The W3C Web of Things (WoT) is intended to enable interoperability across IoT platforms and application domains. One key mechanism for accomplishing this goal is the definition and use of metadata describing the interactions an IoT device or service makes available over the network at a suitable level of abstraction. The WoT Thing Description specification satisfies this objective.

However, in order to use a Thing its Thing Description first has to be obtained. The WoT Discovery process described in this document addresses this problem. WoT Discovery needs to support the distribution of WoT Thing Descriptions in a variety of use cases. This includes ad-hoc and engineered systems; during development and at runtime; and on both local and global networks. The process also needs to work with existing discovery mechanisms, be secure, protect private information, and be able to efficiently handle updates to WoT Thing Descriptions and the dynamic and diverse nature of the IoT ecosystem.

The WoT Discovery process is divided into two phases, Introduction, and Exploration. The Introduction phase leverages existing discovery mechanisms but does not directly expose metadata; they are simply used to discover Exploration services, which provide metadata but only after secure authentication and authorization. This document normatively defines two Exploration services, one for WoT Thing self-description with a single WoT Thing Description and a searchable WoT Thing Description Directory service for collections of Thing Descriptions. A variety of Introduction services are also described and where necessary normative definitions are given to support them.

Introduction Mechanisms

This chapter describes a mechanism for discovering a Thing or a Thing Description Directory. The following mechanism is provided by the Thing or the Thing Description Directory so that Consumers can discover the Thing Description or a URL that point to the Thing Description.

Direct

Any mechanism that results in a single URL. This includes Bluetooth beacons, QR codes, and written URLs to be typed by a user. A request on all such URLs MUST result in a TD as prescribed in [[[#exploration-self]]]. For self-describing Things, this can be the TD of the Thing itself. If the URL references a Thing Description Directory, this MUST be the Directory Description of the Thing Description Directory.

Well-Known URIs

A Thing or Thing Description Directory may use the Well-Known Uniform Resource Identifier [[RFC8615]] to advertise its presence. The Thing or Thing Description Directory registers its own Thing or Directory Description into the following path: /.well-known/wot-thing-description.

When a request is made at the above Well-Known URI, the server MUST return a Thing Description as prescribed in [[[#exploration-self]]].

The service name in Well-Known URI (wot-thing-description) is tentative. "Well-Known URIs" registry and contents of registration request is described in Section 3.1 of [[RFC8615]].

DNS-Based Service Discovery

A Thing or Thing Description Directory may use the DNS-Based Service Discovery (DNS-SD)[[RFC6763]]. This can be also be used to discover them on the same link by combining Multicast DNS (mDNS)[[RFC6762]].

In DNS-SD, format of the Service Instance Name is Instance.Service.Domain. The Service part is a pair of labels following the conventions of [[RFC2782]]. The first label has an underscore followed by the Service Name, and the second label describes the protocol.

The Service Name to indicate the Thing or Thing Description Directory MUST be _wot. And the Service Name to indicate the Thing Description Directory MUST be _directory._sub._wot.

The Service Names _wot and _directory._sub._wot are tentative. The following Service Names are used in the existing implementations: _wot, _device._sub._wot, _directory._sub._wot, _webthing, _wot-servient. To use a Service Name, registration to "Underscored and Globally Scoped DNS Node Names" Registry [[RFC8552]] is required.

In addition, the following information MUST be included in the TXT record that is pointed to by the Service Instance Name:

td: Absolute pathname of the Thing Description of the Thing or Directory Description of the Thing Description Directory.
type: Type of the Thing Description, i.e. Thing or Directory. If omitted, the type is assumed to be Thing.

The following key/value pairs are used in the existing implementations:
retrieve: Absolute path name of the API to get an array of Thing Description IDs from the directory service.
register: Absolute path name of the API to register a Directory Description with the Thing Description Directory.
path: The URI of the thing description on the Web Thing's web server
td: Prefix of directory service API
tls: Value of 1 if the Web Thing supports connections via HTTPS.

and shows example sequences of discovery of Thing and Thing Description Directory using DNS-SD and mDNS.

An example sequence of discovery of Thing using DNS-SD and mDNS

An example sequence of discovery of directory service using DNS-SD and mDNS — An example sequence of discovery of Thing Description Directory using DNS-SD and mDNS

CoRE Link Format and CoRE Resource Directory

A Thing or Thing Description Directory may advertise its presence using the Constrained RESTful Environment (CoRE) Link Format [[RFC6690]]. And, a Thing or Thing Description Directory may use the CoRE Resource Directory [[CoRE-RD]] to register a link to the Thing or Directory Description.

