ETSI TS 118 122 V2.3.1 (2020-03)

ETSI TS 118 122 V2.3.1 (2020-03)






TECHNICAL SPECIFICATION
oneM2M;
Field Device Configuration
(oneM2M TS-0022 version 2.3.1 Release 2A)

---------------------- Page: 1 ----------------------
oneM2M TS-0022 version 2.3.1 Release 2A 2 ETSI TS 118 122 V2.3.1 (2020-03)



Reference
RTS/oneM2M-000022v2A
Keywords
configuration, IoT, M2M

ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2020.
All rights reserved.

DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its Members.

3GPP™ and LTE™ are trademarks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and
of the oneM2M Partners.
®
GSM and the GSM logo are trademarks registered and owned by the GSM Association.
ETSI

---------------------- Page: 2 ----------------------
oneM2M TS-0022 version 2.3.1 Release 2A 3 ETSI TS 118 122 V2.3.1 (2020-03)
Contents
Intellectual Property Rights . 5
Foreword . 5
1 Scope . 6
2 References . 6
2.1 Normative references . 6
2.2 Informative references . 7
3 Definition of terms, symbols and abbreviations . 7
3.1 Terms . 7
3.2 Symbols . 7
3.3 Abbreviations . 7
4 Conventions . 8
5 Introduction . 8
6 Architectural Aspects . 8
6.1 Introduction . 8
6.2 Information needed for M2M Service Layer operation . 10
6.2.1 Introduction. 10
6.2.2 Information elements required for M2M Service Layer operation . 10
6.2.2.1 Introduction . 10
6.2.2.2 M2M Service Layer registration information elements . 10
6.2.2.3 Application configuration information elements . 10
6.2.2.4 Authentication profile information elements . 10
6.2.2.5 My certificate file credential information elements . 11
6.2.2.6 Trust anchor credential information elements . 11
6.2.2.7 MAF Client registration configuration information elements . 11
6.2.2.8 MEF Client registration configuration information elements . 11
7 Resource type and data format definitions . 12
7.1 Resource type specializations . 12
7.1.1 Introduction. 12
7.1.2 Resource [registration] . 12
7.1.3 Resource [dataCollection] . 14
7.1.4 Resource [authenticationProfile] . 16
7.1.5 Resource [myCertFileCred] . 20
7.1.6 Resource [trustAnchorCred] . 22
7.1.7 Resource [MAFClientRegCfg] . 24
7.1.8 Resource [MEFClientRegCfg]. 25
7.2 Resource-Type specific procedures and definitions . 27
7.2.1 Introduction. 27
7.2.2 Resource [registration] . 27
7.2.2.1 Introduction . 27
7.2.2.2 Resource specific procedure on CRUD operations . 28
7.2.3 Resource [dataCollection] . 28
7.2.3.1 Introduction . 28
7.2.3.2 Resource specific procedure on CRUD operations . 29
7.2.4 Resource [authenticationProfile] . 29
7.2.4.1 Introduction . 29
7.2.4.2 Resource specific procedure on CRUD operations . 30
7.2.5 Resource [myCertFileCred] . 30
7.2.5.1 Introduction . 30
7.2.5.2 Resource specific procedure on CRUD operations . 31
7.2.6 Resource [trustAnchorCred] . 31
7.2.6.1 Introduction . 31
7.2.6.2 Resource specific procedure on CRUD operations . 32
7.2.7 Resource [MAFClientRegCfg] . 32
ETSI

