Network Working Group D. Royer Internet-Draft IntelliCal, LLC Expires: October 2, 2005 April 3, 2005 Basic iCalendar Transport-Independent Interoperability Protocol (iTIP) Scheduling Events draft-royer-itip-basic-00 Status of this Memo This document is an Internet-Draft and is subject to all provisions of section 3 of RFC 3667. By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she become aware will be disclosed, in accordance with RFC 3668. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on October 2, 2005. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This is the second release of iTIP. After having learned from RFC-2446 where most of this text comes from. This document represents the common objects needed for basic calendaring. The VTODO, VJOURNAL, VTIMEZONE, recurrence rules (RDATE remains), and scheduling and their associated properties have been removed. These removals are expected to appear in new memos at a later time and will be independent extensions of this specification. The new EXTENSIONS Royer Expires October 2, 2005 [Page 1] Internet-Draft iTIPbis April 2005 property will exist to allow for compatible sets of extensions. This document specifies how calendaring systems use iCalendar objects to interoperate with other calendar systems. It does so in a general way so as to allow multiple methods of communication between systems. Subsequent documents specify interoperable methods of communications between systems that use this protocol. The document outlines a model for calendar exchange that defines both static and dynamic event, to-do, journal and free/busy objects. Static objects are used to transmit information from one entity to another without the expectation of continuity or referential integrity with the original item. Dynamic objects are a superset of static objects and will gracefully degrade to their static counterparts for clients that only support static objects. This document specifies an Internet protocol based on the iCalendar object specification that provides scheduling interoperability between different calendar systems. The Internet protocol is called the "Basic iCalendar Transport-Independent Interoperability Protocol (iTIP-Basic)". iTIP-Basic complements the iCalendar object specification by adding semantics for group scheduling methods commonly available in current calendar systems. These scheduling methods permit two or more calendar systems to perform transactions such as publish, schedule, reschedule, respond to scheduling requests, negotiation of changes or cancel iCalendar-based calendar components. iTIP-Basic is defined independent of the particular transport used to transmit the scheduling information. Companion memos to iTIP-Basic provide bindings of the interoperability protocol to a number of Internet protocols. Royer Expires October 2, 2005 [Page 2] Internet-Draft iTIPbis April 2005 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1 Formatting Conventions . . . . . . . . . . . . . . . . . . 4 1.2 Related Documents . . . . . . . . . . . . . . . . . . . . 5 1.3 ITIP-BASIC Roles and Transactions . . . . . . . . . . . . 5 2. Interoperability Models . . . . . . . . . . . . . . . . . . . 8 2.1 Application Protocol . . . . . . . . . . . . . . . . . . . 8 2.1.1 Calendar Entry State . . . . . . . . . . . . . . . . . 9 2.1.2 Delegation . . . . . . . . . . . . . . . . . . . . . . 9 2.1.3 Acting on Behalf of other Calendar Users . . . . . . . 9 2.1.4 Component Revisions . . . . . . . . . . . . . . . . . 10 2.1.5 Message Sequencing . . . . . . . . . . . . . . . . . . 10 3. Application Protocol Elements . . . . . . . . . . . . . . . . 12 3.1 Common Component Restriction Tables . . . . . . . . . . . 12 3.2 Methods for VEVENT Calendar Components . . . . . . . . . . 13 3.2.1 PUBLISH . . . . . . . . . . . . . . . . . . . . . . . 14 3.2.2 REQUEST . . . . . . . . . . . . . . . . . . . . . . . 16 3.2.3 REPLY . . . . . . . . . . . . . . . . . . . . . . . . 19 3.2.4 ADD . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.2.5 CANCEL . . . . . . . . . . . . . . . . . . . . . . . . 23 3.2.6 REFRESH . . . . . . . . . . . . . . . . . . . . . . . 25 3.2.7 COUNTER . . . . . . . . . . . . . . . . . . . . . . . 26 3.2.8 DECLINECOUNTER . . . . . . . . . . . . . . . . . . . . 27 3.3 Methods For VFREEBUSY Components . . . . . . . . . . . . . 28 3.3.1 PUBLISH . . . . . . . . . . . . . . . . . . . . . . . 29 3.3.2 REQUEST . . . . . . . . . . . . . . . . . . . . . . . 30 3.3.3 REPLY . . . . . . . . . . . . . . . . . . . . . . . . 31 3.4 Methods For VTODO Components . . . . . . . . . . . . . . . 32 3.5 Methods For VJOURNAL Components . . . . . . . . . . . . . 32 3.6 Status Replies . . . . . . . . . . . . . . . . . . . . . . 32 3.7 Implementation Considerations . . . . . . . . . . . . . . 35 3.7.1 Working With Recurrence Instances . . . . . . . . . . 35 3.7.2 Attendee Property Considerations . . . . . . . . . . . 35 3.7.3 X-Tokens . . . . . . . . . . . . . . . . . . . . . . . 35 4. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 5. Application Protocol Fallbacks . . . . . . . . . . . . . . . . 37 5.1 Partial Implementation . . . . . . . . . . . . . . . . . . 37 5.1.1 Event-Related Fallbacks . . . . . . . . . . . . . . . 37 5.1.2 Latency Issues . . . . . . . . . . . . . . . . . . . . 37 5.1.3 Sequence Number . . . . . . . . . . . . . . . . . . . 37 5.2 Security Considerations . . . . . . . . . . . . . . . . . 37 5.2.1 Security Threats . . . . . . . . . . . . . . . . . . . 38 5.2.2 Recommendations . . . . . . . . . . . . . . . . . . . 39 5.3 Acknowledgments . . . . . . . . . . . . . . . . . . . . . 40 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 41 Intellectual Property and Copyright Statements . . . . . . . . 42 Royer Expires October 2, 2005 [Page 3] Internet-Draft iTIPbis April 2005 1. Introduction This document specifies how calendaring systems use iCalendar objects to interoperate with other calendar systems. In particular, it specifies how to schedule events only. To-dos, or daily journal entries have been removed. It further specifies how to ask for available busy time information. It does so in a general way so as to allow multiple methods of communication between systems. Subsequent documents specify transport bindings between systems that use this protocol. This protocol is based on messages sent from an originator to one or more recipients. For certain types of messages, a recipient may reply, in order to update their status and may also return transaction/request status information. The protocol supports the ability for the message originator to modify or cancel the original message. The protocol also supports the ability for recipients to suggest changes to the originator of a message. The elements of the protocol also define the user roles for its transactions. 1.1 Formatting Conventions In order to refer to elements of the calendaring and scheduling model, core object or interoperability protocol defined in [1] and [iTIP-Basic] several formatting conventions have been utilized. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this document are to be interpreted as described in [3]. Calendaring and scheduling roles are referred to in quoted-strings of text with the first character of each word in upper case. For example, "Organizer" refers to a role of a "Calendar User" (CU) within the scheduling protocol defined by [iTIP-Basic]. Calendar components defined by [1] are referred to with capitalized, quoted-strings of text. All calendar components start with the letter "V". For example, "VEVENT" refers to the event calendar component. Scheduling methods defined by [iTIP-Basic] are referred to with capitalized, quoted-strings of text. For example, "REQUEST" refers to the method for requesting a scheduling calendar component be created or modified, "REPLY" refers to the method a recipient of a request uses to update their status with the "Organizer" of the calendar component. Properties defined by [1] are referred to with capitalized, quoted-strings of text, followed by the word "property". For example, "ATTENDEE" property refers to the iCalendar property used to convey the calendar address of a "Calendar User". Property Royer Expires October 2, 2005 [Page 4] Internet-Draft iTIPbis April 2005 parameters defined by this memo are referred to with lower case, quoted-strings of text, followed by the word "parameter". For example, "value" parameter refers to the iCalendar property parameter used to override the default data type for a property value. Enumerated values defined by this memo are referred to with capitalized text, either alone or followed by the word "value". In tables, the quoted-string text is specified without quotes in order to minimize the table length. 