--- 1/draft-ietf-atompub-protocol-05.txt 2006-02-04 17:18:56.000000000 +0100 +++ 2/draft-ietf-atompub-protocol-06.txt 2006-02-04 17:18:56.000000000 +0100 @@ -1,19 +1,19 @@ Network Working Group J. Gregorio, Ed. Internet-Draft BitWorking, Inc -Expires: April 14, 2006 B. de hOra, Ed. +Expires: April 30, 2006 B. de hOra, Ed. Propylon Ltd. - October 11, 2005 + October 27, 2005 The Atom Publishing Protocol - draft-ietf-atompub-protocol-05.txt + draft-ietf-atompub-protocol-06.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that @@ -24,1140 +24,963 @@ and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on April 14, 2006. + This Internet-Draft will expire on April 30, 2006. Copyright Notice Copyright (C) The Internet Society (2005). Abstract - This memo presents a protocol for using XML (Extensible Markup - Language) and HTTP (HyperText Transport Protocol) to edit content. - The Atom Publishing Protocol (APP) is an application-level protocol - for publishing and editing Web resources. The protocol at its core - is the HTTP transport of Atom-formatted representations. The Atom - format is documented in the Atom Syndication Format + for publishing and editing Web resources. The protocol is based on + HTTP transport of Atom-formatted representations. The Atom format is + documented in the Atom Syndication Format (draft-ietf-atompub-format-11.txt). Editorial Note - To provide feedback on this Internet-Draft, join the atom-protocol mailing list (http://www.imc.org/atom-protocol/index.html) [1]. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 - 2. XML Namespace and Language . . . . . . . . . . . . . . . . . 5 - 3. Notational Conventions . . . . . . . . . . . . . . . . . . . 6 - 4. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 7 - 5. The Atom Publishing Protocol Model . . . . . . . . . . . . . 8 - 5.1 Collections . . . . . . . . . . . . . . . . . . . . . . . 8 - 5.2 Editable Resources . . . . . . . . . . . . . . . . . . . . 9 - 5.2.1 Read . . . . . . . . . . . . . . . . . . . . . . . . . 10 - 5.2.2 Update . . . . . . . . . . . . . . . . . . . . . . . . 10 - 5.2.3 Delete . . . . . . . . . . . . . . . . . . . . . . . . 10 - 5.3 Capabilities Discovery . . . . . . . . . . . . . . . . . . 11 - 5.4 Listing . . . . . . . . . . . . . . . . . . . . . . . . . 11 - 5.5 Success and Failure . . . . . . . . . . . . . . . . . . . 12 - 6. Atom Publishing Protocol Documents . . . . . . . . . . . . . 13 - 6.1 Use of xml:base xml:lang . . . . . . . . . . . . . . . . . 13 - 6.2 Collection Documents . . . . . . . . . . . . . . . . . . . 14 - 6.2.1 Element Definitions . . . . . . . . . . . . . . . . . 14 - 6.3 Introspection Documents . . . . . . . . . . . . . . . . . 16 - 6.3.1 Element Definitions . . . . . . . . . . . . . . . . . 17 - 7. Introspection Resource . . . . . . . . . . . . . . . . . . . 20 - 7.1 Discovery . . . . . . . . . . . . . . . . . . . . . . . . 20 - 8. Collection Resources . . . . . . . . . . . . . . . . . . . . 21 - 8.1 GET . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 - 8.2 POST . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 - 8.3 Title: Header . . . . . . . . . . . . . . . . . . . . . . 22 - 9. Entry Collections . . . . . . . . . . . . . . . . . . . . . 23 - 9.1 Editing Entry Resources . . . . . . . . . . . . . . . . . 23 - 9.2 Role of Atom Entry Elements During Editing . . . . . . . . 23 - 10. Generic Collections . . . . . . . . . . . . . . . . . . . . 25 - 10.1 Editing Generic Resources . . . . . . . . . . . . . . . 25 - 10.2 Title: Header . . . . . . . . . . . . . . . . . . . . . 25 - 11. List Resources . . . . . . . . . . . . . . . . . . . . . . . 26 - 11.1 URI Templates . . . . . . . . . . . . . . . . . . . . . 26 - 11.2 URI Template Parameters . . . . . . . . . . . . . . . . 27 - 11.2.1 \{index\} URI template variable . . . . . . . . . . 27 - 11.2.2 \{daterange\} URI template variable . . . . . . . . 27 - 11.2.3 Other URI Template parameters . . . . . . . . . . . 28 - 12. Atom Entry Extensions . . . . . . . . . . . . . . . . . . . 29 - 13. Securing the Atom Protocol . . . . . . . . . . . . . . . . . 30 - 14. Security Considerations . . . . . . . . . . . . . . . . . . 31 - 15. IANA Considerations . . . . . . . . . . . . . . . . . . . . 32 - 16. References . . . . . . . . . . . . . . . . . . . . . . . . . 35 - 16.1 Normative References . . . . . . . . . . . . . . . . . . 35 - 16.2 Informative References . . . . . . . . . . . . . . . . . 36 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 37 - A. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 38 - B. Revision History . . . . . . . . . . . . . . . . . . . . . . 39 - Intellectual Property and Copyright Statements . . . . . . . 41 + 2. Notational Conventions . . . . . . . . . . . . . . . . . . . 5 + 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 6 + 4. Protocol Model . . . . . . . . . . . . . . . . . . . . . . . 7 + 5. Protocol Operations . . . . . . . . . . . . . . . . . . . . 8 + 5.1 Retrieving an Introspection Document . . . . . . . . . . . 8 + 5.2 Creating a Resource . . . . . . . . . . . . . . . . . . . 8 + 5.3 Editing a Resource . . . . . . . . . . . . . . . . . . . . 8 + 5.3.1 Retrieving a Resource . . . . . . . . . . . . . . . . 9 + 5.3.2 Updating a Resource . . . . . . . . . . . . . . . . . 9 + 5.3.3 Deleting a Resource . . . . . . . . . . . . . . . . . 9 + 5.4 Listing Collections . . . . . . . . . . . . . . . . . . . 10 + 5.5 Success and Failure . . . . . . . . . . . . . . . . . . . 10 + 6. XML-related Conventions . . . . . . . . . . . . . . . . . . 11 + 6.1 Referring to Information Items . . . . . . . . . . . . . . 11 + 6.2 XML Namespace Usage . . . . . . . . . . . . . . . . . . . 11 + 6.3 RELAX NG Schema . . . . . . . . . . . . . . . . . . . . . 11 + 6.4 Use of xml:base and xml:lang . . . . . . . . . . . . . . . 11 + 7. Introspection Documents . . . . . . . . . . . . . . . . . . 13 + 7.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . 13 + 7.2 Example . . . . . . . . . . . . . . . . . . . . . . . . . 13 + 7.3 Element Definitions . . . . . . . . . . . . . . . . . . . 14 + 7.3.1 The 'app:service' Element . . . . . . . . . . . . . . 14 + 7.3.2 The 'app:workspace' Element . . . . . . . . . . . . . 14 + 7.3.3 The 'app:collection' Element . . . . . . . . . . . . . 15 + 7.3.4 The 'app:member-type' Element . . . . . . . . . . . . 15 + 7.3.5 The 'app:list-template' Element . . . . . . . . . . . 16 + 8. Collections . . . . . . . . . . . . . . . . . . . . . . . . 18 + 8.1 Creating resources with POST . . . . . . . . . . . . . . . 18 + 8.1.1 Title: Header . . . . . . . . . . . . . . . . . . . . 18 + 8.2 Entry Collections . . . . . . . . . . . . . . . . . . . . 19 + 8.2.1 Role of Atom Entry Elements During Editing . . . . . . 19 + 8.3 Media Collections . . . . . . . . . . . . . . . . . . . . 20 + 8.3.1 Editing Media Resources . . . . . . . . . . . . . . . 20 + 9. Listing Collections . . . . . . . . . . . . . . . . . . . . 21 + 10. Atom Entry Extensions . . . . . . . . . . . . . . . . . . . 23 + 10.1 The 'edit' Link Relation . . . . . . . . . . . . . . . . 23 + 10.2 Publishing Control . . . . . . . . . . . . . . . . . . . 23 + 10.2.1 The app:draft Element . . . . . . . . . . . . . . . 24 + 11. Example . . . . . . . . . . . . . . . . . . . . . . . . . . 25 + 12. Securing the Atom Protocol . . . . . . . . . . . . . . . . . 27 + 13. Security Considerations . . . . . . . . . . . . . . . . . . 28 + 14. IANA Considerations . . . . . . . . . . . . . . . . . . . . 29 + 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 31 + 15.1 Normative References . . . . . . . . . . . . . . . . . . 31 + 15.2 Informative References . . . . . . . . . . . . . . . . . 32 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 33 + A. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 34 + B. RELAX NG Compact Schema . . . . . . . . . . . . . . . . . . 35 + C. Revision History . . . . . . . . . . . . . . . . . . . . . . 38 + Intellectual Property and Copyright Statements . . . . . . . 