draft-ietf-webdav-rfc2518bis-15.txt   draft-ietf-webdav-rfc2518bis-16.txt 
WebDAV L. Dusseault, Ed. WebDAV L. Dusseault, Ed.
Internet-Draft OSAF Internet-Draft CommerceNet
Obsoletes: 2518 (if approved) November 26, 2006
Expires: October 3, 2006 Intended status: Standards Track
Expires: May 30, 2007
HTTP Extensions for Distributed Authoring - WebDAV HTTP Extensions for Distributed Authoring - WebDAV
draft-ietf-webdav-rfc2518bis-15 draft-ietf-webdav-rfc2518bis-16
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 34 skipping to change at page 1, line 35
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on October 3, 2006. This Internet-Draft will expire on May 30, 2007.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The Internet Society (2006).
Abstract Abstract
WebDAV consists of a set of methods, headers, and content-types WebDAV consists of a set of methods, headers, and content-types
ancillary to HTTP/1.1 for the management of resource properties, ancillary to HTTP/1.1 for the management of resource properties,
creation and management of resource collections, URL namespace creation and management of resource collections, URL namespace
manipulation, and resource locking (collision avoidance). manipulation, and resource locking (collision avoidance).
RFC2518 was published in February 1999, and this specification makes RFC2518 was published in February 1999, and this specification makes
minor revisions mostly due to interoperability experience. minor revisions mostly due to interoperability experience.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 8
2. Notational Conventions . . . . . . . . . . . . . . . . . . . 9 2. Notational Conventions . . . . . . . . . . . . . . . . . . . 10
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 10 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 11
4. Data Model for Resource Properties . . . . . . . . . . . . . 12 4. Data Model for Resource Properties . . . . . . . . . . . . . 13
4.1. The Resource Property Model . . . . . . . . . . . . . . 12 4.1. The Resource Property Model . . . . . . . . . . . . . . 13
4.2. Properties and HTTP Headers . . . . . . . . . . . . . . 12 4.2. Properties and HTTP Headers . . . . . . . . . . . . . . 13
4.3. Property Values . . . . . . . . . . . . . . . . . . . . 12 4.3. Property Values . . . . . . . . . . . . . . . . . . . . 13
4.3.1. Example - Property with Mixed Content . . . . . . . 14 4.3.1. Example - Property with Mixed Content . . . . . . . 15
4.4. Property Names . . . . . . . . . . . . . . . . . . . . . 16 4.4. Property Names . . . . . . . . . . . . . . . . . . . . . 17
4.5. Source Resources and Output Resources . . . . . . . . . 16 4.5. Source Resources and Output Resources . . . . . . . . . 17
5. Collections of Web Resources . . . . . . . . . . . . . . . . 17 5. Collections of Web Resources . . . . . . . . . . . . . . . . 18
5.1. HTTP URL Namespace Model . . . . . . . . . . . . . . . . 17 5.1. HTTP URL Namespace Model . . . . . . . . . . . . . . . . 18
5.2. Collection Resources . . . . . . . . . . . . . . . . . . 17 5.2. Collection Resources . . . . . . . . . . . . . . . . . . 18
6. Locking . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 6. Locking . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
6.1. Lock Model . . . . . . . . . . . . . . . . . . . . . . . 20 6.1. Lock Model . . . . . . . . . . . . . . . . . . . . . . . 21
6.2. Exclusive Vs. Shared Locks . . . . . . . . . . . . . . . 21 6.2. Exclusive Vs. Shared Locks . . . . . . . . . . . . . . . 22
6.3. Required Support . . . . . . . . . . . . . . . . . . . . 22 6.3. Required Support . . . . . . . . . . . . . . . . . . . . 23
6.4. Lock Creator and Privileges . . . . . . . . . . . . . . 22 6.4. Lock Creator and Privileges . . . . . . . . . . . . . . 23
6.5. Lock Tokens . . . . . . . . . . . . . . . . . . . . . . 23 6.5. Lock Tokens . . . . . . . . . . . . . . . . . . . . . . 24
6.6. Lock Timeout . . . . . . . . . . . . . . . . . . . . . . 24 6.6. Lock Timeout . . . . . . . . . . . . . . . . . . . . . . 25
6.7. Lock Capability Discovery . . . . . . . . . . . . . . . 24 6.7. Lock Capability Discovery . . . . . . . . . . . . . . . 25
6.8. Active Lock Discovery . . . . . . . . . . . . . . . . . 25 6.8. Active Lock Discovery . . . . . . . . . . . . . . . . . 26
7. Write Lock . . . . . . . . . . . . . . . . . . . . . . . . . 26 7. Write Lock . . . . . . . . . . . . . . . . . . . . . . . . . 27
7.1. Write Locks and Properties . . . . . . . . . . . . . . . 26 7.1. Write Locks and Properties . . . . . . . . . . . . . . . 27
7.2. Avoiding Lost Updates . . . . . . . . . . . . . . . . . 27 7.2. Avoiding Lost Updates . . . . . . . . . . . . . . . . . 28
7.3. Write Locks and Unmapped URLs . . . . . . . . . . . . . 28 7.3. Write Locks and Unmapped URLs . . . . . . . . . . . . . 29
7.4. Write Locks and Collections . . . . . . . . . . . . . . 29 7.4. Write Locks and Collections . . . . . . . . . . . . . . 30
7.5. Write Locks and the If Request Header . . . . . . . . . 30 7.5. Write Locks and the If Request Header . . . . . . . . . 31
7.5.1. Example - Write Lock and COPY . . . . . . . . . . . 31 7.5.1. Example - Write Lock and COPY . . . . . . . . . . . 32
7.5.2. Example - Deleting a member of a locked collection . 31 7.5.2. Example - Deleting a member of a locked collection . 32
7.6. Write Locks and COPY/MOVE . . . . . . . . . . . . . . . 32 7.6. Write Locks and COPY/MOVE . . . . . . . . . . . . . . . 33
7.7. Refreshing Write Locks . . . . . . . . . . . . . . . . . 33 7.7. Refreshing Write Locks . . . . . . . . . . . . . . . . . 34
8. General Request and Response Handling . . . . . . . . . . . . 34 8. General Request and Response Handling . . . . . . . . . . . . 35
8.1. Precedence in Error Handling . . . . . . . . . . . . . . 34 8.1. Precedence in Error Handling . . . . . . . . . . . . . . 35
8.2. Use of XML . . . . . . . . . . . . . . . . . . . . . . . 34 8.2. Use of XML . . . . . . . . . . . . . . . . . . . . . . . 35
8.3. URL Handling . . . . . . . . . . . . . . . . . . . . . . 35 8.3. URL Handling . . . . . . . . . . . . . . . . . . . . . . 36
8.3.1. Example - Correct URL Handling . . . . . . . . . . . 35 8.3.1. Example - Correct URL Handling . . . . . . . . . . . 36
8.4. Required Bodies in Requests . . . . . . . . . . . . . . 36 8.4. Required Bodies in Requests . . . . . . . . . . . . . . 37
8.5. HTTP Headers for use in WebDAV . . . . . . . . . . . . . 36 8.5. HTTP Headers for use in WebDAV . . . . . . . . . . . . . 37
8.6. ETag . . . . . . . . . . . . . . . . . . . . . . . . . . 36 8.6. ETag . . . . . . . . . . . . . . . . . . . . . . . . . . 37
8.7. Including error response bodies . . . . . . . . . . . . 37 8.7. Including error response bodies . . . . . . . . . . . . 38
8.8. Impact of Namespace Operations on Cache Validators . . . 37 8.8. Impact of Namespace Operations on Cache Validators . . . 38
9. HTTP Methods for Distributed Authoring . . . . . . . . . . . 39 9. HTTP Methods for Distributed Authoring . . . . . . . . . . . 40
9.1. PROPFIND Method . . . . . . . . . . . . . . . . . . . . 39 9.1. PROPFIND Method . . . . . . . . . . . . . . . . . . . . 40
9.1.1. PROPFIND status codes . . . . . . . . . . . . . . . 40 9.1.1. PROPFIND status codes . . . . . . . . . . . . . . . 41
9.1.2. Status Codes for use in 'propstat' Element . . . . . 41 9.1.2. Status Codes for use in 'propstat' Element . . . . . 42
9.1.3. Example - Retrieving Named Properties . . . . . . . 41 9.1.3. Example - Retrieving Named Properties . . . . . . . 42
9.1.4. Example - Using so-called 'allprop' . . . . . . . . 43 9.1.4. Example - Using so-called 'allprop' . . . . . . . . 44
9.1.5. Example - Using 'propname' to Retrieve all 9.1.5. Example - Using 'propname' to Retrieve all
Property Names . . . . . . . . . . . . . . . . . . . 43 Property Names . . . . . . . . . . . . . . . . . . . 44
9.1.6. Example - Using 'allprop' . . . . . . . . . . . . . 45 9.1.6. Example - Using 'allprop' . . . . . . . . . . . . . 46
9.2. PROPPATCH Method . . . . . . . . . . . . . . . . . . . . 47 9.2. PROPPATCH Method . . . . . . . . . . . . . . . . . . . . 49
9.2.1. Status Codes for use in 'propstat' Element . . . . . 48 9.2.1. Status Codes for use in 'propstat' Element . . . . . 49
