Network Working Group C. Daboo Internet-Draft ISAMET Expires: April 3, 2006 B. Desruisseaux Oracle L. Dusseault OSAF September 30, 2005 Calendaring Extensions to WebDAV (CalDAV) draft-dusseault-caldav-08 Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 3, 2006. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This document specifies a set of methods, headers, message bodies, properties, and reports that define calendar access extensions to the WebDAV protocol. The new protocol elements are intended to make WebDAV-based calendaring and scheduling an interoperable standard that supports calendar access, calendar management, calendar sharing, Daboo, et al. Expires April 3, 2006 [Page 1] Internet-Draft CalDAV September 2005 and calendar publishing. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 5 1.2. XML Namespaces . . . . . . . . . . . . . . . . . . . . . . 5 1.3. Method Preconditions and Postconditions . . . . . . . . . 6 2. CalDAV Requirements Overview . . . . . . . . . . . . . . . . . 7 3. Capability Discovery . . . . . . . . . . . . . . . . . . . . . 8 3.1. CalDAV Server Support . . . . . . . . . . . . . . . . . . 8 3.1.1. Example: Using OPTIONS for the Discovery of Support for CalDAV . . . . . . . . . . . . . . . . . . 8 4. Calendar Resources . . . . . . . . . . . . . . . . . . . . . . 9 4.1. Calendaring Data Model . . . . . . . . . . . . . . . . . . 9 4.1.1. Calendar Server . . . . . . . . . . . . . . . . . . . 9 4.1.2. Recurrence and the Data Model . . . . . . . . . . . . 10 4.2. Calendar Collection . . . . . . . . . . . . . . . . . . . 10 4.3. Calendaring Properties . . . . . . . . . . . . . . . . . . 11 4.3.1. CALDAV:calendar-description Property . . . . . . . . . 11 4.3.2. CALDAV:calendar-component-restriction-set Property . . 12 4.3.3. CALDAV:calendar-restrictions Property . . . . . . . . 13 4.4. Calendar Object Resource Restrictions in Calendar Collections . . . . . . . . . . . . . . . . . . . . . . . 13 4.5. Creating Resources . . . . . . . . . . . . . . . . . . . . 15 4.5.1. MKCALENDAR Method . . . . . . . . . . . . . . . . . . 15 4.5.1.1. Status Codes . . . . . . . . . . . . . . . . . . . 16 4.5.1.2. Example - MKCALENDAR . . . . . . . . . . . . . . . 17 4.5.2. Creating Calendar Object Resources . . . . . . . . . . 18 5. Calendaring Access Control . . . . . . . . . . . . . . . . . . 21 5.1. Calendaring Privileges . . . . . . . . . . . . . . . . . . 21 5.1.1. CALDAV:read-free-busy Privilege . . . . . . . . . . . 21 5.1.2. Privilege aggregation and the DAV:supported-privilege-set property . . . . . . . . . 21 5.1.2.1. Partial example of DAV:supported-privilege-set property . . . . . . . . . . . . . . . . . . . . . 22 5.2. Additional Principal Properties . . . . . . . . . . . . . 23 5.2.1. CALDAV:calendar-home-set Property . . . . . . . . . . 23 6. Calendaring Reports . . . . . . . . . . . . . . . . . . . . . 24 6.1. REPORT Method . . . . . . . . . . . . . . . . . . . . . . 24 6.2. Reports on non-calendar collections . . . . . . . . . . . 24 6.3. Reports and recurring items . . . . . . . . . . . . . . . 24 6.4. CALDAV:calendar-query Report . . . . . . . . . . . . . . . 25 6.4.1. Example: Partial retrieval of events by time range . . 26 6.4.2. Example: Partial retrieval of recurring events . . . . 29 6.4.3. Example: Expanded retrieval of recurring events . . . 32 6.4.4. Example: Retrieval of to-dos by alarm time range . . . 35 Daboo, et al. Expires April 3, 2006 [Page 2] Internet-Draft CalDAV September 2005 6.4.5. Example: Retrieval of event by UID . . . . . . . . . . 36 6.4.6. Example: Retrieval of events by participation status . . . . . . . . . . . . . . . . . . . . . . . . 37 6.4.7. Example: Retrieval of events only . . . . . . . . . . 38 6.5. CALDAV:calendar-multiget Report . . . . . . . . . . . . . 39 6.5.1. Example: CALDAV:calendar-multiget Report . . . . . . . 40 6.6. CALDAV:free-busy-query Report . . . . . . . . . . . . . . 42 6.6.1. Example: CALDAV:free-busy-query Report . . . . . . . . 44 7. Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . 46 7.1. Client-to-client Interoperability . . . . . . . . . . . . 46 7.2. Sychronization Operations . . . . . . . . . . . . . . . . 46 7.2.1. Use of Reports . . . . . . . . . . . . . . . . . . . . 46 7.2.1.1. Restrict the Time Range . . . . . . . . . . . . . 46 7.2.1.2. Synchronize by Time Range . . . . . . . . . . . . 46 7.2.1.3. Synchronization Process . . . . . . . . . . . . . 47 7.2.2. Restrict the Properties Returned . . . . . . . . . . . 49 7.3. Use of Locking . . . . . . . . . . . . . . . . . . . . . . 50 7.4. Finding calendars . . . . . . . . . . . . . . . . . . . . 50 7.5. Storing and Using Attachments . . . . . . . . . . . . . . 51 7.5.1. Inline attachments . . . . . . . . . . . . . . . . . . 51 7.5.2. External attachments . . . . . . . . . . . . . . . . . 51 7.6. Storing and Using Alarms . . . . . . . . . . . . . . . . . 52 8. XML Element Definitions . . . . . . . . . . . . . . . . . . . 54 8.1. CALDAV:calendar-query XML Element . . . . . . . . . . . . 54 8.2. CALDAV:calendar-data XML Element . . . . . . . . . . . . . 54 8.2.1. CALDAV:comp XML Element . . . . . . . . . . . . . . . 54 8.2.2. CALDAV:allcomp XML Element . . . . . . . . . . . . . . 55 8.2.3. CALDAV:allprop XML Element . . . . . . . . . . . . . . 55 8.2.4. CALDAV:prop XML Element . . . . . . . . . . . . . . . 56 8.2.5. CALDAV:expand-recurrence-set XML Element . . . . . . . 56 8.2.6. CALDAV:limit-recurrence-set XML Element . . . . . . . 57 8.3. CALDAV:filter XML Element . . . . . . . . . . . . . . . . 57 8.3.1. CALDAV:comp-filter XML Element . . . . . . . . . . . . 58 8.3.2. CALDAV:prop-filter XML Element . . . . . . . . . . . . 58 8.3.3. CALDAV:param-filter XML Element . . . . . . . . . . . 59 8.3.4. CALDAV:is-defined XML Element . . . . . . . . . . . . 59 8.3.5. CALDAV:text-match XML Element . . . . . . . . . . . . 59 8.4. CALDAV:time-range XML Element . . . . . . . . . . . . . . 60 8.5. CALDAV:calendar-multiget XML Element . . . . . . . . . . . 61 8.6. CALDAV:free-busy-query XML Element . . . . . . . . . . . . 61 9. Internationalization Considerations . . . . . . . . . . . . . 63 10. Security Considerations . . . . . . . . . . . . . . . . . . . 64 11. IANA Consideration . . . . . . . . . . . . . . . . . . . . . . 65 11.1. Namespace Registration . . . . . . . . . . . . . . . . . . 65 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 66 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 67 13.1. Normative References . . . . . . . . . . . . . . . . . . . 67 13.2. Informative References . . . . . . . . . . . . . . . . . . 68 Daboo, et al. Expires April 3, 2006 [Page 3] Internet-Draft CalDAV September 2005 Appendix A. CalDAV Method Privilege Table (Normative) . . . . . . 69 Appendix B. Changes . . . . . . . . . . . . . . . . . . . . . . . 70 B.1. Changes in -08 . . . . . . . . . . . . . . . . . . . . . . 70 B.2. Changes in -07 . . . . . . . . . . . . . . . . . . . . . . 70 B.3. Changes in -06 . . . . . . . . . . . . . . . . . . . . . . 71 B.4. Changes in -05 . . . . . . . . . . . . . . . . . . . . . . 72 B.5. Changes in -04 . . . . . . . . . . . . . . . . . . . . . . 72 B.6. Changes in -03 . . . . . . . . . . . . . . . . . . . . . . 73 B.7. Changes in -02 . . . . . . . . . . . . . . . . . . . . . . 73 B.8. Changes in -01 . . . . . . . . . . . . . . . . . . . . . . 73 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 74 Intellectual Property and Copyright Statements . . . . . . . . . . 75 Daboo, et al. Expires April 3, 2006 [Page 4] Internet-Draft CalDAV September 2005 1. Introduction The concept of using HTTP [5] and WebDAV [4] as a basis for a calendaring server is by no means a new concept: it was discussed in the IETF CALSCH working group as early as 1997 or 1998. Several companies have implemented calendaring servers using HTTP PUT/GET to upload and download iCalendar [3] objects, and using WebDAV PROPFIND to get listings of resources. However, those implementations do not interoperate because there are many small and big decisions to be made in how to model calendaring data as WebDAV resources, as well as how to implement required features that aren't already part of WebDAV. This document proposes a standard way of modeling calendar data in WebDAV, with additional features to make calendar access work well. Discussion of this Internet-Draft is taking place on the mailing list . 1.1. Notational Conventions The augmented BNF used by this document to describe protocol elements is described in Section 2.1 of [5]. Because this augmented BNF uses the basic production rules provided in Section 2.2 of [5], those rules apply to this document as well. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [1]. The term "protected" is used in the Conformance field of property definitions as defined in Section 1.4.2 of RFC3253 [7]. When XML element types in the namespaces "DAV:" and "urn:ietf:params:xml:ns:caldav" are referenced in this document outside of the context of an XML fragment, the string "DAV:" and "CALDAV:" will be prefixed to the element type names respectively. 1.2. XML Namespaces Definitions of XML elements in this document use XML element type declarations (as found in XML Document Type Declarations), described in Section 3.2 of [10]. The namespace "urn:ietf:params:xml:ns:caldav" is reserved for the XML elements defined in this specification, its revisions, and related CalDAV specifications. It MUST NOT be used for proprietary extensions. Daboo, et al. Expires April 3, 2006 [Page 5] Internet-Draft CalDAV September 2005 Note that the XML declarations used in this document are incomplete, in that they do not include namespace information. Thus, the reader MUST NOT use these declarations as the only way to create valid CalDAV properties or to validate CalDAV XML element type. Some of the declarations refer to XML elements defined by WebDAV which use the "DAV:" namespace. Wherever such elements appear, they are explicitly given the "DAV:" prefix to help avoid confusion. Also note that some CalDAV XML element names are identical to WebDAV XML element names, though their namespace differs. Care must be taken not to confuse the two sets of names. 1.3. Method Preconditions and Postconditions A "precondition" of a method describes the state of the server that must be true for that method to be performed. A "postcondition" of a method describes the state of the server that must be true after that method has been completed. If a method precondition or postcondition for a request is not satisfied, the response status of the request MUST be either 403 (Forbidden) if the request should not be repeated because it will always fail, or 409 (Conflict) if it is expected that the user might be able to resolve the conflict and resubmit the request. In order to allow better client handling of 403 and 409 responses, a distinct XML element type is associated with each method precondition and postcondition of a request. When a particular precondition is not satisfied or a particular postcondition cannot be achieved, the appropriate XML element MUST be returned as the child of a top-level DAV:error element in the response body, unless otherwise negotiated by the request. In a 207 Multi-Status response, the DAV:error element would appear in the appropriate DAV:responsedescription element. Daboo, et al. Expires April 3, 2006 [Page 6] Internet-Draft CalDAV September 2005 2. CalDAV Requirements Overview This section lists what functionality is required of a CalDAV server. To advertise support for CalDAV, a server: o MUST support WebDAV Class 1 [4]. o MUST support WebDAV ACL [9] with the privilege defined in Section 5.1 of this document. o MUST support transport over TLS [2] as defined in RFC2818 [6]. o MUST support strong ETags to support disconnected operations. o MUST support all required calendaring REPORTs defined in this document. o MUST advertise calendaring REPORTs via the DAV:supported-report- set property as defined in Versioning Extensions to WebDAV [7]. In addition, a server: o SHOULD support the MKCALENDAR method defined in Section 4.5.1 of this document. Daboo, et al. Expires April 3, 2006 [Page 7] Internet-Draft CalDAV September 2005 3. Capability Discovery 3.1. CalDAV Server Support If a server supports the CalDAV features described in this document, it MUST include "calendar-access" as a field in the DAV response header from an OPTIONS request on any resource that supports any calendar properties, reports, methods, or privilege. A value of "calendar-access" in the DAV header MUST indicate that the server supports all MUST level requirements and REQUIRED features specified in this document. 