WDIFF

draft-ietf-atompub-protocol-03.txt --> draft-ietf-atompub-protocol-04.txt

Internet-Draft BitWorking, Inc
Expires: September 19, November 10, 2005 R. Sayre, Ed.
Boswijck Memex Consulting
March 18,
May 9, 2005

The Atom Publishing Protocol
draft-ietf-atompub-protocol-03.txt
draft-ietf-atompub-protocol-04.txt

Status of this Memo

This document is an Internet-Draft and is subject to all provisions
of Section 3 of RFC 3667.

By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she become becomes
aware will be disclosed, in accordance with
RFC 3668. Section 6 of BCP 79.

Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts. Internet-
Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.

This Internet-Draft will expire on September 19, November 10, 2005.

Abstract

This memo presents a protocol for using XML (Extensible Markup
Language) and HTTP (HyperText Transport Protocol) to edit content.

The Atom Publishing Protocol is an application-level protocol for
publishing and editing Web resources belonging to periodically

Gregorio & Sayre Expires September 19, 2005 [Page 1]

Internet-Draft The Atom Publishing Protocol March 2005
updated websites. The protocol at its core is the HTTP transport of
Atom-formatted representations. The Atom format is documented in the
Atom Syndication Format (draft-ietf-atompub-format-06.txt).

Gregorio & Sayre Expires November 10, 2005 [Page 1]

Internet-Draft The Atom Publishing Protocol May 2005

Editorial Note

To provide feedback on this Internet-Draft, join the atom-syntax atom-protocol
mailing list (http://www.imc.org/atom-syntax/index.html) (http://www.imc.org/atom-protocol/index.html) [1].

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1 . 3
2. Notational Conventions . . . . . . . . . . . . . . . . . . . . 4
1.2
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
2. . . 5
4. The Atom Publishing Protocol Model . . . . . . . . . . . . . 4
2.1 Atom . 6
4.1 Collections . . . . . . . . . . . . . . . . . . . . . 4
2.1.1 Usage . . 6
4.2 Discovery . . . . . . . . . . . . . . . . . . . . . . 5
2.1.2 Client and Server Interaction . . 6
4.3 Listing . . . . . . . . . . 5
3. Functional Specification . . . . . . . . . . . . . . . 7
4.4 Authoring . . . 5
3.1 Collections . . . . . . . . . . . . . . . . . . . . . 7
4.4.1 Create . . 6
3.1.1 Collection Document . . . . . . . . . . . . . . . . . 6
3.1.2 Elements in a Collection Document . . . . . 7
4.4.2 Read . . . . . 6
3.1.3 Collection Requests . . . . . . . . . . . . . . . . . 7
3.2 Introspection . . . 8
4.4.3 Update . . . . . . . . . . . . . . . . . . . 8
3.2.1 Service Document . . . . . 8
4.4.4 Delete . . . . . . . . . . . . . . 8
3.3 Entry Collection . . . . . . . . . . 8
4.5 Success and Failure . . . . . . . . . . . 9
3.3.1 Locating . . . . . . . . 9
5. Collections . . . . . . . . . . . . . . . 10
3.4 Simple Resource Collection . . . . . . . . . . 10
5.1 Collection Documents . . . . . . 10
3.4.1 Locating . . . . . . . . . . . . . 10
5.1.1 Element Definitions . . . . . . . . . . 10
3.4.2 Request . . . . . . . 10
5.2 Collection Resource . . . . . . . . . . . . . . . . 10
3.5 Atom Request and Response Body Constraints . . . 12
5.2.2 POST . . . . . 11
3.5.1 id . . . . . . . . . . . . . . . . . . . . 14
5.2.3 Usage Scenarios . . . . . . 11
3.5.2 link . . . . . . . . . . . . . 15
5.2.4 Range: Header . . . . . . . . . . . . 11
3.5.3 title . . . . . . . . 16
5.2.5 Accept-Ranges: Header . . . . . . . . . . . . . . . . 11
3.5.4 summary 16
5.2.6 Name: Header . . . . . . . . . . . . . . . . . . . . . 17
6. Entry Collection . . 11
3.5.5 content . . . . . . . . . . . . . . . . . . . . . 18
6.1 Editing Entry Resources . . 12
3.5.6 issued . . . . . . . . . . . . . . . 18
6.2 Role of Atom Entry Elements During Editing . . . . . . . . 18
7. Generic Collection . 12
3.5.7 modified . . . . . . . . . . . . . . . . . . . . . 20
7.1 Editing Generic Resources . . 12
3.5.8 created . . . . . . . . . . . . . . 20
8. Introspection . . . . . . . . . 12
3.5.9 author . . . . . . . . . . . . . . . 21
8.1 Introspection Document . . . . . . . . . 13
3.5.10 contributor . . . . . . . . . 21
8.1.1 Element Definitions . . . . . . . . . . . 13
3.5.11 generator . . . . . . 21
8.2 Introspection Resource . . . . . . . . . . . . . . . 13
3.6 Securing the Atom Protocol . . . 23
8.2.1 Discovery . . . . . . . . . . . . . 13
3.6.1 [@@TBD@@ CGI Authentication] . . . . . . . . . 24
9. Securing the Atom Protocol . . . . 14
4. Security Considerations . . . . . . . . . . . . . . 25
10. Security Considerations . . . . 14
5. IANA Considerations . . . . . . . . . . . . . . 26
11. IANA Considerations . . . . . . 14
6. Appendix A - SOAP Enabling . . . . . . . . . . . . . . 27
12. References . . . 15
6.1 Servers . . . . . . . . . . . . . . . . . . . . . . 30
12.1 Normative References . . . 15

Gregorio & Sayre Expires September 19, 2005 [Page 2]

Internet-Draft The Atom Publishing Protocol March 2005

6.2 Clients . . . . . . . . . . . . . . . . 30
12.2 Informative References . . . . . . . . . 15
7. Appendix B - Examples . . . . . . . . . 31
Authors' Addresses . . . . . . . . . . 15
7.1 Example for a weblog . . . . . . . . . . . . 32
A. Revision History . . . . . . . 15
7.2 Example for a wiki . . . . . . . . . . . . . . . . . . . . 15
8. Revision History . . . . . . . . . . . . . . . . . . . . . . 15
9. Normative References . . . . . . . . . . . . . . . . . . . . 17
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 18 33
Intellectual Property and Copyright Statements . . . . . . . 19 . 35

Gregorio & Sayre Expires September 19, November 10, 2005 [Page 3] 2]

Internet-Draft The Atom Publishing Protocol March May 2005

1. Introduction

The Atom Publishing Protocol is an application-level protocol for
publishing and editing Web resources using HTTP [RFC2616] and XML.

1.1 XML 1.0
[W3C.REC-xml-20040204].

Gregorio & Sayre Expires November 10, 2005 [Page 3]

Internet-Draft The Atom Publishing Protocol May 2005

2. Notational Conventions

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].