9.2.2. Example - PROPPATCH . . . . . . . . . . . . . . . . 49 9.2.2. Example - PROPPATCH . . . . . . . . . . . . . . . . 50
9.3. MKCOL Method . . . . . . . . . . . . . . . . . . . . . . 50 9.3. MKCOL Method . . . . . . . . . . . . . . . . . . . . . . 51
9.3.1. MKCOL Status Codes . . . . . . . . . . . . . . . . . 51 9.3.1. MKCOL Status Codes . . . . . . . . . . . . . . . . . 52
9.3.2. Example - MKCOL . . . . . . . . . . . . . . . . . . 51 9.3.2. Example - MKCOL . . . . . . . . . . . . . . . . . . 52
9.4. GET, HEAD for Collections . . . . . . . . . . . . . . . 52 9.4. GET, HEAD for Collections . . . . . . . . . . . . . . . 53
9.5. POST for Collections . . . . . . . . . . . . . . . . . . 52 9.5. POST for Collections . . . . . . . . . . . . . . . . . . 53
9.6. DELETE Requirements . . . . . . . . . . . . . . . . . . 52 9.6. DELETE Requirements . . . . . . . . . . . . . . . . . . 53
9.6.1. DELETE for Collections . . . . . . . . . . . . . . . 53 9.6.1. DELETE for Collections . . . . . . . . . . . . . . . 54
9.6.2. Example - DELETE . . . . . . . . . . . . . . . . . . 53 9.6.2. Example - DELETE . . . . . . . . . . . . . . . . . . 54
9.7. PUT Requirements . . . . . . . . . . . . . . . . . . . . 54 9.7. PUT Requirements . . . . . . . . . . . . . . . . . . . . 55
9.7.1. PUT for Non-Collection Resources . . . . . . . . . . 54 9.7.1. PUT for Non-Collection Resources . . . . . . . . . . 55
9.7.2. PUT for Collections . . . . . . . . . . . . . . . . 55 9.7.2. PUT for Collections . . . . . . . . . . . . . . . . 56
9.8. COPY Method . . . . . . . . . . . . . . . . . . . . . . 55 9.8. COPY Method . . . . . . . . . . . . . . . . . . . . . . 56
9.8.1. COPY for Non-collection Resources . . . . . . . . . 55 9.8.1. COPY for Non-collection Resources . . . . . . . . . 56
9.8.2. COPY for Properties . . . . . . . . . . . . . . . . 56 9.8.2. COPY for Properties . . . . . . . . . . . . . . . . 57
9.8.3. COPY for Collections . . . . . . . . . . . . . . . . 56 9.8.3. COPY for Collections . . . . . . . . . . . . . . . . 57
9.8.4. COPY and Overwriting Destination Resources . . . . . 57 9.8.4. COPY and Overwriting Destination Resources . . . . . 58
9.8.5. Status Codes . . . . . . . . . . . . . . . . . . . . 58 9.8.5. Status Codes . . . . . . . . . . . . . . . . . . . . 59
9.8.6. Example - COPY with Overwrite . . . . . . . . . . . 59 9.8.6. Example - COPY with Overwrite . . . . . . . . . . . 60
9.8.7. Example - COPY with No Overwrite . . . . . . . . . . 59 9.8.7. Example - COPY with No Overwrite . . . . . . . . . . 60
9.8.8. Example - COPY of a Collection . . . . . . . . . . . 60 9.8.8. Example - COPY of a Collection . . . . . . . . . . . 61
9.9. MOVE Method . . . . . . . . . . . . . . . . . . . . . . 60 9.9. MOVE Method . . . . . . . . . . . . . . . . . . . . . . 61
9.9.1. MOVE for Properties . . . . . . . . . . . . . . . . 61 9.9.1. MOVE for Properties . . . . . . . . . . . . . . . . 62
9.9.2. MOVE for Collections . . . . . . . . . . . . . . . . 61 9.9.2. MOVE for Collections . . . . . . . . . . . . . . . . 62
9.9.3. MOVE and the Overwrite Header . . . . . . . . . . . 62 9.9.3. MOVE and the Overwrite Header . . . . . . . . . . . 63
9.9.4. Status Codes . . . . . . . . . . . . . . . . . . . . 62 9.9.4. Status Codes . . . . . . . . . . . . . . . . . . . . 63
9.9.5. Example - MOVE of a Non-Collection . . . . . . . . . 63 9.9.5. Example - MOVE of a Non-Collection . . . . . . . . . 64
9.9.6. Example - MOVE of a Collection . . . . . . . . . . . 64 9.9.6. Example - MOVE of a Collection . . . . . . . . . . . 65
9.10. LOCK Method . . . . . . . . . . . . . . . . . . . . . . 65 9.10. LOCK Method . . . . . . . . . . . . . . . . . . . . . . 66
9.10.1. Creating a lock on existing resource . . . . . . . . 65 9.10.1. Creating a lock on existing resource . . . . . . . . 66
9.10.2. Refreshing Locks . . . . . . . . . . . . . . . . . . 65 9.10.2. Refreshing Locks . . . . . . . . . . . . . . . . . . 66
9.10.3. Depth and Locking . . . . . . . . . . . . . . . . . 66 9.10.3. Depth and Locking . . . . . . . . . . . . . . . . . 67
9.10.4. Locking Unmapped URLs . . . . . . . . . . . . . . . 66 9.10.4. Locking Unmapped URLs . . . . . . . . . . . . . . . 67
9.10.5. Lock Compatibility Table . . . . . . . . . . . . . . 67 9.10.5. Lock Compatibility Table . . . . . . . . . . . . . . 68
9.10.6. LOCK Responses . . . . . . . . . . . . . . . . . . . 67 9.10.6. LOCK Responses . . . . . . . . . . . . . . . . . . . 68
9.10.7. Example - Simple Lock Request . . . . . . . . . . . 68 9.10.7. Example - Simple Lock Request . . . . . . . . . . . 69
9.10.8. Example - Refreshing a Write Lock . . . . . . . . . 70 9.10.8. Example - Refreshing a Write Lock . . . . . . . . . 71
9.10.9. Example - Multi-Resource Lock Request . . . . . . . 71 9.10.9. Example - Multi-Resource Lock Request . . . . . . . 72
9.11. UNLOCK Method . . . . . . . . . . . . . . . . . . . . . 72 9.11. UNLOCK Method . . . . . . . . . . . . . . . . . . . . . 73
9.11.1. Status Codes . . . . . . . . . . . . . . . . . . . . 72 9.11.1. Status Codes . . . . . . . . . . . . . . . . . . . . 73
9.11.2. Example - UNLOCK . . . . . . . . . . . . . . . . . . 73 9.11.2. Example - UNLOCK . . . . . . . . . . . . . . . . . . 74
10. HTTP Headers for Distributed Authoring . . . . . . . . . . . 74 10. HTTP Headers for Distributed Authoring . . . . . . . . . . . 75
10.1. DAV Header . . . . . . . . . . . . . . . . . . . . . . . 74 10.1. DAV Header . . . . . . . . . . . . . . . . . . . . . . . 75
10.2. Depth Header . . . . . . . . . . . . . . . . . . . . . . 75 10.2. Depth Header . . . . . . . . . . . . . . . . . . . . . . 76
10.3. Destination Header . . . . . . . . . . . . . . . . . . . 76 10.3. Destination Header . . . . . . . . . . . . . . . . . . . 77
10.4. If Header . . . . . . . . . . . . . . . . . . . . . . . 76 10.4. If Header . . . . . . . . . . . . . . . . . . . . . . . 77
10.4.1. Purpose . . . . . . . . . . . . . . . . . . . . . . 76 10.4.1. Purpose . . . . . . . . . . . . . . . . . . . . . . 77
10.4.2. Syntax . . . . . . . . . . . . . . . . . . . . . . . 77 10.4.2. Syntax . . . . . . . . . . . . . . . . . . . . . . . 78
10.4.3. List Evaluation . . . . . . . . . . . . . . . . . . 78 10.4.3. List Evaluation . . . . . . . . . . . . . . . . . . 79
10.4.4. Matching State Tokens and ETags . . . . . . . . . . 78 10.4.4. Matching State Tokens and ETags . . . . . . . . . . 79
10.4.5. If Header and Non-DAV Aware Proxies . . . . . . . . 79 10.4.5. If Header and Non-DAV Aware Proxies . . . . . . . . 80
10.4.6. Example - No-tag Production . . . . . . . . . . . . 79 10.4.6. Example - No-tag Production . . . . . . . . . . . . 80
10.4.7. Example - using "Not" with No-tag Production . . . . 79 10.4.7. Example - using "Not" with No-tag Production . . . . 80
10.4.8. Example - causing a Condition to always evaluate 10.4.8. Example - causing a Condition to always evaluate
to True . . . . . . . . . . . . . . . . . . . . . . 80 to True . . . . . . . . . . . . . . . . . . . . . . 81
10.4.9. Example - Tagged List If header in COPY . . . . . . 80 10.4.9. Example - Tagged List If header in COPY . . . . . . 81
10.4.10. Example - Matching lock tokens with collection 10.4.10. Example - Matching lock tokens with collection
locks . . . . . . . . . . . . . . . . . . . . . . . 80 locks . . . . . . . . . . . . . . . . . . . . . . . 81
10.4.11. Example - Matching ETags on unmapped URLs . . . . . 81 10.4.11. Example - Matching ETags on unmapped URLs . . . . . 82
10.5. Lock-Token Header . . . . . . . . . . . . . . . . . . . 81 10.5. Lock-Token Header . . . . . . . . . . . . . . . . . . . 82
10.6. Overwrite Header . . . . . . . . . . . . . . . . . . . . 81 10.6. Overwrite Header . . . . . . . . . . . . . . . . . . . . 82
10.7. Timeout Request Header . . . . . . . . . . . . . . . . . 82 10.7. Timeout Request Header . . . . . . . . . . . . . . . . . 83
11. Status Code Extensions to HTTP/1.1 . . . . . . . . . . . . . 83 11. Status Code Extensions to HTTP/1.1 . . . . . . . . . . . . . 84
11.1. 207 Multi-Status . . . . . . . . . . . . . . . . . . . . 83 11.1. 207 Multi-Status . . . . . . . . . . . . . . . . . . . . 84
11.2. 422 Unprocessable Entity . . . . . . . . . . . . . . . . 83 11.2. 422 Unprocessable Entity . . . . . . . . . . . . . . . . 84
