Concise Binary Object Representation (CBOR) Sequences
Universität Bremen TZI
Postfach 330440
Bremen
D-28359
Germany
+49-421-218-63921
cabo@tzi.org
binary format
data interchange format
JSON
This document describes the Concise Binary Object Representation
(CBOR) Sequence format and associated media type
"application/cbor-seq". A CBOR Sequence consists of any number of
encoded CBOR data items, simply concatenated in sequence.
Structured syntax suffixes for media types allow other media types to
build on them and make it explicit that they are built on an existing
media type as their foundation. This specification defines and
registers "+cbor-seq" as a structured syntax suffix for CBOR
Sequences.
Introduction
The Concise Binary Object Representation (CBOR) can be used for serialization of
data in the JSON data model or
in its own, somewhat expanded, data model. When serializing a sequence of
such values, it is sometimes convenient to have a format where these
sequences can simply be concatenated to obtain a serialization of the
concatenated sequence of values or to encode a sequence of values that
might grow at the end by just appending further CBOR data items.
This document describes the concept and format of "CBOR Sequences",
which are composed of zero or more encoded CBOR data items. CBOR
Sequences can be consumed (and produced) incrementally without requiring
a streaming CBOR parser that is able to deliver substructures of a data
item incrementally (or a streaming encoder able to encode from
substructures incrementally).
This document defines and registers the "application/cbor-seq" media
type in the "Media Types" registry along with a Constrained Application
Protocol (CoAP) Content-Format identifier. Media type structured syntax
suffixes were introduced as a
way for a media type to signal that it is based on another media type as
its foundation. CBOR defines
the "+cbor" structured syntax suffix. This document defines and
registers the "+cbor-seq" structured syntax suffix in the "Structured
Syntax Suffix Registry".
Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in BCP 14
when, and only when, they appear in all capitals, as shown here.
In this specification, the term "byte" is used in its now-customary
sense as a synonym for "octet".
CBOR Sequence Format
Formally, a CBOR Sequence is a sequence of bytes that is recursively
defined as either of the following:
- an empty (zero-length) sequence of bytes
- the sequence of bytes making up an encoded CBOR data item
followed by a CBOR Sequence.
In short, concatenating zero or more encoded CBOR data items generates
a CBOR Sequence. (Consequently, concatenating zero or more CBOR
Sequences also results in a CBOR Sequence.)
There is no end-of-sequence indicator. (If one is desired, CBOR
encoding an array of the CBOR data model values being encoded, employing
either a definite or an indefinite length encoding, as a single CBOR
data item may actually be the more appropriate representation.)
CBOR Sequences, unlike JSON Text Sequences , do not use a
marker between items. This is possible because CBOR-encoded data
items are self delimiting and the end can always be calculated. (Note
that, while the early object/array-only form of JSON was
self delimiting as well, this stopped being the case when simple
values such as single numbers were made valid JSON documents.)
Decoding a CBOR Sequence works as follows:
- If the CBOR Sequence is an empty sequence of bytes, the result is an
empty sequence of CBOR data model values.
- Otherwise, one must decode a single CBOR data item from the bytes
of the CBOR Sequence and insert the resulting CBOR data model value at
the start of the result of repeating this decoding process recursively
with the remaining bytes. (A streaming decoder would therefore simply
deliver zero or more CBOR data model values, each as soon as the bytes
making it up are available.)
This means that if any data item in the sequence is not well formed,
it is not possible to reliably decode the rest of the sequence. (An
implementation may be able to recover from some errors in a sequence
of bytes that is almost, but not entirely, a well-formed encoded CBOR
data item. Handling malformed data is outside the scope of this
specification.)
This also means that the CBOR Sequence format can reliably detect
truncation of the bytes making up the last CBOR data item in the
sequence, but it cannot detect entirely missing CBOR data items at the end. A
CBOR Sequence decoder that is used for consuming streaming CBOR Sequence
data may simply pause for more data (e.g., by suspending and later
resuming decoding) in case a truncated final item is being received.
The "+cbor-seq" Structured Syntax Suffix
The use case for the "+cbor-seq" structured syntax suffix is
analogous to that for "+cbor": it SHOULD be used by a
media type when the result of parsing the bytes of the media type
object as a CBOR Sequence is meaningful and is at least
sometimes not just a single CBOR data item. (Without the qualification
at the end, this sentence is trivially true for any +cbor media type,
which of course should continue to use the "+cbor" structured syntax
suffix.)
Applications encountering a "+cbor-seq" media type can then either simply
use generic processing if all they need is a generic view of the CBOR
Sequence or use generic CBOR Sequence tools for
initial parsing and then implement their own specific processing on
top of that generic parsing tool.
Practical Considerations
Specifying CBOR Sequences in Concise Data Definition Language (CDDL)
In Concise Data Definition Language (CDDL) , CBOR Sequences are already supported as contents
of byte strings using the .cborseq control operator () by employing an
array as the controller type:
my-embedded-cbor-seq = bytes .cborseq my-array
my-array = [* my-element]
my-element = my-foo / my-bar
Currently, CDDL does not provide for unadorned CBOR Sequences as a
top-level subject of a specification.
