| Network Working Group | M. Koster |
| Internet-Draft | ARM Limited |
| Intended status: Standards Track | A. Keranen |
| Expires: September 10, 2015 | J. Jimenez |
| Ericsson | |
| March 9, 2015 |
Publish-Subscribe Broker for the Constrained Application Protocol (CoAP)
draft-koster-core-coap-pubsub-01
The Constrained Application Protocol (CoAP), and related extensions are intended to support machine-to-machine communication in systems where one or more nodes are resource constrained, in particular for low power wireless sensor networks. This document defines a publish-subscribe broker for CoAP that extends the capabilities of CoAP for supporting nodes with long breaks in connectivity and/or up-time.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 10, 2015.
Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
The Constrained Application Protocol (CoAP) [RFC7252] supports machine-to-machine communication across networks of constrained devices. CoAP uses a request/response model where clients make requests to servers in order to request actions on resources. Depending on the situation the same device may act either as a server or a client.
One important class of constrained devices includes devices that are intended to run for years from a small battery, or by scavenging energy from their environment. These devices have limited reachability because they spend most of their time in a sleeping state with no network connectivity. Devices may also have limited reachability due to certain middle-boxes, such as Network Address Translators (NATs) or firewalls. Such middle-boxes often prevent connecting to a device from the Internet unless the connection was initiated by the device.
This document specifies the means for nodes with limited reachability to communicate using simple extensions to CoAP. The extensions enable publish-subscribe communication using a broker node that enables store-and-forward messaging between two or more nodes. Furthermore the extensions facilitate many-to-many communication using CoAP.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 'OPTIONAL' in this specification are to be interpreted as described in [RFC2119].
This specification requires readers to be familiar with all the terms and concepts that are discussed in [RFC5988] and [RFC6690]. Readers should also be familiar with the terms and concepts discussed in [RFC7252] and [I-D.ietf-core-resource-directory]. The URI template format [RFC6570] is used to describe the REST interfaces defined in this specification.
This specification makes use of the following additional terminology:
Figure 1 shows the architecture of a CoAP PubSub service. CoAP PubSub Clients interact with a CoAP PubSub Broker through the CoAP PubSub interface which is hosted by the Broker. State information is updated between the Clients and the Broker. The CoAP PubSub Broker performs a store-and-forward function of state updates between certain CoAP PubSub Clients. Clients Subscribe to state updates which are Published by other Clients, and which are forwarded by the Broker to the subscribing clients. The CoAP PubSub Broker also acts as a REST proxy, retaining the last state update provided by clients to supply in response to Read requests from Clients.
Clients PubSub Broker
+------+ |
| CoAP | |
|PubSub|---------|------+
|Client| | | +------+
+------+ | +----| CoAP |
| |PubSub|
+------+ | +----|Broker|
| CoAP | | | +------+
|PubSub|---------|------+
|Client| |
+------+ |
Figure 1: CoAP-PubSub Architecture
A CoAP PubSub Broker is a CoAP Server that exposes an interface for clients to use to initiate publish-subscribe interactions. Unlike clients, the broker needs to be reachable by all clients. The broker also needs to have sufficient resources (storage, bandwidth, etc.) to host CoAP resources, and potentially buffer messages, on behalf of the clients.
A CoAP PubSub Client interacts with a CoAP PubSub Broker using the CoAP PubSub interface. Clients initiate all interactions with the CoAP-PubSub broker. A data source (e.g., sensor clients) can publish state updates to the broker and data sinks (e.g., actuator clients) can read from or subscribe to state updates from the broker. Application clients can make use of both publish and subscribe in order to exchange state updates with data sources and sinks.
The clients and broker use topics to identify a particular resource or object in a publish-subscribe system. Topics are conventionally formed as a hierarchy, e.g. "/sensors/weather/barometer/pressure" or "EP-33543/sen/3303/0/5700". The topics are hosted at the broker and all the clients using the broker share the same namespace for topics.