40 1. Introduction The Atom Publishing Protocol is an application-level protocol for publishing and editing Web resources using HTTP [RFC2616] and XML 1.0 - [W3C.REC-xml-20040204]. + [W3C.REC-xml-20040204]. The protocol supports the creation of + arbitrary web resources and provides facilities for: -2. XML Namespace and Language + o Collections: Sets of resources, which may be retrieved in whole or + in part. - The XML Namespaces URI [W3C.REC-xml-names-19990114] for the XML data - format described in this specification is: http://purl.org/atom/app# + o Introspection: Discovering and describing collections. - XML elements defined by this specification MAY have an xml:lang - attribute, whose content indicates the natural language for the - element (and its descendents). The language context is only - significant for elements and attributes declared to be "Language- - Sensitive" by this specification. Requirements regarding the content - and interpretation of xml:lang are specified in [W3C.REC-xml- - 20040204], Section 2.12. + o Editing: Creating, updating and deleting resources. -3. Notational Conventions +2. Notational Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. - Some sections of this specification are illustrated with fragments of - a non-normative RELAX NG Compact schema [RNC]. However, the text of - this specification provides the definition of conformance. - - This specification uses the namespace prefix "app:" for the Namespace - URI identified in Section 2 above. It uses the namespace prefix - "atom:" for the Namespace URI identified in [AtomFormat]. Note that - choices of namespace prefix are arbitrary and not semantically - significant. + Note: The Introspection Document allows the use of IRIs [RFC3987], as + well as URIs [RFC3986]. Every URI is an IRI, so any URI can be used + where an IRI is needed. How to map an IRI to a URI is specified in + Section 3.1 of Internationalized Resource Identifiers (IRIs) + [RFC3987]. -4. Terminology +3. Terminology For convenience, this protocol may be referred to as "Atom Protocol" - or "APP". This specification uses both internally. + or "APP". + + The phrase "the IRI of a document" in this specification is shorthand + for "an IRI which, when dereferenced, is expected to produce that + document as a representation". URI/IRI - A Uniform Resource Identifier and Internationalized Resource Identifier, respectively. These terms (and the distinction between them) are defined in [RFC3986] and [RFC3987]. - Resource - A network data object or service that can be identified - by a URI, as defined in [RFC2616]. + resource - A network data object or service that can be identified + by a IRI, as defined in [RFC2616]. See [W3C.REC-webarch-20041215] + for further discussion on resources. - Representation - An entity included with a request or response as + representation - An entity included with a request or response as defined in [RFC2616]. -5. The Atom Publishing Protocol Model + collection - A resource that contains a set of member IRIs, as + described in Section 8 of this specification. - The Atom Publishing Protocol is a subset of HTTP that is used to edit - resources on the web. The APP operates on collections of Web - resources. Collections are HTTP resources, as are the members of the - collection. Both Collections and collection member resources support - the same basic interactions. The patterns of interaction are based - on the common HTTP verbs. + member - A resource whose IRI is listed in a collection. + + IRI template - A parameterized string that becomes a IRI when the + parameters are filled in. See Section 9. + + introspection document - A document that describes the location and + capabilities of one or more collections. See Section 7 + + client writable element - An element of an Atom Entry whose value is + editable by the client and not enforced by the server. + + server-controlled element - An element of an Atom Entry whose value + is enforced by the server and not editable by the client. + +4. Protocol Model + + The Atom Publishing Protocol uses HTTP to edit resources on the web. + It provides a list based mechanism for managing collections of + editable resources called member resources. Collections contain the + IRIs and metadata describing member resources. The APP uses these + HTTP verbs: o GET is used to retrieve a representation of a resource or perform - a read-only query. + a query. - o POST is used to create a new, dynamically-named resource, or to - provide a block of data to a data-handling process. + o POST is used to create a new, dynamically-named resource. o PUT is used to update a known resource. o DELETE is used to remove a resource. -5.1 Collections - - The APP groups resources into "Collections", which are analogous to - folders or directories found in a file system. In the figure we have - member resources in a collection. + This diagram shows the APP model: - +-------------------------+ - | Collection | - | | - | +----------------+ | - | | Member_A | | - | +----------------+ | - | | - | +----------------+ | - | | Member_B | | - | +----------------+ | - | | - | +----------------+ | - | | Member_C | | - | +----------------+ | + +---------------+ + | Introspection | +------------+ + | |-->| Collection | + +---------------+ | | + | | +--------+ + | |-->| Member | + | | +--------+ | | - | ... | + | | . + | | . + | | . | | - | +----------------+ | - | | Member_Oldest | | - | +----------------+ | + | | +--------+ + | |-->| Member | + | | +--------+ | | - +-------------------------+ - To add a new member to a collection an appropriate representation is - POSTed to the URI of the collection resource. Here we show it being - added to the beginnng of the list. The ordering of the members of - collections is in terms of the time at which each resource was last - updated, which includes the act of creating the resource. The - ordering of collection members is covered in more detail in Section 8 - and Section 11. + +------------+ - +-------------------------+ - | Collection | - | | - POST | +----------------+ | - --------->| Member_New | | - | +----------------+ | + The introspection document contains the IRIs of one or more + collections. A collection contains IRIs and metadata describing + member resources. The protocol allows editing of resources with + representations of any media-type. Some types of collections are + specialized and restrict the resource representations of their + members. + +5. Protocol Operations + +5.1 Retrieving an Introspection Document + + Client Server | | - | +----------------+ | - | | Member_A | | - | +----------------+ | + | 1.) GET to IRI of Introspection Document | + |------------------------------------------>| | | - | +----------------+ | - | | Member_B | | - | +----------------+ | + | 2.) Introspection Document | + |<------------------------------------------| | | - | +----------------+ | - | | Member_C | | - | +----------------+ | + + 1. The client sends a GET request to the IRI of the introspection + document. + + 2. The server responds with the introspection document which + enumerates the IRIs of all the collections, and the capabilities + of those collections, that the service supports. + +5.2 Creating a Resource + + Client Server | | - | ... | + | 1.) POST to IRI of Collection | + |------------------------------------------>| | | - | +----------------+ | - | | Member_Oldest | | - | +----------------+ | + | 2.) 201 Created | + |<------------------------------------------| | | - +-------------------------+ - You'll note that up until now we haven't said what kinds of - representations we are expecting at each of the resources. There are - two kinds of collections, Entry and Generic. In Entry Collections - all the members MUST have representations as Atom Entries. For - further restrictions on Entry Collection see Section 9 The other type - of collection is a Generic Collection. Generic Collections make no - restriction on the representations of their member resources. + 1. The client POSTs a representation to the IRI of the collection. -5.2 Editable Resources + 2. If the member resource was created successfully the server + responds with a status code of 201 and a Location: header that + contains the IRI of the newly created member resource. - All the members of a collection are Editable Resources. An Editable - resource is a resource whose available HTTP methods can be used to - retrieve, update and delete it. +5.3 Editing a Resource -5.2.1 Read + Once a resource has been created and its IRI is known, that IRI may + be used to retrieve, update, and delete it. - To retrieve a representation of the resource, you send a GET to the - URI of the Editable Resource. Remember that for members of Entry - Collections, the served representation will be an Atom Entry. +5.3.1 Retrieving a Resource Client Server | | - | 1.) GET to Editable Resource URI | + | 1.) GET to Member IRI | |------------------------------------------>| | | - | 2.) 200 OK | + | 2.) Member Representation | |<------------------------------------------| | | - 1. The client sends a GET request to the member's URI. + 1. The client sends a GET request to the member's IRI to retrieve + its representation . 2. The server responds with the representation of the resource. -5.2.2 Update - - To update an Editable Resource the client will PUT an updated - representation to the URI of the resource. +5.3.2 Updating a Resource Client Server | | - | 1.) PUT to Editable Resource URI | + | 1.) PUT to Member IRI | |------------------------------------------>| | | | 2.) 200 OK | |<------------------------------------------| - 1. The client PUTs an updated representation to the member's URI. - - 2. The server MAY respond with an updated representation of the - member's new state. + 1. The client PUTs an updated representation to the member's IRI. -5.2.3 Delete + 2. Upon a successful update of the resource the server responds with + a status code of 200. - An Editable Resource is deleted by sending it DELETE. Note that this - also removes it from all the collections that it belonged to. +5.3.3 Deleting a Resource Client Server | | - | 1.) DELETE to Editable Resource URI | + | 1.) DELETE to Member Resource IRI | |------------------------------------------>| | | | 2.) 