Internet Draft                                               R. Gellens
Document: draft-gellens-acap-sieve-00.txt                      QUALCOMM
Expires: 28 August 2000                                28 February 2000
    
    
                  ACAP Profile for Sieve Script Access
    
    
Status of this Memo:
    
    This document is an Internet-Draft and is in full conformance with
    all provisions of Section 10 of RFC2026.
    
    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF), its areas, and its working groups.  Note that
    other groups may also distribute working documents as
    Internet-Drafts.
    
    Internet-Drafts are draft documents valid for a maximum of six
    months and may be updated, replaced, or obsoleted by other documents
    at any time.  It is inappropriate to use Internet- Drafts as
    reference material or to cite them other than as "work in progress."
    
    The list of current Internet-Drafts can be accessed at
    <http://www.ietf.org/ietf/1id-abstracts.txt>
    
    The list of Internet-Draft Shadow Directories can be accessed at
    <http://www.ietf.org/shadow.html>.
    
    A version of this draft document is intended for submission to the
    RFC editor as a Proposed Standard for the Internet Community.
    Discussion and suggestions for improvement are requested.
    
    
Copyright Notice
    
    Copyright (C) The Internet Society 2000.  All Rights Reserved.


















Gellens                   Expires August 2000                   [Page 1]Internet Draft    ACAP Profile for Sieve Script Access>February 2000    

Table of Contents
    
     1.  Abstract . . . . . . . . . . . . . . . . . . . . . . . . . .  2
     2.  Conventions Used in this Document . . . . . . . . . . . . . . 2
     3.  Comments . . . . . . . . . . . . . . . . . . . . . . . . . .  2
     4.  Sieve ACAP Profile Overview . . . . . . . . . . . . . . . . . 2
     5.  Commands . . . . . . . . . . . . . . . . . . . . . . . . . .  3
     6.  Responses . . . . . . . . . . . . . . . . . . . . . . . . . . 4
     7.  Datasets and Attributes  . . . . . . . . . . . . . . . . . .  4
     8.  Multiple Sieve Scripts  . . . . . . . . . . . . . . . . . . . 5
     9.  Example Session  . . . . . . . . . . . . . . . . . . . . . .  5
    10.  References  . . . . . . . . . . . . . . . . . . . . . . . . . 6
    11.  Security Considerations  . . . . . . . . . . . . . . . . . .  6
    12.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6
    13.  Author's Address . . . . . . . . . . . . . . . . . . . . . .  6
    14.  Full Copyright Statement  . . . . . . . . . . . . . . . . . . 6
    
    
1.  Abstract
    
    The Sieve [SIEVE] language provides a very useful interoperable
    syntax for mail filtering.  The Email Account Dataset Class
    [ACAP-EMAIL] provides an extensible and interoperable means of
    accessing and controlling Sieve scripts, but requires an ACAP [ACAP]
    server.
    
    This memo proposes a profile of ACAP which is suitable for accessing
    Sieve scripts, very easy to implement in clients and servers, and
    upwardly compatible with ACAP.
    
    
2.  Conventions Used in this Document
    
    The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
    "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
    document are to be interpreted as described in RFC 2119 [KEYWORDS].
    
    
3.  Comments
    
    Public comments can be sent to the Sieve mailing list,
    <ietf-mta-filters@imc.org>.  To subscribe, send a message to
    <ietf-mta-filters-request@imc.org> with the word SUBSCRIBE as the
    body.  Private comments should be sent to the author.
    
    
4.  Sieve ACAP Profile Overview
    
    The Sieve ACAP Profile uses ACAP commands and syntax but provides
    access only to Sieve-related [SIEVE] attributes in an actual or
    virtual Email Account Dataset [ACAP-EMAIL].  Clients can store and
    retrieve Sieve scripts.  If supported by the server, syntax errors


Gellens                   Expires August 2000                   [Page 2]Internet Draft    ACAP Profile for Sieve Script Access>February 2000    

    and warnings for just-stored scripts, and/or run-time errors and
    warnings, are also available.
    
    By using a profile of ACAP, we get a ready-made protocol designed
    for just this type of activity which is very easy to implement, and
    most importantly, an easy upgrade path.  A client which uses this
    profile can also talk to a full ACAP server.  Full ACAP provides
    many features not available in the profile, such as Access Control
    Lists (ACLs), sophisticated searching (including change
    notification), and of course unlimited attributes and datasets.
    