The resource type (rt) of the Link that targets the Thing Description of the Thing MUST be wot.thing. The resource type of the Link that targets the Directory Description of the Thing Description Directory MUST be wot.directory.

The resource types wot.thing and wot.directory are tentative. See also .

DID Documents

A Thing or Thing Description Directory may advertise its presence using the Decentralized Identifier (DID) [[DID-CORE]].

The DID Document obtained by resolving the DID of a Thing or Thing Description Directory MUST contains a Service Endpoint which point to Thing Description of the Thing or Directory Description of the Thing Description Directory.

                    {
                        "service": [{
                            "id": "did:example:wotdiscoveryexample#td",
                            "type": "WotThingDescription",
                            "serviceEndpoint":
                                "https://wot.example.com/.well-known/wot-thing-description"
                        }]
                    }

Exploration Mechanisms

To do: Description of supported explorations, and requirements for new exploration mechanisms.

[[[#exploration-class-diagram]]] depicts the high-level information model for self-describing and directory services. These exploration mechanisms are described in [[[#exploration-self]]] and [[[#exploration-directory]]].

Exploration mechanisms high-level class diagram — The high-level class diagram of the exploration mechanisms

The Thing Description Directory ontology defines two new Thing Description classes that may be used to model special exploratory metadata:

Directory Description

A TD which describes a directory instance. The Directory Description MUST use type `DirectoryDescription` from the discovery context or URI `https://www.w3.org/2021/wot/discovery#DirectoryDescription`.

[[[#directory-thing-description]]] which describes the API of the Thing Description Directory is an example of this TD type.

Link Description

A TD which describes a reference to another TD. The Link Description MUST use type `LinkDescription` from the discovery context or URI `https://www.w3.org/2021/wot/discovery#LinkDescription`. The Link Description MUST define the reference TD as a Link with `describedby` link relation type, `application/td+json` media type and `href` set to the target URL.

[[[#example-td-link-type]]] is an example Link Description.

                    {
                        "@context": [
                            "https://www.w3.org/2019/wot/td/v1",
                            "https://w3c.github.io/wot-discovery/context/discovery-context.jsonld"
                        ],
                        "@type": "LinkDescription",
                        "id": "urn:example:link",
                        "links": [{
                            "rel": "describedby",
                            "href": "https://example.com/td.jsonld",
                            "type": "application/td+json"
                        }],
                        "security": "basic_sc",
                        "securityDefinitions": {
                            "basic_sc": {
                                "scheme": "basic"
                            }
                        },
                        "title": "Example TD referencing another"
                    }

The context and type URIs are tentative and subject to change.

Self-description

The self-description is an exploration mechanism in which a Thing hosts its own TD and exposes it at a URL or through others means. If exposed at a URL (e.g. over HTTP or CoAP), the URL may be advertised via one of the [[[#introduction-mech]]]. The hosted TD may also be registered inside a Thing Description Directory as prescribed in [[[#exploration-directory]]].

The self-description using the following protocols must be according to the given specification:

HTTP

The HTTP-based self-description SHOULD be over HTTPS (HTTP Over TLS). The HTTP server MUST serve the TD with a `GET` method. A successful response MUST have 200 (OK) status, contain `application/td+json` Content-Type header, and the TD in body. The server MAY provide alternative representations through server-driven content negotiation, that is by honouring the request's Accept header and responding with the supported TD serialization and equivalent Content-Type header. The server SHOULD serve the requests after performing necessary authentication and authorization.

Error responses:

401 (Unauthorized): No authentication.
403 (Forbidden): Insufficient rights to the resource.

Directory

To do: Describe mechanisms for TDs to be hosted in a searchable directory service.

Information Model

To Do: Formal definition of information contained in a directory and its organization.

The ontology of a TD stored in a TDD — The ontology of a TD that can be stored in a Thing Description Directory.

As shown in [[[#exploration-class-diagram]]], the Thing Description Directory can contain zero or more TDs. For every TD, the directory additionally maintains the registration information for bookkeeping and search purposes. A TD which embeds the registration information is called an Enriched TD. The ontology of a TD maintained by the directory is illustrated in [[[#directory-td-class-diagram]]].

Registration Information

The following table lists the registration information attributes:

Vocabulary term	Description	Assignment	Type
`created`	Provides information when the TD instance was created inside the directory.	system-generated (read-only)	`dateTime`
`modified`	Provides information when the TD instance was last modified inside the directory.	system-generated (read-only)	`dateTime`

Anonymous TD Identifiers

Anonymous TDs have no `id` (or `@id`) and are considered as blank nodes [[JSON-LD11]]. The server assigns a local identifier to such TDs to allow management and retrieval from the directory. In situations where the server exposes an Anonymous TD, it MUST add the local identifier to the Anonymous TD as a blank node identifier to allow local referencing. Blank node identifiers begin with `_:`. For example, a TD that has local identifier `48951ff3-4019-4e67-b217-dbbf011873dc` will have the following blank node identifier: `_:48951ff3-4019-4e67-b217-dbbf011873dc`.

