oc2ls-v1.0-cs02.html

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
<head>
  <meta name="description" content="This document defines OpenC2, a language for command and control of cyber defense.">
  <meta charset="utf-8" />
  <meta name="generator" content="pandoc" />
  <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
  <title>Open Command and Control (OpenC2) Language Specification Version 1.0</title>
  <link rel="stylesheet" href="styles/markdown-styles-v1.7.3.css" />
</head>
<body>
<p><img src="https://docs.oasis-open.org/templates/OASISLogo-v2.0.jpg" alt="OASIS Logo" /></p>
<hr style="page-break-before: avoid" />
<h1big id="open-command-and-control-openc2-language-specification-version-10">Open Command and Control (OpenC2) Language Specification Version 1.0</h1big>
<h2 id="committee-specification-02">Committee Specification 02</h2>
<h2 id="24-november-2019">24 November 2019</h2>
<br />
<h4 id="this-version">This version:</h4>
<p><a href="https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs02/oc2ls-v1.0-cs02.md">https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs02/oc2ls-v1.0-cs02.md</a> (Authoritative) <br />
<a href="https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs02/oc2ls-v1.0-cs02.html">https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs02/oc2ls-v1.0-cs02.html</a> <br />
<a href="https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs02/oc2ls-v1.0-cs02.pdf">https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs02/oc2ls-v1.0-cs02.pdf</a></p>
<h4 id="previous-version">Previous version:</h4>
<p><a href="https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs01/oc2ls-v1.0-cs01.md">https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs01/oc2ls-v1.0-cs01.md</a> (Authoritative) <br />
<a href="https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs01/oc2ls-v1.0-cs01.html">https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs01/oc2ls-v1.0-cs01.html</a> <br />
<a href="https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs01/oc2ls-v1.0-cs01.pdf">https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs01/oc2ls-v1.0-cs01.pdf</a></p>
<h4 id="latest-version">Latest version:</h4>
<p><a href="https://docs.oasis-open.org/openc2/oc2ls/v1.0/oc2ls-v1.0.md">https://docs.oasis-open.org/openc2/oc2ls/v1.0/oc2ls-v1.0.md</a> (Authoritative) <br />
<a href="https://docs.oasis-open.org/openc2/oc2ls/v1.0/oc2ls-v1.0.html">https://docs.oasis-open.org/openc2/oc2ls/v1.0/oc2ls-v1.0.html</a> <br />
<a href="https://docs.oasis-open.org/openc2/oc2ls/v1.0/oc2ls-v1.0.pdf">https://docs.oasis-open.org/openc2/oc2ls/v1.0/oc2ls-v1.0.pdf</a></p>
<h4 id="technical-committee">Technical Committee:</h4>
<p><a href="https://www.oasis-open.org/committees/openc2/">OASIS Open Command and Control (OpenC2) TC</a></p>
<h4 id="chairs">Chairs:</h4>
<p>Joe Brule (<a href="mailto:jmbrule@nsa.gov">jmbrule@nsa.gov</a>), <a href="https://www.nsa.gov/">National Security Agency</a> <br />
Duncan Sparrell (<a href="mailto:duncan@sfractal.com">duncan@sfractal.com</a>), <a href="http://www.sfractal.com/">sFractal Consulting LLC</a></p>
<h4 id="editors">Editors:</h4>
<p>Jason Romano (<a href="mailto:jdroman@nsa.gov">jdroman@nsa.gov</a>), <a href="https://www.nsa.gov/">National Security Agency</a> <br />
Duncan Sparrell (<a href="mailto:duncan@sfractal.com">duncan@sfractal.com</a>), <a href="http://www.sfractal.com/">sFractal Consulting LLC</a></p>
<h4 id="abstract">Abstract:</h4>
<p>Cyberattacks are increasingly sophisticated, less expensive to execute, dynamic and automated. The provision of cyber defense via statically configured products operating in isolation is untenable. Standardized interfaces, protocols and data models will facilitate the integration of the functional blocks within a system and between systems. Open Command and Control (OpenC2) is a concise and extensible language to enable machine-to-machine communications for purposes of command and control of cyber defense components, subsystems and/or systems in a manner that is agnostic of the underlying products, technologies, transport mechanisms or other aspects of the implementation. It should be understood that a language such as OpenC2 is necessary but insufficient to enable coordinated cyber responses that occur within cyber relevant time. Other aspects of coordinated cyber response such as sensing, analytics, and selecting appropriate courses of action are beyond the scope of OpenC2.</p>
<h4 id="status">Status:</h4>
<p>This document was last revised or approved by the OASIS Open Command and Control (OpenC2) TC on the above date. The level of approval is also listed above. Check the "Latest version" location noted above for possible later revisions of this document. Any other numbered Versions and other technical work produced by the Technical Committee (TC) are listed at <a href="https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=openc2#technical">https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=openc2#technical</a>.</p>
<p>TC members should send comments on this specification to the TC's email list. Others should send comments to the TC's public comment list, after subscribing to it by following the instructions at the "Send A Comment" button on the TC's web page at <a href="https://www.oasis-open.org/committees/openc2/">https://www.oasis-open.org/committees/openc2/</a>.</p>
<p>This specification is provided under the <a href="https://www.oasis-open.org/policies-guidelines/ipr#Non-Assertion-Mode">Non-Assertion</a> Mode of the OASIS IPR Policy, the mode chosen when the Technical Committee was established. For information on whether any patents have been disclosed that may be essential to implementing this specification, and any offers of patent licensing terms, please refer to the Intellectual Property Rights section of the TC's web page (<a href="https://www.oasis-open.org/committees/openc2/ipr.php">https://www.oasis-open.org/committees/openc2/ipr.php</a>).</p>
<p>Note that any machine-readable content (<a href="https://www.oasis-open.org/policies-guidelines/tc-process#wpComponentsCompLang">Computer Language Definitions</a>) declared Normative for this Work Product is provided in separate plain text files. In the event of a discrepancy between any such plain text file and display content in the Work Product's prose narrative document(s), the content in the separate plain text file prevails.</p>
<h4 id="citation-format">Citation format:</h4>
<p>When referencing this specification the following citation format should be used:</p>
<p><strong>[OpenC2-Lang-v1.0]</strong></p>
<p><em>Open Command and Control (OpenC2) Language Specification Version 1.0</em>. Edited by Jason Romano and Duncan Sparrell. 24 November 2019. OASIS Committee Specification 02. <a href="https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs02/oc2ls-v1.0-cs02.html">https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs02/oc2ls-v1.0-cs02.html</a>. Latest version: <a href="https://docs.oasis-open.org/openc2/oc2ls/v1.0/oc2ls-v1.0.html">https://docs.oasis-open.org/openc2/oc2ls/v1.0/oc2ls-v1.0.html</a>.</p>
<hr />
<h2 id="notices">Notices</h2>
<p>Copyright © OASIS Open 2019. All Rights Reserved.</p>
<p>All capitalized terms in the following text have the meanings assigned to them in the OASIS Intellectual Property Rights Policy (the "OASIS IPR Policy"). The full <a href="https://www.oasis-open.org/policies-guidelines/ipr">Policy</a> may be found at the OASIS website.</p>
<p>This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published, and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this section are included on all such copies and derivative works. However, this document itself may not be modified in any way, including by removing the copyright notice or references to OASIS, except as needed for the purpose of developing any document or deliverable produced by an OASIS Technical Committee (in which case the rules applicable to copyrights, as set forth in the OASIS IPR Policy, must be followed) or as required to translate it into languages other than English.</p>
<p>The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.</p>
<p>This document and the information contained herein is provided on an "AS IS" basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY OWNERSHIP RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.</p>
<p>OASIS requests that any OASIS Party or any other party that believes it has patent claims that would necessarily be infringed by implementations of this OASIS Committee Specification or OASIS Standard, to notify OASIS TC Administrator and provide an indication of its willingness to grant patent licenses to such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that produced this specification.</p>
<p>OASIS invites any party to contact the OASIS TC Administrator if it is aware of a claim of ownership of any patent claims that would necessarily be infringed by implementations of this specification by a patent holder that is not willing to provide a license to such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that produced this specification. OASIS may include such claims on its website, but disclaims any obligation to do so.</p>
<p>OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS' procedures with respect to rights in any document or deliverable produced by an OASIS Technical Committee can be found on the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this OASIS Committee Specification or OASIS Standard, can be obtained from the OASIS TC Administrator. OASIS makes no representation that any information or list of intellectual property rights will at any time be complete, or that any claims in such list are, in fact, Essential Claims.</p>
<p>The name "OASIS" is a trademark of <a href="https://www.oasis-open.org/">OASIS</a>, the owner and developer of this specification, and should be used only to refer to the organization and its official outputs. OASIS welcomes reference to, and implementation and use of, specifications, while reserving the right to enforce its marks against misleading uses. Please see <a href="https://www.oasis-open.org/policies-guidelines/trademark">https://www.oasis-open.org/policies-guidelines/trademark</a> for above guidance.</p>
<hr />
<h1 id="table-of-contents">Table of Contents</h1>
<ul type="none">
<li><a href="#1-introduction">1 Introduction</a>
<ul type="none">
<li><a href="#11-ipr-policy">1.1 IPR Policy</a></li>
<li><a href="#12-terminology">1.2 Terminology</a></li>
<li><a href="#13-normative-references">1.3 Normative References</a></li>
<li><a href="#14-non-normative-references">1.4 Non-Normative References</a></li>
<li><a href="#15-document-conventions">1.5 Document Conventions</a>
<ul type="none">
<li><a href="#151-naming-conventions">1.5.1 Naming Conventions</a></li>
<li><a href="#152-font-colors-and-style">1.5.2 Font Colors and Style</a></li>
</ul></li>
<li><a href="#16-overview">1.6 Overview</a></li>
<li><a href="#17-goal">1.7 Goal</a></li>
<li><a href="#18-purpose-and-scope">1.8 Purpose and Scope</a></li>
</ul></li>
<li><a href="#2-openc2-language-description">2 OpenC2 Language Description</a>
<ul type="none">
<li><a href="#21-openc2-command">2.1 OpenC2 Command</a></li>
<li><a href="#22-openc2-response">2.2 OpenC2 Response</a></li>
</ul></li>
<li><a href="#3-openc2-language-definition">3 OpenC2 Language Definition</a>
<ul type="none">
<li><a href="#31-base-components-and-structures">3.1 Base Components and Structures</a>
<ul type="none">
<li><a href="#311-data-types">3.1.1 Data Types</a></li>
<li><a href="#312-semantic-value-constraints">3.1.2 Semantic Value Constraints</a></li>
<li><a href="#313-multiplicity">3.1.3 Multiplicity</a></li>
<li><a href="#314-extensions">3.1.4 Extensions</a></li>
<li><a href="#315-serialization">3.1.5 Serialization</a></li>
</ul></li>
<li><a href="#32-message">3.2 Message</a></li>
<li><a href="#33-content">3.3 Content</a>
<ul type="none">
<li><a href="#331-openc2-command">3.3.1 OpenC2 Command</a>
<ul type="none">
<li><a href="#3311-action">3.3.1.1 Action</a></li>
<li><a href="#3312-target">3.3.1.2 Target</a></li>
<li><a href="#3313-actuator">3.3.1.3 Actuator</a></li>
<li><a href="#3314-command-arguments">3.3.1.4 Command Arguments</a></li>
</ul></li>
<li><a href="#332-openc2-response">3.3.2 OpenC2 Response</a>
<ul type="none">
<li><a href="#3321-response-status-code">3.3.2.1 Response Status Code</a></li>
<li><a href="#3322-response-results">3.3.2.2 Response Results</a></li>
</ul></li>
</ul></li>
<li><a href="#34-type-definitions">3.4 Type Definitions</a>
<ul type="none">
<li><a href="#341-target-types">3.4.1 Target Types</a>
<ul type="none">
<li><a href="#3411-artifact">3.4.1.1 Artifact</a></li>
<li><a href="#3412-device">3.4.1.2 Device</a></li>
<li><a href="#3413-domain-name">3.4.1.3 Domain Name</a></li>
<li><a href="#3414-email-address">3.4.1.4 Email Address</a></li>
<li><a href="#3415-features">3.4.1.5 Features</a></li>
<li><a href="#3416-file">3.4.1.6 File</a></li>
<li><a href="#3417-internationalized-domain-name">3.4.1.7 Internationalized Domain Name</a></li>
<li><a href="#3418-internationalized-email-address">3.4.1.8 Internationalized Email Address</a></li>
<li><a href="#3419-ipv4-address-range">3.4.1.9 IPv4 Address Range</a></li>
<li><a href="#34110-ipv4-connection">3.4.1.10 IPv4 Connection</a></li>
<li><a href="#34111-ipv6-address-range">3.4.1.11 IPv6 Address Range</a></li>
<li><a href="#34112-ipv6-connection">3.4.1.12 IPv6 Connection</a></li>
<li><a href="#34113-iri">3.4.1.13 IRI</a></li>
<li><a href="#34114-mac-address">3.4.1.14 MAC Address</a></li>
<li><a href="#34115-process">3.4.1.15 Process</a></li>
<li><a href="#34116-properties">3.4.1.16 Properties</a></li>
<li><a href="#34117-uri">3.4.1.17 URI</a></li>
</ul></li>
<li><a href="#342-data-types">3.4.2 Data Types</a>
<ul type="none">
<li><a href="#3421-action-targets">3.4.2.1 Action-Targets</a></li>
<li><a href="#3422-date-time">3.4.2.2 Date-Time</a></li>
<li><a href="#3423-duration">3.4.2.3 Duration</a></li>
<li><a href="#3424-feature">3.4.2.4 Feature</a></li>
<li><a href="#3425-hashes">3.4.2.5 Hashes</a></li>
<li><a href="#3426-hostname">3.4.2.6 Hostname</a></li>
<li><a href="#3427-internationalized-hostname">3.4.2.7 Internationalized Hostname</a></li>
<li><a href="#3428-ipv4-address">3.4.2.8 IPv4 Address</a></li>
<li><a href="#3429-ipv6-address">3.4.2.9 IPv6 Address</a></li>
<li><a href="#34210-l4-protocol">3.4.2.10 L4 Protocol</a></li>
<li><a href="#34211-message-type">3.4.2.11 Message-Type</a></li>
<li><a href="#34212-namespace-identifier">3.4.2.12 Namespace Identifier</a></li>
<li><a href="#34213-payload">3.4.2.13 Payload</a></li>
<li><a href="#34214-port">3.4.2.14 Port</a></li>
<li><a href="#34215-response-type">3.4.2.15 Response-Type</a></li>
<li><a href="#34216-version">3.4.2.16 Version</a></li>
</ul></li>
</ul></li>
</ul></li>
<li><a href="#4-mandatory-commandsresponses">4 Mandatory Commands/Responses</a>
<ul type="none">
<li><a href="#41-implementation-of-query-features-command">4.1 Implementation of 'query features' Command</a></li>
<li><a href="#42-examples-of-query-features-commands-and-responses">4.2 Examples of 'query features' Commands and Responses</a></li>
</ul></li>
<li><a href="#5-conformance">5 Conformance</a>
<ul type="none">
<li><a href="#51-conformance-clause-1-command">5.1 Conformance Clause 1: Command</a></li>
<li><a href="#52-conformance-clause-2-response">5.2 Conformance Clause 2: Response</a></li>
<li><a href="#53-conformance-clause-3-producer">5.3 Conformance Clause 3: Producer</a></li>
<li><a href="#54-conformance-clause-4-consumer">5.4 Conformance Clause 4: Consumer</a></li>
</ul></li>
<li><a href="#annex-a-examples">Annex A. Examples</a>
<ul type="none">
<li><a href="#a1-example-1">A.1 Example 1</a></li>
<li><a href="#a2-example-2">A.2 Example 2</a></li>
<li><a href="#a3-example-3">A.3 Example 3</a></li>
</ul></li>
<li><a href="#annex-b-acronyms">Annex B. Acronyms</a></li>
<li><a href="#annex-c-design-elements">Annex C. Design Elements</a></li>
<li><a href="#annex-d-revision-history">Annex D. Revision History</a></li>
<li><a href="#annex-e-acknowledgments">Annex E. Acknowledgments</a></li>
</ul>
<hr />
<h1 id="1-introduction">1 Introduction</h1>
<p><em>The content in this section is non-normative, except where it is marked normative.</em></p>
<p>OpenC2 is a suite of specifications that enables command and control of cyber defense systems and components. OpenC2 typically uses a request-response paradigm where a <em>Command</em> is encoded by a <em>Producer</em> (managing application) and transferred to a <em>Consumer</em> (managed device or virtualized function) using a secure transfer protocol, and the Consumer can respond with status and any requested information.</p>
<p>OpenC2 allows the application producing the commands to discover the set of capabilities supported by the managed devices. These capabilities permit the managing application to adjust its behavior to take advantage of the features exposed by the managed device. The capability definitions can be easily extended in a noncentralized manner, allowing standard and non-standard capabilities to be defined with semantic and syntactic rigor.</p>
<h2 id="11-ipr-policy">1.1 IPR Policy</h2>
<p>This specification is provided under the <a href="https://www.oasis-open.org/policies-guidelines/ipr#Non-Assertion-Mode">Non-Assertion</a> Mode of the <a href="https://www.oasis-open.org/policies-guidelines/ipr">OASIS IPR Policy</a>, the mode chosen when the Technical Committee was established. For information on whether any patents have been disclosed that may be essential to implementing this specification, and any offers of patent licensing terms, please refer to the Intellectual Property Rights section of the TC's web page (<a href="https://www.oasis-open.org/committees/openc2/ipr.php">https://www.oasis-open.org/committees/openc2/ipr.php</a>).</p>
<h2 id="12-terminology">1.2 Terminology</h2>
<p><em>This section is normative.</em></p>
<ul>
<li><strong>Action</strong>: The task or activity to be performed (e.g., 'deny').</li>
<li><strong>Actuator</strong>: The function performed by the Consumer that executes the Command (e.g., 'Stateless Packet Filtering').</li>
<li><strong>Argument</strong>: A property of a Command that provides additional information on how to perform the Command, such as date/time, periodicity, duration, etc.</li>
<li><strong>Command</strong>: A Message defined by an Action-Target pair that is sent from a Producer and received by a Consumer.</li>
<li><strong>Consumer</strong>: A managed device / application that receives Commands. Note that a single device / application can have both Consumer and Producer capabilities.</li>
<li><strong>Message</strong>: A content- and transport-independent set of elements conveyed between Consumers and Producers.</li>
<li><strong>Producer</strong>: A manager application that sends Commands.</li>
<li><strong>Response</strong>: A Message from a Consumer to a Producer acknowledging a Command or returning the requested resources or status to a previously received Command.</li>
<li><strong>Specifier</strong>: A property or field that identifies a Target or Actuator to some level of precision.</li>
<li><strong>Target</strong>: The object of the Action, i.e., the Action is performed on the Target (e.g., IP Address).</li>
</ul>
<p>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [<a href="#rfc2119">RFC2119</a>] and [<a href="#rfc8174">RFC8174</a>] when, and only when, they appear in all capitals, as shown here.</p>
<h2 id="13-normative-references">1.3 Normative References</h2>
<h6 id="openc2-https-v10">[OpenC2-HTTPS-v1.0]</h6>
<p><em>Specification for Transfer of OpenC2 Messages via HTTPS Version 1.0</em>. Edited by David Lemire. Latest version: <a href="http://docs.oasis-open.org/openc2/open-impl-https/v1.0/open-impl-https-v1.0.html">http://docs.oasis-open.org/openc2/open-impl-https/v1.0/open-impl-https-v1.0.html</a></p>
<h6 id="openc2-slpf-v10">[OpenC2-SLPF-v1.0]</h6>
<p><em>Open Command and Control (OpenC2) Profile for Stateless Packet Filtering Version 1.0</em>. Edited by Joe Brule, Duncan Sparrell, and Alex Everett. Latest version: <a href="http://docs.oasis-open.org/openc2/oc2slpf/v1.0/oc2slpf-v1.0.html">http://docs.oasis-open.org/openc2/oc2slpf/v1.0/oc2slpf-v1.0.html</a></p>
<h6 id="rfc0768">[RFC0768]</h6>
<p>Postel, J., "User Datagram Protocol", STD 6, RFC 768, DOI 10.17487/RFC0768, August 1980, <a href="https://www.rfc-editor.org/info/rfc768">https://www.rfc-editor.org/info/rfc768</a>.</p>
<h6 id="rfc0791">[RFC0791]</h6>
<p>Postel, J., "Internet Protocol", STD 5, RFC 791, DOI 10.17487/RFC0791, September 1981, <a href="https://www.rfc-editor.org/info/rfc791">https://www.rfc-editor.org/info/rfc791</a>.</p>