---------------------- Page: 3 ----------------------
oneM2M TS-0022 version 2.3.1 Release 2A 4 ETSI TS 118 122 V2.3.1 (2020-03)
7.2.7.1 Introduction . 32
7.2.7.2 Resource specific procedure on CRUD operations . 32
7.2.8 Resource [MEFClientRegCfg]. 33
7.2.8.1 Introduction . 33
7.2.8.2 Resource specific procedure on CRUD operations . 33
7.3 Data formats for device configuration . 33
7.3.1 Introduction. 33
7.3.2 Simple oneM2M data types for device configuration . 34
8 Procedures . 34
8.1 life cycle procedures . 34
8.1.1 Introduction. 34
8.1.2 Setting configuration information on resource . 34
8.1.3 Management of resource on ASN/MN/ADN nodes . 35
8.1.3.1 Introduction . 35
8.1.3.2 Management using device management technologies. 35
8.1.3.3 Management using the Mcc reference point . 36
8.1.3.4 Management using the oneM2M IPE technology . 37
8.2 Obtaining authentication credential procedure . 38
8.3 AE and CSE registration procedure. 39
8.4 Enabling data collection by [dataCollection] resource . 39
9 Short Names . 40
9.1 Introduction . 40
9.2 Common and Field Device Configuration specific oneM2M Resource attributes . 40
9.3 Field Device Configuration specific oneM2M Resource types . 41
9.4 oneM2M Complex data type members . 41
History . 42

ETSI

---------------------- Page: 4 ----------------------
oneM2M TS-0022 version 2.3.1 Release 2A 5 ETSI TS 118 122 V2.3.1 (2020-03)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
Foreword
This Technical Specification (TS) has been produced by ETSI Partnership Project oneM2M (oneM2M).
ETSI

---------------------- Page: 5 ----------------------
oneM2M TS-0022 version 2.3.1 Release 2A 6 ETSI TS 118 122 V2.3.1 (2020-03)
1 Scope
The present document specifies the architectural options, resources and procedures needed to pre-provision and
maintain devices in the Field Domain (e.g. ADN, ASN/MN) in order to establish M2M Service Layer operation
between the device's AE and/or CSE and a Registrar and/Hosting CSE. The resources and procedures includes
information about the Registrar CSE and/or Hosting CSE needed by the AE or CSE to begin M2M Service Layer
operation.
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
https://docbox.etsi.org/Reference/.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
[1] ETSI TS 118 111: "oneM2M; Common Terminology (oneM2M TS-0011)".
[2] ETSI TS 118 101: "oneM2M; Functional Architecture (oneM2M TS-0001)".
[3] ETSI TS 118 103: "oneM2M; Security Solutions (oneM2M TS-0003)".
[4] ETSI TS 118 104: "oneM2M; Service Layer Core Protocol (oneM2M TS-0004)".
[5] ETSI TS 118 105: "oneM2M; Management Enablement (OMA) (oneM2M TS-0005)".
[6] ETSI TS 118 106: "oneM2M; Management Enablement (BBF) (oneM2M TS-0006)".
[7] IETF RFC 6920: "Naming Things with Hashes".
[8] IANA Transport Layer Security (TLS) Parameters.
NOTE: Available at http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml.
[9] ETSI TS 118 132: "oneM2M; MAF and MEF Interface Specification (oneM2M TS-0032)".
[10] FIPS PUB 180-4: "Secure Hash Standard (SHS)".
NOTE: Available at http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf.
ETSI

---------------------- Page: 6 ----------------------
oneM2M TS-0022 version 2.3.1 Release 2A 7 ETSI TS 118 122 V2.3.1 (2020-03)
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] oneM2M Drafting Rules.
NOTE: Available at http://www.onem2m.org/images/files/oneM2M-Drafting-Rules.pdf.
[i.2] BBF TR-069: "CPE WAN Management Protocol".
3 Definition of terms, symbols and abbreviations
3.1 Terms
For the purposes of the present document, the terms given in ETSI TS 118 111 [1], ETSI TS 118 101 [2] and the
following apply:
application configuration: procedure that configures an AE on an M2M Node in the Field Domain for M2M Service
Layer operation
authentication profile: security information needed to establish mutually-authenticated secure communications
configuration AE: configure the M2M System, including the M2M Node in the Field Domain
configuration IPE: provides the capability to configure the M2M Node in the Field Domain by interworking the
exchange of information between the M2M Node and the M2M System
credential object: end-point of a security protocol
service layer configuration: procedure that configures a CSE on an M2M Node in the Field Domain for M2M Service
Layer operation
3.2 Symbols
Void.
3.3 Abbreviations
For the purposes of the present document, the abbreviations given in ETSI TS 118 111 [1], ETSI TS 118 101 [2] and
the following apply:
NP Not Present
XML eXtensible Markup Language
XSD XML Schema Definition
ETSI

