Broadband Forum TR-369: User Services Platform (USP)
USP Version 1.0-DRAFT-06
Table of Contents
- Discovery and Advertisement
- Message Transfer Protocols
- Message Encoding
- End to End Message Exchange
- Authentication and Authorization
Annex A. HTTP Bulk Data Transfer
Appendix I. Software Module Management
Appendix II. Firmware Management
Appendix III. Device Proxy
The Broadband Forum is a non-profit corporation organized to create guidelines for broadband network system development and deployment. This Working Text is a draft, is subject to change, and has not been approved by members of the Forum. This Working Text is copyrighted by the Broadband Forum, and portions of this Working Text may be copyrighted by Broadband Forum members. This Working Text is for use by Broadband Forum members only. Advance written permission by the Broadband Forum is required for distribution of this Working Text in its entirety or in portions outside the Broadband Forum.
Recipients of this document are requested to submit, with their comments, notification of any relevant patent claims or other intellectual property rights of which they may be aware that might be infringed by any implementation of this Working Text if it were to be adopted as a Technical Report, and to provide supporting documentation.
This Working Text (i) is made available to non-members for internal study purposes only, (ii) may be implemented by Broadband Forum members in a product or service made commercially available, and (iii) may only be copied and distributed internally for the purpose of exercising Broadband Forum membership rights and benefits.
All materials submitted for possible incorporation into Technical Reports or other work product shall be regarded as confidential until such time as the Technical Report or other work product in question is publicly released. In the event that any material, or portion of any material, is not included in the Technical Report or other work product in question, or if such Technical Report or other work product is never publicly released, such material shall remain confidential until such time, if ever, as the submitter makes the same publicly available, or it otherwise becomes publicly disclosed other than by a breach of a Member’s obligations under this Confidentiality Policy. Member representatives shall have access to confidential materials in such manner as may from time to time be provided in Broadband Forum’s procedural rules, and shall not copy or further distribute such materials, except internally, to the extent necessary to exercise their participation rights as Members.
THIS WORKING TEXT IS BEING OFFERED WITHOUT ANY WARRANTY WHATSOEVER, AND IN PARTICULAR, ANY WARRANTY OF NONINFRINGEMENT IS EXPRESSLY DISCLAIMED. ANY USE OF THIS WORKING TEXT SHALL BE MADE ENTIRELY AT THE IMPLEMENTER’S OWN RISK, AND NEITHER THE FORUM, NOR ANY OF ITS MEMBERS OR SUBMITTERS, SHALL HAVE ANY LIABILITY WHATSOEVER TO ANY IMPLEMENTER OR THIRD PARTY FOR ANY DAMAGES OF ANY NATURE WHATSOEVER, DIRECTLY OR INDIRECTLY, ARISING FROM THE USE OF THIS WORKING TEXT.
- Release contains the Final Ballot Candidate specification for the User Services Platform 1.0.
|Barbara Stark||AT&Tfirstname.lastname@example.org||Editor/USP Project Lead|
|Tim Spets||Green Wave Systemsemail@example.com||Editor/USP Project Lead|
|Jason Walls||QA Cafe, LLCfirstname.lastname@example.org||Editor/Broadband User Services Work Area Director|
|John Blackford||Arrisemail@example.com||Editor/Broadband User Services Work Area Director|
|William Lupton||Broadband Forumfirstname.lastname@example.org||BBF Software Architect|
This document describes the architecture, protocol, and data model that builds an intelligent User Services Platform. It is targeted towards application developers, application service providers, CPE vendors, consumer electronics manufacturers, and broadband and mobile network providers who want to expand the value of the end user’s network connection and their connected devices.
The term “connected device” is a broad one, applying to the vast array of network connected CPE, consumer electronics, and computing resources that today’s consumers are using at an increasing rate. With the advent of “smart” platforms (phones, tablets, and wearables) plus the emerging Internet of Things, the number of connected devices the average user or household contains is growing by several orders of magnitude.
In addition, users of the fixed and mobile broadband network are hungry for advanced broadband and intelligent cloud services. As this desire increases, users are turning towards over-the-top providers to consume the entertainment, productivity, and storage applications they want.
