ETSI TS 118 122 V2.0.0 (2017-05)

TECHNICAL SPECIFICATION
oneM2M Field Device Configuration
(oneM2M TS-0022 version 2.0.0 Release 2)

oneM2M TS-0022 version 2.0.0 Release 2 2 ETSI TS 118 122 V2.0.0 (2017-05)

Reference
DTS/oneM2M-000022
Keywords
configuration, IoT, M2M
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2017.
All rights reserved.
TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
TM
3GPP and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M logo is protected for the benefit of its Members
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI
oneM2M TS-0022 version 2.0.0 Release 2 3 ETSI TS 118 122 V2.0.0 (2017-05)
Contents
Intellectual Property Rights . 5
Foreword . 5
1 Scope . 6
2 References . 6
2.1 Normative references . 6
2.2 Informative references . 6
3 Definitions and abbreviations . 7
3.1 Definition . 7
3.2 Abbreviations . 7
4 Conventions . 7
5 Introduction . 7
6 Architectural Aspects . 8
6.1 Introduction . 8
6.2 Information needed for M2M Service Layer operation . 9
6.2.1 Introduction. 9
6.2.2 Information elements required for M2M Service Layer operation . 9
6.2.2.1 Introduction . 9
6.2.2.2 M2M Service Layer registration information elements . 9
6.2.2.3 Application configuration information elements . 10
6.2.2.4 Authentication profile information elements . 10
6.2.2.5 My certificate file credential information elements . 10
6.2.2.6 Trust anchor credential information elements . 10
6.2.2.7 MAF Client registration configuration information elements . 11
7 Resource type and data format definitions . 11
7.1 Resource type specializations . 11
7.1.1 Introduction. 11
7.1.2 Resource [registration] . 11
7.1.3 Resource [dataCollection] . 13
7.1.4 Resource [authenticationProfile] . 15
7.1.5 Resource [myCertFileCred] . 19
7.1.6 Resource [trustAnchorCred] . 21
7.1.7 Resource [MAFClientRegCfg] . 23
7.2 Resource-Type specific procedures and definitions . 24
7.2.1 Introduction. 24
7.2.2 Resource [registration] . 24
7.2.2.1 Introduction . 24
7.2.2.2 Resource specific procedure on CRUD operations . 25
7.2.3 Resource [dataCollection] . 25
7.2.3.1 Introduction . 25
7.2.3.2 Resource specific procedure on CRUD operations . 26
7.2.4 Resource [authenticationProfile] . 26
7.2.4.1 Introduction . 26
7.2.4.2 Resource specific procedure on CRUD operations . 27
7.2.5 Resource [myCertFileCred] . 27
7.2.5.1 Introduction . 27
7.2.5.2 Resource specific procedure on CRUD operations . 28
7.2.6 Resource [trustAnchorCred] . 28
7.2.6.1 Introduction . 28
7.2.6.2 Resource specific procedure on CRUD operations . 29
7.2.7 Resource [MAFClientRegCfg] . 29
7.2.7.1 Introduction . 29
7.3 Data formats for device configuration . 30
7.3.1 Introduction. 30
ETSI
oneM2M TS-0022 version 2.0.0 Release 2 4 ETSI TS 118 122 V2.0.0 (2017-05)
7.3.2 Simple oneM2M data types for device configuration . 30
8 Procedures . 30
8.1 life cycle procedures . 30
8.1.1 Introduction. 30
8.1.2 Setting configuration information on resource . 31
8.1.3 Management of resource on ASN/MN/ADN nodes . 31
8.1.3.1 Introduction . 31
8.1.3.2 Management using device management technologies. 31
8.1.3.3 Management using the Mcc reference point . 32
8.1.3.4 Management using the oneM2M IPE technology . 33
8.2 Obtaining authentication credential procedure . 34
8.3 AE and CSE registration procedure. 35
8.4 Enabling data collection by [dataCollection] resource . 35
History . 36

ETSI
oneM2M TS-0022 version 2.0.0 Release 2 5 ETSI TS 118 122 V2.0.0 (2017-05)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This Technical Specification (TS) has been produced by ETSI Partnership Project oneM2M (oneM2M).
