible for the proxy if communications in the group are secured end-to-end between origin client and origin servers by using Group OSCORE . [ TODO It can be actually possible to enable revalidation of responses between proxy and server, also in this case where Group OSCORE is used end-to-end between client and origin servers. Fundamentally, this requires to define the possible use of the ETag option also as an outer option for OSCORE. Thus, in addition to the normal inner ETag, a server can add also an outer ETag option intended to the proxy. Since validation of responses assumes that cacheability of responses is possible in the first place, it would be convenient to define the use of ETag as outer option in . In case OSCORE is also used between the proxy and an individual origin server as per , then the outer ETag option would be seamlessly protected with the OSCORE Security Context shared between the proxy and the origin server. The following text can be used to replace the last paragraph above. As discussed in , the following applies when Group OSCORE is used to secure communications end-to-end between the origin client and the origin servers in the group.

Additional means are required to enable cacheability of responses at the proxy (see ).
If a cached response included an outer ETag option intended to the proxy, then the proxy can perform revalidatation of the cached response, by making a request to the unicast URI targeting the server, and including outer ETag Option(s). This is possible also in case the proxy and the origin server use OSCORE to further protect the exchanged request and response, as defined in . In such a case, the originally outer ETag option is protected with the OSCORE Security Context shared between the proxy and the origin server, before transferring the message over the communication leg between the proxy and origin server.

]

Proxy-Servers Revalidation with Group Requests When forwarding a group request to the servers in the CoAP group, the proxy MAY revalidate one or more stored responses that it has cached. To this end, the proxy relies on the same validation model defined in and using the ETag Option, by taking the role of a CoAP client with respect to the servers in the CoAP group. As discussed in , this is however not possible for the proxy if communications in the group are secured end-to-end between origin client and origin servers by using Group OSCORE . [ TODO See the notes in . The following text can be used to replace the last paragraph above. As discussed in , the following applies when Group OSCORE is used to secure communications end-to-end between the origin client and the origin servers in the group.

Additional means are required to enable cacheability of responses at the proxy (see ).
If a cached response included an outer ETag option intended to the proxy, then the proxy can perform revalidatation of the cached response, by making a request to the group URI targeting the CoAP group, and including outer ETag Option(s). This is possible also in case the proxy and the origin servers use Group OSCORE to further protect the exchanged request and response, as defined in . In such a case, the originally outer ETag option is protected with the Group OSCORE Security Context shared between the proxy and the origin server, before transferring the message over the communication leg between the proxy and origin server.

]

Client-Proxy Revalidation with Group Requests A client MAY revalidate the full set of responses to a group request by leveraging the corresponding cache entries at the proxy. To this end, this document defines the new Group-ETag Option. The Group-ETag Option has the properties summarized in , which extends Table 4 of . The Group-ETag Option is elective, safe to forward, part of the cache key, and repeatable. The option is intended for group requests sent to a proxy to be forwarded to the servers in a CoAP group, as well as for the associated responses.

The Group-ETag Option. The Group-ETag Option has the same properties of the ETag Option defined in . The Group-ETag Option is of class U in terms of OSCORE processing (see ). A proxy MUST NOT provide this form of validation if it is not in a position to serve a group request by using exclusively cached responses, i.e., without sending the group request to the servers in the CoAP group (see ). If the proxy supports this form of response revalidation, the following applies.

The proxy defines J as a joint set including all the cache entries currently storing fresh responses that satisfy a group request. A set J is "complete" if it includes a valid cache entry for each of the CoAP servers currently members of the CoAP group.
When the set J becomes "complete", the proxy assigns it an entity-tag value. The proxy MUST update the current entity-tag value, when J is "complete" and one of its cache entry is updated.
When forwarding to the client a 2.05 (Content) response to a GET or FETCH group request, the proxy MAY include one Group-ETag Option, in case the set J is "complete". Such a response MUST NOT include more than one Group-ETag Option. The option value specifies the entity-tag value currently associated with the set J.

When sending to the proxy a GET or FETCH request to be forwarded to the servers in the CoAP group, the client MAY include one or more Group-ETag Options. Each option specifies one entity-tag value, applicable to the set J of cache entries that can be hit by the group request. The proxy MAY perform the following actions, in case the group request produces a hit to the cache entry of each CoAP server currently member of the CoAP group, i.e., the set J associated with the group request is "complete".

The proxy checks whether the current entity-tag value of the set J matches with one of the entity-tag values specified in the Group-ETag Options of the unicast group request from the client.
In case of positive match, the proxy replies with a single 2.03 (Valid) response. This response has no payload and MUST include one Group-ETag Option, specifying the current entity-tag value of the set J.

That is, the 2.03 (Valid) response from the proxy indicates to the client that the stored responses idenfied by the entity-tag given in the response's Group-ETag Option can be reused, after updating each of them as described in . In effect, the client can determine if any of the stored representations from the respective cache entries at the proxy is current, without needing to transfer any of them again.

Caching of End-To-End Protected Responses at Proxies When using Group OSCORE to protect communications end-to-end between a client and multiple servers in the group, it is normally not possible for an intermediary proxy to cache protected responses. In fact, when starting from the same plain CoAP message, different clients generate different protected requests to send on the wire. This prevents different clients to generate potential cache hits, and thus makes response caching at the proxy pointless.

Deterministic Requests to Achieve Cacheability For application scenarios that use secure group communication, it is still possible to achieve cacheability of responses at proxies, by using the approach defined in which is based on Deterministic Requests protected with the pairwise mode of Group OSCORE. This approach is limited to group requests that are safe (in the RESTful sense) to process and do not yield side effects at the server. As for any protected group request, it requires the clients and all the servers in the CoAP group to have already joined the correct OSCORE group. Starting from the same plain CoAP request, this allows different clients in the OSCORE group to deterministically generate a same request protected with Group OSCORE, which is sent to the proxy for being forwarded to the CoAP group. The proxy can now effectively cache the resulting responses from the servers in the CoAP group, since the same plain CoAP request will result again in the same Deterministic Request and thus will produce a cache hit. When caching of Group OSCORE secured responses is enabled at the proxy, the same as defined in applies, with respect to cache entries and their lifetimes. Note that different Deterministic Requests result in different cache entries at the proxy. This includes the case where different plain group requests differ only in their set of ETag Options, as defined in . That is, even though the servers would produce the same plain CoAP responses in reply to two different Deterministic Requests, those will result in different protected responses to each respective Deterministic Request, hence in different cache entries at the proxy. Thus, given a plain group request, a client needs to reuse the same set of ETag Options, in order to send that group request as a Deterministic Request that can actually produce a cache hit at the proxy. However, while this would prevent the caching at the proxy to be inefficient and unnecessarily redundant, it would also limit the flexibility of end-to-end response revalidation for a client.

