rfc9944v1.txt   rfc9944.txt 
skipping to change at line 390 skipping to change at line 390
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device"], "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "BLE Heart Monitor", "displayName": "BLE Heart Monitor",
"active": true, "active": true,
"meta": { "meta": {
"resourceType": "Device", "resourceType": "Device",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
"lastModified": "2022-05-13T04:42:34Z", "lastModified": "2022-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/Devices/e9e30dba-f08f "location": "https://example.com/v2/Devices/e9e30dba-f08f-\
-4109-8486-d5c6a3316111" 4109-8486-d5c6a3316111"
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 3: Core Device Example Entries Figure 3: Core Device Example Entries
4. Groups 4. Groups
Device and EndpointApp groups are created using the SCIM groups as Device and EndpointApp groups are created using the SCIM groups as
defined in Section 4.2 of [RFC7643]. If set, the "type" subattribute defined in Section 4.2 of [RFC7643]. If set, the "type" subattribute
skipping to change at line 547 skipping to change at line 547
"applicationName": "Device Control App 1", "applicationName": "Device Control App 1",
"certificateInfo": { "certificateInfo": {
"rootCA" : "MIIBIjAN...", "rootCA" : "MIIBIjAN...",
"subjectName": "www.example.com" "subjectName": "www.example.com"
}, },
"meta": { "meta": {
"resourceType": "EndpointApp", "resourceType": "EndpointApp",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
"lastModified": "2022-05-13T04:42:34Z", "lastModified": "2022-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/EndpointApps/e9e30dba-f08f "location": "https://example.com/v2/EndpointApps/e9e30dba-f08f-\
-4109-8486-d5c6a3316212" 4109-8486-d5c6a3316212"
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 4: Endpoint App Example Figure 4: Endpoint App Example
7. SCIM Device Extensions 7. SCIM Device Extensions
SCIM provides various extension schemas, their attributes, JSON SCIM provides various extension schemas, their attributes, JSON
representation, and example object. The core schema is extended with representation, and example object. The core schema is extended with
skipping to change at line 734 skipping to change at line 734
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device",
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device"], "urn:ietf:params:scim:schemas:extension:ble:2.0:Device"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "BLE Heart Monitor", "displayName": "BLE Heart Monitor",
"active": true, "active": true,
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : { "urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : {
"versionSupport": ["5.3"], "versionSupport": ["5.3"],
"deviceMacAddress": "2C:54:91:88:C9:E2", "deviceMacAddress": "2C:54:91:88:C9:E2",
"isRandom": false, "isRandom": false,
"separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77 "separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77:\
:22:12"], 22:12"],
"mobility": true, "mobility": true,
"pairingMethods": ["urn:ietf:params:scim:schemas:extension "pairingMethods": ["urn:ietf:params:scim:schemas:extension:\
:pairingPassKey:2.0:Device"], pairingPassKey:2.0:Device"],
"urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0 "urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:\
:Device" : { Device" : {
"key": 123456 "key": 123456
} }
}, },
"meta": { "meta": {
"resourceType": "Device", "resourceType": "Device",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
"lastModified": "2022-05-13T04:42:34Z", "lastModified": "2022-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/Devices/e9e30dba-f08f-4109 "location": "https://example.com/v2/Devices/e9e30dba-f08f-4109-\
-8486-d5c6a3316111" 8486-d5c6a3316111"
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 5: BLE Example Figure 5: BLE Example
In the above example, the pairing method is "pairingPassKey", which In the above example, the pairing method is "pairingPassKey", which
implies that this BLE device pairs using only a passkey. In another implies that this BLE device pairs using only a passkey. In another
example below, the pairing method is "pairingOOB", denoting that this example below, the pairing method is "pairingOOB", denoting that this
BLE device uses the out-of-band pairing method. BLE device uses the out-of-band pairing method.
skipping to change at line 774 skipping to change at line 774
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device",
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device"], "urn:ietf:params:scim:schemas:extension:ble:2.0:Device"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "BLE Heart Monitor", "displayName": "BLE Heart Monitor",
"active": true, "active": true,
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : { "urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : {
"versionSupport": ["5.3"], "versionSupport": ["5.3"],
"deviceMacAddress": "2C:54:91:88:C9:E2", "deviceMacAddress": "2C:54:91:88:C9:E2",
"isRandom": false, "isRandom": false,
"separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77 "separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77:\
:22:12"], 22:12"],
"mobility": true, "mobility": true,
"pairingMethods": ["urn:ietf:params:scim:schemas:extension "pairingMethods": ["urn:ietf:params:scim:schemas:extension:\
:pairingOOB:2.0:Device"], pairingOOB:2.0:Device"],
"urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:Device": "urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:Device": {
{
"key": "TheKeyvalueRetrievedFromOOB", "key": "TheKeyvalueRetrievedFromOOB",
"randomNumber": 238796813516896 "randomNumber": 238796813516896
} }
}, },
"meta": { "meta": {
"resourceType": "Device", "resourceType": "Device",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
"lastModified": "2022-05-13T04:42:34Z", "lastModified": "2022-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/Devices/e9e30dba-f08f-4109 "location": "https://example.com/v2/Devices/e9e30dba-f08f-4109-\
-8486-d5c6a3316111" 8486-d5c6a3316111"
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 6: BLE with pairingOOB Figure 6: BLE with pairingOOB
However, a device can have more than one pairing method. Support for However, a device can have more than one pairing method. Support for
multiple pairing methods is also provided by the multivalued multiple pairing methods is also provided by the multivalued
attribute pairingMethods. In the example below, the BLE device can attribute pairingMethods. In the example below, the BLE device can
pair with both passkey and OOB pairing methods. pair with both passkey and OOB pairing methods.