Directory Service API

The Directory APIs must use secure protocols guaranteeing System User Data authenticity and confidentiality (see [[?WOT-SECURITY]]). The HTTP API MUST be exposed over HTTPS (HTTP Over TLS).

The HTTP API responses must use appropriate status codes described in this section for success and error responses. The HTTP API MUST use the Problem Details [[RFC7807]] format to carry error details in HTTP client error (4xx) and server error (5xx) responses. This enables both machines and humans to know the high-level error class and fine-grained details.

The Problem Details error `type` field is a URI reference which could used to map the occurred error to WoT-specific error class. There are few open issues raising the lack of WoT-specific error types: wot-discovery#44, wot-thing-description#303, wot-scripting-api#200.
For now, `type` can be omitted which defaults to "about:blank", and `title` should be set to HTTP status text.

Below is a generic Thing Description for the Directory HTTP API with OAuth2 security. The Thing Description alone should not be considered as the full specification to implement or interact with a directory. Additional details for every interaction are described in human-readable form in the subsequent sections.

Need to add a css class for normative code blocks, instead of using the `example` class.

The `id` variable need to have a defined type for semantic association with TD's `id` attribute.

The scopes may need to be more concrete to able to allow updates but prevent creation.

Need to confirm if equivalent OpenAPI spec can be easily created out of the TD in [[[#directory-thing-description]]]. If yes, a sentence may be added indicating this possibility.

Registration

The Registration API is a RESTful HTTP API in accordance with the recommendations defined in [[RFC7231]] and [[?REST-IOT]]. The default serialization format for all request and response bodies MUST be JSON, with JSON-LD 1.1 [[JSON-LD11]] syntax to support extensions and semantic processing. Directories MAY accept additional representations based on request's indicated Content-Type or Content-Encoding, and provide additional representations through server-driven content negotiation.

The Registration API MUST provide create, retrieve, update, delete, and listing (CRUDL) interfaces. The operations are described below:

Creation

The API MUST allow registration of a TD object passed as request body. The request SHOULD contain `application/td+json` Content-Type header for JSON serialization of TD. The TD object must be validated in accordance with [[[#validation]]].

A TD which is identified with an `id` attribute MUST be handled differently with one that has no identifier (Anonymous TD). The create operations are specified as `createTD` action in [[[#directory-thing-description]]] and elaborated below:

A TD MUST be submitted to the directory using an HTTP `PUT` request at a target location (HTTP path) containing the unique TD `id`. Upon successful processing, the server MUST respond with 201 (Created) status.
Note: If the target location corresponds to an existing TD, the request shall instead proceed as an Update operation and respond the appropriate status code (see Update section).
An Anonymous TD MUST be submitted to the directory using an HTTP `POST` request. Upon successful processing, the server MUST respond with 201 (Created) status and a Location header containing a system-generated identifier for the TD. The identifier SHOULD be a UUID Version 4 [[RFC4122]]. That is a random or pseudo-random number which does not carry unintended information about the host or the resource.

Error responses:

400 (Bad Request): Invalid serialization or TD. This is accompanied by an appropriate response message.
401 (Unauthorized): No authentication.
403 (Forbidden): Insufficient rights to the resource.

In certain scenarios (e.g. automatic removal of obsolete or accidental registrations), the registration may benefit from an expiration time. The expiration time may be set explicity or relative to the registration time as a time-to-live (TTL) value.

Retrieval

A TD MUST be retrieved from the directory using an HTTP `GET` request, including the identifier of the TD as part of the path. A successful response MUST have 200 (OK) status, contain `application/td+json` Content-Type header, and the requested TD in body. The retrieve operation is specified as `retrieveTD` property in [[[#directory-thing-description]]].

Error responses:

404 (Not Found): TD with the given `id` not found.
401 (Unauthorized): No authentication.
403 (Forbidden): Insufficient rights to the resource.

The following is an example of a retrieved TD:

                                    {
                                        "@context": [
                                            "http://www.w3.org/ns/td",
                                            "https://w3c.github.io/wot-discovery/context/discovery-context.jsonld"
                                        ],
                                        "id": "urn:example:simple-td",
                                        "security": "basic_sc",
                                        "securityDefinitions": {
                                            "basic_sc": {
                                                "scheme": "basic"
                                            }
                                        },
                                        "registration": {
                                            "created": "2021-01-19T17:02:00Z",
                                            "modified": "2021-01-19T17:02:00Z"
                                        },
                                        "title": "Simple TD"
                                    }

This is an Enriched TD which includes the registration information such as the creation and modification time of the TD within the directory.

