idnits 2.17.1 

draft-dusseault-http-patch-04.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3978, Section 5.1.a on line 16.

  -- Found old boilerplate from RFC 3978, Section 5.5 on line 450.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 427.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 434.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 440.

  ** Found boilerplate matching RFC 3978, Section 5.4, paragraph 1 (on line
     456), which is fine, but *also* found old RFC 2026, Section 10.4C,
     paragraph 1 text on line 38.

  ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure
     Acknowledgement. 

  ** This document has an original RFC 3978 Section 5.4 Copyright Line,
     instead of the newer IETF Trust Copyright according to RFC 4748.

  ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead
     of the newer disclaimer which includes the IETF Trust according to RFC
     4748.

  ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate
     instead of verbatim RFC 3978 boilerplate.  After 6 May 2005, submission
     of drafts without verbatim RFC 3978 boilerplate is not accepted.

     The following non-3978 patterns matched text found in the document. 
     That text should be removed or replaced:

        This document is an Internet-Draft and is subject to all provisions of
        Section 3 of RFC 3667.

        By submitting this Internet-Draft, each author represents that any
        applicable patent or other IPR claims of which he or she is aware
        have been or will be disclosed, and any of which he or she
        becomes aware will be disclosed, in accordance with Section 6 of
        BCP 79.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack a Security Considerations section.

  ** The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)

  ** The document seems to lack separate sections for Informative/Normative
     References.  All references will be assumed normative when checking for
     downward references.

  ** The abstract seems to contain references ([3]), which it shouldn't. 
     Please replace those with straight textual mentions of the documents in
     question.

  ** The document seems to lack a both a reference to RFC 2119 and the
     recommended RFC 2119 boilerplate, even if it appears to use RFC 2119
     keywords. 

     RFC 2119 keyword, line 82: '...te new body, and MUST NOT be reused to...'
     RFC 2119 keyword, line 121: '...   [9] format identified as 'application/gdiff'.  Servers SHOULD support...'
     RFC 2119 keyword, line 133: '...   MUST NOT create a new resource with...'
     RFC 2119 keyword, line 134: '...   although it MAY (depending on the p...'
     RFC 2119 keyword, line 136: '...ce's content type MUST be one to which...'
     (21 more instances...)


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (August 8, 2004) is 7191 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Unused Reference: '7' is defined on line 340, but no explicit reference
     was found in the text

  ** Obsolete normative reference: RFC 2518 (ref. '2') (Obsoleted by RFC 4918)

  ** Obsolete normative reference: RFC 2616 (ref. '3') (Obsoleted by RFC
     7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235)

  ** Obsolete normative reference: RFC 3230 (ref. '5') (Obsoleted by RFC 9530)

  -- Possible downref: Non-RFC (?) normative reference: ref. '9'


     Summary: 14 errors (**), 0 flaws (~~), 3 warnings (==), 8 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Individual Submission                                       L. Dusseault
3	Internet-Draft                                                      OSAF
4	Expires: February 6, 2005                                 August 8, 2004

6	            Partial Document Changes (PATCH Method) for HTTP
7	                     draft-dusseault-http-patch-04

9	Status of this Memo

11	   This document is an Internet-Draft and is subject to all provisions
12	   of section 3 of RFC 3667.  By submitting this Internet-Draft, each
13	   author represents that any applicable patent or other IPR claims of
14	   which he or she is aware have been or will be disclosed, and any of
15	   which he or she become aware will be disclosed, in accordance with
16	   RFC 3668.

18	   Internet-Drafts are working documents of the Internet Engineering
19	   Task Force (IETF), its areas, and its working groups.  Note that
20	   other groups may also distribute working documents as
21	   Internet-Drafts.

23	   Internet-Drafts are draft documents valid for a maximum of six months
24	   and may be updated, replaced, or obsoleted by other documents at any
25	   time.  It is inappropriate to use Internet-Drafts as reference
26	   material or to cite them other than as "work in progress."

28	   The list of current Internet-Drafts can be accessed at http://
29	   www.ietf.org/ietf/1id-abstracts.txt.

31	   The list of Internet-Draft Shadow Directories can be accessed at
32	   http://www.ietf.org/shadow.html.

34	   This Internet-Draft will expire on February 6, 2005.

36	Copyright Notice

38	   Copyright (C) The Internet Society (2004).  All Rights Reserved.

40	Abstract

42	   Several applications extending HTTP [3] require a feature to do
43	   partial resource modification.  Existing HTTP functionality only
44	   allows a complete replacement of a document.  This proposal adds a
45	   new HTTP method, PATCH, to modify an existing HTTP resource.

