Network Working Group C. Daboo Internet-Draft October 16, 2005 Expires: April 19, 2006 vCard Extensions to WebDAV (CardDAV) draft-daboo-carddav-00 Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 19, 2006. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This document specifies a set of methods, headers and resource types that define an extension to the WebDAV protocol to support vCard data stored as address books on the server. The new protocol elements are intended to make WebDAV-based address book management an intereropable standard that supports address book access, address book sharing, and address book publishing. Change History (to be removed prior to publication as an RFC) Daboo Expires April 19, 2006 [Page 1] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 Initial document Table of Contents 1. Introduction and Overview . . . . . . . . . . . . . . . . . . 4 1.1. IMSP . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2. ACAP . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.3. LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.4. WebDAV for Address Books . . . . . . . . . . . . . . . . . 6 1.5. vCard . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.1. Notational Conventions . . . . . . . . . . . . . . . . . . 6 2.2. XML Namespaces . . . . . . . . . . . . . . . . . . . . . . 7 2.3. Method Preconditions and Postconditions . . . . . . . . . 7 3. Required CardDAV features . . . . . . . . . . . . . . . . . . 8 4. Capability Discovery . . . . . . . . . . . . . . . . . . . . . 8 4.1. CardDAV Server Support . . . . . . . . . . . . . . . . . . 8 4.1.1. Example: Using OPTIONS for the Discovery of Support for CardDAV . . . . . . . . . . . 9 5. Address Book Resources . . . . . . . . . . . . . . . . . . . . 9 5.1. Address Book Data Model . . . . . . . . . . . . . . . . . 9 5.1.1. Address Book Server . . . . . . . . . . . . . . . . . 10 5.2. Address Book Collection . . . . . . . . . . . . . . . . . 10 5.2.1. CARDDAV:adbk-description Property . . . . . . . . . . 11 5.3. vCard Object Resource Restrictions in Address Book Collections . . . . . . . . . . . . . . . . . . . . . . . 11 5.4. Creating Resources . . . . . . . . . . . . . . . . . . . . 12 5.4.1. MKADBK Method . . . . . . . . . . . . . . . . . . . . 12 5.4.2. Creating vCard Object Resources . . . . . . . . . . . 15 6. Address Book Reports . . . . . . . . . . . . . . . . . . . . . 16 6.1. REPORT Method . . . . . . . . . . . . . . . . . . . . . . 17 6.2. Reports on collections containing address book collections . . . . . . . . . . . . . . . . . . . . . . . 17 6.3. CARDDAV:adbk-query Report . . . . . . . . . . . . . . . . 17 6.3.1. Example: Partial retrieval of vCards matching a NICKNAME . . . . . . . . . . . . . . . . . . . . . . . 18 6.3.2. Example: Partial retrieval of vCards matching a full name . . . . . . . . . . . . . . . . . . . . . . 20 6.4. CARDDAV:adbk-multiget Report . . . . . . . . . . . . . . . 23 6.4.1. Example: CARDDAV:adbk-multiget Report . . . . . . . . 23 6.5. CARDDAV:adbk-sync Report . . . . . . . . . . . . . . . . . 25 6.5.1. Example: Initial CARDDAV:adbk-sync Report . . . . . . 27 6.5.2. Example: CARDDAV:adbk-sync Report with token . . . . . 28 7. Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . 29 7.1. Restrict the Properties Returned . . . . . . . . . . . . . 29 7.2. Use of Locking . . . . . . . . . . . . . . . . . . . . . . 30 7.3. Finding address books . . . . . . . . . . . . . . . . . . 30 Daboo Expires April 19, 2006 [Page 2] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 8. XML Element Definitions . . . . . . . . . . . . . . . . . . . 31 8.1. CARDDAV:adbk-query XML Element . . . . . . . . . . . . . . 31 8.2. CARDDAV:adbk-data XML Element . . . . . . . . . . . . . . 31 8.2.1. CARDDAV:comp XML Element . . . . . . . . . . . . . . . 31 8.2.2. CARDDAV:allcomp XML Element . . . . . . . . . . . . . 32 8.2.3. CARDDAV:allprop XML Element . . . . . . . . . . . . . 32 8.2.4. CARDDAV:prop XML Element . . . . . . . . . . . . . . . 32 8.3. CARDDAV:filter XML Element . . . . . . . . . . . . . . . . 33 8.3.1. CARDDAV:comp-filter XML Element . . . . . . . . . . . 33 8.3.2. CARDDAV:prop-filter XML Element . . . . . . . . . . . 34 8.3.3. CARDDAV:param-filter XML Element . . . . . . . . . . . 34 8.3.4. CARDDAV:is-defined XML Element . . . . . . . . . . . . 34 8.3.5. CARDDAV:text-match XML Element . . . . . . . . . . . . 35 8.4. CARDDAV:adbk-multiget XML Element . . . . . . . . . . . . 35 8.5. CARDDAV:adbk-sync XML Element . . . . . . . . . . . . . . 35 8.5.1. CARDDAV:sync-token XML Element . . . . . . . . . . . . 36 9. Internationalization Considerations . . . . . . . . . . . . . 36 10. Security Considerations . . . . . . . . . . . . . . . . . . . 36 11. IANA Consideration . . . . . . . . . . . . . . . . . . . . . . 37 11.1. Namespace Registration . . . . . . . . . . . . . . . . . . 37 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 37 12.1. Normative References . . . . . . . . . . . . . . . . . . . 37 12.2. Informative References . . . . . . . . . . . . . . . . . . 38 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 38 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 39 Intellectual Property and Copyright Statements . . . . . . . . . . 40 Daboo Expires April 19, 2006 [Page 3] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 1. Introduction and Overview Address books are a key component of personal information management tools, such as email or calendaring and scheduling clients. To date several protocols have been used for remote access to address data, including LDAP [RFC2251], IMSP and ACAP [RFC2244]. 1.1. IMSP IMSP, which was the predessor to ACAP [RFC3253], received limited support from vendors, but those that did implement solutions based on it, found it to be a useful feature for large deployments of email clients at sites where users may roam from machine to machine. IMSP provided for multiple personal, shared or public address books, organised in a hierarchy, and gave individual users the ability to control access to their address books so that they could grant read or write access rights to other specific users or groups. This provided an easy and convenient way for users or workgroups to quickly setup and manage shared address information. Address book support in IMSP suffers from a number of problems, including a limited format for the address data itself, and scalability issues with large address books. The key features of address book support in IMSP are: 1. Ability to use multiple address books with hierarchical layout. 2. Ability to control access to individual address books. 3. Server-side searching of address data, avoiding the need for clients to download an entire address book in order to do a quick address 'expansion' operation. 4. Ability to download/upload an individual address in and address book. The key disadvantages of address book support in IMSP are: 1. Limited schema for address data. 2. Does not scale to large address books (e.g. no way to page through the list of addresses in an address book). 3. Does not provide any type of synchronisation capability, which easily leads to 'lost update' problems when multiple users are editing the same address book entries. 4. Lack of internationalisation support. 5. Does not provide per-address access control 6. Does not provide a simple way to lookup users on the system. 