draft-ietf-calsch-imp-guide-01.txt   draft-ietf-calsch-imp-guide-02.txt 
Network Working Group Network Working Group Bob Mahoney/MIT
Guide to Implementors Bob Mahoney/MIT Internet Draft Alexander Taler
Internet-Draft Alexander Taler/CS&T <draft-ietf-calsch-imp-guide-02.txt> George Babics/Steltor
<draft-ietf-calsch-imp-guide-01.txt> George Babics/CS&T November 24 2000
July 14, 2000 Expires: May 24 2001
Expires: January 14, 2001
Implementors' Guide to Internet Calendaring Implementors' Guide to Internet Calendaring
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance This document is an Internet-Draft and is in full conformance with
with all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that other
other groups may also distribute working documents as groups may also distribute working documents as Internet-Drafts.
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six months
months and may be updated, replaced, or obsoleted by other and may be updated, replaced, or obsoleted by other documents at any
documents at any time. It is inappropriate to use Internet- time. It is inappropriate to use Internet-Drafts as reference
Drafts as reference material or to cite them other than as material or to cite them other than as "work in progress."
"work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Copyright (C) The Internet Society 2000. All Rights Reserved. Copyright (C) The Internet Society 2000. All Rights Reserved.
Abstract Abstract
This document describes the relationship between the various internet This document describes the various internet calendaring and
calendaring and scheduling protocols defined by RFC 2445 (iCalendar), scheduling standards and drafts and the relationships between them.
RFC 2446 (iTIP), and RFC 2447 (iMIP), as well as the works in It's intention is to provide a context for these documents, assist in
progress,"iCalendar Real-time Interoperability Protocol" (iRIP), their understanding, and potentially help implementors in the design
and "Calendar Access Protocol" (CAP). It's intention is to provide of their internet calendaring and scheduling systems. The standards
a context for these protocols, assist in their understanding, and addressed are RFC 2445 (iCalendar), RFC 2446 (iTIP), and RFC 2447
ultimately help implementors in the design of their internet (iMIP). The draft addressed is "Calendar Access Protocol" (CAP).
calendaring and scheduling systems.
[Note: in the past there has been some discussion as to whether iRIP [Note: in the past there has been some discussion as to whether iRIP
was a live effort, given that interest has waned and some functionality was a live effort, given that interest has waned and some
has been moved to CAP. What's the status?] functionality has been moved to CAP. Its status will be discussed
further.]
This document also describes issues and problems which are not solved This document also describes issues and problems that are not solved
by these protocols, and could be targets for future work. by these protocols, and could be targets for future work.
Status of this Memo Status of this Memo
1. Introduction 1. Introduction
Terminology Terminology
2. Requirements 2. Requirements
Fundamental Need Fundamental Need
Protocol Requirements Protocol Requirements
3. Standards Solution 3. Standards Solution
Examples Examples
Systems Systems
Standalone single-user system Standalone single-user system
Single-user systems communicating Single-user systems communicating
4. Open Issues 4. Important Aspects
Timezones
Choice of Transport
Security
Amount of data
Recurring Components
5. Open Issues
Choice of Transport Choice of Transport
Scheduling People, not calendars Scheduling People, not calendars
Administration Administration
Notification Notification
5. Security Considerations 6. Security Considerations
Access Control Access Control
Authentication Authentication
Using Email Using Email
Other issues Other issues
6. Acknowledgements 7. Acknowledgements
7. Bibliography 8. Bibliography
8. Author's Addresses 9. Author's Addresses
9. Full Copyright Statement 10. Full Copyright Statement
1. Introduction 1. Introduction
The calendaring and scheduling protocols are intended to provide for The calendaring and scheduling protocols are intended to provide for
the needs of individuals attempting to obtain information and the needs of individuals attempting to obtain calendaring information
schedule meetings across the internet, organizations attempting to and schedule meetings across the internet, organizations attempting
provide information on the internet, as well as organizations looking to provide calendaring information on the internet, as well as
for a calendaring and scheduling solution to deploy internally. organizations looking for a calendaring and scheduling solution to
deploy internally.
It is the intent of this document to provide guidance for It is the intent of this document is to provide a context for the
implementors of calendaring and scheduling products in determining calendar standard and draft documents, assist in their understanding,
which of the various existing protocol documents are applicable to and potentially help implementors in the design of their internet
their work, as well as providing some background information and calendaring and scheduling systems.
pointers to the less obvious implications of the available choices.
Problems not solved by these protocols, as well as security issues Problems not solved by these protocols, as well as security issues to
to be kept in mind, are discussed at the end of the document. be kept in mind, are discussed at the end of the document.
1.1 Terminology 1.1 Terminology
This memo uses much of the same terminology as [ICAL], [ITIP], This memo uses much of the same terminology as [ICAL], [ITIP],
[IMIP], [IRIP] and [CAP]. The following definitions are provided as [IMIP], [IRIP] and [CAP]. The following definitions are provided as
introductory, the definitions in the protocol specifications are the introductory, the definitions in the protocol specifications are the
canonical ones. canonical ones.
