Network Working Group R. Sayre Internet-Draft October 8, 2005 Expires: April 11, 2006 The Atom Publishing Protocol (Basic) draft-sayre-atompub-protocol-basic-03.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. This document may not be modified, and derivative works of it may not be created. This document may only be posted in an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 11, 2006. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This memo presents a protocol that uses XML and HTTP to publish and edit Web resources. Editorial Note To provide feedback on this Internet-Draft, join the atom-protocol mailing list . Sayre Expires April 11, 2006 [Page 1] Internet-Draft The Atom Publishing Protocol (Basic) October 2005 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Notational Conventions . . . . . . . . . . . . . . . . . . . 3 3. The Atom Publishing Protocol Model . . . . . . . . . . . . . 3 4. Collections . . . . . . . . . . . . . . . . . . . . . . . . 6 5. Media Collections . . . . . . . . . . . . . . . . . . . . . 7 6. Service Outlines . . . . . . . . . . . . . . . . . . . . . . 9 7. Security Considerations . . . . . . . . . . . . . . . . . . 11 8. Normative References . . . . . . . . . . . . . . . . . . . . 12 Author's Address . . . . . . . . . . . . . . . . . . . . . . 13 A. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 13 B. Change History . . . . . . . . . . . . . . . . . . . . . . . 13 Intellectual Property and Copyright Statements . . . . . . . 14 Sayre Expires April 11, 2006 [Page 2] Internet-Draft The Atom Publishing Protocol (Basic) October 2005 1. Introduction The Atom Publishing Protocol (APP) protocol uses HTTP [RFC2616] and XML [W3C.REC-xml-20040204] to publish and edit Web resources. 2. Notational Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. The APP namespace is "http://purl.org/atom/app#". This specification refers to it by using the prefix "pub", but that prefix is arbitrary. The terms 'URI' and 'IRI' are shorthand for the identifiers specified in [RFC3986] and [RFC3987]. 3. The Atom Publishing Protocol Model The APP operates on collections of Web resources. The patterns of interaction are based on the common HTTP verbs. This section illustrates the editing cycle for Atom entries. o GET is used to retrieve a representation of a resource or perform a read-only query. o POST is used to create a new, dynamically-named resource. o PUT is used to update a known resource. o DELETE is used to remove a resource. 3.1 Collections The APP groups resources into "Collections", which are analogous to the "folders" or "directories" found in many file systems. 3.2 Discovery To discover the location of the collections exposed by an APP service, the client must locate and request a Service Outline (Section 6). Service Outlines describe the layout of an APP service. Client Server | | | 1.) GET Outline URI | |------------------------------->| | | | 2.) Service Outline Doc | |<-------------------------------| | | Sayre Expires April 11, 2006 [Page 3] Internet-Draft The Atom Publishing Protocol (Basic) October 2005 1. The client sends a GET request to the Service Outline Resource. 2. The server responds with a Service Outline Document containing the locations of collections provided by the service. The content of this document can vary based on aspects of the client request, including, but not limited to, authentication credentials. 3.3 Listing Once the client has discovered the location of a collection in the outline, it can request a listing of the collection's membership. However, collections might be extremely large, so servers are likely to list a small subset of the collection by default. Client Server | | | 1.) GET to Collection URI | |------------------------------->| | | | 2.) 200 OK, Atom Feed Doc | |<-------------------------------| | | 1. The client sends a GET request to the Collection's URI. 2. The server responds with an Atom Feed Document containing a full or partial listing of the collection's membership. 3.4 Authoring After locating a collection, a client can add entries by sending a request to the collection; other changes are accomplished by sending HTTP requests to its member resources. 3.4.1 Create Client Server | | | 1.) POST to Collection URI | |------------------------------->| | | | 2.) 201 Created @ Location | |<-------------------------------| | | 1. The client sends a representation of a member to the server via HTTP POST. The Request URI is that of the Collection. Sayre Expires April 11, 2006 [Page 4] Internet-Draft The Atom Publishing Protocol (Basic) October 2005 2. The server responds with a response of "201 Created" and a "Location" header containing the URI of the newly-created resource. 3.4.2 Read Client Server | | | 1.) GET or HEAD to Member URI | |------------------------------->| | | | 2.) 200 OK Atom Entry | |<-------------------------------| | | 1. The client sends a GET (or HEAD) request to the member's URI. 2. The server responds with an Atom Entry document. 