1.2. ACAP ACAP [RFC3253] was meant as the successor to IMSP and as such was designed to be a more 'generic' data access protocol for general application use. ACAP defined specific 'datasets' (basically formal Daboo Expires April 19, 2006 [Page 4] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 schema definitions) for different anticipated areas of use, including address books, email accounts, application preferences, mime types etc. The use of such formal schema defintions was intended to enhance interoperability between clients. However, ACAP proved difficult to implement due to over complexity in the protocol itself, and this lead to few implementations. The key features of address book support in ACAP are: 1. Ability to use multiple address books with hierarchical layout. 2. Ability to control access to individual address books and address entries. 3. Server-side searching of address data, avoiding the need for clients to download an entire address book in order to do a quick address 'expansion' operation. 4. Ability to inherit address book data from others. 5. Ability to watch changes in address book data through use of 'contexts'. 6. Ability to page through address book data through use of 'contexts'. 7. Internationalisation support through use of utf8 for all data. 8. Well defined address schema to enhance client interoperability. 9. Compatability with vCard data format. 10. Users and groups dataset can be used to enumerate and find other users on the system. The key disadvantages of address book support in ACAP are: 1. Inheritance, access control and contexts all together is hard, and ultimately proved one of the major hurdles to implementations. 1.3. LDAP LDAP [RFC2251] is a generic directory access protocol that is specifically targeted at management applications and browser applications that provide read/write interactive access to directories. Often such directories contain information about people, including contact/address data. The key features of address book support in LDAP are: 1. To do The key disadvantages of address book support in LDAP are: 1. Lack of schemas require overly complex client configuration to map expected fields in the client to directory entries in the server. 2. General reluctance to give 'ordinary' users write access to even a small portion of the directory as often senstive information is included in directory entries and a small mistake in configuring Daboo Expires April 19, 2006 [Page 5] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 access control can lead to a major security breach. 1.4. WebDAV for Address Books WebDAV offers a number of advantages as a framework or basis for address book access and management. Most of these advantages boil down to a significant reduction in design costs, implementation costs, interoperability test costs and deployment costs. The key features of address book support with WebDAV are: 1. Ability to use multiple address books with hierarchical layout. 2. Ability to control access to individual address books and address entries. 3. Principal namespace can be used to enumerate and find other users on the system. 4. Server-side searching of address data, avoiding the need for clients to download an entire address book in order to do a quick address 'expansion' operation. 5. Well-defined internationalisation support through standard HTTP. 6. Use of vCards for well defined address schema to enhance client interoperability. 7. Many limited clients (e.g. mobile devices) contain an HTTP stack which makes implementing WebDAV much easier than other protocols. The key disadvantages of address book support in WebDAV are: 1. Lack of change notification. 2. Stateless nature of protocol can result in more data being sent with each transaction to maintain per-user session across requests. 1.5. vCard vCard [RFC2426] is a MIME directory profile aimed at encapsulating personal addressing and contact information about people. The specification of vCard was originally done by the Versit consortium, with a subsequent 3.0 version standardised by the IETF [RFC2426]. vCard is in wide spread use in email clients and mobile devices as a means of encapsulating address information for transport via email, or for import/export and synchronization operations. 2. Conventions 2.1. Notational Conventions The augmented BNF used by this document to describe protocol elements is described in Section 2.1 of [RFC2616]. Because this augmented BNF uses the basic production rules provided in Section 2.2 of [RFC2616], Daboo Expires April 19, 2006 [Page 6] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 those rules apply to this document as well. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. The term "protected" is used in the Conformance field of property definitions as defined in Section 1.4.2 of RFC3253 [RFC3253]. When XML element types in the namespaces "DAV:" and "urn:ietf:params:xml:ns:carddav" are referenced in this document outside of the context of an XML fragment, the string "DAV:" and "CARDDAV:" will be prefixed to the element type names respectively. 2.2. XML Namespaces Definitions of XML elements in this document use XML element type declarations (as found in XML Document Type Declarations), described in Section 3.2 of [REC-XML]. The namespace "urn:ietf:params:xml:ns:carddav" is reserved for the XML elements defined in this specification, its revisions, and related CardDAV specifications. It MUST NOT be used for proprietary extensions. Note that the XML declarations used in this document are incomplete, in that they do not include namespace information. Thus, the reader MUST NOT use these declarations as the only way to create valid CardDAV properties or to validate CardDAV XML element type. Some of the declarations refer to XML elements defined by WebDAV which use the "DAV:" namespace. Wherever such elements appear, they are explicitly given the "DAV:" prefix to help avoid confusion. Also note that some CardDAV XML element names are identical to WebDAV XML element names, though their namespace differs. Care MUST be taken not to confuse the two sets of names. 2.3. Method Preconditions and Postconditions A "precondition" of a method describes the state of the server that must be true for that method to be performed. A "postcondition" of a method describes the state of the server that must be true after that method has been completed. If a method precondition or postcondition for a request is not satisfied, the response status of the request MUST be either 403 (Forbidden) if the request should not be repeated because it will always fail, or 409 (Conflict) if it is expected that the user might be able to resolve the conflict and resubmit the request. Daboo Expires April 19, 2006 [Page 7] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 In order to allow better client handling of 403 and 409 responses, a distinct XML element type is associated with each method precondition and postcondition of a request. When a particular precondition is not satisfied or a particular postcondition cannot be achieved, the appropriate XML element MUST be returned as the child of a top-level DAV:error element in the response body, unless otherwise negotiated by the request. In a 207 Multi-Status response, the DAV:error element would appear in the appropriate DAV:responsedescription element. 3. Required CardDAV features This section lists what functionality is required of a CardDAV server. To advertise support for the 'adbk-access' features of CardDAV, a server: o MUST support WebDAV Class 1 and 2 (all of RFC2518 [RFC2518] including locking). o MUST support WebDAV ACLs [RFC3744]. o MUST support SSL. o MUST support strong ETags to support disconnected operations. o MUST support address book REPORTs as described in this document. o MUST support MKADBK. To advertise support for the 'adbk-sync' features of CardDAV, a server: o MUST support the 'adbk-access' features described above. o MUST support the 'adbk-sync' REPORT on address book collections. In addition, a server: o MAY support WebDAV DeltaV [RFC3253] or some of its components. 