Calendar Calendar
A collection of events, todos, journal entries, etc. A calendar A collection of events, todos, journal entries, etc. A
could be the content of a person's or a resource's agenda; it calendar could be the content of a person or a resource's
could also be a collection of data serving a more specialized agenda; it could also be a collection of data serving a more
need. Calendars are the basic storage containers for calendaring specialized need. Calendars are the basic storage containers
information. for calendaring information.
Calendar Access Rights Calendar Access Rights
A set of rules for a calendar describing who may perform which A set of rules for a calendar describing who may perform
operations on that calendar, such as reading and writing which operations on that calendar, such as reading and
information. writing information.
Calendar Service Calendar Service
A running server application which provides access to a A running server application which provides access to a
collection of calendars. collection of calendars.
Calendar Store Calendar Store
A data store of a calendar service. A calendar service may have A data store of a calendar service. A calendar service may
several calendar stores, and each store may contain several have several calendar stores, and each store may contain
calendars, as well as properties and components outside of the several calendars, as well as properties and components
calendars. outside of the calendars.
Calendar User Calendar User
An entity (often a human) which accesses calendar information. An entity (often a human) that accesses calendar
information.
Calendar User Agent (CUA) Calendar User Agent (CUA)
Software used by the calendar user which communicates with Software used by the calendar user that communicates with
calendar services to provide the user access to calendar calendar services to provide the user access to calendar
information. information.
Component Component
A piece of calendar data such as an event, a todo or an alarm. A piece of calendar data such as an event, a todo or an
Information about components is stored as properties of those alarm. Information about components is stored as properties
components. of those components.
Delegate
Is a calendar user (sometimes called the delegatee) who has
been assigned participation in a scheduled calendar
component (e.g., VEVENT) by one of the attendees in the
scheduled calendar component (sometimes called the
delegator). An example of a delegate is a team member told
to go to a particular meeting.
Designate
Is a calendar user who is authorized to act on behalf of
another calendar user. An example of a designate is an
assistant.
Local Store
A CS which is on the same platform as the CUA.
Property Property
A property of a component, such as a description or a start time. A property of a component, such as a description or a start
time.
1.2 Concepts and Relationships Remote Store
A CS which is not on the same platform as the CUA.
[A rough outline, based on some comments from Bruce. We have some 1.2 Concepts and Relationships
basic problems throughout this doc with exactly where our real-time
efforts are concentrated, iRIP or CAP. We do not currently have an
unexpired iRIP document. There has been some discussion in the past
noting that the iRIP intent has largely been rolled into CAP. We need
to settle on an approach. iRIP has been left in this draft for the
moment, but overlap is apparent]
iCalendar is the Language to be used in calendar events. iCalendar is the Language to be used in calendar events.
iTIP is how you use the language. iTIP is how you use the language.
iMIP is further definition for use over email. iMIP is further definition for use over email.
CAP/iRIP is the Language used over a real-time transport. iRIP is the language used over a real-time transport
CAP is how to use the language, in real-time, to access a
calendar server
Another way to put it is as follows: Another way to put it is as follows:
iCalendar are the words iCalendar are the words
iTIP is the grammar book or the "Rosetta Stone". iTIP is the grammar book or the "Rosetta Stone".
iMIP is "expressing it in email terminology" an EMAIL dictionary iMIP is "expressing it in email terminology" an
EMAIL dictionary
CAP/iRIP is "expressing it for use in a Real Time transport" CAP/iRIP is "expressing it for use in a Real Time transport"
A comparison with email:
RFC822 in email: iRIP in Calendaring (scheduling not
booking)
POP/IMAP in email: CAP in calendaring
iMIP uses RFC822
RFC822 is a wrapper for email: iTIP is a wrapper for
calendaring objects
2. Requirements 2. Requirements
2.1 Fundamental Needs 2.1 Fundamental Needs
The following examples illustrate people's basic calendaring and The following examples illustrate people's and
scheduling needs: organizations' basic calendaring and scheduling needs:
a] A busy musician wants to maintain her schedule on an a] A doctor wishes to keep track of all his appointments.
Need: Read and manipulate one's own calendar with only one
CUA.
b] A busy musician wants to maintain her schedule on an
internet-based agenda which she can access from anywhere. internet-based agenda which she can access from anywhere.
Need: Read and manipulate one's own calendar. Need: Read and manipulate one's own calendar.
b] A software development team wishes to share agenda information c] A software development team wishes to share agenda
by using a group scheduling product in order to more effectively information by using a group scheduling product in order
schedule their time. to more effectively schedule their time.
Need: Share calendar information with users using the same Need: Share calendar information with users using the same
calendar service. calendar service.
c] A teacher wants his students to be able to book time slots d] A teacher wants his students to be able to book time
during his office hours. slot during his office hours.
Need: Schedule calendar events and todos with users using the Need: Schedule calendar events and todos with users using
same calendar service. the same calendar service.
d] A movie theatre wants to publish its schedule so that e] A movie theatre wants to publish its schedule so that
prospective customers can easily access it. prospective customers can easily access it.
