§8.2.

Parameters

Some messages include a Parameters field that encodes optional message elements.

Senders MUST NOT repeat the same parameter type in a message unless the parameter definition explicitly allows multiple instances of that type to be sent in a single message. Receivers SHOULD check that there are no unauthorized duplicate parameters and close the session as a 'Protocol Violation' if found. Receivers MUST allow duplicates of unknown parameters.

Receivers ignore unrecognized parameters.

The number of parameters in a message is not specifically limited, but the total length of a control message is limited to 2^16-1 bytes.

Parameters are serialized as Key-Value-Pairs Figure 2.

Setup message parameters use a namespace that is constant across all MoQ Transport versions. All other messages use a version-specific namespace. For example, the integer '1' can refer to different parameters for Setup messages and for all other message types. SETUP message parameter types are defined in Section 8.3.2. Version-specific parameter types are defined in Section 8.2.1.

8.2.1. Version Specific Parameters

Each version-specific parameter definition indicates the message types in which it can appear. If it appears in some other type of message, it MUST be ignored. Note that since Setup parameters use a separate namespace, it is impossible for these parameters to appear in Setup messages.

8.2.1.1. AUTHORIZATION TOKEN

The AUTHORIZATION TOKEN parameter (Parameter Type 0x03) MAY appear in a CLIENT_SETUP, SERVER_SETUP, SUBSCRIBE, SUBSCRIBE_NAMESPACE, ANNOUNCE, TRACK_STATUS or FETCH message. This parameter conveys information to authorize the sender to perform the operation carrying the parameter.

The AUTHORIZATION TOKEN parameter MAY be repeated within a message.

The parameter value is a Token structure containing an optional Session-specific Alias. The Alias allows the sender to reference a previously transmitted Token Type and Token Value in future messages. The Token structure is serialized as follows:

Token {
  Alias Type (i),
  [Token Alias (i),]
  [Token Type (i),]
  [Token Value (..)]
}
Figure 4: Token structure
  • Alias Type - an integer defining both the serialization and the processing behavior of the receiver. This Alias type has the following code points:

Table 3
Code Name Serialization and behavior
0x0 DELETE There is an Alias but no Type or Value. This Alias
    and the Token Value it was previously associated with
    MUST be retired. Retiring removes them from the pool
    of actively registered tokens.
0x1 REGISTER There is an Alias, a Type and a Value. This Alias
    MUST be associated with the Token Value for the
    duration of the Session or it is deleted. This action
    is termed "registering" the Token.
0x2 USE_ALIAS There is an Alias but no Type or Value. Use the Token
    Type and Value previously registered with this Alias.
0x3 USE_VALUE There is no Alias and there is a Type and Value. Use
    the Token Value as provided. The Token Value may be
    discarded after processing.
  • Token Alias - a Session-specific integer identifier that references a Token Value. There are separate Alias spaces for the client and server (e.g.: they can each register Alias=1). Once a Token Alias has been registered, it cannot be re-registered by the same sender in the Session without first being deleted. Use of the Token Alias is optional.

  • Token Type - a numeric identifier for the type of Token payload being transmitted. This type is defined by the IANA table "MOQT Auth Token Type" (see Section 12). Type 0 is reserved to indicate that the type is not defined in the table and is negotiated out-of-band between client and receiver.

  • Token Value - the payload of the Token. The contents and serialization of this payload are defined by the Token Type.

If the Token structure cannot be decoded, the receiver MUST close the Session with Key-Value Formatting error. The receiver of a message attempting to register an Alias which is already registered MUST close the Session with Duplicate Auth Token Alias. The receiver of a message referencing an Alias that is not currently registered MUST reject the message with Unknown Auth Token Alias.

The receiver of a message containing a well-formed Token structure but otherwise invalid AUTHORIZATION TOKEN parameter MUST reject that message with an Malformed Auth Token error.