200 Ok | |<------------------------------------------| | | - 1. The client sends a DELETE request to the member's URI. - - 2. The server responds with successful status code. - -5.3 Capabilities Discovery - - Each collection resource responds to GET and can return a Collection - Document as it's representation. The Collection Document enumerates - the capabilities of each collection and the format is described in - Section 6.2. - - Client Server - | | - | 1.) GET to Collection | - |------------------------------->| - | | - | 2.) Collection Document | - |<-------------------------------| - | | + 1. The client sends a DELETE request to the member's IRI. - 1. The client sends a GET request to the Collection Resource. + 2. Upon the successful deletion of the resource the server responds + with a status code of 200. - 2. The server responds with a Collection Document containing a - description of the capabilities of the collection. The content - of this document can vary based on aspects of the client request, - including, but not limited to, authentication credentials. + Note: deleting a member also removes it from all the collections to + which it belongs. -5.4 Listing +5.4 Listing Collections - Clients can request a listing of the Collection's membership. - Listing the Editable Resources that are members of a collection is - done using one of the List Resources in the Introspection Document, - utilizing the 'app:uri-template' element. The List Resource returns - Atom Feed Documents with one Atom Entry for each member resource that - match the selection criteria. This is true whether the collection is - an Entry Collection or a Generic Collection. If an Entry Collection - is being interrogated, the entries returned by a list resource SHOULD - NOT to be considered complete representations of the member - resources. See Section 11 and Section 12 for more details on the - extensions and constraints found on the entries returned from List - Resources. + To enumerate the members of a collection the client sends a GET to + its IRI. This IRI is constructed from information in the + introspection document. An Atom Feed Document is returned with one + Atom Entry for each member resource that matches the selection + criteria in the IRI. See Section 9 and Section 10 for a description + of the feed contents. Client Server | | - | 1.) GET to List Resource | + | 1.) GET to List IRI | |------------------------------->| | | | 2.) 200 OK, Atom Feed Doc | |<-------------------------------| | | - 1. The client sends a GET request to the Collection's URI. + 1. The client sends a GET request to the membership list IRI. - 2. The server responds with an Atom Feed Document containing a full - or partial listing of the Collection's membership. + 2. The server responds with an Atom Feed Document containing the + IRIs of all the collection members that match the selection + criteria. 5.5 Success and Failure - HTTP defines different classes of response, which are used by the - Atom Protocol. HTTP status codes of the form 2xx signal that a + The Atom Protocol uses HTTP status codes to signal the results of + protocol operations. Status codes of the form 2xx signal that a request was successful. HTTP status codes of the form 4xx or 5xx - signal that an error has occurred, and the request has failed. - Consult the HTTP specification [RFC2616] for more detailed - definitions of each status code. + signal that an error has occurred. Consult the HTTP specification + [RFC2616] for the definitions of HTTP status codes. -6. Atom Publishing Protocol Documents +6. XML-related Conventions - This specification describes two kinds of Atom Publishing Protocol - Documents: Atom Collections Documents and Atom Introspection - Documents. + The data format in this specification is specified in terms of the + XML Information Set, serialised as XML 1.0 [W3C.REC-xml-20040204]. + Atom Publishing Protocol Documents MUST be well-formed XML. This + specification does not define any DTDs for Atom Protocol, and hence + does not require them to be valid (in the sense used by XML). - An Atom Collection Document is a representation of an Atom - collection, including metadata about the collection, and some or all - of the members associated with it. Its root is the app:collection - element. +6.1 Referring to Information Items - An Atom Introspection Document represents one or more workspaces, - which describe server-defined groupings of collections. Its root is - the app:service element. + This specification uses a shorthand for two common terms: the phrase + "Information Item" is omitted when naming Element Information Items + and Attribute Information Items. Therefore, when this specification + uses the term "element," it is referring to an Element Information + Item in Infoset terms. Likewise, when it uses the term "attribute," + it is referring to an Attribute Information Item. - namespace app = "..." start = appCollection | appIntrospection +6.2 XML Namespace Usage - Both kinds of Atom Publishing Protocol Documents are specified in - terms of the XML Information Set, serialised as XML 1.0 ([W3C.REC- - xml-20040204]). Atom Publishing Protocol Documents MUST be well- - formed XML. This specification does not define a DTD for Atom - Protocol, and hence does not require them to be valid (in the sense - used by XML). + The Namespace URI [W3C.REC-xml-names-19990114] for the data format + described in this specification is: - Atom Collection Documents are identified with the "application/ - atomcoll+xml" media type. + http://purl.org/atom/app# - Atom Introspection Documents are identified with the "application/ - atomserv+xml" media type. + This specification uses the prefix "app:" for the Namespace URI. The + choice of namespace prefix is not semantically significant. - Atom allows the use of IRIs [RFC3987], as well as URIs [RFC3986]. - Every URI is an IRI, so any URI can be used where an IRI is needed. - While IRIs must, for many protocols, be mapped to URIs prior to - dereferencing, they MUST NOT be so mapped for comparison when used in - atom:id. Section 3.1 of [RFC3987] describes how to map an IRI to a - URI when necessary. + This specification also uses the prefix "atom:" for the Namespace URI + identified in [AtomFormat]. -6.1 Use of xml:base xml:lang +6.3 RELAX NG Schema - Any element defined by this specification MAY have an xml:base - attribute [W3C.REC-xmlbase-20010627]. When xml:base is used in an - Atom Publishing Protocol Document, it serves the function described - in section 5.1.1 of [RFC3986], establishing the base URI (or IRI) for - resolving any relative references found within the effective scope of - the xml:base attribute. + Some sections of this specification are illustrated with fragments of + a non-normative RELAX NG Compact schema [RNC]. However, the text of + this specification provides the definition of conformance. A + complete schema appears in Appendix B. + +6.4 Use of xml:base and xml:lang + + XML elements defined by this specification MAY have an xml:base + attribute [W3C.REC-xmlbase-20010627]. When xml:base is used, it + serves the function described in section 5.1.1 of [RFC3986], + establishing the base URI (or IRI) for resolving any relative + references found within the effective scope of the xml:base + attribute. Any element defined by this specification MAY have an xml:lang attribute, whose content indicates the natural language for the element and its descendents. The language context is only significant for elements and attributes declared to be "Language- Sensitive" by this specification. Requirements regarding the content - and interpretation of xml:lang are specified in XML 1.0 ([W3C.REC- - xml-20040204]), Section 2.12. - + and interpretation of xml:lang are specified in Section 2.12 of XML + 1.0 [W3C.REC-xml-20040204], . appCommonAttributes = attribute xml:base { atomUri }?, attribute xml:lang { atomLanguageTag }?, undefinedAttribute* -6.2 Collection Documents +7. Introspection Documents - The Collection Document describes the capabilities of a Collection, - the types of Entries that it will support, the URI Templates it - supports. +7.1 Introduction - The Collection Document has the media-type 'application/atomcoll+xml' - (see Section 15). + For authoring to commence, a client needs to first discover the + capabilities and locations of collections offered. This is done + using Introspection Documents. An Introspection Document describes + workspaces, which are server-defined groupings of collections. - Here's an example document: +7.2 Example - - entry - http://example.org/{index} - http://example.org/{daterange} - - - This example says the Collection contains Atom Entry documents, and - that there are two means of selecting entries using what are called - 'URI Templates'; one based on the collection's order, and another - based on dates. See Section 11.1 for more about URI Templates. - -6.2.1 Element Definitions - -6.2.1.1 The 'app:collection' Element - - The app:collection is the document element of a Collection Document. - - appCollection = - element app:collection { - appCommonAttributes, - ( appMemberType+ - appSearchTemplate - & anyElement* ) - } - - This