Need: Share calendar information with users using other calendar Need: Share calendar information with users using other
services, possibly from different vendors.
e] A social club wants to be able to organize events more
effectively by booking time with its members.
Need: Schedule calendar events and todos with users using other
calendar services, possibly from different vendors. calendar services, possibly from different vendors.
f] A doctor wishes to keep track of all his appointments. f] A social club wants to be able to organize events more
effectively by booking time with its members.
Need: Read and manipulate one's own calendar with only one CUA. Need: Schedule calendar events and todos with users using
other calendar services, possibly from different vendors.
2.2 Protocol requirements 2.2 Protocol requirements
The first three needs can be satisfied through proprietary solutions, The first four needs can be satisfied through proprietary solutions,
but the last two cannot. From these needs we can establish that but the last two cannot. From these needs we can establish that
protocols are required for accessing information in a calendar store, protocols are required for accessing information in a calendar store,
and for scheduling events and todos. In addition these protocols and for scheduling events and todos. In addition these protocols
require a data format for representing calendar information. require a data format for representing calendar information.
These roles are filled by the following protocol requirements. These roles are filled by the following protocol requirements.
- [ICAL] is the data format - [ICAL] is the data format
[ICAL] provides data format for representing calendar information
which the other protocols can use. [ICAL] can also be used in
other contexts such as a drag and drop format or an export/import
format.
All the other protocols depend on [ICAL], so all elements of a [ICAL] provides data format for representing calendar
standards-based calendaring and scheduling systems will have to information which the other protocols can use. [ICAL] can
interpret [ICAL]. also be used in other contexts such as a drag and drop
format or an export/import format.
All the other protocols depend on [ICAL], so all elements
of a standards-based calendaring and scheduling systems
will have to interpret [ICAL].
For example the following describes an event:
BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//ABC Corporation//NONSGML My Product//EN
BEGIN:VEVENT
ORGANIZER;CN=Jane Doe:MAILTO:jane@bar.com
DTSTART:20000905T120000Z
SUMMARY:Lunch
DTEND:20000905T130000Z
ATTENDEE;CN=John Smith:MAILTO:john@foo.com
ATTENDEE;CN=Jane Doe:MAILTO:doe@bar.com
END:VEVENT
END:VCALENDAR
- [ITIP] is the scheduling protocol - [ITIP] is the scheduling protocol
[ITIP] describes the messages used to schedule calendar events. [ITIP] describes the messages used to schedule calendar
These messages are represented in [ICAL], and have semantics that events. These messages are represented in [ICAL], and
include such things as being an invitation to a meeting, an have semantics that include such things as being an
acceptance of an invitation or the assignation of a task. invitation to a meeting, an acceptance of an invitation
or the assignation of a task.
[ITIP] messages are used in the scheduling work flow, where users [ITIP] messages are used in the scheduling work flow,
exchange messages in order to organize things such as events and where users exchange messages in order to organize things
todos. CUAs generate and interpret [ITIP] messages at the such as events and todos. CUAs generate and interpret
direction of the calendar user. [ITIP] messages at the direction of the calendar user.
[ITIP] is transport-independent, but has two specified transport With [ITIP] one can create, modify, delete, reply to,
bindings, [IMIP] is a binding to email and [IRIP] is a real-time counter, and decline counters to, the various [ICAL]
binding. In addition [CAP] will provide a second real-time components. Furthermore, one can also request the
binding of [ITIP], allowing CUAs to perform calendar management freebusy time of other people.
as well as scheduling over a single connection.
Both CUAs and calendar services may have [ITIP] interpreters. For example, to invite a user to the above event, one can
send a message like this one:
BEGIN:VCALENDAR
METHOD:REQUEST
VERSION:2.0
PRODID:-//ABC Corporation//NONSGML My Product//EN
BEGIN:VEVENT
ORGANIZER;CN=Jane Doe:MAILTO:jane@bar.com
DTSTART:20000905T120000Z
SUMMARY:Lunch
DTEND:20000905T130000Z
ATTENDEE;CN=John Smith:MAILTO:john@foo.com
ATTENDEE;CN=Jane Doe:MAILTO:doe@bar.com
END:VEVENT
END:VCALENDAR
The user, John Smith, can send a reply using the
REPLY method.
[ITIP] is transport-independent, but has two specified
transport bindings, [IMIP] is a binding to email and
[IRIP] is a real-time binding. In addition [CAP] will
provide a second real-time binding of [ITIP], allowing
CUAs to perform calendar management as well as scheduling
over a single connection.
