[Docs] [txt|pdf|xml|html] [Tracker] [Email] [Nits]

Versions: 00 01 02 03 04

Network Working Group                                             E. Pot
Internet-Draft                                                fruux GmbH
Expires: June 18, 2015                                          C. Daboo
                                                                 E. York
                                                              Apple Inc.
                                                       December 15, 2014


                        WebDAV Resource Sharing
                  draft-pot-webdav-resource-sharing-00

Abstract

   This specification defines an extension to WebDAV that enables the
   sharing of resources between users on a WebDAV server.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on June 18, 2015.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.




Pot, et al.               Expires June 18, 2015                 [Page 1]


Internet-Draft           WebDAV Resource Sharing           December 2014


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Open Issues . . . . . . . . . . . . . . . . . . . . . . . . .   4
   3.  Conventions Used in This Document . . . . . . . . . . . . . .   4
   4.  Overview  . . . . . . . . . . . . . . . . . . . . . . . . . .   4
   5.  Notification Definitions  . . . . . . . . . . . . . . . . . .   5
     5.1.  Invite Notification . . . . . . . . . . . . . . . . . . .   5
       5.1.1.  Example: An invite notification . . . . . . . . . . .   5
     5.2.  Invite Reply  . . . . . . . . . . . . . . . . . . . . . .   6
       5.2.1.  Example: An invite reply  . . . . . . . . . . . . . .   6
   6.  Resource sharing  . . . . . . . . . . . . . . . . . . . . . .   7
     6.1.  Feature Discovery . . . . . . . . . . . . . . . . . . . .   7
     6.2.  Additional Properties for resources . . . . . . . . . . .   7
       6.2.1.  DAV:resourcetype Property . . . . . . . . . . . . . .   7
       6.2.2.  DAV:invite Property . . . . . . . . . . . . . . . . .   7
       6.2.3.  DAV:shared-url Property . . . . . . . . . . . . . . .   8
     6.3.  Sharer Actions on Shared Resource . . . . . . . . . . . .   9
       6.3.1.  Sharing or Unsharing a Resource . . . . . . . . . . .   9
       6.3.2.  Manipulating Sharees of a Shared Resource . . . . . .   9
         6.3.2.1.  Example: Successful Sharee Add Request  . . . . .  10
         6.3.2.2.  Example: Successful Multiple Sharee Change
                   Request . . . . . . . . . . . . . . . . . . . . .  10
     6.4.  Sharee Actions on Shared Resources  . . . . . . . . . . .  11
       6.4.1.  Replying to a Sharing Invite  . . . . . . . . . . . .  11
         6.4.1.1.  Example: Accepting an invite  . . . . . . . . . .  12
       6.4.2.  Ignoring an invitation  . . . . . . . . . . . . . . .  13
       6.4.3.  Making modifications to a shared resource . . . . . .  13
       6.4.4.  Removing a shared resource  . . . . . . . . . . . . .  13
     6.5.  General Considerations  . . . . . . . . . . . . . . . . .  13
       6.5.1.  Access Levels . . . . . . . . . . . . . . . . . . . .  13
       6.5.2.  Per-instance WebDAV Properties  . . . . . . . . . . .  14
   7.  Sharing privileges  . . . . . . . . . . . . . . . . . . . . .  14
   8.  XML Element Definitions . . . . . . . . . . . . . . . . . . .  14
     8.1.  DAV:shared-owner  . . . . . . . . . . . . . . . . . . . .  14
     8.2.  DAV:shared  . . . . . . . . . . . . . . . . . . . . . . .  15
     8.3.  DAV:share . . . . . . . . . . . . . . . . . . . . . . . .  15
     8.4.  DAV:user  . . . . . . . . . . . . . . . . . . . . . . . .  15
     8.5.  DAV:invite-noresponse . . . . . . . . . . . . . . . . . .  16
     8.6.  DAV:invite-deleted  . . . . . . . . . . . . . . . . . . .  16
     8.7.  DAV:invite-accepted . . . . . . . . . . . . . . . . . . .  17
     8.8.  DAV:invite-declined . . . . . . . . . . . . . . . . . . .  17
     8.9.  DAV:invite-invalid  . . . . . . . . . . . . . . . . . . .  17
     8.10. DAV:access  . . . . . . . . . . . . . . . . . . . . . . .  18
     8.11. DAV:read  . . . . . . . . . . . . . . . . . . . . . . . .  18
     8.12. DAV:read-write  . . . . . . . . . . . . . . . . . . . . .  18
     8.13. DAV:invite-notification . . . . . . . . . . . . . . . . .  19
     8.14. DAV:hosturl . . . . . . . . . . . . . . . . . . . . . . .  19



Pot, et al.               Expires June 18, 2015                 [Page 2]


