draft-ietf-calsch-imp-guide-00.txt   draft-ietf-calsch-imp-guide-01.txt 
Guide to Implementors Network Working Group
Network Working Group Bob Mahoney/MIT Guide to Implementors Bob Mahoney/MIT
Internet-Draft Alexander Taler/CS&T Internet-Draft Alexander Taler/CS&T
<draft-ietf-calsch-imp-guide-00.txt> <draft-ietf-calsch-imp-guide-01.txt> George Babics/CS&T
4-Oct-99 July 14, 2000
Expires: <date + 6 months> Expires: January 14, 2001
Implementors' Guide to Internet Calendaring Implementors' Guide to Internet Calendaring
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance This document is an Internet-Draft and is in full conformance
with all provisions of Section 10 of RFC2026. with all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at line 32 skipping to change at page 2, line ?
documents at any time. It is inappropriate to use Internet- documents at any time. It is inappropriate to use Internet-
Drafts as reference material or to cite them other than as Drafts as reference material or to cite them other than as
"work in progress." "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Copyright (C) The Internet Society 2000. All Rights Reserved.
Abstract Abstract
This document describes the relationship between the various internet This document describes the relationship between the various internet
calendaring and scheduling protocols defined by RFC 2445 (iCalendar), calendaring and scheduling protocols defined by RFC 2445 (iCalendar),
RFC 2446 (iTIP), and RFC 2447 (iMIP), as well as the works in RFC 2446 (iTIP), and RFC 2447 (iMIP), as well as the works in
progress,"iCalendar Real-time Interoperability Protocol" (iRIP), progress,"iCalendar Real-time Interoperability Protocol" (iRIP),
and "Calendar Access Protocol" (CAP). It's intention is to provide and "Calendar Access Protocol" (CAP). It's intention is to provide
a context for these protocols, assist in their understanding, and a context for these protocols, assist in their understanding, and
ultimately help implementors in the design of their internet ultimately help implementors in the design of their internet
calendaring and scheduling systems. calendaring and scheduling systems.
[Note: in the past there has been some discussion as to whether iRIP
was a live effort, given that interest has waned and some functionality
has been moved to CAP. What's the status?]
This document also describes issues and problems which are not solved This document also describes issues and problems which are not solved
by these protocols, and could be targets for future work. by these protocols, and could be targets for future work.
Status of this Memo Status of this Memo
1. Introduction 1. Introduction
Terminology Terminology
2. Requirements 2. Requirements
Fundamental Need Fundamental Need
Protocol Requirements Protocol Requirements
3. Standards Solution 3. Standards Solution
skipping to change at line 53 skipping to change at page 3, line 6
This document also describes issues and problems which are not solved This document also describes issues and problems which are not solved
by these protocols, and could be targets for future work. by these protocols, and could be targets for future work.
Status of this Memo Status of this Memo
1. Introduction 1. Introduction
Terminology Terminology
2. Requirements 2. Requirements
Fundamental Need Fundamental Need
Protocol Requirements Protocol Requirements
3. Standards Solution 3. Standards Solution
Examples Examples
Systems Systems
Standalone single-user system Standalone single-user system
Single-user systems communicating Single-user systems communicating
4. Open Issues 4. Open Issues
Choice of Transport
Scheduling People, not calendars Scheduling People, not calendars
Administration Administration
Notification Notification
5. Security Considerations 5. Security Considerations
Access Control Access Control
Authentication Authentication
Using Email Using Email
Other issues Other issues
6. Acknowldegements 6. Acknowledgements
7. Bibliography 7. Bibliography
8. Author's Addresses 8. Author's Addresses
9. Full Copyright Statement 9. Full Copyright Statement
1. Introduction 1. Introduction
The calendaring and scheduling protocols are intended to provide for The calendaring and scheduling protocols are intended to provide for
the needs of individuals attempting to obtain information and the needs of individuals attempting to obtain information and
schedule meetings across the internet, organizations attempting to schedule meetings across the internet, organizations attempting to
provide information on the internet, as well as organizations looking provide information on the internet, as well as organizations looking
skipping to change at line 133 skipping to change at page 4, line 36
information. information.
