WEBDAV Working Group                                        J. Whitehead
Internet-Draft                                           U.C. Santa Cruz
Expires: May 17, October 4, 2004                                        G. Clemm
                                                                     IBM
                                                         J. Reschke, Ed.
                                                              greenbytes
                                                       November 17, 2003

                  WebDAV
                                                           April 5, 2004

  Web Distributed Authoring and Versioning (WebDAV) Redirect Reference
                               Resources
               draft-ietf-webdav-redirectref-protocol-07
               draft-ietf-webdav-redirectref-protocol-08

Status of this Memo

   This document is an Internet-Draft

   By submitting this Internet-Draft, I certify that any applicable
   patent or other IPR claims of which I am aware have been disclosed,
   and is any of which I become aware will be disclosed, in full conformance accordance with
   all provisions of Section 10 of RFC2026.
   RFC 3668.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that other
   groups may also distribute working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at http://
   www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on May 17, October 4, 2004.

Copyright Notice

   Copyright (C) The Internet Society (2003). (2004). All Rights Reserved.

Abstract

   This specification defines redirect reference resources.  A redirect
   reference resource is a resource whose default response is an HTTP/
   1.1 302 (Found) 3xx (Redirection) status code, code (see [RFC2616], Section 10.3),
   redirecting the client to a different resource, the target resource.
   A redirect reference makes it possible to access the target resource
   indirectly, through any URI mapped to the redirect reference
   resource.  There are no integrity guarantees associated with redirect
   reference resources.

   Distribution of this document is unlimited. Please send comments to
   the Distributed Authoring and Versioning (WebDAV) working group at
   w3c-dist-auth@w3.org [1],
   <mailto:w3c-dist-auth@w3.org>, which may be joined by sending a
   message with subject "subscribe" to w3c-dist-auth-request@w3.org [2].
   <mailto:w3c-dist-auth-request@w3.org?subject=subscribe>.

   Discussions of the WEBDAV working group are archived at URL: http://
   lists.w3.org/Archives/Public/w3c-dist-auth/. <http://
   lists.w3.org/Archives/Public/w3c-dist-auth/>.

Table of Contents

   1.   Introduction . . . . . . . . . . . . . . . . . . . . . . . .   4
   2.   Notational Conventions . . . . . . . . . . . . . . . . . . .   6   5
   3.   Terminology  . . . . . . . . . . . . . . . . . . . . . . . .   7   5
   4.   Overview of Redirect Reference Resources . . . . . . . . . .   8   6
   5.   Creating a Redirect Reference Resource . . . . . . . . . . .   9
   5.1  MKRESOURCE .   MKREDIRECTREF Method . . . . . . . . . . . . . . . . . . . . . . . .   9
   5.2   7
     5.1  Example: Creating a Redirect Reference Resource with
        MKRESOURCE
          MKREDIRECTREF  . . . . . . . . . . . . . . . . . . . . . . . . .  10   8
   6.   Operations on Redirect Reference Resources . . . . . . . . .  12   8
   7.   Operations on Collections That Contain Redirect Reference
        Resources  . . . . . . . . . . . . . . . . . . . . . . . . .  13   9
     7.1  LOCK on a Collection That Contains Redirect References . . .  13   9
     7.2  Example: PROPFIND on a Collection with Redirect
          Reference Resources  . . . . . . . . . . . . . . . . . . . . . . . . .  13  10
     7.3  Example: PROPFIND with Apply-To-Redirect-Ref on a
          Collection with Redirect Reference Resources . . . . . . . .  16  12
     7.4  Example: COPY on a Collection That Contains a Redirect
          Reference Resource . . . . . . . . . . . . . . . . . . . . .  17  13
     7.5  Example: LOCK on a Collection That Contains a Redirect
          Reference Resource . . . . . . . . . . . . . . . . . . . . .  18  14
   8.   Operations on Targets of Redirect Reference Resources  . . .  20  16
   9.   Relative URIs in DAV:reftarget . . . . . . . . . . . . . . .  21  16
     9.1  Example: Resolving a Relative URI in a Multi-Status
          Response . . . . . . . . . . . . . . . . . . . . . . . . . .  21  16
   10.  Redirect References to Collections . . . . . . . . . . . . .  23  17
   11.  Headers  . . . . . . . . . . . . . . . . . . . . . . . . . .  25  19
     11.1   Redirect-Ref Response Header . . . . . . . . . . . . . . . .  25  19
     11.2   Apply-To-Redirect-Ref Request Header . . . . . . . . . . . .  25  19
   12.  Redirect Reference Resource Properties . . . . . . . . . . .  19
     12.1   DAV:redirect-lifetime (protected)  . . . . . . . . . . . . . .  26
   12.1 reftarget Property . . . . . .  19
     12.2   DAV:reftarget (protected)  . . . . . . . . . . . . . . .  26  20
   13.  XML Elements . . . . . . . . . . . . . . . . . . . . . . . .  27  20
     13.1   redirectref XML Element  . . . . . . . . . . . . . . . . . .  27  20
   14.  Extensions to the DAV:response XML Element for
        Multi-Status Responses . . . . . . . . . . . . . . . . . . .  28  20
   15.  Capability Discovery . . . . . . . . . . . . . . . . . . . .  29  20
     15.1   Example: Discovery of Support for Redirect Reference
            Resources  . . . . . . . . . . . . . . . . . . . . . . . . .  29  21
   16.  Security Considerations  . . . . . . . . . . . . . . . . . .  30  21
     16.1   Privacy Concerns . . . . . . . . . . . . . . . . . . . . . .  30  21
     16.2   Redirect Loops . . . . . . . . . . . . . . . . . . . . . . .  30  22
     16.3   Redirect Reference Resources and Denial of Service . . . . .  30  22
     16.4   Revealing Private Locations  . . . . . . . . . . . . . . . .  30  22
   17.  Internationalization Considerations  . . . . . . . . . . . .  32  22
   18.  IANA Considerations  . . . . . . . . . . . . . . . . . . . .  33  23
   19.  Contributors . . . . . . . . . . . . . . . . . . . . . . . .  34  23
   20.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . .  35  23
   21.  Normative References . . . . . . . . . . . . . . . . . . . .  36  23
        Authors' Addresses . . . . . . . . . . . . . . . . . . . . .  36  24
   A.   Changes to the WebDAV Document Type Definition . . . . . . .  38  24
   B.   Change Log (to be removed by RFC Editor before
        publication) . . . . . . . . . . . . . . . . . . . . . . . .  39  25
     B.1  Since draft-ietf-webdav-redirectref-protocol-02  . . . . . .  39  25
     B.2  Since draft-ietf-webdav-redirectref-protocol-03  . . . . . .  39  25
     B.3  Since draft-ietf-webdav-redirectref-protocol-04  . . . . . .  39  25
     B.4  Since draft-ietf-webdav-redirectref-protocol-05  . . . . . .  39  25
     B.5  Since draft-ietf-webdav-redirectref-protocol-06  . . . . .  25
     B.6  Since draft-ietf-webdav-redirectref-protocol-07  . . . . .  39  25
   C.   Resolved issues (to be removed by RFC Editor before
        publication) . . . . . . . . . . . . . . . . . . . . . . . .  40  26
     C.1  lc-19-direct-ref  title  . . . . . . . . . . . . . . . . . . . . . . .  40
   C.2  rfc2606-compliance . . .  26
     C.2  lc-38-not-hierarchical . . . . . . . . . . . . . . . . . .  40  26
     C.3  lc-28-lang  lc-37-integrity  . . . . . . . . . . . . . . . . . . . . .  26
     C.4  5_mkresource . . . .  40
   C.4  lc-29-lang . . . . . . . . . . . . . . . . . . .  27
     C.5  lc-41-no-webdav  . . . . . .  40
   C.5  lc-44-pseudo . . . . . . . . . . . . . . .  27
     C.6  lc-24-properties . . . . . . . . .  41
   C.6  lc-61-pseudo . . . . . . . . . . . .  27
     C.7  lc-55-iana . . . . . . . . . . . .  41
   C.7  lc-62-oldclient . . . . . . . . . . . .  28
     C.8  A_DTD_cleanup  . . . . . . . . . .  41
   C.8  lc-63-move . . . . . . . . . . . .  28
   D.   Open issues (to be removed by RFC Editor prior to
        publication) . . . . . . . . . . . . .  42
   C.9  lc-53-s10 . . . . . . . . . . .  28
     D.1  old_clients  . . . . . . . . . . . . . .  42
   C.10 lc-76-location . . . . . . . . .  28
     D.2  lc-85-301  . . . . . . . . . . . . . .  42
   C.11 lc-80-i18n . . . . . . . . . .  29
     D.3  lc-36-server . . . . . . . . . . . . . . .  43
   D.   Open issues (to be removed by RFC Editor before
        publication) . . . . . . . . . . . . . . . . . . . . . . . .  44
   D.1  old_clients  . . . . . . . . . . . . . . . . . . . . . . . .  44
   D.2  lc-85-301  . . . . . . . . . . . . . . . . . . . . . . . . .  44
   D.3  lc-38-not-hierarchical . . . . . . . . . . . . . . . . . . .  45  29
     D.4  lc-36-server . . . . . . . . . . . . . . . . . . . . . . . .  45
   D.5  lc-33-forwarding . . . . . . . . . . . . . . . . . . . . . .  45
   D.6  lc-37-integrity  . . . . . . . . . . . . . . . . . . . . . .  46
   D.7  29
     D.5  3-terminology-redirectref  . . . . . . . . . . . . . . . . .  46
   D.8  lc-41-no-webdav  . . . . . . . . . . . . . . . . . . . . . .  46
   D.9  30
     D.6  lc-58-update . . . . . . . . . . . . . . . . . . . . . . . .  46
   D.10 lc-24-properties . . . . . . . . . . . . . . . . . . . . . .  47
   D.11  30
     D.7  lc-48-s6 . . . . . . . . . . . . . . . . . . . . . . . . . .  47
   D.12  30
     D.8  lc-57-noautoupdate . . . . . . . . . . . . . . . . . . . . .  47
   D.13  31
     D.9  12.1-property-name . . . . . . . . . . . . . . . . . . . . .  48
   D.14 lc-55-iana . . . . . . . . . . . . . . . . . . . . . . . . .  48  31
        Index  . . . . . . . . . . . . . . . . . . . . . . . . . . .  49  32
        Intellectual Property and Copyright Statements . . . . . . .  50  33