3.1.1. Example: Using OPTIONS for the Discovery of Support for CalDAV >> Request << OPTIONS /home/bernard/calendars/ HTTP/1.1 Host: cal.example.com >> Response << HTTP/1.1 200 OK Allow: OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, COPY, MOVE Allow: PROPFIND, PROPPATCH, LOCK, UNLOCK, REPORT, ACL DAV: 1, 2, access-control, calendar-access Content-Length: 0 In this example, the OPTIONS method returns the value "calendar- access" in the DAV header of the response to indicate that the "/home/bernard/calendars/" collection may support properties, reports, methods, or privilege defined in this specification. Daboo, et al. Expires April 3, 2006 [Page 8] Internet-Draft CalDAV September 2005 4. Calendar Resources 4.1. Calendaring Data Model One of the features which has made WebDAV a successful protocol is its firm data model. This makes it a useful framework for other applications such as calendaring. This specification follows the same pattern by developing all features based on a well-described data model. In the CalDAV data model, every VEVENT, VTODO, VJOURNAL, VTIMEZONE and VFREEBUSY component is contained in an individual resource, referred to as a "calendar object resource". Each calendar object resource may be individually locked and have individual WebDAV properties. These resources are placed into WebDAV collections with a mostly-fixed structure. 4.1.1. Calendar Server A CalDAV server is a calendaring-aware engine combined with a WebDAV repository. A WebDAV repository is a set of WebDAV collections, containing other WebDAV resources, within a unified URL namespace. For example, the repository "http://www.example.com/webdav/" may contain WebDAV collections and resources, all of which have URLs beginning with "http://www.example.com/webdav/". Note that the root URL "http://www.example.com/" may not itself be a WebDAV repository (for example, if the WebDAV support is implemented through a servlet or other Web server extension). A WebDAV repository MAY include calendar data in some parts of its URL namespace, and non-calendaring data in other parts. A WebDAV repository can advertise itself as a CalDAV server if it supports the functionality defined in this specification at any point within the root of the repository. That might mean that calendaring data is spread throughout the repository and mixed with non-calendar data in nearby collections (e.g., calendar data may be found in /home/lisa/calendars/ as well as in /home/bernard/calendars/, and non-calendar data in /home/lisa/contacts/). Or, it might mean that calendar data can be found only in certain sections of the repository (e.g., /calendar/). Calendaring features are only required in the repository sections that are or contain calendar object resources. So a repository confining calendar data to the /calendar/ collection would only need to support the CalDAV required features within that collection. The CalDAV server or repository is the canonical location for calendar data and state information. Both CalDAV servers and clients Daboo, et al. Expires April 3, 2006 [Page 9] Internet-Draft CalDAV September 2005 MUST ensure that the data is consistent and compliant. Clients may submit requests to change data or download data. Clients may store calendar objects offline and attempt to synchronize at a later time. However, clients MUST be prepared for calendar data on the server to change between the time of last synchronization and when attempting an update, as calendar collections may be shared and accessible via multiple clients. HTTP ETags and other features help this work. 4.1.2. Recurrence and the Data Model Recurrence is an important part of the data model because it governs how many resources are expected to exist. This specification models a recurring calendar component and its recurrence exceptions as a single resource. In this model, recurrence patterns, recurrence dates, exception dates, and exception information are all part of the data in a single calendar object resource. This model avoids problems of limiting how many recurrence instances to store in the repository, how to keep instances in synch with the recurring calendar component, and how to link recurrence exceptions with the recurring calendar component. It also results in less data to synchronize between client and server, and makes it easier to make changes to all recurrence instances or to a recurrence pattern. It makes it easier to create a recurring calendar component, and easier to delete all recurrence instances. Clients are not forced to retrieve information about all recurrence instances of a recurring component. The CALDAV:calendar-query and CALDAV:calendar-multiget REPORTs defined in this document allow clients to retrieve only recurrence instances that overlap a given time range. 4.2. Calendar Collection Calendar collections are manifested to clients as a WebDAV resource collection, identified by a URL. A calendar collection MUST report the DAV:collection and CALDAV:calendar XML elements in the value of the DAV:resourcetype property. The element type declaration for CALDAV:calendar is: A calendar collection contains calendar object resources that represent iCalendar objects within a calendar. A calendar collection may be created through provisioning (e.g., automatically created when a user's account is created), or it may be created through MKCALENDAR (see Section 4.5.1). This can be useful for a user to create a second calendar (e.g., soccer schedule) or for users to share a calendar (e.g., team events or conference room). Note however that Daboo, et al. Expires April 3, 2006 [Page 10] Internet-Draft CalDAV September 2005 this document doesn't define what extra calendar collections are for, users must rely on non-standard cues to find out what a calendar collection is for, or use the CALDAV:calendar-description property defined in Section 4.3.1 to provide such a cue. Calendar collections MUST only contain calendar object resources and collections that are not calendar collections. Furthermore, collections contained in calendar collections MUST NOT contain calendar collections. This specification does not define how collections contained in calendar collections are used and may relate to the calendar object resources contained in the calendar collections. Multiple calendar collections MAY be children of the same collection. 4.3. Calendaring Properties This section defines properties that may be defined on calendar collections. 4.3.1. CALDAV:calendar-description Property Name: calendar-description Namespace: urn:ietf:params:xml:ns:caldav Purpose: Provides a human-readable description of what this calendar collection represents. Conformance: This property MAY be protected and SHOULD NOT be returned by a PROPFIND allprop request (as defined in Section 12.14.1 of [4]). An xml:lang attribute indicating the human language of the description SHOULD be set for this property by clients or through server provisioning. Servers MUST return any xml:lang attribute if set for the property. Description: The CALDAV:calendar-description property MAY be defined on any calendar collection. If present, the property contains a description of the calendar collection that is suitable for presentation to a user. Definition: Daboo, et al. Expires April 3, 2006 [Page 11] Internet-Draft CalDAV September 2005 Example: Calendrier de Bernard Desruisseaux 4.3.2. CALDAV:calendar-component-restriction-set Property Name: calendar-component-restriction-set Namespace: urn:ietf:params:xml:ns:caldav Purpose: Specifies the type of calendar component types (e.g., VEVENT, VTODO, etc.) that calendar object resources may contain in a calendar collection. Conformance: This property MUST be protected and SHOULD NOT be returned by a PROPFIND allprop request (as defined in Section 12.14.1 of [4]). Description: The CALDAV:calendar-component-restriction-set property MAY be defined on any calendar collection to specify restrictions on the calendar component types that calendar object resources may contain in a calendar collection. Since this property is protected it cannot be changed by clients using a PROPPATCH request. However, clients can initialize the value of this property when creating a new calendar collection with MKCALENDAR. The element MUST only be specified if support for calendar object resources that only contains VTIMEZONE components is provided or desired. Support for VTIMEZONE components in calendar object resources that contain VEVENT or VTODO components is always assumed. Definition: Example: Daboo, et al. Expires April 3, 2006 [Page 12] Internet-Draft CalDAV September 2005 4.3.3. CALDAV:calendar-restrictions Property Name: calendar-restrictions Namespace: urn:ietf:params:xml:ns:caldav Purpose: Specifies restrictions on a calendar collection. Conformance: This property MUST be protected and SHOULD NOT be returned by a PROPFIND allprop request (as defined in Section 12.14.1 of [4]). Description: The CALDAV:calendar-restrictions property MAY be defined on any calendar collection to specify restrictions a CalDAV server may have on a calendar collection. This property MAY be used to indicate the media type supported for the calendar object resources contained in a given calendar collection (e.g., iCalendar version 2.0). Definition: Example: 4.4. Calendar Object Resource Restrictions in Calendar Collections Calendar object resources contained in calendar collections MUST NOT contain more than one type of calendar component (e.g., VEVENT, VTODO, etc.) with the exception of VTIMEZONE components which MUST be specified for each unique TZID parameter value specified in the iCalendar object. For instance, a calendar object resource can contain two VEVENT components and one VTIMEZONE component, but it cannot contain one VEVENT component and one VTODO component. The UID property value of the calendar components contained in a calendar object resource MUST be unique in the scope of the calendar collection, and all its descendant collections, in which the calendar object resource is contained. Daboo, et al. Expires April 3, 2006 [Page 13] Internet-Draft CalDAV September 2005 Calendar components in a calendar collection that have different UID property values MUST be stored in separate calendar object resources. Calendar components with the same UID property value, in a given calendar collection, MUST be contained in the same calendar object resource. This ensures that all components in a recurrence "set" are contained in the same calendar object resource. In that case there will be one component without a RECURRENCE-ID property (the component that defines the recurrence pattern) and all the rest will have that property (these are the recurrence exceptions). For example, given the following iCalendar object: BEGIN:VCALENDAR CALSCALE:GREGORIAN PRODID:-//Example, Inc.\, Inc.