rfc9944v1.txt   rfc9944.txt 
skipping to change at line 110 skipping to change at line 110
10.2. Informative References 10.2. Informative References
Appendix A. JSON Schema Representation Appendix A. JSON Schema Representation
A.1. Resource Schema A.1. Resource Schema
A.2. Core Device Schema A.2. Core Device Schema
A.3. EndpointApp Schema A.3. EndpointApp Schema
A.4. BLE Extension Schema A.4. BLE Extension Schema
A.5. DPP Extension Schema A.5. DPP Extension Schema
A.6. Ethernet MAB Extension Schema A.6. Ethernet MAB Extension Schema
A.7. FDO Extension Schema A.7. FDO Extension Schema
A.8. Zigbee Extension Schema A.8. Zigbee Extension Schema
A.9. EndpointAppsExt Extension Schema A.9. endpointAppsExt Extension Schema
Appendix B. OpenAPI Representation Appendix B. OpenAPI Representation
B.1. Core Device Schema OpenAPI Representation B.1. Core Device Schema OpenAPI Representation
B.2. EndpointApp Schema OpenAPI Representation B.2. EndpointApp Schema OpenAPI Representation
B.3. BLE Extension Schema OpenAPI Representation B.3. BLE Extension Schema OpenAPI Representation
B.4. DPP Extension Schema OpenAPI Representation B.4. DPP Extension Schema OpenAPI Representation
B.5. Ethernet MAB Extension Schema OpenAPI Representation B.5. Ethernet MAB Extension Schema OpenAPI Representation
B.6. FDO Extension Schema OpenAPI Representation B.6. FDO Extension Schema OpenAPI Representation
B.7. Zigbee Extension Schema OpenAPI Representation B.7. Zigbee Extension Schema OpenAPI Representation
B.8. EndpointAppsExt Extension Schema OpenAPI Representation B.8. endpointAppsExt Extension Schema OpenAPI Representation
Appendix C. FIDO Device Onboarding Example Flow Appendix C. FIDO Device Onboarding Example Flow
Acknowledgments Acknowledgments
Authors' Addresses Authors' Addresses
1. Introduction 1. Introduction
The Internet of Things presents a management challenge in many The Internet of Things presents a management challenge in many
dimensions. One of them is the ability to onboard and manage a large dimensions. One of them is the ability to onboard and manage a large
number of devices. There are many models for bootstrapping trust number of devices. There are many models for bootstrapping trust
between devices and network deployments. Indeed, it is expected that between devices and network deployments. Indeed, it is expected that
skipping to change at line 276 skipping to change at line 276
originally developed. The only difference the authors note between originally developed. The only difference the authors note between
the normative schema representations is that the JSON Schemas and the normative schema representations is that the JSON Schemas and
OpenAPI versions do not have a means to express case sensitivity, and OpenAPI versions do not have a means to express case sensitivity, and
thus attributes that are not case sensitive must be manually thus attributes that are not case sensitive must be manually
validated. validated.
Several additional schemas specify specific onboarding mechanisms, Several additional schemas specify specific onboarding mechanisms,
such as Bluetooth Low Energy (BLE) [BLE54], Wi-Fi Easy Connect such as Bluetooth Low Energy (BLE) [BLE54], Wi-Fi Easy Connect
[DPP2], and FIDO Device Onboard [FDO11]. [DPP2], and FIDO Device Onboard [FDO11].
When JSON is presented in this memo, it is folded in accordance with
[RFC8792].
1.4. Schema Representation 1.4. Schema Representation
Attributes defined in the device core schema and extensions comprise Attributes defined in the device core schema (see Section 2.2 of
characteristics and SCIM datatypes defined in Sections 2.2 and 2.3 of [RFC7643]) and extensions comprise characteristics and the SCIM
[RFC7643]. This specification does not define new characteristics datatypes (defined in Section 2.3 of [RFC7643]). This specification
and datatypes for the SCIM attributes. does not define new characteristics and datatypes for the SCIM
attributes.
1.5. Terminology 1.5. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in "OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
The reader is also expected to be familiar with the narrative schema The reader is also expected to be familiar with the narrative schema
language used in [RFC7643]. language used in [RFC7643].
2. ResourceType Device 2. ResourceType Device
A new resource type 'Device' is specified. The "ResourceType" schema A new resource type Device is specified. The "ResourceType" schema
specifies the metadata about a resource type (see Section 6 of specifies the metadata about a resource type (see Section 6 of
[RFC7643]). It comprises a core device schema and several extension [RFC7643]). It comprises a core device schema and several extension
schemas. This schema provides a minimal resource representation, schemas. This schema provides a minimal resource representation,
whereas extension schemas extend it depending on the device's whereas extension schemas extend it depending on the device's
capability. capability.
2.1. Common Attributes 2.1. Common Attributes
The Device schema contains three common attributes as defined in The device schema contains three common attributes as defined in
Section 3.1 of [RFC7643]. No semantic or syntax changes are made Section 3.1 of [RFC7643]. No semantic or syntax changes are made
here, but the attributes are listed merely for completeness. here, but the attributes are listed merely for completeness.
id: A required and unique attribute of the core device schema (see id: A required and unique attribute of the core device schema (see
Section 3.1 of [RFC7643]). Section 3.1 of [RFC7643]).
externalId: An optional attribute (see Section 3.1 of [RFC7643]). externalId: An optional attribute (see Section 3.1 of [RFC7643]).
meta: A required and complex attribute (see Section 3.1 of meta: A required and complex attribute (see Section 3.1 of
[RFC7643]). [RFC7643]).
3. SCIM Core Device Schema 3. SCIM Core Device Schema
The core device schema provides the minimal representation of a The core device schema provides the minimal representation of a
resource "Device". It contains only those attributes that any device resource Device. It contains only those attributes that any device
may need, and only one attribute is required. It is identified using may need, and only one attribute is required. It is identified using
the schema URI: the schema URI:
urn:ietf:params:scim:schemas:core:2.0:Device urn:ietf:params:scim:schemas:core:2.0:Device
The following attributes are defined in the core device schema. The following attributes are defined in the core device schema.
3.1. Singular Attributes 3.1. Singular Attributes
displayName: A string that provides a human-readable name for a displayName: A string that provides a human-readable name for a
device. It is intended to be displayed to end users and should be device. It is intended to be displayed to end users and should be
suitable for that purpose. The attribute is not required and is suitable for that purpose. The attribute is not required and is
not case sensitive. It may be modified and SHOULD be returned by not case sensitive. It may be modified and SHOULD be returned by
default. No uniqueness constraints are imposed on this attribute. default. No uniqueness constraints are imposed on this attribute.
active: A mutable boolean that is required. If set to TRUE, it active: A mutable boolean that is required. If set to true, it
means that this device is intended to be operational. Attempts to means that this device is intended to be operational. Attempts to
control or access a device where this value is set to FALSE may control or access a device where this value is set to false may
fail. For example, when used in conjunction with Non-IP Device fail. For example, when used in conjunction with Non-Internet-
Control (NIPC) [NIPC], commands such as connect, disconnect, and Connected Physical Components (NIPC) [NIPC], commands (such as
subscribe that control application sends to the controller for the connect, disconnect, and subscribe) that control application sends
devices any command will be rejected by the controller. to the controller for devices will be rejected by the controller.
mudUrl: A string that represents the URL to the Manufacturer Usage mudUrl: A string that represents the URL to the Manufacturer Usage
Description (MUD) file associated with this device. This Description (MUD) file associated with this device. This
attribute is optional and mutable. The mudUrl value is case attribute is optional, mutable, and returned by default. When
sensitive and not unique. When present, this attribute may be present, this attribute may be used as described in [RFC8520].
used as described in [RFC8520]. This attribute is case sensitive The mudUrl value is case sensitive and not unique.
and returned by default.
groups: An optional read-only complex object that indicates group groups: An optional read-only complex object that indicates group
membership. Its form is precisely the same as that defined in membership. Its form is precisely the same as that defined in
Section 4.1.2 of [RFC7643]. Section 4.1.2 of [RFC7643].
+=============+=======+=====+=======+=========+========+========+ +=============+=======+=====+=======+=========+========+========+
| Attribute | Multi | Req | Case | Mutable | Return | Unique | | Attribute | Multi | Req | Case | Mutable | Return | Unique |
| | Value | | Exact | | | | | | Value | | Exact | | | |
+=============+=======+=====+=======+=========+========+========+ +=============+=======+=====+=======+=========+========+========+
| displayName | F | F | F | RW | Def | None | | displayName | F | F | F | RW | Def | None |
skipping to change at line 390 skipping to change at line 393
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device"], "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "BLE Heart Monitor", "displayName": "BLE Heart Monitor",
"active": true, "active": true,
"meta": { "meta": {
"resourceType": "Device", "resourceType": "Device",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
"lastModified": "2022-05-13T04:42:34Z", "lastModified": "2022-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/Devices/e9e30dba-f08f "location": "https://example.com/v2/Devices/e9e30dba-f08f-\
-4109-8486-d5c6a3316111" 4109-8486-d5c6a3316111"
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 3: Core Device Example Entries Figure 3: Core Device Example Entries
4. Groups 4. Groups
Device and EndpointApp groups are created using the SCIM groups as Device and EndpointApp groups are created using the SCIM groups as
defined in Section 4.2 of [RFC7643]. If set, the "type" subattribute defined in Section 4.2 of [RFC7643]. If set, the "type" subattribute
of the "members" attribute MUST be set to "Device" for devices and of the "members" attribute MUST be set to Device for devices and
"EndpointApp" for endpoint applications. EndpointApp for endpoint applications.
5. Resource Type EndpointApp 5. Resource Type EndpointApp
This section defines the 'EndpointApp' resource type. The This section defines the EndpointApp resource type. The
"ResourceType" schema specifies the metadata about a resource type "ResourceType" schema specifies the metadata about a resource type
(see Section 6 of [RFC7643]). The resource "EndpointApp" represents (see Section 6 of [RFC7643]). The resource EndpointApp represents
client applications that can control and/or receive data from the client applications that can control and/or receive data from the
devices. devices.
6. SCIM EndpointApp Schema 6. SCIM EndpointApp Schema
The EndpointApp schema is used to authorize control or telemetry The EndpointApp schema is used to authorize control or telemetry
services for clients. The schema identifies the application and how services for clients. The schema identifies the application and how
clients are to authenticate to the various services. clients are to authenticate to the various services.
The schema for "EndpointApp" is identified using the schema URI: The schema for EndpointApp is identified using the schema URI:
urn:ietf:params:scim:schemas:core:2.0:EndpointApp urn:ietf:params:scim:schemas:core:2.0:EndpointApp
The following attributes are defined in this schema. The following attributes are defined in this schema.
6.1. Common Attributes 6.1. Common Attributes
Like Section 2.1, the EndpointApp schema contains the three common Like Section 2.1, the EndpointApp schema contains the three common
attributes specified in Section 3.1 of [RFC7643]. attributes specified in Section 3.1 of [RFC7643].
6.2. Singular Attributes 6.2. Singular Attributes
applicationType: A string that represents the type of application. applicationType: A string that represents the type of application.
It will only contain two values: 'deviceControl' or 'telemetry'. It will only contain two values: deviceControl or telemetry.
deviceControl is the application that sends commands to control deviceControl is the application that sends commands to control
the device. telemetry is the application that receives data from the device. telemetry is the application that receives data from
the device. The attribute is required and is not case sensitive. the device. The attribute is required and is not case sensitive.
The attribute is readOnly and should be returned by default. No The attribute is readOnly and should be returned by default. No
uniqueness constraints are imposed on this attribute. uniqueness constraints are imposed on this attribute.
applicationName: A string that represents a human-readable name for applicationName: A string that represents a human-readable name for
the application. This attribute is required and mutable. The the application. This attribute is required and mutable. The
attribute should be returned by default and there is no uniqueness attribute should be returned by default and there is no uniqueness
constraint on the attribute. constraint on the attribute.
skipping to change at line 467 skipping to change at line 470
6.3. Complex Attributes 6.3. Complex Attributes
6.3.1. certificateInfo 6.3.1. certificateInfo
certificateInfo is a complex attribute that contains an X.509 certificateInfo is a complex attribute that contains an X.509
certificate's subject name and root Certificate Authority (CA) certificate's subject name and root Certificate Authority (CA)
information associated with application clients that will connect for information associated with application clients that will connect for
purposes of device control or telemetry. purposes of device control or telemetry.
rootCA: A base64-encoded string as described in Section 4 of rootCA: A base64-encoded string as described in Section 4 of
[RFC4648] a trust anchor certificate. This trust anchor is [RFC4648]. It is a trust anchor certificate applicable for
applicable for certificates used for client application access. certificates used for client application access. The object is
The object is not required, singular, case sensitive, and read/ not required. It is singular, case sensitive, and read/write. If
write. If not present, a set of trust anchors MUST be configured not present, a set of trust anchors MUST be configured out of
out of band. band.
subjectName: When present, a string that contains one of two names: subjectName: When present, a string that contains one of two names:
* a distinguished name that will be present in the certificate * a distinguished name that will be present in the certificate
subject field, as described in Section 4.1.2.4 of [RFC5280] or subject field, as described in Section 4.1.2.4 of [RFC5280] or
* a dnsName as part of a subjectAlternateName, as described in * a dnsName as part of a subjectAlternateName, as described in
Section 4.2.1.6 of [RFC5280]. Section 4.2.1.6 of [RFC5280].