<h6 id="rfc0792">[RFC0792]</h6>
<p>Postel, J., "Internet Control Message Protocol", STD 5, RFC 792, DOI 10.17487/RFC0792, September 1981, <a href="https://www.rfc-editor.org/info/rfc792">https://www.rfc-editor.org/info/rfc792</a>.</p>
<h6 id="rfc0793">[RFC0793]</h6>
<p>Postel, J., "Transmission Control Protocol", STD 7, RFC 793, DOI 10.17487/RFC0793, September 1981, <a href="https://www.rfc-editor.org/info/rfc793">https://www.rfc-editor.org/info/rfc793</a>.</p>
<h6 id="rfc1034">[RFC1034]</h6>
<p>Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987, <a href="https://www.rfc-editor.org/info/rfc1034">https://www.rfc-editor.org/info/rfc1034</a>.</p>
<h6 id="rfc1123">[RFC1123]</h6>
<p>Braden, R., Ed., "Requirements for Internet Hosts - Application and Support", STD 3, RFC 1123, DOI 10.17487/RFC1123, October 1989, <a href="https://www.rfc-editor.org/info/rfc1123">https://www.rfc-editor.org/info/rfc1123</a>.</p>
<h6 id="rfc1321">[RFC1321]</h6>
<p>Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, DOI 10.17487/RFC1321, April 1992, <a href="https://www.rfc-editor.org/info/rfc1321">https://www.rfc-editor.org/info/rfc1321</a>.</p>
<h6 id="rfc2119">[RFC2119]</h6>
<p>Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <a href="https://www.rfc-editor.org/info/rfc2119">https://www.rfc-editor.org/info/rfc2119</a>.</p>
<h6 id="rfc2673">[RFC2673]</h6>
<p>Crawford, M., <em>"Binary Labels in the Domain Name System"</em>, RFC 2673, August 1999, <a href="https://tools.ietf.org/html/rfc2673">https://tools.ietf.org/html/rfc2673</a></p>
<h6 id="rfc3986">[RFC3986]</h6>
<p>Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, DOI 10.17487/RFC3986, January 2005, <a href="https://www.rfc-editor.org/info/rfc3986">https://www.rfc-editor.org/info/rfc3986</a>.</p>
<h6 id="rfc3987">[RFC3987]</h6>
<p>Duerst, M. and M. Suignard, "Internationalized Resource Identifiers (IRIs)", RFC 3987, DOI 10.17487/RFC3987, January 2005, <a href="https://www.rfc-editor.org/info/rfc3987">https://www.rfc-editor.org/info/rfc3987</a>.</p>
<h6 id="rfc4122">[RFC4122]</h6>
<p>Leach, P., Mealling, M., and R. Salz, "A Universally Unique IDentifier (UUID) URN Namespace", RFC 4122, DOI 10.17487/RFC4122, July 2005, <a href="https://www.rfc-editor.org/info/rfc4122">https://www.rfc-editor.org/info/rfc4122</a>.</p>
<h6 id="rfc4291">[RFC4291]</h6>
<p>Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, DOI 10.17487/RFC4291, February 2006, <a href="https://www.rfc-editor.org/info/rfc4291">https://www.rfc-editor.org/info/rfc4291</a>.</p>
<h6 id="rfc4632">[RFC4632]</h6>
<p>Fuller, V. and T. Li, "Classless Inter-domain Routing (CIDR): The Internet Address Assignment and Aggregation Plan", BCP 122, RFC 4632, DOI 10.17487/RFC4632, August 2006, <a href="https://www.rfc-editor.org/info/rfc4632">https://www.rfc-editor.org/info/rfc4632</a>.</p>
<h6 id="rfc4648">[RFC4648]</h6>
<p>Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006, <a href="https://www.rfc-editor.org/info/rfc4648">https://www.rfc-editor.org/info/rfc4648</a>.</p>
<h6 id="rfc4960">[RFC4960]</h6>
<p>Stewart, R., Ed., "Stream Control Transmission Protocol", RFC 4960, DOI 10.17487/RFC4960, September 2007, <a href="https://www.rfc-editor.org/info/rfc4960">https://www.rfc-editor.org/info/rfc4960</a>.</p>
<h6 id="rfc5237">[RFC5237]</h6>
<p>Arkko, J. and S. Bradner, "IANA Allocation Guidelines for the Protocol Field", BCP 37, RFC 5237, DOI 10.17487/RFC5237, February 2008, <a href="https://www.rfc-editor.org/info/rfc5237">https://www.rfc-editor.org/info/rfc5237</a>.</p>
<h6 id="rfc5322">[RFC5322]</h6>
<p>Resnick, P., Ed., "Internet Message Format", RFC 5322, DOI 10.17487/RFC5322, October 2008, <a href="https://www.rfc-editor.org/info/rfc5322">https://www.rfc-editor.org/info/rfc5322</a>.</p>
<h6 id="rfc5890">[RFC5890]</h6>
<p>Klensin, J., "Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework", RFC 5890, DOI 10.17487/RFC5890, August 2010, <a href="https://www.rfc-editor.org/info/rfc5890">https://www.rfc-editor.org/info/rfc5890</a>.</p>
<h6 id="rfc5952">[RFC5952]</h6>
<p>Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 Address Text Representation", RFC 5952, DOI 10.17487/RFC5952, August 2010, <a href="https://www.rfc-editor.org/info/rfc5952">https://www.rfc-editor.org/info/rfc5952</a>.</p>
<h6 id="rfc6234">[RFC6234]</h6>
<p>Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)", RFC 6234, DOI 10.17487/RFC6234, May 2011, <a href="https://www.rfc-editor.org/info/rfc6234">https://www.rfc-editor.org/info/rfc6234</a>.</p>
<h6 id="rfc6335">[RFC6335]</h6>
<p>Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S. Cheshire, "Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service Name and Transport Protocol Port Number Registry", BCP 165, RFC 6335, DOI 10.17487/RFC6335, August 2011, <a href="https://www.rfc-editor.org/info/rfc6335">https://www.rfc-editor.org/info/rfc6335</a>.</p>
<h6 id="rfc6531">[RFC6531]</h6>
<p>Yao, J. and W. Mao, "SMTP Extension for Internationalized Email", RFC 6531, DOI 10.17487/RFC6531, February 2012, <a href="https://www.rfc-editor.org/info/rfc6531">https://www.rfc-editor.org/info/rfc6531</a>.</p>
<h6 id="rfc6838">[RFC6838]</h6>
<p>Freed, N., Klensin, J., and T. Hansen, "Media Type Specifications and Registration Procedures", BCP 13, RFC 6838, DOI 10.17487/RFC6838, January 2013, <a href="https://www.rfc-editor.org/info/rfc6838">https://www.rfc-editor.org/info/rfc6838</a>.</p>
<h6 id="rfc7493">[RFC7493]</h6>
<p>Bray, T., Ed., "The I-JSON Message Format", RFC 7493, DOI 10.17487/RFC7493, March 2015, <a href="https://www.rfc-editor.org/info/rfc7493">https://www.rfc-editor.org/info/rfc7493</a>.</p>
<h6 id="rfc8174">[RFC8174]</h6>
<p>Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <a href="https://www.rfc-editor.org/info/rfc8174">https://www.rfc-editor.org/info/rfc8174</a>.</p>
<h6 id="rfc8200">[RFC8200]</h6>
<p>Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", STD 86, RFC 8200, DOI 10.17487/RFC8200, July 2017, <a href="https://www.rfc-editor.org/info/rfc8200">https://www.rfc-editor.org/info/rfc8200</a>.</p>
<h6 id="rfc8259">[RFC8259]</h6>
<p>Bray, T., Ed., "The JavaScript Object Notation (JSON) Data Interchange Format", STD 90, RFC 8259, DOI 10.17487/RFC8259, December 2017, <a href="https://www.rfc-editor.org/info/rfc8259">https://www.rfc-editor.org/info/rfc8259</a>.</p>
<h6 id="eui">[EUI]</h6>
<p>"IEEE Registration Authority Guidelines for use of EUI, OUI, and CID", IEEE, August 2017, <a href="https://standards.ieee.org/content/dam/ieee-standards/standards/web/documents/tutorials/eui.pdf">https://standards.ieee.org/content/dam/ieee-standards/standards/web/documents/tutorials/eui.pdf</a></p>
<h2 id="14-non-normative-references">1.4 Non-Normative References</h2>
<h6 id="iacd">[IACD]</h6>
<p>M. J. Herring, K. D. Willett, "Active Cyber Defense: A Vision for Real-Time Cyber Defense," Journal of Information Warfare, vol. 13, Issue 2, p. 80, April 2014.<a href="https://www.semanticscholar.org/paper/Active-Cyber-Defense-%3A-A-Vision-for-Real-Time-Cyber-Herring-Willett/7c128468ae42584f282578b86439dbe9e8c904a8">https://www.semanticscholar.org/paper/Active-Cyber-Defense-%3A-A-Vision-for-Real-Time-Cyber-Herring-Willett/7c128468ae42584f282578b86439dbe9e8c904a8</a>.<br><br>Willett, Keith D., "Integrated Adaptive Cyberspace Defense: Secure Orchestration", International Command and Control Research and Technology Symposium, June 2015 <a href="https://www.semanticscholar.org/paper/Integrated-Adaptive-Cyberspace-Defense-%3A-Secure-by-Willett/a22881b8a046e7eab11acf647d530c2a3b03b762">https://www.semanticscholar.org/paper/Integrated-Adaptive-Cyberspace-Defense-%3A-Secure-by-Willett/a22881b8a046e7eab11acf647d530c2a3b03b762</a>.</p>
<h6 id="uml">[UML]</h6>
<p>"UML Multiplicity and Collections", <a href="https://www.uml-diagrams.org/multiplicity.html">https://www.uml-diagrams.org/multiplicity.html</a></p>
<h2 id="15-document-conventions">1.5 Document Conventions</h2>
<h3 id="151-naming-conventions">1.5.1 Naming Conventions</h3>
<ul>
<li><a href="#rfc2119">[RFC2119]</a>/<a href="#rfc8174">[RFC8174]</a> key words (see <a href="#12-terminology">Section 1.2</a>) are in all uppercase.</li>
<li>All property names and literals are in lowercase, except when referencing canonical names defined in another standard (e.g., literal values from an IANA registry).</li>
<li>All type names begin with an uppercase character.</li>
<li>Property names and type names are between 1 and 32 characters long.</li>
<li>Words in property names are separated with an underscore (_), while words in type names are separated with a hyphen (-).</li>
<li>"Underscore" refers to Unicode "low line", U+005F; "hyphen" refers to Unicode "hyphen-minus", U+002D.</li>
</ul>
<h3 id="152-font-colors-and-style">1.5.2 Font Colors and Style</h3>
<p>The following color, font and font style conventions are used in this document:</p>
<ul>
<li>A fixed width font is used for all type names, property names, and literals.</li>
<li>Property names are in bold style – <strong>'created_at'</strong>.</li>
<li>All examples in this document are expressed in JSON. They are in fixed width font, with straight quotes, black text and a light shaded background, and 4-space indentation. JSON examples in this document are representations of JSON Objects. They should not be interpreted as string literals. The ordering of object keys is insignificant. Whitespace before or after JSON structural characters in the examples are insignificant <a href="#rfc8259">[RFC8259]</a>.</li>
<li>Parts of the example may be omitted for conciseness and clarity. These omitted parts are denoted with ellipses (...).</li>
</ul>
<p>Example:</p>
<div class="sourceCode" id="cb1"><pre class="sourceCode json"><code class="sourceCode json"><a class="sourceLine" id="cb1-1" title="1"><span class="fu">{</span></a>
<a class="sourceLine" id="cb1-2" title="2">    <span class="dt">&quot;action&quot;</span><span class="fu">:</span> <span class="st">&quot;deny&quot;</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb1-3" title="3">    <span class="dt">&quot;target&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb1-4" title="4">        <span class="dt">&quot;file&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb1-5" title="5">            <span class="dt">&quot;hashes&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb1-6" title="6">                <span class="dt">&quot;sha256&quot;</span><span class="fu">:</span> <span class="st">&quot;22fe72a34f006ea67d26bb7004e2b6941b5c3953d43ae7ec24d41b1a928a6973&quot;</span></a>
<a class="sourceLine" id="cb1-7" title="7">            <span class="fu">}</span></a>
<a class="sourceLine" id="cb1-8" title="8">        <span class="fu">}</span></a>
<a class="sourceLine" id="cb1-9" title="9">    <span class="fu">}</span></a>
<a class="sourceLine" id="cb1-10" title="10"><span class="fu">}</span></a></code></pre></div>
<h2 id="16-overview">1.6 Overview</h2>
<p>In general, there are two types of participants involved in the exchange of OpenC2 Messages, as depicted in Figure 1-1:</p>
<ol>
<li><strong>Producers</strong>: A Producer is an entity that creates Commands to provide instruction to one or more systems to act in accordance with the content of the Command. A Producer may receive and process Responses in conjunction with a Command.</li>
<li><strong>Consumers</strong>: A Consumer is an entity that receives and may act upon a Command. A Consumer may create Responses that provide any information captured or necessary to send back to the Producer.</li>
</ol>
<p><img src="images/image_1.png" alt="OpenC2 Message Exchange" width="650" /></p>
<p><strong>Figure 1-1. OpenC2 Message Exchange</strong></p>
<p>OpenC2 is a suite of specifications for Producers and Consumers to command and execute cyber defense functions. These specifications include the OpenC2 Language Specification, Actuator Profiles, and Transfer Specifications. The OpenC2 Language Specification and Actuator Profile specifications focus on the language content and meaning at the Producer and Consumer of the Command and Response while the transfer specifications focus on the protocols for their exchange.</p>
<ul>
<li>The <strong>OpenC2 Language Specification</strong> (this document) provides the semantics for the essential elements of the language, the structure for Commands and Responses, and the schema that defines the proper syntax for the language elements that represents the Command or Response.</li>
<li><strong>OpenC2 Actuator Profiles</strong> specify the subset of the OpenC2 language relevant in the context of specific Actuator functions. Cyber defense components, devices, systems and/or instances may (in fact are likely to) implement multiple Actuator profiles. Actuator profiles extend the language by defining Specifiers that identify the Actuator to the required level of precision. Actuator Profiles may define Command Arguments and Targets that are relevant and/or unique to those Actuator functions.</li>
<li><strong>OpenC2 Transfer Specifications</strong> utilize existing protocols and standards to implement OpenC2 in specific environments. These standards are used for communications and security functions beyond the scope of the language, such as message transfer encoding, authentication, and end-to-end transport of OpenC2 Messages.</li>
</ul>
<p>The OpenC2 Language Specification defines a language used to compose Messages for command and control of cyber defense systems and components. A Message consists of a header and a payload (<em>defined</em> as a Message body in the OpenC2 Language Specification Version 1.0 and <em>specified</em> in one or more Actuator profiles).</p>
<p>The language defines two payload structures:</p>
<ol>
<li><strong>Command</strong>: An instruction from one system known as the Producer, to one or more systems, the Consumer(s), to act on the content of the Command.</li>
<li><strong>Response</strong>: Any information sent back to the Producer as a result of the Command.</li>
</ol>
<p>OpenC2 implementations integrate the related OpenC2 specifications described above with related industry specifications, protocols, and standards. Figure 1-2 depicts the relationships among OpenC2 specifications, and their relationships to other industry standards and environment-specific implementations of OpenC2. Note that the layering of implementation aspects in the diagram is notional, and not intended to preclude any particular approach to implementing the needed functionality (for example, the use of an application-layer message signature function to provide message source authentication and integrity).</p>
<p><img src="images/image_2.png" alt="OpenC2 Documentation and Layering Model" width="650" /></p>
<p><strong>Figure 1-2. OpenC2 Documentation and Layering Model</strong></p>
<p>OpenC2 is conceptually partitioned into four layers as shown in Table 1-1.</p>
<p><strong>Table 1-1. OpenC2 Protocol Layers</strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Layer</th>
<th style="text-align: left;">Examples</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;">Function-Specific Content</td>
<td style="text-align: left;">Actuator Profiles<br>(<a href="#openc2-slpf-v10">[OpenC2-SLPF-v1.0]</a>, ...)</td>
</tr>
<tr class="even">
<td style="text-align: left;">Common Content</td>
<td style="text-align: left;">Language Specification<br>(this document)</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Message</td>
<td style="text-align: left;">Transfer Specifications<br>(<a href="#openc2-https-v10">[OpenC2-HTTPS-v1.0]</a>, OpenC2-over-CoAP, ...)</td>
</tr>
<tr class="even">
<td style="text-align: left;">Secure Transport</td>
<td style="text-align: left;">HTTPS, CoAP, MQTT, OpenDXL, ...</td>
</tr>
</tbody>
</table>
<ul>
<li>The <strong>Secure Transport</strong> layer provides a communication path between the Producer and the Consumer. OpenC2 can be layered over any standard transport protocol.</li>
<li>The <strong>Message</strong> layer provides a transfer- and content-independent mechanism for conveying Messages. A transfer specification maps transfer-specific protocol elements to a transfer-independent set of message elements consisting of content and associated metadata.</li>
<li>The <strong>Common Content</strong> layer defines the structure of Commands and Responses and a set of common language elements used to construct them.</li>
<li>The <strong>Function-specific Content</strong> layer defines the language elements used to support a particular cyber defense function. An Actuator profile defines the implementation conformance requirements for that function. Producers and Consumers will support one or more profiles.</li>
</ul>
<p>The components of a Command are an Action (what is to be done), a Target (what is being acted upon), an optional Actuator (what is performing the command), and Command Arguments, which influence how the Command is to be performed. An Action coupled with a Target is sufficient to describe a complete Command. Though optional, the inclusion of an Actuator and/or Command Arguments provides additional precision to a Command.</p>
<p>The components of a Response are a numerical status code, an optional status text string, and optional results. The format of the results, if included, depend on the type of Response being transferred.</p>
<h2 id="17-goal">1.7 Goal</h2>
<p>The goal of the OpenC2 Language Specification is to provide a language for interoperating between functional elements of cyber defense systems. This language used in conjunction with OpenC2 Actuator Profiles and OpenC2 Transfer Specifications allows for vendor-agnostic cybertime response to attacks.</p>
<p>The Integrated Adaptive Cyber Defense (IACD) framework defines a collection of activities, based on the traditional OODA (Observe–Orient–Decide–Act) Loop <a href="#iacd">[IACD]</a>:</p>
<ul>
<li>Sensing: gathering of data regarding system activities</li>
<li>Sense Making: evaluating data using analytics to understand what's happening</li>
<li>Decision Making: determining a course-of-action to respond to system events</li>
<li>Acting: Executing the course-of-action</li>
</ul>
<p>The goal of OpenC2 is to enable coordinated defense in cyber-relevant time between decoupled blocks that perform cyber defense functions. OpenC2 focuses on the Acting portion of the IACD framework; the assumption that underlies the design of OpenC2 is that the sensing/analytics have been provisioned and the decision to act has been made. This goal and these assumptions guide the design of OpenC2:</p>
<ul>
<li><strong>Technology Agnostic:</strong> The OpenC2 language defines a set of abstract atomic cyber defense actions in a platform and implementation agnostic manner</li>
<li><strong>Concise:</strong> A Command is intended to convey only the essential information required to describe the action required and can be represented in a very compact form for communications-constrained environments</li>
<li><strong>Abstract:</strong> Commands and Responses are defined abstractly and can be encoded and transferred via multiple schemes as dictated by the needs of different implementation environments</li>
<li><strong>Extensible:</strong> While OpenC2 defines a core set of Actions and Targets for cyber defense, the language is expected to evolve with cyber defense technologies, and permits extensions to accommodate new cyber defense technologies.</li>
</ul>
<h2 id="18-purpose-and-scope">1.8 Purpose and Scope</h2>
<p>The OpenC2 Language Specification defines the set of components to assemble a complete command and control Message and provides a framework so that the language can be extended. To achieve this purpose, the scope of this specification includes:</p>
<ol>
<li>the set of Actions and options that may be used in Commands</li>
<li>the set of Targets and Target Specifiers</li>
<li>a syntax that defines the structure of Commands and Responses</li>
<li>a JSON serialization of Commands and Responses</li>
<li>the procedures for extending the language</li>
</ol>
<p>The OpenC2 language assumes that the event has been detected, a decision to act has been made, the act is warranted, and the initiator and recipient of the Commands are authenticated and authorized. The OpenC2 language was designed to be agnostic of the other aspects of cyber defense implementations that realize these assumptions. The following items are beyond the scope of this specification:</p>
<ol>
<li>Language elements applicable to some Actuators, which may be defined in individual Actuator profiles.</li>
<li>Alternate serializations of Commands and Responses.</li>
<li>The enumeration of the protocols required for transport, information assurance, sensing, analytics and other external dependencies.</li>