1.2 Terminology

Atom Entry: An Atom Entry is a fragment of a full

Gregorio & Sayre Expires November 10, 2005 [Page 4]

Internet-Draft The Atom feed. In this
case, Publishing Protocol May 2005

3. Terminology

URI/IRI - A Uniform Resource Identifier and Internationalized
Resource Identifier, respectively. These terms (and the fragment is a single 'entry' element distinction
between them) are defined in [RFC3986] and all its child
elements. Each Atom Entry describes [RFC3987].

Resource - an item identified by a single Web resource,
providing metadata and optionally URI [W3C.REC-webarch-20041215].

Collection Resource - A resource that contains a textual representation listing of that
resource.

2. Member
Resources and meets the requirements in Section 5 of this
specification.

Member Resource - A resource whose URI is listed by a Collection
Resource.

Gregorio & Sayre Expires November 10, 2005 [Page 5]

Internet-Draft The Atom Publishing Protocol Model May 2005

4. The Atom Publishing Protocol is an application-level protocol for
publishing and editing Web resources. Model

The primary way of interaction
in the Atom Publishing Protocol is by managing collection operates on collections of Web
resources. All collections support the same basic methods of
interaction. In addition, interactions, as
do the resources belonging to collections
also share within the same collections. The patterns of interaction patterns. Using
are based on the common HTTP
verbs provides a pattern for working with all such Web resources: verbs.

o GET is used to retrieve a representation of a resource or perform
a read-only query.

o PUT POST is used to update create a known new, dynamically-named resource.

o POST PUT is used to create update a new dynamically-named known resource.

o DELETE is used to remove a resource.

2.1 Atom

4.1 Collections

An Atom collection is a set of items all of the same type ("members"
of the collection), where the "type" may be, for example: Atom entry,
category, template, "simple resource", or any other classification of
web resource.

Each collection has a URI

The APP groups resources into "Collections", which is given in the introspection file.
A GET on are analogous to
the collection URI MUST produce a collection document as
defined "folders" or "directories" found in "3.X.1 Collection Document." That document describes PART
OF many file systems.

4.2 Discovery

To discover the state location of the collection.

All collections exposed by an APP
service, the members of client must locate and request an Introspection Document
(Section 8).

Client Server
| |
| 1.) GET Introspection |
|------------------------------->|
| |
| 2.) Introspection Doc |
|<-------------------------------|
| |

1. The client sends a collection have GET request to the Service Description
Resource.

2. The server responds with an "updated" property, and Introspection Document containing the
collection is considered to be ordered
locations of collections provided by the service. The content of
this property. A single document can vary based on aspects of the client request,
including, but not limited to, authentication credentials.

Gregorio & Sayre Expires September 19, November 10, 2005 [Page 4] 6]

Internet-Draft The Atom Publishing Protocol March May 2005

collection document may not contain all of the members of a
collection. If a collection document is

4.3 Listing

Once the response of a
non-partial GET request, and does not contain all of client has discovered the members location of a collection, then it will contain the URI of the next collection
document which will contain more can
request a listing of the collection members. By
traversing this collection's membership. However,
collections might be extremely large, so servers are likely to list of collection documents a client can obtain all
of the members
small subset of a collection. The 'next' attribute will not be
present in the response collection by default.

Client Server
| |
| 1.) GET to Collection URI |
|------------------------------->|
| |
| 2.) 200 OK, Atom Feed Doc |
|<-------------------------------|
| |

1. The client sends a partial GET request.

2.1.1 Usage

Below two usages are outlined for Atom Collections. They are here request to
highlight common idioms for interacting the Collection's URI.

2. The server responds with a Collection Resource
and not a normative interaction pattern.

The an Atom Collection Feed Document containing a full
or partial listing of the collection's membership.

4.4 Authoring

After locating a collection, a client can be used add entries by clients in two ways. In the first
case sending a
request to the client has attached collection; other changes are accomplished by sending
HTTP requests to its member resources.

4.4.1 Create

Client Server
| |
| 1.) POST to Collection URI |
|------------------------------->|
| |
| 2.) 201 Created @ Location |
|<-------------------------------|
| |

1. The client sends a site for representation of a member to the first time and server via
HTTP POST. The Request URI is
doing an initial syncronization, that is, retrieving a list of all
the members of the collections and possibly retrieving all the
members of the collection also. Collection.

2. The client can perform server responds with a non-partial
GET on the collection resource response of "201 Created" and it will receive a collection
document that either contains all
"Location" header containing the member URI of the collection, newly-created
resource.

Gregorio & Sayre Expires November 10, 2005 [Page 7]

Internet-Draft The Atom Publishing Protocol May 2005

4.4.2 Read

Client Server
| |
| 1.) GET or
the collection document root element 'collection' will contain HEAD to Member URI |
|------------------------------->|
| |
| 2.) 200 OK |
|<-------------------------------|
| |

1. The client sends a
'next' attribute pointing GET (or HEAD) request to the next collection document. By
repeatedly following the 'next' attribute from document member's URI.

2. The server responds with an appropriate representation.

4.4.3 Update

Client Server
| |
| 1.) PUT to document
the client can find all the members of the collection.

In the second case the Member URI |
|------------------------------->|
| |
| 2.) 200 OK |
|<-------------------------------|

1. The client has already done PUTs an initial sync, and
now needs updated representation to re-sync, because the client was just restarted, or some
time has passed since member's URI.

2. The server responds with a re-sync, etc. representation of the member's new
state.

4.4.4 Delete

Client Server
| |
| 1.) DELETE to Member URI |
|------------------------------->|
| |
| 2.) 204 No Content |
|<-------------------------------|
| |

1. The client does sends a partial GET
on DELETE request to the collection document, supplying a Range header that begins from
the last time the client sync'd to the current time. member's URI.

2. The collection
document returned will contain only those members of the collection
that have changed since the last time the client syncronized.

2.1.2 Client server responds with successful status code.

Gregorio & Sayre Expires November 10, 2005 [Page 8]

Internet-Draft The Atom Publishing Protocol May 2005

4.5 Success and Server Interaction

[[anchor5: ...]]

This document does not specify the form Failure

HTTP defines classes of the URIs that are used.
The URI space response. HTTP status codes of each server is controlled, as defined by HTTP, by
the server alone. What this document does specify are the formats form 2xx
signal that a request was successful. HTTP status codes of the files form
4xx or 5xx signal that are exchanged an error has occurred, and the actions that can be performed on request has
failed. Consult the URIs embedded in those files.

3. Functional Specification HTTP specification for more detailed definitions
of each status code.

Gregorio & Sayre Expires September 19, November 10, 2005 [Page 5] 9]

Internet-Draft The Atom Publishing Protocol March May 2005

3.1

5. Collections

3.1.1

An Atom Collection Document

A is a set of related resources. All members of a
collection have an "updated" property, and the collection document is rooted
considered to be ordered by a <collection> element. this property.

5.1 Collection Documents

An example Collection Document.

