Network Working Group J. Gregorio, Ed. Internet-Draft BitWorking, Inc Expires:
March 22,September 19, 2005 R. Sayre, Ed. Boswijck Memex Consulting September 21, 2004March 18, 2005 The Atom Publishing Protocol draft-ietf-atompub-protocol-02.txtdraft-ietf-atompub-protocol-03.txt Status of this Memo This document is an Internet-Draft and is subject to all provisions of Section 3 of RFC 3667. By submitting this Internet-Draft, I certifyeach author represents that any applicable patent or other IPR claims of which I amhe or she is aware have been or will be disclosed, and any of which Ihe or she become aware will be disclosed, in accordance with RFC 3668. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on March 22,September 19, 2005. Copyright Notice Copyright (C) The Internet Society (2004). All Rights Reserved.(2005). Abstract This memo presents a protocol for using XML (Extensible Markup Language) and HTTP (HyperText Transport Protocol) to edit content. The Atom Publishing Protocol is an application-level protocol for publishing and editing Web resources belonging to periodically updated websites. The protocol at its core is the HTTP transport of Atom-formatted representations. The Atom format is documented in the Atom Syndication Format (draft-ietf-atompub-format-02.txt).(draft-ietf-atompub-format-06.txt). Editorial Note To provide feedback on this Internet-Draft, join the <http://www.imc.org/atom-syntax/index.html>.atom-syntax mailing list (http://www.imc.org/atom-syntax/index.html) . Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1 Notational Conventions . . . . . . . . . . . . . . . . . . 4 1.2 Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 2. The Atom Publishing Protocol Model . . . . . . . . . . . . . 4 3. Functional Specification2.1 Atom Collections . . . . . . . . . . . . . . . . . . . 5 3.1 PostURI. . 4 2.1.1 Usage . . . . . . . . . . . . . . . . . . . . . . . . 5 3.1.1 Locating the PostURI2.1.2 Client and Server Interaction . . . . . . . . . . . . 5 3. Functional Specification . . . . . 5 3.1.2 Request. . . . . . . . . . . . . 5 3.1 Collections . . . . . . . . . . 5 3.1.3 Response. . . . . . . . . . . . . 6 3.1.1 Collection Document . . . . . . . . . . 5 3.2 EditURI. . . . . . . 6 3.1.2 Elements in a Collection Document . . . . . . . . . . 6 3.1.3 Collection Requests . . . . . . . . 7 3.2.1 Locating. . . . . . . . . 7 3.2 Introspection . . . . . . . . . . . . . . 7 3.2.2 Request. . . . . . . . 8 3.2.1 Service Document . . . . . . . . . . . . . . . 7 3.3 FeedURI. . . . 8 3.3 Entry Collection . . . . . . . . . . . . . . . . . . . . . 9 3.3.1 Locating . . . . . . . . . . . . . . . . . . . . . . . 10 3.3.2 Request .3.4 Simple Resource Collection . . . . . . . . . . . . . . . . 10 3.4.1 Locating . . . . . . 10 3.3.3 Response. . . . . . . . . . . . . . . . . 10 3.4.2 Request . . . . . . 10 3.4 ResourcePostURI. . . . . . . . . . . . . . . . . 10 3.5 Atom Request and Response Body Constraints . . . . 10 3.4.1 Locating. . . . 11 3.5.1 id . . . . . . . . . . . . . . . . . . . 10 3.4.2 Request. . . . . . . 11 3.5.2 link . . . . . . . . . . . . . . . . 11 3.4.3 Response. . . . . . . . . 11 3.5.3 title . . . . . . . . . . . . . . 11 3.5 Link Tag. . . . . . . . . . 11 3.5.4 summary . . . . . . . . . . . . . . . 12 3.5.1 rel. . . . . . . . 11 3.5.5 content . . . . . . . . . . . . . . . . . 12 3.5.2 href. . . . . . 12 3.5.6 issued . . . . . . . . . . . . . . . . . . . 12 3.5.3 title. . . . . 12 3.5.7 modified . . . . . . . . . . . . . . . . . . . 13 3.5.4 type. . . . 12 3.5.8 created . . . . . . . . . . . . . . . . . . . . . 13 3.6 Atom Request and Response Body Constraints. . 12 3.5.9 author . . . . . . 13 3.6.1 id. . . . . . . . . . . . . . . . . . 13 3.5.10 contributor . . . . . . . . 13 3.6.2 link. . . . . . . . . . . . 13 3.5.11 generator . . . . . . . . . . . . . 13 3.6.3 title. . . . . . . . 13 3.6 Securing the Atom Protocol . . . . . . . . . . . . . . . . 13 3.6.4 summary3.6.1 [@@TBD@@ CGI Authentication] . . . . . . . . . . . . . 14 4. Security Considerations . . . . . . . . . . 14 3.6.5 content. . . . . . . . 14 5. IANA Considerations . . . . . . . . . . . . . . . 14 3.6.6 issued. . . . . 14 6. Appendix A - SOAP Enabling . . . . . . . . . . . . . . . . . 15 6.1 Servers . . 14 3.6.7 modified. . . . . . . . . . . . . . . . . . . . . . . 15 3.6.8 created . . .6.2 Clients . . . . . . . . . . . . . . . . . . . . 15 3.6.9 author. . . . . 15 7. Appendix B - Examples . . . . . . . . . . . . . . . . . . . 15 3.6.10 contributor .7.1 Example for a weblog . . . . . . . . . . . . . . . . . . . 15 3.6.11 generator .7.2 Example for a wiki . . . . . . . . . . . . . . . . . . . . 15 3.7 Securing the Atom Protocol .8. Revision History . . . . . . . . . . . . . . . 16 3.7.1 [@@TBD@@ CGI Authentication]. . . . . . . 15 9. Normative References . . . . . . 16 4. Security Considerations. . . . . . . . . . . . . . . . . . 16 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . 17 6. Appendix A - SOAP Enabling . . . . . . . . . . . . . . . . . 17 6.1 Servers . . . . . . . . . . . . . . . . . . . . . . . . . 17 6.2 Clients . . . . . . . . . . . . . . . . . . . . . . . . . 17 7. Appendix B - Examples . . . . . . . . . . . . . . . . . . . 17 7.1 Example for a weblog . . . . . . . . . . . . . . . . . . . 17 7.2 Example for a wiki . . . . . . . . . . . . . . . . . . . . 18 8. Revision History .17 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 18 9. Normative References . . . . . . . . . . . . . . . . . . . . 19 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 20Intellectual Property and Copyright Statements . . . . . . . 