4. Capability Discovery 4.1. CardDAV Server Support If the server supports the CardDAV features described in this document, it MUST include "adbk-access" as a field in the DAV response header from an OPTIONS request on any resource that supports any address book properties, reports, or methods. A value of "adbk- access" in the DAV header MUST indicate that the server supports all MUST level requirements and REQUIRED features specified in this document. CardDAV includes a special report to allow better client/server Daboo Expires April 19, 2006 [Page 8] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 synchronization performance. Support for this featrure is OPTIONAL, though RECOMMENDED. If a server supports this feature then it MUST include "adbk-sync" as a field in the DAV response header from an OPTIONS request on any address book collection resource that supports the report. 4.1.1. Example: Using OPTIONS for the Discovery of Support for CardDAV >> Request << OPTIONS /addressbooks/users/ HTTP/1.1 Host: adbk.example.com >> Response << HTTP/1.1 200 OK Allow: OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, COPY, MOVE Allow: MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, REPORT Allow: MKADBK, ACL DAV: 1, 2, access-control, adbk-access Content-Length: 0 In this example, the OPTIONS response indicates that the server supports CardDAV in this namespace, therefore the '/addressbooks/ users/' collection may be used as a parent for address book collections as the MKADBK method is available, and as a possible target for REPORT requests for address book reports. 5. Address Book Resources 5.1. Address Book Data Model One of the features which has made WebDAV a successful protocol is its firm data model. This makes it a useful framework for other applications such as address books. This specification attempts to follow the same pattern by developing all new features based on a well-described data model. In the CardDAV data model, every VCARD component is stored as an individual HTTP/WebDAV resource - a 'vCard object resource'. That means each vCard object resource may be individually locked and have individual WebDAV properties. These resources are placed into WebDAV collections with a mostly-fixed structure. Daboo Expires April 19, 2006 [Page 9] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 5.1.1. Address Book Server A CardDAV server is a vCard-aware engine combined with a WebDAV repository. A WebDAV repository is a set of WebDAV collections, containing other WebDAV resources, within a unified URL namespace. For example, the repository "http://example.org/webdav/" may contain WebDAV collections and resources, all of which have URLs beginning with "http://example.org/webdav/". Note that the root URL "http://example.org/" may not itself be a WebDAV repository (for example, if the WebDAV support is implemented through a servlet or other Web server extension). A WebDAV repository MAY include address book data in some parts of its URL namespace, and non-address book data in other parts. A WebDAV repository can advertise itself as a CardDAV server if it supports the functionality defined in this specification at any point within the root of the repository. That might mean that vCard data is spread throughout the repository and mixed with non-vCard data in nearby collections (e.g. vCard data may be found in /lisa/ addressbook/ as well as in /bernard/addressbook/, and non-vCard data in /lisa/calendars/). Or, it might mean that vCard data can be found only in certain sections of the repository (e.g. /addressbooks/ user/). Address book features are only required in the repository sections that are or contain vCard objects. So a repository confining vCard data to the /carddav/ collection would only need to support the CardDAV required features within that collection. The CardDAV server or repository is the canonical location for vCard data and state information. Both CardDAV servers and clients MUST ensure that the data is consistent and compliant. Clients may submit requests to change data or download data. Clients may store vCard objects offline and attempt to synchronize at a later time. However, clients MUST be prepared for vCard data on the server to change between the time of last synchronization and when attempting an update, as address book collections may be shared and accessible via multiple clients. HTTP ETags and other features help this work. 5.2. Address Book Collection CardDAV defines the following new resource type for use in WebDAV repositories holding vCard data. Address book collections appear to clients as a WebDAV resource collection, identified by a URL. An address book collection MUST report the DAV:collection and CARDDAV:adbk XML elements in the value of the DAV:resourcetype property. The element type declaration for CARDDAV:adbk is: Daboo Expires April 19, 2006 [Page 10] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 An address book collection contains resources that represent the vCard objects within an address book. An address book collection may be created through provisioning (e.g. automatically created when a user's account is created), or it may be created through MKADBK (see Section 5.4.1). This can be useful for a user to create a second address book (e.g. "family") or for users to share an address book (e.g. "soccer team"). Note however that this document doesn't define what extra address book collections are for, users must rely on non- standard cues to find out what an address book collection is for, or use the CARDDAV:adbk-description property defined in Section 5.2.1 to provide such a cue. Address book collections MUST NOT contain other address book collections. Multiple address book collections MAY be children of the same WebDAV collection. An address book collection MAY contain additional collections and non-collection resources of types not defined here. How such items are used is not defined by this specification. However, additional collections contained in an address book collection MUST NOT contain address book collections. 5.2.1. CARDDAV:adbk-description Property Name: adbk-description Namespace: urn:ietf:params:xml:ns:carddav Purpose: Provides a description for the resource that is suitable for presentation to a user. Description: The CARDDAV:adbk-description property MAY be defined on any address book collection resource. If present, the property contains a description of the resource that is suitable for presentation to the user in some form. 5.3. vCard Object Resource Restrictions in Address Book Collections vCard object resources contained in address book collections MUST contain a single VCARD component only. vCard components in an address book collection MUST have a UID property value that MUST be unique in the scope of the address book collection, and all its descendant collections, in which the vCard object resource is contained. Daboo Expires April 19, 2006 [Page 11] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 5.4. Creating Resources The creation of address book collections and vCard object resources may be initiated by either a CardDAV client or by the CardDAV server. For example, a server might come preconfigured with a user's address book collection, or the CardDAV client might request the server to create a new address book collection for a given user. Servers might populate vCard objects inside an address book collection, or clients might request the server to create vCards. Either way, both client and server MUST comply