47	1.  Introduction

49	   Three use cases initially motivated this proposal

51	   1.  WebDAV [2] is used by authoring applications to store and share
52	       files on the internet.  For example, Adobe Photoshop has a
53	       Workgroup feature allowing the user to browse a repository and
54	       save the file.  Currently, Photoshop only publishes the file to
55	       the repository rarely, because Photoshop files are typically
56	       large and upload is slow.  Worse, large uploads are more likely
57	       to be interrupted.  Although HTTP provides byte range downloads,
58	       it does not provide a mechanism for partial uploads.
59	   2.  DeltaV [6] extends WebDAV to do versioning.  In versioning
60	       environments, a large number of files may be updated with very
61	       small changes.  For example, a programmer may change the name of
62	       a function used in a hundred source files.  Versioning
63	       applications typically send deltas or patches to the server to
64	       modify these files, however DetaV does not yet have this
65	       functionality.
66	   3.  The SIMPLE WG is devising a way to store and modify configuration
67	       information.  The biggest feature missing from HTTP is the
68	       ability to modify information in a very lightweight manner, so
69	       that the client that decides to change its presence state from
70	       "free" to "busy" doesn't have to upload a large document.  This
71	       can be accomplished through changes to a HTTP resource as well.

73	   Other working groups (like netconf) are also considering manipulating
74	   large files using HTTP GET and PUT.  Sometimes the files aren't that
75	   large but the device is small or bandwidth is limited, as when phones
76	   need to add a new contact to an address book file.  This feature
77	   would allow much more efficient changes to files.

79	   This specification defines a new HTTP 1.1 method for patches.  A new
80	   method is necessary to improve interoperability and prevent errors.
81	   The PUT method is already defined to overwrite a resource with a
82	   complete new body, and MUST NOT be reused to do partial changes.
83	   Otherwise, proxies and caches and even clients and servers may get
84	   confused as to the result of the operation.

86	   Note that byte ranges are already used in HTTP to do partial
87	   downloads (GET method).  However, they are not defined for uploads,
88	   and there are some missing pieces for uploads.  For example, the HTTP
89	   specification does not define a particularly informative error to
90	   send if the byte range in a PUT is invalid.  Byte ranges (or some
91	   other kind of range) could be made to work in this specification but
92	   a more flexible mechanism (one that could also encompass XML patch
93	   formats) was desired, as well as a method that would not confuse
94	   caching proxies.  Reliable and tested patch algorithms already exist,
95	   and this specification takes advantage of that existing work.

97	   Other patch formats ("delta encodings") are defined for HTTP in RFC
98	   3229 [4].  That specification defines delta encodings for cache
99	   updates, not for user write operations.  It does mean that servers
100	   can reuse delta encoding algorithms to support both that
101	   specification and this proposal.

103	   This specification defines the new method PATCH to alter a single
104	   existing resource, in place, by applying a patch.  The operation is
105	   atomic.  Note that WebDAV MOVE and COPY requests, if supported by the
106	   HTTP server, can be useful to independently rename or copy a whole
107	   resource before applying PATCH to either the source or destination
108	   URL to modify the contents.

110	2.  Patch Formats

112	   A set of changes for a resource is itself a document, called a patch
113	   document.  The patch format is uniquely identified through a MIME
114	   type.  Servers advertise supported patch formats by advertising these
115	   MIME types, and clients specify which one they're using by including
116	   the MIME type in the request.  MIME types were specifically chosen so
117	   that there would be a well-defined way for other PATCH extensions to
118	   define their own patch formats and how to use them.

120	   This specification only defines usage of the platform-portable gdiff
121	   [9] format identified as 'application/gdiff'.  Servers SHOULD support
122	   gdiff for all authorable resources, that is all resources that
123	   support PUT.  Some requirements apply only to specific patch formats,
124	   and in this specification those requirements are spelled out only for
125	   gdiff.

