Network Working Group                                   J. Gregorio, Ed.
Internet-Draft                                           BitWorking, Inc
Expires: April 14, 30, 2006                                  B. de hOra, Ed.
                                                           Propylon Ltd.
                                                        October 11, 27, 2005

                      The Atom Publishing Protocol
                   draft-ietf-atompub-protocol-05.txt
                   draft-ietf-atompub-protocol-06.txt

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on April 14, 30, 2006.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This memo presents a protocol for using XML (Extensible Markup
   Language) and HTTP (HyperText Transport Protocol) to edit content.

   The Atom Publishing Protocol (APP) is an application-level protocol
   for publishing and editing Web resources.  The protocol at its core is the based on
   HTTP transport of Atom-formatted representations.  The Atom format is
   documented in the Atom Syndication Format
   (draft-ietf-atompub-format-11.txt).

Editorial Note
   To provide feedback on this Internet-Draft, join the atom-protocol
   mailing list (http://www.imc.org/atom-protocol/index.html) [1].

Table of Contents

   1.   Introduction . . . . . . . . . . . . . . . . . . . . . . . .   4
   2.   XML Namespace and Language   Notational Conventions . . . . . . . . . . . . . . . . . . .   5
   3.   Notational Conventions   Terminology  . . . . . . . . . . . . . . . . . . . . . . . .   6
   4.   Terminology  .   Protocol Model . . . . . . . . . . . . . . . . . . . . . . .   7
   5.   The Atom Publishing   Protocol Model Operations  . . . . . . . . . . . . .   8
     5.1  Collections . . . . . . .   8
     5.1  Retrieving an Introspection Document . . . . . . . . . . .   8
     5.2  Creating a Resource  . . . . .   8
     5.2  Editable Resources . . . . . . . . . . . . . .   8
     5.3  Editing a Resource . . . . . .   9
       5.2.1  Read . . . . . . . . . . . . . .   8
       5.3.1  Retrieving a Resource  . . . . . . . . . . .  10
       5.2.2  Update . . . . .   9
       5.3.2  Updating a Resource  . . . . . . . . . . . . . . . . .   9
       5.3.3  Deleting a Resource  . .  10
       5.2.3  Delete . . . . . . . . . . . . . . .   9
     5.4  Listing Collections  . . . . . . . . .  10
     5.3  Capabilities Discovery . . . . . . . . . .  10
     5.5  Success and Failure  . . . . . . . .  11
     5.4  Listing . . . . . . . . . . .  10
   6.   XML-related Conventions  . . . . . . . . . . . . . .  11
     5.5  Success and Failure . . . .  11
     6.1  Referring to Information Items . . . . . . . . . . . . . .  11
     6.2  XML Namespace Usage  .  12
   6.   Atom Publishing Protocol Documents . . . . . . . . . . . . .  13
     6.1  Use of xml:base xml:lang . . . . .  11
     6.3  RELAX NG Schema  . . . . . . . . . . . . .  13
     6.2  Collection Documents . . . . . . . .  11
     6.4  Use of xml:base and xml:lang . . . . . . . . . . .  14
       6.2.1  Element Definitions . . . .  11
   7.   Introspection Documents  . . . . . . . . . . . . .  14
     6.3  Introspection Documents . . . . .  13
     7.1  Introduction . . . . . . . . . . . .  16
       6.3.1  Element Definitions . . . . . . . . . . .  13
     7.2  Example  . . . . . .  17
   7.   Introspection Resource . . . . . . . . . . . . . . . . . . .  20
     7.1  Discovery  13
     7.3  Element Definitions  . . . . . . . . . . . . . . . . . . .  14
       7.3.1  The 'app:service' Element  . . . . .  20
   8.   Collection Resources . . . . . . . . .  14
       7.3.2  The 'app:workspace' Element  . . . . . . . . . . .  21
     8.1  GET . .  14
       7.3.3  The 'app:collection' Element . . . . . . . . . . . . .  15
       7.3.4  The 'app:member-type' Element  . . . . . . . . . . . .  21
     8.2  POST  15
       7.3.5  The 'app:list-template' Element  . . . . . . . . . . .  16
   8.   Collections  . . . . . . . . . . . . . . . .  21
     8.3  Title: Header . . . . . . . .  18
     8.1  Creating resources with POST . . . . . . . . . . . . . .  22
   9.   Entry Collections .  18
       8.1.1  Title: Header  . . . . . . . . . . . . . . . . . . . .  23
     9.1  Editing  18
     8.2  Entry Resources Collections  . . . . . . . . . . . . . . . . .  23
     9.2 . . .  19
       8.2.1  Role of Atom Entry Elements During Editing . . . . . . . .  23
   10.  Generic  19
     8.3  Media Collections  . . . . . . . . . . . . . . . . . . . .  25
     10.1  20
       8.3.1  Editing Generic Media Resources  . . . . . . . . . . . . . . .  25
     10.2   Title: Header  20
   9.   Listing Collections  . . . . . . . . . . . . . . . . . . . .  21
   10.  Atom Entry Extensions  .  25
   11.  List Resources . . . . . . . . . . . . . . . . . .  23
     10.1   The 'edit' Link Relation . . . . .  26
     11.1   URI Templates . . . . . . . . . . .  23
     10.2   Publishing Control . . . . . . . . . .  26
     11.2   URI Template Parameters . . . . . . . . .  23
       10.2.1   The app:draft Element  . . . . . . .  27
       11.2.1   \{index\} URI template variable  . . . . . . . . . .  27
       11.2.2   \{daterange\} URI template variable  . . . . . . . .  27
       11.2.3   Other URI Template parameters . . . .  24
   11.  Example  . . . . . . .  28
   12.  Atom Entry Extensions . . . . . . . . . . . . . . . . . . .  29
   13.  25
   12.  Securing the Atom Protocol . . . . . . . . . . . . . . . . .  30
   14.  27
   13.  Security Considerations  . . . . . . . . . . . . . . . . . .  31
   15.  28
   14.  IANA Considerations  . . . . . . . . . . . . . . . . . . . .  32
   16.  29
   15.  References . . . . . . . . . . . . . . . . . . . . . . . . .  35
     16.1  31
     15.1   Normative References . . . . . . . . . . . . . . . . . .  35
     16.2  31
     15.2   Informative References . . . . . . . . . . . . . . . . .  36  32
        Authors' Addresses . . . . . . . . . . . . . . . . . . . . .  37  33
   A.   Contributors . . . . . . . . . . . . . . . . . . . . . . . .  38  34
   B.   RELAX NG Compact Schema  . . . . . . . . . . . . . . . . . .  35
   C.   Revision History . . . . . . . . . . . . . . . . . . . . . .  39  38
        Intellectual Property and Copyright Statements . . . . . . .  41  40

1.  Introduction

   The Atom Publishing Protocol is an application-level protocol for
   publishing and editing Web resources using HTTP [RFC2616] and XML 1.0
   [W3C.REC-xml-20040204].

2.  XML Namespace and Language

   The XML Namespaces URI [W3C.REC-xml-names-19990114] for the XML data
   format described in this specification is: http://purl.org/atom/app#

   XML elements defined by this specification MAY have an xml:lang
   attribute, whose content indicates the natural language for the
   element (and its descendents).  The language context is only
   significant for elements and attributes declared to be "Language-
   Sensitive" by this specification.  Requirements regarding protocol supports the content creation of
   arbitrary web resources and interpretation provides facilities for:

   o  Collections: Sets of xml:lang are specified resources, which may be retrieved in [W3C.REC-xml-
   20040204], Section 2.12.

3. whole or
      in part.

   o  Introspection: Discovering and describing collections.

   o  Editing: Creating, updating and deleting resources.

2.  Notational Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

   Some sections of this specification are illustrated with fragments

   Note: The Introspection Document allows the use of IRIs [RFC3987], as
   well as URIs [RFC3986].  Every URI is an IRI, so any URI can be used
   where an IRI is needed.  How to map an IRI to a non-normative RELAX NG Compact schema [RNC].  However, the text URI is specified in
   Section 3.1 of Internationalized Resource Identifiers (IRIs)
   [RFC3987].

3.  Terminology

   For convenience, this specification provides the definition protocol may be referred to as "Atom Protocol"
   or "APP".

   The phrase "the IRI of conformance.

   This a document" in this specification uses the namespace prefix "app:" for the Namespace
   URI identified in Section 2 above.  It uses the namespace prefix
   "atom:" is shorthand
   for the Namespace URI identified in [AtomFormat].  Note that
   choices of namespace prefix are arbitrary and not semantically
   significant.