//Example App//EN VERSION:2.0 BEGIN:VEVENT UID:1@example.com SUMMARY:One-off Meeting DTSTAMP:20041210T183904Z DTSTART:20041207T120000Z DTEND:20041207T130000Z END:VEVENT BEGIN:VEVENT UID:2@example.com SUMMARY:Weekly Meeting DTSTAMP:20041210T183838Z DTSTART:20041206T120000Z DTEND:20041206T130000Z RRULE:FREQ=WEEKLY END:VEVENT BEGIN:VEVENT UID:2@example.com RECURRENCE-ID:20041213T120000Z DTSTAMP:20041210T183838Z DTSTART:20041213T130000Z END:VEVENT END:VCALENDAR The VEVENT component with the UID value "1@example.com", would be stored in its own calendar object resource. The two VEVENT components with the UID value "2@example.com", which represent a recurring event where one recurrence instance has been overridden, would be stored in the same calendar object resource. Daboo, et al. Expires April 3, 2006 [Page 14] Internet-Draft CalDAV September 2005 4.5. Creating Resources The creation of calendar collections and calendar object resources may be initiated by either a CalDAV client or by the CalDAV server. For example, a server might come preconfigured with a user's calendar collection, or the CalDAV client might request the server to create a new calendar collection for a given user. Servers might populate events as calendar objects inside a calendar collection, or clients might request the server to create events. Either way, both client and server MUST comply with the requirements in this document, and MUST understand objects appearing in calendar collections or according to the data model defined here. 4.5.1. MKCALENDAR Method An HTTP request using the MKCALENDAR method creates a new calendar collection resource. A server MAY restrict calendar collection creation to particular collections. Support for MKCALENDAR on the server is only RECOMMENDED and not REQUIRED because some calendar stores only support one calendar per user (or principal) and those are typically pre-created for each account. However, servers and clients are strongly encouraged to support MKCALENDAR whenever possible to allow users to create multiple calendar collections to better help organize their data. Clients SHOULD use the DAV:displayname property for a human-readable name of the calendar. Clients can either specify the value of the DAV:displayname property in the request body of the MKCALENDAR request, or alternatively issue a PROPPATCH request to change the DAV:displayname property to the appropriate value immediately after issuing the MKCALENDAR request. Clients SHOULD NOT set the DAV: displayname property to be the same as any other calendar collection at the same URI "level". When displaying calendar collections to users, clients SHOULD check the DAV:displayname property and use that value as the name of the calendar. In the event that the DAV: displayname property is empty, the client MAY use the last part of the calendar collection URI as the name. If a MKCALENDAR request fails, the server state preceding the request MUST be restored. Marshalling: If a request body is included, it MUST be a CALDAV:mkcalendar XML element. Instruction processing MUST occur in the order instructions are received (i.e., from top to bottom). Instructions MUST either all be executed or none executed. Thus Daboo, et al. Expires April 3, 2006 [Page 15] Internet-Draft CalDAV September 2005 if any error occurs during processing all executed instructions MUST be undone and a proper error result returned. Instruction processing details can be found in the definition of the DAV:set instruction in section 12.13 of [4]. If a response body for a successful request is included, it MUST be a CALDAV:mkcalendar-response XML element. The response MUST include a Cache-Control:no-cache header. Preconditions: (DAV:resource-must-be-null): A resource MUST NOT exist at the Request-URI. (CALDAV:calendar-collection-location-ok): The Request-URI MUST identify a location where a calendar collection can be created. (DAV:needs-privilege): The DAV:bind privilege MUST be granted to the current user. Postconditions: (CALDAV:initialize-calendar-collection): A new calendar collection exists at the Request-URI. The DAV:resourcetype of the calendar collection MUST contain both DAV:collection and CALDAV:calendar XML elements. 4.5.1.1. Status Codes The following are examples of response codes one would expect to get in a response to a MKCALENDAR request. Note that this list is by no mean exhaustive. 201 (Created) - The calendar collection resource was created in its entirety. 207 (Multi-Status) - The calendar collection resource was not created since one or more DAV:set instructions specified in the request body could not be processed successfully. The following are examples of response codes one would expect to be used in a 207 (Multi-Status) response: Daboo, et al. Expires April 3, 2006 [Page 16] Internet-Draft CalDAV September 2005 403 (Forbidden) - The client, for reasons the server chooses not to specify, cannot alter one of the properties. 409 (Conflict) - The client has provided a value whose semantics are not appropriate for the property. This includes trying to set read-only properties. 424 (Failed Dependency) - The DAV:set instruction on the specified resource would have succeeded if it were not for the failure of another DAV:set instruction specified in the request body. 423 (Locked) - The specified resource is locked and the client either is not a lock owner or the lock type requires a lock token to be submitted and the client did not submit it. 507 (Insufficient Storage) - The server did not have sufficient space to record the property. 403 (Forbidden) - This indicates at least one of two conditions: 1) the server does not allow the creation of calendar collections at the given location in its namespace, or 2) the parent collection of the Request-URI exists but cannot accept members. 405 (Method Not Allowed) - MKCALENDAR can only be executed on a null resource. 409 (Conflict) - A collection cannot be made at the Request-URI until one or more intermediate collections have been created. 415 (Unsupported Media Type) - The server does not support the request type of the body. 507 (Insufficient Storage) - The resource does not have sufficient space to record the state of the resource after the execution of this method. 4.5.1.2. Example - MKCALENDAR This example creates a calendar collection called /home/lisa/tasks/ on the server cal.example.com with specific values for the properties DAV:displayname, CALDAV:calendar-description and CALDAV:calendar- component-restriction-set. Daboo, et al. Expires April 3, 2006 [Page 17] Internet-Draft CalDAV September 2005 >> Request << MKCALENDAR /home/lisa/tasks/ HTTP/1.1 Host: cal.example.com Content-Type: text/xml; charset="utf-8" Content-Length: xxx Lisa's To-dos Calendar restricted to to-dos. >> Response << HTTP/1.1 201 Created Cache-Control: no-cache Content-Length: 0 4.5.2. Creating Calendar Object Resources Clients typically populate calendar collections with calendar object resources. The URL for each calendar object resource is entirely arbitrary, and does not need to bear a specific relationship (but might) to the calendar object resource's subject, scheduled time, UID or other metadata. A new calendar object resource must have a unique URL, otherwise the new component would instead be an update to an existing calendar object resource. When servers create new resources, it's not hard for the server to choose a unique URL. It's slightly tougher for clients, because a client might not want to examine all resources in the collection, and might not want to lock the entire collection to ensure that a new one isn't created with a name collision. However, there are http features to mitigate this. If the client intends to create a new non-collection resource, such as a new VEVENT, the client SHOULD use the HTTP header "If-None-Match: *" on the PUT request. The Request- Daboo, et al. Expires April 3, 2006 [Page 18] Internet-Draft CalDAV September 2005 URI on the PUT request MUST include the target collection, where the resource is to be created, plus the name of the resource in the last path segment. The last path segment could be a random number, or it could be a sequence number, or a string related to the object's SUMMARY property. No matter how the name is chosen, the "If-None- Match" header ensures that the client cannot overwrite an existing resource even if it has accidentally chosen a duplicate resource name. Servers SHOULD return an ETag header containing the actual ETag of the newly created resource on a successful creation. >> Request << PUT /home/lisa/calendar/newevent.ics HTTP/1.1 If-None-Match: * Host: cal.example.com Content-Type: text/calendar Content-Length: xxx BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Example Corp.//CalDAV Client//EN BEGIN:VEVENT UID:20010712T182145Z-123401@example.com DTSTART:20010714T170000Z DTEND:20010715T040000Z SUMMARY:Bastille Day Party END:VEVENT END:VCALENDAR >> Response << HTTP/1.1 201 Created Content-Length: 0 ETag: "123456789-000-111" The request to change an existing event is the same, but with a specific ETag in the "If-Match" header, rather than the "If-None- Match" header. As indicated in Section 3.10 of RFC 2445 [3], the URL of calendar object resources containing (an arbitrary set of) calendaring and scheduling information may be suffixed by ".ics", and the URL of calendar object resources containing free or busy time information may be suffixed by ".ifb". Daboo, et al. Expires April 3, 2006 [Page 19] Internet-Draft CalDAV September 2005 Preconditions for PUT within calendar collections: (CALDAV:uid-already-exists): The component UID chosen is not unique and the client must choose another if it attempts again. (CALDAV:invalid-calendar-resource): The iCalendar object syntax or structure was invalid. (Note that the server MAY support upload formats other than iCalendar but then the server MUST validate each component uploaded according to the chosen format syntax.) Daboo, et al. Expires April 3, 2006 [Page 20] Internet-Draft CalDAV September 2005 5. Calendaring Access Control 5.1. Calendaring Privileges A CalDAV server MUST support WebDAV ACL [9]. WebDAV ACL provides a framework for an extensible list of privileges on WebDAV collections and ordinary resources. A CalDAV server MUST also support the calendaring privilege defined in this section. 5.1.1. CALDAV:read-free-busy Privilege Calendar users often wish to allow other users to see their busy time information, without viewing the other details of the calendar components (location, summary, attendees). This allows a significant amount of privacy while still allowing those other users to schedule meetings at times when the calendar user is likely to be free. The CALDAV:read-free-busy privilege controls which calendar collections and calendar object resources are examined when a free- busy-query REPORT is run (see Section 6.6). This privilege can be granted on calendar collections or calendar object resources. Servers MUST support this privilege on calendar collections and any calendar object resources within those collections. The CALDAV:read-free-busy privilege is aggregated in the DAV:read privilege. Note that if an ACL grants the privilege CALDAV:read- free-busy, the client may not expect to be granted access to GET, HEAD, OPTIONS and PROPFIND. 5.1.2. Privilege aggregation and the DAV:supported-privilege-set property In the WebDAV ACL standard, servers MUST support the DAV:supported- privilege-set property to show which privileges are abstract, which privileges are supported, how the privileges relate to one another, and to provide text descriptions (particularly useful for custom privileges). The relationships between privileges involves showing which privilege is a subset or a superset of another privilege. For example, because reading the ACL property is considered a more specific privilege than the DAV:read privilege (a subset of the total set of actions are allowed), it may be aggregated under the DAV:read privilege. Although the list of supported privileges MAY vary somewhat from server to server (the WebDAV ACL specification leaves room for a fair amount of diversity in server implementations), the following restriction MUST hold for a CalDAV server: Daboo, et al. Expires April 3, 2006 [Page 21] Internet-Draft CalDAV September 2005 o The server MUST support the CALDAV:read-free-busy privilege. The CALDAV:read-free-busy privilege MUST be aggregated under the DAV: read privilege, and the server MUST allow CALDAV:read-free-busy to be granted without granting full read privilege. 