Guide to ImplementorsNetwork Working Group
Guide to Implementors                                Bob Mahoney/MIT
Internet-Draft                                       Alexander Taler/CS&T
<draft-ietf-calsch-imp-guide-00.txt>
4-Oct-99
<draft-ietf-calsch-imp-guide-01.txt>                 George Babics/CS&T
July 14, 2000
Expires: <date + 6 months> January 14, 2001

                     Implementors' Guide to Internet Calendaring

Status of this Memo

	This document is an Internet-Draft and is in full conformance
	with all provisions of Section 10 of RFC2026.

	Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF), its areas, and its working groups. Note that
	other groups may also distribute working documents as
	Internet-Drafts.

	Internet-Drafts are draft documents valid for a maximum of six
	months and may be updated, replaced, or obsoleted by other
	documents at any time. It is inappropriate to use Internet-
	Drafts as reference material or to cite them other than as
	"work in progress."

      The list of current Internet-Drafts can be accessed at
      http://www.ietf.org/ietf/1id-abstracts.txt

      The list of Internet-Draft Shadow Directories can be accessed at
      http://www.ietf.org/shadow.html.

      Copyright (C) The Internet Society 2000.  All Rights Reserved.

Abstract

	This document describes the relationship between the various internet
	calendaring and scheduling protocols defined by RFC 2445 (iCalendar),
	RFC 2446 (iTIP), and RFC 2447 (iMIP), as well as the works in
	progress,"iCalendar Real-time Interoperability Protocol" (iRIP),
	and "Calendar Access Protocol" (CAP). It's intention is to provide
	a context for these protocols, assist in their understanding, and
	ultimately help implementors in the design of their internet
	calendaring and scheduling systems.

	[Note: in the past there has been some discussion as to whether iRIP
	was a live effort, given that interest has waned and some functionality
	has been moved to CAP.  What's the status?]

	This document also describes issues and problems which are not solved
	by these protocols, and could be targets for future work.

Status of this Memo
1. Introduction
   Terminology
2. Requirements
   Fundamental Need
   Protocol Requirements
3. Standards Solution

   Examples
   Systems
   Standalone single-user system
   Single-user systems communicating
4. Open Issues
   Choice of Transport
   Scheduling People, not calendars
   Administration
   Notification
5. Security Considerations
   Access Control
   Authentication
   Using Email
   Other issues
6. Acknowldegements Acknowledgements
7. Bibliography
8. Author's Addresses
9. Full Copyright Statement

1. Introduction

	The calendaring and scheduling protocols are intended to provide for
	the needs of individuals attempting to obtain information and
	schedule meetings across the internet, organizations attempting to
	provide information on the internet, as well as organizations looking
	for a calendaring and scheduling solution to deploy internally.

	It is the intent of this document to provide guidance for
	implementors of calendaring and scheduling products in determining
	which of the various existing protocol documents are applicable to
	their work, as well as providing some background information and
	pointers to the less obvious implications of the available choices.

	Problems not solved by these protocols, as well as security issues
	to be kept in mind, are discussed at the end of the document.

1.1 Terminology

	This memo uses much of the same terminology as [ICAL], [ITIP],
	[IMIP], [IRIP] and [CAP]. The following definitions are provided as
	introductory, the definitions in the protocol specifications are the
	canonical ones.

Calendar
	A collection of events, todos, journal entries, etc. A calendar
	could be the content of a person's or a resource's agenda; it
	could also be a collection of data serving a more specialized
	need. Calendars are the basic storage containers for calendaring
	information.

Calendar Access Rights
	A set of rules for a calendar describing who may perform which
	operations on that calendar, such as reading and writing
	information.

Calendar Service
	A running server application which provides access to a
	collection of calendars.

Calendar Store
	A data store of a calendar service. A calendar service may have
	several calendar stores, and each store may contain several
	calendars, as well as properties and components outside of the
	calendars.

Calendar User
	An entity (often a human) which accesses calendar information.

Calendar User Agent (CUA)
	Software used by the calendar user which communicates with
	calendar services to provide the user access to calendar
	information.

Component
	A piece of calendar data such as an event, a todo or an alarm.
	Information about components is stored as properties of those
	components.