specification defines two child elements for app:collection: - - o app:member-type: any number of elements listing the types of - Entries that the Collection may contain. - - o app:uri-template: any number of URI Templates for a List Resource - (See Section 11). - -6.2.1.2 The 'app:member-type' Element - - The app:member-type element contains information elements about the - types of Entries that the Collection may contain. - - appMember = - element app:member-type { - appCommonAttributes, - appTypeValue - } - - The element content of an app:member-type MUST be a string that is - non-empty, and matches either the "isegment-nz-nc" or the "IRI" - production in [RFC3987]. Note that use of a relative reference other - than a simple name is not allowed. If a name is given, - implementations MUST consider the link relation type to be equivalent - to the same name registered within the IANA Registry of Member Types - (Section 15), and thus the IRI that would be obtained by appending - the value of the rel attribute to the string - "http://www.iana.org/assignments/entrytype/". - - The content of an app:member-type specifies constraints on the - Entries that may appear in the Collection. The app:collection - element MAY have multiple app:member-type elements. An Entry POSTed - to a Collection MUST meet the constraints of at least one of the app: - member-type constraints. It MAY meet more than one, but the minimum - requirement is at least one. - - This specification defines two initial values for app:member-type - IANA registry: - - o "entry" - The Collection is an Entry Collection as defined in - Section 9. - - o "generic" - The Collection is a Generic Collection as defined in - Section 10. - -6.2.1.3 The 'app:uri-template' Element - - The element content of an app:uri-template is a URI Template for a - List Resource (See Section 11). Every List resource, whose URI is - determined by filling in the parameters in a URI Template, MUST - return an Atom feed document as its representation. This Atom feed - document MUST NOT contain entries which do not match the selection - criteria. - -6.3 Introspection Documents - - In order for authoring to commence, a client must first discover the - capabilities and locations of collections offered. + + + + entry + http://example.org/{index} + + + media + http://example.org/p/{index} + + + + + entry + http://example.org/l/{index} + + + - The Introspection Document describes "workspaces", which are server- - defined groupings of collections. There is no requirement that - servers support multiple workspaces, and a collection may appear in - more than one workspace. + This Introspection Document describes two workspaces. The first, + called 'Main Site', has two collections called 'My Blog Entries' and + 'Pictures' whose IRIs are 'http://example.org/reilly/main' and + 'http://example.org/reilly/pic' respectively. 'My Blog Entries' is + an Entry collection and 'Pictures' is a Media collection. Entry and + Media collections are discussed in Section 7.3.4. - The Introspection Document has the media-type 'application/ - atomserv+xml', see Section 15 + The second workspace is called 'Side Bar Blog' and has a single + collection called 'Remaindered Links' whose collection IRI is + 'http://example.org/reilly/list'. 'Remaindered Links' is an Entry + collection. - Here's an example document: + Introspection documents are identified with the "application/ + atomserv+xml" media type (see Section 14). - - - - - - - - - - - + While an introspection document allows multiple workspaces, there is + no requirement that a service support multiple workspaces. In + addition, a collection MAY appear in more than one workspace. - This example says there are two workspaces, each consisting of two - collections. The first workspace is called 'Mail', and has two - collections, called 'My Blog Entries' and 'Documents' whose locations - are 'http://example.org/reilly/feed' and - 'http://example.org/reilly/pic'. 'My Blog Entries' contains Atom - Entries and 'Documents' contains Generic Entries. The second - workspace is called 'Side Bar Blog' and also has two collections, - called 'Entries' and 'Books' whose locations are - 'http://example.org/reilly/feed' and - 'http://example.org/reilly/booklist'. 'Entries' contains Atom - Entries and 'Books' contains Generic Entries (since its contents - attribute is not present you MUST assume it is a Generic Collection). +7.3 Element Definitions -6.3.1 Element Definitions +7.3.1 The 'app:service' Element -6.3.1.1 The 'app:service' Element + The root of an introspection document is the app:service element. + namespace app = "http://purl.org/atom/app#" + start = appService - The "app:service" element is the document element of a Introspection - Document, acting as a container for service data associated with one - or more workspaces. An app:service elements MAY contain any number - of app:workspace elements. + The "app:service" element is the container for introspection + information associated with one or more workspaces. An app:service + element MUST contain one or more app:workspace elements. appService = element app:service { appCommonAttributes, - ( appWorkspace* - & anyElement* ) + ( appWorkspace+ + & extensionElement* ) } -6.3.1.2 The 'app:workspace' Element +7.3.2 The 'app:workspace' Element - The 'workspace' element contains information elements about the + The 'app:workspace' element contains information elements about the collections of resources available for editing. The app:workspace - elements MAY contain any number of app:collection elements. + element MUST contain one or more app:collection elements. appWorkspace = element app:workspace { appCommonAttributes, attribute title { text }, - ( appCollection* - & anyElement* ) + ( appCollection+ + & extensionElement* ) } -6.3.1.2.1 The 'title' Attribute +7.3.2.1 The 'title' Attribute The app:workspace element MUST contain a 'title' attribute, which conveys a human-readable name for the workspace. This attribute is Language-Sensitive. -6.3.1.3 The 'app:collection' Element +7.3.3 The 'app:collection' Element - The 'app:collection' element describes collections and their member - resources. + The app:collection contains information elements that describe the + location and capabilities of a collection. appCollection = element app:collection { appCommonAttributes, attribute title { text }, attribute href { text }, - attribute contents { text }, - anyElement* + ( appMemberType + & appListTemplate + & extensionElement* ) } -6.3.1.3.1 The 'title' Attribute +7.3.3.1 The 'title' Attribute The app:collection element MUST contain a 'title' attribute, whose - value conveys a human-readable name for the workspace. This + value conveys a human-readable name for the collection. This attribute is Language-Sensitive. -6.3.1.3.2 The 'href' Attribute +7.3.3.2 The 'href' Attribute The app:collection element MUST contain an 'href' attribute, whose value conveys the IRI of the collection. -6.3.1.3.3 The 'contents' Attribute - - The app:collection element MAY contain a 'contents' attribute. The - 'contents' attribute conveys the nature of a collection's member - resources. This specification defines two initial values for the - 'contents' attribute: + This specification defines two child elements for app:collection: - o 'entry': A value of 'entry' for the contents attribute indicates - that the Collection is an Entry Collection (Section 9). + o app:member-type: a single element that contains the type of + members that the collection can contain. - o 'generic': A value of 'generic' for the contents attribute - indicates that the Collection is a Generic Collection - (Section 10). + o app:list-template: a single element that contains a IRI template + of a membership list. (See Section 9). - If the attribute is not present, its value MUST be considered to be - 'generic'. +7.3.4 The 'app:member-type' Element -7. Introspection Resource + The app:collection element MUST contain one 'app:member-type' + element. The app:member-type element value specifies the types of + members that can appear in the collection. - To retrieve an Introspection Document, the client sends a GET request - to its URI. + appMemberType = + element app:member-type { + appCommonAttributes, + ( appTypeValue ) + } - GET /service-desc HTTP/1.1 - Host: example.org - User-Agent: Cosimo/1.0 - Accept: application/atomserv+xml + appTypeValue = "entry" | "media" - The server responds to a GET request by returning an Introspection - Document in the message body. + An Entry POSTed to a collection MUST meet the constraints of the app: + member-type element. - HTTP/1.1 200 OK - Date: Mon, 21 Mar 2005 19:20:19 GMT - Server: CountBasic/2.0 - Last-Modified: Mon, 21 Mar 2005 19:17:26 GMT - ETag: "4c083-268-423f1dc6" - Content-Length: nnnn - Content-Type: application/atomserv+xml + This specification defines two initial values for the app:member-type + IANA registry: - - - ... - + o "entry" - The collection contains only member resources whose + representation MUST be an Atom Entry. Further constraints on the + representations of members in a collection of type "entry" are + listed