<?xml version="1.0" encoding='utf-8'?>
<collection xmlns="http://purl.org/atom/app#">
<member href="http://example.org/1"
hrefreadonly="http://example.com/1/bar"
title="Sample 1"
updated="2003-12-13T18:30:02Z" />
<member href="http://example.org/2"
hrefreadonly="http://example.com/2/bar"
title="Sample 2"
updated="2003-12-13T18:30:02Z" />
<member href="http://example.org/3"
hrefreadonly="http://example.com/3/bar"
title="Sample 3"
updated="2003-12-13T18:30:02Z" />
<member href="http://example.org/4"
title="Sample 4"
updated="2003-12-13T18:30:02Z" />
</collection>

Atom Collection Documents have the media-type 'application/
atomcoll+xml', see Section 11.

5.1.1 Element Definitions

5.1.1.1 The 'app:collection' Element

The 'app:collection' element represents an Atom Collection. A
collection document does not necessarily list every member of the
collection.

appCollection element may have app:collection {
attribute next { text } ?,
appMember*
}

Gregorio & Sayre Expires November 10, 2005 [Page 10]

Internet-Draft The Atom Publishing Protocol May 2005

o 'app:collection' elements MAY contain any number of <member> 'app:member'
elements.

o 'app:collection' elements as
children; each such element identifies MAY contain a member of the collection.
In some situations, 'next' attribute which
identifies a collection document may not contain every containing member of the collection itself.

Whether complete or partial, the elements
updated earlier in time.

The members listed in a collection document MUST constitute a
consecutive sequence of the collection's members, ordered by their
"updated" properties. That is, a collection document MUST contain a
contiguous subset of the members of the collection ordered by their
'updated' property.

3.1.2 Elements in

5.1.1.2 The 'app:member' Element

The 'app:member' represents a Collection Document

A collection document MAY contain zero or more 'member' elements.

Each 'member' single member resource.

appMember element app:member {
attribute title { text },
attribute href { text },
attribute hrefreadonly { text } ?,
attribute updated { text }
}

o 'app:member' elements MUST include an 'href' attribute identifying a
URL of attribute, whose
value conveys the member resource. The 'href' URI of a used to edit the member resource source

o 'app:member' elements MAY include an "hrefreadonly
(Section 5.1.1.3)" attribute.

o 'app:member' elements MUST include a 'title' attribute, whose
value is a human-readable name or description for the item.

o 'app:member' elements MUST include an "EditURI" under 'updated' attribute, whose
value is the terms 'updated' property of section 2, and the collection member. Its
format MUST respond conform to the
same HTTP methods as such an EditURI.

Each 'member' element MAY include an "hrefreadonly" attribute. date-time production in [RFC3339].

5.1.1.3 The 'hrefreadonly' Attribute

This optional attribute identifies a URI which, on a GET request,
responds equivalently to how the "href" URI would respond to the same
request. Clients SHOULD NOT apply to this URI any HTTP methods that
would be expected to modify the state of the resource (e.g. PUT,
POST or DELETE). A PUT or POST request to this URI MAY NOT affect

Gregorio & Sayre Expires November 10, 2005 [Page 11]

Internet-Draft The Atom Publishing Protocol May 2005

the underlying resource. If the "hrefreadonly" attribute is not
given, its value defaults to the "href" value. If the "hrefreadonly"
attribute is present, and its value is an empty string, then there is
no URI that can be treated in the way such a value would be treated.

Clients SHOULD use the "href" value to manipulate the resource within
the context of the APP itself. Clients SHOULD prefer the
"hrefreadonly" value in any other context. For example, if the
resource is an image, a client may replace the image data using a PUT
on the "href" value, and may even display a preview of the image by
fetching the "href" URI. But when creating a public, read-only
reference to the same image resource, the client should use the
"hrefreadonly" value. If the "hrefreadonly" value is an empty
string, the client SHOULD NOT make public reference to the "href"
value.

Each 'member' element MUST include a 'title' attribute, whose value

Gregorio & Sayre Expires September 19, 2005 [Page 6]

Internet-Draft The Atom Publishing Protocol March 2005

[[anchor10: Define extensibility for Collection Documents.]]

5.2 Collection Resource

This specification defines two HTTP methods for use with collection
resources: GET and POST.

5.2.1 GET

Collections can contain extremely large numbers of resources. A
naive client such as a human-readable name web spider or description for web browser would be overwhelmed
if the item. The values of
'title' attributes are not required response to be unique across all members
of a collection.

Each 'member' element MUST include an 'updated' attribute, whose
value is GET reflected the 'updated' property full membership of the collection member whose format
MUST conform
collection, and the server would waste large amounts of bandwidth and
processing time on clients unable to handle the date-time BNF rule in [RFC3339].

3.1.3 Collection Requests

3.1.3.1 Range: Header

HTTP/1.1 allows response. As a client
result, responses to a simple GET request that only part (a range of) the
collection to be included within represent a server-
determined subset of the response. HTTP/1.1 uses range
units in collection's membership.

In addition, the Range header field. A collection can be broken down
into subranges according to the members 'updated' property. If client MAY send a
Range: 'Range' header is present in the request, its value explictly
identifies the with a time interval interval in which all the members
'updated' property must fall to be included in the response.

Range = "Range" ":" ranges-specifier

The value range type
of 'udpated', indicating the Range: header should be a pair subset of ISO 8601 dates,
separated by a slash character; either date may be optionally
omitted, in which case the range is understood as stretching to
infinity on that end.

ranges-specifier = updated-ranges-specifier
updated-ranges-specifier = updated-unit "=" updated-range
updated-unit = "updated"
updated-range = [iso-date] "/" [iso-date]

The response to a collection request MUST to be a collection document,
all of whose 'member' elements fall within the requested range. If
no members fall returned.
The 'Range' header is described in the requested range, the server Section 5.2.4.

This specification defines two serializations for Atom Collections.
Servers MUST respond with
a collection document containing no 'member' elements.

3.1.3.2 Accept-Ranges: Header

The response to provide both, but MAY also provide additional
serializations.

1. Atom Collection Documents (application/atomcoll+xml),
Section 5.1.

2. Atom Collection Documents wrapped by a non-partial GET SOAP envelope
(application/soap+xml), .

Clients use the HTTP 'Accept' request MUST include an
Accept-Ranges header that indicates that the server accepts 'updated'
range requests.

Accept-Ranges = "Accept-Ranges" ":" acceptable-ranges
acceptable-ranges = updated-unit ( 1#range-unit ) to indicate their

Gregorio & Sayre Expires September 19, November 10, 2005 [Page 7] 12]

Internet-Draft The Atom Publishing Protocol March May 2005

3.2 Introspection

There are many different kinds of resources that can be managed
through the APP, for example, entries, templates, users, etc. The
Service Document is a single document that lists all

preference.

Example Request, with Accept header

GET /collection HTTP/1.1
Host: example.org
User-Agent: Agent/1.0
Accept: application/atomcoll+xml

Here, the facets server could return any subset of the APP that a site supports and also contains collection as an Atom
Collection Document.