ETSI
oneM2M TS-0022 version 2.0.0 Release 2 6 ETSI TS 118 122 V2.0.0 (2017-05)
1 Scope
The present document specifies the architectural options, resources and procedures needed to pre-provision and
maintain devices in the Field Domain (e.g. ADN, ASN/MN) in order to establish M2M Service Layer operation
between the device's AE and/or CSE and a Registrar and/Hosting CSE. The resources and procedures includes
information about the Registrar CSE and/or Hosting CSE needed by the AE or CSE to begin M2M Service Layer
operation.
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
https://docbox.etsi.org/Reference/.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
[1] ETSI TS 118 111: "oneM2M; Common Terminology (oneM2M TS-0011)".
[2] ETSI TS 118 101: "oneM2M; Functional Architecture (oneM2M TS-0001)".
[3] ETSI TS 118 103: "oneM2M; Security solutions (oneM2M TS-0003)".
[4] ETSI TS 118 104: "oneM2M; Service Layer Core Protocol Specification (oneM2M TS-0004)".
[5] ETSI TS 118 105: "oneM2M; Management Enablement (OMA) (oneM2M TS-0005)".
[6] ETSI TS 118 106: "oneM2M; Management Enablement (BBF) (oneM2M TS-0006)".
[7] IETF RFC 6920: "Naming Things with Hashes".
[8] IANA TLS Cipher Suite Registry.
NOTE: Available at http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml.
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] oneM2M Drafting Rules.
NOTE: Available at http://www.onem2m.org/images/files/oneM2M-Drafting-Rules.pdf.
ETSI
oneM2M TS-0022 version 2.0.0 Release 2 7 ETSI TS 118 122 V2.0.0 (2017-05)
3 Definitions and abbreviations
3.1 Definition
For the purposes of the present document, the terms and definitions given in ETSI TS 118 111 [1], ETSI TS 118 101 [2]
and the following apply:
Application Configuration: procedure that configures an AE on an M2M Node in the Field Domain for M2M Service
Layer operation
authentication profile: security information needed to establish mutually-authenticated secure communications
Configuration AE: AE whose role is to configure the M2M System, including the M2M Node in the Field Domain
Configuration IPE: IPE that provides the capability to configure the M2M Node in the Field Domain by interworking
the exchange of information between the M2M Node and the M2M System
credential object: end-point of a security protocol
Service Layer Configuration: procedure that configures a CSE on an M2M Node in the Field Domain for M2M
Service Layer operation
3.2 Abbreviations
For the purposes of the present document, the abbreviations given in ETSI TS 118 111 [1], ETSI TS 118 101 [2] and
the following apply:
MO Managed Object (BBF specified management) or Management Object (OMA specified
management)
NP Not Present
XML eXtensible Markup Language
XSD XML Schema Definition
4 Conventions
The key words "Shall", "Shall not", "May", "Need not", "Should", "Should not" in the present document are to be
interpreted as described in the oneM2M Drafting Rules [i.1].
5 Introduction
Devices in the Field Domain that host oneM2M AEs and CSEs require configuration that permits the AE or CSE to
successfully operate in the M2M Service Layer. ETSI TS 118 101 [2] and ETSI TS 118 103 [3] specifies much of what
is needed to configure these devices in the Field Domain (i.e. ADN, ASN/MN). Specifically, ETSI TS 118 101 [2]
provides:
• Guidance on how a CSE is minimally provisioned in Annex E of the specification including how a user AE is
established within a Hosting CSE.
• Specification of the general communication flows across the Mca and Mcc reference points in clause 8.
• Specifications for how ASN/MN and ADN nodes and M2M Applications are enrolled in the M2M System
such that the node in the Field domain can establish connectivity with a CSE. ETSI TS 118 101 [2] heavily
relies on clause 6 and on the Remote Security Provisioning Framework (RSPF) of ETSI TS 118 103 [3] to
specify how the security credentials of ASN/MN and ADN nodes and M2M Applications are established in the
M2M System for the enrolment of the node or M2M Application in the M2M System.