skipping to change at line 815 skipping to change at line 814
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device",
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device"], "urn:ietf:params:scim:schemas:extension:ble:2.0:Device"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "BLE Heart Monitor", "displayName": "BLE Heart Monitor",
"active": true, "active": true,
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : { "urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : {
"versionSupport": ["5.3"], "versionSupport": ["5.3"],
"deviceMacAddress": "2C:54:91:88:C9:E2", "deviceMacAddress": "2C:54:91:88:C9:E2",
"isRandom": false, "isRandom": false,
"separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77 "separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77:\
:22:12"], 22:12"],
"mobility": true, "mobility": true,
"pairingMethods": ["urn:ietf:params:scim:schemas:extension "pairingMethods": ["urn:ietf:params:scim:schemas:extension:\
:pairingPassKey:2.0:Device", pairingPassKey:2.0:Device",
"urn:ietf:params:scim:schemas:extension:pairingOOB:2.0 "urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:\
:Device"], Device"],
"urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0 "urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:\
:Device" : { Device" : {
"key": 123456 "key": 123456
}, },
"urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:Device": "urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:Device": {
{
"key": "TheKeyvalueRetrievedFromOOB", "key": "TheKeyvalueRetrievedFromOOB",
"randomNumber": 238796813516896 "randomNumber": 238796813516896
} }
}, },
"meta": { "meta": {
"resourceType": "Device", "resourceType": "Device",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
"lastModified": "2022-05-13T04:42:34Z", "lastModified": "2022-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/Devices/e9e30dba-f08f-4109 "location": "https://example.com/v2/Devices/e9e30dba-f08f-4109-\
-8486-d5c6a3316111" 8486-d5c6a3316111"
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 7: BLE Pairing with Both Passkey and OOB Figure 7: BLE Pairing with Both Passkey and OOB
7.2. Wi-Fi Easy Connect Extension 7.2. Wi-Fi Easy Connect Extension
A schema that extends the device schema to enable Wi-Fi Easy Connect A schema that extends the device schema to enable Wi-Fi Easy Connect
(otherwise known as Device Provisioning Protocol (DPP)). Throughout (otherwise known as Device Provisioning Protocol (DPP)). Throughout
skipping to change at line 923 skipping to change at line 921
F: False F: False
RW: ReadWrite RW: ReadWrite
WO: Write Only WO: Write Only
Def: Default Def: Default
Nev: Never Nev: Never
Manuf: Manufacturer Manuf: Manufacturer
<CODE BEGINS> <CODE BEGINS>
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device",
"urn:ietf:params:scim:schemas:extension:dpp:2.0 "urn:ietf:params:scim:schemas:extension:dpp:2.0:\
:Device"], Device"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "WiFi Heart Monitor", "displayName": "WiFi Heart Monitor",
"active": true, "active": true,
"urn:ietf:params:scim:schemas:extension:dpp:2.0:Device" : { "urn:ietf:params:scim:schemas:extension:dpp:2.0:Device" : {
"dppVersion": 2, "dppVersion": 2,
"bootstrappingMethod": ["QR"], "bootstrappingMethod": ["QR"],
"bootstrapKey": "bootstrapKey": "\
"MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmt MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXru\
tZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=", VWOz0NjlkIA=",
"deviceMacAddress": "2C:54:91:88:C9:F2", "deviceMacAddress": "2C:54:91:88:C9:F2",
"classChannel": ["81/1", "115/36"], "classChannel": ["81/1", "115/36"],
"serialNumber": "4774LH2b4044" "serialNumber": "4774LH2b4044"
}, },
"meta": { "meta": {
"resourceType": "Device", "resourceType": "Device",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
"lastModified": "2022-05-13T04:42:34Z", "lastModified": "2022-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/Devices/e9e30dba-f08f "location": "https://example.com/v2/Devices/e9e30dba-f08f-\
-4109-8486-d5c6a3316111" 4109-8486-d5c6a3316111"
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 8: DPP Example Figure 8: DPP Example
7.3. Ethernet MAB Extension 7.3. Ethernet MAB Extension
This extension enables a legacy means of (very) weak authentication, This extension enables a legacy means of (very) weak authentication,
known as MAC Authenticated Bypass (MAB), that is supported in many known as MAC Authenticated Bypass (MAB), that is supported in many
skipping to change at line 994 skipping to change at line 992
Req: Required Req: Required
T: True T: True
F: False F: False
RW: ReadWrite RW: ReadWrite
Def: Default Def: Default
<CODE BEGINS> <CODE BEGINS>
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device",
"urn:ietf:params:scim:schemas:extension:ethernet-mab:2.0 "urn:ietf:params:scim:schemas:extension:ethernet-mab:2.0:Device\
:Device"], "],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "Some random Ethernet Device", "displayName": "Some random Ethernet Device",
"active": true, "active": true,
"urn:ietf:params:scim:schemas:extension:ethernet-mab:2.0:Device" "urn:ietf:params:scim:schemas:extension:ethernet-mab:2.0:Device" \
: { : {
"deviceMacAddress": "2C:54:91:88:C9:E2" "deviceMacAddress": "2C:54:91:88:C9:E2"
}, },
"meta": { "meta": {
"resourceType": "Device", "resourceType": "Device",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
"lastModified": "2022-05-13T04:42:34Z", "lastModified": "2022-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/Devices/e9e30dba-f08f-4109 "location": "https://example.com/v2/Devices/e9e30dba-f08f-4109-\
-8486-d5c6a3316111" 8486-d5c6a3316111"
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 9: MAB Example Figure 9: MAB Example
7.4. FIDO Device Onboard Extension 7.4. FIDO Device Onboard Extension
This extension specifies a voucher to be used by the FDO Device This extension specifies a voucher to be used by the FDO Device
Onboard (FDO) protocols [FDO11] to complete a trusted transfer of Onboard (FDO) protocols [FDO11] to complete a trusted transfer of
skipping to change at line 1057 skipping to change at line 1055
Req: Required Req: Required
T: True T: True
F: False F: False
WO: WriteOnly WO: WriteOnly
Nev: Never Nev: Never
<CODE BEGINS> <CODE BEGINS>
