idnits 2.17.1 draft-ietf-calext-caldav-scheduling-controls-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC6638, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC6638, updated by this document, for RFC5378 checks: 2005-05-31) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 26, 2019) is 1856 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 calext B. Gondwana, Ed. 3 Internet-Draft FastMail 4 Updates: 6638 (if approved) March 26, 2019 5 Intended status: Standards Track 6 Expires: September 27, 2019 8 CalDAV Extension for scheduling controls 9 draft-ietf-calext-caldav-scheduling-controls-00 11 Abstract 13 This document adds headers to control and restrict the scheduling 14 behaviour of CalDAV servers when updating calendaring resources. 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at https://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on September 27, 2019. 33 Copyright Notice 35 Copyright (c) 2019 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (https://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 51 2. Conventions Used In This Document . . . . . . . . . . . . . . 3 52 3. Extending the CalDAV OPTIONS response . . . . . . . . . . . . 3 53 3.1. Example: Using OPTIONS for the Discovery of Scheduling 54 Controls Support . . . . . . . . . . . . . . . . . . . . 3 55 4. New headers . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 4.1. Scheduling header . . . . . . . . . . . . . . . . . . . . 4 57 4.2. Schedule-User-Address header . . . . . . . . . . . . . . 4 58 5. Implementation considerations . . . . . . . . . . . . . . . . 5 59 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 60 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 61 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 62 9. Version History . . . . . . . . . . . . . . . . . . . . . . . 5 63 9.1. ietf-calext-v00, 2019-03-26 . . . . . . . . . . . . . . . 5 64 9.2. gondwana-v01, 2019-03-08 . . . . . . . . . . . . . . . . 6 65 9.3. gondwana-v00, 2019-02-08 . . . . . . . . . . . . . . . . 6 66 10. Normative References . . . . . . . . . . . . . . . . . . . . 6 67 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 69 1. Introduction 71 [RFC6638] defines automatic scheduling operations for resources 72 stored on [!@RFC4791] CalDAV servers. 74 [RFC6638] defines the "Schedule-Reply" header in Section 8.1, however 75 this header is not sufficient for controlling scheduling in all 76 cases. 78 Cases where it might be necessary to update the data store on a 79 server without causing scheduling messages to be sent include backup 80 after a data loss event on the server, or importing calendar events 81 from another system. 83 Calendar server operators deal with these other needs by either using 84 a different method than CalDAV to update their server, or by adding a 85 custom method to suppress scheduling. This document defines a 86 standard method to suppress scheduling, allowing CalDAV to be 87 directly used for restores and imports. 89 Complex sites can have users who have multiple aliases, and in the 90 most complex cases, a user may have multiple identities who are 91 present on a scheduling event as organizer and/or attendee. When an 92 event is updated over CalDAV, the server must calculate or guess 93 which of those addresses the current user is acting as. This 94 document defines a header which allows the client to inform the 95 server precisely which address they are acting as when adding, 96 modifying or removing a resource. 98 2. Conventions Used In This Document 100 In examples, "C:" indicates data sent by a client that is connected 101 to a server. "S:" indicates data sent by the server to the client. 103 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 104 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 105 document are to be interpreted as described in [RFC2119] when they 106 appear in ALL CAPS. These words may also appear in this document in 107 lower case as plain English words, absent their normative meanings. 109 3. Extending the CalDAV OPTIONS response 111 A server supporting the features described in this document MUST 112 include "scheduling-controls" as a field in the DAV response header 113 from an OPTIONS request. A value of "scheduling-controls" in the DAV 114 response header indicates to clients that the server supports all the 115 requirements specified in this document. 117 3.1. Example: Using OPTIONS for the Discovery of Scheduling Controls 118 Support 120 Request: 122 OPTIONS /home/brong/calendars/ HTTP/1.1 123 Host: cal.example.com 125 Response: 127 HTTP/1.1 200 OK 128 Allow: OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, COPY, MOVE 129 Allow: PROPFIND, PROPPATCH, LOCK, UNLOCK, REPORT, ACL 130 DAV: 1, 2, 3, access-control, calendar-access, 131 scheduling-controls 132 Date: Thu, 8 Feb 2019 10:16:37 GMT 133 Content-Length: 0 135 4. New headers 137 This document adds two new headers for use on PUT, PROPPATCH and 138 DELETE: 140 4.1. Scheduling header 142 Scheduling: {all|none|internal-only|external-only|X-...} 144 Default: all 146 Not providing this header, or providing the value of "all", instructs 147 the server to follow the behaviour in [RFC6638] Section 3.2. 149 Providing the value "none" instructs the server to perform no 150 scheduling at all, and to just store the event (useful for restoring 151 from backup) 153 The value "internal-only" instructs the server to update the events 154 in other calendars within its system where that can be done silently, 155 but not to send visible notifications to users (where permitted by 156 policy). This is useful when importing multiple related calendars 157 into a new system without flooding external parties with 158 notifications. 160 The value "external-only" instructs the server to import the data 161 without updating local calendars, but to send notifications to 162 external attendees so they are aware of the event. This is useful 163 when migrating calendar events to a new system where external parties 164 need to have a way to update their participation status in the new 165 system. 167 e.g. 169 Scheduling: none 171 TODO: specify error codes 173 4.2. Schedule-User-Address header 175 Schedule-User-Address: URI 177 Default: not present 179 If this header is not present, the server will calculate the address 180 from the authenticated user, or from the CALDAV:schedule-user-address 181 property on the calendar or principal. 183 If this header is provided, it overrides the server's internal 184 calculation, and informs the server to perform any scheduling as the 185 specified user. 187 TODO: specify error codes 188 e.g. 190 Schedule-User-Address: mailto:foo@example.com 192 5. Implementation considerations 194 Any server implementing this extension MUST ensure it has a way to 195 validate Schedule-User-Address settings. 197 6. IANA Considerations 199 TODO: IANA request for OPTIONS item 201 TODO: IANA request for named headers 203 7. Security Considerations 205 The "Scheduling" header only allows reduction of the cases in which 206 the server will creating scheduling requests. This is generally good 207 for user privacy, allowing copies of events to be updated without 208 notifying the owner or attendees. This is particularly valuable for 209 cleaning up spam. 211 The "Schedule-User-Address" header allows the client to override the 212 server choice of address for the user to act as. Servers MUST ensure 213 that the authenticated user has permission to act as the specified 214 address, as well as applying any local policy limitations. 216 8. Acknowledgments 218 o Lucia Kristiansen, Google 220 o CalConnect 222 o The calext working group 224 9. Version History 226 Remove before publishing 228 9.1. ietf-calext-v00, 2019-03-26 230 o Adopt into calext working group based on no objections on the list 232 9.2. gondwana-v01, 2019-03-08 234 o correct name in acknowledgements 236 9.3. gondwana-v00, 2019-02-08 238 o Initial draft based on discussion at CalConnect about Google and 239 FastMail private implementations. 241 10. Normative References 243 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 244 Requirement Levels", BCP 14, RFC 2119, 245 DOI 10.17487/RFC2119, March 1997, 246 . 248 [RFC6638] Daboo, C. and B. Desruisseaux, "Scheduling Extensions to 249 CalDAV", RFC 6638, DOI 10.17487/RFC6638, June 2012, 250 . 252 Author's Address 254 Bron Gondwana (editor) 255 FastMail 256 Level 2, 114 William St 257 Melbourne VIC 3000 258 Australia 260 Email: brong@fastmailteam.com 261 URI: https://www.fastmail.com