4.  Terminology

   For convenience, this protocol may be referred "an IRI which, when dereferenced, is expected to produce that
   document as "Atom Protocol"
   or "APP".  This specification uses both internally. a representation".

   URI/IRI - A Uniform Resource Identifier and Internationalized
   Resource Identifier, respectively.  These terms (and the distinction
   between them) are defined in [RFC3986] and [RFC3987].

   Resource

   resource -  A network data object or service that can be identified
   by a URI, IRI, as defined in [RFC2616].

   Representation  See [W3C.REC-webarch-20041215]
   for further discussion on resources.

   representation -  An entity included with a request or response as
   defined in [RFC2616].

5.  The

   collection - A resource that contains a set of member IRIs, as
   described in Section 8 of this specification.

   member - A resource whose IRI is listed in a collection.

   IRI template - A parameterized string that becomes a IRI when the
   parameters are filled in.  See Section 9.

   introspection document - A document that describes the location and
   capabilities of one or more collections.  See Section 7

   client writable element - An element of an Atom Publishing Entry whose value is
   editable by the client and not enforced by the server.

   server-controlled element - An element of an Atom Entry whose value
   is enforced by the server and not editable by the client.

4.  Protocol Model

   The Atom Publishing Protocol is a subset of uses HTTP that is used to edit resources on the web.  The APP operates on
   It provides a list based mechanism for managing collections of Web
   editable resources called member resources.  Collections are HTTP resources, as are the members of contain the
   collection.  Both Collections
   IRIs and collection metadata describing member resources support
   the same basic interactions. resources.  The patterns of interaction are based
   on the common APP uses these
   HTTP verbs. verbs:

   o  GET is used to retrieve a representation of a resource or perform
      a read-only query.

   o  POST is used to create a new, dynamically-named resource, or to
      provide a block of data to a data-handling process. resource.

   o  PUT is used to update a known resource.

   o  DELETE is used to remove a resource.

5.1  Collections

   The

   This diagram shows the APP groups resources into "Collections", which are analogous to
   folders or directories found in a file system.  In the figure we have
   member resources in a collection.

          +-------------------------+ model:

    +---------------+
    | Introspection |   +------------+
    |               |-->| Collection |
    +---------------+   |            |
                        |  +----------------+            |   +--------+
                        |            |-->| Member | Member_A
                        |            |   +--------+
                        |  +----------------+            |
                        |            |      .
                        |  +----------------+            |      .
                        |            | Member_B      .
                        |            |
                        |  +----------------+            |   +--------+
                        |            |-->| Member |
                        |  +----------------+            |   +--------+
                        |            | Member_C
                        +------------+

   The introspection document contains the IRIs of one or more
   collections.  A collection contains IRIs and metadata describing
   member resources.  The protocol allows editing of resources with
   representations of any media-type.  Some types of collections are
   specialized and restrict the resource representations of their
   members.

5.  Protocol Operations

5.1  Retrieving an Introspection Document

   Client                                   Server
     |                                           |
     |  +----------------+  1.) GET to IRI of Introspection Document |
     |------------------------------------------>|
     |                                           |
     |  ...  2.) Introspection Document               |
     |<------------------------------------------|
     |                                           |

   1.  The client sends a GET request to the IRI of the introspection
       document.

   2.  The server responds with the introspection document which
       enumerates the IRIs of all the collections, and the capabilities
       of those collections, that the service supports.

5.2  Creating a Resource

   Client                                   Server
     |  +----------------+                                           |
     |  1.) POST to IRI of Collection            | Member_Oldest
     |------------------------------------------>|
     |                                           |
     |  +----------------+  2.) 201 Created                          |
     |<------------------------------------------|
     |                                           |
          +-------------------------+
   To add a new member to

   1.  The client POSTs a collection an appropriate representation is
   POSTed to the URI of the collection resource.  Here we show it being
   added to the beginnng of the list.  The ordering IRI of the members of
   collections is in terms of collection.

   2.  If the time at which each member resource was last
   updated, which includes created successfully the server
       responds with a status code of 201 and a Location: header that
       contains the act IRI of creating the newly created member resource.  The
   ordering of collection members

5.3  Editing a Resource

   Once a resource has been created and its IRI is covered in more detail in Section 8 known, that IRI may
   be used to retrieve, update, and Section 11.

          +-------------------------+ delete it.

5.3.1  Retrieving a Resource

   Client                                   Server
     | Collection                                           |
     |  1.) GET to Member IRI                    |
    POST
     |------------------------------------------>|
     |  +----------------+                                           |
   --------->| Member_New
     |  2.) Member Representation                |
          |  +----------------+     |
          |                         |
          |  +----------------+     |
          |  | Member_A       |     |
          |  +----------------+     |
          |                         |
          |  +----------------+     |
          |  | Member_B       |     |
          |  +----------------+     |
          |                         |
          |  +----------------+     |
          |  | Member_C       |     |
          |  +----------------+     |
          |                         |
          |  ...                    |
          |                         |
          |  +----------------+     |
          |  | Member_Oldest  |     |
          |  +----------------+     |
          |                         |
          +-------------------------+

   You'll note that up until now we haven't said what kinds of
   representations we are expecting at each of the resources.  There are
   two kinds of collections, Entry and Generic.  In Entry Collections
   all the members MUST have representations as Atom Entries.  For
   further restrictions on Entry Collection see Section 9 The other type
   of collection is a Generic Collection.  Generic Collections make no
   restriction on the representations of their member resources.

5.2  Editable Resources

   All the members of a collection are Editable Resources.  An Editable
   resource is a resource whose available HTTP methods can be used to
   retrieve, update and delete it.

5.2.1  Read

   To retrieve a representation of the resource, you send a GET to the
   URI of the Editable Resource.  Remember that for members of Entry
   Collections, the served representation will be an Atom Entry.

   Client                                   Server
     |                                           |
     |  1.) GET to Editable Resource URI         |
     |------------------------------------------>|
     |                                           |
     |  2.) 200 OK                               |
     |<------------------------------------------|
     |<------------------------------------------|
     |                                           |

   1.  The client sends a GET request to the member's URI. IRI to retrieve
       its representation .

   2.  The server responds with the representation of the resource.

5.2.2  Update

   To update an Editable

5.3.2  Updating a Resource the client will PUT an updated
   representation to the URI of the resource.

   Client                                     Server
     |                                           |
     |  1.) PUT to Editable Resource URI Member IRI                    |
     |------------------------------------------>|
     |                                           |
     |  2.) 200 OK                               |
     |<------------------------------------------|

   1.  The client PUTs an updated representation to the member's URI. IRI.

   2.  The  Upon a successful update of the resource the server MAY respond responds with an updated representation
       a status code of the
       member's new state.

5.2.3  Delete

   An Editable 200.

5.3.3  Deleting a Resource is deleted by sending it DELETE.  Note that this
   also removes it from all the collections that it belonged to.

   Client                                     Server
     |                                           |
     |  1.) DELETE to Editable Member Resource URI IRI        |
     |------------------------------------------>|
     |                                           |
     |  2.) 200 Ok                               |
     |<------------------------------------------|
     |                                           |

   1.  The client sends a DELETE request to the member's URI. IRI.

   2.  The server responds with successful status code.

5.3  Capabilities Discovery

   Each collection resource responds to GET and can return a Collection
   Document as it's representation.  The Collection Document enumerates  Upon the capabilities successful deletion of each collection and the format is described in
   Section 6.2.

   Client                         Server
     |                                |
     |  1.) GET to Collection         |
     |------------------------------->|
     |                                |
     |  2.) Collection Document       |
     |<-------------------------------|
     |                                |

   1.  The client sends a GET request to resource the Collection Resource.

   2.  The server responds
       with a Collection Document containing a
       description of the capabilities of the collection.  The content
       of this document can vary based on aspects status code of the client request,
       including, but not limited to, authentication credentials.

5.4  Listing

   Clients can request 200.

   Note: deleting a listing of member also removes it from all the Collection's membership. collections to
   which it belongs.

5.4  Listing Collections

   To enumerate the Editable Resources that are members of a collection is
   done using one of the List Resources client sends a GET to
   its IRI.  This IRI is constructed from information in the Introspection Document,
   utilizing the 'app:uri-template' element.  The List Resource returns
   introspection document.  An Atom Feed Documents Document is returned with one
   Atom Entry for each member resource that
   match matches the selection criteria.  This is true whether the collection is
   an Entry Collection or a Generic Collection.  If an Entry Collection
   is being interrogated, the entries returned by a list resource SHOULD
   NOT to be considered complete representations of
   criteria in the member
   resources. IRI.  See Section 11 9 and Section 12 10 for more details on the
   extensions and constraints found on a  description
   of the entries returned from List
   Resources. feed contents.