11.3. 423 Locked . . . . . . . . . . . . . . . . . . . . . . . 83 11.3. 423 Locked . . . . . . . . . . . . . . . . . . . . . . . 84
11.4. 424 Failed Dependency . . . . . . . . . . . . . . . . . 83 11.4. 424 Failed Dependency . . . . . . . . . . . . . . . . . 84
11.5. 507 Insufficient Storage . . . . . . . . . . . . . . . . 83 11.5. 507 Insufficient Storage . . . . . . . . . . . . . . . . 84
12. Use of HTTP Status Codes . . . . . . . . . . . . . . . . . . 84 12. Use of HTTP Status Codes . . . . . . . . . . . . . . . . . . 85
12.1. 412 Precondition Failed . . . . . . . . . . . . . . . . 84 12.1. 412 Precondition Failed . . . . . . . . . . . . . . . . 85
12.2. 414 Request-URI Too Long . . . . . . . . . . . . . . . . 84 12.2. 414 Request-URI Too Long . . . . . . . . . . . . . . . . 85
13. Multi-Status Response . . . . . . . . . . . . . . . . . . . . 85 13. Multi-Status Response . . . . . . . . . . . . . . . . . . . . 86
13.1. Response headers . . . . . . . . . . . . . . . . . . . . 85 13.1. Response headers . . . . . . . . . . . . . . . . . . . . 86
13.2. Handling redirected child resources . . . . . . . . . . 86 13.2. Handling redirected child resources . . . . . . . . . . 87
13.3. Internal Status Codes . . . . . . . . . . . . . . . . . 86 13.3. Internal Status Codes . . . . . . . . . . . . . . . . . 87
14. XML Element Definitions . . . . . . . . . . . . . . . . . . . 87 14. XML Element Definitions . . . . . . . . . . . . . . . . . . . 88
14.1. activelock XML Element . . . . . . . . . . . . . . . . . 87 14.1. activelock XML Element . . . . . . . . . . . . . . . . . 88
14.2. allprop XML Element . . . . . . . . . . . . . . . . . . 87 14.2. allprop XML Element . . . . . . . . . . . . . . . . . . 88
14.3. collection XML Element . . . . . . . . . . . . . . . . . 87 14.3. collection XML Element . . . . . . . . . . . . . . . . . 88
14.4. depth XML Element . . . . . . . . . . . . . . . . . . . 87 14.4. depth XML Element . . . . . . . . . . . . . . . . . . . 88
14.5. error XML Element . . . . . . . . . . . . . . . . . . . 88 14.5. error XML Element . . . . . . . . . . . . . . . . . . . 89
14.6. exclusive XML Element . . . . . . . . . . . . . . . . . 88 14.6. exclusive XML Element . . . . . . . . . . . . . . . . . 89
14.7. href XML Element . . . . . . . . . . . . . . . . . . . . 88 14.7. href XML Element . . . . . . . . . . . . . . . . . . . . 89
14.8. include XML Element . . . . . . . . . . . . . . . . . . 89 14.8. include XML Element . . . . . . . . . . . . . . . . . . 90
14.9. location XML Element . . . . . . . . . . . . . . . . . . 89 14.9. location XML Element . . . . . . . . . . . . . . . . . . 90
14.10. lockentry XML Element . . . . . . . . . . . . . . . . . 89 14.10. lockentry XML Element . . . . . . . . . . . . . . . . . 90
14.11. lockinfo XML Element . . . . . . . . . . . . . . . . . . 89 14.11. lockinfo XML Element . . . . . . . . . . . . . . . . . . 90
14.12. lockroot XML Element . . . . . . . . . . . . . . . . . . 90 14.12. lockroot XML Element . . . . . . . . . . . . . . . . . . 91
14.13. lockscope XML Element . . . . . . . . . . . . . . . . . 90 14.13. lockscope XML Element . . . . . . . . . . . . . . . . . 91
14.14. locktoken XML Element . . . . . . . . . . . . . . . . . 90 14.14. locktoken XML Element . . . . . . . . . . . . . . . . . 91
14.15. locktype XML Element . . . . . . . . . . . . . . . . . . 90 14.15. locktype XML Element . . . . . . . . . . . . . . . . . . 91
14.16. multistatus XML Element . . . . . . . . . . . . . . . . 91 14.16. multistatus XML Element . . . . . . . . . . . . . . . . 92
14.17. owner XML Element . . . . . . . . . . . . . . . . . . . 91 14.17. owner XML Element . . . . . . . . . . . . . . . . . . . 92
14.18. prop XML element . . . . . . . . . . . . . . . . . . . . 91 14.18. prop XML element . . . . . . . . . . . . . . . . . . . . 92
14.19. propertyupdate XML element . . . . . . . . . . . . . . . 92 14.19. propertyupdate XML element . . . . . . . . . . . . . . . 93
14.20. propfind XML Element . . . . . . . . . . . . . . . . . . 92 14.20. propfind XML Element . . . . . . . . . . . . . . . . . . 93
14.21. propname XML Element . . . . . . . . . . . . . . . . . . 92 14.21. propname XML Element . . . . . . . . . . . . . . . . . . 93
14.22. propstat XML Element . . . . . . . . . . . . . . . . . . 92 14.22. propstat XML Element . . . . . . . . . . . . . . . . . . 93
14.23. remove XML element . . . . . . . . . . . . . . . . . . . 93 14.23. remove XML element . . . . . . . . . . . . . . . . . . . 94
14.24. response XML Element . . . . . . . . . . . . . . . . . . 93 14.24. response XML Element . . . . . . . . . . . . . . . . . . 94
14.25. responsedescription XML Element . . . . . . . . . . . . 94 14.25. responsedescription XML Element . . . . . . . . . . . . 95
14.26. set XML element . . . . . . . . . . . . . . . . . . . . 94 14.26. set XML element . . . . . . . . . . . . . . . . . . . . 95
14.27. shared XML Element . . . . . . . . . . . . . . . . . . . 94 14.27. shared XML Element . . . . . . . . . . . . . . . . . . . 95
14.28. status XML Element . . . . . . . . . . . . . . . . . . . 94 14.28. status XML Element . . . . . . . . . . . . . . . . . . . 95
14.29. timeout XML Element . . . . . . . . . . . . . . . . . . 95 14.29. timeout XML Element . . . . . . . . . . . . . . . . . . 96
14.30. write XML Element . . . . . . . . . . . . . . . . . . . 95 14.30. write XML Element . . . . . . . . . . . . . . . . . . . 96
15. DAV Properties . . . . . . . . . . . . . . . . . . . . . . . 96 15. DAV Properties . . . . . . . . . . . . . . . . . . . . . . . 97
15.1. creationdate Property . . . . . . . . . . . . . . . . . 96 15.1. creationdate Property . . . . . . . . . . . . . . . . . 97
15.2. displayname Property . . . . . . . . . . . . . . . . . . 97 15.2. displayname Property . . . . . . . . . . . . . . . . . . 98
15.3. getcontentlanguage Property . . . . . . . . . . . . . . 97 15.3. getcontentlanguage Property . . . . . . . . . . . . . . 98
15.4. getcontentlength Property . . . . . . . . . . . . . . . 98 15.4. getcontentlength Property . . . . . . . . . . . . . . . 99
15.5. getcontenttype Property . . . . . . . . . . . . . . . . 98 15.5. getcontenttype Property . . . . . . . . . . . . . . . . 99
15.6. getetag Property . . . . . . . . . . . . . . . . . . . . 99 15.6. getetag Property . . . . . . . . . . . . . . . . . . . . 100
15.7. getlastmodified Property . . . . . . . . . . . . . . . . 99 15.7. getlastmodified Property . . . . . . . . . . . . . . . . 100
15.8. lockdiscovery Property . . . . . . . . . . . . . . . . . 100 15.8. lockdiscovery Property . . . . . . . . . . . . . . . . . 101
15.8.1. Example - Retrieving DAV:lockdiscovery . . . . . . . 101 15.8.1. Example - Retrieving DAV:lockdiscovery . . . . . . . 102
15.9. resourcetype Property . . . . . . . . . . . . . . . . . 102 15.9. resourcetype Property . . . . . . . . . . . . . . . . . 103
15.10. supportedlock Property . . . . . . . . . . . . . . . . . 103 15.10. supportedlock Property . . . . . . . . . . . . . . . . . 104
15.10.1. Example - Retrieving DAV:supportedlock . . . . . . . 104 15.10.1. Example - Retrieving DAV:supportedlock . . . . . . . 105
16. Precondition/postcondition XML elements . . . . . . . . . . . 105 16. Precondition/postcondition XML elements . . . . . . . . . . . 106
17. XML Extensibility in DAV . . . . . . . . . . . . . . . . . . 109 17. XML Extensibility in DAV . . . . . . . . . . . . . . . . . . 110
18. DAV Compliance Classes . . . . . . . . . . . . . . . . . . . 111 18. DAV Compliance Classes . . . . . . . . . . . . . . . . . . . 112
18.1. Class 1 . . . . . . . . . . . . . . . . . . . . . . . . 111 18.1. Class 1 . . . . . . . . . . . . . . . . . . . . . . . . 112
18.2. Class 2 . . . . . . . . . . . . . . . . . . . . . . . . 111 18.2. Class 2 . . . . . . . . . . . . . . . . . . . . . . . . 112
18.3. Class 3 . . . . . . . . . . . . . . . . . . . . . . . . 111 18.3. Class 3 . . . . . . . . . . . . . . . . . . . . . . . . 112
19. Internationalization Considerations . . . . . . . . . . . . . 113 19. Internationalization Considerations . . . . . . . . . . . . . 114