In the latter case, servers validating such certificates SHALL In the latter case, servers validating such certificates SHALL
reject connections when the name of the peer as resolved by a DNS reject connections when the name of the peer as resolved by a DNS
reverse lookup does not match the dnsName in the certificate. If reverse lookup does not match the dnsName in the certificate. If
multiple dnsNames are present, it is left to server multiple dnsNames are present, it is left to server
implementations to address any authorization conflicts associated implementations to address any authorization conflicts associated
with those names. This attribute is not required, mutable, with those names. This attribute is not required, mutable,
singular, and NOT case sensitive. singular, and not case sensitive.
+=================+=======+===+=======+=========+========+========+ +=================+=======+===+=======+=========+========+========+
| Attribute | Multi |Req| Case | Mutable | Return | Unique | | Attribute | Multi |Req| Case | Mutable | Return | Unique |
| | Value | | Exact | | | | | | Value | | Exact | | | |
+=================+=======+===+=======+=========+========+========+ +=================+=======+===+=======+=========+========+========+
| applicationType | F |T | F | R | Def | None | | applicationType | F |T | F | R | Def | None |
+-----------------+-------+---+-------+---------+--------+--------+ +-----------------+-------+---+-------+---------+--------+--------+
| applicationName | F |T | F | RW | Def | None | | applicationName | F |T | F | RW | Def | None |
+-----------------+-------+---+-------+---------+--------+--------+ +-----------------+-------+---+-------+---------+--------+--------+
| clientToken | F |F | T | R | N | None | | clientToken | F |F | T | R | N | None |
skipping to change at line 513 skipping to change at line 516
| subjectName | F |T | T | RW | Def | None | | subjectName | F |T | T | RW | Def | None |
+-----------------+-------+---+-------+---------+--------+--------+ +-----------------+-------+---+-------+---------+--------+--------+
Table 2: Characteristics of EndpointApp Schema Attributes Table 2: Characteristics of EndpointApp Schema Attributes
Legend: Legend:
Req: Required Req: Required
T: True T: True
F: False F: False
R: ReadOnly RO: ReadOnly
RW: ReadWrite RW: ReadWrite
Manuf: Manufacturer
N: No N: No
Def: Default Def: Default
Note that either clientToken or certificateInfo is used for the If certificateInfo is provided by the client and is accepted by the
authentication of the application. If certificateInfo is NOT present server, the server MUST return that multivalued attribute in its
when an endpointApp object is created, then the server SHOULD return response. Otherwise, the server is expected to return a clientToken.
a clientToken. Otherwise, if the server accepts the certificateInfo If the server returns neither certificateInfo nor a clientToken, then
object for authentication, it SHOULD NOT return a clientToken. If external authentication such as [OAUTHv2] MUST be pre-arranged. If
the server accepts and produces a clientToken, then control and the server accepts a certificate and produces a clientToken, then
telemetry servers MUST validate both. The SCIM client will know that control and telemetry servers MUST validate both.
this is the case based on the SCIM object that is returned.
certificateInfo is preferred in situations where client functions are certificateInfo is preferred in situations where client functions are
federated such that different clients may connect for different federated such that different clients may connect for different
purposes. purposes.
<CODE BEGINS> <CODE BEGINS>
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:EndpointApp"], "schemas": ["urn:ietf:params:scim:schemas:core:2.0:EndpointApp"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316212", "id": "e9e30dba-f08f-4109-8486-d5c6a3316212",
"applicationType": "deviceControl", "applicationType": "deviceControl",
"applicationName": "Device Control App 1", "applicationName": "Device Control App 1",
"certificateInfo": { "certificateInfo": {
"rootCA" : "MIIBIjAN...", "rootCA" : "MIIBIjAN...",
"subjectName": "www.example.com" "subjectName": "www.example.com"
}, },
"meta": { "meta": {
"resourceType": "EndpointApp", "resourceType": "EndpointApp",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
"lastModified": "2022-05-13T04:42:34Z", "lastModified": "2022-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/EndpointApps/e9e30dba-f08f "location": "https://example.com/v2/EndpointApps/e9e30dba-f08f-\
-4109-8486-d5c6a3316212" 4109-8486-d5c6a3316212"
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 4: Endpoint App Example Figure 4: Endpoint App Example
7. SCIM Device Extensions 7. SCIM Device Extensions
SCIM provides various extension schemas, their attributes, JSON SCIM provides various extension schemas and their attributes, along
representation, and example object. The core schema is extended with with JSON representations and example objects. The core schema is
a new resource type, Device. No schemaExtensions list is specified extended with a new resource type, Device. No schemaExtensions list
in that definition. Instead, IANA registry entries have been is specified in that definition. Instead, IANA registry entries have
created, where all values for "required" are set to false. All been created, where all values for "required" are set to false. All
extensions to the Device schema MUST be registered via IANA, as extensions to the device schema MUST be registered via IANA, as
described in Section 9.2. The schemas below demonstrate how this described in Section 9.2. The schemas below demonstrate how this
model is to work. All the SCIM server-related schema URIs are valid model is to work. All the SCIM server-related schema URIs are valid
only with Device resource types. only with Device resource types.
7.1. Bluetooth Low Energy (BLE) Extension 7.1. Bluetooth Low Energy (BLE) Extension
This schema extends the device schema to represent the devices This schema extends the device schema to represent the devices
supporting BLE. The extension is identified using the following supporting BLE. The extension is identified using the following
schema URI: schema URI:
skipping to change at line 587 skipping to change at line 588
7.1.1. Singular Attributes 7.1.1. Singular Attributes
deviceMacAddress: A string value that represents a public MAC deviceMacAddress: A string value that represents a public MAC
address assigned by the manufacturer. It is a unique 48-bit address assigned by the manufacturer. It is a unique 48-bit
value. It is required, case insensitive, mutable, and returned by value. It is required, case insensitive, mutable, and returned by
default. The ECMA regular expression pattern [ECMA] is the default. The ECMA regular expression pattern [ECMA] is the
following: following:
^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){5}$ ^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){5}$
isRandom: A boolean flag taken from [BLE54]. If FALSE, the device isRandom: A boolean flag. If false, the device is using a public
is using a public MAC address. If TRUE, the device uses a random MAC address. If true, the device uses a random address. If an
address. If an Identifying Resolving Key (IRK) is present, the Identifying Resolving Key (IRK) is present, the address represents
address represents a resolvable private address. Otherwise, the a resolvable private address. Otherwise, the address is assumed
address is assumed to be a random static address. Non-resolvable to be a random static address. Non-resolvable private addresses
private addresses are not supported by this specification. This are not supported by this specification. This attribute is not
attribute is not required. It is mutable and is returned by required. It is mutable and is returned by default. The default
default. The default value is FALSE. value is false. See Volume 6, Part B, Section 1.3 of [BLE54] for
more information about different address types.
separateBroadcastAddress: When present, this string represents an separateBroadcastAddress: When present, this string represents an
address used for broadcasts/advertisements. This value MUST NOT address used for broadcasts/advertisements. This value MUST NOT
be set when an IRK is provided. Its form is the same as be set when an IRK is provided. Its form is the same as
deviceMacAddress. It is not required, multivalued, mutable, and deviceMacAddress. It is not required, multivalued, mutable, and
returned by default. returned by default.
irk: A string value that specifies the IRK, which is unique to each irk: A string value that specifies the IRK, which is unique to each
device. It is used to resolve a private random address. It device. It is used to resolve a private random address. It
should only be provisioned when isRandom is TRUE. It is mutable should only be provisioned when isRandom is true. It is mutable
and never returned. For more information about the use of the and never returned. For more information about the use of the
IRK, see Volume 1, Part A, Section 5.4.5 of [BLE54]. IRK, see Volume 1, Part A, Section 5.4.5 of [BLE54].
mobility: A boolean attribute to enable BLE device mobility. If set mobility: A boolean attribute to enable BLE device mobility. If set
to TRUE, the device could be expected to move within a network of to true, the device could be expected to move within a network of
APs. For example, if a BLE device is connected with AP-1 and Access Points (APs). For example, if a BLE device is connected
moves out of range but comes in range of AP-2, it will be with AP-1 and moves out of range but comes in range of AP-2, it
disconnected with AP-1 and connected with AP-2. It is returned by will be disconnected with AP-1 and connected with AP-2. It is
default and mutable. returned by default and mutable.
7.1.2. Multivalued Attributes 7.1.2. Multivalued Attributes
versionSupport: A multivalued set of strings that specifies the BLE versionSupport: A multivalued set of strings that specifies the BLE
versions supported by the device in the form of an array, for versions supported by the device in the form of an array, for
example, ["4.1", "4.2", "5.0", "5.1", "5.2", "5.3", "5.4"]. It is example, ["4.1", "4.2", "5.0", "5.1", "5.2", "5.3", "5.4"]. It is
required, mutable, and returned by default. required, mutable, and returned by default.
pairingMethods: A multivalued set of strings that specifies pairing pairingMethods: A multivalued set of strings that specifies pairing
methods associated with the BLE device. The pairing methods may methods associated with the BLE device. The pairing methods may
skipping to change at line 639 skipping to change at line 641
is required, case sensitive, mutable, and returned by default. is required, case sensitive, mutable, and returned by default.
7.1.3. BLE Pairing Method Extensions 7.1.3. BLE Pairing Method Extensions
The details on pairing methods and their associated attributes are in The details on pairing methods and their associated attributes are in
Volume 1, Part A, Section 5.2.4 of [BLE54]. This memo defines Volume 1, Part A, Section 5.2.4 of [BLE54]. This memo defines
extensions for four pairing methods that are nested inside the BLE extensions for four pairing methods that are nested inside the BLE
extension schema. Each extension contains the common attributes in extension schema. Each extension contains the common attributes in
Section 6.1. These extensions are as follows: Section 6.1. These extensions are as follows:
i. The pairingNull extension is identified using the following pairingNull extension: Identified using the following schema URI:
schema URI:
urn:ietf:params:scim:schemas:extension:pairingNull:2.0:Device urn:ietf:params:scim:schemas:extension:pairingNull:2.0:Device
pairingNull does not have any attribute. It allows pairing for pairingNull does not have any attribute. It allows pairing for
BLE devices that do not require a pairing method. BLE devices that do not require a pairing method.
ii. The pairingJustWorks extension is identified using the pairingJustWorks extension: Identified using the following schema
following schema URI: URI:
urn:ietf:params:scim:schemas:extension:pairingJustWorks:2.0:Device urn:ietf:params:scim:schemas:extension:pairingJustWorks:2.0:Device
The Just Works pairing method does not require a key to pair The Just Works pairing method does not require a key to pair
devices. For completeness, the key attribute is included and devices. For completeness, the key attribute is included and is
is set to 'null'. The key attribute is required, immutable, set to 'null'. The key attribute is required, immutable, and
and returned by default. returned by default.
iii. The pairingPassKey extension is identified using the following pairingPassKey extension: Identified using the following schema URI:
schema URI:
urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:Device urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:Device
The passkey pairing method requires a 6-digit key to pair The passkey pairing method requires a 6-digit key to pair devices.
devices. This extension has one singular integer attribute, This extension has one singular integer attribute, "key", which is
"key", which is required, mutable, and returned by default. required, mutable, and returned by default. The key pattern is as
The key pattern is as follows: follows:
^[0-9]{6}$ ^[0-9]{6}$
iv. The pairingOOB extension is identified using the following pairingOOB extension: Identified using the following schema URI:
schema URI:
urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:Device urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:Device
The out-of-band (OOB) pairing method includes three singular The out-of-band (OOB) pairing method includes three singular
attributes: key, randomNumber, and confirmationNumber. attributes: key, randomNumber, and confirmationNumber.
key: A string value that is required and received from out-of- key:
band sources such as Near Field Communication (NFC). It is A string value that is required and received from out-of-band
case sensitive, mutable, and returned by default. sources such as Near Field Communication (NFC). It is case
sensitive, mutable, and returned by default.
randomNumber: An integer that represents a nonce added to the randomNumber:
key. It is a required attribute. It is mutable and An integer that represents a nonce added to the key. It is a
returned by default. required attribute. It is mutable and returned by default.
confirmationNumber: An integer that some solutions require in confirmationNumber:
a RESTful message exchange. It is not required. It is An integer that some solutions require in a RESTful message
mutable and returned by default if it exists. exchange (where RESTful refers to the Representational State
Transfer (REST) architecture). It is not required. It is
mutable and returned by default if it exists.
