From: http://tools.ietf.org/id/draft-daboo-carddav-directory-gateway-00.txt
Title: CardDAV Directory Gateway Extension
Reference: IETF Network Working Group, Internet Draft 'draft-daboo-carddav-directory-gateway-00'
Date: February 26, 2010
Data Tracker: https://datatracker.ietf.org/doc/draft-daboo-carddav-directory-gateway/
Tracker Listing: http://ietfreport.isoc.org/idref/draft-daboo-carddav-directory-gateway/
Tools: http://tools.ietf.org/html/draft-daboo-carddav-directory-gateway-00 (HTML)
Announced: http://www.ietf.org/mail-archive/web/i-d-announce/current/msg29716.html
http://www.ietf.org/mail-archive/web/vcarddav/current/threads.html#01357
See also:
IETF vCard and CardDAV (VCARDDAV) Working Group Charter
http://www.ietf.org/html.charters/vcarddav-charter.html
IETF vCard and CardDAV Working Group Status Pages
http://tools.ietf.org/wg/vcarddav/
IETF vCard and CardDAV Wiki
http://www.vcarddav.org/wiki
VCARDDAV: vCard and CardDAV Engineering Discussion List
https://www1.ietf.org/mailman/listinfo/vcarddav
IETF Applications Area
http://www.ietf.org/html.charters/wg-dir.html#Applications%20Area
The IETF Applications Area Web Site
http://www.apps.ietf.org/
XEP-0054: vcard-temp (vCard-XML format used within the Jabber community as of 2008-07-16)
http://xmpp.org/extensions/xep-0054.html
vCard XML Schema
http://tools.ietf.org/html/draft-perreault-vcarddav-vcardxml-00
Microformats: Suggestions for vCard Revision
http://microformats.org/wiki/vcard-suggestions
==============================================================================
Network Working Group C. Daboo
Internet-Draft Apple Inc.
Intended status: Standards Track February 26, 2010
Expires: August 30, 2010
CardDAV Directory Gateway Extension
draft-daboo-carddav-directory-gateway-00
Abstract
This document defines and extension to the vCard Extensions to WebDAV
(CardDAV) protocol that allows a server to expose a directory as a
read-only address book collection.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 30, 2010.
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
Daboo Expires August 30, 2010 [Page 1]
Internet-Draft CardDAV Directory Gateway Extension February 2010
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the BSD License.
Table of Contents
1. Introduction and Overview . . . . . . . . . . . . . . . . . . . 3
2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. CARDDAV:directory-gateway Property . . . . . . . . . . . . . . 4
4. Client Guidelines . . . . . . . . . . . . . . . . . . . . . . . 4
5. Server Guidelines . . . . . . . . . . . . . . . . . . . . . . . 5
6. Security Considerations . . . . . . . . . . . . . . . . . . . . 5
7. IANA Consideration . . . . . . . . . . . . . . . . . . . . . . 6
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 6
9. Normative References . . . . . . . . . . . . . . . . . . . . . 6
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 7
Daboo Expires August 30, 2010 [Page 2]
Internet-Draft CardDAV Directory Gateway Extension February 2010
1. Introduction and Overview
The CardDAV [I-D.ietf-vcarddav-carddav] protocol defines a standard
way of accessing, managing, and sharing contact information based on
the vCard [RFC2426] format. Often, in an enterprise or service
provider environment, a directory of all users hosted on the server
(or elsewhere) is available. It would be convenient for CardDAV
clients if this directory were exposed as a "global" address book on
the CardDAV server so it could be searched just as personal address
books are. This specification defines a "directory gateway" feature
extension to CardDAV to enable this.
This specification adds one new WebDAV property to principal
resources that contains the URI to the directory gateway address book
collection resource.
Note that this feature is in no way intended to replace full
directory access - it is meant to simply provide a convenient way for
CardDAV clients to query contact-related attributes in directory
records.
2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
The term "protected" is used in the Conformance field of property
definitions as defined in Section 15 of [RFC4918].
This document uses XML DTD fragments ([W3C.REC-xml-20081126], Section
3.2) as a purely notational convention. WebDAV request and response
bodies cannot be validated by a DTD due to the specific extensibility
rules defined in Section 17 of [RFC4918] and due to the fact that all
XML elements defined by this specification use the XML namespace name
"DAV:". In particular:
1. element names use the "DAV:" namespace,
2. element ordering is irrelevant unless explicitly stated,
3. extension elements (elements not already defined as valid child
elements) may be added anywhere, except when explicitly stated
otherwise,
4. extension attributes (attributes not already defined as valid for
this element) may be added anywhere, except when explicitly
Daboo Expires August 30, 2010 [Page 3]
Internet-Draft CardDAV Directory Gateway Extension February 2010
stated otherwise.
When XML element types in the namespaces "DAV:" and
"urn:ietf:params:xml:ns:carddav" are referenced in this document
outside of the context of an XML fragment, the strings "DAV:" and
"CARDDAV:" will be prefixed to the element types, respectively.