2119 1. Introduction The Atom Publishing Protocol is an application-level protocol for publishing and editing Web resources using HTTP [RFC2616] and XML. 1.1 Notational Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 1.2 Terminology Atom Entry: An Atom Entry is a fragment of a full Atom feed. In this case, the fragment is a single 'entry' element and all its child elements. Each Atom Entry describes a single Web resource, providing metadata and optionally a textual representation of that resource. PostURI: A URI that2. The Atom Publishing Protocol Model The Atom Publishing Protocol is used to create new resources. POSTingan Atom Entry to this URI will create a new resource. EditURI: A URI that is used to edit a resource. The editing is done using the HTTP verbs GET, PUTapplication-level protocol for publishing and DELETE.editing Web resources. The representationprimary way of interaction in the resource is always that of an Atom Entry. FeedURI: The URI which identifies an Atom Feed. 2. The Atom Publishing Protocol Model TheAtom Publishing Protocol is an application-level protocol for publishing and editing Webby managing collection of resources. All collections support the same basic methods of interaction. In addition, the resources belonging to collections also share the same interaction patterns. Using the common HTTP verbs provides a pattern for working with all such Web resources: o GET is used to retrieve a representation of a resource or perform a read-only query. o PUT is used to update a known resource. o POST is used to create a new dynamically-named resource. o DELETE is used to remove a resource. There are four major classes2.1 Atom Collections An Atom collection is a set of items all of URI [RFC2396] in this specification: PostURI, ResourcePostURI, FeedURI, and EditURI. This specification definesthe expected actionssame type ("members" of the collection), where the "type" may be, for eachexample: Atom entry, category, template, "simple resource", or any other classification of web resource. Each collection has a URI which is given in the methods listed.introspection file. A GET on the collection URI MAY support methods not listed here. For example,MUST produce a collection document as defined in "3.X.1 Collection Document." That document describes PART OF the state of the collection. All the members of a collection have an EditURI could support"updated" property, and the collection is considered to be ordered by this property. A single collection document may not contain all of the members of a POST or OPTIONS method. However, what those methods docollection. If a collection document is beyondthe scoperesponse of this specification. o EditURI: PUT, GET, DELETE o PostURI: POST o FeedURI:a non-partial GET o ResourcePostURI: POST This documentrequest, and does not specifycontain all of the formmembers of a collection, then it will contain the URIs that are used. TheURI spaceof each server is controlled, as defined by HTTP, bythe server alone. What thisnext collection document does specify are the formatswhich will contain more of the files that are exchanged and the actions thatcollection members. By traversing this list of collection documents a client can be performed onobtain all of the URIs embedded in those files. 3. Functional Specification 3.1 PostURI The PostURI is used to create entries. These can be either full entries, such as a weblog post, or they can be comments, or evenmembers of a wiki page.collection. The client POSTs a filled-in Atom Entry to this URI. If the request is successful, one or more Web resources MAY'next' attribute will not be created. For example, POSTing an Atom entrypresent in the response to a PostURI may createpartial GET request. 2.1.1 Usage Below two new Web resources, an HTML representation and anusages are outlined for Atom representation. 3.1.1 Locating the PostURI The PostURI can be discovered in a link elementCollections. They are here to highlight common idioms for interacting with an @rel of 'service.post'. The link element containinga PostURI used to createCollection Resource and not a new entry MAY be discovered in three different places.normative interaction pattern. The first place it mayAtom Collection can be found is in a <link> elementused by clients in two ways. In the 'head' element of an HTML document. The second placefirst case the client has attached to a PostURI may be foundsite for the first time and is doing an atom:link elementinitial syncronization, that isis, retrieving a childlist of all the atom:feed element. The third place a PostURI may be found is in the atom:link elementmembers of an atom:entry. @@ TBD @@ - Discuss subordinate resourcesthe collections and what a PostURI means based on wherepossibly retrieving all the URI was found. <link rel="service.post" type="application/atom+xml" href="URI for Posting goes here" title="The namemembers of the site." /> 3.1.2 Requestcollection also. The request containsclient can perform a filled-in Atom entry, subject tonon-partial GET on the constraints in section Section 3.6. 3.1.3 Response The possible status codes from a POST are 201, 303, 400, 404, 409, 410collection resource and 500. 