5.1.2.1. Partial example of DAV:supported-privilege-set property This is a partial example of how the DAV:supported-privilege-set property could look on a server supporting CalDAV. Note that aggregation is shown in the structure of the DAV:supported-privilege elements containing each other. Any operation Read any object Read ACL Read current user privilege set Read busy time information Write any object ... Daboo, et al. Expires April 3, 2006 [Page 22] Internet-Draft CalDAV September 2005 5.2. Additional Principal Properties This section defines additional properties for WebDAV principal resources as defined in RFC3744 [9]. 5.2.1. CALDAV:calendar-home-set Property Name: calendar-home-set Namespace: urn:ietf:params:xml:ns:caldav Purpose: Identify the URL of any WebDAV collections that contains calendar collections owned by the associated principal resource. Conformance: This property MAY be protected and SHOULD NOT be returned by a PROPFIND allprop request (as defined in Section 12.14.1 of [4]). Support for this property is RECOMMENDED. Description: The CALDAV:calendar-home-set property is meant to allow users to easily find the calendar collections owned by the principal. Typically, users will group all the calendar collections that they own under a common collection. This property specify the URL of collections that either are calendar collections or ordinary collections that have child or descendant calendar collections owned by the principal. Definition: Example: http://cal.example.com/home/bernard/calendars/ Daboo, et al. Expires April 3, 2006 [Page 23] Internet-Draft CalDAV September 2005 6. Calendaring Reports This section defines the reports which a CalDAV server MUST support on calendar collections and calendar object resources. CalDAV servers MUST advertise support for those reports with the DAV: supported-report-set property defined in RFC3253 [7]. Some of these reports allow calendar data (from possibly multiple resources) to be returned. 6.1. REPORT Method The REPORT method (defined in Section 3.6 of RFC3253 [7]) provides an extensible mechanism for obtaining information about a resource. Unlike the PROPFIND method, which returns the value of one or more named properties, the REPORT method can involve more complex processing. REPORT is valuable in cases where the server has access to all of the information needed to perform the complex request (such as a query), and where it would require multiple requests for the client to retrieve the information needed to perform the same request. A server that supports calendar-access MUST support the DAV:expand- property report (defined in Section 3.8 of RFC3253 [7]). 6.2. Reports on non-calendar collections Servers MAY support the REPORTs defined in this specification on non- calendar collections. In computing responses to the REPORTs defined in this specification, servers MUST only consider calendar object resources contained in calendar collections, subject also to the value of the Depth request header. If these REPORTs are supported on ordinary collections the server advertises the capability with the DAV:supported-report-set property as already described. 6.3. Reports and recurring items Some of the reports defined in CalDAV can be targetted at calendar object resources within a specific time range. To determine whether a calendar object resource matches the time range filter element, the start and end times for the particular type of object are determined and then compared to the requested time range. If the start and end overlap the requested time range, then the calendar object resource matches the filter element. The rules defined in [3] for determining the actual start and end times of calendar components MUST be used. Daboo, et al. Expires April 3, 2006 [Page 24] Internet-Draft CalDAV September 2005 When such time range filtering is used, special consideration must be given to recurring calendar components such as VEVENT and VTODO components. The server MUST expand recurring items to determine whether any one or more recurrence instances overlap the requested time range. If any one instance overlaps the time range, then the calendar object resource matches the filter element. In addition, CalDAV provides three ways to determine which recurrence instances are returned from the recurrence set. The three options are: 1. Return all the calendar components contained in the calendar object resources. This includes the recurrence instance that defines the recurrence pattern, referred to as the "master instance", as well as the recurrence instances that define exceptions to the recurrence pattern, referred to as the "overriden instances". Because of the rules defined in Section 4.1.2 all recurrence instances of a recurring component will always be in the same calendar object resource. 2. Return the "master" instance and only the "overridden instances" that overlap the specified time range. This avoids the need for clients to process recurrence instances outside of the time range they are interested in. 3. Return an "expanded" set of calendar components that represent only those instances in the recurrence set that overlap the specified time range. This avoids the need for clients to do any recurrence processing themselves as the server does the expansion for them and provides the list of instances. 6.4. CALDAV:calendar-query Report The CALDAV:calendar-query REPORT performs a search for all calendar object resources that match a specified search filter. The response of this report will contain all the WebDAV properties and calendar object resource data specified in the request. In the case of the CALDAV:calendar-data XML element, one can explicitly specify the calendar components and properties that should be returned in the calendar object resource data that matches the search filter. The format of this report is modeled on the PROPFIND method. The request and response bodies of the CALDAV:calendar-query report use XML elements that are also used by PROPFIND. In particular the request can include XML elements to request WebDAV properties to be returned. When that occurs the response should follow the same behavior as PROPFIND with respect to the DAV:multistatus response elements used to return specific property results. For instance, a Daboo, et al. Expires April 3, 2006 [Page 25] Internet-Draft CalDAV September 2005 request to retrieve the value of a property which does not exist is an error and MUST be noted with a response XML element which contains a 404 (Not Found) status value. Support for the CALDAV:calendar-query REPORT is REQUIRED. Marshalling: The request body MUST be a CALDAV:calendar-query XML element as defined in Section 8.1. The response body for a successful request MUST be a DAV: multistatus XML element (i.e., the response uses the same format as the response for PROPFIND). In the case where there are no response elements, the returned DAV:multistatus XML element is empty. The response body for a successful CALDAV:calendar-query REPORT request MUST contain a DAV:response element for each iCalendar object that matched the search filter. Calendar data is being returned in the CALDAV:calendar-data XML element inside the DAV: propstat XML element. Preconditions: None. Postconditions: (DAV:number-of-matches-within-limits): The number of matching calendar object resources must fall within server-specific, predefined limits. For example, this condition might be triggered if a search specification would cause the return of an extremely large number of responses. 6.4.1. Example: Partial retrieval of events by time range In this example, the client requests the server to return specific components and properties of the VEVENT components that overlap the time range from September 2nd, 2004 at 00:00:00 am UTC to September 3rd, 2004 at 00:00:00 am UTC. In addition the DAV:getetag property is also requested and returned as part of the response. Note that the third calendar object returned is a recurring event whose first instance lies outside of the requested time range, but whose second instance does overlap the time range. Daboo, et al. Expires April 3, 2006 [Page 26] Internet-Draft CalDAV September 2005 >> Request << REPORT /home/bernard/calendar/ HTTP/1.1 Host: cal.example.com Depth: 1 Content-Type: text/xml; charset="utf-8" Content-Length: xxxx >> Response << Daboo, et al. Expires April 3, 2006 [Page 27] Internet-Draft CalDAV September 2005 HTTP/1.1 207 Multi-Status Content-Type: text/xml; charset="utf-8" Content-Length: xxxx http://cal.example.com/home/bernard/calendar/ev102.ics "23ba4d-ff11fb" BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Example Corp.//CalDAV Client//EN BEGIN:VEVENT DTSTART:20040902T100000Z DTEND:20040902T120000Z SUMMARY:Design meeting UID:34222-232@example.com X-ABC-GUID:E1CX4zp-0005Ld-21@example.com END:VEVENT END:VCALENDAR HTTP/1.1 200 OK http://cal.example.com/home/bernard/calendar/mtg103.ics "ff11fb-23ba4d" BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Example Corp.//CalDAV Client//EN BEGIN:VEVENT DTSTART:20040902T130000Z DTEND:20040902T150000Z SUMMARY:Design meeting - Part II UID:63409-868@example.com X-ABC-GUID:E1CX5Dr-0007ym-Hz@example.com END:VEVENT END:VCALENDAR Daboo, et al. Expires April 3, 2006 [Page 28] Internet-Draft CalDAV September 2005 HTTP/1.1 200 OK http://cal.example.com/home/bernard/calendar/mtg104.ics "7834cd-63fd2c" BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Example Corp.//CalDAV Client//EN BEGIN:VEVENT DTSTART:20040901T130000Z DTEND:20040901T150000Z RRULE:FREQ=DAILY;COUNT=2 SUMMARY:Design meeting - Part III UID:63409-451@example.com X-ABC-GUID:E1CX5Dr-0008ym-Hz@example.com END:VEVENT END:VCALENDAR HTTP/1.1 200 OK 6.4.2. Example: Partial retrieval of recurring events In this example, the client requests the server to return VEVENT components that overlap the time range from June 1st, 2005 at 00:00:00 am UTC to June 9th, 2005 at 00:00:00 am UTC. Use of the CALDAV:limit-recurrence-set element causes the server to only return overridden recurrence instances that overlap the time range specified in that element. Daboo, et al. Expires April 3, 2006 [Page 29] Internet-Draft CalDAV September 2005 >> Request << REPORT /home/bernard/calendar/ HTTP/1.1 Host: cal.example.com Depth: 1 Content-Type: text/xml; charset="utf-8" Content-Length: xxxx Assuming that only the following recurring VEVENT components contains recurrence instances scheduled to overlap the specified time range: Daboo, et al. Expires April 3, 2006 [Page 30] Internet-Draft CalDAV September 2005 BEGIN:VCALENDAR PRODID:-//Example Corp.//CalDAV Client//EN VERSION:2.0 BEGIN:VEVENT DTSTAMP:20050507T203312Z UID:uid742@example.com DTSTART;TZID=America/Montreal:20050601T100000 RRULE:FREQ=WEEKLY;COUNT=3 DURATION:PT1H SUMMARY:Team Meeting LOCATION:Meeting room 17026 END:VEVENT BEGIN:VEVENT DTSTAMP:20050507T203312Z UID:uid742@example.com RECURRENCE-ID:20050615T050000Z DTSTART:20050615T050000Z DURATION:PT1H SUMMARY:Team Meeting LOCATION:Conference room 18044 END:VEVENT END:VCALENDAR The server will omit to return the calendar component describing the recurrence instance scheduled on June 15, 2005 in its response to the client. Daboo, et al. Expires April 3, 2006 [Page 31] Internet-Draft CalDAV September 2005 >> Response << HTTP/1.1 207 Multi-Status Content-Type: text/xml; charset="utf-8" Content-Length: xxxx http://cal.example.com/home/bernard/calendar/ev204.ics BEGIN:VCALENDAR PRODID:-//Example Corp.