3. CARDDAV:directory-gateway Property
Name: directory-gateway
Namespace: urn:ietf:params:xml:ns:carddav
Purpose: Identifies the URL of a CardDAV address book collection
acting as the directory gateway for the server.
Protected: MUST be protected.
allprop behavior: SHOULD NOT be returned by a PROPFIND DAV:allprop
request.
Description: The CARDDAV:directory-gateway identifies an address
book collection resource that is the directory gateway address
book for the server.
Definition:
Example:
/directory
4. Client Guidelines
Clients wishing to make use of the directory gateway address book can
request the CARDDAV:directory-gateway property when examining other
properties on the principal resource for the user. If the property
is not present, then the directory gateway feature is not supported
by the server at that time.
Since the directory being exposed via the directory gateway address
book collection could be large, clients SHOULD use the feature to
Daboo Expires August 30, 2010 [Page 4]
Internet-Draft CardDAV Directory Gateway Extension February 2010
limit the number of results returned in an CARDDAV:addressbook-query
REPORT as defined in Section 8.6.1 of [I-D.ietf-vcarddav-carddav].
Clients MUST treat the directory gateway address book collection as a
read-only collection, so HTTP methods that modify resource data or
properties in the address book collection MUST NOT be used.
Clients SHOULD NOT attempt to cache the entire contents of the
directory gateway address book collection resource by retrieving all
resources. Instead, CARDDAV:addressbook-query REPORTs are used to
search for specific address book object resources.
5. Server Guidelines
Servers wishing to expose a directory gateway as an address book
collection MUST include the CARDDAV:directory-gateway property on all
principal resources of users expected to use the feature.
Since the directory being exposed via the directory gateway address
book collection could be large, servers SHOULD use the feature to
truncate the number of results returned in an CARDDAV:addressbook-
query REPORT as defined in Section 8.6.2 of
[I-D.ietf-vcarddav-carddav].
Since the directory being exposed via the directory gateway address
book collection could be large, servers SHOULD use the feature to
truncate the number of results returned in an CARDDAV:addressbook-
query REPORT as defined in Section 8.6.2 of
[I-D.ietf-vcarddav-carddav]. In addition, servers SHOULD disallow
requests that effectively enumerate the collection contents (e.g.,
PROPFIND Depth:1, trivial CARDDAV:addressbook-query, DAV:sync-
collection REPORT).
Servers need to expose the directory information as a set of address
book object resources in the directory gateway address book
collection resource. To do that, a mapping between the directory
record format and the vCard data has to be applied. In general, only
directory record attributes that have a direct equivalent in vCard
SHOULD be mapped. It is up to individual implementations to
determine which attributes to map. But in all cases servers MUST
generate valid vCard data as returned to the client.
6. Security Considerations
Servers MUST ensure that client requests against the directory
gateway address book collection cannot use excessive resources (CPU,
Daboo Expires August 30, 2010 [Page 5]
Internet-Draft CardDAV Directory Gateway Extension February 2010
memory, network bandwidth etc), given that the directory could be
large.
Servers MUST take care not to expose sensitive directory record
attributes in the vCard data via the directory gateway address book.
In general only those properties that have direct correspondence in
vCard SHOULD be exposed.
Servers need to determine whether it is appropriate for the directory
information to be available via CardDAV to unauthenticated users. If
not, servers MUST ensure that unauthenticated users do not have
access to the directory gateway address book object resource and its
contents. If unauthenticated access is allowed, servers MAY choose
to limit the set of vCard properties that are searchable or returned
in the address book object resources when unauthenticated requests
are made.
7. IANA Consideration
This document does not require any actions on the part of IANA.
8. Acknowledgments
9. Normative References
[I-D.ietf-vcarddav-carddav]
Daboo, C., "vCard Extensions to WebDAV (CardDAV)",
draft-ietf-vcarddav-carddav-10 (work in progress),
November 2009.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2426] Dawson, F. and T. Howes, "vCard MIME Directory Profile",
RFC 2426, September 1998.
[RFC4918] Dusseault, L., "HTTP Extensions for Web Distributed
Authoring and Versioning (WebDAV)", RFC 4918, June 2007.
[W3C.REC-xml-20081126]
Paoli, J., Yergeau, F., Bray, T., Sperberg-McQueen, C.,
and E. Maler, "Extensible Markup Language (XML) 1.0 (Fifth
Edition)", World Wide Web Consortium Recommendation REC-
xml-20081126, November 2008,
.
Daboo Expires August 30, 2010 [Page 6]
Internet-Draft CardDAV Directory Gateway Extension February 2010
Author's Address
Cyrus Daboo
Apple Inc.
1 Infinite Loop
Cupertino, CA 95014
USA
Email: cyrus@daboo.name
URI: http://www.apple.com/
Daboo Expires August 30, 2010 [Page 7]