ETSI
oneM2M TS-0022 version 2.0.0 Release 2 8 ETSI TS 118 122 V2.0.0 (2017-05)
• Specifications for how the ADN and ASN/MN nodes in the Field Domain are managed using external
management technologies in clause 6.2.4 of ETSI TS 118 101 [2].
• Guidance for how the ADN and ASN/MN nodes in the Field Domain can be configured without the support of
external management technologies in clause 8.1.2.
The above clauses in ETSI TS 118 101 [2] assume that, for a M2M Application to operate in the M2M System, all
required information needed to establish M2M Service operation between a Registrar or Hosting CSE and the AE or
CSE in the Field Domain is configured before registration of the AE or CSE to the M2M System.
The present document specifies the additional architectural elements, resources and procedures necessary to configure
ASN/MN and ADN nodes in the Field Domain in order for that device to establish M2M Service Layer operation.
These architectural elements, resources and procedures are in addition to the architectural elements, resources and
procedures already defined in ETSI TS 118 101 [2] and ETSI TS 118 103 [3].
6 Architectural Aspects
6.1 Introduction
The information needed by the remote AE or CSE in the field domain to establish M2M Service Layer operation uses
the architectural aspects of ETSI TS 118 101 [2] in order to convey the information elements to the ASN/MN or ADN
nodes that host the AE or CSE prior to or during M2M Service Layer operation and to the AE or CSE during M2M
Service Layer operation.
Configuration AE
Infrastructure Domain
Mca

IN-CSE
Mcn (ms) Mca
Mcc
Mca
DM Server Configuration IPE
mc
CSE

Mca
unspecified
AE
mc
AE
Field Domain
ADN ASN/MN
mc
Figure 6.1-1: Architectural Aspects for Configuration of ASN/MN and ADN Nodes
ETSI
oneM2M TS-0022 version 2.0.0 Release 2 9 ETSI TS 118 122 V2.0.0 (2017-05)
Figure 6.1-1 depicts three (3) methods, in which ADN or ASN/MN nodes are configured using the following:
1) Device Management technologies using the mc reference point defined in clause 6 of ETSI TS 118 101 [2].
Using this method, the information that is used to configure the ASN/MN or ADN is described as
resource types that are hosted in the IN-CSE.
2) oneM2M Mcc and Mca reference point when M2M Service Layer operation has been established to the AE or
CSE. Establishment of the M2M Service Layer operation includes actions such as setting up security
associations and registration of the M2M entities as per ETSI TS 118 103 [3] and ETSI TS 118 101 [2].
3) oneM2M IPE technology where the IPE interworks the information exchange between the ADN and ASN/MN
and the IN-CSE. This type of IPE is called a Configuration IPE in order to depict the role and capabilities of
the IPE related to the present document.
NOTE: The reference point between the Configuration IPE and the ADN and ASN/MN is unspecified in the
present document.
In addition, figure 6.1-1 introduces an AE whose role is to configure the IN-CSE and nodes in the Field Domain with
the information needed to establish M2M Service Layer operation. This type of AE is called a Configuration AE in
order to depict the role and capabilities of the AE related to the present document.
The information that is used to configure the ASN/MN or ADN is described as resource types that are
hosted in the IN-CSE.
6.2 Information needed for M2M Service Layer operation
6.2.1 Introduction
The Configuration AE provisions the resource types in the IN-CSE and the IN-CSE then interacts with the
DM Server, ADN or ASN/MN node or Configuration IPE in order to configure the AE or CSE on the nodes.
6.2.2 Information elements required for M2M Service Layer operation
6.2.2.1 Introduction
The ASN/MN and ADN in the Field Domain should support the capability to be configured with the
resource types defined in the present document prior to initial registration with a registrar CSE (enrolment phase).
When the AE or CSE has established M2M Service Layer operation with a Registrar CSE (operational phase), the AE
or CSE shall provide the capability to be configured with the resource types defined in the present
document.
