rfc9944v3.txt   rfc9944.txt 
skipping to change at line 231 skipping to change at line 231
+-----------------------------------+ +-----------------------------------+
Figure 1: Basic Architecture - Non-IP Example Figure 1: Basic Architecture - Non-IP Example
In Figure 1, the onboarding application (app) provides the device In Figure 1, the onboarding application (app) provides the device
particulars, which will vary based on the type of device, as particulars, which will vary based on the type of device, as
indicated by the selection of schema extensions. As part of the indicated by the selection of schema extensions. As part of the
response, the SCIM server might provide additional information, response, the SCIM server might provide additional information,
especially in the case of non-IP devices, where an application-layer especially in the case of non-IP devices, where an application-layer
gateway may need to be used to communicate with the device (c.f., gateway may need to be used to communicate with the device (c.f.,
[NIPC-API]). The control endpoint is one among a number of objects [NIPC]). The control endpoint is one among a number of objects that
that may be returned. That control endpoint will then communicate may be returned. That control endpoint will then communicate with
with the Application Layer Gateway (ALG) to reach the device. the Application Layer Gateway (ALG) to reach the device.
+------------------------------------+ +------------------------------------+
| | | |
+-----------+ Request | +---------+ +----+ +------+ | +-----------+ Request | +---------+ +----+ +------+ |
| Onboarding|------------->| SCIM |-->| AAA|<-->|Switch| | | Onboarding|------------->| SCIM |-->| AAA|<-->|Switch| |
| App |<-------------| Server | +----+ +------+ | | App |<-------------| Server | +----+ +------+ |
+-----------+ Ctrl Endpt +---------+ | | +-----------+ Ctrl Endpt +---------+ | |
| | | | | |
+-----------+ | +------------+ +-------+ | +-----------+ | +------------+ +-------+ |
| Control |...........|..| Router/fw |.........|Device | | | Control |...........|..| Router/fw |.........|Device | |
skipping to change at line 373 skipping to change at line 373
+-------------+-------+-----+-------+---------+--------+--------+ +-------------+-------+-----+-------+---------+--------+--------+
| active | F | T | F | RW | Def | None | | active | F | T | F | RW | Def | None |
+-------------+-------+-----+-------+---------+--------+--------+ +-------------+-------+-----+-------+---------+--------+--------+
| mudUrl | F | F | T | RW | Def | None | | mudUrl | F | F | T | RW | Def | None |
+-------------+-------+-----+-------+---------+--------+--------+ +-------------+-------+-----+-------+---------+--------+--------+
| groups | T | F | T | RO | Def | n/a | | groups | T | F | T | RO | Def | n/a |
+-------------+-------+-----+-------+---------+--------+--------+ +-------------+-------+-----+-------+---------+--------+--------+
Table 1: Characteristics of Device Schema Attributes Table 1: Characteristics of Device Schema Attributes
Legend: Legend: Req = Required, T = True, F = False, RO = ReadOnly,
RW = ReadWrite, Def = Default
Req: Required Example:
T: True
F: False
RO: ReadOnly
RW: ReadWrite
Def: Default
<CODE BEGINS> <CODE BEGINS>
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device"], "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "BLE Heart Monitor", "displayName": "BLE Heart Monitor",
"active": true, "active": true,
"meta": { "meta": {
"resourceType": "Device", "resourceType": "Device",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
skipping to change at line 450 skipping to change at line 446
The attribute is readOnly and should be returned by default. No The attribute is readOnly and should be returned by default. No
uniqueness constraints are imposed on this attribute. uniqueness constraints are imposed on this attribute.
applicationName: A string that represents a human-readable name for applicationName: A string that represents a human-readable name for
the application. This attribute is required and mutable. The the application. This attribute is required and mutable. The
attribute should be returned by default and there is no uniqueness attribute should be returned by default and there is no uniqueness
constraint on the attribute. constraint on the attribute.
clientToken: A string that contains a token that the client will use clientToken: A string that contains a token that the client will use
to authenticate itself. Each token may be a string up to 500 to authenticate itself. Each token may be a string up to 500
characters in length. It is not mutable, read only, generated if characters in length. It is not mutable. It is read only, case
no certificateInfo object is provisioned, case sensitive, and sensitive, and generated if no certificateInfo object is
returned by default if it exists. The SCIM server should expect provisioned. It is returned by default if it exists. The SCIM
that client tokens will be shared by the SCIM client with other server should expect that client tokens will be shared by the SCIM
components within the client's infrastructure. client with other components within the client's infrastructure.
groups: An optional read-only complex object that indicates group groups: An optional read-only complex object that indicates group
membership. Its form is precisely the same as that defined in membership. Its form is precisely the same as that defined in
Section 4.1.2 of [RFC7643]. Section 4.1.2 of [RFC7643].