220.127.116.11 Response code 201 The Response MUST includeit will receive a Location: header withcollection document that either contains all the URImember of the created resource. The URI returned must becollection, or the EditURI ofcollection document root element 'collection' will contain a 'next' attribute pointing to the entry just created. The body ofnext collection document. By repeatedly following the response SHOULD contain'next' attribute from document to document the newly created entry. Ifclient can find all the entry is present inmembers of the response body then it MUST conform tocollection. In the same constraints listed for responses to a GET onsecond case the client has already done an EditURI. User agents MUST NOT depend oninitial sync, and now needs to re-sync, because the server returningclient was just restarted, or some time has passed since a response body. If the serverre-sync, etc. The client does returna response body then the user agents MUST NOT dependpartial GET on the response body havingcollection document, supplying a content-type of 'application/atom+xml". NoteRange header that begins from the server may choose to omit the content inlast time the response, particularly if it is large. A 201 response MAY contain an ETag response header field indicatingclient sync'd to the current valuetime. The collection document returned will contain only those members of the entity tag for the requested variant just created. If the entry returned is subsequentlycollection that have changed since the user agent can update the entry by submitting it via PUT tolast time the EditURI. If an ETag was returned withclient syncronized. 2.1.2 Client and Server Interaction [[anchor5: ...]] This document does not specify the creationform of the entry then the user agent SHOULD include an If-Match: header in the request that containsURIs that ETag. 18.104.22.168 Response code 303are used. The bodyURI space of each server is controlled, as defined by HTTP, by the server alone. What this responsedocument does not containspecify are the filled-in Entry, butformats of the filled-in Entry can be found under a different URIfiles that are exchanged and the actions that can be retrieved using a GET methodperformed on that resource. The URI SHOULD be given bythe Location fieldURIs embedded in those files. 3. Functional Specification 3.1 Collections 3.1.1 Collection Document A collection document is rooted by a <collection> element. A collection element may have any number of <member> elements as children; each such element identifies a member of the response. 22.214.171.124 Response code 400 Indicates that the server believes that the data sent constitutes an invalid request. As an example, the data postedcollection. In some situations, a collection document may not be well-formed XML. The server SHOULD include an entity containing an explanationcontain every member of the error situation, and whether it is a temporarycollection itself. Whether complete or permanent condition. 126.96.36.199 Response code 409 The request containedpartial, the members in a valid Atom Entry, but it conflicts with state oncollection document MUST constitute a consecutive sequence of the server. The response SHOULDcollection's members, ordered by their "updated" properties. That is, a collection document MUST contain enough for information for the user to resolve the conflict. [[@@TBD@@ more about response body format]] 188.8.131.52 Response code 500 Indicates that the server detected an internal error ona contiguous subset of the server processing this request (such as an unhandled exception). The server SHOULD include an entity containing an explanationmembers of the error situation, and whether it iscollection ordered by their 'updated' property. 3.1.2 Elements in a temporaryCollection Document A collection document MAY contain zero or permanent condition. 3.2 EditURI An EditURI is used to edit a single entry.more 'member' elements. Each entry that is editable'member' element MUST have a unique URI. This URI supports both GET and PUT and they are used in tandem forinclude an editing cycle. The client GETs'href' attribute identifying a URL of the representation whichmember resource. The 'href' URI of a member resource is formatted asan Atom entry. The client may then update"EditURI" under the entryterms of section 2, and then PUT it backMUST respond to the same URI. The PUT will cause allHTTP methods as such an EditURI. Each 'member' element MAY include an "hrefreadonly" attribute. This optional attribute identifies a URI which, on a GET request, responds equivalently to how the related resources"href" URI would respond to be updated, for example,the HTML representation. Notesame request. Clients SHOULD NOT apply to this URI any HTTP methods that would be expected to modify the valuestate of the content element inresource (e.g. PUT, POST or DELETE). A PUT or POST request to this URI MAY NOT affect the Atom entry doesunderlying resource. If the "hrefreadonly" attribute is not havegiven, its value defaults to exactly matchthe content element for"href" value. If the same entry when it"hrefreadonly" attribute is present, and its value is represented inan Atom feed. For example,empty string, then there is no URI that can be treated in the way such a server may allowvalue would be treated. Clients SHOULD use the client"href" value to post entries whose content is formatted as WikiML, yetmanipulate the server may clean up such markup and transform it into well-formed XHTML before placing itresource within the context of the APP itself. Clients SHOULD prefer the "hrefreadonly" value in any other context. For example, if the publicly available Atom feed. Another scenario is summaries--the EditURIresource is for editing the full content ofan entry, butimage, a client may replace the serverimage data using a PUT on the "href" value, and may only present excerptseven display a preview of the image by fetching the "href" URI. But when it produces an Atom feed. A client will sendcreating a DELETEpublic, read-only reference to the EditURI to deletesame image resource, the client should use the "hrefreadonly" value. If the "hrefreadonly" value is an entry. 