Property
	A property of a component, such as a description or a start time.

1.2 Concepts and Relationships

	[A rough outline, based on some comments from Bruce.  We have some
	basic problems throughout this doc with exactly where our real-time
	efforts are concentrated, iRIP or CAP.  We do not currently have an
	unexpired iRIP document.  There has been some discussion in the past
	noting that the iRIP intent has largely been rolled into CAP.  We need
	to settle on an approach.  iRIP has been left in this draft for the
	moment, but overlap is apparent]

	iCalendar is the Language to be used in calendar events.
	iTIP is how you use the language.
	iMIP is further definition for use over email.
	CAP/iRIP is the Language used over a real-time transport.

	Another way to put it is as follows:
	iCalendar are the words
	iTIP is the grammar book or the "Rosetta Stone".
	iMIP is "expressing it in email terminology" an EMAIL dictionary
	CAP/iRIP is "expressing it for use in a Real Time transport"

2. Requirements

2.1 Fundamental Needs

	The following examples illustrate people's basic calendaring and
	scheduling needs:

	a] A busy musician wants to maintain her schedule on an
	   internet-based agenda which she can access from anywhere.

	Need: Read and manipulate one's own calendar.

	b] A software development team wishes to share agenda information
	   by using a group scheduling product in order to more effectively
	   schedule their time.

	Need: Share calendar information with users using the same
	calendar service.

	c] A teacher wants his students to be able to book time slots
	   during his office hours.

	Need: Schedule calendar events and todos with users using the
	same calendar service.

	d] A movie theatre wants to publish its schedule so that
	   prospective customers can easily access it.

	Need: Share calendar information with users using other calendar
	services, possibly from different vendors.

	e] A social club wants to be able to organise organize events more
	   effectively by booking time with its members.

	Need: Schedule calendar events and todos with users using other
	calendar services, possibly from different vendors.

	f]   A doctor wishes to keep track of all his appointments.

	Need: Read and manipulate one's own calendar with only one CUA.

2.2 Protocol requirements

	The first three needs can be satisfied through proprietary solutions,
	but the last two cannot. From these needs we can establish that
	protocols are required for accessing information in a calendar store,
	and for scheduling events and todos. In addition these protocols
	require a data format for representing calendar information.

	These roles are filled by the following protocol requirements.

		- [ICAL] is the data format
		[ICAL] provides data format for representing calendar information
		which the other protocols can use. [ICAL] can also be used in
		other contexts such as a drag and drop format or an export/import
		format.

		All the other protocols depend on [ICAL], so all elements of a
		standards-based calendaring and scheduling systems will have to
		interpret [ICAL].

		- [ITIP] is the scheduling protocol

		[ITIP] describes the messages used to schedule calendar events.
		These messages are represented in [ICAL], and have semantics that
		include such things as being an invitation to a meeting, an
		acceptance of an invitation or the assignation of a task.

		[ITIP] messages are used in the scheduling work flow, where users
		exchange messages in order to organize things such as events and
		todos. CUAs generate and interpret [ITIP] messages at the
		direction of the calendar user.

		[ITIP] is transport-independent, but has two specified transport
		bindings, [IMIP] is a binding to email and [IRIP] is a real-time
		binding. In addition [CAP] will provide a second real-time
		binding of [ITIP], allowing CUAs to perform calendar management
		as well as scheduling over a single connection.

		Both CUAs and calendar services may have [ITIP] interpreters.

		- [CAP] is the calendar management protocol

		[CAP] describes the messages used to manage calendars. These
		messages are represented in [ICAL], and have semantics such as
		being a search for data, being data in response to a search or
		the being the creation of a meeting.

		[CAP] also provides a real-time binding for the calendar
		management messages. Although other bindings, such as an email
		binding, could be defined, this is not done because it is
		inappropriate for this protocol.

	The following diagram describes the implementation dependencies
	between the protocols. A calendar system using these standards
	will implement at least one of the leaves of the tree. The
	calendar management message and transport protocol parts of CAP are
	separated in the diagram to highlight its relationship to ITIP.

