Network Working Group                                   J. Gregorio, Ed.
Internet-Draft                                           BitWorking, Inc
Expires: March 22, September 19, 2005                                R. Sayre, Ed.
                                               Boswijck Memex Consulting
                                                      September 21, 2004
                                                          March 18, 2005

                      The Atom Publishing Protocol
                   draft-ietf-atompub-protocol-02.txt
                   draft-ietf-atompub-protocol-03.txt

Status of this Memo

   This document is an Internet-Draft and is subject to all provisions
   of Section 3 of RFC 3667.  By submitting this Internet-Draft, I certify each
   author represents that any applicable patent or other IPR claims of
   which I am he or she is aware have been or will be disclosed, and any of
   which I he or she become aware will be disclosed, in accordance with
   RFC 3668.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as
   Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on March 22, September 19, 2005.

Copyright Notice

   Copyright (C) The Internet Society (2004).  All Rights Reserved. (2005).

Abstract

   This memo presents a protocol for using XML (Extensible Markup
   Language) and HTTP (HyperText Transport Protocol) to edit content.

   The Atom Publishing Protocol is an application-level protocol for
   publishing and editing Web resources belonging to periodically
   updated websites.  The protocol at its core is the HTTP transport of
   Atom-formatted representations.  The Atom format is documented in the
   Atom Syndication Format (draft-ietf-atompub-format-02.txt). (draft-ietf-atompub-format-06.txt).

Editorial Note

   To provide feedback on this Internet-Draft, join the
   <http://www.imc.org/atom-syntax/index.html>. atom-syntax
   mailing list (http://www.imc.org/atom-syntax/index.html) [1].

Table of Contents

   1.   Introduction . . . . . . . . . . . . . . . . . . . . . . . .   4
     1.1  Notational Conventions . . . . . . . . . . . . . . . . . .   4
     1.2  Terminology  . . . . . . . . . . . . . . . . . . . . . . .   4
   2.   The Atom Publishing Protocol Model . . . . . . . . . . . . .   4
   3.   Functional Specification
     2.1  Atom Collections . . . . . . . . . . . . . . . . . . .   5
     3.1  PostURI . .   4
       2.1.1  Usage  . . . . . . . . . . . . . . . . . . . . . . . .   5
       3.1.1  Locating the PostURI
       2.1.2  Client and Server Interaction  . . . . . . . . . . . .   5
   3.   Functional Specification . . . . .   5
       3.1.2  Request . . . . . . . . . . . . .   5
     3.1  Collections  . . . . . . . . . .   5
       3.1.3  Response . . . . . . . . . . . . .   6
       3.1.1  Collection Document  . . . . . . . . . .   5
     3.2  EditURI . . . . . . .   6
       3.1.2  Elements in a Collection Document  . . . . . . . . . .   6
       3.1.3  Collection Requests  . . . . . . . .   7
       3.2.1  Locating . . . . . . . . .   7
     3.2  Introspection  . . . . . . . . . . . . . .   7
       3.2.2  Request . . . . . . . .   8
       3.2.1  Service Document . . . . . . . . . . . . . . .   7
     3.3  FeedURI . . . .   8
     3.3  Entry Collection . . . . . . . . . . . . . . . . . . . . .   9
       3.3.1  Locating . . . . . . . . . . . . . . . . . . . . . . .  10
       3.3.2  Request  .
     3.4  Simple Resource Collection . . . . . . . . . . . . . . . .  10
       3.4.1  Locating . . . . . .  10
       3.3.3  Response . . . . . . . . . . . . . . . . .  10
       3.4.2  Request  . . . . . .  10
     3.4  ResourcePostURI . . . . . . . . . . . . . . . . .  10
     3.5  Atom Request and Response Body Constraints . . . .  10
       3.4.1  Locating . . . .  11
       3.5.1  id . . . . . . . . . . . . . . . . . . .  10
       3.4.2  Request . . . . . . .  11
       3.5.2  link . . . . . . . . . . . . . . . .  11
       3.4.3  Response . . . . . . . . .  11
       3.5.3  title  . . . . . . . . . . . . . .  11
     3.5  Link Tag . . . . . . . . . .  11
       3.5.4  summary  . . . . . . . . . . . . . . .  12
       3.5.1  rel . . . . . . . .  11
       3.5.5  content  . . . . . . . . . . . . . . . . .  12
       3.5.2  href . . . . . .  12
       3.5.6  issued . . . . . . . . . . . . . . . . . . .  12
       3.5.3  title . . . . .  12
       3.5.7  modified . . . . . . . . . . . . . . . . . . .  13
       3.5.4  type . . . .  12
       3.5.8  created  . . . . . . . . . . . . . . . . . . . . .  13
     3.6  Atom Request and Response Body Constraints . .  12
       3.5.9  author . . . . . .  13
       3.6.1  id . . . . . . . . . . . . . . . . . .  13
       3.5.10   contributor  . . . . . . . .  13
       3.6.2  link . . . . . . . . . . . .  13
       3.5.11   generator  . . . . . . . . . . . . .  13
       3.6.3  title . . . . . . . .  13
     3.6  Securing the Atom Protocol . . . . . . . . . . . . . . . .  13
       3.6.4  summary
       3.6.1  [@@TBD@@ CGI Authentication] . . . . . . . . . . . . .  14
   4.   Security Considerations  . . . . . . . . . .  14
       3.6.5  content . . . . . . . .  14
   5.   IANA Considerations  . . . . . . . . . . . . . . .  14
       3.6.6  issued . . . . .  14
   6.   Appendix A - SOAP Enabling . . . . . . . . . . . . . . . . .  15
     6.1  Servers  . .  14
       3.6.7  modified . . . . . . . . . . . . . . . . . . . . . . .  15
       3.6.8  created  . . .
     6.2  Clients  . . . . . . . . . . . . . . . . . . . .  15
       3.6.9  author . . . . .  15
   7.   Appendix B - Examples  . . . . . . . . . . . . . . . . . . .  15
       3.6.10   contributor  .
     7.1  Example for a weblog . . . . . . . . . . . . . . . . . . .  15
       3.6.11   generator  .
     7.2  Example for a wiki . . . . . . . . . . . . . . . . . . . .  15
     3.7  Securing the Atom Protocol .
   8.   Revision History . . . . . . . . . . . . . . .  16
       3.7.1  [@@TBD@@ CGI Authentication] . . . . . . .  15
   9.   Normative References . . . . . .  16
   4.   Security Considerations . . . . . . . . . . . . . . . . . .  16
   5.   IANA Considerations  . . . . . . . . . . . . . . . . . . . .  17
   6.   Appendix A - SOAP Enabling . . . . . . . . . . . . . . . . .  17
     6.1  Servers  . . . . . . . . . . . . . . . . . . . . . . . . .  17
     6.2  Clients  . . . . . . . . . . . . . . . . . . . . . . . . .  17
   7.   Appendix B - Examples  . . . . . . . . . . . . . . . . . . .  17
     7.1  Example for a weblog . . . . . . . . . . . . . . . . . . .  17
     7.2  Example for a wiki . . . . . . . . . . . . . . . . . . . .  18
   8.   Revision History .  17
        Authors' Addresses . . . . . . . . . . . . . . . . . . . . .  18
   9.   Normative References . . . . . . . . . . . . . . . . . . . .  19
        Authors' Addresses . . . . . . . . . . . . . . . . . . . . .  20
        Intellectual Property and Copyright Statements . . . . . . .  21  19