with the requirements in this document, and MUST understand objects appearing in address book collections or according to the data model defined here. 5.4.1. MKADBK Method An HTTP request using the MKADBK method creates a new address book collection resource. Clients SHOULD use the DAV:displayname property for a human-readable name of the address book. Clients can either specify the value of the DAV:displayname property in the request body of the MKADBK request, or alternatively issue a PROPPATCH request to change the DAV:displayname property to the appropriate value immediately after issuing the MKADBK request. Clients SHOULD NOT set the DAV: displayname property to be the same as any other calendar collection at the same URI "level". When displaying address book collections to users, clients SHOULD check the DAV:displayname property and use that value as the name of the address book. In the event that the DAV: displayname property is empty, the client MAY use the last part of the address book collection URI as the name. If a MKADBK request fails, the server state preceding the request MUST be restored. Marshalling: If a request body is included, it MUST be a CARDDAV:mkadbk XML element. Instruction processing MUST occur in the order instructions are received (i.e., from top to bottom). Instructions MUST either all be executed or none executed. Thus if any error occurs during processing all executed instructions MUST be undone and a proper error result returned. Instruction processing details can be found in the definition of the DAV:set instruction in section 12.13 of [RFC2518]. Daboo Expires April 19, 2006 [Page 12] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 If a response body for a successful request is included, it MUST be a CARDDAV:mkadbk-response XML element. The response MUST include a Cache-Control:no-cache header. Preconditions: (DAV:resource-must-be-null): A resource MUST NOT exist at the Request-URI. (CARDDAV:adbk-collection-location-bad): The Request-URI MUST identify a location where an address book collection can be created. (CARDDAV:insufficient-privilege): The DAV:bind privilege MUST be granted to the current user. Postconditions: (CARDDAV:initialize-adbk-collection): A new address book collection exists at the Request-URI. The DAV:resourcetype of the address book collection MUST contain both DAV:collection and CARDDAV:adbk XML elements. 5.4.1.1. Status Codes 201 (Created) - The address book collection resource was created in its entirety. 207 (Multi-Status) - The address book collection resource was not created since one or more DAV:set instructions specified in the request body could not be processed successfully. The following are examples of response codes one would expect to be used in a 207 (Multi-Status) response: 403 (Forbidden) - The client, for reasons the server chooses not to specify, cannot alter one of the properties. 409 (Conflict) - The client has provided a value whose semantics are not appropriate for the property. This includes trying to set read-only properties. 424 (Failed Dependency) - The DAV:set instruction on the specified resource would have succeeded if it were not for the failure of another DAV:set instruction specified in the request body. 423 (Locked) - The specified resource is locked and the client either is not a lock owner or the lock type requires a lock token to be submitted and the client did not submit it. 507 (Insufficient Storage) - The server did not have sufficient space to record the property. 403 (Forbidden) - This indicates at least one of two conditions: 1) Daboo Expires April 19, 2006 [Page 13] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 the server does not allow the creation of address book collections at the given location in its namespace, or 2) the parent collection of the Request-URI exists but cannot accept members. 405 (Method Not Allowed) - MKADBK can only be executed on a null resource. 409 (Conflict) - A collection cannot be made at the Request-URI until one or more intermediate collections have been created. 415 (Unsupported Media Type)- The server does not support the request type of the body. 507 (Insufficient Storage) - The resource does not have sufficient space to record the state of the resource after the execution of this method. 5.4.1.2. Example - MKADBK >> Request << MKADBK /home/lisa/addressbook/ HTTP/1.1 Host: adbk.example.com Content-Type: text/xml; charset="utf-8" Content-Length: xxx Lisa's Address Book My primary address book. >> Response << HTTP/1.1 201 Created Date: Fri, 22 Oct 2004 12:17:08 GMT Content-Length: 0 Cache-Control: no-cache In this example, a new address book collection is created at http://adbk.example.com/home/lisa/addressbook/ Daboo Expires April 19, 2006 [Page 14] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 5.4.2. Creating vCard Object Resources Clients typically populate address book collections with vCard object resources. The URL for each vCard object resource is entirely arbitrary, and does not need to bear a specific relationship (but might) to the vCard object resource's full name, UID or other metadata. A new vCard object resource must have a unique URL, otherwise the new component would instead be an update to an existing vCard object resource. When servers create new resources, it's not hard for the server to choose a unique URL. It's slightly tougher for clients, because a client might not want to examine all resources in the collection, and might not want to lock the entire collection to ensure that a new one isn't created with a name collision. However, there are http features to mitigate this. If the client intends to create a new vCard resource the client SHOULD use the HTTP header "If-None-Match: *" on the PUT request. The Request-URI on the PUT request MUST include the target collection, where the resource is to be created, plus the name of the resource in the last path segment. The last path segment could be a random number, or it could be a sequence number, or a string related to the object's 'full name' property. No matter how the name is chosen, the "If-None-Match" header ensures that the client cannot overwrite an existing resource even if it has accidentally chosen a duplicate resource name. Servers SHOULD return an ETag header containing the actual ETag of the newly created resource on a successful creation. Daboo Expires April 19, 2006 [Page 15] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 >> Request << PUT /lisa/addressbook/newvcard.vcf HTTP/1.1 If-None-Match: * Host: adbk.example.com Content-Type: text/vcard Content-Length: xxx BEGIN:VCARD VERSION:3.0 FN:Cyrus Daboo N:Daboo;Cyrus ADR;TYPE=POSTAL:;2822 Email HQ;Suite 2821;RFCVille;PA;15213;USA EMAIL;TYPE=INTERNET,PREF:cyrus@daboo.name NICKNAME:me NOTE:Example VCard. ORG:Self Employed TEL;TYPE=WORK,VOICE:412 605 0499 TEL;TYPE=FAX:412 605 0705 URL:http://www.daboo.name END:VCARD >> Response << HTTP/1.1 201 Created Date: Thu, 02 Sep 2004 16:53:32 GMT Content-Length: 0 ETag: "123456789-000-111" The request to change an existing vCard is the same, but with a specific ETag in the "If-Match" header, rather than the "If-None- Match" header. File names for vCards are commonly suffixed by ".vcf", and clients may choose to use the same convention for URLs. Preconditions for PUT within address book collections: (CARDDAV:uid-already-exists): The component UID chosen is not unique and the client must choose another if it attempts again. (CARDDAV:invalid-vcard-resource): The vCard object syntax or structure was invalid. 