   Client                          Server
     |                                |
     |  1.) GET to List Resource IRI           |
     |------------------------------->|
     |                                |
     |  2.) 200 OK, Atom Feed Doc     |
     |<-------------------------------|
     |                                |

   1.  The client sends a GET request to the Collection's URI. membership list IRI.

   2.  The server responds with an Atom Feed Document containing a full
       or partial listing the
       IRIs of all the collection members that match the Collection's membership. selection
       criteria.

5.5  Success and Failure

   HTTP defines different classes of response, which are used by the

   The Atom Protocol. Protocol uses HTTP status codes to signal the results of
   protocol operations.  Status codes of the form 2xx signal that a
   request was successful.  HTTP status codes of the form 4xx or 5xx
   signal that an error has occurred, and the request has failed. occurred.  Consult the HTTP specification
   [RFC2616] for more detailed the definitions of each HTTP status code. codes.

6.  Atom Publishing Protocol Documents

   This specification describes two kinds of Atom Publishing Protocol
   Documents: Atom Collections Documents and Atom Introspection
   Documents.

   An Atom Collection Document is a representation of an Atom
   collection, including metadata about the collection, and some or all
   of the members associated with it.  Its root is the app:collection
   element.

   An Atom Introspection Document represents one or more workspaces,
   which describe server-defined groupings of collections.  Its root  XML-related Conventions

   The data format in this specification is
   the app:service element.

   namespace app = "..." start = appCollection | appIntrospection

   Both kinds of Atom Publishing Protocol Documents are specified in terms of the
   XML Information Set, serialised as XML 1.0 ([W3C.REC-
   xml-20040204]). [W3C.REC-xml-20040204].
   Atom Publishing Protocol Documents MUST be well-
   formed well-formed XML.  This
   specification does not define a DTD any DTDs for Atom Protocol, and hence
   does not require them to be valid (in the sense used by XML).

   Atom Collection Documents are identified with the "application/
   atomcoll+xml" media type.

   Atom Introspection Documents are identified with the "application/
   atomserv+xml" media type.

   Atom allows the use of IRIs [RFC3987], as well as URIs [RFC3986].
   Every URI is an IRI, so any URI can be used where an IRI is needed.
   While IRIs must, for many protocols, be mapped to URIs prior

6.1  Referring to
   dereferencing, they MUST NOT be so mapped Information Items

   This specification uses a shorthand for comparison two common terms: the phrase
   "Information Item" is omitted when used in
   atom:id.  Section 3.1 of [RFC3987] describes how to map an IRI to a
   URI naming Element Information Items
   and Attribute Information Items.  Therefore, when necessary.

6.1  Use of xml:base xml:lang

   Any element defined by this specification MAY have an xml:base
   attribute [W3C.REC-xmlbase-20010627].  When xml:base
   uses the term "element," it is used in referring to an
   Atom Publishing Protocol Document, it serves the function described Element Information
   Item in section 5.1.1 of [RFC3986], establishing Infoset terms.  Likewise, when it uses the base term "attribute,"
   it is referring to an Attribute Information Item.

6.2  XML Namespace Usage

   The Namespace URI (or IRI) [W3C.REC-xml-names-19990114] for
   resolving any relative references found within the effective scope of the xml:base attribute.

   Any element defined by data format
   described in this specification is:

   http://purl.org/atom/app#

   This specification uses the prefix "app:" for the Namespace URI.  The
   choice of namespace prefix is not semantically significant.

   This specification also uses the prefix "atom:" for the Namespace URI
   identified in [AtomFormat].

6.3  RELAX NG Schema

   Some sections of this specification are illustrated with fragments of
   a non-normative RELAX NG Compact schema [RNC].  However, the text of
   this specification provides the definition of conformance.  A
   complete schema appears in Appendix B.

6.4  Use of xml:base and xml:lang

   XML elements defined by this specification MAY have an xml:base
   attribute [W3C.REC-xmlbase-20010627].  When xml:base is used, it
   serves the function described in section 5.1.1 of [RFC3986],
   establishing the base URI (or IRI) for resolving any relative
   references found within the effective scope of the xml:base
   attribute.

   Any element defined by this specification MAY have an xml:lang
   attribute, whose content indicates the natural language for the
   element and its descendents.  The language context is only
   significant for elements and attributes declared to be "Language-
   Sensitive" by this specification.  Requirements regarding the content
   and interpretation of xml:lang are specified in Section 2.12 of XML
   1.0 ([W3C.REC-
   xml-20040204]), Section 2.12. [W3C.REC-xml-20040204], .
   appCommonAttributes =
      attribute xml:base { atomUri }?,
      attribute xml:lang { atomLanguageTag }?,
      undefinedAttribute*

6.2  Collection

7.  Introspection Documents

   The Collection Document describes the capabilities of

7.1  Introduction

   For authoring to commence, a Collection, client needs to first discover the types
   capabilities and locations of Entries that it will support, the URI Templates it
   supports.

   The Collection collections offered.  This is done
   using Introspection Documents.  An Introspection Document has the media-type 'application/atomcoll+xml'
   (see Section 15).

   Here's an example document: describes
   workspaces, which are server-defined groupings of collections.

7.2  Example

   <?xml version="1.0" encoding='utf-8'?>
   <app:collection xmlns:app="http://purl.org/atom/app#">
     <app:member-type>entry</pub:member-type>
     <app:uri-template>http://example.org/{index}</pub:uri-template>
     <app:uri-template>http://example.org/{daterange}</pub:uri-template>
   </app:collection>
   <service xmlns="http://purl.org/atom/app#">
     <workspace title="Main Site" >
       <collection
         title="My Blog Entries"
         href="http://example.org/reilly/main" >
         <member-type>entry</member-type>
         <list-template>http://example.org/{index}</list-template>
       </collection>
       <collection
         title="Pictures"
         href="http://example.org/reilly/pic" >
         <member-type>media</member-type>
         <list-template>http://example.org/p/{index}</list-template>
       </collection>
     </workspace>
     <workspace title="Side Bar Blog">
       <collection title="Remaindered Links"
         href="http://example.org/reilly/list" >
         <member-type>entry</member-type>
         <list-template>http://example.org/l/{index}</list-template>
       </collection>
     </workspace>
   </service>

   This example says the Collection contains Atom Entry documents, and
   that there are Introspection Document describes two means of selecting entries using what are workspaces.  The first,
   called
   'URI Templates'; one based on the collection's order, 'Main Site', has two collections called 'My Blog Entries' and another
   based on dates.  See Section 11.1 for more about URI Templates.

6.2.1  Element Definitions

6.2.1.1  The 'app:collection' Element

   The app:collection is the document element of
   'Pictures' whose IRIs are 'http://example.org/reilly/main' and
   'http://example.org/reilly/pic' respectively.  'My Blog Entries' is
   an Entry collection and 'Pictures' is a Collection Document.

   appCollection Media collection.  Entry and
   Media collections are discussed in Section 7.3.4.

   The second workspace is called 'Side Bar Blog' and has a single
   collection called 'Remaindered Links' whose collection IRI is
   'http://example.org/reilly/list'.  'Remaindered Links' is an Entry
   collection.

   Introspection documents are identified with the "application/
   atomserv+xml" media type (see Section 14).

   While an introspection document allows multiple workspaces, there is
   no requirement that a service support multiple workspaces.  In
   addition, a collection MAY appear in more than one workspace.

7.3  Element Definitions

7.3.1  The 'app:service' Element

   The root of an introspection document is the app:service element.
   namespace app = "http://purl.org/atom/app#"
   start = appService

   The "app:service" element app:collection is the container for introspection
   information associated with one or more workspaces.  An app:service
   element MUST contain one or more app:workspace elements.

   appService =
      element app:service {
         appCommonAttributes,
         ( appMemberType+
           appSearchTemplate appWorkspace+
           & anyElement* extensionElement* )
      }

   This specification defines two child elements for app:collection:

   o  app:member-type: any number of elements listing the types of
      Entries that the Collection may contain.

   o  app:uri-template: any number of URI Templates for a List Resource
      (See Section 11).