1.2 Related Documents Implementers will need to be familiar with several other memos that, along with this one, describe the Internet calendaring and scheduling standards. This document, [iTIP-Basic], specifies an interoperability protocol for scheduling between different implementations. The related documents are: [1] - specifies the objects, data types, properties and property parameters used in the protocols, along with the methods for representing and encoding them; [2] specifies an Internet email binding for [iTIP-Basic]. This memo does not attempt to repeat the specification of concepts or definitions from these other memos. Where possible, references are made to the memo that provides for the specification of these concepts or definitions. 1.3 ITIP-BASIC Roles and Transactions ITIP-BASIC defines methods for exchanging [1] objects for the purposes of group calendaring and scheduling between "Calendar Users" (CUs). CUs take on one of two roles in iTIP-Basic. The CU who initiates an exchange takes on the role of "Organizer". For example, the CU who proposes a group meeting is the "Organizer". The CUs asked to participate in the group meeting by the "Organizer" take on the role of "Attendee". Note that "role" is also a descriptive parameter to the _ATTENDEE_ property. Its use is to convey descriptive context to an "Attendee" such as "chair", "req-participant" or "non-participant" and has nothing to do with the calendaring workflow. The ITIP-BASIC methods are listed below and their usage and semantics are defined in section 3 of this document. Royer Expires October 2, 2005 [Page 5] Internet-Draft iTIPbis April 2005 +================+==================================================+ | Method | Description | |================+==================================================| | PUBLISH | Used to publish a calendar entry to one or more | | | Calendar Users. There is no interactivity | | | between the publisher and any other calendar | | | user. An example might include a baseball team | | | publishing its schedule to the public. | | | | | REQUEST | Used to schedule a calendar entry with other | | | Calendar Users. Requests are interactive in that | | | they require the receiver to respond using | | | the Reply methods. Meeting Requests, Busy | | | Time requests. Requests are also used by the | | | "Organizer" to | | | update the status of a calendar entry. | | | | | REPLY | A Reply is used in response to a Request to | | | convey "Attendee" status to the "Organizer". | | | Replies are commonly used to respond to meeting | | | and task requests. | | | | | ADD | The only way to add one or more instances to an | | | existing VEVENT. | | | | | CANCEL | Cancel one or more instances of an existing | | | VEVENT. | | | | | REFRESH | The Refresh method is used by an "Attendee" to | | | request the latest version of a calendar entry. | | | | | COUNTER | The Counter method is used by an "Attendee" to | | | ask for a change in the calendar entry. | | | Examples include the request to change a | | | proposed Event time. | | | | | DECLINE- | Used by the "Organizer" to decline the proposed | | COUNTER | counter-proposal. | +================+==================================================+ Group scheduling in iTIP-Basic is accomplished using the set of "request" and "response" methods described above. The following table shows the methods broken down by who can send them. Royer Expires October 2, 2005 [Page 6] Internet-Draft iTIPbis April 2005 +================+==================================================+ | Originator | Methods | |================+==================================================| | Organizer | PUBLISH, REQUEST, ADD, CANCEL, DECLINECOUNTER | | | | | Attendee | REPLY, REFRESH, COUNTER | +================+==================================================+ Note that for some calendar component types, the allowable methods are a subset of the above set. Royer Expires October 2, 2005 [Page 7] Internet-Draft iTIPbis April 2005 2. Interoperability Models There are two distinct protocols relevant to interoperability: an "Application Protocol" and a "Transport Protocol". The Application Protocol defines the content of the iCalendar objects sent between sender and receiver to accomplish the scheduling transactions listed above. The Transport Protocol defines how the iCalendar objects are sent between the sender and receiver. This document focuses on the Application Protocol. Binding documents such as [2] focus on the Transport Protocol. The connection between Sender and Receiver in the diagram below refers to the Application Protocol. The iCalendar objects passed from the Sender to the Receiver are presented in Section 3, Application Protocol Elements. +----------+ +----------+ | | iTIP-Basic | | | Sender |<-------------------->| Receiver | | | | | +----------+ +----------+ There are several variations of this diagram in which the Sender and Receiver take on various roles of a "Calendar User Agent" (CUA) or a "Calendar Service" (CS). The architecture of iTIP-Basic is depicted in the diagram below. An application written to this specification may work with bindings for the store-and-forward transport, the real time transport, or both. Also note that iTIP-Basic could be bound to other transports. +------------------------------------------+ | iTIP-Basic | +------------------------------------------+ |Real-time | Store-and-Fwd | Other | |Transport | Transport | Transports... | +------------------------------------------+ 2.1 Application Protocol In the iTIP-Basic model, a calendar entry is created and managed by an "Organizer". The "Organizer" interacts with other CUs by sending one or more of the iTIP-Basic messages listed above. "Attendees" use the "REPLY" method to communicate their status. "Attendees" do not make direct changes to the master calendar entry. They can, however, use the "COUNTER" method to suggest changes to the "Organizer". In any case, the "Organizer" has complete control over the master Royer Expires October 2, 2005 [Page 8] Internet-Draft iTIPbis April 2005 calendar entry. 2.1.1 Calendar Entry State There are two distinct states relevant to calendar entries: the overall state of the entry and the state associated with an "Attendee" to that entry. The state of an entry is defined by the "STATUS" property and is controlled by the "Organizer." There is no default value for the "STATUS" property. The "Organizer" sets the "STATUS" property to the appropriate value for each calendar entry. The state of a particular "Attendee" relative to an entry is defined by the "partstat" parameter in the "ATTENDEE" property for each "Attendee". When an "Organizer" issues the initial entry, "Attendee" status is unknown. The "Organizer" specifies this by setting the "partstat" parameter to "NEEDS-ACTION". Each "Attendee" modifies their "ATTENDEE" property "partstat" parameter to an appropriate value as part of a "REPLY" message sent back to the "Organizer". 2.1.2 Delegation Delegation is defined as the process by which an "Attendee" grants another CU (or several CUs) the right to attend on their behalf. The "Organizer" is made aware of this change because the delegating "Attendee" informs the "Organizer". These steps are detailed in the REQUEST method section. This is not supported in iTIP-Basic. 2.1.3 Acting on Behalf of other Calendar Users In many organizations one user will act on behalf of another to organize and/or respond to meeting requests. ITIP-BASIC provides two mechanisms that support these activities. First, the "Organizer" is treated as a special entity, separate from "Attendees". All responses from "Attendees" flow to the "Organizer", making it easy to separate a calendar user organizing a meeting from calendar users attending the meeting. Additionally, iCalendar provides descriptive roles for each "Attendee". For instance, a role of "chair" may be ascribed to one or more "Attendees". The "chair" and the "Organizer" may or may not be the same calendar user. This maps well to scenarios where an assistant may manage meeting logistics for another individual who chairs a meeting. Second, a "sent-by" parameter may be specified in either the Royer Expires October 2, 2005 [Page 9] Internet-Draft iTIPbis April 2005 "Organizer" or "Attendee" properties. When specified, the "sent-by" parameter indicates that the responding CU acted on behalf of the specified "Attendee" or "Organizer". 