                              ------------------
                             |    iCalendar     |
                              ------------------
                                      |
                                      |
                                      |
                     -------------------------------------
                    |                                    |
            ------------------                           |
           |      iTIP        |                          |
            ------------------                           |
                    |                                    |
                    |                          ----------|-------
                    |                         |  CAP     |       |
                    |                         |        message   |
            ----------------------------------------   format    |
            |               |                 |    |     |       |
       ----------      -----------            |    |     |       |
      | Session  |    |   E-mail  |           |   transport      |
      |   iRIP   |    |    iMIP   |           |   protocol       |
       ----------      -----------             ------------------

3. Solutions

3.1 Examples

	Returning to the examples of section 2.1, they can be solved using
	the protocols in the following ways:

	a] The musician who wishes to access her agenda from anywhere can
		use a [CAP] enabled calendar service accessible through the
		internet. She can then use whichever [CAP] clients are
		available to access the data.

		A proprietary system could also be employed which provides
		access through a web-based interface, but the use of [CAP] would
		be superior in that it would allow the use of third party tools,
		such as PDA synchronization tools.

	b] The development team can use a calendar service which supports
		[CAP] and then each member can use a [CAP]-enabled CUA of their
		choice.

		Alternatively, each member could use an [IMIP]-enabled CUA, and
		they could book meetings over email. This solution has the
		drawback that it is difficult to examine the other agendas,
		making organizing meetings more difficult.

		Proprietary solutions are also available, but they require that
		all people use clients by the same vendor, and disallow the use
		of third party applications.

	c] The teacher can set up a calendar service, and have students
		book time through any of the [ITIP] bindings. [CAP] or [IRIP]
		provide real-time access, but could require additional
		configuration. [IMIP] would be the easiest to configure, but
		may require more email processing.

		If [CAP] access is provided then determining the state of the
		teacher's schedule is straightforward. If not, this can be
		determined through [ITIP] free-busy requests. Non-standard
		methods could also be employed, such as serving up ICAL, HTML,
		XML through HTTP.

		A proprietary system could also be used, but would require that
		all students be able to use software from a specific vendor.

	d] For publishing a movie theatre's schedule [CAP] provides the
		most advanced access and search capabilities. It also allows
		easy integration with its customer's calendar systems.

		Non-standard methods such as serving data over HTTP could also
		be employed, but would be harder to integrate with customer's
		systems.

		Using a completely proprietary solutions would be very difficult
		since it would require every user to install and use proprietary
		software.

	e] The social club could distribute meeting information in the form
		of [ITIP] messages. This could be done over email using [IMIP],
		or [IRIP] depending on the recipient. Meeting invitations, as
		well as a full published agenda could be distributed.

		Alternatively, the social club could provide access to a [CAP]
		enabled calendar service, however this solution would be more
		expensive since it requires the maintenance of a server.

	f] The doctor can use a proprietary CUA with a local store,
	    and perhaps use [ICAL] as a storage mechanism.

3.2 Systems

	The following diagrams illustrate possible example systems and usage
	of the protocols. [ed. More coming]

3.2.1 Standalone single-user system

	A single user system which does not communicate with other systems
	need not employ any of the protocols. However, it may use [ICAL] as
	a data format in some places.

	 -----------       O
	| CUA w/    |     -+- user
	|local store|      A
	 -----------      / \

3.2.2 Single-user systems communicating

	Users with single-user systems may schedule meetings with each other
	using [ITIP]. The easiest binding of [ITIP] to use is [IMIP], since
	it messages can be held in their mail queue, which we assume to
	already exist. [IRIP] or [CAP] would require at least one user to run
	a listening server.

	 O   -----------                    -----------   O
	-+- | CUA w/    | -----[IMIP]----- | CUA w/    | -+- user
	 A  |local store|     Internet     |local store|  A
	/ \  -----------                    -----------  / \

4. Open Issues

   Many issues are not currently resolved by these protocols, and many
   desirable features are not yet provided.

3.2.3   Single-user with multiple CUA

   A single user may use more than one CUA to access his or her
   calendar. The user may use a PDA, a web client, a PC, or some other
   device, depending an accessibility.  Some of the more prominent
   ones follow.