3.4.3 Update Client Server | | | 1.) PUT to Member URI | |------------------------------->| | | | 2.) 200 OK | |<-------------------------------| | | 1. The client PUTs an updated representation to the member's URI. 2. The server responds with a representation of the member's new state. 3.4.4 Delete Client Server | | | 1.) DELETE to Member URI | |------------------------------->| | | | 2.) 204 No Content | |<-------------------------------| | | 1. The client sends a DELETE request to the member's URI. 2. The server responds with successful status code. Sayre Expires April 11, 2006 [Page 5] Internet-Draft The Atom Publishing Protocol (Basic) October 2005 3.5 Success and Failure HTTP defines classes of response. HTTP status codes of the form 2xx signal that a request was successful. HTTP status codes of the form 4xx or 5xx signal that an error has occurred, and the request has failed. Consult the HTTP specification for more detailed definitions of each status code. 4. Collections An Atom Collection is a set of related resources represented by one or more Atom Feed documents [AtomFormat]. 4.1 GET Collections can contain extremely large numbers of resources. A naive client such as a web spider or web browser would be overwhelmed if the response to a GET reflected the full membership of the collection, and the server would waste large amounts of bandwidth and processing time on clients unable to handle the response. As a result, responses to a simple GET request represent a server- determined subset of the collection's membership. An example collection feed: My Posts1 urn:uuid:ce61592c-14e2-4557-978e-dfbd444aefa6 2005-12-21T04:11:00-08:00 title 25 2005-12-21T04:11:00-08:00 Foo urn:uuid:941e12b4-6eeb-4753-959d-0cbc51875387 ... Each member is represented by an Atom Entry, but those entries are not an editable representation of the entry. To retrieve the source representation of the entry, clients send a GET request to the URI found in each entry's pub:edit element (see Section 4.3.1). Derived Sayre Expires April 11, 2006 [Page 6] Internet-Draft The Atom Publishing Protocol (Basic) October 2005 resources are located by examining an entry's atom:link elements. 4.2 POST In addition to GET, a Collection Resource also accepts POST requests. The client POSTs a representation of the desired resource to the Collection Resource. Note that some collections only allow members of a specific media-type and a POST MAY generate a response with a status code of 415 ("Unsupported Media Type"). In the case of a successful creation, the status code MUST be 201 ("Created"). Example request creating a resource in a collection. POST /collection HTTP/1.1 Host: example.org User-Agent: Cosimo/1.0 Content-Type: application/atom+xml Content-Length: nnnn ...data... Example response. HTTP/1.1 201 Created Date: Mon, 21 Mar 2005 19:20:19 GMT Server: CountBasic/2.0 ETag: "4c083-268-423f1dc6" Location: http://example.org/stuff/foo13241234.atom 4.3 Entry Collections Entry Collections are Collections that restrict their membership to Atom entries. The entries are edited by sending HTTP requests to the URI found in an individual entry's pub:edit element. Servers can determine the processing necessary to interpret a request by examining the request's HTTP method. 4.3.1 The 'pub:edit' Element The pub:edit element has one attribute, 'href'. The value of this attribute is an IRI reference interpreted relative to xml:base. 5. Media Collections Media Collections are Collections that do not have uniform Sayre Expires April 11, 2006 [Page 7] Internet-Draft The Atom Publishing Protocol (Basic) October 2005 restrictions on the representations of the member resources. For example, they might contain JPEG images, text documents, MPEG movies, and any other type of resource the server allows. 5.1 GET Media Collections return an Atom feed much like Entry Collections, but with a few additions. The listing MUST also contain an atom: content element with a 'src' attribute pointing to the media resource. This URI can be used to edit the uploaded media resource, using PUT and DELETE. Such entries MAY contain pub:edit elements used to edit the entry metadata. As with other collection members, derived resources can be located by inspecting an entry's atom:link elements. An example Media Collection feed: My Posts1 Foo urn:uuid:ce61592c-14e2-4557-978e-dfbd444aefa6 2005-12-21T04:11:00-08:00 title 25 2005-12-21T04:11:00-08:00 urn:uuid:941e12b4-6eeb-4753-959d-0cbc51875387 this was awesome ... The Atom Syndication Format requires that each such entry contain an atom:title and atom:summary element. This requirement can be challenging to meet without requiring users to enter tedious metadata, but servers SHOULD attempt to provide textual data about the resource in the interests of accessibility. The atom:title element will likely be provided by the client, as way for users to associate their local resources with those they have uploaded to the server (see POST below). Sayre Expires April 11, 2006 [Page 8] Internet-Draft The Atom Publishing Protocol (Basic) October 