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Devices", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Devices",
"urn:ietf:params:scim:schemas:extension:fido-device-onboard "urn:ietf:params:scim:schemas:extension:fido-device-onboard:2.0\
:2.0:Devices"], :Devices"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "Some random Ethernet Device", "displayName": "Some random Ethernet Device",
"active": true, "active": true,
"urn:ietf:params:scim:schemas:extension:fido-device-onboard:2.0 "urn:ietf:params:scim:schemas:extension:fido-device-onboard:2.0:\
:Devices" : { Devices" : {
"fdoVoucher": "{... voucher ...}" "fdoVoucher": "{... voucher ...}"
}, },
"meta": { "meta": {
"resourceType": "Device", "resourceType": "Device",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
"lastModified": "2022-05-13T04:42:34Z", "lastModified": "2022-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/Devices/e9e30dba-f08f-4109 "location": "https://example.com/v2/Devices/e9e30dba-f08f-4109-\
-8486-d5c6a3316111" 8486-d5c6a3316111"
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 10: FDO Example Figure 10: FDO Example
7.5. Zigbee Extension 7.5. Zigbee Extension
A schema that extends the device schema to enable the provisioning of A schema that extends the device schema to enable the provisioning of
Zigbee devices [Zigbee]. The extension is identified using the Zigbee devices [Zigbee]. The extension is identified using the
skipping to change at line 1142 skipping to change at line 1140
"urn:ietf:params:scim:schemas:extension:zigbee:2.0:Device" : { "urn:ietf:params:scim:schemas:extension:zigbee:2.0:Device" : {
"versionSupport": ["3.0"], "versionSupport": ["3.0"],
"deviceEui64Address": "50:32:5F:FF:FE:E7:67:28" "deviceEui64Address": "50:32:5F:FF:FE:E7:67:28"
}, },
"meta": { "meta": {
"resourceType": "Device", "resourceType": "Device",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
"lastModified": "2022-05-13T04:42:34Z", "lastModified": "2022-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/Devices/e9e30dba-f08f-4109 "location": "https://example.com/v2/Devices/e9e30dba-f08f-4109-\
-8486-d5c6a3316111" 8486-d5c6a3316111"
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 11: Zigbee Example Figure 11: Zigbee Example
7.6. The Endpoint Applications Extension Schema 7.6. The Endpoint Applications Extension Schema
Sometimes non-IP devices such as those using BLE or Zigbee require an Sometimes non-IP devices such as those using BLE or Zigbee require an
application gateway interface to manage them. SCIM clients MUST NOT application gateway interface to manage them. SCIM clients MUST NOT
skipping to change at line 1235 skipping to change at line 1233
F: False F: False
R: ReadOnly R: ReadOnly
RW: ReadWrite RW: ReadWrite
Ent: Enterprise Ent: Enterprise
Def: Default Def: Default
<CODE BEGINS> <CODE BEGINS>
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device",
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device", "urn:ietf:params:scim:schemas:extension:ble:2.0:Device",
"urn:ietf:params:scim:schemas:extension:endpointAppsExt:2.0 "urn:ietf:params:scim:schemas:extension:endpointAppsExt:2.0:\
:Device"], Device"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "BLE Heart Monitor", "displayName": "BLE Heart Monitor",
"active": true, "active": true,
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : { "urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : {
"versionSupport": ["5.3"], "versionSupport": ["5.3"],
"deviceMacAddress": "2C:54:91:88:C9:E2", "deviceMacAddress": "2C:54:91:88:C9:E2",
"isRandom": false, "isRandom": false,
"separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77 "separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77:\
:22:12"], 22:12"],
"mobility": false, "mobility": false,
"pairingMethods": [ "pairingMethods": [
"urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0 "urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:\
:Device"], Device"],
"urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0 "urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:\
:Device" : { Device" : {
"key": 123456 "key": 123456
} }
}, },
"urn:ietf:params:scim:schemas:extension:endpointAppsExt:2.0 "urn:ietf:params:scim:schemas:extension:endpointAppsExt:2.0:Device\
:Device": { ": {
"applications": [ "applications": [
{ {
"value" : "e9e30dba-f08f-4109-8486-d5c6a3316212", "value" : "e9e30dba-f08f-4109-8486-d5c6a3316212",
"$ref" : "https://example.com/v2/EndpointApps/e9e30dba-f08f "$ref" : "https://example.com/v2/EndpointApps/e9e30dba-f08f-\
-4109-8486-d5c6a3316212" 4109-8486-d5c6a3316212"
}, },
{ {
"value" : "e9e30dba-f08f-4109-8486-d5c6a3316333", "value" : "e9e30dba-f08f-4109-8486-d5c6a3316333",
"$ref" : "https://example.com/v2/EndpointApps/e9e30dba-f08f "$ref" : "https://example.com/v2/EndpointApps/e9e30dba-f08f-\
-4109-8486-d5c6a3316333" 4109-8486-d5c6a3316333"
} }
], ],
"deviceControlEnterpriseEndpoint": "https "deviceControlEnterpriseEndpoint": "https://example.com/\
://example.com/device_control_app_endpoint/", device_control_app_endpoint/",
"telemetryEnterpriseEndpoint": "https "telemetryEnterpriseEndpoint": "https://example.com/\
://example.com/telemetry_app_endpoint/" telemetry_app_endpoint/"
}, },
"meta": { "meta": {
"resourceType": "Device", "resourceType": "Device",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
"lastModified": "2022-05-13T04:42:34Z", "lastModified": "2022-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/Devices/e9e30dba-f08f-4109 "location": "https://example.com/v2/Devices/e9e30dba-f08f-4109-\
-8486-d5c6a3316111" 8486-d5c6a3316111"
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 12: Endpoint Applications Extension Example Figure 12: Endpoint Applications Extension Example
The schema for the endpointAppsExt extension along with BLE extension The schema for the endpointAppsExt extension along with BLE extension
is presented in JSON format in Appendix A.9, while the OpenAPI is presented in JSON format in Appendix A.9, while the OpenAPI
representation is provided in Appendix B.8. representation is provided in Appendix B.8.
skipping to change at line 1537 skipping to change at line 1535
Infrastructure (BRSKI)", RFC 8995, DOI 10.17487/RFC8995, Infrastructure (BRSKI)", RFC 8995, DOI 10.17487/RFC8995,
May 2021, <https://www.rfc-editor.org/info/rfc8995>. May 2021, <https://www.rfc-editor.org/info/rfc8995>.