3.2.1 Locating For editing a site Entry,empty string, the link tagclient SHOULD NOT make public reference to the "href" value. Each 'member' element MUST include a 'title' attribute, whose value is used. Note thata link taghuman-readable name or description for the item. The values of 'title' attributes are not required to be unique across all members of a collection. Each 'member' element MUST include an 'updated' attribute, whose value is used in both HTML and inthe Atom format. A link tag'updated' property of the followingcollection member whose format pointsMUST conform to the EditURI for a site. In HTML, the link tags for editing are always found in the head element, while in Atom they may appear as children of the entry elements. <link rel="service.edit" type="application/atom+xml" href="URI for Editing goes here" title="Readable desc of the entry." /> Note: The critical characteristic of this link tag is the @rel of 'service.edit' and the @type of 'application/atom+xml'. 3.2.2 Request A PUT request, and a GET response both contain a filled-in Atom entry, subject to the constraints in section Section 3.6. The expected status codes from a GET are 200, 301, 307, and 500. 400, 404, and 410 are also possible. The expected status codes from a PUT are 2xx, 301, 307, 500 and 501. 400, 404, 409, and 410 are also possible. 184.108.40.206 Successful Requests Servers MUST indicate successful GET requests with a 200 response. Servers MUST indicate successful PUT requests with a 2xx response. Servers MAY include additional information in the PUT response. Clients SHOULD NOT expect any additional information in a PUT response. 220.127.116.11 Response code 301 The entry has moved permanently, the new URI is given in the Location header. The client SHOULD retry the GET using the URI returned in the Location header. When a PUT operation is attempted the user agent should prompt the user before attempting the PUT on the URI returned in the Location header. 18.104.22.168 Response code 307 The entry has moved temporarily, the new URI is given in the Location header. The client SHOULD retry the GET using the URI returned in the Location header. When a PUT operation is attempted the user agent should prompt the user before attempting the PUT on the URI returned in the Location header. 22.214.171.124 Response code 401 Indicates that the server believes that the data sent constitutes an invalid request. As an example, the data posted may not be well-formed XML. The server SHOULD include an entity containing an explanation of the error situation, and whether it is a temporary or permanent condition. 126.96.36.199 Response code 409 The request contained a valid Atom Entry, but it conflicts with the state of the resource, or other state on the server. For example, a server could signal that the client has erred in this manner if it receives a request containing an atom:id element whose value differs from that of the resource found at the requested URI. The response SHOULD contain enough for information for the user to resolve the conflict. [[@@TBD@@ more about response body format ]] 188.8.131.52 Response code 410 Indicates that the requested resource is gone permanently. The client SHOULD NOT repeat the request. 184.108.40.206 Response code 500 Indicates that the server detected an internal error on the server processing this request (such as an unhandled exception). The server SHOULD include an entity containing an explanation of the error situation, and whether it is a temporary or permanent condition. 3.3 FeedURI The FeedURI is used to retrieve a representation in Atom format. Note that this feed is different from a typical Atom feed in that it contains "link" elements for navigating and manipulating the content of the site. For example there should be a "link" element with rel="next" whose URI points to the next block of entries on the site. Similarly, the feed element can contain a "link" element with rel="service.post", the URI of which is a PostURI. Individual entries should contain "link" elements with rel="service.edit" whose URIs are EditURIs. This document only uses some of the methods available for each type of URI. For example, the only method described by this document for the FeedURI is GET. Any other method may be supported by the URI types described, but defining their behavior is beyond the scope of this document. In this light you may notice that the PostURI only supports the POST method. It is possible, and allowable, that for some implementations the PostURI and the FeedURI are the same URI. @@ Editor's Note: @@ Notedate-time BNF rule in [RFC3339]. 3.1.3 Collection Requests 220.127.116.11 Range: Header HTTP/1.1 allows a client to request that only part (a range of) the "service.feed" takes the place of the Introspection File andcollection to be included within the Search facetresponse. HTTP/1.1 uses range units in previous versions ofthe specification. That is, facet discovery, which was previously done by inspectingRange header field. A collection can be broken down into subranges according to the Introspection filemembers 'updated' property. If a Range: header is now done by looking for "link" tags with an attribute "rel" set to "service.[something]"present in the "service.feed" file. Atrequest, its value explictly identifies the samea time interval interval in which all the same representation replaces the search facet by having "link" tags that pointmembers 'updated' property must fall to other feeds using well-known 'rel' attribute values such as 'next' and 'prev', or the search can branchbe included in multiple directions by specifying multiple link tags with rel="service.feed" and having differing title attributes that announcethe kind of search results in that feed. 3.3.1 Locating A link tagresponse. Range = "Range" ":" ranges-specifier The value of the following format points to the FeedURI. <link rel="service.feed" type="application/atom+xml" href="URI goes here" title="The nameRange: header should be a pair of ISO 8601 dates, separated by a slash character; either date may be optionally omitted, in which case the site." /> 3.3.2 Request The requestrange is a simple GET. No other verbs are currently specified for this URI. 3.3.3 Responseunderstood as stretching to infinity on that end. ranges-specifier = updated-ranges-specifier updated-ranges-specifier = updated-unit "=" updated-range updated-unit = "updated" updated-range = [iso-date] "/" [iso-date] The expected status codes fromresponse to a GET are 200, 301, 307, and 500. 