WDIFF

draft-ietf-atompub-protocol-02.txt --> draft-ietf-atompub-protocol-03.txt

Network Working Group J. Gregorio, Ed.
Internet-Draft BitWorking, Inc
Expires: March 22, September 19, 2005 R. Sayre, Ed.
Boswijck Memex Consulting
September 21, 2004
March 18, 2005

The Atom Publishing Protocol
draft-ietf-atompub-protocol-02.txt
draft-ietf-atompub-protocol-03.txt

Status of this Memo

This document is an Internet-Draft and is subject to all provisions
of Section 3 of RFC 3667. By submitting this Internet-Draft, I certify each
author represents that any applicable patent or other IPR claims of
which I am he or she is aware have been or will be disclosed, and any of
which I he or she become aware will be disclosed, in accordance with
RFC 3668.

Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.

This Internet-Draft will expire on March 22, September 19, 2005.

Abstract

This memo presents a protocol for using XML (Extensible Markup
Language) and HTTP (HyperText Transport Protocol) to edit content.

The Atom Publishing Protocol is an application-level protocol for
publishing and editing Web resources belonging to periodically

Gregorio & Sayre Expires September 19, 2005 [Page 1]

Internet-Draft The Atom Publishing Protocol March 2005

updated websites. The protocol at its core is the HTTP transport of
Atom-formatted representations. The Atom format is documented in the
Atom Syndication Format (draft-ietf-atompub-format-02.txt).

Gregorio & Sayre Expires March 22, 2005 [Page 1]
Internet-Draft The Atom Publishing Protocol September 2004 (draft-ietf-atompub-format-06.txt).

Editorial Note

To provide feedback on this Internet-Draft, join the
<http://www.imc.org/atom-syntax/index.html>. atom-syntax
mailing list (http://www.imc.org/atom-syntax/index.html) [1].

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1 Notational Conventions . . . . . . . . . . . . . . . . . . 4
1.2 Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
2. The Atom Publishing Protocol Model . . . . . . . . . . . . . 4
3. Functional Specification
2.1 Atom Collections . . . . . . . . . . . . . . . . . . 5
3.1 PostURI . . . 4
2.1.1 Usage . . . . . . . . . . . . . . . . . . . . . . . . 5
3.1.1 Locating the PostURI
2.1.2 Client and Server Interaction . . . . . . . . . . . . 5
3. Functional Specification . . . . . 5
3.1.2 Request . . . . . . . . . . . . . 5
3.1 Collections . . . . . . . . . . 5
3.1.3 Response . . . . . . . . . . . . . 6
3.1.1 Collection Document . . . . . . . . . . 5
3.2 EditURI . . . . . . . 6
3.1.2 Elements in a Collection Document . . . . . . . . . . 6
3.1.3 Collection Requests . . . . . . . . 7
3.2.1 Locating . . . . . . . . . 7
3.2 Introspection . . . . . . . . . . . . . . 7
3.2.2 Request . . . . . . . . 8
3.2.1 Service Document . . . . . . . . . . . . . . . 7
3.3 FeedURI . . . . 8
3.3 Entry Collection . . . . . . . . . . . . . . . . . . . . . 9
3.3.1 Locating . . . . . . . . . . . . . . . . . . . . . . . 10
3.3.2 Request .
3.4 Simple Resource Collection . . . . . . . . . . . . . . . . 10
3.4.1 Locating . . . . . . 10
3.3.3 Response . . . . . . . . . . . . . . . . . 10
3.4.2 Request . . . . . . 10
3.4 ResourcePostURI . . . . . . . . . . . . . . . . . 10
3.5 Atom Request and Response Body Constraints . . . . 10
3.4.1 Locating . . . . 11
3.5.1 id . . . . . . . . . . . . . . . . . . . 10
3.4.2 Request . . . . . . . 11
3.5.2 link . . . . . . . . . . . . . . . . 11
3.4.3 Response . . . . . . . . . 11
3.5.3 title . . . . . . . . . . . . . . 11
3.5 Link Tag . . . . . . . . . . 11
3.5.4 summary . . . . . . . . . . . . . . . 12
3.5.1 rel . . . . . . . . 11
3.5.5 content . . . . . . . . . . . . . . . . . 12
3.5.2 href . . . . . . 12
3.5.6 issued . . . . . . . . . . . . . . . . . . . 12
3.5.3 title . . . . . 12
3.5.7 modified . . . . . . . . . . . . . . . . . . . 13
3.5.4 type . . . . 12
3.5.8 created . . . . . . . . . . . . . . . . . . . . . 13
3.6 Atom Request and Response Body Constraints . . 12
3.5.9 author . . . . . . 13
3.6.1 id . . . . . . . . . . . . . . . . . . 13
3.5.10 contributor . . . . . . . . 13
3.6.2 link . . . . . . . . . . . . 13
3.5.11 generator . . . . . . . . . . . . . 13
3.6.3 title . . . . . . . . 13
3.6 Securing the Atom Protocol . . . . . . . . . . . . . . . . 13
3.6.4 summary
3.6.1 [@@TBD@@ CGI Authentication] . . . . . . . . . . . . . 14
4. Security Considerations . . . . . . . . . . 14
3.6.5 content . . . . . . . . 14
5. IANA Considerations . . . . . . . . . . . . . . . 14
3.6.6 issued . . . . . 14
6. Appendix A - SOAP Enabling . . . . . . . . . . . . . . . . . 15
6.1 Servers . . 14
3.6.7 modified . . . . . . . . . . . . . . . . . . . . . . . 15
3.6.8 created . . .