2.1.4 Component Revisions The "SEQUENCE" property is used by the "Organizer" to indicate revisions to the calendar component. The rules for incrementing the "SEQUENCE" number are defined in [1].] In some circumstances the "Organizer" may not have received responses to the final revision sent out. In this situation, the "Organizer" may wish to send an update "REQUEST", and set "RSVP=TRUE" for all "Attendees", so that current responses can be collected. The value of the "SEQUENCE" property contained in a response from an "Attendee" may not always match the "Organizer's" revision. Implementations may choose to have the CUA indicate to the CU that the response is to an entry that has been revised and allow the CU to decide whether or not to accept the response. The "Organizer" is not required to send objects to any "Attendee" unless the change effects the "Attendee". It is possible for an "Attendee" to get invited with an object with a sequence value larger then zero. And it is possible for an "Attendee" to get an update that has a "SEQUENCE" property value that is more than one larger than what the "Attendee" currently has. As an example the "Organizer" may determine that it will not send each "Attendee" an update each time an new "Attendee" is added. 2.1.5 Message Sequencing CUAs that handle the [iTIP-Basic] application protocol must often correlate a component in a calendar store with a component received in the [iTIP-Basic] message. For example, an event may be updated with a later revision of the same event. To accomplish this, a CUA must correlate the version of the event already in its calendar store with the version sent in the [iTIP-Basic] message. In addition to this correlation, there are several factors that can cause [iTIP-Basic] messages to arrive in an unexpected order. That is, an "Organizer" could receive a reply to an earlier revision of a component AFTER receiving a reply to a later revision. To maximize interoperability and to handle messages that arrive in an unexpected order, use the following rules: 1. The primary key for referencing a particular iCalendar component is the "UID" property value. Royer Expires October 2, 2005 [Page 10] Internet-Draft iTIPbis April 2005 2. The secondary key for referencing a component is the "SEQUENCE" property value. For components where the "UID" is the same, the component with the highest numeric value for the "SEQUENCE" property obsoletes all other revisions of the component with lower values. For an "Attendee" that means that toss the current object and replace it with the new object, keeping any local implementation specific information when possible. 3. "Attendees" send "REPLY" messages to the "Organizer". For replies where the "UID" property value is the same, the value of the "SEQUENCE" property indicates the revision of the component to which the "Attendee" is replying. The reply with the highest numeric value for the "SEQUENCE" property obsoletes all other replies with lower values. 4. In situations where the "UID" and "SEQUENCE" properties match, the "DTSTAMP" property is used as the tie-breaker. The component with the latest "DTSTAMP" overrides all others. Similarly, for "Attendee" responses where the "UID" property values match and the "SEQUENCE" property values match, the response with the latest "DTSTAMP" overrides all others. Hence, CUAs must persist the following component properties: "UID", "SEQUENCE", and "DTSTAMP". Furthermore, for each "ATTENDEE" property of a component CUAs must persist the "SEQUENCE" and "DTSTAMP" property values associated with the "Attendee's" response. Royer Expires October 2, 2005 [Page 11] Internet-Draft iTIPbis April 2005 3. Application Protocol Elements ITIP-BASIC messages are "text/calendar" MIME entities that contain calendaring and scheduling information. The particular type of [1] message is referred to as the "method type". Each method type is identified by a "METHOD" property specified as part of the "text/calendar" content type. The table below shows various combinations of calendar components and the method types that this memo supports. +=================================================+ | | VEVENT | VTODO | VJOURNAL | VFREEBUSY | |=================================================| |Publish | Yes | No | No | Yes | |Request | Yes | No | No | Yes | |Refresh | Yes | No | No | No | |Cancel | Yes | No | No | No | |Add | Yes | No | No | No | |Reply | Yes | No | No | Yes | |Counter | Yes | No | No | No | |Decline- | | | | | |Counter | Yes | No | No | No | +=================================================+ Each method type is defined in terms of its associated components and properties. Some components and properties are required, some are optional and others are excluded. The restrictions are expressed in this document using a simple "restriction table". The first column indicates the name of a component or property. Properties of the iCalendar object are not indented. Properties of a component are indented. The second column contains "MUST" if the component or property must be present, "MAY" if the component or property is optional, and "NOT" if the component or property must not be present. Entries in the second column sometimes contain comments for further clarification. 3.1 Common Component Restriction Tables The restriction table below applies to properties of the iCalendar object. That is, the properties at the outermost scope. The presence column uses the following values to assert whether a property is required, is optional and the number of times it may appear in the iCalendar object. Royer Expires October 2, 2005 [Page 12] Internet-Draft iTIPbis April 2005 Presence Value Description -------------------------------------------------------------- 1 One instance MUST be present 1+ At least one instance MUST be present 0 Instances of this property Must NOT be present 0+ Multiple instances MAY be present 0 or 1 Up to 1 instance of this property MAY be present --------------------------------------------------------------- The tables also call out "X-PROPERTY" and "X-COMPONENT" to show where vendor-specific properties and components can appear. The tables do not lay out the restrictions of property parameters. Those restrictions are defined in [1]. Component/Property Presence ------------------- ---------------------------------------------- CALSCALE 0 or 1 If '0', the object is GREGORIAN. PRODID 1 VERSION 1 Value MUST be "2.0" X-PROPERTY 0+ DateTime values MUST NOT refer to a "VTIMEZONE" component. Component/Property Presence ------------------- ---------------------------------------------- VTIMEZONE 0 MUST NOT be present as iCal-Basic does not support time zones. The property restrictions in the table below apply to any "VALARM" component in an ITIP-BASIC message. Component/Property Presence ------------------- ---------------------------------------------- VALARM 0+ ACTION 1 ATTACH 0+ DESCRIPTION 0 or 1 DURATION 0 or 1 if present REPEAT MUST be present REPEAT 0 or 1 if present DURATION MUST be present SUMMARY 0 or 1 TRIGGER 1 X-PROPERTY 0+ 3.2 Methods for VEVENT Calendar Components This section defines the property set restrictions for the method types that are applicable to the "VEVENT" calendar component. Each Royer Expires October 2, 2005 [Page 13] Internet-Draft iTIPbis April 2005 method is defined using a table that clarifies the property constraints that define the particular method. The following summarizes the methods that are defined for the "VEVENT" calendar component. +================+==================================================+ | Method | Description | |================+==================================================| | PUBLISH | Post notification of an event. Used primarily as | | | a method of advertising the existence of an | | | event. | | | | | REQUEST | Make a request for an event. This is an explicit | | | invitation to one or more "Attendees". Event | | | Requests are also used to update or change an | | | existing event. | | | | | REPLY | Reply to an event request. Clients may set their | | | status ("partstat") to ACCEPTED, DECLINED, | | | TENTATIVE. | | | | | ADD | Add one or more instances to an existing event. | | | | | CANCEL | Cancel one or more instances of an existing | | | event. | | | | | REFRESH | A request is sent to an "Organizer" by an | | | "Attendee" asking for the latest version of an | | | event to be resent to the requester. | | | | | COUNTER | Counter a REQUEST with an alternative