ETSI TS 118 122 V2.3.1 (2020-03)

TECHNICAL SPECIFICATION
oneM2M;
Field Device Configuration
(oneM2M TS-0022 version 2.3.1 Release 2A)

oneM2M TS-0022 version 2.3.1 Release 2A 2 ETSI TS 118 122 V2.3.1 (2020-03)

Reference
RTS/oneM2M-000022v2A
Keywords
configuration, IoT, M2M
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2020.
All rights reserved.
DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its Members.

3GPP™ and LTE™ are trademarks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and
of the oneM2M Partners. ®
GSM and the GSM logo are trademarks registered and owned by the GSM Association.
ETSI
oneM2M TS-0022 version 2.3.1 Release 2A 3 ETSI TS 118 122 V2.3.1 (2020-03)
Contents
Intellectual Property Rights . 5
Foreword . 5
1 Scope . 6
2 References . 6
2.1 Normative references . 6
2.2 Informative references . 7
3 Definition of terms, symbols and abbreviations . 7
3.1 Terms . 7
3.2 Symbols . 7
3.3 Abbreviations . 7
4 Conventions . 8
5 Introduction . 8
6 Architectural Aspects . 8
6.1 Introduction . 8
6.2 Information needed for M2M Service Layer operation . 10
6.2.1 Introduction. 10
6.2.2 Information elements required for M2M Service Layer operation . 10
6.2.2.1 Introduction . 10
6.2.2.2 M2M Service Layer registration information elements . 10
6.2.2.3 Application configuration information elements . 10
6.2.2.4 Authentication profile information elements . 10
6.2.2.5 My certificate file credential information elements . 11
6.2.2.6 Trust anchor credential information elements . 11
6.2.2.7 MAF Client registration configuration information elements . 11
6.2.2.8 MEF Client registration configuration information elements . 11
7 Resource type and data format definitions . 12
7.1 Resource type specializations . 12
7.1.1 Introduction. 12
7.1.2 Resource [registration] . 12
7.1.3 Resource [dataCollection] . 14
7.1.4 Resource [authenticationProfile] . 16
7.1.5 Resource [myCertFileCred] . 20
7.1.6 Resource [trustAnchorCred] . 22
7.1.7 Resource [MAFClientRegCfg] . 24
7.1.8 Resource [MEFClientRegCfg]. 25
7.2 Resource-Type specific procedures and definitions . 27
7.2.1 Introduction. 27
7.2.2 Resource [registration] . 27
7.2.2.1 Introduction . 27
7.2.2.2 Resource specific procedure on CRUD operations . 28
7.2.3 Resource [dataCollection] . 28
7.2.3.1 Introduction . 28
7.2.3.2 Resource specific procedure on CRUD operations . 29
7.2.4 Resource [authenticationProfile] . 29
7.2.4.1 Introduction . 29
7.2.4.2 Resource specific procedure on CRUD operations . 30
7.2.5 Resource [myCertFileCred] . 30
7.2.5.1 Introduction . 30
7.2.5.2 Resource specific procedure on CRUD operations . 31
7.2.6 Resource [trustAnchorCred] . 31
7.2.6.1 Introduction . 31
7.2.6.2 Resource specific procedure on CRUD operations . 32
7.2.7 Resource [MAFClientRegCfg] . 32
ETSI
oneM2M TS-0022 version 2.3.1 Release 2A 4 ETSI TS 118 122 V2.3.1 (2020-03)
7.2.7.1 Introduction . 32
7.2.7.2 Resource specific procedure on CRUD operations . 32
7.2.8 Resource [MEFClientRegCfg]. 33
7.2.8.1 Introduction . 33
7.2.8.2 Resource specific procedure on CRUD operations . 33
7.3 Data formats for device configuration . 33
7.3.1 Introduction. 33
7.3.2 Simple oneM2M data types for device configuration . 34
8 Procedures . 34
8.1 life cycle procedures . 34
8.1.1 Introduction. 34
8.1.2 Setting configuration information on resource . 34
8.1.3 Management of resource on ASN/MN/ADN nodes . 35
8.1.3.1 Introduction . 35
8.1.3.2 Management using device management technologies. 35
8.1.3.3 Management using the Mcc reference point . 36
8.1.3.4 Management using the oneM2M IPE technology . 37
8.2 Obtaining authentication credential procedure . 38
8.3 AE and CSE registration procedure. 39
8.4 Enabling data collection by [dataCollection] resource . 39
9 Short Names . 40
9.1 Introduction . 40
9.2 Common and Field Device Configuration specific oneM2M Resource attributes . 40
9.3 Field Device Configuration specific oneM2M Resource types . 41
9.4 oneM2M Complex data type members . 41
History . 42