For example, sending the above request using iMIP would
look like:
From: jane@bar.com
To: john@foo.com
Subject: Lunch
Mime-Version: 1.0
Content-Type:text/calendar; method=REQUEST;charset=US-ASCII
Content-Transfer-Encoding: 7bit
BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//ABC Corporation//NONSGML My Product//EN
BEGIN:VEVENT
ORGANIZER;CN=Jane Doe:MAILTO:jane@bar.com
DTSTART:20000905T120000Z
SUMMARY:Lunch
DTEND:20000905T130000Z
ATTENDEE;CN=John Smith:MAILTO:john@foo.com
ATTENDEE;CN=Jane Doe:MAILTO:doe@bar.com
END:VEVENT
END:VCALENDAR
Both CUAs and calendar services may have [ITIP]
interpreters.
- [CAP] is the calendar management protocol - [CAP] is the calendar management protocol
[CAP] describes the messages used to manage calendars. These [CAP] describes the messages used to manage calendars. These
messages are represented in [ICAL], and have semantics such as messages are represented in [ICAL], and have semantics such as
being a search for data, being data in response to a search or being a search for data, being data in response to a search or
the being the creation of a meeting. the being the creation of a meeting.
[CAP] describes the messages used to manage calendars on a
calendar store.
These messages are represented in [ICAL]. With these messages
one can do the operations in [ITIP] and other operations
relating to a calendar store. These operations include, search,
creating calendars, specifying calendar properties, and being
able to specify access rights to one's calendars.
[CAP] also provides a real-time binding for the calendar [CAP] also provides a real-time binding for the calendar
management messages. Although other bindings, such as an email management messages. Although other bindings, such as an email
binding, could be defined, this is not done because it is binding, could be defined, this is not done because it is
inappropriate for this protocol. inappropriate for this protocol.
The following diagram describes the implementation dependencies For example, one can schedule the above meeting using CAP:
between the protocols. A calendar system using these standards
will implement at least one of the leaves of the tree. The
calendar management message and transport protocol parts of CAP are
separated in the diagram to highlight its relationship to ITIP.
------------------ C:SENDATA
| iCalendar | C:CONTENT-TYPE:text/calendar; method=CREATE;charset=US-ASCII
------------------ C:content-transfer-encoding: 7bit
| C:BEGIN:VCALENDAR
| C:VERSION:2.0
| C:PRODID:-//ABC Corporation//NONSGML My Product//EN
------------------------------------- C:TARGET:cap://cal.example.com/johns
| | C:TARGET:janed
------------------ | C:METHOD:CREATE
| iTIP | | C:BEGIN:VEVENT
------------------ | C:ORGANIZER;CN=Jane Doe:MAILTO:jane@bar.com
| | C:DTSTART:20000905T073000Z
| ----------|------- C:SUMMARY:Lunch
| | CAP | | C:DTEND:20000905T120000Z
| | message | C:END:VEVENT
---------------------------------------- format | C:END:VCALENDAR
| | | | | | C: .
---------- ----------- | | | | S: 2.0
| Session | | E-mail | | transport | S: Content-Type:text/calendar; method=RESPONSE;
| iRIP | | iMIP | | protocol | S:
---------- ----------- ------------------ S: BEGIN:VCALENDAR
S: VERSION:2.1
S: METHOD:RESPONSE
S: BEGIN:VEVENT
S: TARGET::cap://cal.example.com/johnd
S: REQUEST-STATUS:2.0
S: END:VEVENT
S: END:VCALENDAR
S: Content-Type:text/calendar; method=RESPONSE;
S:
S: BEGIN:VCALENDAR
S: VERSION:2.1
S: METHOD:RESPONSE
S: BEGIN:VEVENT
S: TARGET::cap://cal.example.com/janed
S: REQUEST-STATUS:2.0
S: END:VEVENT
S: END:VCALENDAR
S: .
Note that "C" indicates the data sent by the client,
and "S" the data sent by the server. Furthermore, CAP
is still a draft, thus the details of one can create
such an event may change.
The dependencies between the different protocols are as follows:
iCalendar is the language set used to describe/specify calendaring
events or operations.
When specified using correct iCalendar grammar, we refer to these
event representations or operation requests as " calendar object
representations
There are two main methodologies for communicating iCalendar
objects:
1) Via a store-and-forward mechanism (usually email), using the
iMIP specification.
2) Via an on-the-wire mechanism (a directly connected state,
however briefly), using the CAP specification.
A system may implement the first methodology only. The second one
is dependent on iTIP. It requires understanding of iTIP and the
ability to communicate with other CAP servers using iTIP. Since,
currently, iMIP is the only binding of iTIP, the second method
is also dependent on iMIP.
Additionally, the iTIP specification describes a
transport-independent grammar for communicating between systems.
The iMIP specification utilizes iTIP to express iCalendar objects.
3. Solutions 3. Solutions
3.1 Examples 3.1 Examples
Returning to the examples of section 2.1, they can be solved using Returning to the examples of section 2.1, they can be solved using
the protocols in the following ways: the protocols in the following ways:
a] The musician who wishes to access her agenda from anywhere can a] The doctor can use a proprietary CUA with a local store,
use a [CAP] enabled calendar service accessible through the and perhaps use [ICAL] as a storage mechanism. This would
internet. She can then use whichever [CAP] clients are allow the doctor to easily import his store into another
application that supports [ICAL].
b] The musician who wishes to access her agenda from anywhere
can use a [CAP] enabled calendar service accessible through
the internet. She can then use whichever [CAP] clients are
available to access the data. available to access the data.