Appendix A. JSON Schema Representation Appendix A. JSON Schema Representation
A.1. Resource Schema A.1. Resource Schema
<CODE BEGINS> <CODE BEGINS>
[ [
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0 "schemas": ["urn:ietf:params:scim:schemas:core:2.0:ResourceType"\
:ResourceType"], ],
"id": "Device", "id": "Device",
"name": "Device", "name": "Device",
"endpoint": "/Devices", "endpoint": "/Devices",
"description": "Device account.", "description": "Device account.",
"schema": "urn:ietf:params:scim:schemas:core:2.0:Device", "schema": "urn:ietf:params:scim:schemas:core:2.0:Device",
"meta": { "meta": {
"location": "https://example.com/v2/ResourceTypes/Device", "location": "https://example.com/v2/ResourceTypes/Device",
"resourceType": "ResourceType" "resourceType": "ResourceType"
} }
}, },
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0 "schemas": ["urn:ietf:params:scim:schemas:core:2.0:ResourceType"\
:ResourceType"], ],
"id": "EndpointApp", "id": "EndpointApp",
"name": "EndpointApp", "name": "EndpointApp",
"endpoint": "/EndpointApp", "endpoint": "/EndpointApp",
"description": "Endpoint application such as device control and "description": "Endpoint application such as device control and \
telemetry.", telemetry.",
"schema": "urn:ietf:params:scim:schemas:core:2.0:EndpointApp", "schema": "urn:ietf:params:scim:schemas:core:2.0:EndpointApp",
"meta": { "meta": {
"location": "https "location": "https://example.com/v2/ResourceTypes/EndpointApp",
://example.com/v2/ResourceTypes/EndpointApp",
"resourceType": "ResourceType" "resourceType": "ResourceType"
} }
} }
] ]
<CODE ENDS> <CODE ENDS>
A.2. Core Device Schema A.2. Core Device Schema
<CODE BEGINS> <CODE BEGINS>
{ {
"id": "urn:ietf:params:scim:schemas:core:2.0:Device", "id": "urn:ietf:params:scim:schemas:core:2.0:Device",
"name": "Device", "name": "Device",
"description": "Entry containing attributes about a device.", "description": "Entry containing attributes about a device.",
"attributes" : [ "attributes" : [
{ {
"name": "displayName", "name": "displayName",
"type": "string", "type": "string",
"description": "Human-readable name of the device, suitable "description": "Human-readable name of the device, suitable \
for displaying to end users, for example, 'BLE Heart for displaying to end users, for example, 'BLE Heart Monitor' etc.",
Monitor', etc.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "active", "name": "active",
"type": "boolean", "type": "boolean",
"description": "A mutable boolean value indicating the device "description": "A mutable boolean value indicating the device \
administrative status. If set TRUE, the commands (such as administrative status. If set TRUE, the commands (such as connect, \
connect, disconnect, subscribe) that control app sends to disconnect, subscribe) that control app sends to the controller for \
the controller for the devices will be processed by the the devices will be processed by the controller. If set FALSE, any \
controller. If set FALSE, any command coming from the command coming from the control app for the device will be \
control app for the device will be rejected by the rejected by the controller.",
controller.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "mudUrl", "name": "mudUrl",
"type": "reference", "type": "reference",
skipping to change at line 1620 skipping to change at line 1615
"required": false, "required": false,
"caseExact": true, "caseExact": true,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "groups", "name": "groups",
"type": "complex", "type": "complex",
"multiValued": true, "multiValued": true,
"description": "A list of groups to which the device belongs, "description": "A list of groups to which the device belongs, \
either through direct membership, through nested groups, either through direct membership, through nested groups, or \
or dynamically calculated.", dynamically calculated.",
"required": false, "required": false,
"subAttributes": [ "subAttributes": [
{ {
"name": "value", "name": "value",
"type": "string", "type": "string",
"multiValued": false, "multiValued": false,
"description": "The identifier of the Device's group.", "description": "The identifier of the Device's group.",
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "$ref", "name": "$ref",
"type": "reference", "type": "reference",
"referenceTypes": [ "referenceTypes": [
"Group" "Group"
], ],
"multiValued": false, "multiValued": false,
"description": "The URI of the corresponding 'Group' "description": "The URI of the corresponding 'Group' \
resource to which the device belongs.", resource to which the device belongs.",
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "display", "name": "display",
"type": "string", "type": "string",
"multiValued": false, "multiValued": false,
"description": "A human-readable name, primarily used for "description": "A human-readable name, primarily used for \
display purposes. READ ONLY.", display purposes. READ-ONLY.",
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "type", "name": "type",
"type": "string", "type": "string",
"multiValued": false, "multiValued": false,
"description": "A label indicating the attribute's "description": "A label indicating the attribute's \
function, e.g., 'direct' or 'indirect'.", function, e.g., 'direct' or 'indirect'.",
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"canonicalValues": [ "canonicalValues": [
"direct", "direct",
"indirect" "indirect"
], ],
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
} }
skipping to change at line 1703 skipping to change at line 1698
<CODE BEGINS> <CODE BEGINS>
{ {
"id": "urn:ietf:params:scim:schemas:core:2.0:EndpointApp", "id": "urn:ietf:params:scim:schemas:core:2.0:EndpointApp",
"name": "EndpointApp", "name": "EndpointApp",
"description": "Endpoint application and their credentials.", "description": "Endpoint application and their credentials.",
"attributes" : [ "attributes" : [
{ {
"name": "applicationType", "name": "applicationType",
"type": "string", "type": "string",
"description": "This attribute will only contain two values: "description": "This attribute will only contain two values: '\
'deviceControl' or 'telemetry'.", deviceControl' or 'telemetry'.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "applicationName", "name": "applicationName",
"type": "string", "type": "string",
skipping to change at line 1726 skipping to change at line 1721
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "certificateInfo", "name": "certificateInfo",
"type": "complex", "type": "complex",
"description": "Contains X.509 certificate's subject name and "description": "Contains X.509 certificate's subject name and \
root CA information associated with the device control or root CA information associated with the device control or telemetry \
telemetry app.", app.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none", "uniqueness": "none",
"subAttributes" : [ "subAttributes" : [
{ {
"name" : "rootCA", "name" : "rootCA",
"type" : "string", "type" : "string",
"description" : "The base64 encoding of the DER encoding "description" : "The base64 encoding of the DER encoding \
of the CA certificate.", of the CA certificate.",
"multiValued" : false, "multiValued" : false,