ETSI
oneM2M TS-0022 version 2.3.1 Release 2A 5 ETSI TS 118 122 V2.3.1 (2020-03)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
Foreword
This Technical Specification (TS) has been produced by ETSI Partnership Project oneM2M (oneM2M).
ETSI
oneM2M TS-0022 version 2.3.1 Release 2A 6 ETSI TS 118 122 V2.3.1 (2020-03)
1 Scope
The present document specifies the architectural options, resources and procedures needed to pre-provision and
maintain devices in the Field Domain (e.g. ADN, ASN/MN) in order to establish M2M Service Layer operation
between the device's AE and/or CSE and a Registrar and/Hosting CSE. The resources and procedures includes
information about the Registrar CSE and/or Hosting CSE needed by the AE or CSE to begin M2M Service Layer
operation.
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
https://docbox.etsi.org/Reference/.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
[1] ETSI TS 118 111: "oneM2M; Common Terminology (oneM2M TS-0011)".
[2] ETSI TS 118 101: "oneM2M; Functional Architecture (oneM2M TS-0001)".
[3] ETSI TS 118 103: "oneM2M; Security Solutions (oneM2M TS-0003)".
[4] ETSI TS 118 104: "oneM2M; Service Layer Core Protocol (oneM2M TS-0004)".
[5] ETSI TS 118 105: "oneM2M; Management Enablement (OMA) (oneM2M TS-0005)".
[6] ETSI TS 118 106: "oneM2M; Management Enablement (BBF) (oneM2M TS-0006)".
[7] IETF RFC 6920: "Naming Things with Hashes".
[8] IANA Transport Layer Security (TLS) Parameters.
NOTE: Available at http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml.
[9] ETSI TS 118 132: "oneM2M; MAF and MEF Interface Specification (oneM2M TS-0032)".
[10] FIPS PUB 180-4: "Secure Hash Standard (SHS)".
NOTE: Available at http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf.
ETSI
oneM2M TS-0022 version 2.3.1 Release 2A 7 ETSI TS 118 122 V2.3.1 (2020-03)
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] oneM2M Drafting Rules.
NOTE: Available at http://www.onem2m.org/images/files/oneM2M-Drafting-Rules.pdf.
[i.2] BBF TR-069: "CPE WAN Management Protocol".
3 Definition of terms, symbols and abbreviations
3.1 Terms
For the purposes of the present document, the terms given in ETSI TS 118 111 [1], ETSI TS 118 101 [2] and the
following apply:
application configuration: procedure that configures an AE on an M2M Node in the Field Domain for M2M Service
Layer operation
authentication profile: security information needed to establish mutually-authenticated secure communications
configuration AE: configure the M2M System, including the M2M Node in the Field Domain
configuration IPE: provides the capability to configure the M2M Node in the Field Domain by interworking the
exchange of information between the M2M Node and the M2M System
credential object: end-point of a security protocol
service layer configuration: procedure that configures a CSE on an M2M Node in the Field Domain for M2M Service
Layer operation
3.2 Symbols
Void.
3.3 Abbreviations
For the purposes of the present document, the abbreviations given in ETSI TS 118 111 [1], ETSI TS 118 101 [2] and