Validation of Responses Response revalidation remains possible end-to-end between the client and the servers in the group, by means of including inner ETag Option(s) as defined in Sections and of . Furthermore, it remains possible for a client to attempt revalidating responses to a group request from a "complete" set of cache entries at the proxy, by using the Group-ETag Option as defined in . When directly interacting with the servers in the CoAP group to refresh its cache entries, the proxy cannot rely on response revalidation anymore. This applies to both the case where the request is addressed to a single server and sent to the related unicast URI (see ) or instead is a group request addressed to the CoAP group and sent to the related group URI (see ). [ TODO See the notes in . The following text can be used to replace the last paragraph above. When directly interacting with the servers in the CoAP group to refresh its cache entries, the proxy also remains able to perform response revalidation. That is, if a cached response included an outer ETag option intended to the proxy, then the proxy can perform revalidatation of the cached response, by making a request to the unicast URI addressed to a single server and sent to the related unicast URI (see ) or a group request addressed to the CoAP group and sent to the related group URI (see ). ]

Chain of Proxies A client may be interested to access a resource at a group of origin servers which is reached through a chain of two or more proxies. That is, these proxies are configured into a chain, where each non-last proxy is configured to forward (group) requests to the next hop towards the origin servers. Also, each non-first proxy is configured to forward back responses to (the previous hop proxy towards) the origin client. This section specifies how the signaling protocol defined in is used in that setting. Except for the last proxy before the origin servers, every other proxy in the chain takes the role of client with respect to the next hop towards the origin servers. Also, every proxy in the chain except the first takes the role of server towards the previous proxy closer to the origin client. Accordingly, possible caching of responses at each proxy works as defined in and . Also, possible revalidation of responses cached ad each proxy and based on the Group-ETag option works as defined in and . The requirements REQ1 and REQ2 defined in MUST be fulfilled for each proxy in the chain. That is, every proxy in the chain has to be explicitly configured (allow-list) to allow proxied group requests from specific senders, and MUST identify those senders upon receiving their group request. For the first proxy in the chain, that sender is the origin client. For each other proxy in the chain, that sender is the previous hop proxy closer to the origin client. In either case, a proxy can identify the sender of a group request by the same means mentioned in .

Request Processing at the Proxy Upon receiving a group request to be forwarded to a CoAP group URIs, a proxy proceed as follows. If the proxy is the last one in the chain, i.e., it is the last hop before the origin servers, the proxy performs the steps defined in , with no modifications. Otherwise, the proxy performs the steps defined in , with the following differences.

At steps 1-3, "client" refers to the origin client for the first proxy in the chain; or to the previous hop proxy closer to the origin client, otherwise.
At step 4, the proxy rather performs the following actions.
1. The proxy retrieves the value T' from the Multicast-Timeout Option, and does not remove the option.
2. In case T' > 0, the proxy picks an amount of time T it is fine to wait for before freeing up its local Token value to use with the next hop towards the origin servers. To this end, the proxy MUST follow what is defined at step 2 of for the origin client, with the following differences.
  - T MUST be greater than the retrieved value T', i.e., T' < T.
  - The worst-case message processing time takes into account all the next hops towards the origin servers, as well as the origin servers themselves.
  - The worst-case round-trip delay takes into account all the legs between the proxy and the origin servers.
3. In case T' > 0, the proxy replaces the value of the Multicast-Timeout Option with a new value T'', such that:
  - T'' < T. The difference (T - T'') should be at least the expected worst-case round-trip time between the proxy and the next hop towards the origin servers.
  - T'' < T'. The difference (T' - T'') should be at least the expected worst-case round-trip time between the proxy and the (previous hop proxy closer to the) origin client.
  If the proxy is not able to determine a value T'' that fulfills both the requirements above, the proxy MUST stop processing the request and MUST respond with a 5.05 (Proxying Not Supported) error response to the previous hop proxy closer to the origin client. The proxy SHOULD include a Multicast-Timeout Option, set to the minimum value T' that would be acceptable in the Multicast-Timeout Option of a group request to forward. Upon receiving such an error response, any proxy in the chain MAY send an updated group request to the next hop towards the origin servers, specifying in the Multicast-Timeout Option a value T' greater than in the previous request. If this does not happen, the proxy receiving the error response MUST also send a 5.05 (Proxying Not Supported) error response to the previous hop proxy closer to the origin client. Like the received one, also this error response SHOULD include a Multicast-Timeout Option, set to the minimum value T' acceptable by the proxy sending the error response.
At step 5, the proxy forwards the request to the next hop towards the origin servers.
At step 6, the proxy sets a timeout with the value T' retrieved from the Multicast-Timeout Option of the request received from the (previous hop proxy closer to the) origin client. In case T' > 0, the proxy will ignore responses to the forwarded group request coming from the (next hop towards the) origin servers, if received after the timeout expiration, with the exception of Observe notifications (see ). In case T' = 0, the proxy will ignore all responses to the forwarded group request coming from the (next hop towards the) origin servers.

Supporting Observe When using CoAP Observe , what is defined in applies for the last proxy in the chain, i.e., the last hop before the origin servers. Any other proxy in the chain acts as a client and registers its own interest to observe the target resource with the next hop towards the origin servers, as per .

Response Processing at the Proxy Upon receiving a response matching with the group request before the amount of time T' has elapsed, the proxy proceeds as follows. If the proxy is the last one in the chain, i.e., it is the last hop before the origin servers, the proxy performs the steps defined in , with no modifications. Otherwise, the proxy performs the steps defined in , with the following differences.

The proxy skips step 1. In particular, the proxy MUST NOT remove, alter or replace the Response-Forwarding Option.
At step 2, "client" refers to the origin client for the first proxy in the chain; or to the previous hop proxy closer to the origin client, otherwise.

As to the possible reception of multiple responses to the same group request from the same (next hop proxy towards the) origin server, the same as defined in applies. That is, as long as the proxy forwards responses to a group request back to the (previous hop proxy closer to the) origin client, the proxy MUST follow the steps above and forward also such multiple responses "as they come". Upon timeout expiration, i.e., T seconds after having forwarded the group request to the next hop towards the origin servers, the proxy frees up its local Token value associated with that request. Thus, following late responses to the same group request will be discarded and not forwarded back to the (previous hop proxy closer to the) origin client.

Supporting Observe When using CoAP Observe , what is defined in applies for the last proxy in the chain, i.e., the last hop before the origin servers. As to any other proxy in the chain, the following applies.