"required" : false, "required" : false,
"caseExact" : true, "caseExact" : true,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "subjectName", "name" : "subjectName",
"type" : "string", "type" : "string",
"description" : "A Common Name (CN) of the form of CN = "description" : "A Common Name (CN) of the form of CN = \
dnsName.", dnsName.",
"multiValued" : false, "multiValued" : false,
"required" : true, "required" : true,
"caseExact" : true, "caseExact" : true,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
} }
] ]
}, },
{ {
"name": "clientToken", "name": "clientToken",
"type": "string", "type": "string",
"description": "This attribute contains a token that the "description": "This attribute contains a token that the \
client will use to authenticate itself. Each token may client will use to authenticate itself. Each token may be a string \
be a string up to 500 characters in length.", up to 500 characters in length.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": true, "caseExact": true,
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "groups", "name": "groups",
"type": "complex", "type": "complex",
"multiValued": true, "multiValued": true,
"description": "A list of groups to which an endpoint "description": "A list of groups to which an endpoint \
application belongs, either through direct membership, application belongs, either through direct membership, through \
through nested groups, or dynamically calculated.", nested groups, or dynamically calculated.",
"required": false, "required": false,
"subAttributes": [ "subAttributes": [
{ {
"name": "value", "name": "value",
"type": "string", "type": "string",
"multiValued": false, "multiValued": false,
"description": "The identifier of the endpoint "description": "The identifier of the endpoint application\
application's group.", 's group.",
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "$ref", "name": "$ref",
"type": "reference", "type": "reference",
"referenceTypes": [ "referenceTypes": [
"Group" "Group"
], ],
"multiValued": false, "multiValued": false,
"description": "The URI of the corresponding 'Group' "description": "The URI of the corresponding 'Group' \
resource to which the endpoint application belongs.", resource to which the endpoint application belongs.",
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "display", "name": "display",
"type": "string", "type": "string",
"multiValued": false, "multiValued": false,
"description": "A human-readable name, primarily used for "description": "A human-readable name, primarily used for \
display purposes. READ ONLY.", display purposes. READ-ONLY.",
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "type", "name": "type",
"type": "string", "type": "string",
"multiValued": false, "multiValued": false,
"description": "A label indicating the attribute's "description": "A label indicating the attribute's \
function, e.g., 'direct' or 'indirect'.", function, e.g., 'direct' or 'indirect'.",
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"canonicalValues": [ "canonicalValues": [
"direct", "direct",
"indirect" "indirect"
], ],
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
} }
skipping to change at line 1864 skipping to change at line 1859
<CODE BEGINS> <CODE BEGINS>
[ [
{ {
"id": "urn:ietf:params:scim:schemas:extension:ble:2.0:Device", "id": "urn:ietf:params:scim:schemas:extension:ble:2.0:Device",
"name": "bleExtension", "name": "bleExtension",
"description": "BLE extension for device account.", "description": "BLE extension for device account.",
"attributes" : [ "attributes" : [
{ {
"name": "versionSupport", "name": "versionSupport",
"type": "string", "type": "string",
"description": "Provides a list of all the BLE versions "description": "Provides a list of all the BLE versions \
supported by the device, for example, [4.1, 4.2, 5.0, supported by the device, for example, [4.1, 4.2, 5.0, 5.1, 5.2, 5.3]\
5.1, 5.2, 5.3].", .",
"multiValued": true, "multiValued": true,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "deviceMacAddress", "name": "deviceMacAddress",
"type": "string", "type": "string",
"pattern": "^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){5}$", "pattern": "^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){5}$",
"description": "A unique public MAC address assigned by the "description": "A unique public MAC address assigned by the \
manufacturer.", manufacturer.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "Manufacturer" "uniqueness": "Manufacturer"
}, },
{ {
"name": "isRandom", "name": "isRandom",
"type": "boolean", "type": "boolean",
"description": "The isRandom flag is taken from the BLE "description": "The isRandom flag is taken from the BLE \
core specifications 5.3. If TRUE, device is using a core specifications 5.3. If TRUE, device is using a random address\
random address. Default value is false.", . Default value is false.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "separateBroadcastAddress", "name": "separateBroadcastAddress",
"type": "string", "type": "string",
"description": "When present, this address is used for "description": "When present, this address is used for \
broadcasts/advertisements. This value MUST NOT be set broadcasts/advertisements. This value MUST NOT be set when an IRK \
when an IRK is provided. Its form is the same as is provided. Its form is the same as deviceMacAddress.",
deviceMacAddress.",
"multiValued": true, "multiValued": true,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "irk", "name": "irk",
"type": "string", "type": "string",
"description": "Identity Resolving Key (IRK), which is "description": "Identity Resolving Key (IRK), which is \
unique for every device. It is used to resolve a unique for every device. It is used to resolve a random address. \
random address. This value MUST NOT be set when This value MUST NOT be set when separateBroadcastAddress is set.",
separateBroadcastAddress is set.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "Manufacturer" "uniqueness": "Manufacturer"
}, },
{ {
"name": "mobility", "name": "mobility",
"type": "bool", "type": "bool",
"description": "If set to True, the BLE device will "description": "If set to True, the BLE device will \
automatically connect to the closest AP. For example, automatically connect to the closest AP. For example, if a BLE \
if a BLE device is connected with AP-1 and moves out of device is connected with AP-1 and moves out of range but comes in \
range but comes in range of AP-2, it will be range of AP-2, it will be disconnected with AP-1 and \
disconnected with AP-1 and connected with AP-2.", connected with AP-2.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "pairingMethods", "name": "pairingMethods",
"type": "string", "type": "string",
"description": "List of pairing methods associated with the "description": "List of pairing methods associated with the \
BLE device, stored as schema URI.", BLE device, stored as schema URI.",
"multiValued": true, "multiValued": true,
"required": true, "required": true,
"caseExact": true, "caseExact": true,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"location" : "/v2/Schemas/urn:ietf:params:scim:schemas "location" : "/v2/Schemas/urn:ietf:params:scim:schemas:\