Component Component
A piece of calendar data such as an event, a todo or an alarm. A piece of calendar data such as an event, a todo or an alarm.
Information about components is stored as properties of those Information about components is stored as properties of those
components. components.
Property Property
A property of a component, such as a description or a start time. A property of a component, such as a description or a start time.
1.2 Concepts and Relationships
[A rough outline, based on some comments from Bruce. We have some
basic problems throughout this doc with exactly where our real-time
efforts are concentrated, iRIP or CAP. We do not currently have an
unexpired iRIP document. There has been some discussion in the past
noting that the iRIP intent has largely been rolled into CAP. We need
to settle on an approach. iRIP has been left in this draft for the
moment, but overlap is apparent]
iCalendar is the Language to be used in calendar events.
iTIP is how you use the language.
iMIP is further definition for use over email.
CAP/iRIP is the Language used over a real-time transport.
Another way to put it is as follows:
iCalendar are the words
iTIP is the grammar book or the "Rosetta Stone".
iMIP is "expressing it in email terminology" an EMAIL dictionary
CAP/iRIP is "expressing it for use in a Real Time transport"
2. Requirements 2. Requirements
2.1 Fundamental Needs 2.1 Fundamental Needs
The following examples illustrate people's basic calendaring and The following examples illustrate people's basic calendaring and
scheduling needs: scheduling needs:
a] A busy musician wants to maintain her schedule on an a] A busy musician wants to maintain her schedule on an
internet-based agenda which she can access from anywhere. internet-based agenda which she can access from anywhere.
skipping to change at line 164 skipping to change at page 5, line 36
Need: Schedule calendar events and todos with users using the Need: Schedule calendar events and todos with users using the
same calendar service. same calendar service.
d] A movie theatre wants to publish its schedule so that d] A movie theatre wants to publish its schedule so that
prospective customers can easily access it. prospective customers can easily access it.
Need: Share calendar information with users using other calendar Need: Share calendar information with users using other calendar
services, possibly from different vendors. services, possibly from different vendors.
e] A social club wants to be able to organise events more e] A social club wants to be able to organize events more
effectively by booking time with its members. effectively by booking time with its members.
Need: Schedule calendar events and todos with users using other Need: Schedule calendar events and todos with users using other
calendar services, possibly from different vendors. calendar services, possibly from different vendors.
f] A doctor wishes to keep track of all his appointments.
Need: Read and manipulate one's own calendar with only one CUA.
2.2 Protocol requirements 2.2 Protocol requirements
The first three needs can be satisfied through proprietary solutions, The first three needs can be satisfied through proprietary solutions,
but the last two cannot. From these needs we can establish that but the last two cannot. From these needs we can establish that
protocols are required for accessing information in a calendar store, protocols are required for accessing information in a calendar store,
and for scheduling events and todos. In addition these protocols and for scheduling events and todos. In addition these protocols
require a data format for representing calendar information. require a data format for representing calendar information.
These roles are filled by the following protocol requirements. These roles are filled by the following protocol requirements.
skipping to change at line 317 skipping to change at page 8, line 41
e] The social club could distribute meeting information in the form e] The social club could distribute meeting information in the form
of [ITIP] messages. This could be done over email using [IMIP], of [ITIP] messages. This could be done over email using [IMIP],
or [IRIP] depending on the recipient. Meeting invitations, as or [IRIP] depending on the recipient. Meeting invitations, as
well as a full published agenda could be distributed. well as a full published agenda could be distributed.
Alternatively, the social club could provide access to a [CAP] Alternatively, the social club could provide access to a [CAP]
enabled calendar service, however this solution would be more enabled calendar service, however this solution would be more
expensive since it requires the maintenance of a server. expensive since it requires the maintenance of a server.
f] The doctor can use a proprietary CUA with a local store,
and perhaps use [ICAL] as a storage mechanism.