</ol>
<hr />
<h1 id="2-openc2-language-description">2 OpenC2 Language Description</h1>
<p><em>The content in this section is non-normative.</em></p>
<p>The OpenC2 language has two distinct content types: Command and Response. The Command is sent from a Producer to a Consumer and describes an Action to be performed by an Actuator on a Target. The Response is sent from a Consumer, usually back to the Producer, and is a means to provide information (such as acknowledgment, status, etc.) as a result of a Command.</p>
<h2 id="21-openc2-command">2.1 OpenC2 Command</h2>
<p>The Command describes an Action to be performed on a Target and may include information identifying the Actuator or Actuators that are to execute the Command.</p>
<p>A Command has four main components, two required and two optional. The required components are the Action and the Target. The optional components are Command Arguments and the Actuator. A Command can also contain an optional Command identifier, if necessary. <a href="#331-openc2-command">Section 3.3.1</a> defines the syntax of an OpenC2 Command.</p>
<p>The following list summarizes the main four components of a Command.</p>
<ul>
<li><strong>Action</strong> (required): The task or activity to be performed.</li>
<li><strong>Target</strong> (required): The object of the action. The Action is performed on the Target. Properties of the Target, called Target Specifiers, further identify the Target to some level of precision, such as a specific Target, a list of Targets, or a class of Targets.</li>
<li><strong>Arguments</strong> (optional): Provide additional information on how the command is to be performed, such as date/time, periodicity, duration, etc.</li>
<li><strong>Actuator</strong> (optional): The Actuator executes the Command. The Actuator will be defined within the context of an Actuator Profile. Properties of the Actuator, called Actuator Specifiers, further identify the Actuator to some level of precision, such as a specific Actuator, a list of Actuators, or a group of Actuators.</li>
</ul>
<p>The Action and Target components are required and are populated by one of the Actions in <a href="#3311-action">Section 3.3.1.1</a> and the Targets in <a href="#3312-target">Section 3.3.1.2</a>. A particular Target may be further refined by the Target type definitions in <a href="#341-target-types">Section 3.4.1</a>. Procedures to extend the Targets are described in <a href="#314-extensions">Section 3.1.4</a>.</p>
<p>Command Arguments, if present, influence the Command by providing information such as timing, periodicity, duration, or other details on what is to be executed. They can also be used to convey the need for acknowledgment or additional status information about the execution of a Command. The valid Arguments defined in this specification are in <a href="#3314-command-arguments">Section 3.3.1.4</a>. Procedures to extend Arguments are described in <a href="#314-extensions">Section 3.1.4</a>.</p>
<p>An Actuator is an implementation of a cyber defense function that executes the Command. An Actuator Profile is a specification that identifies the subset of Actions, Targets and other aspects of this language specification that are required or optional in the context of a particular Actuator. An Actuator Profile may extend the language by defining additional Targets, Arguments, and Actuator Specifiers that are meaningful and possibly unique to the Actuator.</p>
<p>The Actuator may be omitted from a Command and typically will not be included in implementations where the identities of the endpoints are unambiguous or when a high-level effects-based Command is desired and the tactical decisions on how the effect is achieved is left to the recipient.</p>
<h2 id="22-openc2-response">2.2 OpenC2 Response</h2>
<p>The Response is a Message sent from the recipient of a Command. Response messages provide acknowledgment, status, results from a query, or other information. At a minimum, a Response will contain a status code to indicate the result of performing the Command. Additional status text and response fields optionally provide more detailed information that is specific to or requested by the Command. <a href="#332-openc2-response">Section 3.3.2</a> defines the syntax of an OpenC2 Response.</p>
<hr />
<h1 id="3-openc2-language-definition">3 OpenC2 Language Definition</h1>
<p><em>The content in this section is normative.</em></p>
<h2 id="31-base-components-and-structures">3.1 Base Components and Structures</h2>
<h3 id="311-data-types">3.1.1 Data Types</h3>
<p>OpenC2 data types are defined using an abstract notation that is independent of both their representation within applications ("<strong>API</strong>" values) and their format for transmission between applications ("<strong>serialized</strong>" values). The data types used in OpenC2 Messages are:</p>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>Primitive Types</strong></td>
<td style="text-align: left;"></td>
</tr>
<tr class="even">
<td style="text-align: left;">Any</td>
<td style="text-align: left;">Anything, used to designate fields with an unspecified value.</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Binary</td>
<td style="text-align: left;">A sequence of octets. Length is the number of octets.</td>
</tr>
<tr class="even">
<td style="text-align: left;">Boolean</td>
<td style="text-align: left;">An element with one of two values: <code>true</code> and <code>false</code>.</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Integer</td>
<td style="text-align: left;">A whole number.</td>
</tr>
<tr class="even">
<td style="text-align: left;">Number</td>
<td style="text-align: left;">A real number.</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Null</td>
<td style="text-align: left;">Nothing, used to designate fields with no value.</td>
</tr>
<tr class="even">
<td style="text-align: left;">String</td>
<td style="text-align: left;">A sequence of characters, each of which has a Unicode codepoint. Length is the number of characters.</td>
</tr>
<tr class="odd">
<td style="text-align: left;"><strong>Structures</strong></td>
<td style="text-align: left;"></td>
</tr>
<tr class="even">
<td style="text-align: left;">Array</td>
<td style="text-align: left;">An ordered list of unnamed fields with positionally-defined semantics. Each field has a position, label, and type.</td>
</tr>
<tr class="odd">
<td style="text-align: left;">ArrayOf(<em>vtype</em>)</td>
<td style="text-align: left;">An ordered list of fields with the same semantics. Each field has a position and type <em>vtype</em>.</td>
</tr>
<tr class="even">
<td style="text-align: left;">Choice</td>
<td style="text-align: left;">One field selected from a set of named fields. The API value has a name and a type.</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Choice.ID</td>
<td style="text-align: left;">One field selected from a set of fields. The API value has an id and a type.</td>
</tr>
<tr class="even">
<td style="text-align: left;">Enumerated</td>
<td style="text-align: left;">A set of named integral constants. The API value is a name.</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Enumerated.ID</td>
<td style="text-align: left;">A set of unnamed integral constants. The API value is an id.</td>
</tr>
<tr class="even">
<td style="text-align: left;">Map</td>
<td style="text-align: left;">An unordered map from a set of specified keys to values with semantics bound to each key. Each field has an id, name and type.</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Map.ID</td>
<td style="text-align: left;">An unordered set of fields. The API value of each field has an id, label, and type.</td>
</tr>
<tr class="even">
<td style="text-align: left;">MapOf(<em>ktype</em>, <em>vtype</em>)</td>
<td style="text-align: left;">An unordered set of keys to values with the same semantics. Each key has key type <em>ktype</em> and is mapped to value type <em>vtype</em>.</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Record</td>
<td style="text-align: left;">An ordered map from a list of keys with positions to values with positionally-defined semantics. Each key has a position and name, and is mapped to a type. Represents a row in a spreadsheet or database table.</td>
</tr>
</tbody>
</table>
<ul>
<li><p><strong>API</strong> values do not affect interoperabilty, and although they must exhibit the characteristics specified above, their representation within applications is unspecified. A Python application might represent the Map type as a dict variable, a javascript application might represent it as an object literal or an ES6 Map type, and a C# application might represent it as a Dictionary or a Hashtable.</p></li>
<li><p><strong>Serialized</strong> values are critical to interoperability, and this document defines a set of <strong>serialization rules</strong> that unambiguously define how each of the above types are serialized using a human-friendly JSON format. Other serialization rules, such as for XML, machine-optimized JSON, and CBOR formats, exist but are out of scope for this document. Both the format-specific serialization rules in <a href="#315-serialization">Section 3.1.5</a> and the format-agnostic type definitions in <a href="#34-type-definitions">Section 3.4</a> are Normative.</p></li>
</ul>
<p>Types defined with an ".ID" suffix (Choice.ID, Enumerated.ID, Map.ID) are equivalent to the non-suffixed types except:</p>
<ol>
<li>Field definitions and API values are identified only by ID. The non-normative description may include a suggested name.</li>
<li>Serialized values of Enumerated types and keys of Choice/Map types are IDs regardless of serialization format.</li>
</ol>
<p>OpenC2 type definitions are presented in table format. All table columns except Description are Normative. The Description column is always Non-normative.</p>
<p>For types without individual field definitions (Primitive types and ArrayOf), the type definition includes the name of the type being defined and the definition of that type. This table defines a type called <em>Email-Addr</em> that is a <em>String</em> that has a semantic value constraint of <em>email</em>:</p>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>Email-Addr</strong></td>
<td style="text-align: left;">String (email)</td>
<td style="text-align: left;">Email address</td>
</tr>
</tbody>
</table>
<p>For Structure types, the definition includes the name of the type being defined, the built-in type on which it is based, and options applicable to the type as a whole. This is followed by a table defining each of the fields in the structure. This table defines a type called <em>Args</em> that is a <em>Map</em> containing at least one field. Each of the fields has an integer Tag/ID, a Name, and a Type. Each field in this definition is optional (Multiplicity = 0..1), but per the type definition at least one must be present.</p>
<p><strong><em>Type: Args (Map{1..*})</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">ID</th>
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Type</th>
<th style="text-align: left;">#</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;">1</td>
<td style="text-align: left;"><strong>start_time</strong></td>
<td style="text-align: left;">Date-Time</td>
<td style="text-align: left;">0..1</td>
<td style="text-align: left;">The specific date/time to initiate the action</td>
</tr>
<tr class="even">
<td style="text-align: left;">2</td>
<td style="text-align: left;"><strong>stop_time</strong></td>
<td style="text-align: left;">Date-Time</td>
<td style="text-align: left;">0..1</td>
<td style="text-align: left;">The specific date/time to terminate the action</td>
</tr>
<tr class="odd">
<td style="text-align: left;">3</td>
<td style="text-align: left;"><strong>duration</strong></td>
<td style="text-align: left;">Duration</td>
<td style="text-align: left;">0..1</td>
<td style="text-align: left;">The length of time for an action to be in effect</td>
</tr>
</tbody>
</table>
<p>The field columns present in a structure definition depends on the base type:</p>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Base Type</th>
<th style="text-align: left;">Field Definition Columns</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;">Enumerated.ID</td>
<td style="text-align: left;">ID, Description</td>
</tr>
<tr class="even">
<td style="text-align: left;">Enumerated</td>
<td style="text-align: left;">ID, Name, Description</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Array, Choice.ID, Map.ID</td>
<td style="text-align: left;">ID, Type, Multiplicity (#), Description</td>
</tr>
<tr class="even">
<td style="text-align: left;">Choice, Map, Record</td>
<td style="text-align: left;">ID, Name, Type, Multiplicity (#), Description</td>
</tr>
</tbody>
</table>
<p>The ID column of Array and Record types contains the ordinal position of the field, numbered sequentially starting at 1. The ID column of Choice, Enumerated, and Map types contains tags with arbitrary integer values. IDs and Names are unique within each type definition.</p>
<h3 id="312-semantic-value-constraints">3.1.2 Semantic Value Constraints</h3>
<p>Structural validation alone may be insufficient to validate that an instance meets all the requirements of an application. Semantic validation keywords specify value constraints for which an authoritative definition exists.</p>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Keyword</th>
<th style="text-align: left;">Applies to Type</th>
<th style="text-align: left;">Constraint</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>email</strong></td>
<td style="text-align: left;">String</td>
<td style="text-align: left;">Value must be an email address as defined in <a href="#rfc5322">[RFC5322]</a>, Section 3.4.1</td>
</tr>
<tr class="even">
<td style="text-align: left;"><strong>eui</strong></td>
<td style="text-align: left;">Binary</td>
<td style="text-align: left;">Value must be an EUI-48 or EUI-64 as defined in <a href="#eui">[EUI]</a></td>
</tr>
<tr class="odd">
<td style="text-align: left;"><strong>hostname</strong></td>
<td style="text-align: left;">String</td>
<td style="text-align: left;">Value must be a hostname as defined in <a href="#rfc1034">[RFC1034]</a>, Section 3.1</td>
</tr>
<tr class="even">
<td style="text-align: left;"><strong>idn-email</strong></td>
<td style="text-align: left;">String</td>
<td style="text-align: left;">Value must be an internationalized email address as defined in <a href="#rfc6531">[RFC6531]</a></td>
</tr>
<tr class="odd">
<td style="text-align: left;"><strong>idn-hostname</strong></td>
<td style="text-align: left;">String</td>
<td style="text-align: left;">Value must be an internationalized hostname as defined in <a href="#rfc5890">[RFC5890]</a>, Section 2.3.2.3</td>
</tr>
<tr class="even">
<td style="text-align: left;"><strong>iri</strong></td>
<td style="text-align: left;">String</td>
<td style="text-align: left;">Value must be an Internationalized Resource Identifier (IRI) as defined in <a href="#rfc3987">[RFC3987]</a></td>
</tr>
<tr class="odd">
<td style="text-align: left;"><strong>uri</strong></td>
<td style="text-align: left;">String</td>
<td style="text-align: left;">Value must be a Uniform Resource Identifier (URI) as defined in <a href="#rfc3986">[RFC3986]</a></td>
</tr>
</tbody>
</table>
<h3 id="313-multiplicity">3.1.3 Multiplicity</h3>
<p>Property tables for types based on Array, Choice, Map and Record include a multiplicity column (#) that specifies the minimum and maximum cardinality (number of elements) of a field. As used in the Unified Modeling Language (<a href="#uml">[UML]</a>), typical examples of multiplicity are:</p>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Multiplicity</th>
<th style="text-align: left;">Description</th>
<th style="text-align: left;">Keywords</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;">1</td>
<td style="text-align: left;">Exactly one instance</td>
<td style="text-align: left;">Required</td>
</tr>
<tr class="even">
<td style="text-align: left;">0..1</td>
<td style="text-align: left;">No instances or one instance</td>
<td style="text-align: left;">Optional</td>
</tr>
<tr class="odd">
<td style="text-align: left;">1..*</td>
<td style="text-align: left;">At least one instance</td>
<td style="text-align: left;">Required, Repeatable</td>
</tr>
<tr class="even">
<td style="text-align: left;">0..*</td>
<td style="text-align: left;">Zero or more instances</td>
<td style="text-align: left;">Optional, Repeatable</td>
</tr>
<tr class="odd">
<td style="text-align: left;">m..n</td>
<td style="text-align: left;">At least m but no more than n instances</td>
<td style="text-align: left;">Required, Repeatable</td>
</tr>
</tbody>
</table>
<p>When a repeatable field type is converted to a separate ArrayOf() Type, multiplicity is converted to the array size, enclosed in curly brackets, e.g.,:</p>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>Features</strong></td>
<td style="text-align: left;">ArrayOf(Feature){0..10}</td>
<td style="text-align: left;">An array of zero to ten names used to query an actuator for its supported capabilities.</td>
</tr>
</tbody>
</table>
<p>A multiplicity of 0..1 denotes a single optional value of the specified type. A multiplicity of 0..n denotes a field that is either omitted or is an array containing one or more values of the specified type.</p>
<p>An array containing zero or more values of a specified type cannot be created implicitly using multiplicity, it must be defined explicitly as a named ArrayOf type. The named type can then be used as the type of a required field (multiplicity 1). Results are unspecified if an optional field (multiplicity 0..1) is a named ArrayOf type with a minimum length of zero.</p>
<h3 id="314-extensions">3.1.4 Extensions</h3>
<p>One of the main design goals of OpenC2 was extensibility. Actuator profiles define the language extensions that are meaningful and possibly unique to the Actuator.</p>
<p>Each Actuator profile has a unique name used to identify the profile document and a short reference called a namespace identifier (NSID). The NSID is used to separate extensions from the core language defined in this specification.</p>
<p>All extensions MUST be identified with a short namespace reference, called a namespace identifier (NSID).</p>
<p>For example, the OASIS standard Stateless Packet Filtering actuator profile has:</p>
<ul>
<li><strong>Unique Name</strong>: <a href="http://docs.oasis-open.org/openc2/oc2slpf/v1.0/oc2slpf-v1.0.md">http://docs.oasis-open.org/openc2/oc2slpf/v1.0/oc2slpf-v1.0.md</a></li>
<li><strong>NSID</strong>: slpf</li>
</ul>
<p>The namespace identifier for non-standard extensions MUST be prefixed with "x-".</p>
<p>For example, the fictional, non-standard Superwidget actuator profile has:</p>
<ul>
<li><strong>Unique Name</strong>: <a href="http://www.acme.com/openc2/superwidget-v1.0.html">http://www.acme.com/openc2/superwidget-v1.0.html</a></li>
<li><strong>NSID</strong>: x-acme</li>
</ul>
<p>The list of Actions in <a href="#3311-action">Section 3.3.1.1</a> SHALL NOT be extended.</p>
<p>Targets, defined in <a href="#3312-target">Section 3.3.1.2</a>, MAY be extended. Extended Target names MUST be prefixed with a namespace identifier followed by a colon (":").</p>
<p><strong>Example:</strong> In this example Command, the extended Target, <code>rule_number</code>, is defined within the Stateless Packet Filtering Profile with the namespace identifier, <code>slpf</code>.</p>
<div class="sourceCode" id="cb2"><pre class="sourceCode json"><code class="sourceCode json"><a class="sourceLine" id="cb2-1" title="1"><span class="fu">{</span></a>
<a class="sourceLine" id="cb2-2" title="2">    <span class="dt">&quot;action&quot;</span><span class="fu">:</span> <span class="st">&quot;delete&quot;</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb2-3" title="3">    <span class="dt">&quot;target&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb2-4" title="4">        <span class="dt">&quot;slpf:rule_number&quot;</span><span class="fu">:</span> <span class="dv">1234</span></a>
<a class="sourceLine" id="cb2-5" title="5">    <span class="fu">}</span></a>
<a class="sourceLine" id="cb2-6" title="6"><span class="fu">}</span></a></code></pre></div>
<p>Command Arguments, defined in <a href="#3314-command-arguments">Section 3.3.1.4</a>, MAY be extended using the namespace identifier as the Argument name, called an extended Argument namespace. Extended Arguments MUST be defined within the extended Argument namespace.</p>
<p><strong>Example:</strong> In this example Command, the extended Argument, <code>direction</code>, is defined within the Stateless Packet Filtering Profile namespace, <code>slpf</code>.</p>
