Network Working Group. Oracle L. Dusseault OSAF May 24, Calendaring Extensions to WebDAV (CalDAV) draft-dusseault-caldav-06. Status of this Memo

Transcription

1 Network Working Group Internet-Draft Expires: November 25, 2005 C. Daboo ISAMET B. Desruisseaux Oracle L. Dusseault OSAF May 24, 2005 Status of this Memo Calendaring Extensions to WebDAV (CalDAV) draft-dusseault-caldav-06 By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at The list of Internet-Draft Shadow Directories can be accessed at This Internet-Draft will expire on November 25, Copyright Notice Copyright (C) The Internet Society (2005). Abstract This document specifies a set of methods, headers, message bodies, properties, and reports that define calendar access extensions to the WebDAV protocol. The new protocol elements are intended to make WebDAV-based calendaring and scheduling an interoperable standard that supports single-user calendar access, calendar sharing, and Daboo, et al. Expires November 25, 2005 [Page 1]

2 calendar publishing. Table of Contents 1. Introduction XML Namespaces Notational Conventions Method Preconditions and Postconditions CalDAV Requirements Overview Calendaring Data Model Calendar Server Recurrence and the Data Model New Resource Types Calendar Collection Calendar Resources Restrictions in Calendar Collections Creating Resources MKCALENDAR Method Status Codes Example - MKCALENDAR Additional OPTIONS Semantics Capability Discovery Example: Using OPTIONS for the Discovery of Support for CalDAV CALDAV:calendar-collection-set OPTIONS request CALDAV:current-user-calendar-collection-set OPTIONS request Example - OPTIONS Creating calendar resources Calendaring Properties CALDAV:calendar-description Property Calendaring Access Control Calendaring Privileges CALDAV:view-free-busy Privilege Privilege aggregation and the DAV:supported-privilege-set property Partial example of DAV:supported-privilege-set property Additional Principal Properties CALDAV:calendar-URL Property Calendaring Reports REPORT Method Reports on collections containing calendar collections CALDAV:calendar-query Report Example: Partial retrieval of events by time range Example: Retrieval of todos by alarm time range Example: Retrieval of event by UID Example: Retrieval of events by participation status Daboo, et al. Expires November 25, 2005 [Page 2]

3 8.3.5 Example: Retrieval of events only CALDAV:calendar-multiget Report Example: CALDAV:calendar-multiget Report CALDAV:free-busy-query Report Example: CALDAV:free-busy-query Report Guidelines Client-to-client Interoperability Sychronization Operations Use of Reports Restrict the Time Range Synchronize by Time Range Synchronization Process Restrict the Properties Returned Use of Locking Finding calendars XML Element Definitions CALDAV:calendar-query XML Element CALDAV:calendar-data XML Element CALDAV:comp XML Element CALDAV:allcomp XML Element CALDAV:allprop XML Element CALDAV:prop XML Element CALDAV:expand-recurrence-set XML Element CALDAV:filter XML Element CALDAV:comp-filter XML Element CALDAV:prop-filter XML Element CALDAV:param-filter XML Element CALDAV:is-defined XML Element CALDAV:text-match XML Element CALDAV:time-range XML Element DAV:response XML Element CALDAV:calendar-multiget XML Element CALDAV:free-busy-query XML Element Internationalization Considerations Security Considerations Authentication of Clients Denial of Service IANA Consideration Namespace Registration Acknowledgements References Normative References Informative References Authors Addresses A. CalDAV Method Privilege Table (Normative) B. Changes B.1 Changes in B.2 Changes in Daboo, et al. Expires November 25, 2005 [Page 3]

4 B.3 Changes in B.4 Changes in B.5 Changes in B.6 Changes in Intellectual Property and Copyright Statements Daboo, et al. Expires November 25, 2005 [Page 4]

5 1. Introduction The concept of using HTTP [4] and WebDAV [3] as a basis for a calendaring server is by no means a new concept: it was discussed in the IETF CALSCH working group as early as 1997 or Several companies have implemented calendaring servers using HTTP PUT/GET to upload and download icalendar [2] objects, and using WebDAV PROPFIND to get listings of resources. However, those implementations do not interoperate because there are many small and big decisions to be made in how to model calendaring data as WebDAV resources, as well as how to implement required features that aren t already part of WebDAV. This document is therefore intended to propose a standard way of modeling calendar data in WebDAV, plus some additional features to make calendar access work well. Discussion of this Internet-Draft is being done on the mailing list < 1.1 XML Namespaces Definitions of XML elements in this document use XML element type declarations (as found in XML Document Type Declarations), described in Section 3.2 of [8]. The namespace "urn:ietf:params:xml:ns:caldav" is reserved for the XML elements defined in this specification, or in other Standards Track IETF RFCs written to extend CalDAV. It MUST NOT be used for proprietary extensions. Note that the XML declarations used in this document are incomplete, in that they do not include namespace information. Thus, the reader MUST NOT use these declarations as the only way to create valid CalDAV properties or to validate CalDAV XML element type. Some of the declarations refer to XML elements defined by WebDAV which use the "DAV:" namespace. Wherever such elements appear, they are explicitly given the "DAV:" prefix to help avoid confusion. Also note that some CalDAV XML element names are identical to WebDAV XML element names, though their namespace differs. Care MUST be taken not to confuse the two sets of names. 1.2 Notational Conventions The augmented BNF used by this document to describe protocol elements is described in Section 2.1 of [4]. Because this augmented BNF uses the basic production rules provided in Section 2.2 of [4], those rules apply to this document as well. Daboo, et al. Expires November 25, 2005 [Page 5]