1.  Introduction

   This is one of a pair of specifications that extend the WebDAV
   Distributed Authoring Protocol to enable clients to create new access
   paths to existing resources.  This capability is useful for several
   reasons:

   URIs of WebDAV-compliant resources are hierarchical and correspond to
   a hierarchy of collections in resource space.

   The WebDAV Distributed Authoring Protocol makes it possible to
   organize these HTTP resources into hierarchies, placing them into
   groupings, known as collections, which are more easily browsed and
   manipulated than a single flat collection. However, hierarchies
   require categorization decisions that locate resources at a single
   location in the hierarchy, a drawback when a resource has multiple
   valid categories. For example, in a hierarchy of vehicle descriptions
   containing collections for cars and boats, a description of a
   combination car/boat vehicle could belong in either collection.
   Ideally, the description should be accessible from both. Allowing
   clients to create new URIs that access the existing resource lets
   them put that resource into multiple collections.

   Hierarchies also make resource sharing more difficult, since
   resources that have utility across many collections are still forced
   into a single collection. For example, the mathematics department at
   one university might create a collection of information on fractals
   that contains bindings to some local resources, but also provides
   access to some resources at other universities.  For many reasons, it
   may be undesirable to make physical copies of the shared resources on
   the local server: to conserve disk space, to respect copyright
   constraints, or to make any changes in the shared resources visible
   automatically. Being able to create new access paths to existing
   resources in other collections or even on other servers is useful for
   this sort of case.

   The redirect reference resources defined here provide a mechanism for
   creating alternative access paths to existing resources.  A redirect
   reference resource is a resource in one collection whose purpose is
   to forward requests to another resource (its target), possibly in a
   different collection.  In this way, it allows clients to submit
   requests to the target resource from another collection.  It
   redirects most requests to the target resource using the a HTTP 302
   (Found) status code,
   code from the 3xx range (Redirection), thereby providing a form of
   mediated access to the target resource.

   A redirect reference is a resource with properties but no body of its
   own.  Properties of a redirect reference resource can contain such
   information as who created the reference, when, and why. Since
   redirect reference resources are implemented using HTTP 302 3xx
   responses, it generally takes two round trips to submit a request to
   the intended resource.  Servers are not required to enforce the
   integrity of redirect references.  Redirect references work equally well for
   local resources and for resources that reside on a different server
   from the reference.

   The remainder of this document is structured as follows: Section 3
   defines terms that will be used throughout the specification.
   Section 4 provides an overview of redirect reference resources.
   Section 5 discusses how to create a redirect reference resource.
   Section 6 defines the semantics of existing methods when applied to
   redirect reference resources, and Section 7 discusses their semantics
   when applied to collections that contain redirect reference
   resources. Sections 8 through 10 discuss several other issues raised
   by the existence of redirect reference resources.  Sections 11
   through 14 define the new headers, properties, and XML elements
   required to support redirect reference resources.  Section 15
   discusses capability discovery.  Sections 16 through 18 present the
   security, internationalization, and IANA concerns raised by this
   specification. The remaining sections provide a variety of supporting
   information.

2.  Notational Conventions

   Since this document describes a set of extensions to the WebDAV
   Distributed Authoring Protocol [RFC2518], itself an extension to the
   HTTP/1.1 protocol, the augmented BNF used here to describe protocol
   elements is exactly the same as described in Section 2.1 of
   [RFC2616]. Since this augmented BNF uses the basic production rules
   provided in Section 2.2 of [RFC2616], these rules apply to this
   document as well.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

3.  Terminology

   The terminology used here follows and extends that in the WebDAV
   Distributed Authoring Protocol specification [RFC2518]. Definitions
   of the terms resource, Uniform Resource Identifier (URI), and Uniform
   Resource Locator (URL) are provided in [RFC2396].

   Redirect Reference Resource

      A resource created to redirect all requests made to it, using 302
      (Found), an
      HTTP status code from the 3xx range, to a defined target resource.

   Non-Reference Resource
      A resource that is not a reference to another resource.

   Target Resource

      The resource to which requests are forwarded by a reference
      resource. A target resource can be anything that can be identified
      by an absolute URI (see [RFC2396], "absoluteURI").

   This document uses the terms "precondition",  "postcondition" and
   "protected property" as defined in [RFC3253]. Servers MUST report
   pre-/postcondition failures as described in section 1.6 of this
   document.

4.  Overview of Redirect Reference Resources

   For all operations submitted to a redirect reference resource, the
   default response is a 302 (Found), accompanied by the Redirect-Ref
   header (defined in Section 11.1 below) and the Location header set to
   the URI of the target resource.  With this information, the client
   can resubmit the request to the URI of the target resource.

   A redirect reference resource never automatically forwards requests
   to its target resource. Redirect resources bring the same benefits as
   links in HTML documents. They can be created and maintained without
   the involvement or even knowledge of their target resource. This
   reduces the cost of linking between resources."

   If the client is aware that it is operating on a redirect reference
   resource, it can resolve the reference by retrieving the reference
   resource's DAV:reftarget property (defined in Section 12.1 12.2 below),
   whose value contains the URI of the target resource.  It can then
   submit requests to the target resource.

   A redirect reference resource is a new type of resource. To
   distinguish redirect reference resources from non-reference
   resources, a new value of the DAV:resourcetype property (defined in
   [RFC2518]), DAV:redirectref, is defined in Section 13.1 below.

   Since a redirect reference resource is a resource, methods can be
   applied to the reference resource as well as to its target resource.
   The Apply-To-Redirect-Ref request header (defined in Section 11.2
   below) is provided so that referencing-aware clients can control
   whether an operation is applied to the redirect reference resource or
   standard HTTP/WebDAV behaviour (redirection with a 3xx status code)
   should occur.  The Apply-To-Redirect-Ref header can be used with most
   requests to redirect reference resources.  This header is
   particularly useful with PROPFIND, to retrieve the reference
   resource's own properties.

5. Creating a Redirect Reference Resource  MKREDIRECTREF Method

   The new MKRESOURCE MKREDIRECTREF method is used to create new redirect reference
   resources.  In order to create requests the creation of a redirect
   reference resource using
   MKRESOURCE, the values of two properties must be set in resource.