These realities have created an opportunity for CE vendors, application developers, and broadband and mobile network providers. These connected devices and services need to be managed, monitored, troubleshot, and controlled in an easy to develop and interoperable way. A unified framework for these is attractive if we want to enable providers, developers, and vendors to create value for the end user. The goal should be to create system for developing, deploying, and supporting these services for end users on the platform created by their connectivity and components, that is, to be able to treat the connected user herself as a platform for applications.
To address this opportunity, use cases supported by USP include:
- Management of IoT devices through re-usable data model objects.
- Allowing the user to interact with their devices and services using customer portals or control points on their own smart devices.
- The ability to have both the application and network service provider manage, troubleshoot, and control different aspects of the services they are responsible for, and enabling provider partnerships.
- Providing a consistent user experience from mobile to home.
- Simple migration from the CPE WAN Management Protocol (CWMP) - commonly known by its document number, “TR-069” - through use of the same data model and data modeling tools.
Purpose and Scope
This document provides the normative requirements and operational description of the User Services Platform (USP). USP is designed for consumer electronics/IoT, home network/gateways, smart Wifi systems, and virtual services (though could theoretically be used for any connected device in many different verticals). It is targeted towards developers, application providers, and network service providers looking to deploy those products.
This document identifies the USP:
- Record structure, syntax, and rules
- Message structure, syntax, and rules
- Bindings that allow specific protocols to carry USP Records in their payloads
- Discovery and advertisement mechanisms
- Security credentials and logic
- Encryption mechanisms
Lastly, USP makes use of and expands the Device:2 Data Model. While particular Objects and parameters necessary to the function of USP are mentioned here, their normative description can be found in that XML document.
References and Terminology
In this specification, several words are used to signify the requirements of the specification. These words are always capitalized. More information can be found be in RFC 2119.
This word, or the term “REQUIRED”, means that the definition is an absolute requirement of the specification.
This phrase means that the definition is an absolute prohibition of the specification.
This word, or the term “RECOMMENDED”, means that there could exist valid reasons in particular circumstances to ignore this item, but the full implications need to be understood and carefully weighed before choosing a different course.
This phrase, or the phrase “NOT RECOMMENDED” means that there could exist valid reasons in particular circumstances when the particular behavior is acceptable or even useful, but the full implications need to be understood and the case carefully weighed before implementing any behavior described with this label.
This word, or the term “OPTIONAL”, means that this item is one of an allowed set of alternatives. An implementation that does not include this option MUST be prepared to inter-operate with another implementation that does include the option.
The following references are of relevance to this Working Text. At the time of publication, the editions indicated were valid. All references are subject to revision; users of this Working Text are therefore encouraged to investigate the possibility of applying the most recent edition of the references listed below.
A list of currently valid Broadband Forum Technical Reports is published at www.broadband-forum.org.
- Broadband Forum TR-181 Issue 2: Device Data Model for TR-069 Endpoints and USP Agents
- Broadband Forum TR-069 Amendment 6: CPE WAN Management Protocol
- Broadband Forum TR-106 Amendment 8: Data Model Template for TR-069 Enabled Devices
- IETF RFC 7228: Terminology for Constrained-Node Networks
- IETF RFC 2136: Dynamic Updates in the Domain Name System
- IETF RFC 3007: Secure Domain Name System Dynamic Update
- IETF RFC 6763: DNS-Based Service Discovery
- IETF RFC 6762: Multicast DNS
- IETF RFC 7252: The Constrained Application Protocol (CoAP)
- IETF RFC 7390: Group Communication for the Constrained Application Protocol (CoAP)
- IETF RFC 4033: DNS Security Introduction and Requirements
- Protocol Buffers v3 Protocol Buffers Mechanism for Serializing Structured Data Version 3
- IEEE Registration Authority
- IETF RFC 4122 A Universally Unique IDentifier (UUID) URN Namespace
- IETF RFC 5290: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
- IETF RFC 6818: Updates to the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
- IETF RFC 2234 Augmented BNF for Syntax Specifications: ABNF
- IETF RFC 3986 Uniform Resource Identifier (URI): Generic Syntax
- IETF RFC 2141 URN Syntax
- IETF RFC 6455 The WebSocket Protocol
- Simple Text Oriented Message Protocol
- The Transport Layer Security (TLS) Protocol Version 1.2
- Datagram Transport Layer Security Version 1.2
The following terminology is used throughout this specification.