The proxy acts as a client registered with the next hop towards the origin servers, as described earlier in .
The proxy takes the role of a server when forwarding notifications from the next hop to the origin servers back to the (previous hop proxy closer to the) origin client, as per .
The proxy frees up its Token value used for a group observation only if, after the timeout expiration, no 2.xx (Success) responses matching with the group request and also including an Observe option have been received from the next hop towards the origin servers. After that, as long as the observation for the target resource of the group request is active with the next hop towards the origin servers in the group, notifications from that hop are forwarded back to the (previous hop proxy closer to the) origin client, as defined in .
The proxy SHOULD regularly verify that the (previous hop proxy closer to the) origin client is still interested in receiving observe notifications for a group observation. To this end, the proxy can rely on the same approach defined in .

HTTP-CoAP Proxies This section defines the components needed to use the signaling protocol specified in this document, when an HTTP client wishes to send a group request to the servers of a CoAP group, via an HTTP-CoAP cross-proxy. The following builds on the mapping of the CoAP request/response model to HTTP and vice versa as defined in , as well as on the additional details about the HTTP-CoAP mapping defined in . Furthermore, the components defined in are also used to map and transport OSCORE-protected messages over HTTP. This allows an HTTP client to use Group OSCORE end-to-end with the servers in the CoAP group.

The HTTP Multicast-Timeout Header Field The HTTP Multicast-Timeout header field (see ) is used for carrying the content otherwise specified in the CoAP Multicast-Timeout Option defined in . Using the Augmented Backus-Naur Form (ABNF) notation of and including the core ABNF syntax rule DIGIT (decimal digits) defined by that specification, the HTTP Multicast-Timeout header field value is as follows. Multicast-Timeout = *DIGIT When translating a CoAP message into an HTTP message, the HTTP Multicast-Timeout header field is set with the content of the CoAP Multicast-Timeout Option, or is left empty in case the option is empty. The same applies in the opposite direction, when translating an HTTP message into a CoAP message.

The HTTP Response-Forwarding Header Field The HTTP Response-Forwarding header field (see ) is used for carrying the content otherwise specified in the CoAP Response-Forwarding Option defined in . Using the Uniform Resource Identifier (URI) syntax components defined in , the HTTP Response-Forwarding header field value is as follows. scheme = <scheme, see > authority = <authority, see > Response-Forwarding = scheme "://" authority In particular:

The scheme component indicates the URI scheme otherwise specified in the CoAP Response-Forwarding Option, as per the 'tp_id' element of the 'tp_info' array (see ). That is, the 'tp_id' element with integer value 1 results in the scheme "coap".
The authority component indicates the URI authority otherwise specified in the CoAP Response-Forwarding Option, as per the 'srv_host' and 'srv_port' elements of the 'tp_info' array (see ).

When translating a CoAP message into an HTTP message, the HTTP Response-Forwarding header field is set to the URI specified in the CoAP Response-Forwarding Option, as per the rules defined above. In particular, consistently with what is defined in :

If the 'srv_port' element of the 'tp_info' array is present and specifies the CBOR simple value "null" (0xf6), the URI authority of the header field includes the same port number that was specified in the group URI where the group request was forwarded.
If the 'srv_port' element of the 'tp_info' array is not present, the URI authority of the header field includes the default port number for the transport protocol specified by the 'tp_id' element of the 'tp_info' array, as per .

When translating an HTTP message into a CoAP message, the CoAP Response-Forwarding Option is set to the URI specified by the HTTP Response-Forwarding header field. In particular, the URI is encoded according to the format specified in .

The HTTP Group-ETag Header Field The HTTP Group-ETag header field (see ) is used for carrying the content otherwise specified in the CoAP Group-ETag Option defined in . Using the Augmented Backus-Naur Form (ABNF) notation of and including the following core ABNF syntax rules defined by that specification: ALPHA (letters) and DIGIT (decimal digits), the HTTP Group-ETag header field value is as follows. group-etag-char = ALPHA / DIGIT / "-" / "_" Group-ETag = 2*group-etag-char When translating a CoAP message into an HTTP message, the HTTP Group-ETag header field is set to the value of the CoAP Group-ETag Option in base64url (see ) encoding without padding. Implementation notes for this encoding are given in . When translating an HTTP message into a CoAP message, the CoAP Group-ETag Option is set to the value of the HTTP Group-ETag header field decoded from base64url (see ) without padding. Implementation notes for this encoding are given in .

Request Sending at the Client The client proceeds according to the following steps.

The client prepares an HTTP request to send to the proxy via IP unicast, and to be forwarded by the proxy to the targeted group of CoAP servers over IP multicast. With reference to , the request is addressed to a Hosting HTTP URI, such that the proxy can extract the Target CoAP URI as the group URI where to forward the request.
The client determines the amount of time T that it is fine to wait for a response to the request from the proxy. Then, the client determines the amount of time T' < T, where the difference (T - T') should be at least the expected worst-case round-trip time between the client and the proxy.
If Group OSCORE is used end-to-end between the client and the servers, the client translates the HTTP request into a CoAP request, as per . Then, the client protects the resulting CoAP request by using Group OSCORE, as defined in . Finally, the protected CoAP request is mapped to HTTP as defined in . Later on, the resulting HTTP request MUST be sent in compliance with the rules in .
The client includes the HTTP Multicast-Timeout header field in the request, specifying T' as its value. The client can specify T' = 0, thus indicating to be not interested in receiving responses from the origin servers through the proxy.
If the client wishes to revalidate responses to a previous group request from the corresponding cache entries at the proxy (see ), the client includes one or multiple HTTP Group-ETag header fields in the request (see ), each specifying an entity-tag value like they would in a corresponding CoAP Group E-Tag option.
The client sends the request to the proxy, as a unicast HTTP message. In particular, the client protects the request according to the security association it has with the proxy.

Request Processing at the Proxy The proxy translates the HTTP request to a CoAP request, as per . The additional rules for HTTP messages with the HTTP Multicast-Timeout header field and HTTP Group-ETag header field are defined in and , respectively. Once translated the HTTP request into a CoAP request, the proxy MUST perform the steps defined in . If the proxy supports caching of responses, it can serve the unicast request also by using cached responses as per , considering the CoAP request above as the potentially matching request. In addition, in case the HTTP Multicast-Timeout header field had value 0, the proxy replies to the client with an HTTP response with status code 204 (No Content), right after forwarding the group request to the group of servers.

Response Processing at the Proxy Upon receiving a CoAP response matching with the group request before the amount of time T' > 0 has elapsed, the proxy includes the Response-Forwarding Option in the response, as per step 1 of . Then, the proxy translates the CoAP response to an HTTP response, as per and , as well as if Group OSCORE is used end-to-end between the client and servers. The additional rules for CoAP messages specifying the Response-Forwarding Option are defined in . After that, the proxy stores the resulting HTTP response until the timeout with original value T' > 0 expires. If, before then, the proxy receives another response to the same group request from the same CoAP server, the proxy performs the steps above, and stores the resulting HTTP response by superseding the currently stored one from that server. When the timout expires, if no responses have been received from the servers, the proxy replies to the client's original unicast group request with an HTTP response with status code 204 (No Content). Otherwise, the proxy relays to the client all the collected and stored HTTP responses to the group request, according to the following steps.