    The goal of this profile is to provide the minimum functionality
    required to access and store Sieve scripts, in a way that is as easy
    as possible to implement in clients and servers, with a sensible
    upgrade mechanism (in this case, to full ACAP).
    
    This profile of ACAP uses port xxx.  The normal ACAP sequence is
    followed (client opens connection, server responds with an initial
    greeting, etc.)
    
    
5.  Commands
    
    The supported ACAP commands (with the RFC 2244 section numbers) are:
    
       AUTHENTICATE (6.3.1)
       SEARCH (6.4.1)
       STORE (6.6.1)
       NOOP (6.2.1)
       LOGOUT (6.2.4)
    
    Note that the SEARCH and STORE commands are severely limited as to
    the datasets and attributes which may be accessed, and the command
    elements which may be used.
    
    Servers MAY choose to support only those command elements
    specifically mentioned here.
    
    The SEARCH command MUST NOT use a dataset name not permitted by
    section 7, Datasets and Attributes.
    
    The RETURN modifier MAY be used.  Other modifiers SHOULD NOT be
    used.  The RETURN modifier MUST only specify attributes permitted by
    section 7, Datasets and Attributes.
    
    The EQUAL criteria SHOULD be used.  Other criteria SHOULD NOT be
    used.  The EQUAL criteria SHOULD specify an attribute of "ENTRY", a
    comparator of "i;octet", and a value permitted by section 7.
    
    A typical SEARCH command is:




Gellens                   Expires August 2000                   [Page 3]Internet Draft    ACAP Profile for Sieve Script Access>February 2000    

       t1 SEARCH "/email/~/" RETURN ("email.sieve.script") EQUAL "entry"
       "i;octet" "sieve"
    
    The SEARCH command results in typically one ENTRY intermediate
    response and one MODTIME intermediate response, followed by an OK
    response.
    
    The STORE command MUST be passed one entry store list.  The entry
    path normally refers to the "sieve" (or another) entry in the
    "email" dataset (for example, "/email/~/sieve" ).  See section 7.
    
    Attribute store items MUST use attribute names which begin with
    "email.sieve." The NOCREATE modifier MUST NOT be used.  The
    UNCHANGEDSINCE modifier MAY be used.
    
    A typical STORE command is:
       t2 STORE ("/email/~/sieve" "email.sieve.script" <script>)
    
    
6.  Responses
    
    The following ACAP responses are supported (with the section number
    in RFC 2244):
    
       ACAP Untagged Response (6.1.1)
       OK Response (6.2.5)
       NO Response (6.2.6)
       BAD Response (6.2.7)
       ENTRY Intermediate Response (6.4.2)
       MODTIME Intermediate Response (6.4.3)
       BYE Untagged Response (6.2.8)
    
    Note that the definition of initial-greeting (the ACAP untagged
    response) is changed to:
    
    initial-greeting = "*" SP "SIEVE" *(SP "(" init-capability ")") CRLF
    
    This is to avoid confusion with a full ACAP server, in addition to
    operating on a different port.
    
    
7.  Datasets and Attributes
    
    Only attributes which start with "email.sieve", in the Email
    dataset, are generally accessible using this profile.
    
    The server MAY also permit access to attributes which start with
    "capability.email.sieve." in the "email" entry of the "capability"
    dataset.  These attributes indicate (by a value of "1") the
    availability of the corresponding attributes in the Email dataset,
    for example, for Sieve run-time and syntax error and warning
    information.  To simplify implementation, this dataset is accessed


Gellens                   Expires August 2000                   [Page 4]Internet Draft    ACAP Profile for Sieve Script Access>February 2000    

    only as "/capability/~/", that is, under the user hierarchy.
    
    Only one entry in the Email dataset is available.  In
    implementations which use this protocol solely to allow access to
    existent or new Sieve scripts (such as a mail server), it is likely
    that there are no actual entries or datasets, simply one or more
    Sieve scripts per user.  In such cases, the "sieve" entry is used as
    a place holder for the only entry.  In other situations, there may
    be a full ACAP server offering access to general datasets and
    entries.  In this case, the client needs to know the actual entry
    name.  Thus, it is reasonable for clients to allow users to specify
    an entry name in addition to a server name, user name, etc.  It is
    also reasonable to default the entry name to "sieve".
    