+==================+=======+===+=======+=========+========+========+ +==================+=======+===+=======+=========+========+========+
| Attribute | Multi |Req| Case | Mutable | Return | Unique | | Attribute | Multi |Req| Case | Mutable | Return | Unique |
| | Value | | Exact | | | | | | Value | | Exact | | | |
+==================+=======+===+=======+=========+========+========+ +==================+=======+===+=======+=========+========+========+
| deviceMacAddress | F |T | F | RW | Def | Manuf | | deviceMacAddress | F |T | F | RW | Def | Manuf |
+------------------+-------+---+-------+---------+--------+--------+ +------------------+-------+---+-------+---------+--------+--------+
| isRandom | F |T | F | RW | Def | None | | isRandom | F |T | F | RW | Def | None |
+------------------+-------+---+-------+---------+--------+--------+ +------------------+-------+---+-------+---------+--------+--------+
| sepBroadcastAdd | T |F | F | RW | Def | None | | sepBroadcastAdd | T |F | F | RW | Def | None |
skipping to change at line 717 skipping to change at line 719
Table 3: Characteristics of BLE Extension Schema Attributes Table 3: Characteristics of BLE Extension Schema Attributes
Legend: Legend:
sepBroadcastAdd: separateBroadcastAddress sepBroadcastAdd: separateBroadcastAddress
Req: Required Req: Required
T: True T: True
F: False F: False
RW: ReadWrite RW: ReadWrite
WO: Write Only WO: WriteOnly
Def: Default Def: Default
Nev: Never Nev: Never
Manuf: Manufacturer Manuf: Manufacturer
<CODE BEGINS> <CODE BEGINS>
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device",
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device"], "urn:ietf:params:scim:schemas:extension:ble:2.0:Device"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "BLE Heart Monitor", "displayName": "BLE Heart Monitor",
"active": true, "active": true,
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : { "urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : {
"versionSupport": ["5.3"], "versionSupport": ["5.3"],
"deviceMacAddress": "2C:54:91:88:C9:E2", "deviceMacAddress": "2C:54:91:88:C9:E2",
"isRandom": false, "isRandom": false,
"separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77 "separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77:\
:22:12"], 22:12"],
"mobility": true, "mobility": true,
"pairingMethods": ["urn:ietf:params:scim:schemas:extension "pairingMethods": ["urn:ietf:params:scim:schemas:extension:\
:pairingPassKey:2.0:Device"], pairingPassKey:2.0:Device"],
"urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0 "urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:\
:Device" : { Device" : {
"key": 123456 "key": 123456
} }
}, },
"meta": { "meta": {
"resourceType": "Device", "resourceType": "Device",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
"lastModified": "2022-05-13T04:42:34Z", "lastModified": "2022-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/Devices/e9e30dba-f08f-4109 "location": "https://example.com/v2/Devices/e9e30dba-f08f-4109-\
-8486-d5c6a3316111" 8486-d5c6a3316111"
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 5: BLE Example Figure 5: BLE Example
In the above example, the pairing method is "pairingPassKey", which In the above example, the pairing method is "pairingPassKey", which
implies that this BLE device pairs using only a passkey. In another implies that this BLE device pairs using only a passkey. In another
example below, the pairing method is "pairingOOB", denoting that this example below, the pairing method is "pairingOOB", denoting that this
BLE device uses the out-of-band pairing method. BLE device uses the out-of-band pairing method.
skipping to change at line 774 skipping to change at line 776
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device",
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device"], "urn:ietf:params:scim:schemas:extension:ble:2.0:Device"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "BLE Heart Monitor", "displayName": "BLE Heart Monitor",
"active": true, "active": true,
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : { "urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : {
"versionSupport": ["5.3"], "versionSupport": ["5.3"],
"deviceMacAddress": "2C:54:91:88:C9:E2", "deviceMacAddress": "2C:54:91:88:C9:E2",
"isRandom": false, "isRandom": false,
"separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77 "separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77:\
:22:12"], 22:12"],
"mobility": true, "mobility": true,
"pairingMethods": ["urn:ietf:params:scim:schemas:extension "pairingMethods": ["urn:ietf:params:scim:schemas:extension:\
:pairingOOB:2.0:Device"], pairingOOB:2.0:Device"],
"urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:Device": "urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:Device": {
{
"key": "TheKeyvalueRetrievedFromOOB", "key": "TheKeyvalueRetrievedFromOOB",
"randomNumber": 238796813516896 "randomNumber": 238796813516896
} }
}, },
"meta": { "meta": {
"resourceType": "Device", "resourceType": "Device",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
"lastModified": "2022-05-13T04:42:34Z", "lastModified": "2022-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/Devices/e9e30dba-f08f-4109 "location": "https://example.com/v2/Devices/e9e30dba-f08f-4109-\
-8486-d5c6a3316111" 8486-d5c6a3316111"
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 6: BLE with pairingOOB Figure 6: BLE with pairingOOB
However, a device can have more than one pairing method. Support for However, a device can have more than one pairing method. Support for
multiple pairing methods is also provided by the multivalued multiple pairing methods is also provided by the multivalued
attribute pairingMethods. In the example below, the BLE device can attribute pairingMethods. In the example below, the BLE device can
pair with both passkey and OOB pairing methods. pair with both passkey and OOB pairing methods.
skipping to change at line 815 skipping to change at line 816
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device",
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device"], "urn:ietf:params:scim:schemas:extension:ble:2.0:Device"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "BLE Heart Monitor", "displayName": "BLE Heart Monitor",
"active": true, "active": true,
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : { "urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : {
"versionSupport": ["5.3"], "versionSupport": ["5.3"],
"deviceMacAddress": "2C:54:91:88:C9:E2", "deviceMacAddress": "2C:54:91:88:C9:E2",
"isRandom": false, "isRandom": false,
"separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77 "separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77:\
:22:12"], 22:12"],
"mobility": true, "mobility": true,
"pairingMethods": ["urn:ietf:params:scim:schemas:extension "pairingMethods": ["urn:ietf:params:scim:schemas:extension:\
:pairingPassKey:2.0:Device", pairingPassKey:2.0:Device",
"urn:ietf:params:scim:schemas:extension:pairingOOB:2.0 "urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:\
:Device"], Device"],
"urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0 "urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:\
:Device" : { Device" : {
"key": 123456 "key": 123456
}, },
"urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:Device": "urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:Device": {
{
"key": "TheKeyvalueRetrievedFromOOB", "key": "TheKeyvalueRetrievedFromOOB",
"randomNumber": 238796813516896 "randomNumber": 238796813516896
} }
}, },
"meta": { "meta": {
"resourceType": "Device", "resourceType": "Device",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
"lastModified": "2022-05-13T04:42:34Z", "lastModified": "2022-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/Devices/e9e30dba-f08f-4109 "location": "https://example.com/v2/Devices/e9e30dba-f08f-4109-\
-8486-d5c6a3316111" 8486-d5c6a3316111"
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 7: BLE Pairing with Both Passkey and OOB Figure 7: BLE Pairing with Both Passkey and OOB
7.2. Wi-Fi Easy Connect Extension 7.2. Wi-Fi Easy Connect Extension
A schema that extends the device schema to enable Wi-Fi Easy Connect This section describes a schema that extends the device schema to
(otherwise known as Device Provisioning Protocol (DPP)). Throughout enable Wi-Fi Easy Connect (otherwise known as Device Provisioning
this specification, we use the term "DPP". The extension is Protocol (DPP)). Throughout this specification, we use the term
identified using the following schema URI: "DPP". The extension is identified using the following schema URI:
urn:ietf:params:scim:schemas:extension:dpp:2.0:Device urn:ietf:params:scim:schemas:extension:dpp:2.0:Device
The attributes in this extension are adopted from [DPP2]. The The attributes in this extension are adopted from [DPP2]. The
attributes are as follows. attributes are as follows.
7.2.1. Singular Attributes 7.2.1. Singular Attributes
dppVersion: An integer that represents the version of DPP the device dppVersion: An integer that represents the version of DPP the device
supports. This attribute is required, case insensitive, mutable, supports. This attribute is required, case insensitive, mutable,
skipping to change at line 915 skipping to change at line 915
+---------------------+-----+---+-----+---------+--------+--------+ +---------------------+-----+---+-----+---------+--------+--------+
Table 4: Characteristics of DPP Extension Schema Attributes Table 4: Characteristics of DPP Extension Schema Attributes
Legend: Legend:
Req: Required Req: Required
T: True T: True
F: False F: False
RW: ReadWrite RW: ReadWrite
WO: Write Only WO: WriteOnly
Def: Default Def: Default
Nev: Never Nev: Never
Manuf: Manufacturer Manuf: Manufacturer
<CODE BEGINS> <CODE BEGINS>
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device",
"urn:ietf:params:scim:schemas:extension:dpp:2.0 "urn:ietf:params:scim:schemas:extension:dpp:2.0:\
:Device"], Device"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "WiFi Heart Monitor", "displayName": "WiFi Heart Monitor",
"active": true, "active": true,
"urn:ietf:params:scim:schemas:extension:dpp:2.0:Device" : { "urn:ietf:params:scim:schemas:extension:dpp:2.0:Device" : {
"dppVersion": 2, "dppVersion": 2,
"bootstrappingMethod": ["QR"], "bootstrappingMethod": ["QR"],
"bootstrapKey": "bootstrapKey": "\
"MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmt MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXru\
tZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=", VWOz0NjlkIA=",
"deviceMacAddress": "2C:54:91:88:C9:F2", "deviceMacAddress": "2C:54:91:88:C9:F2",
"classChannel": ["81/1", "115/36"], "classChannel": ["81/1", "115/36"],
"serialNumber": "4774LH2b4044" "serialNumber": "4774LH2b4044"
}, },
"meta": { "meta": {
"resourceType": "Device", "resourceType": "Device",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
"lastModified": "2022-05-13T04:42:34Z", "lastModified": "2022-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/Devices/e9e30dba-f08f "location": "https://example.com/v2/Devices/e9e30dba-f08f-\
-4109-8486-d5c6a3316111" 4109-8486-d5c6a3316111"
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 8: DPP Example Figure 8: DPP Example
7.3. Ethernet MAB Extension 7.3. Ethernet MAB Extension
This extension enables a legacy means of (very) weak authentication, This extension enables a legacy means of (very) weak authentication,
known as MAC Authenticated Bypass (MAB), that is supported in many known as MAC Authenticated Bypass (MAB), that is supported in many
skipping to change at line 994 skipping to change at line 994
Req: Required Req: Required
T: True T: True
F: False F: False
RW: ReadWrite RW: ReadWrite
Def: Default Def: Default
<CODE BEGINS> <CODE BEGINS>
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device",
"urn:ietf:params:scim:schemas:extension:ethernet-mab:2.0 "urn:ietf:params:scim:schemas:extension:ethernet-mab:2.0:Device\
:Device"], "],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "Some random Ethernet Device", "displayName": "Some random Ethernet Device",
"active": true, "active": true,
"urn:ietf:params:scim:schemas:extension:ethernet-mab:2.0:Device" "urn:ietf:params:scim:schemas:extension:ethernet-mab:2.0:Device" \
: { : {
"deviceMacAddress": "2C:54:91:88:C9:E2" "deviceMacAddress": "2C:54:91:88:C9:E2"
}, },
"meta": { "meta": {
"resourceType": "Device", "resourceType": "Device",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
"lastModified": "2022-05-13T04:42:34Z", "lastModified": "2022-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/Devices/e9e30dba-f08f-4109 "location": "https://example.com/v2/Devices/e9e30dba-f08f-4109-\
-8486-d5c6a3316111" 8486-d5c6a3316111"
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 9: MAB Example Figure 9: MAB Example
7.4. FIDO Device Onboard Extension 7.4. FIDO Device Onboard Extension
This extension specifies a voucher to be used by the FDO Device This extension specifies a voucher to be used by the FDO Device
Onboard (FDO) protocols [FDO11] to complete a trusted transfer of Onboard (FDO) protocols [FDO11] to complete a trusted transfer of
skipping to change at line 1057 skipping to change at line 1057
Req: Required Req: Required
T: True T: True
F: False F: False
WO: WriteOnly WO: WriteOnly
Nev: Never Nev: Never
<CODE BEGINS> <CODE BEGINS>
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Devices", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Devices",
"urn:ietf:params:scim:schemas:extension:fido-device-onboard "urn:ietf:params:scim:schemas:extension:fido-device-onboard:2.0\
:2.0:Devices"], :Devices"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "Some random Ethernet Device", "displayName": "Some random Ethernet Device",
"active": true, "active": true,
"urn:ietf:params:scim:schemas:extension:fido-device-onboard:2.0 "urn:ietf:params:scim:schemas:extension:fido-device-onboard:2.0:\
:Devices" : { Devices" : {
"fdoVoucher": "{... voucher ...}" "fdoVoucher": "{... voucher ...}"
}, },
"meta": { "meta": {
"resourceType": "Device", "resourceType": "Device",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
"lastModified": "2022-05-13T04:42:34Z", "lastModified": "2022-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/Devices/e9e30dba-f08f-4109 "location": "https://example.com/v2/Devices/e9e30dba-f08f-4109-\
-8486-d5c6a3316111" 8486-d5c6a3316111"
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 10: FDO Example Figure 10: FDO Example
7.5. Zigbee Extension 7.5. Zigbee Extension
A schema that extends the device schema to enable the provisioning of This section describes a schema that extends the device schema to
Zigbee devices [Zigbee]. The extension is identified using the enable the provisioning of Zigbee devices [Zigbee]. The extension is
following schema URI: identified using the following schema URI:
urn:ietf:params:scim:schemas:extension:zigbee:2.0:Device urn:ietf:params:scim:schemas:extension:zigbee:2.0:Device
It has one singular attribute and one multivalued attribute. The It has one singular attribute and one multivalued attribute. The
attributes are as follows. attributes are as follows.