<div class="sourceCode" id="cb3"><pre class="sourceCode json"><code class="sourceCode json"><a class="sourceLine" id="cb3-1" title="1"><span class="fu">{</span></a>
<a class="sourceLine" id="cb3-2" title="2">    <span class="dt">&quot;action&quot;</span><span class="fu">:</span> <span class="st">&quot;deny&quot;</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb3-3" title="3">    <span class="dt">&quot;target&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb3-4" title="4">        <span class="dt">&quot;ipv6_net&quot;</span><span class="fu">:</span> <span class="fu">{</span><span class="er">...</span><span class="fu">}</span></a>
<a class="sourceLine" id="cb3-5" title="5">    <span class="fu">},</span></a>
<a class="sourceLine" id="cb3-6" title="6">    <span class="dt">&quot;args&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb3-7" title="7">        <span class="dt">&quot;slpf&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb3-8" title="8">            <span class="dt">&quot;direction&quot;</span><span class="fu">:</span> <span class="st">&quot;ingress&quot;</span></a>
<a class="sourceLine" id="cb3-9" title="9">        <span class="fu">}</span></a>
<a class="sourceLine" id="cb3-10" title="10">    <span class="fu">}</span></a>
<a class="sourceLine" id="cb3-11" title="11"><span class="fu">}</span></a></code></pre></div>
<p>The Actuator property of a Command, defined in <a href="#3313-actuator">Section 3.3.1.3</a>, MUST be extended using the namespace identifier as the Actuator name, called an extended Actuator namespace. Actuator Specifiers MUST be defined within the extended Actuator namespace.</p>
<p><strong>Example:</strong> In this example Command, the Actuator Specifier <code>asset_id</code> is defined within the Stateless Packet Filtering Profile namespace, <code>slpf</code>.</p>
<div class="sourceCode" id="cb4"><pre class="sourceCode json"><code class="sourceCode json"><a class="sourceLine" id="cb4-1" title="1"><span class="fu">{</span></a>
<a class="sourceLine" id="cb4-2" title="2">    <span class="dt">&quot;action&quot;</span><span class="fu">:</span> <span class="st">&quot;deny&quot;</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb4-3" title="3">    <span class="dt">&quot;target&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb4-4" title="4">        <span class="dt">&quot;ipv4_connection&quot;</span><span class="fu">:</span> <span class="fu">{</span><span class="er">...</span><span class="fu">}</span></a>
<a class="sourceLine" id="cb4-5" title="5">    <span class="fu">},</span></a>
<a class="sourceLine" id="cb4-6" title="6">    <span class="dt">&quot;actuator&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb4-7" title="7">        <span class="dt">&quot;slpf&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb4-8" title="8">            <span class="dt">&quot;asset_id&quot;</span><span class="fu">:</span> <span class="st">&quot;30&quot;</span></a>
<a class="sourceLine" id="cb4-9" title="9">        <span class="fu">}</span></a>
<a class="sourceLine" id="cb4-10" title="10">    <span class="fu">}</span></a>
<a class="sourceLine" id="cb4-11" title="11"><span class="fu">}</span></a></code></pre></div>
<p>Response results, defined in Section TBD, MAY be extended using the namespace identifier as the results name, called an extended results namespace. Extended results MUST be defined within the extended results namespace.</p>
<p><strong>Example:</strong> In this example Response, the Response results property, <code>rule_number</code>, is defined within the Stateless Packet Filtering Profile namespace, <code>slpf</code>.</p>
<div class="sourceCode" id="cb5"><pre class="sourceCode json"><code class="sourceCode json"><a class="sourceLine" id="cb5-1" title="1"><span class="fu">{</span></a>
<a class="sourceLine" id="cb5-2" title="2">    <span class="dt">&quot;status&quot;</span><span class="fu">:</span> <span class="dv">200</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb5-3" title="3">    <span class="dt">&quot;results&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb5-4" title="4">        <span class="dt">&quot;slpf&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb5-5" title="5">            <span class="dt">&quot;rule_number&quot;</span><span class="fu">:</span> <span class="dv">1234</span></a>
<a class="sourceLine" id="cb5-6" title="6">        <span class="fu">}</span></a>
<a class="sourceLine" id="cb5-7" title="7">    <span class="fu">}</span></a>
<a class="sourceLine" id="cb5-8" title="8"><span class="fu">}</span></a></code></pre></div>
<h3 id="315-serialization">3.1.5 Serialization</h3>
<p>OpenC2 is agnostic of any particular serialization; however, implementations MUST support JSON serialization in accordance with <a href="#rfc7493">[RFC7493]</a> and additional requirements specified in the following table.</p>
<p><strong>JSON Serialization Requirements:</strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">OpenC2 Data Type</th>
<th style="text-align: left;">JSON Serialization Requirement</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>Binary</strong></td>
<td style="text-align: left;">JSON <strong>string</strong> containing Base64url encoding of the binary value as defined in <a href="#rfc4648">[RFC4648]</a>, Section 5.</td>
</tr>
<tr class="even">
<td style="text-align: left;"><strong>Binary /x</strong></td>
<td style="text-align: left;">JSON <strong>string</strong> containing Base16 (hex) encoding of a binary value as defined in <a href="#rfc4648">[RFC4648]</a>, Section 8. Note that the Base16 alphabet does not include lower-case letters.</td>
</tr>
<tr class="odd">
<td style="text-align: left;"><strong>IPv4-Addr</strong></td>
<td style="text-align: left;">JSON <strong>string</strong> containing the "dotted-quad" representation of an IPv4 address as specified in <a href="#rfc2673">[RFC2673]</a>, Section 3.2.</td>
</tr>
<tr class="even">
<td style="text-align: left;"><strong>IPv6-Addr</strong></td>
<td style="text-align: left;">JSON <strong>string</strong> containing the text representation of an IPv6 address as specified in <a href="#rfc5952">[RFC5952]</a>, Section 4.</td>
</tr>
<tr class="odd">
<td style="text-align: left;"><strong>MAC-Addr</strong></td>
<td style="text-align: left;">JSON <strong>string</strong> containing the text representation of a MAC Address in colon hexadecimal format as defined in <a href="#eui">[EUI]</a>.</td>
</tr>
<tr class="even">
<td style="text-align: left;"><strong>Boolean</strong></td>
<td style="text-align: left;">JSON <strong>true</strong> or <strong>false</strong></td>
</tr>
<tr class="odd">
<td style="text-align: left;"><strong>Integer</strong></td>
<td style="text-align: left;">JSON <strong>number</strong></td>
</tr>
<tr class="even">
<td style="text-align: left;"><strong>Number</strong></td>
<td style="text-align: left;">JSON <strong>number</strong></td>
</tr>
<tr class="odd">
<td style="text-align: left;"><strong>Null</strong></td>
<td style="text-align: left;">JSON <strong>null</strong></td>
</tr>
<tr class="even">
<td style="text-align: left;"><strong>String</strong></td>
<td style="text-align: left;">JSON <strong>string</strong></td>
</tr>
<tr class="odd">
<td style="text-align: left;"><strong>Array</strong></td>
<td style="text-align: left;">JSON <strong>array</strong></td>
</tr>
<tr class="even">
<td style="text-align: left;"><strong>Array /ipv4-net</strong></td>
<td style="text-align: left;">JSON <strong>string</strong> containing the text representation of an IPv4 address range as specified in <a href="#rfc4632">[RFC4632]</a>, Section 3.1.</td>
</tr>
<tr class="odd">
<td style="text-align: left;"><strong>Array /ipv6-net</strong></td>
<td style="text-align: left;">JSON <strong>string</strong> containing the text representation of an IPv6 address range as specified in <a href="#rfc4291">[RFC4291]</a>, Section 2.3.</td>
</tr>
<tr class="even">
<td style="text-align: left;"><strong>ArrayOf</strong></td>
<td style="text-align: left;">JSON <strong>array</strong></td>
</tr>
<tr class="odd">
<td style="text-align: left;"><strong>Choice</strong></td>
<td style="text-align: left;">JSON <strong>object</strong> with one member. Member key is the field name.</td>
</tr>
<tr class="even">
<td style="text-align: left;"><strong>Choice.ID</strong></td>
<td style="text-align: left;">JSON <strong>object</strong> with one member. Member key is the integer field id converted to string.</td>
</tr>
<tr class="odd">
<td style="text-align: left;"><strong>Enumerated</strong></td>
<td style="text-align: left;">JSON <strong>string</strong></td>
</tr>
<tr class="even">
<td style="text-align: left;"><strong>Enumerated.ID</strong></td>
<td style="text-align: left;">JSON <strong>integer</strong></td>
</tr>
<tr class="odd">
<td style="text-align: left;"><strong>Map</strong></td>
<td style="text-align: left;">JSON <strong>object</strong>. Member keys are field names.</td>
</tr>
<tr class="even">
<td style="text-align: left;"><strong>Map.ID</strong></td>
<td style="text-align: left;">JSON <strong>object</strong>. Member keys are integer field ids converted to strings.</td>
</tr>
<tr class="odd">
<td style="text-align: left;"><strong>MapOf</strong></td>
<td style="text-align: left;">JSON <strong>object</strong>. Member keys are as defined in the specified key type.</td>
</tr>
<tr class="even">
<td style="text-align: left;"><strong>Record</strong></td>
<td style="text-align: left;">JSON <strong>object</strong>. Member keys are field names.</td>
</tr>
</tbody>
</table>
<h4 id="3151-id-and-name-serialization">3.1.5.1 ID and Name Serialization</h4>
<p>Instances of Enumerated types and keys for Choice and Map types are serialized as ID values except when using serialization formats intended for human consumption, where Name strings are used instead. Defining a type using ".ID" appended to the base type (e.g., Enumerated.ID, Map.ID) indicates that:</p>
<ol>
<li>Type definitions and application values use only the ID. There is no corresponding name except as an optional part of the description.</li>
<li>Instances of Enumerated values and Choice/Map keys are serialized as IDs regardless of serialization format.</li>
</ol>
<h2 id="32-message">3.2 Message</h2>
<p>This language specification and one or more Actuator profiles define the content of Commands and Responses, while transfer specifications define the on-the-wire format of a Message over specific secure transport protocols. Transfer specifications are agnostic with regard to content, and content is agnostic with regard to transfer protocol. This decoupling is accomplished by defining a standard message interface used to transfer any type of content over any transfer protocol.</p>
<p>A message is a content- and transport-independent set of elements conveyed between Producers and Consumers. To ensure interoperability all transfer specifications must unambiguously define how the Message elements in <a href="#table-3-1-common-message-elements">Table 3-1</a> are represented within the secure transport protocol. This does not imply that all Message elements must be used in all Messages. Content, content_type, and msg_type are required in all Messages. Other Message elements are not required by this specification but may be required by other specifications. The internal representation of a Message does not affect interoperability and is therefore beyond the scope of OpenC2.</p>
<h6 id="table-3-1-common-message-elements">Table 3-1. Common Message Elements</h6>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Type</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>content</strong></td>
<td style="text-align: left;"></td>
<td style="text-align: left;">Message body as specified by content_type and msg_type.</td>
</tr>
<tr class="even">
<td style="text-align: left;"><strong>content_type</strong></td>
<td style="text-align: left;">String</td>
<td style="text-align: left;">Media Type that identifies the format of the content, including major version. Incompatible content formats must have different content_types. Content_type <strong>application/openc2</strong> identifies content defined by OpenC2 language specification versions 1.x, i.e., all versions that are compatible with version 1.0.</td>
</tr>
<tr class="odd">
<td style="text-align: left;"><strong>msg_type</strong></td>
<td style="text-align: left;">Message-Type</td>
<td style="text-align: left;">The type of OpenC2 Message.</td>
</tr>
<tr class="even">
<td style="text-align: left;"><strong>status</strong></td>
<td style="text-align: left;">Status-Code</td>
<td style="text-align: left;">Populated with a numeric status code in Responses.</td>
</tr>
<tr class="odd">
<td style="text-align: left;"><strong>request_id</strong></td>
<td style="text-align: left;">String</td>
<td style="text-align: left;">A unique identifier created by the Producer and copied by Consumer into all Responses, in order to support reference to a particular Command, transaction, or event chain.</td>
</tr>
<tr class="even">
<td style="text-align: left;"><strong>created</strong></td>
<td style="text-align: left;">Date-Time</td>
<td style="text-align: left;">Creation date/time of the content.</td>
</tr>
<tr class="odd">
<td style="text-align: left;"><strong>from</strong></td>
<td style="text-align: left;">String</td>
<td style="text-align: left;">Authenticated identifier of the creator of or authority for execution of a message.</td>
</tr>
<tr class="even">
<td style="text-align: left;"><strong>to</strong></td>
<td style="text-align: left;">ArrayOf(String)</td>
<td style="text-align: left;">Authenticated identifier(s) of the authorized recipient(s) of a message.</td>
</tr>
</tbody>
</table>
<p><strong>Usage Requirements:</strong></p>
<ul>
<li>A Producer MUST include a <code>request_id</code> in the Message header of a Command if it requests a Response.</li>
<li>The request_id of a Message SHOULD be a Version 4 UUID as specified in <a href="#rfc4122">[RFC4122]</a>, Section 4.4.</li>
<li>A Consumer MUST copy the <code>request_id</code> from the Message header of a Command into each Response to that Command.</li>
</ul>
<h2 id="33-content">3.3 Content</h2>
<p>The purpose of this specification is to define the Action and Target portions of a Command and the common portions of a Response. The properties of the Command are defined in <a href="#331-openc2-command">Section 3.3.1</a> and the properties of the Response are defined in <a href="#332-openc2-response">Section 3.3.2</a>.</p>
<p>In addition to the Action and Target, a Command has an optional Actuator. Other than identification of namespace identifier, the semantics associated with the Actuator Specifiers are defined in Actuator Profiles. The Actuators and Actuator-specific results contained in a Response are specified in 'Actuator Profile Specifications' such as StateLess Packet Filtering Profile, Routing Profile etc.</p>
<h3 id="331-openc2-command">3.3.1 OpenC2 Command</h3>
<p>The Command defines an Action to be performed on a Target.</p>
<p><strong><em>Type: OpenC2-Command (Record)</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Type</th>
<th style="text-align: right;">#</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">1</td>
<td style="text-align: left;"><strong>action</strong></td>
<td style="text-align: left;">Action</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">The task or activity to be performed (i.e., the 'verb').</td>
</tr>
<tr class="even">
<td style="text-align: right;">2</td>
<td style="text-align: left;"><strong>target</strong></td>
<td style="text-align: left;">Target</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">The object of the Action. The Action is performed on the Target.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">3</td>
<td style="text-align: left;"><strong>args</strong></td>
<td style="text-align: left;">Args</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">Additional information that applies to the Command.</td>
</tr>
<tr class="even">
<td style="text-align: right;">4</td>
<td style="text-align: left;"><strong>actuator</strong></td>
<td style="text-align: left;">Actuator</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">The subject of the Action. The Actuator executes the Action on the Target.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">5</td>
<td style="text-align: left;"><strong>command_id</strong></td>
<td style="text-align: left;">Command-ID</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">An identifier of this Command.</td>
</tr>
</tbody>
</table>
<p><strong>Usage Requirements:</strong></p>
<ul>
<li>A Consumer receiving a Command with <code>command_id</code> absent and <code>request_id</code> present in the header of the Message MUST use the value of <code>request_id</code> as the <code>command_id</code>.</li>
<li>If present, the <code>args</code> property MUST contain at least one element defined in <a href="#3314-command-arguments">Section 3.3.1.4</a>.</li>
</ul>
<h4 id="3311-action">3.3.1.1 Action</h4>
<p><strong><em>Type: Action (Enumerated)</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">1</td>
<td style="text-align: left;"><strong>scan</strong></td>
<td style="text-align: left;">Systematic examination of some aspect of the entity or its environment.</td>
</tr>
<tr class="even">
<td style="text-align: right;">2</td>
<td style="text-align: left;"><strong>locate</strong></td>
<td style="text-align: left;">Find an object physically, logically, functionally, or by organization.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">3</td>
<td style="text-align: left;"><strong>query</strong></td>
<td style="text-align: left;">Initiate a request for information.</td>
</tr>
<tr class="even">
<td style="text-align: right;">6</td>
<td style="text-align: left;"><strong>deny</strong></td>
<td style="text-align: left;">Prevent a certain event or action from completion, such as preventing a flow from reaching a destination or preventing access.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">7</td>
<td style="text-align: left;"><strong>contain</strong></td>
<td style="text-align: left;">Isolate a file, process, or entity so that it cannot modify or access assets or processes.</td>
</tr>
<tr class="even">
<td style="text-align: right;">8</td>
<td style="text-align: left;"><strong>allow</strong></td>
<td style="text-align: left;">Permit access to or execution of a Target.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">9</td>
<td style="text-align: left;"><strong>start</strong></td>
<td style="text-align: left;">Initiate a process, application, system, or activity.</td>
</tr>
<tr class="even">
<td style="text-align: right;">10</td>
<td style="text-align: left;"><strong>stop</strong></td>
<td style="text-align: left;">Halt a system or end an activity.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">11</td>
<td style="text-align: left;"><strong>restart</strong></td>
<td style="text-align: left;">Stop then start a system or an activity.</td>
</tr>
<tr class="even">
<td style="text-align: right;">14</td>
<td style="text-align: left;"><strong>cancel</strong></td>
<td style="text-align: left;">Invalidate a previously issued Action.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">15</td>
<td style="text-align: left;"><strong>set</strong></td>
<td style="text-align: left;">Change a value, configuration, or state of a managed entity.</td>
</tr>
<tr class="even">
<td style="text-align: right;">16</td>
<td style="text-align: left;"><strong>update</strong></td>
<td style="text-align: left;">Instruct a component to retrieve, install, process, and operate in accordance with a software update, reconfiguration, or other update.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">18</td>
<td style="text-align: left;"><strong>redirect</strong></td>
<td style="text-align: left;">Change the flow of traffic to a destination other than its original destination.</td>
</tr>
<tr class="even">
<td style="text-align: right;">19</td>
<td style="text-align: left;"><strong>create</strong></td>
<td style="text-align: left;">Add a new entity of a known type (e.g., data, files, directories).</td>
</tr>
<tr class="odd">
<td style="text-align: right;">20</td>
<td style="text-align: left;"><strong>delete</strong></td>
<td style="text-align: left;">Remove an entity (e.g., data, files, flows).</td>
</tr>
<tr class="even">
<td style="text-align: right;">22</td>
<td style="text-align: left;"><strong>detonate</strong></td>
<td style="text-align: left;">Execute and observe the behavior of a Target (e.g., file, hyperlink) in an isolated environment.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">23</td>
<td style="text-align: left;"><strong>restore</strong></td>