Internet-Draft           WebDAV Resource Sharing           December 2014


     8.15. DAV:organizer . . . . . . . . . . . . . . . . . . . . . .  20
     8.16. DAV:invite-reply  . . . . . . . . . . . . . . . . . . . .  20
     8.17. DAV:reply-notification  . . . . . . . . . . . . . . . . .  20
     8.18. DAV:create-in . . . . . . . . . . . . . . . . . . . . . .  21
     8.19. DAV:share . . . . . . . . . . . . . . . . . . . . . . . .  21
     8.20. DAV:set-invitee . . . . . . . . . . . . . . . . . . . . .  21
     8.21. DAV:remove-invitee  . . . . . . . . . . . . . . . . . . .  22
     8.22. DAV:shared-as . . . . . . . . . . . . . . . . . . . . . .  22
   9.  Security Considerations . . . . . . . . . . . . . . . . . . .  22
   10. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  22
   11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  23
   12. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  23
   13. Normative References  . . . . . . . . . . . . . . . . . . . .  24
   Appendix A.  Change History . . . . . . . . . . . . . . . . . . .  24
   Appendix B.  Backwards compatibility  . . . . . . . . . . . . . .  25
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  25

1.  Introduction

   Users of CalDAV [RFC4791] and CardDAV [RFC6352] often require a
   mechanism to share a calendar or address book collection with other
   users.

   This specification introduces a mechanism that allows users of WebDAV
   servers to invite another user to share a resource or WebDAV
   collection.  The invited user can either accept or reject the invite,
   which is communicated back to the sharer.  If the user chooses to
   accept the invite, the shared resource will then appear in a location
   on the server that's accessible by the invitee.

   There are existing mechanism that address similar use-cases, such as
   using WebDAV ACL [RFC3744] for fine-grained access control.
   Experiences has shown that client developers are averse to using it
   due its complexity.  Many implementations have chosen to only use
   WebDAV ACL for communicating access control information to clients,
   but not for modification.  WebDAV ACL alone also does not provide the
   means for a user to invite another user.

   HTTP POST operations are used to manage the sharing invitations and
   replies, and WebDAV properties are used to expose the state of shared
   resources.

   This specification uses WebDAV notifications to communicate to users
   there are outstanding invitations, or responses to invitations.







Pot, et al.               Expires June 18, 2015                 [Page 3]


Internet-Draft           WebDAV Resource Sharing           December 2014


2.  Open Issues

   1.  ...

3.  Conventions Used in This Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

   When XML element types in the namespaces "DAV:" and
   "urn:ietf:params:xml:ns:caldav" are referenced in this document
   outside of the context of an XML fragment, the string "DAV:" and
   "CALDAV:" will be prefixed to the element type names respectively.

   Terms Used:

   Sharer  A user who is sharing a resource with other users.

   Sharee  A user to whom a resource has been shared.

   Sharing Invite  A message sent by a sharer to a sharee to indicate
      the status of a shared resource.

   Sharing Reply  A message sent by a sharee to a sharer to indicate the
      status of a shared resource.

4.  Overview

   This section provides a basic overview of this protocol by way of a
   simple use case of a sharer sharing a collection with a single
   sharee.

   To share a resource with another user, the sharer's client executes
   an HTTP POST request against the resource that's to be shared.  The
   POST request body will contain details of the user to whom the
   resource is to be shared as well as the access right to be granted to
   them.  If the request succeeds, a notification is sent to the sharee
   with details of the resource being shared to them.

   The sharer's client will show the notification to the sharee and
   present them with the choice to accept or decline the invitation to
   the shared collection.  If the sharee chooses to decline, then
   nothing changes for that sharee.  If the sharee chooses to accept,
   then a new resource is created at a location that's accessible to the
   sharee.  The server enforces the appropriate access privileges for
   the sharee.




Pot, et al.               Expires June 18, 2015                 [Page 4]


Internet-Draft           WebDAV Resource Sharing           December 2014


   At any time, the sharer can inspect properties on the resource being
   shared, and determine the accept/decline status of each sharee.
   Additional sharees can be added and existing ones removed.  The
   access privileges for existing sharees can also be changed.

   Once a sharee has access to the shared resource, they can remove it
   and decline the sharing invite by simply having their client issue an
   HTTP DELETE request on the shared collection.  That does not delete
   any data, but rather simply removes the "link" to the sharer's
   resource and sets the sharee's invite status to declined.

5.  Notification Definitions

   In order to facilitate the process of sharing invitations, this
   specification uses WebDAV notifications, and defines several new
   notification types.

5.1.  Invite Notification

   When a sharer adds a new sharee to a resource, or updates a sharee,
   an invite notification is added to the sharee's notification
   collection.

   The notification contains information about the shared resource, the
   owner and how to respond to the invitation.

5.1.1.  Example: An invite notification

   This is an example of a response to a GET request on a correct invite
   notification.  Note that several HTTP response headers have been
   removed for brevity.




