the following apply:
NP Not Present
XML eXtensible Markup Language
XSD XML Schema Definition
ETSI
oneM2M TS-0022 version 2.3.1 Release 2A 8 ETSI TS 118 122 V2.3.1 (2020-03)
4 Conventions
The key words "Shall", "Shall not", "May", "Need not", "Should", "Should not" in the present document are to be
interpreted as described in the oneM2M Drafting Rules [i.1].
5 Introduction
Devices in the Field Domain that host oneM2M AEs and CSEs require configuration that permits the AE or CSE to
successfully operate in the M2M Service Layer. ETSI TS 118 101 [2] and ETSI TS 118 103 [3] specifies much of what
is needed to configure these devices in the Field Domain (i.e. ADN, ASN/MN). Specifically, ETSI TS 118 101 [2]
provides:
• Guidance on how a CSE is minimally provisioned in annex E of ETSI TS 118 101 [2] including how a user
AE is established within a Hosting CSE.
• Specification of the general communication flows across the Mca and Mcc reference points in clause 8.
• Specifications for how ASN/MN and ADN nodes and M2M Applications are enrolled in the M2M System
such that the node in the Field domain can establish connectivity with a CSE. TS-0001 heavily relies on
Clause 6 and on the Remote Security Provisioning Framework (RSPF) of ETSI TS 118 103 [3] to specify how
the security credentials of ASN/MN and ADN nodes and M2M Applications are established in the M2M
System for the enrolment of the node or M2M Application in the M2M System.
• Specifications for how the ADN and ASN/MN nodes in the Field Domain are managed using external
management technologies in clause 6.2.4 of ETSI TS 118 101 [2].
• Guidance for how the ADN and ASN/MN nodes in the Field Domain can be configured without the support of
external management technologies in clause 8.1.2.
The above clauses in ETSI TS 118 101 [2] assume that, for a M2M Application to operate in the M2M System, all
required information needed to establish M2M Service operation between a Registrar or Hosting CSE and the AE or
CSE in the Field Domain is configured before registration of the AE or CSE to the M2M System.
The present document specifies the additional architectural elements, resources and procedures necessary to configure
ASN/MN and ADN nodes in the Field Domain in order for that device to establish M2M Service Layer operation.
These architectural elements, resources and procedures are in addition to the architectural elements, resources and
procedures already defined in ETSI TS 118 101 [2] and ETSI TS 118 103 [3].
6 Architectural Aspects
6.1 Introduction
The information needed by the remote AE or CSE in the field domain to establish M2M Service Layer operation uses
the architectural aspects of ETSI TS 118 101 [2] in order to convey the information elements to the ASN/MN or ADN
nodes that host the AE or CSE prior to or during M2M Service Layer operation and to the AE or CSE during M2M
Service Layer operation.
ETSI
oneM2M TS-0022 version 2.3.1 Release 2A 9 ETSI TS 118 122 V2.3.1 (2020-03)
Configuration AE
Infrastructure Domain
Mca