20. Security Considerations . . . . . . . . . . . . . . . . . . . 115 20. Security Considerations . . . . . . . . . . . . . . . . . . . 116
20.1. Authentication of Clients . . . . . . . . . . . . . . . 115 20.1. Authentication of Clients . . . . . . . . . . . . . . . 116
20.2. Denial of Service . . . . . . . . . . . . . . . . . . . 115 20.2. Denial of Service . . . . . . . . . . . . . . . . . . . 116
20.3. Security through Obscurity . . . . . . . . . . . . . . . 116 20.3. Security through Obscurity . . . . . . . . . . . . . . . 117
20.4. Privacy Issues Connected to Locks . . . . . . . . . . . 116 20.4. Privacy Issues Connected to Locks . . . . . . . . . . . 117
20.5. Privacy Issues Connected to Properties . . . . . . . . . 116 20.5. Privacy Issues Connected to Properties . . . . . . . . . 117
20.6. Implications of XML Entities . . . . . . . . . . . . . . 117 20.6. Implications of XML Entities . . . . . . . . . . . . . . 118
20.7. Risks Connected with Lock Tokens . . . . . . . . . . . . 118 20.7. Risks Connected with Lock Tokens . . . . . . . . . . . . 118
20.8. Hosting Malicious Content . . . . . . . . . . . . . . . 118 20.8. Hosting Malicious Content . . . . . . . . . . . . . . . 119
21. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 119 21. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 120
21.1. New URI Schemes . . . . . . . . . . . . . . . . . . . . 119 21.1. New URI Schemes . . . . . . . . . . . . . . . . . . . . 120
21.2. XML Namespaces . . . . . . . . . . . . . . . . . . . . . 119 21.2. XML Namespaces . . . . . . . . . . . . . . . . . . . . . 120
21.3. Message Header Fields . . . . . . . . . . . . . . . . . 119 21.3. Message Header Fields . . . . . . . . . . . . . . . . . 120
21.3.1. DAV . . . . . . . . . . . . . . . . . . . . . . . . 119 21.3.1. DAV . . . . . . . . . . . . . . . . . . . . . . . . 120
21.3.2. Depth . . . . . . . . . . . . . . . . . . . . . . . 119 21.3.2. Depth . . . . . . . . . . . . . . . . . . . . . . . 120
21.3.3. Destination . . . . . . . . . . . . . . . . . . . . 120 21.3.3. Destination . . . . . . . . . . . . . . . . . . . . 121
21.3.4. If . . . . . . . . . . . . . . . . . . . . . . . . . 120 21.3.4. If . . . . . . . . . . . . . . . . . . . . . . . . . 121
21.3.5. Lock-Token . . . . . . . . . . . . . . . . . . . . . 120 21.3.5. Lock-Token . . . . . . . . . . . . . . . . . . . . . 121
21.3.6. Overwrite . . . . . . . . . . . . . . . . . . . . . 120 21.3.6. Overwrite . . . . . . . . . . . . . . . . . . . . . 121
21.3.7. Timeout . . . . . . . . . . . . . . . . . . . . . . 121 21.3.7. Timeout . . . . . . . . . . . . . . . . . . . . . . 122
22. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 122 22. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 123
23. Contributors to This Specification . . . . . . . . . . . . . 124 23. Contributors to This Specification . . . . . . . . . . . . . 125
24. Authors of RFC2518 . . . . . . . . . . . . . . . . . . . . . 125 24. Authors of RFC2518 . . . . . . . . . . . . . . . . . . . . . 126
25. References . . . . . . . . . . . . . . . . . . . . . . . . . 126 25. References . . . . . . . . . . . . . . . . . . . . . . . . . 127
25.1. Normative References . . . . . . . . . . . . . . . . . . 126 25.1. Normative References . . . . . . . . . . . . . . . . . . 127
25.2. Informational References . . . . . . . . . . . . . . . . 127 25.2. Informational References . . . . . . . . . . . . . . . . 128
Appendix A. Notes on Processing XML Elements . . . . . . . . . . 128 Appendix A. Notes on Processing XML Elements . . . . . . . . . . 129
A.1. Notes on Empty XML Elements . . . . . . . . . . . . . . 128 A.1. Notes on Empty XML Elements . . . . . . . . . . . . . . 129
A.2. Notes on Illegal XML Processing . . . . . . . . . . . . 128 A.2. Notes on Illegal XML Processing . . . . . . . . . . . . 129
A.3. Example - XML Syntax Error . . . . . . . . . . . . . . . 128 A.3. Example - XML Syntax Error . . . . . . . . . . . . . . . 129
A.4. Example - Unexpected XML Element . . . . . . . . . . . . 129 A.4. Example - Unexpected XML Element . . . . . . . . . . . . 130
Appendix B. Notes on HTTP Client Compatibility . . . . . . . . . 130 Appendix B. Notes on HTTP Client Compatibility . . . . . . . . . 131
Appendix C. The opaquelocktoken scheme and URIs . . . . . . . . 131 Appendix C. The opaquelocktoken scheme and URIs . . . . . . . . 132
Appendix D. Lock-null Resources . . . . . . . . . . . . . . . . 132 Appendix D. Lock-null Resources . . . . . . . . . . . . . . . . 133
Appendix E. Guidance for Clients Desiring to Authenticate . . . 133 Appendix E. Guidance for Clients Desiring to Authenticate . . . 134
Appendix F. Summary of changes from RFC2518 . . . . . . . . . . 135 Appendix F. Summary of changes from RFC2518 . . . . . . . . . . 136
F.1. Changes for both Client and Server Implementations . . . 135 F.1. Changes for both Client and Server Implementations . . . 136
F.2. Changes for Server Implementations . . . . . . . . . . . 136 F.2. Changes for Server Implementations . . . . . . . . . . . 137
F.3. Other Changes . . . . . . . . . . . . . . . . . . . . . 137 F.3. Other Changes . . . . . . . . . . . . . . . . . . . . . 138
Appendix G. Change Log (to be removed by RFC Editor before Appendix G. Change Log (to be removed by RFC Editor before
publication) . . . . . . . . . . . . . . . . . . . . 138 publication) . . . . . . . . . . . . . . . . . . . . 139
G.1. Changes from -05 to -06 . . . . . . . . . . . . . . . . 138 G.1. Changes from -05 to -06 . . . . . . . . . . . . . . . . 139
G.2. Changes in -07 . . . . . . . . . . . . . . . . . . . . . 138 G.2. Changes in -07 . . . . . . . . . . . . . . . . . . . . . 139
G.3. Changes in -08 . . . . . . . . . . . . . . . . . . . . . 139 G.3. Changes in -08 . . . . . . . . . . . . . . . . . . . . . 140
G.4. Changes in -09 . . . . . . . . . . . . . . . . . . . . . 140 G.4. Changes in -09 . . . . . . . . . . . . . . . . . . . . . 141
G.5. Changes in -10 . . . . . . . . . . . . . . . . . . . . . 141 G.5. Changes in -10 . . . . . . . . . . . . . . . . . . . . . 142
G.6. Changes in -11 . . . . . . . . . . . . . . . . . . . . . 141 G.6. Changes in -11 . . . . . . . . . . . . . . . . . . . . . 142
G.7. Changes in -12 . . . . . . . . . . . . . . . . . . . . . 141 G.7. Changes in -12 . . . . . . . . . . . . . . . . . . . . . 142
G.8. Changes in -13 . . . . . . . . . . . . . . . . . . . . . 142 G.8. Changes in -13 . . . . . . . . . . . . . . . . . . . . . 143
G.9. Changes in -14 . . . . . . . . . . . . . . . . . . . . . 142 G.9. Changes in -14 . . . . . . . . . . . . . . . . . . . . . 143
G.10. Changes in -15 . . . . . . . . . . . . . . . . . . . . . 142 G.10. Changes in -15 . . . . . . . . . . . . . . . . . . . . . 143
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 143 G.11. Changes in -16 . . . . . . . . . . . . . . . . . . . . . 143
Intellectual Property and Copyright Statements . . . . . . . . . 144 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 145
Intellectual Property and Copyright Statements . . . . . . . . . 146
1. Introduction 1. Introduction
This document describes an extension to the HTTP/1.1 protocol that This document describes an extension to the HTTP/1.1 protocol that
allows clients to perform remote web content authoring operations. allows clients to perform remote web content authoring operations.
This extension provides a coherent set of methods, headers, request This extension provides a coherent set of methods, headers, request
entity body formats, and response entity body formats that provide entity body formats, and response entity body formats that provide
operations for: operations for:
Properties: The ability to create, remove, and query information Properties: The ability to create, remove, and query information
skipping to change at page 21, line 30 skipping to change at page 22, line 30
The most basic form of lock is an exclusive lock. Exclusive locks The most basic form of lock is an exclusive lock. Exclusive locks
avoid having to deal with content change conflicts, without requiring avoid having to deal with content change conflicts, without requiring
any coordination other than the methods described in this any coordination other than the methods described in this
specification. specification.