6. Address Book Reports This section defines the reports which a CardDAV server supports on Daboo Expires April 19, 2006 [Page 16] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 address book collections and vCard object resources. Some of these reports are REQUIRED and others are OPTIONAL or RECOMMENDED. CardDAV servers MUST advertise support for all the reports implemented with the DAV:supported-report-set property defined in RFC3253 [RFC3253]. Some of these reports allow vCard data (from possibly multiple resources) to be returned. 6.1. REPORT Method The REPORT method (defined in Section 3.6 of RFC3253 [RFC3253]) provides an extensible mechanism for obtaining information about a resource. Unlike the PROPFIND method, which returns the value of one or more named properties, the REPORT method can involve more complex processing. REPORT is valuable in cases where the server has access to all of the information needed to perform the complex request (such as a query), and where it would require multiple requests for the client to retrieve the information needed to perform the same request. A server that supports adbk-access MUST support the DAV:expand- property report (defined in Section 3.8 of RFC3253 [RFC3253]). 6.2. Reports on collections containing address book collections A WebDAV collection which contains one or more address book collections is not a new type of resource, but it may support these new REPORTs. If so, then the REPORT is expected to have the semantics of including information from all the vCard data contained in the collection, and its children, recursively. These collections may contain non-vCard resources. It's up to the server, if it supports these REPORTs on a normal WebDAV collection, to find vCard object resources and decide what to do with non-vCard resources and whether those may also appear in the collection or its children. If these reports are supported on ordinary collections the server advertises the capability with the DAV:supported-report-set property as already described. 6.3. CARDDAV:adbk-query Report Support for this report is REQUIRED. The CARDDAV:adbk-query REPORT performs a search for all vCard object resources that match a specified search filter. The response of this report will contain all the WebDAV properties and vCard object Daboo Expires April 19, 2006 [Page 17] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 resource data specified in the request. In the case of the CARDDAV: adbk-data XML element, one can explicitly specify the vCard properties that should be returned in the vCard object resource data that matches the search filter. The format of this report is modeled on the PROPFIND method. The request and response bodies of the CARDAV:adbk-query report use XML elements that are also used by PROPFIND. In particular the request can include XML elements to request WebDAV properties to be returned. When that occurs the response should follow the same behavior as PROPFIND with respect to the DAV:multistatus response elements used to return specific property results. For instance, a request to retrieve the value of a property which does not exist is an error and MUST be noted with a response XML element which contains a 404 (Not Found) status value. Support for the CARDDAV:adbk-query REPORT is REQUIRED. Marshalling: The request body MUST be a CARDDAV:adbk-query XML element as defined in Section 8.1. The response body for a successful request MUST be a DAV: multistatus XML element (i.e., the response uses the same format as the response for PROPFIND). In the case where there are no response elements, the returned DAV:multistatus XML element is empty. The response body for a successful CARDDAV:adbk-query REPORT request MUST contain a DAV:response element for each vCard object that matched the search filter. vCard data is being returned in the CARDDAV:adbk-data XML element inside the DAV:propstat XML element. Preconditions: None. Postconditions: (DAV:number-of-matches-within-limits): The number of matching vCard object resources must fall within server-specific, predefined limits. For example, this condition might be triggered if a search specification would cause the return of an extremely large number of responses. 6.3.1. Example: Partial retrieval of vCards matching a NICKNAME In this example, the client requests the server to search for vCard object resources that contain a NICKNAME property whose value equals some specific text, and to return specific vCard properties for those Daboo Expires April 19, 2006 [Page 18] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 vCards found. In addition the DAV:getetag property is also requested and returned as part of the response. >> Request << REPORT /home/bernard/addressbook/ HTTP/1.1 Host: adbk.example.com Depth: 1 Content-Type: text/xml; charset="utf-8" Content-Length: xxxx me Daboo Expires April 19, 2006 [Page 19] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 >> Response << HTTP/1.1 207 Multi-Status Content-Type: text/xml; charset="utf-8" Content-Length: xxxx http://adbk.example.com/home/bernard/addressbook/v102.vcf "23ba4d-ff11fb" BEGIN:VCARD VERSION:3.0 NICKNAME:me UID:34222-232@example.com FN:Cyrus Daboo EMAIL:daboo@example.com END:VCARD HTTP/1.1 200 OK 6.3.2. Example: Partial retrieval of vCards matching a full name In this example, the client requests the server to search for vCard object resources that contain a FN property whose value contains some specific text, and to return specific vCard properties for those vCards found. In addition the DAV:getetag property is also requested and returned as part of the response. Daboo Expires April 19, 2006 [Page 20] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 >> Request << REPORT /home/bernard/addressbook/ HTTP/1.1 Host: adbk.example.com Depth: 1 Content-Type: text/xml; charset="utf-8" Content-Length: xxxx Daboo Daboo Expires April 19, 2006 [Page 21] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 >> Response << HTTP/1.1 207 Multi-Status Content-Type: text/xml; charset="utf-8" Content-Length: xxxx http://adbk.example.com/home/bernard/addressbook/v102.vcf "23ba4d-ff11fb" BEGIN:VCARD VERSION:3.0 NICKNAME:me UID:34222-232@example.com FN:Cyrus Daboo EMAIL:daboo@example.com END:VCARD HTTP/1.1 200 OK http://adbk.example.com/home/bernard/addressbook/v104.vcf "23ba4d-ff11fc" BEGIN:VCARD VERSION:3.0 NICKNAME:oliver UID:34222-23222@example.com FN:Oliver Daboo EMAIL:oliver@example.com END:VCARD HTTP/1.1 200 OK Daboo Expires April 19, 2006 [Page 22] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 6.4. CARDDAV:adbk-multiget Report Support for this report is REQUIRED. The CARDDAV:adbk-multiget REPORT is used to retrieve specific vCard object resources from within a collection, if the Request-URI is a collection, or to retrieve a specific vCard object resource, if the Request-URI is a vCard object resource. This report is similar to the CARDDAV:adbk-query REPORT (see Section 6.3), except that it takes a list of DAV:href elements instead of a CARDDAV:filter element to determine which vCard object resources to return. Support for the adbk-multiget REPORT is REQUIRED. Marshalling: The request body MUST be a CARDDAV:adbk-multiget XML element (see Section 8.4, which MUST contain at least one DAV:href XML element, and one optional CARDDAV:adbk-data element as defined in Section 8.2. If the Request-URI is a collection resource, then the DAV:href elements MUST refer to resources within that collection, and they MAY refer to resources at any depth within the collection. As a result the "Depth" header MUST be ignored by the server and SHOULD NOT be sent by the client. If the Request- URI refers to a non-collection resource, then there MUST be a single DAV:href element that is equal to the Request-URI. The response body