Connectivity Framework Annex E : Assessment Template : CoAP
E . 6.3 Usage Viewpoint
E . 6.3.1 Architecture ( Section 6.3.1 )
E . 6.3.2 Technology
Options ( Section 6.3.2 )
E . 6.3.3 Applications ( Section 6.3.3 )
E . 6.3.4 Typical
Usage ( Section 2.2 )
E . 6.3.5 Operations ( Section 2.3.8 )
E . 6.3.6 Security ( Section 2.3.5 )
Summarize the main concepts , and high-level architecture , and terminology . Describe the end-to-end information exchange path .
CoAP aims to provide more than plain connectivity or message passing functionality . Like HTTP it brings the RESTful architectural style of the World Wide Web ( WWW ) to the constrained space . Servers make resources available under a uniform resource identifier ( URI ), and clients access these resources using methods such as GET , PUT , POST , and DELETE .
A device ( endpoint ) will run a CoAP Server and often a Client too . Clients elsewhere ( i . e . other devices , browsers , applications ) can request resources on the device as well as discover new devices and functionality .
From a developer point of view , CoAP feels very much like HTTP . Obtaining a value from a sensor is not much different from obtaining a value from a Web API . For more details , please refer to page 10 of RFC 7252 1 . List the choices to be made for using the connectivity technology in a system .
CoAP is a client / server model where the options include :
• Selection of resource representation format .
• Selection of transport layer binding ( s ): UDP / IP or SMS or TCP / IP ( in progress ) and Web Sockets ( in progress ).
• Selection of client and server implementation libraries .
• Optional : Selection of HTTP proxy ( CoAP-HTTP gateway ).
• Optional : Selection of resource directory server for resource discovery in constrained environments .
A general statement of the typical applications that rely on this connectivity technology and the reason for using the connectivity technology .
CoAP is a generic REST protocol upon which other technologies have been built . For device management , for example , the Open Mobile Alliance has created LWM2M , which supports management and operations of devices . What function or where in the system this technology is typically used ?
The protocol is very versatile . It is suited for data collection , managed and unmanaged systems , systems that require scalability and systems that require security . Can one monitor , manage , and dynamically replace elements of the connectivity function ?
CoRE specifications typically focus on protocol interactions and do not generally specify how elements of the connectivity functions are managed , monitored or replaced . What are the system security implications of this connectivity technology ?
CoAP defines a security model to authenticate and encrypt the interaction between CoAP clients and servers based on the underlying network datagram transport layer ( DTLS / TLS ) security mechanisms .
CoAP specifications provide different types of end-to-end security and analysis of several possible attack vectors ; please refer to page 80 of RFC 7252 2 .
A robust authentication and fine-grained access control security model is currently being defined by the IETF ACE working group for CoAP .
1
See [ IETF-RFC7252 ]
2
See [ IETF-RFC7252 ] IIC : PUB : G5 : V1.0 : PB : 20170228 - 104 -