6.2.2.2 M2M Service Layer registration information elements
The information elements used for CSE or AEs to register with a Registrar CSE shall include the following information
which depends on the M2M Service Provider:
• PoA information of Registrar CSE.
• Protocol binding to be used between AE or CSE and the Registrar CSE.
• CSE-ID of the CSE hosted on the ASN/MN.
• AE-ID of an AE hosted on an ASN/MN or ADN.
This set of information elements may be linked to a set of authentication profile information elements (see
clause 6.2.2.4) providing the configuration for security association establishment with the Registrar CSE.
ETSI
oneM2M TS-0022 version 2.0.0 Release 2 10 ETSI TS 118 122 V2.0.0 (2017-05)
6.2.2.3 Application configuration information elements
In order for an AE to operate, the AE may need to know the resource location within the Hosting CSE to maintain its
resource structure. In addition, for resources that are frequently provided by the AE to the Hosting CSE, the AE may be
configured with information that defines how frequently the AE collects or measures the data as well as the frequency at
which that the data is transmitted to the Hosting CSE.
When the Hosting CSE is not the Registrar CSE of the AE, then this set of information elements may be linked to a set
of authentication profile information elements (see clause 6.2.2.4) providing the configuration for establishing
End-to-End Security of Primitives (ESPrim) with the Hosting CSE.
6.2.2.4 Authentication profile information elements
Authentication profile information elements may be required to establish mutually-authenticated secure
communications.
The applicable security framework is identified via a Security Usage Identifier (SUID). Where the security framework
uses TLS or DTLS, a set of permitted TLS ciphersuites may be provided. Then the applicable credentials are identified -
with the allowed type of credentials dictated by the SUID.
A security framework can use a pre-provisioned or remotely provisioned symmetric key for establishing mutually-
authenticated secure communications. In this cases, the identifier for the symmetric key is provided. If a symmetric key
is remotely provisioned, then a Remote Security Provisioning Framework (RSPF) should be used as described in
clause 8.3 of ETSI TS 118 103 [3]. Alternatively, the value of the symmetric key may be configured as an information
element of the authentication profile.
Certificate-based security frameworks may use one or more trust anchor certificates (also known as "root CA
Certificates" or "root of trust certificates"). Information about trust anchor certificates is provided in the child trust
anchor credential information elements (see clause 6.2.2.5) of the authentication profile.
MAF-based security frameworks use a MAF to facilitate establishing a symmetric key to be used for mutual
authentication. The MAF Client registration configuration credential information elements enable a MAF Client to
perform MAF procedures with the MAF.
6.2.2.5 My certificate file credential information elements
A security framework can use a certificate to authenticate the intended security principal in the Managed Entity to other
security principals, as part of establishing mutually-authenticated secure communications. The certificate can be pre-
provisioned or remotely provisioned, as discussed in ETSI TS 118 103 [3]. If a certificate is remotely provisioned, then
a Remote Security Provisioning Framework (RSPF) should be used as described in clause 8.3 of ETSI TS 118 103 [3],
or my certificate file credential information elements may be configured to the Managed Entity as described in the
present specification.
My certificate file credential information elements include the media type of file containing the certificate, the file
containing the certificate, and a list of Security Usage Identifiers (SUID) for which the certificate may be used.
6.2.2.6 Trust anchor credential information elements
A security framework can use one or more trust anchor certificates (also known as "root Certificate Authority
certificates" or" root of trust certificates"). These trust anchor certificates are used by a security principal on the
Managed Entity for validating certificates of other security principals as part of establishing mutually-authenticated
secure communications.
The trust anchor credential information elements include a hash-value-based identifier of the trust anchor certificate,
along with a URL from which the trust anchor certificate can be retrieved. The Managed Entity can compute the hash
value for the locally stored trust anchor certificates to determine if there is a match with the hash value in the
information elements. If there is no match for the trust anchor certificates in local storage, then the Managed Entity
retrieves the trust anchor certificate from the URL, and verifies that the hash value of the retrieved trust anchor
certificate is a match for the hash value in the information elements.