6 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [1]. When XML element types in the namespaces "DAV:" and "urn:ietf:params:xml:ns:caldav" are referenced in this document outside of the context of an XML fragment, the string "DAV:" and "CALDAV:" will be prefixed to the element types respectively. 1.3 Method Preconditions and Postconditions A "precondition" of a method describes the state of the server that must be true for that method to be performed. A "postcondition" of a method describes the state of the server that must be true after that method has been completed. If a method precondition or postcondition for a request is not satisfied, the response status of the request MUST be either 403 (Forbidden) if the request should not be repeated because it will always fail, or 409 (Conflict) if it is expected that the user might be able to resolve the conflict and resubmit the request. In order to allow better client handling of 403 and 409 responses, a distinct XML element type is associated with each method precondition and postcondition of a request. When a particular precondition is not satisfied or a particular postcondition cannot be achieved, the appropriate XML element MUST be returned as the child of a top-level DAV:error element in the response body, unless otherwise negotiated by the request. In a 207 Multi-Status response, the DAV:error element would appear in the appropriate DAV:responsedescription element. Daboo, et al. Expires November 25, 2005 [Page 6]

7 2. CalDAV Requirements Overview This section lists what functionality is required of a CalDAV server. To advertise support for CalDAV, a server: o MUST support WebDAV Class 1. o MUST support WebDAV ACL [7] with the privilege defined in Section 7.1 of this document. o MUST support SSL. o MUST support strong ETags to support disconnected operations. o MUST support all required calendaring REPORTs defined in this document. o MUST advertise calendaring REPORTs via the DAV:supported-reportset property as defined in DeltaV [5]. In addition, a server: o SHOULD support MKCALENDAR. Daboo, et al. Expires November 25, 2005 [Page 7]

8 3. Calendaring Data Model One of the features which has made WebDAV a successful protocol is its firm data model. This makes it a useful framework for other applications such as calendaring. This specification attempts to follow the same pattern by developing all new features based on a well-described data model. In the CalDAV data model, every icalendar VEVENT, VJOURNAL, VTODO and VFREEBUSY component is stored as an individual HTTP/WebDAV resource. That means each calendar resource may be individually locked and have individual WebDAV properties. These resources are placed into WebDAV collections with a mostly-fixed structure. 3.1 Calendar Server A CalDAV server is a calendaring-aware engine combined with a WebDAV repository. A WebDAV repository is a set of WebDAV collections, containing other WebDAV resources, within a unified URL namespace. For example, the repository " may contain WebDAV collections and resources, all of which have URLs beginning with " Note that the root URL " may not itself be a WebDAV repository (for example, if the WebDAV support is implemented through a servlet or other Web server extension). A WebDAV repository MAY include calendar data in some parts of its URL namespace, and non-calendaring data in other parts. A WebDAV repository may advertise itself as a CalDAV server if it supports the functionality defined in this specification at any point within the root of the repository. That might mean that calendaring data is spread throughout the repository and mixed with non-calendar data in nearby collections (e.g., calendar data may be found in /lisa/calendar/ as well as in /bernard/calendar/, and non-calendar data in /lisa/contacts/). Or, it might mean that calendar data can be found only in certain sections of the repository (e.g., /calendars/user/). Calendaring features are only required in the repository sections that are or contain calendaring objects. So a repository confining calendar data to the /caldav/ collection would only need to support the CalDAV required features within that collection. The CalDAV server or repository is the canonical location for calendar data and state information. Both CalDAV servers and clients MUST ensure that the data is consistent and compliant. Clients may submit requests to change data or download data. Clients may store calendar objects offline and attempt to synchronize at a later time. Daboo, et al. Expires November 25, 2005 [Page 8]

9 However, clients MUST be prepared for calendar data on the server to change between the time of last synchronization and when attempting an update, as calendar collections may be shared and accessible via multiple clients. HTTP ETags and other tools help this work. 3.2 Recurrence and the Data Model Recurrence is an important part of the data model because it governs how many resources are expected to exist. This proposal models a recurring resource and its recurrence exceptions as a single WebDAV resource. In this model, recurrence patterns, recurrence dates, exception dates, and exception information are all part of the data in a single master event. This decision avoids problems of limiting how many recurrence instances to store in the repository, how to keep instances in synch with the master, and how to link recurrence exceptions with the master. It also results in less data to synchronize between client and server, and makes it easier to make changes to all recurrences or to a recurrence pattern. It makes it easier to create a recurring component, and easier to delete all recurrences. Clients are not forced to retrieve information about all recurrence instances of a recurring component. The CALDAV:calendar-query REPORT defined in this document allow clients to retrieve only the recurrence instances that occurs in a given time range. Daboo, et al. Expires November 25, 2005 [Page 9]