127	3.  Mechanisms

129	3.1  PATCH Method

131	   The PATCH method requests that the request body (a patch document) be
132	   applied to the resource identified by the Request-URI.  The server
133	   MUST NOT create a new resource with the contents of the request body,
134	   although it MAY (depending on the patch document format) apply the
135	   request body to an empty entity to result in the content for the new
136	   resource.  The target resource's content type MUST be one to which
137	   the patch format applies.  The server MUST apply the entire patch
138	   atomically and never provide (e.g.  in response to a GET during this
139	   operation) a partially-patched body.  If the entire patch file cannot
140	   be successfully applied then the server MUST fail the entire request,
141	   applying none of the changes.  See error handling section for details
142	   on status codes and possible error conditions.

144	   In the model defined in RFC3230 [5], the patch document is modelled
145	   as an instance being sent to the server.  Thus, if the server
146	   supports instance manipulations, the client MAY apply these
147	   manipulations to the patch document after it is generated (for
148	   example, a compression algorithm).  On the receiving end, the server
149	   MUST undo the instance manipulation then apply the resulting document
150	   as a patch.

152	   PATCH request bodies MUST NOT be cached.  A cache MAY mark the
153	   resource identified in the Request-URI as stale if it sees a
154	   successful response to the PATCH request.

156	   The PATCH request MUST have a body.  It MUST include the Content-Type
157	   header with a MIME [1] type value identifying the patch format used
158	   in the request body.  The request body MUST be in some format which
159	   has the semantics of defining a change to an existing document.

161	   The PATCH request is subject to access control, which in turn may
162	   require authentication.  If the server supports WebDAV Access Control
163	   [8], then the PATCH request SHOULD be subject to the same access
164	   control permissions as the PUT request.

166	   If the gdiff format is used:

168	   o  The client MUST verify that it is applying the patch document to a
169	      known entity.  There are two reliable ways to do this.  The first
170	      way is to find out the resource ETag at the time the body is
171	      downloaded, and use that Etag in the If-Match header on the PATCH
172	      request to make sure the resource is still unchanged.  The second
173	      way to use WebDAV LOCK/UNLOCK to reserve the file (first LOCK,
174	      then GET, then PATCH, then UNLOCK).  Gdiff collisions from
175	      multiple users are more dangerous than PUT collisions, because a
176	      gdiff that is not operating from a known base point may corrupt
177	      the resource.  Therefore, if neither strong ETags nor LOCKS are
178	      available from the server, the client MUST use If-Unmodified-Since
179	      as a less-reliable safeguard.
180	   o  If the Request-URI does not identify an existing resource, the
181	      server SHOULD (subject of course to access control and other
182	      restrictions) create a resource with an empty body and apply the
183	      gdiff changes to that empty entity.  A client SHOULD verify that
184	      the URL is unmapped, as expected, with use of the "If-None-Match:
185	      *" header.

187	   Simple PATCH example

189	       PATCH /file.txt HTTP/1.1
190	       Host: www.example.com
191	       Content-type: application/gdiff
192	       If-Match: "e0023aa4e"
193	       Content-Length: 100

195	       [gdiff-binary-body]

197	                                Figure 1

199	   This example illustrates use of the gdiff algorithm on an existing
200	   text file.

202	3.2  PATCH Response

204	3.2.1  Success Response

206	   A successful response with the 204 No Content status code implies
207	   that no new resource was created.  A successful response with the 201
208	   Created status code informs the client that a new resource was
209	   created.

211	   The server SHOULD provide a MD5 hash of the resource entity after the
212	   patch was applied.  This allows the client to verify the success of
213	   the operation.  As with PUT, the PATCH method MUST cause the ETag to
214	   change if the resulting entity is not identical to the original.  If
215	   the server supports strong ETags, the server MUST return a strong
216	   ETag for use in future client operations.  The server SHOULD return
217	   the Last-Modified header in any case, but the server MUST return the
218	   Last-Modified header if ETags aren't supported.

220	   Successful PATCH response to existing text file

222	       HTTP/1.1 204 No Content
223	       Content-MD5: Q2hlY2sgSW50ZWdyaXR5IQ==
224	       ETag: "e0023aa4e"

226	3.2.2  Error handling

228	   This proposal uses the same mechanism as DeltaV (defined in section
229	   1.6 of RFC3253) to add much-needed info to base HTTP error responses.
230	   Existing HTTP status codes are not infinitely extensible but XML
231	   elements and namespaces are more so, and it's simple to treat the
232	   HTTP error code as a rough category and put detailed error codes in
233	   the body.  Clients that do not use the extra information ignore the
234	   bodies of error responses.