The proxy prepares a single HTTP batch response, which MUST have 200 (OK) status code and MUST have its HTTP Content-Type header field with value multipart/mixed .
For each stored individual HTTP response RESP, the proxy prepares a corresponding batch part to include in the HTTP batch response, such that:
- The batch part has its own HTTP Content-Type header field with value application/http .
- The body of the batch part is the individual HTTP response RESP, including its status code, headers and body.
The proxy includes each batch part prepared at step 2 in the HTTP batch response.
The proxy replies to the client's original unicast group request, by sending the HTTP batch response. When doing so, the proxy protects the response according to the security association it has with the client.

Response Processing at the Client When it receives an HTTP response as a reply to the original unicast group request, the client proceeds as follows.

The client decrypts the response, according to the security association it has with the proxy.
From the resulting HTTP batch response, the client extracts the different batch parts.
From each of the extracted batch parts, the client extracts the body as one of the individual HTTP response RESP.
For each individual HTTP response RESP, the client performs the following steps.
- If Group OSCORE is used end-to-end between the client and servers, the client translates the HTTP response RESP into a CoAP response, as per . Then, the client decrypts the resulting CoAP response by using Group OSCORE, as defined in . Finally, the decrypted CoAP response is mapped to HTTP as per as well as . The additional rules for HTTP messages with the HTTP Response-Forwarding header field are defined in .
- The client delivers to the application the individual HTTP response.
Similarly to step 3 in , the client identifies the origin server that originated the CoAP response correspoding to the HTTP response RESP, by means of its addressing information specified as value of the HTTP Response-Forwarding header field. This allows the client to distinguish different individual HTTP responses as corresponding to different CoAP responses from the servers in the CoAP group.

Example The examples in this section build on , with the difference that the origin client C is an HTTP client and the proxy P is an HTTP-CoAP cross-proxy. The examples are simply illustrative and are not to be intended as a test vector. The following is an example of unicast group request sent by C to P. The URI mapping and notation are based on the "Simple Form" defined in . Content-Type: text/plain Multicast-Timeout: 60 Body: Do that! ]]> The following is an example of HTTP batch response sent by P to C, as a reply to the client's original unicast group request. Content-Type: multipart/mixed; boundary=batch_foo_bar --batch_foo_bar Content-Type: application/http HTTP/1.1 200 OK Content-Type: text/plain Content-Length: Response-Forwarding: coap://S1_ADDR:G_PORT Body: Done! --batch_foo_bar Content-Type: application/http HTTP/1.1 200 OK Content-Type: text/plain Content-Length: Response-Forwarding: coap://S2_ADDR:S2_PORT Body: More than done! --batch_foo_bar-- ]]>

Streamed Delivery of Responses to the Client [ TODO The proxy might still be able to forward back individual responses to the client in a streamed fashion. Individual responses can be forwarded back one by one as they come (like a CoAP-to-CoAP proxy does), or as soon as a certain amount of them have been received from the servers. This can be achieved by combining the Content-Type multipart/mixed used in the previous sections with the Transfer-Coding "chunked" specified in RFC 9112. The above applies to HTTP 1.1, while HTTP/2 has its own mechanisms for data streaming. ]

Reverse-Proxies In case an HTTP-to-CoAP proxy acts specifically as a reverse-proxy, the same principles defined in applies, as specified below.

Processing on the Client Side If an HTTP client sends a request intended to a group of servers and is aware of actually communicating with a reverse-proxy, then the client SHOULD perform the steps defined in . In particular, this results in a request sent to the proxy including a Multicast-Timeout header field. An exception is the case where the reverse-proxy has a pre-configured timeout value T_PROXY, as the default timeout value to use for when to stop accepting responses from the servers, after the reception of the original unicast request from the client. In this case, a client aware of such a configuration MAY omit the Multicast-Timeout header field in the request sent to the proxy. The client processes the HTTP response forwarded back by the proxy as defined in .

Processing on the Proxy Side If the proxy receives a request and determines that it should be forwarded to a group of servers over IP multicast, then the same as defined in applies, with the following difference. Once translated the HTTP request into a CoAP request, the proxy performs what is defined in . Note that, in this case, the condition COND_2 always holds, since the proxy is going to send to the client at most one response, i.e., the HTTP batch response (see ). The proxy processes the HTTP response sent to the client as defined in .

Security Considerations The security considerations from hold for this document. When a chain of proxies is used (see ), the secure communication between any two adjacent hops is independent. When Group OSCORE is used for end-to-end secure group communication between the origin client and the origin servers, this security association is unaffected by the possible presence of a proxy or a chain of proxies. Furthermore, the following additional considerations hold.

Client Authentication As per the requirement REQ2 (see ), the client has to authenticate to the proxy when sending a group request to forward. This leverages an established security association between the client and the proxy, that the client uses to protect the group request, before sending it to the proxy. If the group request is (also) protected end-to-end between the client and the servers using the group mode of Group OSCORE, the proxy can act as external signature checker (see ) and authenticate the client by successfully verifying the signature embedded in the group request. However, this requires that, for each client to authenticate, the proxy stores the authentication credential and public key included therin used by that client in the OSCORE group. This in turn would require a form of active synchronization between the proxy and the Group Manager for that group . Nevertheless, the client and the proxy SHOULD still rely on a full-fledged pairwise secure association. In addition to ensuring the integrity of group requests sent to the proxy (see , and ), this prevents the proxy from forwarding replayed group requests with a valid signature, as possibly injected by an active, on-path adversary. The same considerations apply when a chain of proxies is used (see ), with each proxy but the last one in the chain acting as client with the next hop towards the origin servers.

Multicast-Timeout Option The Multicast-Timeout Option is of class U for OSCORE . Hence, also when Group OSCORE is used between the client and the servers , a proxy is able to access the option value and retrieve the timeout value T', as well as to remove the option altogether before forwarding the group request to the servers. When a chain of proxies is used (see ), this also allows each proxy but the last one in the chain to update the option value, as an indication for the next hop towards the origin servers (see ). The security association between the client and the proxy MUST provide message integrity, so that further intermediaries between the two as well as on-path active adversaries are not able to remove the option or alter its content, before the group request reaches the proxy. Removing the option would otherwise result in not forwarding the group request to the servers. Instead, altering the option content would result in the proxy accepting and forwarding back responses for an amount of time different than the one actually indicated by the client. The security association between the client and the proxy SHOULD also provide message confidentiality. Otherwise, any further intermediaries between the two as well as any on-path passive adversaries would be able to simply access the option content, and thus learn for how long the client is willing to receive responses from the servers in the group via the proxy. This may in turn be used to perform a more efficient, selective suppression of responses from the servers. When the client protects the unicast request sent to the proxy using OSCORE (see ) and/or (D)TLS, both message integrity and message confidentiality are achieved in the leg between the client and the proxy. The same considerations above about security associations apply when a chain of proxies is used (see ), with each proxy but the last one in the chain acting as client with the next hop towards the origin servers.