Pot, et al.               Expires June 18, 2015                 [Page 5]


Internet-Draft           WebDAV Resource Sharing           December 2014


   HTTP/1.1 200 OK
   Content-Type: application/davnotification+xml
   Content-Length: xxxx

   <D:notification xmlns:D="DAV:">
       <D:dtstamp>2014-08-05T13:38:02Z</D:dtstamp>
       <D:invite-notification>
           <D:principal>
               <D:href>/principals/users/evert/</D:href>
           </D:principal>
           <D:invite-accepted />
           <D:href>/calendars/users/evert/offdays/</D:href>
           <D:access><D:read-write /></D:access>
           <D:prop>
               <D:displayname>Vacation days!!</D:displayname>
               <D:resourcetype><D:collection /></D:resourcetype>
           </D:prop>
       </D:invite-notification>
   </D:notification>

5.2.  Invite Reply

   After a sharee has accepted or declined an invitation, the sharer
   receives a reply-notification in their notification collection.

   This notification contains information about which collection this
   relates to, and who responded to the invite.

5.2.1.  Example: An invite reply

   This is an example of a response to a GET request on a correct invite
   notification.  Note that several HTTP response headers have been
   removed for brevity.


















Pot, et al.               Expires June 18, 2015                 [Page 6]


Internet-Draft           WebDAV Resource Sharing           December 2014


   HTTP/1.1 200 OK
   Content-Type: application/davnotification+xml
   Content-Length: xxxx

   <D:notification xmlns:D="DAV:">
       <D:dtstamp>2014-09-03T02:30:00Z</D:dtstamp>
       <D:reply-notification>
           <D:principal>
               <D:href>mailto:john@example.org</D:href>
           </D:principal>
           <D:invite-declined />
           <D:href>/calendars/users/evert/offdays/</D:href>
           <D:comment>Sorry, I'm not interested</D:comment>
       </D:reply-notification>
   </D:notification>

6.  Resource sharing

6.1.  Feature Discovery

   A server that supports the features described in this document MUST
   include "resource-sharing" as a field in the DAV response header from
   an OPTIONS request on any resource that supports these features.

6.2.  Additional Properties for resources

   The following new or modified WebDAV properties are defined for
   resources and used to view or manipulate shared resources features.

6.2.1.  DAV:resourcetype Property

   Resources that are shared have elements listed in their
   DAV:resourcetype property in addition to any elements that may
   already be there, such as DAV:collection.

   o  DAV:shared-owner (Section 8.1): used to indicate that the resource
      is owned by the current user and is being shared by them.

   o  DAV:shared (Section 8.2): used to indicate that the resource is
      owned by another user and is being shared to the current user.

6.2.2.  DAV:invite Property

   Name:  invite

   Namespace:  DAV:

   Purpose:  Used to show to whom a resource has been shared.



Pot, et al.               Expires June 18, 2015                 [Page 7]


Internet-Draft           WebDAV Resource Sharing           December 2014


   Protected:  This property MUST be protected.

   PROPFIND behavior:  This property SHOULD NOT be returned by a
      PROPFIND allprop request (as defined in Section 14.2 of
      [RFC4918]).

   COPY/MOVE behavior:  This property value MUST be preserved in MOVE
      operations, but MUST NOT be preserved in COPY operations.

   Description:  This WebDAV property is present on a resource that has
      been shared by the owner, or on the resources for the sharees.  It
      provides a list of users to whom the resource has been shared,
      along with the "status" of the sharing invites sent to each user.
      In addition, servers SHOULD include a DAV:organizer XML element on
      resources of the sharees to provide clients with a fast way to
      determine who the sharer is.  A server's local privacy policy may
      prevent sharees from knowing about other sharees on a shared
      calendar.  If that is so server will not include DAV:user XML
      elements for other sharees.

   Definition:

   <!ELEMENT invite (organizer?, user*)>

6.2.3.  DAV:shared-url Property

   Name:  shared-url

   Namespace:  DAV:

   Purpose:  Indicates the URL of the owner's copy of a shared resource.

   Protected:  This property MUST be protected.

   PROPFIND behavior:  This property SHOULD NOT be returned by a
      PROPFIND allprop request (as defined in Section 14.2 of
      [RFC4918]).

   COPY/MOVE behavior:  This property value MUST be preserved in COPY
      and MOVE operations.

   Description:  This WebDAV property MAY be present on a shared
      resource.  Its content is a single DAV:href element whose value is
      the URL of the sharer's resource being shared.

   Definition:

   <!ELEMENT shared-url (DAV:href)>



Pot, et al.               Expires June 18, 2015                 [Page 8]


Internet-Draft           WebDAV Resource Sharing           December 2014


6.3.  Sharer Actions on Shared Resource

6.3.1.  Sharing or Unsharing a Resource

   To update an existing resource to be shared, the sharer simply adds
   one or more sharees to the resource as per Section 6.3.2.  The server
   MUST update the DAV:resourcetype property on the collection to ensure
   it contains a DAV:shared-owner XML element to indicate the resource
   is now shared.