Gregorio & Sayre Expires September 19, 2005 [Page 2]

Internet-Draft The Atom Publishing Protocol March 2005

6.2 Clients . . . . . . . . . . . . . . . . . . . . 15
3.6.9 author . . . . . . . . . . . . . . . . . . . . . . . . 15
3.6.10 contributor . . . . . . . . . . . . . . . . . . . . 15
3.6.11 generator . . . . . . . . . . . . . . . . . . . . . 15
3.7 Securing the Atom Protocol . . . . . . . . . . . . . . . . 16
3.7.1 [@@TBD@@ CGI Authentication] . . . . . . . . . . . . . 16
4. Security Considerations . . . . . . . . . . . . . . . . . . 16
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . 17

Gregorio & Sayre Expires March 22, 2005 [Page 2]
Internet-Draft The Atom Publishing Protocol September 2004

6. Appendix A - SOAP Enabling . . . . . . . . . . . . . . . . . 17
6.1 Servers . . . . . . . . . . . . . . . . . . . . . . . . . 17
6.2 Clients . . . . . . . . . . . . . . . . . . . . . . . . . 17
7. Appendix B - Examples . . . . . . . . . . . . . . . . . . . 17 15
7.1 Example for a weblog . . . . . . . . . . . . . . . . . . . 17 15
7.2 Example for a wiki . . . . . . . . . . . . . . . . . . . . 18 15
8. Revision History . . . . . . . . . . . . . . . . . . . . . . 18 15
9. Normative References . . . . . . . . . . . . . . . . . . . . 19 17
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 20 18
Intellectual Property and Copyright Statements . . . . . . . 21 19

Gregorio & Sayre Expires March 22, September 19, 2005 [Page 3]

Internet-Draft The Atom Publishing Protocol September 2004 March 2005

1. Introduction

The Atom Publishing Protocol is an application-level protocol for
publishing and editing Web resources using HTTP [RFC2616] and XML.

1.1 Notational Conventions

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].

1.2 Terminology

Atom Entry: An Atom Entry is a fragment of a full Atom feed. In this
case, the fragment is a single 'entry' element and all its child
elements. Each Atom Entry describes a single Web resource,
providing metadata and optionally a textual representation of that
resource.
PostURI: A URI that is used to create new resources. POSTing an Atom
Entry to this URI will create a new resource.
EditURI: A URI that is used to edit a resource. The editing is done
using the HTTP verbs GET, PUT and DELETE. The representation of
the resource is always that of an Atom Entry.
FeedURI: The URI which identifies an Atom Feed.

2. The Atom Publishing Protocol Model

The Atom Publishing Protocol is an application-level protocol for
publishing and editing Web resources. The primary way of interaction
in the Atom Publishing Protocol is by managing collection of
resources. All collections support the same basic methods of
interaction. In addition, the resources belonging to collections
also share the same interaction patterns. Using the common HTTP
verbs provides a pattern for working with all such Web resources:
o GET is used to retrieve a representation of a resource or perform
a read-only query.
o PUT is used to update a known resource.
o POST is used to create a new dynamically-named resource.
o DELETE is used to remove a resource.

There are four major classes

2.1 Atom Collections

An Atom collection is a set of items all of URI [RFC2396] in this specification:
PostURI, ResourcePostURI, FeedURI, and EditURI. This specification
defines the expected actions same type ("members"
of the collection), where the "type" may be, for each example: Atom entry,
category, template, "simple resource", or any other classification of
web resource.

Each collection has a URI which is given in the methods listed. introspection file.
A GET on the collection URI
MAY support methods not listed here. For example, an EditURI could
support MUST produce a POST or OPTIONS method. However, what those methods do is
beyond collection document as
defined in "3.X.1 Collection Document." That document describes PART
OF the scope state of this specification.
o EditURI: PUT, GET, DELETE
o PostURI: POST
o FeedURI: GET
o ResourcePostURI: POST

This document does not specify the form collection.

All the members of a collection have an "updated" property, and the URIs that are used.
collection is considered to be ordered by this property. A single

Gregorio & Sayre Expires March 22, September 19, 2005 [Page 4]

Internet-Draft The Atom Publishing Protocol September 2004

The URI space March 2005

collection document may not contain all of each server is controlled, as defined by HTTP, by the server alone. What this members of a
collection. If a collection document does specify are is the formats response of
the files that are exchanged a
non-partial GET request, and does not contain all of the actions that can be performed on members of a
collection, then it will contain the URIs embedded in those files.

3. Functional Specification

3.1 PostURI

The PostURI is used to create entries. These can be either full
entries, such as URI of the next collection
document which will contain more of the collection members. By
traversing this list of collection documents a weblog post, or they client can be comments, or even obtain all
of the members of a
wiki page. collection. The client POSTs a filled-in Atom Entry to this URI. If
the request is successful, one or more Web resources MAY 'next' attribute will not be created.
For example, POSTing an Atom entry
present in the response to a PostURI may create partial GET request.

2.1.1 Usage

Below two new
Web resources, an HTML representation and an usages are outlined for Atom representation.

3.1.1 Locating the PostURI

The PostURI can be discovered in a link element Collections. They are here to
highlight common idioms for interacting with an @rel of
'service.post'. The link element containing a PostURI used to create Collection Resource
and not a new entry MAY be discovered in three different places. normative interaction pattern.

The first
place it may Atom Collection can be found is in a <link> element used by clients in two ways. In the 'head' element of
an HTML document.

The second place first
case the client has attached to a PostURI may be found site for the first time and is
doing an atom:link element initial syncronization, that is is, retrieving a child list of all
the atom:feed element. members of the collections and possibly retrieving all the
members of the collection also. The third place client can perform a PostURI may be
found is in non-partial
GET on the atom:link element of an atom:entry.