This section defines the interfaces between a CoAP PubSub Broker and PubSub Clients, which is called the CoAP PubSub Function Set. The examples throughout this section assume the use of CoAP [RFC7252]. A CoAP PubSub Broker implementing this specification MUST support the DISCOVER, CREATE, PUBLISH, SUBSCRIBE, UNSUBSCRIBE, READ, and REMOVE operations defined in this section. With the exception of PUBLISH, all operations in the CoAP PubSub Function Set MUST use confirmable (CON) CoAP messages.
CoAP PubSub Clients discover CoAP PubSub Brokers by using CoAP Simple Discovery or through a Resource Directory (RD) [I-D.ietf-core-resource-directory]. A CoAP PubSub Broker SHOULD indicate its presence and availability on a network by exposing a link to its PubSub function set at its .well-known/core location. A CoAP PubSub broker MAY register its PubSub function set location with a Resource Directory. Figure 2 shows an example of a client discovering a local PubSub Function Set using CoAP Simple Discovery. A broker wishing to advertise the CoAP PubSub Function Set for Simple Discovery or through a Resource Directory MUST use the link relation rt="core.ps".
The DISCOVER interface is specified as follows:
The following response codes are defined for this interface:
Client Broker
| |
| ------ GET /.well-known/core?rt=core.ps ----->|
| |
| <------2.05 Content “</ps>;rt=core.ps”--------|
| |
Figure 2: Example of DISCOVER
Clients create topics on the broker using the CREATE interface. A client wishing to create a topic MUST use CoAP POST to the PubSub function set location with a payload indicating the desired topic. The topic MUST use the CoRE link format [RFC6690]. The client MAY indicate the lifetime of the topic by including the max-age option in the CREATE request. Broker MUST return a response code of "2.01 Created" if the topic is created. The broker MUST return the appropriate 4.xx response code indicating the reason for failure if a new topic can not be created. Broker SHOULD remove topics if the max-age of the topic is exceeded without any publishes to the topic.
The CREATE interface is specified as follows:
The following response codes are defined for this interface:
Figure 3 shows an example of a topic called "topic1" being successfully created.
Client Broker | | | -------------- POST /ps "<topic1>" ---------->| | | | <---------------- 2.01 Created ---------------| | |
Figure 3: Example of CREATE
A CoAP PubSub Client uses the PUBLISH interface for updating resources. The client MUST use the PUT method to publish state updates to the CoAP PubSub Broker. A CoAP client publishing on a topic MAY indicate the maximum lifetime of the value by including the max-age option in the publish request. A client MAY use confirmable (CON) or non-confirmable (NON) messages to publish updates to a broker. The broker MUST return a response code of "2.04 Changed" if the publish is accepted or "4.04 Not Found" if the topic does not exist.
The Broker MUST publish updates to all clients subscribed on a particular topic each time it receives a publish on that topic. If a client publishes to a broker using non-confirmable messages, the broker MAY publish those messages to subscribed clients using non-confirmable messages. If a client publishes to a broker using confirmable messages, the broker MUST also publish those messages to subscribed clients using confirmable messages. If a client publishes to a broker with the max-age option, the broker MUST publish to subscribed clients including the same value for the max-age option. If a client publishes to a particular topic on a broker with a payload encoded in a particular CoAP Content-Format, the broker MUST publish to subscribed clients on that topic using the same CoAP Content-Format. A broker MUST use CoAP Notification as described in [I-D.ietf-core-observe] to publish to subscribed clients.
The PUBLISH interface is specified as follows:
The following response codes are defined for this interface:
Figure 4 shows an example of a new value being successfully published to the topic "topic1". See Figure 5 for an example of a broker forwarding a message from a publishing client to a subscribed client.