   If a MKREDIRECTREF request fails, the body of server state preceding the MKRESOURCE request.
   request MUST be restored.

   Responses from a MKREDIRECTREF request MUST NOT be cached, as
   MKREDIRECTREF has non-idempotent semantics.

   Marshalling:

      The value of DAV:resourcetype request body MUST be set to
   DAV:redirectref, a new value of DAV:resourcetype DAV:mkredirectref XML element.

      <!ELEMENT mkredirectref (reftarget, redirect-lifetime?)>
      <!ELEMENT reftarget (href)>
      <!ELEMENT redirect-lifetime (permanent | temporary)>
      <!ELEMENT permanent EMPTY>
      <!ELEMENT temporary EMPTY>

      The DAV:href element is defined in Section
   13.1. The value of DAV:reftarget [RFC2518] (Section 12.3) and
      MUST be set to the URI of contain either an absoluteURI or a relativeURI (see
      [RFC2396], Section 3 and 5).

      If the target
   resource.

   Used in this way, request succeeds, the MKRESOURCE method creates server MUST return 201 (Created)
      status.

      If a redirect reference
   resource whose target response body for a successful request is identified by included, it MUST
      be a DAV:mkredirectref-response XML element.  Note that this
      document does not define any elements for the DAV:reftarget property.

5.1 MKRESOURCE

   The MKRESOURCE method requests MKREDIRECTREF
      response body, but the creation of a redirect reference
   resource and initialization of its properties in one atomic
   operation. DAV:mkredirectref-response element is
      defined to ensure interoperability between future extensions that
      do define elements for the MKREDIRECTREF response body.

      <!ELEMENT mkredirectref-response ANY>

   Preconditions:

      (DAV:resource-must-be-null): A resource MUST NOT exist at the Request-URI.

   Request Marshalling:
      request-URL.

      (DAV:parent-resource-must-be-non-null): The location of request-URL minus the new resource to be created is specified by the
      Request-URI.

      The request body of the MKRESOURCE method
      last past segment MUST consist of the
      DAV:propertyupdate XML element defined in Section 12.13 of
      [RFC2518], specifying identify a DAV:resourcetype collection.

      (DAV:name-allowed): The last segment of "DAV:redirectref".

   Postconditions:

      If the response status code request URL is 201,
      available for use as a new resource exists at the
      Request-URI.

      The properties of name.

      (DAV:locked-update-allowed): If the new resource are as specified collection identified by the
      DAV:propertyupdate request body, using PROPPATCH semantics.

      If
      Request-URL minus the response status code last path segment is not 201, write-locked, then a new resource is not
      created at the Request-URI, and any existing resource at the
      Request-URI is unaffected.

   Response Marshalling:

      Responses from a MKRESOURCE request
      appropriate token MUST NOT be cached, as
      MKRESOURCE has non-idempotent semantics.

      The following status codes can be expected specified in responses to
      MKRESOURCE:

      201 (Created): The new resource was successfully created.

      403 (Forbidden): The server does not allow the creation of the
      requested resource type at the requested location, or the parent
      collection of an If request header.

      (DAV:redirect-lifetime-supported): If the Request-URI exists but cannot accept members.

      409 (Conflict): A resource cannot be created at request body contains a
      DAV:redirect-lifetime element, the Request-URI
      because server MUST support the parent collection
      specified liftime. Support for the resource does not exist, or
      because there DAV:temporary is already REQUIRED, while
      support for DAV:permanent is OPTIONAL.

   Postconditions:

      (DAV:new-redirectref): a new redirect reference resource at that request-URL.

      423 (Locked): The Request-URI is locked, and the lock token was
      not passed with the request.

      507 (Insufficient Storage): The server does not have sufficient
      space to record
      created whose DAV:reftarget property has the state of value specified in
      the resource.

5.2 request body.

5.1  Example: Creating a Redirect Reference Resource with MKRESOURCE MKREDIRECTREF

   >> Request:

   MKRESOURCE

   MKREDIRECTREF /~whitehead/dav/spec08.ref HTTP/1.1
   Host: www.example.com
   Content-Type: text/xml; charset="utf-8"
   Content-Length: xxx

   <?xml version="1.0" encoding="utf-8" ?>
   <D:propertyupdate
   <D:mkredirectref xmlns:D="DAV:">
     <D:set>
       <D:prop>
         <D:resourcetype><D:redirectref/></D:resourcetype>
     <D:reftarget>
       <D:href>/i-d/draft-webdav-protocol-08.txt</D:href>
     </D:reftarget>
       </D:prop>
     </D:set>
   </D:propertyupdate>
   </D:mkredirectref>

   >> Response:

   HTTP/1.1 201 Created

   This request resulted in the creation of a new redirect reference
   resource at http://www.example.com/~whitehead/dav/spec08.ref, which
   points to the resource identified by the DAV:reftarget property. In
   this example, the target resource is identified by the URI http://
   www.example.com/i-d/draft-webdav-protocol-08.txt. The redirect
   reference resource's DAV:resourcetype property is set to
   DAV:redirectref.

6.  Operations on Redirect Reference Resources

   Although non-referencing-aware clients cannot create reference
   resources, they should be able to submit requests through the
   reference resources created by reference-aware WebDAV clients.  They
   should be able to follow any references to their targets.  To make
   this possible, a server that receives any request made via a redirect
   reference resource MUST return a 302 (Found) 3xx range (Redirection) status code,
   unless the request includes an Apply-To-Redirect-Ref header
   specifying "T". The client and server MUST follow [RFC2616] Section 10.3.3 "302 Found",
   10.3, but with these additional rules:

   o  The Location response header MUST contain an absolute URI that
      identifies the target of the reference resource.

   o  The response MUST include the Redirect-Ref header.  This header
      allows reference-aware WebDAV clients to recognize the resource as
      a reference resource and understand the reason for the
      redirection.

   A reference-aware WebDAV client can, like a non-referencing client,
   resubmit the request to the URI in the Location header in order to
   operate on the target resource.  Alternatively, it can resubmit the
   request to the URI of the redirect reference resource with the
   "Apply-To-Redirect-Ref: T" header in order to operate on the
   reference resource itself. In this case, the request MUST be applied
   to the reference resource itself, and a 302 3xx response MUST NOT be
   returned.

   As redirect references do not have bodies, GET and PUT requests with
   "Apply-To-Redirect-Ref: T" MUST fail with status 403 (forbidden).

7.  Operations on Collections That Contain Redirect Reference Resources

   Consistent with the rules in Section 6, the response for each
   redirect reference encountered while processing a collection MUST be
   a 302 (Found) 3xx (Redirection) unless a "Apply-To-Redirect-Ref: T" header is
   included with the request.  The overall response will therefore be a
   207 (Multi-Status). For each DAV:response element representing a
   redirect reference, the server MUST include an additional
   DAV:location element, specifying the value of the "Location" header
   that would be returned otherwise. The extension is defined in Section
   14 below.

   The Apply-To-Redirect-Ref header (defined in Section 11.2) MAY be
   used with any request on a collection.  If present, it will be
   applied to all redirect reference resources encountered while
   processing the collection.

7.1  LOCK on a Collection That Contains Redirect References

   An attempt to lock (with Depth: infinity) a collection that contains
   redirect references without specifying "Apply-To-Redirect-Ref: T"
   will always fail.  The Multi-Status response will contain a 302 3xx
   response for each redirect reference.

   Reference-aware clients can lock the collection by using
   Apply-To-Redirect-Ref, and, if desired, lock the targets of the
   redirect references individually.

   Non-referencing clients must resort to locking each resource
   individually.