   To unshare a resource, the sharer simply removes all sharees from the
   DAV:invite property of the resource as per Section 6.3.2.  The server
   MUST update the DAV:resourcetype property on the resource to ensure
   it does not contain a DAV:shared-owner XML element to indicate the
   resource is not shared.

6.3.2.  Manipulating Sharees of a Shared Resource

   The sharer of a shared resource is able to manipulate the sharee list
   by issuing a POST request targeted at the resource.  The POST request
   MUST contain an XML document as its body with the root element being
   DAV:share (Section 8.3).

   The POST request MUST contain a Content-Type HTTP header, which MUST
   contain "application/davshare+xml" as its value.  Servers SHOULD
   reject the request if this is not the case.

   The DAV:share (Section 8.3) element in the POST requests MUST contain
   one or more DAV:set-invitee (Section 8.20) or DAV:remove-invitee
   (Section 8.21) elements.  For each DAV:set-invitee (Section 8.20)
   element, the server MUST add the specified sharee access to the
   resource.  For each DAV:remove-invitee (Section 8.21) element the
   server MUST remove the specified sharee access from the shared
   resource.  In each case the server MUST send a notification message
   to any sharees whose status is changed (added, modified or removed),
   indicating to them a change in status for the shared resource.  This
   is accomplished by sending a DAV:invite-notification (Section 8.13)
   notification to each sharee.  The server SHOULD NOT send notification
   messages to sharees whose status is unchanged.

   Sharees are identified via a DAV:href element whose value is either a
   principal-URL for a sharee hosted on the same server, an email
   address, or any other URI identifying a user.  In the case of the
   later two, the sharee might not be a user on the same server - though
   in that case how invitations are sent or access enabled is out of
   scope for this specification.  A server MAY change the sharee's
   "address" to any suitable alternative that it might prefer when




Pot, et al.               Expires June 18, 2015                 [Page 9]


Internet-Draft           WebDAV Resource Sharing           December 2014


   returning the list of sharees via the DAV:invite property
   (Section 6.2.2).

   The client MAY include a DAV:displayname element in the DAV:set-
   invitee (Section 8.20) element.  When provided, the value represents
   the common name for the sharee, and is returned in the list of
   sharees via the DAV:invite property (Section 6.2.2).  The server MAY
   change this to a suitable alternative when it is able to match the
   sharee to a known user.  If absent from the client request, the
   server SHOULD add a DAV:displayname when it is able to match the
   sharee with a known user, and a common name for that user can be
   determined.

6.3.2.1.  Example: Successful Sharee Add Request

   This example shows how to add a single sharee (with email address
   "mailto:eric@example.com") to a shared resource with DAV:read-write
   access.

   >> Request <<

   POST /calendars/users/cyrus/shared/ HTTP/1.1
   Host: calendar.example.com
   Content-Type: application/davsharing+xml; charset="utf-8"
   Content-Length: xxxx

   <?xml version="1.0" encoding="utf-8" ?>
   <D:share xmlns:D="DAV:">
     <D:set-invitee>
       <D:href>mailto:eric@example.com</D:href>
       <D:displayname>Eric York</D:displayname>
       <D:comment>Shared workspace</D:comment>
       <D:read-write />
     </D:set-invitee>
   </D:share>

   >> Response <<

   HTTP/1.1 200 OK
   Cache-Control: no-cache
   Date: Sat, 11 Nov 2006 09:32:12 GMT

6.3.2.2.  Example: Successful Multiple Sharee Change Request

   This example shows how multiple sharee's can be manipulated in a
   single request.  The sharee with email address
   "mailto:eric@example.com" has their access downgraded to CS:read,
   whilst another sharee is removed from the access list entirely.



Pot, et al.               Expires June 18, 2015                [Page 10]


Internet-Draft           WebDAV Resource Sharing           December 2014


   >> Request <<

   POST /calendars/users/cyrus/shared/ HTTP/1.1
   Host: calendar.example.com
   Content-Type: application/davsharing+xml; charset="utf-8"
   Content-Length: xxxx

   <?xml version="1.0" encoding="utf-8" ?>
   <D:share xmlns:D="DAV:">
     <D:set-invitee>
       <D:href>mailto:eric@example.com</D:href>
       <D:comment>Shared workspace</D:comment>
       <D:read-write />
     </D:set-invitee>
     <D:remove-invitee>
       <D:href>mailto:wilfredo@example.com</D:href>
     </D:remove-invitee>
   </D:share>

   >> Response <<

   HTTP/1.1 204 No Content
   Cache-Control: no-cache
   Date: Sat, 11 Nov 2006 09:32:12 GMT

6.4.  Sharee Actions on Shared Resources

6.4.1.  Replying to a Sharing Invite

   When a sharee is invited to a shared resource they can accept or
   decline the invite by issuing a POST request to the resource URI for
   the invitation notification.  The POST request MUST contain an XML
   document as its body with the root element being DAV:invite-reply
   (Section 8.16).

   The POST request MUST contain a Content-Type HTTP header, which MUST
   contain "application/davshare+xml" as its value.  Servers SHOULD
   reject the request if this is not the case.

