idnits 2.17.1 draft-sayre-atompub-protocol-basic-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 16. -- Found old boilerplate from RFC 3978, Section 5.2b on line 16. -- Found old boilerplate from RFC 3978, Section 5.5 on line 565. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 537. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 544. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 550. -- The document has an RFC 3978 Section 5.2(b) Derivative Works Limitation clause. If this document is intended for submission to the IESG for publication, this constitutes an error. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 21, 2005) is 6762 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'AtomFormat' ** Obsolete normative reference: RFC 2616 (Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235) ** Obsolete normative reference: RFC 2617 (Obsoleted by RFC 7235, RFC 7615, RFC 7616, RFC 7617) -- Possible downref: Non-RFC (?) normative reference: ref. 'XOXO' Summary: 6 errors (**), 0 flaws (~~), 2 warnings (==), 11 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group R. Sayre 3 Internet-Draft October 21, 2005 4 Expires: April 24, 2006 6 The Atom Publishing Protocol (Basic) 7 draft-sayre-atompub-protocol-basic-04.txt 9 Status of this Memo 11 By submitting this Internet-Draft, each author represents that any 12 applicable patent or other IPR claims of which he or she is aware 13 have been or will be disclosed, and any of which he or she becomes 14 aware will be disclosed, in accordance with Section 6 of BCP 79. 15 This document may not be modified, and derivative works of it may not 16 be created. This document may only be posted in an Internet-Draft. 18 Internet-Drafts are working documents of the Internet Engineering 19 Task Force (IETF), its areas, and its working groups. Note that 20 other groups may also distribute working documents as Internet- 21 Drafts. 23 Internet-Drafts are draft documents valid for a maximum of six months 24 and may be updated, replaced, or obsoleted by other documents at any 25 time. It is inappropriate to use Internet-Drafts as reference 26 material or to cite them other than as "work in progress." 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/ietf/1id-abstracts.txt. 31 The list of Internet-Draft Shadow Directories can be accessed at 32 http://www.ietf.org/shadow.html. 34 This Internet-Draft will expire on April 24, 2006. 36 Copyright Notice 38 Copyright (C) The Internet Society (2005). 40 Abstract 42 This memo presents a protocol that uses XML and HTTP to publish and 43 edit Web resources. 45 Editorial Note 47 To provide feedback on this Internet-Draft, join the atom-protocol 48 mailing list . 50 Table of Contents 52 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 53 2. Notational Conventions . . . . . . . . . . . . . . . . . . . 3 54 3. The Atom Publishing Protocol Model . . . . . . . . . . . . . 3 55 4. Collections . . . . . . . . . . . . . . . . . . . . . . . . 6 56 5. Media Collections . . . . . . . . . . . . . . . . . . . . . 8 57 6. Service Outlines . . . . . . . . . . . . . . . . . . . . . . 9 58 7. Security Considerations . . . . . . . . . . . . . . . . . . 11 59 8. Normative References . . . . . . . . . . . . . . . . . . . . 12 60 Author's Address . . . . . . . . . . . . . . . . . . . . . . 13 61 A. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 13 62 B. Change History . . . . . . . . . . . . . . . . . . . . . . . 13 63 Intellectual Property and Copyright Statements . . . . . . . 14 65 1. Introduction 67 The Atom Publishing Protocol (APP) protocol uses HTTP [RFC2616] and 68 XML [W3C.REC-xml-20040204] to publish and edit Web resources. 70 2. Notational Conventions 72 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 73 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 74 document are to be interpreted as described in [RFC2119]. 76 The APP namespace is "http://purl.org/atom/app#". This specification 77 refers to it by using the prefix "pub", but that prefix is arbitrary. 79 The terms 'URI' and 'IRI' are shorthand for the identifiers specified 80 in [RFC3986] and [RFC3987]. 82 3. The Atom Publishing Protocol Model 84 The APP operates on collections of Web resources. The patterns of 85 interaction are based on the common HTTP verbs. This section 86 illustrates the editing cycle for Atom entries. 88 o GET is used to retrieve a representation of a resource or perform 89 a read-only query. 90 o POST is used to create a new, dynamically-named resource. 91 o PUT is used to update a known resource. 92 o DELETE is used to remove a resource. 94 3.1 Collections 96 The APP groups resources into "Collections", which are analogous to 97 the "folders" or "directories" found in many file systems. 99 3.2 Discovery 101 To discover the location of the collections exposed by an APP 102 service, the client must locate and request a Service Outline 103 (Section 6). Service Outlines describe the layout of an APP service. 