7.2  Example: PROPFIND on a Collection with Redirect Reference Resources

   Suppose a PROPFIND request with Depth: infinity is submitted to the
   following collection, with the members shown here:

   /MyCollection/
        (non-reference resource) diary.html
        (redirect reference resource) nunavut

   >> Request:

   PROPFIND /MyCollection/ HTTP/1.1
   Host: example.com
   Depth: infinity
   Apply-To-Redirect-Ref: F
   Content-Type: text/xml
   Content-Length: xxxx

   <?xml version="1.0" ?>
   <D:propfind xmlns:D="DAV: ">
     <D:prop xmlns:J="http://example.com/jsprops/">
       <D:resourcetype/>
       <J:keywords/>
     </D:prop>
   </D:propfind>
   >> Response:

   HTTP/1.1 207 Multi-Status
   Content-Type: text/xml
   Content-Length: xxxx

   <?xml version="1.0" ?>
   <D:multistatus xmlns:D="DAV:" xmlns:J="http://example.com/jsprops/">
     <D:response>
       <D:href>/MyCollection/</D:href>
       <D:propstat>
         <D:prop>
           <D:resourcetype><D:collection/></D:resourcetype>
           <J:keywords>diary, interests, hobbies</J:keywords>
         </D:prop>
         <D:status>HTTP/1.1 200 OK</D:status>
       </D:propstat>
     </D:response>
     <D:response>
       <D:href>/MyCollection/diary.html</D:href>
       <D:propstat>
         <D:prop>
           <D:resourcetype/>
           <J:keywords>diary, travel, family, history</J:keywords>
         </D:prop>
         <D:status>HTTP/1.1 200 OK</D:status>
       </D:propstat>
     </D:response>
     <D:response>
       <D:href>/MyCollection/nunavut</D:href>
       <D:status>HTTP/1.1 302 Found</D:status>
       <D:location>
         <D:href>http://example.ca/art/inuit/</D:href>
       </D:location>
     </D:response>
   </D:multistatus>

   In this example the Depth header is set to infinity, and the
   Apply-To-Redirect-Ref header is set to "F".  The collection contains
   one URI that identifies a redirect reference resource.  The response
   element for the redirect reference resource has a status of 302
   (Found), and includes a DAV:location extension element to allow
   clients to retrieve the properties of its target resource. (The
   response element for the redirect reference resource does not include
   the requested properties.  The client can submit another PROPFIND
   request to the URI in the DAV:location pseudo-property to retrieve
   those properties.)

7.3  Example: PROPFIND with Apply-To-Redirect-Ref on a Collection with
    Redirect Reference Resources

   Suppose a PROPFIND request with "Apply-To-Redirect-Ref: T" and Depth:
   infinity is submitted to the following collection, with the members
   shown here:

   /MyCollection/
        (non-reference resource) diary.html
        (redirect reference resource) nunavut

   >> Request:

   PROPFIND /MyCollection/ HTTP/1.1
   Host: example.com
   Depth: infinity
   Apply-To-Redirect-Ref: T
   Content-Type: text/xml
   Content-Length: xxxx

   <?xml version="1.0" ?>
   <D:propfind xmlns:D="DAV:">
     <D:prop>
       <D:resourcetype/>
       <D:reftarget/>
     </D:prop>
   </D:propfind>

   >> Response:

   HTTP/1.1 207 Multi-Status
   Content-Type: text/xml
   Content-Length: xxxx

   <?xml version="1.0" ?>
   <D:multistatus xmlns:D="DAV:">
     <D:response>
       <D:href>/MyCollection/</D:href>
       <D:propstat>
         <D:prop>
           <D:resourcetype><D:collection/></D:resourcetype>
         </D:prop>
         <D:status>HTTP/1.1 200 OK</D:status>
       </D:propstat>
       <D:propstat>
         <D:prop><D:reftarget/></D:prop>
         <D:status>HTTP/1.1 404 Not Found</D:status>
       </D:propstat>
     </D:response>
     <D:response>
       <D:href>/MyCollection/diary.html</D:href>
       <D:propstat>
         <D:prop>
           <D:resourcetype/>
         </D:prop>
         <D:status>HTTP/1.1 200 OK</D:status>
       </D:propstat>
       <D:propstat>
         <D:prop><D:reftarget/></D:prop>
         <D:status>HTTP/1.1 404 Not Found</D:status>
       </D:propstat>
     </D:response>
     <D:response>
       <D:href>/MyCollection/nunavut</D:href>
       <D:propstat>
         <D:prop>
           <D:resourcetype><D:redirectref/></D:resourcetype>
           <D:reftarget>
             <D:href>http://example.ca/art/inuit/</D:href>
           </D:reftarget>
         </D:prop>
       <D:status>HTTP/1.1 200 OK</D:status>
       </D:propstat>
     </D:response>
   </D:multistatus>

   Since the "Apply-To-Redirect-Ref: T" header is present, the response
   shows the properties of the redirect reference resource in the
   collection rather than reporting a 302 status.

7.4  Example: COPY on a Collection That Contains a Redirect Reference
    Resource

   Suppose a COPY request is submitted to the following collection, with
   the members shown:

   /MyCollection/
        (non-reference resource) diary.html
        (redirect reference resource) nunavut with target
                                   /Someplace/nunavut.map
   >> Request:

   COPY /MyCollection/ HTTP/1.1
   Host: example.com
   Depth: infinity
   Destination: http://example.com/OtherCollection/

   >> Response:

   HTTP/1.1 207 Multi-Status
   Content-Type: text/xml; charset="utf-8"
   Content-Length: xxx

   <?xml version="1.0" encoding="utf-8" ?>
   <D:multistatus xmlns:D="DAV:">
     <D:response>
       <D:href>/MyCollection/nunavut</D:href>
       <D:status>HTTP/1.1 302 Found</D:status>
       <D:location>
         <D:href>http://example.com//Someplace/nunavut.map</D:href>
       </D:location>
     </D:response>
   </D:multistatus>

   In this case, since /MyCollection/nunavut is a redirect reference
   resource, the COPY operation was only a partial success.  The
   redirect reference resource was not copied, but a 302 response was
   returned for it.  So the resulting collection is as follows:

   /OtherCollection/
         (non-reference resource) diary.html

7.5  Example: LOCK on a Collection That Contains a Redirect Reference
    Resource

   Suppose a LOCK request is submitted to the following collection, with
   the members shown:

   /MyCollection/
        (non-reference resource) diary.html
        (redirect reference resource) nunavut
   >> Request:

   LOCK /MyCollection/ HTTP/1.1
   Host: example.com
   Apply-To-Redirect-Ref: F
   Content-Type: text/xml

   <?xml version="1.0" ?>
   <D:lockinfo xmlns:D="DAV:">
     <D:lockscope><D:exclusive/></D:lockscope>
     <D:locktype><D:write/></D:locktype>
   </D:lockinfo>

   >> Response:

   HTTP/1.1 207 Multi-Status
   Content-Type: text/xml
   Content-Length: nnnn

   <?xml version="1.0" ?>
   <D:multistatus xmlns:D="Dav:">
     <D:response>
       <D:href>/MyCollection/</D:href>
       <D:status>HTTP/1.1 424 Failed Dependency</D:status>
     </D:response>
     <D:response>
       <D:href>/MyCollection/diary.html</D:href>
       <D:status>HTTP/1.1 424 Failed Dependency</D:status>
     </D:response>
     <D:response>
       <D:href>/MyCollection/nunavut</D:href>
       <D:status>HTTP/1.1 302 Found</D:status>
       <D:location>
         <D:href>http://example.ca/art/inuit/</D:href>
       </D:location>
     </D:response>
   </D:multistatus>

   The server returns a 302 response code for the redirect reference
   resource in the collection.  Consequently, neither the collection nor
   any of the resources identified by its internal member URIs were
   locked. A referencing-aware client can submit a separate LOCK request
   to the URI in the DAV:location element returned for the redirect
   reference resource, and can resubmit the LOCK request with the
   Apply-To-Redirect-Ref header to the collection.  At that point both
   the reference resource and its target resource will be locked (as
   well as the collection and all the resources identified by its other
   members).

8.  Operations on Targets of Redirect Reference Resources

   Operations on targets of redirect reference resources have no effect
   on the reference resource.

9.  Relative URIs in DAV:reftarget

   The URI in the href in a DAV:reftarget property MAY be a relative
   URI. In this case, the base URI to be used for resolving the relative
   URI to absolute form is the URI used in the HTTP message to identify
   the redirect reference resource to which the DAV:reftarget property
   belongs.

   When DAV:reftarget appears in the context of a Multi-Status response,
   it is in a DAV:response element that contains a single DAV:href
   element. The value of this DAV:href element serves as the base URI
   for resolving a relative URI in DAV:reftarget.  The value of DAV:href
   may itself be relative, in which case it must be resolved first in
   order to serve as the base URI for the relative URI in DAV:reftarget.
   If the DAV:href element is relative, its base URI is constructed from
   the scheme component "http", the value of the Host header in the
   request, and the request-URI.