//CalDAV Client//EN VERSION:2.0 BEGIN:VEVENT DTSTAMP:20050507T203312Z UID:uid742@example.com DTSTART;TZID=America/Montreal:20050601T100000 RRULE:FREQ=WEEKLY;COUNT=3 DURATION:PT1H SUMMARY:Team Meeting LOCATION:Meeting room 17026 END:VEVENT END:VCALENDAR HTTP/1.1 200 OK 6.4.3. Example: Expanded retrieval of recurring events In this example, the client requests the server to return VEVENT components that overlap the time range from June 1st, 2005 at 00:00:00 am UTC to June 9th, 2005 at 00:00:00 am UTC and to return recurring calendar components expanded into individual recurrence instance calendar components. Use of the CALDAV:expand-recurrence- set element causes the server to only return overridden recurrence instances that overlap the time range specified in that element. Daboo, et al. Expires April 3, 2006 [Page 32] Internet-Draft CalDAV September 2005 >> Request << REPORT /home/bernard/calendar/ HTTP/1.1 Host: cal.example.com Depth: 1 Content-Type: text/xml; charset="utf-8" Content-Length: xxxx Assuming that only the following recurring VEVENT components contains recurrence instances scheduled to overlap the specified time range: Daboo, et al. Expires April 3, 2006 [Page 33] Internet-Draft CalDAV September 2005 BEGIN:VCALENDAR PRODID:-//Example Corp.//CalDAV Client//EN VERSION:2.0 BEGIN:VEVENT DTSTAMP:20050507T203312Z UID:uid742@example.com DTSTART;TZID=America/Montreal:20050601T100000 RRULE:FREQ=WEEKLY;COUNT=3 DURATION:PT1H SUMMARY:Team Meeting LOCATION:Meeting room 17026 END:VEVENT BEGIN:VEVENT DTSTAMP:20050507T203312Z UID:uid742@example.com RECURRENCE-ID:20050615T140000Z DTSTART:20050615T140000Z DURATION:PT1H SUMMARY:Team Meeting LOCATION:Conference room 18044 END:VEVENT END:VCALENDAR The server will return the recurring calendar component expanded into two recurrence instances omitting the recurrence instance scheduled on June 15, 2005 given that it does not overlap the specified time range for the expansion of the recurrence set. Daboo, et al. Expires April 3, 2006 [Page 34] Internet-Draft CalDAV September 2005 >> Response << HTTP/1.1 207 Multi-Status Content-Type: text/xml; charset="utf-8" Content-Length: xxxx http://cal.example.com/home/bernard/calendar/ev204.ics BEGIN:VCALENDAR PRODID:-//Example Corp.//CalDAV Client//EN VERSION:2.0 BEGIN:VEVENT DTSTAMP:20050507T203312Z UID:uid742@example.com RECURRENCE-ID:20050601T140000Z DTSTART:20050601T140000Z DURATION:PT1H SUMMARY:Team Meeting LOCATION:Meeting room 17026 END:VEVENT BEGIN:VEVENT DTSTAMP:20050507T203312Z UID:uid742@example.com RECURRENCE-ID:20050608T140000Z DTSTART:20050608T140000Z DURATION:PT1H SUMMARY:Team Meeting LOCATION:Meeting room 17026 END:VEVENT END:VCALENDAR HTTP/1.1 200 OK 6.4.4. Example: Retrieval of to-dos by alarm time range In this example, the client requests the server to return the VTODO components that have an alarm trigger scheduled in the specified time range. Daboo, et al. Expires April 3, 2006 [Page 35] Internet-Draft CalDAV September 2005 >> Request << REPORT /home/bernard/calendar/ HTTP/1.1 Host: cal.example.com Depth: 1 Content-Type: text/xml; charset="utf-8" Content-Length: xxxx 6.4.5. Example: Retrieval of event by UID In this example, the client requests the server to return the VEVENT component that has the UID property set to "20041121-FEEBDAED@foo.org". Daboo, et al. Expires April 3, 2006 [Page 36] Internet-Draft CalDAV September 2005 >> Request << REPORT /home/bernard/calendar/ HTTP/1.1 Host: cal.example.com Depth: 1 Content-Type: text/xml; charset="utf-8" Content-Length: xxxx 20041121-FEEBDAED@foo.org 6.4.6. Example: Retrieval of events by participation status In this example, the client requests the server to return the VEVENT components that have the ATTENDEE property with the value "mailto:bernard@example.com" and for which the PARTSTAT parameter is set to "NEEDS-ACTION". Daboo, et al. Expires April 3, 2006 [Page 37] Internet-Draft CalDAV September 2005 >> Request << REPORT /home/bernard/calendar/ HTTP/1.1 Host: cal.example.com Depth: 1 Content-Type: text/xml; charset="utf-8" Content-Length: xxxx mailto:bernard@example.com NEEDS-ACTION 6.4.7. Example: Retrieval of events only In this example, the client requests the server to return all VEVENT components. Daboo, et al. Expires April 3, 2006 [Page 38] Internet-Draft CalDAV September 2005 >> Request << REPORT /home/bernard/calendar/ HTTP/1.1 Host: cal.example.com Depth: 1 Content-Type: text/xml; charset="utf-8" Content-Length: xxxx 6.5. CALDAV:calendar-multiget Report The CALDAV:calendar-multiget REPORT is used to retrieve specific calendar object resources from within a collection, if the Request- URI is a collection, or to retrieve a specific calendar object resource, if the Request-URI is a calendar object resource. This report is similar to the CALDAV:calendar-query REPORT (see Section 6.4), except that it takes a list of DAV:href elements instead of a CALDAV:filter element to determine which calendar object resources to return. Support for the calendar-multiget REPORT is REQUIRED. Marshalling: The request body MUST be a CALDAV:calendar-multiget XML element (see Section 8.5, which MUST contain at least one DAV:href XML element, and one optional CALDAV:calendar-data element as defined in Section 8.2. If the Request-URI is a collection resource, then the DAV:href elements MUST refer to resources within that collection, and they MAY refer to resources at any depth within the collection. As a result the "Depth" header MUST be ignored by the server and SHOULD NOT be sent by the client. If the Request- URI refers to a non-collection resource, then there MUST be a single DAV:href element that is equal to the Request-URI. Daboo, et al. Expires April 3, 2006 [Page 39] Internet-Draft CalDAV September 2005 The response body for a successful request MUST be a DAV: multistatus XML element. In the case where there are no response elements, the returned DAV:multistatus XML element is empty. The response body for a successful CALDAV:calendar-multiget REPORT request MUST contain a DAV:response element for each calendar object resource referenced by the provided set of DAV:href elements. Calendar data is being returned in the CALDAV:calendar- data element inside the DAV:prop element. In the case of an error accessing any of the provided DAV:href resources, the server MUST return the appropriate error status code in the DAV:status element of the corresponding DAV:response element. Preconditions: None. Postconditions: None. 6.5.1. Example: CALDAV:calendar-multiget Report In this example, the client requests the server to return specific properties of the VEVENT components referenced by specific URIs. In addition the DAV:getetag property is also requested and returned as part of the response. Note that in this example, the resource at http://cal.example.com/home/bernard/calendar/mtg1.ics does not exist, resulting in an error status response. Daboo, et al. Expires April 3, 2006 [Page 40] Internet-Draft CalDAV September 2005 >> Request << REPORT /home/bernard/calendar/ HTTP/1.1 Host: cal.example.com Content-Type: text/xml; charset="utf-8" Content-Length: xxxx http://cal.example.com/home/bernard/calendar/ev102.ics http://cal.example.com/home/bernard/calendar/mtg1.ics Daboo, et al. Expires April 3, 2006 [Page 41] Internet-Draft CalDAV September 2005 >> Response << HTTP/1.1 207 Multi-Status Content-Type: text/xml; charset="utf-8" Content-Length: xxxx http://cal.example.com/home/bernard/calendar/ev102.ics "23ba4d-ff11fb" BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Example Corp.//CalDAV Client//EN BEGIN:VEVENT DTSTART:20040902T100000Z DTEND:20040902T120000Z SUMMARY:Design meeting UID:34222-232@example.com END:VEVENT END:VCALENDAR HTTP/1.1 200 OK http://cal.example.com/home/bernard/calendar/mtg1.ics HTTP/1.1 404 Resource not found 6.6. CALDAV:free-busy-query Report The CALDAV:free-busy-query REPORT generates a VFREEBUSY component containing free busy information for all relevant calendar components within calendar collections which have the CALDAV:read-free-busy or DAV:read privilege granted for the current user. Only VEVENT components, without a TRANSP property or with the TRANSP property set to a value other than "TRANSPARENT", and VFREEBUSY components are used to generate the free busy time information. Daboo, et al. Expires April 3, 2006 [Page 42] Internet-Draft CalDAV September 2005 Support for the CALDAV:free-busy-query REPORT is REQUIRED. Marshalling: The request body MUST be a CALDAV:free-busy-query XML element (see Section 8.6, which MUST contain at least one CALDAV:time-range XML element, as defined in Section 8.4. The response body for a successful request MUST be a DAV: multistatus XML element. In the case where there are no response elements, the returned DAV:multistatus XML element is empty. The response body for a successful CALDAV:free-busy-query REPORT request MUST contains a DAV:response element for each calendar collection for which free-busy information has been computed. Each DAV:response element contains a single CALDAV:calendar-data XML element as defined in Section 8.2. The CALDAV:calendar-data XML element MUST contain an iCalendar object with a single VFREEBUSY component, with zero or more FREEBUSY property values that describe the busy time intervals for the calendar object resources being targeted, and with other properties set according to the rules of iCalendar. This report only returns busy time information. Applications desiring free time information MUST infer this from available busy time information. When the Request-URI for a CALDAV:free-busy-query REPORT is a calendar collection, the free-busy data is implicitly determined from the calendar object resources containing VEVENT and VFREEBUSY components within the calendar collection, irrespective of the value of any Depth header included in the REPORT request. Only calendar object resources containing VEVENT or VFREEBUSY components that have the CALDAV:read-free-busy privilege granted to the current user will be computed in the response. When the Request-URI for a CALDAV:free-busy-query REPORT is a non- calendar collection, the scope of the report is governed by the value of the Depth header in the request as follows: Depth: 0 - an empty VFREEBUSY component will be returned as there is no valid calendar data to be scanned on the collection. Depth: 1 - free-busy data for any calendar collections immediately within the target collection is returned. Depth: infinity - free-busy data for all calendar collections within any sub-collections of the target collection is returned. Note that as per the requirements of Section 6.3 the server MUST Daboo, et al. Expires April 3, 2006 [Page 43] Internet-Draft CalDAV September 2005 expand any recurring items to determine whether any instances contribute to the free busy information in the requested time range. Preconditions: None. Postconditions: (DAV:number-of-matches-within-limits): The number of matching calendar object resources must fall within server-specific, predefined limits. For example, this condition might be triggered if a search specification would cause the return of an extremely large number of responses. 6.6.1. Example: CALDAV:free-busy-query Report In this example, the client requests the server to return free-busy information on the calendar collection /home/bernard/calendar/, between 9:00 AM and 5:00 PM on 2nd September 2004. The server responds indicating three busy time intervals of one hour, two hours and 30 minutes during the course of the time interval being examined. >> Request << REPORT /home/bernard/calendar/ HTTP/1.1 Host: cal.example.com Depth: 1 Content-Type: text/xml; charset="utf-8" Content-Length: xxxx Daboo, et al. Expires April 3, 2006 [Page 44] Internet-Draft CalDAV September 2005 >> Response << HTTP/1.1 207 Multi-Status Content-Type: text/xml; charset="utf-8" Content-Length: xxxx http://cal.example.com/home/bernard/calendar/ BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Example Corp.