for a successful request MUST be a DAV: multistatus XML element. In the case where there are no response elements, the returned DAV:multistatus XML element is empty. The response body for a successful CARDDAV:adbk-multiget REPORT request MUST contain a DAV:response element for each vCard object resource referenced by the provided set of DAV:href elements. vCard data is being returned in the CARDDAV:adbk-data element inside the DAV:prop element. In the case of an error accessing any of the provided DAV:href resources, the server MUST return the appropriate error status code in the DAV:status element of the corresponding DAV:response element. Preconditions: None. Postconditions: None. 6.4.1. Example: CARDDAV:adbk-multiget Report In this example, the client requests the server to return specific properties of the vCards components referenced by specific URIs. In Daboo Expires April 19, 2006 [Page 23] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 addition the DAV:getetag property is also requested and returned as part of the response. Note that in this example, the resource at http://adbk.example.com/home/bernard/addressbook/vcf1.vcf does not exist, resulting in an error status response. >> Request << REPORT /home/bernard/addressbook/ HTTP/1.1 Host: adbk.example.com Content-Type: text/xml; charset="utf-8" Content-Length: xxxx http://adbk.example.com/home/bernard/addressbook/vcf102.vcf http://adbk.example.com/home/bernard/addressbook/vcf1.vcf Daboo Expires April 19, 2006 [Page 24] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 >> Response << HTTP/1.1 207 Multi-Status Content-Type: text/xml; charset="utf-8" Content-Length: xxxx http://adbk.example.com/home/bernard/addressbook/vcf102.vcf "23ba4d-ff11fb" BEGIN:VCARD VERSION:3.0 NICKNAME:me UID:34222-232@example.com FN:Cyrus Daboo EMAIL:daboo@example.com END:VCARD HTTP/1.1 200 OK http://adbk.example.com/home/bernard/addressbook/vcf1.vcf HTTP/1.1 404 Resource not found 6.5. CARDDAV:adbk-sync Report Support for this report is OPTIONAL but RECOMMENDED. The CARDDAV:adbk-sync REPORT is used to provide an overview of what has changed on the server since a previous execution of this report. The primary purpose of this is to aid the client in synchronizing its local cache of data with the server, in an efficient manner with as few round trips as possible. Support for the adbk-sync REPORT is OPTIONAL. If this report is implemented by the CardDAV server, then the server MUST include "carddav-sync" in any DAV: response header to an OPTIONS request as per Section 4.1. If the report is not available, clients MUST NOT Daboo Expires April 19, 2006 [Page 25] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 attempt to execute one. To implement the behaviour for this report a server needs to keep track of changes to vCard data in an address book collection. This includes noting the addition of new vCards, noting changes to vCards and noting removal of vCards (where "removal" could be the result of a DELETE or MOVE operation). The server will track each change and provide a synchronization "token" to the client that describes the state of the server at a specific point in time. This "token" is returned as part of the response to the "adbk-sync" report. Clients include the last token they got from the server in the next "adbk- sync" report that they execute and the server provides the changes from the previous state represented by the token to the current state, represented by the new token returned. The synchronization token itself is an "opaque" string - i.e., the actual string data has no specific meaning or syntax. A simple implementation of such a token would be a numeric counter that counts each change as it occurs and relates that change to the specific object that changed. The "adbk-sync" reports allows the client to specify whether it should receive vCard data for those objects that are new or have changed, and it uses the "adbk-data" element (also used in the "adbk- query" and "adbk-multiget" reports) for that purpose. Marshalling: The request URI MUST be an address book collection. The "Depth" header MUST be ignored by the server and SHOULD NOT be sent by the client. The request body MUST be a CARDDAV:adbk-sync XML element (see Section 8.5, which MUST contain one CARDDAV:sync-token XML element, and one optional CARDDAV:adbk-data element as defined in Section 8.2. The response body for a successful request MUST be a DAV: multistatus XML element, which MUST contain one CADRDDAV:sync- token element in addition to any DAV:response elements. The response body for a successful CARDDAV:adbk-multiget REPORT request MUST contain a DAV:response element for each vCard object resource that was created, has changed or been deleted since the last syncrhonization operation as specified by the CARDDAV:sync- token provided in the request. vCard data is returned in the CARDDAV:adbk-data element inside the DAV:prop element. The DAV:status element in each DAV:response element is used to indicate how the vCard resource may have changed: A status code of '201 Created' is used to indicate vCards that are new. Daboo Expires April 19, 2006 [Page 26] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 A status code of '200 OK' is used to indicate vCards that have changed. A status code of '404 Not Found' is used to indicate vCards that have been removed. If the synchronization token element is not empty and not recognized by the server, then the server MUST respond with 400 Bad Request response. Preconditions: None. Postconditions: None. 6.5.1. Example: Initial CARDDAV:adbk-sync Report In this example, the client is making its first synchronization request to the server, so the CARDDAV:sync-token element in the request is empty. The server responds with the items currently in the targetted address book collection (indicating that they are 'new' via the '201 Created' status code). The current synchronzation token is also returned. >> Request << REPORT /home/bernard/addressbook/ HTTP/1.1 Host: adbk.example.com Content-Type: text/xml; charset="utf-8" Content-Length: xxxx Daboo Expires April 19, 2006 [Page 27] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 >> Response << HTTP/1.1 207 Multi-Status Content-Type: text/xml; charset="utf-8" Content-Length: xxxx http://adbk.example.com/home/bernard/addressbook/vcf100.vcf HTTP/1.1 201 Created http://adbk.example.com/home/bernard/addressbook/vcf105.vcf HTTP/1.1 201 Created http://adbk.example.com/home/bernard/addressbook/vcf106.vcf HTTP/1.1 201 Created 1234 6.5.2. Example: CARDDAV:adbk-sync Report with token In this example, the client is making a synchronization request to the server and is using the CARDDAV:sync-token element returned from the last report it ran on this address book collection. The server responds listing the items that have been added, changed or removed. The (new) current synchronzation token is also returned. >> Request << REPORT /home/bernard/addressbook/ HTTP/1.1 Host: adbk.example.com Content-Type: text/xml; charset="utf-8" Content-Length: xxxx 1234 Daboo Expires April 19, 2006 [Page 28] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 >> Response << HTTP/1.1 207 Multi-Status Content-Type: text/xml; charset="utf-8" Content-Length: xxxx http://adbk.example.com/home/bernard/addressbook/vcf107.vcf HTTP/1.1 201 Created http://adbk.example.com/home/bernard/addressbook/vcf100.vcf HTTP/1.1 200 OK http://adbk.example.com/home/bernard/addressbook/vcf105.vcf HTTP/1.1 404 Not Found 1238 7. Guidelines 7.1. Restrict the Properties Returned Clients may not need all the properties in a vCard object when presenting information to the user, or looking up specific