The example below shows a retrieved Anonymous TD that is in Enriched TD form and has local identifier `48951ff3-4019-4e67-b217-dbbf011873dc` set as its blank node identifier (see [[[#exploration-directory-anonymous-td]]]). Note that `id` is an alias for `@id` from the active context.

                                    {
                                        "@context": [
                                            "http://www.w3.org/ns/td",
                                            "https://w3c.github.io/wot-discovery/context/discovery-context.jsonld"
                                        ],
                                        "id": "_:48951ff3-4019-4e67-b217-dbbf011873dc",
                                        "security": "basic_sc",
                                        "securityDefinitions": {
                                            "basic_sc": {
                                                "scheme": "basic"
                                            }
                                        },
                                        "registration": {
                                            "created": "2021-01-19T17:02:00Z",
                                            "modified": "2021-01-19T17:02:00Z"
                                        },
                                        "title": "Anonymous TD"
                                    }

Update

The API MUST allow modifications to an existing TD as full replacement or partial updates. The update operations are described below:

A modified TD MUST replace an existing one when submitted using an HTTP `PUT` request to the location corresponding to the existing TD. The request SHOULD contain `application/td+json` Content-Type header for JSON serialization of TD. The TD object must be validated in accordance with [[[#validation]]]. Upon success, the server MUST respond with 204 (No Content) status. This operation is specified as `updateTD` property in [[[#directory-thing-description]]].
Note: If the target location does not correspond to an existing TD, the request shall instead proceed as a Create operation and respond the appropriate status code (see Create section). In other words, an HTTP `PUT` request acts as a create or update operation.
An existing TD MUST be partially modified when the modified parts are submitted using an HTTP `PATCH` request to the location corresponding to the existing TD. The partial update MUST be processed using the JSON merge patch format format described in [[RFC7396]]. The request MUST contain `application/merge-patch+json` Content-Type header for JSON serialization of the merge patch document. The input MUST be in Partial TD form and conform to the original TD structure. If the input contains members that appear in the original TD, their values are replaced. If a member do not appear in the original TD, that member is added. If the member is set to `null` but appear in the original TD, that member is removed. Members with object values are processed recursively. After applying the modifications, the TD object must be validated in accordance with [[[#validation]]]. Upon success, the server MUST respond with a 204 (No Content) status. This operation is specified as `updatePartialTD` property in [[[#directory-thing-description]]].

Error responses:

400 (Bad Request): Invalid serialization or TD. This is accompanied by an appropriate response message.
404 (Not Found): TD with the given `id` not found (for `PATCH` only).
401 (Unauthorized): No authentication.
403 (Forbidden): Insufficient rights to the resource.

Deletion

A TD MUST be removed from the directory when an HTTP `DELETE` request is submitted to the location corresponding to the existing TD. A successful response MUST have 204 (No Content) status. The retrieve operation is specified as `deleteTD` property in [[[#directory-thing-description]]].

Error responses:

404 (Not Found): TD with the given `id` not found.
401 (Unauthorized): No authentication.
403 (Forbidden): Insufficient rights to the resource.

Listing

The listing endpoint provides a way to query the collection of TD objects from the directory. The Search API may be used to retrieve TD fragments; see [[[#exploration-directory-api-search]]].

The list of TDs MUST be retrieved from the directory using an HTTP `GET` request. A successful response MUST have 200 (OK) status, contain `application/ld+json` Content-Type header, and an array of TDs in the body.

Serializing and returning the full list of TDs may be burdensome to servers. As such, servers should serialize incrementally and utilize protocol-specific mechanisms to respond in chunks. HTTP/1.1 servers SHOULD perform chunked Transfer-Encoding [[RFC7230]] to respond the data incrementally. Most HTTP/1.1 clients automatically process the data received with chunked transfer encoding. Memory-constrained applications which require the full list should consider processing the received data incrementally. Chunked transfer encoding is not supported in HTTP/2. HTTP/2 servers SHOULD respond the data incrementally using HTTP Frames [[RFC7540]].