Example Response, Atom Collection Document

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2005 17:15:33 GMT
Last-Modified: Mon, 04 Oct 2004 18:31:45 GMT
ETag: "2b3f6-a4-5b572640"
Accept-Ranges: updated
Content-Length: nnnn
Content-Type: application/atomcoll+xml; charset="utf-8"

<?xml version="1.0" encoding="utf-8"?>
<collection xmlns="http://purl.org/atom/app#">
...
<member href="http://example.org/1"
hrefreadonly="http://example.com/1/bar"
title="Example 1"
updated="2003-12-13T18:30:02Z" />
...
</collection>

Example Request, with SOAP Accept header

GET /collection HTTP/1.1
Host: example.org
User-Agent: Cosimo/1.0
Accept: application/soap+xml

Here, the URIs server could return any subset of all those
resources.

3.2.1 Service Document

The Service Document lists the resources that each site makes
available. The Service Resource returns collection as an Service Atom
Feed Document in
response to wrapped by a GET request. Here is an example of an Service
Document. SOAP envelope.

Gregorio & Sayre Expires November 10, 2005 [Page 13]

Internet-Draft The Atom Publishing Protocol May 2005

Example Response, Atom Feed Document wrapped by a SOAP envelope

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2005 17:15:33 GMT
Last-Modified: Mon, 04 Oct 2004 18:31:45 GMT
ETag: "2b3f6-a4-5b572640-89"
Accept-Ranges: bytes
Content-Length: nnnn
Content-Type: application/soap+xml; charset="utf-8"

<?xml version="1.0" encoding='utf-8'?>
<service version="0.3" xmlns="http://purl.org/atom/ns#">
<workspace title="Main Site" >
<collection rel="entries" name="Entries"
href="http://example.org/reilly/feed" />
<collection rel="categories" name="Categories"
href="http://example.org/reilly/cat" />
<collection rel="templates" name="Templates"
href="http://example.org/reilly/tmpl" />
<collection rel="users" name="Users"
href="http://example.org/reilly/users" />
<collection rel="resource" name="Pictures"
href="http://example.org/reilly/pic" />
</workspace>
<workspace title="b-links">
<collection rel="entries" name="Entries"
href="http://example.org/reilly/feed" encoding="utf-8"?>
<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope">
<env:Header />
<env:Body>
<collection rel="http://example.net/booklist" name="Books"
href="http://example.org/reilly/books" xmlns="http://purl.org/atom/app#">
...
<member href="http://example.org/1"
hrefreadonly="http://example.com/1/bar"
title="Example 1"
updated="2003-12-13T18:30:02Z" />
</workspace>
</service>

o entries
o resource
o categories
o templates
o users
...
</collection>
</env:Body>
</env:Envelope>

5.2.2 POST

In addition to GET, a Collection Resource also accepts POST requests.
The default for client POSTs a representation of the rel attribute is 'resource'. Extensibility for
'rel' values is handled in desired resource to the same manner as PaceFieldingLinks.
Each 'collection' element in 'workspace' represents
Collection Resource. Note that some collections only allow members
of a single facet specific media-type and a POST MAY generate a response with a
status code of 415 ("Unsupported Media Type").

In the APP. While a site must fully support each facet they list in
their Service Document, case of a site does not need to support all successful creation, the
facets in this RFC. Additionally, new facets may status code MUST be added either 201
("Created").

Gregorio & Sayre Expires September 19, November 10, 2005 [Page 8] 14]

Internet-Draft The Atom Publishing Protocol March May 2005

through vendor extension or follow-on RFCs.

3.2.1.1 Service Documet Elements

The "service" element is

Example Request, Create a resource in a collection.

POST /collection HTTP/1.1
Host: example.org
User-Agent: Cosimo/1.0
Accept: application/atomcoll+xml
Content-Type: image/png
Content-Length: nnnn
Name: trip-to-beach.png

...binary data...

Here, the document element of client is adding a Service Document,
acting as new image resource to a container for service data associated with possibly
multiple workspaces. Its only child elements MUST be one or more
'workspace' elements. collection. The 'service' element MUST have a single
attribute 'version' whose content
Name: header indicates the version of the Atom
specification that the document conforms to. The content of this
attribute is unstructured text. The version identifier client's desired name for this
specification is "1.0".

The 'workspace' element element contains information elements about the collections of resources available resource,
see Section 5.2.6.

Example Response, resource created successfully.

HTTP/1.1 201 Created
Date: Fri, 25 Mar 2005 17:17:11 GMT
Content-Length: nnnn
Content-Type: application/atomcoll+xml; charset="utf-8"
Location: http://example.org/images/trip-to-the-beach-01.png

<?xml version="1.0" encoding="UTF-8"?>
<collection xmlns="http://purl.org/atom/app#">
<member href="http://example.org/images/trip-to-beach.png"
hrefreadonly="http://example.com/ed/im/trip-01.png"
title="trip-to-beach.png"
updated="2005-03-25T17:17:09Z" />
</collection>

5.2.3 Usage Scenarios

These scenarios illustrate common idioms for editing. interactin with
Collections.

The only
children of 'workspace' MUST Atom Collection can be one or more "collection" elements.
The 'workspace' element MUST have used by clients in two ways. In the first
case the client encounters a single attribute 'title' whose
content MUST NOT be empty Collection for the first time and which is
doing an initial syncronization, that is, retrieving a human-readable name for list of all
the
workspace.

The 'collection' element describes various typed groups members of resources
available for editing or adding to.

3.3 Entry Collection

Entries are managed through the collections and as such entry collection
and entries that are members of a collection must support possibly retrieving all the
operations enumerated above.

An Edit Resource is used to edit a single entry. Each entry that is
editable MUST have a unique URI. This URI supports both GET and PUT
and they are used in tandem for an editing cycle. The client GETs
members of the representation which is formatted as an Atom entry. collection also. The client
may then update can perform a non-partial
GET on the entry collection resource and then PUT it back to the same URI. The
PUT will cause all the related resources to be updated, for example,
the HTML representation.

Note receive a collection
document that either contains all the value members of the content element in collection, or
the Atom entry does not
have to exactly match the content collection document root element for the same entry when it
is represented in an Atom feed. For example, a server may allow the
client to post entries whose content is formatted as WikiML, yet the
server may clean up such markup and transform it into well-formed
XHTML before placing it in the publicly available Atom feed. Another
scenario is summaries--the EditURI is for editing the full content of
an entry, but the server may only present excerpts when it produces
an Atom feed.

A client 'collection' will send contain a DELETE
'next' attribute pointing to the EditURI next collection document. By
repeatedly following the 'next' attribute from document to delete an entry. document

Gregorio & Sayre Expires September 19, November 10, 2005 [Page 9] 15]

Internet-Draft The Atom Publishing Protocol March May 2005

3.3.1 Locating

For editing a site Entry,

the link tag is used. Note that a link tag
is used in both HTML and in client can find all the Atom format. A link tag members of the
following format points collection.

In the second case the client has already done an initial sync, and
now needs to re-sync, because the EditURI for client was just restarted, or some
time has passed since a site. In HTML, re-sync, etc. The client does a partial GET
on the link
tags for editing are always found in collection document, supplying a Range header that begins from
the head element, while in Atom
they may appear as children of last time the entry elements.