236	   The PATCH method can return the following errors.  Please note that
237	   the notation "DAV:foobar" is merely short form for expressing "the
238	   'foobar' element in the 'DAV:' namespace".  It has meaning only in
239	   this specification, not on the wire.  Also note that the string error
240	   codes are not meant to be displayed but instead as machine parsable
241	   known error codes (thus there is no language code).

243	   DAV:delta-format-unsupported: Used with 403 Forbidden status code.
244	      Returned by the server when it doesn't support the patch format
245	      chosen by the client.

247	   DAV:delta-format-forbidden-on-resource: Used with 403 Forbidden when
248	      the patch format chosen by the client is supported by the server
249	      but not allowed on this kind of resource.

251	   DAV:delta-format-badly-formatted: Used with 400 Bad Request when the
252	      server finds that the patch document provided by the client was
253	      badly formatted or non-compliant.  The definition of badly
254	      formatted or non-compliant depends on the patch format chosen, but
255	      generally if the server finds it can't handle the current patch
256	      even though it supports the format used, this error ought to be
257	      appropriate.

259	   DAV:patch-empty-resource: Used with 409 Conflict when the resource
260	      addressed in the Request-URI exists but is empty, and the patch
261	      format cannot be applied to an empty document.  Note that some
262	      patch formats may be applied to an empty document, in which case
263	      this error wouldn't be used.

265	   DAV:patch-result-invalid: Used with 409 Conflict when the resource
266	      could be patched but the result of the patch would be a resource
267	      which is invalid.  This could mean, for example, that a XML
268	      resource would become an invalid XML file if the patch specified
269	      that a close element text line should be deleted.

271	   "404 Not Found" can be used (with no body/error element) when the URL
272	   in by the Request-URI does not map to a resource and the server
273	   cannot apply the patch document to a new empty resource (thus this
274	   error wouldn't be used with gdiff patch documents).

276	3.3  Advertising Support in OPTIONS

278	   The server advertises its support for the features described here
279	   with OPTIONS response headers.  The "Allow" OPTIONS header is already
280	   defined in HTTP 1.1  to contain all the allowed methods on the
281	   addressed resource, so the server MUST add PATCH if it is allowed.

283	   Clients also need to know whether the server supports special patch
284	   formats, so this document introduces a new OPTIONS response header
285	   "Accept-Patch".  "Accept-Patch" MUST appear in the OPTIONS response
286	   for any resource where the PATCH method is shown as an allowed
287	   method.

289	   OPTIONS * is not used to advertise support for PATCH because the
290	   patch formats supported are likely to change from one resource to
291	   another.  A server MAY include the Accept-Patch header in response to
292	   OPTIONS *, and its value MAY be the union of known supported patch
293	   formats.

295	   Accept-Patch = "Accept-Patch" ":" #media-type

297	   Example: OPTIONS request and response for specific resource

299	       [request]

301	       OPTIONS /example/buddies.xml HTTP/1.1
302	       Host: www.example.com

304	       [response]

306	       HTTP/1.1 200 OK
307	       Allow: GET, PUT, POST, OPTIONS, HEAD, TRACE, DELETE, PATCH
308	       Accept-Patch: example/xcap+xml, application/gdiff

310	   The examples show a server that supports PATCH generally, with two
311	   formats supported (one of them is fictional).  On some resources, for
312	   example on XML files, different kinds of patch formats more
313	   appropriate to the resource may be supported.

315	4  References

317	   [1]  Freed, N. and N. Borenstein, "Multipurpose Internet Mail
318	        Extensions (MIME) Part Two: Media Types", RFC 2046, November
319	        1996.

321	   [2]  Goland, Y., Whitehead, E., Faizi, A., Carter, S. and D. Jensen,
322	        "HTTP Extensions for Distributed Authoring -- WEBDAV", RFC 2518,
323	        February 1999.

325	   [3]  Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L.,
326	        Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol --
327	        HTTP/1.1", RFC 2616, June 1999.

329	   [4]  Mogul, J., Krishnamurthy, B., Douglis, F., Feldmann, A., Goland,
330	        Y., van Hoff, A. and D. Hellerstein, "Delta encoding in HTTP",
331	        RFC 3229, January 2002.

333	   [5]  Mogul, J. and A. Van Hoff, "Instance Digests in HTTP", RFC 3230,
334	        January 2002.