There may be scenarios in which clients need to retrieve the collection in small subsets of TDs. While the Search API ([[[#exploration-directory-api-search]]]) does offer the ability to query a specific range, it may not be optimal, nor developer-friendly. The server MAY support pagination to return the collection in small subsets. The pagination must be based on the following rules:

When the `limit` query parameter is set to a positive integer, the server MAY respond with a subset of TDs totalling to less than or equal to the requested number.
When there are more TDs after a returned subset of the collection, the response MUST contain a `next` Link header [[RFC8288]] with the URL of the next subset. The `next` link MUST have the same `limit` argument given on the initial request as well as a zero-based `offset` argument anchored at the beginning of the next subset. The link may be absolute or relative to directory API's base URL. Moreover, it may include additional arguments that are necessary for ordering or session management.
All paged responses MUST contain a `canonical` Link header pointing to the collection and include an `etag` parameter to represent the current state of the collection. The link may be absolute or relative to directory API's base URL. The `etag` value could be a revision number, timestamp, or UUID Version 4, set whenever the TD collection changes in a way that affects the ordering of the TDs. The clients may rely on the `etag` value to know whether the collection remains consistent across paginated retrieval of the collection. For example, creation or deletion of TDs or update of TD fields used for ordering may make shift the calculated paging window.
By default, the collection MUST be sorted alphanumerically by the unique identifier of TDs. The server MAY support sorting by other TD attributes using query arguments: `sort_by` to select a field (e.g. `created`) and `sort_order` to choose the order (i.e. `asc` or `desc` for ascending and descending ordering). If the server does not support custom sorting, it MUST reject the request with 501 (Not Implemented) status. If sorting attributes are accepted, they MUST be added consistently to all `next` links.

The following example provides a walk-through of the paginated retrieval of TDs:

The client requests the list with a `limit` of 10:

                                    GET /td?limit=10 HTTP/1.1   
                                    Host: tdd.example.com

Response:

                                    HTTP/1.1 200 OK
                                    Content-Type: application/ld+json
                                    Link: </td?offset=10&limit=10>; rel="next"
                                    Link: </td>; rel="canonical"; etag="v1"

                                    [{ TD }, ...9 other TDs... ]

The response includes two Link headers with relative URLs: `next` link to query the remaining TDs, `canonical` link referencing the full collection with `etag` value indicating the state of that collection.
The response body is an array of 10 TDs.

The presence of the `next` link implies that subsequent pages should be queried for the remaining TDs. The client requests the next page via the `next` link:

                                    GET /td?offset=10&limit=10 HTTP/1.1   
                                    Host: tdd.example.com

Response:

                                    HTTP/1.1 200 OK
                                    Content-Type: application/ld+json
                                    Link: </td>; rel="canonical"; etag="v1"
    
                                    [{ TD }, { TD }]

The server response has the remaining two TDs. There is no `next` link, because this is the last page. The `etag` value has not changed implying that the collection has remained consistent between the two requests.

The paginated list operation is specified as `retrieveTDs` property in [[[#directory-thing-description]]].

Error responses:

401 (Unauthorized): No authentication.
403 (Forbidden): Insufficient rights to the resource.

Validation

The syntactic validation of TD objects before storage is RECOMMENDED to prevent common erroneous submissions. The server MAY use Thing Description JSON Schema to validate standard TD vocabulary, or a more comprehensive JSON Schema to also validate extensions.

If the server fails to validate the TD object, it MUST inform the client with necessary details to identify and resolve the errors. The validation error MUST be described as Problem Details [[RFC7807]] with an extension field called `validationErrors`, set to an array of objects with `field` and `description` fields. This is necessary to represent the error in a machine-readable way.

[[[#example-validation-error]]] is an example error response with two validation errors.

                                {
                                    "title": "Bad Request",
                                    "status": 400,
                                    "detail": "The input did not pass the JSON Schema validation",
                                    "instance": "/errors/30585584-cce2-4d04-8079-67b33ffdafbc",
                                    "validationErrors": [
                                        {
                                            "field": "(root)",
                                            "description": "security is required"
                                        },
                                        {
                                            "field": "properties.status.forms.0.href",
                                            "description": "Invalid type. Expected: string, given: integer"
                                        }
                                    ]
                                }

This example skips the `type` field due to the current lack of specific error types. See notes in [[[#exploration-directory-api]]].

Management

To do: Other administrative functions not having to do with CRUD of individual records, for example, security configuration. Also, administrator roles may expand the capabilities of administrators for management of records (for instance, the ability to delete a record they did not create).

Notification

The Notification API is to notify clients about the changes to Thing Descriptions maintained within the directory. The Notification API MUST follow the Server-Sent Events [[EVENTSOURCE]] specifications to serve events to clients. In particular, the server responds to successful requests with 200 (OK) status and `text/event-stream` Content Type. Re-connecting clients may continue from the last event by providing the last event ID as `Last-Event-ID` header value. This API is specified as `registration` event in [[[#directory-thing-description]]].

Event Types

The server MUST produce events attributed to the lifecycle of the Thing Descriptions within the directory using `create`, `update`, and `delete` event types.