9.1  Example: Resolving a Relative URI in a Multi-Status Response

   >> Request:

   PROPFIND /geog/ HTTP/1.1
   Host: example.com
   Apply-To-Redirect-Ref: T
   Depth: 1
   Content-Type: text/xml
   Content-Length: nnn

   <?xml version="1.0" ?>
   <D:propfind xmlns:D="DAV:">
     <D:prop>
       <D:resourcetype/>
       <D:reftarget/>
     </D:prop>
   </D:propfind>
   >> Response:

   HTTP/1.1 207 Multi-Status
   Content-Type: text/xml
   Content-Length: nnn

   <?xml version="1/0" ?>
   <D:multistatus xmlns:D="DAV:">
     <D:response>
       <D:href>/geog/</D:href>
       <D:propstat>
         <D:prop>
           <D:resourcetype><D:collection/></D:resourcetype>
         </D:prop>
         <D:status>HTTP/1.1 200 OK</D:status>
       </D:propstat>
       <D:propstat>
         <D:prop><D:reftarget/></D:prop>
         <D:status>HTTP/1.1 404 Not Found</D:status>
       </D:propstat>
     </D:response>
     <D:response>
       <D:href>/geog/stats.html</D:href>
       <D:propstat>
         <D:prop>
           <D:resourcetype><D:redirectref/></D:resourcetype>
           <D:reftarget>
             <D:href>statistics/population/1997.html</D:href>
           </D:reftarget>
         </D:prop>
       <D:status>HTTP/1.1 200 OK</D:status>
       </D:propstat>
     </D:response>
   </D:multistatus>

   In this example, the relative URI statistics/population/1997.html is
   returned as the value of reftarget for the reference resource
   identified by href /geog/stats.html.  The href is itself a relative
   URI, which resolves to http://example.com/geog/stats.html.  This is
   the base URI for resolving the relative URI in reftarget.  The
   absolute URI of reftarget is http://example.com/geog/statistics/
   population/1997.html.

10.  Redirect References to Collections

   In a Request-URI /segment1/segment2/segment3, any of the three
   segments may identify a redirect reference resource.  (See [RFC2396],
   Section 3.3, for definitions of "path" and "segment".)  If any
   segment in a Request-URI identifies a redirect reference resource,
   the response SHOULD be a 302. 3xx. The value of the Location header in the
   302
   response is as follows:

   The leftmost path segment of the request-URI that identifies a
   redirect reference resource, together with all path segments and
   separators to the left of it, is replaced by the value of the
   redirect reference resource's DAV:reftarget property (resolved to an
   absolute URI).  The remainder of the request-URI is concatenated to
   this path.

   Note: If the DAV:reftarget property ends with a "/" and the remainder
   of the Request-URI is non-empty (and therefore must begin with a "/
   "), the final "/" in the DAV:reftarget property is dropped before the
   remainder of the Request-URI is appended.

   Consider Request-URI /x/y/z.html.  Suppose that /x/ is a redirect
   reference resource whose target resource is collection /a/, which
   contains redirect reference resource y whose target resource is
   collection /b/, which contains redirect reference resource z.html
   whose target resource is /c/d.html.

   /x/y/z.html
       |
       | /x -> /a
       |
       v
   /a/y/z.html
       |
       | /a/y -> /b
       |
       v
   /b/z.html
       |
       | /b/z.html -> /c/d.html
       |
       v
   /c/d.html

   In this case the client must follow up three separate 302 3xx responses
   before finally reaching the target resource.  The server responds to
   the initial request with a 302 3xx with Location: /a/y/z.html, and the
   client resubmits the request to /a/y/z.html.  The server responds to
   this request with a 302 3xx with Location: /b/z.html, and the client
   resubmits the request to /b/z.html.  The server responds to this
   request with a 302 3xx with Location: /c/d.html, and the client resubmits
   the request to /c/d.html.  This final request succeeds.

      Note: the behavior described above may have a very serious impact
      on the efficiency of mapping Request-URIs to resources in HTTP
      request processing. Therefore servers MAY respond with a 404
      status code if the cost of checking all leading path segments for
      redirect references seems prohibitive.

11.  Headers

11.1  Redirect-Ref Response Header

   Redirect-Ref = "Redirect-Ref:" (absoluteURI | relativeURI)
                  ; see sections 3 and 5 of [RFC2396]

   The Redirect-Ref header is used in all 302 3xx responses from redirect
   reference resources. The value is the (possibly relative) URI of the
   link target as specified during redirect reference resource creation.

11.2  Apply-To-Redirect-Ref Request Header

   Apply-To-Redirect-Ref = "Apply-To-Redirect-Ref" ":" ("T" | "F")

   The optional Apply-To-Redirect-Ref header can be used on any request
   to a redirect reference resource.  When it is present and set to "T",
   the request MUST be applied to the reference resource itself, and a
   302
   3xx response MUST NOT be returned.

   If the Apply-To-Redirect-Ref header is used on a request to any other
   sort of resource besides a redirect reference resource, the server
   MUST ignore it.

12.  Redirect Reference Resource Properties

12.1 reftarget Property

   Name: reftarget

   Namespace: DAV:

   Purpose: A property of

   The properties defined below are REQUIRED on redirect reference resources that provides
   resources.

12.1  DAV:redirect-lifetime (protected)

   This property provides information about the lifetime of a redirect.
   It can either be DAV:permanent (HTTP status 301) or DAV:temporary
   (HTTP status 302). Future protocols MAY define additional values.

   <!ELEMENT redirect-lifetime (permanent | temporary)>
   <!ELEMENT permanent EMPTY>
   <!ELEMENT temporary EMPTY>

12.2  DAV:reftarget (protected)

   This property provides an efficient way for clients to discover the
   URI of the target resource.  This is a read-only property after its
   initial creation. Its value can only be set in a MKRESOURCE MKREDIRECTREF
   request.

   Value: href  The value is a DAV:href element containing the URI of the
   target resource.  This value
      MAY be a relative URI.  The reftarget property can occur in the
      entity bodies of MKRESOURCE requests and of responses to PROPFIND
      requests.

   <!ELEMENT reftarget href >

13.  XML Elements

13.1  redirectref XML Element

   Name: redirectref

   Namespace: DAV:

   Purpose: Used as the value of the DAV:resourcetype property to
      specify that the resource type is a redirect reference resource.

   <!ELEMENT redirectref EMPTY >

14.  Extensions to the DAV:response XML Element for Multi-Status
    Responses

   As described in Section 7, the DAV:location element may be returned
   in the DAV:response element of  a 207 Multi-Status response, to allow
   clients to resubmit their requests  to the target resource of a
   redirect reference resource.

   Consequently, the definition of the DAV:response XML element changes
   to the following:

   <!ELEMENT response (href, ((href*, status)|(propstat+)),
                       responsedescription?, location?) >
   <!ELEMENT location (href) >

15.  Capability Discovery

   Sections 9.1 and 15 of [RFC2518] describe the use of compliance
   classes with the DAV header in responses to OPTIONS, to indicate
   which parts of the WebDAV Distributed Authoring protocols the
   resource supports. This specification defines an OPTIONAL extension
   to [RFC2518].  It defines a new compliance class, called
   redirectrefs, for use with the DAV header in responses to OPTIONS
   requests.  If a resource does support redirect references, its
   response to an OPTIONS request may indicate that it does, by listing
   the new redirectrefs compliance class in the DAV header and by
   listing the MKRESOURCE MKREDIRECTREF method as one it supports.

   When responding to an OPTIONS request, any type of resource can
   include redirectrefs in the value of the DAV header.  Doing so
   indicates that the server permits a redirect reference resource at
   the request URI.

15.1  Example: Discovery of Support for Redirect Reference Resources

   >> Request:

   OPTIONS /somecollection/someresource HTTP/1.1
   Host: example.org

   >> Response:

   HTTP/1.1 200 OK
   Allow: OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, COPY, MOVE
   Allow: MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, MKRESOURCE MKREDIRECTREF
   DAV: 1, 2, redirectrefs

   The DAV header in the response indicates that the resource /
   somecollection/someresource is level 1 and level 2 compliant, as
   defined in [RFC2518].  In addition, /somecollection/someresource
   supports redirect reference resources.  The Allow header indicates
   that MKRESOURCE MKREDIRECTREF requests can be submitted to /somecollection/
   someresource.