6.3. Complex Attributes 6.3. Complex Attributes
6.3.1. certificateInfo 6.3.1. certificateInfo
certificateInfo is a complex attribute that contains an X.509 certificateInfo is a complex attribute that contains an X.509
skipping to change at line 489 skipping to change at line 485
subject field, as described in Section 4.1.2.4 of [RFC5280] or subject field, as described in Section 4.1.2.4 of [RFC5280] or
* a dnsName as part of a subjectAlternateName, as described in * a dnsName as part of a subjectAlternateName, as described in
Section 4.2.1.6 of [RFC5280]. Section 4.2.1.6 of [RFC5280].
In the latter case, servers validating such certificates SHALL In the latter case, servers validating such certificates SHALL
reject connections when the name of the peer as resolved by a DNS reject connections when the name of the peer as resolved by a DNS
reverse lookup does not match the dnsName in the certificate. If reverse lookup does not match the dnsName in the certificate. If
multiple dnsNames are present, it is left to server multiple dnsNames are present, it is left to server
implementations to address any authorization conflicts associated implementations to address any authorization conflicts associated
with those names. This attribute is not required, mutable, with those names. This attribute is not required and not case
singular, and not case sensitive. sensitive. It is mutable and singular.
+=================+=======+===+=======+=========+========+========+ +=================+=======+===+=======+=========+========+========+
| Attribute | Multi |Req| Case | Mutable | Return | Unique | | Attribute | Multi |Req| Case | Mutable | Return | Unique |
| | Value | | Exact | | | | | | Value | | Exact | | | |
+=================+=======+===+=======+=========+========+========+ +=================+=======+===+=======+=========+========+========+
| applicationType | F |T | F | R | Def | None | | applicationType | F |T | F | R | Def | None |
+-----------------+-------+---+-------+---------+--------+--------+ +-----------------+-------+---+-------+---------+--------+--------+
| applicationName | F |T | F | RW | Def | None | | applicationName | F |T | F | RW | Def | None |
+-----------------+-------+---+-------+---------+--------+--------+ +-----------------+-------+---+-------+---------+--------+--------+
| clientToken | F |F | T | R | N | None | | clientToken | F |F | T | R | N | None |
+-----------------+-------+---+-------+---------+--------+--------+ +-----------------+-------+---+-------+---------+--------+--------+
| certificateInfo | F |F | F | RW | Def | None | | certificateInfo | F |F | F | RW | Def | None |
+-----------------+-------+---+-------+---------+--------+--------+ +-----------------+-------+---+-------+---------+--------+--------+
| rootCA | F |F | T | RW | Def | None | | rootCA | F |F | T | RW | Def | None |
+-----------------+-------+---+-------+---------+--------+--------+ +-----------------+-------+---+-------+---------+--------+--------+
| subjectName | F |T | T | RW | Def | None | | subjectName | F |T | T | RW | Def | None |
+-----------------+-------+---+-------+---------+--------+--------+ +-----------------+-------+---+-------+---------+--------+--------+
Table 2: Characteristics of EndpointApp Schema Attributes Table 2: Characteristics of EndpointApp Schema Attributes
Legend: Legend: Req = Required, T = True, F = False, RO = ReadOnly,
RW = ReadWrite, N = No, Def = Default
Req: Required
T: True
F: False
RO: ReadOnly
RW: ReadWrite
N: No
Def: Default
If certificateInfo is provided by the client and is accepted by the If certificateInfo is provided by the client and is accepted by the
server, the server MUST return that multivalued attribute in its server, the server MUST return that multivalued attribute in its
response. Otherwise, the server is expected to return a clientToken. response. Otherwise, the server is expected to return a clientToken.
If the server returns neither certificateInfo nor a clientToken, then If the server returns neither certificateInfo nor a clientToken, then
external authentication such as [OAUTHv2] MUST be pre-arranged. If external authentication such as [OAUTHv2] MUST be pre-arranged. If
the server accepts a certificate and produces a clientToken, then the server accepts a certificate and produces a clientToken, then
control and telemetry servers MUST validate both. control and telemetry servers MUST validate both.
certificateInfo is preferred in situations where client functions are certificateInfo is preferred in situations where client functions are
federated such that different clients may connect for different federated such that different clients may connect for different
purposes. purposes.