items for their email address, for example. Since some property data can be large (e.g., PHOTO or SOUND with inline content) clients can choose to ignore those by only requesting the specific items it knows it will use, through use of the CARDDAV:adbk-data XML element in the relevant reports. However, if a client needs to make a change to a vCard, it can only change the entire vCard data via a PUT request. There is no way to incrementally make a change to a set of properties within a vCard object resource. As a result the client will have to cache the entire set of properties on a resource that is being changed. Daboo Expires April 19, 2006 [Page 29] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 7.2. Use of Locking WebDAV locks can be used to prevent two clients modifying the same resource from either overwriting each others' changes (though that problem can also be solved by using ETags) and also to prevent the user from making changes that will conflict with another set of changes. In a multi-user address book system, the address book client could lock a vCard while the user is editing the vCard data, and unlock the vCard when the user finishes or cancels. Locks can also be used to prevent changes while data is being reorganized. For example, an address book client might lock two address book collections prior to moving a bunch of vCard object resources from one to another. Clients may request a lock timeout period that is appropriate to the use case. When the user explicitly decides to reserve a resource and prevent other changes, a long timeout might be appropriate, but in cases when the client automatically decides to lock the resource the timeout should be short (and the client can always refresh the lock should it need to). A short lock timeout means that if the client is unable to remove the lock, the other address book users aren't prevented from making changes. 7.3. Finding address books Much of the time an address book client (or agent) will discover a new address book's location by being provided directly with the URL. E.g. a user will type his or her own address book location into client configuration information, or cut and paste a URL from email into the address book application. The client need only confirm that the URL points to a resource which is an address book. The client may also be able to browse WebDAV collections to find address book collections. The choice of HTTP URLs means that vCard object resources are backward compatible with existing software, but does have the disadvantage that existing software does not usually know to look at the OPTIONS response to that URL to determine what can be done with it. This is somewhat of a barrier for WebDAV usage as well as with CardDAV usage. This specification does not offer a way through this other than making the information available in the OPTIONS response should this be requested. For address book sharing use cases, one might wish to find the address book belonging to another user. If the other user has an address book in the same repository, that address book can be found by using the principal namespace required by WebDAV ACL support. Daboo Expires April 19, 2006 [Page 30] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 8. XML Element Definitions 8.1. CARDDAV:adbk-query XML Element Name: adbk-query Namespace: urn:ietf:params:xml:ns:carddav Purpose: Defines a report for querying address book data Description: See Section 6.3. 8.2. CARDDAV:adbk-data XML Element Name: adbk-data Namespace: urn:ietf:params:xml:ns:carddav Purpose: Used to define which parts of a vCard object should be returned by the report that uses this element. Description: When used in a request, the CARDDAV:adbk-data element specifies the vCard properties to be returned in the vCard objects part of the response. If this element doesn't contain any CARDDAV:comp element, vCard objects will be returned with all their properties. Value: When used inside a response, the CARDDAV:adbk-data element contains a vCard object that matched the search filter specified in the request. 8.2.1. CARDDAV:comp XML Element Name: comp Namespace: urn:ietf:params:xml:ns:carddav Purpose: Defines which component types to return Description: The name value is a the vCard component name (i.e., "VCARD") and is optional NOTE: The CARDDAV:prop and CARDDAV:allprop elements used here have the same name as elements defined in WebDAV. However, the elements used here have the "urn:ietf:params:xml:ns:carddav" namespace, as opposed to the "DAV:" namespace used for elements defined in WebDAV. Daboo Expires April 19, 2006 [Page 31] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 8.2.2. CARDDAV:allcomp XML Element Name: allcomp Namespace: urn:ietf:params:xml:ns:carddav Purpose: Specifies that all components shall be returned Description: This element can be used when the client wants all types of components returned by a report. Note that since vCard objects currentgly have only one type of component, this element would not normally be used, but is provided for possible extensions and compatability with CalDAV. 8.2.3. CARDDAV:allprop XML Element Name: allprop Namespace: urn:ietf:params:xml:ns:carddav Purpose: Specifies that all properties shall be returned. Description: This element can be used when the client wants all properties of components returned by a report. NOTE: The CARDDAV:allprop element defined here has the same name as the DAV:allprop element defined in WebDAV. However, the CARDDAV: allprop element defined here uses the "urn:ietf:params:xml:ns:carddav" namespace, as opposed to the "DAV:" namespace used for the DAV:allprop element defined in WebDAV. 8.2.4. CARDDAV:prop XML Element Name: prop Namespace: urn:ietf:params:xml:ns:carddav Purpose: Defines which properties to return in the response. Description: The "name" attribute specifies the name of the adbk property to return (e.g., "NICKNAME"). The "novalue" attribute can be used by clients to request that the actual value of the property not be returned (if the "novalue" attribute is set to "yes"). In that case the server will return just the vCard property name and any vCard parameters and a trailing ":" without the subsequent value data. NOTE: The CARDDAV:prop element defined here has the same name as the Daboo Expires April 19, 2006 [Page 32] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 DAV:prop element defined in WebDAV. However, the CARDDAV:prop element defined here uses the "urn:ietf:params:xml:ns:carddav" namespace, as opposed to the "DAV:" namespace used for the DAV:prop element defined in WebDAV. 8.3. CARDDAV:filter XML Element Name: filter Namespace: urn:ietf:params:xml:ns:carddav Purpose: Determines which matching objects are returned. Description: The "filter" element specifies the search filter used to match vCard objects that should be returned by a report. 