@@ TBD @@ - Discuss subordinate resources collection resource and what it will receive a PostURI means
based on where collection
document that either contains all the URI was found.

3.1.2 Request

The request contains collection, or
the collection document root element 'collection' will contain a filled-in Atom entry, subject
'next' attribute pointing to the
constraints in section Section 3.6.

3.1.3 Response

The possible status codes from a POST are 201, 303, 400, 404, 409,
410 and 500.

Gregorio & Sayre Expires March 22, 2005 [Page 5]
Internet-Draft The Atom Publishing Protocol September 2004

3.1.3.1 Response code 201

The Response MUST include a Location: header with the URI of next collection document. By
repeatedly following the
created resource. The URI returned must be 'next' attribute from document to document
the EditURI of client can find all the entry
just created. The body members of the response SHOULD contain the newly
created entry. If the entry is present in collection.

In the response body then it
MUST conform to second case the same constraints listed for responses to a GET on client has already done an EditURI. User agents MUST NOT depend on initial sync, and
now needs to re-sync, because the server returning client was just restarted, or some
time has passed since a
response body. If the server re-sync, etc. The client does return a response body then the
user agents MUST NOT depend partial GET
on the response body having collection document, supplying a
content-type of 'application/atom+xml". Note Range header that begins from
the server may
choose to omit the content in last time the response, particularly if it is
large.

A 201 response MAY contain an ETag response header field indicating client sync'd to the current value time. The collection
document returned will contain only those members of the entity tag for the requested variant just
created.

If the entry returned is subsequently collection
that have changed since the user agent can
update the entry by submitting it via PUT to last time the EditURI. If an ETag
was returned with client syncronized.

2.1.2 Client and Server Interaction

[[anchor5: ...]]

This document does not specify the creation form of the entry then the user agent
SHOULD include an If-Match: header in the request that contains URIs that
ETag.

3.1.3.2 Response code 303 are used.
The body URI space of each server is controlled, as defined by HTTP, by
the server alone. What this response document does not contain specify are the filled-in Entry, but formats of
the filled-in Entry files that are exchanged and the actions that can be found under a different URI and can be
retrieved using a GET method performed on that resource. The URI SHOULD be
given by
the Location field URIs embedded in the response.

3.1.3.3 Response code 400

Indicates that the server believes that the data sent constitutes an
invalid request. As an example, the data posted may not be
well-formed XML. The server SHOULD include an entity containing an
explanation of the error situation, and whether it is a temporary or
permanent condition.

3.1.3.4 Response code 409

The request contained a valid Atom Entry, but it conflicts with state
on the server. The response SHOULD contain enough for information
for the user to resolve the conflict.

[[@@TBD@@ more about response body format]] those files.

3. Functional Specification

Gregorio & Sayre Expires March 22, September 19, 2005 [Page 6] 5]

Internet-Draft The Atom Publishing Protocol September 2004

3.1.3.5 Response code 500

Indicates that the server detected an internal error on the server
processing this request (such March 2005

3.1 Collections

3.1.1 Collection Document

A collection document is rooted by a <collection> element. A
collection element may have any number of <member> elements as an unhandled exception). The server
SHOULD include an entity containing an explanation
children; each such element identifies a member of the error
situation, and whether it is collection.
In some situations, a temporary collection document may not contain every
member of the collection itself.

Whether complete or permanent condition.

3.2 EditURI

An EditURI is used to edit partial, the members in a single entry. Each entry that is
editable collection document
MUST have constitute a unique URI. This URI supports both GET and PUT
and they are used consecutive sequence of the collection's members,
ordered by their "updated" properties. That is, a collection
document MUST contain a contiguous subset of the members of the
collection ordered by their 'updated' property.

3.1.2 Elements in tandem for a Collection Document

A collection document MAY contain zero or more 'member' elements.

Each 'member' element MUST include an editing cycle. The client GETs 'href' attribute identifying a
URL of the representation which member resource. The 'href' URI of a member resource is formatted as
an Atom entry. The client
may then update "EditURI" under the entry terms of section 2, and then PUT it back MUST respond to the
same URI. The
PUT will cause all HTTP methods as such an EditURI.

Each 'member' element MAY include an "hrefreadonly" attribute. This
optional attribute identifies a URI which, on a GET request, responds
equivalently to how the related resources "href" URI would respond to be updated, for example, the HTML representation.

Note same request.
Clients SHOULD NOT apply to this URI any HTTP methods that would be
expected to modify the value state of the content element in resource (e.g. PUT, POST or
DELETE). A PUT or POST request to this URI MAY NOT affect the Atom entry does
underlying resource. If the "hrefreadonly" attribute is not
have given,
its value defaults to exactly match the content element for "href" value. If the same entry when it "hrefreadonly"
attribute is present, and its value is represented in an Atom feed. For example, a server may allow the
client to post entries whose content empty string, then there is formatted as WikiML, yet
no URI that can be treated in the
server may clean up way such markup and transform it into well-formed
XHTML before placing it in a value would be treated.

Clients SHOULD use the publicly available Atom feed. Another
scenario is summaries--the EditURI is for editing "href" value to manipulate the full content resource within
the context of
an entry, but the server may only present excerpts when it produces
an Atom feed.

A client will send a DELETE to APP itself. Clients SHOULD prefer the EditURI to delete an entry.

3.2.1 Locating
"hrefreadonly" value in any other context. For editing a site Entry, example, if the link tag
resource is used. Note that an image, a link tag
is used in both HTML and in client may replace the Atom format. A link tag image data using a PUT
on the "href" value, and may even display a preview of the
following format points to image by
fetching the EditURI for "href" URI. But when creating a site. In HTML, public, read-only
reference to the link
tags for editing are always found in same image resource, the head element, while in Atom
they may appear as children of client should use the entry elements.