6.2.1.2

7.3.2  The 'app:member-type' 'app:workspace' Element

   The app:member-type 'app:workspace' element contains information elements about the
   types
   collections of Entries that the Collection may contain.

   appMember resources available for editing.  The app:workspace
   element MUST contain one or more app:collection elements.

   appWorkspace =
      element app:member-type app:workspace {
         appCommonAttributes,
            appTypeValue
         attribute title { text },
         ( appCollection+
           & extensionElement* )
      }

7.3.2.1  The 'title' Attribute

   The app:workspace element content of an app:member-type MUST be a string that is
   non-empty, and matches either the "isegment-nz-nc" or the "IRI"
   production in [RFC3987].  Note that use of contain a relative reference other
   than 'title' attribute, which
   conveys a simple human-readable name for the workspace.  This attribute is not allowed.  If a
   Language-Sensitive.

7.3.3  The 'app:collection' Element

   The app:collection contains information elements that describe the
   location and capabilities of a collection.

   appCollection =
      element app:collection {
         appCommonAttributes,
         attribute title { text },
         attribute href { text },
         ( appMemberType
           & appListTemplate
           & extensionElement* )
      }

7.3.3.1  The 'title' Attribute

   The app:collection element MUST contain a 'title' attribute, whose
   value conveys a human-readable name for the collection.  This
   attribute is given,
   implementations Language-Sensitive.

7.3.3.2  The 'href' Attribute

   The app:collection element MUST consider the link relation type to be equivalent
   to the same name registered within contain an 'href' attribute, whose
   value conveys the IANA Registry IRI of Member Types
   (Section 15), and thus the IRI collection.

   This specification defines two child elements for app:collection:

   o  app:member-type: a single element that would be obtained by appending contains the value type of
      members that the rel attribute to the string
   "http://www.iana.org/assignments/entrytype/".

   The content collection can contain.

   o  app:list-template: a single element that contains a IRI template
      of an a membership list.  (See Section 9).

7.3.4  The 'app:member-type' Element

   The app:collection element MUST contain one 'app:member-type'
   element.  The app:member-type element value specifies constraints on the
   Entries types of
   members that may can appear in the Collection.  The app:collection collection.

   appMemberType =
      element MAY have multiple app:member-type elements. {
            appCommonAttributes,
            ( appTypeValue )
      }

   appTypeValue = "entry" | "media"

   An Entry POSTed to a Collection collection MUST meet the constraints of at least one of the app:
   member-type constraints.  It MAY meet more than one, but the minimum
   requirement is at least one. element.

   This specification defines two initial values for the app:member-type
   IANA registry:

   o  "entry" - The Collection is collection contains only member resources whose
      representation MUST be an Entry Collection as defined Atom Entry.  Further constraints on the
      representations of members in
      Section 9.

   o  "generic" - The Collection is a Generic Collection as defined collection of type "entry" are
      listed in Section 10.

6.2.1.3  The 'app:uri-template' Element 8.2.

   o  "media" - The element content of an app:uri-template is a URI Template for a
   List Resource (See Section 11).  Every List resource, whose URI is
   determined by filling in the parameters in a URI Template, MUST
   return an Atom feed document as its representation.  This Atom feed
   document MUST NOT contain entries which do not match the selection
   criteria.

6.3  Introspection Documents

   In order for authoring to commence, a client must first discover the
   capabilities and locations of collections offered.

   The Introspection Document describes "workspaces", which are server-
   defined groupings of collections.  There is no requirement that
   servers support multiple workspaces, and a collection may appear in
   more than one workspace.

   The Introspection Document has the media-type 'application/
   atomserv+xml', see Section 15

   Here's an example document:

   <?xml version="1.0" encoding='utf-8'?>
   <app:service xmlns:app="http://purl.org/atom/app#">
     <app:workspace title="Main Site" >
         <app:collection contents="entries"
             title="My Blog Entries"
             href="http://example.org/reilly/feed" />
         <app:collection contents="generic"
             title="Documents"
             href="http://example.org/reilly/pic" />
     </app:workspace>
     <app:workspace title="Side Bar Blog">
         <app:collection contents="entries" title="Entries"
             href="http://example.org/reilly/feed" />
         <app:collection contents="http://example.net/booklist"
             title="Books"
             href="http://example.org/reilly/books" />
     </app:workspace>
   </app:service>

   This example says there are two workspaces, each consisting of two
   collections.  The first workspace is called 'Mail', and has two
   collections, called 'My Blog Entries' and 'Documents' whose locations
   are 'http://example.org/reilly/feed' and
   'http://example.org/reilly/pic'.  'My Blog Entries' contains Atom
   Entries and 'Documents' contains Generic Entries.  The second
   workspace is called 'Side Bar Blog' and also has two collections,
   called 'Entries' and 'Books' whose locations are
   'http://example.org/reilly/feed' and
   'http://example.org/reilly/booklist'.  'Entries' contains Atom
   Entries and 'Books' contains Generic Entries (since its contents
   attribute is not present you MUST assume it is a Generic Collection).

6.3.1  Element Definitions

6.3.1.1  The 'app:service' Element

   The "app:service" element is the document element of a Introspection
   Document, acting as a container for service data associated with one
   or more workspaces.  An app:service elements MAY contain any number
   of app:workspace elements.

   appService =
      element app:service {
         appCommonAttributes,
         ( appWorkspace*
           & anyElement* )
      }

6.3.1.2  The 'app:workspace' Element

   The 'workspace' element contains information elements about the
   collections of resources available for editing.  The app:workspace
   elements MAY contain any number of app:collection elements.

   appWorkspace =
      element app:workspace {
         appCommonAttributes,
         attribute title { text },
         ( appCollection*
           & anyElement* )
      }

6.3.1.2.1  The 'title' Attribute

   The app:workspace element MUST contain a 'title' attribute, which
   conveys a human-readable name for the workspace.  This attribute is
   Language-Sensitive.

6.3.1.3  The 'app:collection' Element

   The 'app:collection' element describes collections and their collection contains member
   resources.

   appCollection =
      element app:collection {
         appCommonAttributes,
         attribute title { text },
         attribute href { text },
         attribute contents { text },
         anyElement*
      }

6.3.1.3.1  The 'title' Attribute

   The app:collection element MUST contain a 'title' attribute, whose
   value conveys a human-readable name for the workspace.  This
   attribute is Language-Sensitive.

6.3.1.3.2  The 'href' Attribute

   The app:collection element MUST contain an 'href' attribute, resources whose
   value conveys the IRI of the collection.

6.3.1.3.3  The 'contents' Attribute

   The app:collection element MAY contain a 'contents' attribute.  The
   'contents' attribute conveys the nature of a collection's member
   resources.  This specification defines two initial values for the
   'contents' attribute:

   o  'entry': A value
      representation can be of 'entry' for the contents attribute indicates
      that any media type.  Additional constraints
      are listed in Section 8.3.

   In general the Collection is an Entry Collection (Section 9).

   o  'generic': A value of 'generic' for the contents attribute
      indicates that the Collection is a Generic Collection
      (Section 10).

   If the attribute is not present, its value app:member-type MUST be considered to be
   'generic'.

7.  Introspection Resource

   To retrieve an Introspection Document, the client sends a GET request
   to its URI.

   GET /service-desc HTTP/1.1
   Host: example.org
   User-Agent: Cosimo/1.0
   Accept: application/atomserv+xml

   The server responds to a GET request by returning an Introspection
   Document in the message body.

   HTTP/1.1 200 OK
   Date: Mon, 21 Mar 2005 19:20:19 GMT
   Server: CountBasic/2.0
   Last-Modified: Mon, 21 Mar 2005 19:17:26 GMT
   ETag: "4c083-268-423f1dc6"
   Content-Length: nnnn
   Content-Type: application/atomserv+xml

   <?xml version="1.0" encoding='utf-8'?>
   <app:service xmlns:app="http://purl.org/atom/app#">
       ...
   </app:service>

7.1  Discovery

   [[anchor18: Add in desc of an HTML link element string that points to is non-
   empty, and matches either the
   Introspection Resource, "isegment-nz-nc" or add it to the autodisco draft]]

8.  Collection Resources

   An Atom Collection is a set of related resources.  All members "IRI"
   production in [RFC3987].  Note that use of a
   collection have an "app:updated" property, and the Collection relative reference other
   than a simple name is
   considered not allowed.  If a name is given,
   implementations MUST consider the link relation type to be ordered by this property.

   This specification defines two HTTP methods for use with collection
   resources: GET and POST.

8.1  GET

   A GET equivalent
   to a Collection Resource returns a Collection Document,
   outlining the Collection.  Collection Documents are described in same name registered within the IANA Registry of Link
   Relations Section 6.2.