7.5.1. Singular Attribute 7.5.1. Singular Attribute
deviceEui64Address: A 64-bit Extended Unique Identifier (EUI-64) deviceEui64Address: A 64-bit Extended Unique Identifier (EUI-64)
device address stored as string. This attribute is required, case device address stored as string. This attribute is required, case
skipping to change at line 1142 skipping to change at line 1142
"urn:ietf:params:scim:schemas:extension:zigbee:2.0:Device" : { "urn:ietf:params:scim:schemas:extension:zigbee:2.0:Device" : {
"versionSupport": ["3.0"], "versionSupport": ["3.0"],
"deviceEui64Address": "50:32:5F:FF:FE:E7:67:28" "deviceEui64Address": "50:32:5F:FF:FE:E7:67:28"
}, },
"meta": { "meta": {
"resourceType": "Device", "resourceType": "Device",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
"lastModified": "2022-05-13T04:42:34Z", "lastModified": "2022-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/Devices/e9e30dba-f08f-4109 "location": "https://example.com/v2/Devices/e9e30dba-f08f-4109-\
-8486-d5c6a3316111" 8486-d5c6a3316111"
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 11: Zigbee Example Figure 11: Zigbee Example
7.6. The Endpoint Applications Extension Schema 7.6. The Endpoint Applications Extension Schema
Sometimes non-IP devices such as those using BLE or Zigbee require an Sometimes non-IP devices such as those using BLE or Zigbee require an
application gateway interface to manage them. SCIM clients MUST NOT application gateway interface to manage them.
specify this to describe native IP-based devices.
endpointAppsExt provides the list of applications that connect to an endpointAppsExt provides the list of applications that connect to an
enterprise gateway. endpointAppsExt has one multivalued attribute and enterprise gateway. endpointAppsExt has one multivalued attribute and
two singular attributes. The extension is identified using the two singular attributes. The extension is identified using the
following schema URI: following schema URI:
urn:ietf:params:scim:schemas:extension:endpointAppsExt:2.0:Device urn:ietf:params:scim:schemas:extension:endpointAppsExt:2.0:Device
7.6.1. Singular Attributes 7.6.1. Singular Attributes
skipping to change at line 1179 skipping to change at line 1178
response to the onboarding application. This attribute is response to the onboarding application. This attribute is
required, case sensitive, mutable, and returned by default. The required, case sensitive, mutable, and returned by default. The
uniqueness is enforced by the enterprise. uniqueness is enforced by the enterprise.
telemetryEnterpriseEndpoint: A string representing a URL of the telemetryEnterpriseEndpoint: A string representing a URL of the
enterprise endpoint to reach an enterprise gateway for telemetry. enterprise endpoint to reach an enterprise gateway for telemetry.
When the enterprise receives the SCIM object from the onboarding When the enterprise receives the SCIM object from the onboarding
application, it adds this attribute to it and sends it back as a application, it adds this attribute to it and sends it back as a
response to the onboarding application. This attribute is response to the onboarding application. This attribute is
optional, case sensitive, mutable, and returned by default. The optional, case sensitive, mutable, and returned by default. The
uniqueness is enforced by the enterprise. An implementation MUST uniqueness is enforced by the enterprise. This attribute is
generate an exception if telemetryEnterpriseEndpoint is not populated when the enterprise provides a telemetry endpoint (e.g.,
returned and telemetry is required for the proper functioning of a hosted by the enterprise gateway). If a telemetry service is not
device. known by the SCIM server, the attribute will not be returned. In
such cases, if the application requires telemetry, separate
arrangements must be made.
7.6.2. Multivalued Attribute 7.6.2. Multivalued Attribute
applications: A multivalued attribute of one or more complex applications: A multivalued attribute of one or more complex
attributes that represent a list of endpoint applications, i.e., attributes that represent a list of endpoint applications, i.e.,
deviceControl and telemetry. Each entry in the list comprises two deviceControl and telemetry. Each entry in the list comprises two
attributes including "value" and "$ref". attributes including "value" and "$ref".
value: A string containing the identifier of the endpoint value: A string containing the identifier of the endpoint
application formatted as a Universally Unique Identifier (UUID). application formatted as a Universally Unique Identifier (UUID).
It is the same as the common attribute "$id" of the resource It is the same as the common attribute "$id" of the resource
"endpointApp". It is read/write, required, case insensitive, and EndpointApp. It is read/write, required, case insensitive, and
returned by default. returned by default.
$ref: A reference to the respective endpointApp resource object $ref: A reference to the respective EndointApp resource object
stored in the SCIM server. It is readOnly, required, case stored in the SCIM server. It is readOnly, required, case
sensitive, and returned by default. sensitive, and returned by default.
+====================+=====+===+=======+=========+========+========+ +====================+=====+===+=======+=========+========+========+
| Attribute |Multi|Req| Case | Mutable | Return | Unique | | Attribute |Multi|Req| Case | Mutable | Return | Unique |
| |Value| | Exact | | | | | |Value| | Exact | | | |
+====================+=====+===+=======+=========+========+========+ +====================+=====+===+=======+=========+========+========+
| devContEntEndpoint |F |T | T | R | Def | Ent | | devContEntEndpoint |F |T | T | R | Def | Ent |
+--------------------+-----+---+-------+---------+--------+--------+ +--------------------+-----+---+-------+---------+--------+--------+
| telEntEndpoint |F |F | T | R | Def | Ent | | telEntEndpoint |F |F | T | R | Def | Ent |
+--------------------+-----+---+-------+---------+--------+--------+ +--------------------+-----+---+-------+---------+--------+--------+
| applications |T |T | F | RW | Def | None | | applications |T |T | F | RW | Def | None |
+--------------------+-----+---+-------+---------+--------+--------+ +--------------------+-----+---+-------+---------+--------+--------+
| value |F |T | F | RW | Def | None | | value |F |T | F | RW | Def | None |
+--------------------+-----+---+-------+---------+--------+--------+ +--------------------+-----+---+-------+---------+--------+--------+
| $ref |F |T | F | R | Def | None | | $ref |F |T | F | R | Def | None |
+--------------------+-----+---+-------+---------+--------+--------+ +--------------------+-----+---+-------+---------+--------+--------+
Table 8: Characteristics of EndpointAppsExt Extension Schema Table 8: Characteristics of endpointAppsExt Extension Schema
Attributes Attributes
Legend: Legend:
devContEntEndpoint: deviceControlEnterpriseEndpoint devContEntEndpoint: deviceControlEnterpriseEndpoint
telEntEndpoint: telemetryEnterpriseEndpoint telEntEndpoint: telemetryEnterpriseEndpoint
Req: Required Req: Required
T: True T: True
F: False F: False
R: ReadOnly RO: ReadOnly
RW: ReadWrite RW: ReadWrite
Ent: Enterprise Ent: Enterprise
Def: Default Def: Default
<CODE BEGINS> <CODE BEGINS>
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device", "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Device",
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device", "urn:ietf:params:scim:schemas:extension:ble:2.0:Device",
"urn:ietf:params:scim:schemas:extension:endpointAppsExt:2.0 "urn:ietf:params:scim:schemas:extension:endpointAppsExt:2.0:\
:Device"], Device"],
"id": "e9e30dba-f08f-4109-8486-d5c6a3316111", "id": "e9e30dba-f08f-4109-8486-d5c6a3316111",
"displayName": "BLE Heart Monitor", "displayName": "BLE Heart Monitor",
"active": true, "active": true,
"urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : { "urn:ietf:params:scim:schemas:extension:ble:2.0:Device" : {
"versionSupport": ["5.3"], "versionSupport": ["5.3"],
"deviceMacAddress": "2C:54:91:88:C9:E2", "deviceMacAddress": "2C:54:91:88:C9:E2",
"isRandom": false, "isRandom": false,
"separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77 "separateBroadcastAddress": ["AA:BB:88:77:22:11", "AA:BB:88:77:\
:22:12"], 22:12"],
"mobility": false, "mobility": false,
"pairingMethods": [ "pairingMethods": [
"urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0 "urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:\
:Device"], Device"],
"urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0 "urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:\
:Device" : { Device" : {
"key": 123456 "key": 123456
} }
}, },
"urn:ietf:params:scim:schemas:extension:endpointAppsExt:2.0 "urn:ietf:params:scim:schemas:extension:endpointAppsExt:2.0:Device\
:Device": { ": {
"applications": [ "applications": [
{ {
"value" : "e9e30dba-f08f-4109-8486-d5c6a3316212", "value" : "e9e30dba-f08f-4109-8486-d5c6a3316212",
"$ref" : "https://example.com/v2/EndpointApps/e9e30dba-f08f "$ref" : "https://example.com/v2/EndpointApps/e9e30dba-f08f-\
-4109-8486-d5c6a3316212" 4109-8486-d5c6a3316212"
}, },
{ {
"value" : "e9e30dba-f08f-4109-8486-d5c6a3316333", "value" : "e9e30dba-f08f-4109-8486-d5c6a3316333",
"$ref" : "https://example.com/v2/EndpointApps/e9e30dba-f08f "$ref" : "https://example.com/v2/EndpointApps/e9e30dba-f08f-\
-4109-8486-d5c6a3316333" 4109-8486-d5c6a3316333"
} }
], ],
"deviceControlEnterpriseEndpoint": "https "deviceControlEnterpriseEndpoint": "https://example.com/\
://example.com/device_control_app_endpoint/", device_control_app_endpoint/",
"telemetryEnterpriseEndpoint": "https "telemetryEnterpriseEndpoint": "mqtts://example.com/\
://example.com/telemetry_app_endpoint/" telemetry_app_endpoint/"
}, },
"meta": { "meta": {
"resourceType": "Device", "resourceType": "Device",
"created": "2022-01-23T04:56:22Z", "created": "2022-01-23T04:56:22Z",
"lastModified": "2022-05-13T04:42:34Z", "lastModified": "2022-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/Devices/e9e30dba-f08f-4109 "location": "https://example.com/v2/Devices/e9e30dba-f08f-4109-\
-8486-d5c6a3316111" 8486-d5c6a3316111"
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 12: Endpoint Applications Extension Example Figure 12: Endpoint Applications Extension Example
The schema for the endpointAppsExt extension along with BLE extension The schema for the endpointAppsExt extension along with BLE extension
is presented in JSON format in Appendix A.9, while the OpenAPI is presented in JSON format in Appendix A.9, while the OpenAPI
representation is provided in Appendix B.8. representation is provided in Appendix B.8.
skipping to change at line 1371 skipping to change at line 1372
SCIM logs. Due to the sensitive nature of SCIM operations, logs SCIM logs. Due to the sensitive nature of SCIM operations, logs
SHOULD be encrypted both on the disk and in transit. SHOULD be encrypted both on the disk and in transit.