For now, the suggestion is to use an array for the top-level rule, as is used
for the .cborseq control operator, and add English text that
explains that the specification is really about a CBOR Sequence with the
elements of the array:
; This defines an array, the elements of which are to be used
; in a CBOR Sequence:
my-sequence = [* my-element]
my-element = my-foo / my-bar
(Future versions of CDDL may provide a notation for top-level CBOR
Sequences, e.g., by using a group as the top-level rule in a CDDL
specification.)
Diagnostic Notation
CBOR diagnostic notation (see ) or extended
diagnostic notation () also does not provide
for unadorned CBOR Sequences at this time (the latter does provide for
CBOR Sequences embedded in a byte string as per ).
In a similar spirit to the recommendation for CDDL above, this
specification recommends enclosing the CBOR data items in an array.
In a more informal setting, where the boundaries within which the
notation is used are obvious, it is also possible to leave off the
outer brackets for this array, as shown in these two examples:
Note that it is somewhat difficult to discuss zero-length CBOR
Sequences in the latter form.
Optimizing CBOR Sequences for Skipping Elements
In certain applications, being able to efficiently skip an element
without the need for decoding its substructure, or efficiently fanning
out elements to multi-threaded decoding processes, is of the utmost
importance. For these applications, byte strings
(which carry length information in bytes) containing embedded CBOR can
be used as the elements of a CBOR Sequence:
; This defines an array of CBOR byte strings, the elements of which
; are to be used in a CBOR Sequence:
my-sequence = [* my-element]
my-element = bytes .cbor my-element-structure
my-element-structure = my-foo / my-bar
Within limits, this may also enable recovering from elements that
internally are not well formed; the limitation is that the sequence
of byte strings does need to be well formed as such.
Security Considerations
The security considerations of CBOR apply. This format
provides no cryptographic integrity protection of any kind but can be
combined with security specifications such as CBOR Object Signing and
Encryption (COSE) to do so.
(COSE protections can be applied to an entire CBOR Sequence or to each
of the elements of the sequence independently; in the latter case,
additional effort may be required if there is a need to protect the
relationship of the elements in the sequence.)
As usual, decoders must operate on input that is assumed to be
untrusted. This means that decoders MUST fail gracefully in the face
of malicious inputs.
IANA Considerations
Media Type
Media types are registered in the "Media Types" registry
.
IANA has registered the media type for CBOR Sequence,
application/cbor-seq, as follows:
Type name: application
Subtype name: cbor-seq
Required parameters: N/A
Optional parameters: N/A
Encoding considerations: binary
Security considerations: See RFC 8742, .
Interoperability considerations: Described herein.
Published specification: RFC 8742.
Applications that use this media type: Data serialization and deserialization.
Fragment identifier considerations: N/A
Additional information:
- Deprecated alias names for this type: N/A
- Magic number(s): N/A
- File extension(s): N/A
- Macintosh file type code(s): N/A
- Person & email address to contact for further information:
-
cbor@ietf.org
Intended usage: COMMON
Author: Carsten Bormann (cabo@tzi.org)
Change controller: IETF
CoAP Content-Format Registration
IANA has assigned a CoAP Content-Format ID for the media
type "application/cbor-seq", within the "CoAP Content-Formats" subregistry
of the "Constrained RESTful Environments (CoRE) Parameters" registry
, from the "Expert Review" (0-255)
range (). The assigned ID is shown in .
CoAP Content-Format ID
Media type |
Encoding |
ID |
Reference |
application/cbor-seq |
- |
63 |
RFC 8742 |
Structured Syntax Suffix
Structured Syntax Suffixes are registered within the "Structured
Syntax Suffix Registry" maintained at . IANA has
registered the "+cbor-seq" structured syntax suffix in accordance with
as follows:
- Encoding considerations: binary
- Fragment identifier considerations: The syntax and semantics of
fragment identifiers specified for +cbor-seq SHOULD be the same
as that specified for "application/cbor-seq". (At the time of publication of this
document, there is no fragment identification syntax defined for
"application/cbor-seq".)
-
- The syntax and semantics for fragment identifiers for a
specific "xxx/yyy+cbor-seq" SHOULD be processed as follows:
-
- For cases defined in +cbor-seq, if the fragment
identifier resolves per the +cbor-seq rules, then process as
specified in +cbor-seq.
- For cases defined in +cbor-seq, if the fragment
identifier does not resolve per the +cbor-seq rules, then
process as specified in "xxx/yyy+cbor-seq".
- For cases not defined in +cbor-seq, process as
specified in "xxx/yyy+cbor-seq".
- Interoperability considerations: n/a
- Security considerations: See RFC 8742,
- Contact: CBOR WG mailing list (cbor@ietf.org), or any IESG-designated successor.
- Author/Change controller: IETF
References
Normative References
Structured Syntax Suffix Registry
IANA
Constrained RESTful Environments (CoRE) Parameters
IANA
Media Types
IANA
Informative References
Acknowledgements
This document has mostly been generated from by
and by , which do a similar but slightly more
complicated exercise for JSON . raised an
issue on the CBOR mailing list that pointed out the need for this
document. and provided helpful comments.