<td style="text-align: left;">Return a system to a previously known state.</td>
</tr>
<tr class="even">
<td style="text-align: right;">28</td>
<td style="text-align: left;"><strong>copy</strong></td>
<td style="text-align: left;">Duplicate an object, file, data flow, or artifact.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">30</td>
<td style="text-align: left;"><strong>investigate</strong></td>
<td style="text-align: left;">Task the recipient to aggregate and report information as it pertains to a security event or incident.</td>
</tr>
<tr class="even">
<td style="text-align: right;">32</td>
<td style="text-align: left;"><strong>remediate</strong></td>
<td style="text-align: left;">Task the recipient to eliminate a vulnerability or attack point.</td>
</tr>
</tbody>
</table>
<p><strong>Usage Requirements:</strong></p>
<ul>
<li>Each Command MUST contain exactly one Action defined in <a href="#3311-action">Section 3.3.1.1</a>.</li>
</ul>
<h4 id="3312-target">3.3.1.2 Target</h4>
<p><strong><em>Type: Target (Choice)</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Type</th>
<th style="text-align: right;">#</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">1</td>
<td style="text-align: left;"><strong>artifact</strong></td>
<td style="text-align: left;">Artifact</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">An array of bytes representing a file-like object or a link to that object.</td>
</tr>
<tr class="even">
<td style="text-align: right;">2</td>
<td style="text-align: left;"><strong>command</strong></td>
<td style="text-align: left;">Command-ID</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">A reference to a previously issued Command.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">3</td>
<td style="text-align: left;"><strong>device</strong></td>
<td style="text-align: left;">Device</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">The properties of a hardware device.</td>
</tr>
<tr class="even">
<td style="text-align: right;">7</td>
<td style="text-align: left;"><strong>domain_name</strong></td>
<td style="text-align: left;">Domain-Name</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">A network domain name.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">8</td>
<td style="text-align: left;"><strong>email_addr</strong></td>
<td style="text-align: left;">Email-Addr</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">A single email address.</td>
</tr>
<tr class="even">
<td style="text-align: right;">9</td>
<td style="text-align: left;"><strong>features</strong></td>
<td style="text-align: left;">Features</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">A set of items used with the query Action to determine an Actuator's capabilities.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">10</td>
<td style="text-align: left;"><strong>file</strong></td>
<td style="text-align: left;">File</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">Properties of a file.</td>
</tr>
<tr class="even">
<td style="text-align: right;">11</td>
<td style="text-align: left;"><strong>idn_domain_name</strong></td>
<td style="text-align: left;">IDN-Domain-Name</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">An internationalized domain name.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">12</td>
<td style="text-align: left;"><strong>idn_email_addr</strong></td>
<td style="text-align: left;">IDN-Email-Addr</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">A single internationalized email address.</td>
</tr>
<tr class="even">
<td style="text-align: right;">13</td>
<td style="text-align: left;"><strong>ipv4_net</strong></td>
<td style="text-align: left;">IPv4-Net</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">An IPv4 address range including CIDR prefix length.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">14</td>
<td style="text-align: left;"><strong>ipv6_net</strong></td>
<td style="text-align: left;">IPv6-Net</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">An IPv6 address range including prefix length.</td>
</tr>
<tr class="even">
<td style="text-align: right;">15</td>
<td style="text-align: left;"><strong>ipv4_connection</strong></td>
<td style="text-align: left;">IPv4-Connection</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">A 5-tuple of source and destination IPv4 address ranges, source and destination ports, and protocol.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">16</td>
<td style="text-align: left;"><strong>ipv6_connection</strong></td>
<td style="text-align: left;">IPv6-Connection</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">A 5-tuple of source and destination IPv6 address ranges, source and destination ports, and protocol.</td>
</tr>
<tr class="even">
<td style="text-align: right;">20</td>
<td style="text-align: left;"><strong>iri</strong></td>
<td style="text-align: left;">IRI</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">An internationalized resource identifier (IRI).</td>
</tr>
<tr class="odd">
<td style="text-align: right;">17</td>
<td style="text-align: left;"><strong>mac_addr</strong></td>
<td style="text-align: left;">MAC-Addr</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">A Media Access Control (MAC) address - EUI-48 or EUI-64 as defined in <a href="#eui">[EUI]</a>.</td>
</tr>
<tr class="even">
<td style="text-align: right;">18</td>
<td style="text-align: left;"><strong>process</strong></td>
<td style="text-align: left;">Process</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">Common properties of an instance of a computer program as executed on an operating system.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">25</td>
<td style="text-align: left;"><strong>properties</strong></td>
<td style="text-align: left;">Properties</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">Data attribute associated with an Actuator.</td>
</tr>
<tr class="even">
<td style="text-align: right;">19</td>
<td style="text-align: left;"><strong>uri</strong></td>
<td style="text-align: left;">URI</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">A uniform resource identifier (URI).</td>
</tr>
</tbody>
</table>
<p><strong>Usage Requirements:</strong></p>
<ul>
<li>The <code>target</code> field in a Command MUST contain exactly one type of Target (e.g., ipv4_net).</li>
</ul>
<h4 id="3313-actuator">3.3.1.3 Actuator</h4>
<p><strong><em>Type: Actuator (Choice)</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Type</th>
<th style="text-align: right;">#</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">1024</td>
<td style="text-align: left;"><strong>slpf</strong></td>
<td style="text-align: left;">slpf:Actuator</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;"><strong>Example</strong>: Actuator Specifiers defined in the Stateless Packet Filtering Profile</td>
</tr>
</tbody>
</table>
<h4 id="3314-command-arguments">3.3.1.4 Command Arguments</h4>
<p><strong><em>Type: Args (Map{1..*})</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Type</th>
<th style="text-align: right;">#</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">1</td>
<td style="text-align: left;"><strong>start_time</strong></td>
<td style="text-align: left;">Date-Time</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">The specific date/time to initiate the Command</td>
</tr>
<tr class="even">
<td style="text-align: right;">2</td>
<td style="text-align: left;"><strong>stop_time</strong></td>
<td style="text-align: left;">Date-Time</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">The specific date/time to terminate the Command</td>
</tr>
<tr class="odd">
<td style="text-align: right;">3</td>
<td style="text-align: left;"><strong>duration</strong></td>
<td style="text-align: left;">Duration</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">The length of time for an Command to be in effect</td>
</tr>
<tr class="even">
<td style="text-align: right;">4</td>
<td style="text-align: left;"><strong>response_requested</strong></td>
<td style="text-align: left;">Response-Type</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">The type of Response required for the Command: <code>none</code>, <code>ack</code>, <code>status</code>, <code>complete</code>.</td>
</tr>
</tbody>
</table>
<p><strong>Usage Requirements:</strong></p>
<ul>
<li><code>start_time</code>, <code>stop_time</code>, <code>duration</code>:
<ul>
<li>If none are specified, then <code>start_time</code> is now, <code>stop_time</code> is never, and <code>duration</code> is infinity.</li>
<li>Only two of the three are allowed on any given Command and the third is derived from the equation <code>stop_time</code> = <code>start_time</code> + <code>duration</code>.</li>
<li>If only <code>start_time</code> is specified then <code>stop_time</code> is never and <code>duration</code> is infinity.</li>
<li>If only <code>stop_time</code> is specified then <code>start_time</code> is now and <code>duration</code> is derived.</li>
<li>If only <code>duration</code> is specified then <code>start_time</code> is now and <code>stop_time</code> is derived.</li>
</ul></li>
<li><code>response_requested</code>:
<ul>
<li>If <code>response_requested</code> is specified as <code>none</code> then the Consumer SHOULD NOT send a Response.</li>
<li>If <code>response_requested</code> is specified as <code>ack</code> then the Consumer SHOULD send a Response acknowledging receipt of the Command: <code>{"status": 102}</code>.</li>
<li>If <code>response_requested</code> is specified as <code>status</code> then the Consumer SHOULD send a Response containing the current status of Command execution.</li>
<li>If <code>response_requested</code> is specified as <code>complete</code> then the Consumer SHOULD send a Response containing the status or results upon completion of Command execution.</li>
<li>If <code>response_requested</code> is not explicitly specified then the Consumer SHOULD respond as if <code>complete</code> was specified.</li>
</ul></li>
</ul>
<h3 id="332-openc2-response">3.3.2 OpenC2 Response</h3>
<p><strong><em>Type: OpenC2-Response (Map)</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Type</th>
<th style="text-align: right;">#</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">1</td>
<td style="text-align: left;"><strong>status</strong></td>
<td style="text-align: left;">Status-Code</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">An integer status code.</td>
</tr>
<tr class="even">
<td style="text-align: right;">2</td>
<td style="text-align: left;"><strong>status_text</strong></td>
<td style="text-align: left;">String</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">A free-form human-readable description of the Response status.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">3</td>
<td style="text-align: left;"><strong>results</strong></td>
<td style="text-align: left;">Results</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">Map of key:value pairs that contain additional results based on the invoking Command.</td>
</tr>
</tbody>
</table>
<p><strong>Example:</strong></p>
<div class="sourceCode" id="cb6"><pre class="sourceCode json"><code class="sourceCode json"><a class="sourceLine" id="cb6-1" title="1"><span class="fu">{</span></a>
<a class="sourceLine" id="cb6-2" title="2">    <span class="dt">&quot;status&quot;</span><span class="fu">:</span> <span class="dv">200</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb6-3" title="3">    <span class="dt">&quot;results&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb6-4" title="4">        <span class="dt">&quot;versions&quot;</span><span class="fu">:</span> <span class="ot">[</span><span class="st">&quot;1.0&quot;</span><span class="ot">]</span></a>
<a class="sourceLine" id="cb6-5" title="5">    <span class="fu">}</span></a>
<a class="sourceLine" id="cb6-6" title="6"><span class="fu">}</span></a></code></pre></div>
<p><strong>Usage Requirements:</strong></p>
<ul>
<li>All Responses MUST contain a status.</li>
</ul>
<h4 id="3321-response-status-code">3.3.2.1 Response Status Code</h4>
<p><strong><em>Type: Status-Code (Enumerated.ID)</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">102</td>
<td style="text-align: left;"><strong>Processing</strong> - an interim Response used to inform the Producer that the Consumer has accepted the Command but has not yet completed it.</td>
</tr>
<tr class="even">
<td style="text-align: right;">200</td>
<td style="text-align: left;"><strong>OK</strong> - the Command has succeeded.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">400</td>
<td style="text-align: left;"><strong>Bad Request</strong> - the Consumer cannot process the Command due to something that is perceived to be a Producer error (e.g., malformed Command syntax).</td>
</tr>
<tr class="even">
<td style="text-align: right;">401</td>
<td style="text-align: left;"><strong>Unauthorized</strong> - the Command Message lacks valid authentication credentials for the target resource or authorization has been refused for the submitted credentials.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">403</td>
<td style="text-align: left;"><strong>Forbidden</strong> - the Consumer understood the Command but refuses to authorize it.</td>
</tr>
<tr class="even">
<td style="text-align: right;">404</td>
<td style="text-align: left;"><strong>Not Found</strong> - the Consumer has not found anything matching the Command.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">500</td>
<td style="text-align: left;"><strong>Internal Error</strong> - the Consumer encountered an unexpected condition that prevented it from performing the Command.</td>
</tr>
<tr class="even">
<td style="text-align: right;">501</td>
<td style="text-align: left;"><strong>Not Implemented</strong> - the Consumer does not support the functionality required to perform the Command.</td>
</tr>
<tr class="odd">
<td style="text-align: right;">503</td>
<td style="text-align: left;"><strong>Service Unavailable</strong> - the Consumer is currently unable to perform the Command due to a temporary overloading or maintenance of the Consumer.</td>
</tr>
</tbody>
</table>
<h4 id="3322-response-results">3.3.2.2 Response Results</h4>
<p><strong><em>Type: Results (Map{1..*})</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Type</th>
<th style="text-align: right;">#</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">1</td>
<td style="text-align: left;"><strong>versions</strong></td>
<td style="text-align: left;">Version unique</td>
<td style="text-align: right;">0..*</td>
<td style="text-align: left;">List of OpenC2 language versions supported by this Actuator</td>
</tr>
<tr class="even">
<td style="text-align: right;">2</td>
<td style="text-align: left;"><strong>profiles</strong></td>
<td style="text-align: left;">ArrayOf(Nsid)</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">List of profiles supported by this Actuator</td>
</tr>
<tr class="odd">
<td style="text-align: right;">3</td>
<td style="text-align: left;"><strong>pairs</strong></td>
<td style="text-align: left;">Action-Targets</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">List of targets applicable to each supported Action</td>
</tr>
<tr class="even">
<td style="text-align: right;">4</td>
<td style="text-align: left;"><strong>rate_limit</strong></td>
<td style="text-align: left;">Number{0..*}</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">Maximum number of requests per minute supported by design or policy</td>
</tr>
<tr class="odd">
<td style="text-align: right;">1024</td>
<td style="text-align: left;"><strong>slpf</strong></td>
<td style="text-align: left;">slpf:Results</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;"><strong>Example</strong>: Result properties defined in the Stateless Packet Filtering Profile</td>
</tr>
</tbody>
</table>
<h2 id="34-type-definitions">3.4 Type Definitions</h2>
<h3 id="341-target-types">3.4.1 Target Types</h3>
<h4 id="3411-artifact">3.4.1.1 Artifact</h4>
<p><strong><em>Type: Artifact (Record{1..*})</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Type</th>
<th style="text-align: right;">#</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">1</td>
<td style="text-align: left;"><strong>mime_type</strong></td>
<td style="text-align: left;">String</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">Permitted values specified in the IANA Media Types registry, <a href="#rfc6838">[RFC6838]</a></td>
</tr>
<tr class="even">
<td style="text-align: right;">2</td>
<td style="text-align: left;"><strong>payload</strong></td>
<td style="text-align: left;">Payload</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">Choice of literal content or URL</td>
</tr>
<tr class="odd">
<td style="text-align: right;">3</td>
<td style="text-align: left;"><strong>hashes</strong></td>
<td style="text-align: left;">Hashes</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">Hashes of the payload content</td>
</tr>
</tbody>
</table>
<p><strong>Usage Requirement:</strong></p>
<ul>
<li>An "Artifact" Target MUST contain at least one property.</li>
</ul>
<h4 id="3412-device">3.4.1.2 Device</h4>
<p><strong><em>Type: Device (Map{1..*})</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Type</th>
<th style="text-align: right;">#</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">1</td>
<td style="text-align: left;"><strong>hostname</strong></td>
<td style="text-align: left;">Hostname</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">A hostname that can be used to connect to this device over a network</td>
</tr>
<tr class="even">
<td style="text-align: right;">2</td>
<td style="text-align: left;"><strong>idn_hostname</strong></td>
<td style="text-align: left;">IDN-Hostname</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">An internationalized hostname that can be used to connect to this device over a network</td>
</tr>
<tr class="odd">
<td style="text-align: right;">3</td>
<td style="text-align: left;"><strong>device_id</strong></td>
<td style="text-align: left;">String</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">An identifier that refers to this device within an inventory or management system</td>
</tr>
</tbody>
</table>
<p><strong>Usage Requirement:</strong></p>
<ul>
<li>A "Device" Target MUST contain at least one property.</li>
</ul>
<h4 id="3413-domain-name">3.4.1.3 Domain Name</h4>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>Domain-Name</strong></td>
<td style="text-align: left;">String /hostname</td>
<td style="text-align: left;"><a href="#rfc1034">[RFC1034]</a>, Section 3.5</td>
</tr>
</tbody>
</table>
<h4 id="3414-email-address">3.4.1.4 Email Address</h4>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>Email-Addr</strong></td>
<td style="text-align: left;">String /email</td>
<td style="text-align: left;">Email address, <a href="#rfc5322">[RFC5322]</a>, Section 3.4.1</td>
</tr>
</tbody>
</table>
<h4 id="3415-features">3.4.1.5 Features</h4>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>Features</strong></td>
<td style="text-align: left;">ArrayOf(Feature){0..10} unique</td>
<td style="text-align: left;">An array of zero to ten names used to query an Actuator for its supported capabilities.</td>
</tr>
</tbody>
</table>
<p><strong>Usage Requirements:</strong></p>
<ul>
<li>A Producer MUST NOT send a list containing more than one instance of any Feature.</li>
<li>A Consumer receiving a list containing more than one instance of any Feature SHOULD behave as if the duplicate(s) were not present.</li>
<li>A Producer MAY send a 'query' Command containing an empty list of features. A Producer could do this to determine if a Consumer is responding to Commands (a heartbeat command) or to generate idle traffic to keep a connection to a Consumer from being closed due to inactivity (a keep-alive command). An active Consumer could return an empty response to this command, minimizing the amount of traffic used to perform heartbeat / keep-alive functions.</li>
</ul>
<h4 id="3416-file">3.4.1.6 File</h4>
<p><strong><em>Type: File (Map{1..*})</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Type</th>
<th style="text-align: right;">#</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">1</td>
<td style="text-align: left;"><strong>name</strong></td>
<td style="text-align: left;">String</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">The name of the file as defined in the file system</td>
</tr>
<tr class="even">
<td style="text-align: right;">2</td>
<td style="text-align: left;"><strong>path</strong></td>
<td style="text-align: left;">String</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">The absolute path to the location of the file in the file system</td>
</tr>
<tr class="odd">
<td style="text-align: right;">3</td>