8.3.1. CARDDAV:comp-filter XML Element Name: comp-filter Namespace: urn:ietf:params:xml:ns:carddav Purpose: Limits the search to only the chosen component types. Description: The "name" attribute is the vCard component type (i.e., "VCARD"). When this element is present, the server should only return a component if it matches the filter, which is to say: ("no is-defined element" OR "is-defined matches") AND ("no sub-component filter" OR "all sub-component filters match") AND ("no property filter elements" OR "all property filters match") Since vCard only has one component type, this element would not normally be used. It is present for future extensions and for compatability with CalDAV. Since vCard does not support embedded components, a child comp- filter element would not normally be used. It is present for future extensions and for compatability with CalDAV. Daboo Expires April 19, 2006 [Page 33] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 8.3.2. CARDDAV:prop-filter XML Element Name: prop-filter Namespace: urn:ietf:params:xml:ns:carddav Purpose: Limits the search to specific properties. Description: The "name" attribute MUST contain a vCard property name (e.g., "NICKNAME"). When the CARDDAV:prop-filter executes, a property matches if: ("no is-defined element" OR "is-defined matches") AND ("no time-range element" OR "time-range matches") AND ("no text match element" OR "text-match matches") AND ("no parameter filter elements" OR "all parameter filters match") 8.3.3. CARDDAV:param-filter XML Element Name: param-filter Namespace: urn:ietf:params:xml:ns:carddav Purpose: Limits the search to specific parameters. Description: The "param-filter" element limits the search result to the set of vCard objects containing properties with parameters that meet the parameter filter rules. When this filter executes, a parameter matches if: ("is-defined matches" OR "text-match matches") 8.3.4. CARDDAV:is-defined XML Element Name: is-defined Namespace: urn:ietf:params:xml:ns:carddav Purpose: Causes a search to match a resource if a component type, property or parameter name exists. Description: The CARDDAV:is-defined XML element limits the filter to vCard objects where the named component, property or parameter is defined. Daboo Expires April 19, 2006 [Page 34] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 8.3.5. CARDDAV:text-match XML Element Name: text-match Namespace: urn:ietf:params:xml:ns:carddav Purpose: Specifies a match on a property or parameter value, using four possible matching operations. Description: The specified text is used for a match against the property or parameter value specified in a report. The "caseless" attribute indicates whether the match is case-sensitive (value set to "no") or case-insensitive (value set to "yes"). The default value is server-specified. Caseless matching SHOULD be implemented as defined in section 5.18 of the Unicode Standard ([UNICODE4]). Support for the "caseless" attribute is optional. A server should respond with a status of 422 if it is used but cannot be supported. The "match-type" attribute specifies how the match should be done. In all of these the matching is either case-sensitive or case- insenstive as defined by the "caseless" attaribute. contains A substring match. i.e. if the specified text is contained anywhere in the value being tested, then the match is true. equals An exact match. starts-with A match at the start of the value being tested. ends_with A match at the end of the value being tested. 8.4. CARDDAV:adbk-multiget XML Element Name: adbk-multiget Namespace: urn:ietf:params:xml:ns:carddav Purpose: CardDAV report used to retrieve specific vCard objects via their URIs. Description: See Section 6.4. 8.5. CARDDAV:adbk-sync XML Element Daboo Expires April 19, 2006 [Page 35] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 Name: adbk-sync Namespace: urn:ietf:params:xml:ns:carddav Purpose: CardDAV report used to synchronize data between client and server. Description: See Section 6.5. 8.5.1. CARDDAV:sync-token XML Element Name: sync-token Namespace: urn:ietf:params:xml:ns:carddav Purpose: The synchronization token provided by the server and returned by the client. Description: See Section 6.5. 9. Internationalization Considerations Clients SHOULD use utf-8 text encoding for the vCard object resource data. When storing data to the server the client MUST include the "charset" parameter on the "Content-Type" header in the HTTP request, set to the appropriate charset, unless the minimal character set of the data is "us-ascii". Client SHOULD add "xml:lang" attributes to any XML elements in WebDAV properties that are used to store human readable text. 10. Security Considerations With the ACL extension present, WebDAV allows control over who can access (read or write) any resource on the WebDAV server. In addition, WebDAV ACL provides for an "inheritance" mechanism, whereby resources may inherit access privileges from other resources. Often the "other" resource is a parent collection of the resource itself. Clients MUST take care to ensure users are aware of which address books may be "private" (i.e. only accessible to them) and which are "shared" (i.e. accessible to others). Since webservers are often the target of automated indexing applications that gather data from the server, analyse it and extract 'interesting' parts, great care must be taken when allowing unauthenticated access to any address book or vCard object data. Clients MAY choose to warn users when they create vCard data in a public address book, copy or move vCard data into public address Daboo Expires April 19, 2006 [Page 36] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 books, or change access privileges in such a way as to expose vCard data to unauthenticated users. This specification currently relies on standard HTTP authentication mechanisms for identifying users. These comprise Basic and Digest authentication as well as SSL using client-side certificates. 11. IANA Consideration In addition to the namespaces defined by RFC2518 [RFC2518] for XML elements, this document uses a URN to describe a new XML namespace conforming to a registry mechanism described in RFC3688 [RFC3688]. All other IANA considerations mentioned in RFC2518 [RFC2518] also apply to this document. 11.1. Namespace Registration Registration request for the carddav namespace: URI: urn:ietf:params:xml:ns:carddav Registrant Contact: See the "Author's Address" section of this document. XML: None. Namespace URIs do not represent an XML specification. 12. References 12.1. Normative References [REC-XML] Bray, T., Paoli, J., Sperberg-McQueen, C., Maler, E., and F. Yergeau, "Extensible Markup Language (XML) 1.0 (Third Edition)", W3C REC-xml-20040204, February 2004, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2426] Dawson, F. and T. Howes, "vCard MIME Directory Profile", RFC 2426, September 1998. [RFC2518] Goland, Y., Whitehead, E., Faizi, A., Carter, S., and D. Jensen, "HTTP Extensions for Distributed Authoring -- WEBDAV", RFC 2518, February 1999. [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Daboo Expires April 19, 2006 [Page 37] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. [RFC3253] Clemm, G., Amsden, J., Ellison, T., Kaler, C., and J. Whitehead, "Versioning Extensions to WebDAV (Web Distributed Authoring and Versioning)", RFC 3253, March 2002. [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, January 2004. [RFC3744] Clemm, G., Reschke, J., Sedlar, E., and J. Whitehead, "Web Distributed Authoring and Versioning (WebDAV) Access Control Protocol", RFC 3744, May 2004. [UNICODE4] The Unicode Consortium, "The Unicode Standard - Version 4.0", Addison-Wesley , August 2003, . ISBN 0321185781 12.2. Informative References [RFC2244] Newman, C. and J. Myers, "ACAP -- Application Configuration Access Protocol", RFC 2244, November 1997. [RFC2251] Wahl, M., Howes, T., and S. Kille, "Lightweight Directory Access Protocol (v3)", RFC 2251, December 1997. Appendix A. Acknowledgments Thanks go to Lisa Dusseault and Bernard Desruisseaux for their work on CalDAV, on which CardDAV is heavily based. Daboo Expires April 19, 2006 [Page 38] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 Author's Address Cyrus Daboo Email: cyrus@daboo.name Daboo Expires April 19, 2006 [Page 39] Internet-Draft vCard Extensions to WebDAV (CardDAV) October 2005 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Daboo Expires April 19, 2006 [Page 40]