   The DAV:invite-reply (Section 8.16) element in the POST request
   specifies the accept or decline action via the DAV:invite-accepted or
   DAV:invite-declined elements, and an optional DAV:comment element.
   IF the invite was accepted, the body MUST also contain a DAV:create-
   in (Section 8.18) element.  This element contains a single DAV:href
   element, which content is a URI that will be used as the parent for
   the new shared resource.





Pot, et al.               Expires June 18, 2015                [Page 11]


Internet-Draft           WebDAV Resource Sharing           December 2014


   The client MAY also provide a DAV:slug property.  The server MAY use
   the contents of this property to determine the name of the new
   resource.

   All usual preconditions for creating a resource at the DAV:create-in
   target collection need to be taken into consideration.

   Note that some servers may restrict where certain types of resources
   may be created.  A CalDAV server for instance, may only allow
   calendars to be created in collections identified by the
   CALDAV:calendar-home-set WebDAV property.

   A successful response to an accepted invitation, SHOULD have a HTTP
   201 status code, and MUST have a HTTP Location header, containing the
   full url to the newly created resource.

   A successful response to a declined invitation, SHOULD contain a 200
   or 204 HTTP status code.

   When the sharee replies to an invite, the server SHOULD send a
   notification to the sharer to update them on the change in the sharee
   state.  This is accomplished by sending a DAV:reply-notification
   (Section 8.17) notification to the sharer.

   After the sharee has issued a reply, the server SHOULD also remove
   the notification that contained the initial invite.

6.4.1.1.  Example: Accepting an invite

   This is an example of a request that the sharee would send to accept
   an invitation.

   POST /principals/users/evert/notifications/1000455.xml HTTP/1.1
   Host: calendar.example.com
   Content-Type: application/davsharing+xml; charset="utf-8"

   <?xml version="1.0" encoding="utf-8" ?>
   <D:invite-reply xmlns:D="DAV:">
       <D:invite-accepted />
       <D:create-in>
           <D:href>/calendars/users/evert/</D:href>
       </D:create-in>
       <D:slug>Tech meetups</D:slug>
   </D:invite-reply>







Pot, et al.               Expires June 18, 2015                [Page 12]


Internet-Draft           WebDAV Resource Sharing           December 2014


6.4.2.  Ignoring an invitation

   For privacy reasons, sharees need to be able to remove invitations
   without notifiying the sharer.

   When the sharee issues a DELETE on an invite-notification, the server
   MUST remove the notification, and MUST not let the sharer know about
   this.

   As a result, from the sharers perspective, the invitation status for
   that principal will always remain as DAV:invite-noreply.

6.4.3.  Making modifications to a shared resource

   Any changes that a sharee makes to a shared resource should also be
   reflected in the sharers instance of the resource.

   If the shared resource is a collection, any resources in the
   collection, or in the collection's child-collections MUST also appear
   in the sharers instance.

6.4.4.  Removing a shared resource

   To remove a shared resource a DELETE request is targeted at the
   shared resource URI.  When such a request is received the server MUST
   remove the shared collection and automatically update the sharee's
   status in the sharer's DAV:invite property.

6.5.  General Considerations

6.5.1.  Access Levels

   Two levels of access can be granted by a sharer to any sharee.  These
   are governed by the DAV:access element used in the DAV:invite/
   DAV:user element that specifies a shared user invite.  DAV:access
   contains a single empty element that defines the type of access
   granted:

   DAV:read  When present this indicates that sharees can read
      information from the resource, but cannot change it.  This applies
      to the resource, but if the shared resource is a collection, it
      also applies to the collection's children.

   DAV:read-write  When present this indicates that sharees can read and
      write information from the resource.

   The function of the DAV:read and DAV:read-write elements is to give a
   quick indicator for a sharee what kind of access they may expect.



Pot, et al.               Expires June 18, 2015                [Page 13]


Internet-Draft           WebDAV Resource Sharing           December 2014


   The server may still set more fine-grained access control rules.  The
   sharee can find out about these rules by requesting the DAV:current-
   user-privilege-set property on the shared resource, or its children.

6.5.2.  Per-instance WebDAV Properties

   Servers MUST support "per-instance" WebDAV properties on shared
   resource and MAY support them on resources within shared collections.
   A "per-instance" WebDAV property is one whose value can be set and
   retrieved on an instance of a resource, but is not automatically
   propagated to other instances of the same shared resource.  For
   example, a sharee may change a property on their instance of a shared
   resource, but the instance of the owner of the resource will not see
   this updated value.

   For shared resources, the server MUST allow all users to write "per-
   instance" WebDAV properties on the shared resources and MAY allow
   property writes on resources within the shared resources.  This is
   required even in the case where the sharee has been granted read
   access only (i.e., the ability to change the resource is disallowed).
   This requirement ensures that sharees can always change "personal"
   properties such as display names.

   Servers MAY treat any dead property as per-instance.

