Concise Binary Object Representation (CBOR) SequencesUniversität Bremen TZIPostfach 330440BremenD-28359Germany+49-421-218-63921cabo@tzi.orgbinary formatdata interchange formatJSONThis document describes the Concise Binary Object Representation
(CBOR) Sequence format and associated media type
"application/cbor-seq". A CBOR Sequence consists of any number of
encoded CBOR data items, simply concatenated in sequence.Structured syntax suffixes for media types allow other media types to
build on them and make it explicit that they are built on an existing
media type as their foundation. This specification defines and
registers "+cbor-seq" as a structured syntax suffix for CBOR
Sequences.Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by
the Internet Engineering Steering Group (IESG). Further
information on Internet Standards is available in Section 2 of
RFC 7841.
Information about the current status of this document, any
errata, and how to provide feedback on it may be obtained at
.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
() in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License.
Table of Contents
. Introduction
. Conventions Used in This Document
. CBOR Sequence Format
. The "+cbor-seq" Structured Syntax Suffix
. Practical Considerations
. Specifying CBOR Sequences in Concise Data Definition Language (CDDL)
. Diagnostic Notation
. Optimizing CBOR Sequences for Skipping Elements
. Security Considerations
. IANA Considerations
. Media Type
. CoAP Content-Format Registration
. Structured Syntax Suffix
. References
. Normative References
. Informative References
Acknowledgements
Author's Address
IntroductionThe Concise Binary Object Representation (CBOR) can be used for serialization of
data in the JSON data model or
in its own, somewhat expanded, data model. When serializing a sequence of
such values, it is sometimes convenient to have a format where these
sequences can simply be concatenated to obtain a serialization of the
concatenated sequence of values or to encode a sequence of values that
might grow at the end by just appending further CBOR data items.This document describes the concept and format of "CBOR Sequences",
which are composed of zero or more encoded CBOR data items. CBOR
Sequences can be consumed (and produced) incrementally without requiring
a streaming CBOR parser that is able to deliver substructures of a data
item incrementally (or a streaming encoder able to encode from
substructures incrementally).This document defines and registers the "application/cbor-seq" media
type in the "Media Types" registry along with a Constrained Application
Protocol (CoAP) Content-Format identifier. Media type structured syntax
suffixes were introduced as a
way for a media type to signal that it is based on another media type as
its foundation. CBOR defines
the "+cbor" structured syntax suffix. This document defines and
registers the "+cbor-seq" structured syntax suffix in the "Structured
Syntax Suffix Registry".Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in BCP 14
when, and only when, they appear in all capitals, as shown here.
In this specification, the term "byte" is used in its now-customary
sense as a synonym for "octet".CBOR Sequence FormatFormally, a CBOR Sequence is a sequence of bytes that is recursively
defined as either of the following:
an empty (zero-length) sequence of bytes
the sequence of bytes making up an encoded CBOR data item
followed by a CBOR Sequence.
In short, concatenating zero or more encoded CBOR data items generates
a CBOR Sequence. (Consequently, concatenating zero or more CBOR
Sequences also results in a CBOR Sequence.)There is no end-of-sequence indicator. (If one is desired, CBOR
encoding an array of the CBOR data model values being encoded, employing
either a definite or an indefinite length encoding, as a single CBOR
data item may actually be the more appropriate representation.)CBOR Sequences, unlike JSON Text Sequences , do not use a
marker between items. This is possible because CBOR-encoded data
items are self delimiting and the end can always be calculated. (Note
that, while the early object/array-only form of JSON was
self delimiting as well, this stopped being the case when simple
values such as single numbers were made valid JSON documents.)Decoding a CBOR Sequence works as follows:
If the CBOR Sequence is an empty sequence of bytes, the result is an
empty sequence of CBOR data model values.
Otherwise, one must decode a single CBOR data item from the bytes
of the CBOR Sequence and insert the resulting CBOR data model value at
the start of the result of repeating this decoding process recursively
with the remaining bytes. (A streaming decoder would therefore simply
deliver zero or more CBOR data model values, each as soon as the bytes
making it up are available.)