However, there are times when the goal of a lock is not to exclude However, there are times when the goal of a lock is not to exclude
others from exercising an access right but rather to provide a others from exercising an access right but rather to provide a
mechanism for principals to indicate that they intend to exercise mechanism for principals to indicate that they intend to exercise
their access rights. Shared locks are provided for this case. A their access rights. Shared locks are provided for this case. A
shared lock allows multiple principals to receive a lock. Hence any shared lock allows multiple principals to receive a lock. Hence any
principal with appropriate access can use the lock. principal that has both access privileges and a valid lock can use
the locked resource.
With shared locks there are two trust sets that affect a resource. With shared locks there are two trust sets that affect a resource.
The first trust set is created by access permissions. Principals who The first trust set is created by access permissions. Principals who
are trusted, for example, may have permission to write to the are trusted, for example, may have permission to write to the
resource. Among those who have access permission to write to the resource. Among those who have access permission to write to the
resource, the set of principals who have taken out a shared lock also resource, the set of principals who have taken out a shared lock also
must trust each other, creating a (typically) smaller trust set must trust each other, creating a (typically) smaller trust set
within the access permission write set. within the access permission write set.
Starting with every possible principal on the Internet, in most Starting with every possible principal on the Internet, in most
skipping to change at page 33, line 20 skipping to change at page 34, line 20
token for both the source and destination. token for both the source and destination.
7.7. Refreshing Write Locks 7.7. Refreshing Write Locks
A client MUST NOT submit the same write lock request twice. Note A client MUST NOT submit the same write lock request twice. Note
that a client is always aware it is resubmitting the same lock that a client is always aware it is resubmitting the same lock
request because it must include the lock token in the If header in request because it must include the lock token in the If header in
order to make the request for a resource that is already locked. order to make the request for a resource that is already locked.
However, a client may submit a LOCK request with an If header but However, a client may submit a LOCK request with an If header but
without a body. This form of LOCK MUST only be used to "refresh" a without a body. A server receiving a LOCK request with no body MUST
lock. Meaning, at minimum, that any timers associated with the lock NOT create a new lock -- this form of the LOCK request is only to be
MUST be re-set. used to "refresh" an existing lock (meaning, at minimum, that any
timers associated with the lock MUST be re-set).
Clients may submit Timeout headers of arbitrary value with their lock Clients may submit Timeout headers of arbitrary value with their lock
refresh requests. Servers, as always, may ignore Timeout headers refresh requests. Servers, as always, may ignore Timeout headers
submitted by the client, and a server MAY refresh a lock with a submitted by the client, and a server MAY refresh a lock with a
timeout period that is different than the previous timeout period timeout period that is different than the previous timeout period
used for the lock, provided it advertises the new value in the LOCK used for the lock, provided it advertises the new value in the LOCK
refresh response. refresh response.
If an error is received in response to a refresh LOCK request the If an error is received in response to a refresh LOCK request the
client MUST NOT assume that the lock was refreshed. client MUST NOT assume that the lock was refreshed.
skipping to change at page 40, line 14 skipping to change at page 41, line 14
elsewhere, that definition can specify whether that live property elsewhere, that definition can specify whether that live property
would be returned in 'allprop' requests or not. would be returned in 'allprop' requests or not.
All servers MUST support returning a response of content type text/ All servers MUST support returning a response of content type text/
xml or application/xml that contains a multistatus XML element that xml or application/xml that contains a multistatus XML element that
describes the results of the attempts to retrieve the various describes the results of the attempts to retrieve the various
properties. properties.
If there is an error retrieving a property then a proper error result If there is an error retrieving a property then a proper error result
MUST be included in the response. A request to retrieve the value of MUST be included in the response. A request to retrieve the value of
a property which does not exist is an error and MUST be noted, if the a property which does not exist is an error and MUST be noted with a
response uses a 'multistatus' XML element, with a 'response' XML 'response' XML element which contains a 404 (Not Found) status value.
element which contains a 404 (Not Found) status value.
Consequently, the 'multistatus' XML element for a collection resource Consequently, the 'multistatus' XML element for a collection resource
MUST include a 'response' XML element for each member URL of the MUST include a 'response' XML element for each member URL of the
collection, to whatever depth was requested. It SHOULD NOT include collection, to whatever depth was requested. It SHOULD NOT include
any 'response' elements for resources that are not WebDAV-compliant. any 'response' elements for resources that are not WebDAV-compliant.
Each 'response' element MUST contain an 'href' element that contains Each 'response' element MUST contain an 'href' element that contains
the URL of the resource on which the properties in the prop XML the URL of the resource on which the properties in the prop XML
element are defined. Results for a PROPFIND on a collection resource element are defined. Results for a PROPFIND on a collection resource
are returned as a flat list whose order of entries is not are returned as a flat list whose order of entries is not
significant. Note that a resource may have only one value for a significant. Note that a resource may have only one value for a
skipping to change at page 43, line 19 skipping to change at page 44, line 19
PROPFIND /mycol/ HTTP/1.1 PROPFIND /mycol/ HTTP/1.1
Host: www.example.com Host: www.example.com
Depth: 1 Depth: 1
Content-Type: application/xml; charset="utf-8" Content-Type: application/xml; charset="utf-8"
Content-Length: xxxx Content-Length: xxxx
<?xml version="1.0" encoding="utf-8" ?> <?xml version="1.0" encoding="utf-8" ?>
<D:propfind xmlns:D="DAV:"> <D:propfind xmlns:D="DAV:">
<D:allprop/> <D:allprop/>
<D:include> <D:include>
<D:creationdate/> <D:supported-live-property-set/>
<D:getlastmodified/> <D:supported-report-set/>
</D:include> </D:include>
</D:propfind> </D:propfind>
In this example, PROPFIND is executed on the resource In this example, PROPFIND is executed on the resource
http://www.example.com/mycol/ and its internal member resources. The http://www.example.com/mycol/ and its internal member resources. The
client requests the values of all live properties defined in this client requests the values of all live properties defined in this
specification, plus all dead properties, plus two more live specification, plus all dead properties, plus two more live
properties defined in [RFC3253]. The response is not shown. properties defined in [RFC3253]. The response is not shown.
9.1.5. Example - Using 'propname' to Retrieve all Property Names 9.1.5. Example - Using 'propname' to Retrieve all Property Names
skipping to change at page 48, line 25 skipping to change at page 49, line 29
propertyupdate XML element. propertyupdate XML element.
Servers MUST process PROPPATCH instructions in document order (an Servers MUST process PROPPATCH instructions in document order (an
exception to the normal rule that ordering is irrelevant). exception to the normal rule that ordering is irrelevant).
Instructions MUST either all be executed or none executed. Thus if Instructions MUST either all be executed or none executed. Thus if
any error occurs during processing all executed instructions MUST be any error occurs during processing all executed instructions MUST be
undone and a proper error result returned. Instruction processing undone and a proper error result returned. Instruction processing
details can be found in the definition of the set and remove details can be found in the definition of the set and remove
instructions in Section 14.23 and Section 14.26. instructions in Section 14.23 and Section 14.26.
If a server attempts to make any of the property changes in a
PROPPATCH request (i.e. the request is not rejected for high-level
errors before processing the body), the response MUST be a Multi-
Status response (Section 13).
This method is idempotent, but not safe (see Section 9.1 of This method is idempotent, but not safe (see Section 9.1 of
[RFC2616]). Responses to this method MUST NOT be cached. [RFC2616]). Responses to this method MUST NOT be cached.
9.2.1. Status Codes for use in 'propstat' Element 9.2.1. Status Codes for use in 'propstat' Element
In PROPPATCH responses, information about individual properties is In PROPPATCH responses, information about individual properties is
returned inside 'propstat' elements (see Section 14.22), each returned inside 'propstat' elements (see Section 14.22), each
containing an individual 'status' element containing information containing an individual 'status' element containing information
about the properties appearing in it. The list below summarizes the about the properties appearing in it. The list below summarizes the
most common status codes used inside 'propstat', however clients most common status codes used inside 'propstat', however clients
skipping to change at page 50, line 39 skipping to change at page 51, line 39
the "Authors" property in the the "Authors" property in the
"http://ns.example.com/standards/z39.50/" namespace, and to remove "http://ns.example.com/standards/z39.50/" namespace, and to remove
the property "Copyright-Owner" in the same namespace. Since the the property "Copyright-Owner" in the same namespace. Since the
Copyright-Owner property could not be removed, no property Copyright-Owner property could not be removed, no property
modifications occur. The 424 (Failed Dependency) status code for the modifications occur. The 424 (Failed Dependency) status code for the
Authors property indicates this action would have succeeded if it Authors property indicates this action would have succeeded if it
were not for the conflict with removing the Copyright-Owner property. were not for the conflict with removing the Copyright-Owner property.
9.3. MKCOL Method 9.3. MKCOL Method
The MKCOL method is used to create a new collection. All WebDAV
compliant resources MUST support the MKCOL method.
MKCOL creates a new collection resource at the location specified by MKCOL creates a new collection resource at the location specified by
the Request-URI. If the Request-URI is already mapped to a resource the Request-URI. If the Request-URI is already mapped to a resource
then the MKCOL MUST fail. During MKCOL processing, a server MUST then the MKCOL MUST fail. During MKCOL processing, a server MUST
make the Request-URI an internal member of its parent collection, make the Request-URI an internal member of its parent collection,
unless the Request-URI is "/". If no such ancestor exists, the unless the Request-URI is "/". If no such ancestor exists, the
method MUST fail. When the MKCOL operation creates a new collection method MUST fail. When the MKCOL operation creates a new collection
resource, all ancestors MUST already exist, or the method MUST fail resource, all ancestors MUST already exist, or the method MUST fail
with a 409 (Conflict) status code. For example, if a request to with a 409 (Conflict) status code. For example, if a request to
create collection /a/b/c/d/ is made, and /a/b/c/ does not exist, the create collection /a/b/c/d/ is made, and /a/b/c/ does not exist, the
request must fail. request must fail.
skipping to change at page 51, line 41 skipping to change at page 52, line 38
Request-URI exists but cannot accept members. Request-URI exists but cannot accept members.