105 Client Server 106 | | 107 | 1.) GET Outline URI | 108 |------------------------------->| 109 | | 110 | 2.) Service Outline Doc | 111 |<-------------------------------| 112 | | 113 1. The client sends a GET request to the Service Outline Resource. 114 2. The server responds with a Service Outline Document containing 115 the locations of collections provided by the service. The 116 content of this document can vary based on aspects of the client 117 request, including, but not limited to, authentication 118 credentials. 120 3.3 Listing 122 Once the client has discovered the location of a collection in the 123 outline, it can request a listing of the collection's membership. 124 However, collections might be extremely large, so servers are likely 125 to list a small subset of the collection by default. 127 Client Server 128 | | 129 | 1.) GET to Collection URI | 130 |------------------------------->| 131 | | 132 | 2.) 200 OK, Atom Feed Doc | 133 |<-------------------------------| 134 | | 136 1. The client sends a GET request to the Collection's URI. 137 2. The server responds with an Atom Feed Document containing a full 138 or partial listing of the collection's membership. 140 3.4 Authoring 142 After locating a collection, a client can add entries by sending a 143 request to the collection; other changes are accomplished by sending 144 HTTP requests to its member resources. 146 3.4.1 Create 148 Client Server 149 | | 150 | 1.) POST to Collection URI | 151 |------------------------------->| 152 | | 153 | 2.) 201 Created @ Location | 154 |<-------------------------------| 155 | | 157 1. The client sends a representation of a member to the server via 158 HTTP POST. The Request URI is that of the Collection. 160 2. The server responds with a response of "201 Created" and a 161 "Location" header containing the URI of the newly-created 162 resource. 164 3.4.2 Read 166 Client Server 167 | | 168 | 1.) GET or HEAD to Member URI | 169 |------------------------------->| 170 | | 171 | 2.) 200 OK Atom Entry | 172 |<-------------------------------| 173 | | 175 1. The client sends a GET (or HEAD) request to the member's URI. 176 2. The server responds with an Atom Entry document. 178 3.4.3 Update 180 Client Server 181 | | 182 | 1.) PUT to Member URI | 183 |------------------------------->| 184 | | 185 | 2.) 200 OK | 186 |<-------------------------------| 187 | | 189 1. The client PUTs an updated representation to the member's URI. 190 2. The server responds with a representation of the member's new 191 state. 193 3.4.4 Delete 195 Client Server 196 | | 197 | 1.) DELETE to Member URI | 198 |------------------------------->| 199 | | 200 | 2.) 204 No Content | 201 |<-------------------------------| 202 | | 204 1. The client sends a DELETE request to the member's URI. 205 2. The server responds with successful status code. 207 3.5 Success and Failure 209 HTTP defines classes of response. HTTP status codes of the form 2xx 210 signal that a request was successful. HTTP status codes of the form 211 4xx or 5xx signal that an error has occurred, and the request has 212 failed. Consult the HTTP specification for more detailed definitions 213 of each status code. 215 4. Collections 217 An Atom Collection is a set of related resources represented by one 218 or more Atom Feed documents [AtomFormat]. 220 4.1 GET 222 Collections can contain extremely large numbers of resources. A 223 naive client such as a web spider or web browser would be overwhelmed 224 if the response to a GET reflected the full membership of the 225 collection, and the server would waste large amounts of bandwidth and 226 processing time on clients unable to handle the response. As a 227 result, responses to a simple GET request represent a server- 228 determined subset of the collection's membership. 230 An example collection feed: 232 234 My Posts1 235 urn:uuid:ce61592c-14e2-4557-978e-dfbd444aefa6 236 2005-12-21T04:11:00-08:00 237 238 239 title 25 240 2005-12-21T04:11:00-08:00 241 242 Foo 243 244 urn:uuid:941e12b4-6eeb-4753-959d-0cbc51875387 245 246 247 248 ... 249 251 Each member is represented by an Atom Entry, but those entries are 252 not an editable representation of the entry. To retrieve the source 253 representation of the entry, clients send a GET request to the URI 254 found in each entry's pub:edit element (see Section 4.3.1). Derived 255 resources are located by examining an entry's atom:link elements. 257 4.2 POST 259 A Collection resource also accepts POST requests. The client POSTs a 260 representation of the desired resource to the Collection Resource. 261 Some collections only allow members with certain media-types, so a 262 POST MAY generate a response with a status code of 415 ("Unsupported 263 Media Type"). In the case of a successful creation, the status code 264 MUST be 201 ("Created"). 266 Example request creating a resource in a collection. 