336	   [6]  Clemm, G., Amsden, J., Ellison, T., Kaler, C. and J. Whitehead,
337	        "Versioning Extensions to WebDAV (Web Distributed Authoring and
338	        Versioning)", RFC 3253, March 2002.

340	   [7]  Korn, D., MacDonald, J., Mogul, J. and K. Vo, "The VCDIFF
341	        Generic Differencing and Compression Data Format", RFC 3284,
342	        June 2002.

344	   [8]  Clemm, G., Reschke, J., Sedlar, E. and J. Whitehead, "Web
345	        Distributed Authoring and Versioning (WebDAV) Access Control
346	        Protocol", RFC 3744, May 2004.

348	   [9]  van Hoff, A. and J. Payne, "Generic Diff Format Specification",
349	        W3C NOTE-gdiff-19970901, August 1997.

351	Author's Address

353	   Lisa Dusseault
354	   Open Source Application Foundation
355	   2064 Edgewood Dr.
356	   Palo Alto, CA  94303
357	   US

359	   EMail: lisa@osafoundation.org

361	Appendix A.  Acknowledgements

363	   PATCH is not a new concept, it first appeared in HTTP in drafts of
364	   version 1.1 written by Roy Fielding and Henrik Frystyk.

366	   Thanks to Adam Roach, Chris Sharp, Julian Reschke, Geoff Clemm, Scott
367	   Lawrence, Jeffrey Mogul, Roy Fielding, Greg Stein, Jim Luther, Alex
368	   Rousskov and Jamie Lokier for review and advice on this document.

370	Appendix B.  Changes

372	B.1  Changes from -00

374	   OPTIONS support: removed "Patch" header definition and used Allow and
375	   new "Accept-Patch" headers instead.

377	   Supported patch formats: removed vcdiff and diffe as these do not
378	   have defined MIME types and did not seem to be strongly desired.

380	   PATCH method definition: Clarified cache behavior.

382	B.2  Changes from -01

384	   Removed references to XCAP - not yet a RFC.

386	   Fixed use of MIME types (this "fix" now obsolete)

388	   Explained how to use MOVE or COPY in conjunction with PATCH, to
389	   create a new resource based on an existing resource in a different
390	   location.

392	B.3  Changes from -02

394	   Clarified that MOVE and COPY are really independent of PATCH.

396	   Clarified when an ETag must change, and when Last-Modified must be
397	   used.

399	   Clarified what server should do if both Content-Type and IM headers
400	   appear in PATCH request.

402	   Filled in missing reference to DeltaV and ACL RFCs.

404	   Stopped using 501 Unsupported for unsupported patch formats.

406	   Clarified what a static resource is.

408	   Refixed use of MIME types for patch formats.

410	   Limited the scope of some restrictions to apply only to 'gdiff'
411	   usage.

413	B.4  Changes from -03

415	   Various typographical, terminology consistency, and other minor
416	   clarifications or fixes.

418	Intellectual Property Statement

420	   The IETF takes no position regarding the validity or scope of any
421	   Intellectual Property Rights or other rights that might be claimed to
422	   pertain to the implementation or use of the technology described in
423	   this document or the extent to which any license under such rights
424	   might or might not be available; nor does it represent that it has
425	   made any independent effort to identify any such rights.  Information
426	   on the procedures with respect to rights in RFC documents can be
427	   found in BCP 78 and BCP 79.

429	   Copies of IPR disclosures made to the IETF Secretariat and any
430	   assurances of licenses to be made available, or the result of an
431	   attempt made to obtain a general license or permission for the use of
432	   such proprietary rights by implementers or users of this
433	   specification can be obtained from the IETF on-line IPR repository at
434	   http://www.ietf.org/ipr.

436	   The IETF invites any interested party to bring to its attention any
437	   copyrights, patents or patent applications, or other proprietary
438	   rights that may cover technology that may be required to implement
439	   this standard.  Please address the information to the IETF at
440	   ietf-ipr@ietf.org.

442	Disclaimer of Validity

444	   This document and the information contained herein are provided on an
445	   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
446	   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
447	   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
448	   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
449	   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
450	   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

452	Copyright Statement

454	   Copyright (C) The Internet Society (2004).  This document is subject
455	   to the rights, licenses and restrictions contained in BCP 78, and
456	   except as set forth therein, the authors retain all their rights.

458	Acknowledgment

460	   Funding for the RFC Editor function is currently provided by the
461	   Internet Society.