3.2 Systems 3.2 Systems
The following diagrams illustrate possible example systems and usage The following diagrams illustrate possible example systems and usage
of the protocols. [ed. More coming] of the protocols.
3.2.1 Standalone single-user system 3.2.1 Standalone single-user system
A single user system which does not communicate with other systems A single user system which does not communicate with other systems
need not employ any of the protocols. However, it may use [ICAL] as need not employ any of the protocols. However, it may use [ICAL] as
a data format in some places. a data format in some places.
----------- O ----------- O
| CUA w/ | -+- user | CUA w/ | -+- user
|local store| A |local store| A
skipping to change at line 346 skipping to change at page 9, line 23
using [ITIP]. The easiest binding of [ITIP] to use is [IMIP], since using [ITIP]. The easiest binding of [ITIP] to use is [IMIP], since
it messages can be held in their mail queue, which we assume to it messages can be held in their mail queue, which we assume to
already exist. [IRIP] or [CAP] would require at least one user to run already exist. [IRIP] or [CAP] would require at least one user to run
a listening server. a listening server.
O ----------- ----------- O O ----------- ----------- O
-+- | CUA w/ | -----[IMIP]----- | CUA w/ | -+- user -+- | CUA w/ | -----[IMIP]----- | CUA w/ | -+- user
A |local store| Internet |local store| A A |local store| Internet |local store| A
/ \ ----------- ----------- / \ / \ ----------- ----------- / \
3.2.3 Single-user with multiple CUA
A single user may use more than one CUA to access his or her
calendar. The user may use a PDA, a web client, a PC, or some other
device, depending an accessibility. Some of these clients may have
local stores and others may not. If they do, then they need to
ensure that the data on the CUA is synchronized with the data on
the CS.
-----------
| CUA w | -----[CAP]----------+
|local store| |
O ----------- ----------
-+- | CS |
A | |
/ \ ----------
----------- |
| CUA w/o | -----[CAP]----------+
|local store|
-----------
3.2.4 Single-user with multiple calendars
A single user may have many independent calendars. One may be work
related, another for personal use. The CUA may or may not have a
local store. If it does, then it needs to ensure that the data on
the CUA is synchronized with the data on both of the CS.
----------
+------------[CAP]------ | CS |
| | |
O ----------- ----------
-+- | CUA |
A | |
/ \ -----------
| ----------
+------------[CAP]------ | CS |
| |
----------
3.2.5 Users communicating on a multi-user system
Users on a multi-user system may schedule meetings with each other
using [CAP]-enabled CUA and service. The CUA may or may not have
a local store. If they do, then they need to ensure that the
data on the CUA is synchronized with the data on the CS.
O -----------
-+- | CUA w | -----[CAP]----------+
A |local store| |
/ \ ----------- ----------
| CS |
| |
----------
O ----------- |
-+- | CUA w/o | -----[CAP]----------+
A |local store|
/ \ -----------
3.2.6 Users communicating through different multi-user systems
Users on a multi-user system may need to schedule meetings with
user on a different multi user system. The services can
communicate using [CAP]
O ----------- ----------
-+- | CUA w | -----[CAP]-------| CS |
A |local store| | |
/ \ ----------- ----------
|
[CAP]
|
O ----------- ----------
-+- | CUA w/o | -----[CAP]-------| CS |
A |local store| | |
/ \ ----------- ----------
4. Open Issues 4. Open Issues
Many issues are not currently resolved by these protocols, and many Many issues are not currently resolved by these protocols, and many
desirable features are not yet provided. Some of the more prominent desirable features are not yet provided. Some of the more prominent
ones follow. ones follow.
4.1 Scheduling people, not calendars 4.1 Choice of Transport
There are issues to be aware of in choosing a transport mechanism.
The choices are a network protocol, such as CAP, or a store and forward
(email) solution.
The use of a network ("on-the-wire") mechanism may require some
organizations to make provisions to allow calendaring traffic to
traverse a corporate firewall on the required ports. Depending on the
organizational culture, this may be a challenging social exercise.