//CalDAV Client//EN BEGIN:VFREEBUSY DTSTAMP:20050125T090000Z DTSTART:20040902T090000Z DTEND:20040902T170000Z FREEBUSY:20040902T090000Z/PT1H, 20040902T120000Z/PT2H, 20040902T160000Z/PT30M END:VFREEBUSY END:VCALENDAR HTTP/1.1 200 OK Daboo, et al. Expires April 3, 2006 [Page 45] Internet-Draft CalDAV September 2005 7. Guidelines 7.1. Client-to-client Interoperability There are a number of actions clients can take which will be legal (the server will not return errors) but which can degrade interoperability with other client implementations accessing the same data. For example, a recurrence rule could be replaced with a set of recurrence dates, a single recurring event could be replaced with a set of independent resources to represent each recurrence, or the start/end time values can be translated from the original timezone to another timezone. Although these are iCalendar interoperability best practices and not limited only to CalDAV usage, interoperability problems are likely to be more evident in CalDAV use cases. 7.2. Sychronization Operations WebDAV already provides functionality required to synchronize a collection or set of collections, make changes offline, and a simple way to resolve conflicts when reconnected. Strong ETags are the key to making this work, but these are not required of all WebDAV servers. Since offline functionality is more important to Calendar applications than to other WebDAV applications, CalDAV servers MUST support strong ETags. 7.2.1. Use of Reports 7.2.1.1. Restrict the Time Range The reports provided in CalDAV can be used by clients to optimize their performance in terms of network bandwidth usage, and resource consumption on the local client machine. Both of those issues are certainly major considerations for mobile or handheld devices with limited capacity, but they are also relevant to desktop client applications in cases where the calendar collections contain large amounts of data. Typically clients present calendar data to users in views that span a finite time interval, so whenever possible clients should only retrieve calendar items from the server using CALDAV:calendar-query report combined with a time-range element to limit the scope of returned items to just those needed to populate the current view. 7.2.1.2. Synchronize by Time Range Typically in a calendar, historical data (events, to-dos etc. that have completed prior to the current date) do not change, though they may be deleted. As a result, a client can speed up the Daboo, et al. Expires April 3, 2006 [Page 46] Internet-Draft CalDAV September 2005 synchronization process by only considering data for the present time and the future up to a reasonable limit (e.g., one week, one month). If the user then tries to examine a portion of the calendar outside of the range that has been synchronized, the client can perform another synchronization operation on the new time interval being examined. This "just-in-time" synchronization can minimize bandwidth for common user interaction behaviors. 7.2.1.3. Synchronization Process If a client wants to support calendar data synchronization, as opposed to downloading calendar data each time it is needed, it needs to cache the component resources URI and ETag along with the actual calendar data. Whilst the URI remains static for the lifetime of the component, the ETag will change with each successive change to the component data. Thus to synchronize a local data cache with the server, the client can first fetch the URI/ETag pairs for the time interval being considered, and compare those results with the cached data. Any cached component whose ETag differs from that on the server needs to be synchronized. In order to properly detect the changes between the server and client data, the client will need to keep a record of which items have been created, changed or deleted since the last synchronization operation so that it can reconcile those changes with the data on the server. An example of how to do that would be the following: The client issues a CALDAV:calendar-query REPORT request for a specific time range, and asks for only the DAV:getetag property to be returned: Daboo, et al. Expires April 3, 2006 [Page 47] Internet-Draft CalDAV September 2005 REPORT /home/bernard/calendar/ HTTP/1.1 Host: cal.example.com Depth: 1 Content-Type: text/xml; charset="utf-8" Content-Length: xxxx The client then uses the results to determine which components have changed, been created or deleted on the server and how those relate to locally cached components that may have changed, been created or deleted. If the client determines that there are items on the server that need to be fetched, the client issues a CALDAV: calendar-multiget report to fetch the actual data: Daboo, et al. Expires April 3, 2006 [Page 48] Internet-Draft CalDAV September 2005 REPORT /home/bernard/calendar/ HTTP/1.1 Host: cal.example.com Depth: 1 Content-Type: text/xml; charset="utf-8" Content-Length: xxxx http://cal.example.com/home/bernard/calendar/evt1.ics http://cal.example.com/home/bernard/calendar/mtg1.ics 7.2.2. Restrict the Properties Returned Clients may not need all the properties in a calendar component when presenting information to the user. Since some property data can be large (e.g., ATTACH or ATTENDEE lists) clients can choose to ignore those by only requesting the specific items it knows it will use, through use of the CALDAV:calendar-data XML element in the relevant reports. Daboo, et al. Expires April 3, 2006 [Page 49] Internet-Draft CalDAV September 2005 However, if a client needs to make a change to a component, it can only change the entire component data via a PUT request. There is no way to incrementally make a change to a set of properties within a calendar component resource. As a result the client will have to cache the entire set of properties on a resource that is being changed. 7.3. Use of Locking WebDAV locks can be used to prevent two clients modifying the same resource from either overwriting each others' changes (though that problem can also be solved by using ETags) and also to prevent the user from making changes that will conflict with another set of changes. In a multi-user calendar system, the calendar client could lock an event while the user is editing the event, and unlock the event when the user finishes or cancels. Locks can also be used to prevent changes while data is being reorganized. For example, a calendar client might lock two calendar collections prior to moving a bunch of calendar resources from one to another. Clients may request a lock timeout period that is appropriate to the use case. When the user explicitly decides to reserve a resource and prevent other changes, a long timeout might be appropriate, but in cases when the client automatically decides to lock the resource the timeout should be short (and the client can always refresh the lock should it need to). A short lock timeout means that if the client is unable to remove the lock, the other calendar users aren't prevented from making changes. 7.4. Finding calendars Much of the time a calendar client (or agent) will discover a new calendar's location by being provided directly with the URL. E.g. a user will type his or her own calendar location into client configuration information, or cut and paste a URL from email into the calendar application. The client need only confirm that the URL points to a resource which is a calendar. The client may also be able to browse WebDAV collections to find calendar collections. The choice of HTTP URLs means that calendar object resources are backward compatible with existing software, but does have the disadvantage that existing software does not usually know to look at the OPTIONS response to that URL to determine what can be done with it. This is somewhat of a barrier for WebDAV usage as well as with CalDAV usage. This specification does not offer a way through this other than making the information available in the OPTIONS response should this be requested. Daboo, et al. Expires April 3, 2006 [Page 50] Internet-Draft CalDAV September 2005 For calendar sharing and scheduling use cases, one might wish to find the calendar belonging to another user. If the other user has a calendar in the same repository, that calendar can be found by using the principal namespace required by WebDAV ACL support. For other cases, the authors have no universal solution but implementors can consider whether to use vCard [13] or LDAP [12] standards together with calendar attributes [14]. 7.5. Storing and Using Attachments CalDAV clients MAY create attachments in calendar components either as inline or external. This section contains some guidelines on creating and managing attachments. 7.5.1. Inline attachments CalDAV clients MUST support inline attachments as specified in the iCalendar format. All CalDAV servers MUST support inline attachments, so clients can rely on being able to create attachments this way. On the other hand, inline attachments have some drawbacks: Servers MAY impose limitations on the size of iCalendar components (i.e., refusing PUT requests of very large components). Servers MAY impose storage quota limitations on calendar collections [REF: WebDAV Quota] Any change to a component containing an attachment requires the entire attachment to be re-uploaded. Clients synchronizing a changed component have to download the entire component even if the attachment is unchanged. 7.5.2. External attachments CalDAV clients MUST support external attachments: if the client access any calendar component it MUST be capable of also accessing the external attachment if one exists (subject to virus checking or other security considerations). An external attachment could be: In a collection in the calendar collection containing the component Somewhere else in the same repository that hosts the calendar collection On an HTTP of FTP server elsewhere. Daboo, et al. Expires April 3, 2006 [Page 51] Internet-Draft CalDAV September 2005 CalDAV servers MAY support the MKCOL method to create sub-collections inside calendar collections. A sub-collection of a calendar collection MUST be able to contain any kind of resource, subject to access and quota control. Some CalDAV servers won't allow sub- collections inside calendar collections, and it may be possible on such a server to discover other locations where attachments can be stored. Clients are entirely responsible for maintaining reference consistency with components that link to external attachments. A client deleting a component with an external attachment might therefore also delete the attachment if that's appropriate, however appropriateness can be very hard to determine. A new component might easily reference some pre-existing Web resource which is intended to have independent existence from the CalDAV component (the "attachment" could be a major proposal to be discussed in a meeting, for instance). Best practices will probably emerge and should probably be documented but for now clients should be wary of engaging in aggressive "cleanup" of external attachments. A client could involve the user in making decisions about removing unreferenced documents, or a client could be conservative in only deleting attachments it had created. Also, clients are responsible for consistency of permissions when using external attachments. One reason for servers to support the storage of attachments within sub-collections of calendar collections is that ACL inheritance might make it easier to grant the same permissions to attachments that are granted on the calendar. Otherwise, it can be very difficult to keep permissions synchronized. With attachments stored on separate repositories, it can be impossible to keep permissions consistent -- the two repositories may not support the same permissions or have the same set of principals. Some systems have used tickets or other anonymous access control mechanisms to provide partially satisfactory solutions to these kinds of problems. 