268 POST /collection HTTP/1.1 269 Host: example.org 270 User-Agent: Cosimo/1.0 271 Content-Type: application/atom+xml 272 Content-Length: nnnn 274 ...data... 276 Example response. 278 HTTP/1.1 201 Created 279 Date: Mon, 21 Mar 2005 19:20:19 GMT 280 Server: CountBasic/2.0 281 ETag: "4c083-268-423f1dc6" 282 Location: http://example.org/stuff/foo13241234.atom 284 4.3 Entry Collections 286 Entry Collections are Collections that restrict their membership to 287 Atom entries. The entries are edited by sending HTTP requests to the 288 URI found in an individual entry's pub:edit element. Servers can 289 determine the processing necessary to interpret a request by 290 examining the request's HTTP method. It is probably unwise to change 291 the value atom:id when issuing a PUT request. 293 4.3.1 The 'pub:edit' Element 295 The pub:edit element has one attribute, 'href'. The value of this 296 attribute is an IRI reference interpreted relative to xml:base. 298 4.3.2 The 'pub:control' Element 300 The pub:control element is used to persist editing information and 301 contains arbitrary markup. 303 5. Media Collections 305 Media Collections are Collections that do not have uniform 306 restrictions on the representations of the member resources. For 307 example, they might contain JPEG images, text documents, MPEG movies, 308 and any other type of resource the server allows. 310 5.1 GET 312 Media Collections return an Atom feed much like Entry Collections, 313 but with a few additions. The listing MUST also contain an atom: 314 content element with a 'src' attribute pointing to the media 315 resource. This URI can be used to edit the uploaded media resource, 316 using PUT and DELETE. 318 Such entries MAY contain pub:edit elements used to edit the entry 319 metadata. As with other collection members, derived resources can be 320 located by inspecting an entry's atom:link elements. 322 An example Media Collection feed: 324 326 My Posts1 327 328 Foo 329 330 urn:uuid:ce61592c-14e2-4557-978e-dfbd444aefa6 331 2005-12-21T04:11:00-08:00 332 333 334 title 25 335 2005-12-21T04:11:00-08:00 336 urn:uuid:941e12b4-6eeb-4753-959d-0cbc51875387 337 338 340 this was awesome 341 342 343 ... 344 346 The Atom Syndication Format requires that each such entry contain an 347 atom:title and atom:summary element. This requirement can be 348 challenging to meet without requiring users to enter tedious 349 metadata, but servers SHOULD attempt to provide textual data about 350 the resource in the interests of accessibility. The atom:title 351 element will likely be provided by the client, as way for users to 352 associate their local resources with those they have uploaded to the 353 server (see POST below). 355 5.2 POST 357 To create media resources, clients POST the resource to the Media 358 Collection's URI. Clients SHOULD provide a 'Title' request header to 359 provide the server with a short string identifying the resource to 360 users. Clients MAY include a 'Content-Description' header [RFC2045] 361 providing a more complete description of the content. In addition, 362 servers MAY inspect the POSTed entity for additional metadata to be 363 exposed in an atom:entry when listed in a Media Collection. For 364 example, the server might inspect a JPEG file for EXIF headers 365 containing creator data. 367 An example request. 369 POST /collection HTTP/1.1 370 Host: example.org 371 User-Agent: Cosimo/1.0 372 Content-Type: image/jpg 373 Content-Length: nnnn 374 Title: A Trip to the beach 375 Content-Description: It was so fun. 377 ...binary data... 379 An example response. 381 HTTP/1.1 201 Created 382 Date: Mon, 21 Mar 2005 19:20:19 GMT 383 Server: CountBasic/2.0 384 ETag: "4c083-268-423f1dc6" 385 Location: http://example.org/stuff/beach.jpg 387 6. Service Outlines 389 In order for authoring to commence, a client must first discover the 390 capabilities and locations of collections offered. 392 The Service Outline Document is a XOXO outline [XOXO]. The top level 393 list items describe distinct groups of resources offered by the 394 service. For example, a user with an account containing three blogs 395 would have 3 items at the top of the outline. There is no 396 requirement that servers support multiple top-level items, and a 397 collection may appear in more than one location in the document. 399 Clients can read entries contained in a collection by visiting an the 400 URI located in the 'href' attribute of a XOXO outline item. This URI 401 also serves as the location a client POSTs new entries to. The 'rel' 402 attribute of the XHTML anchor element conveys the nature of a 403 collection's member resources. This specification defines two 404 initial values for the 'rel' attribute: 406 o entry 407 o media 409 These values correspond to the two types of collection defined by 410 this specification. Extensibility for 'rel' values is specified in 411 XHTML Modularization [W3C.REC-xhtml-modularization-20010410]. 