10 4. New Resource Types CalDAV defines the following new resource types for use in WebDAV repositories holding calendar data. 4.1 Calendar Collection Calendar collections are manifested to clients as a WebDAV resource collection, identified by a URL. A calendar collection MUST have a non-empty DAV:displayname property (defined in Section 13.2 of RFC2518 [3]), and a DAV:resourcetype property (defined in Section 13.9 of RFC2518 [3]). Additionally, a calendar collection MUST report the DAV:collection and CALDAV:calendar XML elements in the value of the DAV:resourcetype property. The element type declaration for CALDAV:calendar is: <!ELEMENT calendar EMPTY> A calendar collection contains resources that represent the icalendar objects within a calendar. A calendar collection may be created through provisioning (e.g., automatically created when a user s account is created), or it may be created through MKCALENDAR. This can be useful for a user to create a second calendar (e.g., soccer schedule) or for users to share a calendar (e.g., team events or conference room). Note however that this document doesn t define what extra calendar collections are for, users must rely on nonstandard cues to find out what a calendar collection is for, or use the CALDAV:calendar-description property defined in Section 6.1 to provide such a cue. Calendar collections MUST NOT contain other calendar collections. Multiple calendar collections MAY be children of the same WebDAV collection. A calendar collection MAY contain additional collections and noncollection resources of types not defined here. How such items are used is not defined by this specification. However, additional collections contained in a calendar collection MUST NOT contain calendar collections. 4.2 Calendar Resources Restrictions in Calendar Collections Calendar resources contained in calendar collections MUST NOT contain more than one type of calendar component (e.g., VEVENT, VTODO, etc.) with the exception of VTIMEZONE components which MUST be specified for each unique TZID parameter value specified in the icalendar object. For instance, a calendar resource may contain two VEVENT components and one VTIMEZONE component, but it may not contain one Daboo, et al. Expires November 25, 2005 [Page 10]

11 VEVENT component and one VTODO component. Calendar resources that contain more than one calendar components of the same type (e.g., VEVENT), with the exception of VTIMEZONE components, are REQUIRED to have the same UID property value. For instance, a calendar resource with two VEVENT components MUST specify the same UID property value in the two VEVENT components. One of the two VEVENT components could define the recurrence rule of an event, and the other one could define an exception to the same event. Calendar components with the same UID property value, in a given calendar collection, MUST be contained in the same calendar resource. All the recurrence instances of the same recurring calendar component, that is, calendar components with the same UID property value but with different RECURRENCE-ID property value MUST be contained in the same calendar resource. The UID property value of the calendar components contained in a calendar resource MUST be unique in the scope of the calendar collection, and all its descendant collections, in which the calendar resource is contained. For example, given the following icalendar object: Daboo, et al. Expires November 25, 2005 [Page 11]

12 BEGIN:VCALENDAR CALSCALE:GREGORIAN PRODID:-//Example, Inc.\, Inc.//Example App//EN VERSION:2.0 BEGIN:VEVENT SUMMARY:One-off Meeting DTSTAMP: T183904Z DTSTART: T120000Z DTEND: T130000Z END:VEVENT BEGIN:VEVENT SUMMARY:Weekly Meeting DTSTAMP: T183838Z DTSTART: T120000Z DTEND: T130000Z RRULE:FREQ=WEEKLY END:VEVENT BEGIN:VEVENT RECURRENCE-ID: T120000Z DTSTAMP: T183838Z DTSTART: T130000Z END:VEVENT END:VCALENDAR The VEVENT component with the UID value would need to be stored in its own calendar resource. The two VEVENT components with the UID value which represent a recurring event where one recurrence instance has been overridden, would need to be stored in the same calendar resource. Daboo, et al. Expires November 25, 2005 [Page 12]

13 5. Creating Resources The creation of calendar collections and calendar resources may be initiated by either a CalDAV client or by the CalDAV server. For example, a server might come preconfigured with a user s calendar collection, or the CalDAV client might request the server to create a new calendar collection for a given user. Servers might populate events as calendar objects inside a calendar collection, or clients might request the server to create events. Either way, both client and server MUST comply with the requirements in this document, and MUST understand objects appearing in calendar collections or according to the data model defined here. 5.1 MKCALENDAR Method A MKCALENDAR request creates a new calendar collection resource. A server MAY restrict calendar collection creation to particular collections, but a client can determine the location of these collections from a CALDAV:calendar-collection-set OPTIONS request (see Section 5.2.2). Support for MKCALENDAR on the server is OPTIONAL because some calendar stores only support one calendar per user (or principal) and those are typically pre-created for each account. However, servers and clients are strongly encouraged to support MKCALENDAR whenever possible to allow users to create multiple calendar collections to better help organize their data. Clients SHOULD use the DAV:displayname property for a human-readable name of the calendar. This requires the clients to issue a PROPPATCH request to change the DAV:displayname property to the appropriate value immediately after issuing the MKCALENDAR request. When displaying calendar collections to users, clients SHOULD check the DAV:displayname property and use that value as the name of the calendar. In the event that the DAV:displayname property is empty, the client MAY use the last part of the calendar-collection URI as the name. If a MKCALENDAR request fails, the server state preceding the request MUST be restored. Marshalling: If a request body is included, it MUST be a CALDAV:mkcalendar XML element. <!ELEMENT mkcalendar ANY> Daboo, et al. Expires November 25, 2005 [Page 13]

