Internet-Draft | CDDL control operators | March 2023 |
Bormann | Expires 10 September 2023 | [Page] |
The Concise Data Definition Language (CDDL), standardized in RFC 8610, provides "control operators" as its main language extension point. RFCs have added to this extension point both in an application-specific and a more general way.¶
The present document defines a number of additional generally application control operators for text conversion (Bytes, Integers, JSON), operations on text, and deterministic encoding.¶
Revision -01 of this draft reflects comments from initial discussion of the specification in the CBOR working group. It is intended to be ready for working group adoption.¶
This note is to be removed before publishing as an RFC.¶
The latest revision of this draft can be found at https://cbor-wg.github.io/cddl-more-control/. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-bormann-cbor-cddl-more-control/.¶
Discussion of this document takes place on the Concise Binary Object Representation (CBOR) Maintenance and Extensions Working Group mailing list (mailto:cbor@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/cbor/. Subscribe at https://www.ietf.org/mailman/listinfo/cbor/.¶
Source for this draft and an issue tracker can be found at https://github.com/cbor-wg/cddl-more-control.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 10 September 2023.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The Concise Data Definition Language (CDDL), standardized in [RFC8610], provides "control operators" as its main language extension point (Section 3.8 of [RFC8610]). RFCs have added to this extension point both in an application-specific [RFC9090] and a more general [RFC9165] way.¶
The present document defines a number of additional generally applicable control operators:¶
Name | Purpose |
---|---|
.b64u , .b64c
|
Base64 representation of byte strings |
.b64u-sloppy , .b64c-sloppy
|
(sloppy-tolerant variants of the above) |
.hex , .hexlc , .hexuc
|
Base16 representation of byte strings |
.b32 , .h32
|
Base32 representation of byte strings |
.b45
|
Base45 representation of byte strings |
.decimal
|
Text representation of integer numbers |
.json
|
Text representation of JSON values |
.join
|
Building text from array of components |
.cbordet , .cborseqdet
|
deterministically encoded CBOR data items, CBOR sequences |
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This specification uses terminology from [RFC8610]. In particular, with respect to control operators, "target" refers to the left-hand side operand, and "controller" to the right-hand side operand. "Tool" refers to tools along the lines of that described in Appendix F of [RFC8610]. Note also that the data model underlying CDDL provides for text strings as well as byte strings as two separate types, which are then collectively referred to as "strings".¶
A CDDL model often defines data that are byte strings in essence but need to be transported in various encoded forms, such as base64 or hex. This section defines a number of control operators to model these conversions.¶
The control operators generally are of a form that could be used like this:¶
signature-for-json = text .b64u signature signature = bytes .cbor COSE_Sign1¶
The specification of these control operators is complicated by the large number of transformations in use. Inspired by Section 8 of [STD94], we use representations defined in [RFC4648] with the following names:¶
name | meaning | reference |
---|---|---|
.b64u
|
Base64URL, no padding | Section 5 of [RFC4648] |
.b64u-sloppy
|
Base64URL, no padding, sloppy | Section 5 of [RFC4648] |
.b64c
|
Base64 classic, padding | Section 4 of [RFC4648] |
.b64c-sloppy
|
Base64 classic, padding, sloppy | Section 4 of [RFC4648] |
.b32
|
Base32, no padding | Section 6 of [RFC4648] |
.h32
|
Base32/hex alphabet, no padding | Section 7 of [RFC4648] |
.hex
|
Base16 (hex), either case | Section 8 of [RFC4648] |
.hexlc
|
Base16 (hex), lower case | Section 8 of [RFC4648] |
.hexuc
|
Base16 (hex), upper case | Section 8 of [RFC4648] |
.b45
|
Base45 | [RFC9285] |