8.2  POST

   In addition 14, and thus the IRI that would be obtained by
   appending the value of the rel attribute to GET, the string
   "http://www.iana.org/assignments/member-type/".

7.3.5  The 'app:list-template' Element

   The app:collection element MUST contain one 'app:list-template'
   elements.  The element content of app:list-template is an IRI
   template (Section 9) for a Collection Resource also collection.

   appListTemplate =
      element app:list-template {
            appCommonAttributes,
            ( appUriTemplate )
      }

   appUriTemplate = xsd:string { pattern = ".+\{.+\}.*" }

8.  Collections

8.1  Creating resources with POST

   Every collection accepts POST requests.
   The requests to create resources - the
   client POSTs a representation of the desired resource to the
   Collection Resource.  Note that some collections may IRI of
   the collection.  Collections MAY impose constraints on the media-types media-
   types that are created in a Collection collection and MAY generate a response
   with a status code of 415 ("Unsupported Media Type").

   In the case of a successful creation, the

   The status code returned for a successful creation POST MUST be 201
   ("Created").

   Every

   A successful creation POST MUST return a Location: header with the
   URI of the newly created resource.

   Here's an example.

   Clients MAY POST invalid Atom for initial resource creation -
   specifically the id and link elements MAY be omitted.

   Below, the client requests to create a resource in a Collection: collection:

   POST /edit HTTP/1.1
   Host: example.org
   User-Agent: Cosimo/1.0
   Accept: application/atom+xml Thingio/1.0
   Content-Type: application/atom+xml
   Content-Length: 601

   <atom:entry xmlns:atom="http://www.w3.org/2005/Atom">
     <atom:title>Mars Attacks!</atom:title>
     <atom:summary type="html">
       Why cant we all just... get along?
     </atom:summary>
     <atom:author>
       <atom:name>The President</atom:name>
       <atom:uri>http://www.example.org/blog</atom:uri>
     </atom:author>
     <atom:content type="html" xml:lang="en"
         xml:base="http://www.example.org/blog/">
       <p>
       Why can't we...work out our differences?
       Why can't we...work things out?
       Little people...why can't we all just...get along?
       </p>
     </atom:content>
   </atom:entry> nnn

   <entry xmlns="http://www.w3.org/2005/Atom">
       <title>Atom-Powered Robots Run Amok</title>
       <updated>2003-12-13T18:30:02Z</updated>
       <summary>Some text.</summary>
   </entry>
    The resource is created by sending an Atom Entry as the entity body.

   Assuming the server created the resource successfully, it sends back

   Successful creation is indicated by a 201 Created created response with and
   includes a Location: header that contains the IRI
   of the newly created member as an Editable Resource. header.

   HTTP/1.1 201 Created
   Date: Fri, 7 Oct 2005 17:17:11 GMT
   Content-Length: 663
   Content-Type: application/atom+xml; charset="utf-8" 0
   Location: http://example.org/edit/first-post.atom

8.3

8.1.1  Title: Header

   The POST to a Collection Resource collection  MAY contain a Title: header that indicates
   the clients client's suggested name title for the resource.  The server MAY ignore
   the Title: header or modify the requested name to suit
   local conventions. title.

   Title = "Title" ":" [text]

9.

   The syntax of this header MUST conform to the augmented BNF grammar
   in section 2.1 of the HTTP/1.1 specification [RFC2616].

8.2  Entry Collections

   Entry Collections are Collections collections that restrict their membership to
   Atom entries.

9.1  Editing Entry Resources

   Atom entries Entries.  They are edited identified by sending HTTP requests to having an individual
   entry's URI.  Servers can determine the processing necessary to
   interpret app:member-type of
   "entry".  Every member representation MUST contain an atom:link
   element with a request by examining relation of rel="edit" that contains the request's HTTP method and
   'Content-Type' header.

   Processing Client Requests

             +-----------+------+--------+--------+------+
             |           |  GET |   PUT  | DELETE | POST |
             +-----------+------+--------+--------+------+
             |   No Body | Read |    x   | Delete |   x  |
             |           |      |        |        |      |
             | Atom Body |   x  | Update |    x   |   x  |
             +-----------+------+--------+--------+------+

9.2 IRI of the
   member resource.  Member representations MAY contain an app:control
   element (Section 10.2).

8.2.1  Role of Atom Entry Elements During Editing

   The elements of an Atom Entry Document are either a 'Writable
   Element' client writable
   or a 'Round Trip Element'. server controlled.

   Client Writable Element - An element of an Atom Entry whose value is editable
   by the client.  Servers MAY modify the content of client and not enforced by writable
   elements.  Some reasons that a server may change client writable
   content include length limits, obscenity filters or the server.

   Round Trip Element addition of
   boilerplate text.

   Server Controlled - An element of an Atom Entry whose value is
   enforced by the server and not editable by the client.

   That categorization will determine  Clients
   SHOULD NOT change the elements' disposition during
   editing.

                  +--------------------+------------+ value of server controlled elements.  Servers
   MUST NOT rely on clients preserving the values of server controlled
   elements.

              +--------------------+--------------------+
              | Atom Entry Element |      Property      |
                  +--------------------+------------+
              +--------------------+--------------------+
              |     atom:author    |   Client Writable  |
              |                    |                    |
              |    atom:category   |   Client Writable  |
              |                    |                    |
              |    atom:content    |   Client Writable  |
              |                    |                    |
              |  atom:contributor  |   Client Writable  |
              |                    |                    |
              |       atom:id      | Round Trip  Server Controlled |
              |                    |                    |
              |      atom:link     |   Client Writable  |
              |                    |                    |
              |   atom:published   |   Client Writable  |
              |                    |                    |
              |     atom:source    |   Client Writable  |
              |                    |                    |
              |    atom:summary    |   Client Writable  |
              |                    |                    |
              |     atom:title     |   Client Writable  |
              |                    |                    |
              |    atom:updated    | Round Trip |
                  +--------------------+------------+

                                  Table 2

10.  Generic Collections

   Generic Collections are Collections that do not have uniform
   restrictions on the representations of the member resources.

10.1  Editing Generic Resources

   Member resources are edited by sending HTTP requests to an individual
   resource's URI.  Servers can determine the processing necessary to
   interpret a request by examining the request's HTTP method and
   'Content-Type' header.

   Processing Client Requests

              +----------+------+--------+--------+------+
              |          |  GET |   PUT  | DELETE | POST |
              +----------+------+--------+--------+------+
              |  No Body | Read |    x   | Delete |   x  |
              |          |      |        |        |  Server Controlled |
              | Any Body                    |   x                    | Update
              |    x     app:control    |   x   Client Writable  |
              +----------+------+--------+--------+------+
              +--------------------+--------------------+

                                  Table 1

8.3  Media Collections

   Media Collections are collections whose member representations are
   not constrained.  They are identified by having an app:member-type of
   "media".

8.3.1  Editing Media Resources

   When a List membership list resource returns an Atom Feed enumerating the
   contents of a Generic Media Collection, all the Entries MUST have an atom:content atom:
   content element with a 'src' attribute.

10.2  Title: Header

   The POST to a Generic Collection Resource MAY contain  When creating a Title: header
   that indicates the clients suggested title for the resource.  The
   server MAY ignore public,
   read-only reference to the Title: header or modify member resource, a client SHOULD use the requested title to
   suit local conventions.

   Title     = "Title" ":" [text]

11.  List Resources

   List resources
   "atom:content/@src" attribute value.

9.  Listing Collections

   Collections, as identified in an Introspection Document, are
   resources which are identified by URI templates
   indicating selection criteria.  They can be used where clients
   require fine control over that MUST provide representations in the range or size form of a server's response.
   A list resource MUST return an Atom feed document as its
   representation. Feed
   documents.  The entries in the returned document Feed MUST be ordered by their
   'atom:updated' property, with the most recently updated entries
   coming first in the document order.  Every entry in the Feed Document
   MUST have an atom:link element with a relation of "edit" (See
   Section 10.1).  Clients MUST NOT assume that the entry an Atom Entry returned
   in the feed Feed is a full representation of a member resource.  If  The value
   of atom:updated is only changed when the entry change to a member resource
   is an Editable Resource then considered significant.  Insignificant changes do not result in
   changes to the
   client should atom:updated value and thus do not change the position
   of the corresponding entry in a membership list.  Clients SHOULD be
   constructed with this in mind and SHOULD perform a GET on the member
   resource before editing.

   note:

   Collections can contain extremely large numbers of resources.  A
   naive client such as a web spider or web browser would be overwhelmed
   if the response to a GET contained every entry in the feed, and the
   server would waste large amounts of bandwidth and processing time on
   clients unable to handle the response.