The receiver of a message carrying an AUTHORIZATION TOKEN with Alias Type REGISTER that does not result in a Session error MUST register the Token Alias, in the token cache, even if the message fails for other reasons, including Unauthorized. This allows senders to pipeline messages that refer to previously registered tokens without potentially terminating the entire Session. A receiver MAY store an error code (eg: Unauthorized or Malformed Auth Token) in place of the Token Type and Token Alias if any future message referencing the Token Alias will result in that error. The size of a registered cache entry includes the length of the Token Value, regardless of whether it is stored.

If a receiver detects that an authorization token has expired, it MUST retain the registered Alias until it is deleted by the sender, though it MAY discard other state associated with the token that is no longer needed. Expiration does not affect the size occupied by a token in the token cache. Any message that references the token with Alias Type USE_ALIAS fails with Expired Auth Token.

Using an Alias to refer to a previously registered Token Type and Value is for efficiency only and has the same effect as if the Token Type and Value was included directly. Retiring an Alias that was previously used to authorize a message has no retroactive effect on the original authorization, nor does it prevent that same Token Type and Value from being re-registered.

Senders of tokens SHOULD only register tokens which they intend to re-use during the Session and SHOULD retire previously registered tokens once their utility has passed.

By registering a Token, the sender is requiring the receiver to store the Token Alias and Token Value until they are deleted, or the Session ends. The receiver can protect its resources by sending a SETUP parameter defining the MAX_AUTH_TOKEN_CACHE_SIZE limit (see Section 8.3.2.3) it is willing to accept. If a registration is attempted which would cause this limit to be exceeded, the receiver MUST termiate the Session with a Auth Token Cache Overflow error.

8.2.1.2. DELIVERY TIMEOUT Parameter

The DELIVERY TIMEOUT parameter (Parameter Type 0x02) MAY appear in a TRACK_STATUS, SUBSCRIBE, SUBSCRIBE_OK, or SUBSCRIBE_UDPATE message. It is the duration in milliseconds the relay SHOULD continue to attempt forwarding Objects after they have been received. The start time for the timeout is based on when the beginning of the Object is received, and does not depend upon the forwarding preference. There is no explicit signal that an Object was not sent because the delivery timeout was exceeded.

If both the subscriber and publisher specify the parameter, they use the min of the two values for the subscription. The publisher SHOULD always specify the value received from an upstream subscription when there is one, and nothing otherwise. If an Object with a smaller ID arrives later than subsequent Objects, relays can consider its receipt time as that of the Object with the next larger Location, with the assumption that the Objects were reordered.

Publishers can, at their discretion, discontinue forwarding Objects earlier than the negotiated DELIVERY TIMEOUT, subject to stream closure and ordering constraints described in Section 9.4.3. However, if neither the subscriber or publisher specify DELIVERY TIMEOUT, all Objects in the track matching the subscription filter are delivered as indicated by their Group Order and Priority. If a subscriber fails to consume Objects at a sufficient rate, causing the publisher to exceed its resource limits, the publisher MAY terminate the subscription with error 'Too Far Behind'.

If an object in a subgroup exceeds the delivery timeout, the publisher MUST reset the underlying transport stream (see Section 9.4.3).

When sent by a subscriber, this parameter is intended to be specific to a subscription, so it SHOULD NOT be forwarded upstream by a relay that intends to serve multiple subscriptions for the same track.

Publishers SHOULD consider whether the entire Object is likely to be delivered before sending any data for that Object, taking into account priorities, congestion control, and any other relevant information.

8.2.1.3. MAX CACHE DURATION Parameter

The MAX_CACHE_DURATION parameter (Parameter Type 0x04) MAY appear in a SUBSCRIBE_OK, FETCH_OK or TRACK_STATUS message. It is an integer expressing the number of milliseconds an object can be served from a cache. If present, the relay MUST NOT start forwarding any individual Object received through this subscription or fetch after the specified number of milliseconds has elapsed since the beginning of the Object was received. This means Objects earlier in a multi-object stream will expire earlier than Objects later in the stream. Once Objects have expired from cache, their state becomes unknown, and a relay that handles a downstream request that includes those Objects re-requests them.

This is one section of the MoQT specification, rendered per-section for quick reference and citation. The authoritative text is draft-ietf-moq-transport-13 at the IETF.