The use of an email-based mechanism exposes innately time-sensitive
data to unbounded latency. Large or heavily utilized mail systems may
experience an unacceptable delay in message receipt.
4.2 Scheduling people, not calendars
Meetings are scheduled with people, however people may have many Meetings are scheduled with people, however people may have many
calendars, and may store these calendars in many places. There may calendars, and may store these calendars in many places. There may
also be many routes to contact them. These protocols do not attempt also be many routes to contact them. These protocols do not attempt
to provide unique access for contacting a single person. Instead, to provide unique access for contacting a single person. Instead,
'calendar addresses' are booked, which may be email addresses or 'calendar addresses' are booked, which may be email addresses or
individual calendars. It is up to the users themselves to individual calendars. It is up to the users themselves to
orchestrate mechanisms to ensure that the bookings go to the right orchestrate mechanisms to ensure that the bookings go to the right
place. place.
4.2 Administration 4.3 Administration
These protocols do not address the issues of administering users and These protocols do not address the issues of administering users and
calendars on a calendar service. This must be handled by proprietary calendars on a calendar service. This must be handled by proprietary
mechanisms for each implementation. mechanisms for each implementation.
4.3 Notification 4.4 Notification
People often wish to be notified of upcoming events, new events, or People often wish to be notified of upcoming events, new events, or
changes to events. These protocols do not attempt to address these changes to events. These protocols do not attempt to address these
needs in a real-time fashion. Instead, the ability to store alarm needs in a real-time fashion. Instead, the ability to store alarm
information on events is provided, which can be used to provide information on events is provided, which can be used to provide
client-side notification of upcoming events. To organize client-side notification of upcoming events. To organize
notification of new or changed events clients will have to poll the notification of new or changed events clients will have to poll the
data store. data store.
5. Security considerations 5. Security considerations
skipping to change at line 394 skipping to change at page 12, line 18
for access to data through [CAP], so that what should be released to for access to data through [CAP], so that what should be released to
requestors is, and what shouldn't isn't. Details of handling this requestors is, and what shouldn't isn't. Details of handling this
are described in [CAP]. are described in [CAP].
5.2 Authentication 5.2 Authentication
Access control must be coupled with a good authentication system, so Access control must be coupled with a good authentication system, so
that the right people get the right information. For [CAP] this that the right people get the right information. For [CAP] this
means requiring authentication before any data base access can be means requiring authentication before any data base access can be
performed, and checking access rights and authentication credentials performed, and checking access rights and authentication credentials
before releasing information. In [IMIP], this may present some before releasing information. [CAP] uses SASL for this authentication.
challenges, as authentication is often not a consideration in In [IMIP], this may present some challenges, as authentication is
store-and-forward protocols. often not a consideration in store-and-forward protocols.
Authentication is also important for scheduling, in that receivers of Authentication is also important for scheduling, in that receivers of
scheduling messages should be able to validate the apparent sender. scheduling messages should be able to validate the apparent sender.
Since scheduling messages are wrapped in MIME, signing and encryption Since scheduling messages are wrapped in MIME, signing and encryption
is available for free. For messages transmitted over mail this is is available for free. For messages transmitted over mail this is
the only available alternative. It is suggested that developers take the only available alternative. It is suggested that developers take
care in implementing the security features in [IMIP], bearing in care in implementing the security features in [IMIP], bearing in
mind that the concept and need may be foreign or non-obvious to users, mind that the concept and need may be foreign or non-obvious to users,
yet essential for the system to function as they might expect. yet essential for the system to function as they might expect.
skipping to change at line 431 skipping to change at page 13, line 5
threat when designing systems, particularly those that allow for threat when designing systems, particularly those that allow for
automated request processing. automated request processing.
5.4 Other issues 5.4 Other issues
The current security context should be obvious to users. Because the The current security context should be obvious to users. Because the
underlying mechanisms may not be clear to users, efforts to make underlying mechanisms may not be clear to users, efforts to make
clear the current state in the UI should be made. One example is the clear the current state in the UI should be made. One example is the
'lock' icon used in some web browsers during secure connections. 'lock' icon used in some web browsers during secure connections.