in Section 8.2. -7.1 Discovery + o "media" - The collection contains member resources whose + representation can be of any media type. Additional constraints + are listed in Section 8.3. - [[anchor18: Add in desc of an HTML link element that points to the - Introspection Resource, or add it to the autodisco draft]] + In general the value of app:member-type MUST be a string that is non- + empty, and matches either the "isegment-nz-nc" or the "IRI" + production in [RFC3987]. Note that use of a relative reference other + than a simple name is not allowed. If a name is given, + implementations MUST consider the link relation type to be equivalent + to the same name registered within the IANA Registry of Link + Relations Section 14, and thus the IRI that would be obtained by + appending the value of the rel attribute to the string + "http://www.iana.org/assignments/member-type/". -8. Collection Resources +7.3.5 The 'app:list-template' Element - An Atom Collection is a set of related resources. All members of a - collection have an "app:updated" property, and the Collection is - considered to be ordered by this property. + The app:collection element MUST contain one 'app:list-template' + elements. The element content of app:list-template is an IRI + template (Section 9) for a collection. - This specification defines two HTTP methods for use with collection - resources: GET and POST. + appListTemplate = + element app:list-template { + appCommonAttributes, + ( appUriTemplate ) + } -8.1 GET + appUriTemplate = xsd:string { pattern = ".+\{.+\}.*" } - A GET to a Collection Resource returns a Collection Document, - outlining the Collection. Collection Documents are described in - Section 6.2. +8. Collections -8.2 POST +8.1 Creating resources with POST - In addition to GET, a Collection Resource also accepts POST requests. - The client POSTs a representation of the desired resource to the - Collection Resource. Note that some collections may impose - constraints on the media-types that are created in a Collection and - MAY generate a response with a status code of 415 ("Unsupported Media - Type"). + Every collection accepts POST requests to create resources - the + client POSTs a representation of the desired resource to the IRI of + the collection. Collections MAY impose constraints on the media- + types that are created in a collection and MAY generate a response + with a status code of 415 ("Unsupported Media Type"). - In the case of a successful creation, the status code MUST be 201 + The status code returned for a successful creation POST MUST be 201 ("Created"). - Every successful POST MUST return a Location: header with the URI of - the newly created resource. + A successful creation POST MUST return a Location: header with the + URI of the newly created resource. - Here's an example. Below, the client requests to create a resource - in a Collection: + Clients MAY POST invalid Atom for initial resource creation - + specifically the id and link elements MAY be omitted. + + Below, the client requests to create a resource in a collection: POST /edit HTTP/1.1 Host: example.org - User-Agent: Cosimo/1.0 - Accept: application/atom+xml + User-Agent: Thingio/1.0 Content-Type: application/atom+xml - Content-Length: 601 - - - Mars Attacks! - - Why cant we all just... get along? - - - The President - http://www.example.org/blog - - -

- Why can't we...work out our differences? - Why can't we...work things out? - Little people...why can't we all just...get along? -

- - + Content-Length: nnn + + Atom-Powered Robots Run Amok + 2003-12-13T18:30:02Z + Some text. + The resource is created by sending an Atom Entry as the entity body. - Assuming the server created the resource successfully, it sends back - a 201 Created response with a Location: header that contains the IRI - of the newly created member as an Editable Resource. + Successful creation is indicated by a 201 created response and + includes a Location: header. HTTP/1.1 201 Created Date: Fri, 7 Oct 2005 17:17:11 GMT - Content-Length: 663 - Content-Type: application/atom+xml; charset="utf-8" + Content-Length: 0 Location: http://example.org/edit/first-post.atom -8.3 Title: Header +8.1.1 Title: Header - The POST to a Collection Resource MAY contain a Title: header that - indicates the clients suggested name for the resource. The server - MAY ignore the Title: header or modify the requested name to suit - local conventions. + The POST to a collection MAY contain a Title: header that indicates + the client's suggested title for the resource. The server MAY ignore + the Title: header or modify the requested title. Title = "Title" ":" [text] -9. Entry Collections - - Entry Collections are Collections that restrict their membership to - Atom entries. - -9.1 Editing Entry Resources - - Atom entries are edited by sending HTTP requests to an individual - entry's URI. Servers can determine the processing necessary to - interpret a request by examining the request's HTTP method and - 'Content-Type' header. - - Processing Client Requests + The syntax of this header MUST conform to the augmented BNF grammar + in section 2.1 of the HTTP/1.1 specification [RFC2616]. - +-----------+------+--------+--------+------+ - | | GET | PUT | DELETE | POST | - +-----------+------+--------+--------+------+ - | No Body | Read | x | Delete | x | - | | | | | | - | Atom Body | x | Update | x | x | - +-----------+------+--------+--------+------+ +8.2 Entry Collections -9.2 Role of Atom Entry Elements During Editing + Entry Collections are collections that restrict their membership to + Atom Entries. They are identified by having an app:member-type of + "entry". Every member representation MUST contain an atom:link + element with a relation of rel="edit" that contains the IRI of the + member resource. Member representations MAY contain an app:control + element (Section 10.2). - The elements of an Atom Entry Document are either a 'Writable - Element' or a 'Round Trip Element'. +8.2.1 Role of Atom Entry Elements During Editing - Writable Element - An element of an Atom Entry whose value is - editable by the client and not enforced by the server. + The elements of an Atom Entry Document are either a client writable + or server controlled. - Round Trip Element - An element of an Atom Entry whose value is - enforced by the server and not editable by the client. + Client Writable - An element of an Atom Entry whose value is editable + by the client. Servers MAY modify the content of client writable + elements. Some reasons that a server may change client writable + content include length limits, obscenity filters or the addition of + boilerplate text. - That categorization will determine the elements' disposition during - editing. + Server Controlled - An element of an Atom Entry whose value is + enforced by the server and not editable by the client. Clients + SHOULD NOT change the value of server controlled elements. Servers + MUST NOT rely on clients preserving the values of server controlled + elements. - +--------------------+------------+ + +--------------------+--------------------+ | Atom Entry Element | Property | - +--------------------+------------+ - | atom:author | Writable | + +--------------------+--------------------+ + | atom:author | Client Writable | | | | - | atom:category | Writable | + | atom:category | Client Writable | | | | - | atom:content | Writable | + | atom:content | Client Writable | | | | - | atom:contributor | Writable | + | atom:contributor | Client Writable | | | | - | atom:id | Round Trip | + | atom:id | Server Controlled | | | | - | atom:link | Writable | + | atom:link | Client Writable | | | | - | atom:published | Writable | + | atom:published | Client Writable | | | | - | atom:source | Writable | + | atom:source | Client Writable | | | | - | atom:summary | Writable | + | atom:summary | Client Writable | | | | - | atom:title | Writable | + | atom:title | Client Writable | | | | - | atom:updated | Round Trip | - +--------------------+------------+ - - Table 2 - -10. Generic Collections - - Generic Collections are Collections that do not have uniform - restrictions on the representations of the member resources. - -10.1 Editing Generic Resources - - Member resources are edited by sending HTTP requests to an individual - resource's URI. Servers can determine the processing necessary to - interpret a request by examining the request's HTTP method and - 'Content-Type' header. - - Processing Client Requests + | atom:updated | Server Controlled | + | | | + | app:control | Client Writable | + +--------------------+--------------------+ - +----------+------+--------+--------+------+ - | | GET | PUT | DELETE | POST | - +----------+------+--------+--------+------+ - | No Body | Read | x | Delete | x | - | | | | | | - | Any Body | x | Update | x | x | - +----------+------+--------+--------+------+ + Table 1 - When a List resource returns an Atom Feed enumerating the contents of - a Generic Collection, all the Entries MUST have an atom:content - element with a 'src' attribute. +8.3 Media Collections -10.2 Title: Header + Media Collections are collections whose member representations are + not constrained. They are identified by having an app:member-type of + "media". - The POST to a Generic Collection Resource MAY contain a Title: header - that indicates the clients suggested title for the resource. The - server MAY ignore the Title: header or modify the requested title to - suit local conventions. +8.3.1 Editing Media Resources - Title = "Title" ":" [text] + When a membership list resource returns an Atom Feed enumerating the + contents of a Media Collection, all the Entries MUST have an atom: + content element with a 'src' attribute. When creating a public, + read-only reference to the member resource, a client SHOULD use the + "atom:content/@src" attribute value. -11. List Resources +9. Listing Collections - List resources are resources which are identified by URI templates - indicating selection criteria. They can be used where clients - require fine control over the range or size of a server's response. - A list resource MUST return an Atom feed document as its - representation. The entries in the returned document MUST be ordered - by their 'atom:updated' property, with the most recently updated - entries coming first in the document order. Clients MUST NOT assume - that the entry returned in the feed is a full representation of a - member resource. If the entry is an Editable Resource then the - client should perform a GET on the member resource before editing. + Collections, as identified in an Introspection Document, are + resources that MUST provide representations in the form of Atom Feed + documents. The entries in the returned Feed MUST be ordered by their + 'atom:updated' property, with the most recently updated entries + coming first in the document order. Every entry in the Feed Document + MUST have an atom:link element with a relation of "edit" (See + Section 10.1). Clients MUST NOT assume that an Atom Entry returned + in the Feed is a full representation of a member resource. The value + of atom:updated is only changed when the change to a member resource + is considered significant. Insignificant changes do not result in + changes to the atom:updated value and thus do not change the position + of the corresponding entry in a membership list. Clients SHOULD be + constructed with this in mind and SHOULD perform a GET on the member + resource before editing. - note: in this section some URIs carry across onto the next line; this - is indicated by a '\' + Collections can contain extremely large numbers of resources. A + naive client such as a web spider or web browser would be overwhelmed + if the response to a GET contained every entry in the feed, and the + server would waste large amounts of bandwidth and processing time on + clients unable to handle the response. -11.1 URI Templates + For this reason, Introspection documents refer to collections not + with IRIs but with IRI Templates, contained in the "app:member-type" + child of "app:collection". An IRI Template is a string containing + the embedded token "{index}". - URI Templates are a mechanism for declaring criteria against a list - resource. By itself a URI Template is not a valid URI. Instead - there are multiple parameters embedded in the URI and distinguished - by closing braces which can be populated and used as selection - criteria. The value of each app:uri-template element in a Collection - document is a URI Template. + To produce an IRI that can be used to retrieve part or all of the + collection, software replaces the "{index}" with a pair of positive + integer indices separated by a dash character. An IRI template MUST, + after such substitution has been performed, constitute a + syntactically valid IRI. - Each URI template has one or more parameters that MUST be substituted - with values to construct a valid URI. The substitution MUST ensure - that the resulting value is also properly percent-encoded utf-8. + One or other index MAY be omitted, in which case the range is + understood as stretching to 0 or infinity. The index values are 0 + based and select members from the collection based on the member's + index, with all of the members ordered by their 'atom:updated' + property. The response to the selection request MUST be an Atom Feed + where all the entries fall within the requested criteria. The + request range is considered a closed set - if an entry matches one + end of the range exactly it MUST be included in the response. If no + members fall in the requested range, the server MUST respond with an + Atom Feed containing no entries. If a membership list is returned + with a number of entries that is less than the number of entries + requested than the client MAY assume that it has made a request that + exceeds the last index of the members. - Here are some examples of template URIs and corresponding populated - values: + For example, suppose the client is supplied this IRI template: http://example.org/blog/edit/{index} - http://example.org/blog/edit/3-9 - - http://example.org/blog/edit/{index}/foo - http://example.org/blog/edit/0-100/foo - - http://example.org/blog/edit/{daterange} - http://example.org/blog/edit/daterange=\ - 2003-12-13T18:30:02Z-2003-12-13T18:30:02Z - - http://example.org/blog/edit?dr={daterange}/bar/ - http://example.org/blog/edit?dr=\ - 2003-12-13T18:30:02Z,2003-12-13T18:30:02Z/bar/ - - Note that the parameters MAY appear at any place in the URI template. - -11.2 URI Template Parameters - - This specification defines two parameters for use in URI Templates: - - o index: allows selection into a collection's resources based as - though ordered by their 'atom:updated' property. + If the client wants the first 15 entries in the collection it would + substitute the brace-delimited parameter {index}, with the value + 0-14, giving: - o daterange: allows selection into a collection's resources based on - their 'atom:updated' property + http://example.org/blog/edit/0-14 - In both cases, the response to the selection request MUST be an Atom - Feed where all the entries fall within the requested criteria. The - request range is considered a closed set - if an entry matches one - end of the range exactly it MUST be included in the response. If no - members fall in the requested range, the server MUST respond with an - Atom Feed containing no entries. +10. Atom Entry Extensions - A Collection Document MUST contain at least two app:uri-template - elements - one for the {index} parameter template and the other for - the {daterange} parameter template. The two parameters are not - mutually exclusive and MAY appear together in a single Template URI. + This specification adds one new value to the Registry of Link + Relations and also adds a new element to Atom Entries called "app: + control" for controlling publishing. These new links and app: + control elements MAY appear in both membership lists and in member + representations. -11.2.1 \{index\} URI template variable +10.1 The 'edit' Link Relation - The value of the {index} criterion MUST be a pair of non-negative - integer indices separated by a dash character. One or other index - MAY omitted, in which case the range is understood as stretching to - zero, or infinity. + This specification adds the value "edit" to the Registry of Link + Relations. The value of "edit" signifies that the IRI in the value + of the href attribute is the IRI of the member resource, and is + intended to be used to update and delete resources as described in + this specification. - index-specifier = [index] "-" [index] +10.2 Publishing Control - For example, suppose the client is supplied this {index} URI - template: + This specification also adds a new element to Atom Entries for + controlling publishing. - http://example.org/blog/edit/{index} + pubControl = + element app:control { + atomCommonAttributes, + pubDraft? + & extensionElement + } - If the client wants the first 15 entries in the Collection it would - substitute the brace-delimited parameter {index}, with the value - 1-15, giving: + pubDraft = + element app:draft { "yes" | "no" } - http://example.org/blog/edit/1-15 + The "app:control" element MAY appear as a child of an "atom:entry" + which is being created or updated via the Atom Publishing Protocol. + The "app:control" element, if it does appear in an entry, MUST only + appear at most one time. -11.2.2 \{daterange\} URI template variable + The "app:control" element and its children elements MAY be included + in Atom Feed or Entry Documents. The "app:control" element is + considered "foreign markup" as defined in Section 6 of the Atom + Syndication Format. - A URI Template with the variable 'daterange' allows querying for Atom - Entries in a Collection according to their 'atom:updated' property. + The "app:control" element MAY contain exactly one app:draft element + and MAY contain zero or more extension elements as outlined in the + Atom Syndication Format, Section 6. Both clients and servers MUST + ignore foreign markup present in the app:control element that they do + not know. - The value of the {daterange} criterion should be a pair of ISO - formatted dates separated by a dash character; either index may be - optionally omitted, in which case