---------------------- Page: 7 ----------------------
oneM2M TS-0022 version 2.3.1 Release 2A 8 ETSI TS 118 122 V2.3.1 (2020-03)
4 Conventions
The key words "Shall", "Shall not", "May", "Need not", "Should", "Should not" in the present document are to be
interpreted as described in the oneM2M Drafting Rules [i.1].
5 Introduction
Devices in the Field Domain that host oneM2M AEs and CSEs require configuration that permits the AE or CSE to
successfully operate in the M2M Service Layer. ETSI TS 118 101 [2] and ETSI TS 118 103 [3] specifies much of what
is needed to configure these devices in the Field Domain (i.e. ADN, ASN/MN). Specifically, ETSI TS 118 101 [2]
provides:
• Guidance on how a CSE is minimally provisioned in annex E of ETSI TS 118 101 [2] including how a user
AE is established within a Hosting CSE.
• Specification of the general communication flows across the Mca and Mcc reference points in clause 8.
• Specifications for how ASN/MN and ADN nodes and M2M Applications are enrolled in the M2M System
such that the node in the Field domain can establish connectivity with a CSE. TS-0001 heavily relies on
Clause 6 and on the Remote Security Provisioning Framework (RSPF) of ETSI TS 118 103 [3] to specify how
the security credentials of ASN/MN and ADN nodes and M2M Applications are established in the M2M
System for the enrolment of the node or M2M Application in the M2M System.
• Specifications for how the ADN and ASN/MN nodes in the Field Domain are managed using external
management technologies in clause 6.2.4 of ETSI TS 118 101 [2].
• Guidance for how the ADN and ASN/MN nodes in the Field Domain can be configured without the support of
external management technologies in clause 8.1.2.
The above clauses in ETSI TS 118 101 [2] assume that, for a M2M Application to operate in the M2M System, all
required information needed to establish M2M Service operation between a Registrar or Hosting CSE and the AE or
CSE in the Field Domain is configured before registration of the AE or CSE to the M2M System.
The present document specifies the additional architectural elements, resources and procedures necessary to configure
ASN/MN and ADN nodes in the Field Domain in order for that device to establish M2M Service Layer operation.
These architectural elements, resources and procedures are in addition to the architectural elements, resources and
procedures already defined in ETSI TS 118 101 [2] and ETSI TS 118 103 [3].
6 Architectural Aspects
6.1 Introduction
The information needed by the remote AE or CSE in the field domain to establish M2M Service Layer operation uses
the architectural aspects of ETSI TS 118 101 [2] in order to convey the information elements to the ASN/MN or ADN
nodes that host the AE or CSE prior to or during M2M Service Layer operation and to the AE or CSE during M2M
Service Layer operation.
ETSI

---------------------- Page: 8 ----------------------
oneM2M TS-0022 version 2.3.1 Release 2A 9 ETSI TS 118 122 V2.3.1 (2020-03)
Configuration AE
Infrastructure Domain
Mca

IN-CSE
Mcn (ms) Mca
Mcc
Mca
DM Server Configuration IPE
mc
CSE

Mca
unspecified
AE
mc
AE
Field Domain
ADN ASN/MN
mc

Figure 6.1-1: Architectural Aspects for Configuration of ASN/MN and ADN Nodes
Figure 6.1-1 depicts three (3) methods, in which ADN or ASN/MN nodes are configured using the following:
1) Device Management technologies using the mc reference point defined in clause 6 of ETSI TS 118 101 [2].
Using this method, the information that is used to configure the ASN/MN or ADN is described as
resource types that are hosted in the IN-CSE.
2) oneM2M Mcc and Mca reference point when M2M Service Layer operation has been established to the AE or
CSE. Establishment of the M2M Service Layer operation includes actions such as setting up security
associations and registration of the M2M entities as per ETSI TS 118 103 [3] and ETSI TS 118 101 [2].
3) oneM2M IPE technology where the IPE interworks the information exchange between the ADN and ASN/MN
and the IN-CSE. This type of IPE is called a Configuration IPE in order to depict the role and capabilities of
the IPE related to the present document.
NOTE: The reference point between the Configuration IPE and the ADN and ASN/MN is unspecified in the
present document.
In addition, figure 6.1-1 introduces an AE whose role is to configure the IN-CSE and nodes in the Field Domain with
the information needed to establish M2M Service Layer operation. This type of AE is called a Configuration AE in
order to depict the role and capabilities of the AE related to the present document.
The information that is used to configure the ASN/MN or ADN is described as resource types that are
hosted in the IN-CSE.
ETSI