1.  Introduction

   The Atom Publishing Protocol is an application-level protocol for
   publishing and editing Web resources using HTTP [RFC2616] and XML.

1.1  Notational Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

1.2  Terminology

   Atom Entry: An Atom Entry is a fragment of a full Atom feed.  In this
      case, the fragment is a single 'entry' element and all its child
      elements.  Each Atom Entry describes a single Web resource,
      providing metadata and optionally a textual representation of that
      resource.
   PostURI: A URI that

2.  The Atom Publishing Protocol Model

   The Atom Publishing Protocol is used to create new resources.  POSTing an Atom
      Entry to this URI will create a new resource.
   EditURI: A URI that is used to edit a resource.  The editing is done
      using the HTTP verbs GET, PUT application-level protocol for
   publishing and DELETE. editing Web resources.  The representation primary way of interaction
   in the resource is always that of an Atom Entry.
   FeedURI: The URI which identifies an Atom Feed.

2.  The Atom Publishing Protocol Model

   The Atom Publishing Protocol is an application-level protocol for
   publishing and editing Web by managing collection of
   resources.  All collections support the same basic methods of
   interaction.  In addition, the resources belonging to collections
   also share the same interaction patterns.  Using the common HTTP
   verbs provides a pattern for working with all such Web resources:
   o  GET is used to retrieve a representation of a resource or perform
      a read-only query.
   o  PUT is used to update a known resource.
   o  POST is used to create a new dynamically-named resource.
   o  DELETE is used to remove a resource.

   There are four major classes

2.1  Atom Collections

   An Atom collection is a set of items all of URI [RFC2396] in this specification:
   PostURI, ResourcePostURI, FeedURI, and EditURI.  This specification
   defines the expected actions same type ("members"
   of the collection), where the "type" may be, for each example: Atom entry,
   category, template, "simple resource", or any other classification of
   web resource.

   Each collection has a URI which is given in the methods listed. introspection file.
   A GET on the collection URI
   MAY support methods not listed here.  For example, MUST produce a collection document as
   defined in "3.X.1 Collection Document." That document describes PART
   OF the state of the collection.

   All the members of a collection have an EditURI could
   support "updated" property, and the
   collection is considered to be ordered by this property.  A single
   collection document may not contain all of the members of a POST or OPTIONS method.  However, what those methods do
   collection.  If a collection document is
   beyond the scope response of this specification.
   o  EditURI: PUT, GET, DELETE
   o  PostURI: POST
   o  FeedURI: a
   non-partial GET
   o  ResourcePostURI: POST

   This document request, and does not specify contain all of the form members of a
   collection, then it will contain the URIs that are used.

   The URI space of each server is controlled, as defined by HTTP, by the server alone.  What this next collection
   document does specify are the formats which will contain more of the files that are exchanged and the actions that collection members.  By
   traversing this list of collection documents a client can be performed on obtain all
   of the URIs embedded in those files.

3.  Functional Specification

3.1  PostURI

   The PostURI is used to create entries.  These can be either full
   entries, such as a weblog post, or they can be comments, or even members of a
   wiki page. collection.  The client POSTs a filled-in Atom Entry to this URI.  If
   the request is successful, one or more Web resources MAY 'next' attribute will not be created.
   For example, POSTing an Atom entry
   present in the response to a PostURI may create partial GET request.

2.1.1  Usage

   Below two new
   Web resources, an HTML representation and an usages are outlined for Atom representation.

3.1.1  Locating the PostURI

   The PostURI can be discovered in a link element Collections.  They are here to
   highlight common idioms for interacting with an @rel of
   'service.post'.  The link element containing a PostURI used to create Collection Resource
   and not a new entry MAY be discovered in three different places. normative interaction pattern.

   The first
   place it may Atom Collection can be found is in a <link> element used by clients in two ways.  In the 'head' element of
   an HTML document.