Event Filtering

The API enables server-side filtering of events to reduce resource consumption by delivering only the events required by clients. Client libraries may offer additional filtering capabilities on the client-side. The server-side filtering is based on query parameters passed to the server at connection time. The filtering behavior is described below:

The server MUST support event filtering based on the event types passed as one or more `type` query parameters. For example, in response to query `?type=create&type=delete`, the server will only deliver events of types `create` and `delete`. At the absence of any `type` query parameter, the server will deliver all types of events.
The server MAY support event filtering based on the search expressions passed as one of `jsonpath`, `xpath`, or `sparql` query parameters. This is to detect changes on particular TDs or attributes and does not not affect the event's data object.
For example, the JSONPath expression `$.properties` will reduce the number of events to TDs that change their `properties` attributes. The resulting events may be for created or deleted TDs with the `properties` attribute or updates to `properties` attribute of existing TDs.
If the server does not support a given search query parameter, it MUST reject the request with 501 (Not Implemented) status. This is to inform the clients about the missing feature at the connection time and prevent unexpected network traffic and events.

Event Data

The event data MUST contain the JSON serialization of the event object. The event data object is a Partial TD or the whole TD object depending on the request:

The event data object MUST at least include the identifier of the TD created, updated, or deleted at that event in Partial TD form.

                                            event: create
                                            data: {"id": "urn:example:simple-td"}

                                            event: delete
                                            data: {"id": "urn:example:simple-td"}

When `full` query parameter is set to `true` and the event has `create` type, the server MAY return the whole TD object as event data.

                                            event: create
                                            data: {
                                            data:     "@context": [
                                            data:         "https://www.w3.org/2019/wot/td/v1",
                                            data:         "https://w3c.github.io/wot-discovery/context/discovery-context.jsonld"
                                            data:     ],
                                            data:     "description": "This is a new TD",
                                            data:     "id": "urn:example:simple-td",
                                            data:     "security": "basic_sc",
                                            data:     "securityDefinitions": {
                                            data:         "basic_sc": {
                                            data:             "scheme": "basic"
                                            data:         }
                                            data:     },
                                            data:     "registration": {
                                            data:         "created": "2021-01-19T17:02:00Z",
                                            data:         "modified": "2021-01-19T17:02:00Z"
                                            data:     },
                                            data:     "title": "Simple TD"
                                            data: }

When `full` query parameter is set to `true` and the event has `update` type, the server MAY inform the client about the updated parts following the JSON Merge Patch [[RFC7396]] format. An `update` event data that is based on JSON Merge Patch [[RFC7396]] MUST always include the identifier of the TD regardless of whether it is changed.
The following example shows the event triggered on update of the TD from [[[#example-create-event-full]]]:
```
                                                event: create
                                                data: {
                                                data:     "description": null,
                                                data:     "id": "urn:example:simple-td",
                                                data:     "title": "Updated TD"
                                                data: }
                                            
```
The `full` query parameter MUST be ignored for `delete` events. In other words, when the `full` query parameter is set to `true` and the event has `delete` type, the server must only provide the identifier in event data.
When a server which does not support the `full` query parameter is requested with such query parameter, it MUST reject the request with 501 (Not Implemented) status. This is to inform the clients about the lack of such functionality at the connection time to avoid runtime exceptions caused by missing event data attributes.

Some early SSE implementations (including HTML5 EventSource) do not allow setting custom headers in the initial HTTP request. Authorization header is required in few OAuth2 flows and passing it as a query parameter is not advised. There are polyfills for browsers and modern libraries which allow setting Authorization header.

Search

Sub-API to search a directory, e.g. issue a query. There are different forms and levels of query possible, for example, syntactic (JSONPath, XPath) vs. semantic (SPARQL), and the more advanced query types may not be supported by all directories. So this API will have further subsections, some of which will be optional. Search also includes a sub-API for managing listing the contents (eg returned by a query) including handling pagination, etc. Note that one special form of query will be able to return everything. Results may be subject to the requestor's authorization.
To discuss further: Federated queries to other TDDs, Spatial and network-limited queries, Links

The Directory has three search APIs: syntactic search with JSONPath [[?JSONPATH]] or XPath [[xpath-31]], and semantic search with SPARQL [[sparql11-overview]]. The Directory MUST implement the syntactic search with JSONPath. The Directory SHOULD implement the syntactic search with XPath. The Directory MAY implement semantic search with SPARQL.