Note: The critical characteristic of this link tag "hrefreadonly" value is an empty
string, the @rel of
'service.edit' and client SHOULD NOT make public reference to the @type of 'application/atom+xml'.

3.2.2 Request

A PUT request, and a GET response both contain "href"
value.

Each 'member' element MUST include a filled-in Atom 'title' attribute, whose value

Gregorio & Sayre Expires March 22, September 19, 2005 [Page 7] 6]

Internet-Draft The Atom Publishing Protocol September 2004

entry, subject to the constraints in section Section 3.6.

The expected status codes from March 2005

is a GET are 200, 301, 307, and 500.
400, 404, and 410 are also possible. human-readable name or description for the item. The expected status codes from a PUT are 2xx, 301, 307, 500 and 501.
400, 404, 409, and 410 values of
'title' attributes are also possible.

3.2.2.1 Successful Requests

Servers MUST indicate successful GET requests with not required to be unique across all members
of a 200 response.

Servers collection.

Each 'member' element MUST indicate successful PUT requests with a 2xx response.
Servers MAY include additional information in an 'updated' attribute, whose
value is the PUT response.
Clients SHOULD NOT expect any additional information in a PUT
response.

3.2.2.2 Response code 301

The entry has moved permanently, 'updated' property of the new URI is given in collection member whose format
MUST conform to the Location
header. The date-time BNF rule in [RFC3339].

3.1.3 Collection Requests

3.1.3.1 Range: Header

HTTP/1.1 allows a client SHOULD retry to request that only part (a range of) the GET using
collection to be included within the URI returned response. HTTP/1.1 uses range
units in the Location header. When Range header field. A collection can be broken down
into subranges according to the members 'updated' property. If a PUT operation
Range: header is attempted present in the user
agent should prompt request, its value explictly
identifies the user before attempting a time interval interval in which all the PUT on the URI
returned in the Location header.

3.2.2.3 Response code 307

The entry has moved temporarily, the new URI is given members
'updated' property must fall to be included in the Location
header. response.

Range = "Range" ":" ranges-specifier

The client SHOULD retry the GET using value of the URI returned Range: header should be a pair of ISO 8601 dates,
separated by a slash character; either date may be optionally
omitted, in which case the Location header. When a PUT operation range is attempted the user
agent should prompt the user before attempting the PUT understood as stretching to
infinity on the URI
returned in the Location header.

3.2.2.4 Response code 401

Indicates that the server believes that the data sent constitutes an
invalid request. As an example, the data posted may not be
well-formed XML. end.

ranges-specifier = updated-ranges-specifier
updated-ranges-specifier = updated-unit "=" updated-range
updated-unit = "updated"
updated-range = [iso-date] "/" [iso-date]

The server SHOULD include an entity containing an
explanation of the error situation, and whether it is response to a temporary or
permanent condition.

3.2.2.5 Response code 409

The collection request contained MUST be a valid Atom Entry, but it conflicts with the
state collection document,
all of whose 'member' elements fall within the resource, or other state on requested range. If
no members fall in the server.

For example, a server could signal that requested range, the client has erred in this
manner if it receives server MUST respond with
a request collection document containing no 'member' elements.

3.1.3.2 Accept-Ranges: Header

The response to a non-partial GET request MUST include an atom:id element whose
Accept-Ranges header that indicates that the server accepts 'updated'
range requests.

Accept-Ranges = "Accept-Ranges" ":" acceptable-ranges
acceptable-ranges = updated-unit ( 1#range-unit )

Gregorio & Sayre Expires March 22, September 19, 2005 [Page 8] 7]

Internet-Draft The Atom Publishing Protocol September 2004

value differs from that March 2005

3.2 Introspection

There are many different kinds of resources that can be managed
through the resource found at the requested URI.

The response SHOULD contain enough for information APP, for example, entries, templates, users, etc. The
Service Document is a single document that lists all the user to
resolve facets of
the conflict.

[[@@TBD@@ more about response body format ]]

3.2.2.6 Response code 410

Indicates APP that a site supports and also contains the requested resource is gone permanently. URIs of all those
resources.

3.2.1 Service Document

The
client SHOULD NOT repeat Service Document lists the request.

3.2.2.7 Response code 500

Indicates resources that the server detected an internal error on the server
processing this request (such as an unhandled exception). each site makes
available. The server
SHOULD include an entity containing Service Resource returns an explanation of the error
situation, and whether it is a temporary or permanent condition.

3.3 FeedURI

The FeedURI is used to retrieve a representation in Atom format.
Note that this feed is different from a typical Atom feed in that it
contains "link" elements for navigating and manipulating the content
of the site. For example there should be a "link" element with
rel="next" whose URI points to the next block of entries on the site.
Similarly, the feed element can contain a "link" element with
rel="service.post", the URI of which is a PostURI. Individual
entries should contain "link" elements with rel="service.edit" whose
URIs are EditURIs.

This document only uses some of the methods available for each type
of URI. For example, the only method described by this document for
the FeedURI is GET. Any other method may be supported by the URI
types described, but defining their behavior is beyond the scope of
this document. In this light you may notice that the PostURI only
supports the POST method. It is possible, and allowable, that for
some implementations the PostURI and the FeedURI are the same URI.

@@ Editor's Note: @@ Note that the "service.feed" takes the place of
the Introspection File and the Search facet in previous versions of
the specification. That is, facet discovery, which was previously
done by inspecting the Introspection file is now done by looking for
"link" tags with an attribute "rel" set to "service.[something]" in
the "service.feed" file. At the same time the same representation
replaces the search facet by having "link" tags that point to other
feeds using well-known 'rel' attribute values such as 'next' and
'prev', or the search can branch in multiple directions by specifying

Gregorio & Sayre Expires March 22, 2005 [Page 9]
Internet-Draft The Atom Publishing Protocol September 2004

multiple link tags with rel="service.feed" and having differing title
attributes that announce the kind of search results in that feed.