   The second place first
   case the client has attached to a PostURI may be found site for the first time and is
   doing an atom:link element initial syncronization, that is is, retrieving a child list of all
   the atom:feed element.  The third place a PostURI may be
   found is in the atom:link element members of an atom:entry.

   @@ TBD @@ - Discuss subordinate resources the collections and what a PostURI means
   based on where possibly retrieving all the URI was found.

   <link rel="service.post"
         type="application/atom+xml"
         href="URI for Posting goes here"
         title="The name
   members of the site." />

3.1.2  Request collection also.  The request contains client can perform a filled-in Atom entry, subject to non-partial
   GET on the
   constraints in section Section 3.6.

3.1.3  Response

   The possible status codes from a POST are 201, 303, 400, 404, 409,
   410 collection resource and 500.

3.1.3.1  Response code 201

   The Response MUST include it will receive a Location: header with collection
   document that either contains all the URI member of the
   created resource.  The URI returned must be collection, or
   the EditURI of collection document root element 'collection' will contain a
   'next' attribute pointing to the entry
   just created.  The body of next collection document.  By
   repeatedly following the response SHOULD contain 'next' attribute from document to document
   the newly
   created entry.  If client can find all the entry is present in members of the response body then it
   MUST conform to collection.

   In the same constraints listed for responses to a GET on second case the client has already done an EditURI.  User agents MUST NOT depend on initial sync, and
   now needs to re-sync, because the server returning client was just restarted, or some
   time has passed since a
   response body.  If the server re-sync, etc.  The client does return a response body then the
   user agents MUST NOT depend partial GET
   on the response body having collection document, supplying a
   content-type of 'application/atom+xml".  Note Range header that begins from
   the server may
   choose to omit the content in last time the response, particularly if it is
   large.

   A 201 response MAY contain an ETag response header field indicating client sync'd to the current value time.  The collection
   document returned will contain only those members of the entity tag for the requested variant just
   created.

   If the entry returned is subsequently collection
   that have changed since the user agent can
   update the entry by submitting it via PUT to last time the EditURI.  If an ETag
   was returned with client syncronized.

2.1.2  Client and Server Interaction

   [[anchor5: ...]]

   This document does not specify the creation form of the entry then the user agent
   SHOULD include an If-Match: header in the request that contains URIs that
   ETag.

3.1.3.2  Response code 303 are used.
   The body URI space of each server is controlled, as defined by HTTP, by
   the server alone.  What this response document does not contain specify are the filled-in Entry, but formats of
   the filled-in Entry can be found under a different URI files that are exchanged and the actions that can be
   retrieved using a GET method performed on that resource.  The URI SHOULD be
   given by
   the Location field URIs embedded in those files.

3.  Functional Specification

3.1  Collections

3.1.1  Collection Document

   A collection document is rooted by a <collection> element.  A
   collection element may have any number of <member> elements as
   children; each such element identifies a member of the response.

3.1.3.3  Response code 400

   Indicates that the server believes that the data sent constitutes an
   invalid request.  As an example, the data posted collection.
   In some situations, a collection document may not be
   well-formed XML.  The server SHOULD include an entity containing an
   explanation contain every
   member of the error situation, and whether it is a temporary collection itself.

   Whether complete or
   permanent condition.

3.1.3.4  Response code 409

   The request contained partial, the members in a valid Atom Entry, but it conflicts with state
   on collection document
   MUST constitute a consecutive sequence of the server.  The response SHOULD collection's members,
   ordered by their "updated" properties.  That is, a collection
   document MUST contain enough for information
   for the user to resolve the conflict.

   [[@@TBD@@ more about response body format]]

3.1.3.5  Response code 500

   Indicates that the server detected an internal error on a contiguous subset of the server
   processing this request (such as an unhandled exception).  The server
   SHOULD include an entity containing an explanation members of the error
   situation, and whether it is
   collection ordered by their 'updated' property.

3.1.2  Elements in a temporary Collection Document

   A collection document MAY contain zero or permanent condition.

3.2  EditURI

   An EditURI is used to edit a single entry. more 'member' elements.

   Each entry that is
   editable 'member' element MUST have a unique URI.  This URI supports both GET and PUT
   and they are used in tandem for include an editing cycle.  The client GETs 'href' attribute identifying a
   URL of the representation which member resource.  The 'href' URI of a member resource is formatted as
   an Atom entry.  The client
   may then update "EditURI" under the entry terms of section 2, and then PUT it back MUST respond to the
   same URI.  The
   PUT will cause all HTTP methods as such an EditURI.

   Each 'member' element MAY include an "hrefreadonly" attribute.  This
   optional attribute identifies a URI which, on a GET request, responds
   equivalently to how the related resources "href" URI would respond to be updated, for example, the HTML representation.

   Note same request.
   Clients SHOULD NOT apply to this URI any HTTP methods that would be
   expected to modify the value state of the content element in resource (e.g.  PUT, POST or
   DELETE).  A PUT or POST request to this URI MAY NOT affect the Atom entry does
   underlying resource.  If the "hrefreadonly" attribute is not
   have given,
   its value defaults to exactly match the content element for "href" value.  If the same entry when it "hrefreadonly"
   attribute is present, and its value is represented in an Atom feed.  For example, empty string, then there is
   no URI that can be treated in the way such a server may allow value would be treated.