   For this reason, Introspection documents refer to collections not
   with IRIs but with IRI Templates, contained in this section some URIs carry across onto the next line; this
   is indicated by a '\'

11.1  URI Templates

   URI Templates are a mechanism for declaring criteria against a list
   resource.  By itself a URI "app:member-type"
   child of "app:collection".  An IRI Template is not a valid URI.  Instead
   there are multiple parameters embedded in string containing
   the URI and distinguished
   by closing braces which embedded token "{index}".

   To produce an IRI that can be populated and used as selection
   criteria.  The value to retrieve part or all of each app:uri-template element in the
   collection, software replaces the "{index}" with a Collection
   document is pair of positive
   integer indices separated by a URI Template.

   Each URI dash character.  An IRI template MUST,
   after such substitution has one or more parameters that MUST be substituted
   with values to construct been performed, constitute a
   syntactically valid URI.  The substitution MUST ensure
   that IRI.

   One or other index MAY be omitted, in which case the resulting value range is also properly percent-encoded utf-8.

   Here
   understood as stretching to 0 or infinity.  The index values are some examples of template URIs 0
   based and corresponding populated
   values:

   http://example.org/blog/edit/{index}
   http://example.org/blog/edit/3-9

   http://example.org/blog/edit/{index}/foo
   http://example.org/blog/edit/0-100/foo

   http://example.org/blog/edit/{daterange}
   http://example.org/blog/edit/daterange=\
       2003-12-13T18:30:02Z-2003-12-13T18:30:02Z

   http://example.org/blog/edit?dr={daterange}/bar/
   http://example.org/blog/edit?dr=\
       2003-12-13T18:30:02Z,2003-12-13T18:30:02Z/bar/

   Note that the parameters MAY appear at any place in select members from the URI template.

11.2  URI Template Parameters

   This specification defines two parameters for use in URI Templates:

   o  index: allows selection into a collection's resources collection based as
      though on the member's
   index, with all of the members ordered by their 'atom:updated'
   property.

   o  daterange: allows selection into a collection's resources based on
      their 'atom:updated' property

   In both cases, the  The response to the selection request MUST be an Atom Feed
   where all the entries fall within the requested criteria.  The
   request range is considered a closed set - if an entry matches one
   end of the range exactly it MUST be included in the response.  If no
   members fall in the requested range, the server MUST respond with an
   Atom Feed containing no entries.

   A Collection Document MUST contain at least two app:uri-template
   elements - one for the {index} parameter template and the other for
   the {daterange} parameter template.  The two parameters are not
   mutually exclusive and MAY appear together in a single Template URI.

11.2.1  \{index\} URI template variable

   The value one
   end of the {index} criterion range exactly it MUST be included in the response.  If no
   members fall in the requested range, the server MUST respond with an
   Atom Feed containing no entries.  If a pair membership list is returned
   with a number of non-negative
   integer indices separated by entries that is less than the number of entries
   requested than the client MAY assume that it has made a dash character.  One or other request that
   exceeds the last index
   MAY omitted, in which case of the range is understood as stretching to
   zero, or infinity.

    index-specifier = [index] "-" [index] members.

   For example, suppose the client is supplied this {index} URI IRI template:

   http://example.org/blog/edit/{index}
    If the client wants the first 15 entries in the Collection collection it would
   substitute the brace-delimited parameter {index}, with the value
   1-15,
   0-14, giving:

    http://example.org/blog/edit/1-15

11.2.2  \{daterange\} URI template variable

   A URI Template with

   http://example.org/blog/edit/0-14

10.  Atom Entry Extensions

   This specification adds one new value to the variable 'daterange' allows querying for Registry of Link
   Relations and also adds a new element to Atom Entries called "app:
   control"  for controlling publishing.  These new links and app:
   control elements MAY appear in a Collection according both membership lists and in member
   representations.

10.1  The 'edit' Link Relation

   This specification adds the value "edit" to their 'atom:updated' property. the Registry of Link
   Relations.  The value of "edit" signifies that the {daterange} criterion should IRI in the value
   of the href attribute is the IRI of the member resource, and is
   intended to be used to update and delete resources as described in
   this specification.

10.2  Publishing Control

   This specification also adds a pair of ISO
   formatted dates separated by new element to Atom Entries for
   controlling publishing.

    pubControl =
       element app:control {
       atomCommonAttributes,
       pubDraft?
       & extensionElement
    }

    pubDraft =
      element app:draft { "yes" | "no" }

   The "app:control" element MAY appear as a dash character; either index may child of an "atom:entry"
   which is being created or updated via the Atom Publishing Protocol.
   The "app:control" element, if it does appear in an entry, MUST only
   appear at most one time.

   The "app:control" element and its children elements MAY be
   optionally omitted, included
   in which case the range Atom Feed or Entry Documents.  The "app:control" element is understood
   considered "foreign markup" as
   stretching to infinity on that end.

    daterange-specifier = [iso-date] "," [iso-date] defined in Section 6 of the Atom
   Syndication Format.

   The [iso-date] terminal "app:control" element MAY contain exactly one app:draft element
   and MAY contain zero or more extension elements as outlined in the
   Atom Syndication Format, Section 6.  Both clients and servers MUST conform to
   ignore foreign markup present in the "date-time" production app:control element that they do
   not know.

10.2.1  The app:draft Element

   This specification defines only one child element for "app:control",
   "app:draft".

   The number of "app:draft" elements in
   [RFC3339].  In addition, an uppercase "T" character "app:control" MUST be used to
   separate date and time, and an uppercase "Z" character zero or
   one.  Its content MUST be
   present in one of the absence values "yes" or "no".  A value
   of a numeric time zone offset.

   For example, suppose "no" means that the client is supplied this {daterange} URI
   Template:

    http://example.org/blog/edit/{daterange} entry MAY be made publicly visible.  If the client wants
   "app:draft" element is missing then the entries in value is understood to be
   "no".  That is, if "app:control" and/or the collection between January "app:draft" elements are
   missing from an entry then the entry is considered not a draft and
   February 2006 it would substitute
   can be made publicly visible.  Clients MUST understand "app:draft"
   elements and MUST NOT drop them from Atom Entries during editing.
   Clients MUST NOT operate on the brace-delimited parameter
   {daterange} with expectation that a server will honor
   the desired selection value, giving this URI:

    http://example.org/blog/edit/2006-01-01T00:00:00Z,\
        2006-02-01T00:00:00Z

11.2.3  Other URI Template parameters

   Other specifications value of an "app:draft" element.  Servers MAY define new parameters for use in URI
   templates ignore "app:draft"
   elements and declared in the app:uri-template element.

12. drop them from Atom Entry Extensions Entries.

11.  Example

   This specification adds three new values to the Registry is an example of Link
   Relations. a client creating a new entry with an image.
   The value of 'collection' signifies client has an image to publish and an entry that the IRI in the value of the
   href is the Collection includes an HTML
   'img' element that uses that image.  In this Entry belongs to.  Any entry MAY
   contain a link with scenario we consider a relation of 'collection'.

   The value of 'edit' signifies
   client that the IRI in the value has IRIs of the href
   attribute identifies the resource that is used to edit the entry.
   That is, it is the URI two collections, an entry collection and a
   media collection, both of the Entry as which were discovered through an Editable Resource.
   introspection document.  The value IRI of 'srcedit' signifies that the entry collection is:

   http://example.net/blog/edit/

   The IRI in the value of the
   href attribute identifies the resource that is used to edit media collection is:

   http://example.net/binary/edit

   First the client creates a new image resource pointed to by POSTing the 'src' attribute of the atom:content
   element.  That is, it is image to
   the IRI of the atom:content@src as an
   Editable Resource.  If a link element with a relation of "srcedit" is
   not given, then it's value defaults to the "src" attribute media collection.

   POST /binary/edit/ HTTP/1.1
   Host: example.net
   User-Agent: Thingio/1.0
   Content-Type: image/png
   Content-Length: nnnn
   Title: A picture of the
   content element.  List Resources for Generic Collections MUST return
   entries that have 'srcedit' links or MUST have a atom:content@src
   value.

   If the "srcedit" link beach

   ...binary data...

   The member resource is present, created and it's value is an empty string,
   then there HTTP status code of 201 is no URI that can be treated in the way such a value
   would be treated.

   Clients SHOULD use
   returned.