:extension:ble:2.0:Device" extension:ble:2.0:Device"
} }
}, },
{ {
"id": "urn:ietf:params:scim:schemas:extension:pairingNull:2.0 "id": "urn:ietf:params:scim:schemas:extension:pairingNull:2.0:\
:Device", Device",
"name": "nullPairing", "name": "nullPairing",
"description": "Null pairing method for BLE. It is included for "description": "Null pairing method for BLE. It is included for \
the devices that do not have a pairing method.", the devices that do not have a pairing method.",
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"location" : "/v2/Schemas/urn:ietf:params:scim:schemas "location" : "/v2/Schemas/urn:ietf:params:scim:schemas:\
:extension:pairingNull:2.0:Device" extension:pairingNull:2.0:Device"
} }
}, },
{ {
"id": "urn:ietf:params:scim:schemas:extension:pairingJustWorks "id": "urn:ietf:params:scim:schemas:extension:pairingJustWorks:2\
:2.0:Device", .0:Device",
"name": "pairingJustWorks", "name": "pairingJustWorks",
"description": "Just Works pairing method for BLE.", "description": "Just Works pairing method for BLE.",
"attributes" : [ "attributes" : [
{ {
"name": "key", "name": "key",
"type": "integer", "type": "integer",
"description": "Just Works does not have any key value. For "description": "Just Works does not have any key value. For \
completeness, it is added with a key value 'null'.", completeness, it is added with a key value 'null'.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "immutable", "mutability": "immutable",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"location" : "/v2/Schemas/urn:ietf:params:scim:schemas "location" : "/v2/Schemas/urn:ietf:params:scim:schemas:\
:extension:pairingJustWorks:2.0:Device" extension:pairingJustWorks:2.0:Device"
} }
}, },
{ {
"id": "urn:ietf:params:scim:schemas:extension:pairingPassKey "id": "urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0\
:2.0:Device", :Device",
"name": "pairingPassKey", "name": "pairingPassKey",
"description": "Passkey pairing method for BLE.", "description": "Pass key pairing method for BLE.",
"attributes" : [ "attributes" : [
{ {
"name": "key", "name": "key",
"type": "integer", "type": "integer",
"description": "A six-digit passkey for BLE device. The "description": "A six-digit passkey for BLE a device. The \
pattern of key is ^[0-9]{6}$.", pattern of key is ^[0-9]{6}$.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"location" : "/v2/Schemas/urn:ietf:params:scim:schemas "location" : "/v2/Schemas/urn:ietf:params:scim:schemas:\
:extension:pairingPassKey:2.0:Device" extension:pairingPassKey:2.0:Device"
} }
}, },
{ {
"id": "urn:ietf:params:scim:schemas:extension:pairingOOB:2.0 "id": "urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:\
:Device", Device",
"name": "pairingOOB", "name": "pairingOOB",
"description": "Passkey pairing method for BLE.", "description": "Passkey pairing method for BLE.",
"attributes" : [ "attributes" : [
{ {
"name": "key", "name": "key",
"type": "string", "type": "string",
"description": "A key value retrieved from out-of-band "description": "A key value retrieved from out-of-band \
source such as NFC.", source such as NFC.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": true, "caseExact": true,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "randomNumber", "name": "randomNumber",
"type": "integer", "type": "integer",
skipping to change at line 2056 skipping to change at line 2049
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "confirmationNumber", "name": "confirmationNumber",
"type": "integer", "type": "integer",
"description": "Some solutions require confirmation number "description": "Some solutions require confirmation number \
in RESTful message exchange.", in RESTful message exchange.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"location" : "/v2/Schemas/urn:ietf:params:scim:schemas "location" : "/v2/Schemas/urn:ietf:params:scim:schemas:\
:extension:pairingOOB:2.0:Device" extension:pairingOOB:2.0:Device"
} }
} }
] ]
<CODE ENDS> <CODE ENDS>
A.5. DPP Extension Schema A.5. DPP Extension Schema
<CODE BEGINS> <CODE BEGINS>
{ {
"id": "urn:ietf:params:scim:schemas:extension:dpp:2.0:Device", "id": "urn:ietf:params:scim:schemas:extension:dpp:2.0:Device",
"name": "dppExtension", "name": "dppExtension",
"description": "Device extension schema for Wi-Fi Easy Connect "description": "Device extension schema for Wi-Fi Easy \
/ Device Provisioning Protocol (DPP).", Connect / Device Provisioning Protocol (DPP).",
"attributes" : [ "attributes" : [
{ {
"name": "dppVersion", "name": "dppVersion",
"type": "integer", "type": "integer",
"description": "Version of DPP this device supports.", "description": "Version of DPP this device supports.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "bootstrappingMethod", "name": "bootstrappingMethod",
"type": "string", "type": "string",
"description": "The list of all the bootstrapping methods "description": "The list of all the bootstrapping methods \
available on the enrollee device, for example, [QR, available on the enrollee device, for example, [QR, NFC].",
NFC].",
"multiValued": true, "multiValued": true,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "bootstrapKey", "name": "bootstrapKey",
"type": "string", "type": "string",
"description": "A base64-encoded Elliptic Curve Diffie- "description": "A base64-encoded Elliptic Curve Diffie-\
Hellman public key (may be P-256, P-384, or P-521).", Hellman public key (may be P-256, P-384, or P-521).",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": true, "caseExact": true,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "deviceMacAddress", "name": "deviceMacAddress",
"type": "string", "type": "string",
"pattern": "^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){5}$", "pattern": "^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){5}$",
"description": "A unique public MAC address assigned by the "description": "A unique public MAC address assigned by the \
manufacturer.", manufacturer.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "Manufacturer" "uniqueness": "Manufacturer"
}, },
{ {
"name": "classChannel", "name": "classChannel",
"type": "string", "type": "string",
"description": "A list of global operating class and "description": "A list of global operating class and \
channel shared as bootstrapping information. It is channel shared as bootstrapping information. It is formatted as \
formatted as class/channel, for example, '81/1', class/channel, for example, '81/1', '115/36'.",
'115/36'.",
"multiValued": true, "multiValued": true,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "serialNumber", "name": "serialNumber",
"type": "string", "type": "string",
"description": "An alphanumeric serial number that may also "description": "An alphanumeric serial number that may also \
be passed as bootstrapping information.", be passed as bootstrapping information.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"location" : "/v2/Schemas/urn:ietf:params:scim:schemas "location" : "/v2/Schemas/urn:ietf:params:scim:schemas:\
:extension:dpp:2.0:Device" extension:dpp:2.0:Device"
} }
} }
<CODE ENDS> <CODE ENDS>
A.6. Ethernet MAB Extension Schema A.6. Ethernet MAB Extension Schema