3.3.1 Locating

A link tag of the following format points to the FeedURI.

3.3.2 Request

The request is a simple GET. No other verbs are currently specified
for this URI.

3.3.3 Response

The expected status codes from a GET are 200, 301, 307, and 500.
401, 404, and 410 are also possible.

3.3.3.1 Response code 301

The Feed has moved permanently, the new URI is given in the Location
header. The client SHOULD do a GET on the URI returned in the
Location header.

3.3.3.2 Response code 307

The Feed has moved temporarily, the new URI is given Service Document in the Location
header. The client SHOULD do
response to a GET on the URI returned in the
Location header.

3.4 ResourcePostURI

The ResourcePostURI request. Here is used to create new non-entry resources. The
client POSTs a resource an example of an Service
Document.

<?xml version="1.0" encoding='utf-8'?>
<service version="0.3" xmlns="http://purl.org/atom/ns#">
<workspace title="Main Site" >
<collection rel="entries" name="Entries"
href="http://example.org/reilly/feed" />
<collection rel="categories" name="Categories"
href="http://example.org/reilly/cat" />
<collection rel="templates" name="Templates"
href="http://example.org/reilly/tmpl" />
<collection rel="users" name="Users"
href="http://example.org/reilly/users" />
<collection rel="resource" name="Pictures"
href="http://example.org/reilly/pic" />
</workspace>
<workspace title="b-links">
<collection rel="entries" name="Entries"
href="http://example.org/reilly/feed" />
<collection rel="http://example.net/booklist" name="Books"
href="http://example.org/reilly/books" />
</workspace>
</service>

o entries
o resource
o categories
o templates
o users
The default for the desired MIME type directly to this
URI.

3.4.1 Locating

For creating a new non-entry resource, the link tag rel attribute is used. Note
that a link tag 'resource'. Extensibility for
'rel' values is used in both HTML and handled in the Atom format. A link
tag same manner as PaceFieldingLinks.
Each 'collection' element in 'workspace' represents a single facet of
the following format points to the ResourcePostURI for APP. While a site.
In HTML the link tags are always found site must fully support each facet they list in
their Service Document, a site does not need to support all the head element, while
facets in
Atom they this RFC. Additionally, new facets may appear as children of the Feed and entry elements. be added either

Gregorio & Sayre Expires March 22, September 19, 2005 [Page 10] 8]

Internet-Draft The Atom Publishing Protocol September 2004

through vendor extension or follow-on RFCs.

3.2.1.1 Service Documet Elements

The "service" element is the document element of a Service Document,
acting as a container for Resource Posting goes here"
title="The name service data associated with possibly
multiple workspaces. Its only child elements MUST be one or more
'workspace' elements. The 'service' element MUST have a single
attribute 'version' whose content indicates the version of the site.">

3.4.2 Request Atom
specification that the document conforms to. The content of this
attribute is unstructured text. The version identifier for this
specification is "1.0".

The 'workspace' element element contains information elements about
the collections of resources available for editing. The only
children of 'workspace' MUST be one or more "collection" elements.
The request contains 'workspace' element MUST have a resource, sent through single attribute 'title' whose
content MUST NOT be empty and which is a standard HTTP POST,
e.g.:

POST /_do/exampleblog/post_resource HTTP/1.1
Host: www.example.com
Content-Type: image/jpeg
Content-Length: nnn

...raw bytes of image go here...

3.4.3 Response human-readable name for the
workspace.

The expected status codes from a POST 'collection' element describes various typed groups of resources
available for editing or adding to.

3.3 Entry Collection

Entries are 201, 303, 400, 415, managed through collections and
500. 401, 404, 409, as such entry collection
and 410 entries that are also possible.

3.4.3.1 Response code 201

The response MUST include members of a Location: header with collection must support all the
operations enumerated above.

An Edit Resource is used to edit a single entry. Each entry that is
editable MUST have a unique URI. This URI of supports both GET and PUT
and they are used in tandem for an editing cycle. The client GETs
the
created resource, i.e. representation which is formatted as an Atom entry. The client
may then update the URI used entry and then PUT it back to retrieve the resource
representation in a subsequent HTTP GET. same URI. The server SHOULD omit
PUT will cause all the
content related resources to be updated, for example,
the HTML representation.

Note that the value of the resource content element in the response, since it would be redundant
to return it Atom entry does not
have to exactly match the client.

3.4.3.2 Response code 303

Similar to 201 but no caching content element for the same entry when it
is allowed. The response MUST include represented in an Atom feed. For example, a Location: header.

3.4.3.3 Response code 400

Indicates that the server believes that may allow the data sent constitutes an
invalid request. The server SHOULD include an entity containing an
explanation of
client to post entries whose content is formatted as WikiML, yet the error situation,
server may clean up such markup and whether transform it is a temporary or
permanent condition.

3.4.3.4 Response code 415

The MIME type of into well-formed
XHTML before placing it in the request entity publicly available Atom feed. Another
scenario is summaries--the EditURI is not supported by the server
for this resource.

The response SHOULD contain enough for information for editing the user full content of
an entry, but the server may only present excerpts when it produces
an Atom feed.

A client will send a DELETE to
resolve the conflict. EditURI to delete an entry.