14 If a response body for a successful request is included, it MUST be a CALDAV:mkcalendar-response XML element. <!ELEMENT mkcalendar-response ANY> The response MUST include a Cache-Control:no-cache header. Preconditions: (DAV:resource-must-be-null): A resource MUST NOT exist at the Request-URI. (CALDAV:calendar-collection-location-ok): The Request-URI MUST identify a location where a calendar collection can be created. (CALDAV:insufficient-privilege): The DAV:bind privilege MUST be granted to the current authenticated user. Postconditions: (CALDAV:initialize-calendar-collection): A new calendar collection exists at the Request-URI. The DAV:resourcetype of the calendar collection MUST be DAV:collection. Additionally, a calendar collection MUST report the CALDAV:calendar XML element in the value of the DAV:resourcetype property Status Codes 201 (Created) - The calendar collection resource was created in its entirety. 403 (Forbidden) - This indicates at least one of two conditions: 1) the server does not allow the creation of calendar collections at the given location in its namespace, or 2) the parent collection of the Request-URI exists but cannot accept members. 405 (Method Not Allowed) - MKCALENDAR can only be executed on a null resource. 409 (Conflict) - A collection cannot be made at the Request-URI until one or more intermediate collections have been created. 415 (Unsupported Media Type)- The server does not support the request type of the body. 507 (Insufficient Storage) - The resource does not have sufficient space to record the state of the resource after the execution of this Daboo, et al. Expires November 25, 2005 [Page 14]

15 method Example - MKCALENDAR >> Request << MKCALENDAR /calendars/user/lisa/ HTTP/1.1 Host: cal.example.com Content-Length: 0 >> Response << HTTP/ Created Date: Fri, 22 Oct :17:08 GMT Content-Length: 0 Cache-Control: no-cache In this example, a new calendar collection is created at Additional OPTIONS Semantics Capability Discovery If the server supports the calendar-access feature, it MUST include "calendar-access" as a field in the DAV response header from an OPTIONS request on any resource that supports any calendar properties, reports, or methods. A value of "calendar-access" in the DAV header MUST indicate that the server supports all MUST level requirements and REQUIRED features specified in this document Example: Using OPTIONS for the Discovery of Support for CalDAV >> Request << OPTIONS /calendars/users/ HTTP/1.1 Host: cal.example.com >> Response << HTTP/ OK Allow: OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, COPY, MOVE Allow: MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, REPORT Allow: MKCALENDAR, ACL DAV: 1, 2, access-control, calendar-access Content-Length: 0 In this example, the OPTIONS response indicates that the server Daboo, et al. Expires November 25, 2005 [Page 15]

16 supports CalDAV in this namespace, therefore the /calendars/users/ collection may be used as a parent for calendar collections as the MKCALENDAR method is available, and as a possible target for REPORT requests for calendaring reports CALDAV:calendar-collection-set OPTIONS request A CALDAV:calendar-collection-set element MAY be included in the request body to identify collections that may contain calendar collection resources. Additional Marshalling: If an XML request body is included, it MUST be a DAV:options XML element. <!ELEMENT options ANY> ANY value: A sequence of elements with at most one calendar-collection-set element. If an XML response body for a successful request is included, it MUST be a DAV:options-response XML element. <!ELEMENT options-response ANY> ANY value: A sequence of elements with at most one calendar-collection-set element. <!ELEMENT calendar-collection-set (href*)> If CALDAV:calendar-collection-set is included in the request body, the response body for a successful request MUST contain a CALDAV: calendar-collection-set element identifying collections that may contain calendar collections. An identified collection MAY be the root collection of a tree of collections, all of which may contain calendar collections. Since different servers can control different parts of the URL namespace, different resources on the same host MAY have different CALDAV:calendar-collection-set values. The identified collections MAY be located on different hosts from the resource CALDAV:current-user-calendar-collection-set OPTIONS request A CALDAV:current-user-calendar-collection-set element MAY be included in the request body to identify the calendar collections owned by the current authenticated user. Additional Marshalling: Daboo, et al. Expires November 25, 2005 [Page 16]

17 If an XML request body is included, it MUST be a DAV:options XML element. <!ELEMENT options ANY> ANY value: A sequence of elements with at most one current-user-calendar-collection-set element. If an XML response body for a successful request is included, it MUST be a DAV:options-response XML element. <!ELEMENT options-response ANY> ANY value: A sequence of elements with at most one current-user-calendar-collection-set element. <!ELEMENT current-user-calendar-collection-set (href*)> If CALDAV:current-user-calendar-collection-set is included in the request body, the response body for a successful request MUST contain a CALDAV:current-user-calendar-collection-set element identifying calendar collections owned by the current authenticated user Example - OPTIONS >> Request << OPTIONS /caldav-root/ HTTP/1.1 Host: cal.example.com Content-Type: text/xml; charset="utf-8" Content-Length: xxxx <?xml version="1.0" encoding="utf-8"?> <D:options xmlns:d="dav:"> <C:calendar-collection-set xmlns:c="urn:ietf:params:xml:ns:caldav"/> </D:options> Daboo, et al. Expires November 25, 2005 [Page 17]