ETSI
oneM2M TS-0022 version 2.0.0 Release 2 11 ETSI TS 118 122 V2.0.0 (2017-05)
6.2.2.7 MAF Client registration configuration information elements
A security framework can use a MAF to establish symmetric key in a security principal in the Managed Entity and one
or more other security principals, with the symmetric key used for establishing mutually-authenticated secure
communications between the security principals. In this case, the security principals are MAF Clients. The security
principal in the Managed Entity shall perform the MAF Client registration procedure, described in clause 8.8.2.3 of
ETSI TS 118 103 [3] before the MAF facilitates establishing the symmetric keys.
The MAF Client registration configuration information elements configure the security principal in the Managed Entity
for the MAF Client registration procedure, as described in clause 8.8.3.2 of ETSI TS 118 103 [3].
7 Resource type and data format definitions
7.1 Resource type specializations
7.1.1 Introduction
The present clause specifies resource specializations used to configure AEs or CSEs on ADN or ASN/MN
nodes in the Field Domain in order to establish M2M Service Layer operation.
Table 7.1.1-1 shows summary of defined resource specializations in the present document.
Table 7.1.1-1: Summary of defined resources
mgmtDefinition Intended use Note
registration Service Layer Configuration information needed to register an AE This is M2M Service
or CSE with a Registrar CSE. Provider dependent.
dataCollection Application Configuration information needed to establish This is M2M Application
collection of data within the AE and transmit the data to the dependent.
Hosting CSE using and resource
types.
authenticationProfile Security information needed to establish mutually-authenticated
secure communications.
myCertFileCred Configuring a file containing a certificate and associated
information.
trustAnchorCred Identifies a trust anchor certificate and provides a URL from which
the certificate can be retrieved. The trust anchor certificate can be
used to validate a certificate which the Managed Entity uses to
authenticate another entity.
MAFClientRegCfg Instructions for performing the MAF Client Registration procedure
with a MAF. Links to an Authentication Profile instance.

7.1.2 Resource [registration]
This specialization of is used to convey the service layer configuration information needed to register an
AE or CSE with a Registrar CSE.
ETSI
oneM2M TS-0022 version 2.0.0 Release 2 12 ETSI TS 118 122 V2.0.0 (2017-05)
[re gist ratio n]
mgmtDe finit ion
0.1(L)
objectIDs
0.1(L)
obje ctPaths
0.1
descr iption
or iginator ID
PoA
0.1
appID
0.1
exte rnalID
0.1
tr igger Re ceipie ntID
0.1
mg mt Li nk
0.n
s ubs criptio n
Figure 7.1.2-1: Structure of [registration] resource
The [registration] resource shall contain the child resource specified in table 7.1.2-1.
Table 7.1.2-1: Child resources of [registration] resource
Child Resources of [registration] Child Resource Type Multiplicity Description
[variable] 0.n See clause 9.6.8 of ETSI TS 118 101 [2]

ETSI
oneM2M TS-0022 version 2.0.0 Release 2 13 ETSI TS 118 122 V2.0.0 (2017-05)
The [registration] resource shall contain the attributes specified in table 7.1.2-2.
Table 7.1.2-2: Attributes of [registration] resource
RW/
Attributes of
Multiplicity RO/ Description
[reboot]
WO
resourceType 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
resourceID 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
resourceName
1 WO See clause 9.6.1.3 of ETSI TS 118 101 [2].
parentID 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
expirationTime 1 RW See clause 9.6.1.3 of ETSI TS 118 101 [2].
accessControlPolicyIDs 0.1 (L) RW See clause 9.6.1.3 of ETSI TS 118 101 [2].
creationTime 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
lastModifiedTime 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
labels
0.1(L) RW See clause 9.6.1.3 of ETSI TS 118 101 [2].
mgmtDefinition 1 WO See clause 9.6.15 of ETSI TS 118 101 [2]. This attribute shall
have the fixed value "registration".
objectIDs
0.1 (L) RW See clause 9.6.15 of ETSI TS 118 101 [2].
objectPaths
0.1 (L) RW See clause 9.6.15 of ETSI TS 118 101 [2].
description 0.1 RW See clause 9.6.15 of ETSI TS 118 101 [2].
originatorID 0.1 RW CSE-ID of the CSE hosted on the ASN/MN or the AE-ID of an
AE hosted on an ASN/MN or ADN node.