16.  Security Considerations

   This section is provided to make applications that implement this
   protocol aware of the security implications of this protocol.

   All of the security considerations of HTTP/1.1 and the WebDAV
   Distributed Authoring Protocol specification also apply to this
   protocol specification.  In addition, redirect reference resources
   introduce several new security concerns and increase the risk of some
   existing threats.  These issues are detailed below.

16.1  Privacy Concerns

   By creating redirect reference resources on a trusted server, it is
   possible for a hostile agent to induce users to send private
   information to a target on a different server.   This risk is
   mitigated somewhat, since clients are required to notify the user of
   the redirection for any request other than GET or HEAD. (See
   [RFC2616], Section 10.3.3 302 Found.)

16.2  Redirect Loops

   Although redirect loops were already possible in HTTP 1.1, the
   introduction of the MKRESOURCE MKREDIRECTREF method creates a new avenue for
   clients to create loops accidentally or maliciously.  If the
   reference resource and its target are on the same server, the server
   may be able to detect MKRESOURCE MKREDIRECTREF requests that would create loops.
   See also [RFC2616], Section 10.3 "Redirection 3xx."

16.3  Redirect Reference Resources and Denial of Service

   Denial of service attacks were already possible by posting URLs that
   were intended for limited use at heavily used Web sites.  The
   introduction of MKRESOURCE MKREDIRECTREF creates a new avenue for similar denial
   of service attacks.  Clients can now create redirect reference
   resources at heavily used sites to target locations that were not
   designed for heavy usage.

16.4  Revealing Private Locations

   There are several ways that redirect reference resources may reveal
   information about collection structures.  First, the DAV:reftarget
   property of every redirect reference resource contains the URI of the
   target resource.  Anyone who has access to the reference resource can
   discover the collection path that leads to the target resource.   The
   owner of the target resource may have wanted to limit knowledge of
   this collection structure.

   Sufficiently powerful access control mechanisms can control this risk
   to some extent.  Property-level access control could prevent users
   from examining the DAV:reftarget property.  (The Location header
   returned in responses to requests on redirect reference resources
   reveals the same information, however.)

   This risk is no greater than the similar risk posed by HTML links.

17.  Internationalization Considerations

   All internationalization considerations mentioned in [RFC2518] also
   apply to this document.

18.  IANA Considerations

   All IANA considerations mentioned in [RFC2518] also apply to this
   document.

19.  Contributors

   Many thanks to Jason Crawford, Jim Davis, Chuck Fay and Judith Slein
   who can take credit for big parts of the original design of this
   specification.

20.  Acknowledgements

   This document has benefited from thoughtful discussion by Jim Amsden,
   Peter Carlson, Steve Carter, Tyson Chihaya, Ken Coar, Ellis Cohen,
   Bruce Cragun, Spencer Dawkins, Mark Day, Rajiv Dulepet, David Durand,
   Lisa Dusseault, Stefan Eissing, Roy Fielding, Yaron Goland, Fred
   Hitt, Alex Hopmann, James Hunt, Marcus Jager, Chris Kaler, Manoj
   Kasichainula, Rohit Khare, Daniel LaLiberte, Steve Martin, Larry
   Masinter, Jeff McAffer, Joe Orton, Surendra Koduru Reddy, Juergen
   Reuter, Max Rible, Sam Ruby, Bradley Sergeant, Nick Shelness, John
   Stracke, John Tigue, John Turner, Kevin Wiggen, and others.

21  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2396]  Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform
              Resource Identifiers (URI): Generic Syntax", RFC 2396,
              August 1998.

   [RFC2518]  Goland, Y., Whitehead, E., Faizi, A., Carter, S. and D.
              Jensen, "HTTP Extensions for Distributed Authoring --
              WEBDAV", RFC 2518, February 1999.

   [RFC2616]  Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
              Masinter, L., Leach, P. and T. Berners-Lee, "Hypertext
              Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

   [1]  <mailto:w3c-dist-auth@w3.org>

   [2]  <mailto:w3c-dist-auth-request@w3.org?subject=subscribe>

   [RFC3253]  Clemm, G., Amsden, J., Ellison, T., Kaler, C. and J.
              Whitehead, "Versioning Extensions to WebDAV (Web
              Distributed Authoring and Versioning)", RFC 3253, March
              2002.

Authors' Addresses

   Jim Whitehead
   UC Santa Cruz, Dept. of Computer Science
   1156 High Street
   Santa Cruz, CA  95064
   US

   EMail: ejw@cse.ucsc.edu

   Geoff Clemm
   IBM
   20 Maguire Road
   Lexington, MA  02421
   US

   EMail: geoffrey.clemm@us.ibm.com

   Julian F. Reschke (editor)
   greenbytes GmbH
   Salzmannstrasse 152
   Muenster, NW  48159
   Germany

   Phone: +49 251 2807760
   Fax:   +49 251 2807761
   EMail: julian.reschke@greenbytes.de
   URI:   http://greenbytes.de/tech/webdav/

Appendix A.  Changes to the WebDAV Document Type Definition

   <!-- XML Elements from Section 13 -->
   <!ELEMENT redirectref EMPTY >
   <!--  -->Property Property Elements from Section 12 -->

   <!ELEMENT reftarget href>
   <!ELEMENT location href>

   <!-- XML Elements from Section 13-->

   <!ELEMENT redirectref EMPTY >

   <!-- Changes to the DAV:response Element from Section 14 -->

   <!ELEMENT response (href, ((href*, status, prop?) | (propstat+)),
   responsedescription?) status)|(propstat+)),
                       responsedescription?, location?) >
   <!ELEMENT location (href) >

Appendix B.  Change Log (to be removed by RFC Editor before publication)

B.1  Since draft-ietf-webdav-redirectref-protocol-02

   Julian Reschke takes editorial role (added to authors list). Cleanup
   XML indentation. Start adding all unresolved last call issues. Update
   some author's contact information. Update references, split into
   "normative" and "informational". Remove non-RFC2616 headers
   ("Public") from examples. Fixed width problems in artwork. Start
   resolving editorial issues.

B.2  Since draft-ietf-webdav-redirectref-protocol-03

   Added Joe Orton and Juergen Reuter to Acknowledgements section. Close
   more editorial issues. Remove dependencies on BIND spec.

B.3  Since draft-ietf-webdav-redirectref-protocol-04

   More editorial fixes. Clarify that MKRESOURCE can only be used to
   create redirect references (switch to new method in a future draft).
   Clarify that redirect references do not have bodies.

B.4  Since draft-ietf-webdav-redirectref-protocol-05

   Close (accept) issue "lc-79-accesscontrol". Add issue
   "rfc2606-compliance". Close issues "lc-50-blindredirect",
   "lc-71-relative", "lc-74-terminology". Update contact info for Geoff
   Clemm. Moved some of the original authors names to new Contributors
   section. Add and close issue "9-MKRESOURCE-vs-relative-URI".  Close
   issue "lc-72-trailingslash".  Close issue "lc-60-ex". Update issue
   "lc-85-301" with proposal. Close issue "lc-06-reftarget-relative"
   (9-MKRESOURCE-vs-relative-URI was a duplicate of this one). Also
   remove section 9.1 (example for MKRESOURCE vs relative URIs).  Add
   and resolve issue "11.2-apply-to-redirect-ref-syntax" (header now has
   values "T" and "F"). Also some cleanup for "rfc2606-compliance".
   Typo fixes. Add and resolve "15.1-options-response".

B.5  Since draft-ietf-webdav-redirectref-protocol-06

   Resolve issues "lc-19-direct-ref", "lc-28-lang", "lc-29-lang",
   "lc-44-pseudo", "lc-53-s10", "lc-61-pseudo", "lc-63-move",
   "lc-80-i18n" and "rfc2606-compliance". Start work on index. Add new
   issue "old_clients".

B.6  Since draft-ietf-webdav-redirectref-protocol-07

   Closed issue "lc-38-not-hierarchical". Cleaned up DTD fragments in
   appendix. Close (reject) issues "lc-55-iana" and "lc-41-no-webdav".