the range is understood as - stretching to infinity on that end. +10.2.1 The app:draft Element - daterange-specifier = [iso-date] "," [iso-date] + This specification defines only one child element for "app:control", + "app:draft". - The [iso-date] terminal MUST conform to the "date-time" production in - [RFC3339]. In addition, an uppercase "T" character MUST be used to - separate date and time, and an uppercase "Z" character MUST be - present in the absence of a numeric time zone offset. + The number of "app:draft" elements in "app:control" MUST be zero or + one. Its content MUST be one of the values "yes" or "no". A value + of "no" means that the entry MAY be made publicly visible. If the + "app:draft" element is missing then the value is understood to be + "no". That is, if "app:control" and/or the "app:draft" elements are + missing from an entry then the entry is considered not a draft and + can be made publicly visible. Clients MUST understand "app:draft" + elements and MUST NOT drop them from Atom Entries during editing. + Clients MUST NOT operate on the expectation that a server will honor + the value of an "app:draft" element. Servers MAY ignore "app:draft" + elements and drop them from Atom Entries. - For example, suppose the client is supplied this {daterange} URI - Template: +11. Example - http://example.org/blog/edit/{daterange} + This is an example of a client creating a new entry with an image. + The client has an image to publish and an entry that includes an HTML + 'img' element that uses that image. In this scenario we consider a + client that has IRIs of two collections, an entry collection and a + media collection, both of which were discovered through an + introspection document. The IRI of the entry collection is: - If the client wants the entries in the collection between January and - February 2006 it would substitute the brace-delimited parameter - {daterange} with the desired selection value, giving this URI: + http://example.net/blog/edit/ - http://example.org/blog/edit/2006-01-01T00:00:00Z,\ - 2006-02-01T00:00:00Z + The IRI of the media collection is: -11.2.3 Other URI Template parameters + http://example.net/binary/edit - Other specifications MAY define new parameters for use in URI - templates and declared in the app:uri-template element. + First the client creates a new image resource by POSTing the image to + the IRI of the media collection. -12. Atom Entry Extensions + POST /binary/edit/ HTTP/1.1 + Host: example.net + User-Agent: Thingio/1.0 + Content-Type: image/png + Content-Length: nnnn + Title: A picture of the beach - This specification adds three new values to the Registry of Link - Relations. + ...binary data... - The value of 'collection' signifies that the IRI in the value of the - href is the Collection that this Entry belongs to. Any entry MAY - contain a link with a relation of 'collection'. + The member resource is created and an HTTP status code of 201 is + returned. - The value of 'edit' signifies that the IRI in the value of the href - attribute identifies the resource that is used to edit the entry. - That is, it is the URI of the Entry as an Editable Resource. + HTTP/1.1 201 Created + Date: Fri, 25 Mar 2005 17:17:11 GMT + Content-Length: nnnn + Content-Type: application/atom+xml + Location: http://example.net/binary/edit/b/129.png - The value of 'srcedit' signifies that the IRI in the value of the - href attribute identifies the resource that is used to edit the - resource pointed to by the 'src' attribute of the atom:content - element. That is, it is the IRI of the atom:content@src as an - Editable Resource. If a link element with a relation of "srcedit" is - not given, then it's value defaults to the "src" attribute of the - content element. List Resources for Generic Collections MUST return - entries that have 'srcedit' links or MUST have a atom:content@src - value. + + + A picture of the beach. + + urn:uuid:1225c695-cfb8-4ebb-aaaa-568596895695 + 2005-09-02T10:30:00Z + Waves + + + The client then POSTs the Atom Entry that refers to the newly created + image resource. Note that the client takes the IRI + http://example.net/binary/readonly/129.png and uses it in the 'img' + element in the Entry content: - If the "srcedit" link is present, and it's value is an empty string, - then there is no URI that can be treated in the way such a value - would be treated. + POST /blog/edit/ HTTP/1.1 + Host: example.net + User-Agent: Thingio/1.0 + Content-Type: application/atom+xml + Content-Length: nnnn - Clients SHOULD use the "srcedit" value to manipulate the resource - within the context of the APP itself. Clients SHOULD prefer the - "atom:content@src" value in any other context. For example, if the - resource is an image, a client may replace the image data using a PUT - on the "srcedit" value, and may even display a preview of the image - by fetching the "srcedit" URI. But when creating a public, read-only - reference to the same image resource, the client should use the - "atom:content@src" value. + + + What I did on my summer vacation + 2005-09-02T10:30:00Z + Beach! + +
+

We went to the beach for summer vacation. + Here is a picture of the waves rolling in: + A picture of the beach. +

+
+ + -13. Securing the Atom Protocol +12. Securing the Atom Protocol All instances of publishing Atom entries SHOULD be protected by authentication to prevent posting or editing by unknown sources. Atom servers and clients MUST support one of the following authentication mechanisms, and SHOULD support both. o HTTP Digest Authentication [RFC2617] o [@@TBD@@ CGI Authentication ref] - Atom servers and clients MAY support encryption of the Atom session - using TLS [RFC2246]. + Atom servers and clients MAY support encryption of the session using + TLS (see [RFC2246]). - There are cases where an authentication mechanism may not be - required, such as a publicly editable Wiki, or when using the PostURI - to post comments to a site that does not require authentication to - create comments. + There are cases where an authentication mechanism is not be required, + such as a publicly editable Wiki, or when using POST to send comments + to a site that does not require authentication from a commenter. -13.1 [@@TBD@@ CGI Authentication] +12.1 [@@TBD@@ CGI Authentication] This authentication method is included as part of the protocol to allow Atom servers and clients that cannot use HTTP Digest Authentication but where the user can both insert its own HTTP headers and create a CGI program to authenticate entries to the server. This scenario is common in environments where the user cannot control what services the server employs, but the user can write their own HTTP services. -14. Security Considerations - - Because Atom is a publishing protocol, it is important that only - authorized users can create and edit entries. +13. Security Considerations The security of Atom is based on HTTP Digest Authentication and/or [@@TBD@@ CGI Authentication]. Any weaknesses in either of these authentication schemes will affect the security of the Atom Publishing Protocol. Both HTTP Digest Authentication and [@@TBD@@ CGI Authentication] are susceptible to dictionary-based attacks on the shared secret. If the shared secret is a password (instead of a random string with sufficient entropy), an attacker can determine the secret by exhaustively comparing the authenticating string with hashed results of the public string and dictionary entries. - See RFC 2617 for more detailed description of the security properties - of HTTP Digest Authentication. + See [RFC2617] for the description of the security properties of HTTP + Digest Authentication. @@TBD@@ Talk here about using HTTP basic and digest authentication. @@TBD@@ Talk here about denial of service attacks using large XML files, or the billion laughs DTD attack. -15. IANA Considerations - - A Atom Collection Document, when serialized as XML 1.0, can be - identified with the following media type: - - MIME media type name: application - - MIME subtype name: atomcoll+xml - - Mandatory parameters: None. - - Optional parameters: - - "charset": This parameter has identical semantics to the charset - parameter of the "application/xml" media type as specified in - [RFC3023]. - - Encoding considerations: Identical to those of "application/xml" as - described in [RFC3023], section 3.2. - - Security considerations: As defined in this specification. - [[anchor31: update upon publication]] - - In addition, as this media type uses the "+xml" convention, it - shares the same security considerations as described in [RFC3023], - section 10. - - Interoperability considerations: There are no known interoperability - issues. - - Published specification: This specification. [[anchor32: update upon - publication]] - - Applications that use this media type: No known applications - currently use this media type. - - Additional information: - - Magic number(s): As specified for "application/xml" in [RFC3023], - section 3.2. - - File extension: .atomcoll - - Fragment identifiers: As specified for "application/xml" in - [RFC3023], section 5. - - Base URI: As specified in [RFC3023], section 