Connectivity Framework Annex E: Assessment Template: CoAP
E. 6.3 Usage Viewpoint
E. 6.3.1 Architecture( Section 6.3.1)
E. 6.3.2 Technology
Options( Section 6.3.2)
E. 6.3.3 Applications( Section 6.3.3)
E. 6.3.4 Typical
Usage( Section 2.2)
E. 6.3.5 Operations( Section 2.3.8)
E. 6.3.6 Security( Section 2.3.5)
Summarize the main concepts, and high-level architecture, and terminology. Describe the end-to-end information exchange path.
CoAP aims to provide more than plain connectivity or message passing functionality. Like HTTP it brings the RESTful architectural style of the World Wide Web( WWW) to the constrained space. Servers make resources available under a uniform resource identifier( URI), and clients access these resources using methods such as GET, PUT, POST, and DELETE.
A device( endpoint) will run a CoAP Server and often a Client too. Clients elsewhere( i. e. other devices, browsers, applications) can request resources on the device as well as discover new devices and functionality.
From a developer point of view, CoAP feels very much like HTTP. Obtaining a value from a sensor is not much different from obtaining a value from a Web API. For more details, please refer to page 10 of RFC 7252 1. List the choices to be made for using the connectivity technology in a system.
CoAP is a client / server model where the options include:
• Selection of resource representation format.
• Selection of transport layer binding( s): UDP / IP or SMS or TCP / IP( in progress) and Web Sockets( in progress).
• Selection of client and server implementation libraries.
• Optional: Selection of HTTP proxy( CoAP-HTTP gateway).
• Optional: Selection of resource directory server for resource discovery in constrained environments.
A general statement of the typical applications that rely on this connectivity technology and the reason for using the connectivity technology.
CoAP is a generic REST protocol upon which other technologies have been built. For device management, for example, the Open Mobile Alliance has created LWM2M, which supports management and operations of devices. What function or where in the system this technology is typically used?
The protocol is very versatile. It is suited for data collection, managed and unmanaged systems, systems that require scalability and systems that require security. Can one monitor, manage, and dynamically replace elements of the connectivity function?
CoRE specifications typically focus on protocol interactions and do not generally specify how elements of the connectivity functions are managed, monitored or replaced. What are the system security implications of this connectivity technology?
CoAP defines a security model to authenticate and encrypt the interaction between CoAP clients and servers based on the underlying network datagram transport layer( DTLS / TLS) security mechanisms.
CoAP specifications provide different types of end-to-end security and analysis of several possible attack vectors; please refer to page 80 of RFC 7252 2.
A robust authentication and fine-grained access control security model is currently being defined by the IETF ACE working group for CoAP.
1
See [ IETF-RFC7252 ]
2
See [ IETF-RFC7252 ] IIC: PUB: G5: V1.0: PB: 20170228- 104-