proposal, | | | Sent by an "Attendee" to the "Organizer". | | | | | DECLINECOUNTER | Decline a counter proposal. Sent to an | | | "Attendee" by the "Organizer". | +================+==================================================+ 3.2.1 PUBLISH The "PUBLISH" method in a "VEVENT" calendar component is an unsolicited posting of an iCalendar object. Any CU may add published components to their calendar. The "Organizer" MUST be present in a published iCalendar component. "Attendees" MUST NOT be present. Its expected usage is for encapsulating an arbitrary event as an iCalendar object. The "Organizer" may subsequently update (with another "PUBLISH" method), add instances to (with an "ADD" method), Royer Expires October 2, 2005 [Page 14] Internet-Draft iTIPbis April 2005 or cancel (with a "CANCEL" method) a previously published "VEVENT" calendar component. This method type is an iCalendar object that conforms to the following property constraints: Component/Property Presence ------------------- ---------------------------------------------- METHOD 1 MUST equal "PUBLISH" VEVENT 1+ DTSTAMP 1 DTSTART 1 ORGANIZER 1 SUMMARY 1 Can be null. UID 1 RECURRENCE-ID 0 iCal-Basic does not support this. SEQUENCE 1 MUST be present. ATTACH 0+ CATEGORIES 0 or 1 This property may contain a list of values CLASS 0 or 1 COMMENT 0 or 1 CONTACT 0+ CREATED 0 or 1 DESCRIPTION 0 or 1 Can be empty. DTEND 0 or 1 if present DURATION MUST NOT be present DURATION 0 or 1 if present DTEND MUST NOT be present EXDATE 0 Not needed in iCal-Basic EXRULE 0 Not supported in iCal-Basic GEO 0 Deprecated in iCal-Basic LAST-MODIFIED 0 or 1 LOCATION 0 or 1 PRIORITY 0 or 1 RDATE 0+ RELATED-TO 0+ RESOURCES 0 or 1 This property MAY contain a list of values RRULE 0 Not supported in iCal-Basic STATUS 0 or 1 MAY be one of TENTATIVE/CONFIRMED/CANCELLED TRANSP 0 or 1 URL 0 or 1 X-PROPERTY 0+ ATTENDEE 0 REQUEST-STATUS 0 VALARM 0+ VFREEBUSY 0 VJOURNAL 0 Royer Expires October 2, 2005 [Page 15] Internet-Draft iTIPbis April 2005 VTODO 0 VTIMEZONE 0 Not supported in iCal-Basic X-COMPONENT 0+ 3.2.2 REQUEST The "REQUEST" method in a "VEVENT" component provides the following scheduling functions: . Invite "Attendees" to an event. . Reschedule an existing event (increment SEQUENCE). . Response to a REFRESH request (do not increment SEQUENCE, just re-send). . Update the details of an existing event, without rescheduling it. (increment SEQUENCE) . Update the status of "Attendees" of an existing event, without rescheduling it. (increment SEQUENCE) . Forward a "VEVENT" to another uninvited CU. (Do not increment SEQUENCE). . For an existing "VEVENT" calendar component, changing the role of "Organizer" to another CU. (Increment SEQUENCE) The "Organizer" originates the "REQUEST". The recipients of the "REQUEST" method are the CUs invited to the event, the "Attendees". "Attendees" use the "REPLY" method to convey attendance status to the "Organizer". The "UID" and "SEQUENCE" properties are used to distinguish the various uses of the "REQUEST" method. If the "UID" property value in the "REQUEST" is not found on the recipient's calendar, then the "REQUEST" is for a new "VEVENT" calendar component. If the "UID" property value is found on the recipient's calendar, then the "REQUEST" is for a rescheduling, an update, or a reconfirm of the "VEVENT" calendar component. For the "REQUEST" method, multiple "VEVENT" components in a single iCalendar object are only permitted when for components with the same "UID" property. That is, a series of recurring events may have instance-specific information. In this case, multiple "VEVENT" components are needed to express the entire series. These would have been received as method "ADD" components. This method type is an iCalendar object that conforms to the following property constraints: Component/Property Presence ----------------------------------------------------------------- METHOD 1 MUST be "REQUEST" Royer Expires October 2, 2005 [Page 16] Internet-Draft iTIPbis April 2005 VEVENT 1+ ATTENDEE 1+ DTSTAMP 1 DTSTART 1 ORGANIZER 1 SEQUENCE 1 MUST be present. SUMMARY 1 Can be empty. UID 1 ATTACH 0+ CATEGORIES 0 or 1 This property may contain a list of values. CLASS 0 or 1 COMMENT 0 or 1 CONTACT 0+ CREATED 0 or 1 DESCRIPTION 0 or 1 Can be '1' and empty. DTEND 0 or 1 if present DURATION MUST NOT be present. DURATION 0 or 1 if present DTEND MUST NOT be present. EXDATE 0 Not needed in iCal-Basic. EXRULE 0 Not in iCal-Basic. GEO 0 Deprecated in iCal-Basic. LAST-MODIFIED 0 or 1 LOCATION 0 or 1 PRIORITY 0 or 1 RDATE 0+ RECURRENCE-ID 0 Not in iCal-Basic. RELATED-TO 0+ REQUEST-STATUS 0+ RESOURCES 0 or 1 This property MAY contain a list of values RRULE 0 Not in iCal-Basic. STATUS 0 or 1 MAY be one of TENTATIVE/CONFIRMED TRANSP 0 or 1 URL 0 or 1 X-PROPERTY 0+ VALARM 0+ VTIMEZONE 0 Not in iCal-Basic. X-COMPONENT 0+ VFREEBUSY 0 VJOURNAL 0 VTODO 0 3.2.2.1 Rescheduling an Event The "REQUEST" method may be used to reschedule an event. A rescheduled event involves a change to the existing event in terms of Royer Expires October 2, 2005 [Page 17] Internet-Draft iTIPbis April 2005 its time or recurrence intervals and possibly the location or description. If the recipient CUA of a "REQUEST" method finds that the "UID" property value already exists on the calendar, but that the "SEQUENCE" (or "DTSTAMP") property value in the "REQUEST" method is greater than the value for the existing event, then the "REQUEST" method describes a rescheduling of the event. The old contents are tossed an replaced by the new contents. The "Attendee" only needs to reply if their "RSVP" parameter is set to true by the "Organizer". The "Organizer" sends a method "REQUEST" component with additional method "ADD" components only when needed for each appointment rescheduled. All with the same "UID" property value. As the "ADD" method can be used independently of the "REQUEST" method, each additional "ADD" method sent in the replacement set MUST have the "SEQUENCE" property value incremented. That is if the "REQUEST" component has a "SEQUENCE" property value of '8', then the first "ADD" method after that would have a "SEQUENCE" property value of '9', the second "ADD" method would have a "SEQUENCE" property value of '10', and so on until all of the instances that can not be described by the proceeding components is sent. This the rules consistent with receiving independent "ADD" method components at a later time. 3.2.2.2 Updating or Reconfirmation of an Event The "REQUEST" method may be used to update or reconfirm an event. An update to an existing event does not involve changes to the time or recurrence intervals, and might not involve a change to the location or description for the event. If the recipient CUA of a "REQUEST" method finds that the "UID" property value already exists on the calendar and that the "SEQUENCE" property value in the "REQUEST" is the same as the value for the existing event, then the "REQUEST" method describes an update of the event details, but no rescheduling of the event. And only if the newer object has a newer "DTSTAMP" property value. Older objects are to be tossed. The update "REQUEST" method is the appropriate response to a "REFRESH" method sent from an "Attendee" to the "Organizer" of an event. The "Organizer" of an event may also send unsolicited "REQUEST" methods. The unsolicited "REQUEST" methods may be used to update the details of the event without rescheduling it, to update the "partstat" parameter of "Attendees", or to reconfirm the event. 3.2.2.3 Delegating an Event to another CU Not supported in iTIP-Basic. Royer Expires October 2, 2005 [Page 18] Internet-Draft iTIPbis April 2005 3.2.2.4 Changing the Organizer The situation may arise where the "Organizer" of a VEVENT is no longer able to perform the "Organizer" role and abdicates without passing on the "Organizer" role to someone else. When this occurs the "Attendees" of the VEVENT may use out-of-band mechanisms to communicate the situation and agree upon a new "Organizer". The new "Organizer" should then send out a new "REQUEST" with a modified version of the VEVENT in which the "SEQUENCE" number has been incremented and value of the "ORGANIZER" property has been changed to the calendar address of the new "Organizer". 3.2.2.5 Sending on Behalf of the Organizer Not supported in iTIP-Basic. 