This means that if any data item in the sequence is not well formed,
it is not possible to reliably decode the rest of the sequence. (An
implementation may be able to recover from some errors in a sequence
of bytes that is almost, but not entirely, a well-formed encoded CBOR
data item. Handling malformed data is outside the scope of this
specification.)This also means that the CBOR Sequence format can reliably detect
truncation of the bytes making up the last CBOR data item in the
sequence, but it cannot detect entirely missing CBOR data items at the end. A
CBOR Sequence decoder that is used for consuming streaming CBOR Sequence
data may simply pause for more data (e.g., by suspending and later
resuming decoding) in case a truncated final item is being received.The "+cbor-seq" Structured Syntax SuffixThe use case for the "+cbor-seq" structured syntax suffix is
analogous to that for "+cbor": it SHOULD be used by a
media type when the result of parsing the bytes of the media type
object as a CBOR Sequence is meaningful and is at least
sometimes not just a single CBOR data item. (Without the qualification
at the end, this sentence is trivially true for any +cbor media type,
which of course should continue to use the "+cbor" structured syntax
suffix.)Applications encountering a "+cbor-seq" media type can then either simply
use generic processing if all they need is a generic view of the CBOR
Sequence or use generic CBOR Sequence tools for
initial parsing and then implement their own specific processing on
top of that generic parsing tool.Practical ConsiderationsSpecifying CBOR Sequences in Concise Data Definition Language (CDDL)In Concise Data Definition Language (CDDL) , CBOR Sequences are already supported as contents
of byte strings using the .cborseq control operator () by employing an
array as the controller type:my-embedded-cbor-seq = bytes .cborseq my-array
my-array = [* my-element]
my-element = my-foo / my-bar
Currently, CDDL does not provide for unadorned CBOR Sequences as a
top-level subject of a specification.
For now, the suggestion is to use an array for the top-level rule, as is used
for the .cborseq control operator, and add English text that
explains that the specification is really about a CBOR Sequence with the
elements of the array:; This defines an array, the elements of which are to be used
; in a CBOR Sequence:
my-sequence = [* my-element]
my-element = my-foo / my-bar
(Future versions of CDDL may provide a notation for top-level CBOR
Sequences, e.g., by using a group as the top-level rule in a CDDL
specification.)Diagnostic NotationCBOR diagnostic notation (see ) or extended
diagnostic notation () also does not provide
for unadorned CBOR Sequences at this time (the latter does provide for
CBOR Sequences embedded in a byte string as per ).In a similar spirit to the recommendation for CDDL above, this
specification recommends enclosing the CBOR data items in an array.
In a more informal setting, where the boundaries within which the
notation is used are obvious, it is also possible to leave off the
outer brackets for this array, as shown in these two examples:
[1, 2, 3]
1, 2, 3
Note that it is somewhat difficult to discuss zero-length CBOR
Sequences in the latter form.Optimizing CBOR Sequences for Skipping ElementsIn certain applications, being able to efficiently skip an element
without the need for decoding its substructure, or efficiently fanning
out elements to multi-threaded decoding processes, is of the utmost
importance. For these applications, byte strings
(which carry length information in bytes) containing embedded CBOR can
be used as the elements of a CBOR Sequence:; This defines an array of CBOR byte strings, the elements of which
; are to be used in a CBOR Sequence:
my-sequence = [* my-element]
my-element = bytes .cbor my-element-structure
my-element-structure = my-foo / my-bar
Within limits, this may also enable recovering from elements that
internally are not well formed; the limitation is that the sequence
of byte strings does need to be well formed as such.Security ConsiderationsThe security considerations of CBOR apply. This format
provides no cryptographic integrity protection of any kind but can be
combined with security specifications such as CBOR Object Signing and
Encryption (COSE) to do so.
(COSE protections can be applied to an entire CBOR Sequence or to each
of the elements of the sequence independently; in the latter case,
additional effort may be required if there is a need to protect the
relationship of the elements in the sequence.)As usual, decoders must operate on input that is assumed to be
untrusted. This means that decoders MUST fail gracefully in the face
of malicious inputs.IANA ConsiderationsMedia TypeMedia types are registered in the "Media Types" registry
.
IANA has registered the media type for CBOR Sequence,
application/cbor-seq, as follows:Type name: applicationSubtype name: cbor-seqRequired parameters: N/AOptional parameters: N/AEncoding considerations: binarySecurity considerations: See RFC 8742, .Interoperability considerations: Described herein.Published specification: RFC 8742.Applications that use this media type: Data serialization and deserialization.Fragment identifier considerations: N/AAdditional information:
Deprecated alias names for this type: N/A
Magic number(s): N/A
File extension(s): N/A
Macintosh file type code(s): N/A
Person & email address to contact for further information:
cbor@ietf.org
Intended usage: COMMONAuthor: Carsten Bormann (cabo@tzi.org)Change controller: IETFCoAP Content-Format RegistrationIANA has assigned a CoAP Content-Format ID for the media
type "application/cbor-seq", within the "CoAP Content-Formats" subregistry
of the "Constrained RESTful Environments (CoRE) Parameters" registry
, from the "Expert Review" (0-255)
range (). The assigned ID is shown in .