405 (Method Not Allowed) - MKCOL can only be executed on an unmapped 405 (Method Not Allowed) - MKCOL can only be executed on an unmapped
URL. URL.
409 (Conflict) - A collection cannot be made at the Request-URI until 409 (Conflict) - A collection cannot be made at the Request-URI until
one or more intermediate collections have been created. The server one or more intermediate collections have been created. The server
MUST NOT create those intermediate collections automatically. MUST NOT create those intermediate collections automatically.
415 (Unsupported Media Type) - The server does not support the 415 (Unsupported Media Type) - The server does not support the
request body type (since this specification does not define any body request body type (although bodies are legal on MKCOL requests, since
for MKCOL requests). this specification doesn't define any, the server is likely not to
support any given body type).
507 (Insufficient Storage) - The resource does not have sufficient 507 (Insufficient Storage) - The resource does not have sufficient
space to record the state of the resource after the execution of this space to record the state of the resource after the execution of this
method. method.
9.3.2. Example - MKCOL 9.3.2. Example - MKCOL
This example creates a collection called /webdisc/xfiles/ on the This example creates a collection called /webdisc/xfiles/ on the
server www.example.com. server www.example.com.
skipping to change at page 54, line 44 skipping to change at page 55, line 44
entity of the resource. Properties defined on the resource may be entity of the resource. Properties defined on the resource may be
recomputed during PUT processing but are not otherwise affected. For recomputed during PUT processing but are not otherwise affected. For
example, if a server recognizes the content type of the request body, example, if a server recognizes the content type of the request body,
it may be able to automatically extract information that could be it may be able to automatically extract information that could be
profitably exposed as properties. profitably exposed as properties.
A PUT that would result in the creation of a resource without an A PUT that would result in the creation of a resource without an
appropriately scoped parent collection MUST fail with a 409 appropriately scoped parent collection MUST fail with a 409
(Conflict). (Conflict).
A PUT request is the only way a client has to indicate to the server A PUT request allows a client to indicate what media type an entity
what Content-Type a resource should have, and whether it should body has, and whether it should change if overwritten. Thus, a
change if the resource is overwritten. Thus, a client SHOULD provide client SHOULD provide a Content-Type for a new resource if any is
a Content-Type for a new resource if any is known. If the client known. If the client does not provide a Content-Type for a new
does not provide a Content-Type for a new resource, the server MAY resource, the server MAY create a resource with no Content-Type
create a resource with no Content-Type assigned, or it MAY attempt to assigned, or it MAY attempt to assign a Content-Type.
assign a Content-Type.
Note that although a recipient should treat metadata supplied with an Note that although a recipient ought generally to treat metadata
HTTP request as authorative, in practice there's no guarantee that a supplied with an HTTP request as authoritative, in practice there's
server will accept Content- headers. Many servers do not allow no guarantee that a server will accept client-supplied metadata (e.g.
configuring the Content-Type on a per-resource basis in the first any request header beginning with "Content-"). Many servers do not
place. Thus, clients should not rely on the ability to directly allow configuring the Content-Type on a per-resource basis in the
influence the content type by including a Content-Type request first place. Thus, clients can't always rely on the ability to
header. directly influence the content type by including a Content-Type
request header.
9.7.2. PUT for Collections 9.7.2. PUT for Collections
This specification does not define the behavior of the PUT method for This specification does not define the behavior of the PUT method for
existing collections. A PUT request to an existing collection MAY be existing collections. A PUT request to an existing collection MAY be
treated as an error (405 Method Not Allowed). treated as an error (405 Method Not Allowed).
The MKCOL method is defined to create collections. The MKCOL method is defined to create collections.
9.8. COPY Method 9.8. COPY Method
skipping to change at page 66, line 9 skipping to change at page 67, line 9
time). The request MAY contain a Timeout header, which a server MAY time). The request MAY contain a Timeout header, which a server MAY
accept to change the duration remaining on the lock to the new value. accept to change the duration remaining on the lock to the new value.
A server MUST ignore the Depth header on a LOCK refresh. A server MUST ignore the Depth header on a LOCK refresh.
If the resource has other (shared) locks, those locks are unaffected If the resource has other (shared) locks, those locks are unaffected
by a lock refresh. Additionally, those locks do not prevent the by a lock refresh. Additionally, those locks do not prevent the
named lock from being refreshed. named lock from being refreshed.
The Lock-Token header is not returned in the response for a The Lock-Token header is not returned in the response for a
successful refresh LOCK request, but the LOCK response body MUST successful refresh LOCK request, but the LOCK response body MUST
contain the new value for the DAV:lockdiscovery body. contain the new value for the DAV:lockdiscovery property.
9.10.3. Depth and Locking 9.10.3. Depth and Locking
The Depth header may be used with the LOCK method. Values other than The Depth header may be used with the LOCK method. Values other than
0 or infinity MUST NOT be used with the Depth header on a LOCK 0 or infinity MUST NOT be used with the Depth header on a LOCK
method. All resources that support the LOCK method MUST support the method. All resources that support the LOCK method MUST support the
Depth header. Depth header.
A Depth header of value 0 means to just lock the resource specified A Depth header of value 0 means to just lock the resource specified
by the Request-URI. by the Request-URI.
skipping to change at page 70, line 12 skipping to change at page 71, line 12
the nonce, response, and opaque fields have not been calculated in the nonce, response, and opaque fields have not been calculated in
the Authorization request header. the Authorization request header.
9.10.8. Example - Refreshing a Write Lock 9.10.8. Example - Refreshing a Write Lock
>>Request >>Request
LOCK /workspace/webdav/proposal.doc HTTP/1.1 LOCK /workspace/webdav/proposal.doc HTTP/1.1
Host: example.com Host: example.com
Timeout: Infinite, Second-4100000000 Timeout: Infinite, Second-4100000000
Lock-Token: <urn:uuid:e71d4fae-5dec-22d6-fea5-00a0c91e6be4> If: (<urn:uuid:e71d4fae-5dec-22d6-fea5-00a0c91e6be4>)
Authorization: Digest username="ejw", Authorization: Digest username="ejw",
realm="ejw@example.com", nonce="...", realm="ejw@example.com", nonce="...",
uri="/workspace/webdav/proposal.doc", uri="/workspace/webdav/proposal.doc",
response="...", opaque="..." response="...", opaque="..."
>>Response >>Response
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-Type: application/xml; charset="utf-8" Content-Type: application/xml; charset="utf-8"
Content-Length: xxxx Content-Length: xxxx
skipping to change at page 88, line 4 skipping to change at page 89, line 4
Purpose: Identifies the associated resource as a collection. The Purpose: Identifies the associated resource as a collection. The
DAV:resourcetype property of a collection resource MUST contain DAV:resourcetype property of a collection resource MUST contain
this element. It is normally empty but extensions may add sub- this element. It is normally empty but extensions may add sub-
elements. elements.
<!ELEMENT collection EMPTY > <!ELEMENT collection EMPTY >
14.4. depth XML Element 14.4. depth XML Element
Name: depth Name: depth
Purpose: The value of the Depth header. Purpose: Used for representing depth values in XML content (e.g. in
lock information).
Value: "0" | "1" | "infinity" Value: "0" | "1" | "infinity"
<!ELEMENT depth (#PCDATA) > <!ELEMENT depth (#PCDATA) >
14.5. error XML Element 14.5. error XML Element
Name: error Name: error
Purpose: Error responses, particularly 403 Forbidden and 409 Purpose: Error responses, particularly 403 Forbidden and 409
Conflict, sometimes need more information to indicate what went Conflict, sometimes need more information to indicate what went
wrong. When an error response contains a body in WebDAV, the body wrong. In these cases, servers MAY return an XML response body
is in XML with the root element 'error'. The 'error' element with a document element of 'error', containing child elements
SHOULD include a failed precondition or postcondition element. identifying particular condition codes.
Description: Contains at least one XML element, and MUST NOT contain Description: Contains at least one XML element, and MUST NOT
text or mixed content. Any element that is a child of the 'error' contain text or mixed content. Any element that is a child of the
element is considered to be a precondition or postcondition code. 'error' element is considered to be a precondition or
Unrecognized elements SHOULD be ignored. postcondition code. Unrecognized elements MUST be ignored.
<!ELEMENT error ANY > <!ELEMENT error ANY >
14.6. exclusive XML Element 14.6. exclusive XML Element
Name: exclusive Name: exclusive
Purpose: Specifies an exclusive lock. Purpose: Specifies an exclusive lock.
<!ELEMENT exclusive EMPTY > <!ELEMENT exclusive EMPTY >
14.7. href XML Element 14.7. href XML Element
Name: href Name: href
Purpose: MUST contain a URI or a relative reference. Purpose: MUST contain a URI or a relative reference.
Description: There may be limits on the value of 'href' depending on Description: There may be limits on the value of 'href' depending
the context of its use. Refer to the specification text where on the context of its use. Refer to the specification text where
'href' is used to see what limitations apply in each case. 'href' is used to see what limitations apply in each case.
