Internet-Draft CDDL 2.0 August 2023
Bormann Expires 28 February 2024 [Page]
CBOR Working group
Intended Status:
C. Bormann
Universität Bremen TZI

CDDL 2.0 — a draft plan


The Concise Data Definition Language (CDDL) today is defined by RFC 8610 and RFC 9165. The latter (as well as some more application specific specifications such as RFC 9090) have used the extension point provided in RFC 8610, the control operator.

As CDDL is used in larger projects, feature requirements become known that cannot be easily mapped into this single extension point. Hence, there is a need for evolution of the base CDDL specification itself.

The present document provides a roadmap towards a "CDDL 2.0". It is based on draft-bormann-cbor-cddl-freezer, but is more selective in what potential features it takes up and more detailed in their discussion. It is intended to serve as a basis for prototypical implementations of CDDL 2.0. What specific documents spawn from the present one or whether this document is evolved into a single CDDL 2.0 specification.

About This Document

This note is to be removed before publishing as an RFC.

Status information for this document may be found at

Discussion of this document takes place on the cbor Working Group mailing list (, which is archived at Subscribe at

Source for this draft and an issue tracker can be found at

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 28 February 2024.

Table of Contents

1. Introduction

(Please see abstract.)

Note that the existing extension point can be exercised for new features in parallel to the work described here. One such draft, [I-D.ietf-cbor-cddl-more-control], is planned to form the first set of specifications going forward from the CDDL-2 project together with [I-D.ietf-cbor-update-8610-grammar].

The rest of this introduction gives a rough overview over what could be the development plan for CDDL 1.1, 2.0, 2.5.

1.1. CDDL 1.1 + 2 plan (standards track)

  • Done before IETF 117: CDDL 1.1: [I-D.ietf-cbor-update-8610-grammar], Grammar fixes: Empty files (enabling CDDL 2), non-literal tags, errata fixes (implemented)
  • Done before IETF 117: Parallel to CDDL 1.1: More control operators [I-D.ietf-cbor-cddl-more-control]: Additional control operators, another iteration like RFC 9165 (implemented)
  • Done before IETF 118: CDDL 2.0: [I-D.ietf-cbor-cddl-modules] (import/include implemented; potentially further directives to be added)
  • Done 2024: CDDL 2.5: Section 3 of the present document ("annotations", plus some functionality enabled by that). The requirements are clear, the specific form this takes needs to be worked out. Enables, e.g., Section 5 of [I-D.bormann-cbor-cddl-freezer] (co-occurrence).

1.2. Other documents

Not on the main line of development, but important ancillary work:

More explorative at this point:

2. Mending syntax deficits

The previous content of this section formed the basis for [I-D.ietf-cbor-update-8610-grammar], except for Section 2.1.

3. Processing model: Beyond Validation

Proposal Status:

experiments with implementations ongoing


backwards compatible

The basic (implicit) processing model for CDDL 1.0 applies a CDDL data model to a data item and returns a Boolean that indicates whether the data item matches that model ("validation").

Section 4 of [RFC9165] extends this model with named "features". A validation can indicate which features were used. Validation could also be parameterized with information about what features are allowed to be used, enabling variants (see Section 4 of [RFC9165] and [useful] for examples).

The cddl tool (Appendix F of [RFC8610]) also supports experimental forms of "annotating" a validated data item with information about which rules were used to support validation, currently entirely based on the information that is in a standard CDDL 1.0 data model. This leads to a more general concept of "annotation", where the data model specification supports "annotating" the validated instance by optionally supplying information in the model. (The annotated result is a special case of a "post-schema validation instance" [PSVI], here one where the data item itself is only augmented, not changed, by the process.)

Annotations could in turn provide input to further validation steps, as is often done with Schematron validation in Relax-NG; with an appropriate evaluation language this can be used for checking co-occurrence constraints (Section 5 of [I-D.bormann-cbor-cddl-freezer]).

Finally, annotations are a first step to transformation, i.e., describing how a validated data item should be interpreted as a transformed data item by performing certain computations. This generally requires even more support from an evaluation language, simple transformations such as adding in default values may not need much support though.

At this time, existing experimental implementations do not lead to a clear choice for what processing model enhancements should be in CDDL 2.0. This document proposes to continue the experimentation and document good approaches.

4. Module superstructure

The previous content of this section formed the basis for [I-D.ietf-cbor-cddl-modules]. Additional work might be started on the ideas outlined in the subsections of this section.