<td style="text-align: left;"><strong>hashes</strong></td>
<td style="text-align: left;">Hashes</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">One or more cryptographic hash codes of the file contents</td>
</tr>
</tbody>
</table>
<p><strong>Usage Requirement:</strong></p>
<ul>
<li>A "File" Target MUST contain at least one property.</li>
</ul>
<h4 id="3417-internationalized-domain-name">3.4.1.7 Internationalized Domain Name</h4>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>IDN-Domain-Name</strong></td>
<td style="text-align: left;">String /idn-hostname</td>
<td style="text-align: left;">Internationalized Domain Name, <a href="#rfc5890">[RFC5890]</a>, Section 2.3.2.3.</td>
</tr>
</tbody>
</table>
<h4 id="3418-internationalized-email-address">3.4.1.8 Internationalized Email Address</h4>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>IDN-Email-Addr</strong></td>
<td style="text-align: left;">String /idn-email</td>
<td style="text-align: left;">Internationalized email address, <a href="#rfc6531">[RFC6531]</a></td>
</tr>
</tbody>
</table>
<h4 id="3419-ipv4-address-range">3.4.1.9 IPv4 Address Range</h4>
<p>An IPv4 address range is a CIDR block per "Classless Inter-domain Routing (CIDR): The Internet Address Assignment and Aggregation Plan" <a href="#rfc4632">[RFC4632]</a> and consists of two values, an IPv4 address and a prefix.</p>
<p>For example, "192.168.17.0/24" is range of IP addresses with a prefix of 24 (i.e. 192.168.17.0 - 192.168.17.255).</p>
<p>JSON serialization of an IPv4 address range SHALL use the 'dotted/slash' textual representation of <a href="#rfc4632">[RFC4632]</a>.</p>
<p>CBOR serialization of an IPv4 address range SHALL use a binary representation of the IP address and the prefix, each in their own field.</p>
<p><strong><em>Type: IPv4-Net (Array /ipv4-net)</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Type</th>
<th style="text-align: right;">#</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">1</td>
<td style="text-align: left;">IPv4-Addr</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">IPv4 address as defined in <a href="#rfc0791">[RFC0791]</a></td>
</tr>
<tr class="even">
<td style="text-align: right;">2</td>
<td style="text-align: left;">Integer</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">CIDR prefix-length. If omitted, refers to a single host address.</td>
</tr>
</tbody>
</table>
<h4 id="34110-ipv4-connection">3.4.1.10 IPv4 Connection</h4>
<p><strong><em>Type: IPv4-Connection (Record{1..*})</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Type</th>
<th style="text-align: right;">#</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">1</td>
<td style="text-align: left;"><strong>src_addr</strong></td>
<td style="text-align: left;">IPv4-Net</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">IPv4 source address range</td>
</tr>
<tr class="even">
<td style="text-align: right;">2</td>
<td style="text-align: left;"><strong>src_port</strong></td>
<td style="text-align: left;">Port</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">Source service per <a href="#rfc6335">[RFC6335]</a></td>
</tr>
<tr class="odd">
<td style="text-align: right;">3</td>
<td style="text-align: left;"><strong>dst_addr</strong></td>
<td style="text-align: left;">IPv4-Net</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">IPv4 destination address range</td>
</tr>
<tr class="even">
<td style="text-align: right;">4</td>
<td style="text-align: left;"><strong>dst_port</strong></td>
<td style="text-align: left;">Port</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">Destination service per <a href="#rfc6335">[RFC6335]</a></td>
</tr>
<tr class="odd">
<td style="text-align: right;">5</td>
<td style="text-align: left;"><strong>protocol</strong></td>
<td style="text-align: left;">L4-Protocol</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">Layer 4 protocol (e.g., TCP) - see <a href="#34210-l4-protocol">Section 3.4.2.10</a></td>
</tr>
</tbody>
</table>
<p><strong>Usage Requirement:</strong></p>
<ul>
<li>An "IPv4-Connection" MUST contain at least one property.</li>
</ul>
<h4 id="34111-ipv6-address-range">3.4.1.11 IPv6 Address Range</h4>
<p><strong><em>Type: IPv6-Net (Array /ipv6-net)</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Type</th>
<th style="text-align: right;">#</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">1</td>
<td style="text-align: left;">IPv6-Addr</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">IPv6 address as defined in <a href="#rfc8200">[RFC8200]</a></td>
</tr>
<tr class="even">
<td style="text-align: right;">2</td>
<td style="text-align: left;">Integer</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">prefix-length. If omitted, refers to a single host address.</td>
</tr>
</tbody>
</table>
<h4 id="34112-ipv6-connection">3.4.1.12 IPv6 Connection</h4>
<p><strong><em>Type: IPv6-Connection (Record{1..*})</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Type</th>
<th style="text-align: right;">#</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">1</td>
<td style="text-align: left;"><strong>src_addr</strong></td>
<td style="text-align: left;">IPv6-Net</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">IPv6 source address range</td>
</tr>
<tr class="even">
<td style="text-align: right;">2</td>
<td style="text-align: left;"><strong>src_port</strong></td>
<td style="text-align: left;">Port</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">Source service per <a href="#rfc6335">[RFC6335]</a></td>
</tr>
<tr class="odd">
<td style="text-align: right;">3</td>
<td style="text-align: left;"><strong>dst_addr</strong></td>
<td style="text-align: left;">IPv6-Net</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">IPv6 destination address range</td>
</tr>
<tr class="even">
<td style="text-align: right;">4</td>
<td style="text-align: left;"><strong>dst_port</strong></td>
<td style="text-align: left;">Port</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">Destination service per <a href="#rfc6335">[RFC6335]</a></td>
</tr>
<tr class="odd">
<td style="text-align: right;">5</td>
<td style="text-align: left;"><strong>protocol</strong></td>
<td style="text-align: left;">L4-Protocol</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">Layer 4 protocol (e.g., TCP) - <a href="#34210-l4-protocol">Section 3.4.2.10</a></td>
</tr>
</tbody>
</table>
<p><strong>Usage Requirement:</strong></p>
<ul>
<li>An "IPv6-Connection" Target MUST contain at least one property.</li>
</ul>
<h4 id="34113-iri">3.4.1.13 IRI</h4>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>IRI</strong></td>
<td style="text-align: left;">String /iri</td>
<td style="text-align: left;">Internationalized Resource Identifier, <a href="#rfc3987">[RFC3987]</a>.</td>
</tr>
</tbody>
</table>
<h4 id="34114-mac-address">3.4.1.14 MAC Address</h4>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>MAC-Addr</strong></td>
<td style="text-align: left;">Binary /eui</td>
<td style="text-align: left;">Media Access Control / Extended Unique Identifier address - EUI-48 or EUI-64 as defined in <a href="#eui">[EUI]</a>.</td>
</tr>
</tbody>
</table>
<h4 id="34115-process">3.4.1.15 Process</h4>
<p><strong><em>Type: Process (Map{1..*})</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Type</th>
<th style="text-align: right;">#</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">1</td>
<td style="text-align: left;"><strong>pid</strong></td>
<td style="text-align: left;">Integer{0..*}</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">Process ID of the process</td>
</tr>
<tr class="even">
<td style="text-align: right;">2</td>
<td style="text-align: left;"><strong>name</strong></td>
<td style="text-align: left;">String</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">Name of the process</td>
</tr>
<tr class="odd">
<td style="text-align: right;">3</td>
<td style="text-align: left;"><strong>cwd</strong></td>
<td style="text-align: left;">String</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">Current working directory of the process</td>
</tr>
<tr class="even">
<td style="text-align: right;">4</td>
<td style="text-align: left;"><strong>executable</strong></td>
<td style="text-align: left;">File</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">Executable that was executed to start the process</td>
</tr>
<tr class="odd">
<td style="text-align: right;">5</td>
<td style="text-align: left;"><strong>parent</strong></td>
<td style="text-align: left;">Process</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">Process that spawned this one</td>
</tr>
<tr class="even">
<td style="text-align: right;">6</td>
<td style="text-align: left;"><strong>command_line</strong></td>
<td style="text-align: left;">String</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">The full command line invocation used to start this process, including all arguments</td>
</tr>
</tbody>
</table>
<p><strong>Usage Requirement:</strong></p>
<ul>
<li>A "Process" Target MUST contain at least one property.</li>
</ul>
<h4 id="34116-properties">3.4.1.16 Properties</h4>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>Properties</strong></td>
<td style="text-align: left;">ArrayOf(String){1..*} unique</td>
<td style="text-align: left;">A list of names that uniquely identify properties of an Actuator.</td>
</tr>
</tbody>
</table>
<h4 id="34117-uri">3.4.1.17 URI</h4>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>URI</strong></td>
<td style="text-align: left;">String (uri)</td>
<td style="text-align: left;">Uniform Resource Identifier, <a href="#rfc3986">[RFC3986]</a>.</td>
</tr>
</tbody>
</table>
<h3 id="342-data-types">3.4.2 Data Types</h3>
<h4 id="3421-action-targets">3.4.2.1 Action-Targets</h4>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>Action-Targets</strong></td>
<td style="text-align: left;">MapOf(Action, Targets){1..*}</td>
<td style="text-align: left;">Map of each action supported by this actuator to the list of targets applicable to that action.</td>
</tr>
</tbody>
</table>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>Targets</strong></td>
<td style="text-align: left;">ArrayOf(Enum(Target)){1..*} unique</td>
<td style="text-align: left;">List of Target fields</td>
</tr>
</tbody>
</table>
<h4 id="3422-date-time">3.4.2.2 Date-Time</h4>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>Date-Time</strong></td>
<td style="text-align: left;">Integer{0..*}</td>
<td style="text-align: left;">Date and Time</td>
</tr>
</tbody>
</table>
<p><strong>Usage Requirements:</strong></p>
<ul>
<li>Value is the number of milliseconds since 00:00:00 UTC, 1 January 1970</li>
</ul>
<h4 id="3423-duration">3.4.2.3 Duration</h4>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>Duration</strong></td>
<td style="text-align: left;">Integer{0..*}</td>
<td style="text-align: left;">A length of time</td>
</tr>
</tbody>
</table>
<p><strong>Usage Requirements:</strong></p>
<ul>
<li>Value is a number of milliseconds</li>
</ul>
<h4 id="3424-feature">3.4.2.4 Feature</h4>
<p>Specifies the results to be returned from a query features Command.</p>
<p><strong><em>Type: Feature (Enumerated)</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">1</td>
<td style="text-align: left;"><strong>versions</strong></td>
<td style="text-align: left;">List of OpenC2 Language versions supported by this Actuator</td>
</tr>
<tr class="even">
<td style="text-align: right;">2</td>
<td style="text-align: left;"><strong>profiles</strong></td>
<td style="text-align: left;">List of profiles supported by this Actuator</td>
</tr>
<tr class="odd">
<td style="text-align: right;">3</td>
<td style="text-align: left;"><strong>pairs</strong></td>
<td style="text-align: left;">List of supported Actions and applicable Targets</td>
</tr>
<tr class="even">
<td style="text-align: right;">4</td>
<td style="text-align: left;"><strong>rate_limit</strong></td>
<td style="text-align: left;">Maximum number of Commands per minute supported by design or policy</td>
</tr>
</tbody>
</table>
<h4 id="3425-hashes">3.4.2.5 Hashes</h4>
<p><strong><em>Type: Hashes (Map{1..*})</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Type</th>
<th style="text-align: right;">#</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">1</td>
<td style="text-align: left;"><strong>md5</strong></td>
<td style="text-align: left;">Binary /x</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">MD5 hash as defined in <a href="#rfc1321">[RFC1321]</a></td>
</tr>
<tr class="even">
<td style="text-align: right;">2</td>
<td style="text-align: left;"><strong>sha1</strong></td>
<td style="text-align: left;">Binary /x</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">SHA1 hash as defined in <a href="#rfc6234">[RFC6234]</a></td>
</tr>
<tr class="odd">
<td style="text-align: right;">3</td>
<td style="text-align: left;"><strong>sha256</strong></td>
<td style="text-align: left;">Binary /x</td>
<td style="text-align: right;">0..1</td>
<td style="text-align: left;">SHA256 hash as defined in <a href="#rfc6234">[RFC6234]</a></td>
</tr>
</tbody>
</table>
<p><strong>Usage Requirement:</strong></p>
<ul>
<li>A "Hashes" data type MUST contain at least one key.</li>
</ul>
<h4 id="3426-hostname">3.4.2.6 Hostname</h4>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>Hostname</strong></td>
<td style="text-align: left;">String /hostname</td>
<td style="text-align: left;">Internet host name as specified in <a href="#rfc1123">[RFC1123]</a></td>
</tr>
</tbody>
</table>
<h4 id="3427-internationalized-hostname">3.4.2.7 Internationalized Hostname</h4>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>IDN-Hostname</strong></td>
<td style="text-align: left;">String /idn-hostname</td>
<td style="text-align: left;">Internationalized Internet host name as specified in <a href="#rfc5890">[RFC5890]</a>, Section 2.3.2.3.</td>
</tr>
</tbody>
</table>
<h4 id="3428-ipv4-address">3.4.2.8 IPv4 Address</h4>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>IPv4-Addr</strong></td>
<td style="text-align: left;">Binary /ipv4-addr</td>
<td style="text-align: left;">32 bit IPv4 address as defined in <a href="#rfc0791">[RFC0791]</a></td>
</tr>
</tbody>
</table>
<h4 id="3429-ipv6-address">3.4.2.9 IPv6 Address</h4>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>IPv6-Addr</strong></td>
<td style="text-align: left;">Binary /ipv6-addr</td>
<td style="text-align: left;">128 bit IPv6 address as defined in <a href="#rfc8200">[RFC8200]</a></td>
</tr>
</tbody>
</table>
<h4 id="34210-l4-protocol">3.4.2.10 L4 Protocol</h4>
<p>Value of the protocol (IPv4) or next header (IPv6) field in an IP packet. Any IANA value, <a href="#rfc5237">[RFC5237]</a></p>
<p><strong><em>Type: L4-Protocol (Enumerated)</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">1</td>
<td style="text-align: left;"><strong>icmp</strong></td>
<td style="text-align: left;">Internet Control Message Protocol - <a href="#rfc0792">[RFC0792]</a></td>
</tr>
<tr class="even">
<td style="text-align: right;">6</td>
<td style="text-align: left;"><strong>tcp</strong></td>
<td style="text-align: left;">Transmission Control Protocol - <a href="#rfc0793">[RFC0793]</a></td>
</tr>
<tr class="odd">
<td style="text-align: right;">17</td>
<td style="text-align: left;"><strong>udp</strong></td>
<td style="text-align: left;">User Datagram Protocol - <a href="#rfc0768">[RFC0768]</a></td>
</tr>
<tr class="even">
<td style="text-align: right;">132</td>
<td style="text-align: left;"><strong>sctp</strong></td>
<td style="text-align: left;">Stream Control Transmission Protocol - <a href="#rfc4960">[RFC4960]</a></td>
</tr>
</tbody>
</table>
<h4 id="34211-message-type">3.4.2.11 Message-Type</h4>
<p>Identifies the type of Message.</p>
<p><strong><em>Type: Message-Type (Enumerated)</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">1</td>
<td style="text-align: left;"><strong>command</strong></td>
<td style="text-align: left;">The Message content is an OpenC2 Command</td>
</tr>
<tr class="even">
<td style="text-align: right;">2</td>
<td style="text-align: left;"><strong>response</strong></td>
<td style="text-align: left;">The Message content is an OpenC2 Response</td>
</tr>
</tbody>
</table>
<h4 id="34212-namespace-identifier">3.4.2.12 Namespace Identifier</h4>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>Nsid</strong></td>
<td style="text-align: left;">String{1..16}</td>
<td style="text-align: left;">A short identifier that refers to a namespace.</td>
</tr>
</tbody>
</table>
<h4 id="34213-payload">3.4.2.13 Payload</h4>
<p><strong><em>Type: Payload (Choice)</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Type</th>
<th style="text-align: right;">#</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">1</td>
<td style="text-align: left;"><strong>bin</strong></td>
<td style="text-align: left;">Binary</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">Specifies the data contained in the artifact</td>
</tr>
<tr class="even">
<td style="text-align: right;">2</td>
<td style="text-align: left;"><strong>url</strong></td>
<td style="text-align: left;">URI</td>
<td style="text-align: right;">1</td>
<td style="text-align: left;">MUST be a valid URL that resolves to the un-encoded content</td>
</tr>
</tbody>
</table>
<h4 id="34214-port">3.4.2.14 Port</h4>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>Port</strong></td>
<td style="text-align: left;">Integer{0..65535}</td>
<td style="text-align: left;">Transport Protocol Port Number, <a href="#rfc6335">[RFC6335]</a></td>
</tr>
</tbody>
</table>
<h4 id="34215-response-type">3.4.2.15 Response-Type</h4>
<p><strong><em>Type: Response-Type (Enumerated)</em></strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: right;">ID</th>
<th style="text-align: left;">Name</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: right;">0</td>
<td style="text-align: left;"><strong>none</strong></td>
<td style="text-align: left;">No response</td>
</tr>
<tr class="even">
<td style="text-align: right;">1</td>
<td style="text-align: left;"><strong>ack</strong></td>
<td style="text-align: left;">Respond when Command received</td>
</tr>
<tr class="odd">
<td style="text-align: right;">2</td>
<td style="text-align: left;"><strong>status</strong></td>
<td style="text-align: left;">Respond with progress toward Command completion</td>
</tr>
<tr class="even">
<td style="text-align: right;">3</td>
<td style="text-align: left;"><strong>complete</strong></td>
<td style="text-align: left;">Respond when all aspects of Command completed</td>
</tr>
</tbody>
</table>
<h4 id="34216-command-id">3.4.2.16 Command-ID</h4>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>Command-ID</strong></td>
<td style="text-align: left;">String (%^\S{0,36}$%)</td>
<td style="text-align: left;">Command Identifier</td>
</tr>
</tbody>
</table>
<h4 id="34217-version">3.4.2.17 Version</h4>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>Version</strong></td>
<td style="text-align: left;">String</td>
<td style="text-align: left;">Major.Minor version number</td>
</tr>
</tbody>
</table>
<hr />
<h1 id="4-mandatory-commandsresponses">4 Mandatory Commands/Responses</h1>
<p><em>The content in this section is normative, except where it is marked non-normative.</em></p>
<p>A Command consists of an Action/Target pair and associated Specifiers and Arguments. This section enumerates the allowed Commands, identifies which are required or optional to implement, and presents the associated responses.</p>
<h2 id="41-implementation-of-query-features-command">4.1 Implementation of 'query features' Command</h2>
<p>The 'query features' Command is REQUIRED for all Producers and Consumers implementing OpenC2. This section defines the REQUIRED and OPTIONAL aspects of the 'query features' Command and associated response for Producers and Consumers.</p>
<p>The 'query features' Command is REQUIRED for all Producers. The 'query features' Command MAY include one or more Features as defined in <a href="#3424-feature">Section 3.4.2.4</a>. The 'query features' Command MAY include the <code>"response_requested": "complete"</code> Argument. The 'query features' Command MUST NOT include any other Argument.</p>
<p>The 'query features' Command is REQUIRED for all Consumers. Consumers that receive and parse the 'query features':</p>
<ul>
<li>With any Argument other than <code>"response_requested": "complete"</code>
<ul>
<li>MUST NOT respond with OK/200.</li>
<li>SHOULD respond with Bad Request/400.</li>
<li>MAY respond with the 500 status code.</li>
</ul></li>
<li>With no Target Specifiers MUST respond with response code 200.</li>
<li>With the "versions" Target Specifier MUST respond with status 200 and populate the versions field with a list of the OpenC2 Language Versions supported by the consumer.</li>