   HTTP/1.1 201 Created
   Date: Fri, 25 Mar 2005 17:17:11 GMT
   Content-Length: nnnn
   Content-Type: application/atom+xml
   Location: http://example.net/binary/edit/b/129.png

   <?xml version="1.0" encoding="utf-8"?>
   <entry xmlns="http://www.w3.org/2005/Atom">
       <title>A picture of the beach.</title>
       <link rel="edit"
           href="http://example.net/binary/edit/b/129.png"/>
       <id>urn:uuid:1225c695-cfb8-4ebb-aaaa-568596895695</id>
       <updated>2005-09-02T10:30:00Z</updated>
       <summary>Waves</summary>
       <content type="image/png"
           src="http://example.net/binary/readonly/129.png"/>
   </entry>
   The client then POSTs the "srcedit" value Atom Entry that refers to manipulate the resource
   within the context of newly created
   image resource.  Note that the APP itself.  Clients SHOULD prefer client takes the
   "atom:content@src" value IRI
   http://example.net/binary/readonly/129.png and uses it in any other context.  For example, if the
   resource is an image, a client may replace 'img'
   element in the image data using a PUT Entry content:

   POST  /blog/edit/ HTTP/1.1
   Host: example.net
   User-Agent: Thingio/1.0
   Content-Type: application/atom+xml
   Content-Length: nnnn

   <?xml version="1.0" encoding="utf-8"?>
   <entry xmlns="http://www.w3.org/2005/Atom">
       <title>What I did on my summer vacation</title>
       <updated>2005-09-02T10:30:00Z</updated>
       <summary>Beach!</summary>
       <content type="xhtml" xml:lang="en">
           <div xmlns="http://www.w3.org/1999/xhtml">
               <p>We went to the "srcedit" value, and may even display beach for summer vacation.
                   Here is a preview picture of the image
   by fetching the "srcedit" URI.  But when creating a public, read-only
   reference to the same image resource, the client should use waves rolling in:
                   <img
                       src="http://example.net/binary/readonly/129.png"
                       alt="A picture of the
   "atom:content@src" value.

13. beach."
                       />
               </p>
           </div>
       </content>
   </entry>

12.  Securing the Atom Protocol

   All instances of publishing Atom entries SHOULD be protected by
   authentication to prevent posting or editing by unknown sources.
   Atom servers and clients MUST support one of the following
   authentication mechanisms, and SHOULD support both.

   o  HTTP Digest Authentication [RFC2617]

   o  [@@TBD@@ CGI Authentication ref]

   Atom servers and clients MAY support encryption of the Atom session using
   TLS [RFC2246]. (see [RFC2246]).

   There are cases where an authentication mechanism may is not be required,
   such as a publicly editable Wiki, or when using the PostURI POST to post send comments
   to a site that does not require authentication to
   create comments.

13.1 from a commenter.

12.1  [@@TBD@@ CGI Authentication]

   This authentication method is included as part of the protocol to
   allow Atom servers and clients that cannot use HTTP Digest
   Authentication but where the user can both insert its own HTTP
   headers and create a CGI program to authenticate entries to the
   server.  This scenario is common in environments where the user
   cannot control what services the server employs, but the user can
   write their own HTTP services.

14.

13.  Security Considerations

   Because Atom is a publishing protocol, it is important that only
   authorized users can create and edit entries.

   The security of Atom is based on HTTP Digest Authentication and/or
   [@@TBD@@ CGI Authentication].  Any weaknesses in either of these
   authentication schemes will affect the security of the Atom
   Publishing Protocol.

   Both HTTP Digest Authentication and [@@TBD@@ CGI Authentication] are
   susceptible to dictionary-based attacks on the shared secret.  If the
   shared secret is a password (instead of a random string with
   sufficient entropy), an attacker can determine the secret by
   exhaustively comparing the authenticating string with hashed results
   of the public string and dictionary entries.

   See RFC 2617 [RFC2617] for more detailed the description of the security properties of HTTP
   Digest Authentication.

   @@TBD@@ Talk here about using HTTP basic and digest authentication.

   @@TBD@@ Talk here about denial of service attacks using large XML
   files, or the billion laughs DTD attack.

15.

14.  IANA Considerations

   A Atom Collection Document, when serialized as XML 1.0, can be
   identified with the following media type:

   MIME media type name: application

   MIME subtype name: atomcoll+xml

   Mandatory parameters: None.

   Optional parameters:

      "charset": This parameter has identical semantics to the charset
         parameter of the "application/xml" media type as specified in
         [RFC3023].

   Encoding considerations: Identical to those of "application/xml" as
      described in [RFC3023], section 3.2.

   Security considerations: As defined in this specification.
      [[anchor31: update upon publication]]

      In addition, as this media type uses the "+xml" convention, it
      shares the same security considerations as described in [RFC3023],
      section 10.

   Interoperability considerations: There are no known interoperability
      issues.

   Published specification: This specification. [[anchor32: update upon
      publication]]

   Applications that use this media type: No known applications
      currently use this media type.

   Additional information:

   Magic number(s): As specified for "application/xml" in [RFC3023],
      section 3.2.

   File extension: .atomcoll

   Fragment identifiers: As specified for "application/xml" in
      [RFC3023], section 5.

   Base URI: As specified in [RFC3023], section 6.

   Macintosh File Type code: TEXT

   Person and email address to contact for further information: Joe
      Gregorio <joe@bitworking.org>

   Intended usage: COMMON

   Author/Change controller: IESG

   An Atom Introspection Document, when serialized as XML 1.0, can be
   identified with the following media type:

   MIME media type name: application

   MIME subtype name: atomserv+xml

   Mandatory parameters: None.

   Optional parameters:

      "charset": This parameter has identical semantics to the charset
         parameter of the "application/xml" media type as specified in
         [RFC3023].

   Encoding considerations: Identical to those of "application/xml" as
      described in [RFC3023], section 3.2.

   Security considerations: As defined in this specification.
      [[anchor33:
      [[anchor22: update upon publication]]

      In addition, as this media type uses the "+xml" convention, it
      shares the same security considerations as described in [RFC3023],
      section 10.

   Interoperability considerations: There are no known interoperability
      issues.

   Published specification: This specification. [[anchor34: [[anchor23: update upon
      publication]]

   Applications that use this media type: No known applications
      currently use this media type.

   Additional information:

   Magic number(s): As specified for "application/xml" in [RFC3023],
      section 3.2.

   File extension: .atomsrv

   Fragment identifiers: As specified for "application/xml" in
      [RFC3023], section 5.

   Base URI: As specified in [RFC3023], section 6.

   Macintosh File Type code: TEXT

   Person and email address to contact for further information: Joe
      Gregorio <joe@bitworking.org>

   Intended usage: COMMON

   Author/Change controller: This specification's author(s). [[anchor35: [[anchor24:
      update upon publication]]

16.

15.  References

16.1

15.1  Normative References

   [AtomFormat]
              Nottingham, M. and R. Sayre, "The Atom Syndication
              Format",  1.0, July 2005.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2246]  Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
              RFC 2246, January 1999.

   [RFC2616]  Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
              Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
              Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

   [RFC2617]  Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
              Leach, P., Luotonen, A., and L. Stewart, "HTTP
              Authentication: Basic and Digest Access Authentication",
              RFC 2617, June 1999.

   [RFC3023]  Murata, M., St. Laurent, S., and D. Kohn, "XML Media
              Types", RFC 3023, January 2001.

   [RFC3339]  Klyne, G. and C. Newman, "Date and Time on the Internet:
              Timestamps", RFC 3339, July 2002.

   [RFC3986]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
              Resource Identifier (URI): Generic Syntax", STD 66,
              RFC 3986, January 2005.

   [RFC3987]  Duerst, M. and M. Suignard, "Internationalized Resource
              Identifiers (IRIs)", RFC 3987, January 2005.

   [W3C.REC-xml-20040204]
              Yergeau, F., Paoli, J., Sperberg-McQueen, C., Bray, T.,
              and E. Maler, "Extensible Markup Language (XML) 1.0 (Third
              Edition)", W3C REC REC-xml-20040204, February 2004.

   [W3C.REC-xml-names-19990114]
              Hollander, D., Bray, T., and A. Layman, "Namespaces in
              XML", W3C REC REC-xml-names-19990114, January 1999.

16.2

   [W3C.REC-xmlbase-20010627]
              Marsh, J., "XML Base", W3C REC W3C.REC-xmlbase-20010627,
              June 2001.

15.2  Informative References

   [RNC]      Clark, J., "RELAX NG Compact Syntax", December 2001.