4.1 Scheduling people, not calendars

   Meetings are scheduled with people, however people these clients may have many
   calendars,
   local stores and others may store these calendars in many places.  There may
   also be many routes to contact them.  These protocols do not attempt not.  If they do, then they need to provide unique access
   ensure that the data on the CUA is synchronized with the data on
   the CS.

              -----------
             |   CUA w   | -----[CAP]----------+
             |local store|                     |
        O     -----------                    ----------
       -+-                                  |   CS     |
        A                                   |          |
       / \                                   ----------
              -----------                      |
             |  CUA w/o  | -----[CAP]----------+
             |local store|
              -----------

3.2.4   Single-user with multiple calendars

   A single user may have many independent calendars.  One may be work
   related, another for personal use.  The CUA may or may not have a
   local store.  If it does, then it needs to ensure that the data on
   the CUA is synchronized with the data on both of the CS.

                                             ----------
                   +------------[CAP]------ |   CS     |
                   |                        |          |
        O     -----------                    ----------
       -+-   |  CUA      |
        A    |           |
       / \    -----------
                   |                         ----------
                   +------------[CAP]------ |   CS     |
                                            |          |
                                             ----------

3.2.5   Users communicating on a multi-user system

   Users on a multi-user system may schedule meetings with each other
   using [CAP]-enabled CUA and service.  The CUA may or may not have
   a local store.  If they do, then they need to ensure that the
   data on the CUA is synchronized with the data on the CS.

        O     -----------
       -+-   |   CUA w   | -----[CAP]----------+
        A    |local store|                     |
       / \    -----------                    ----------
                                            |   CS     |
                                            |          |
                                             ----------
        O     -----------                      |
       -+-   |  CUA w/o  | -----[CAP]----------+
        A    |local store|
       / \    -----------

3.2.6  Users communicating through different multi-user systems

  Users on a multi-user system may need to schedule meetings with
  user on a different multi user system.  The services can
  communicate using [CAP]

       O     -----------                    ----------
      -+-   |   CUA w   | -----[CAP]-------|   CS     |
       A    |local store|                  |          |
      / \    -----------                    ----------
                                                |
                                              [CAP]
                                                |
       O     -----------                    ----------
      -+-   |  CUA w/o  | -----[CAP]-------|   CS     |
       A    |local store|                  |          |
      / \    -----------                    ----------

4. Open Issues

	Many issues are not currently resolved by these protocols, and many
	desirable features are not yet provided. Some of the more prominent
	ones follow.

4.1 Choice of Transport

	There are issues to be aware of in choosing a transport mechanism.
	The choices are a network protocol, such as CAP, or a store and forward
	(email) solution.

	The use of a network ("on-the-wire") mechanism may require some
	organizations to make provisions to allow calendaring traffic to
	traverse a corporate firewall on the required ports.  Depending on the
	organizational culture, this may be a challenging social exercise.

	The use of an email-based mechanism exposes innately time-sensitive
	data to unbounded latency.  Large or heavily utilized mail systems may
	experience an unacceptable delay in message receipt.

4.2 Scheduling people, not calendars

	Meetings are scheduled with people, however people may have many
	calendars, and may store these calendars in many places. There may
	also be many routes to contact them. These protocols do not attempt
	to provide unique access for contacting a single person. Instead,
	'calendar addresses' are booked, which may be email addresses or
	individual calendars. It is up to the users themselves to
	orchestrate mechanisms to ensure that the bookings go to the right
	place.

4.2

4.3 Administration

	These protocols do not address the issues of administering users and
	calendars on a calendar service. This must be handled by proprietary
	mechanisms for each implementation.

4.3

4.4 Notification

	People often wish to be notified of upcoming events, new events, or
	changes to events. These protocols do not attempt to address these
	needs in a real-time fashion. Instead, the ability to store alarm
	information on events is provided, which can be used to provide
	client-side notification of upcoming events. To organize
	notification of new or changed events clients will have to poll the
	data store.

5. Security considerations

5.1 Access Control

	There has to be reasonable granularity in the configuration options
	for access to data through [CAP], so that what should be released to
	requestors is, and what shouldn't isn't. Details of handling this
	are described in [CAP].