Syntactic search: JSONPath

The API MUST allow searching TDs using an HTTP GET request. The request MUST contain a valid JSONPath [[?JSONPATH]] as searching parameter. A successful response MUST have 200 (OK) status, contain application/json Content-Type header, and in the body a set of complete TDs or a set of TD fragments. The syntactic search with JSONPath is specified as `searchJSONPath` property in [[[#directory-thing-description]]].

List of errors:

400 (Bad Request): JSONPath expression not provided or contains syntax errors.
401 (Unauthorized): No authentication.
403 (Forbidden): Insufficient rights to the resource.

The standardization of JSONPath expressions is in progress by an independent working group.

Syntactic search: XPath

The support for XPath Search API is recommended. If implemented, the XPath query API MUST allow searching TDs using an HTTP GET request. The request MUST contain a valid XPath [[xpath-31]] as search parameter. A successful response MUST have 200 (OK) status, contain application/json Content-Type header, and in the body a set of complete TDs or a set of TD fragments. The syntactic search with XPath is specified as `searchXPath` property in [[[#directory-thing-description]]].

List of errors:

400 (Bad Request): XPath expression not provided or contains syntax errors.
401 (Unauthorized): No authentication.
403 (Forbidden): Insufficient rights to the resource.
501 (Not Implemented): XPath API not supported.

Semantic search: SPARQL

The support for SPARQL Search API is optional. If implemented, the SPARQL search API MUST allow searching TDs using the SPARQL protocol [[sparql11-overview]]. The SPARQL API MUST accept queries using HTTP GET requests. The support for SPARQL search using HTTP POST method is OPTIONAL. UPDATE queries are out of the scope for the API. A successful response MUST have 200 (OK) status, and depending on the type of query contain by default as Content-Type header application/ld+json for CONSTRUCT and DESCRIBE queries or application/json for SELECT or ASK. The response body MAY contain TD fragments or a set of TDs depending on the query. The semantic search with SPARQL is specified as `searchSPARQL` property in [[[#directory-thing-description]]].

List of errors:

400 (Bad Request): SPARQL query not provided or contains syntax errors.
401 (Unauthorized): No authentication.
403 (Forbidden): Insufficient rights to the resource.
501 (Not Implemented): SPARQL API not supported.

A WoT Thing Description Directory MAY implement federation in its SPARQL query API. If implemented, the SPARQL API MUST implement the SPARQL 1.1 Federated Query standard [[sparql11-overview]].

Security and Privacy

Minimum security and privacy requirements for confidentiality, authentication, access control, etc.

Security and Privacy Considerations

Security and privacy are cross-cutting issues that need to be considered in all WoT building blocks and WoT implementations. This chapter summarizes some general issues and guidelines to help preserve the security and privacy of concrete WoT discovery implementations. For a more detailed and complete analysis of security and privacy issues, see the WoT Security and Privacy Guidelines specification [[?WOT-SECURITY]].

The WoT discovery architecture is designed to avoid a dependence on the security and privacy of existing discovery schemes by using a two-phase approach and requiring authorization before metadata release. However several security and privacy risks still exist. These are listed below along with possible mitigations. The level of risk to privacy in particular depends on the use case and whether there is a risk that information related to a person might be distributed in a fashion inconsistent with the privacy desires of that person. We distinguish the following broad classes of use case scenarios:

Institutional: Both the Things producing metadata and the Consumers of that metadata are owned and controlled by an institution or representatives of an institution. Example: Automation in a factory where a control system is accessing the state of an assembly line in order to evaluate quality.
Service: The Things producing metadata are owned and controlled by an institution or representatives of an institution while the consumers are individuals. Example: driver of an electric vehicle accessing the TD for a charge station in order to check status of a charge.
Personal: Both the Things producing metadata and the Consumers of that metadata are owned and controlled by the same individual. Example: A smart home control system for charging an electric car from home-attached solar panels, both home and car owned by the same person.
Personal Peer-to-Peer: The Things producing metadata and the Consumers of that metadata are owned and controlled by different individuals. Example: A smart home control system for charging a guest's electric car from home-attached solar panels.
Institutional Peer-to-Peer: The Things producing metadata and the Consumers of that metadata are owned and controlled by different institutions. Example: A utility provides and manages power delivered to a factory, and the factory provides an interface for the utility to negotiate on-demand power usage reductions.
Client: The Things producing metadata are owned and controlled by an individual while the consumers are an institution or representatives of an institution. Example: A personal electric vehicle exposes an interface to a public charging station so that the charging station can evaluate the charge status of the vehicle.

All of these in fact carry privacy risks. Even in the case of factory automation, there is the chance that data about employee performance would be captured and would have to be managed appropriately.

With these categories established, we will now discuss some specific risks and potential mitigations.

Denial of Service

Certain functions of the directory service, in particular search queries, may require significant resources to execute and this fact can be used to launch DDoS attacks against WoT Thing Description Directory services.