---------------------- Page: 9 ----------------------
oneM2M TS-0022 version 2.3.1 Release 2A 10 ETSI TS 118 122 V2.3.1 (2020-03)
6.2 Information needed for M2M Service Layer operation
6.2.1 Introduction
The Configuration AE provisions the resource types in the IN-CSE and the IN-CSE then interacts with the
DM Server, ADN or ASN/MN node or Configuration IPE in order to configure the AE or CSE on the nodes.
6.2.2 Information elements required for M2M Service Layer operation
6.2.2.1 Introduction
The ASN/MN and ADN in the Field Domain should support the capability to be configured with the
resource types defined in the present document prior to initial registration with a registrar CSE (enrolment phase).
When the AE or CSE has established M2M Service Layer operation with a Registrar CSE (operational phase), the AE
or CSE shall provide the capability to be configured with the resource types defined in the present
document.
6.2.2.2 M2M Service Layer registration information elements
The information elements used for CSE or AEs to register with a Registrar CSE shall include the following information
which depends on the M2M Service Provider:
• PoA information of Registrar CSE.
• Protocol binding to be used between AE or CSE and the Registrar CSE.
• CSE-ID of the CSE hosted on the ASN/MN.
• AE-ID of an AE hosted on an ASN/MN or ADN.
This set of information elements may be linked to a set of authentication profile information elements (see
clause 6.2.2.4) providing the configuration for security association establishment with the Registrar CSE.
6.2.2.3 Application configuration information elements
In order for an AE to operate, the AE may need to know the resource location within the Hosting CSE to maintain its
resource structure. In addition, for resources that are frequently provided by the AE to the Hosting CSE, the AE may be
configured with information that defines how frequently the AE collects or measures the data as well as the frequency at
which that the data is transmitted to the Hosting CSE.
When the Hosting CSE is not the Registrar CSE of the AE, then this set of information elements may be linked to a set
of authentication profile information elements (see clause 6.2.2.4) providing the configuration for establishing End-to-
End Security of Primitives (ESPrim) with the Hosting CSE.
6.2.2.4 Authentication profile information elements
Authentication profile information elements may be required to establish mutually-authenticated secure
communications.
The applicable security framework is identified via a Security Usage Identifier (SUID). Where the security framework
uses TLS or DTLS, a set of permitted TLS cipher suites may be provided. Then the applicable credentials are identified
- with the allowed type of credentials dictated by the SUID.
A security framework can use a pre-provisioned or remotely provisioned symmetric key for establishing
mutually-authenticated secure communications. In both cases, the identifier for the symmetric key is provided. If a
symmetric key is remotely provisioned, then a Remote Security Provisioning Framework (RSPF) should be used as
described in clause 8.3 of ETSI TS 118 103 [3]. Alternatively, the value of the symmetric key may be configured as an
information element of the authentication profile.
ETSI

---------------------- Page: 10 ----------------------
oneM2M TS-0022 version 2.3.1 Release 2A 11 ETSI TS 118 122 V2.3.1 (2020-03)
Certificate-based security frameworks may use one or more trust anchor certificates (also known as "root CA
Certificates" or "root of trust certificates"). Information about trust anchor certificates is provided in the child trust
anchor credential information elements (see clause 6.2.2.5) of the authentication profile.
MAF-based security frameworks use a MAF to facilitate establishing a symmetric key to be used for mutual
authentication. The MAF Client registration configuration credential information elements enable a MAF Client to
perform MAF procedures with the MAF.
6.2.2.5 My certificate file credential information elements
A security framework can use a certificate to authenticate the intended security principal in the Managed Entity to other
security principals, as part of establishing mutually-authenticated secure communications. The certificate can be
pre-provisioned or remotely provisioned, as discussed in ETSI TS 118 103 [3]. If a certificate is remotely
...