3.2.2.6 Forwarding to An Uninvited CU An "Attendee" invited to an event may invite another uninvited CU to the event. The invited "Attendee" accomplishes this by forwarding the original "REQUEST" method to the uninvited CU. The "Organizer" decides whether or not the uninvited CU is added to the attendee list. If the "Organizer" decides not to add the uninvited CU no further action is required, however the "Organizer" MUST send the uninvited CU a "CANCEL" message. If the "Organizer" decides to add an uninvited CU, a new "ATTENDEE" property is added for the uninvited CU with its property parameters set as the "Organizer" deems appropriate. When forwarding a "REQUEST" to another CU, the forwarding "Attendee" MUST NOT make changes to the VEVENT property set. 3.2.2.7 Updating Attendee Status The "Organizer" of an event may also request updated status from one or more "Attendees. The "Organizer" sends a "REQUEST" method to the "Attendee" and sets the "ATTENDEE;RSVP=TRUE" property parameter. The "SEQUENCE" property for the event is not changed from its previous value. A recipient will determine that the only change in the "REQUEST" is that their "RSVP" property parameter indicates a request for updated status. The recipient MUST respond with a "REPLY" method indicating their current status with respect to the "REQUEST". 3.2.3 REPLY The "REPLY" method in a "VEVENT" calendar component is used to respond (e.g., accept or decline) to a "REQUEST". Royer Expires October 2, 2005 [Page 19] Internet-Draft iTIPbis April 2005 The "REPLY" method may also be used to respond to an unsuccessful "REQUEST" method. Depending on the value of the "REQUEST-STATUS" property no scheduling action may have been performed. The "Organizer" of an event may receive the "REPLY" method from a CU not in the original "REQUEST". In addition, the "REPLY" method may be received from an unknown CU (They were forwarded a copy). This unknown "Attendee" may be accepted, or the "Organizer" may cancel the event for the uninvited "Attendee" by sending a "CANCEL" method to the uninvited "Attendee". An "Attendee" can include a message to the "Organizer" using the "COMMENT" property. For example, if the user indicates tentative acceptance and wants to let the "Organizer" know why, the reason can be expressed in the "COMMENT" property value. The optional properties listed in the table below (those listed as "0+" or "0 or 1") MUST NOT be changed from those of the original request. If property changes are desired the COUNTER message must be used. This method type is an iCalendar object that conforms to the following property constraints: The "Attendee" only sends the specific information needed. If the reply is for all instances in the "VEVENT" component, then the "DTSTART", "DTEND", "RDATE", and "DURATION" properties MUST NOT be included. If the reply is for a subset of the instances, then the "DTSTART", "DTEND", "RDATE", and "DURATION", proprties are used in exactly the same way as a request. Multiple "REPLY" components MUST BE sent to conver all instances in such a case. If the "Attendee" can attend Monday, then two components are sent;, one saying YES to Monday, the other NO to the other dates. The "Attendee" when replying must reply to all instances in the "VEVENT" component. Component/Property Presence ------------------- ---------------------------------------------- METHOD 1 MUST be "REPLY" VEVENT 1+ ATTENDEE 1 MUST be the address of the Attendee replying. DTSTAMP 1 ORGANIZER 1 RECURRENCE-ID 0 Not supported in iCal-Basic. UID 1 MUST be the UID of the original REQUEST Royer Expires October 2, 2005 [Page 20] Internet-Draft iTIPbis April 2005 SEQUENCE 1 MUST be the sequence number of the original REQUEST. ATTACH 0 CATEGORIES 0 CLASS 0 COMMENT 0 or 1 CONTACT 0+ CREATED 0 DESCRIPTION 0 DTEND 0 or 1 If present DURATION MUST NOT be present. Only if DTSTART is supplied. DTSTART 0 or 1 Only if this object is a reply for less than all instances. DURATION 0 or 1 If present DTEND MUST NOT be present. Only if DTSTART is supplied. EXDATE 0 Not in iCal-Basic EXRULE 0 Not in iCal-Basic GEO 0 Deprecated LAST-MODIFIED 0 or 1 LOCATION 0 PRIORITY 0 RDATE 0+ RELATED-TO 0 RESOURCES 0 REQUEST-STATUS 0+ RRULE 0 Not in iCal-Basic STATUS 0 or 1 SUMMARY 0 TRANSP 0 URL 0 X-PROPERTY 0+ VTIMEZONE 0 Not in iCal-Basic X-COMPONENT 0+ VALARM 0 VFREEBUSY 0 VJOURNAL 0 VTODO 0 3.2.4 ADD The "ADD" method in a "VEVENT" calendar component is used to add one or more instances to an existing "VEVENT". Unlike the "REQUEST" method, when using issuing an "ADD" method, the "Organizer" does not send the full "VEVENT" description; only the new instance(s). The Royer Expires October 2, 2005 [Page 21] Internet-Draft iTIPbis April 2005 "ADD" method is especially useful if there are instance-specific properties to be preserved in a recurring "VEVENT". For instance, an "Organizer" may have originally scheduled a weekly Thursday meeting. At some point, several instances changed. Location or start time may have changed, or some instances may have unique "DESCRIPTION" properties. The "ADD" method allows the "Organizer" to add new instances to an existing event using a single ITIP-BASIC message when it is not possible to define the recurring pattern in one "VEVENT" component. The "UID" must be that of the existing event. If the "UID" property value in the "ADD" is not found on the recipient's calendar, then the recipient MUST send a "REFRESH" to the "Organizer" in order to be updated with the latest version of the "VEVENT". If an "Attendee" implementation does not support the "ADD" method it should respond with a "REQUEST-STATUS" value of 3.14 and ask for a "REFRESH". This method type is an iCalendar object that conforms to the following property constraints: Component/Property Presence ------------------- ---------------------------------------------- METHOD 1 MUST be "ADD" VEVENT 1 DTSTAMP 1 DTSTART 1 ORGANIZER 1 SEQUENCE 1 MUST be greater than 0. SUMMARY 1 Can be empty. UID 1 MUST match that of the original event. ATTACH 0+ ATTENDEE 0+ CATEGORIES 0 or 1 This property MAY contain a list of values. CLASS 0 or 1 COMMENT 0 or 1 CONTACT 0+ CREATED 0 or 1 DESCRIPTION 0 or 1 Can be empty. DTEND 0 or 1 if present DURATION MUST NOT be present. DURATION 0 or 1 if present DTEND MUST NOT be present. EXDATE 0 Not in iCal-Basic. EXRULE 0 Not in iCal-Basic. GEO 0 Deprecated. LAST-MODIFIED 0 or 1 LOCATION 0 or 1 PRIORITY 0 or 1 RDATE 0+ Royer Expires October 2, 2005 [Page 22] Internet-Draft iTIPbis April 2005 RELATED-TO 0+ RESOURCES 0 or 1 This property MAY contain a list of values RRULE 0 Not in iCal-Basic. STATUS 0 or 1 MAY be one of TENTATIVE/CONFIRMED TRANSP 0 or 1 URL 0 or 1 X-PROPERTY 0+ RECURRENCE-ID 0 REQUEST-STATUS 0 VALARM 0+ VTIMEZONE 0 Not in iCal-Basic X-COMPONENT 0+ VFREEBUSY 0 VTODO 0 VJOURNAL 0 3.2.5 CANCEL The "CANCEL" method in a "VEVENT" calendar component is used to send a cancellation notice of an existing event request to the "Attendees". The message is sent by the "Organizer" of the event. For a recurring event, either the whole event or instances of an event may be cancelled. To cancel the complete appointment and all instances; the "UID" property value for the event MUST be specified and the "DTSTART", "DTEND", "DURATION", and "RDATE" properties must NOT be included. The "SEQUENCE" property is incremented so the "Attendee"'s can tell it is the newest revision of the appointment. To cancel one or more instances of a "VEVENT", include the "DTSTART", "DTEND", "DURATION", and "RDATE" properties exactly as would be sent in a request. The "UID" property must match what the "Attendee" has. If an "Attendee" gets a "CANCEL" method for a "UID" where the "Attendee" does not have the "UID", then the "Attendee" needs to do a "REFRESH" to get the latest copy of the component. In all cases, the "SEQUENCE" property value in the "CANCEL" component MUST BE larger than the "Attendee" has, or the "CANCEL" object is to be ignored and the "Attendee" MUST do a "REFRESH" to get the latest details of the appointment. This method type is an iCalendar object that conforms to the following property constraints: Royer Expires October 2, 2005 [Page 23] Internet-Draft iTIPbis April 2005 Component/Property Presence ------------------- ---------------------------------------------- METHOD 1 MUST be "CANCEL" VEVENT 1+ ATTENDEE 0+ MUST include all "Attendees" being removed the event. MUST be sent to all "Attendees" if the entire event is cancelled. DTSTAMP 1 ORGANIZER 1 SEQUENCE 1 UID 1 MUST be the UID of the original REQUEST COMMENT 0 or 1 ATTACH 0 Not needed in a CANCEL. CATEGORIES 0 Not needed in a CANCEL. CLASS 0 Not needed in a CANCEL. CONTACT 0+ CREATED 0 or 1 DESCRIPTION 0 Not needed in a CANCEL. DTEND 0 or 1 If present DURATION MUST NOT be present Only supplied if