   Clients SHOULD use the
   client "href" value to post entries whose content is formatted as WikiML, yet manipulate the
   server may clean up such markup and transform it into well-formed
   XHTML before placing it resource within
   the context of the APP itself.  Clients SHOULD prefer the
   "hrefreadonly" value in any other context.  For example, if the publicly available Atom feed.  Another
   scenario is summaries--the EditURI
   resource is for editing the full content of an entry, but image, a client may replace the server image data using a PUT
   on the "href" value, and may only present excerpts even display a preview of the image by
   fetching the "href" URI.  But when it produces
   an Atom feed.

   A client will send creating a DELETE public, read-only
   reference to the EditURI to delete same image resource, the client should use the
   "hrefreadonly" value.  If the "hrefreadonly" value is an entry.

3.2.1  Locating

   For editing a site Entry, empty
   string, the link tag client SHOULD NOT make public reference to the "href"
   value.

   Each 'member' element MUST include a 'title' attribute, whose value
   is used.  Note that a link tag human-readable name or description for the item.  The values of
   'title' attributes are not required to be unique across all members
   of a collection.

   Each 'member' element MUST include an 'updated' attribute, whose
   value is used in both HTML and in the Atom format.  A link tag 'updated' property of the
   following collection member whose format points
   MUST conform to the EditURI for a site.  In HTML, the link
   tags for editing are always found in the head element, while in Atom
   they may appear as children of the entry elements.

   <link rel="service.edit"
         type="application/atom+xml"
         href="URI for Editing goes here"
         title="Readable desc of the entry." />

   Note: The critical characteristic of this link tag is the @rel of
   'service.edit' and the @type of 'application/atom+xml'.

3.2.2  Request

   A PUT request, and a GET response both contain a filled-in Atom
   entry, subject to the constraints in section Section 3.6.

   The expected status codes from a GET are 200, 301, 307, and 500.
   400, 404, and 410 are also possible.

   The expected status codes from a PUT are 2xx, 301, 307, 500 and 501.
   400, 404, 409, and 410 are also possible.

3.2.2.1  Successful Requests

   Servers MUST indicate successful GET requests with a 200 response.

   Servers MUST indicate successful PUT requests with a 2xx response.
   Servers MAY include additional information in the PUT response.
   Clients SHOULD NOT expect any additional information in a PUT
   response.

3.2.2.2  Response code 301

   The entry has moved permanently, the new URI is given in the Location
   header.  The client SHOULD retry the GET using the URI returned in
   the Location header.  When a PUT operation is attempted the user
   agent should prompt the user before attempting the PUT on the URI
   returned in the Location header.

3.2.2.3  Response code 307

   The entry has moved temporarily, the new URI is given in the Location
   header.  The client SHOULD retry the GET using the URI returned in
   the Location header.  When a PUT operation is attempted the user
   agent should prompt the user before attempting the PUT on the URI
   returned in the Location header.

3.2.2.4  Response code 401

   Indicates that the server believes that the data sent constitutes an
   invalid request.  As an example, the data posted may not be
   well-formed XML.  The server SHOULD include an entity containing an
   explanation of the error situation, and whether it is a temporary or
   permanent condition.

3.2.2.5  Response code 409

   The request contained a valid Atom Entry, but it conflicts with the
   state of the resource, or other state on the server.

   For example, a server could signal that the client has erred in this
   manner if it receives a request containing an atom:id element whose
   value differs from that of the resource found at the requested URI.

   The response SHOULD contain enough for information for the user to
   resolve the conflict.

   [[@@TBD@@ more about response body format ]]

3.2.2.6  Response code 410

   Indicates that the requested resource is gone permanently.  The
   client SHOULD NOT repeat the request.

3.2.2.7  Response code 500

   Indicates that the server detected an internal error on the server
   processing this request (such as an unhandled exception).  The server
   SHOULD include an entity containing an explanation of the error
   situation, and whether it is a temporary or permanent condition.

3.3  FeedURI

   The FeedURI is used to retrieve a representation in Atom format.
   Note that this feed is different from a typical Atom feed in that it
   contains "link" elements for navigating and manipulating the content
   of the site.  For example there should be a "link" element with
   rel="next" whose URI points to the next block of entries on the site.
   Similarly, the feed element can contain a "link" element with
   rel="service.post", the URI of which is a PostURI.  Individual
   entries should contain "link" elements with rel="service.edit" whose
   URIs are EditURIs.

   This document only uses some of the methods available for each type
   of URI.  For example, the only method described by this document for
   the FeedURI is GET.  Any other method may be supported by the URI
   types described, but defining their behavior is beyond the scope of
   this document.  In this light you may notice that the PostURI only
   supports the POST method.  It is possible, and allowable, that for
   some implementations the PostURI and the FeedURI are the same URI.

   @@ Editor's Note: @@ Note date-time BNF rule in [RFC3339].

3.1.3  Collection Requests

3.1.3.1  Range: Header

   HTTP/1.1 allows a client to request that only part (a range of) the "service.feed" takes the place of
   the Introspection File and
   collection to be included within the Search facet response.  HTTP/1.1 uses range
   units in previous versions of the specification.  That is, facet discovery, which was previously
   done by inspecting Range header field.  A collection can be broken down
   into subranges according to the Introspection file members 'updated' property.  If a
   Range: header is now done by looking for
   "link" tags with an attribute "rel" set to "service.[something]" present in the "service.feed" file.  At request, its value explictly
   identifies the same a time interval interval in which all the same representation
   replaces the search facet by having "link" tags that point members
   'updated' property must fall to other
   feeds using well-known 'rel' attribute values such as 'next' and
   'prev', or the search can branch be included in multiple directions by specifying
   multiple link tags with rel="service.feed" and having differing title
   attributes that announce the kind of search results in that feed.

3.3.1  Locating

   A link tag response.

   Range = "Range" ":" ranges-specifier

   The value of the following format points to the FeedURI.