413 An example Service Outline: 415 451 7. Security Considerations 453 APP relies on HTTP Authentication. See [RFC2617] for a more detailed 454 description of the security properties of HTTP Authentication. 456 8. Normative References 458 [AtomFormat] 459 Nottingham, M. and R. Sayre, "The Atom Syndication 460 Format", work-in-progress, August 2005. 462 [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 463 Extensions (MIME) Part One: Format of Internet Message 464 Bodies", RFC 2045, November 1996. 466 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 467 Requirement Levels", BCP 14, RFC 2119, March 1997. 469 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., 470 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext 471 Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. 473 [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., 474 Leach, P., Luotonen, A., and L. Stewart, "HTTP 475 Authentication: Basic and Digest Access Authentication", 476 RFC 2617, June 1999. 478 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 479 Resource Identifier (URI): Generic Syntax", STD 66, 480 RFC 3986, January 2005. 482 [RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource 483 Identifiers (IRIs)", RFC 3987, January 2005. 485 [W3C.REC-xhtml-modularization-20010410] 486 Altheim, M., Boumphrey, F., McCarron, S., Dooley, S., 487 Schnitzenbaumer, S., and T. Wugofski, "Modularization of 488 XHTML", W3C REC REC-xhtml-modularization-20010410, 489 April 2001. 491 [W3C.REC-xml-20040204] 492 Yergeau, F., Paoli, J., Sperberg-McQueen, C., Bray, T., 493 and E. Maler, "Extensible Markup Language (XML) 1.0 (Third 494 Edition)", W3C REC REC-xml-20040204, February 2004. 496 [XOXO] Marks, K., Celik, T., Pilgrim, M., and M. Peterson, "XOXO 497 1.0: Extensible Open XHTML Outlines", October 2004. 499 Author's Address 501 Robert Sayre 503 Email: rfsayre@boswijck.com 504 URI: http://boswijck.com 506 Appendix A. Contributors 508 This draft is a variant of the in-progress Atom Publishing Protocol 509 specification from the IETF Atompub WG, and owes a debt to the WG's 510 members. 512 Appendix B. Change History 514 -04: Add pub:control element. 515 Reword collection POST. 516 Prophesize about atom:id. 517 -03: Remove search/query capabilities added in -02 518 Drop round-tripping. Most of them were writable, some folks 519 wanted to edit atom:updated, that leaves atom:id, and that seems 520 foolish to try and edit, so go ahead and try it if you think you 521 can. 522 Drop ordering... let the server pop things up if it wants to. 523 -02: Add search/query capabilities. 524 -01: Split from WG draft, cut SOAP, and much other cruft. 525 -interlude: Becomes WG draft. 526 -00: Split from WG draft 528 Intellectual Property Statement 530 The IETF takes no position regarding the validity or scope of any 531 Intellectual Property Rights or other rights that might be claimed to 532 pertain to the implementation or use of the technology described in 533 this document or the extent to which any license under such rights 534 might or might not be available; nor does it represent that it has 535 made any independent effort to identify any such rights. Information 536 on the procedures with respect to rights in RFC documents can be 537 found in BCP 78 and BCP 79. 539 Copies of IPR disclosures made to the IETF Secretariat and any 540 assurances of licenses to be made available, or the result of an 541 attempt made to obtain a general license or permission for the use of 542 such proprietary rights by implementers or users of this 543 specification can be obtained from the IETF on-line IPR repository at 544 http://www.ietf.org/ipr. 546 The IETF invites any interested party to bring to its attention any 547 copyrights, patents or patent applications, or other proprietary 548 rights that may cover technology that may be required to implement 549 this standard. Please address the information to the IETF at 550 ietf-ipr@ietf.org. 552 The IETF has been notified of intellectual property rights claimed in 553 regard to some or all of the specification contained in this 554 document. For more information consult the online list of claimed 555 rights. 557 Disclaimer of Validity 559 This document and the information contained herein are provided on an 560 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 561 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 562 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 563 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 564 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 565 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 567 Copyright Statement 569 Copyright (C) The Internet Society (2005). This document is subject 570 to the rights, licenses and restrictions contained in BCP 78, and 571 except as set forth therein, the authors retain all their rights. 573 Acknowledgment 575 Funding for the RFC Editor function is currently provided by the 576 Internet Society.