A proprietary system could also be employed which provides A proprietary system could also be employed which provides
access through a web-based interface, but the use of [CAP] would access through a web-based interface, but the use of [CAP]
be superior in that it would allow the use of third party tools, would be superior in that it would allow the use of third
such as PDA synchronization tools. party tools, such as PDA synchronization tools.
b] The development team can use a calendar service which supports c] The development team can use a calendar service which
[CAP] and then each member can use a [CAP]-enabled CUA of their supports [CAP] and then each member can use a [CAP]-enabled
choice. CUA of their choice.
Alternatively, each member could use an [IMIP]-enabled CUA, and Alternatively, each member could use an [IMIP]-enabled CUA,
they could book meetings over email. This solution has the and they could book meetings over email. This solution has
drawback that it is difficult to examine the other agendas, the drawback that it is difficult to examine the other
making organizing meetings more difficult. agendas, making organizing meetings more difficult.
Proprietary solutions are also available, but they require that Proprietary solutions are also available, but they require
all people use clients by the same vendor, and disallow the use that all people use clients by the same vendor, and disallow
of third party applications. the use of third party applications.
c] The teacher can set up a calendar service, and have students d] The teacher can set up a calendar service, and have students
book time through any of the [ITIP] bindings. [CAP] or [IRIP] book time through any of the [ITIP] bindings. [CAP] or
provide real-time access, but could require additional [IRIP] provide real-time access, but could require
configuration. [IMIP] would be the easiest to configure, but additional configuration. [IMIP] would be the easiest to
may require more email processing. configure, but may require more email processing.
If [CAP] access is provided then determining the state of the If [CAP] access is provided then determining the state of
teacher's schedule is straightforward. If not, this can be the teacher's schedule is straightforward. If not, this can
determined through [ITIP] free-busy requests. Non-standard be determined through [ITIP] free-busy requests. Non-
methods could also be employed, such as serving up ICAL, HTML, standard methods could also be employed, such as serving up
XML through HTTP. ICAL, HTML, XML through HTTP.
A proprietary system could also be used, but would require that A proprietary system could also be used, but would require
all students be able to use software from a specific vendor. that all students be able to use software from a specific
vendor.
d] For publishing a movie theatre's schedule [CAP] provides the e] For publishing a movie theatre's schedule [CAP] provides the
most advanced access and search capabilities. It also allows most advanced access and search capabilities. It also allows
easy integration with its customer's calendar systems. easy integration with its customer's calendar systems.
Non-standard methods such as serving data over HTTP could also Non-standard methods such as serving data over HTTP could
be employed, but would be harder to integrate with customer's also be employed, but would be harder to integrate with
systems. customer's systems.
Using a completely proprietary solutions would be very difficult
since it would require every user to install and use proprietary
software.
e] The social club could distribute meeting information in the form Using a completely proprietary solutions would be very
of [ITIP] messages. This could be done over email using [IMIP], difficult since it would require every user to install and
or [IRIP] depending on the recipient. Meeting invitations, as use proprietary software.
well as a full published agenda could be distributed.
Alternatively, the social club could provide access to a [CAP] f] The social club could distribute meeting information in the
enabled calendar service, however this solution would be more form of [ITIP] messages. This could be done over email using
expensive since it requires the maintenance of a server. [IMIP], or [IRIP] depending on the recipient. Meeting
invitations, as well as a full published agenda could be
distributed.
f] The doctor can use a proprietary CUA with a local store, Alternatively, the social club could provide access to a
and perhaps use [ICAL] as a storage mechanism. [CAP] enabled calendar service, however this solution would
be more expensive since it requires the maintenance of a
server.
3.2 Systems 3.2 Systems
The following diagrams illustrate possible example systems and usage The following diagrams illustrate possible example systems and
of the protocols. usage of the protocols.
3.2.1 Standalone single-user system 3.2.1 Standalone single-user system
A single user system which does not communicate with other systems A single user system that does not communicate with other systems
need not employ any of the protocols. However, it may use [ICAL] as need not employ any of the protocols. However, it may use [ICAL] as a
a data format in some places. data format in some places.
----------- O ----------- O
| CUA w/ | -+- user | CUA w/ | -+- user
|local store| A |local store| A
----------- / \ ----------- / \
3.2.2 Single-user systems communicating 3.2.2 Single-user systems communicating
Users with single-user systems may schedule meetings with each other Users with single-user systems may schedule meetings with each other
using [ITIP]. The easiest binding of [ITIP] to use is [IMIP], since using [ITIP]. The easiest binding of [ITIP] to use is [IMIP], since
skipping to change at page 9, line 29 skipping to change at line 543
-+- | CUA w/ | -----[IMIP]----- | CUA w/ | -+- user -+- | CUA w/ | -----[IMIP]----- | CUA w/ | -+- user
A |local store| Internet |local store| A A |local store| Internet |local store| A
/ \ ----------- ----------- / \ / \ ----------- ----------- / \
3.2.3 Single-user with multiple CUA 3.2.3 Single-user with multiple CUA
A single user may use more than one CUA to access his or her A single user may use more than one CUA to access his or her
calendar. The user may use a PDA, a web client, a PC, or some other calendar. The user may use a PDA, a web client, a PC, or some other
device, depending an accessibility. Some of these clients may have device, depending an accessibility. Some of these clients may have
local stores and others may not. If they do, then they need to local stores and others may not. If they do, then they need to
ensure that the data on the CUA is synchronized with the data on ensure that the data on the CUA is synchronized with the data on the
the CS. CS.