Gregorio & Sayre Expires March 22, September 19, 2005 [Page 11] 9]

Internet-Draft The Atom Publishing Protocol September 2004

[[@@TBD@@ more about response body format ]]

3.4.3.5 Response code 500

Indicates that the server detected an internal error on the server
processing this request (such as an unhandled exception). A short
description of the error will appear on the status line itself. A
longer description will appear in March 2005

3.3.1 Locating

For editing a site Entry, the body.

3.5 Link Tag

The link tag is used. Note that a link tag
is used in both HTML and Atom formats. There are slight
differences between the two usages. Here are the commonalities,
differences, and a list of well-known values for the rel attribute.

<http://www.w3.org/TR/html4/struct/links.html#edef-LINK> appears in the 'head' of the document. The 'head' section only allows a linear
list of 'link' tags. The Atom format allows 'link' tags as children
of both the 'feed' element and of the 'entry' element. Note that
this gives the information present in the format. A link tag more context. For
example ... @@ TBD @@

3.5.1 rel

This attribute describes the relationship from the current document,
be it HTML or Atom, to the anchor specified by the href attribute.
The value of this attribute is a space-separated list of link types.
Note that these values are case insensitive. When used in concert
with type="application/atom+xml", the relations may be interpreted as
follows.
alternate: The URI in the href attribute
following format points to an alternate
representation of the containing resource.
start: The Atom feed at the URI supplied in the href attribute
contains the first feed in EditURI for a linear sequence of entries.
next: The Atom feed at site. In HTML, the URI supplied link
tags for editing are always found in the href attribute
contains the next N entries head element, while in a linear sequence of entries.
prev: The Atom feed at
they may appear as children of the URI supplied in entry elements.

Note: The critical characteristic of this link tag is the previous N entries in a linear sequence @rel of entries.
service.edit: The URI given in
'service.edit' and the href attribute is used to edit a
representation @type of 'application/atom+xml'.

3.4 Simple Resource Collection

Simple Resources are managed through collections and as such simple
reource collections and simple resources that are members of the referred resource.
service.post: The URI in
collection must support all the href attribute is used to create new operations enumerated above. Simple
Resources can be images, templates, and any other non-entry
resources.
service.feed: The URI given in

3.4.1 Locating

For creating a new non-entry resource, the href attribute link tag is used. Note
that a starting point
for navigating content link tag is used in both HTML and services.

3.5.2 href

URI of in the resource being described by this link element.

Gregorio & Sayre Expires March 22, 2005 [Page 12]
Internet-Draft The Atom Publishing Protocol September 2004

3.5.3 title

Offers advisory information about format. A link
tag of the link. Rendered following format points to the user to
help them choose among ResourcePostURI for a set of links with the same rel and type
attributes.

3.5.4 type

The content type of site.
In HTML the resource available at link tags are always found in the URI given head element, while in
Atom they may appear as children of the
href attribute Feed and entry elements.

3.4.2 Request

The request contains a resource, sent through a standard HTTP POST,
e.g.:

POST /_do/exampleblog/post_resource HTTP/1.1
Host: www.example.com
Content-Type: image/jpeg
Content-Length: nnn

...raw bytes of the link types in this
specification are on type 'application/atom+xml'.

3.6 image go here...

Gregorio & Sayre Expires September 19, 2005 [Page 10]

Internet-Draft The Atom Publishing Protocol March 2005

3.5 Atom Request and Response Body Constraints

The Atom format is used as the representation of all the resources in
this specification. As it is used in differing contexts, there are
different constraints of which elements may be present, and how their
values should be interpreted.

3.6.1

3.5.1 id

PostURI MUST NOT be present.
FeedURI MUST be present.
EditURI
GET MUST be present.
PUT MUST be present.

3.6.2

3.5.2 link

PostURI MAY be present. Servers MAY use the information to determine
the URI of the created resource. Relative URLs are to be
interpreted relative to xml:base.
FeedURI MUST be present.
EditURI
GET MUST be present.
PUT MUST be present.

3.6.3

3.5.3 title

PostURI MUST be present. The element may be empty, to explicitly
indicate "no title". Servers SHOULD NOT try to generate a title
if one is not provided. The type attribute MAY be present, and if
not it defaults to "text/plain". If present, it MUST represent a
MIME type that the server supports. The mode attribute MAY be
present. If not present, it defaults to "xml". If present, it
MUST be "xml", "base64", or "escaped".

Gregorio & Sayre Expires March 22, 2005 [Page 13]
Internet-Draft The Atom Publishing Protocol September 2004
FeedURI MUST be present.
EditURI
GET MUST be present.
PUT MUST be present. The element may be empty, to explicitly
indicate "no title". Servers SHOULD NOT try to generate a
title if one is not provided.

3.6.4

3.5.4 summary

PostURI MAY be present. If not present, the server is welcome to
produce its own summary. If present but empty, the server SHOULD
NOT generate a summary of its own. The type attribute MAY be
present. If not, it defaults to "text/plain". If present, it
must represent a MIME type that the server supports. The mode

Gregorio & Sayre Expires September 19, 2005 [Page 11]

Internet-Draft The Atom Publishing Protocol March 2005

attribute MAY be present and defaults to "xml". If present, it
must be "xml","base64", or "escaped".
FeedURI MAY be present.
EditURI
GET MAY be present.
PUT MAY be present. The element may be empty, to explicitly
indicate "no summary". Servers SHOULD NOT try to generate a
title if one is not provided.

3.6.5

3.5.5 content

PostURI MAY be present but may be empty, to explicitly indicate "no
content". The type attribute MAY be present, but defaults to
"text/plain" if not present. It must represent a MIME type that
the server supports. The MODE attribute may be present and
defaults to "xml" if not present. It must be "xml","base64", or
"escaped".
FeedURI MAY be present.
EditURI
GET MAY be present.
PUT MAY be present. The element may be empty, to explicitly
indicate "no content".