   Add issue "5_mkresource" and start work on MKREDIRECTREF (issue
   closed, but more work on MKREDIRECTREF needs to be done for updates
   and status codes other than 302). Start resolution of "lc-85-301",
   replacing "302" by more generic language. Update issue
   "lc-57-noautoupdate". Close issue "lc-37-integrity" (duplicate of
   "lc-57-autoupdate"). Started work on "lc-85-301". Add L. Dusseault
   and S. Eissing to Acknowledgments section.

Appendix C.  Resolved issues (to be removed by RFC Editor before
            publication)

   Issues that were either rejected or resolved in this version of this
   document.

C.1 lc-19-direct-ref  title

   Type: edit

   julian.reschke@greenbytes.de (2004-01-04): Expand "WebDAV" in
   document title.

   Resolution: Done (no change tracking).

C.2  lc-38-not-hierarchical

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0266.html>

   reuterj@ira.uka.de (2000-02-07): Section 4, para 5 and Section 6,
   para 3 discussions
   0289.html>

   yarong@Exchange.Microsoft.com (2000-02-11): Not Hierarchical: The
   first sentence of the Apply-to-Redirect-Ref header make it sound
   as if we are specifying direct reference behavior.

   Resolution (2003-11-04): Change these passages so that the contrast
   is between applying second paragraph of the method to introduction of the
   redirect reference and
   responding with a 302.

C.2 rfc2606-compliance

   Type: editor

   julian.reschke@greenbytes.de (2003-10-02): Ensure spec asserts that examples use
   only sample domains as per RFC2606.

C.3 lc-28-lang

   Type: edit

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0266.html>

   reuterj@ira.uka.de (2000-02-07): Section 6: Get rid of the sentence
   "A reference-aware WebDAV client can act on this response in one URIs of
   two ways." A client can act on the response in any way it wants.

   Resolution (2003-11-04): Agreed. See also issue 48.

C.4 lc-29-lang

   Type: edit

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0266.html>
   reuterj@ira.uka.de (2000-02-07): Section 6, para 4: Obvious, doesn't
   need WebDAV compliant resources
   match to collections. The WebDAV standard makes no such requirement.
   I therefore move that this sentence be stated. Maybe note in an example. stricken.

   Resolution (2003-11-04): Agreed. See also issue 48.

C.5 lc-44-pseudo (2003-11-19): State the more general HTTP rationale first
   (alternative names for the same resource), then introduce the
   collection hierarchy rationale, which applies only if you are in a
   WebDAV-compliant space.

C.3  lc-37-integrity

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0302.html>
   0288.html>
   yarong@Exchange.Microsoft.com (2000-02-11): Instead of adding an
   optional prop XML element to the response element in 207 responses,
   define a new location XML element and a new refresource XML element.

   Resolution: Agree to define new XML elements that Integrity: Intro, para 7
   "Servers are not
   pseudo-properties. Disagreement about whether refresource is needed.
   See issue 61.

C.6 lc-61-pseudo

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0316.html>

   reuterj@ira.uka.de (2000-02-14): Section 7: It doesn't make sense to
   ask future editors of RFC 2518 required to define DAV:location with the
   semantics it has here. RFC 2518 should provide the information in enforce the
   Location header somehow in multistatus responses, but not by using
   properties.

   Resolution (2003-10-31): Define an XML element for location that integrity of redirect
   references." Integrity is not a pseudo-property. We'll keep the recommendation that RFC 2518
   add this for 302 responses. See also issue 44.

C.7 lc-62-oldclient

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0316.html>

   reuterj@ira.uka.de (2000-02-14): Section 7: It's too strong to claim
   that non-referencing clients can't process 302 responses occurring in
   Multi-Status responses. They just have an extra round trip for each
   302. defined. Replace with something
   clearer.

   Resolution (2003-10-31): (2004-01-19): Remove last sentence that sentence. Issue will be resolved
   as part of the paragraph that
   recommends changes to RFC 2518.

C.8 lc-63-move resolution of "lc-57-noautoupdate".

C.4  5_mkresource

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0316.html>

   reuterj@ira.uka.de (2000-02-14): Section 7.1: Is MOVE atomic from the
   perspective of a client? Agrees that there should be no 302s

   julian.reschke@greenbytes.de (2004-01-04): Umbrella issue for
   member redirect references, but finds all
   changes caused by replacing the rationale dubious.

   Resolution (2003-11-11): Remove 7.1. Reword 7.2 to avoid concerns
   with "poses special problems" and "due to atomicity".

C.9 lc-53-s10 generic MKRESOURCE method by
   MKREDIRECTREF.

C.5  lc-41-no-webdav

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0304.html>
   0292.html>

   yarong@Exchange.Microsoft.com (2000-02-11): The behavior described in
   this section would have a very serious impact on the efficiency of
   mapping Request-URIs to resources in HTTP request processing. Also
   specify another type of Make redirect resource that does not behave as in
   section 10, but instead would "expose the behavior we see today in
   various HTTP servers that allow their users to create 300 resources."
   Be sure we know what behavior will be if references
   independent of the rest of WebDAV. The creation method for redirect location is not
   references shouldn't require an HTTP URL, but, say ftp. XML request body.

   Resolution (2003-11-04): We won't define 2 sorts (2004-01-04): MKRESOURCE will be replaced by a specific
   method that doesn't rely on any PROPPATCH semantics, however it will
   still use XML (see also BIND spec for similar marshalling).

C.6  lc-24-properties

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0266.html>

   reuterj@ira.uka.de (2000-02-07): Section 5.1: Replace the sentence
   "The properties of redirect
   references here. Servers SHOULD respond with 302 the new resource are as described here,
   but if they can't do that, respond specified by the
   DAV:propertyupdate request body, using PROPPATCH semantics" with 404 Not Found. (It's hard to
   modularize the behavior specified - it impacts processing Not Found
   cases of all methods, so you can't just add it
   following: "The MKRESOURCE request MAY contain a DAV:propertyupdate
   request body to an HTTP server in initialize resource properties. Herein, the semantics
   is the same as when sending a
   redirect ref module.)

C.10 lc-76-location

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0359.html>

   reuterj@ira.uka.de (2000-02-22): 12.2: Make DAV:location MKRESOURCE request without a real
   (live) property, get rid of request
   body, followed by a PROPPATCH with the DAV:reftarget property DAV:propertyupdate request
   body."

   Resolution (2003-10-31): Pseudo-property was removed.

C.11 lc-80-i18n (2004-01-04): MKRESOURCE will be replaced by simpler/more
   specific method.

C.7  lc-55-iana

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0359.html>

   reuterj@ira.uka.de (2000-02-22): Section 17: Could get rid of a lot
   of this section, since this protocol extends WebDAV. Just reference
   [WebDAV].

   julian.reschke@greenbytes.de (2003-10-02): True, but I note that
   other specs have re-stated these considerations as well. Opinions?

   Resolution (2003-11-11): Just point
   0305.html>

   yarong@Exchange.Microsoft.com (2000-02-11): Expand the IANA section
   to RFC2518. Remove RFC2277 and list all methods, headers, XML from references (not needed anymore). elements, MIME types, URL schemes,
   etc., defined by the spec.

   Resolution (2004-01-02): Rejected: this section is about registering
   new spaces of identifiers. See RFC2434.

C.8  A_DTD_cleanup

   Type: change

   julian.reschke@greenbytes.de (2003-11-18): Cleanup DTD.

Appendix D.  Open issues (to be removed by RFC Editor before prior to
            publication)

D.1  old_clients

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2003OctDec/
   0180.html>

   julian.reschke@greenbytes.de (2003-11-10): There are (at least) two
   major design goals, but unfortunately both are in direct
   contradiction: #1: Maximum consistency with HTTP/1.1 (RFC2616). This
   means that any request that addresses a redirect reference resource
   MUST result in a 3xx status code (obviously the whole point is that
   GET MUST result in a redirection, and if it does, it's hard to say
   why other methods such as PUT or DELETE should behave differently).
   Therefore, the redirect reference protocol introduces a new request
   header ("Apply-To-Redirect-Ref") through which a client can indicate
   that the request indeed should be applied to the redirect reference
   resource itself. #2: Maximum usability with existing clients. For
   instance, the Microsoft Webfolder client will not be able to DELETE a
   redirect reference resource unless the server deviates from #1. Right
   now I'm not sure about the best way to resolve this. Currently the
   spec chooses #1 (back when this decision was made, there was probably
   the assumption that existing clients would quickly be updated --
   something that probably isn't true today). However this may result in
   implementers either just ignoring these rules, or adding special
   workarounds based on "User Agent" detection.