9. IANA Considerations 9. IANA Considerations
9.1. New Schemas 9.1. New Schemas
IANA has added the following additions to the "SCIM Schema URIs for IANA has added the following additions to the "SCIM Schema URIs for
Data Resources" registry: Data Resources" registry:
+====================================+=============+===========+ Schema URI: urn:ietf:params:scim:schemas:core:2.0:Device
| Schema URI | Name | Reference | Name: Core Device Schema
+====================================+=============+===========+ Reference: RFC 9944, Section 3
| urn:ietf:params:scim:schemas:core: | Core Device | RFC 9944, |
| 2.0:Device | Schema | Section 3 |
+------------------------------------+-------------+-----------+
| urn:ietf:params:scim:schemas:core: | Endpoint | RFC 9944, |
| 2.0:EndpointApp | Application | Section 6 |
+------------------------------------+-------------+-----------+
Table 9 Schema URI: urn:ietf:params:scim:schemas:core:2.0:EndpointApp
Name: Endpoint Application
Reference: RFC 9944, Section 6
9.2. Device Schema Extensions 9.2. Device Schema Extensions
IANA has created the following extensions in the "SCIM Server-Related IANA has created the following extensions in the "SCIM Server-Related
Schema URIs" registry as described in Section 7: Schema URIs" registry as described in Section 7:
+================================+=============+========+=========+ Schema URI: urn:ietf:params:scim:schemas:extension:ble:2.0:Device
| Schema URI | Description |Resource|Reference| Description: BLE Extension
| | |Type | | Resource Type: Device
+================================+=============+========+=========+ Reference: RFC 9944, Section 7.1
| urn:ietf:params:scim: | BLE |Device |RFC 9944,|
| schemas:extension: | Extension | |Section |
| ble:2.0:Device | | |7.1 |
+--------------------------------+-------------+--------+---------+
| urn:ietf:params:scim: | Ethernet |Device |RFC 9944,|
| schemas:extension: ethernet- | MAB | |Section |
| mab:2.0:Device | | |7.3 |
+--------------------------------+-------------+--------+---------+
| urn:ietf:params:scim: | FIDO Device |Device |RFC 9944,|
| schemas:extension: fido- | Onboard | |Section |
| device-onboard:2.0:Device | | |7.4 |
+--------------------------------+-------------+--------+---------+
| urn:ietf:params:scim: | Wi-Fi Easy |Device |RFC 9944,|
| schemas:extension: | Connect | |Section |
| dpp:2.0:Device | | |7.2 |
+--------------------------------+-------------+--------+---------+
| urn:ietf:params:scim: | Application |Device |RFC 9944,|
| schemas:extension: | Endpoint | |Section |
| endpointAppsExt:2.0:Device | Extension | |7.1.3 |
+--------------------------------+-------------+--------+---------+
| urn:ietf:params:scim: | Just Works |Device |RFC 9944,|
| schemas:extension: | Auth BLE | |Section |
| pairingJustWorks:2.0:Device | | |7.1.3 |
+--------------------------------+-------------+--------+---------+
| urn:ietf:params:scim: | Out-of-Band |Device |RFC 9944,|
| schemas:extension: | Pairing for | |Section |
| pairingOOB:2.0:Device | BLE | |7.1.3 |
+--------------------------------+-------------+--------+---------+
| urn:ietf:params:scim: | Passkey |Device |RFC 9944,|
| schemas:extension: | Pairing for | |Section |
| pairingPassKey:2.0:Device | BLE | |7.1.3 |
+--------------------------------+-------------+--------+---------+
Table 10 Schema URI:
urn:ietf:params:scim:schemas:extension:ethernet-mab:2.0:Device
Description: Ethernet MAB
Resource Type: Device
Reference: RFC 9944, Section 7.3
Schema URI:
urn:ietf:params:scim:schemas:extension:fido-device-
onboard:2.0:Device
Description: FIDO Device Onboard
Resource Type: Device
Reference: RFC 9944, Section 7.4
Schema URI: urn:ietf:params:scim:schemas:extension:dpp:2.0:Device
Description: Wi-Fi Easy Connect
Resource Type: Device
Reference: RFC 9944, Section 7.2
Schema URI:
urn:ietf:params:scim:schemas:extension:endpointAppsExt:2.0:Device
Description: Application Endpoint Extension
Resource Type: Device
Reference: RFC 9944, Section 7.1.3
Schema URI:
urn:ietf:params:scim:schemas:extension:pairingJustWorks:2.0:Device
Description: Just Works Auth BLE
Resource Type: Device
Reference: RFC 9944, Section 7.1.3
Schema URI:
urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:Device
Description: Out-of-Band Pairing for BLE
Resource Type: Device
Reference: RFC 9944, Section 7.1.3
Schema URI:
urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0:Device
Description: Passkey Pairing for BLE
Resource Type: Device
Reference: RFC 9944, Section 7.1.3
10. References 10. References
10.1. Normative References 10.1. Normative References
[BLE54] Bluetooth SIG, "Bluetooth Core Specification", Version [BLE54] Bluetooth SIG, "Bluetooth Core Specification", Version
5.4, 2023, <https://www.bluetooth.org/DocMan/handlers/ 5.4, 2023, <https://www.bluetooth.org/DocMan/handlers/
DownloadDoc.ashx?doc_id=587177>. DownloadDoc.ashx?doc_id=587177>.
[DPP2] Wi-Fi Alliance, "Wi-Fi Easy Connect Specification", [DPP2] Wi-Fi Alliance, "Wi-Fi Easy Connect Specification",
Version 2.0, 2020. Version 3.0, 2020, <https://www.wi-fi.org/system/files/Wi-
Fi_Easy_Connect_Specification_v3.0.pdf>.
[ECMA] ECMA International, "ECMAScript(R) 2025 Language [ECMA] ECMA International, "ECMAScript(R) 2025 Language
Specification", ECMA-262, 16th Edition, June 2025, Specification", ECMA-262, 16th Edition, June 2025,
<https://ecma-international.org/publications-and- <https://ecma-international.org/publications-and-
standards/standards/ecma-262/>. standards/standards/ecma-262/>.
[FDO11] FIDO Alliance, "FIDO Device Onboard Specification 1.1", [FDO11] FIDO Alliance, "FIDO Device Onboard Specification 1.1",
Proposed Standard, April 2022, Proposed Standard, April 2022,
<https://fidoalliance.org/specs/FDO/FIDO-Device-Onboard- <https://fidoalliance.org/specs/FDO/FIDO-Device-Onboard-
PS-v1.1-20220419/FIDO-Device-Onboard-PS- PS-v1.1-20220419/FIDO-Device-Onboard-PS-
skipping to change at line 1525 skipping to change at line 1531
<https://www.rfc-editor.org/info/rfc6241>. <https://www.rfc-editor.org/info/rfc6241>.
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
RFC 7950, DOI 10.17487/RFC7950, August 2016, RFC 7950, DOI 10.17487/RFC7950, August 2016,
<https://www.rfc-editor.org/info/rfc7950>. <https://www.rfc-editor.org/info/rfc7950>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>. <https://www.rfc-editor.org/info/rfc8040>.
[RFC8792] Watsen, K., Auerswald, E., Farrel, A., and Q. Wu,
"Handling Long Lines in Content of Internet-Drafts and
RFCs", RFC 8792, DOI 10.17487/RFC8792, June 2020,
<https://www.rfc-editor.org/info/rfc8792>.
[RFC8995] Pritikin, M., Richardson, M., Eckert, T., Behringer, M., [RFC8995] Pritikin, M., Richardson, M., Eckert, T., Behringer, M.,
and K. Watsen, "Bootstrapping Remote Secure Key and K. Watsen, "Bootstrapping Remote Secure Key
Infrastructure (BRSKI)", RFC 8995, DOI 10.17487/RFC8995, Infrastructure (BRSKI)", RFC 8995, DOI 10.17487/RFC8995,
May 2021, <https://www.rfc-editor.org/info/rfc8995>. May 2021, <https://www.rfc-editor.org/info/rfc8995>.
Appendix A. JSON Schema Representation Appendix A. JSON Schema Representation
A.1. Resource Schema A.1. Resource Schema
<CODE BEGINS> <CODE BEGINS>
[ [
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0 "schemas": ["urn:ietf:params:scim:schemas:core:2.0:ResourceType"\
:ResourceType"], ],
"id": "Device", "id": "Device",
"name": "Device", "name": "Device",
"endpoint": "/Devices", "endpoint": "/Devices",
"description": "Device account.", "description": "Device account.",
"schema": "urn:ietf:params:scim:schemas:core:2.0:Device", "schema": "urn:ietf:params:scim:schemas:core:2.0:Device",
"meta": { "meta": {
"location": "https://example.com/v2/ResourceTypes/Device", "location": "https://example.com/v2/ResourceTypes/Device",
"resourceType": "ResourceType" "resourceType": "ResourceType"
} }
}, },
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0 "schemas": ["urn:ietf:params:scim:schemas:core:2.0:ResourceType"\
:ResourceType"], ],
"id": "EndpointApp", "id": "EndpointApp",
"name": "EndpointApp", "name": "EndpointApp",
"endpoint": "/EndpointApp", "endpoint": "/EndpointApp",
"description": "Endpoint application such as device control and "description": "Endpoint application such as device control and \
telemetry.", telemetry.",
"schema": "urn:ietf:params:scim:schemas:core:2.0:EndpointApp", "schema": "urn:ietf:params:scim:schemas:core:2.0:EndpointApp",
"meta": { "meta": {
"location": "https "location": "https://example.com/v2/ResourceTypes/EndpointApp",
://example.com/v2/ResourceTypes/EndpointApp",
"resourceType": "ResourceType" "resourceType": "ResourceType"
} }
} }
] ]
<CODE ENDS> <CODE ENDS>
A.2. Core Device Schema A.2. Core Device Schema
<CODE BEGINS> <CODE BEGINS>
{ {
"id": "urn:ietf:params:scim:schemas:core:2.0:Device", "id": "urn:ietf:params:scim:schemas:core:2.0:Device",
"name": "Device", "name": "Device",
"description": "Entry containing attributes about a device.", "description": "Entry containing attributes about a device.",
"attributes" : [ "attributes" : [
{ {
"name": "displayName", "name": "displayName",
"type": "string", "type": "string",
"description": "Human-readable name of the device, suitable "description": "Human-readable name of the device, suitable \
for displaying to end users, for example, 'BLE Heart for displaying to end users, for example, 'BLE Heart Monitor' etc.",
Monitor', etc.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "active", "name": "active",
"type": "boolean", "type": "boolean",
"description": "A mutable boolean value indicating the device "description": "A mutable boolean value indicating the device \
administrative status. If set TRUE, the commands (such as administrative status. If true, the commands (such as connect, \
connect, disconnect, subscribe) that control app sends to disconnect, subscribe) that control app sends to the controller for \
the controller for the devices will be processed by the the devices will be processed by the controller. If false, any \
controller. If set FALSE, any command coming from the command coming from the control app for the device will be \
control app for the device will be rejected by the rejected by the controller.",
controller.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "mudUrl", "name": "mudUrl",
"type": "reference", "type": "reference",
skipping to change at line 1620 skipping to change at line 1628
"required": false, "required": false,
"caseExact": true, "caseExact": true,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "groups", "name": "groups",
"type": "complex", "type": "complex",
"multiValued": true, "multiValued": true,
"description": "A list of groups to which the device belongs, "description": "A list of groups to which the device belongs, \
either through direct membership, through nested groups, either through direct membership, through nested groups, or \
or dynamically calculated.", dynamically calculated.",
"required": false, "required": false,
"subAttributes": [ "subAttributes": [
{ {
"name": "value", "name": "value",
"type": "string", "type": "string",
"multiValued": false, "multiValued": false,
"description": "The identifier of the Device's group.", "description": "The identifier of the device's group.",
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "$ref", "name": "$ref",
"type": "reference", "type": "reference",
"referenceTypes": [ "referenceTypes": [
"Group" "Group"
], ],
"multiValued": false, "multiValued": false,
"description": "The URI of the corresponding 'Group' "description": "The URI of the corresponding 'Group' \
resource to which the device belongs.", resource to which the device belongs.",
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "display", "name": "display",
"type": "string", "type": "string",
"multiValued": false, "multiValued": false,
"description": "A human-readable name, primarily used for "description": "A human-readable name, primarily used for \
display purposes. READ ONLY.", display purposes. READ-ONLY.",
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "type", "name": "type",
"type": "string", "type": "string",
"multiValued": false, "multiValued": false,
"description": "A label indicating the attribute's "description": "A label indicating the attribute's \
function, e.g., 'direct' or 'indirect'.", function, e.g., 'direct' or 'indirect'.",
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"canonicalValues": [ "canonicalValues": [
"direct", "direct",
"indirect" "indirect"
], ],
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
} }
skipping to change at line 1703 skipping to change at line 1711
<CODE BEGINS> <CODE BEGINS>