   [W3C.REC-webarch-20041215]
              Walsh, N. and I. Jacobs, "Architecture of the World Wide
              Web, Volume One", W3C REC REC-webarch-20041215,
              December 2004.

URIs

   [1]  <http://www.imc.org/atom-protocol/index.html>

Authors' Addresses

   Joe Gregorio (editor)
   BitWorking, Inc
   1002 Heathwood Dairy Rd.
   Apex, NC  27502
   US

   Phone: +1 919 272 3764
   Email: joe@bitworking.com
   URI:   http://bitworking.com/

   Bill de hOra (editor)
   Propylon Ltd.
   45 Blackbourne Square, Rathfarnham Gate
   Dublin, Dublin  D14
   IE

   Phone: +353-1-4927444
   Email: bill.dehora@propylon.com
   URI:   http://www.propylon.com/

Appendix A.  Contributors

   The content and concepts within are a product of the Atom community
   and the Atompub Working Group.  Robert Sayre was an editor for drafts
   00-04.

Appendix B.  RELAX NG Compact Schema

   This appendix is informative.

   The Relax NG schema explicitly excludes elements in the APP namespace
   which are not defined in this revision of the specification.
   Requirements for APP Processors encountering such markup are given in
   Section 6.2 and Section 6.3 of [AtomFormat].

   # -*- rnc -*-
   # RELAX NG Compact Syntax Grammar for the Atom Protocol

   namespace app = "http://purl.org/atom/app#"
   namespace local = ""

   start = appService

   # common:attrs

   appCommonAttributes =
      attribute xml:base { atomUri }?,
      attribute xml:lang { atomLanguageTag }?,
      undefinedAttribute*

   undefinedAttribute =
     attribute * - (xml:base | xml:lang | local:*) { text }

   atomUri = text

   atomLanguageTag = xsd:string {
      pattern = "[A-Za-z]{1,8}(-[A-Za-z0-9]{1,8})*"
   }

   # app:service

   appService =
      element app:service {
         appCommonAttributes,
         ( appWorkspace+
           & extensionElement* )
      }

   # app:workspace

   appWorkspace =
      element app:workspace {
         appCommonAttributes,
         attribute title { text },
         ( appCollection+
           & extensionElement* )
      }

   # app:collection

   appCollection =
      element app:collection {
         appCommonAttributes,
         attribute title { text },
         attribute href { text },
         ( appMemberType
           & appListTemplate
           & extensionElement* )
      }

   # app:member

   appMemberType =
      element app:member-type {
            appCommonAttributes,
            ( appTypeValue )
      }

   appTypeValue = "entry" | "media"

   # app:list-template

   appListTemplate =
      element app:list-template {
            appCommonAttributes,
            ( appUriTemplate )
      }

   # Whatever an IRI template is, it contains at least {index}

   appUriTemplate = xsd:string { pattern = ".+\{index\}.*" }

   # Simple Extension

   simpleExtensionElement =
      element * - app:* {
         text
      }

   # Structured Extension
   structuredExtensionElement =
      element * - app:* {
         (attribute * { text }+,
            (text|anyElement)*)
       | (attribute * { text }*,
          (text?, anyElement+, (text|anyElement)*))
      }

   # Other Extensibility

   extensionElement =
      simpleExtensionElement | structuredExtensionElement

   # Extensions

   anyElement =
      element * {
         (attribute * { text }
          | text
          | anyElement)*
      }

   # EOF

Appendix C.  Revision History

   draft-ietf-atompub-protocol-06 - Removed: Robert Sayre from the
   contributors section per his request.  Added in
   PaceCollectionControl.  Fixed all the {daterange} verbage and
   examples so they all use a dash.  Added full rnc schema.  Collapsed
   Introspection and Collection documents into a single document.
   Removed {dateRange} queries.  Renamed search to list.  Moved
   discussion of media and entry collection until later in the document
   and tied the discussion to the Introspection element app:member-type.

   draft-ietf-atompub-protocol-05 - Added: Contributors section.  Added:
   de hOra to editors.  Fixed: typos.  Added diagrams and description to
   model section.  Incorporates PaceAppDocuments, PaceAppDocuments2,
   PaceSimplifyCollections2 (large-sized chunks of it anyhow: the
   notions of Entry and Generic resources, the section 4 language on the
   Protocol Model, 4.1 through 4.5.2, the notion of a Collection
   document, as in Section 5 through 5.3, Section 7 "Collection
   resources", Selection resources (modified from pace which talked
   about search); results in major mods to Collection Documents, Section
   9.2 "Title: Header" and brokeout para to section 9.1 Editing Generic
   Resources).  Added XML namespace and language section.  Some cleanup
   of front matter.  Added Language Sensitivity to some attributes.
   Removed resource descriptions from terminology.  Some juggling of
   sections.  See:
   http://www.imc.org/atom-protocol/mail-archive/msg01812.html.

   draft-ietf-atompub-protocol-04 - Add ladder diagrams, reorganize, add
   SOAP interactions

   draft-ietf-atompub-protocol-03 - Incorporates PaceSliceAndDice3 and
   PaceIntrospection.

   draft-ietf-atompub-protocol-02 - Incorporates Pace409Response,
   PacePostLocationMust, and PaceSimpleResourcePosting.

   draft-ietf-atompub-protocol-01 - Added in sections on Responses for
   the EditURI.  Allow 2xx for response to EditURI PUTs.  Elided all
   mentions of WSSE.  Started adding in some normative references.
   Added the section "Securing the Atom Protocol".  Clarified that it is
   possible that the PostURI and FeedURI could be the same URI.  Cleaned
   up descriptions for Response codes 400 and 500.

   Rev draft-ietf-atompub-protocol-00 - 5Jul2004 - Renamed the file and
   re-titled the document to conform to IETF submission guidelines.
   Changed MIME type to match the one selected for the Atom format.
   Numerous typographical fixes.  We used to have two 'Introduction'
   sections.  One of them was moved into the Abstract the other absorbed
   the Scope section.  IPR and copyright notifications were added.

   Rev 09 - 10Dec2003 - Added the section on SOAP enabled clients and
   servers.

   Rev 08 - 01Dec2003 - Refactored the specification, merging the
   Introspection file into the feed format.  Also dropped the
   distinction between the type of URI used to create new entries and
   the kind used to create comments.  Dropped user preferences.

   Rev 07 - 06Aug2003 - Removed the use of the RSD file for auto-
   discovery.  Changed copyright until a final standards body is chosen.
   Changed query parameters for the search facet to all begin with atom-
   to avoid name collisions.  Updated all the Entries to follow the 0.2
   version.  Changed the format of the search results and template file
   to a pure element based syntax.

   Rev 06 - 24Jul2003 - Moved to PUT for updating Entries.  Changed all
   the mime-types to application/x.atom+xml.  Added template editing.
   Changed 'edit-entry' to 'create-entry' in the Introspection file to
   more accurately reflect it's its purpose.

   Rev 05 - 17Jul2003 - Renamed everything Echo into Atom.  Added
   version numbers in the Revision history.  Changed all the mime-types
   to application/atom+xml.

   Rev 04 - 15Jul2003 - Updated the RSD version used from 0.7 to 1.0.
   Change the method of deleting an Entry from POSTing <delete/> to
   using the HTTP DELETE verb.  Also changed the query interface to GET
   instead of POST.  Moved Introspection Discovery to be up under
   Introspection.  Introduced the term 'facet' for the services listed
   in the Introspection file.

   Rev 03 - 10Jul2003 - Added a link to the Wiki near the front of the
   document.  Added a section on finding an Entry.  Retrieving an Entry
   now broken out into it's its own section.  Changed the HTTP status code
   for a successful editing of an Entry to 205.

   Rev 02 - 7Jul2003 - Entries are no longer returned from POSTs,
   instead they are retrieved via GET.  Cleaned up figure titles, as
   they are rendered poorly in HTML.  All content-types have been
   changed to application/atom+xml.

   Rev 01 - 5Jul2003 - Renamed from EchoAPI.html to follow the more
   commonly used format: draft-gregorio-NN.html.  Renamed all references
   to URL to URI.  Broke out introspection into it's its own section.  Added
   the Revision History section.  Added more to the warning that the
   example URIs are not normative.

Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.

   The IETF has been notified of intellectual property rights claimed in
   regard to some or all of the specification contained in this
   document.  For more information consult the online list of claimed
   rights.

Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Copyright Statement

   Copyright (C) The Internet Society (2005).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.

Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.