D.2  lc-85-301

   Type: change

   ejw@cse.ucsc.edu (2000-01-03): Support creation of other than 302
   redirects, especially 301.

   julian.reschke@greenbytes.de (2003-10-13): HTTP seems to distinguish
   the following use cases: (a) permanent redirect (301), (b) temporary
   redirect (302 or 307), (c) redirect to a GET location after POST
   (303) and (d) agent-driven negotiation (300). Among these, (a) and
   (b) seem to be well understood, so we should support both. (c)
   doesn't seem to be applicable. (d) may become interesting when user
   agents start supporting it, so the spec should be flexible enough to
   support a feature extension for that. For now I propose that the
   client is able to specify the redirection type as a resource type,
   such as "DAV:permanent-redirect-reference" and
   "DAV:temporary-redirect-reference". This spec would only define the
   behaviour for these two resource types and would allow future
   extensions using new resource types and suggested response codes.

D.3 lc-38-not-hierarchical

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0289.html>

   yarong@Exchange.Microsoft.com (2000-02-11): Not Hierarchical: The
   first sentence of the second paragraph of the introduction of the
   redirect spec asserts that the URIs of WebDAV compliant resources
   match to collections. The WebDAV standard makes no such requirement.
   I therefore move that this sentence be stricken.

   Resolution: State the more general HTTP rationale first (alternative
   names for the same resource), then introduce the collection hierarchy
   rationale, which applies only if you are in a WebDAV-compliant space.

D.4 and suggested response codes.

   Resolution (2004-01-19): Support creation of both permanent (301,
   optional) and temporary (302, required) redirects. Keep protocol
   extensible for other types. Make lifetime visible as protected
   property.

D.3  lc-36-server

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0285.html>

   yarong@Exchange.Microsoft.com (2000-02-11): Servers: Replace "server"
   with "unrelated system" throughout.

   Resolution: Try replacing "server" with "host" in some contexts,
   rephrasing in passive voice in others. See also issue 40.

D.5

D.4  lc-33-forwarding

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0284.html>

   yarong@Exchange.Microsoft.com (2000-02-11): Forwarding: Replace
   "forward" with "redirect" throughout.

   Resolution: Use "redirect" for the behavior redirect resources do
   exhibit. Use "forward" for the contrasting behavior (passing a method
   on to the target with no client action needed). Define these two
   terms. See also issue 40.

D.6 lc-37-integrity

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0288.html>

   yarong@Exchange.Microsoft.com (2000-02-11): Integrity: Intro, para 7
   "Servers are not required to enforce the integrity of redirect
   references." Integrity is not defined. Replace with something
   clearer.

   Resolution: Rewrite to say that the server MUST NOT update the target
   See also issue 6.

D.7

D.5  3-terminology-redirectref

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0290.html>

   julian.reschke@greenbytes.de (2003-07-27): Consider global rename of
   "redirect reference resource" to "redirect resource".

D.8 lc-41-no-webdav

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0292.html>

   yarong@Exchange.Microsoft.com (2000-02-11): Make redirect references
   independent of the rest of WebDAV. The creation method for redirect
   references shouldn't require an XML request body.

   Resolution: We will make redirect references independent of the rest
   of WebDAV. MKREF will not have an XML request body.

D.9

D.6  lc-58-update

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0308.html>

   yarong@Exchange.Microsoft.com (2000-02-11): There needs to be a way
   to update the target of a redirect reference.

   Resolution: Agreed. See also issues 6, 43.

D.10 lc-24-properties

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0266.html>

   reuterj@ira.uka.de (2000-02-07): Section 5.1: Replace the sentence
   "The properties of the new resource are as specified by the
   DAV:propertyupdate request body, using PROPPATCH semantics" with the
   following: "The MKRESOURCE request MAY contain a DAV:propertyupdate
   request body to initialize resource properties. Herein, the semantics
   is the same as when sending a MKRESOURCE request without a request
   body, followed by a PROPPATCH with the DAV:propertyupdate request
   body."

   Resolution: No longer relevant once we switch to MKREF with no
   request body.

D.11

D.7  lc-48-s6

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0298.html>

   yarong@Exchange.Microsoft.com (2000-02-11): Replace all of section 6
   with just this: A redirect resource, upon receiving a request without
   an Apply-To-Redirect-Ref header, MUST respond with a 302 (Found)
   response. The 302 (Found) response MUST include a location header
   identifying the target and a Redirect-Ref header. If a redirect
   resource receives a request with an Apply-To-Redirect-Ref header then
   the redirect reference resource MUST apply the method to itself
   rather than blindly returning a 302 (Found) response.

   Resolution: Keep a summary along the lines of Yaron's proposal (don't
   use the word "blindly"). Keep the bullets detailing the headers to be
   returned. Delete the rest, including the examples. See also issue 28,
   29, 30, 31, 32.

D.12

D.8  lc-57-noautoupdate

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0307.html>

   yarong@Exchange.Microsoft.com (2000-02-11): Add language to forbid
   servers from automatically updating redirect resources when their
   targets move.

   Resolution: Agreed. See also issue 6.

D.13

   julian.reschke@greenbytes.de (2004-01-05): I don't think we can
   forbid that. This spec consists of (a) clarifications of how a server
   that supports redirects should behave for specific WebDAV methods,
   and (b) extensions to explicitly create them (or to apply a method to
   the redirect itself). As such, we shouldn't add any requirements that
   HTTP doesn't add. What we could do is (1) note why auto-update may be
   a bad idea, and possibly (2) define that redirects created by
   MKREDIRECTREF should not behave that way (or alternatively define
   more specific resource types).

D.9  12.1-property-name

   Type: change

   julian.reschke@greenbytes.de (2003-10-06): Sync names for
   DAV:reftarget property and "Redirect-Ref" response headers.

D.14 lc-55-iana

   Type: change

   <http://lists.w3.org/Archives/Public/w3c-dist-auth/2000JanMar/
   0305.html>

   yarong@Exchange.Microsoft.com (2000-02-11): Expand the IANA section
   to list all methods, headers, XML elements, MIME types, URL schemes,
   etc., defined by the spec.

   Resolution: Agreed.

Index

A
   Apply-To-Redirect-Ref header  25  19

C
   Condition Names
      DAV:locked-update-allowed (pre)  8
      DAV:name-allowed (pre)  7
      DAV:new-redirectref (post)  8
      DAV:redirect-lifetime-supported (pre)  8
      parent-resource-must-be-non-null (pre)  7
      resource-must-be-null (pre)  7

D
   DAV header
      compliance class 'redirectrefs'  29  20
   DAV:locked-update-allowed precondition  8
   DAV:name-allowed precondition  7
   DAV:new-redirectref postcondition  8
   DAV:parent-resource-must-be-non-null precondition  7
   DAV:redirect-lifetime property  19
   DAV:redirect-lifetime-supported precondition  8
   DAV:redirectref resource type  27  20
   DAV:reftarget property  26  20
   DAV:resource-must-be-null precondition  7

H
   Headers
      Apply-To-Redirect-Ref  25  19
      Redirect-Ref  25  19

M
   Methods
      MKRESOURCE  9
   MKRESOURCE
      MKREDIRECTREF  7
   MKREDIRECTREF method  9  7

P
   Properties
      DAV:redirect-lifetime  19
      DAV:reftarget  26  20

R
   Redirect-Ref header  25  19
   Resource Types
      DAV:redirectref  27  20

Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   intellectual property
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; neither nor does it represent that it has
   made any independent effort to identify any such rights. Information
   on the IETF's procedures with respect to rights in standards-track and
   standards-related documentation IETF Documents can
   be found in BCP-11. BCP 78 and BCP 79.

   Copies of
   claims of rights IPR disclosures made available for publication to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementors implementers or users of this
   specification can be obtained from the IETF Secretariat. on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights which that may cover technology that may be required to practice implement
   this standard. Please address the information to the IETF Executive
   Director.

Full Copyright Statement

   Copyright (C) The Internet Society (2003). All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works. However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose at
   ietf-ipr@ietf.org.

Disclaimer of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assignees. Validity

   This document and the information contained herein is are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIMS DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Copyright Statement

   Copyright (C) The Internet Society (2004). This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.

Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.