Example:
<CODE BEGINS> <CODE BEGINS>
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:EndpointApp"], "schemas": ["urn:ietf:params:scim:schemas:core:2.0:EndpointApp"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316212", "id": "e9e30dba-f08f-4109-8486-d5c6a3316212",
"applicationType": "deviceControl", "applicationType": "deviceControl",
"applicationName": "Device Control App 1", "applicationName": "Device Control App 1",
"certificateInfo": { "certificateInfo": {
"rootCA" : "MIIBIjAN...", "rootCA" : "MIIBIjAN...",
"subjectName": "www.example.com" "subjectName": "www.example.com"
}, },
skipping to change at line 601 skipping to change at line 592
a resolvable private address. Otherwise, the address is assumed a resolvable private address. Otherwise, the address is assumed
to be a random static address. Non-resolvable private addresses to be a random static address. Non-resolvable private addresses
are not supported by this specification. This attribute is not are not supported by this specification. This attribute is not
required. It is mutable and is returned by default. The default required. It is mutable and is returned by default. The default
value is false. See Volume 6, Part B, Section 1.3 of [BLE54] for value is false. See Volume 6, Part B, Section 1.3 of [BLE54] for
more information about different address types. more information about different address types.
separateBroadcastAddress: When present, this string represents an separateBroadcastAddress: When present, this string represents an
address used for broadcasts/advertisements. This value MUST NOT address used for broadcasts/advertisements. This value MUST NOT
be set when an IRK is provided. Its form is the same as be set when an IRK is provided. Its form is the same as
deviceMacAddress. It is not required, multivalued, mutable, and deviceMacAddress. It is not required. It is multivalued,
returned by default. mutable, and returned by default.
irk: A string value that specifies the IRK, which is unique to each irk: A string value that specifies the IRK, which is unique to each
device. It is used to resolve a private random address. It device. It is used to resolve a private random address. It
should only be provisioned when isRandom is true. It is mutable should only be provisioned when isRandom is true. It is mutable
and never returned. For more information about the use of the and never returned. For more information about the use of the
IRK, see Volume 1, Part A, Section 5.4.5 of [BLE54]. IRK, see Volume 1, Part A, Section 5.4.5 of [BLE54].
mobility: A boolean attribute to enable BLE device mobility. If set mobility: A boolean attribute to enable BLE device mobility. If set
to true, the device could be expected to move within a network of to true, the device could be expected to move within a network of
Access Points (APs). For example, if a BLE device is connected Access Points (APs). For example, if a BLE device is connected
skipping to change at line 712 skipping to change at line 703
+------------------+-------+---+-------+---------+--------+--------+ +------------------+-------+---+-------+---------+--------+--------+
| versionSupport | T |T | F | RW | Def | None | | versionSupport | T |T | F | RW | Def | None |
+------------------+-------+---+-------+---------+--------+--------+ +------------------+-------+---+-------+---------+--------+--------+
| mobility | F |F | F | RW | Def | None | | mobility | F |F | F | RW | Def | None |
+------------------+-------+---+-------+---------+--------+--------+ +------------------+-------+---+-------+---------+--------+--------+
| pairingMethods | T |T | T | RW | Def | None | | pairingMethods | T |T | T | RW | Def | None |
+------------------+-------+---+-------+---------+--------+--------+ +------------------+-------+---+-------+---------+--------+--------+
Table 3: Characteristics of BLE Extension Schema Attributes Table 3: Characteristics of BLE Extension Schema Attributes
Legend: Legend: sepBroadcastAdd = separateBroadcastAddress, Req = Required,
T = True, F = False, RW = ReadWrite, WO = WriteOnly,
Def = Default, Nev = Never, Manuf = Manufacturer
sepBroadcastAdd: separateBroadcastAddress Example:
Req: Required
T: True
F: False
RW: ReadWrite
WO: WriteOnly
Def: Default
Nev: Never
Manuf: Manufacturer
<CODE BEGINS> <CODE BEGINS>
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device",
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device"], "urn:ietf:params:scim:schemas:extension:ble:2.0:Device"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "BLE Heart Monitor", "displayName": "BLE Heart Monitor",
"active": true, "active": true,
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : { "urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : {
"versionSupport": ["5.3"], "versionSupport": ["5.4"],
"deviceMacAddress": "2C:54:91:88:C9:E2", "deviceMacAddress": "2C:54:91:88:C9:E2",
"isRandom": false, "isRandom": false,
"separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77:\ "separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77:\
22:12"], 22:12"],
"mobility": true, "mobility": true,
"pairingMethods": ["urn:ietf:params:scim:schemas:extension:\ "pairingMethods": ["urn:ietf:params:scim:schemas:extension:\
pairingPassKey:2.0:Device"], pairingPassKey:2.0:Device"],
"urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:\ "urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:\
Device" : { Device" : {
"key": 123456 "key": 123456
skipping to change at line 764 skipping to change at line 749
} }
<CODE ENDS> <CODE ENDS>
Figure 5: BLE Example Figure 5: BLE Example
In the above example, the pairing method is "pairingPassKey", which In the above example, the pairing method is "pairingPassKey", which
implies that this BLE device pairs using only a passkey. In another implies that this BLE device pairs using only a passkey. In another
example below, the pairing method is "pairingOOB", denoting that this example below, the pairing method is "pairingOOB", denoting that this
BLE device uses the out-of-band pairing method. BLE device uses the out-of-band pairing method.