DTSTART is supplied. DTSTART 0 or 1 Only supplied if less than all of the instances are being cancled. DURATION 0 or 1 if present DTEND MUST NOT be present Only supplied if DTSTART is supplied. EXDATE 0 Not in iCal-Basic. EXRULE 0 Not in iCal-Basic. GEO 0 Deprecated. LAST-MODIFIED 0 or 1 LOCATION 0 Not needed in CANCEL. PRIORITY 0 Not needed in CANCEL. RDATE 0+ Only if less than all instances are being cancled and only when DTSTART is supplied.. RECURRENCE-ID 0 Not in iCal-Basic RELATED-TO 0 Not needed in CANCEL. RESOURCES 0 Not needed in CANCEL. RRULE 0 Not in iCal-Basic STATUS 0 Not needed in CANCEL. SUMMARY 0 Not needed in CANCEL. TRANSP 0 Not needed in CANCEL. URL 0 Not needed in CANCEL. X-PROPERTY 0+ REQUEST-STATUS 0 Royer Expires October 2, 2005 [Page 24] Internet-Draft iTIPbis April 2005 VTIMEZONE 0 Not in iCal-Basic. X-COMPONENT 0+ VTODO 0 VJOURNAL 0 VFREEBUSY 0 VALARM 0 3.2.6 REFRESH The "REFRESH" method in a "VEVENT" calendar component is used by "Attendees" of an existing event to request an updated description from the event "Organizer". The "REFRESH" method must specify the "UID" property of the event to update. The "Organizer" replies with the latest copy of the appointment. A "REQUEST" is sent with any additional "ADD" methods if needed. This method type is an iCalendar object that conforms to the following property constraints: Component/Property Presence ------------------- ---------------------------------------------- METHOD 1 MUST be "REFRESH". VEVENT 1 ATTENDEE 1 MUST be the address of requestor. DTSTAMP 1 ORGANIZER 1 UID 1 MUST be the UID associated with original REQUEST. COMMENT 0 or 1 RECURRENCE-ID 0 Not in iCal-Basic. X-PROPERTY 0+ ATTACH 0 CATEGORIES 0 CLASS 0 CONTACT 0 CREATED 0 DESCRIPTION 0 DTEND 0 DTSTART 0 DURATION 0 EXDATE 0 EXRULE 0 GEO 0 LAST-MODIFIED 0 Royer Expires October 2, 2005 [Page 25] Internet-Draft iTIPbis April 2005 LOCATION 0 PRIORITY 0 RDATE 0 RELATED-TO 0 REQUEST-STATUS 0 RESOURCES 0 RRULE 0 SEQUENCE 0 STATUS 0 SUMMARY 0 TRANSP 0 URL 0 X-COMPONENT 0+ VTODO 0 VJOURNAL 0 VFREEBUSY 0 VTIMEZONE 0 VALARM 0 3.2.7 COUNTER The "COUNTER" method for a "VEVENT" calendar component is used by an "Attendee" of an existing event to submit to the "Organizer" a counter proposal to the event description. The "Attendee" sends this message to the "Organizer" of the event. The counter proposal is an iCalendar object consisting of a VEVENT calendar component describing the complete description of the alternate event. The "Organizer" rejects the counter proposal by sending the "Attendee" a VEVENT "DECLINECOUNTER" method. The "Organizer" accepts the counter proposal by rescheduling the event as described in section 3.2.2.1 Rescheduling an Event. This method type is an iCalendar object that conforms to the following property constraints. The compoent is constructed just like a "REQUEST" component with the entire proposal for the proposed appointment, except the following: Royer Expires October 2, 2005 [Page 26] Internet-Draft iTIPbis April 2005 Component/Property Presence ------------------- ---------------------------------------------- METHOD 1 MUST be "COUNTER" VEVENT 1 ORGANIZER 1 MUST be the "Organizer" of the original event. SEQUENCE 1 MUST be present and must match the appointment being countered. UID 1 MUST be the UID associated with the REQUEST being countered. ATTENDEE 1 MUST BE the "Attendee" making the proposal. All other properties and components are identical to the "VEVENT" "REQUEST". 3.2.8 DECLINECOUNTER The "DECLINECOUNTER" method in a "VEVENT" calendar component is used by the "Organizer" of an event to reject a counter proposal submitted by an "Attendee". The "Organizer" must send the "DECLINECOUNTER" message to the "Attendee" that sent the "COUNTER" method to the "Organizer". This method type is an iCalendar object that conforms to the following property constraints: Component/Property Presence ------------------- ---------------------------------------------- METHOD 1 MUST be "DECLINECOUNTER" VEVENT 1 DTSTAMP 1 ORGANIZER 1 UID 1 MUST, same UID specified in original REQUEST and subsequent COUNTER COMMENT 0 or 1 RECURRENCE-ID 0 Not in iCal-Basic REQUEST-STATUS 0+ SEQUENCE 1 MUST match the value in the "Attendee"s COUNTER component. X-PROPERTY 0+ ATTACH 0 ATTENDEE 0 CATEGORIES 0 CLASS 0 CONTACT 0 CREATED 0 Royer Expires October 2, 2005 [Page 27] Internet-Draft iTIPbis April 2005 DESCRIPTION 0 DTEND 0 DTSTART 0 DURATION 0 EXDATE 0 EXRULE 0 GEO 0 LAST-MODIFIED 0 LOCATION 0 PRIORITY 0 RDATE 0 RELATED-TO 0 RESOURCES 0 RRULE 0 STATUS 0 SUMMARY 0 TRANSP 0 URL 0 X-COMPONENT 0+ VTODO 0 VJOURNAL 0 VFREEBUSY 0 VTIMEZONE 0 VALARM 0 3.3 Methods For VFREEBUSY Components This section defines the property set for the methods that are applicable to the "VFREEBUSY" calendar component. Each of the methods is defined using a restriction table. This document only addresses the transfer of busy time information. Applications desiring free time information MUST infer this from available busy time information. The busy time information within the iCalendar object MAY be grouped into more than one "VFREEBUSY" calendar component. This capability allows busy time periods to be grouped according to some common periodicity, such as a calendar week, month, or year. In this case, each "VFREEBUSY" calendar component MUST include the "ATTENDEE", "DTSTART" and "DTEND" properties in order to specify the source of the busy time information and the date and time interval over which the busy time information covers. The "FREEBUSY" property value MAY include a list of values, separated by the COMMA character ([4] decimal 44). Alternately, multiple busy Royer Expires October 2, 2005 [Page 28] Internet-Draft iTIPbis April 2005 time periods MAY be specified with multiple instances of the "FREEBUSY" property. Both forms MUST be supported by implementations conforming to this document. Duplicate busy time periods SHOULD NOT be specified in an iCalendar object. However, two different busy time periods MAY overlap. "FREEBUSY" properties should be sorted such that their values are in ascending order, based on the start time, and then the end time, with the earliest periods first. For example, today's busy time information should appear after yesterday's busy time information. And the busy time for this half-hour should appear after the busy time for earlier today. Since events may span a day boundary, free busy time period may also span a day boundary. Individual "A" requests busy time from individuals "B", "C" and "D". Individual "B" and "C" replies with busy time data to individual "A". Individual "D" does not support busy time requests and does not reply with any data. If the transport binding supports exception messages, then individual "D" returns an "unsupported capability" message to individual "A4.34.3". The following summarizes the methods that are defined for the "VFREEBUSY" calendar component. |================|==================================================| | Method | Description | |================|==================================================| | PUBLISH | Publish unsolicited busy time data. | | REQUEST | Request busy time data. | | REPLY | Reply to a busy time request. | |================|==================================================| 3.3.1 PUBLISH The "PUBLISH" method in a "VFREEBUSY" calendar component is used to publish busy time data. The method may be sent from one CU to any other. The purpose of the method is to provide a message for sending unsolicited busy time data. That is, the busy time data is not being sent as a "REPLY" to the receipt of a "REQUEST" method. The "ATTENDEE" property must be specified in the busy time information. The value is the CU address of the originator of the busy time information. This method type is an iCalendar object that conforms to the following property constraints: Royer Expires October 2, 2005 [Page 29] Internet-Draft iTIPbis April 2005 Component/Property Presence ------------------- ---------------------------------------------- METHOD 1 MUST be "PUBLISH" VFREEBUSY 1+ DTSTAMP 1 DTSTART 1 DateTime values must be in UTC DTEND 1 DateTime values must be in UTC FREEBUSY 1+ MUST be BUSYTIME. Multiple instances are allowed. Multiple instances must be sorted in ascending order ORGANIZER 1 MUST contain the address of originator of busy time data. COMMENT 0 or 1 CONTACT 0+ X-PROPERTY 0+ URL 0 or 1 Specifies busy time URL ATTENDEE 0 DURATION 0 REQUEST-STATUS 0 UID 0 X-COMPONENT 0+ VEVENT 0 VTODO 0 VJOURNAL 0 VTIMEZONE 0 VALARM 0 3.3.2 REQUEST The "REQUEST" method