18 >> Response << HTTP/ OK DAV: 1, calendar-access Content-Type: text/xml; charset="utf-8" Content-Length: xxxx <?xml version="1.0" encoding="utf-8"?> <D:options-response xmlns:d="dav:"> <C:calendar-collection-set xmlns:c="urn:ietf:params:xml:ns:caldav"> <D:href> <D:href> </C:calendar-collection-set> </D:options-response> In this example, the server indicates that it provides Class 1 DAV support and calendar-access support. In addition, the server indicates the requested locations of the calendar collection resources. Naturally, the server may also have done an authentication step (not shown) to ensure this operation was allowed. 5.3 Creating calendar resources Clients typically populate calendar collections with calendar resources. The URL for each calendar resource is entirely arbitrary, and does not need to bear a specific relationship (but might) to the calendar resource s subject, scheduled time, UID or other metadata. A new calendar resource must have a new URL, otherwise the new component would instead be an update to an existing calendar resource. When servers create new resources, it s not hard for the server to choose a unique URL. It s slightly tougher for clients, because a client might not want to examine all resources in the collection, and might not want to lock the entire collection to ensure that a new one isn t created with a name collision. However, there are tools to mitigate this. If the client intends to create a new non-collection resource, such as a new VEVENT, the client SHOULD use the HTTP header "If-None-Match: *" on the PUT request. The Request-URI on the PUT request MUST include the target collection, where the resource is to be created, plus the name of the resource in the last path segment. The last path segment could be a random number, or it could be a sequence number, or a string related to the object s summary property. No matter how the name is chosen, the "If-None-Match" header ensures that the client cannot overwrite an existing resource even if it has accidentally chosen a duplicate resource name. Daboo, et al. Expires November 25, 2005 [Page 18]

19 Servers SHOULD return an ETag header containing the actual ETag of the newly created resource on a successful creation. >> Request << PUT /lisa/calendar/newevent.ics HTTP/1.1 If-None-Match: * Host: cal.example.com Content-Type: text/calendar Content-Length: xxx BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Example Corp.//CalDAV Client//EN BEGIN:VEVENT UID: T182145Z @example.com DTSTART: T170000Z DTEND: T035959Z SUMMARY:Bastille Day Party END:VEVENT END:VCALENDAR >> Response << HTTP/ Created Date: Thu, 02 Sep :53:32 GMT Content-Length: 0 ETag: " " The request to change an existing event is the same, but with a specific ETag in the "If-Match" header, rather than the "If-None- Match" header. As indicated in Section 3.10 of RFC 2445 [2], the URL of calendar resources containing (an arbitrary set of) calendaring and scheduling information may be suffixed by ".ics", and the URL of calendar resources containing free or busy time information may be suffixed by ".ifb". Preconditions for PUT within calendar collections: (CALDAV:uid-already-exists): The component UID chosen is not unique and the client must choose another if it attempts again. (CALDAV:invalid-calendar-resource): The icalendar object syntax or structure was invalid. (Note that the server MAY support upload formats other than icalendar but then the server MUST validate each component uploaded according to the chosen format syntax.) Daboo, et al. Expires November 25, 2005 [Page 19]

20 6. Calendaring Properties This specification defines new properties for WebDAV resources. Calendar access properties may be retrieved just like other WebDAV properties, using the PROPFIND method. A DAV:allprop PROPFIND request SHOULD NOT return any of the properties defined in this section. 6.1 CALDAV:calendar-description Property Name: calendar-description Namespace: urn:ietf:params:xml:ns:caldav Purpose: Provides a description for the resource that is suitable for presentation to a user. Description: The CALDAV:calendar-description property MAY be defined on all calendar collection resources. If present, the property contains a description of the resource that is suitable for presentation layer. <!ELEMENT calendar-description (#PCDATA) > Daboo, et al. Expires November 25, 2005 [Page 20]

21 7. Calendaring Access Control 7.1 Calendaring Privileges A CalDAV server MUST support WebDAV ACL [7]. WebDAV ACL provides a framework for an extensible list of privileges on WebDAV collections and ordinary resources. A CalDAV server MUST also support the calendaring privilege defined in this section CALDAV:view-free-busy Privilege Calendar users often wish to allow other users to see their free-busy time intervals, without viewing the other details of the calendar components (location, subject, attendees). This allows a significant amount of privacy while still allowing those other users to schedule meetings at times when the calendar user is likely to be free. The CALDAV:view-free-busy privilege controls access to view the start times and end times of free and busy time intervals. This privilege may be granted on an entire calendar collection. It may also make sense to grant this privilege on individual calendar resources (in which case the time allocated to those calendar resources would show up as free in the free-busy rollup to an unauthorized viewer), but a server MAY forbid the CALDAV:view-free-busy privilege from being used on individual calendar resources. A CalDAV server MUST support the CALDAV:view-free-busy privilege on calendar collections. <!ELEMENT view-free-busy EMPTY> The CALDAV:view-free-busy privilege is aggregated in the DAV:read privilege. Clients can discover support for various privileges using the DAV:supported-privilege-set property defined in RFC3744 [7] Privilege aggregation and the DAV:supported-privilege-set property In the WebDAV ACL standard, servers MUST support the DAV:supportedprivilege-set property to show which privileges are abstract, which privileges are supported, how the privileges relate to another, and to provide text descriptions (particularly useful for custom privileges). The relationships between privileges involves showing which privilege is a subset or a superset of another privilege. For example, because reading the ACL property is considered a more specific privilege than the DAV:read privilege (a subset of the total set of actions are allowed), it is aggregated under the DAV:read privilege. Although the list of supported privileges MAY vary somewhat from server to server (the WebDAV ACL specification leaves Daboo, et al. Expires November 25, 2005 [Page 21]

