[core] Short review of SenML fetch/patch

Christian Amsüss <christian@amsuess.com> Thu, 27 September 2018 08:59 UTC

Return-Path: <christian@amsuess.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C658130E1D; Thu, 27 Sep 2018 01:59:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g_ZQpIJCNvaC; Thu, 27 Sep 2018 01:59:56 -0700 (PDT)
Received: from prometheus.amsuess.com (prometheus.amsuess.com [5.9.147.112]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56884130E13; Thu, 27 Sep 2018 01:59:53 -0700 (PDT)
Received: from poseidon-mailhub.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bd]) by prometheus.amsuess.com (Postfix) with ESMTPS id 7FD3441951; Thu, 27 Sep 2018 10:59:50 +0200 (CEST)
Received: from poseidon-mailbox.amsuess.com (hermes.amsuess.com [10.13.13.254]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id 64FC057; Thu, 27 Sep 2018 10:59:49 +0200 (CEST)
Received: from hephaistos.amsuess.com (hephaistos.amsuess.com [IPv6:2a02:b18:c13b:8010::71b]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id 0F94E4E; Thu, 27 Sep 2018 10:59:49 +0200 (CEST)
Received: (nullmailer pid 22921 invoked by uid 1000); Thu, 27 Sep 2018 08:59:48 -0000
Date: Thu, 27 Sep 2018 10:59:48 +0200
From: Christian =?iso-8859-1?Q?Ams=FCss?= <christian@amsuess.com>
To: draft-keranen-core-senml-fetch@ietf.org
Cc: core@ietf.org
Message-ID: <20180927085947.GA5321@hephaistos.amsuess.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="OgqxwSJOaUobr8KG"
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/_bjzt6wBG4id7YgOWgiozouCCZo>
Subject: [core] Short review of SenML fetch/patch
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Sep 2018 08:59:59 -0000

Hello authors,

as requested during yesterday's interim meeting, I've had a look at
senml-fetch again:

Fetch
=====

Fetching by time
----------------

Being able to pick aparticular timestamp is an oddly specific
application; my impression of general SenML data sets is that it will be
hard to predict which point in time should have a datum if that record
is not already known. Unless there are good (and argued for) use cases,
I suggest that the topic of fetching time series points be explored
comprehensively in a separate document, possibly hooking into
draft-bormann-t2trg-stp.


Using SenML to fetch
--------------------

SenML requires to have a value (or sum) on every record, the payload of
the fetch request therefore can't use any of the defined SenML mime
types but would need to specify their own. I'm unsure on whether adding
a field like "fetch_":1 to the first record (a mandatory-to-decode
custom field) would be sufficient to work around that constraint.

Otherwise, it might be an option to update RFC8428 to say that some of
those limitations (also the later "v":null) may be overridden in
applications like this where it is made sure (eg. by never using those
freedoms in Content or PUT payloads) that no generic SenML processor
ever gets its hands on the document.

The payload sent in as a FETCH payload is not actually sensor data, it's
a list of names (or, provided they're viewed as URIs, which I recommend)
links. We already have a way to transmit a list of links in CoRE
(actually 3 with links-json). I don't object to introducing another
(given the above, might be called application/links+senml+{cbor,json}?)
especially to reduce parsing complexity, but do suggest that FETCHing
SenML data be done with a list of identifiers no matter how they are
transported, and the recommended way can well be a SenML-names-only
payload (but would not preclude others).


Patch
=====

"value field with value null": There has been some backpressure against
having variable-type fields in SenML back when its JSON/CBOR structure
was last changed; having a "v":null in there could be problematic (esp.
as its JSON type is fixed to Number in Table 2 of RFC8428). I suggest
having a explicit "delete value" field, eg. "vdel":true.


How would base values work with patch? I figure that it's always the
resolved record that matter, but that should be explicit. In connection
with a "vdel" (or "v":null if it turns out it's OK for it to stay like
that), it might make sense to allow that too (where a "v":n would
override "vdel" or "v":null from an offset of zero) to allow for
efficient batch removal of values.


Security considerations
=======================

"potentially allow retrieving or changing many resources at once" makes
it sound like FETCH and PATCH could reach out to different resources.
They don't (conceptually), they only manipulate what's inside the target
resource (which typically is an aggregation of other resources, as in a
core-interfaces batch). Suggested replacement:

   In FETCH and iPATCH requests, the client can pass arbitrary names to
   the target resource for manipulation. The resource implementer must
   take care to only allow access to names that are actually part of (or
   accessible through) the target resource.
   
   If the client is not allowed to do a GET or PUT on the full target
   resource (and thus all the names accessible through it), access
   control rules must be evaluated for each record in the pack.

(It's fine if someone goes ahead and defines a /senml resource on their
device that is a gate to "everything and anything that can be addressed
in SenML", but that shouldn't be the default assumption).


Best regards
Christian

-- 
You don't become great by trying to be great. You become great by
wanting to do something, and then doing it so hard that you become great
in the process.
  -- Marie Curie (as quoted by Randall Munroe)