Example:
<CODE BEGINS> <CODE BEGINS>
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device",
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device"], "urn:ietf:params:scim:schemas:extension:ble:2.0:Device"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "BLE Heart Monitor", "displayName": "BLE Heart Monitor",
"active": true, "active": true,
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : { "urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : {
"versionSupport": ["5.3"], "versionSupport": ["5.4"],
"deviceMacAddress": "2C:54:91:88:C9:E2", "deviceMacAddress": "2C:54:91:88:C9:E2",
"isRandom": false, "isRandom": false,
"separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77:\ "separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77:\
22:12"], 22:12"],
"mobility": true, "mobility": true,
"pairingMethods": ["urn:ietf:params:scim:schemas:extension:\ "pairingMethods": ["urn:ietf:params:scim:schemas:extension:\
pairingOOB:2.0:Device"], pairingOOB:2.0:Device"],
"urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:Device": { "urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:Device": {
"key": "TheKeyvalueRetrievedFromOOB", "key": "TheKeyvalueRetrievedFromOOB",
"randomNumber": 238796813516896 "randomNumber": 238796813516896
skipping to change at line 804 skipping to change at line 791
} }
<CODE ENDS> <CODE ENDS>
Figure 6: BLE with pairingOOB Figure 6: BLE with pairingOOB
However, a device can have more than one pairing method. Support for However, a device can have more than one pairing method. Support for
multiple pairing methods is also provided by the multivalued multiple pairing methods is also provided by the multivalued
attribute pairingMethods. In the example below, the BLE device can attribute pairingMethods. In the example below, the BLE device can
pair with both passkey and OOB pairing methods. pair with both passkey and OOB pairing methods.
Example:
<CODE BEGINS> <CODE BEGINS>
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device",
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device"], "urn:ietf:params:scim:schemas:extension:ble:2.0:Device"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "BLE Heart Monitor", "displayName": "BLE Heart Monitor",
"active": true, "active": true,
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : { "urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : {
"versionSupport": ["5.3"], "versionSupport": ["5.4"],
"deviceMacAddress": "2C:54:91:88:C9:E2", "deviceMacAddress": "2C:54:91:88:C9:E2",
"isRandom": false, "isRandom": false,
"separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77:\ "separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77:\
22:12"], 22:12"],
"mobility": true, "mobility": true,
"pairingMethods": ["urn:ietf:params:scim:schemas:extension:\ "pairingMethods": ["urn:ietf:params:scim:schemas:extension:\
pairingPassKey:2.0:Device", pairingPassKey:2.0:Device",
"urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:\ "urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:\
Device"], Device"],
"urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:\ "urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:\
skipping to change at line 909 skipping to change at line 898
+---------------------+-----+---+-----+---------+--------+--------+ +---------------------+-----+---+-----+---------+--------+--------+
| serialNumber |F |F |F | RW | Def | None | | serialNumber |F |F |F | RW | Def | None |
+---------------------+-----+---+-----+---------+--------+--------+ +---------------------+-----+---+-----+---------+--------+--------+
| bootstrappingMethod |T |F |F | RW | Def | None | | bootstrappingMethod |T |F |F | RW | Def | None |
+---------------------+-----+---+-----+---------+--------+--------+ +---------------------+-----+---+-----+---------+--------+--------+
| classChannel |T |F |F | RW | Def | None | | classChannel |T |F |F | RW | Def | None |
+---------------------+-----+---+-----+---------+--------+--------+ +---------------------+-----+---+-----+---------+--------+--------+
Table 4: Characteristics of DPP Extension Schema Attributes Table 4: Characteristics of DPP Extension Schema Attributes