CoAP Content-Format ID
Media type
Encoding
ID
Reference
application/cbor-seq
-
63
RFC 8742
Structured Syntax SuffixStructured Syntax Suffixes are registered within the "Structured
Syntax Suffix Registry" maintained at . IANA has
registered the "+cbor-seq" structured syntax suffix in accordance with
as follows:
Name: CBOR Sequence
+suffix: +cbor-seq
References: RFC 8742
Encoding considerations: binary
Fragment identifier considerations: The syntax and semantics of
fragment identifiers specified for +cbor-seq SHOULD be the same
as that specified for "application/cbor-seq". (At the time of publication of this
document, there is no fragment identification syntax defined for
"application/cbor-seq".)
The syntax and semantics for fragment identifiers for a
specific "xxx/yyy+cbor-seq" SHOULD be processed as follows:
For cases defined in +cbor-seq, if the fragment
identifier resolves per the +cbor-seq rules, then process as
specified in +cbor-seq.
For cases defined in +cbor-seq, if the fragment
identifier does not resolve per the +cbor-seq rules, then
process as specified in "xxx/yyy+cbor-seq".
For cases not defined in +cbor-seq, process as
specified in "xxx/yyy+cbor-seq".
Interoperability considerations: n/a
Security considerations: See RFC 8742,
Contact: CBOR WG mailing list (cbor@ietf.org), or any IESG-designated successor.
Author/Change controller: IETF
ReferencesNormative ReferencesConstrained RESTful Environments (CoRE) ParametersIANAMedia TypesIANAStructured Syntax Suffix RegistryIANAKey words for use in RFCs to Indicate Requirement LevelsIn many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.Concise Binary Object Representation (CBOR)The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack.Ambiguity of Uppercase vs Lowercase in RFC 2119 Key WordsRFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.Informative ReferencesMedia Type Specifications and Registration ProceduresThis document defines procedures for the specification and registration of media types for use in HTTP, MIME, and other Internet protocols. This memo documents an Internet Best Current Practice.JavaScript Object Notation (JSON) Text SequencesThis document describes the JavaScript Object Notation (JSON) text sequence format and associated media type "application/json-seq". A JSON text sequence consists of any number of JSON texts, all encoded in UTF-8, each prefixed by an ASCII Record Separator (0x1E), and each ending with an ASCII Line Feed character (0x0A).A Media Type Structured Syntax Suffix for JSON Text SequencesStructured syntax suffixes for media types allow other media types to build on them and make it explicit that they are built on an existing media type as their foundation. This specification defines and registers "+json-seq" as a structured syntax suffix for JSON text sequences.Guidelines for Writing an IANA Considerations Section in RFCsMany protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA).To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry.This is the third edition of this document; it obsoletes RFC 5226.CBOR Object Signing and Encryption (COSE)Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need for the ability to have basic security services defined for this data format. This document defines the CBOR Object Signing and Encryption (COSE) protocol. This specification describes how to create and process signatures, message authentication codes, and encryption using CBOR for serialization. This specification additionally describes how to represent cryptographic keys using CBOR.The JavaScript Object Notation (JSON) Data Interchange FormatJavaScript Object Notation (JSON) is a lightweight, text-based, language-independent data interchange format. It was derived from the ECMAScript Programming Language Standard. JSON defines a small set of formatting rules for the portable representation of structured data.This document removes inconsistencies with other specifications of JSON, repairs specification errors, and offers experience-based interoperability guidance.Concise Data Definition Language (CDDL): A Notational Convention to Express Concise Binary Object Representation (CBOR) and JSON Data StructuresThis document proposes a notational convention to express Concise Binary Object Representation (CBOR) data structures (RFC 7049). Its main goal is to provide an easy and unambiguous way to express structures for protocol messages and data formats that use CBOR or JSON.AcknowledgementsThis document has mostly been generated from by
and by , which do a similar but slightly more
complicated exercise for JSON . raised an
issue on the CBOR mailing list that pointed out the need for this
document. and provided helpful comments.Author's AddressUniversität Bremen TZIPostfach 330440BremenD-28359Germany+49-421-218-63921cabo@tzi.org