Response-Forwarding Option The Response-Forwarding Option is of class U for OSCORE . Hence, also when Group OSCORE is used between the client and the servers , the proxy that has forwarded the group request to the servers is able to include the option into a server response, before forwarding this response back to the (previous hop proxy closer to the) origin client. Since the security association between the client and the proxy provides message integrity, any further intermediaries between the two as well as any on-path active adversaries are not able to undetectably remove the Response-Forwarding Option from a forwarded server response. This ensures that the client can correctly distinguish the different responses and identify their corresponding origin server. When the proxy protects the response forwarded back to the client using OSCORE (see ) and/or (D)TLS, message integrity is achieved in the leg between the client and the proxy. The same considerations above about security associations apply when a chain of proxies is used (see ), with each proxy but the last one in the chain acting as client with the next hop towards the origin servers.

Group-ETag Option The Group-ETag Option is of class U for OSCORE . Hence, also when Group OSCORE is used between the client and the servers , a proxy is able to access the option value and use it to possibly perform response revalidation at its cache entries associated with the servers in the CoAP group, as well as to remove the option altogether before forwarding the group request to the servers. When a chain of proxies is used (see ), this also allows each proxy but the last one in the chain to update the option value, to possibly ask the next hop towards the origin servers to perform response revalidation at its cache entries. The security association between the client and the proxy MUST provide message integrity, so that further intermediaries between the two as well as on-path active adversaries are not able to remove the option or alter its content, before the group request reaches the proxy. Removing the option would otherwise result in the proxy not performing response revalidation at its cache entries associated with the servers in the CoAP group, even though that was what the client asked for. Altering the option content in a group request would result in the proxy replying with 2.05 (Content) responses conveying the full resource representations from its cache entries, rather than with a single 2.03 (Valid) response. Instead, altering the option content in a 2.03 (Valid) or 2.05 (Content) response would result in the client wrongly believing that the already stored or the just received representation, respectively, is also the current one, as per the entity value of the tampered Group-ETag Option. The security association between the client and the proxy SHOULD also provide message confidentiality. Otherwise, any further intermediaries between the two as well as any on-path passive adversaries would be able to simply access the option content, and thus learn the rate and pattern according to which the group resource in question changes over time, as inferable from the entity values read over time. When the client protects the unicast request sent to the proxy using OSCORE (see ) and/or (D)TLS, both message integrity and message confidentiality are achieved in the leg between the client and the proxy. The same considerations above about security associations apply when a chain of proxies is used (see ), with each proxy but the last one in the chain acting as client with the next hop towards the origin servers. When caching of Group OSCORE secured responses is enabled at the proxy, the same as defined in applies, with respect to cache entries and the way they are maintained.

HTTP-to-CoAP Proxies Consistently with what is discussed in , an HTTP client has to authenticate to the HTTP-to-CoAP proxy, and they SHOULD rely on a full-fledged pairwise secure association. This can rely on a TLS channel as also recommended in for when OSCORE is used with HTTP, or on a pairwise OSCORE Security Context between the client and the proxy as defined in . [ TODO Revisit security considerations from ]

IANA Considerations This document has the following actions for IANA.

CoAP Option Numbers Registry IANA is asked to enter the following option numbers to the "CoAP Option Numbers" registry within the "CoRE Parameters" registry group.

CoAP Transport Information Registry IANA is asked to add the following entries to the "CoAP Transport Information" registry defined in .

Header Field Registrations IANA is asked to enter the following HTTP header fields to the "Message Headers" registry.