2005 5.2 POST To create media resources, clients POST the resource to the Media Collection's URI. Clients SHOULD provide a 'Title' request header to provide the server with a short string identifying the resource to users. Clients MAY include a 'Content-Description' header [RFC2045] providing a more complete description of the content. In addition, servers MAY inspect the POSTed entity for additional metadata to be exposed in an atom:entry when listed in a Media Collection. For example, the server might inspect a JPEG file for EXIF headers containing creator data. An example request. POST /collection HTTP/1.1 Host: example.org User-Agent: Cosimo/1.0 Content-Type: image/jpg Content-Length: nnnn Title: A Trip to the beach Content-Description: It was so fun. ...binary data... An example response. HTTP/1.1 201 Created Date: Mon, 21 Mar 2005 19:20:19 GMT Server: CountBasic/2.0 ETag: "4c083-268-423f1dc6" Location: http://example.org/stuff/beach.jpg 6. Service Outlines In order for authoring to commence, a client must first discover the capabilities and locations of collections offered. The Service Outline Document is a XOXO outline [XOXO]. The top level list items describe distinct groups of resources offered by the service. For example, a user with an account containing three blogs would have 3 items at the top of the outline. There is no requirement that servers support multiple top-level items, and a collection may appear in more than one location in the document. Clients can read entries contained in a collection by visiting an the URI located in the 'href' attribute of a XOXO outline item. This URI Sayre Expires April 11, 2006 [Page 9] Internet-Draft The Atom Publishing Protocol (Basic) October 2005 also serves as the location a client POSTs new entries to. The 'rel' attribute of the XHTML anchor element conveys the nature of a collection's member resources. This specification defines two initial values for the 'rel' attribute: o entry o media These values correspond to the two types of collection defined by this specification. Extensibility for 'rel' values is specified in XHTML Modularization [W3C.REC-xhtml-modularization-20010410]. Sayre Expires April 11, 2006 [Page 10] Internet-Draft The Atom Publishing Protocol (Basic) October 2005 An example Service Outline: 7. Security Considerations APP relies on HTTP Authentication. See [RFC2617] for a more detailed description of the security properties of HTTP Authentication. Sayre Expires April 11, 2006 [Page 11] Internet-Draft The Atom Publishing Protocol (Basic) October 2005 8. Normative References [AtomFormat] Nottingham, M. and R. Sayre, "The Atom Syndication Format", work-in-progress, August 2005. [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, November 1996. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., and L. Stewart, "HTTP Authentication: Basic and Digest Access Authentication", RFC 2617, June 1999. [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005. [RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource Identifiers (IRIs)", RFC 3987, January 2005. [W3C.REC-xhtml-modularization-20010410] Altheim, M., Boumphrey, F., McCarron, S., Dooley, S., Schnitzenbaumer, S., and T. Wugofski, "Modularization of XHTML", W3C REC REC-xhtml-modularization-20010410, April 2001. [W3C.REC-xml-20040204] Yergeau, F., Paoli, J., Sperberg-McQueen, C., Bray, T., and E. Maler, "Extensible Markup Language (XML) 1.0 (Third Edition)", W3C REC REC-xml-20040204, February 2004. [XOXO] Marks, K., Celik, T., Pilgrim, M., and M. Peterson, "XOXO 1.0: Extensible Open XHTML Outlines", October 2004. Sayre Expires April 11, 2006 [Page 12] Internet-Draft The Atom Publishing Protocol (Basic) October 2005 Author's Address Robert Sayre Email: rfsayre@boswijck.com URI: http://boswijck.com Appendix A. Contributors This draft is a variant of the in-progress Atom Publishing Protocol specification from the IETF Atompub WG, and owes a debt to the WG's members. Appendix B. Change History -03: Remove search/query capabilities added in -02 Drop round-tripping. Most of them were writable, some folks wanted to edit atom:updated, that leaves atom:id, and that seems foolish to try and edit, so go ahead and try it if you think you can. Drop ordering... let the server pop things up if it wants to. -02: Add search/query capabilities. -01: Split from WG draft, cut SOAP, and much other cruft. -interlude: Becomes WG draft. -00: Split from WG draft Sayre Expires April 11, 2006 [Page 13] Internet-Draft The Atom Publishing Protocol (Basic) October 2005 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. The IETF has been notified of intellectual property rights claimed in regard to some or all of the specification contained in this document. For more information consult the online list of claimed rights. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Sayre Expires April 11, 2006 [Page 14] Internet-Draft The Atom Publishing Protocol (Basic) October 2005 Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Sayre Expires April 11, 2006 [Page 15]