With both [iMIP] and [CAP], the possibilities of Denial of Service
attacks must be considered. The ability to flood a calendar system
with bogus requests is likely to be exploited once these systems
become widely deployed, and detection and recovery methods will need
to be considered.
6. Acknowledgements 6. Acknowledgements
Thanks to the following who have participated in the development of Thanks to the following who have participated in the development of
this document: this document:
Eric Busboom, Pat Egen, David Madeo, Shawn Packwood. Eric Busboom, Pat Egen, David Madeo, Shawn Packwood, Bruce Kahn.
7. Bibliography 7. Bibliography
[ICAL] [RFC-2445] Calendaring and Scheduling Core Object Specification [ICAL] [RFC-2445] Calendaring and Scheduling Core Object Specification
[ITIP] [RFC-2446] iCalendar Transport-Independent Interoperability [ITIP] [RFC-2446] iCalendar Transport-Independent Interoperability Protocol
Protocol
[IMIP] [RFC-2447] iCalendar Message-Based Interoperability Protocol [IMIP] [RFC-2447] iCalendar Message-Based Interoperability Protocol
[IRIP] draft-ietf-calsch-irip iCalendar Real-time Interoperability [IRIP] draft-ietf-calsch-irip iCalendar Real-time Interoperability Protocol
Protocol
[CAP] draft-ietf-calsch-cap Calendar Access Protocol [CAP] draft-ietf-calsch-cap Calendar Access Protocol
[RFC-1847] Security Multiparts for MIME [RFC-1847] Security Multiparts for MIME
[RFC-2045] MIME Part 1: Format of Internet Message Bodies [RFC-2045] MIME Part 1: Format of Internet Message Bodies
[RFC-2046] MIME Part 2: Media Types [RFC-2046] MIME Part 2: Media Types
[RFC 2047] MIME Part 3: Message Header Extensions for Non-ASCII Text [RFC 2047] MIME Part 3: Message Header Extensions for Non-ASCII Text
[RFC-2048] MIME Part 4: Registration Procedures [RFC-2048] MIME Part 4: Registration Procedures
[RFC-2049] MIME Part 5: Conformance Criteria and Examples [RFC-2049] MIME Part 5: Conformance Criteria and Examples
8. Author's Addresses 8. Author's Addresses
Alexander Taler Alexander Taler
CS&T CS&T
3333 Graham Boulevard, 5th Floor 3333 Graham Boulevard, 5th Floor
Montreal, QC H3R 3L5 Montreal, QC H3R 3L5
Tel: (514) 733-8500 Tel: (514) 733-8500
Email: alext@cst.ca Email: alex@elea.dhs.org
Bob Mahoney Bob Mahoney
MIT MIT
E40-327 E40-327
77 Massachusetts Avenue 77 Massachusetts Avenue
Cambridge, MA 02139 Cambridge, MA 02139
Tel: (617) 253-0774 Tel: (617) 253-0774
Email: bobmah@mit.edu Email: bobmah@mit.edu
George Babics
Research & Development
Corporate Software & Technologies
3333 Graham Boulevard, 5th floor
Montr─al, Qu─bec, Canada
H3R 3L5
Tel: (514) 733-8500 x303
Fax: (514) 733-8878
E-mail: georgeb@cst.ca
9. Full Copyright Statement 9. Full Copyright Statement
"Copyright (C) The Internet Society 2000. All Rights Reserved.
This document and translations of it may be copied and furnished
to others, and derivative works that comment on or otherwise
explain it or assist in its implementation may be prepared, copied,
published and distributed, in whole or in part, without
restriction of any kind, provided that the above copyright notice
and this paragraph are included on all such copies and derivative
works. However, this document itself may not be modified in any
way, such as by removing the copyright notice or references to the
Internet Society or other Internet organizations, except as needed
for the purpose of developing Internet standards in which case the
procedures for copyrights defined in the Internet Standards
process must be followed, or as required to translate it into
 End of changes. 24 change blocks. 
20 lines changed or deleted 162 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/