References Normative References Group Communication for the Constrained Application Protocol (CoAP) IoTconsultancy.nl InterDigital RISE AB This document specifies the use of the Constrained Application Protocol (CoAP) for group communication, including the use of UDP/IP multicast as the default underlying data transport. Both unsecured and secured CoAP group communication are specified. Security is achieved by use of the Group Object Security for Constrained RESTful Environments (Group OSCORE) protocol. The target application area of this specification is any group communication use cases that involve resource-constrained devices or networks that support CoAP. This document replaces and obsoletes RFC 7390, while it updates RFC 7252 and RFC 7641. Group Object Security for Constrained RESTful Environments (Group OSCORE) RISE AB Ericsson AB Ericsson AB Ericsson AB Universitaet Duisburg-Essen This document defines the security protocol Group Object Security for Constrained RESTful Environments (Group OSCORE), providing end-to-end security of CoAP messages exchanged between members of a group, e.g., sent over IP multicast. In particular, the described protocol defines how OSCORE is used in a group communication setting to provide source authentication for CoAP group requests, sent by a client to multiple servers, and for protection of the corresponding CoAP responses. Group OSCORE also defines a pairwise mode where each member of the group can efficiently derive a symmetric pairwise key with any other member of the group for pairwise OSCORE communication. Group OSCORE can be used between endpoints communicating with CoAP or CoAP-mappable HTTP. Observe Notifications as CoAP Multicast Responses RISE AB RISE AB Ericsson AB The Constrained Application Protocol (CoAP) allows clients to "observe" resources at a server, and receive notifications as unicast responses upon changes of the resource state. In some use cases, such as based on publish-subscribe, it would be convenient for the server to send a single notification addressed to all the clients observing a same target resource. This document updates RFC7252 and RFC7641, and defines how a server sends observe notifications as response messages over multicast, synchronizing all the observers of a same resource on a same shared Token value. Besides, this document defines how Group OSCORE can be used to protect multicast notifications end-to-end between the server and the observer clients. Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types This second document defines the general structure of the MIME media typing system and defines an initial set of media types. [STANDARDS-TRACK] Key words for use in RFCs to Indicate Requirement Levels In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Uniform Resource Identifier (URI): Generic Syntax A Uniform Resource Identifier (URI) is a compact sequence of characters that identifies an abstract or physical resource. This specification defines the generic URI syntax and a process for resolving URI references that might be in relative form, along with guidelines and security considerations for the use of URIs on the Internet. The URI syntax defines a grammar that is a superset of all valid URIs, allowing an implementation to parse the common components of a URI reference without knowing the scheme-specific requirements of every possible identifier. This specification does not define a generative grammar for URIs; that task is performed by the individual specifications of each URI scheme. [STANDARDS-TRACK] The Base16, Base32, and Base64 Data Encodings This document describes the commonly used base 64, base 32, and base 16 encoding schemes. It also discusses the use of line-feeds in encoded data, use of padding in encoded data, use of non-alphabet characters in encoded data, use of different encoding alphabets, and canonical encodings. [STANDARDS-TRACK] Augmented BNF for Syntax Specifications: ABNF Internet technical specifications often need to define a formal syntax. Over the years, a modified version of Backus-Naur Form (BNF), called Augmented BNF (ABNF), has been popular among many Internet specifications. The current specification documents ABNF. It balances compactness and simplicity with reasonable representational power. The differences between standard BNF and ABNF involve naming rules, repetition, alternatives, order-independence, and value ranges. This specification also supplies additional rule definitions and encoding for a core lexical analyzer of the type common to several Internet specifications. [STANDARDS-TRACK] The Constrained Application Protocol (CoAP) The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks. The nodes often have 8-bit microcontrollers with small amounts of ROM and RAM, while constrained networks such as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) often have high packet error rates and a typical throughput of 10s of kbit/s. The protocol is designed for machine- to-machine (M2M) applications such as smart energy and building automation. CoAP provides a request/response interaction model between application endpoints, supports built-in discovery of services and resources, and includes key concepts of the Web such as URIs and Internet media types. CoAP is designed to easily interface with HTTP for integration with the Web while meeting specialized requirements such as multicast support, very low overhead, and simplicity for constrained environments. Observing Resources in the Constrained Application Protocol (CoAP) The Constrained Application Protocol (CoAP) is a RESTful application protocol for constrained nodes and networks. The state of a resource on a CoAP server can change over time. This document specifies a simple protocol extension for CoAP that enables CoAP clients to "observe" resources, i.e., to retrieve a representation of a resource and keep this representation updated by the server over a period of time. The protocol follows a best-effort approach for sending new representations to clients and provides eventual consistency between the state observed by each client and the actual resource state at the server. Guidelines for Mapping Implementations: HTTP to the Constrained Application Protocol (CoAP) This document provides reference information for implementing a cross-protocol network proxy that performs translation from the HTTP protocol to the Constrained Application Protocol (CoAP). This will enable an HTTP client to access resources on a CoAP server through the proxy. This document describes how an HTTP request is mapped to a CoAP request and how a CoAP response is mapped back to an HTTP response. This includes guidelines for status code, URI, and media type mappings, as well as additional interworking advice. Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. CoAP (Constrained Application Protocol) over TCP, TLS, and WebSockets The Constrained Application Protocol (CoAP), although inspired by HTTP, was designed to use UDP instead of TCP. The message layer of CoAP over UDP includes support for reliable delivery, simple congestion control, and flow control. Some environments benefit from the availability of CoAP carried over reliable transports such as TCP or Transport Layer Security (TLS). This document outlines the changes required to use CoAP over TCP, TLS, and WebSockets transports. It also formally updates RFC 7641 for use with these transports and RFC 7959 to enable the use of larger messages over a reliable transport. Concise Data Definition Language (CDDL): A Notational Convention to Express Concise Binary Object Representation (CBOR) and JSON Data Structures This document proposes a notational convention to express Concise Binary Object Representation (CBOR) data structures (RFC 7049). Its main goal is to provide an easy and unambiguous way to express structures for protocol messages and data formats that use CBOR or JSON. Object Security for Constrained RESTful Environments (OSCORE) This document defines Object Security for Constrained RESTful Environments (OSCORE), a method for application-layer protection of the Constrained Application Protocol (CoAP), using CBOR Object Signing and Encryption (COSE). OSCORE provides end-to-end protection between endpoints communicating using CoAP or CoAP-mappable HTTP. OSCORE is designed for constrained nodes and networks supporting a range of proxy operations, including translation between different transport protocols. Although an optional functionality of CoAP, OSCORE alters CoAP options processing and IANA registration. Therefore, this document updates RFC 7252. Concise Binary Object Representation (CBOR) The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack. This document obsoletes RFC 7049, providing editorial improvements, new details, and errata fixes while keeping full compatibility with the interchange format of RFC 7049. It does not create a new version of the format. HTTP/1.1 The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document specifies the HTTP/1.1 message syntax, message parsing, connection management, and related security concerns. This document obsoletes portions of RFC 7230. Informative References Miscellaneous additions to CoAP Universitaet Bremen TZI Universitaet Bremen TZI This short I-D makes a number of partially interrelated proposals how to solve certain problems in the CoRE WG's main protocol, the Constrained Application Protocol (CoAP). The current version has been resubmitted to keep information about these proposals available; the proposals are not all fleshed out at this point in time. Discovery of OSCORE Groups with the CoRE Resource Directory RISE AB Consultant Group communication over the Constrained Application Protocol (CoAP) can be secured by means of Group Object Security for Constrained RESTful Environments (Group OSCORE). At deployment time, devices may not know the exact security groups to join, the respective Group Manager, or other information required to perform the joining process. This document describes how a CoAP endpoint can use descriptions and links of resources registered at the CoRE Resource Directory to discover security groups and to acquire information for joining them through the respective Group Manager. A given security group may protect multiple application groups, which are separately announced in the Resource Directory as sets of endpoints sharing a pool of resources. This approach is consistent with, but not limited to, the joining of security groups based on the ACE framework for Authentication and Authorization in constrained environments. Cacheable OSCORE RISE AB Group communication with the Constrained Application Protocol (CoAP) can be secured end-to-end using Group Object Security for Constrained RESTful Environments (Group OSCORE), also across untrusted intermediary proxies. However, this sidesteps the proxies' abilities to cache responses from the origin server(s). This specification restores cacheability of protected responses at proxies, by introducing consensus requests which any client in a group can send to one server or multiple servers in the same group. Key Management for OSCORE Groups in ACE RISE AB Universitaet Duisburg-Essen Ericsson AB This document defines an application profile of the ACE framework for Authentication and Authorization, to request and provision keying material in group communication scenarios that are based on CoAP and are secured with Group Object Security for Constrained RESTful Environments (Group OSCORE). This application profile delegates the authentication and authorization of Clients, that join an OSCORE group through a Resource Server acting as Group Manager for that group. This application profile leverages protocol-specific transport profiles of ACE to achieve communication security, server authentication and proof-of-possession for a key owned by the Client and bound to an OAuth 2.0 Access Token. OSCORE-capable Proxies RISE AB RISE AB Object Security for Constrained RESTful Environments (OSCORE) can be used to protect CoAP messages end-to-end between two endpoints at the application layer, also in the presence of intermediaries such as proxies. This document defines how to use OSCORE for protecting CoAP messages also between an origin application endpoint and an intermediary, or between two intermediaries. Also, it defines how to secure a CoAP message by applying multiple, nested OSCORE protections, e.g., both end-to-end between origin application endpoints, as well as between an application endpoint and an intermediary or between two intermediaries. Thus, this document updates RFC 8613. The same approach can be seamlessly used with Group OSCORE, for protecting CoAP messages when group communication with intermediaries is used. Datagram Transport Layer Security Version 1.2 This document specifies version 1.2 of the Datagram Transport Layer Security (DTLS) protocol. The DTLS protocol provides communications privacy for datagram protocols. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the Transport Layer Security (TLS) protocol and provides equivalent security guarantees. Datagram semantics of the underlying transport are preserved by the DTLS protocol. This document updates DTLS 1.0 to work with TLS version 1.2. [STANDARDS-TRACK] JSON Web Signature (JWS) JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based data structures. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and an IANA registry defined by that specification. Related encryption capabilities are described in the separate JSON Web Encryption (JWE) specification. Constrained Application Protocol (CoAP) Option for No Server Response There can be machine-to-machine (M2M) scenarios where server responses to client requests are redundant. This kind of open-loop exchange (with no response path from the server to the client) may be desired to minimize resource consumption in constrained systems while updating many resources simultaneously or performing high-frequency updates. CoAP already provides Non-confirmable (NON) messages that are not acknowledged by the recipient. However, the request/response semantics still require the server to respond with a status code indicating "the result of the attempt to understand and satisfy the request", per RFC 7252. This specification introduces a CoAP option called 'No-Response'. Using this option, the client can explicitly express to the server its disinterest in all responses against the particular request. This option also provides granular control to enable expression of disinterest to a particular response class or a combination of response classes. The server MAY decide to suppress the response by not transmitting it back to the client according to the value of the No-Response option in the request. This option may be effective for both unicast and multicast requests. This document also discusses a few examples of applications that benefit from this option. The Transport Layer Security (TLS) Protocol Version 1.3 This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations. The Datagram Transport Layer Security (DTLS) Protocol Version 1.3 This document specifies version 1.3 of the Datagram Transport Layer Security (DTLS) protocol. DTLS 1.3 allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. The DTLS 1.3 protocol is based on the Transport Layer Security (TLS) 1.3 protocol and provides equivalent security guarantees with the exception of order protection / non-replayability. Datagram semantics of the underlying transport are preserved by the DTLS protocol. This document obsoletes RFC 6347.