22 room for a fair amount of diversity in server implementations), some relationships MUST hold for a CalDAV server: o The server MUST support the CALDAV:view-free-busy privilege. The CALDAV:view-free-busy privilege MUST be non-abstract, and MUST be aggregated under the DAV:read privilege Partial example of DAV:supported-privilege-set property This is a partial example of how the DAV:supported-privilege-set property could look on a server supporting CalDAV. Note that aggregation is shown in the structure of the DAV:supported-privilege elements containing each other. Daboo, et al. Expires November 25, 2005 [Page 22]

23 <D:supported-privilege-set xmlns:d="dav:" xmlns:c="urn:ietf:params:xml:ns:caldav"> <D:supported-privilege> <D:privilege><D:all/></D:privilege> <D:abstract/> <D:description xml:lang="en">any operation </D:description> <D:supported-privilege> <D:privilege><D:read/></D:privilege> <D:description xml:lang="en">read any object </D:description> <D:supported-privilege> <D:privilege><D:read-acl/></D:privilege> <D:description xml:lang="en">read ACL </D:description> </D:supported-privilege> <D:supported-privilege> <D:privilege><D:read-current-user-privilege-set/> </D:privilege> <D:description xml:lang="en">read current user privilege set</d:description> </D:supported-privilege> <D:supported-privilege> <D:privilege> <C:view-free-busy/> </D:privilege> <D:description xml:lang="en">view free-busy rollup </D:description> </D:supported-privilege> </D:supported-privilege> <D:supported-privilege> <D:privilege><D:write/></D:privilege> <D:description xml:lang="en">write any object</d:description>... </D:supported-privilege> </D:supported-privilege-set> 7.2 Additional Principal Properties This section defines a new property for WebDAV principal resources as defined in RFC3744 [7] CALDAV:calendar-URL Property Daboo, et al. Expires November 25, 2005 [Page 23]

24 Name: calendar-url Namespace: urn:ietf:params:xml:ns:caldav Purpose: Identify the URL of any calendar collections owned by the associated principal resource. Description: <!ELEMENT calendar-url (DAV:href*) > Support for this property is RECOMMENDED. Daboo, et al. Expires November 25, 2005 [Page 24]

25 8. Calendaring Reports This section defines the reports which a CalDAV server MUST support on calendar collections and calendar resources. CalDAV servers MUST advertise support for those reports with the DAV: supported-report-set property defined in DeltaV [5]. Some of these reports allow calendar data (from possibly multiple resources) to be returned. Clients SHOULD request the DAV:getetag property whenever executing reports that return calendar data, to ensure that any local cache used for synchronization is kept up to date with the latest changes on the server 8.1 REPORT Method The REPORT method (defined in Section 3.6 of RFC3253 [5]) provides an extensible mechanism for obtaining information about a resource. Unlike the PROPFIND method, which returns the value of one or more named properties, the REPORT method can involve more complex processing. REPORT is valuable in cases where the server has access to all of the information needed to perform the complex request (such as a query), and where it would require multiple requests for the client to retrieve the information needed to perform the same request. A server that supports calendar-access MUST support the DAV:expandproperty report (defined in Section 3.8 of RFC3253 [5]). 8.2 Reports on collections containing calendar collections A WebDAV collection which contains one or more calendar collections is not a new type of resource, but it may support these new REPORT. If so, then the REPORT is expected to have the semantics of including information from all the calendar data contained in the collection, and its children, recursively. These collections may contain more than only calendar related resources. It s up to the server, if it supports this REPORT on a normal WebDAV collection, to find calendar resources and decide what to do with non-calendar resources and whether those may also appear in the collection or its children. If these reports are supported on ordinary collections the server advertises the capability with the DAV:supported-report-set property as already described. 8.3 CALDAV:calendar-query Report The CALDAV:calendar-query REPORT performs a search for all calendar Daboo, et al. Expires November 25, 2005 [Page 25]

26 resources (e.g., icalendar objects) that match a specified search filter. The response of this report will contain all the WebDAV properties and calendar resource data specified in the request. In the case of the CALDAV:calendar-data XML element, one can explicitly specify the calendar components and properties that should be returned in the calendar resource data that matches the search filter. The format of this report is modeled on the PROPFIND method. The request and response bodies of the CALDAV:calendar-query report use XML elements that are also used by PROPFIND. In particular the request can include XML elements to request WebDAV properties to be returned. When that occurs the response should follow the same behavior as PROPFIND with respect to the DAV:multistatus response elements used to return specific property results. For instance, a request to retrieve the value of a property which does not exist is an error and MUST be noted with a response XML element which contains a 404 (Not Found) status value. Support for the calendar-query REPORT is REQUIRED. Marshalling: The request body MUST be a CALDAV:calendar-query XML element as defined in Section The response body for a successful request MUST be a DAV: multistatus XML element (i.e., the response uses the same format as the response for PROPFIND). In the case where there are no response elements, the returned multistatus XML element is empty. The response body for a successful calendar-query REPORT request MUST contain a DAV:response element for each icalendar object that matched the search filter. The declaration of the DAV:response element from Section of RFC2518 [3] has been modified as follow to allow the CALDAV:calendar-data element within the DAV: response element, see Section 10.5 [[Comment.1: We need to define the role of the Depth request header when applied to a collection resource. We need to specify preconditions and postconditions. (e.g., DAV:number-of-matcheswithin-limits). --desruisseaux]] Example: Partial retrieval of events by time range In this example, the client requests the server to return specific components and properties of the VEVENT components that overlap the time range from September 2nd, 2004 at 00:00:00 am UTC to September Daboo, et al. Expires November 25, 2005 [Page 26]