in a "VFREEBUSY" calendar component is used to ask a "Calendar User" for their busy time information. The request may be for a busy time information bounded by a specific date and time interval. This message only permits requests for busy time information. The message is sent from a "Calendar User" requesting the busy time information to one or more intended recipients. If the originator of the "REQUEST" method is not authorized to make a busy time request on the recipient's calendar system, then an exception message SHOULD be returned in a "REPLY" method, but no busy time data need be returned. Royer Expires October 2, 2005 [Page 30] Internet-Draft iTIPbis April 2005 This method type is an iCalendar object that conforms to the following property constraints: Component/Property Presence ------------------- ---------------------------------------------- METHOD 1 MUST be "REQUEST" VFREEBUSY 1 ATTENDEE 1+ contain the address of the calendar store DTEND 1 DateTime values must be in UTC DTSTAMP 1 DTSTART 1 DateTime values must be in UTC ORGANIZER 1 MUST be the request originator's address UID 1 COMMENT 0 or 1 CONTACT 0+ X-PROPERTY 0+ FREEBUSY 0 DURATION 0 REQUEST-STATUS 0 URL 0 X-COMPONENT 0+ VALARM 0 VEVENT 0 VTODO 0 VJOURNAL 0 VTIMEZONE 0 3.3.3 REPLY The "REPLY" method in a "VFREEBUSY" calendar component is used to respond to a busy time request. The method is sent by the recipient of a busy time request to the originator of the request. The "REPLY" method may also be used to respond to an unsuccessful "REQUEST" method. Depending on the "REQUEST-STATUS" value, no busy time information may be returned. This method type is an iCalendar object that conforms to the following property constraints: Royer Expires October 2, 2005 [Page 31] Internet-Draft iTIPbis April 2005 Component/Property Presence ------------------- ---------------------------------------------- METHOD 1 MUST be "REPLY" VFREEBUSY 1 ATTENDEE 1 (address of recipient replying) DTSTAMP 1 DTEND 1 DateTime values must be in UTC DTSTART 1 DateTime values must be in UTC FREEBUSY 1+ (values MUST all be of the same data type. Multiple instances are allowed. Multiple instances MUST be sorted in ascending order. Values MAY NOT overlap) ORGANIZER 1 MUST be the request originator's address UID 1 COMMENT 0 or 1 CONTACT 0+ REQUEST-STATUS 0+ URL 0 or 1 (specifies busy time URL) X-PROPERTY 0+ DURATION 0 SEQUENCE 0 X-COMPONENT 0+ VALARM 0 VEVENT 0 VTODO 0 VJOURNAL 0 VTIMEZONE 0 3.4 Methods For VTODO Components VTODO's are not in iCal-Basic. 3.5 Methods For VJOURNAL Components VJOURNAL's are not in iCal-Basic. 3.6 Status Replies The "REQUEST-STATUS" property may include the following values: |==============+============================+=========================| | Short Return | Longer Return Status | Offending Data | | Status Code | Description | | |==============+============================+=========================| Royer Expires October 2, 2005 [Page 32] Internet-Draft iTIPbis April 2005 | 2.0 | Success. | None. | |==============+============================+=========================| | 2.1 | Success but fallback taken | Property name and value | | | on one or more property | MAY be specified. | | | values. | | |==============+============================+=========================| | 2.2 | Success, invalid property | Property name MAY be | | | ignored. | specified. | |==============+============================+=========================| | 2.3 | Success, invalid property | Property parameter name | | | parameter ignored. | and value MAY be | | | | specified. | |==============+============================+=========================| | 2.4 | Success, unknown non- | Non-standard property | | | standard property ignored. | name MAY be specified. | |==============+============================+=========================| | 2.5 | Success, unknown non | Property and non- | | | standard property value | standard value MAY be | | | ignored. | specified. | |==============+============================+=========================| | 2.6 | Success, invalid calendar | Calendar component | | | component ignored. | sentinel (e.g., BEGIN: | | | | ALARM) MAY be | | | | specified. | |==============+============================+=========================| | 2.7 | Success, request forwarded | Original and forwarded | | | to Calendar User. | caluser addresses MAY | | | | be specified. | |==============+============================+=========================| | 2.8 | Success, repeating event | RRULE or RDATE property | | | ignored. Scheduled as a | name and value MAY be | | | single component. | specified. | |==============+============================+=========================| | 2.9 | Success, truncated end date| DTEND property value | | | time to date boundary. | MAY be specified. | |==============+============================+=========================| | 2.10 | Success, repeating VTODO | RRULE or RDATE property | | | ignored. Scheduled as a | name and value MAY be | | | single VTODO. | specified. | |==============+============================+=========================| | 2.11 | Success, unbounded RRULE | RRULE property name and | | | clipped at some finite | value MAY be specified. | | | number of instances | Number of instances MAY | | | | also be specified. | |==============+============================+=========================| | 3.0 | Invalid property name. | Property name MAY be | | | | specified. | |==============+============================+=========================| Royer Expires October 2, 2005 [Page 33] Internet-Draft iTIPbis April 2005 | 3.1 | Invalid property value. | Property name and value | | | | MAY be specified. | |==============+============================+=========================| | 3.2 | Invalid property parameter.| Property parameter name | | | | and value MAY be | | | | specified. | |==============+============================+=========================| | 3.3 | Invalid property parameter | Property parameter name | | | value. | and value MAY be | | | | specified. | |==============+============================+=========================| | 3.4 | Invalid calendar component | Calendar component | | | sequence. | sentinel MAY be | | | | specified (e.g., BEGIN: | | | | VTIMEZONE). | |==============+============================+=========================| | 3.5 | Invalid date or time. | Date/time value(s) MAY | | | | be specified. | |==============+============================+=========================| | 3.6 | Invalid rule. | Rule value MAY be | | | | specified. | |==============+============================+=========================| | 3.7 | Invalid Calendar User. | Attendee property value | | | |MAY be specified. | |==============+============================+=========================| | 3.8 | No authority. | METHOD and Attendee | | | | property values MAY be | | | | specified. | |==============+============================+=========================| | 3.9 | Unsupported version. | VERSION property name | | | | and value MAY be | | | | specified. | |==============+============================+=========================| | 3.10 | Request entity too large. | None. | |==============+============================+=========================| | 3.11 | Required component or | Component or property | | | property missing. | name MAY be specified. | |==============+============================+=========================| | 3.12 | Unknown component or | Component or property | | | property found | name MAY be specified | |==============+============================+=========================| | 3.13 | Unsupported component or | Component or property | | | property found | name MAY be specified | |==============+============================+=========================| | 3.14 | Unsupported capability | Method or action MAY | | | | be specified | |==============+============================+=========================| | 4.0 | Event conflict. Date/time | DTSTART and DTEND | Royer Expires October 2, 2005 [Page 34] Internet-Draft iTIPbis April 2005 | | is busy. | property name and values| | | | MAY be specified. | |==============+============================+=========================| | 5.0 | Request MAY supported. | Method property value | | | | MAY be specified. | |==============+============================+=========================| | 5.1 | Service unavailable. | ATTENDEE property value | | | | MAY be specified. | |==============+============================+=========================| | 5.2 | Invalid calendar service. | ATTENDEE property value | | | | MAY be specified. | |==============+============================+=========================| | 5.3 | No scheduling support for | ATTENDEE property value | | | user. | MAY be specified. | |==============+============================+=========================| 3.7 Implementation Considerations 3.7.1 Working With Recurrence Instances Not supported in iCal-Basic. 