Client Broker | | | ---------- PUT /ps/topic1 "1033.3" --------> | | | | | | <--------------- 2.04 Changed---------------- | | |
Figure 4: Example of PUBLISH
CoAP PubSub Clients subscribe to topics on the Broker using CoAP Observe as described in [I-D.ietf-core-observe]. A CoAP PubSub Client wishing to Subscribe to a topic on a broker MUST use a CoAP GET with Observe registration. The Broker MAY add the client to a list of observers. The Broker MUST return a response code of "2.05 Content" along with the most recently published value if the topic contains a valid value. If the topic was published with the max-age option, the broker MUST set the max-age option in the valid response to the amount of time remaining for the topic to be valid since the last publish. The Broker MUST return a response code of "2.04 No Content" if the max-age of the previously stored value has expired. The Broker MUST return a response code "4.04 Not Found" if the topic does not exist or has been removed.
The SUBSCRIBE interface is specified as follows:
The following response codes are defined for this interface:
Figure 5 shows an example of Client2 subscribing to "topic1" and receiving two publish responses from the broker. The first publish from the broker uses the last stored value associated with the topic1. The second publish from the broker is in response to the publish received from Client1.
Client1 Client2 Broker | | | | | ----- GET /ps/topic1 Observe:0 Token:XX ----> | | | | | | <---------- 2.05 Content Observe:10---------- | | | | | | | | | | | ---------|----------- PUT /ps/topic1 "1033.3" --------> | | | | | | <---------- 2.05 Content Observe:11---------- | | | |
Figure 5: Example of SUBSCRIBE
CoAP PubSub Clients unsubscribe from topics on the Broker using the CoAP Cancel Observation operation. A CoAP PubSub Client wishing to unsubscribe to a topic on a Broker MUST either use CoAP GET with Observe using an Observe parameter of 1 or send a CoAP Reset message in response to a publish [I-D.ietf-core-observe].
The UNSUBSCRIBE interface is specified as follows:
The following response codes are defined for this interface:
Figure 6 shows an example of a client unsubscribe using the Observe=1 cancellation method.
Client Broker | | | ----- GET /ps/topic1 Observe:1 Token:XX ----> | | | | <------------- 2.05 Content ----------------- | | |
Figure 6: Example of UNSUBSCRIBE
A CoAP PubSub client wishing to obtain only the most recent published value on a topic MAY use the READ interface. For reading, the client uses the CoAP GET method. The Broker MUST return a response code of "2.05 Content" along with the most recently published value if the topic contains a valid value. If the topic was published with the max-age option, the broker MUST set the max-age option in the valid response to the amount of time remaining for the topic to be valid since the last publish. The Broker MUST return a response code of "2.04 No Content" if the max-age of the previously stored value has expired. The Broker MUST return a response code "4.04 Not Found" if the topic does not exist or has been removed.
The READ interface is specified as follows:
The following response codes are defined for this interface:
Figure 7 shows an example of s successful READ from topic1.
Client Broker | | | -------------- GET /ps/topic1 -------------> | | | | | | <--------------- 2.05 Content --------------- | | |
Figure 7: Example of READ
A CoAP PubSub Client wishing to remove a topic can use the CoAP Delete operation on the URI of the topic. The CoAP PubSub Broker MUST return "2.02 Deleted" if the remove operation is successful. The broker MUST return the appropriate 4.xx response code indicating the reason for failure if the topic can not be removed.
The REMOVE interface is specified as follows:
The following response codes are defined for this interface:
Figure 5 shows a successful remove of topic1.
Client Broker | | | ------------- DELETE /ps/topic1 ------------> | | | | | | <-------------- 2.02 Deleted ---------------- | | |
Figure 8: Example of REMOVE
A CoAP PubSub Broker may register a PubSub Function Set with a Resource Directory. A PubSub Client may use an RD to discover a PubSub Broker.
A CoAP PubSub Client may register CoRE Links [RFC6690] to created PubSub Topics with an RD. A PubSub Client may use an RD to discover PubSub Topics. A client which registers PubSub Topics with an RD MUST use the context relation (con) [I-D.ietf-core-resource-directory] to indicate that the context of the registered links is the PubSub Broker.