<CODE BEGINS> <CODE BEGINS>
{ {
"id": "urn:ietf:params:scim:schemas:extension:ethernet-mab:2.0 "id": "urn:ietf:params:scim:schemas:extension:ethernet-mab:2.0:\
:Device", Device",
"name": "ethernetMabExtension", "name": "ethernetMabExtension",
"description": "Device extension schema for MAC Authentication "description": "Device extension schema for MAC Authentication \
Bypass.", Bypass.",
"attributes" : [ "attributes" : [
{ {
"name": "deviceMacAddress", "name": "deviceMacAddress",
"type": "string", "type": "string",
"pattern": "^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){5}$", "pattern": "^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){5}$",
"description": "A MAC address assigned by the manufacturer.", "description": "A MAC address assigned by the manufacturer.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "Manufacturer" "uniqueness": "Manufacturer"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"location" : "/v2/Schemas/urn:ietf:params:scim:schemas "location" : "/v2/Schemas/urn:ietf:params:scim:schemas:extension\
:extension:ethernet-mab:2.0:Device" :ethernet-mab:2.0:Device"
} }
} }
<CODE ENDS> <CODE ENDS>
A.7. FDO Extension Schema A.7. FDO Extension Schema
<CODE BEGINS> <CODE BEGINS>
{ {
"id": "urn:ietf:params:scim:schemas:extension:fido-device-onboard "id": "urn:ietf:params:scim:schemas:extension:fido-device-onboard:\
:2.0:Devices", 2.0:Devices",
"name": "FDOExtension", "name": "FDOExtension",
"description": "Device extension schema for FIDO Device Onboard "description": "Device extension schema for FIDO Device Onboard (\
(FDO).", FDO).",
"attributes" : [ "attributes" : [
{ {
"name": "fdoVoucher", "name": "fdoVoucher",
"type": "string", "type": "string",
"description": "A voucher as defined in the FDO "description": "A voucher as defined in the FDO \
specification.", specification.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "Manufacturer" "uniqueness": "Manufacturer"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"location" : "/v2/Schemas/urn:ietf:params:scim:schemas "location" : "/v2/Schemas/urn:ietf:params:scim:schemas:extension\
:extension:fido-device-onboard:2.0:Devices" :fido-device-onboard:2.0:Devices"
} }
} }
<CODE ENDS> <CODE ENDS>
A.8. Zigbee Extension Schema A.8. Zigbee Extension Schema
<CODE BEGINS> <CODE BEGINS>
{ {
"id": "urn:ietf:params:scim:schemas:extension:zigbee:2.0:Device", "id": "urn:ietf:params:scim:schemas:extension:zigbee:2.0:Device",
"name": "zigbeeExtension", "name": "zigbeeExtension",
"description": "Device extension schema for Zigbee.", "description": "Device extension schema for Zigbee.",
"attributes" : [ "attributes" : [
{ {
"name": "versionSupport", "name": "versionSupport",
"type": "string", "type": "string",
"description": "Provides a list of all the Zigbee versions "description": "Provides a list of all the Zigbee versions \
supported by the device, for example, supported by the device, for example, [3.0].",
[3.0].",
"multiValued": true, "multiValued": true,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "deviceEui64Address", "name": "deviceEui64Address",
"type": "string", "type": "string",
"pattern": "^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){7}$", "pattern": "^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){7}$",
"description": "The 64-bit Extended Unique Identifier (EUI-64) "description": "The 64-bit Extended Unique Identifier \
device address.", (EUI-64) device address.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"location" : "/v2/Schemas/urn:ietf:params:scim:schemas "location" : "/v2/Schemas/urn:ietf:params:scim:schemas:extension\
:extension:zigbee:2.0:Device" :zigbee:2.0:Device"
} }
} }
<CODE ENDS> <CODE ENDS>
A.9. EndpointAppsExt Extension Schema A.9. EndpointAppsExt Extension Schema
<CODE BEGINS> <CODE BEGINS>
{ {
"id": "urn:ietf:params:scim:schemas:extension:endpointAppsExt:2.0 "id": "urn:ietf:params:scim:schemas:extension:endpointAppsExt:2.0:\
:Device", Device",
"name": "endpointAppsExt", "name": "endpointAppsExt",
"description": "Extension for partner endpoint applications that "description": "Extension for partner endpoint applications that \
can onboard, control, and communicate with the device.", can onboard, control, and communicate with the device.",
"attributes" : [ "attributes" : [
{ {
"name": "applications", "name": "applications",
"type": "complex", "type": "complex",
"description": "Includes references to two types of "description": "Includes references to two types of \
applications that connect with enterprise, i.e., applications that connect with enterprise, i.e., deviceControl and \
deviceControl and telemetry.", telemetry.",
"multiValued": true, "multiValued": true,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none", "uniqueness": "none",
"subAttributes" : [ "subAttributes" : [
{ {
"name" : "value", "name" : "value",
"type" : "string", "type" : "string",
skipping to change at line 2312 skipping to change at line 2302
"required" : true, "required" : true,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "$ref", "name" : "$ref",
"type" : "reference", "type" : "reference",
"referenceTypes" : "EndpointApps", "referenceTypes" : "EndpointApps",
"description" : "The URI of the corresponding "description" : "The URI of the corresponding 'EndpointApp\
'EndpointApp' resource that will control or obtain ' resource that will control or obtain data from the device.",
data from the device.",
"multiValued" : false, "multiValued" : false,
"required" : false, "required" : false,
"caseExact" : true, "caseExact" : true,
"mutability" : "readOnly", "mutability" : "readOnly",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
} }
] ]
}, },
{ {
"name": "deviceControlEnterpriseEndpoint", "name": "deviceControlEnterpriseEndpoint",
"type": "reference", "type": "reference",
"description": "The URL of the enterprise endpoint that "description": "The URL of the enterprise endpoint that \
device control apps use to reach enterprise network device control apps use to reach enterprise network gateway.",
gateway.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": true, "caseExact": true,
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "Enterprise" "uniqueness": "Enterprise"
}, },
{ {
"name": "telemetryEnterpriseEndpoint", "name": "telemetryEnterpriseEndpoint",
"type": "reference", "type": "reference",
"description": "The URL of the enterprise endpoint that "description": "The URL of the enterprise endpoint that \
telemetry apps use to reach enterprise network gateway.", telemetry apps use to reach enterprise network gateway.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": true, "caseExact": true,
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "Enterprise" "uniqueness": "Enterprise"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"location" : "/v2/Schemas/urn:ietf:params:scim:schemas "location" : "/v2/Schemas/urn:ietf:params:scim:schemas:extension\
:extension:endpointAppsExt:2.0:Device" :endpointAppsExt:2.0:Device"
} }
} }
<CODE ENDS> <CODE ENDS>
Appendix B. OpenAPI Representation Appendix B. OpenAPI Representation
The following sections are provided for informational purposes. The following sections are provided for informational purposes.