   Servers MUST NOT treat live properties as per-instance.

7.  Sharing privileges

   Servers MAY support sharing on a per-resource basis.  This section
   defines a "DAV:share" WebDAV Access Control (ACL) [RFC3744] privilege
   for use on collections that may be shared.

   This privilege MUST be non-abstract and MAY be protected.  This
   privilege MUST appear in the DAV:supported-privilege-set property for
   resources that may be shared.  In addition, it MUST appear in the
   DAV:current-user-privilege-set, if the user is allowed to share the
   collection.

8.  XML Element Definitions

8.1.  DAV:shared-owner

   Name:  shared-owner

   Namespace:  DAV:





Pot, et al.               Expires June 18, 2015                [Page 14]


Internet-Draft           WebDAV Resource Sharing           December 2014


   Purpose:  Used to indicate that a resource is being shared by the
      owner.

   Description:  This property appears in the DAV:resourcetype property
      on the resource shared by a sharer.  See Section 6.2.

   Definition:

   <!ELEMENT shared-owner EMPTY>

8.2.  DAV:shared

   Name:  shared

   Namespace:  DAV:

   Purpose:  Used to indicate that a resources is being shared to a
      sharee.

   Description:  This property appears in the DAV:resourcetype property
      on a resource that is shared to a sharee.  See Section 6.2.

   Definition:

   <!ELEMENT shared EMPTY>

8.3.  DAV:share

   Name:  share

   Namespace:  DAV:

   Purpose:  A WebDAV ACL privilege to control sharing.

   Description:  This element represents a WebDAV ACL privilege
      [RFC3744], and indicates that the current principal is allowed to
      share the resource on which it is defined.

   Definition:

   <!ELEMENT share EMPTY>

8.4.  DAV:user

   Name:  user

   Namespace:  DAV:




Pot, et al.               Expires June 18, 2015                [Page 15]


Internet-Draft           WebDAV Resource Sharing           December 2014


   Purpose:  Used to show status of sharing invites sent to sharees.

   Description:  This element provides the "status" of a sharing invite
      sent to a particular user.  See Section 6.2.2.

   Definition:

   <!ELEMENT user (href, displayname?, (invite-noresponse |
                   invite-accepted | invite-declined | invite-invalid),
                   access, comment?)>

8.5.  DAV:invite-noresponse

   Name:  invite-noresponse

   Namespace:  DAV:

   Purpose:  Sharing invite status.

   Description:  When used in a DAV:user (Section 8.4) element, this
      element is used to indicate that the sharee has never replied to
      the corresponding sharing invite.  When used in a DAV:invite-
      notification (Section 8.13) element, this element is used to
      indicate to the sharee that a sharing reply is needed.

   Definition:

   <!ELEMENT invite-noresponse EMPTY>

8.6.  DAV:invite-deleted

   Name:  invite-deleted

   Namespace:  DAV:

   Purpose:  Sharing invite status.

   Description:  When used in a DAV:invite-notification (Section 8.13)
      element, this element is used to indicate to the sharee that a
      shared resource has been unshared by the sharer.

   Definition:

   <!ELEMENT invite-deleted EMPTY>







Pot, et al.               Expires June 18, 2015                [Page 16]


Internet-Draft           WebDAV Resource Sharing           December 2014


8.7.  DAV:invite-accepted

   Name:  invite-accepted

   Namespace:  DAV:

   Purpose:  Sharing invite status.

   Description:  When used in a DAV:user (Section 8.4) element, this
      element is used to indicate that the sharee has accepted the
      corresponding sharing invite.  When used in a DAV:invite-
      notification (Section 8.13) element, this element is used to
      indicate to the sharee that the sharing invite is an update for
      one they previously accepted.

   Definition:

   <!ELEMENT invite-accepted EMPTY>

8.8.  DAV:invite-declined

   Name:  invite-declined

   Namespace:  DAV:

   Purpose:  Sharing invite status.

   Description:  When used in a DAV:user (Section 8.4) element, this
      element is used to indicate that the sharee has declined the
      corresponding sharing invite.  When used in a DAV:invite-
      notification (Section 8.13) element, this element is used to
      indicate to the sharee that the sharing invite is an update for
      one they previously declined.

   Definition:

   <!ELEMENT invite-declined EMPTY>

8.9.  DAV:invite-invalid

   Name:  invite-invalid

   Namespace:  DAV:

   Purpose:  Sharing invite status.






Pot, et al.               Expires June 18, 2015                [Page 17]


Internet-Draft           WebDAV Resource Sharing           December 2014


   Description:  When used in a DAV:user (Section 8.4) element, this
      element is used to indicate that the corresponding sharee is not a
      valid user known to the server.

   Definition:

   <!ELEMENT invite-invalid EMPTY>

8.10.  DAV:access

   Name:  access

   Namespace:  DAV:

   Purpose:  Shared resource access level.

   Description:  When used in a DAV:user (Section 8.4) element, this
      element is used to indicate the sharing access level granted to
      the corresponding sharee.