----------- -----------
| CUA w | -----[CAP]----------+ | CUA w | -----[CAP]----------+
|local store| | |local store| |
O ----------- ---------- O ----------- ----------
-+- | CS | -+- | CS |
A | | A | |
/ \ ---------- / \ ----------
----------- | ----------- |
| CUA w/o | -----[CAP]----------+ | CUA w/o | -----[CAP]----------+
skipping to change at page 10, line 20 skipping to change at line 580
A | | A | |
/ \ ----------- / \ -----------
| ---------- | ----------
+------------[CAP]------ | CS | +------------[CAP]------ | CS |
| | | |
---------- ----------
3.2.5 Users communicating on a multi-user system 3.2.5 Users communicating on a multi-user system
Users on a multi-user system may schedule meetings with each other Users on a multi-user system may schedule meetings with each other
using [CAP]-enabled CUA and service. The CUA may or may not have using [CAP]-enabled CUA and service. The CUA may or may not have a
a local store. If they do, then they need to ensure that the local store. If they do, then they need to ensure that the data on
data on the CUA is synchronized with the data on the CS. the CUA is synchronized with the data on the CS.
O ----------- O -----------
-+- | CUA w | -----[CAP]----------+ -+- | CUA w | -----[CAP]----------+
A |local store| | A |local store| |
/ \ ----------- ---------- / \ ----------- ----------
| CS | | CS |
| | | |
---------- ----------
O ----------- | O ----------- |
-+- | CUA w/o | -----[CAP]----------+ -+- | CUA w/o | -----[CAP]----------+
A |local store| A |local store|
/ \ ----------- / \ -----------
3.2.6 Users communicating through different multi-user systems 3.2.6 Users communicating through different multi-user systems
Users on a multi-user system may need to schedule meetings with Users on a multi-user system may need to schedule meetings with user
user on a different multi user system. The services can on a different multi user system. The services can communicate using
communicate using [CAP] [CAP] or [ITIP].
O ----------- ---------- O ----------- ----------
-+- | CUA w | -----[CAP]-------| CS | -+- | CUA w | -----[CAP]-------| CS |
A |local store| | | A |local store| | |
/ \ ----------- ---------- / \ ----------- ----------
| |
[CAP] [CAP]
| |
O ----------- ---------- O ----------- ----------
-+- | CUA w/o | -----[CAP]-------| CS | -+- | CUA w/o | -----[CAP]-------| CS |
A |local store| | | A |local store| | |
/ \ ----------- ---------- / \ ----------- ----------
4. Open Issues 4. Important Aspects
Many issues are not currently resolved by these protocols, and many There are a number of important aspects of these calendaring
desirable features are not yet provided. Some of the more prominent documents that people, especially implementors, should be aware of.
ones follow.
4.1 Choice of Transport 4.1 Timezones
The dates and times in components can refer to timezones. These
timezones can be defined in some central store, or they may be
defined by a user to fit his or her needs. Any user and application
should be aware of timezones and timezone differences.
4.2 Choice of Transport
There are issues to be aware of in choosing a transport mechanism. There are issues to be aware of in choosing a transport mechanism.
The choices are a network protocol, such as CAP, or a store and forward The choices are a network protocol, such as CAP, or a store and
(email) solution. forward (email) solution.
The use of a network ("on-the-wire") mechanism may require some The use of a network ("on-the-wire") mechanism may require some
organizations to make provisions to allow calendaring traffic to organizations to make provisions to allow calendaring traffic to
traverse a corporate firewall on the required ports. Depending on the traverse a corporate firewall on the required ports. Depending on
organizational culture, this may be a challenging social exercise. the organizational culture, this may be a challenging social
exercise.
The use of an email-based mechanism exposes innately time-sensitive The use of an email-based mechanism exposes innately time-sensitive
data to unbounded latency. Large or heavily utilized mail systems may data to unbounded latency. Large or heavily utilized mail systems
experience an unacceptable delay in message receipt. may experience an unacceptable delay in message receipt.
4.2 Scheduling people, not calendars 4.3 Security
See the "Security Considerations" section below.
4.4 Amount of data
In some cases a component may be very large. For instance, some
attachments may be very large. Some applications may be low-bandwidth
or be limited in the amount of data they can store. The size of the
data may be controlled in [CAP], by specifying maximums. In [iMIP] it
can be controlled, by restricting the maximum size of the email that
the application can download.