Note: current time. The critical characteristic of this link tag is the @rel of
'service.edit' and the @type of 'application/atom+xml'.

3.4 Simple Resource Collection

Simple Resources are managed through collections and as such simple
reource collections and simple resources that are collection
document returned will contain only those members of the collection must support all
that have changed since the operations enumerated above. Simple
Resources can be images, templates, and any other non-entry
resources.

3.4.1 Locating

For creating a new non-entry resource, last time the link tag is used. Note
that client syncronized.

5.2.4 Range: Header

HTTP/1.1 allows a link tag is used in both HTML and client to request that only part (a range of) the
collection to be included within the response. HTTP/1.1 uses range
units in the Atom format. Range header field. A link
tag of the following format points collection can be broken down
into subranges according to the ResourcePostURI for members 'updated' property. If a site.
In HTML
Range: header is present in the link tags are always found request, its value explictly
identifies the a time interval interval in which all the head element, while members
'updated' property must fall to be included in
Atom they may appear as children the response.

Range = "Range" ":" ranges-specifier

The value of the Feed and entry elements.

3.4.2 Request range is understood as stretching to
infinity on that end.

ranges-specifier = updated-ranges-specifier
updated-ranges-specifier = updated-unit "=" updated-range
updated-unit = "updated"
updated-range = [iso-date] "/" [iso-date]

The request contains response to a resource, sent through collection request MUST be a standard HTTP POST,
e.g.:

POST /_do/exampleblog/post_resource HTTP/1.1
Host: www.example.com
Content-Type: image/jpeg
Content-Length: nnn

...raw bytes collection document,
all of image go here...

Gregorio & Sayre Expires September 19, 2005 [Page 10]

Internet-Draft The Atom Publishing Protocol March 2005

3.5 Atom Request and Response Body Constraints whose 'member' elements fall within the requested range. The Atom format
request range is used as the representation considered a closed set, that is, if a 'member'
element matches one end of all the resources in
this specification. As range exactly it is used in differing contexts, there are
different constraints of which elements may be present, and how their
values should be interpreted.

3.5.1 id

PostURI MUST NOT be present.
FeedURI MUST be present.
EditURI
GET MUST be present.
PUT MUST be present.

3.5.2 link

PostURI MAY be present. Servers MAY use included in
the information to determine response. If no members fall in the URI of requested range, the created resource. Relative URLs are to be
interpreted relative to xml:base.
FeedURI MUST be present.
EditURI
GET MUST be present.
PUT MUST be present.

3.5.3 title

PostURI server
MUST be present. respond with a collection document containing no 'member'
elements.

The element may be empty, to explicitly
indicate "no title". Servers SHOULD NOT try inclusion of the Range: header in a request changes the request
to generate a title
if one is not provided. "partial GET" [RFC2616].

5.2.5 Accept-Ranges: Header

The type attribute MAY be present, and if
not it defaults response to "text/plain". If present, it MUST represent a
MIME type non-partial GET request MUST include an Accept-
Ranges header that indicates that the server supports. accepts 'updated' range
requests.

Gregorio & Sayre Expires November 10, 2005 [Page 16]

Internet-Draft The mode attribute MAY be
present. If not present, it defaults to "xml". If present, it
MUST be "xml", "base64", or "escaped".
FeedURI MUST be present.
EditURI
GET MUST be present.
PUT MUST be present. Atom Publishing Protocol May 2005

Accept-Ranges = "Accept-Ranges" ":" acceptable-ranges
acceptable-ranges = updated-unit ( 1#range-unit )

5.2.6 Name: Header

[[anchor13: this is new...]]

The element may be empty, to explicitly
indicate "no title". Servers SHOULD NOT try POST to generate a
title if one is not provided.

3.5.4 summary

PostURI Collection Resource MAY be present. If not present, contain a Name: header that
indicates the server is welcome to
produce its own summary. If present but empty, clients suggested name for the server SHOULD
NOT generate a summary of its own. resource. The type attribute server
MAY be
present. If not, it defaults to "text/plain". If present, it
must represent a MIME type that ignore the server supports. Name: header or modify the requested name to suit
local conventions.

Name = "Name" ":" relative-part

The mode relative-part production is defined in [RFC3986].

Gregorio & Sayre Expires September 19, November 10, 2005 [Page 11] 17]

Internet-Draft The Atom Publishing Protocol March May 2005

attribute MAY be present and defaults to "xml". If present, it
must be "xml","base64", or "escaped".
FeedURI MAY be present.
EditURI
GET MAY be present.
PUT MAY be present. The element may be empty,

6. Entry Collection

Entry Collections are Collections that restrict their membership to explicitly
indicate "no summary".
Atom entries. This specification defines two serializations for Atom
entries. Servers SHOULD NOT try to generate a
title if one is not provided.

3.5.5 content

PostURI MAY be present but may be empty, to explicitly indicate "no
content". The type attribute MAY be present, but defaults to
"text/plain" if not present. It must represent MUST provide both serializations.

1. Atom Entry Documents (application/atom+xml), [AtomFormat].

2. Atom Entry Documents wrapped by a MIME type that SOAP envelope (application/
soap+xml), .

Clients use the server supports. The MODE attribute may be present and
defaults to "xml" if not present. It must be "xml","base64", or
"escaped".
FeedURI MAY be present.
EditURI
GET MAY be present.
PUT MAY be present. The element may be empty, HTTP 'Accept' request header to explicitly indicate "no content".

3.5.6 issued

PostURI MUST be present, but may be empty, in which case it signifies
"now" their
preference [RFC2616]. If no 'Accept' header is present in the time zone of the server.
FeedURI MUST be present.
EditURI
GET MUST be present.
PUT MUST be present. Server policy determines if an updated time
is accepted.

3.5.7 modified

PostURI MUST NOT be present.
FeedURI MAY be present.
EditURI
GET MAY be present.
PUT MAY be present. The element may be empty, to explicitly
indicate that 'now' on
request, the server time is free to be used.

3.5.8 created

PostURI MAY be present.

Gregorio & Sayre Expires September 19, 2005 [Page 12]

Internet-Draft The Atom Publishing Protocol March 2005

FeedURI MAY be present.
EditURI
GET MAY be present.
PUT MAY be present. The server may or may not accept an updated
value. If the server does not allow updating the issued time
then choose any PUT serialization. When an
HTTP request with contains a different issued value body, clients MUST be
rejected.

3.5.9 author

PostURI MAY be present. If not present, the server determines the
author. If present, include a 'Content-Type'
header, and conflicting with valid values as
determined servers MUST accept both application/atom+xml and
application/soap+xml message bodies.

6.1 Editing Entry Resources

Atom entries are edited by sending HTTP requests to an individual
entry's URI. Servers can determine the server, then processing necessary to
interpret a request by examining the server may change request's HTTP method and
'Content-Type' header.

If the value of
author.
FeedURI MAY be present.
EditURI
GET MAY be present.
PUT MAY be present.

3.5.10 contributor

PostURI MAY be present.
FeedURI MAY be present.
EditURI
GET MAY be present.
PUT MAY be present.