   Definition:

   <!ELEMENT access (read | read-write)>

8.11.  DAV:read

   Name:  read

   Namespace:  DAV:

   Purpose:  Shared resource access level privilege.

   Description:  Indicates that the access level granted only allows
      sharees to read data in the shared resource (though they can write
      per-instance data (Section 6.5.2)).

   Definition:

   <!ELEMENT read EMPTY>

8.12.  DAV:read-write

   Name:  read-write

   Namespace:  DAV:

   Purpose:  Shared resource access level privilege.




Pot, et al.               Expires June 18, 2015                [Page 18]


Internet-Draft           WebDAV Resource Sharing           December 2014


   Description:  Indicates that the access level granted allows sharees
      to read and write all data in the resource.

   Definition:

   <!ELEMENT read-write EMPTY>

8.13.  DAV:invite-notification

   Name:  invite-notification

   Namespace:  DAV:

   Purpose:  A notification used as a shared resource invite.

   Description:  Defines a notification message sent automatically by
      the server when a sharer adds, changes or removes a sharee from a
      shared resource.  The DAV:href element specifies the URI of the
      sharee to whom the message was sent.

   Definition:

   <!ELEMENT invite-notification (
               dav:href,
               (invite-noresponse | invite-deleted |
               invite-accepted | invite-declined),
               access, organizer,
               comment?,
   >

8.14.  DAV:hosturl

   Name:  hosturl

   Namespace:  DAV:

   Purpose:  Identifies the source URL of a shared resource.

   Description:  Contains a single DAV:href element that refers to the
      source of a shared resource - i.e., the URL of the resource shared
      by the sharer.

   Definition:

   <!ELEMENT hosturl (DAV:href)>






Pot, et al.               Expires June 18, 2015                [Page 19]


Internet-Draft           WebDAV Resource Sharing           December 2014


8.15.  DAV:organizer

   Name:  organizer

   Namespace:  DAV:

   Purpose:  Identifies the sharer of a shared resource.

   Description:  Contains a single DAV:href element that identifies the
      URI of the sharer of a shared resource, and an optional
      DAV:displayname element that matches that user.

   Definition:

   <!ELEMENT organizer (href,
                        displayname?)?)>

8.16.  DAV:invite-reply

   Name:  invite-reply

   Namespace:  DAV:

   Purpose:  Root element for a POST request used to respond to a share
      invitation.

   Description:  When a user responds to an invitation, the user issues
      a POST request with an xml body.  DAV:invite-reply is the root
      element for this xml document.

   Definition:

   <!ELEMENT invite-reply (href,
                           (invite-accepted | invite-declined),
                           hosturl, create-in?, comment?>

8.17.  DAV:reply-notification

   Name:  reply-notification

   Namespace:  DAV:

   Purpose:  A notification used as a reply to a shared resource invite.

   Description:  Defines a notification message sent automatically by
      the server when a sharee replies to a shared resource invite.  The
      DAV:href element specifies the URI of the sharee to whom the
      original invite message was sent.



Pot, et al.               Expires June 18, 2015                [Page 20]


Internet-Draft           WebDAV Resource Sharing           December 2014


   Definition:

   <!ELEMENT invite-reply (href,
                           (invite-accepted | invite-declined),
                           hosturl, create-in?, comment?>

8.18.  DAV:create-in

   Name:  create-in

   Namespace:  DAV:

   Purpose:  The target url for the new resource.

   Description:  When a user accepts an invitation to share a resource,
      this URI will be used to create the new shared resource.

   Definition:

   <!ELEMENT create-in (DAV:href)>

8.19.  DAV:share

   Name:  share

   Namespace:  DAV:

   Purpose:  Describes changes to sharees.

   Description:  The root element used in POST requests on resources by
      sharers to manipulate the sharee list of a shared resource.

   Definition:

   <!ELEMENT share (set | remove)*>

8.20.  DAV:set-invitee

   Name:  set-invitee

   Namespace:  DAV:

   Purpose:  Sets access for a sharee.

   Description:  Used to add or modify sharee access to a shared
      resource.  The specified access to the shared resource is given to
      the sharee.




Pot, et al.               Expires June 18, 2015                [Page 21]


Internet-Draft           WebDAV Resource Sharing           December 2014


   Definition:

   <!ELEMENT set (DAV:href, displayname?, comment?,
                  (read | read-write)>

8.21.  DAV:remove-invitee

   Name:  remove-invitee

   Namespace:  DAV:

   Purpose:  Removes access for a sharee.

   Description:  Used to remove sharee access to a shared resource.  All
      access to the shared resource is removed for the sharee.

   Definition:

   <!ELEMENT remove (DAV:href)>

8.22.  DAV:shared-as

   Name:  shared-as

   Namespace:  DAV:

   Purpose:  Identifies a shared resource.

   Description:  Returned by the server for a POST request by a sharee
      accepting a shared resource invite.  The DAV:href element
      specifies the URI of the resource created by the acceptance.