    Attributes are specified in the Email Account Dataset Class
    [ACAP-EMAIL].  Note that the active Sieve script is contained in the
    "email.sieve.script" attribute.  Supported Sieve extension
    capability strings are in the multivalued "email.sieve.capability"
    attribute.
    
    
8.  Multiple Sieve Scripts
    
    It is possible to access multiple Sieve scripts.  The active Sieve
    script is always in the "email.sieve.script" attribute.  Additional
    Sieve scripts may be placed in attributes of the form
    "email.sieve.script.foo", where "foo" is the name of another script.
    
    A client can access all Sieve scripts by asking the server to return
    "email.sieve.script*".
    
    
9.  Example Session
    
   S:  * SIEVE (IMPLEMENTATION "sievead v1.0.0.7") (SASL "PLAIN"
         "CRAM-MD5")
   C:  0001 authenticate ....
   S:  0001 OK "Logged in"
   C:  0002 search "/email/~/" return ("email.sieve.capability"
            "email.sieve.script") equal "entry" "+i;octet" "sieve"
   S:  0002 ENTRY "sieve" ("fileinto" "vacation" "envelope") {25+}
            if size over 1
               keep;
   S:  0002 MODTIME "20000224232637550"
   S:  0002 OK "SEARCH Completed"
   C:  0003 store ("/email/~/sieve" "email.sieve.script" {112+}

            #rule\09<<0>>
            #size
            #verb \09 Over
            #value \09 2للللللللل
            #Keep \09


Gellens                   Expires August 2000                   [Page 5]Internet Draft    ACAP Profile for Sieve Script Access>February 2000    

            if size :over 2للللللللل
            {
                Keep;
            }
            )
   S:  003 OK "STORE Completed"
    
    
10.  References
    
    [ACAP] Newman, Myers, "ACAP -- Application Configuration Access
    Protocol", RFC 2244, Innosoft, Netscape, November 1997.
    <ftp://ftp.isi.edu/in-notes/rfc2244.txt>
    
    [ACAP-EMAIL] Gellens, "ACAP Email Account Dataset Class", work in
    Progress.
    <ftp://ftp.ietf.org/internet-drafts/draft-gellens-acap-acnt-xx.txt>
    
    [KEYWORDS] Bradner, "Key words for use in RFCs to Indicate
    Requirement Levels", RFC 2119, Harvard University, March 1997.
    <ftp://ftp.isi.edu/in-notes/rfc2119.txt>
    
    [SIEVE] Showalter, "Sieve -- a Mail Filtering Language", Carnegie
    Mellon, Work in Progress.
    <ftp://ftp.ietf.org/internet-drafts/draft-showalter-sieve-xx.txt>\
    
    
11.  Security Considerations
    
    Since this protocol does not include Access Control Lists (ACLs) or
    other means for setting or changing permissions, by default servers
    MUST ensure that only a script owner has access to a script.
    Servers MAY provide and/or honor out-of-band mechanisms for setting
    access controls on scripts (for example, native OS file
    permissions).
    
    
12.  Acknowledgments
    
    Many thanks to Larry Greenfield and Alexey Melnikov for their
    suggestions and for catching so many of my errors.
    
    
13.  Author's Address
    
   Randall Gellens                    +1 858 651 5115
   QUALCOMM Incorporated              randy@qualcomm.com
   5775 Morehouse Drive
   San Diego, CA  92121-2779
   U.S.A.
    
    


Gellens                   Expires August 2000                   [Page 6]Internet Draft    ACAP Profile for Sieve Script Access>February 2000    

14.  Full Copyright Statement
    
    Copyright (C) The Internet Society 2000.  All Rights Reserved.
    
    This document and translations of it may be copied and furnished to
    others, and derivative works that comment on or otherwise explain it
    or assist in its implementation may be prepared, copied, published
    and distributed, in whole or in part, without restriction of any
    kind, provided that the above copyright notice and this paragraph
    are included on all such copies and derivative works.  However, this
    document itself may not be modified in any way, such as by removing
    the copyright notice or references to the Internet Society or other
    Internet organizations, except as needed for the purpose of
    developing Internet standards in which case the procedures for
    copyrights defined in the Internet Standards process must be
    followed, or as required to translate it into languages other than
    English.
    
    The limited permissions granted above are perpetual and will not be
    revoked by the Internet Society or its successors or assigns.
    
    This document and the information contained herein is provided on an
    "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
    TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
    BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
    HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.



























Gellens                   Expires August 2000                   [Page 7]