This is mostly of concern in the Service scenario, where the metadata requester is a private individual and the provider is an institution. In some cases this risk may appear in Peer-to-Peer scenarios as well.

Mitigations:

A WoT Thing Description Directory implementation should

Limit the number of queries per unit time from the same reqeuestor
Limit the complexity of queries (for example, the total length of the query expression or its depth)
Use a watchdog timer to abort queries that take more than a certain maximum (implementation-configurable) amount of time.

In cases where queries are refused or aborted appropriate error responses should be returned.

Location Tracking

A discovery service may potentially allow the approximate location of a person to be determined without their consent. This risk occurs in some specific circumstances which can be avoided or mitigated. It is also similar to the risk posed by other network services such as DHCP and DNS.

For this risk to occur, there first has to be an IoT device that can be reliably associated with a person's location, such as a necessary medical device or a vehicle. Note that the risk only applies to personal use cases, not institutional ones. Secondly, the device has to be configured to register automatically with the nearest directory service. In this case, the location of the device can be inferred from the network range of the directory service and the location of the person inferred from the location of the device.

There are a few variants of this:

The TD or Thing could report actual location information so no inferencing by network range is needed;
A directory could support actual search by location;
Absence of a TD in a directory could reveal negative location information (e.g. if a TD times out and is removed from a directory, that means the device has not been present for a while, which could be used to infer that a person is NOT in a particular location, e.g. not at home.

Some of these risks are shared by similar services. For example, DCHP automatically responds to requests for IP addresses on a local network, and devices typically provide an identifier (a MAC address) as part of this process, and the DHCP server maintains a registry. In theory, someone with access to the DHCP server in, say, a cafe, could use this information to track someone's phone and infer their location.

Mitigations:

There are a few options to mitigate this risk:

Disable registration with public directories. Registration would still be possible with personal directories, for example, a home gateway, but a user could disable registration at other locations. This has the disadvantage that functionality is lost: personal devices cannot be discovered in public locations. This could be addressed by having internet-accessible private discovery services (e.g. the home gateway could provide an internet-accessible service, but with access control limiting use to authorized users.
Rotate IDs. Using fixed IDs makes it exceptionally easy to track devices. This problem also occurs in DHCP with MAC address and there is a similar partial mitigation: generate new random IDs periodically. There are however, a few issues. First of all, other identification information in the TD needs to be hidden. For example, client IDs issued by CSPs for API security should be omitted from TDs if they cannot be easily rotated. Second, if the device rotates the ID, the user may still need to know the current ID to find the device via discovery. This can be accomplished however by generating new IDs using a deterministic cryptographic generator that is a function of the current time. However, note that rotating IDs alone does not make tracking impossible since a TD might be fingerprinted. Also, updating an ID might be observable to the owner of the directory service, who could track and record the updated ID. Even if the TD is deleted and reinserted the association could be inferred. This is however exactly parallel to the situation with DHCP and rotation of MAC addresses. In general, however, generating new IDs at least for each service or person to which a TD is supplied makes it harder to connect registration events at different locations and times.
The problem of negative location inferencing can be mitigated by limiting access to private directories, for example in the home, by using access controls. If an attacker cannot access the service, they cannot retreive information to infer location. Access rights provided to guests (Peer-to-Peer Personal) should be appropriately time-limited. Use of long time-to-live values may be approprate in other cases. In addition, TDs should be updated in a directory only when they change. For example, the TD for a car may only be updated when new car firmware is available providing new services, and the time-to-live might be set at one month (covering most absences).
When explicit location information is available, whether stored in a TD or available in a property, additional care should be taken to only share the TD and/or access to the device with trusted partners, including directories. If the TD must be shared with a public directory, the location information can be stripped.

Value	Description	Reference
`wot.thing`	Thing Description of a Thing	[[wot-discovery]],
`wot.directory`	Directory Description of a Thing Description Directory	[[wot-discovery]],

Introduction

Terminology

Architecture

Introduction Mechanisms

Direct

Well-Known URIs

DNS-Based Service Discovery

CoRE Link Format and CoRE Resource Directory

DID Documents

Exploration Mechanisms

Self-description

Directory

Information Model

Registration Information

Anonymous TD Identifiers

Directory Service API

Registration

Creation

Retrieval

Update

Deletion

Listing

Validation

Management

Notification

Search

Syntactic search: JSONPath

Syntactic search: XPath

Semantic search: SPARQL

Security and Privacy

Security and Privacy Considerations

Denial of Service

Location Tracking

IANA Considerations

CoRE Resource Types Registration

Recent Specification Changes

Acknowledgments