Legend: Legend: Req = Required, T = True, F = False, RW = ReadWrite,
WO = WriteOnly, Def = Default, Nev = Never,
Manuf = Manufacturer
Req: Required Example:
T: True
F: False
RW: ReadWrite
WO: WriteOnly
Def: Default
Nev: Never
Manuf: Manufacturer
<CODE BEGINS> <CODE BEGINS>
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device",
"urn:ietf:params:scim:schemas:extension:dpp:2.0:\ "urn:ietf:params:scim:schemas:extension:dpp:2.0:\
Device"], Device"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "WiFi Heart Monitor", "displayName": "WiFi Heart Monitor",
"active": true, "active": true,
skipping to change at line 983 skipping to change at line 967
+==================+=======+===+=======+=========+========+========+ +==================+=======+===+=======+=========+========+========+
| Attribute | Multi |Req| Case | Mutable | Return | Unique | | Attribute | Multi |Req| Case | Mutable | Return | Unique |
| | Value | | Exact | | | | | | Value | | Exact | | | |
+==================+=======+===+=======+=========+========+========+ +==================+=======+===+=======+=========+========+========+
| deviceMacAddress | F |T | F | RW | Def | None | | deviceMacAddress | F |T | F | RW | Def | None |
+------------------+-------+---+-------+---------+--------+--------+ +------------------+-------+---+-------+---------+--------+--------+
Table 5: Characteristics of MAB Extension Schema Attributes Table 5: Characteristics of MAB Extension Schema Attributes
Legend: Legend: Req = Required, T = True, F = False, RW = ReadWrite,
Def = Default
Req: Required Example:
T: True
F: False
RW: ReadWrite
Def: Default
<CODE BEGINS> <CODE BEGINS>
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device",
"urn:ietf:params:scim:schemas:extension:ethernet-mab:2.0:Device\ "urn:ietf:params:scim:schemas:extension:ethernet-mab:2.0:Device\
"], "],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "Some random Ethernet Device", "displayName": "Some random Ethernet Device",
"active": true, "active": true,
skipping to change at line 1046 skipping to change at line 1027
+============+=======+=====+=======+=========+========+========+ +============+=======+=====+=======+=========+========+========+
| Attribute | Multi | Req | Case | Mutable | Return | Unique | | Attribute | Multi | Req | Case | Mutable | Return | Unique |
| | Value | | Exact | | | | | | Value | | Exact | | | |
+============+=======+=====+=======+=========+========+========+ +============+=======+=====+=======+=========+========+========+
| fdoVoucher | F | T | F | WO | Nev | None | | fdoVoucher | F | T | F | WO | Nev | None |
+------------+-------+-----+-------+---------+--------+--------+ +------------+-------+-----+-------+---------+--------+--------+
Table 6: Characteristics of FDO Extension Schema Attributes Table 6: Characteristics of FDO Extension Schema Attributes
Legend: Legend: Req = Required, T = True, F = False, WO = WriteOnly,
Nev = Never
Req: Required Example:
T: True
F: False
WO: WriteOnly
Nev: Never
<CODE BEGINS> <CODE BEGINS>
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Devices", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Devices",
"urn:ietf:params:scim:schemas:extension:fido-device-onboard:2.0\ "urn:ietf:params:scim:schemas:extension:fido-device-onboard:2.0\
:Devices"], :Devices"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "Some random Ethernet Device", "displayName": "Some random Ethernet Device",
"active": true, "active": true,
skipping to change at line 1116 skipping to change at line 1094
| Attribute |Multi|Req| Case | Mutable | Return | Unique | | Attribute |Multi|Req| Case | Mutable | Return | Unique |
| |Value| | Exact | | | | | |Value| | Exact | | | |
+====================+=====+===+=======+=========+========+========+ +====================+=====+===+=======+=========+========+========+
| deviceEui64Address |F |T | F | RW | Def | None | | deviceEui64Address |F |T | F | RW | Def | None |
+--------------------+-----+---+-------+---------+--------+--------+ +--------------------+-----+---+-------+---------+--------+--------+
| versionSupport |T |T | F | RW | Def | None | | versionSupport |T |T | F | RW | Def | None |