Note that this specification is somewhat opinionated here: It does not provide base64url, base32 or base32hex encoding with padding, or base64 classic without padding. Experience indicates that these combinations only ever occur in error, so the usability of CDDL is increased by not providing them in the first place. Also, adding "c" makes sure that any decision for classic base64 is actively taken.¶
The additional designation "sloppy" indicates that the text string is not validated for any additional bits being zero, in variance to what is specified in the paragraph behind table 1 in Section 4 of [RFC4648]. Note that the present specification is opinionated again in not specifying a sloppy variant of base32 or base32/hex, as no legacy use of sloppy base32(/hex) was known at the time of writing. Base45 is known to be suboptimal for use in environments with limited data transparency (such as URLs), but is included because of its close relationship to QR codes and its wide use in health informatics (note that base45 is at least strongly specified not to allow sloppy forms of encoding).¶
name | meaning | reference |
---|---|---|
.decimal
|
Decimal Integer | --- |
This allows the modeling of text strings that carry numeric information, such as in the uint64/int64 formats of YANG-JSON [RFC7951].¶
yang-json-sid = text .decimal (0..9223372036854775807)¶
Again, the specification is opinionated by only providing numbers without leading zeros, i.e., the decimal numbers match the regular expression "0|-?[1-9][0-9]*" (of course, further restricted by the control type). Future specifications can provide octal, hexadecimal, or binary conversions.¶
Some applications store complete JSON texts into text strings, the
JSON value for which can easily be defined in CDDL.
This is supported by a control operator similar to .cbor
in Section 3.8.4 of [RFC8610].¶
name | meaning | reference |
---|---|---|
.json
|
JSON | [STD90] |
embedded-claims = text .json claims claims = {iss: issuer, exp: expiry}¶
Note that a .jsonseq
is not provided, as no use case is known yet.
There is no way to constrain the use of blank space in data items to
be validated; variants (e.g, not providing for any blank space) could
be defined.¶
Often, text strings need to be constructed out of parts that can best be modeled as an array.¶
name | meaning | reference |
---|---|---|
.join
|
concatenate elements of an array | --- |
In general, this control operator is hard to validate as it would require full parser functionality. It is therefore recommended to only use it in simple cases, and leave full parsing to ABNF Section 3 of [RFC9165] or similar.¶
legacy-ip-address = text .join [digits<1>, ".", digits<2>, ".", digits<3>, ".", digits<4>] digits<N> = text .decimal byte<n>¶
[RFC8610] and [RFC8742] specify the control operators .cbor
and
.cborseq
to indicate that the value of a byte string should be an
encoded CBOR data item or a CBOR sequence.¶
This specification provides complementary control operators .cbordet
and .cborseqdet
that indicate that these data items/sequences need
to be encoded in accordance to Sections 4.2.1 and 4.2.2 of [STD94].¶
name | meaning | reference |
---|---|---|
.cbordet
|
deterministically encoded CBOR data item | [RFC8610] |
.cborseqdet
|
CBOR sequence made from deterministically encoded CBOR data items | [RFC8742] |
Note that considerations of deterministic representation at the application level can often be expressed in the CDDL definition of the right-hand side and then do not need additional control operators.¶
This document requests IANA to register the contents of Table 7 into the registry "CDDL Control Operators" of [IANA.cddl]:¶
Name | Reference |
---|---|
.b64u
|
[RFCthis] |
.b64u-sloppy
|
[RFCthis] |
.b64c
|
[RFCthis] |
.b64c-sloppy
|
[RFCthis] |
.b45
|
[RFCthis] |
.b32
|
[RFCthis] |
.h32
|
[RFCthis] |
.hex
|
[RFCthis] |
.hexlc
|
[RFCthis] |
.hexuc
|
[RFCthis] |
.decimal
|
[RFCthis] |
.json
|
[RFCthis] |
.join
|
[RFCthis] |
.cbordet
|
[RFCthis] |
.cborseqdet
|
[RFCthis] |
This section is to be removed before publishing as an RFC.¶
In the CDDL tool described in Appendix F of [RFC8610], the control operators defined in revision -00 of this specification are implemented as of version 0.10.2; implementation of the rest is ongoing.¶
Henk Birkholz suggested the need for many of the control operators defined here.¶