IN-CSE
Mcn (ms) Mca
Mcc
Mca
DM Server Configuration IPE
mc
CSE

Mca
unspecified
AE
mc
AE
Field Domain
ADN ASN/MN
mc
Figure 6.1-1: Architectural Aspects for Configuration of ASN/MN and ADN Nodes
Figure 6.1-1 depicts three (3) methods, in which ADN or ASN/MN nodes are configured using the following:
1) Device Management technologies using the mc reference point defined in clause 6 of ETSI TS 118 101 [2].
Using this method, the information that is used to configure the ASN/MN or ADN is described as
resource types that are hosted in the IN-CSE.
2) oneM2M Mcc and Mca reference point when M2M Service Layer operation has been established to the AE or
CSE. Establishment of the M2M Service Layer operation includes actions such as setting up security
associations and registration of the M2M entities as per ETSI TS 118 103 [3] and ETSI TS 118 101 [2].
3) oneM2M IPE technology where the IPE interworks the information exchange between the ADN and ASN/MN
and the IN-CSE. This type of IPE is called a Configuration IPE in order to depict the role and capabilities of
the IPE related to the present document.
NOTE: The reference point between the Configuration IPE and the ADN and ASN/MN is unspecified in the
present document.
In addition, figure 6.1-1 introduces an AE whose role is to configure the IN-CSE and nodes in the Field Domain with
the information needed to establish M2M Service Layer operation. This type of AE is called a Configuration AE in
order to depict the role and capabilities of the AE related to the present document.
The information that is used to configure the ASN/MN or ADN is described as resource types that are
hosted in the IN-CSE.
ETSI
oneM2M TS-0022 version 2.3.1 Release 2A 10 ETSI TS 118 122 V2.3.1 (2020-03)
6.2 Information needed for M2M Service Layer operation
6.2.1 Introduction
The Configuration AE provisions the resource types in the IN-CSE and the IN-CSE then interacts with the
DM Server, ADN or ASN/MN node or Configuration IPE in order to configure the AE or CSE on the nodes.
6.2.2 Information elements required for M2M Service Layer operation
6.2.2.1 Introduction
The ASN/MN and ADN in the Field Domain should support the capability to be configured with the
resource types defined in the present document prior to initial registration with a registrar CSE (enrolment phase).
When the AE or CSE has established M2M Service Layer operation with a Registrar CSE (operational phase), the AE
or CSE shall provide the capability to be configured with the resource types defined in the present
document.
6.2.2.2 M2M Service Layer registration information elements
The information elements used for CSE or AEs to register with a Registrar CSE shall include the following information
which depends on the M2M Service Provider:
• PoA information of Registrar CSE.
• Protocol binding to be used between AE or CSE and the Registrar CSE.
• CSE-ID of the CSE hosted on the ASN/MN.
• AE-ID of an AE hosted on an ASN/MN or ADN.
This set of information elements may be linked to a set of authentication profile information elements (see
clause 6.2.2.4) providing the configuration for security association establishment with the Registrar CSE.
6.2.2.3 Application configuration information elements
In order for an AE to operate, the AE may need to know the resource location within the Hosting CSE to maintain its
resource structure. In addition, for resources that are frequently provided by the AE to the Hosting CSE, the AE may be
configured with information that defines how frequently the AE collects or measures the data as well as the frequency at
which that the data is transmitted to the Hosting CSE.
When the Hosting CSE is not the Registrar CSE of the AE, then this set of information elements may be linked to a set
of authentication profile information elements (see clause 6.2.2.4) providing the configuration for establishing End-to-
End Security of Primitives (ESPrim) with the Hosting CSE.
6.2.2.4 Authentication profile information elements
Authentication profile information elements may be required to establish mutually-authenticated secure
communications.
The applicable security framework is identified via a Security Usage Identifier (SUID). Where the security framework
uses TLS or DTLS, a set of permitted TLS cipher suites may be provided. Then the applicable credentials are identified
- with the allowed type of credentials dictated by the SUID.
A security framework can use a pre-provisioned or remotely provisioned symmetric key for establishing
mutually-authenticated secure communications. In both cases, the identifier for the symmetric key is provided. If a
symmetric key is remotely provisioned, then a Remote Security Provisioning Framework (RSPF) should be used as
described in clause 8.3 of ETSI TS 118 103 [3]. Alternatively, the value of the symmetric key may be configured as an
information element of the authentication profile.
ETSI
oneM2M TS-0022 version 2.3.1 Release 2A 11 ETSI TS 118 122 V2.3.1 (2020-03)
Certificate-based security frameworks may use one or more trust anchor certificates (also known as "root CA
Certificates" or "root of trust certificates"). Information about trust anchor certificates is provided in the child trust
anchor credential information elements (see clause 6.2.2.5) of the authentication profile.
MAF-based security frameworks use a MAF to facilitate establishing a symmetric key to be used for mutual