CoAP PubSub provides a way for client nodes to sleep between operations, conserving energy during idle periods. This is made possible by shifting the server role to the broker, allowing the broker to be always-on and respond to requests from other clients while a particular client is sleeping.
For example, the broker will retain the last state update received from a sleeping client, in order to supply the most recent state update to other clients in response to read and subscribe operations.
Likewise, the broker will retain the last state update recieved on the topic such that a sleeping client, upon waking, can perform a read operation to the broker to update its own state from the most recent system state update.
CoAP-PubSub re-uses CoAP [RFC7252], CoRE Resource Directory [I-D.ietf-core-resource-directory], and Web Linking [RFC5988] and therefore the security considerations of those documents also apply to this specification. Additionally, a CoAP-PubSub broker and the clients SHOULD authenticate each other and enforce access control policies. A malicious client could subscribe to data it is not authorized to or mount a denial of service attack against the broker by publishing a large number of resources. The authentication can be performed using the already standardized DTLS offered mechanisms, such as certificates. DTLS also allows communication security to be established to ensure integrity and confidentiality protection of the data exchanged between these relevant parties. Provisioning the necessary credentials, trust anchors and authorization policies is non-trivial and subject of ongoing work.
The use of a CoAP-PubSub broker introduces challenges for the use of end-to-end security between for example a client device on a sensor network and a client application running in a cloud-based server infrastructure since brokers terminate the exchange. While running separate DTLS sessions from the client device to the broker and from broker to client application protects confidentially on those paths, the client device does not know whether the commands coming from the broker are actually coming from the client application. Similarly, a client application requesting data does not know whether the data originated on the client device. For scenarios where end-to-end security is desirable the use of application layer security is unavoidable. Application layer security would then provide a guarantee to the client device that any request originated at the client application. Similarly, integrity protected sensor data from a client device will also provide guarantee to the client application that the data originated on the client device itself. The protected data can also be verified by the intermediate broker ensuring that it stores/caches correct request/response and no malicious messages/requests are accepted. The broker would still be able to perform aggregation of data/requests collected.
Depending on the level of trust users and system designers place in the CoAP-PubSub broker, the use of end-to-end object security is RECOMMENDED [I-D.selander-ace-object-security].
This document registers one attribute value in the Resource Type (rt=) registry established with [RFC6690] and appends to the definition of one CoAP Response Code in the CoRE Parameters Registry.
The authors would like to thank Hannes Tschofenig, Zach Shelby, Mohit Sethi, Peter Van der Stok, Tim Kellogg, Anders Eriksson, and Goran Selander for their contributions and reviews.
| [I-D.ietf-core-observe] | Hartke, K., "Observing Resources in CoAP", Internet-Draft draft-ietf-core-observe-16, December 2014. |
| [I-D.ietf-core-resource-directory] | Shelby, Z. and C. Bormann, "CoRE Resource Directory", Internet-Draft draft-ietf-core-resource-directory-02, November 2014. |
| [I-D.selander-ace-object-security] | Selander, G., Mattsson, J. and L. Seitz, "October 27, 2014", Internet-Draft draft-selander-ace-object-security-00, October 2014. |
| [RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. |
| [RFC3986] | Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005. |
| [RFC6570] | Gregorio, J., Fielding, R., Hadley, M., Nottingham, M. and D. Orchard, "URI Template", RFC 6570, March 2012. |
| [RFC6690] | Shelby, Z., "Constrained RESTful Environments (CoRE) Link Format", RFC 6690, August 2012. |
| [RFC7252] | Shelby, Z., Hartke, K. and C. Bormann, "The Constrained Application Protocol (CoAP)", RFC 7252, June 2014. |
| [RFC5988] | Nottingham, M., "Web Linking", RFC 5988, October 2010. |