3.6.6

3.5.6 issued

PostURI MUST be present, but may be empty, in which case it signifies
"now" in the time zone of the server.
FeedURI MUST be present.
EditURI
GET MUST be present.
PUT MUST be present. Server policy determines if an updated time
is accepted.

Gregorio & Sayre Expires March 22, 2005 [Page 14]
Internet-Draft The Atom Publishing Protocol September 2004

3.6.7

3.5.7 modified

PostURI MUST NOT be present.
FeedURI MAY be present.
EditURI
GET MAY be present.
PUT MAY be present. The element may be empty, to explicitly
indicate that 'now' on the server time is to be used.

3.6.8

3.5.8 created

PostURI MAY be present.

Gregorio & Sayre Expires September 19, 2005 [Page 12]

Internet-Draft The Atom Publishing Protocol March 2005

FeedURI MAY be present.
EditURI
GET MAY be present.
PUT MAY be present. The server may or may not accept an updated
value. If the server does not allow updating the issued time
then any PUT request with a different issued value MUST be
rejected.

3.6.9

3.5.9 author

PostURI MAY be present. If not present, the server determines the
author. If present, and conflicting with valid values as
determined by the server, then the server may change the value of
author.
FeedURI MAY be present.
EditURI
GET MAY be present.
PUT MAY be present.

3.6.10

3.5.10 contributor

PostURI MAY be present.
FeedURI MAY be present.
EditURI
GET MAY be present.
PUT MAY be present.

3.6.11

3.5.11 generator

PostURI MUST be present and contain a URI. The value of the element
indicates the code base used to create this request. MUST also
have an attribute 'version' with a version number.
FeedURI MUST NOT be present.

Gregorio & Sayre Expires March 22, 2005 [Page 15]
Internet-Draft The Atom Publishing Protocol September 2004
EditURI
GET MUST NOT be present.
PUT MUST NOT be present.

3.7

3.6 Securing the Atom Protocol

All instances of publishing Atom entries SHOULD be protected by
authentication to prevent posting or editing by unknown sources.
Atom servers and clients MUST support one of the following
authentication mechanisms, and SHOULD support both.

o HTTP Digest Authentication [RFC2617]
o [@@TBD@@ CGI Authentication ref]

Atom servers and clients MAY support encryption of the Atom session

Gregorio & Sayre Expires September 19, 2005 [Page 13]

Internet-Draft The Atom Publishing Protocol March 2005

using TLS [RFC2246].

There are cases where an authentication mechanism may not be
required, such as a publicly editable Wiki, or when using the PostURI
to post comments to a site that does not require authentication to
create comments.

3.7.1

3.6.1 [@@TBD@@ CGI Authentication]

This authentication method is included as part of the protocol to
allow Atom servers and clients that cannot use HTTP Digest
Authentication but where the user can both insert its own HTTP
headers and create a CGI program to authenticate entries to the
server. This scenario is common in environments where the user
cannot control what services the server employs, but the user can
write their own HTTP services.

4. Security Considerations

Because Atom is a publishing protocol, it is important that only
authorized users can create and edit entries.

The security of Atom is based on HTTP Digest Authentication and/or
[@@TBD@@ CGI Authentication]. Any weaknesses in either of these
authentication schemes will obviously affect the security of the Atom
Publishing Protocol.

Both HTTP Digest Authentication and [@@TBD@@ CGI Authentication] are
susceptible to dictionary-based attacks on the shared secret. If the
shared secret is a password (instead of a random string with
sufficient entropy), an attacker can determine the secret by
exhaustively comparing the authenticating string with hashed results
of the public string and dictionary entries.

Gregorio & Sayre Expires March 22, 2005 [Page 16]
Internet-Draft The Atom Publishing Protocol September 2004

See RFC 2617 for more detailed description of the security properties
of HTTP Digest Authentication.

@@TBD@@ Talk here about using HTTP basic and digest authentication.

@@TBD@@ Talk here about denial of service attacks using large XML
files, or the billion laughs DTD attack.

5. IANA Considerations

This document has no actions for IANA.

Gregorio & Sayre Expires September 19, 2005 [Page 14]

Internet-Draft The Atom Publishing Protocol March 2005

6. Appendix A - SOAP Enabling

All servers SHOULD support the following alternate interface
mechanisms to enable a wider variety of clients to interact with Atom
Publishing Protocol servers. The following requirements are in
addition to the ones listed in the Functional Specification Section.
If a server supports SOAP Enabling then it MUST support all of the
following.

6.1 Servers

1. All servers MUST support the limited use of the SOAPAction HTTP
Header as described below in the Client section.
2. All servers MUST be able to process well formed XML. Servers
need not be able to handle processing instructions or DTDs.
3. Servers MUST accept content in a SOAP Envelope, and if they
receive a request that is wrapped in a SOAP Envelope then they
MUST wrap their responses in SOAP envelopes or produce a SOAP
Fault.

6.2 Clients

1. Clients SHOULD use the appropriate HTTP Method when possible.
When not possible, they should use POST and include a SOAPAction
HTTP header which is constrained as follows:
2. SOAPAction: "http://schemas.xmlsoap.org/wsdl/http/[METHOD]"
3. Where [METHOD] is replaced by the desired HTTP Method.
4. Clients MAY wrap their XML payload in a SOAP Envelope. If so,
they must also wrap it in an element which exactly matches the
HTTP Method.