If the setting is for a CSE, then this attribute shall be present.
poA 1 RW The point of access URI of the Registrar CSE. See note.
appID
0.1 RW The App-ID of an AE. This attribute shall only be present when
this resource is used for the registration of an AE.
externalID 0.1 RW The M2M-Ext-ID of the ASN/MN CSE. This attribute can be
present when the originatorID is a CSE-ID and the CSE uses
the dynamic registration defined in clause 7.1.10 Trigger
Recipient Identifier of ETSI TS 118 101 [2].
triggerRecipientID 0.1 RW The Trigger-Recipient-ID of the ASN/MN CSE. This attribute
can be present when the originatorID is a CSE-ID and the CSE
uses the dynamic registration defined in clause 7.1.10 Trigger
Recipient Identifier of ETSI TS 118 101 [2].
mgmtLink 0.1 RW A link to a resource instance containing the
information for establishing a security association with the
Registrar CSE.
NOTE: Protocol binding is determined from the protocol schema in this URI.

7.1.3 Resource [dataCollection]
This specialization of is used to convey the application configuration information needed by an AE to
collect data and then transmit the data to a Hosting CSE.
ETSI
oneM2M TS-0022 version 2.0.0 Release 2 14 ETSI TS 118 122 V2.0.0 (2017-05)

Figure 7.1.3-1: Structure of [dataCollection] resource
The [dataCollection] resource shall contain the child resource specified in table 7.1.3-1.
Table 7.1.3-1: Child resources of [dataCollection] resource
Child Resources of
Child Resource Type Multiplicity Description
[dataCollection]
[variable] 0.n See clause 9.6.8 of ETSI TS 118 101 [2]

ETSI
oneM2M TS-0022 version 2.0.0 Release 2 15 ETSI TS 118 122 V2.0.0 (2017-05)
The [dataCollection] resource shall contain the attributes specified in table 7.1.3-2.
Table 7.1.3-2: Attributes of [dataCollection] resource
RW/
Attributes of
Multiplicity RO/ Description
[reboot]
WO
resourceType 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
resourceID 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
resourceName
1 WO See clause 9.6.1.3 of ETSI TS 118 101 [2].
parentID 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
expirationTime 1 RW See clause 9.6.1.3 of ETSI TS 118 101 [2].
accessControlPolicyIDs 0.1 (L) RW See clause 9.6.1.3 of ETSI TS 118 101 [2].
creationTime 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
lastModifiedTime 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
labels
0.1(L) RW See clause 9.6.1.3 of ETSI TS 118 101 [2].
mgmtDefinition 1 WO See clause 9.6.15 of ETSI TS 118 101 [2]. This attribute shall
have the fixed value "dataCollection".
objectIDs
0.1 (L) RW See clause 9.6.15 of ETSI TS 118 101 [2].
objectPaths
0.1 (L) RW See clause 9.6.15 of ETSI TS 118 101 [2].
description 0.1 RW See clause 9.6.15 of ETSI TS 118 101 [2].
containerPath 1 RW The URI of the resource in the hosting CSE that
stores the data transmitted by the device.
reportingSchedule 0.1 RW The frequency interval, in seconds, used to transmit the data to
the Hosting CSE.
measurementSchedule
0.1 RW The frequency interval, in seconds, that the device will use to
collect or measure the data.
7.1.4 Resource [authenticationProfile]
The [authenticationProfile] specialization is used to convey the configuration information regarding
establishing mutually-authenticated secure communications. The security principal using this configuration information
can be a CSE or AE or the Managed ADN/ASN/MN acting as security principal on behalf of AEs on the Node.