   <link rel="service.feed"
         type="application/atom+xml"
         href="URI goes here"
         title="The name Range: header should be a pair of ISO 8601 dates,
   separated by a slash character; either date may be optionally
   omitted, in which case the site." />

3.3.2  Request

   The request range is a simple GET.  No other verbs are currently specified
   for this URI.

3.3.3  Response understood as stretching to
   infinity on that end.

   ranges-specifier = updated-ranges-specifier
   updated-ranges-specifier = updated-unit "=" updated-range
   updated-unit = "updated"
   updated-range = [iso-date] "/" [iso-date]

   The expected status codes from response to a GET are 200, 301, 307, and 500.
   401, 404, and 410 are also possible.

3.3.3.1  Response code 301

   The Feed has moved permanently, collection request MUST be a collection document,
   all of whose 'member' elements fall within the new URI is given requested range.  If
   no members fall in the Location
   header. requested range, the server MUST respond with
   a collection document containing no 'member' elements.

3.1.3.2  Accept-Ranges: Header

   The client SHOULD do response to a non-partial GET on the URI returned in the
   Location header.

3.3.3.2  Response code 307

   The Feed has moved temporarily, request MUST include an
   Accept-Ranges header that indicates that the new URI is given in server accepts 'updated'
   range requests.

   Accept-Ranges     = "Accept-Ranges" ":" acceptable-ranges
   acceptable-ranges = updated-unit ( 1#range-unit )

3.2  Introspection

   There are many different kinds of resources that can be managed
   through the Location
   header. APP, for example, entries, templates, users, etc.  The client SHOULD do
   Service Document is a GET on single document that lists all the URI returned in facets of
   the
   Location header.

3.4  ResourcePostURI

   The ResourcePostURI is used to create new non-entry resources.  The
   client POSTs APP that a resource site supports and also contains the URIs of all those
   resources.

3.2.1  Service Document

   The Service Document lists the desired MIME type directly resources that each site makes
   available.  The Service Resource returns an Service Document in
   response to this
   URI.

3.4.1  Locating

   For creating a new non-entry resource, GET request.  Here is an example of an Service
   Document.

   <?xml version="1.0" encoding='utf-8'?>
   <service version="0.3" xmlns="http://purl.org/atom/ns#">
     <workspace title="Main Site" >
       <collection rel="entries" name="Entries"
         href="http://example.org/reilly/feed" />
       <collection rel="categories" name="Categories"
         href="http://example.org/reilly/cat" />
       <collection rel="templates" name="Templates"
         href="http://example.org/reilly/tmpl" />
       <collection rel="users" name="Users"
         href="http://example.org/reilly/users" />
       <collection rel="resource" name="Pictures"
         href="http://example.org/reilly/pic" />
     </workspace>
     <workspace title="b-links">
       <collection rel="entries" name="Entries"
         href="http://example.org/reilly/feed" />
       <collection rel="http://example.net/booklist" name="Books"
         href="http://example.org/reilly/books" />
     </workspace>
   </service>

   o  entries
   o  resource
   o  categories
   o  templates
   o  users
   The default for the link tag rel attribute is used.  Note
   that a link tag 'resource'.  Extensibility for
   'rel' values is used in both HTML and handled in the Atom format.  A link
   tag same manner as PaceFieldingLinks.
   Each 'collection' element in 'workspace' represents a single facet of
   the following format points APP.  While a site must fully support each facet they list in
   their Service Document, a site does not need to support all the ResourcePostURI
   facets in this RFC.  Additionally, new facets may be added either
   through vendor extension or follow-on RFCs.

3.2.1.1  Service Documet Elements

   The "service" element is the document element of a Service Document,
   acting as a container for service data associated with possibly
   multiple workspaces.  Its only child elements MUST be one or more
   'workspace' elements.  The 'service' element MUST have a site.
   In HTML single
   attribute 'version' whose content indicates the link tags are always found in version of the head element, while in Atom they may appear as children
   specification that the document conforms to.  The content of this
   attribute is unstructured text.  The version identifier for this
   specification is "1.0".

   The 'workspace' element element contains information elements about
   the Feed and entry elements.

   <link rel="resource.post" href="URI collections of resources available for Resource Posting goes here"
   title="The name editing.  The only
   children of the site.">

3.4.2  Request 'workspace' MUST be one or more "collection" elements.
   The request contains 'workspace' element MUST have a resource, sent through single attribute 'title' whose
   content MUST NOT be empty and which is a standard HTTP POST,
   e.g.:

   POST /_do/exampleblog/post_resource HTTP/1.1
   Host: www.example.com
   Content-Type: image/jpeg
   Content-Length: nnn

   ...raw bytes of image go here...

3.4.3  Response human-readable name for the
   workspace.

   The expected status codes from a POST 'collection' element describes various typed groups of resources
   available for editing or adding to.

3.3  Entry Collection

   Entries are 201, 303, 400, 415, managed through collections and
   500.  401, 404, 409, as such entry collection
   and 410 entries that are also possible.

3.4.3.1  Response code 201

   The response MUST include members of a Location: header with collection must support all the
   operations enumerated above.

   An Edit Resource is used to edit a single entry.  Each entry that is
   editable MUST have a unique URI.  This URI of supports both GET and PUT
   and they are used in tandem for an editing cycle.  The client GETs
   the
   created resource, i.e. representation which is formatted as an Atom entry.  The client
   may then update the URI used entry and then PUT it back to retrieve the resource
   representation in a subsequent HTTP GET. same URI.  The server SHOULD omit
   PUT will cause all the
   content related resources to be updated, for example,
   the HTML representation.