4.5 Recurring Components
In [iCAL] one can specify complex recurrence rules for VEVENTs,
VTODOs, and VJOURNALs. There is the danger that applications
interpret these rules differently. Thus, one must make sure that one
is careful with recurrence rules.
5. Open Issues
Many issues are not currently resolved by these protocols, and many
desirable features are not yet provided. Some of the more prominent
ones follow.
5.1 Scheduling people, not calendars
Meetings are scheduled with people, however people may have many Meetings are scheduled with people, however people may have many
calendars, and may store these calendars in many places. There may calendars, and may store these calendars in many places. There may
also be many routes to contact them. These protocols do not attempt also be many routes to contact them. These protocols do not attempt
to provide unique access for contacting a single person. Instead, to provide unique access for contacting a single person. Instead,
'calendar addresses' are booked, which may be email addresses or 'calendar addresses' are booked, which may be email addresses or
individual calendars. It is up to the users themselves to individual calendars. It is up to the users themselves to orchestrate
orchestrate mechanisms to ensure that the bookings go to the right mechanisms to ensure that the bookings go to the right place.
place.
4.3 Administration 5.2 Administration
These protocols do not address the issues of administering users and These protocols do not address the issues of administering users and
calendars on a calendar service. This must be handled by proprietary calendars on a calendar service. This must be handled by proprietary
mechanisms for each implementation. mechanisms for each implementation.
4.4 Notification 5.3 Notification
People often wish to be notified of upcoming events, new events, or People often wish to be notified of upcoming events, new events, or
changes to events. These protocols do not attempt to address these changes to events. These protocols do not attempt to address these
needs in a real-time fashion. Instead, the ability to store alarm needs in a real-time fashion. Instead, the ability to store alarm
information on events is provided, which can be used to provide information on events is provided, which can be used to provide
client-side notification of upcoming events. To organize client-side notification of upcoming events. To organize notification
notification of new or changed events clients will have to poll the of new or changed events clients will have to poll the data store.
data store.
5. Security considerations 6. Security considerations
5.1 Access Control 6.1 Access Control
There has to be reasonable granularity in the configuration options There has to be reasonable granularity in the configuration options
for access to data through [CAP], so that what should be released to for access to data through [CAP], so that what should be released to
requestors is, and what shouldn't isn't. Details of handling this requestors is, and what shouldn't isn't. Details of handling this are
are described in [CAP]. described in [CAP].
5.2 Authentication 6.2 Authentication
Access control must be coupled with a good authentication system, so Access control must be coupled with a good authentication system, so
that the right people get the right information. For [CAP] this that the right people get the right information. For [CAP] this means
means requiring authentication before any data base access can be requiring authentication before any data base access can be
performed, and checking access rights and authentication credentials performed, and checking access rights and authentication credentials
before releasing information. [CAP] uses SASL for this authentication. before releasing information. [CAP] uses SASL for this
In [IMIP], this may present some challenges, as authentication is authentication. In [IMIP], this may present some challenges, as
often not a consideration in store-and-forward protocols. authentication is often not a consideration in store-and-forward
protocols.
Authentication is also important for scheduling, in that receivers of Authentication is also important for scheduling, in that receivers of
scheduling messages should be able to validate the apparent sender. scheduling messages should be able to validate the apparent sender.
Since scheduling messages are wrapped in MIME, signing and encryption Since scheduling messages are wrapped in MIME, signing and encryption
is available for free. For messages transmitted over mail this is is available for free. For messages transmitted over mail this is the
the only available alternative. It is suggested that developers take only available alternative. It is suggested that developers take
care in implementing the security features in [IMIP], bearing in care in implementing the security features in [IMIP], bearing in mind
mind that the concept and need may be foreign or non-obvious to users, that the concept and need may be foreign or non-obvious to users, yet
yet essential for the system to function as they might expect. essential for the system to function as they might expect.
The real-time protocols provide for the authentication of users, and The real-time protocols provide for the authentication of users, and
the preservation of that authentication information, allowing for the preservation of that authentication information, allowing for
validation by the receiving end-user or server. validation by the receiving end-user or server.
5.3 Using email 6.3 Using email
Because scheduling information can be transmitted over mail without Because scheduling information can be transmitted over mail without
any authentication information, email spoofing is extremely easy if any authentication information, email spoofing is extremely easy if
the receiver is not checking for authentication. It is suggested the receiver is not checking for authentication. It is suggested
that implementors consider requiring authentication as a default, that implementors consider requiring authentication as a default,
using mechanisms such as are described in Section 2 of [IMIP]. using mechanisms such as are described in Section 2 of [IMIP].
The use of email, and the potential for anonymous connections, means The use of email, and the potential for anonymous connections, means
that 'calendar spam' is possible. Developers should consider this that 'calendar spam' is possible. Developers should consider this
threat when designing systems, particularly those that allow for threat when designing systems, particularly those that allow for
automated request processing. automated request processing.