authentication. The MAF Client registration configuration credential information elements enable a MAF Client to
perform MAF procedures with the MAF.
6.2.2.5 My certificate file credential information elements
A security framework can use a certificate to authenticate the intended security principal in the Managed Entity to other
security principals, as part of establishing mutually-authenticated secure communications. The certificate can be
pre-provisioned or remotely provisioned, as discussed in ETSI TS 118 103 [3]. If a certificate is remotely provisioned,
then a Remote Security Provisioning Framework (RSPF) should be used as described in clause 8.3 of ETSI
TS 118 103 [3], or my certificate file credential information elements may be configured to the Managed Entity as
described in the present document.
My certificate file credential information elements include the media type of file containing the certificate, the file
containing the certificate, and a list of Security Usage Identifiers (SUID) for which the certificate may be used.
6.2.2.6 Trust anchor credential information elements
A security framework can use one or more trust anchor certificates (also known as "root Certificate Authority
certificates" or" root of trust certificates"). These trust anchor certificates are used by a security principal on the
Managed Entity for validating certificates of other security principals as part of establishing mutually-authenticated
secure communications.
The trust anchor credential information elements include a hash-value-based identifier of the trust anchor certificate,
along with a URL from which the trust anchor certificate can be retrieved. The Managed Entity can compute the hash
value for the locally stored trust anchor certificates to determine if there is a match with the hash value in the
information elements. If there is no match for the trust anchor certificates in local storage, then the Managed Entity
retrieves the trust anchor certificate from the URL, and verifies that the hash value of the retrieved trust anchor
certificate is a match for the hash value in the information elements.
6.2.2.7 MAF Client registration configuration information elements
A security framework can use a MAF to establish symmetric key in a security principal in the Managed Entity and one
or more other security principals, with the symmetric key used for establishing mutually-authenticated secure
communications between the security principals. In this case, the security principals are MAF Clients. The security
principal in the Managed Entity shall perform the MAF Client registration procedure, described in clause 8.8.2.3 of
ETSI TS 118 103 [3] before the MAF facilitates establishing the symmetric keys.
The MAF Client registration configuration information elements configure the security principal in the Managed Entity
for the MAF Client registration procedure, as described in clause 8.8.3.2 of ETSI TS 118 103 [3].
6.2.2.8 MEF Client registration configuration information elements
A security framework can use a MEF to provision credentials to a security principal (an MEF Client) in the Managed
Entity for establishing mutually-authenticated secure communications between the security principal and another entity
such as a security principal or MAF or MEF or device management server. The security principal in the Managed Entity
shall perform the MEF Client registration procedure, described in clause 8.3.5.2.3 of ETSI TS 118 103 [3] before the
MEF provisions credentials.
The MEF Client registration configuration information elements configure the security principal in the Managed Entity
for the MEF Client registration procedure, as described in clause 8.3.7.2 of ETSI TS 118 103 [3].
ETSI
oneM2M TS-0022 version 2.3.1 Release 2A 12 ETSI TS 118 122 V2.3.1 (2020-03)
7 Resource type and data format definitions
7.1 Resource type specializations
7.1.1 Introduction
The present clause specifies resource specializations used to configure AEs or CSEs on ADN or ASN/MN
nodes in the Field Domain in order to establish M2M Service Layer operation.
Table 7.1.1-1 shows a summary of resource specializations defined in the present document.
Table 7.1.1-1: Summary of defined resources
mgmtObj mgmtDefinition Intended use Note
Registration 1020 Service Layer Configuration information This is M2M Service Provider
needed to register an AE or CSE with a dependent.
Registrar CSE.
dataCollection 1021 Application Configuration information This is M2M Application
needed to establish collection of data dependent.
within the AE and transmit the data to the
Hosting CSE using and
resource types.
authenticationProfile 1022 Security information needed to establish
mutually-authenticated secure
communications.
myCertFileCred 1023 Configuring a file containing a certificate
and associated information.
trustAnchorCred 1024 Identifies a trust anchor certificate and
provides a URL from which the certificate
can be retrieved. The trust anchor
certificate can be used to validate a
certificate which the Managed Entity uses
to authenticate another entity.
MAFClientRegCfg 1025 Instructions for performing the MAF Client
Registration procedure with a MAF. Links
to an Authentication Profile instance.
MEFClientRegCfg 1026 Instructions for performing the MEF Client
Registration procedure with a MEF. Links
to an Authentication Profile instance.