<li>With the "profiles" Target Specifier MUST respond with status 200 and populate the profiles field with a list of profiles supported by the consumer.</li>
<li>With the "pairs" Target Specifier MUST respond with status 200 and populate the pairs field with a list of action target pairs that define valid commands supported by the consumer.</li>
<li>With the "rate_limit" Target Specifier populated:
<ul>
<li>SHOULD respond with status 200 and populate the rate_limit field with the maximum number of Commands per minute that the Consumer may support.</li>
<li>MAY respond with status 200 and with the rate_limit field unpopulated.</li>
</ul></li>
</ul>
<h2 id="42-examples-of-query-features-commands-and-responses">4.2 Examples of 'query features' Commands and Responses</h2>
<p><em>This section is non-normative.</em></p>
<p>This sub-section provides examples of 'query features' Commands and Responses. The examples provided in this section are for illustrative purposes only and are not to be interpreted as operational examples for actual systems.</p>
<h3 id="421-example-1">4.2.1 Example 1</h3>
<p>There are no features specified in the 'query features' Command. A simple "OK" Response Message is returned.</p>
<p><strong>Command:</strong></p>
<div class="sourceCode" id="cb7"><pre class="sourceCode json"><code class="sourceCode json"><a class="sourceLine" id="cb7-1" title="1"><span class="fu">{</span></a>
<a class="sourceLine" id="cb7-2" title="2">    <span class="dt">&quot;action&quot;</span><span class="fu">:</span> <span class="st">&quot;query&quot;</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb7-3" title="3">    <span class="dt">&quot;target&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb7-4" title="4">        <span class="dt">&quot;features&quot;</span><span class="fu">:</span> <span class="ot">[]</span></a>
<a class="sourceLine" id="cb7-5" title="5">    <span class="fu">}</span></a>
<a class="sourceLine" id="cb7-6" title="6"><span class="fu">}</span></a></code></pre></div>
<p><strong>Response:</strong></p>
<div class="sourceCode" id="cb8"><pre class="sourceCode json"><code class="sourceCode json"><a class="sourceLine" id="cb8-1" title="1"><span class="fu">{</span></a>
<a class="sourceLine" id="cb8-2" title="2">    <span class="dt">&quot;status&quot;</span><span class="fu">:</span> <span class="dv">200</span></a>
<a class="sourceLine" id="cb8-3" title="3"><span class="fu">}</span></a></code></pre></div>
<h3 id="422-example-2">4.2.2 Example 2</h3>
<p>There are several features requested in the 'query features' Command. All requested features can be returned in a single Response Message.</p>
<p><strong>Command:</strong></p>
<div class="sourceCode" id="cb9"><pre class="sourceCode json"><code class="sourceCode json"><a class="sourceLine" id="cb9-1" title="1"><span class="fu">{</span></a>
<a class="sourceLine" id="cb9-2" title="2">    <span class="dt">&quot;action&quot;</span><span class="fu">:</span> <span class="st">&quot;query&quot;</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb9-3" title="3">    <span class="dt">&quot;target&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb9-4" title="4">        <span class="dt">&quot;features&quot;</span><span class="fu">:</span> <span class="ot">[</span><span class="st">&quot;versions&quot;</span><span class="ot">,</span> <span class="st">&quot;profiles&quot;</span><span class="ot">,</span> <span class="st">&quot;rate_limit&quot;</span><span class="ot">]</span></a>
<a class="sourceLine" id="cb9-5" title="5">    <span class="fu">}</span></a>
<a class="sourceLine" id="cb9-6" title="6"><span class="fu">}</span></a></code></pre></div>
<p><strong>Response:</strong></p>
<div class="sourceCode" id="cb10"><pre class="sourceCode json"><code class="sourceCode json"><a class="sourceLine" id="cb10-1" title="1"><span class="fu">{</span></a>
<a class="sourceLine" id="cb10-2" title="2">    <span class="dt">&quot;status&quot;</span><span class="fu">:</span> <span class="dv">200</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb10-3" title="3">    <span class="dt">&quot;results&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb10-4" title="4">        <span class="dt">&quot;versions&quot;</span><span class="fu">:</span> <span class="ot">[</span><span class="st">&quot;1.0&quot;</span><span class="ot">]</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb10-5" title="5">        <span class="dt">&quot;profiles&quot;</span><span class="fu">:</span> <span class="ot">[</span><span class="st">&quot;slpf&quot;</span><span class="ot">,</span> <span class="st">&quot;x-lock&quot;</span><span class="ot">]</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb10-6" title="6">        <span class="dt">&quot;rate_limit&quot;</span><span class="fu">:</span> <span class="dv">30</span></a>
<a class="sourceLine" id="cb10-7" title="7">    <span class="fu">}</span></a>
<a class="sourceLine" id="cb10-8" title="8"><span class="fu">}</span></a></code></pre></div>
<hr />
<h1 id="5-conformance">5 Conformance</h1>
<p><em>This content in this section is normative.</em></p>
<h3 id="51-conformance-clause-1-command">5.1 Conformance Clause 1: Command</h3>
<p>A conformant Command</p>
<ul>
<li>5.1-1 MUST be structured in accordance with <a href="#331-openc2-command">Section 3.3.1</a>.</li>
<li>5.1-2 MUST include exactly one <code>action</code> property defined in accordance with <a href="#3311-action">Section 3.3.1.1</a>.</li>
<li>5.1-3 MUST include exactly one <code>target</code> property defined in accordance with <a href="#3312-target">Section 3.3.1.2</a> or exactly one imported <code>target</code> property defined in accordance with <a href="#314-extensions">Section 3.1.4</a>.</li>
<li>5.1-4 MUST include zero or one <code>actuator</code> property defined in accordance with <a href="#3313-actuator">Section 3.3.1.3</a> or zero or one imported <code>actuator</code> property defined in accordance with <a href="#314-extensions">Section 3.1.4</a>.</li>
<li>5.1-5 MUST include zero or one <code>args</code> property defined in accordance with <a href="#3314-command-arguments">Section 3.3.1.4</a> or zero or one imported <code>args</code> property defined in accordance with <a href="#314-extensions">Section 3.1.4</a>.</li>
</ul>
<h3 id="52-conformance-clause-2-response">5.2 Conformance Clause 2: Response</h3>
<p>A conformant Response</p>
<ul>
<li>5.2-1 MUST be structured in accordance with <a href="#332-openc2-response">Section 3.3.2</a>.</li>
<li>5.2-2 MUST include exactly one <code>status</code> property defined in accordance with <a href="#3321-response-status-code">Section 3.3.2.1</a>.</li>
</ul>
<h2 id="53-conformance-clause-3-producer">5.3 Conformance Clause 3: Producer</h2>
<p>A conformant Producer</p>
<ul>
<li>5.3-1 MUST issue Commands and process Responses in accordance with <a href="#4-mandatory-commandsresponses">Section 4</a>.</li>
<li>5.3-2 MUST implement JSON serialization of generated Commands in accordance with <a href="#rfc7493">[RFC7493]</a>.</li>
<li>5.3-3 MUST implement JSON serialization of received Responses in accordance with <a href="#rfc7493">[RFC7493]</a>.</li>
</ul>
<h2 id="54-conformance-clause-4-consumer">5.4 Conformance Clause 4: Consumer</h2>
<p>A conformant Consumer</p>
<ul>
<li>5.4-1 MUST process Commands and issue Responses in accordance with <a href="#4-mandatory-commandsresponses">Section 4</a>.</li>
<li>5.4-2 MUST implement JSON serialization of generated Responses in accordance with <a href="#rfc7493">[RFC7493]</a>.</li>
<li>5.4-3 MUST implement JSON serialization of received Commands in accordance with <a href="#rfc7493">[RFC7493]</a>.</li>
</ul>
<hr />
<h1 id="annex-a-examples">Annex A. Examples</h1>
<p><em>The content in this section is non-normative.</em></p>
<h2 id="a1-example-1">A.1 Example 1</h2>
<p>This Command would be used to quarantine a device on the network.</p>
<div class="sourceCode" id="cb11"><pre class="sourceCode json"><code class="sourceCode json"><a class="sourceLine" id="cb11-1" title="1"><span class="fu">{</span></a>
<a class="sourceLine" id="cb11-2" title="2">    <span class="dt">&quot;action&quot;</span><span class="fu">:</span> <span class="st">&quot;contain&quot;</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb11-3" title="3">    <span class="dt">&quot;target&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb11-4" title="4">        <span class="dt">&quot;device&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb11-5" title="5">            <span class="dt">&quot;device_id&quot;</span><span class="fu">:</span> <span class="st">&quot;9BCE8431AC106FAA3861C7E771D20E53&quot;</span></a>
<a class="sourceLine" id="cb11-6" title="6">        <span class="fu">}</span></a>
<a class="sourceLine" id="cb11-7" title="7">    <span class="fu">}</span></a>
<a class="sourceLine" id="cb11-8" title="8"><span class="fu">}</span></a></code></pre></div>
<h2 id="a2-example-2">A.2 Example 2</h2>
<p>This Command blocks a particular connection within the domain. The standard Actuator profile defines the extended Command Argument, <code>drop_process</code>, and the Actuator Specifier, <code>asset_id</code>. The Response is a simple acknowledgment that was requested in the Command.</p>
<p><strong>Command:</strong></p>
<div class="sourceCode" id="cb12"><pre class="sourceCode json"><code class="sourceCode json"><a class="sourceLine" id="cb12-1" title="1"><span class="fu">{</span></a>
<a class="sourceLine" id="cb12-2" title="2">    <span class="dt">&quot;action&quot;</span><span class="fu">:</span> <span class="st">&quot;deny&quot;</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb12-3" title="3">    <span class="dt">&quot;target&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb12-4" title="4">        <span class="dt">&quot;ipv4_connection&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb12-5" title="5">            <span class="dt">&quot;protocol&quot;</span><span class="fu">:</span> <span class="st">&quot;tcp&quot;</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb12-6" title="6">            <span class="dt">&quot;src_addr&quot;</span><span class="fu">:</span> <span class="st">&quot;1.2.3.4&quot;</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb12-7" title="7">            <span class="dt">&quot;src_port&quot;</span><span class="fu">:</span> <span class="dv">10996</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb12-8" title="8">            <span class="dt">&quot;dst_addr&quot;</span><span class="fu">:</span> <span class="st">&quot;198.2.3.4&quot;</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb12-9" title="9">            <span class="dt">&quot;dst_port&quot;</span><span class="fu">:</span> <span class="dv">80</span></a>
<a class="sourceLine" id="cb12-10" title="10">        <span class="fu">}</span></a>
<a class="sourceLine" id="cb12-11" title="11">    <span class="fu">},</span></a>
<a class="sourceLine" id="cb12-12" title="12">    <span class="dt">&quot;args&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb12-13" title="13">        <span class="dt">&quot;start_time&quot;</span><span class="fu">:</span> <span class="dv">1534775460000</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb12-14" title="14">        <span class="dt">&quot;duration&quot;</span><span class="fu">:</span> <span class="dv">500</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb12-15" title="15">        <span class="dt">&quot;response_requested&quot;</span><span class="fu">:</span> <span class="st">&quot;ack&quot;</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb12-16" title="16">        <span class="dt">&quot;slpf&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb12-17" title="17">            <span class="dt">&quot;drop_process&quot;</span><span class="fu">:</span> <span class="st">&quot;none&quot;</span></a>
<a class="sourceLine" id="cb12-18" title="18">        <span class="fu">}</span></a>
<a class="sourceLine" id="cb12-19" title="19">    <span class="fu">},</span></a>
<a class="sourceLine" id="cb12-20" title="20">    <span class="dt">&quot;actuator&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb12-21" title="21">        <span class="dt">&quot;slpf&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb12-22" title="22">            <span class="dt">&quot;asset_id&quot;</span><span class="fu">:</span> <span class="st">&quot;30&quot;</span></a>
<a class="sourceLine" id="cb12-23" title="23">        <span class="fu">}</span></a>
<a class="sourceLine" id="cb12-24" title="24">    <span class="fu">}</span></a>
<a class="sourceLine" id="cb12-25" title="25"><span class="fu">}</span></a></code></pre></div>
<p><strong>Response:</strong></p>
<div class="sourceCode" id="cb13"><pre class="sourceCode json"><code class="sourceCode json"><a class="sourceLine" id="cb13-1" title="1"><span class="fu">{</span></a>
<a class="sourceLine" id="cb13-2" title="2">    <span class="dt">&quot;status&quot;</span><span class="fu">:</span> <span class="dv">102</span></a>
<a class="sourceLine" id="cb13-3" title="3"><span class="fu">}</span></a></code></pre></div>
<h2 id="a3-example-3">A.3 Example 3</h2>
<p>This is a notional example of a Command issued to a non-standard Actuator. A Producer sends a 'query properties' Command to request detail about a 'battery'. The Consumer responses with the battery information extended in the results of the Response.</p>
<p><strong>Command:</strong></p>
<div class="sourceCode" id="cb14"><pre class="sourceCode json"><code class="sourceCode json"><a class="sourceLine" id="cb14-1" title="1"><span class="fu">{</span></a>
<a class="sourceLine" id="cb14-2" title="2">    <span class="dt">&quot;action&quot;</span><span class="fu">:</span> <span class="st">&quot;query&quot;</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb14-3" title="3">    <span class="dt">&quot;target&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb14-4" title="4">        <span class="dt">&quot;properties&quot;</span><span class="fu">:</span> <span class="ot">[</span><span class="st">&quot;battery&quot;</span><span class="ot">]</span></a>
<a class="sourceLine" id="cb14-5" title="5">    <span class="fu">},</span></a>
<a class="sourceLine" id="cb14-6" title="6">    <span class="dt">&quot;actuator&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb14-7" title="7">        <span class="dt">&quot;x-esm&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb14-8" title="8">            <span class="dt">&quot;asset_id&quot;</span><span class="fu">:</span> <span class="st">&quot;TGEadsasd&quot;</span></a>
<a class="sourceLine" id="cb14-9" title="9">        <span class="fu">}</span></a>
<a class="sourceLine" id="cb14-10" title="10">    <span class="fu">}</span></a>
<a class="sourceLine" id="cb14-11" title="11"><span class="fu">}</span></a></code></pre></div>
<p><strong>Response:</strong></p>
<div class="sourceCode" id="cb15"><pre class="sourceCode json"><code class="sourceCode json"><a class="sourceLine" id="cb15-1" title="1"><span class="fu">{</span></a>
<a class="sourceLine" id="cb15-2" title="2">    <span class="dt">&quot;status&quot;</span><span class="fu">:</span> <span class="dv">200</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb15-3" title="3">    <span class="dt">&quot;results&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb15-4" title="4">        <span class="dt">&quot;x-esm&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb15-5" title="5">            <span class="dt">&quot;battery&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb15-6" title="6">                <span class="dt">&quot;capacity&quot;</span><span class="fu">:</span> <span class="fl">0.577216</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb15-7" title="7">                <span class="dt">&quot;charged_at&quot;</span><span class="fu">:</span> <span class="dv">1547506988</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb15-8" title="8">                <span class="dt">&quot;status&quot;</span><span class="fu">:</span> <span class="dv">12</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb15-9" title="9">                <span class="dt">&quot;mode&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb15-10" title="10">                    <span class="dt">&quot;output&quot;</span><span class="fu">:</span> <span class="st">&quot;high&quot;</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb15-11" title="11">                    <span class="dt">&quot;supported&quot;</span><span class="fu">:</span> <span class="ot">[</span> <span class="st">&quot;high&quot;</span><span class="ot">,</span> <span class="st">&quot;trickle&quot;</span> <span class="ot">]</span></a>
<a class="sourceLine" id="cb15-12" title="12">                <span class="fu">},</span></a>
<a class="sourceLine" id="cb15-13" title="13">                <span class="dt">&quot;visible_on_display&quot;</span><span class="fu">:</span> <span class="kw">true</span></a>
<a class="sourceLine" id="cb15-14" title="14">            <span class="fu">},</span></a>
<a class="sourceLine" id="cb15-15" title="15">            <span class="dt">&quot;asset_id&quot;</span><span class="fu">:</span> <span class="st">&quot;TGEadsasd&quot;</span></a>
<a class="sourceLine" id="cb15-16" title="16">        <span class="fu">}</span></a>
<a class="sourceLine" id="cb15-17" title="17">    <span class="fu">}</span></a>
<a class="sourceLine" id="cb15-18" title="18"><span class="fu">}</span></a></code></pre></div>
<hr />
<h1 id="annex-b-acronyms">Annex B. Acronyms</h1>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Acronym</th>
<th style="text-align: left;">Definition</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;">API</td>
<td style="text-align: left;">Application Programming Interface</td>
</tr>
<tr class="even">
<td style="text-align: left;">ASCII</td>
<td style="text-align: left;">American Standard Code for Information Interchange</td>
</tr>
<tr class="odd">
<td style="text-align: left;">BCP</td>
<td style="text-align: left;">Best Current Practice</td>
</tr>
<tr class="even">
<td style="text-align: left;">CBOR</td>
<td style="text-align: left;">Concise Binary Object Representation</td>
</tr>
<tr class="odd">
<td style="text-align: left;">CIDR</td>
<td style="text-align: left;">Classless Inter-Domain Routing</td>
</tr>
<tr class="even">
<td style="text-align: left;">CoAP</td>
<td style="text-align: left;">Constrained Application Protocol</td>
</tr>
<tr class="odd">
<td style="text-align: left;">DOI</td>
<td style="text-align: left;">Digital Object Identifier</td>
</tr>
<tr class="even">
<td style="text-align: left;">EUI</td>
<td style="text-align: left;">Extended Unique Identifier</td>
</tr>
<tr class="odd">
<td style="text-align: left;">HTTP</td>
<td style="text-align: left;">Hyper Text Transfer Protocol</td>
</tr>
<tr class="even">
<td style="text-align: left;">HTTPS</td>
<td style="text-align: left;">Hyper Text Transfer Protocol Secure</td>
</tr>
<tr class="odd">
<td style="text-align: left;">IACD</td>
<td style="text-align: left;">Integrated Adaptive Cyber Defense</td>
</tr>
<tr class="even">
<td style="text-align: left;">IANA</td>
<td style="text-align: left;">Internet Assigned Numbers Authority</td>
</tr>
<tr class="odd">
<td style="text-align: left;">ICMP</td>
<td style="text-align: left;">Internet Control Message Protocol</td>
</tr>
<tr class="even">
<td style="text-align: left;">ID</td>
<td style="text-align: left;">Identifier</td>
</tr>
<tr class="odd">
<td style="text-align: left;">IP</td>
<td style="text-align: left;">Internet Protocol</td>
</tr>
<tr class="even">
<td style="text-align: left;">IPR</td>
<td style="text-align: left;">Intellectual Property Rights</td>
</tr>
<tr class="odd">
<td style="text-align: left;">JSON</td>
<td style="text-align: left;">JavaScript Object Notation</td>
</tr>
<tr class="even">
<td style="text-align: left;">MAC</td>
<td style="text-align: left;">Media Access Control</td>
</tr>
<tr class="odd">
<td style="text-align: left;">MD5</td>
<td style="text-align: left;">Message Digest</td>
</tr>
<tr class="even">
<td style="text-align: left;">MQTT</td>
<td style="text-align: left;">Message Queuing Telemetry Transfer</td>
</tr>
<tr class="odd">
<td style="text-align: left;">OASIS</td>
<td style="text-align: left;">Organization for the Advancement of Structured Information Standards</td>
</tr>
<tr class="even">
<td style="text-align: left;">OODA</td>
<td style="text-align: left;">Observe-Orient-Decide-Act</td>
</tr>
<tr class="odd">
<td style="text-align: left;">OpenC2</td>
<td style="text-align: left;">Open Command and Control</td>
</tr>
<tr class="even">
<td style="text-align: left;">OpenDXL</td>
<td style="text-align: left;">Open Data eXchange Layer</td>
</tr>
<tr class="odd">
<td style="text-align: left;">PDF</td>