+--------------------+-----+---+-------+---------+--------+--------+ +--------------------+-----+---+-------+---------+--------+--------+
Table 7: Characteristics of Zigbee Extension Schema Attributes Table 7: Characteristics of Zigbee Extension Schema Attributes
Legend: Legend: Req = Required, T = True, F = False, RW = ReadWrite,
Def = Default
Req: Required Example:
T: True
F: False
RW: ReadWrite
Def: Default
<CODE BEGINS> <CODE BEGINS>
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device",
"urn:ietf:params:scim:schemas:extension:zigbee:2.0:Device"], "urn:ietf:params:scim:schemas:extension:zigbee:2.0:Device"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "Zigbee Heart Monitor", "displayName": "Zigbee Heart Monitor",
"active": true, "active": true,
"urn:ietf:params:scim:schemas:extension:zigbee:2.0:Device" : { "urn:ietf:params:scim:schemas:extension:zigbee:2.0:Device" : {
skipping to change at line 1220 skipping to change at line 1195
| applications |T |T | F | RW | Def | None | | applications |T |T | F | RW | Def | None |
+--------------------+-----+---+-------+---------+--------+--------+ +--------------------+-----+---+-------+---------+--------+--------+
| value |F |T | F | RW | Def | None | | value |F |T | F | RW | Def | None |
+--------------------+-----+---+-------+---------+--------+--------+ +--------------------+-----+---+-------+---------+--------+--------+
| $ref |F |T | F | R | Def | None | | $ref |F |T | F | R | Def | None |
+--------------------+-----+---+-------+---------+--------+--------+ +--------------------+-----+---+-------+---------+--------+--------+
Table 8: Characteristics of endpointAppsExt Extension Schema Table 8: Characteristics of endpointAppsExt Extension Schema
Attributes Attributes
Legend: Legend: devContEntEndpoint = deviceControlEnterpriseEndpoint,
telEntEndpoint = telemetryEnterpriseEndpoint,
Req = Required, T = True, F = False, RO = ReadOnly,
RW = ReadWrite, Ent = Enterprise, Def = Default
devContEntEndpoint: deviceControlEnterpriseEndpoint Example:
telEntEndpoint: telemetryEnterpriseEndpoint
Req: Required
T: True
F: False
RO: ReadOnly
RW: ReadWrite
Ent: Enterprise
Def: Default
<CODE BEGINS> <CODE BEGINS>
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device",
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device", "urn:ietf:params:scim:schemas:extension:ble:2.0:Device",
"urn:ietf:params:scim:schemas:extension:endpointAppsExt:2.0:\ "urn:ietf:params:scim:schemas:extension:endpointAppsExt:2.0:\
Device"], Device"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "BLE Heart Monitor", "displayName": "BLE Heart Monitor",
"active": true, "active": true,
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : { "urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : {
"versionSupport": ["5.3"], "versionSupport": ["5.4"],
"deviceMacAddress": "2C:54:91:88:C9:E2", "deviceMacAddress": "2C:54:91:88:C9:E2",
"isRandom": false, "isRandom": false,
"separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77:\ "separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77:\
22:12"], 22:12"],
"mobility": false, "mobility": false,
"pairingMethods": [ "pairingMethods": [
"urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:\ "urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:\
Device"], Device"],
"urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:\ "urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:\
Device" : { Device" : {
skipping to change at line 1383 skipping to change at line 1353
Name: Core Device Schema Name: Core Device Schema
Reference: RFC 9944, Section 3 Reference: RFC 9944, Section 3
Schema URI: urn:ietf:params:scim:schemas:core:2.0:EndpointApp Schema URI: urn:ietf:params:scim:schemas:core:2.0:EndpointApp
Name: Endpoint Application Name: Endpoint Application
Reference: RFC 9944, Section 6 Reference: RFC 9944, Section 6
9.2. Device Schema Extensions 9.2. Device Schema Extensions
IANA has created the following extensions in the "SCIM Server-Related IANA has created the following extensions in the "SCIM Server-Related
Schema URIs" registry as described in Section 7: Schema URIs" registry (omitting the "Resource Type" field) as
described in Section 7:
Schema URI: urn:ietf:params:scim:schemas:extension:ble:2.0:Device Schema URI: urn:ietf:params:scim:schemas:extension:ble:2.0:Device
Description: BLE Extension Name: BLE Extension
Resource Type: Device Resource Type: Device
Reference: RFC 9944, Section 7.1 Reference: RFC 9944, Section 7.1
Schema URI: Schema URI:
urn:ietf:params:scim:schemas:extension:ethernet-mab:2.0:Device urn:ietf:params:scim:schemas:extension:ethernet-mab:2.0:Device
Description: Ethernet MAB Name: Ethernet MAB
Resource Type: Device Resource Type: Device
Reference: RFC 9944, Section 7.3 Reference: RFC 9944, Section 7.3
Schema URI: Schema URI:
urn:ietf:params:scim:schemas:extension:fido-device- urn:ietf:params:scim:schemas:extension:fido-device-
onboard:2.0:Device onboard:2.0:Device
Description: FIDO Device Onboard Name: FIDO Device Onboard
Resource Type: Device Resource Type: Device
Reference: RFC 9944, Section 7.4 Reference: RFC 9944, Section 7.4
Schema URI: urn:ietf:params:scim:schemas:extension:dpp:2.0:Device Schema URI: urn:ietf:params:scim:schemas:extension:dpp:2.0:Device
Description: Wi-Fi Easy Connect Name: Wi-Fi Easy Connect
Resource Type: Device Resource Type: Device
Reference: RFC 9944, Section 7.2 Reference: RFC 9944, Section 7.2
Schema URI: Schema URI:
urn:ietf:params:scim:schemas:extension:endpointAppsExt:2.0:Device urn:ietf:params:scim:schemas:extension:endpointAppsExt:2.0:Device
Description: Application Endpoint Extension Name: Application Endpoint Extension
Resource Type: Device Resource Type: Device
Reference: RFC 9944, Section 7.1.3 Reference: RFC 9944, Section 7.1.3
Schema URI: Schema URI:
urn:ietf:params:scim:schemas:extension:pairingJustWorks:2.0:Device urn:ietf:params:scim:schemas:extension:pairingJustWorks:2.0:Device
Description: Just Works Auth BLE Name: Just Works Auth BLE
Resource Type: Device Resource Type: Device
Reference: RFC 9944, Section 7.1.3 Reference: RFC 9944, Section 7.1.3
Schema URI: Schema URI:
urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:Device urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:Device
Description: Out-of-Band Pairing for BLE Name: Out-of-Band Pairing for BLE
Resource Type: Device Resource Type: Device
Reference: RFC 9944, Section 7.1.3 Reference: RFC 9944, Section 7.1.3
Schema URI: Schema URI:
urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:Device urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:Device
Description: Passkey Pairing for BLE Name: Passkey Pairing for BLE
Resource Type: Device Resource Type: Device
Reference: RFC 9944, Section 7.1.3 Reference: RFC 9944, Section 7.1.3
10. References 10. References
10.1. Normative References 10.1. Normative References
[BLE54] Bluetooth SIG, "Bluetooth Core Specification", Version [BLE54] Bluetooth SIG, "Bluetooth Core Specification", Version
5.4, 2023, <https://www.bluetooth.org/DocMan/handlers/ 5.4, 2023, <https://www.bluetooth.org/DocMan/handlers/
DownloadDoc.ashx?doc_id=587177>. DownloadDoc.ashx?doc_id=587177>.
skipping to change at line 1498 skipping to change at line 1469
[Zigbee] Zigbee Alliance, "Zigbee Specification", ZigBee Document [Zigbee] Zigbee Alliance, "Zigbee Specification", ZigBee Document
05-3474-21, August 2015, <https://zigbeealliance.org/wp- 05-3474-21, August 2015, <https://zigbeealliance.org/wp-
content/uploads/2019/11/docs-05-3474-21-0csg-zigbee- content/uploads/2019/11/docs-05-3474-21-0csg-zigbee-
specification.pdf>. specification.pdf>.
10.2. Informative References 10.2. Informative References
[JSONSchema] [JSONSchema]
Wright, A., Ed., Andrews, H. A., Ed., Hutton, B., Ed., and Wright, A., Ed., Andrews, H. A., Ed., Hutton, B., Ed., and
G. Dennis, "JSON Schema- A Media Type for Describing JSON G. Dennis, "JSON Schema: A Media Type for Describing JSON
Documents", December 2022, Documents", December 2022,
<https://json-schema.org/draft/2020-12/json-schema-core>. <https://json-schema.org/draft/2020-12/json-schema-core>.
[NIPC] Brinckman, B., Mohan, R., and B. Sanford, "An Application [NIPC] Brinckman, B., Mohan, R., and B. Sanford, "An Application
Layer Interface for Non-IP device control (NIPC)", Work in
Progress, Internet-Draft, draft-brinckman-nipc-01, 21
April 2024, <https://datatracker.ietf.org/doc/html/draft-
brinckman-nipc-01>.