Examples with Reverse-Proxy The examples in this section refer to the following actors.

One origin client C, with address C_ADDR and port number C_PORT.
One proxy P, with address P_ADDR and server port number P_PORT.
Two origin servers S1 and S2, where the server Sx has address Sx_ADDR and port number Sx_PORT.

The origin servers are members of a CoAP group with IP multicast address G_ADDR and port number G_PORT. Also, the origin servers are members of a same application group, and share the same resource /r. The communication between C and P is based on CoAP over TCP, as per . The group communication between P and the origin servers is based on CoAP over UDP and IP multicast, as per . Finally, 'bstr(X)' denotes a CBOR byte string where its value is the byte serialization of X.

Example 1 The example shown in considers a reverse-proxy P that provides access to both the whole group of servers {S1,S2} and also to each of those servers individually. The client C may not have a way to reach the servers directly (e.g., P is acting as a firewall). After the client C has received two responses to its group request sent via the proxy, it selects one server (S1) and requests another resource from it in unicast, again via the proxy. In particular:

The client C encodes the group URI 'coap://group1.com/r' within the URI path of its request to P. This encoding follows the "default mapping" defined in for HTTP-to-CoAP proxies, but now applied to a CoAP-to-CoAP proxy. The proxy P decodes the embedded group URI from the request.
The client's request URI path starts with '/cp', which is the resource on P that provides the CoAP proxy function. Since C in this example constructs the URI in its request including this resource '/cp', it is aware that is requesting to a proxy.
Because the embedded group URI omits the CoAP port, P infers G_PORT to be the default port 5683 for the 'coap' scheme.
The hostname 'p.example.com' resolves to the proxy's unicast IPv6 address P_ADDR.
The hostname 'group1.com' resolves to the IPv6 multicast address G_ADDR. The proxy P performs this resolution upon receiving the request from C. P constructs the group request and sends it to the CoAP group at G_ADDR:G_PORT.
Typically S1_PORT and S2_PORT will be equal to G_PORT, but a server Sx is allowed to reply to the multicast request from another port number not equal to G_PORT. For this reason, the notation Sx_PORT is used.

Note that this type of reverse-proxy only requires one unicast IP address (P_ADDR) for the proxy, so it is well scalable to a large number of servers Sx. The type of reverse-proxy in the example in requires an additional IP address for each server Sx and also for each CoAP group that it supports.

Workflow example with reverse-proxy that processes an embedded group URI in a client's request | /* C embeds the | | | Src: C_ADDR:C_PORT | group URI into its | | | Dst: p.example.com:P_PORT | request to the | | | Uri-Path: | proxy */ | | | /cp/coap://group1.com/r | | | | Multicast-Timeout: 60 | | | | | | | | | Src: P_ADDR:P_PORT | | | | Dst: G_ADDR:G_PORT | | | | Uri-Path: /r | | | |---------------+----->| | | | \ | | | | +----------------->| | | | | | | | | | | /* t = 0 : P starts | | | | accepting responses | | | | for this request */ | | | | | | | | | | | |<---------------------| | | | Src: S1_ADDR:S1_PORT | | | | Dst: P_ADDR:P_PORT | | | | | | | | | | |<-----------------------------| | | | Src: p.example.com:P_PORT | | | | Dst: C_ADDR:C_PORT | | | | Response-Forwarding { | | | | [3, /*CoAP over TCP*/ | | | | #6.260(bstr(S1_ADDR)), | | | | S1_PORT | | | | ] | | | | } | | | | | | | | | | | | |<-----------------------------------| | | Src: S2_ADDR:S2_PORT | | | Dst: P_ADDR:P_PORT | | | | | |<-----------------------------| | | | Src: p.example.com:P_PORT | | | | Dst: C_ADDR:C_PORT | | | | Response-Forwarding { | | | | [3, /*CoAP over TCP*/ | | | | #6.260(bstr(S2_ADDR)), | | | | S2_PORT | | | | ] | | | | } | | | | | | | | /* At t = 60, P stops accepting | | | responses for this request */ | | | | | | | | | | |----------------------------->| /* Request intended | | | Src: C_ADDR:C_PORT | only to S1, via | | | Dst: p.example.com:P_PORT | proxy P */ | | | Uri-Path: /cp/coap:// | | | | [S1_ADDR]:S1_PORT/r2 | | | | | | | | | Src: P_ADDR:P_PORT | | | | Dst: S1_ADDR:S1_PORT | | | | Uri-Path: /r2 | | | |--------------------->| | | | | | | | | | | |<---------------------| | | | Src: S1_ADDR:S1_PORT | | | | Dst: P_ADDR:P_PORT | | | | | | |<-----------------------------| | | | Src: P_ADDR:P_PORT | | | | Dst: C_ADDR:C_PORT | | | | | | | ]]>

Example 2 The example shown in considers a reverse-proxy that stands in for both the whole group of servers {S1,S2} and for each of those servers Sx. The client C may not have a way to reach the servers directly (e.g., P is acting as a firewall). After the client C has received two responses to its group request sent via the proxy, it selects one server (S1) and requests at a later time the same resource from it in unicast, again via the proxy. In particular:

The hostname 'group1.com' resolves to the unicast address P_ADDR. The proxy forwards an incoming request to that address, for any resource i.e., URI path, towards the CoAP group at G_ADDR:G_PORT leaving the URI path unchanged.
The address Dx_ADDR and port number Dx_PORT are used by the proxy, which forwards an incoming request to that address towards the server at Sx_ADDR:Sx_PORT. The different Dx_ADDR are effectively 'proxy IP addresses' used to provide access to the servers.