   Definition:

   <!ELEMENT shared-as (DAV:href)>

9.  Security Considerations

   TBD

10.  IANA Considerations

   This document does not require any actions on the part of IANA.








Pot, et al.               Expires June 18, 2015                [Page 22]


Internet-Draft           WebDAV Resource Sharing           December 2014


11.  Acknowledgments

   This specification is the result of discussions between the Apple
   calendar server and client teams.

12.  IANA Considerations

   This document defines a MIME media type for XML documents used in for
   sharing.  This media type SHOULD be used for all POST requests in
   this specification.

   Type name:  application

   Subtype name:  davsharing+xml

   Required parameters:  none

   Optional parameters:  none

   Encoding considerations:  Identical to those of "application/xml" as
      described in RFC7303 [RFC7303].

   Security considerations:  N/A.

   Interoperability considerations:  There are no known interoperability
      issues.

   Published specification:  This specification.

   Applications that use this media type:  No known applications
      currently use this media type.

   Fragment identifier considerations:  N/A.

   Additional information

   Deprecated alias names for this type  N/A.

   Magic number(s)  N/A.

   File extension(s)  xml

   Macintosh file type code(s)  TEXT

   Person & email address to contact for further information:
      me@evertpot.com

   Intended usage  COMMON



Pot, et al.               Expires June 18, 2015                [Page 23]


Internet-Draft           WebDAV Resource Sharing           December 2014


   Restrictions on usage  There are no restrictions on where this media

   Author  See the "Authors' Addresses" section of this document.

   Change Controller  IETF

13.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC3744]  Clemm, G., Reschke, J., Sedlar, E., and J. Whitehead, "Web
              Distributed Authoring and Versioning (WebDAV)
              Access Control Protocol", RFC 3744, May 2004.

   [RFC4791]  Daboo, C., Desruisseaux, B., and L. Dusseault,
              "Calendaring Extensions to WebDAV (CalDAV)", RFC 4791,
              March 2007.

   [RFC4918]  Dusseault, L., "HTTP Extensions for Web Distributed
              Authoring and Versioning (WebDAV)", RFC 4918, June 2007.

   [RFC6352]  Daboo, C., "CardDAV: vCard Extensions to Web Distributed
              Authoring and Versioning (WebDAV)", RFC 6352, August 2011.

   [RFC6638]  Daboo, C. and B. Desruisseaux, "Scheduling Extensions to
              CalDAV", RFC 6638, June 2012.

   [RFC7303]  Thompson, H. and C. Lilley, "XML Media Types", RFC 7303,
              July 2014.

Appendix A.  Change History

   Changes in -03:

   1.  Fixed access element DTD.

   2.  Remove MKxxx and PROPPATCH mechanism for upgrading/downgrading
       shared state on a calendar collection.  Instead the server
       implicitly sets the state based on whether there are any sharees
       or not..

   3.  Added CS:first-name and CS:last-name optional element to
       CS:organizer.

   4.  Added CALDAV:supported-calendar-component-set optional element to
       CS:invite-notification.




Pot, et al.               Expires June 18, 2015                [Page 24]


Internet-Draft           WebDAV Resource Sharing           December 2014


   Changes in -02:

   1.  Removed read-write-shared access mode - now a server that does
       not support shared scheduling should advertise that via a DAV
       header

   Changes in -01:

   1.  Added CS:shared-url property

   2.  Clarified that notifications are only required to be sent when
       sharee status is changed

Appendix B.  Backwards compatibility

   This specification is based on an earlier effort, often referred to
   as 'caldav-sharing'.  It is possible to remain compatibile with this
   specification, but it's important to be aware of a number of changes.

   The earlier draft uses the http://calendarserver.org/ns/ namespace
   for all its xml elements.  This means that any WebDAV property
   introduced in this specification, may need to have a similar property
   in the old namespace.

   XML documents as sent by POST requests and responses, and resources
   returned from notifications can be distinguished by the use of the
   Content-Type and Accept HTTP headers.  The earlier draft does not
   define new mime-types for these, but this specification does.

Authors' Addresses

   Evert Pot
   fruux GmbH
   Koenigsstrasse 32
   Muenster, NRW  48143
   Germany

   Email: me@evertpot.com
   URI:   https://fruux.com/












Pot, et al.               Expires June 18, 2015                [Page 25]


Internet-Draft           WebDAV Resource Sharing           December 2014


   Cyrus Daboo
   Apple Inc.
   1 Infinite Loop
   Cupertino, CA  95014
   USA

   Email: cyrus@daboo.name
   URI:   http://www.apple.com/


   Eric York
   Apple Inc.
   1 Infinite Loop
   Cupertino, CA  95014
   USA

   URI:   http://www.apple.com/


































Pot, et al.               Expires June 18, 2015                [Page 26]


Html markup produced by rfcmarkup 1.129d, available from https://tools.ietf.org/tools/rfcmarkup/