An [authenticationProfile] instance identifies a security framework, TLS ciphersuites, and credentials to be used. The
applicable security framework is identified by the SUID attribute. The interpretation of SUID is specified in
table 7.1.4-3.
NOTE 1: The present document only provides management objects which use [authenticationProfile]
specializations for identifying SAEF credentials, ESPrim credentials and credentials for mutual
authentication with a M2M Authentication Function (MAF).
The [authenticationProfile] resource does not include any credentials, but either identifies credentials which are stored
locally on the Managed Entity or identifies an M2M Authentication Function (MAF) which is to be used to facilitate
establishing symmetric keys. The intended security principal on the Managed Entity is the security principal which can
use either all the credentials identified by the [authenticationProfile] resource, or (in the case that a MAF is identified)
all of the credentials required for mutual authentication with the MAF.
NOTE 2: The other security principal can be any of the following: CSE; AE; an Node terminating the security
protocol on behalf of AE on Node; and an M2M Authentication Function (MAF).
ETSI
oneM2M TS-0022 version 2.0.0 Release 2 16 ETSI TS 118 122 V2.0.0 (2017-05)
[authenticationProfile]
mgmtDefinition
0.1(L)
objectI Ds
0.1(L)
objectPaths
0.1
descr iption
SUID
0.1
TLSCiphersuites
0.1
sy mmKey I D
0.1
sy mmKeyValue
0.1
MAFFQDN
0.1
MAFKey RegDurat ion
0.1
my Cer tFingerprint
0.1
rawPublicKeyI D
0.1 (L)
mgmtLink
0.n

Figure 7.1.4-1: Structure of [authenticationProfile]
The [authenticationProfile] resource shall contain the child resource specified in table 7.1.4-1.
Table 7.1.4-1: Child resources of [authenticationProfile] resource
Child Resources of Child Resource
Multiplicity Description
[authenticationProfile] Type
[variable] 0.n See clause 9.6.8 of ETSI TS 118 101 [2]

ETSI
oneM2M TS-0022 version 2.0.0 Release 2 17 ETSI TS 118 122 V2.0.0 (2017-05)
The [authenticationProfile] resource shall contain the attributes specified in table 7.1.4-2.
Table 7.1.4-2: Attributes of [authenticationProfile] resource
RW/
Attributes of
Multiplicity RO/ Description
[authenticationProfile]
WO
resourceType 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
resourceID 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
resourceName
1 WO See clause 9.6.1.3 of ETSI TS 118 101 [2].
parentID 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
expirationTime 1 RW See clause 9.6.1.3 of ETSI TS 118 101 [2].
accessControlPolicyIDs 0.1 (L) RW See clause 9.6.1.3 of ETSI TS 118 101 [2].
creationTime 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
lastModifiedTime 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
labels
0.1(L) RW See clause 9.6.1.3 of ETSI TS 118 101 [2].
mgmtDefinition 1 WO See clause 9.6.15 of ETSI TS 118 101 [2]. This attribute shall
have the fixed value "authenticationProfile".
objectIDs
0.1 (L) RW See clause 9.6.15 of ETSI TS 118 101 [2].
objectPaths
0.1 (L) RW See clause 9.6.15 of ETSI TS 118 101 [2].
description 0.1 RW See clause 9.6.15 of ETSI TS 118 101 [2].
SUID 1 WO Describes how the authentication profile is to be used. Further
details about interpretation of each SUID are specified in
clause 7.1.4.2 of the present document.
TLSCiphersuites 0.1 RW If the security framework identified by SUID uses TLS, then this
attributes provides a list of allowed TLS ciphersuites.
symmKeyID 0.1 WO Present when a symmetric key is to be used for mutual
authentication. Identifier for a symmetric key already stored
locally on the Managed Entity, or to be provisioned to the
Managed Entity.
symmKeyValue 0.2 WO Optionally present when a symmetric key is to be used for
mutual authentication. Contains the value of the symmetric key
to be used for mutual authentication.