Note that this type of reverse-proxy implementation requires the proxy to use (potentially) a large number of distinct IP addresses, hence it is not very scalable. Instead, the type of reverse-proxy shown in the example in uses only one IPv6 unicast address to provide access to all servers and all CoAP groups.

Workflow example with reverse-proxy standing in for both the whole group of servers and each individual server | /* C is not aware | | | Src: C_ADDR:C_PORT | that P is in fact | | | Dst: group1.com:P_PORT | a reverse-proxy */ | | | Uri-Path: /r | | | | | | | |<-----------------------------| | | | Src: group1.com:P_PORT | | | | Dst: C_ADDR:C_PORT | | | | 4.00 Bad Request | | | | Multicast-Timeout: (empty) | | | | Payload: "Please use | | | | Multicast-Timeout" | | | | | | | |----------------------------->| | | | Src: C_ADDR:C_PORT | | | | Dst: group1.com:P_PORT | | | | Multicast-Timeout: 60 | | | | Uri-Path: /r | | | | | | | | | | | | | Src: P_ADDR:P_PORT | | | | Dst: G_ADDR:G_PORT | | | | Uri-Path: /r | | | |---------------+----->| | | | \ | | | | +----------------->| | | | | | | | | | | /* t = 0 : P starts | | | | accepting responses | | | | for this request */ | | | | | | | | | | | |<---------------------| | | | Src: S1_ADDR:S1_PORT | | | | Dst: P_ADDR:P_PORT | | | | | | | | | | |<-----------------------------| | | | Src: group1.com:P_PORT | | | | Dst: C_ADDR:C_PORT | | | | Response-Forwarding { | | | | [3, /*CoAP over TCP*/ | | | | #6.260(bstr(D1_ADDR)), | | | | D1_PORT | | | | ] | | | | } | | | | | | | | |<-----------------------------------| | | Src: S2_ADDR:S2_PORT | | | Dst: P_ADDR:P_PORT | | | | | |<-----------------------------| | | | Src: group1.com:P_PORT | | | | Dst: C_ADDR:C_PORT | | | | Response-Forwarding { | | | | [3, /*CoAP over TCP*/ | | | | #6.260(bstr(D2_ADDR)), | | | | D2_PORT | | | | ] | | | | } | | | | | | | | /* At t = 60, P stops accepting | | | responses for this request */ | | | | | | ... ... /* time passes */ ... ... | | | | |----------------------------->| /* Request intended | | | Src: C_ADDR:C_PORT | only to S1 for same | | | Dst: D1_ADDR:D1_PORT | resource /r */ | | | Uri-Path: /r | | | | | | | | | Src: P_ADDR:P_PORT | | | | Dst: S1_ADDR:S1_PORT | | | | Uri-Path: /r | | | |--------------------->| | | | | | | | | | | |<---------------------| | | | Src: S1_ADDR:S1_PORT | | | | Dst: P_ADDR:P_PORT | | | | | | |<-----------------------------| | | | Src: D1_ADDR:D1_PORT | | | | Dst: C_ADDR:C_PORT | | | | | | | ]]>

Example 3 The example shown in builds on the example in . However, it considers a reverse-proxy that stands in for only the whole group of servers, but not for each individual server Sx. The final exchange between C and S1 occurs with CoAP over UDP.

Workflow example with reverse-proxy standing in for only the whole group of servers, but not for each individual server | /* C is not aware | | | Src: C_ADDR:C_PORT | that P is in fact | | | Dst: group1.com:P_PORT | a reverse-proxy */ | | | Uri-Path: /r | | | | | | | |<-----------------------------| | | | Src: group1.com:P_PORT | | | | Dst: C_ADDR:C_PORT | | | | 4.00 Bad Request | | | | Multicast-Timeout: (empty) | | | | Payload: "Please use | | | | Multicast-Timeout" | | | | | | | | | | | |----------------------------->| | | | Src: C_ADDR:C_PORT | | | | Dst: group1.com:P_PORT | | | | Multicast-Timeout: 60 | | | | Uri-Path: /r | | | | | | | | | Src: P_ADDR:P_PORT | | | | Dst: G_ADDR:G_PORT | | | | Uri-Path: /r | | | |---------------+----->| | | | \ | | | | +----------------->| | | | | | | | | | | /* t = 0 : P starts | | | | accepting responses | | | | for this request */ | | | | | | | | | | | |<---------------------| | | | Src: S1_ADDR:S1_PORT | | | | Dst: P_ADDR:P_PORT | | | | | | |<-----------------------------| | | | Dst: group1.com:P_PORT | | | | Dst: C_ADDR:C_PORT | | | | Response-Forwarding { | | | | [1, /*CoAP over UDP*/ | | | | #6.260(bstr(S1_ADDR)), | | | | S1_PORT | | | | ] | | | | } | | | | | | | | |<-----------------------------------| | | Src: S2_ADDR:S2_PORT | | | Dst: P_ADDR:P_PORT | | | | | |<-----------------------------| | | | Dst: group1.com:P_PORT | | | | Dst: C_ADDR:C_PORT | | | | Response-Forwarding { | | | | [1, /*CoAP over UDP*/ | | | | #6.260(bstr(S2_ADDR)), | | | | S2_PORT | | | | ] | | | | } | | | | | | | | | | | | /* At t = 60, P stops accepting | | | responses for this request */ | | | | | | ... ... /* time passes */ ... ... | | | | |---------------------------------------------------->| | | Src: C_ADDR:C_PORT | /* Request intended | | | Dst: S1.ADDR:S1_PORT | only to S1 for same | | | Uri-Path: /r | resource /r */ | | | | | | |<----------------------------------------------------| | | Src: S1.ADDR:S1_PORT | | | | Dst: C_ADDR:C_PORT | | | | | | | ]]>

Acknowledgments The authors sincerely thank Christian Amsuess, Jim Schaad and Goeran Selander for their comments and feedback. The work on this document has been partly supported by VINNOVA and the Celtic-Next project CRITISEC; and by the H2020 project SIFIS-Home (Grant agreement 952652).