L. Dusseault Xythos Internet Draft C. Warner Document: draft-dusseault-dav-quota-01.txt Netezza Expires: July 2002 January 2002 Quota and Size Properties for DAV Collections Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Abstract WebDAV servers are frequently deployed with collection quota (size) limitations. This Internet-Draft discusses the two properties and minor behaviors needed for clients to interoperate with quota implementations on WebDAV repositories. Table of Contents Status of this Memo................................................1 Abstract...........................................................1 Requirement for quotas.............................................2 Implementation.....................................................2 DAV:quota-bytes....................................................2 DAV:space-used-bytes...............................................3 Error reporting....................................................5 Notes..............................................................5 References.........................................................7 Author's Addresses.................................................7 Dusseault Expires Jul 2002 1 DAV Collection Size and Quota January 2002 Requirement for quotas WebDAV servers based on [RFC2518] are already being implemented and deployed with quota restrictions on collections, so it make sense to standardize this functionality to improve user experience and client interoperability. This specification requires WebDAV because it requires PROPFIND support and relies on the WebDAV definition of collections and properties, including the definitions for live and protected properties. The reasons why WebDAV servers frequently have collection quotas enforced are the same reasons why any storage system comes with quotas. - Sometimes the storage service charges according to quota (XDrive.com and www.storeitonline.com have both operated under this model) - Sometimes the storage service is provided free, but the storage service provider has limited storage space (www.sharemation.com has this limitation and university-provided student accounts often do as well) - Even in cases where the storage can be upgraded, the storage managers may choose to limit quota in order to encourage users to limit the files they store on the system and to clean up obsolete files. IT departments within corporations may put quotas on storage used by employees. In order to work best with repositories that support quotas, client software should be able to determine and display the quota (limit) on any collection. Further, client software should have some way of fairly reliably determining how much storage space is already counted towards the quota. Implementation The approach to meeting the requirements and scenarios outlined above is simply to define two live, protected properties. This specification can be met on a server by implementing either or both of the following two properties. Both are recommended. Neither property need be returned in a request though the server may include either. However, these property names MUST be returned in a request for a resource that supports the properties. DAV:quota-bytes Name: quota-bytes Namespace: DAV: Purpose: Contains the amount of storage space allocated to a collection, measured in bytes. Dusseault Expires Jul 2002 2 DAV Collection Size and Quota January 2002 DTD: The DAV:quota-bytes property value is the total amount of storage space allocated to a collection and all its descendants. The value of this property will usually be protected, although a user with sufficient privileges may be permitted to change the value. The property is useful even if it is protected. A value of 0 indicates that storage is limited to 0. Users will probably not be able to add resources to the collection. A negative value indicates that the quota is not limited on this collection. A server SHOULD show a negative value rather than omit this property, if it supports this property at all. If the quota on a collection is reduced, the server MUST NOT delete excess files except as selected by an administrator. Thus, a collection may have more storage used than its quota allows. Quota is not additive. A collection only has the quota assigned to it, not (in addition) the quota assigned to sub collections or any other collections. Thus, if a collection A contains collection B, and both have quotas of 1,000,000 bytes, then collection A can contain up to 1,000,000 bytes including the bytes used by resources in B. Collection B, then, can only truly contain 1,000,000 bytes of used storage if A is empty. A quota on any collection must directly limit the storage used on that collection. If a collection A contains collection B but collection B's quota is smaller than collection A's quota, then collection B's space is limited by the quota on B. This property is OPTIONAL on collections and SHOULD NOT exist on non-collection resources. DAV:space-used-bytes Name: space-used-bytes Namespace: DAV: Purpose: Contains the amount of storage space used (possibly counted towards quota) by a collection, measured in bytes. DTD: The DAV:space-used-bytes value is calculated by the server to indicate approximately how much storage space is already taken up by this collection and all its descendants (in