   Note that the value of the resource content element in the response, since it would be redundant
   to return it Atom entry does not
   have to exactly match the client.

3.4.3.2  Response code 303

   Similar to 201 but no caching content element for the same entry when it
   is allowed.  The response MUST include represented in an Atom feed.  For example, a Location: header.

3.4.3.3  Response code 400

   Indicates that the server believes that may allow the data sent constitutes an
   invalid request.  The server SHOULD include an entity containing an
   explanation of
   client to post entries whose content is formatted as WikiML, yet the error situation,
   server may clean up such markup and whether transform it into well-formed
   XHTML before placing it is a temporary or
   permanent condition.

3.4.3.4  Response code 415

   The MIME type of in the request entity publicly available Atom feed.  Another
   scenario is summaries--the EditURI is not supported by the server
   for this resource.

   The response SHOULD contain enough for information for editing the user to
   resolve the conflict.

   [[@@TBD@@ more about response body format ]]

3.4.3.5  Response code 500

   Indicates that the server detected full content of
   an internal error on entry, but the server
   processing this request (such as may only present excerpts when it produces
   an unhandled exception). Atom feed.

   A short
   description of the error client will appear on send a DELETE to the status line itself.  A
   longer description will appear in EditURI to delete an entry.

3.3.1  Locating

   For editing a site Entry, the body.

3.5  Link Tag

   The link tag is used.  Note that a link tag
   is used in both HTML and Atom formats.  There are slight
   differences between the two usages.  Here are the commonalities,
   differences, and a list of well-known values for the rel attribute.

   <http://www.w3.org/TR/html4/struct/links.html#edef-LINK> appears in the 'head' of the document.  The 'head' section only allows a linear
   list of 'link' tags.  The Atom format allows 'link' tags as children
   of both the 'feed' element and of the 'entry' element.  Note that
   this gives the information present in the format.  A link tag more context.  For
   example ...  @@ TBD @@

3.5.1  rel

   This attribute describes the relationship from of the current document,
   be it HTML or Atom,
   following format points to the anchor specified by the href attribute.
   The value of this attribute is EditURI for a space-separated list of site.  In HTML, the link types.
   Note that these values
   tags for editing are case insensitive.  When used always found in concert
   with type="application/atom+xml", the relations head element, while in Atom
   they may be interpreted appear as
   follows.
   alternate: The URI in the href attribute points to an alternate
      representation children of the containing resource.
   start: The Atom feed at the URI supplied in the href attribute
      contains the first feed in a linear sequence entry elements.

   <link rel="service.edit"
   type="application/atom+xml"
   href="URI for Editing goes here"
   title="Readable desc of entries.
   next: The Atom feed at the URI supplied in the href attribute
      contains entry." />

   Note: The critical characteristic of this link tag is the next N entries in a linear sequence @rel of entries.
   prev: The Atom feed at
   'service.edit' and the URI supplied in @type of 'application/atom+xml'.

3.4  Simple Resource Collection

   Simple Resources are managed through collections and as such simple
   reource collections and simple resources that are members of the href attribute
      contains
   collection must support all the previous N entries in operations enumerated above.  Simple
   Resources can be images, templates, and any other non-entry
   resources.

3.4.1  Locating

   For creating a linear sequence of entries.
   service.edit: The URI given in new non-entry resource, the href attribute link tag is used to edit used.  Note
   that a
      representation of the referred resource.
   service.post: The URI in the href attribute link tag is used to create new
      resources.
   service.feed: The URI given in the href attribute is a starting point
      for navigating content both HTML and services.

3.5.2  href

   URI of in the resource being described by this Atom format.  A link element.

3.5.3  title

   Offers advisory information about
   tag of the link.  Rendered following format points to the user to
   help them choose among ResourcePostURI for a set of links with the same rel and type
   attributes.

3.5.4  type

   The content type of the resource available at site.
   In HTML the URI given link tags are always found in the
   href attribute head element, while in
   Atom they may appear as children of the link element.  Most Feed and entry elements.

   <link rel="resource.post" href="URI for Resource Posting goes here"
   title="The name of the link types in this
   specification are on type 'application/atom+xml'.

3.6 site.">

3.4.2  Request

   The request contains a resource, sent through a standard HTTP POST,
   e.g.:

   POST /_do/exampleblog/post_resource HTTP/1.1
   Host: www.example.com
   Content-Type: image/jpeg
   Content-Length: nnn

   ...raw bytes of image go here...

3.5  Atom Request and Response Body Constraints

   The Atom format is used as the representation of all the resources in
   this specification.  As it is used in differing contexts, there are
   different constraints of which elements may be present, and how their
   values should be interpreted.

3.6.1

3.5.1  id

   PostURI MUST NOT be present.
   FeedURI MUST be present.
   EditURI
      GET MUST be present.
      PUT MUST be present.

3.6.2

3.5.2  link

   PostURI MAY be present.  Servers MAY use the information to determine
      the URI of the created resource.  Relative URLs are to be
      interpreted relative to xml:base.
   FeedURI MUST be present.
   EditURI
      GET MUST be present.
      PUT MUST be present.

3.6.3

3.5.3  title

   PostURI MUST be present.  The element may be empty, to explicitly
      indicate "no title".  Servers SHOULD NOT try to generate a title
      if one is not provided.  The type attribute MAY be present, and if
      not it defaults to "text/plain".  If present, it MUST represent a
      MIME type that the server supports.  The mode attribute MAY be
      present.  If not present, it defaults to "xml".  If present, it
      MUST be "xml", "base64", or "escaped".
   FeedURI MUST be present.
   EditURI
      GET MUST be present.
      PUT MUST be present.  The element may be empty, to explicitly
         indicate "no title".  Servers SHOULD NOT try to generate a
         title if one is not provided.