An Agent is an Endpoint that exposes Service Elements to one or more Controllers.
A Binding is a means of sending Messages across an underlying Message Transfer Protocol.
The term used to define and refer to an Object-specific Operation in the Agent’s Instantiated or Supported Data Model.
Connection Capabilities are information related to an Endpoint that describe how to communicate with that Endpoint, and provide a very basic idea of what sort of function the Endpoint serves.
User Services Platform
The User Services Platform consists of a data model, architecture, and communications protocol to transform consumer broadband networks into a platform for the development, deployment, and support of broadband enabled applications and services.
A Controller is an Endpoint that manipulates Service Elements through one or more Agents.
Device Type (DT) Definition
A Device Type Definition (DT) is a description of the Service Elements an Agent is able to support, defining its Supported Data Model.
Discovery is the process by which Controllers become aware of Agents and Agents become aware of Controllers.
An Endpoint is a termination point for a Message.
The Endpoint Identifier is a globally unique USP layer identifier of an Endpoint.
End to End Message Exchange
USP feature that allows for message integrity protection through the creation of a session context.
An Error is a Message that contains failure information associated with a Request.
An Event is a set of conditions that, when met, triggers the sending of a Notification.
See also Search Expression
An Expression Component is the part of a Search Expression that gives the matching Parameter criteria for the search. It is comprised of an Expression Parameter followed by an Expression Operator followed by an Expression Constant.
The Expression Constant is the value used to compare against the Expression Component to determine if a search matches a given Object.
The Expression Operator is the operator used to determine how the Expression Component will be evaluated against the Expression Constant, i.e., equals (==), not equals (!=), less than (<), greater than (>), less than or equal (<=), and greater than or equal (>=).
The Expression Parameter is a Parameter relative to the path where an Expression Variable occurs that will be used with the Expression Constant to evaluate the Expression Component.
The Expression Variable is an identifier used to allow relative addressing when building an Expression Component.
Instantiated Data Model
The Instantiated Data Model of an Agent represents the current set of Service Elements (and their state) that are exposed to one or more Controllers.
A term used to identify to an Instance of a Multi-Instance Object (also called a Row of a Table). While all Multi-Instance Objects have an Instance Number that can be used as an Instance Identifier, an Object Instance can also be referenced using that Object’s Unique Key.
An Instance Number is a numeric Instance Identifier assigned by the Agent to instances of Multi-Instance Objects in an Agent’s Instantiated Data Model.
An Instance Path is a Path Name that addresses an Instance of a Multi-Instance Object (also called a Row of a Table). It includes the Object Path followed by an Instance Identifier.
A Message refers to the contents of a USP layer communication including exactly one Message Header and at most one Message Body.
The Message Body is the portion of a Message that contains one of the following: Request, Response, or Error.
The portion of a Message that contains elements that provide information about the message, including the Endpoint Identifier of the sender and receiver, message type, and Message ID elements.
A Message ID is an identifier used to associate a Response or Error with a Request.
Message Transfer Protocol
A Message Transfer Protocol (MTP) is the protocol at a layer below USP that carries a Message, i.e., CoAP.
A Multi-Instance Object refers to an Object that can be created or deleted in the Agent’s Instantiated Data Model. Also called a Table.
A Notification is a Request from an Agent that conveys information about an Event to a Controller that has a Subscription to that event.
An Object refers to a defined type that an Agent represents and exposes. A Service Element may be comprised of one or more Objects and Sub-Objects.
An Object Instance refers to a single instance Object of a type defined by a Multi-Instance Object in the Agent’s Instantiated Data Model. Also called a Row of a Table.
An Object Path is a Path Name that addresses an Object. In the case of Multi-Instance Objects, an Object Path addresses the Object type itself rather than instances of that Object, which are addressed by Instance Paths
A method defined for a particular Service Element that can be invoked with the Operate message.
A Parameter is a variable or attribute of an Object. Parameters have both type and value.
A Parameter Path is a Path Name that addresses a Parameter of an Object or Object Instance.
A Path Name is a fully qualified reference to an Object, Object Instance, or Parameter in an Agent’s instantiated or Supported Data Model.
A Path Reference is a Parameter data type that contains a Path Name to an Object or Parameter that may be automatically followed by using certain Path Name syntax.