B.1. Core Device Schema OpenAPI Representation B.1. Core Device Schema OpenAPI Representation
skipping to change at line 2798 skipping to change at line 2786
writeOnly: false writeOnly: false
required: required:
- key - key
PairingPassKey: PairingPassKey:
type: object type: object
description: Passkey pairing method for BLE. description: Passkey pairing method for BLE.
properties: properties:
key: key:
type: integer type: integer
description: A six-digit passkey for BLE device. description: A six-digit passkey for a BLE device.
The pattern of key is ^[0-9]{6}$. The pattern of key is ^[0-9]{6}$.
readOnly: false readOnly: false
writeOnly: true writeOnly: true
required: required:
- key - key
PairingOOB: PairingOOB:
type: object type: object
description: Out-of-band pairing method for BLE. description: Out-of-band pairing method for BLE.
properties: properties:
key: key:
type: string type: string
description: The OOB key value for BLE device. description: The OOB key value for a BLE device.
readOnly: false readOnly: false
writeOnly: false writeOnly: false
randomNumber: randomNumber:
type: integer type: integer
description: Nonce added to the key. description: Nonce added to the key.
readOnly: false readOnly: false
writeOnly: true writeOnly: true
confirmationNumber: confirmationNumber:
type: integer type: integer
description: Some solutions require a confirmation number description: Some solutions require a confirmation number
skipping to change at line 3154 skipping to change at line 3142
| | | | | | | |
| 7 200 "ok" | | | | 7 200 "ok" | | |
|<---------------------| | | |<---------------------| | |
| | | | | | | |
| | | | | | | |
After this flow is complete, the device can then first provisionally After this flow is complete, the device can then first provisionally
onboard and then later receive a trust anchor through FDO's TO2 onboard and then later receive a trust anchor through FDO's TO2
process. This is shown below. process. This is shown below.
,-------. ,------. ,-------. ,------.
|Owner | ,---. |Access| ,------. |Service| |AAA| |Point | |Owner | ,---. |Access| ,------.
|Device| `---+---' `-+-' `---+--' `---+--' | | | |Service| |AAA| |Point | |Device|
,------------------!. | | | |Device configured |_\ | | | `---+---' `-+-' `---+--' `---+--'
|with well-known | | | | |RCOI and for trust | | | | |on first | | | ,------------------!.
use | | | | `--------------------' | | ,---------------!. | | | | | |Device configured |_\
| |WLAN configured|_\ | | | |with well-known | | | | |RCOI | | | | | |with well-known |
| | `-----------------' | | | | 1 EAP-TLS/EAPOL | | | | | | |RCOI and for trust |
|<-----------------| | | | | | |2 EAP-TLS/Radius | | | | | | |on first use |
|<----------------| | | | | | | | | | | `--------------------'
,--------------------------!. | | |Device skips |_\ | | | | ,---------------!. |
|server authentication | | | `----------------------------' | | | |WLAN configured|_\ |
|3 Result=Success | | | |---------------->| | | | | | | | | |with well-known | |
,-----------------------!. | | |Limited access |_\ | | |for | | |RCOI | |
now | | | `-------------------------' | | | |4 Result=Success | | `-----------------' |
| | | |----------------->| | | | | | | 5 FDO TO2 | | | | | 1 EAP-TLS/EAPOL |
|<----------------------------------------------------| | | | | | |<-----------------|
| | | | |
,-------------------------------------------------------------!. | |2 EAP-TLS/Radius | |
|FSIM, Runtime SSID, |_\ |Credentials incl. | |local trust | |<----------------| |
anchor | | | | |
`---------------------------------------------------------------' | | ,--------------------------!.
| | | 6 dissasociate | | | |<-----------------| | | | | | | |7 | | |Device skips |_\
EAP-TLS w/ LSC | | | |<-----------------| | | | | | | | | . . | | |server authentication |
etc . . | | `----------------------------'
| |3 Result=Success | |
| |---------------->| |
| | | |
| ,-----------------------!. |
| |Limited access |_\ |
| |for now | |
| `-------------------------' |
| | |4 Result=Success |
| | |----------------->|
| | | |
| | 5 FDO TO2 | |
|<----------------------------------------------------|
| | | |
,-------------------------------------------------------------!.
|FSIM, Runtime SSID, |_\
|Credentials incl. |
|local trust anchor |
`---------------------------------------------------------------'
| | | 6 dissasociate |
| | |<-----------------|
| | | |
| | |7 EAP-TLS w/ LSC |
| | |<-----------------|
| | | |
| | | |
. . etc . .
Acknowledgments Acknowledgments
The authors would like to thank Bart Brinckman, Rohit Mohan, Lars The authors would like to thank Bart Brinckman, Rohit Mohan, Lars
Streubesand, Christian Amsüss, Jason Livingwood, Mike Ounsworth, Streubesand, Christian Amsüss, Jason Livingwood, Mike Ounsworth,
Monty Wiseman, Geoffrey Cooper, Paulo Jorge N. Correia, Phil Hunt, Monty Wiseman, Geoffrey Cooper, Paulo Jorge N. Correia, Phil Hunt,
and Elwyn Davies for their reviews and Nick Ross for his contribution and Elwyn Davies for their reviews and Nick Ross for his contribution
to the appendix. to the appendix.
Authors' Addresses Authors' Addresses
 End of changes. 99 change blocks. 
257 lines changed or deleted 271 lines changed or added

This html diff was produced by rfcdiff 1.48.