7.6. Storing and Using Alarms Note that all CalDAV calendar collections (including those which the user might treat as public or group calendars) can contain alarm information on events and todos. Users can synchronize a calendar between multiple devices and decide to have alarms execute on a different device than the device that created the alarm. Not all VALARM types are completely interoperable (e.g., those which name a sound file to play). Daboo, et al. Expires April 3, 2006 [Page 52] Internet-Draft CalDAV September 2005 When an alarm has action AUDIO, and the client is configured to execute the alarm, the client SHOULD play the suggested sound if it's available or play another sound, but SHOULD NOT rewrite the alarm just to replace the suggested sound with a sound that's locally available. Similarly with action DISPLAY, if a client is configured to execute the alarm then it SHOULD execute a display alarm by displaying either according to the suggested description or some reasonable replacement, but SHOULD NOT rewrite the alarm for its own convenience. When an alarm has action EMAIL, if the client is incapable of sending email, it SHOULD ignore the alarm but MUST continue to synchronize the alarm itself. This specification makes no recommendations about executing action PROCEDURE alarms except to note that clients are advised to take care to avoid creating security holes by executing these. Non-interoperable alarm information (e.g., should somebody define a color to be used in a display alarm) should be put in custom properties inside the VALARM component in order to keep the basic alarm usable on all devices. Clients that allow offline changes to a calendar MUST synchronize the alarm data that already exists in the calendar collection. Clients MAY execute alarms that are downloaded in this fashion, possibly based on user preference. If a client is only doing read operations on a calendar and there is no risk of losing alarm information, then the client MAY discard alarm information. This specification makes no attempt to provide multi-user alarms on group calendars or to find out who an alarm is intended for. Addressing those issues might require extensions to iCalendar, for example to store alarms per-user or indicate which user a VALARM was intended for. In the meantime, clients might maximize interoperability by generally not uploading alarm information to public, group or resource calendars. Daboo, et al. Expires April 3, 2006 [Page 53] Internet-Draft CalDAV September 2005 8. XML Element Definitions 8.1. CALDAV:calendar-query XML Element Name: calendar-query Namespace: urn:ietf:params:xml:ns:caldav Purpose: Defines a report for querying calendar data Description: See Section 6.4. 8.2. CALDAV:calendar-data XML Element Name: calendar-data Namespace: urn:ietf:params:xml:ns:caldav Purpose: Used to define which parts of a calendar component object should be returned by the report that uses this element. Description: When used in a request, the CALDAV:calendar-data element specifies the iCalendar components and properties to be returned in the iCalendar objects part of the response. If this element doesn't contain any CALDAV:comp element, iCalendar objects will be returned with all their components and properties. Value: When used inside a response, the CALDAV:calendar-data element contains an iCalendar object that matched the search filter specified in the request. 8.2.1. CALDAV:comp XML Element Daboo, et al. Expires April 3, 2006 [Page 54] Internet-Draft CalDAV September 2005 Name: comp Namespace: urn:ietf:params:xml:ns:caldav Purpose: Defines which component types to return Description: The name value is a calendar component name (e.g., "VEVENT") NOTE: The CALDAV:prop and CALDAV:allprop elements used here have the same name as elements defined in WebDAV. However, the elements used here have the "urn:ietf:params:xml:ns:caldav" namespace, as opposed to the "DAV:" namespace used for elements defined in WebDAV. 8.2.2. CALDAV:allcomp XML Element Name: allcomp Namespace: urn:ietf:params:xml:ns:caldav Purpose: Specifies that all components shall be returned Description: This element can be used when the client wants all types of components returned by a report. 8.2.3. CALDAV:allprop XML Element Name: allprop Namespace: urn:ietf:params:xml:ns:caldav Purpose: Specifies that all properties shall be returned. Description: This element can be used when the client wants all properties of components returned by a report. NOTE: The CALDAV:allprop element defined here has the same name as the DAV:allprop element defined in WebDAV. However, the CALDAV: allprop element defined here uses the "urn:ietf:params:xml:ns:caldav" namespace, as opposed to the "DAV:" namespace used for the DAV: Daboo, et al. Expires April 3, 2006 [Page 55] Internet-Draft CalDAV September 2005 allprop element defined in WebDAV. 8.2.4. CALDAV:prop XML Element Name: prop Namespace: urn:ietf:params:xml:ns:caldav Purpose: Defines which properties to return in the response. Description: The "name" attribute specifies the name of the calendar property to return (e.g., "ATTENDEE"). The "novalue" attribute can be used by clients to request that the actual value of the property not be returned (if the "novalue" attribute is set to "yes"). In that case the server will return just the iCalendar property name and any iCalendar parameters and a trailing ":" without the subsequent value data. NOTE: The CALDAV:prop element defined here has the same name as the DAV:prop element defined in WebDAV. However, the CALDAV:prop element defined here uses the "urn:ietf:params:xml:ns:caldav" namespace, as opposed to the "DAV:" namespace used for the DAV:prop element defined in WebDAV. 8.2.5. CALDAV:expand-recurrence-set XML Element Name: expand-recurrence-set Namespace: urn:ietf:params:xml:ns:caldav Purpose: Forces the server to expand recurring components into separate instances. Description: The CALDAV:expand-recurrence-set element specifies that recurring components shall be returned as individual components with no recurrence properties (i.e., EXDATE, EXRULE, RDATE and RRULE). The required "start" and "end" attributes contain iCalendar format DATE-TIME (always specified in UTC) or DATE values that define the time interval over which the recurrence expansion should take place. The start value is inclusive and the end value is exclusive of the interval as per iCalendar DTSTART Daboo, et al. Expires April 3, 2006 [Page 56] Internet-Draft CalDAV September 2005 and DTEND properties. The server MUST return only those expanded components whose time interval intersects the interval specified by the start and end attributes. 8.2.6. CALDAV:limit-recurrence-set XML Element Name: limit-recurrence-set Namespace: urn:ietf:params:xml:ns:caldav Purpose: Specifies a time range to limit the set of recurrence instances returned by the server. Description: The CALDAV:limit-recurrence-set XML element specifies that a server MUST only return information about the recurrence instances whose scheduled time intersect a specified time range for a given calendaring REPORT request. The required "start" and "end" attributes specify DATE or DATE-TIME iCalendar values in UTC that defines the actual time range. The server MUST use the same logic as defined for CALDAV:time-range to determine if a recurrence instance intersect a given time range. Definition: 8.3. CALDAV:filter XML Element Name: filter Namespace: urn:ietf:params:xml:ns:caldav Purpose: Determines which matching components are returned. Description: The "filter" element specifies the search filter used to match components that should be returned by a report. Daboo, et al. Expires April 3, 2006 [Page 57] Internet-Draft CalDAV September 2005 8.3.1. CALDAV:comp-filter XML Element Name: comp-filter Namespace: urn:ietf:params:xml:ns:caldav Purpose: Limits the search to only the chosen component types. Description: The "name" attribute is a calendar component type (e.g., "VEVENT"). When this element is present, the server should only return a component if it matches the filter, which is to say: ("no is-defined element" OR "is-defined matches") AND ("no time-range element" OR "time-range matches") AND ("no sub-component filter" OR "all sub-component filters match") AND ("no property filter elements" OR "all property filters match") 8.3.2. CALDAV:prop-filter XML Element Name: prop-filter Namespace: urn:ietf:params:xml:ns:caldav Purpose: Limits the search to specific properties. Description: The "name" attribute MUST contain an iCalendar property name (e.g., "ATTENDEE"). When the CALDAV:prop-filter executes, a property matches if: ("no is-defined element" OR "is-defined matches") AND ("no time-range element" OR "time-range matches") AND ("no text match element" OR "text-match matches") AND ("no parameter filter elements" OR "all parameter filters match") Daboo, et al. Expires April 3, 2006 [Page 58] Internet-Draft CalDAV September 2005 8.3.3. CALDAV:param-filter XML Element Name: param-filter Namespace: urn:ietf:params:xml:ns:caldav Purpose: Limits the search to specific parameters. Description: The "param-filter" element limits the search result to the set of resources containing properties with parameters that meet the parameter filter rules. When this filter executes, a parameter matches if: ("is-defined matches" OR "text-match matches") 8.3.4. CALDAV:is-defined XML Element Name: is-defined Namespace: urn:ietf:params:xml:ns:caldav Purpose: Causes a search to match a resource if a component type, property or parameter name exists. Description: The CALDAV:is-defined XML element limits the filter to resources where the named component, property or parameter is defined. 8.3.5. CALDAV:text-match XML Element Name: text-match Namespace: urn:ietf:params:xml:ns:caldav Purpose: Specifies a substring match on a property or parameter value. Daboo, et al. Expires April 3, 2006 [Page 59] Internet-Draft CalDAV September 2005 Description: The specified text is used for a substring match against the property or parameter value specified in a report. The "caseless" attribute indicates whether the match is case-sensitive (value set to "no") or case-insensitive (value set to "yes"). The default value is server-specified. Caseless matching SHOULD be implemented as defined in section 5.18 of the Unicode Standard ([11]). Support for the "caseless" attribute is optional. A server should respond with a status of 422 if it is used but cannot be supported. 