401, 404, and 410 are also possible. 18.104.22.168 Response code 301 The Feed has moved permanently,collection request MUST be a collection document, all of whose 'member' elements fall within the new URI is givenrequested range. If no members fall in the Location header.requested range, the server MUST respond with a collection document containing no 'member' elements. 22.214.171.124 Accept-Ranges: Header The client SHOULD doresponse to a non-partial GET on the URI returned in the Location header. 126.96.36.199 Response code 307 The Feed has moved temporarily,request MUST include an Accept-Ranges header that indicates that the new URI is given inserver accepts 'updated' range requests. Accept-Ranges = "Accept-Ranges" ":" acceptable-ranges acceptable-ranges = updated-unit ( 1#range-unit ) 3.2 Introspection There are many different kinds of resources that can be managed through the Location header.APP, for example, entries, templates, users, etc. The client SHOULD doService Document is a GET onsingle document that lists all the URI returned infacets of the Location header. 3.4 ResourcePostURI The ResourcePostURI is used to create new non-entry resources. The client POSTsAPP that a resourcesite supports and also contains the URIs of all those resources. 3.2.1 Service Document The Service Document lists the desired MIME type directlyresources that each site makes available. The Service Resource returns an Service Document in response to this URI. 3.4.1 Locating For creatinga new non-entry resource,GET request. Here is an example of an Service Document. <?xml version="1.0" encoding='utf-8'?> <service version="0.3" xmlns="http://purl.org/atom/ns#"> <workspace title="Main Site" > <collection rel="entries" name="Entries" href="http://example.org/reilly/feed" /> <collection rel="categories" name="Categories" href="http://example.org/reilly/cat" /> <collection rel="templates" name="Templates" href="http://example.org/reilly/tmpl" /> <collection rel="users" name="Users" href="http://example.org/reilly/users" /> <collection rel="resource" name="Pictures" href="http://example.org/reilly/pic" /> </workspace> <workspace title="b-links"> <collection rel="entries" name="Entries" href="http://example.org/reilly/feed" /> <collection rel="http://example.net/booklist" name="Books" href="http://example.org/reilly/books" /> </workspace> </service> o entries o resource o categories o templates o users The default for the link tagrel attribute is used. Note that a link tag'resource'. Extensibility for 'rel' values is used in both HTML andhandled in the Atom format. A link tagsame manner as PaceFieldingLinks. Each 'collection' element in 'workspace' represents a single facet of the following format pointsAPP. While a site must fully support each facet they list in their Service Document, a site does not need to support all the ResourcePostURIfacets in this RFC. Additionally, new facets may be added either through vendor extension or follow-on RFCs. 188.8.131.52 Service Documet Elements The "service" element is the document element of a Service Document, acting as a container for service data associated with possibly multiple workspaces. Its only child elements MUST be one or more 'workspace' elements. The 'service' element MUST have a site. In HTMLsingle attribute 'version' whose content indicates the link tags are always found inversion of the head element, while inAtom they may appear as childrenspecification that the document conforms to. The content of this attribute is unstructured text. The version identifier for this specification is "1.0". The 'workspace' element element contains information elements about the Feed and entry elements. <link rel="resource.post" href="URIcollections of resources available for Resource Posting goes here" title="The nameediting. The only children of the site."> 3.4.2 Request'workspace' MUST be one or more "collection" elements. The request contains'workspace' element MUST have a resource, sent throughsingle attribute 'title' whose content MUST NOT be empty and which is a standard HTTP POST, e.g.: POST /_do/exampleblog/post_resource HTTP/1.1 Host: www.example.com Content-Type: image/jpeg Content-Length: nnn ...raw bytes of image go here... 3.4.3 Responsehuman-readable name for the workspace. The expected status codes from a POST'collection' element describes various typed groups of resources available for editing or adding to. 3.3 Entry Collection Entries are 201, 303, 400, 415,managed through collections and 500. 401, 404, 409,as such entry collection and 410entries that are also possible. 184.108.40.206 Response code 201 The response MUST includemembers of a Location: header withcollection must support all the operations enumerated above. An Edit Resource is used to edit a single entry. Each entry that is editable MUST have a unique URI. This URI ofsupports both GET and PUT and they are used in tandem for an editing cycle. The client GETs the created resource, i.e.representation which is formatted as an Atom entry. The client may then update the URI usedentry and then PUT it back to retrievethe resource representation in a subsequent HTTP GET.same URI. The server SHOULD omitPUT will cause all the contentrelated resources to be updated, for example, the HTML representation. Note that the value of the resourcecontent element in the response, since it would be redundant to return itAtom entry does not have to exactly match the client. 