7. Appendix B - Examples

7.1 Example for a weblog

Fill this in with an example for how all the above is used for a

Gregorio & Sayre Expires March 22, 2005 [Page 17]
Internet-Draft The Atom Publishing Protocol September 2004
weblog. Start with main HTML page, link tag of type service.feed to
the 'introspection' file. 1. Creating a new entry 2. Finding an
old entry 3. editing an old entry 4. commenting on a entry (via
HTML and Atom)

7.2 Example for a wiki

Fill this in like above but for a wiki.

8. Revision History

draft-ietf-atompub-protocol-03 - Incorporates PaceSliceAndDice3 and

Gregorio & Sayre Expires September 19, 2005 [Page 15]

Internet-Draft The Atom Publishing Protocol March 2005

PaceIntrospection.

draft-ietf-atompub-protocol-02 - Incorporates Pace409Response,
PacePostLocationMust, and PaceSimpleResourcePosting.

draft-ietf-atompub-protocol-01 - Added in sections on Responses for
the EditURI. Allow 2xx for response to EditURI PUTs. Elided all
mentions of WSSE. Started adding in some normative references.
Added the section "Securing the Atom Protocol". Clarified that it is
possible that the PostURI and FeedURI could be the same URI. Cleaned
up descriptions for Response codes 400 and 500.

Rev draft-ietf-atompub-protocol-00 - 5Jul2004 - Renamed the file and
re-titled the document to conform to IETF submission guidelines.
Changed MIME type to match the one selected for the Atom format.
Numerous typographical fixes. We used to have two 'Introduction'
sections. One of them was moved into the Abstract the other absorbed
the Scope section. IPR and copyright notifications were added.

Rev 09 - 10Dec2003 - Added the section on SOAP enabled clients and
servers.

Rev 08 - 01Dec2003 - Refactored the specification, merging the
Introspection file into the feed format. Also dropped the
distinction between the type of URI used to create new entries and
the kind used to create comments. Dropped user preferences.

Rev 07 - 06Aug2003 - Removed the use of the RSD file for
auto-discovery. Changed copyright until a final standards body is
chosen. Changed query parameters for the search facet to all begin
with atom- to avoid name collisions. Updated all the Entries to
follow the 0.2 version. Changed the format of the search results and
template file to a pure element based syntax.

Rev 06 - 24Jul2003 - Moved to PUT for updating Entries. Changed all
the mime-types to application/x.atom+xml. Added template editing.
Changed 'edit-entry' to 'create-entry' in the Introspection file to
more accurately reflect it's purpose.

Gregorio & Sayre Expires March 22, 2005 [Page 18]
Internet-Draft The Atom Publishing Protocol September 2004

Rev 05 - 17Jul2003 - Renamed everything Echo into Atom. Added
version numbers in the Revision history. Changed all the mime-types
to application/atom+xml.

Rev 04 - 15Jul2003 - Updated the RSD version used from 0.7 to 1.0.
Change the method of deleting an Entry from POSTing <delete/> to
using the HTTP DELETE verb. Also changed the query interface to GET
instead of POST. Moved Introspection Discovery to be up under
Introspection. Introduced the term 'facet' for the services listed

Gregorio & Sayre Expires September 19, 2005 [Page 16]

Internet-Draft The Atom Publishing Protocol March 2005

in the Introspection file.

Rev 03 - 10Jul2003 - Added a link to the Wiki near the front of the
document. Added a section on finding an Entry. Retrieving an Entry
now broken out into it's own section. Changed the HTTP status code
for a successful editing of an Entry to 205.

Rev 02 - 7Jul2003 - Entries are no longer returned from POSTs,
instead they are retrieved via GET. Cleaned up figure titles, as
they are rendered poorly in HTML. All content-types have been
changed to application/atom+xml.

Rev 01 - 5Jul2003 - Renamed from EchoAPI.html to follow the more
commonly used format: draft-gregorio-NN.html. Renamed all references
to URL to URI. Broke out introspection into it's own section. Added
the Revision History section. Added more to the warning that the
example URIs are not normative.

9. Normative References

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2246] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
RFC 2246, January 1999.

[RFC2396] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform
Resource Identifiers (URI): Generic Syntax", RFC 2396,
August 1998.

[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P. and T. Berners-Lee, "Hypertext
Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

[RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
Leach, P., Luotonen, A. and L. Stewart, "HTTP
Authentication: Basic and Digest Access Authentication",
RFC 2617, June 1999.

[1] <http://www.imc.org/atom-syntax/index.html>

Gregorio & Sayre Expires March 22, September 19, 2005 [Page 19] 17]

Internet-Draft The Atom Publishing Protocol September 2004 March 2005

Authors' Addresses

Joe Gregorio (editor)
BitWorking, Inc
1002 Heathwood Dairy Rd.
Apex, NC 27502
US

Phone: +1 919 272 3764
EMail:
Email: joe@bitworking.com
URI: http://bitworking.com/

Robert Sayre (editor)
Boswijck Memex Consulting
148 N 9th St. 4R
Brooklyn, NY 11211
US

EMail:

Email: rfsayre@boswijck.com
URI: http://boswijck.com

Gregorio & Sayre Expires March 22, September 19, 2005 [Page 20] 18]

Internet-Draft The Atom Publishing Protocol September 2004 March 2005

Intellectual Property Statement

The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.

Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.

The IETF has been notified of intellectual property rights claimed in
regard to some or all of the specification contained in this
document. For more information consult the online list of claimed
rights.

Disclaimer of Validity

This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Copyright (C) The Internet Society (2004). (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.

Gregorio & Sayre Expires March 22, September 19, 2005 [Page 21] 19]

Internet-Draft The Atom Publishing Protocol September 2004 March 2005

Acknowledgment

Funding for the RFC Editor function is currently provided by the
Internet Society.

Gregorio & Sayre Expires March 22, September 19, 2005 [Page 22] 20]

----