{ {
"id": "urn:ietf:params:scim:schemas:core:2.0:EndpointApp", "id": "urn:ietf:params:scim:schemas:core:2.0:EndpointApp",
"name": "EndpointApp", "name": "EndpointApp",
"description": "Endpoint application and their credentials.", "description": "Endpoint application and their credentials.",
"attributes" : [ "attributes" : [
{ {
"name": "applicationType", "name": "applicationType",
"type": "string", "type": "string",
"description": "This attribute will only contain two values: "description": "This attribute will only contain two values: \
'deviceControl' or 'telemetry'.", deviceControl or telemetry.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "applicationName", "name": "applicationName",
"type": "string", "type": "string",
skipping to change at line 1726 skipping to change at line 1734
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "certificateInfo", "name": "certificateInfo",
"type": "complex", "type": "complex",
"description": "Contains X.509 certificate's subject name and "description": "Contains X.509 certificate's subject name and \
root CA information associated with the device control or root CA information associated with the device control or telemetry \
telemetry app.", app.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none", "uniqueness": "none",
"subAttributes" : [ "subAttributes" : [
{ {
"name" : "rootCA", "name" : "rootCA",
"type" : "string", "type" : "string",
"description" : "The base64 encoding of the DER encoding "description" : "The base64 encoding of the DER encoding \
of the CA certificate.", of the CA certificate.",
"multiValued" : false, "multiValued" : false,
"required" : false, "required" : false,
"caseExact" : true, "caseExact" : true,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "subjectName", "name" : "subjectName",
"type" : "string", "type" : "string",
"description" : "A Common Name (CN) of the form of CN = "description" : "A Common Name (CN) of the form of CN = \
dnsName.", dnsName.",
"multiValued" : false, "multiValued" : false,
"required" : true, "required" : true,
"caseExact" : true, "caseExact" : true,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
} }
] ]
}, },
{ {
"name": "clientToken", "name": "clientToken",
"type": "string", "type": "string",
"description": "This attribute contains a token that the "description": "This attribute contains a token that the \
client will use to authenticate itself. Each token may client will use to authenticate itself. Each token may be a string \
be a string up to 500 characters in length.", up to 500 characters in length.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": true, "caseExact": true,
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "groups", "name": "groups",
"type": "complex", "type": "complex",
"multiValued": true, "multiValued": true,
"description": "A list of groups to which an endpoint "description": "A list of groups to which an endpoint \
application belongs, either through direct membership, application belongs, either through direct membership, through \
through nested groups, or dynamically calculated.", nested groups, or dynamically calculated.",
"required": false, "required": false,
"subAttributes": [ "subAttributes": [
{ {
"name": "value", "name": "value",
"type": "string", "type": "string",
"multiValued": false, "multiValued": false,
"description": "The identifier of the endpoint "description": "The identifier of the endpoint application\
application's group.", 's group.",
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "$ref", "name": "$ref",
"type": "reference", "type": "reference",
"referenceTypes": [ "referenceTypes": [
"Group" "Group"
], ],
"multiValued": false, "multiValued": false,
"description": "The URI of the corresponding 'Group' "description": "The URI of the corresponding 'Group' \
resource to which the endpoint application belongs.", resource to which the endpoint application belongs.",
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "display", "name": "display",
"type": "string", "type": "string",
"multiValued": false, "multiValued": false,
"description": "A human-readable name, primarily used for "description": "A human-readable name, primarily used for \
display purposes. READ ONLY.", display purposes. READ-ONLY.",
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "type", "name": "type",
"type": "string", "type": "string",
"multiValued": false, "multiValued": false,
"description": "A label indicating the attribute's "description": "A label indicating the attribute's \
function, e.g., 'direct' or 'indirect'.", function, e.g., 'direct' or 'indirect'.",
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"canonicalValues": [ "canonicalValues": [
"direct", "direct",
"indirect" "indirect"
], ],
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
} }
skipping to change at line 1864 skipping to change at line 1872
<CODE BEGINS> <CODE BEGINS>
[ [
{ {
"id": "urn:ietf:params:scim:schemas:extension:ble:2.0:Device", "id": "urn:ietf:params:scim:schemas:extension:ble:2.0:Device",
"name": "bleExtension", "name": "bleExtension",
"description": "BLE extension for device account.", "description": "BLE extension for device account.",
"attributes" : [ "attributes" : [
{ {
"name": "versionSupport", "name": "versionSupport",
"type": "string", "type": "string",
"description": "Provides a list of all the BLE versions "description": "Provides a list of all the BLE versions \
supported by the device, for example, [4.1, 4.2, 5.0, supported by the device, for example, [4.1, 4.2, 5.0, 5.1, 5.2, 5.3]\
5.1, 5.2, 5.3].", .",
"multiValued": true, "multiValued": true,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "deviceMacAddress", "name": "deviceMacAddress",
"type": "string", "type": "string",
"pattern": "^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){5}$", "pattern": "^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){5}$",
"description": "A unique public MAC address assigned by the "description": "A unique public MAC address assigned by the \
manufacturer.", manufacturer.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "Manufacturer" "uniqueness": "Manufacturer"
}, },
{ {
"name": "isRandom", "name": "isRandom",
"type": "boolean", "type": "boolean",
"description": "The isRandom flag is taken from the BLE "description": "The isRandom flag is taken from the BLE \
core specifications 5.3. If TRUE, device is using a core specifications 5.3. If true, device is using a random address\
random address. Default value is false.", . Default value is false.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "separateBroadcastAddress", "name": "separateBroadcastAddress",
"type": "string", "type": "string",
"description": "When present, this address is used for "description": "When present, this address is used for \
broadcasts/advertisements. This value MUST NOT be set broadcasts/advertisements. This value MUST NOT be set when an IRK \
when an IRK is provided. Its form is the same as is provided. Its form is the same as deviceMacAddress.",
deviceMacAddress.",
"multiValued": true, "multiValued": true,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "irk", "name": "irk",
"type": "string", "type": "string",
"description": "Identity Resolving Key (IRK), which is "description": "Identity Resolving Key (IRK), which is \
unique for every device. It is used to resolve a unique for every device. It is used to resolve a random address. \
random address. This value MUST NOT be set when This value MUST NOT be set when separateBroadcastAddress is set.",
separateBroadcastAddress is set.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "Manufacturer" "uniqueness": "Manufacturer"
}, },
{ {
"name": "mobility", "name": "mobility",
"type": "bool", "type": "bool",
"description": "If set to True, the BLE device will "description": "If set to true, the BLE device will \
automatically connect to the closest AP. For example, automatically connect to the closest AP. For example, if a BLE \
if a BLE device is connected with AP-1 and moves out of device is connected with AP-1 and moves out of range but comes in \
range but comes in range of AP-2, it will be range of AP-2, it will be disconnected with AP-1 and \
disconnected with AP-1 and connected with AP-2.", connected with AP-2.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "pairingMethods", "name": "pairingMethods",
"type": "string", "type": "string",
"description": "List of pairing methods associated with the "description": "List of pairing methods associated with the \
BLE device, stored as schema URI.", BLE device, stored as schema URI.",
"multiValued": true, "multiValued": true,
"required": true, "required": true,
"caseExact": true, "caseExact": true,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"location" : "/v2/Schemas/urn:ietf:params:scim:schemas "location" : "/v2/Schemas/urn:ietf:params:scim:schemas:\
:extension:ble:2.0:Device" extension:ble:2.0:Device"
} }
}, },
{ {
"id": "urn:ietf:params:scim:schemas:extension:pairingNull:2.0 "id": "urn:ietf:params:scim:schemas:extension:pairingNull:2.0:\
:Device", Device",
"name": "nullPairing", "name": "nullPairing",
"description": "Null pairing method for BLE. It is included for "description": "Null pairing method for BLE. It is included for \
the devices that do not have a pairing method.", the devices that do not have a pairing method.",
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"location" : "/v2/Schemas/urn:ietf:params:scim:schemas "location" : "/v2/Schemas/urn:ietf:params:scim:schemas:\
:extension:pairingNull:2.0:Device" extension:pairingNull:2.0:Device"
} }
}, },
{ {
"id": "urn:ietf:params:scim:schemas:extension:pairingJustWorks "id": "urn:ietf:params:scim:schemas:extension:pairingJustWorks:2\
:2.0:Device", .0:Device",
"name": "pairingJustWorks", "name": "pairingJustWorks",
"description": "Just Works pairing method for BLE.", "description": "Just Works pairing method for BLE.",
"attributes" : [ "attributes" : [
{ {
"name": "key", "name": "key",
"type": "integer", "type": "integer",
"description": "Just Works does not have any key value. For "description": "Just Works does not have any key value. For \
completeness, it is added with a key value 'null'.", completeness, it is added with a key value 'null'.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "immutable", "mutability": "immutable",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"location" : "/v2/Schemas/urn:ietf:params:scim:schemas "location" : "/v2/Schemas/urn:ietf:params:scim:schemas:\
:extension:pairingJustWorks:2.0:Device" extension:pairingJustWorks:2.0:Device"
} }
}, },
{ {
"id": "urn:ietf:params:scim:schemas:extension:pairingPassKey "id": "urn:ietf:params:scim:schemas:extension:pairingPassKey:2.0\
:2.0:Device", :Device",
"name": "pairingPassKey", "name": "pairingPassKey",
"description": "Passkey pairing method for BLE.", "description": "Pass key pairing method for BLE.",
"attributes" : [ "attributes" : [
{ {
"name": "key", "name": "key",
"type": "integer", "type": "integer",
"description": "A six-digit passkey for BLE device. The "description": "A six-digit passkey for BLE a device. The \
pattern of key is ^[0-9]{6}$.", pattern of key is ^[0-9]{6}$.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"location" : "/v2/Schemas/urn:ietf:params:scim:schemas "location" : "/v2/Schemas/urn:ietf:params:scim:schemas:\
:extension:pairingPassKey:2.0:Device" extension:pairingPassKey:2.0:Device"
} }
}, },
{ {
"id": "urn:ietf:params:scim:schemas:extension:pairingOOB:2.0 "id": "urn:ietf:params:scim:schemas:extension:pairingOOB:2.0:\
:Device", Device",
"name": "pairingOOB", "name": "pairingOOB",
"description": "Passkey pairing method for BLE.", "description": "Passkey pairing method for BLE.",
"attributes" : [ "attributes" : [
{ {
"name": "key", "name": "key",
"type": "string", "type": "string",
"description": "A key value retrieved from out-of-band "description": "A key value retrieved from out-of-band \
source such as NFC.", source such as NFC.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": true, "caseExact": true,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "randomNumber", "name": "randomNumber",
"type": "integer", "type": "integer",
skipping to change at line 2056 skipping to change at line 2062
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "confirmationNumber", "name": "confirmationNumber",
"type": "integer", "type": "integer",
"description": "Some solutions require confirmation number "description": "Some solutions require confirmation number \