6. - - Macintosh File Type code: TEXT - - Person and email address to contact for further information: Joe - Gregorio - - Intended usage: COMMON - - Author/Change controller: IESG +14. IANA Considerations An Atom Introspection Document, when serialized as XML 1.0, can be identified with the following media type: MIME media type name: application MIME subtype name: atomserv+xml Mandatory parameters: None. Optional parameters: "charset": This parameter has identical semantics to the charset parameter of the "application/xml" media type as specified in [RFC3023]. Encoding considerations: Identical to those of "application/xml" as described in [RFC3023], section 3.2. Security considerations: As defined in this specification. - [[anchor33: update upon publication]] + [[anchor22: update upon publication]] In addition, as this media type uses the "+xml" convention, it shares the same security considerations as described in [RFC3023], section 10. Interoperability considerations: There are no known interoperability issues. - Published specification: This specification. [[anchor34: update upon + Published specification: This specification. [[anchor23: update upon publication]] Applications that use this media type: No known applications currently use this media type. Additional information: Magic number(s): As specified for "application/xml" in [RFC3023], section 3.2. @@ -1168,26 +991,26 @@ Base URI: As specified in [RFC3023], section 6. Macintosh File Type code: TEXT Person and email address to contact for further information: Joe Gregorio Intended usage: COMMON - Author/Change controller: This specification's author(s). [[anchor35: + Author/Change controller: This specification's author(s). [[anchor24: update upon publication]] -16. References +15. References -16.1 Normative References +15.1 Normative References [AtomFormat] Nottingham, M. and R. Sayre, "The Atom Syndication Format", 1.0, July 2005. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2246] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC 2246, January 1999. @@ -1197,40 +1020,41 @@ Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., and L. Stewart, "HTTP Authentication: Basic and Digest Access Authentication", RFC 2617, June 1999. [RFC3023] Murata, M., St. Laurent, S., and D. Kohn, "XML Media Types", RFC 3023, January 2001. - [RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet: - Timestamps", RFC 3339, July 2002. - [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005. [RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource Identifiers (IRIs)", RFC 3987, January 2005. [W3C.REC-xml-20040204] Yergeau, F., Paoli, J., Sperberg-McQueen, C., Bray, T., and E. Maler, "Extensible Markup Language (XML) 1.0 (Third Edition)", W3C REC REC-xml-20040204, February 2004. [W3C.REC-xml-names-19990114] Hollander, D., Bray, T., and A. Layman, "Namespaces in XML", W3C REC REC-xml-names-19990114, January 1999. -16.2 Informative References + [W3C.REC-xmlbase-20010627] + Marsh, J., "XML Base", W3C REC W3C.REC-xmlbase-20010627, + June 2001. + +15.2 Informative References [RNC] Clark, J., "RELAX NG Compact Syntax", December 2001. [W3C.REC-webarch-20041215] Walsh, N. and I. Jacobs, "Architecture of the World Wide Web, Volume One", W3C REC REC-webarch-20041215, December 2004. URIs @@ -1254,24 +1078,150 @@ Dublin, Dublin D14 IE Phone: +353-1-4927444 Email: bill.dehora@propylon.com URI: http://www.propylon.com/ Appendix A. Contributors The content and concepts within are a product of the Atom community - and the Atompub Working Group. Robert Sayre was an editor for drafts - 00-04. + and the Atompub Working Group. -Appendix B. Revision History +Appendix B. RELAX NG Compact Schema + + This appendix is informative. + + The Relax NG schema explicitly excludes elements in the APP namespace + which are not defined in this revision of the specification. + Requirements for APP Processors encountering such markup are given in + Section 6.2 and Section 6.3 of [AtomFormat]. + + # -*- rnc -*- + # RELAX NG Compact Syntax Grammar for the Atom Protocol + + namespace app = "http://purl.org/atom/app#" + namespace local = "" + + start = appService + + # common:attrs + + appCommonAttributes = + attribute xml:base { atomUri }?, + attribute xml:lang { atomLanguageTag }?, + undefinedAttribute* + + undefinedAttribute = + attribute * - (xml:base | xml:lang | local:*) { text } + + atomUri = text + + atomLanguageTag = xsd:string { + pattern = "[A-Za-z]{1,8}(-[A-Za-z0-9]{1,8})*" + } + + # app:service + + appService = + element app:service { + appCommonAttributes, + ( appWorkspace+ + & extensionElement* ) + } + + # app:workspace + + appWorkspace = + element app:workspace { + appCommonAttributes, + attribute title { text }, + ( appCollection+ + & extensionElement* ) + } + + # app:collection + + appCollection = + element app:collection { + appCommonAttributes, + attribute title { text }, + attribute href { text }, + ( appMemberType + & appListTemplate + & extensionElement* ) + } + + # app:member + + appMemberType = + element app:member-type { + appCommonAttributes, + ( appTypeValue ) + } + + appTypeValue = "entry" | "media" + + # app:list-template + + appListTemplate = + element app:list-template { + appCommonAttributes, + ( appUriTemplate ) + } + + # Whatever an IRI template is, it contains at least {index} + + appUriTemplate = xsd:string { pattern = ".+\{index\}.*" } + + # Simple Extension + + simpleExtensionElement = + element * - app:* { + text + } + + # Structured Extension + structuredExtensionElement = + element * - app:* { + (attribute * { text }+, + (text|anyElement)*) + | (attribute * { text }*, + (text?, anyElement+, (text|anyElement)*)) + } + + # Other Extensibility + + extensionElement = + simpleExtensionElement | structuredExtensionElement + + # Extensions + + anyElement = + element * { + (attribute * { text } + | text + | anyElement)* + } + + # EOF + +Appendix C. Revision History + + draft-ietf-atompub-protocol-06 - Removed: Robert Sayre from the + contributors section per his request. Added in + PaceCollectionControl. Fixed all the {daterange} verbage and + examples so they all use a dash. Added full rnc schema. Collapsed + Introspection and Collection documents into a single document. + Removed {dateRange} queries. Renamed search to list. Moved + discussion of media and entry collection until later in the document + and tied the discussion to the Introspection element app:member-type. draft-ietf-atompub-protocol-05 - Added: Contributors section. Added: de hOra to editors. Fixed: typos. Added diagrams and description to model section. Incorporates PaceAppDocuments, PaceAppDocuments2, PaceSimplifyCollections2 (large-sized chunks of it anyhow: the notions of Entry and Generic resources, the section 4 language on the Protocol Model, 4.1 through 4.5.2, the notion of a Collection document, as in Section 5 through 5.3, Section 7 "Collection resources", Selection resources (modified from pace which talked about search); results in major mods to Collection Documents, Section @@ -1316,46 +1266,46 @@ Rev 07 - 06Aug2003 - Removed the use of the RSD file for auto- discovery. Changed copyright until a final standards body is chosen. Changed query parameters for the search facet to all begin with atom- to avoid name collisions. Updated all the Entries to follow the 0.2 version. Changed the format of the search results and template file to a pure element based syntax. Rev 06 - 24Jul2003 - Moved to PUT for updating Entries. Changed all the mime-types to application/x.atom+xml. Added template editing. Changed 'edit-entry' to 'create-entry' in the Introspection file to - more accurately reflect it's purpose. + more accurately reflect its purpose. Rev 05 - 17Jul2003 - Renamed everything Echo into Atom. Added version numbers in the Revision history. Changed all the mime-types to application/atom+xml. Rev 04 - 15Jul2003 - Updated the RSD version used from 0.7 to 1.0. Change the method of deleting an Entry from POSTing to using the HTTP DELETE verb. Also changed the query interface to GET instead of POST. Moved Introspection Discovery to be up under Introspection. Introduced the term 'facet' for the services listed in the Introspection file. Rev 03 - 10Jul2003 - Added a link to the Wiki near the front of the document. Added a section on finding an Entry. Retrieving an Entry - now broken out into it's own section. Changed the HTTP status code + now broken out into its own section. Changed the HTTP status code for a successful editing of an Entry to 205. Rev 02 - 7Jul2003 - Entries are no longer returned from POSTs, instead they are retrieved via GET. Cleaned up figure titles, as they are rendered poorly in HTML. All content-types have been changed to application/atom+xml. Rev 01 - 5Jul2003 - Renamed from EchoAPI.html to follow the more commonly used format: draft-gregorio-NN.html. Renamed all references - to URL to URI. Broke out introspection into it's own section. Added + to URL to URI. Broke out introspection into its own section. Added the Revision History section. Added more to the warning that the example URIs are not normative. Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has