3.6.4

3.5.4  summary

   PostURI MAY be present.  If not present, the server is welcome to
      produce its own summary.  If present but empty, the server SHOULD
      NOT generate a summary of its own.  The type attribute MAY be
      present.  If not, it defaults to "text/plain".  If present, it
      must represent a MIME type that the server supports.  The mode
      attribute MAY be present and defaults to "xml".  If present, it
      must be "xml","base64", or "escaped".
   FeedURI MAY be present.
   EditURI
      GET MAY be present.
      PUT MAY be present.  The element may be empty, to explicitly
         indicate "no summary".  Servers SHOULD NOT try to generate a
         title if one is not provided.

3.6.5

3.5.5  content

   PostURI MAY be present but may be empty, to explicitly indicate "no
      content".  The type attribute MAY be present, but defaults to
      "text/plain" if not present.  It must represent a MIME type that
      the server supports.  The MODE attribute may be present and
      defaults to "xml" if not present.  It must be "xml","base64", or
      "escaped".
   FeedURI MAY be present.
   EditURI
      GET MAY be present.
      PUT MAY be present.  The element may be empty, to explicitly
         indicate "no content".

3.6.6

3.5.6  issued

   PostURI MUST be present, but may be empty, in which case it signifies
      "now" in the time zone of the server.
   FeedURI MUST be present.
   EditURI
      GET MUST be present.
      PUT MUST be present.  Server policy determines if an updated time
         is accepted.

3.6.7

3.5.7  modified

   PostURI MUST NOT be present.
   FeedURI MAY be present.
   EditURI
      GET MAY be present.
      PUT MAY be present.  The element may be empty, to explicitly
         indicate that 'now' on the server time is to be used.

3.6.8

3.5.8  created

   PostURI MAY be present.

   FeedURI MAY be present.
   EditURI
      GET MAY be present.
      PUT MAY be present.  The server may or may not accept an updated
         value.  If the server does not allow updating the issued time
         then any PUT request with a different issued value MUST be
         rejected.

3.6.9

3.5.9  author

   PostURI MAY be present.  If not present, the server determines the
      author.  If present, and conflicting with valid values as
      determined by the server, then the server may change the value of
      author.
   FeedURI MAY be present.
   EditURI
      GET MAY be present.
      PUT MAY be present.

3.6.10

3.5.10  contributor

   PostURI MAY be present.
   FeedURI MAY be present.
   EditURI
      GET MAY be present.
      PUT MAY be present.

3.6.11

3.5.11  generator

   PostURI MUST be present and contain a URI.  The value of the element
      indicates the code base used to create this request.  MUST also
      have an attribute 'version' with a version number.
   FeedURI MUST NOT be present.
   EditURI
      GET MUST NOT be present.
      PUT MUST NOT be present.

3.7

3.6  Securing the Atom Protocol

   All instances of publishing Atom entries SHOULD be protected by
   authentication to prevent posting or editing by unknown sources.
   Atom servers and clients MUST support one of the following
   authentication mechanisms, and SHOULD support both.

   o  HTTP Digest Authentication [RFC2617]
   o  [@@TBD@@ CGI Authentication ref]

   Atom servers and clients MAY support encryption of the Atom session
   using TLS [RFC2246].

   There are cases where an authentication mechanism may not be
   required, such as a publicly editable Wiki, or when using the PostURI
   to post comments to a site that does not require authentication to
   create comments.

3.7.1

3.6.1  [@@TBD@@ CGI Authentication]

   This authentication method is included as part of the protocol to
   allow Atom servers and clients that cannot use HTTP Digest
   Authentication but where the user can both insert its own HTTP
   headers and create a CGI program to authenticate entries to the
   server.  This scenario is common in environments where the user
   cannot control what services the server employs, but the user can
   write their own HTTP services.

4.  Security Considerations

   Because Atom is a publishing protocol, it is important that only
   authorized users can create and edit entries.

   The security of Atom is based on HTTP Digest Authentication and/or
   [@@TBD@@ CGI Authentication].  Any weaknesses in either of these
   authentication schemes will obviously affect the security of the Atom
   Publishing Protocol.

   Both HTTP Digest Authentication and [@@TBD@@ CGI Authentication] are
   susceptible to dictionary-based attacks on the shared secret.  If the
   shared secret is a password (instead of a random string with
   sufficient entropy), an attacker can determine the secret by
   exhaustively comparing the authenticating string with hashed results
   of the public string and dictionary entries.

   See RFC 2617 for more detailed description of the security properties
   of HTTP Digest Authentication.

   @@TBD@@ Talk here about using HTTP basic and digest authentication.

   @@TBD@@ Talk here about denial of service attacks using large XML
   files, or the billion laughs DTD attack.

5.  IANA Considerations

   This document has no actions for IANA.

6.  Appendix A - SOAP Enabling

   All servers SHOULD support the following alternate interface
   mechanisms to enable a wider variety of clients to interact with Atom
   Publishing Protocol servers.  The following requirements are in
   addition to the ones listed in the Functional Specification Section.
   If a server supports SOAP Enabling then it MUST support all of the
   following.

6.1  Servers

   1.  All servers MUST support the limited use of the SOAPAction HTTP
       Header as described below in the Client section.
   2.  All servers MUST be able to process well formed XML.  Servers
       need not be able to handle processing instructions or DTDs.
   3.  Servers MUST accept content in a SOAP Envelope, and if they
       receive a request that is wrapped in a SOAP Envelope then they
       MUST wrap their responses in SOAP envelopes or produce a SOAP
       Fault.