220.127.116.11 Response code 303 Similar to 201 but no cachingcontent element for the same entry when it is allowed. The response MUST includerepresented in an Atom feed. For example, a Location: header. 18.104.22.168 Response code 400 Indicates that theserver believes thatmay allow the data sent constitutes an invalid request. The server SHOULD include an entity containing an explanation ofclient to post entries whose content is formatted as WikiML, yet the error situation,server may clean up such markup and whethertransform it into well-formed XHTML before placing it is a temporary or permanent condition. 22.214.171.124 Response code 415 The MIME type ofin the request entitypublicly available Atom feed. Another scenario is summaries--the EditURI is not supported by the server for this resource. The response SHOULD contain enough for informationfor editing the user to resolve the conflict. [[@@TBD@@ more about response body format ]] 126.96.36.199 Response code 500 Indicates that the server detectedfull content of an internal error onentry, but the server processing this request (such asmay only present excerpts when it produces an unhandled exception).Atom feed. A short description of the errorclient will appear onsend a DELETE to the status line itself. A longer description will appear inEditURI to delete an entry. 3.3.1 Locating For editing a site Entry, the body. 3.5 Link Tag Thelink tag is used. Note that a link tag is used in both HTML and Atom formats. There are slight differences between the two usages. Here are the commonalities, differences, and a list of well-known values for the rel attribute. <http://www.w3.org/TR/html4/struct/links.html#edef-LINK> appearsin the 'head' of the document. The 'head' section only allows a linear list of 'link' tags. TheAtom format allows 'link' tags as children of both the 'feed' element and of the 'entry' element. Note that this gives the information present in theformat. A link tag more context. For example ... @@ TBD @@ 3.5.1 rel This attribute describes the relationship fromof the current document, be it HTML or Atom,following format points to the anchor specified by the href attribute. The value of this attribute isEditURI for a space-separated list ofsite. In HTML, the link types. Note that these valuestags for editing are case insensitive. When usedalways found in concert with type="application/atom+xml",the relationshead element, while in Atom they may be interpretedappear as follows. alternate: The URI in the href attribute points to an alternate representationchildren of the containing resource. start: The Atom feed at the URI supplied in the href attribute contains the first feed in a linear sequenceentry elements. <link rel="service.edit" type="application/atom+xml" href="URI for Editing goes here" title="Readable desc of entries. next: The Atom feed at the URI supplied inthe href attribute containsentry." /> Note: The critical characteristic of this link tag is the next N entries in a linear sequence@rel of entries. prev: The Atom feed at'service.edit' and the URI supplied in@type of 'application/atom+xml'. 3.4 Simple Resource Collection Simple Resources are managed through collections and as such simple reource collections and simple resources that are members of the href attribute containscollection must support all the previous N entries inoperations enumerated above. Simple Resources can be images, templates, and any other non-entry resources. 3.4.1 Locating For creating a linear sequence of entries. service.edit: The URI given innew non-entry resource, the href attributelink tag is used to editused. Note that a representation of the referred resource. service.post: The URI in the href attributelink tag is used to create new resources. service.feed: The URI givenin the href attribute is a starting point for navigating contentboth HTML and services. 3.5.2 href URI ofin the resource being described by thisAtom format. A link element. 3.5.3 title Offers advisory information abouttag of the link. Renderedfollowing format points to the user to help them choose amongResourcePostURI for a set of links with the same rel and type attributes. 3.5.4 type The content type of the resource available atsite. In HTML the URI givenlink tags are always found in the href attributehead element, while in Atom they may appear as children of the link element. MostFeed and entry elements. <link rel="resource.post" href="URI for Resource Posting goes here" title="The name of the link types in this specification are on type 'application/atom+xml'. 3.6site."> 3.4.2 Request The request contains a resource, sent through a standard HTTP POST, e.g.: POST /_do/exampleblog/post_resource HTTP/1.1 Host: www.example.com Content-Type: image/jpeg Content-Length: nnn ...raw bytes of image go here... 3.5 Atom Request and Response Body Constraints The Atom format is used as the representation of all the resources in this specification. As it is used in differing contexts, there are different constraints of which elements may be present, and how their values should be interpreted. 188.8.131.52.1 id PostURI MUST NOT be present. FeedURI MUST be present. EditURI GET MUST be present. PUT MUST be present. 184.108.40.206.2 link PostURI MAY be present. Servers MAY use the information to determine the URI of the created resource. Relative URLs are to be interpreted relative to xml:base. FeedURI MUST be present. EditURI GET MUST be present. PUT MUST be present. 