3.5.11 generator

PostURI MUST be present request method is POST and contain a URI. The value of the element
indicates 'Content-Type' is application/
soap+xml, the code base used to create this request. SOAP document MUST also
have an attribute 'version' with contain a version number.
FeedURI MUST NOT be present.
EditURI Web-Method property .
This specifcation defines two values for that property, PUT and
DELETE.

Processing Client Requests

+----------------------------------+------+--------+--------+--------+
| | GET MUST NOT be present. | PUT MUST NOT be present.

All instances Body | x | Update | x | x |
| | | | | |
| SOAP Body with Web-Method PUT | x | x | x | Update |
| | | | | |
| SOAP Body with Web-Method DELETE | x | x | x | Delete |
+----------------------------------+------+--------+--------+--------+

6.2 Role of publishing Atom entries SHOULD be protected by
authentication to prevent posting or editing by unknown sources. Entry Elements During Editing

The elements of an Atom servers and clients MUST support one Entry Document are either a 'Writable

Gregorio & Sayre Expires November 10, 2005 [Page 18]

Internet-Draft The Atom Publishing Protocol May 2005

Element' or a 'Round Trip Element'.

Writable Element - An element of an Atom Entry whose value is
editable by the following
authentication mechanisms, client and SHOULD support both.

o HTTP Digest Authentication [RFC2617]
o [@@TBD@@ CGI Authentication ref] not enforced by the server.

Round Trip Element - An element of an Atom servers Entry whose value is
enforced by the server and clients MAY support encryption of not editable by the client.

That categorization will determine the elements' disposition during
editing.

Table 2

Gregorio & Sayre Expires September 19, November 10, 2005 [Page 13] 19]

Internet-Draft The Atom Publishing Protocol March May 2005

using TLS [RFC2246].

There

7. Generic Collection

Generic Collections are cases where an authentication mechanism may not be
required, such as a publicly editable Wiki, or when using the PostURI
to post comments to a site Collections that does do not require authentication to
create comments.

3.6.1 [@@TBD@@ CGI Authentication]

This authentication method is included as part of the protocol to
allow Atom servers and clients that cannot use HTTP Digest
Authentication but where the user can both insert its own HTTP
headers and create a CGI program to authenticate entries to the
server. This scenario is common in environments where the user
cannot control what services the server employs, but the user can
write their own HTTP services.

4. Security Considerations

Because Atom is a publishing protocol, it is important that only
authorized users can create and edit entries.

The security of Atom is based have uniform
restrictions on HTTP Digest Authentication and/or
[@@TBD@@ CGI Authentication]. Any weaknesses in either of these
authentication schemes will obviously affect the security representations of the Atom
Publishing Protocol.

Both HTTP Digest Authentication and [@@TBD@@ CGI Authentication] member resources.

7.1 Editing Generic Resources

Member resources are
susceptible edited by sending HTTP requests to dictionary-based attacks on the shared secret. If the
shared secret is a password (instead of a random string with
sufficient entropy), an attacker individual
resource's URI. Servers can determine the secret processing necessary to
interpret a request by
exhaustively comparing the authenticating string with hashed results
of examining the public string request's HTTP method and dictionary entries.

See RFC 2617
'Content-Type' header.

Processing Client Requests

+----------+------+--------+--------+------+
| | GET | PUT | DELETE | POST |
+----------+------+--------+--------+------+
| No Body | Read | x | Delete | x |
| | | | | |
| Any Body | x | Update | x | x |
+----------+------+--------+--------+------+

Gregorio & Sayre Expires November 10, 2005 [Page 20]

Internet-Draft The Atom Publishing Protocol May 2005

8. Introspection

In order for more detailed description of authoring to commence, a client must first discover the security properties
capabilities and locations of HTTP Digest Authentication.

@@TBD@@ Talk here about using HTTP basic and digest authentication.

@@TBD@@ Talk here about denial collections offered.

8.1 Introspection Document

The Introspection Document describes "workspaces", which are server-
defined groupings of service attacks using large XML
files, or collections. There is no requirement that
servers support multiple workspaces, and a collection may appear in
more than one workspace.

The Introspection Document has the media-type 'application/
atomserv+xml', see Section 11

<?xml version="1.0" encoding='utf-8'?>
<service xmlns="http://purl.org/atom/app#">
<workspace title="Main Site" >
<collection contents="entries" title="My Blog Entries"
href="http://example.org/reilly/feed" />
<collection contents="generic" title="Documents"
href="http://example.org/reilly/pic" />
</workspace>
<workspace title="Side Bar Blog">
<collection contents="entries" title="Entries"
href="http://example.org/reilly/feed" />
<collection contents="http://example.net/booklist" title="Books"
href="http://example.org/reilly/books" />
</workspace>
</service>

8.1.1 Element Definitions

8.1.1.1 The 'app:service' Element

The "service" element is the billion laughs DTD attack.

5. IANA Considerations

This document has no actions element of a Service Document,
acting as a container for IANA. service data associated with one or more
workspaces.

appService element app:service {
( appWorkspace*
& anyElement* )
}

The following child elements are defined by this specification:

Gregorio & Sayre Expires September 19, November 10, 2005 [Page 14] 21]

Internet-Draft The Atom Publishing Protocol March May 2005

6. Appendix A - SOAP Enabling

All servers SHOULD support

o app:service elements MAY contain any number of app:workspace
elements.

8.1.1.2 The 'app:workspace' Element

The 'workspace' element element contains information elements about
the following alternate interface
mechanisms to enable a wider variety collections of clients to interact with Atom
Publishing Protocol servers. resources available for editing.

appWorkspace element app:workspace {
attribute title { text },
( appCollection*
& anyElement* )
}

The following requirements attributes and child elements are in
addition to the ones listed in the Functional Specification Section.
If a server supports SOAP Enabling then it MUST support all of the
following.

6.1 Servers

1. All servers defined by this
specification:

o app:workspace elements MUST support contain a 'title' attribute, which
conveys a human-readable name for the limited use workspace

o app:workspace elements MAY contain any number of app:collection
elements.

8.1.1.3 The 'app:collection' Element

The 'app:collection' element describes collections and their member
resources.

[[anchor19: We have a collection element that's different than the SOAPAction HTTP
Header as described below in
root element of the Client section.
2. All servers MUST be able to process well formed XML. Servers
need not be able to handle processing instructions or DTDs.
3. Servers MUST accept content in a SOAP Envelope, and if they
receive a request that is wrapped in a SOAP Envelope then they collection document. Messy. --R. Sayre]]

appCollection element app:collection {
attribute title { text },
attribute contents { text },
attribute href { text },
anyElement*
}

The following attributes are defined by this specification:

Gregorio & Sayre Expires November 10, 2005 [Page 22]

Internet-Draft The Atom Publishing Protocol May 2005

o app:collection elements MUST wrap their responses in SOAP envelopes or produce contain a SOAP
Fault.