27 2nd, 2004 at 11:59:59 pm UTC. In addition the DAV:getetag property is also requested and returned as part of the response. >> Request << REPORT /bernard/calendar/ HTTP/1.1 Host: cal.example.com Depth: 1 Content-Type: text/xml Content-Length: xxxx <?xml version="1.0" encoding="utf-8"?> <C:calendar-query xmlns:d="dav:" xmlns:c="urn:ietf:params:xml:ns:caldav"> <D:prop> <D:getetag/> </D:prop> <C:calendar-data> <C:comp name="vcalendar"> <C:allprop/> <C:comp name="vevent"> <C:prop name="x-abc-guid"/> <C:prop name="uid"/> <C:prop name="dtstart"/> <C:prop name="dtend"/> <C:prop name="duration"/> <C:prop name="exdate"/> <C:prop name="exrule"/> <C:prop name="rdate"/> <C:prop name="rrule"/> <C:prop name="location"/> <C:prop name="summary"/> </C:comp> <C:comp name="vtimezone"> <C:allprop/> <C:allcomp/> </C:comp> </C:comp> </C:calendar-data> <C:filter> <C:comp-filter name="vcalendar"> <C:comp-filter name="vevent"> <C:time-range start=" t000000z" end=" t235959z"/> </C:comp-filter> </C:comp-filter> </C:filter> </C:calendar-query> Daboo, et al. Expires November 25, 2005 [Page 27]

28 >> Response << HTTP/ Multi-Status Content-Type: text/xml; charset="utf-8" Content-Length: xxxx <?xml version="1.0" encoding="utf-8"?> <D:multistatus xmlns:d="dav:" xmlns:c="urn:ietf:params:xml:ns:caldav"> <D:response> <D:href > <D:propstat> <D:prop> <D:getetag>"23ba4d-ff11fb"</D:getetag> </D:prop> <D:status>HTTP/ OK</D:status> </D:propstat> <C:calendar-data>BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Example Corp.//CalDAV Client//EN BEGIN:VEVENT DTSTART: T100000Z DTEND: T120000Z SUMMARY:Design meeting END:VEVENT END:VCALENDAR </C:calendar-data> </D:response> <D:response> <D:href > <D:propstat> <D:prop> <D:getetag>"ff11fb-23ba4d"</D:getetag> </D:prop> <D:status>HTTP/ OK</D:status> </D:propstat> <C:calendar-data>BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Example Corp.//CalDAV Client//EN BEGIN:VEVENT DTSTART: T130000Z DTEND: T150000Z SUMMARY:Design meeting - Part II UID: @example.com Daboo, et al. Expires November 25, 2005 [Page 28]

29 END:VEVENT END:VCALENDAR </C:calendar-data> </D:response> </D:multistatus> Example: Retrieval of todos by alarm time range In this example, the client requests the server to return the VTODO components that have an alarm trigger scheduled in the specified time range. >> Request << REPORT /bernard/calendar/ HTTP/1.1 Host: cal.example.com Depth: 1 Content-Type: text/xml Content-Length: xxxx <?xml version="1.0" encoding="utf-8"?> <C:calendar-query xmlns:c="urn:ietf:params:xml:ns:caldav"> <D:prop xmlns:d="dav:"> <D:getetag/> </D:prop> <C:calendar-data/> <C:filter> <C:comp-filter name="vcalendar"> <C:comp-filter name="vtodo"> <C:comp-filter name="valarm"> <C:time-range start=" t000000z" end=" t235959z"/> </C:comp-filter> </C:comp-filter> </C:comp-filter> </C:filter> </C:calendar-query> Example: Retrieval of event by UID In this example, the client requests the server to return the VEVENT component that has the UID property set to " FEEBDAED@foo.org". Daboo, et al. Expires November 25, 2005 [Page 29]

30 >> Request << REPORT /bernard/calendar/ HTTP/1.1 Host: cal.example.com Depth: 1 Content-Type: text/xml Content-Length: xxxx <?xml version="1.0" encoding="utf-8"?> <C:calendar-query xmlns:c="urn:ietf:params:xml:ns:caldav"> <D:prop xmlns:d="dav:"> <D:getetag/> </D:prop> <C:calendar-data/> <C:filter> <C:comp-filter name="vcalendar"> <C:comp-filter name="vevent"> <C:prop-filter name="uid"> <C:text-match caseless="no"> feebdaed@foo.org</c:text-match> </C:prop-filter> </C:comp-filter> </C:comp-filter> </C:filter> </C:calendar-query> Example: Retrieval of events by participation status In this example, the client requests the server to return the VEVENT components that have the ATTENDEE property with the value "mailto:jsmith@example.org" and for which the PARTSTAT parameter is set to "NEEDS-ACTION". Daboo, et al. Expires November 25, 2005 [Page 30]