220.127.116.11.3 title PostURI MUST be present. The element may be empty, to explicitly indicate "no title". Servers SHOULD NOT try to generate a title if one is not provided. The type attribute MAY be present, and if not it defaults to "text/plain". If present, it MUST represent a MIME type that the server supports. The mode attribute MAY be present. If not present, it defaults to "xml". If present, it MUST be "xml", "base64", or "escaped". FeedURI MUST be present. EditURI GET MUST be present. PUT MUST be present. The element may be empty, to explicitly indicate "no title". Servers SHOULD NOT try to generate a title if one is not provided. 18.104.22.168.4 summary PostURI MAY be present. If not present, the server is welcome to produce its own summary. If present but empty, the server SHOULD NOT generate a summary of its own. The type attribute MAY be present. If not, it defaults to "text/plain". If present, it must represent a MIME type that the server supports. The mode attribute MAY be present and defaults to "xml". If present, it must be "xml","base64", or "escaped". FeedURI MAY be present. EditURI GET MAY be present. PUT MAY be present. The element may be empty, to explicitly indicate "no summary". Servers SHOULD NOT try to generate a title if one is not provided. 22.214.171.124.5 content PostURI MAY be present but may be empty, to explicitly indicate "no content". The type attribute MAY be present, but defaults to "text/plain" if not present. It must represent a MIME type that the server supports. The MODE attribute may be present and defaults to "xml" if not present. It must be "xml","base64", or "escaped". FeedURI MAY be present. EditURI GET MAY be present. PUT MAY be present. The element may be empty, to explicitly indicate "no content". 126.96.36.199.6 issued PostURI MUST be present, but may be empty, in which case it signifies "now" in the time zone of the server. FeedURI MUST be present. EditURI GET MUST be present. PUT MUST be present. Server policy determines if an updated time is accepted. 188.8.131.52.7 modified PostURI MUST NOT be present. FeedURI MAY be present. EditURI GET MAY be present. PUT MAY be present. The element may be empty, to explicitly indicate that 'now' on the server time is to be used. 184.108.40.206.8 created PostURI MAY be present. FeedURI MAY be present. EditURI GET MAY be present. PUT MAY be present. The server may or may not accept an updated value. If the server does not allow updating the issued time then any PUT request with a different issued value MUST be rejected. 220.127.116.11.9 author PostURI MAY be present. If not present, the server determines the author. If present, and conflicting with valid values as determined by the server, then the server may change the value of author. FeedURI MAY be present. EditURI GET MAY be present. PUT MAY be present. 18.104.22.168.10 contributor PostURI MAY be present. FeedURI MAY be present. EditURI GET MAY be present. PUT MAY be present. 22.214.171.124.11 generator PostURI MUST be present and contain a URI. The value of the element indicates the code base used to create this request. MUST also have an attribute 'version' with a version number. FeedURI MUST NOT be present. EditURI GET MUST NOT be present. PUT MUST NOT be present. 3.73.6 Securing the Atom Protocol All instances of publishing Atom entries SHOULD be protected by authentication to prevent posting or editing by unknown sources. Atom servers and clients MUST support one of the following authentication mechanisms, and SHOULD support both. o HTTP Digest Authentication [RFC2617] o [@@TBD@@ CGI Authentication ref] Atom servers and clients MAY support encryption of the Atom session using TLS [RFC2246]. There are cases where an authentication mechanism may not be required, such as a publicly editable Wiki, or when using the PostURI to post comments to a site that does not require authentication to create comments. 126.96.36.199.1 [@@TBD@@ CGI Authentication] This authentication method is included as part of the protocol to allow Atom servers and clients that cannot use HTTP Digest Authentication but where the user can both insert its own HTTP headers and create a CGI program to authenticate entries to the server. This scenario is common in environments where the user cannot control what services the server employs, but the user can write their own HTTP services. 4. Security Considerations Because Atom is a publishing protocol, it is important that only authorized users can create and edit entries. The security of Atom is based on HTTP Digest Authentication and/or [@@TBD@@ CGI Authentication]. Any weaknesses in either of these authentication schemes will obviously affect the security of the Atom Publishing Protocol. Both HTTP Digest Authentication and [@@TBD@@ CGI Authentication] are susceptible to dictionary-based attacks on the shared secret. If the shared secret is a password (instead of a random string with sufficient entropy), an attacker can determine the secret by exhaustively comparing the authenticating string with hashed results of the public string and dictionary entries. See RFC 2617 for more detailed description of the security properties of HTTP Digest Authentication. @@TBD@@ Talk here about using HTTP basic and digest authentication. @@TBD@@ Talk here about denial of service attacks using large XML files, or the billion laughs DTD attack. 5. IANA Considerations This document has no actions for IANA. 6. Appendix A - SOAP Enabling All servers SHOULD support the following alternate interface mechanisms to enable a wider variety of clients to interact with Atom Publishing Protocol servers. The following requirements are in addition to the ones listed in the Functional Specification Section. If a server supports SOAP Enabling then it MUST support all of the following. 