Value: Simple-ref Value: Simple-ref
<!ELEMENT href (#PCDATA)> <!ELEMENT href (#PCDATA)>
14.8. include XML Element 14.8. include XML Element
Name: include Name: include
skipping to change at page 89, line 28 skipping to change at page 90, line 28
14.9. location XML Element 14.9. location XML Element
Name: location Name: location
Purpose: HTTP defines the "Location" header (see [RFC2616], Section Purpose: HTTP defines the "Location" header (see [RFC2616], Section
14.30) for use with some status codes (such as 201 and the 300 14.30) for use with some status codes (such as 201 and the 300
series codes). When these codes are used inside a 'multistatus' series codes). When these codes are used inside a 'multistatus'
element, the 'location' element can be used to provide the element, the 'location' element can be used to provide the
accompanying Location header value. accompanying Location header value.
Description: Contains a single href element with the same value that Description: Contains a single href element with the same value
would be used in a Location header. that would be used in a Location header.
<!ELEMENT location (href)> <!ELEMENT location (href)>
14.10. lockentry XML Element 14.10. lockentry XML Element
Name: lockentry Name: lockentry
Purpose: Defines the types of locks that can be used with the Purpose: Defines the types of locks that can be used with the
resource. resource.
skipping to change at page 90, line 9 skipping to change at page 91, line 9
Purpose: The 'lockinfo' XML element is used with a LOCK method to Purpose: The 'lockinfo' XML element is used with a LOCK method to
specify the type of lock the client wishes to have created. specify the type of lock the client wishes to have created.
<!ELEMENT lockinfo (lockscope, locktype, owner?) > <!ELEMENT lockinfo (lockscope, locktype, owner?) >
14.12. lockroot XML Element 14.12. lockroot XML Element
Name: lockroot Name: lockroot
Purpose: Contains the root URL of the lock, which is the URL through Purpose: Contains the root URL of the lock, which is the URL
which the resource was addressed in the LOCK request. through which the resource was addressed in the LOCK request.
Description: The href element contains the root of the lock. The Description: The href element contains the root of the lock. The
server SHOULD include this in all DAV:lockdiscovery property server SHOULD include this in all DAV:lockdiscovery property
values and the response to LOCK requests. values and the response to LOCK requests.
<!ELEMENT lockroot (href) > <!ELEMENT lockroot (href) >
14.13. lockscope XML Element 14.13. lockscope XML Element
Name: lockscope Name: lockscope
skipping to change at page 96, line 29 skipping to change at page 97, line 29
one type of resource, but not protected on another type of resource. one type of resource, but not protected on another type of resource.
A computed property is one with a value defined in terms of a A computed property is one with a value defined in terms of a
computation (based on the content and other properties of that computation (based on the content and other properties of that
resource, or even of some other resource). A computed property is resource, or even of some other resource). A computed property is
always a protected property. always a protected property.
COPY and MOVE behavior refers to local COPY and MOVE operations. COPY and MOVE behavior refers to local COPY and MOVE operations.
For properties defined based on HTTP GET response headers (DAV:get*), For properties defined based on HTTP GET response headers (DAV:get*),
the value could include LWS as defined in [RFC2616], Section 4.2. the header value could include LWS as defined in [RFC2616], Section
Server implementors SHOULD NOT include extra LWS in these values, 4.2. Server implementors SHOULD strip LWS from these values before
however client implementors MUST be prepared to handle extra LWS. using as WebDAV property values.
15.1. creationdate Property 15.1. creationdate Property
Name: creationdate Name: creationdate
Purpose: Records the time and date the resource was created. Purpose: Records the time and date the resource was created.
Value: date-time (defined in [RFC3339], see the ABNF in section Value: date-time (defined in [RFC3339], see the ABNF in section
5.6.) 5.6.)
Protected: MAY be protected. Some servers allow DAV:creationdate to Protected: MAY be protected. Some servers allow DAV:creationdate
be changed to reflect the time the document was created if that is to be changed to reflect the time the document was created if that
more meaningful to the user (rather than the time it was is more meaningful to the user (rather than the time it was
uploaded). Thus, clients SHOULD NOT use this property in uploaded). Thus, clients SHOULD NOT use this property in
synchronization logic (use DAV:getetag instead). synchronization logic (use DAV:getetag instead).
COPY/MOVE behaviour: This property value SHOULD be kept during a COPY/MOVE behaviour: This property value SHOULD be kept during a
MOVE operation, but is normally re-initialized when a resource is MOVE operation, but is normally re-initialized when a resource is
created with a COPY. It should not be set in a COPY. created with a COPY. It should not be set in a COPY.
Description: The DAV:creationdate property SHOULD be defined on all Description: The DAV:creationdate property SHOULD be defined on all
DAV compliant resources. If present, it contains a timestamp of DAV compliant resources. If present, it contains a timestamp of
the moment when the resource was created. Servers that are the moment when the resource was created. Servers that are
skipping to change at page 97, line 26 skipping to change at page 98, line 26
Purpose: Provides a name for the resource that is suitable for Purpose: Provides a name for the resource that is suitable for
presentation to a user. presentation to a user.
Value: Any text. Value: Any text.
Protected: SHOULD NOT be protected. Note that servers implementing Protected: SHOULD NOT be protected. Note that servers implementing
[RFC2518] might have made this a protected property as this is a [RFC2518] might have made this a protected property as this is a
new requirement. new requirement.
COPY/MOVE behaviour: This property value SHOULD be preserved in COPY COPY/MOVE behaviour: This property value SHOULD be preserved in
and MOVE operations. COPY and MOVE operations.
Description: Contains a description of the resource that is suitable Description: Contains a description of the resource that is
for presentation to a user. This property is defined on the suitable for presentation to a user. This property is defined on
resource, and hence SHOULD have the same value independent of the the resource, and hence SHOULD have the same value independent of
Request-URI used to retrieve it (thus computing this property the Request-URI used to retrieve it (thus computing this property
based on the Request-URI is deprecated). While generic clients based on the Request-URI is deprecated). While generic clients
might display the property value to end users, client UI designers might display the property value to end users, client UI designers
must understand that the method for identifying resources is still must understand that the method for identifying resources is still
the URL. Changes to DAV:displayname do not issue moves or copies the URL. Changes to DAV:displayname do not issue moves or copies
to the server, but simply change a piece of meta-data on the to the server, but simply change a piece of meta-data on the
individual resource. Two resources can have the same DAV: individual resource. Two resources can have the same DAV:
displayname value even within the same collection. displayname value even within the same collection.
<!ELEMENT displayname (#PCDATA) > <!ELEMENT displayname (#PCDATA) >
skipping to change at page 98, line 12 skipping to change at page 99, line 12
14.12 of [RFC2616]) as it would be returned by a GET without 14.12 of [RFC2616]) as it would be returned by a GET without
accept headers. accept headers.
Value: language-tag (language-tag is defined in Section 3.10 of Value: language-tag (language-tag is defined in Section 3.10 of
[RFC2616]). [RFC2616]).
Protected: SHOULD NOT be protected, so that clients can reset the Protected: SHOULD NOT be protected, so that clients can reset the
language. Note that servers implementing [RFC2518] might have language. Note that servers implementing [RFC2518] might have
made this a protected property as this is a new requirement. made this a protected property as this is a new requirement.
COPY/MOVE behaviour: This property value SHOULD be preserved in COPY COPY/MOVE behaviour: This property value SHOULD be preserved in
and MOVE operations. COPY and MOVE operations.
Description: The DAV:getcontentlanguage property MUST be defined on Description: The DAV:getcontentlanguage property MUST be defined on
any DAV compliant resource that returns the Content-Language any DAV compliant resource that returns the Content-Language
header on a GET. header on a GET.
<!ELEMENT getcontentlanguage (#PCDATA) > <!ELEMENT getcontentlanguage (#PCDATA) >
15.4. getcontentlength Property 15.4. getcontentlength Property
Name: getcontentlength Name: getcontentlength
skipping to change at page 98, line 36 skipping to change at page 99, line 36
without accept headers. without accept headers.
Value: See Section 14.13 of [RFC2616]. Value: See Section 14.13 of [RFC2616].
Protected: This property is computed, therefore protected. Protected: This property is computed, therefore protected.
Description: The DAV:getcontentlength property MUST be defined on Description: The DAV:getcontentlength property MUST be defined on
any DAV compliant resource that returns the Content-Length header any DAV compliant resource that returns the Content-Length header
in response to a GET. in response to a GET.
COPY/MOVE behaviour: This property value is dependent on the size of COPY/MOVE behaviour: This property value is dependent on the size
the destination resource, not the value of the property on the of the destination resource, not the value of the property on the
source resource. source resource.
<!ELEMENT getcontentlength (#PCDATA) > <!ELEMENT getcontentlength (#PCDATA) >
15.5. getcontenttype Property 15.5. getcontenttype Property
Name: getcontenttype Name: getcontenttype
Purpose: Contains the Content-Type header value (from Section 14.17 Purpose: Contains the Content-Type header value (from Section 14.17
of [RFC2616]) as it would be returned by a GET without accept of [RFC2616]) as it would be returned by a GET without accept
headers. headers.
Value: media-type (defined in Section 3.7 of [RFC2616]) Value: media-type (defined in Section 3.7 of [RFC2616])
Protected: Potentially protected if the server prefers to assign Protected: Potentially protected if the server prefers to assign
content types on its own (see also discussion in Section 9.7.1). content types on its own (see also discussion in Section 9.7.1).
COPY/MOVE behaviour: This property value SHOULD be preserved in COPY COPY/MOVE behaviour: This property value SHOULD be preserved in
and MOVE operations. COPY and MOVE operations.
Description: This property MUST be defined on any DAV compliant Description: This property MUST be defined on any DAV compliant
resource that returns the Content-Type header in response to a resource that returns the Content-Type header in response to a
GET. GET.