in RESTful message exchange.", in RESTful message exchange.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"location" : "/v2/Schemas/urn:ietf:params:scim:schemas "location" : "/v2/Schemas/urn:ietf:params:scim:schemas:\
:extension:pairingOOB:2.0:Device" extension:pairingOOB:2.0:Device"
} }
} }
] ]
<CODE ENDS> <CODE ENDS>
A.5. DPP Extension Schema A.5. DPP Extension Schema
<CODE BEGINS> <CODE BEGINS>
{ {
"id": "urn:ietf:params:scim:schemas:extension:dpp:2.0:Device", "id": "urn:ietf:params:scim:schemas:extension:dpp:2.0:Device",
"name": "dppExtension", "name": "dppExtension",
"description": "Device extension schema for Wi-Fi Easy Connect "description": "Device extension schema for Wi-Fi Easy \
/ Device Provisioning Protocol (DPP).", Connect / Device Provisioning Protocol (DPP).",
"attributes" : [ "attributes" : [
{ {
"name": "dppVersion", "name": "dppVersion",
"type": "integer", "type": "integer",
"description": "Version of DPP this device supports.", "description": "Version of DPP this device supports.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "bootstrappingMethod", "name": "bootstrappingMethod",
"type": "string", "type": "string",
"description": "The list of all the bootstrapping methods "description": "The list of all the bootstrapping methods \
available on the enrollee device, for example, [QR, available on the enrollee device, for example, [QR, NFC].",
NFC].",
"multiValued": true, "multiValued": true,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "bootstrapKey", "name": "bootstrapKey",
"type": "string", "type": "string",
"description": "A base64-encoded Elliptic Curve Diffie- "description": "A base64-encoded Elliptic Curve Diffie-\
Hellman public key (may be P-256, P-384, or P-521).", Hellman public key (may be P-256, P-384, or P-521).",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": true, "caseExact": true,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "deviceMacAddress", "name": "deviceMacAddress",
"type": "string", "type": "string",
"pattern": "^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){5}$", "pattern": "^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){5}$",
"description": "A unique public MAC address assigned by the "description": "A unique public MAC address assigned by the \
manufacturer.", manufacturer.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "Manufacturer" "uniqueness": "Manufacturer"
}, },
{ {
"name": "classChannel", "name": "classChannel",
"type": "string", "type": "string",
"description": "A list of global operating class and "description": "A list of global operating class and \
channel shared as bootstrapping information. It is channel shared as bootstrapping information. It is formatted as \
formatted as class/channel, for example, '81/1', class/channel, for example, '81/1', '115/36'.",
'115/36'.",
"multiValued": true, "multiValued": true,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "serialNumber", "name": "serialNumber",
"type": "string", "type": "string",
"description": "An alphanumeric serial number that may also "description": "An alphanumeric serial number that may also \
be passed as bootstrapping information.", be passed as bootstrapping information.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"location" : "/v2/Schemas/urn:ietf:params:scim:schemas "location" : "/v2/Schemas/urn:ietf:params:scim:schemas:\
:extension:dpp:2.0:Device" extension:dpp:2.0:Device"
} }
} }
<CODE ENDS> <CODE ENDS>
A.6. Ethernet MAB Extension Schema A.6. Ethernet MAB Extension Schema
<CODE BEGINS> <CODE BEGINS>
{ {
"id": "urn:ietf:params:scim:schemas:extension:ethernet-mab:2.0 "id": "urn:ietf:params:scim:schemas:extension:ethernet-mab:2.0:\
:Device", Device",
"name": "ethernetMabExtension", "name": "ethernetMabExtension",
"description": "Device extension schema for MAC Authentication "description": "Device extension schema for MAC Authentication \
Bypass.", Bypass.",
"attributes" : [ "attributes" : [
{ {
"name": "deviceMacAddress", "name": "deviceMacAddress",
"type": "string", "type": "string",
"pattern": "^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){5}$", "pattern": "^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){5}$",
"description": "A MAC address assigned by the manufacturer.", "description": "A MAC address assigned by the manufacturer.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "Manufacturer" "uniqueness": "Manufacturer"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"location" : "/v2/Schemas/urn:ietf:params:scim:schemas "location" : "/v2/Schemas/urn:ietf:params:scim:schemas:extension\
:extension:ethernet-mab:2.0:Device" :ethernet-mab:2.0:Device"
} }
} }
<CODE ENDS> <CODE ENDS>
A.7. FDO Extension Schema A.7. FDO Extension Schema
<CODE BEGINS> <CODE BEGINS>
{ {
"id": "urn:ietf:params:scim:schemas:extension:fido-device-onboard "id": "urn:ietf:params:scim:schemas:extension:fido-device-onboard:\
:2.0:Devices", 2.0:Devices",
"name": "FDOExtension", "name": "FDOExtension",
"description": "Device extension schema for FIDO Device Onboard "description": "Device extension schema for FIDO Device Onboard (\
(FDO).", FDO).",
"attributes" : [ "attributes" : [
{ {
"name": "fdoVoucher", "name": "fdoVoucher",
"type": "string", "type": "string",
"description": "A voucher as defined in the FDO "description": "A voucher as defined in the FDO \
specification.", specification.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "Manufacturer" "uniqueness": "Manufacturer"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"location" : "/v2/Schemas/urn:ietf:params:scim:schemas "location" : "/v2/Schemas/urn:ietf:params:scim:schemas:extension\
:extension:fido-device-onboard:2.0:Devices" :fido-device-onboard:2.0:Devices"
} }
} }
<CODE ENDS> <CODE ENDS>
A.8. Zigbee Extension Schema A.8. Zigbee Extension Schema
<CODE BEGINS> <CODE BEGINS>
{ {
"id": "urn:ietf:params:scim:schemas:extension:zigbee:2.0:Device", "id": "urn:ietf:params:scim:schemas:extension:zigbee:2.0:Device",
"name": "zigbeeExtension", "name": "zigbeeExtension",
"description": "Device extension schema for Zigbee.", "description": "Device extension schema for Zigbee.",
"attributes" : [ "attributes" : [
{ {
"name": "versionSupport", "name": "versionSupport",
"type": "string", "type": "string",
"description": "Provides a list of all the Zigbee versions "description": "Provides a list of all the Zigbee versions \
supported by the device, for example, supported by the device, for example, [3.0].",
[3.0].",
"multiValued": true, "multiValued": true,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
}, },
{ {
"name": "deviceEui64Address", "name": "deviceEui64Address",
"type": "string", "type": "string",
"pattern": "^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){7}$", "pattern": "^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){7}$",
"description": "The 64-bit Extended Unique Identifier (EUI-64) "description": "The 64-bit Extended Unique Identifier \
device address.", (EUI-64) device address.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none" "uniqueness": "none"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"location" : "/v2/Schemas/urn:ietf:params:scim:schemas "location" : "/v2/Schemas/urn:ietf:params:scim:schemas:extension\
:extension:zigbee:2.0:Device" :zigbee:2.0:Device"
} }
} }
<CODE ENDS> <CODE ENDS>
A.9. EndpointAppsExt Extension Schema A.9. endpointAppsExt Extension Schema
<CODE BEGINS> <CODE BEGINS>
{ {
"id": "urn:ietf:params:scim:schemas:extension:endpointAppsExt:2.0 "id": "urn:ietf:params:scim:schemas:extension:endpointAppsExt:2.0:\
:Device", Device",
"name": "endpointAppsExt", "name": "endpointAppsExt",
"description": "Extension for partner endpoint applications that "description": "Extension for partner endpoint applications that \
can onboard, control, and communicate with the device.", can onboard, control, and communicate with the device.",
"attributes" : [ "attributes" : [
{ {
"name": "applications", "name": "applications",
"type": "complex", "type": "complex",
"description": "Includes references to two types of "description": "Includes references to two types of \
applications that connect with enterprise, i.e., applications that connect with enterprise, i.e., deviceControl and \
deviceControl and telemetry.", telemetry.",
"multiValued": true, "multiValued": true,
"required": true, "required": true,
"caseExact": false, "caseExact": false,
"mutability": "readWrite", "mutability": "readWrite",
"returned": "default", "returned": "default",
"uniqueness": "none", "uniqueness": "none",
"subAttributes" : [ "subAttributes" : [
{ {
"name" : "value", "name" : "value",
"type" : "string", "type" : "string",
"description" : "The identifier of the endpointApp.", "description" : "The identifier of the EndpointApp.",
"multiValued" : false, "multiValued" : false,
"required" : true, "required" : true,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "$ref", "name" : "$ref",
"type" : "reference", "type" : "reference",
"referenceTypes" : "EndpointApps", "referenceTypes" : "EndpointApps",
"description" : "The URI of the corresponding "description" : "The URI of the corresponding EndpointApp\
'EndpointApp' resource that will control or obtain resource that will control or obtain data from the device.",
data from the device.",
"multiValued" : false, "multiValued" : false,
"required" : false, "required" : false,
"caseExact" : true, "caseExact" : true,
"mutability" : "readOnly", "mutability" : "readOnly",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
} }
] ]
}, },
{ {
"name": "deviceControlEnterpriseEndpoint", "name": "deviceControlEnterpriseEndpoint",
"type": "reference", "type": "reference",
"description": "The URL of the enterprise endpoint that "description": "The URL of the enterprise endpoint that \
device control apps use to reach enterprise network device control apps use to reach enterprise network gateway.",
gateway.",
"multiValued": false, "multiValued": false,
"required": true, "required": true,
"caseExact": true, "caseExact": true,
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "Enterprise" "uniqueness": "Enterprise"
}, },
{ {
"name": "telemetryEnterpriseEndpoint", "name": "telemetryEnterpriseEndpoint",
"type": "reference", "type": "reference",
"description": "The URL of the enterprise endpoint that "description": "The URL of the enterprise endpoint that \
telemetry apps use to reach enterprise network gateway.", telemetry apps use to reach enterprise network gateway.",
"multiValued": false, "multiValued": false,
"required": false, "required": false,
"caseExact": true, "caseExact": true,
"mutability": "readOnly", "mutability": "readOnly",
"returned": "default", "returned": "default",
"uniqueness": "Enterprise" "uniqueness": "Enterprise"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"location" : "/v2/Schemas/urn:ietf:params:scim:schemas "location" : "/v2/Schemas/urn:ietf:params:scim:schemas:extension\
:extension:endpointAppsExt:2.0:Device" :endpointAppsExt:2.0:Device"
} }
} }
<CODE ENDS> <CODE ENDS>
Appendix B. OpenAPI Representation Appendix B. OpenAPI Representation
The following sections are provided for informational purposes. The following sections are provided for informational purposes.
B.1. Core Device Schema OpenAPI Representation B.1. Core Device Schema OpenAPI Representation
skipping to change at line 2411 skipping to change at line 2412
displayName: displayName:
type: string type: string
description: "Human-readable name of the device, suitable description: "Human-readable name of the device, suitable
for displaying to end users, for example, for displaying to end users, for example,
'BLE Heart Monitor' etc." 'BLE Heart Monitor' etc."
readOnly: false readOnly: false
writeOnly: false writeOnly: false
active: active:
type: boolean type: boolean
description: A mutable boolean value indicating the device description: A mutable boolean value indicating the device
administrative status. If set TRUE, the administrative status. If true, the
commands (such as connect, disconnect, commands (such as connect, disconnect,
subscribe) that control app sends to the subscribe) that control app sends to the
controller for the devices will be processed controller for the devices will be processed
by the controller. If set FALSE, any command by the controller. If false, any command
coming from the control app for the device coming from the control app for the device
will be rejected by the controller. will be rejected by the controller.
readOnly: false readOnly: false
writeOnly: false writeOnly: false
mudUrl: mudUrl:
type: string type: string
format: uri format: uri
description: A URL to MUD file of the device (RFC 8520). description: A URL to MUD file of the device (RFC 8520).