7.1.2 Resource [registration]
This specialization of is used to convey the service layer configuration information needed to register an
AE or CSE with a Registrar CSE.
ETSI
oneM2M TS-0022 version 2.3.1 Release 2A 13 ETSI TS 118 122 V2.3.1 (2020-03)

Figure 7.1.2-1: Structure of [registration] resource
The [registration] resource shall contain the child resource specified in table 7.1.2-1.
Table 7.1.2-1: Child resources of [registration] resource
Child Resources of [registration] Child Resource Type Multiplicity Description
[variable] 0.n See clause 9.6.8 of ETSI TS 118 101 [2]

ETSI
oneM2M TS-0022 version 2.3.1 Release 2A 14 ETSI TS 118 122 V2.3.1 (2020-03)
The [registration] resource shall contain the attributes specified in table 7.1.2-2.
Table 7.1.2-2: Attributes of [registration] resource
RW/
Attributes of
Multiplicity RO/ Description
[reboot]
WO
resourceType 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
resourceID 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
resourceName 1 WO See clause 9.6.1.3 of ETSI TS 118 101 [2].
parentID 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
expirationTime 1 RW See clause 9.6.1.3 of ETSI TS 118 101 [2].
accessControlPolicyIDs 0.1 (L) RW See clause 9.6.1.3 of ETSI TS 118 101 [2].
creationTime 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
lastModifiedTime 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
labels 0.1(L) RW See clause 9.6.1.3 of ETSI TS 118 101 [2].
mgmtDefinition 1 WO See clause 9.6.15 of ETSI TS 118 101 [2]. This attribute shall
have the fixed value 1020 ("registration").
objectIDs 0.1 (L) RW See clause 9.6.15 of ETSI TS 118 101 [2].
objectPaths 0.1 (L) RW See clause 9.6.15 of ETSI TS 118 101 [2].
description 0.1 RW See clause 9.6.15 of ETSI TS 118 101 [2].
originatorID 0.1 RW CSE-ID of the CSE hosted on the ASN/MN or the AE-ID of an
AE hosted on an ASN/MN or ADN node.
If the setting is for a CSE, then this attribute shall be present.
poA 1 RW The point of access URI of the Registrar CSE. See note.
appID 0.1 RW The App-ID of an AE. This attribute shall only be present when
this resource is used for the registration of an AE.
externalID 0.1 RW The M2M-Ext-ID of the ASN/MN CSE. This attribute can be
present when the originatorID is a CSE-ID and the CSE uses
the dynamic registration defined in clause 7.1.10 Trigger
Recipient Identifier of ETSI TS 118 101 [2].
triggerRecipientID 0.1 RW The Trigger-Recipient-ID of the ASN/MN CSE. This attribute
can be present when the originatorID is a CSE-ID and the CSE
uses the dynamic registration defined in clause 7.1.10 Trigger
Recipient Identifier of ETSI TS 118 101 [2].
mgmtLink 0.1 RW A link to a resource instance containing the
information for establishing a security association with the
Registrar CSE.
NOTE: Protocol binding is determined from the protocol schema in this URI.

7.1.3 Resource [dataCollection]
This specialization of is used to convey the application configuration information needed by an AE to
collect data and then transmit the data to a Hosting CSE.
ETSI
oneM2M TS-0022 version 2.3.1 Release 2A 15 ETSI TS 118 122 V2.3.1 (2020-03)

Figure 7.1.3-1: Structure of [dataCollection] resource
The [dataCollection] resource shall contain the child resource specified in table 7.1.3-1.
Table 7.1.3-1: Child resources of [dataCollection] resource
Child Resources of
Child Resource Type Multiplicity Description
[dataCollection]
[variable] 0.n See clause 9.6.8 of ETSI TS 118 101 [2]

ETSI
oneM2M TS-0022 version 2.3.1 Release 2A 16 ETSI TS 118 122 V2.3.1 (2020-03)
The [dataCollection] resource shall contain the attributes specified in table 7.1.3-2.
Table 7.1.3-2: Attributes of [dataCollection] resource
RW/
Attributes of
Multiplicity RO/ Description
[reboot]
WO
resourceType 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
resourceID 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
resourceName 1 WO See clause 9.6.1.3 of ETSI TS 118 101 [2].
parentID 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
expirationTime 1 RW See clause 9.6.1.3 of ETSI TS 118 101 [2].
accessControlPolicyIDs 0.1 (L) RW See clause 9.6.1.3 of ETSI TS 118 101 [2].
creationTime 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
lastModifiedTime 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
labels 0.1(L) RW See clause 9.6.1.3 of ETSI TS 118 101 [2].
mgmtDefinition 1 WO See clause 9.6.15 of ETSI TS 118 101 [2]. This attribute shall
have the fixed value 1021 ("dataCollection").
objectIDs 0.1 (L) RW See clause 9.6.15 of ETSI TS 118 101 [2].
objectPaths 0.1 (L) RW See clause 9.6.15 of ETSI TS 118 101 [2].
description 0.1 RW See clause 9.6.15 of ETSI TS 118 101 [2].
containerPath 1 RW The URI of the resource in the hosting CSE that
stores the data transmitted by the device.
reportingSchedule 0.1 RW The frequency interval, in seconds, used to transmit the data to
the Hosting CSE.
measurementSchedule 0.1 RW The frequency interval, in seconds, that the device will use to
collect or measure the data.
mgmtLink 0.1 RW A link to a resource instance containing the
information for establishing End-to-End Security of Primitives
(ESPrim) between AE and hosting CSE. ESPrim is specified in
ETSI TS 118 103 [3].
NOTE: The present document does not support configuration for End-to-End Security of Data (ESData)
specified in ETSI TS 118 103 [3].