bytes). It MUST include child collections and all resources inside those child collections. It SHOULD include metadata storage size if metadata storage is counted against quota limitations. Support for this property is OPTIONAL on collections and SHOULD NOT exist on non-collection resources. A server SHOULD implement this property to the best of its ability if it implements the DAV:quota-bytes property. Dusseault Expires Jul 2002 3 DAV Collection Size and Quota January 2002 The value SHOULD be an accurate account of how the server counts what is stored against quota. Servers MUST NOT implement this property unless the value is at least as accurate as the client could calculate themselves by summing values for ôgetcontentlengthö. Support for this property enhances the client experience, because together with DAV:quota-bytes, the client can manage its files to avoid running out of allocated storage space. Clients may not be able to calculate the value adequately on their own, depending on how total space used is calculated by the server. Note that it is entirely possible for a server to support DAV:space- used-bytes without supporting DAV:quota-bytes or any kind of quota system. Example PROPFIND request and response Request: PROPFIND /~milele/public/ HTTP/1.1 Depth: 0 Host: www.sharemation.com Content-Type: text/xml Content-Length: 200 Response: HTTP/1.1 207 Multi-Status Date: Tue, 16 Oct 2001 22:13:39 GMT Content-Length: xxx Content-Type: text/xml; charset=UTF-8 http://www.sharemation.com/~milele/public/ -1 4403350 HTTP/1.1 200 OK Dusseault Expires Jul 2002 4 DAV Collection Size and Quota January 2002 Error reporting WebDAV (RFC2518) defines the status code 507 (Insufficient Storage). This status code SHOULD be used when a client request (e.g. a PUT, PROPFIND, MKCOL, MOVE or COPY) is forbidden because it would exceed their allotted quota. In order to differentiate the response from other storage problems, the server SHOULD include an XML error body as defined by DeltaV [RFC??] with the precondition tag. Example error response: HTTP/1.1 507 Insufficient Storage Content-Length: 100 Content-Type: text/xml Notes Server implementations store and account for their data in many different ways. Some of the challenges: - Some server implementations find it prohibitive to count property value size, others may choose to close that loophole for better accounting. - Older versions of resources may be stored as well. - Variants of one resource may exist with different content lengths - Content may be dynamically generated. - Resource bodies can be compressed Since server storage accounting can vary so much, clients should expect the following: - The size of a file on the client file system, or in a PUT message, may not correspond to the amount of storage required by the server to store the resource. Thus, the client cannot predict with 100% accuracy whether a given file will be allowed given the storage quota. - Deleting a resource may not free up the same amount of storage as indicated by the DAV:getcontentlength property defined in [RFC2518] for the resource. If deleting a resource does not free up any space, the file has probably been moved to a ôtrashö folder or ôrecycle binö. Dusseault Expires Jul 2002 5 DAV Collection Size and Quota January 2002 - The total size of a collection, DAV:space-used-bytes, is not necessarily a sum of the DAV:getcontentlength properties for resources stored in the collection. - A quota on a collection may be larger than the quota on a collection that contains it. For example, the quota on /~milele/ may be 100 MB, but the quota on /~milele/public/ may be unlimited. This allows the space used by /~milele/public/ to be as large as the quota on /~milele/ allows (depending on the other contents of /~milele/) even if the quota on /~milele/ is changed. Thus, even when the quota on a parent collection is changed, it is not necessarily required to change the quota on every child or descendant collection. Security Considerations A hacker may preferentially prefer to store files on collections with a large quota. This isn't strictly a security concern because it doesn't make it any easier to store files. On the other hand, the DAV:space-used-bytes may make it easier to detect tampering or misuse. If a server chooses to make the DAV:quota-bytes writable by clients with sufficient authorization, then it is opening up a certain amount of near-administration functionality to clients. However, it is not required for the DAV:quota-bytes property to be writeable by any clients, so a server can easily avoid this consideration. Dusseault Expires Jul 2002 6 DAV Collection Size and Quota January 2002 References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2518] Goland, Y., Whitehead, E., Faizi, A., Carter, S., and Jensen, D., "HTTP Extensions for Distributed Authoring -- WebDAV", RFC2518, February 1999. [RFC??] Clemm, Geoff, Jim Amsden, Tim Ellison, Chris Kaler, Jim Whitehead, "Versioning Extensions to WebDAV", RFC??, October 2001. Author's Addresses Lisa Dusseault Xythos Software, Inc. 77 Maiden Lane, Suite 200 Phone: 1-415-248-9004 San Francisco, CA, USA Email: lisa@xythos.com Clark Warner Netezza Corporation Suite 100 1671 Worcester Rd Phone: 1-508-665-6800 x889 Framingham, MA 01701 Email: webdav@thewarners.com Dusseault Expires Jul 2002 7