[NIPC-API] Brinckman, B., Mohan, R., and B. Sanford, "An Application
Layer Interface for Non-Internet-Connected Physical Layer Interface for Non-Internet-Connected Physical
Components (NIPC)", Work in Progress, Internet-Draft, Components (NIPC)", Work in Progress, Internet-Draft,
draft-ietf-asdf-nipc-18, 24 February 2026, draft-ietf-asdf-nipc-18, 24 February 2026,
<https://datatracker.ietf.org/doc/html/draft-ietf-asdf- <https://datatracker.ietf.org/doc/html/draft-ietf-asdf-
nipc-18>. nipc-18>.
[OAUTHv2] Hardt, D., Ed., "The OAuth 2.0 Authorization Framework",
RFC 6749, DOI 10.17487/RFC6749, October 2012,
<https://www.rfc-editor.org/info/rfc6749>.
[OpenAPI] Swagger, "OpenAPI Specification", Version 3.1.1, October [OpenAPI] Swagger, "OpenAPI Specification", Version 3.1.1, October
2024, <https://swagger.io/specification/>. 2024, <https://swagger.io/specification/>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>. <https://www.rfc-editor.org/info/rfc6241>.
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
RFC 7950, DOI 10.17487/RFC7950, August 2016, RFC 7950, DOI 10.17487/RFC7950, August 2016,
skipping to change at line 1873 skipping to change at line 1842
[ [
{ {
"id": "urn:ietf:params:scim:schemas:extension:ble:2.0:Device", "id": "urn:ietf:params:scim:schemas:extension:ble:2.0:Device",
"name": "bleExtension", "name": "bleExtension",
"description": "BLE extension for device account.", "description": "BLE extension for device account.",
"attributes" : [ "attributes" : [
{ {
"name": "versionSupport", "name": "versionSupport",
"type": "string", "type": "string",
"description": "Provides a list of all the BLE versions \ "description": "Provides a list of all the BLE versions \
supported by the device, for example, [4.1, 4.2, 5.0, 5.1, 5.2, 5.3]\ supported by the device, for example, [4.1, 4.2, 5.0, 5.1, 5.2, 5.4]\
.", .",
"multiValued": true, "multiValued": true,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "deviceMacAddress", "name": "deviceMacAddress",
skipping to change at line 1899 skipping to change at line 1868
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "Manufacturer" "uniqueness": "Manufacturer"
}, },
{ {
"name": "isRandom", "name": "isRandom",
"type": "boolean", "type": "boolean",
"description": "The isRandom flag is taken from the BLE \ "description": "The isRandom flag is taken from the BLE \
core specifications 5.3. If true, device is using a random address\ core specifications 5.4. If true, device is using a random address\
. Default value is false.", . Default value is false.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "separateBroadcastAddress", "name": "separateBroadcastAddress",
skipping to change at line 2697 skipping to change at line 2666
required: true required: true
BleDeviceExtension: BleDeviceExtension:
type: object type: object
properties: properties:
versionSupport: versionSupport:
type: array type: array
items: items:
type: string type: string
description: Provides a list of all the BLE versions description: Provides a list of all the BLE versions
supported by the device, for example, supported by the device, for example,
[4.1, 4.2, 5.0, 5.1, 5.2, 5.3]. [4.1, 4.2, 5.0, 5.1, 5.2, 5.4].
readOnly: false readOnly: false
writeOnly: false writeOnly: false
deviceMacAddress: deviceMacAddress:
type: string type: string
description: It is the public MAC address assigned by the description: It is the public MAC address assigned by the
manufacturer. It is a unique 48-bit value. The manufacturer. It is a unique 48-bit value. The
regex pattern is regex pattern is
^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){5}. ^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){5}.
readOnly: false readOnly: false
writeOnly: false writeOnly: false
isRandom: isRandom:
type: boolean type: boolean
description: AddressType flag is taken from the BLE core description: AddressType flag is taken from the BLE core
specifications 5.3. If false, the device is specifications 5.4. If false, the device is
using a public MAC address. If true, device using a public MAC address. If true, device
is using a random address. is using a random address.
readOnly: false readOnly: false
writeOnly: false writeOnly: false
separateBroadcastAddress: separateBroadcastAddress:
type: string type: string
description: "When present, this address is used for description: "When present, this address is used for
broadcasts/advertisements. This value broadcasts/advertisements. This value
MUST NOT be set when an IRK is provided. MUST NOT be set when an IRK is provided.
 End of changes. 42 change blocks. 
99 lines changed or deleted 68 lines changed or added

This html diff was produced by rfcdiff 1.48.