6.2 Clients

1. Clients SHOULD use the appropriate HTTP Method when possible.
When not possible, they should use POST and include 'title' attribute, whose
value conveys a SOAPAction
HTTP header which is constrained as follows:
2. SOAPAction: "http://schemas.xmlsoap.org/wsdl/http/[METHOD]"
3. Where [METHOD] is replaced by human-readable name for the desired HTTP Method.
4. Clients workspace

o app:collection elements MAY wrap their XML payload in contain a SOAP Envelope. 'contents' attribute
(Section 8.1.1.3.1). If so,
they must also wrap it in is not present, it's value is
considered to be 'generic'.

o app:collection elements MUST contain an element which exactly matches 'href' attribute, whose
value conveys the
HTTP Method.

7. Appendix B - Examples

7.1 Example for URI of the collection.

8.1.1.3.1 The 'contents' Attribute

The 'contents' attribute conveys the nature of a weblog

Fill this in with an example collection's member
resources. This specification defines two initial values for how all the above
'contents' attribute:

o entry

o generic

Extensibility for 'content' values is used handled [[anchor20: Same as
atom:link]].

8.1.1.3.1.1 entry

A value of 'entry' for a
weblog. Start with main HTML page, link tag the contents attribute indicates that the
Collection is an Entry Collection (Section 6).

8.1.1.3.1.2 generic

A value of type service.feed to 'generic' for the 'introspection' file. 1. Creating contents attribute indicates that the
Collection is a new entry 2. Finding an
old entry 3. editing Generic Collection (Section 7).

8.2 Introspection Resource

To retrieve an old entry 4. commenting on Introspection Document, the client sends a entry (via
HTML and Atom)

7.2 Example for GET request
to its URI.

GET /service-desc HTTP/1.1
Host: example.org
User-Agent: Cosimo/1.0
Accept: application/atomserv+xml

The server responds to a wiki

Fill this GET request by returning an Introspection
Document in like above but the message body.

Gregorio & Sayre Expires November 10, 2005 [Page 23]

Internet-Draft The Atom Publishing Protocol May 2005

HTTP/1.1 200 OK
Date: Mon, 21 Mar 2005 19:20:19 GMT
Server: CountBasic/2.0
Last-Modified: Mon, 21 Mar 2005 19:17:26 GMT
ETag: "4c083-268-423f1dc6"
Content-Length: nnnn
Content-Type: application/atomserv+xml

<?xml version="1.0" encoding='utf-8'?>
<service xmlns="http://purl.org/atom/app#">
...
</service>

8.2.1 Discovery

[[anchor24: Add in desc of an HTML link element that points to the
Introspection Resource, or add it to the autodisco draft]]

Gregorio & Sayre Expires November 10, 2005 [Page 24]

Internet-Draft The Atom Publishing Protocol May 2005

9. Securing the Atom Protocol

All instances of publishing Atom entries SHOULD be protected by
authentication to prevent posting or editing by unknown sources.
Atom servers and clients MUST support one of the following
authentication mechanisms, and SHOULD support both.

o HTTP Digest Authentication [RFC2617]

o [@@TBD@@ CGI Authentication ref]

Atom servers and clients MAY support encryption of the Atom session
using TLS [RFC2246].

There are cases where an authentication mechanism may not be
required, such as a publicly editable Wiki, or when using the PostURI
to post comments to a site that does not require authentication to
create comments.

9.1 [@@TBD@@ CGI Authentication]

Gregorio & Sayre Expires November 10, 2005 [Page 25]

Internet-Draft The Atom Publishing Protocol May 2005

10. Security Considerations

Because Atom is a publishing protocol, it is important that only
authorized users can create and edit entries.

The security of Atom is based on HTTP Digest Authentication and/or
[@@TBD@@ CGI Authentication]. Any weaknesses in either of these
authentication schemes will obviously affect the security of the Atom
Publishing Protocol.

Both HTTP Digest Authentication and [@@TBD@@ CGI Authentication] are
susceptible to dictionary-based attacks on the shared secret. If the
shared secret is a password (instead of a random string with
sufficient entropy), an attacker can determine the secret by
exhaustively comparing the authenticating string with hashed results
of the public string and dictionary entries.

See RFC 2617 for more detailed description of the security properties
of HTTP Digest Authentication.

@@TBD@@ Talk here about using HTTP basic and digest authentication.

@@TBD@@ Talk here about denial of service attacks using large XML
files, or the billion laughs DTD attack.

Gregorio & Sayre Expires November 10, 2005 [Page 26]

Internet-Draft The Atom Publishing Protocol May 2005

11. IANA Considerations

A Atom Collection Document, when serialized as XML 1.0, can be
identified with the following media type:

MIME media type name: application

MIME subtype name: atomcoll+xml

Mandatory parameters: None.

Optional parameters:

"charset": This parameter has identical semantics to the charset
parameter of the "application/xml" media type as specified in
[RFC3023].

Encoding considerations: Identical to those of "application/xml" as
described in [RFC3023], section 3.2.

Security considerations: As defined in this specification.
[[anchor28: update upon publication]]

In addition, as this media type uses the "+xml" convention, it
shares the same security considerations as described in [RFC3023],
section 10.

Interoperability considerations: There are no known interoperability
issues.

Published specification: This specification. [[anchor29: update upon
publication]]

Applications that use this media type: No known applications
currently use this media type.

Additional information:

Magic number(s): As specified for "application/xml" in [RFC3023],
section 3.2.

File extension: .atomcoll

Fragment identifiers: As specified for "application/xml" in
[RFC3023], section 5.

Gregorio & Sayre Expires November 10, 2005 [Page 27]

Internet-Draft The Atom Publishing Protocol May 2005

Base URI: As specified in [RFC3023], section 6.

Macintosh File Type code: TEXT

Person and email address to contact for further information: Joe
Gregorio <joe@bitworking.org>

Intended usage: COMMON

Author/Change controller: IESG

An Atom Introspection Document, when serialized as XML 1.0, can be
identified with the following media type:

MIME media type name: application

MIME subtype name: atomserv+xml

Mandatory parameters: None.

Optional parameters:

"charset": This parameter has identical semantics to the charset
parameter of the "application/xml" media type as specified in
[RFC3023].

Encoding considerations: Identical to those of "application/xml" as
described in [RFC3023], section 3.2.

Security considerations: As defined in this specification.
[[anchor30: update upon publication]]

In addition, as this media type uses the "+xml" convention, it
shares the same security considerations as described in [RFC3023],
section 10.

Interoperability considerations: There are no known interoperability
issues.

Published specification: This specification. [[anchor31: update upon
publication]]

Applications that use this media type: No known applications
currently use this media type.

Additional information:

Gregorio & Sayre Expires November 10, 2005 [Page 28]

Internet-Draft The Atom Publishing Protocol May 2005

Magic number(s): As specified for a wiki.

8. Revision History

draft-ietf-atompub-protocol-03 - Incorporates PaceSliceAndDice3 "application/xml" in [RFC3023],
section 3.2.

File extension: .atomsrv

Fragment identifiers: As specified for "application/xml" in
[RFC3023], section 5.

Base URI: As specified in [RFC3023], section 6.