31 >> Request << REPORT /bernard/calendar/ HTTP/1.1 Host: cal.example.com Depth: 1 Content-Type: text/xml Content-Length: xxxx <?xml version="1.0" encoding="utf-8"?> <C:calendar-query xmlns:c="urn:ietf:params:xml:ns:caldav"> <D:prop xmlns:d="dav:"> <D:getetag/> </D:prop> <C:calendar-data/> <C:filter> <C:comp-filter name="vcalendar"> <C:comp-filter name="vevent"> <C:prop-filter name="attendee"/> <C:text-match caseless="yes">mailto:jsmith@foo.org</c:text-match> <C:param-filter name="partstat"/> <C:text-match caseless="no">needs-action</c:text-match> </C:param-filter> </C:prop-filter> </C:comp-filter> </C:comp-filter> </C:filter> </C:calendar-query> Example: Retrieval of events only In this example, the client requests the server to return all VEVENT components. Daboo, et al. Expires November 25, 2005 [Page 31]

32 >> Request << REPORT /bernard/calendar/ HTTP/1.1 Host: cal.example.com Depth: 1 Content-Type: text/xml Content-Length: xxxx <?xml version="1.0" encoding="utf-8"?> <C:calendar-query xmlns:c="urn:ietf:params:xml:ns:caldav"> <D:prop xmlns:d="dav:"> <D:getetag/> </D:prop> <C:calendar-data/> <C:filter> <C:comp-filter name="vcalendar"> <C:comp-filter name="vevent"> <C:is-defined/> </C:comp-filter> </C:comp-filter> </C:filter> </C:calendar-query> 8.4 CALDAV:calendar-multiget Report The CALDAV:calendar-multiget REPORT is used to retrieve specific calendar resources from within a collection, if the Request-URI is a collection, or to retrieve a specific calendar resource, if the Request-URI is a calendar resource. This report is similar to the CALDAV:calendar-query REPORT (see Section 8.3), except that it takes a list of DAV:href elements instead of a CALDAV:filter element to determine which calendar resources to return. Support for the calendar-multiget REPORT is REQUIRED. Marshalling: The request body MUST be a CALDAV:calendar-multiget XML element (see Section 10.6, which MUST contain at least one DAV:href XML element, and one optional CALDAV:calendar-data element as defined in Section If the Request-URI is a collection resource, then the DAV:href elements MUST refer to resources within that collection, and they MAY refer to resources at any depth within the collection. As a result the "Depth" header MUST be ignored by the server and SHOULD NOT be sent by the client. If the Request- URI refers to a non-collection resource, then there MUST be a single DAV:href element that is equal to the Request-URI. Daboo, et al. Expires November 25, 2005 [Page 32]

33 The response body for a successful request MUST be a DAV: multistatus XML element. In the case where there are no response elements, the returned multistatus XML element is empty. The response body for a successful CALDAV:calendar-multiget REPORT request MUST contain a DAV:response element for each calendar resource referenced by the provided set of DAV:href elements. The DAV:response element is as defined in Section In the case of an error accessing any of the provided DAV:href resources, the server MUST return the appropriate error status code in the DAV:status element of the corresponding DAV:response element Example: CALDAV:calendar-multiget Report In this example, the client requests the server to return specific properties of the VEVENT components references by specific URIs. In addition the DAV:getetag property is also requested and returned as part of the response. Note that in this example, the resource at does not exist, resulting in an error status response. Daboo, et al. Expires November 25, 2005 [Page 33]

34 >> Request << REPORT /bernard/calendar/ HTTP/1.1 Host: cal.example.com Content-Type: text/xml Content-Length: xxxx <?xml version="1.0" encoding="utf-8"?> <C:calendar-multiget xmlns:d="dav:" xmlns:c="urn:ietf:params:xml:ns:caldav"> <D:prop> <D:getetag/> </D:prop> <C:calendar-data> <C:comp name="vcalendar"> <C:allprop/> <C:comp name="vevent"> <C:prop name="uid"/> <C:prop name="dtstart"/> <C:prop name="dtend"/> <C:prop name="duration"/> <C:prop name="exdate"/> <C:prop name="exrule"/> <C:prop name="rdate"/> <C:prop name="rrule"/> <C:prop name="location"/> <C:prop name="summary"/> </C:comp> <C:comp name="vtimezone"> <C:allprop/> <C:allcomp/> </C:comp> </C:comp> </C:calendar-data> <D:href> <D:href> </C:calendar-multiget> Daboo, et al. Expires November 25, 2005 [Page 34]

35 >> Response << HTTP/ Multi-Status Content-Type: text/xml; charset="utf-8" Content-Length: xxxx <?xml version="1.0" encoding="utf-8"?> <D:multistatus xmlns:d="dav:" xmlns:c="urn:ietf:params:xml:ns:caldav"> <D:response> <D:href> <D:propstat> <D:prop> <D:getetag>"23ba4d-ff11fb"</D:getetag> </D:prop> <D:status>HTTP/ OK</D:status> </D:propstat> <C:calendar-data>BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Example Corp.//CalDAV Client//EN BEGIN:VEVENT DTSTART: T100000Z DTEND: T120000Z SUMMARY:Design meeting END:VEVENT END:VCALENDAR </C:calendar-data> </D:response> <D:response> <D:href> <D:status>HTTP/ Resource not found</d:status> </D:response> </D:multistatus> 8.5 CALDAV:free-busy-query Report The CALDAV:free-busy-query REPORT generates an icalendar VFREEBUSY component containing free busy information for all relevant components within calendar collections which have the CALDAV:viewfree-busy or DAV:read privilege granted for the current authenticated user. Only the VEVENT components, with the TRANSP property set to a value different from "TRANSPARENT", and the VFREEBUSY components will be considered to generate the free busy time information. Daboo, et al. Expires November 25, 2005 [Page 35]