Internet-Draft JMAP Quotas November 2022
Cordier Expires 3 June 2023 [Page]
Workgroup:
JMAP Working Group
Internet-Draft:
draft-ietf-jmap-quotas-10
Published:
Intended Status:
Standards Track
Expires:
Author:
R.C. Cordier, Ed.
Linagora Vietnam

JMAP for Quotas

Abstract

This document specifies a data model for handling quotas on accounts with a server using JMAP.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 3 June 2023.

Table of Contents

1. Introduction

JMAP ([RFC8620] – (U+2013) JSON Meta Application Protocol) is a generic protocol for synchronising data, such as mails, calendars or contacts, between a client and a server. It is optimised for mobile and web environments, and aims to provide a consistent interface to different data types.

This specification defines a data model for handling quotas over JMAP, allowing a user to obtain details about a certain quota.

This specification does not address quota administration, which should be handled by other means.

1.1. Notational conventions

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

Type signatures, examples and property descriptions in this document follow the conventions established in section 1.1 of [RFC8620]. Data types defined in the core specification are also used in this document.

1.2. Terminology

This document reuses the terminology from the core JMAP specification established in section 1.6 of [RFC8620].

The term Quota (when capitalized) is used to refer to the data type defined in this document in Section 4 and instance of that data type.

2. Addition to the capabilities object

The capabilities object is returned as part of the JMAP Session object; see [RFC8620], section 2.

This document defines one additional capability URI.

2.1. urn:ietf:params:jmap:quota

This represents support for the Quota data type and associated API methods. Servers supporting this specification MUST add a property called urn:ietf:params:jmap:quota to the capabilities object.

The value of this property is an empty object in both the JMAP session capabilities property and an account's accountCapabilities property.

3. Data types

In addition to the standard JMAP data types, a couple of additional data types are common to the definition of Quota objects and properties.

Servers that support the new data types defined in this document MUST support all the properties specified for these data types.

3.1. Scope

The Scope data type is used to represent the entities the Quota applies to. It is defined as a "String" with values from the following set:

  • account: The Quota information applies to just the client's account
  • domain: The Quota information applies to all accounts sharing this domain
  • global: The Quota information applies to all accounts belonging to the server

3.2. ResourceType

The ResourceType data type is used to act as a unit of measure for the quota usage. It is defined as a "String" with values from the following set:

  • count: The quota is measured in number of data type objects. For example, a quota can have a limit of 50 "Mail" objects.
  • octets: The quota is measured in size (in "octets"). For example, a quota can have a limit of 25000 "octets".

4. Quota

The quota is an object that displays the limit set to an account usage. It then shows as well the current usage in regard to that limit.

The quota object MUST contain the following fields:

The quota object MAY contain the following fields:

The following JMAP methods are supported.

4.1. Quota/get

Standard "/get" method as described in [RFC8620] section 5.1. The ids argument may be "null" to fetch all Quotas of the account at once, as demonstrated in this document at Section 5.1.

4.2. Quota/changes

Standard "/changes" method as described in [RFC8620] section 5.2 but with one extra argument in the response:

  • updatedProperties: "String[]|null"
  • If only the "used" Quota property has changed since the old state, this will be a list containing only that property. If the server is unable to tell if only "used" has changed, it MUST be null.

Since "used" frequently changes but other properties are generally only changed rarely, the server can help the client optimise data transfer by keeping track of changes to Quota usage separate from other state changes. The updatedProperties array may be used directly via a back-reference in a subsequent Quota/get call in the same request, so only these properties are returned if nothing else has changed.

Servers MAY decide to add other properties to the list that they judge changing frequently.

This method's usage is demonstrated in this document at Section 5.2.

4.3. Quota/query

This is a standard "/query" method as described in [RFC8620], Section 5.5.

A FilterCondition object has the following properties, any of which may be omitted:

  • name: "String"
  • The Quota name property contains the given string.
  • scopes: "Scope[]"
  • The Quota scope property must be in this list to match the condition.
  • resourceTypes: "ResourceType[]"
  • The Quota resourceType property must be in this list to match the condition.
  • dataTypes: "String[]"
  • The Quota dataTypes property must contain the elements in this list to match the condition.