5.4 Other issues 6.4 Other issues
The current security context should be obvious to users. Because the The current security context should be obvious to users. Because the
underlying mechanisms may not be clear to users, efforts to make underlying mechanisms may not be clear to users, efforts to make
clear the current state in the UI should be made. One example is the clear the current state in the UI should be made. One example is the
'lock' icon used in some web browsers during secure connections. 'lock' icon used in some web browsers during secure connections.
With both [iMIP] and [CAP], the possibilities of Denial of Service With both [IMIP] and [CAP], the possibilities of Denial of Service
attacks must be considered. The ability to flood a calendar system attacks must be considered. The ability to flood a calendar system
with bogus requests is likely to be exploited once these systems with bogus requests is likely to be exploited once these systems
become widely deployed, and detection and recovery methods will need become widely deployed, and detection and recovery methods will need
to be considered. to be considered.
6. Acknowledgements 7. Acknowledgements
Thanks to the following who have participated in the development of Thanks to the following who have participated in the development of
this document: this document:
Eric Busboom, Pat Egen, David Madeo, Shawn Packwood, Bruce Kahn. Eric Busboom, Pat Egen, David Madeo, Shawn Packwood, Bruce Kahn.
7. Bibliography 8. Bibliography
[ICAL] [RFC-2445] Calendaring and Scheduling Core Object Specification [ICAL] [RFC-2445] Calendaring and Scheduling Core Object
[ITIP] [RFC-2446] iCalendar Transport-Independent Interoperability Protocol Specification
[ITIP] [RFC-2446] iCalendar Transport-Independent Interoperability
Protocol
[IMIP] [RFC-2447] iCalendar Message-Based Interoperability Protocol [IMIP] [RFC-2447] iCalendar Message-Based Interoperability Protocol
[IRIP] draft-ietf-calsch-irip iCalendar Real-time Interoperability Protocol [IRIP] draft-ietf-calsch-irip iCalendar Real-time Interoperability
Protocol
[CAP] draft-ietf-calsch-cap Calendar Access Protocol [CAP] draft-ietf-calsch-cap Calendar Access Protocol
[RFC-1847] Security Multiparts for MIME [RFC-1847] Security Multiparts for MIME
[RFC-2045] MIME Part 1: Format of Internet Message Bodies [RFC-2045] MIME Part 1: Format of Internet Message Bodies
[RFC-2046] MIME Part 2: Media Types [RFC-2046] MIME Part 2: Media Types
[RFC 2047] MIME Part 3: Message Header Extensions for Non-ASCII Text [RFC 2047] MIME Part 3: Message Header Extensions for Non-ASCII Text
[RFC-2048] MIME Part 4: Registration Procedures [RFC-2048] MIME Part 4: Registration Procedures
[RFC-2049] MIME Part 5: Conformance Criteria and Examples [RFC-2049] MIME Part 5: Conformance Criteria and Examples
8. Author's Addresses 9. Author's Addresses
Alexander Taler Alexander Taler
CS&T
3333 Graham Boulevard, 5th Floor
Montreal, QC H3R 3L5
Tel: (514) 733-8500
Email: alex@elea.dhs.org Email: alex@elea.dhs.org
Bob Mahoney Bob Mahoney
MIT MIT
E40-327 E40-327
77 Massachusetts Avenue 77 Massachusetts Avenue
Cambridge, MA 02139 Cambridge, MA 02139
Tel: (617) 253-0774 Tel: (617) 253-0774
Email: bobmah@mit.edu Email: bobmah@mit.edu
George Babics George Babics
Research & Development Steltor (formerly CS&T/Lexacom)
Corporate Software & Technologies 2000 Peel Street
3333 Graham Boulevard, 5th floor Montreal, Quebec, Canada
Montr─al, Qu─bec, Canada H3A 2W5
H3R 3L5 Tel: (514) 733-8500 x4201
Tel: (514) 733-8500 x303
Fax: (514) 733-8878 Fax: (514) 733-8878
E-mail: georgeb@cst.ca mailto: georgeb@steltor.com
9. Full Copyright Statement 10. Full Copyright Statement
"Copyright (C) The Internet Society 2000. All Rights Reserved. "Copyright (C) The Internet Society (2000). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph
are included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process MUST be
followed, or as required to translate it into languages other than
English.
This document and translations of it may be copied and furnished The limited permissions granted above are perpetual and will not be
to others, and derivative works that comment on or otherwise revoked by the Internet Society or its successors or assigns. This
explain it or assist in its implementation may be prepared, copied, document and the information contained herein is provided on an "AS
published and distributed, in whole or in part, without IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK
restriction of any kind, provided that the above copyright notice FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT
and this paragraph are included on all such copies and derivative NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN
works. However, this document itself may not be modified in any WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
way, such as by removing the copyright notice or references to the MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Internet Society or other Internet organizations, except as needed
for the purpose of developing Internet standards in which case the
procedures for copyrights defined in the Internet Standards
process must be followed, or as required to translate it into
 End of changes. 97 change blocks. 
257 lines changed or deleted 455 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/