5.2 Authentication

	Access control must be coupled with a good authentication system, so
	that the right people get the right information. For [CAP] this
	means requiring authentication before any data base access can be
	performed, and checking access rights and authentication credentials
	before releasing information. [CAP] uses SASL for this authentication.
	In [IMIP], this may present some challenges, as authentication is
	often not a consideration in store-and-forward protocols.

	Authentication is also important for scheduling, in that receivers of
	scheduling messages should be able to validate the apparent sender.
	Since scheduling messages are wrapped in MIME, signing and encryption
	is available for free. For messages transmitted over mail this is
	the only available alternative. It is suggested that developers take
	care in implementing the security features in [IMIP], bearing in
	mind that the concept and need may be foreign or non-obvious to users,
	yet essential for the system to function as they might expect.

	The real-time protocols provide for the authentication of users, and
	the preservation of that authentication information, allowing for
	validation by the receiving end-user or server.

5.3 Using email

	Because scheduling information can be transmitted over mail without
	any authentication information, email spoofing is extremely easy if
	the receiver is not checking for authentication. It is suggested
	that implementors consider requiring authentication as a default,
	using mechanisms such as are described in Section 2 of [IMIP].

	The use of email, and the potential for anonymous connections, means
	that 'calendar spam' is possible. Developers should consider this
	threat when designing systems, particularly those that allow for
	automated request processing.

5.4 Other issues

	The current security context should be obvious to users. Because the
	underlying mechanisms may not be clear to users, efforts to make
	clear the current state in the UI should be made. One example is the
	'lock' icon used in some web browsers during secure connections.

	With both [iMIP] and [CAP], the possibilities of Denial of Service
	attacks must be considered.  The ability to flood a calendar system
	with bogus requests is likely to be exploited once these systems
	become widely deployed, and detection and recovery methods will need
	to be considered.

6. Acknowledgements

	Thanks to the following who have participated in the development of
	this document:

Eric Busboom, Pat Egen, David Madeo, Shawn Packwood. Packwood, Bruce Kahn.

7. Bibliography

[ICAL] [RFC-2445] Calendaring and Scheduling Core Object Specification
[ITIP] [RFC-2446] iCalendar Transport-Independent Interoperability Protocol
[IMIP] [RFC-2447] iCalendar Message-Based Interoperability Protocol
[IRIP] draft-ietf-calsch-irip iCalendar Real-time Interoperability Protocol
[CAP] draft-ietf-calsch-cap Calendar Access Protocol

[RFC-1847] Security Multiparts for MIME
[RFC-2045] MIME Part 1: Format of Internet Message Bodies
[RFC-2046] MIME Part 2: Media Types
[RFC 2047] MIME Part 3: Message Header Extensions for Non-ASCII Text
[RFC-2048] MIME Part 4: Registration Procedures
[RFC-2049] MIME Part 5: Conformance Criteria and Examples

8. Author's Addresses

Alexander Taler
CS&T
3333 Graham Boulevard, 5th Floor
Montreal, QC H3R 3L5
Tel: (514) 733-8500
Email: alext@cst.ca alex@elea.dhs.org

Bob Mahoney
MIT
E40-327
77 Massachusetts Avenue
Cambridge, MA 02139
Tel: (617) 253-0774
Email: bobmah@mit.edu

George Babics
Research & Development
Corporate Software & Technologies
3333 Graham Boulevard, 5th floor
Montr─al, Qu─bec, Canada
H3R 3L5
Tel: (514) 733-8500 x303
Fax: (514) 733-8878
E-mail: georgeb@cst.ca

9. Full Copyright Statement

      "Copyright (C) The Internet Society 2000.  All Rights Reserved.

      This document and translations of it may be copied and furnished
      to others, and derivative works that comment on or otherwise
      explain it or assist in its implementation may be prepared, copied,
      published and distributed, in whole or in part, without
      restriction of any kind, provided that the above copyright notice
      and this paragraph are included on all such copies and derivative
      works.  However, this document itself may not be modified in any
      way, such as by removing the copyright notice or references to the
      Internet Society or other Internet organizations, except as needed
      for the purpose of developing Internet standards in which case the
      procedures for copyrights defined in the Internet Standards
      process must be followed, or as required to translate it into