7.1.4 Resource [authenticationProfile]
The [authenticationProfile] specialization of the is used to convey the configuration information regarding
establishing mutually-authenticated secure communications. The security principal using this configuration information
can be a CSE or AE or the Managed ADN/ASN/MN acting as security principal on behalf of AEs on the Node.
An [authenticationProfile] instance identifies a security framework, TLS cipher suites, and credentials to be used. The
applicable security framework is identified by the SUID attribute. The interpretation of SUID is specified in
table 7.1.4-3.
NOTE 1: The present document does not support using [authenticationProfile] for identifying ESData credentials.
The [authenticationProfile] resource does not include any credentials, but either identifies credentials which are stored
locally on the Managed Entity or identifies an M2M Authentication Function (MAF) which is to be used to facilitate
establishing symmetric keys. The intended security principal on the Managed Entity is the security principal which can
use either all the credentials identified by the [authenticationProfile] resource, or (in the case that a MAF is identified)
all of the credentials required for mutual authentication with the MAF.
NOTE 2: The other security principal can be any of the following: CSE; AE; a Node terminating the security
protocol on behalf of AE on Node; and an M2M Authentication Function (MAF).
ETSI
oneM2M TS-0022 version 2.3.1 Release 2A 17 ETSI TS 118 122 V2.3.1 (2020-03)

Figure 7.1.4-1: Structure of [authenticationProfile]
The [authenticationProfile] resource shall contain the child resource specified in table 7.1.4-1.
Table 7.1.4-1: Child resources of [authenticationProfile] resource
Child Resources of Child Resource
Multiplicity Description
[authenticationProfile] Type
[variable] 0.n See clause 9.6.8 of ETSI TS 118 101 [2]

ETSI
oneM2M TS-0022 version 2.3.1 Release 2A 18 ETSI TS 118 122 V2.3.1 (2020-03)
The [authenticationProfile] resource shall contain the attributes specified in table 7.1.4-2.
Table 7.1.4-2: Attributes of [authenticationProfile] resource
RW/
Attributes of
Multiplicity RO/ Description
[authenticationProfile]
WO
resourceType 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
resourceID 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
resourceName 1 WO See clause 9.6.1.3 of ETSI TS 118 101 [2].
parentID 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
expirationTime 1 RW See clause 9.6.1.3 of ETSI TS 118 101 [2].
accessControlPolicyIDs 0.1 (L) RW See clause 9.6.1.3 of ETSI TS 118 101 [2].
creationTime 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
lastModifiedTime 1 RO See clause 9.6.1.3 of ETSI TS 118 101 [2].
labels 0.1(L) RW See clause 9.6.1.3 of ETSI TS 118 101 [2].
mgmtDefinition 1 WO See clause 9.6.15 of ETSI TS 118 101 [2]. This attribute shall
have the fixed value 1022 ("authenticationProfile").
objectIDs 0.1 (L) RW See clause 9.6.15 of ETSI TS 118 101 [2].
objectPaths 0.1 (L) RW See clause 9.6.15 of ETSI TS 118 101 [2].
description 0.1 RW See clause 9.6.15 of ETSI TS 118 101 [2].
SUID 1 WO Describes how the authentication profile is to be used. Further
details about interpretation of each SUID are specified in
table 7.1.4-3 of the present document.
TLSCiphersuites 0.1(L) RW If the security framework identified by SUID uses TLS, then this
attributes provides a list of allowed TLS cipher suites.
symmKeyID 0.1 WO Present when a symmetric key is to be used for mutual
authentication. Identifier for a symmetric key already stored
locally on the Managed Entity, or to be provisioned to the
Managed Entity
symmKeyValue 0.1 WO Optionally present when a symmetric key is to be used for mutual
authentication. Contains the value of the symmetric key to be
used for mutual authentication.
MAFKeyRegLabels 0.1(L) WO Optionally present when a MAF is to be used to facilitate
establishing a symmetric key for mutual authentication. Provides
the content of the labels parameter in the MAF Key Registration
request; see tabl
...