<!ELEMENT getcontenttype (#PCDATA) > <!ELEMENT getcontenttype (#PCDATA) >
15.6. getetag Property 15.6. getetag Property
Name: getetag Name: getetag
skipping to change at page 99, line 48 skipping to change at page 100, line 48
compliant resource that returns the Etag header. Refer to Section compliant resource that returns the Etag header. Refer to Section
3.11 of RFC2616 for a complete definition of the semantics of an 3.11 of RFC2616 for a complete definition of the semantics of an
ETag, and to Section 8.6 for a discussion of ETags in WebDAV. ETag, and to Section 8.6 for a discussion of ETags in WebDAV.
<!ELEMENT getetag (#PCDATA) > <!ELEMENT getetag (#PCDATA) >
15.7. getlastmodified Property 15.7. getlastmodified Property
Name: getlastmodified Name: getlastmodified
Purpose: Contains the Last-Modified header value (from Section 14.29 Purpose: Contains the Last-Modified header value (from Section
of [RFC2616]) as it would be returned by a GET method without 14.29 of [RFC2616]) as it would be returned by a GET method
accept headers. without accept headers.
Value: rfc1123-date (defined in Section 3.3.1 of [RFC2616]) Value: rfc1123-date (defined in Section 3.3.1 of [RFC2616])
Protected: SHOULD be protected because some clients may rely on the Protected: SHOULD be protected because some clients may rely on the
value for appropriate caching behavior, or on the value of the value for appropriate caching behavior, or on the value of the
Last-Modified header to which this property is linked. Last-Modified header to which this property is linked.
COPY/MOVE behaviour: This property value is dependent on the last COPY/MOVE behaviour: This property value is dependent on the last
modified date of the destination resource, not the value of the modified date of the destination resource, not the value of the
property on the source resource. Note that some server property on the source resource. Note that some server
skipping to change at page 103, line 37 skipping to change at page 104, line 37
15.10. supportedlock Property 15.10. supportedlock Property
Name: supportedlock Name: supportedlock
Purpose: To provide a listing of the lock capabilities supported by Purpose: To provide a listing of the lock capabilities supported by
the resource. the resource.
Protected: MUST be protected. Servers determine what lock Protected: MUST be protected. Servers determine what lock
mechanisms are supported, not clients. mechanisms are supported, not clients.
COPY/MOVE behaviour: This property value is dependent on the kind of COPY/MOVE behaviour: This property value is dependent on the kind
locks supported at the destination, not on the value of the of locks supported at the destination, not on the value of the
property at the source resource. Servers attempting to COPY to a property at the source resource. Servers attempting to COPY to a
destination should not attempt to set this property at the destination should not attempt to set this property at the
destination. destination.
Description: Returns a listing of the combinations of scope and Description: Returns a listing of the combinations of scope and
access types which may be specified in a lock request on the access types which may be specified in a lock request on the
resource. Note that the actual contents are themselves controlled resource. Note that the actual contents are themselves controlled
by access controls so a server is not required to provide by access controls so a server is not required to provide
information the client is not authorized to see. This property is information the client is not authorized to see. This property is
NOT lockable with respect to write locks (Section 7). NOT lockable with respect to write locks (Section 7).
skipping to change at page 115, line 31 skipping to change at page 116, line 31
resource, but the integrity of the resource as well. Furthermore, resource, but the integrity of the resource as well. Furthermore,
the introduction of locking functionality requires support for the introduction of locking functionality requires support for
authentication. authentication.
A password sent in the clear over an insecure channel is an A password sent in the clear over an insecure channel is an
inadequate means for protecting the accessibility and integrity of a inadequate means for protecting the accessibility and integrity of a
resource as the password may be intercepted. Since Basic resource as the password may be intercepted. Since Basic
authentication for HTTP/1.1 performs essentially clear text authentication for HTTP/1.1 performs essentially clear text
transmission of a password, Basic authentication MUST NOT be used to transmission of a password, Basic authentication MUST NOT be used to
authenticate a WebDAV client to a server unless the connection is authenticate a WebDAV client to a server unless the connection is
secure. Furthermore, a WebDAV server MUST NOT send Basic secured by TLS. Furthermore, a WebDAV server MUST NOT send a Basic
authentication credentials in a WWW-Authenticate header unless the authentication challenge in a WWW-Authenticate header unless the
connection is secure. Examples of secure connections include a connection is secured by TLS.
Transport Layer Security (TLS) connection employing a strong cipher
suite with mutual authentication of client and server, or a
connection over a network which is physically secure, for example, an
isolated network in a building with restricted access.
WebDAV applications MUST support the Digest authentication scheme WebDAV applications MUST support the Digest authentication scheme
[RFC2617]. Since Digest authentication verifies that both parties to [RFC2617]. Since Digest authentication verifies that both parties to
a communication know a shared secret, a password, without having to a communication know a shared secret, a password, without having to
send that secret in the clear, Digest authentication avoids the send that secret in the clear, Digest authentication avoids the
security problems inherent in Basic authentication while providing a security problems inherent in Basic authentication while providing a
level of authentication which is useful in a wide range of scenarios. level of authentication which is useful in a wide range of scenarios.
20.2. Denial of Service 20.2. Denial of Service
skipping to change at page 126, line 39 skipping to change at page 127, line 39
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
[RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
Leach, P., Luotonen, A., and L. Stewart, "HTTP Leach, P., Luotonen, A., and L. Stewart, "HTTP
Authentication: Basic and Digest Access Authentication", Authentication: Basic and Digest Access Authentication",
RFC 2617, June 1999. RFC 2617, June 1999.
[RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet: [RFC3339] Klyne, G., Ed. and C. Newman, "Date and Time on the
Timestamps", RFC 3339, July 2002. Internet: Timestamps", RFC 3339, July 2002.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003. 10646", STD 63, RFC 3629, November 2003.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, January 2005. RFC 3986, January 2005.
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally
Unique IDentifier (UUID) URN Namespace", RFC 4122, Unique IDentifier (UUID) URN Namespace", RFC 4122,
skipping to change at page 136, line 8 skipping to change at page 137, line 8
o This specification adopts the error marshalling extensions and the o This specification adopts the error marshalling extensions and the
"precondition/postcondition" terminology defined in [RFC3253] (see "precondition/postcondition" terminology defined in [RFC3253] (see
Section 16). Related to that, it adds the "error" XML element Section 16). Related to that, it adds the "error" XML element
inside multistatus response bodies (see Section 14.5, however note inside multistatus response bodies (see Section 14.5, however note
that it uses a format different from the one recommend in that it uses a format different from the one recommend in
RFC3253). RFC3253).
o Senders and recipients are now required to support the UTF-16 o Senders and recipients are now required to support the UTF-16
character encoding in XML message bodies (see Section 19). character encoding in XML message bodies (see Section 19).
o Clients are now required to send the Depth header on PROPFIND
requests, although servers are still encouraged to support clients
that don't.
Locking Locking
o RFC2518's concept of "lock-null resources" (LNRs) has been o RFC2518's concept of "lock-null resources" (LNRs) has been
replaced by a simplified approach, the "locked empty resources" replaced by a simplified approach, the "locked empty resources"
(see Section 7.3). There are some aspects of lock-null resources (see Section 7.3). There are some aspects of lock-null resources
clients can not rely on anymore, namely the ability to use them to clients can not rely on anymore, namely the ability to use them to
create a locked collection or the fact that they disappear upon create a locked collection or the fact that they disappear upon
UNLOCK when no PUT or MKCOL request was issued. Note that servers UNLOCK when no PUT or MKCOL request was issued. Note that servers
are still allowed to implement LNRs as per RFC2518. are still allowed to implement LNRs as per RFC2518.
skipping to change at page 143, line 5 skipping to change at page 143, line 48
Removed section on locks and multiple bindings. Removed section on locks and multiple bindings.
Removed requirement for clients to upate a property only once in a Removed requirement for clients to upate a property only once in a
PROPPATCH. PROPPATCH.
Updated displayname property description. Updated displayname property description.
Copy-edit level changes e.g. "read-only" to "protected", and defining Copy-edit level changes e.g. "read-only" to "protected", and defining
what it means to protect a resource with a lock. what it means to protect a resource with a lock.
G.11. Changes in -16
Fixed factual errors in Security Considerations authentication
section.
Fixed example of refreshing a lock -- didn't use "If" header as
required in the text.
Fixed example of using so-called 'all-prop' with the 'include'
directive, so that it would actually be a useful example, by
including live properties that wouldn't already be covered by 'all-
prop'.
Clarified requirement in section 7.7 paragraph 2 -- a clear
requirement for the server to meet, rather than passive voice "this
request MUST only be used".
Made explicit requirement for successful response format for
PROPPATCH (bug 238)
Some fixes for bugs 213, 241, 246, 248, 249, 250 -- all editorial
changes.
Tighten requirements in Security Considerations section for
authentication over secure channels.
Author's Address Author's Address
Lisa Dusseault (editor) Lisa Dusseault (editor)
Open Source Application Foundation CommerceNet
2064 Edgewood Dr. 2064 Edgewood Dr.
Palo Alto, CA 94303 Palo Alto, CA 94303
US US
Email: lisa@osafoundation.org Email: ldusseault@commerce.net
Intellectual Property Statement Full Copyright Statement
Copyright (C) The Internet Society (2006).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79. found in BCP 78 and BCP 79.
skipping to change at page 144, line 29 skipping to change at page 146, line 45
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at this standard. Please address the information to the IETF at
ietf-ipr@ietf.org. ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2006). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is provided by the IETF
Internet Society. Administrative Support Activity (IASA).
 End of changes. 44 change blocks. 
327 lines changed or deleted 360 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/