<td style="text-align: left;">Portable Document Format</td>
</tr>
<tr class="even">
<td style="text-align: left;">RFC</td>
<td style="text-align: left;">Request for Comment</td>
</tr>
<tr class="odd">
<td style="text-align: left;">SCTP</td>
<td style="text-align: left;">Stream Control Transmission Protocol</td>
</tr>
<tr class="even">
<td style="text-align: left;">SHA</td>
<td style="text-align: left;">Security Hash Algorithm</td>
</tr>
<tr class="odd">
<td style="text-align: left;">SLPF</td>
<td style="text-align: left;">StateLess Packet Filtering</td>
</tr>
<tr class="even">
<td style="text-align: left;">STD</td>
<td style="text-align: left;">Standard</td>
</tr>
<tr class="odd">
<td style="text-align: left;">TC</td>
<td style="text-align: left;">Technical Committee</td>
</tr>
<tr class="even">
<td style="text-align: left;">TCP</td>
<td style="text-align: left;">Transmission Control Protocol</td>
</tr>
<tr class="odd">
<td style="text-align: left;">UDP</td>
<td style="text-align: left;">User Datagram Control Protocol</td>
</tr>
<tr class="even">
<td style="text-align: left;">UML</td>
<td style="text-align: left;">Unified Modeling Language</td>
</tr>
<tr class="odd">
<td style="text-align: left;">URI</td>
<td style="text-align: left;">Uniform Resource Identifier</td>
</tr>
<tr class="even">
<td style="text-align: left;">UTC</td>
<td style="text-align: left;">Coordinated Universal Time</td>
</tr>
<tr class="odd">
<td style="text-align: left;">UUID</td>
<td style="text-align: left;">Universally Unique IDentifier</td>
</tr>
<tr class="even">
<td style="text-align: left;">XML</td>
<td style="text-align: left;">eXtensibel Markup Language</td>
</tr>
</tbody>
</table>
<hr />
<h1 id="annex-c-design-elements">Annex C. Design Elements</h1>
<h2 id="c1-derived-enumerations">C.1 Derived Enumerations</h2>
<p>It is sometimes useful to reference the fields of a structure definition, for example to list fields that are usable in a particular context, or to read or update the value of a specific field. An instance of a reference can be validated against the set of valid references using either an explicit or a derived Enumerated type. A derived enumeration is created using an Enum() expression on the type being referenced, and it results in an Enumerated type containing the ID and Name columns of the referenced type.</p>
<p>This is the design element that defines the "Action-Targets" data type. The "Action-Targets" data type is a map of each action supported by an actuator to a list of targets implemented for each action. The list of Actions, defined in <a href="#3311-action">Section 3.3.1.1</a>, is appropriately an enumerated list of possible Actions. The list of Targets, defined in <a href="#3312-target">Section 3.3.1.2</a>, is a Choice data structure where each element is a complex data type of its own. A derived enumeration is used in this case to signify that the list of Targets for the "Action-Targets" data type should be an enumerated list of the possible Targets</p>
<p><strong>Definition of "Action-Targets" Data Type:</strong> The Targets data type is defined as an array of "Target" enumerations. The "Target" enumerations are derived from the "Target" data type.</p>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>Action-Targets</strong></td>
<td style="text-align: left;">MapOf(Action, Targets)</td>
<td style="text-align: left;">Map of each action supported by this actuator to the list of targets applicable to that action.</td>
</tr>
</tbody>
</table>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Type Name</th>
<th style="text-align: left;">Type Definition</th>
<th style="text-align: left;">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;"><strong>Targets</strong></td>
<td style="text-align: left;">ArrayOf(Enum(Target)){1..*}</td>
<td style="text-align: left;">List of Target fields</td>
</tr>
</tbody>
</table>
<p><strong>Example:</strong> The "pairs" property is defined as an "Action-Targets" data type.</p>
<div class="sourceCode" id="cb16"><pre class="sourceCode json"><code class="sourceCode json"><a class="sourceLine" id="cb16-1" title="1"><span class="fu">{</span></a>
<a class="sourceLine" id="cb16-2" title="2">    <span class="dt">&quot;status&quot;</span><span class="fu">:</span> <span class="dv">200</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb16-3" title="3">    <span class="dt">&quot;results&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb16-4" title="4">        <span class="dt">&quot;pairs&quot;</span><span class="fu">:</span> <span class="fu">{</span></a>
<a class="sourceLine" id="cb16-5" title="5">            <span class="dt">&quot;allow&quot;</span><span class="fu">:</span> <span class="ot">[</span><span class="st">&quot;ipv6_net&quot;</span><span class="ot">,</span> <span class="st">&quot;ipv6_connection&quot;</span><span class="ot">]</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb16-6" title="6">            <span class="dt">&quot;deny&quot;</span><span class="fu">:</span> <span class="ot">[</span><span class="st">&quot;ipv6_net&quot;</span><span class="ot">,</span> <span class="st">&quot;ipv6_connection&quot;</span><span class="ot">]</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb16-7" title="7">            <span class="dt">&quot;query&quot;</span><span class="fu">:</span> <span class="ot">[</span><span class="st">&quot;features&quot;</span><span class="ot">]</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb16-8" title="8">            <span class="dt">&quot;delete&quot;</span><span class="fu">:</span> <span class="ot">[</span><span class="st">&quot;slpf:rule_number&quot;</span><span class="ot">]</span><span class="fu">,</span></a>
<a class="sourceLine" id="cb16-9" title="9">            <span class="dt">&quot;update&quot;</span><span class="fu">:</span> <span class="ot">[</span><span class="st">&quot;file&quot;</span><span class="ot">]</span></a>
<a class="sourceLine" id="cb16-10" title="10">        <span class="fu">}</span></a>
<a class="sourceLine" id="cb16-11" title="11">    <span class="fu">}</span></a>
<a class="sourceLine" id="cb16-12" title="12"><span class="fu">}</span></a></code></pre></div>
<hr />
<h1 id="annex-d-revision-history">Annex D. Revision History</h1>
<p><em>The content in this section is non-normative.</em></p>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">Revision</th>
<th style="text-align: left;">Date</th>
<th style="text-align: left;">Editor</th>
<th style="text-align: left;">Changes Made</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;">v1.0-wd01</td>
<td style="text-align: left;">10/31/2017</td>
<td style="text-align: left;">Romano, Sparrell</td>
<td style="text-align: left;">Initial working draft</td>
</tr>
<tr class="even">
<td style="text-align: left;">v1.0-csd01</td>
<td style="text-align: left;">11/14/2017</td>
<td style="text-align: left;">Romano, Sparrell</td>
<td style="text-align: left;">approved wd01</td>
</tr>
<tr class="odd">
<td style="text-align: left;">v1.0-wd02</td>
<td style="text-align: left;">01/12/2018</td>
<td style="text-align: left;">Romano, Sparrell</td>
<td style="text-align: left;">csd01 ballot comments<br>Targets</td>
</tr>
<tr class="even">
<td style="text-align: left;">v1.0-wd03</td>
<td style="text-align: left;">01/31/2018</td>
<td style="text-align: left;">Romano, Sparrell</td>
<td style="text-align: left;">wd02 review comments</td>
</tr>
<tr class="odd">
<td style="text-align: left;">v1.0-csd02</td>
<td style="text-align: left;">02/14/2018</td>
<td style="text-align: left;">Romano, Sparrell</td>
<td style="text-align: left;">approved wd03</td>
</tr>
<tr class="even">
<td style="text-align: left;">v1.0-wd04</td>
<td style="text-align: left;">03/02/2018</td>
<td style="text-align: left;">Romano, Sparrell</td>
<td style="text-align: left;">Property tables<br>threads (cmd/resp) from use cases<br>previous comments</td>
</tr>
<tr class="odd">
<td style="text-align: left;">v1.0-wd05</td>
<td style="text-align: left;">03/21/2018</td>
<td style="text-align: left;">Romano, Sparrell</td>
<td style="text-align: left;">wd04 review comments</td>
</tr>
<tr class="even">
<td style="text-align: left;">v1.0-csd03</td>
<td style="text-align: left;">04/03/2018</td>
<td style="text-align: left;">Romano, Sparrell</td>
<td style="text-align: left;">approved wd05</td>
</tr>
<tr class="odd">
<td style="text-align: left;">v1.0-wd06</td>
<td style="text-align: left;">05/15/2018</td>
<td style="text-align: left;">Romano, Sparrell</td>
<td style="text-align: left;">Finalizing message structure<br>message=header+body<br>Review comments<br>Using word 'arguments' instead of 'options'</td>
</tr>
<tr class="even">
<td style="text-align: left;">v1.0-csd04</td>
<td style="text-align: left;">5/31/2018</td>
<td style="text-align: left;">Romano, Sparrell</td>
<td style="text-align: left;">approved wd06</td>
</tr>
<tr class="odd">
<td style="text-align: left;">v1.0-wd07</td>
<td style="text-align: left;">7/11/2018</td>
<td style="text-align: left;">Romano, Sparrell</td>
<td style="text-align: left;">Continued refinement of details<br>Review comments<br>Moved some Actions and Targets to reserved lists</td>
</tr>
<tr class="even">
<td style="text-align: left;">v1.0-wd08</td>
<td style="text-align: left;">10/05/2018</td>
<td style="text-align: left;">Romano, Sparrell</td>
<td style="text-align: left;">Continued refinement of details<br>Review comments</td>
</tr>
<tr class="odd">
<td style="text-align: left;">v1.0-wd09</td>
<td style="text-align: left;">10/17/2018</td>
<td style="text-align: left;">Romano, Sparrell</td>
<td style="text-align: left;">Additional review comments to create wd09 for CSD approval and release for public review.</td>
</tr>
<tr class="even">
<td style="text-align: left;">v1.0-wd10</td>
<td style="text-align: left;">03/04/2019</td>
<td style="text-align: left;">Romano, Sparrell</td>
<td style="text-align: left;">Produce interim working draft.</td>
</tr>
<tr class="odd">
<td style="text-align: left;">v1.0-wd11</td>
<td style="text-align: left;">03/21/2019</td>
<td style="text-align: left;">Romano, Sparrell</td>
<td style="text-align: left;">Produce interim working draft.</td>
</tr>
<tr class="even">
<td style="text-align: left;">v1.0-wd12</td>
<td style="text-align: left;">03/27/2019</td>
<td style="text-align: left;">Romano, Sparrell</td>
<td style="text-align: left;">Produce candidate working draft for next public review.</td>
</tr>
<tr class="odd">
<td style="text-align: left;">v1.0-wd13</td>
<td style="text-align: left;">05/14/2019</td>
<td style="text-align: left;">Romano, Sparrell</td>
<td style="text-align: left;">Incorporated comments from CSPRD02.</td>
</tr>
<tr class="even">
<td style="text-align: left;">v1.0-wd14</td>
<td style="text-align: left;">05/23/2019</td>
<td style="text-align: left;">Romano, Sparrell</td>
<td style="text-align: left;">Incorporated comments from WD13 ballot.</td>
</tr>
<tr class="odd">
<td style="text-align: left;">v1.0-wd15</td>
<td style="text-align: left;">05/23/2019</td>
<td style="text-align: left;">Romano, Sparrell</td>
<td style="text-align: left;">Incorporated Errata edited by David Kemp.</td>
</tr>
</tbody>
</table>
<hr />
<h1 id="annex-e-acknowledgments">Annex E. Acknowledgments</h1>
<p><em>The content in this section is non-normative.</em></p>
<p>The following individuals have participated in the creation of this specification and are gratefully acknowledged:</p>
<p><strong>OpenC2 TC Members:</strong></p>
<table>
<thead>
<tr class="header">
<th style="text-align: left;">First Name</th>
<th style="text-align: left;">Last Name</th>
<th style="text-align: left;">Company</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="text-align: left;">Philippe</td>
<td style="text-align: left;">Alcoy</td>
<td style="text-align: left;">Arbor Networks</td>
</tr>
<tr class="even">
<td style="text-align: left;">Darren</td>
<td style="text-align: left;">Anstee</td>
<td style="text-align: left;">Arbor Networks</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Michelle</td>
<td style="text-align: left;">Barry</td>
<td style="text-align: left;">AT&amp;T</td>
</tr>
<tr class="even">
<td style="text-align: left;">Brian</td>
<td style="text-align: left;">Berliner</td>
<td style="text-align: left;">Symantec Corp.</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Adam</td>
<td style="text-align: left;">Bradbury</td>
<td style="text-align: left;">EclecticIQ</td>
</tr>
<tr class="even">
<td style="text-align: left;">Joe</td>
<td style="text-align: left;">Brule</td>
<td style="text-align: left;">National Security Agency</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Michael</td>
<td style="text-align: left;">Butt</td>
<td style="text-align: left;">NC4</td>
</tr>
<tr class="even">
<td style="text-align: left;">Toby</td>
<td style="text-align: left;">Considine</td>
<td style="text-align: left;">University of North Carolina at Chapel Hill</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Trey</td>
<td style="text-align: left;">Darley</td>
<td style="text-align: left;">New Context Services Inc.</td>
</tr>
<tr class="even">
<td style="text-align: left;">David</td>
<td style="text-align: left;">Darnell</td>
<td style="text-align: left;">North American Energy Standards Board</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Sudeep</td>
<td style="text-align: left;">Das</td>
<td style="text-align: left;">McAfee</td>
</tr>
<tr class="even">
<td style="text-align: left;">Andrea</td>
<td style="text-align: left;">De Bernardi</td>
<td style="text-align: left;">Moviri SPA</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Blake</td>
<td style="text-align: left;">Essing</td>
<td style="text-align: left;">AT&amp;T</td>
</tr>
<tr class="even">
<td style="text-align: left;">Alex</td>
<td style="text-align: left;">Everett</td>
<td style="text-align: left;">University of North Carolina at Chapel Hill</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Joyce</td>
<td style="text-align: left;">Fai</td>
<td style="text-align: left;">National Security Agency</td>
</tr>
<tr class="even">
<td style="text-align: left;">Travis</td>
<td style="text-align: left;">Farral</td>
<td style="text-align: left;">Anomali</td>
</tr>
<tr class="odd">
<td style="text-align: left;">David</td>
<td style="text-align: left;">Girard</td>
<td style="text-align: left;">Trend Micro</td>
</tr>
<tr class="even">
<td style="text-align: left;">Andy</td>
<td style="text-align: left;">Gray</td>
<td style="text-align: left;">ForeScout</td>
</tr>
<tr class="odd">
<td style="text-align: left;">John-Mark</td>
<td style="text-align: left;">Gurney</td>
<td style="text-align: left;">New Context Services Inc.</td>
</tr>
<tr class="even">
<td style="text-align: left;">Stefan</td>
<td style="text-align: left;">Hagen</td>
<td style="text-align: left;">Individual</td>
</tr>
<tr class="odd">
<td style="text-align: left;">David</td>
<td style="text-align: left;">Hamilton</td>
<td style="text-align: left;">AT&amp;T</td>
</tr>
<tr class="even">
<td style="text-align: left;">Nick</td>
<td style="text-align: left;">Humphrey</td>
<td style="text-align: left;">Huntsman Security</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Christian</td>
<td style="text-align: left;">Hunt</td>
<td style="text-align: left;">New Context Services Inc.</td>
</tr>
<tr class="even">
<td style="text-align: left;">April</td>
<td style="text-align: left;">Jackson</td>
<td style="text-align: left;">G2</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Sridhar</td>
<td style="text-align: left;">Jayanthi</td>
<td style="text-align: left;">Individual</td>
</tr>
<tr class="even">
<td style="text-align: left;">Bret</td>
<td style="text-align: left;">Jordan</td>
<td style="text-align: left;">Symantec Corp.</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Jason</td>
<td style="text-align: left;">Keirstead</td>
<td style="text-align: left;">IBM</td>
</tr>
<tr class="even">
<td style="text-align: left;">David</td>
<td style="text-align: left;">Kemp</td>
<td style="text-align: left;">National Security Agency</td>
</tr>
<tr class="odd">
<td style="text-align: left;">David</td>
<td style="text-align: left;">Lemire</td>
<td style="text-align: left;">G2</td>
</tr>
<tr class="even">
<td style="text-align: left;">Jason</td>
<td style="text-align: left;">Liu</td>
<td style="text-align: left;">Northrop Grumman</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Radu</td>
<td style="text-align: left;">Marian</td>
<td style="text-align: left;">Bank of America</td>
</tr>
<tr class="even">
<td style="text-align: left;">Danny</td>
<td style="text-align: left;">Martinez</td>
<td style="text-align: left;">G2</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Lisa</td>
<td style="text-align: left;">Mathews</td>
<td style="text-align: left;">National Security Agency</td>
</tr>
<tr class="even">
<td style="text-align: left;">James</td>
<td style="text-align: left;">Meck</td>
<td style="text-align: left;">FireEye Inc.</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Efrain</td>
<td style="text-align: left;">Ortiz</td>
<td style="text-align: left;">Symantec Corp.</td>
</tr>
<tr class="even">
<td style="text-align: left;">Paul</td>
<td style="text-align: left;">Patrick</td>
<td style="text-align: left;">FireEye Inc.</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Michael</td>
<td style="text-align: left;">Pepin</td>
<td style="text-align: left;">NC4</td>
</tr>
<tr class="even">
<td style="text-align: left;">Nirmal</td>
<td style="text-align: left;">Rajarathnam</td>
<td style="text-align: left;">ForeScout</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Chris</td>
<td style="text-align: left;">Ricard</td>
<td style="text-align: left;">Financial Services Information Sharing and Analysis Center (FS-ISAC)</td>
</tr>
<tr class="even">
<td style="text-align: left;">Daniel</td>
<td style="text-align: left;">Riedel</td>
<td style="text-align: left;">New Context Services Inc.</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Jason</td>
<td style="text-align: left;">Romano</td>
<td style="text-align: left;">National Security Agency</td>
</tr>
<tr class="even">
<td style="text-align: left;">Philip</td>
<td style="text-align: left;">Royer</td>
<td style="text-align: left;">Splunk Inc.</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Thomas</td>
<td style="text-align: left;">Schreck</td>
<td style="text-align: left;">Siemens AG</td>
</tr>
<tr class="even">
<td style="text-align: left;">Duane</td>
<td style="text-align: left;">Skeen</td>
<td style="text-align: left;">Northrop Grumman</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Duncan</td>
<td style="text-align: left;">Sparrell</td>
<td style="text-align: left;">sFractal Consulting LLC</td>
</tr>
<tr class="even">
<td style="text-align: left;">Michael</td>
<td style="text-align: left;">Stair</td>
<td style="text-align: left;">AT&amp;T</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Andrew</td>
<td style="text-align: left;">Storms</td>
<td style="text-align: left;">New Context Services Inc.</td>
</tr>
<tr class="even">
<td style="text-align: left;">Gerald</td>
<td style="text-align: left;">Stueve</td>
<td style="text-align: left;">Fornetix</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Rodney</td>
<td style="text-align: left;">Sullivan</td>
<td style="text-align: left;">NCI Agency</td>
</tr>
<tr class="even">
<td style="text-align: left;">Allan</td>
<td style="text-align: left;">Thomson</td>
<td style="text-align: left;">LookingGlass</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Bill</td>
<td style="text-align: left;">Trost</td>
<td style="text-align: left;">AT&amp;T</td>
</tr>
<tr class="even">
<td style="text-align: left;">Raymon</td>
<td style="text-align: left;">van der Velde</td>
<td style="text-align: left;">EclecticIQ</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Jyoti</td>
<td style="text-align: left;">Verma</td>
<td style="text-align: left;">Cisco Systems</td>
</tr>
<tr class="even">
<td style="text-align: left;">David</td>
<td style="text-align: left;">Waltermire</td>
<td style="text-align: left;">NIST</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Jason</td>
<td style="text-align: left;">Webb</td>
<td style="text-align: left;">LookingGlass</td>
</tr>
<tr class="even">
<td style="text-align: left;">Sean</td>
<td style="text-align: left;">Welsh</td>
<td style="text-align: left;">AT&amp;T</td>
</tr>
<tr class="odd">
<td style="text-align: left;">Charles</td>
<td style="text-align: left;">White</td>
<td style="text-align: left;">Fornetix</td>
</tr>
<tr class="even">
<td style="text-align: left;">Sounil</td>
<td style="text-align: left;">Yu</td>
<td style="text-align: left;">Bank of America</td>
</tr>
</tbody>
</table>
</body>
</html>