6.1 Servers 1. All servers MUST support the limited use of the SOAPAction HTTP Header as described below in the Client section. 2. All servers MUST be able to process well formed XML. Servers need not be able to handle processing instructions or DTDs. 3. Servers MUST accept content in a SOAP Envelope, and if they receive a request that is wrapped in a SOAP Envelope then they MUST wrap their responses in SOAP envelopes or produce a SOAP Fault. 6.2 Clients 1. Clients SHOULD use the appropriate HTTP Method when possible. When not possible, they should use POST and include a SOAPAction HTTP header which is constrained as follows: 2. SOAPAction: "http://schemas.xmlsoap.org/wsdl/http/[METHOD]" 3. Where [METHOD] is replaced by the desired HTTP Method. 4. Clients MAY wrap their XML payload in a SOAP Envelope. If so, they must also wrap it in an element which exactly matches the HTTP Method. 7. Appendix B - Examples 7.1 Example for a weblog Fill this in with an example for how all the above is used for a weblog. Start with main HTML page, link tag of type service.feed to the 'introspection' file. 1. Creating a new entry 2. Finding an old entry 3. editing an old entry 4. commenting on a entry (via HTML and Atom) 7.2 Example for a wiki Fill this in like above but for a wiki. 8. Revision History draft-ietf-atompub-protocol-03 - Incorporates PaceSliceAndDice3 and PaceIntrospection. draft-ietf-atompub-protocol-02 - Incorporates Pace409Response, PacePostLocationMust, and PaceSimpleResourcePosting. draft-ietf-atompub-protocol-01 - Added in sections on Responses for the EditURI. Allow 2xx for response to EditURI PUTs. Elided all mentions of WSSE. Started adding in some normative references. Added the section "Securing the Atom Protocol". Clarified that it is possible that the PostURI and FeedURI could be the same URI. Cleaned up descriptions for Response codes 400 and 500. Rev draft-ietf-atompub-protocol-00 - 5Jul2004 - Renamed the file and re-titled the document to conform to IETF submission guidelines. Changed MIME type to match the one selected for the Atom format. Numerous typographical fixes. We used to have two 'Introduction' sections. One of them was moved into the Abstract the other absorbed the Scope section. IPR and copyright notifications were added. Rev 09 - 10Dec2003 - Added the section on SOAP enabled clients and servers. Rev 08 - 01Dec2003 - Refactored the specification, merging the Introspection file into the feed format. Also dropped the distinction between the type of URI used to create new entries and the kind used to create comments. Dropped user preferences. Rev 07 - 06Aug2003 - Removed the use of the RSD file for auto-discovery. Changed copyright until a final standards body is chosen. Changed query parameters for the search facet to all begin with atom- to avoid name collisions. Updated all the Entries to follow the 0.2 version. Changed the format of the search results and template file to a pure element based syntax. Rev 06 - 24Jul2003 - Moved to PUT for updating Entries. Changed all the mime-types to application/x.atom+xml. Added template editing. Changed 'edit-entry' to 'create-entry' in the Introspection file to more accurately reflect it's purpose. Rev 05 - 17Jul2003 - Renamed everything Echo into Atom. Added version numbers in the Revision history. Changed all the mime-types to application/atom+xml. Rev 04 - 15Jul2003 - Updated the RSD version used from 0.7 to 1.0. Change the method of deleting an Entry from POSTing <delete/> to using the HTTP DELETE verb. Also changed the query interface to GET instead of POST. Moved Introspection Discovery to be up under Introspection. Introduced the term 'facet' for the services listed in the Introspection file. Rev 03 - 10Jul2003 - Added a link to the Wiki near the front of the document. Added a section on finding an Entry. Retrieving an Entry now broken out into it's own section. Changed the HTTP status code for a successful editing of an Entry to 205. Rev 02 - 7Jul2003 - Entries are no longer returned from POSTs, instead they are retrieved via GET. Cleaned up figure titles, as they are rendered poorly in HTML. All content-types have been changed to application/atom+xml. Rev 01 - 5Jul2003 - Renamed from EchoAPI.html to follow the more commonly used format: draft-gregorio-NN.html. Renamed all references to URL to URI. Broke out introspection into it's own section. Added the Revision History section. Added more to the warning that the example URIs are not normative. 99. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2246] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC 2246, January 1999. [RFC2396] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform Resource Identifiers (URI): Generic Syntax", RFC 2396, August 1998. [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A. and L. Stewart, "HTTP Authentication: Basic and Digest Access Authentication", RFC 2617, June 1999.  <http://www.imc.org/atom-syntax/index.html> Authors' Addresses Joe Gregorio (editor) BitWorking, Inc 1002 Heathwood Dairy Rd. Apex, NC 27502 US Phone: +1 919 272 3764 EMail:Email: email@example.com URI: http://bitworking.com/ Robert Sayre (editor) Boswijck Memex Consulting 148 N 9th St. 4R Brooklyn, NY 11211 US EMail:Email: firstname.lastname@example.org URI: http://boswijck.com Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at email@example.com. The IETF has been notified of intellectual property rights claimed in regard to some or all of the specification contained in this document. For more information consult the online list of claimed rights. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2004).(2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society.