3.7.2 Attendee Property Considerations 3.7.3 X-Tokens Royer Expires October 2, 2005 [Page 35] Internet-Draft iTIPbis April 2005 4. Examples Examples are in a separate document. Royer Expires October 2, 2005 [Page 36] Internet-Draft iTIPbis April 2005 5. Application Protocol Fallbacks 5.1 Partial Implementation iTIP applications that support this memo are required to support the entire protocol. 5.1.1 Event-Related Fallbacks This section will discuss how to interoperate with iTIP. 5.1.2 Latency Issues With a store-and-forward transport, it is possible for events to arrive out of sequence. That is, a "CANCEL" method may be received prior to receiving the associated "REQUEST" for the calendar component. This section discusses a few of these scenarios. 5.1.2.1 Cancellation of an Unknown Calendar Component. The "Attendee" tosses the "CANCEL" component. If the "Attendee" cares to see the appointment send a "REFRESH". If the "CANCEL" has no "DTSTART" value, then all of the appointnemt has been canceled, no point in doing a "REFRESH". 5.1.2.2 Unexpected Reply from an Unknown Delegate Not supported in iCal-Basic. 5.1.3 Sequence Number Under some conditions, a CUA may receive requests and replies with the same "SEQUENCE" property value. The "DTSTAMP" property is utilized as a tie-breaker when two items with the same "SEQUENCE" property value are evaluated. The newest "DTSTAMP" value obsoletes the older. 5.2 Security Considerations ITIP-BASIC is an abstract transport protocol which will be bound to a real-time transport, a store-and-forward transport, and perhaps other transports. The transport protocol will be responsible for providing facilities for authentication and encryption using standard Internet mechanisms that are mutually understood between the sender and receiver. Royer Expires October 2, 2005 [Page 37] Internet-Draft iTIPbis April 2005 5.2.1 Security Threats 5.2.1.1 Spoofing the "Organizer" In iTIP-Basic, the "Organizer" (or someone working on the "Organizer's" behalf) is the only person authorized to make changes to an existing "VEVENT", "VTODO", "VJOURNAL" calendar component and republish it or redistribute updates to the "Attendees". An iCalendar object that maliciously changes or cancels an existing "VEVENT", "VTODO" or "VJOURNAL" calendar component may be constructed by someone other than the "Organizer" and republished or sent to the "Attendees". 5.2.1.2 Spoofing the "Attendee" In iTIP-Basic, an "Attendee" of a "VEVENT" or "VTODO" calendar component (or someone working on the "Attendee's" behalf) is the only person authorized to update any parameter associated with their "ATTENDEE" property and send it to the "Organizer". An iCalendar object that maliciously changes the "ATTENDEE" parameters may be constructed by someone other than the real "Attendee" and sent to the "Organizer". 5.2.1.3 Unauthorized Replacement of the Organizer There will be circumstances when "Attendees" of an event or to-do decide, using out-of-band mechanisms, that the "Organizer" must be replaced. When the new "Organizer" sends out the updated "VEVENT" or "VTODO" the "Attendee's" CUA will detect that the "Organizer" has been changed, but it has no way of knowing whether or not the change was mutually agreed upon. 5.2.1.4 Eavesdropping The iCalendar object is constructed with human-readable clear text. Any information contained in an iCalendar object may be read and/or changed by unauthorized persons while the object is in transit. 5.2.1.5 Flooding a Calendar Implementations MAY provide a means to automatically incorporate "REQUEST" methods into a calendar. This presents the opportunity for a calendar to be flooded with requests, which effectively block all the calendar's free time. Royer Expires October 2, 2005 [Page 38] Internet-Draft iTIPbis April 2005 5.2.1.6 Procedural Alarms The "REQUEST" methods for "VEVENT" and "VTODO" calendar components MAY contain "VALARM" calendar components. The "VALARM" calendar component may be of type "PROCEDURE" and MAY have an attachment containing an executable program. Implementations that incorporate these types of alarms are subject to any virus or malicious attack that may occur as a result of executing the attachment. 5.2.1.7 Unauthorized REFRESH Requests It is possible for an "Organizer" to receive a "REFRESH" request from someone who is not an "Attendee" of an event or to-do. Only "Attendee's" of an event or to-do are authorized to receive replies to "REFRESH" requests. Replying to such requests to anyone who is not an "Attendee" may be a security problem. 5.2.2 Recommendations For an application where the information is sensitive or critical and the network is subject is subject to a high probability of attack, iTIP-Basic transactions SHOULD be encrypted. This may be accomplished using public key technology, specifically Security Multiparts for MIME [RFC-1847] in the iTIP-Basic transport binding. This helps mitigate the threats of spoofing, eavesdropping and malicious changes in transit. 5.2.2.1 Use of [RFC-1847] to secure iTIP-Basic transactions iTIP-Basic transport bindings MUST provide a mechanism based on Security Multiparts for MIME [RFC-1847] to enable authentication of the sender's identity, and privacy and integrity of the data being transmitted. This allows the receiver of a signed iCalendar object to verify the identity of the sender. This sender may then be correlated to an "ATTENDEE" property in the iCalendar object. If the correlation is made and the sender is authorized to make the requested change or update then the operation may proceed. It also allows the message to be encrypted to prevent unauthorized reading of the message contents in transit. iTIP-Basic transport binding documents describe this process in detail. Implementations MAY provide controls for users to disable this capability. Royer Expires October 2, 2005 [Page 39] Internet-Draft iTIPbis April 2005 5.2.2.2 Implementation Controls The threat of unauthorized replacement of the "Organizer" SHOULD be mitigated by a calendar system that uses this protocol by providing controls or alerts that make "Calendar Users" aware of such "Organizer" changes and allowing them to decide whether or not the request should be honored. The threat of flooding a calendar SHOULD be mitigated by a calendar system that uses this protocol by providing controls that may be used to limit the acceptable sources for iTIP-Basic transactions, and perhaps the size of messages and volume of traffic, by source. The threat of malicious procedural alarms SHOULD be mitigated by a calendar system that uses this protocol by providing controls that may be used to disallow procedural alarms in iTIP-Basic transactions and/or remove all alarms from the object before delivery to the recipient. The threat of unauthorized "REFRESH" requests SHOULD be mitigated by a calendar system that uses this protocol by providing controls or alerts that allow "Calendar User" to decide whether or not the request should be honored. An implementation MAY decide to maintain, for audit or historical purposes, "Calendar Users" who were part of an attendee list and who were subsequently uninvited. Similar controls or alerts should be provided when a "REFRESH" request is received from these "Calendar Users" as well. 5.3 Acknowledgments A hearty thanks to the following individuals who have participated in the drafting, review and discussion of this memo: tbd 6 References [1] Royer, D., "Internet Calendaring and Scheduling Core Object Specification - iCalendar Basic", draft-royer-ical-basic-02.txt, November 2005. [2] Royer, D., "Basic iCalendar Message-Based Interoperability Protocol - iMIP Basic", draft-royer-imip-basic-00.txt, November 2005. [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. Royer Expires October 2, 2005 [Page 40] Internet-Draft iTIPbis April 2005 [4] "Coded Character Set--7-bit American Standard Code for Information Interchange, ANSI X3.4", 1986. Author's Address Doug Royer IntelliCal, LLC 267 Kentlands Blvd., #3041 Gaithersburg, MD 20878 USA Phone: +1-866-594-8574 EMail: Doug@Royer.com Royer Expires October 2, 2005 [Page 41] Internet-Draft iTIPbis April 2005 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Royer Expires October 2, 2005 [Page 42]