MAFFQDN 0.1 WO Present when a MAF is to be used to facilitate establishing a
symmetric key for mutual authentication. Identifies the MAF.
MAFKeyRegDuration
0.1 WO Present when a MAF is to be used to facilitate establishing one
or more symmetric keys for mutual authentication. Provides the
maximum duration for which an established symmetric key
may be used.
mycertFingerprint 0.1 WO Present when certificate-based authentication is to be used.
Provides a hash value for identifying the certificate to be used
by the intended security principal on the Managed Entity to
authenticate itself to other security principals.
rawPubKeyID 0.1 WO Present when certificate-based authentication is to be used
and the other security principal will authenticate itself with a
Raw Public Key Certificate.
mgmtLink 0.1(L) RW List of references pointing to [trustAnchorCred] resources.

ETSI
oneM2M TS-0022 version 2.0.0 Release 2 18 ETSI TS 118 122 V2.0.0 (2017-05)
Table 7.1.4-3: SUID which are currently supported in the [authenticationProfile] resource,
along with reference to the authentication procedure
in ETSI TS 118 103 [3] and mapping to symmetric key
Value Interpretation (see note) Authentication Derived Symmetric DTLS/TLS Notes
Procedure in Key
ETSI TS 118 103 [3]
10 A pre-provisioned symmetric key 8.3.2.1 Kpm See TLS-PSK Profile in
intended to be shared with a MEF clause 10.2.2 of ETSI
TS 118 103 [3]
11 A pre-provisioned symmetric key 8.8.2.2 Km
intended to be shared with a MAF
12 A pre-provisioned symmetric key 8.2.2.1 Kpsa
intended for use in a Security
Associated Establishment Framework
(SAEF)
13 A pre-provisioned symmetric key 8.4.2 pairwiseESPrimKey DTLS/TLS is not used
intended for use in End-to-End
Security of Primitives (ESPrim)
21 A symmetric key, provisioned via a RSPF: 8.3.1.2 Km See TLS-PSK Profile in
Remote Security Provisioning MAF: 8.8.2.2, 8.8.3.1 clause 10.2.2 of ETSI
Framework (RSPF), and intended to TS 118 103 [3]
be shared with a MAF
22 A symmetric key, provisioned via a RSPF: 8.3.1.2 Kpsa
RSPF, and intended for use in a SAEF: 8.2.2.1, 9.1.1.1
SAEF
23 A symmetric key, provisioned via a RSPF: 8.3.1.2 pairwiseESPrimKey DTLS/TLS is not used
RSPF, and intended for use in ESPRIM: 8.4.2
ESPrim
32 A MAF-distributed symmetric key MAF: 8.8.2.7, 8.8.3.3 Kpsa See TLS-PSK Profile in
intended for use in a SAEF SAEF: 8.2.2.3, 9.1.1.1 clause 10.2.2 of ETSI
33 A MAF-distributed symmetric key MAF: 8.8.2.7, 8.8.3.3 pairwiseESPrimKey TS 118 103 [3]
intended for use in ESPrim ESPRIM: 8.4.2
40 A certificate intended to be shared 8.3.2.2 NP See certificate-based
with a MEF TLS profile in
clause 10.2.3 of ETSI
41 A certificate intended to be shared 8.8.2.2 NP
with a MAF TS 118 103 [3]
42 A certificate intended for use in a 8.2.2.2 NP
Security Associated Establishment
Framework (SAEF)
43 A certificate intended for use in End- ESCertKE: 8.7 NP For ESCertKE, see
to-End Security Certificate-based Key ESPrim: 8.4.2 certificate-based TLS
Establishment (ESCertKE) to profile in clause 10.2.3
establish a pairwiseESPrimKey for of ETSI TS 118 103
End-to-End Security of Primitives [3]. For ESPrim,
(ESPrim) DTLS/TLS is not used
NOTE: The interpretation is copied from definition of m2m:suid in ETSI TS 118 104 [4]. The ETSI TS 118 104 [4]
description takes precedence.
The Managed Entity shall allow only TLS ciphersuites identified in TLSCiphers
...