8.4. CALDAV:time-range XML Element Name: time-range Namespace: urn:ietf:params:xml:ns:caldav Purpose: Specifies a time interval for testing components against. Description: The CALDAV:time-range element allows for a single time range to be defined, in order to limit all the results of the search to the set of resources that contain a component which overlap that time range. The value of the "start" and "end" attributes MUST follow the syntax of the DATE or DATE-TIME iCalendar value type, with any time specified in UTC. While the "start" and "end" attributes are not required to allow time ranges opened at one end, at least one of them MUST be specified in the CALDAV:time-range element. [[Comment.1: We need to clarify the logic when the DTSTART, DTEND, DURATION, or DUE properties are not defined in the calendar component. --desruisseaux]] A VEVENT component overlaps a given time-range if: (DTSTART <= start AND DTEND > start) OR (DTSTART <= start AND DTSTART+DURATION > start) OR (DTSTART >= start AND DTSTART < end) OR (DTEND > start AND DTEND <= end) Daboo, et al. Expires April 3, 2006 [Page 60] Internet-Draft CalDAV September 2005 A VTODO component overlaps a given time-range if: (DTSTART <= start AND DUE >= start) OR (DTSTART <= start AND DTSTART+DURATION > start) OR (DTSTART >= start AND DTSTART < end) OR (DUE >= start AND DUE < end) A VJOURNAL component overlaps a given time-range if: DTSTART >= start AND DTSTART < end A VALARM component overlaps a given time-range if: trigger-time >= start AND trigger-time < end Any property of value type DATE-TIME or DATE (e.g., DTSTAMP) will match a given time-range if: value >= start AND value < end 8.5. CALDAV:calendar-multiget XML Element Name: calendar-multiget Namespace: urn:ietf:params:xml:ns:caldav Purpose: CalDAV report used to retrieve specific calendar component items via their URIs. Description: See Section 6.5. 8.6. CALDAV:free-busy-query XML Element Name: free-busy-query Daboo, et al. Expires April 3, 2006 [Page 61] Internet-Draft CalDAV September 2005 Namespace: urn:ietf:params:xml:ns:caldav Purpose: CalDAV report used to generate a VFREEBUSY to determine busy time over a specific set of time ranges. Description: See Section 6.6. Daboo, et al. Expires April 3, 2006 [Page 62] Internet-Draft CalDAV September 2005 9. Internationalization Considerations Daboo, et al. Expires April 3, 2006 [Page 63] Internet-Draft CalDAV September 2005 10. Security Considerations HTTP protocol transactions are sent in the clear over the network unless protection from snooping is negotiated. This can be accomplished by use of TLS as defined in RFC2818 [6]. In particular, HTTP Basic authentication MUST NOT be used unless TLS is in effect. Servers MUST take adequate precautions to ensure malicious clients cannot consume excessive server resources (CPU, memory, disk, etc.) through carefully crafted reports. For example, a client could upload an event with a recurrence rule that specifies a recurring event occurring every second for the next 100 years which would result in approximately 3 x 10^9 instances! A report that asks for recurrences to be expanded over that range would likely constitute a denial-of-service attack on the server. [[Comment.2: We should make an explicit reference to the security considerations mentionned in iCalendar, iTIP and iMIP. --desruisseaux]] Daboo, et al. Expires April 3, 2006 [Page 64] Internet-Draft CalDAV September 2005 11. IANA Consideration In addition to the namespaces defined by RFC2518 [4] for XML elements, this document uses a URN to describe a new XML namespace conforming to a registry mechanism described in RFC3688 [8]. All other IANA considerations mentioned in RFC2518 [4] also apply to this document. 11.1. Namespace Registration Registration request for the CalDAV namespace: URI: urn:ietf:params:xml:ns:caldav Registrant Contact: See the "Author's Address" section of this document. XML: None. Namespace URIs do not represent an XML specification. Daboo, et al. Expires April 3, 2006 [Page 65] Internet-Draft CalDAV September 2005 12. Acknowledgements The authors would like to thank the following individuals for contributing their ideas and support for writing this specification: Michael Arick, Mario Bonin, Chris Bryant, Scott Carr, Mike Douglass, Helge Hess, Dan Mosedale, Kervin L. Pierre, Julian F. Reschke, Mike Shaver, Simon Vaillancourt, and Jim Whitehead. The authors would also like to thank the Calendaring and Scheduling Consortium for advice with this specification, and for organizing interoperability testing events to help refine it. Daboo, et al. Expires April 3, 2006 [Page 66] Internet-Draft CalDAV September 2005 13. References 13.1. Normative References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [2] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC 2246, January 1999. [3] Dawson, F. and Stenerson, D., "Internet Calendaring and Scheduling Core Object Specification (iCalendar)", RFC 2445, November 1998. [4] Goland, Y., Whitehead, E., Faizi, A., Carter, S., and D. Jensen, "HTTP Extensions for Distributed Authoring -- WEBDAV", RFC 2518, February 1999. [5] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. [6] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. [7] Clemm, G., Amsden, J., Ellison, T., Kaler, C., and J. Whitehead, "Versioning Extensions to WebDAV (Web Distributed Authoring and Versioning)", RFC 3253, March 2002. [8] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, January 2004. [9] Clemm, G., Reschke, J., Sedlar, E., and J. Whitehead, "Web Distributed Authoring and Versioning (WebDAV) Access Control Protocol", RFC 3744, May 2004. [10] Bray, T., Paoli, J., Sperberg-McQueen, C., Maler, E., and F. Yergeau, "Extensible Markup Language (XML) 1.0 (Third Edition)", W3C REC-xml-20040204, February 2004, . [11] The Unicode Consortium, "The Unicode Standard - Version 4.0", Addison-Wesley , August 2003, . ISBN 0321185781 Daboo, et al. Expires April 3, 2006 [Page 67] Internet-Draft CalDAV September 2005 13.2. Informative References [12] Wahl, M., Howes, T., and S. Kille, "Lightweight Directory Access Protocol (v3)", RFC 2251, December 1997. [13] Dawson, F. and T. Howes, "vCard MIME Directory Profile", RFC 2426, September 1998. [14] Small, T., Hennessy, D., and F. Dawson, "Calendar Attributes for vCard and LDAP", RFC 2739, January 2000. Daboo, et al. Expires April 3, 2006 [Page 68] Internet-Draft CalDAV September 2005 Appendix A. CalDAV Method Privilege Table (Normative) The following table extend the WebDAV Method Privilege Table specified in Appendix B of WebDAV ACL [9]. +------------+------------------------------------------------------+ | METHOD | PRIVILEGES | +------------+------------------------------------------------------+ | MKCALENDAR | DAV:bind | | | | | REPORT | DAV:read or CALDAV:read-free-busy (on all referenced | | | resources) | +------------+------------------------------------------------------+ Daboo, et al. Expires April 3, 2006 [Page 69] Internet-Draft CalDAV September 2005 Appendix B. Changes B.1. Changes in -08 a. Removed statement that said that client SHOULD always request DAV:getetag in calendar REPORTs. b. Removed redefiniton of DAV:response. c. Removed XML elements CALDAV:calendar-data-only. d. Removed resource type CALDAV:calendar-home. e. Moved the CALDAV:calendar-data element in the DAV:prop element in requests, and in the DAV:propstat element in responses. f. Further defined the request body of MKCALENDAR to allow clients to set properties at calendar collection creation time. g. Renamed CALDAV:calendar-home-URL to CALDAV:calendar-home-set h. Clarified the fact that calendar collections may only contain calendar object resources and ordinary collections. i. Clarified that calendar REPORTs should only be applied to calendar object resources contained in calendar collections. j. Changed the CALDAV:calendar-component-restriction-set and CALDAV: calendar-restriction properties to always be protected. k. Changed to use existing postcondition DAV:needs-privileges instead of a new CALDAV:insufficient-privilege postcondition. l. Added example for limit-recurrence-set. m. Added example for expand-recurrence-set. n. Moved CALDAV:calendar-address-set in the calendar-schedule draft and renamed it to CALDAV:calendar-user-address-set. o. Added guidelines on attachments and alarms. B.2. Changes in -07 a. Various editorial changes. b. Added properties calendar-restrictions and calendar-component- restriction-set on calendar collections. Daboo, et al. Expires April 3, 2006 [Page 70] Internet-Draft CalDAV September 2005 c. Added properties calendar-home-URL and calendar-address-set on principal resources. d. Removed property calendar-URL on principal resources. e. Added pre- and postconditions to reports. f. Added new XML elements calendar-data-only and limit-recurrent- set. g. Modified calendar-data XML element to support the attributes content-type and version. h. Reorganised sections 3, 4, 5 & 6 into two sections and re-ordered sub-sections. i. Added comment about client not setting a duplicate displayname. j. Removed three CalDAV OPTIONS requests. k. Changed "authenticated user" to "user" in various places. l. Rewrote section on calendar object resource restrictions for better clarity. B.3. Changes in -06 a. Reworded section "Recurrence and the Data Model". b. Removed timezone collection feature. c. Removed ability for a server to return the Location header on a successful PUT request. d. Clarified restrictions on calendar object resources contained in calendar collections. e. Added preconditions on PUT in calendar collections. f. Added informative "Guidelines" section, with information on locking and how to find calendar collections. g. Moved "Sychronization Operations" section in the "Guidelines" section. Daboo, et al. Expires April 3, 2006 [Page 71] Internet-Draft CalDAV September 2005 B.4. Changes in -05 a. Removed a lot of non-normative text. b. Removed property promotion/demotion requirements. c. Removed calendar-owner and cal-scale properties. d. Removed 'ical' prefix/text from element names. e. Relaxed WebDAV Class 2 (locking) requirement to a MAY. f. Relaxed MKCALENDAR requirement to a SHOULD. g. Moved the XML Namespace section in the Introduction. h. Added CALDAV: prefix to CalDAV XML elements in the text. i. Added CALDAV:calendar-multiget report. j. Added CALDAV:free-busy-query report. k. Added CALDAV:calendar-description property. l. Changed CALDAV:calendar-query-result element name to CALDAV: calendar-data m. Added description and examples of handling timezones. n. Added mandatory "start" and "end" attributes to the CALDAV: expand-recurrence-set element. o. Added three CalDAV OPTIONS requests. p. Grouped XML Element declarations in a separate section. B.5. Changes in -04 a. Added a note about the HTTP Location response header. b. Added report calendar-query. c. Removed reports calendar-property-search and calendar-time-range. d. Removed section on CalDAV and timezones. e. Added requirement to return ETag on creation. Daboo, et al. Expires April 3, 2006 [Page 72] Internet-Draft CalDAV September 2005 f. Revised data model to remove sub-collections from calendar collection. g. Added informative references section. h. Removed dependencies on DASL. B.6. Changes in -03 a. Removed Calendar Containers (simplification that doesn't seem to remove much functionality) b. Added MKCALENDAR to create calendars and all sub-collections c. Added cal-scale property to calendars B.7. Changes in -02 Basically still adding major sections of content: a. Defined new field values to the OPTIONS "DAV:" response header b. Added new resource properties c. Added new principal properties d. Added new SCHEDULE method and related headers e. Added new privileges for scheduling B.8. Changes in -01 a. Added section on privileges for calendaring, extending WebDAV ACL privilege set b. Defined what to do with unrecognized properties in the bodies of iCalendar events, with respect to property promotion/demotion Daboo, et al. Expires April 3, 2006 [Page 73] Internet-Draft CalDAV September 2005 Authors' Addresses Cyrus Daboo ISAMET Inc. 5001 Baum Blvd. Suite 650 Pittsburgh, PA 15213 US Email: daboo@isamet.com URI: http://www.isamet.com/ Bernard Desruisseaux Oracle Corporation 600 Blvd. de Maisonneuve West Suite 1900 Montreal, QC H3A 3J2 CA Email: bernard.desruisseaux@oracle.com URI: http://www.oracle.com/ Lisa Dusseault Open Source Application Foundation 2064 Edgewood Dr. Palo Alto, CA 94303 US Email: lisa@osafoundation.org URI: http://www.osafoundation.org/ Daboo, et al. Expires April 3, 2006 [Page 74] Internet-Draft CalDAV September 2005 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Daboo, et al. Expires April 3, 2006 [Page 75]