4.2. ABNF is a lot like CDDL

Many of the constructs defined here for CDDL also could be used with ABNF specifications. ABNF would definitely benefit from a standard way to import snippets from existing RFCs. Since CDDL contains ABNF support (Section 3 of [RFC9165]), it would be natural to make some of the functionality discussed in this section available for ABNF as well.

5. IANA Considerations

(Insert new registry for application specific literals here, if adopted.)

6. Security considerations

The security considerations of [RFC8610] apply.

7. References

7.1. Normative References

Birkholz, H., Vigano, C., and C. Bormann, "Concise Data Definition Language (CDDL): A Notational Convention to Express Concise Binary Object Representation (CBOR) and JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, , <>.
Bormann, C., "Additional Control Operators for the Concise Data Definition Language (CDDL)", RFC 9165, DOI 10.17487/RFC9165, , <>.

7.2. Informative References

Bormann, C. and H. Birkholz, "Using CDDL for CSVs", Work in Progress, Internet-Draft, draft-bormann-cbor-cddl-csv-03, , <>.
Bormann, C., "A feature freezer for the Concise Data Definition Language (CDDL)", Work in Progress, Internet-Draft, draft-bormann-cbor-cddl-freezer-11, , <>.
Bormann, C., "Managing CBOR numbers in Internet-Drafts", Work in Progress, Internet-Draft, draft-bormann-cbor-draft-numbers-01, , <>.
Bormann, C., "CDDL models for some existing RFCs", Work in Progress, Internet-Draft, draft-bormann-cbor-rfc-cddl-models-02, , <>.
Bormann, C., "CDDL Module Structure", Work in Progress, Internet-Draft, draft-ietf-cbor-cddl-modules-00, , <>.
Bormann, C., "More Control Operators for CDDL", Work in Progress, Internet-Draft, draft-ietf-cbor-cddl-more-control-00, , <>.
Bormann, C., "Application-Oriented Literals in CBOR Extended Diagnostic Notation", Work in Progress, Internet-Draft, draft-ietf-cbor-edn-literals-02, , <>.
Bormann, C., "Updates to the CDDL grammar of RFC 8610", Work in Progress, Internet-Draft, draft-ietf-cbor-update-8610-grammar-00, , <>.
"Use Cases for XML Schema PSVI API", , <>.
"Useful CDDL", n.d., <>.

Appendix A. Fridge

This appendix contains sections that may not make it to a 2.0, but might be part of a followup.

A.1. Tag-oriented Literals

Proposal Status:

rough idea, porting from EDN


backward (not forward)

Some CBOR tags often would be most natural to use in a CDDL spec with a literal syntax that is tailored to their semantics instead of their serialization in CBOR. There is currently no way to add such syntaxes, no defined extension point either.

The proposal "Application-Oriented Literals in CBOR Extended Diagnostic Notation" [I-D.ietf-cbor-edn-literals] defines application-oriented literals, e.g., of the form

  • dt'2019-07-21T19:53Z'

for datetime items. With additional considerations for unambiguous syntax, a similar literal form could be included in CDDL.

This proposal opens a name space for the prefix that indicates an application specific literal. A registry could be provided to make this name space a genuine extension point. (This is currently the production bsqual in Appendix B of [RFC8610].)

The syntax provided in [I-D.ietf-cbor-edn-literals] does not enable the use of CDDL types — it has the same flaw that is being fixed for tag numbers in Section 3.2 of [I-D.ietf-cbor-update-8610-grammar].

A.2. Cross-universe references

Often, a CDDL specification needs to import from specifications in a different language or platform.

A.2.1. IANA references

In many cases, CDDL specifications make use of values that are specified in IANA registries. The .iana control operator can be used to reference such a set of values.

The reference needs to be able to point to a draft, the registry of which has not been established yet, as well as to an established IANA registry.

An example of such a usage might be:

cose-algorithm = int .iana ["cose", "algorithms", "value"]

Unfortunately, the vocabulary employed in IANA registries has not been designed for machine references. In this case, the potential values would come from applying the XPath expression


to, plus some filtering on the records returned that only leaves actual allocations. Additional functionality may be needed for filtering with respect to other columns of the registry record, e.g., <capabilities> in the case of this example.



Author's Address

Carsten Bormann
Universität Bremen TZI
Postfach 330440
D-28359 Bremen