It is added for future use. Current usage is It is added for future use. Current usage is
not defined yet. not defined yet.
skipping to change at line 2502 skipping to change at line 2503
version: version:
type: string type: string
description: The version of the resource. description: The version of the resource.
readOnly: true readOnly: true
writeOnly: false writeOnly: false
additionalProperties: false additionalProperties: false
<CODE ENDS> <CODE ENDS>
B.2. EndpointApp Schema OpenAPI Representation B.2. EndpointApp Schema OpenAPI Representation
OpenAPI representation of endpointApp schema is as follows: OpenAPI representation of EndpointApp schema is as follows:
<CODE BEGINS> <CODE BEGINS>
openapi: 3.1.0 openapi: 3.1.0
info: info:
title: SCIM Endpoint App Schema title: SCIM Endpoint App Schema
version: 1.0.0 version: 1.0.0
components: components:
schemas: schemas:
Group: Group:
skipping to change at line 2544 skipping to change at line 2545
readOnly: true readOnly: true
writeOnly: true writeOnly: true
EndpointApp: EndpointApp:
title: EndpointApp title: EndpointApp
description: Endpoint application resource. description: Endpoint application resource.
type: object type: object
properties: properties:
applicationType: applicationType:
type: string type: string
description: This attribute will only contain two values: description: This attribute will only contain two values:
'deviceControl' or 'telemetry'. deviceControl or telemetry.
readOnly: false readOnly: false
writeOnly: false writeOnly: false
applicationName: applicationName:
type: string type: string
description: Human-readable name of the application. description: Human-readable name of the application.
readOnly: false readOnly: false
writeOnly: false writeOnly: false
groups: groups:
type: array type: array
description: List of groups to which the endpointApp description: List of groups to which the EndpointApp
belongs. belongs.
items: items:
$ref: '#/components/schemas/Group' $ref: '#/components/schemas/Group'
required: required:
- applicationType - applicationType
- applicationName - applicationName
additionalProperties: true additionalProperties: true
oneOf: oneOf:
skipping to change at line 2675 skipping to change at line 2676
<CODE BEGINS> <CODE BEGINS>
openapi: 3.1.0 openapi: 3.1.0
info: info:
title: SCIM Bluetooth Extension Schema title: SCIM Bluetooth Extension Schema
version: 1.0.0 version: 1.0.0
components: components:
schemas: schemas:
BleDevice: BleDevice:
type: object type: object
description: BLE Device schema. description: BLE device schema.
properties: properties:
schemas: schemas:
type: array type: array
items: items:
type: string type: string
enum: enum:
- urn:ietf:params:scim:schemas:extension:ble:2.0 - urn:ietf:params:scim:schemas:extension:ble:2.0
:Device :Device
urn:ietf:params:scim:schemas:extension:ble:2.0:Device: urn:ietf:params:scim:schemas:extension:ble:2.0:Device:
$ref: '#/components/schemas/BleDeviceExtension' $ref: '#/components/schemas/BleDeviceExtension'
skipping to change at line 2712 skipping to change at line 2713
description: It is the public MAC address assigned by the description: It is the public MAC address assigned by the
manufacturer. It is a unique 48-bit value. The manufacturer. It is a unique 48-bit value. The
regex pattern is regex pattern is
^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){5}. ^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2}){5}.
readOnly: false readOnly: false
writeOnly: false writeOnly: false
isRandom: isRandom:
type: boolean type: boolean
description: AddressType flag is taken from the BLE core description: AddressType flag is taken from the BLE core
specifications 5.3. If FALSE, the device is specifications 5.3. If false, the device is
using a public MAC address. If TRUE, device using a public MAC address. If true, device
is using a random address. is using a random address.
readOnly: false readOnly: false
writeOnly: false writeOnly: false
separateBroadcastAddress: separateBroadcastAddress:
type: string type: string
description: "When present, this address is used for description: "When present, this address is used for
broadcasts/advertisements. This value broadcasts/advertisements. This value
MUST NOT be set when an IRK is provided. MUST NOT be set when an IRK is provided.
Its form is the same as deviceMacAddress." Its form is the same as deviceMacAddress."
skipping to change at line 2736 skipping to change at line 2737
irk: irk:
type: string type: string
description: Identity Resolving Key (IRK), which is unique description: Identity Resolving Key (IRK), which is unique
for every device. It is used to resolve a for every device. It is used to resolve a
random address. random address.
readOnly: false readOnly: false
writeOnly: true writeOnly: true
mobility: mobility:
type: boolean type: boolean
description: If set to True, the BLE device will description: If set to true, the BLE device will
automatically connect to the closest AP. For automatically connect to the closest AP. For
example, if a BLE device is connected with example, if a BLE device is connected with
AP-1 and moves out of range but comes in AP-1 and moves out of range but comes in
range of AP-2, it will be disconnected with range of AP-2, it will be disconnected with
AP-1 and connected with AP-2. AP-1 and connected with AP-2.
readOnly: false readOnly: false
writeOnly: false writeOnly: false
pairingMethods: pairingMethods:
type: array type: array
items: items:
skipping to change at line 2798 skipping to change at line 2799
writeOnly: false writeOnly: false
required: required:
- key - key
PairingPassKey: PairingPassKey:
type: object type: object
description: Passkey pairing method for BLE. description: Passkey pairing method for BLE.
properties: properties:
key: key:
type: integer type: integer
description: A six-digit passkey for BLE device. description: A six-digit passkey for a BLE device.
The pattern of key is ^[0-9]{6}$. The pattern of key is ^[0-9]{6}$.
readOnly: false readOnly: false
writeOnly: true writeOnly: true
required: required:
- key - key
PairingOOB: PairingOOB:
type: object type: object
description: Out-of-band pairing method for BLE. description: Out-of-band pairing method for BLE.
properties: properties:
key: key:
type: string type: string
description: The OOB key value for BLE device. description: The OOB key value for a BLE device.
readOnly: false readOnly: false
writeOnly: false writeOnly: false
randomNumber: randomNumber:
type: integer type: integer
description: Nonce added to the key. description: Nonce added to the key.
readOnly: false readOnly: false
writeOnly: true writeOnly: true
confirmationNumber: confirmationNumber:
type: integer type: integer
description: Some solutions require a confirmation number description: Some solutions require a confirmation number
skipping to change at line 3008 skipping to change at line 3009
<CODE BEGINS> <CODE BEGINS>
openapi: 3.1.0 openapi: 3.1.0
info: info:
title: SCIM Zigbee Extension Schema title: SCIM Zigbee Extension Schema
version: 1.0.0 version: 1.0.0
components: components:
schemas: schemas:
ZigbeeDevice: ZigbeeDevice:
type: object type: object
description: Zigbee Device schema. description: Zigbee device schema.
properties: properties:
schemas: schemas:
type: array type: array
items: items:
type: string type: string
enum: enum:
- urn:ietf:params:scim:schemas:extension:zigbee:2.0 - urn:ietf:params:scim:schemas:extension:zigbee:2.0
:Device :Device
urn:ietf:params:scim:schemas:extension:zigbee:2.0:Device: urn:ietf:params:scim:schemas:extension:zigbee:2.0:Device:
$ref: '#/components/schemas/ZigbeeDeviceExtension' $ref: '#/components/schemas/ZigbeeDeviceExtension'
skipping to change at line 3044 skipping to change at line 3045
device address. The regex pattern is device address. The regex pattern is
^[0-9A-Fa-f]{16}$. ^[0-9A-Fa-f]{16}$.
readOnly: false readOnly: false
writeOnly: false writeOnly: false
required: required:
- versionSupport - versionSupport
- deviceEui64Address - deviceEui64Address
description: Device extension schema for Zigbee. description: Device extension schema for Zigbee.
<CODE ENDS> <CODE ENDS>
B.8. EndpointAppsExt Extension Schema OpenAPI Representation B.8. endpointAppsExt Extension Schema OpenAPI Representation
OpenAPI representation of endpoint Apps extension schema is as OpenAPI representation of endpointAppsExt extension schema is as
follows: follows:
<CODE BEGINS> <CODE BEGINS>
openapi: 3.1.0 openapi: 3.1.0
info: info:
title: SCIM Endpoint Extension Schema title: SCIM Endpoint Extension Schema
version: 1.0.0 version: 1.0.0
components: components:
schemas: schemas:
skipping to change at line 3090 skipping to change at line 3091
required: required:
- applications - applications
- deviceControlEnterpriseEndpoint - deviceControlEnterpriseEndpoint
applications: applications:
type: array type: array
items: items:
value: value:
type: string type: string
description: The identifier of the endpointApp. description: The identifier of the EndpointApp.
readOnly: false readOnly: false
writeOnly: false writeOnly: false
ref: ref:
type: string type: string
format: uri format: uri
description: The URI of the corresponding 'EndpointApp' description: The URI of the corresponding EndpointApp
resource that will control or obtain data resource that will control or obtain data
from the device. from the device.
readOnly: true readOnly: true
writeOnly: false writeOnly: false
required: required:
- value - value
- ref - ref
<CODE ENDS> <CODE ENDS>
Appendix C. FIDO Device Onboarding Example Flow Appendix C. FIDO Device Onboarding Example Flow
skipping to change at line 3151 skipping to change at line 3152
| | | | | | | |
| | 6 200 "ok" | | | 6 200 "ok" |
| |<-------------------------------| | |<-------------------------------|
| | | | | | | |
| 7 200 "ok" | | | | 7 200 "ok" | | |
|<---------------------| | | |<---------------------| | |
| | | | | | | |
| | | | | | | |
After this flow is complete, the device can then first provisionally After this flow is complete, the device can then first provisionally
onboard and then later receive a trust anchor through FDO's TO2 onboard and then later receive a trust anchor through FDO's Transfer
process. This is shown below. Ownership Protocol 2 (TO2) process. This is shown below.
,-------. ,------. ,-------. ,------.
|Owner | ,---. |Access| ,------. |Service| |AAA| |Point | |Owner | ,---. |Access| ,------.
|Device| `---+---' `-+-' `---+--' `---+--' | | | |Service| |AAA| |Point | |Device|
,------------------!. | | | |Device configured |_\ | | | `---+---' `-+-' `---+--' `---+--'
|with well-known | | | | |RCOI and for trust | | | | |on first | | | ,------------------!.
use | | | | `--------------------' | | ,---------------!. | | | | | |Device configured |_\
| |WLAN configured|_\ | | | |with well-known | | | | |RCOI | | | | | |with well-known |
| | `-----------------' | | | | 1 EAP-TLS/EAPOL | | | | | | |RCOI and for trust |
|<-----------------| | | | | | |2 EAP-TLS/Radius | | | | | | |on first use |
|<----------------| | | | | | | | | | | `--------------------'
,--------------------------!. | | |Device skips |_\ | | | | ,---------------!. |
|server authentication | | | `----------------------------' | | | |WLAN configured|_\ |
|3 Result=Success | | | |---------------->| | | | | | | | | |with well-known | |
,-----------------------!. | | |Limited access |_\ | | |for | | |RCOI | |
now | | | `-------------------------' | | | |4 Result=Success | | `-----------------' |
| | | |----------------->| | | | | | | 5 FDO TO2 | | | | | 1 EAP-TLS/EAPOL |
|<----------------------------------------------------| | | | | | |<-----------------|
| | | | |
,-------------------------------------------------------------!. | |2 EAP-TLS/Radius | |
|FSIM, Runtime SSID, |_\ |Credentials incl. | |local trust | |<----------------| |
anchor | | | | |
`---------------------------------------------------------------' | | ,--------------------------!.
| | | 6 dissasociate | | | |<-----------------| | | | | | | |7 | | |Device skips |_\
EAP-TLS w/ LSC | | | |<-----------------| | | | | | | | | . . | | |server authentication |
etc . . | | `----------------------------'
| |3 Result=Success | |
| |---------------->| |
| | | |
| ,-----------------------!. |
| |Limited access |_\ |
| |for now | |
| `-------------------------' |
| | |4 Result=Success |
| | |----------------->|
| | | |
| | 5 FDO TO2 | |
|<----------------------------------------------------|
| | | |
,-------------------------------------------------------------!.
|FSIM, Runtime SSID, |_\
|Credentials incl. |
|local trust anchor |
`---------------------------------------------------------------'
| | | 6 dissasociate |
| | |<-----------------|
| | | |
| | |7 EAP-TLS w/ LSC |
| | |<-----------------|
| | | |
| | | |
. . etc . .
Acknowledgments Acknowledgments
The authors would like to thank Bart Brinckman, Rohit Mohan, Lars The authors would like to thank Sriram Sekar, Bart Brinckman, Rohit
Streubesand, Christian Amsüss, Jason Livingwood, Mike Ounsworth, Mohan, Lars Streubesand, Christian Amsüss, Jason Livingwood, Mike
Monty Wiseman, Geoffrey Cooper, Paulo Jorge N. Correia, Phil Hunt, Ounsworth, Monty Wiseman, Geoffrey Cooper, Paulo Jorge N. Correia,
and Elwyn Davies for their reviews and Nick Ross for his contribution Phil Hunt, and Elwyn Davies for their reviews and Nick Ross for his
to the appendix. contribution to the appendix.
Authors' Addresses Authors' Addresses
Muhammad Shahzad Muhammad Shahzad
North Carolina State University North Carolina State University
Department of Computer Science Department of Computer Science
890 Oval Drive 890 Oval Drive
Campus Box 8206 Campus Box 8206
Raleigh, NC 27695-8206 Raleigh, NC 27695-8206
United States of America United States of America
 End of changes. 172 change blocks. 
442 lines changed or deleted 469 lines changed or added

This html diff was produced by rfcdiff 1.48.