The Record is defined as the Message Transfer Protocol (MTP) payload, encapsulating a sequence of datagrams that comprise the Message as well as providing additional metadata needed for providing integrity protection, payload protection and delivery of fragmented Messages.
A Relative Path is the remaining path information necessary to form a Path Name given a parent Object Path. It is used for message efficiency when addressing Path Names.
A Request is a type of Message that either requests the Agent perform some action (create, update, delete, operate, etc.), requests information about an Agent or one or more Service Elements, or acts as a means to deliver Notifications from the Agent to the Controller. A Request usually requires a Response.
A Response is a type of Message that provides return information about the successful processing of a Request.
The term Row refers to an Instance of a Multi-Instance Object in the Agent’s Instantiated Data Model.
A Search Expression is used in a Search Path to apply specified search criteria to address a set of Multi-Instance Objects and/or their Parameters.
A Search Path is a Path Name that contains search criteria for addressing a set of Multi-Instance Objects and/or their Parameters. A Search Path may contain a Search Expression or Wildcard.
A Service Element represents a piece of service functionality that is exposed by an Agent, usually represented by one or more Objects.
An Endpoint that was the sender of a message.
A Subscription is a set of logic that tells an Agent which Notifications to send to a particular Controller.
Supported Data Model
The Supported Data Model of an Agent represents the complete set of Service Elements it is capable of exposing to a Controller. It is defined by the union of all of the Device Type Definitions the Agent exposes to the Controller.
The term Table refers to a Multi-Instance Object in an Agent’s Instantiated or Supported Data Model.
An Endpoint that was the intended receiver of a message.
An intermediary that either (1) ensures the Endpoint ID in all brokered Endpoint’s USP Record
from_id matches the Endpoint ID of those Endpoint’s certificates or credentials, before sending on a USP Record to another Endpoint, or (2) is part of a closed ecosystem that “knows” (certain) Endpoints can be trusted not to spoof the Endpoint ID.
The Unique Key of a Multi-Instance Object is a set of Parameters that uniquely identify the instance of an Object in the Agent’s Instantiated Data Model and can be used as an Instance Identifier.
A Wildcard is used in a Search Path to address all Object Instances of a Multi-Instance Object.
This specification uses the following abbreviations:
|ABNF||Augmented Backus-Naur Form|
|CoAP||Constrained Application Protocol|
|USP||User Services Platform|
|CWMP||CPE WAN Management Protocol|
|DNS||Domain Name Service|
|DNS-SD||Domain Name Service - Service Definition|
|DT||Device Type Definition|
|E2E||End to End (Message Exchange)|
|HMAC||Hash Message Authentication Code|
|HTTP||Hypertext Transport Protocol|
|mDNS||Multicast Domain Name Service|
|IPv4/v6||Internet Protocol (version 4 or version 6)|
|LAN||Local Area Network|
|MAC||Message Authentication Code|
|MTP||Message Transfer Protocol|
|OUI||Organizationally Unique Identifier|
|PSS||Probabilistic Signature Scheme|
|SAR||Segmentation And Reassembly|
|SMM||Software Module Management|
|TLS||Tranport Layer Security|
|URI||Uniform Resource Identifier|
|URL||Uniform Resource Locator|
|UUID||Universally Unique Identifier|
|WAN||Wide Area Network|
The User Services Platform reaches into more and newer connected devices, and expands on the management of physical hardware, including power management. In addition, USP directly enables smart home, smart building, and other smart energy applications.
Any solution that provides a mechanism to manage, monitor, diagnose, and control a connected user’s network, devices, and applications must prioritize security to protect user data and prevent malicious use of the system. This is especially important with certain high-risk smart applications like medicine or emergency services.
However reliable the security of communications protocols, in a platform that enables interoperable components that may or may not be connected with protocols outside the scope of the specification, security must be considered from end-to-end. To realize this, USP contains its own security mechanisms.
Privacy is the right of an individual or group to control or influence what information related to them may be collected, processed, and stored and by whom, and to whom that information may be disclosed.
Assurance of privacy depends on whether stakeholders expect, or are legally required, to have information protected or controlled from certain uses. As with security, the ability for users to control who has access to their data is of primary importance in the world of the connected user, made clear by users as well as regulators.
USP contains rigorous access control and authorization mechanisms to ensure that data is only used by those that have been enabled by the user.