6.2  Clients

   1.  Clients SHOULD use the appropriate HTTP Method when possible.
       When not possible, they should use POST and include a SOAPAction
       HTTP header which is constrained as follows:
   2.  SOAPAction: "http://schemas.xmlsoap.org/wsdl/http/[METHOD]"
   3.  Where [METHOD] is replaced by the desired HTTP Method.
   4.  Clients MAY wrap their XML payload in a SOAP Envelope.  If so,
       they must also wrap it in an element which exactly matches the
       HTTP Method.

7.  Appendix B - Examples

7.1  Example for a weblog

   Fill this in with an example for how all the above is used for a
   weblog.  Start with main HTML page, link tag of type service.feed to
   the 'introspection' file.  1.  Creating a new entry 2.  Finding an
   old entry 3.  editing an old entry 4.  commenting on a entry (via
   HTML and Atom)

7.2  Example for a wiki

   Fill this in like above but for a wiki.

8.  Revision History

   draft-ietf-atompub-protocol-03 - Incorporates PaceSliceAndDice3 and
   PaceIntrospection.

   draft-ietf-atompub-protocol-02 - Incorporates Pace409Response,
   PacePostLocationMust, and PaceSimpleResourcePosting.

   draft-ietf-atompub-protocol-01 - Added in sections on Responses for
   the EditURI.  Allow 2xx for response to EditURI PUTs.  Elided all
   mentions of WSSE.  Started adding in some normative references.
   Added the section "Securing the Atom Protocol".  Clarified that it is
   possible that the PostURI and FeedURI could be the same URI.  Cleaned
   up descriptions for Response codes 400 and 500.

   Rev draft-ietf-atompub-protocol-00 - 5Jul2004 - Renamed the file and
   re-titled the document to conform to IETF submission guidelines.
   Changed MIME type to match the one selected for the Atom format.
   Numerous typographical fixes.  We used to have two 'Introduction'
   sections.  One of them was moved into the Abstract the other absorbed
   the Scope section.  IPR and copyright notifications were added.

   Rev 09 - 10Dec2003 - Added the section on SOAP enabled clients and
   servers.

   Rev 08 - 01Dec2003 - Refactored the specification, merging the
   Introspection file into the feed format.  Also dropped the
   distinction between the type of URI used to create new entries and
   the kind used to create comments.  Dropped user preferences.

   Rev 07 - 06Aug2003 - Removed the use of the RSD file for
   auto-discovery.  Changed copyright until a final standards body is
   chosen.  Changed query parameters for the search facet to all begin
   with atom- to avoid name collisions.  Updated all the Entries to
   follow the 0.2 version.  Changed the format of the search results and
   template file to a pure element based syntax.

   Rev 06 - 24Jul2003 - Moved to PUT for updating Entries.  Changed all
   the mime-types to application/x.atom+xml.  Added template editing.
   Changed 'edit-entry' to 'create-entry' in the Introspection file to
   more accurately reflect it's purpose.

   Rev 05 - 17Jul2003 - Renamed everything Echo into Atom.  Added
   version numbers in the Revision history.  Changed all the mime-types
   to application/atom+xml.

   Rev 04 - 15Jul2003 - Updated the RSD version used from 0.7 to 1.0.
   Change the method of deleting an Entry from POSTing <delete/> to
   using the HTTP DELETE verb.  Also changed the query interface to GET
   instead of POST.  Moved Introspection Discovery to be up under
   Introspection.  Introduced the term 'facet' for the services listed
   in the Introspection file.

   Rev 03 - 10Jul2003 - Added a link to the Wiki near the front of the
   document.  Added a section on finding an Entry.  Retrieving an Entry
   now broken out into it's own section.  Changed the HTTP status code
   for a successful editing of an Entry to 205.

   Rev 02 - 7Jul2003 - Entries are no longer returned from POSTs,
   instead they are retrieved via GET.  Cleaned up figure titles, as
   they are rendered poorly in HTML.  All content-types have been
   changed to application/atom+xml.

   Rev 01 - 5Jul2003 - Renamed from EchoAPI.html to follow the more
   commonly used format: draft-gregorio-NN.html.  Renamed all references
   to URL to URI.  Broke out introspection into it's own section.  Added
   the Revision History section.  Added more to the warning that the
   example URIs are not normative.

9

9.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2246]  Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
              RFC 2246, January 1999.

   [RFC2396]  Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform
              Resource Identifiers (URI): Generic Syntax", RFC 2396,
              August 1998.

   [RFC2616]  Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
              Masinter, L., Leach, P. and T. Berners-Lee, "Hypertext
              Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

   [RFC2617]  Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
              Leach, P., Luotonen, A. and L. Stewart, "HTTP
              Authentication: Basic and Digest Access Authentication",
              RFC 2617, June 1999.

   [1]  <http://www.imc.org/atom-syntax/index.html>

Authors' Addresses

   Joe Gregorio (editor)
   BitWorking, Inc
   1002 Heathwood Dairy Rd.
   Apex, NC  27502
   US

   Phone: +1 919 272 3764
   EMail:
   Email: joe@bitworking.com
   URI:   http://bitworking.com/

   Robert Sayre (editor)
   Boswijck Memex Consulting
   148 N 9th St. 4R
   Brooklyn, NY  11211
   US

   EMail:

   Email: rfsayre@boswijck.com
   URI:   http://boswijck.com

Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.

   The IETF has been notified of intellectual property rights claimed in
   regard to some or all of the specification contained in this
   document.  For more information consult the online list of claimed
   rights.

Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Copyright Statement

   Copyright (C) The Internet Society (2004). (2005).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.

Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.