A Quota object matches the FilterCondition if and only if all the given conditions match, including multiple array elements existing within a condition. If zero properties are specified, it is automatically true for all objects.

The following Quota properties MUST be supported for sorting:

4.4. Quota/queryChanges

This is a standard "/queryChanges" method as described in [RFC8620], Section 5.6.

5. Examples

5.1. Fetching quotas

Request fetching all quotas related to an account :

[[ "Quota/get", {
  "accountId": "u33084183",
  "ids": null
}, "0" ]]

With response :

[[ "Quota/get", {
  "accountId": "u33084183",
  "state": "78540",
  "list": [{
    "id": "2a06df0d-9865-4e74-a92f-74dcc814270e",
    "resourceType": "count",
    "used": 1056,
    "warnLimit": 1600,
    "softLimit": 1800,
    "limit": 2000,
    "scope": "account",
    "name": "bob@example.com",
    "description": "Personal account usage",
    "dataTypes" : [ "Mail", "Calendar", "Contact" ]
  }, {
    "id": "3b06df0e-3761-4s74-a92f-74dcc963501x",
    "resourceType": "octets",
    ...
  }, ...],
  "notFound": []
}, "0" ]]

5.2. Requesting latest quota changes

Request fetching the changes for a specific quota:

[[ "Quota/changes", {
  "accountId": "u33084183",
  "sinceState": "10824",
  "maxChanges": 20
}, "0" ],
[ "Quota/get", {
  "accountId": "u33084183",
  "#ids": {
    "resultOf": "0",
    "name": "Quota/changes",
    "path": "/updated"
  },
  "#properties": {
    "resultOf": "0",
    "name": "Quota/changes",
    "path": "/updatedProperties"
  }
}, "1" ]]

With response:

[[ "Quota/changes", {
  "accountId": "u33084183",
  "oldState": "10824",
  "newState": "10826",
  "hasMoreChanges": false,
  "updatedProperties": ["used"],
  "created": [],
  "updated": ["2a06df0d-9865-4e74-a92f-74dcc814270e"],
  "destroyed": []
}, "0" ],
[ "Quota/get", {
  "accountId": "u33084183",
  "state": "10826",
  "list": [{
    "id": "2a06df0d-9865-4e74-a92f-74dcc814270e",
    "used": 1246
  }],
  "notFound": []
}, "1" ]]

6. Push

Servers MUST support the JMAP push mechanisms, as specified in [RFC8620] Section 7, to receive notifications when the state changes for the Quota type defined in this specification.

7. Security considerations

All security considerations of JMAP ([RFC8620]) apply to this specification.

Implementors should be careful to make sure the implementation of the extension specified in this document does not violate the site's security policy. The resource usage of other users is likely to be considered confidential information and should not be divulged to unauthorized persons.

As for any resource shared across users (for example, a quota with the "domain" or "global" scope), a user that can consume the resource can affect the resources available to the other users. For example, a user could spam themselves with events and make the shared resource hit the limit and unusable for others (implementors could mitigate that with some rate limiting implementation on the server).

Also, revealing domain and global quota counts to all users may cause privacy leakage of other sensitive data, or at least the existence of other sensitive data. For example, "user1" is part of a private list belonging to the server, so he shouldn't know how many users are in there. But by comparing the quota count before and after sending a message to the list, it could reveal the number of people of the list, as the domain or global quota count would go up by the number of people subscribed. Likely to limit those attacks, quotas with "domain" or "global" scope should only be visible to the administrators of the server and not all users.

8. IANA Considerations

8.1. JMAP Capability Registration for "quota"

IANA will register the "quota" JMAP Capability as follows:

Capability Name: "urn:ietf:params:jmap:quota"

Specification document: this document

Intended use: common

Change Controller: IETF

Security and privacy considerations: this document, Section 7.

9. Normative References

[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
[RFC3629]
Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, , <https://www.rfc-editor.org/info/rfc3629>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/info/rfc8174>.
[RFC8620]
Jenkins, N. and C. Newman, "The JSON Meta Application Protocol (JMAP)", RFC 8620, DOI 10.17487/RFC8620, , <https://www.rfc-editor.org/info/rfc8620>.

Author's Address

René Cordier (editor)
Linagora Vietnam
5 Dien Bien Phu
Hanoi
10000
Vietnam