Macintosh File Type code: TEXT

Person and email address to contact for further information: Joe
Gregorio <joe@bitworking.org>

Intended usage: COMMON

Author/Change controller: This specification's author(s). [[anchor32:
update upon publication]]

Gregorio & Sayre Expires November 10, 2005 [Page 29]

Internet-Draft The Atom Publishing Protocol May 2005

12. References

12.1 Normative References

[AtomFormat]
Nottingham, M. and R. Sayre, "The Atom Syndication
Format", work-in-progress, April 2005.

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2246] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
RFC 2246, January 1999.

[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

[RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
Leach, P., Luotonen, A., and L. Stewart, "HTTP
Authentication: Basic and Digest Access Authentication",
RFC 2617, June 1999.

[RFC3023] Murata, M., St. Laurent, S., and D. Kohn, "XML Media
Types", RFC 3023, January 2001.

[RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet:
Timestamps", RFC 3339, July 2002.

[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, January 2005.

[RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource
Identifiers (IRIs)", RFC 3987, January 2005.

[W3C.REC-soap12-part1-20030624]
Nielsen, H., Mendelsohn, N., Gudgin, M., Hadley, M., and
J. Moreau, "SOAP Version 1.2 Part 1: Messaging Framework",
W3C REC REC-soap12-part1-20030624, June 2003.

[W3C.REC-soap12-part2-20030624]
Nielsen, H., Hadley, M., Moreau, J., Mendelsohn, N., and
M. Gudgin, "SOAP Version 1.2 Part 2: Adjuncts", W3C
REC REC-soap12-part2-20030624, June 2003.

[W3C.REC-xml-20040204]
Yergeau, F., Paoli, J., Sperberg-McQueen, C., Bray, T.,

Gregorio & Sayre Expires November 10, 2005 [Page 30]

Internet-Draft The Atom Publishing Protocol May 2005

and E. Maler, "Extensible Markup Language (XML) 1.0 (Third
Edition)", W3C REC REC-xml-20040204, February 2004.

12.2 Informative References

[W3C.REC-webarch-20041215]
Walsh, N. and I. Jacobs, "Architecture of the World Wide
Web, Volume One", W3C REC REC-webarch-20041215,
December 2004.

Gregorio & Sayre Expires September 19, November 10, 2005 [Page 15] 31]

Internet-Draft The Atom Publishing Protocol March May 2005

URIs

[1] <http://www.imc.org/atom-protocol/index.html>

Authors' Addresses

Joe Gregorio (editor)
BitWorking, Inc
1002 Heathwood Dairy Rd.
Apex, NC 27502
US

Phone: +1 919 272 3764
Email: joe@bitworking.com
URI: http://bitworking.com/

Robert Sayre (editor)

Email: rfsayre@boswijck.com
URI: http://boswijck.com

Gregorio & Sayre Expires November 10, 2005 [Page 32]

Internet-Draft The Atom Publishing Protocol May 2005

Appendix A. Revision History

draft-ietf-atompub-protocol-04 - Add ladder diagrams, reorganize, add
SOAP interactions

draft-ietf-atompub-protocol-03 - Incorporates PaceSliceAndDice3 and
PaceIntrospection.

draft-ietf-atompub-protocol-02 - Incorporates Pace409Response,
PacePostLocationMust, and PaceSimpleResourcePosting.

draft-ietf-atompub-protocol-01 - Added in sections on Responses for
the EditURI. Allow 2xx for response to EditURI PUTs. Elided all
mentions of WSSE. Started adding in some normative references.
Added the section "Securing the Atom Protocol". Clarified that it is
possible that the PostURI and FeedURI could be the same URI. Cleaned
up descriptions for Response codes 400 and 500.

Rev draft-ietf-atompub-protocol-00 - 5Jul2004 - Renamed the file and
re-titled the document to conform to IETF submission guidelines.
Changed MIME type to match the one selected for the Atom format.
Numerous typographical fixes. We used to have two 'Introduction'
sections. One of them was moved into the Abstract the other absorbed
the Scope section. IPR and copyright notifications were added.

Rev 09 - 10Dec2003 - Added the section on SOAP enabled clients and
servers.

Rev 08 - 01Dec2003 - Refactored the specification, merging the
Introspection file into the feed format. Also dropped the
distinction between the type of URI used to create new entries and
the kind used to create comments. Dropped user preferences.

Rev 07 - 06Aug2003 - Removed the use of the RSD file for
auto-discovery. auto-
discovery. Changed copyright until a final standards body is chosen.
Changed query parameters for the search facet to all begin with atom-
to avoid name collisions. Updated all the Entries to follow the 0.2
version. Changed the format of the search results and template file
to a pure element based syntax.

Rev 06 - 24Jul2003 - Moved to PUT for updating Entries. Changed all
the mime-types to application/x.atom+xml. Added template editing.
Changed 'edit-entry' to 'create-entry' in the Introspection file to
more accurately reflect it's purpose.

Rev 05 - 17Jul2003 - Renamed everything Echo into Atom. Added
version numbers in the Revision history. Changed all the mime-types
to application/atom+xml.

Gregorio & Sayre Expires November 10, 2005 [Page 33]

Internet-Draft The Atom Publishing Protocol May 2005

Rev 04 - 15Jul2003 - Updated the RSD version used from 0.7 to 1.0.
Change the method of deleting an Entry from POSTing <delete/> to
using the HTTP DELETE verb. Also changed the query interface to GET
instead of POST. Moved Introspection Discovery to be up under
Introspection. Introduced the term 'facet' for the services listed

Gregorio & Sayre Expires September 19, 2005 [Page 16]

Internet-Draft The Atom Publishing Protocol March 2005
in the Introspection file.

Rev 03 - 10Jul2003 - Added a link to the Wiki near the front of the
document. Added a section on finding an Entry. Retrieving an Entry
now broken out into it's own section. Changed the HTTP status code
for a successful editing of an Entry to 205.

Rev 02 - 7Jul2003 - Entries are no longer returned from POSTs,
instead they are retrieved via GET. Cleaned up figure titles, as
they are rendered poorly in HTML. All content-types have been
changed to application/atom+xml.

Rev 01 - 5Jul2003 - Renamed from EchoAPI.html to follow the more
commonly used format: draft-gregorio-NN.html. Renamed all references
to URL to URI. Broke out introspection into it's own section. Added
the Revision History section. Added more to the warning that the
example URIs are not normative.

9. Normative References

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2246] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
RFC 2246, January 1999.

[RFC2396] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform
Resource Identifiers (URI): Generic Syntax", RFC 2396,
August 1998.

[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P. and T. Berners-Lee, "Hypertext
Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

[RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
Leach, P., Luotonen, A. and L. Stewart, "HTTP
Authentication: Basic and Digest Access Authentication",
RFC 2617, June 1999.

[1] <http://www.imc.org/atom-syntax/index.html>

Gregorio & Sayre Expires September 19, 2005 [Page 17]

Internet-Draft The Atom Publishing Protocol March 2005

Authors' Addresses

Joe Gregorio (editor)
BitWorking, Inc
1002 Heathwood Dairy Rd.
Apex, NC 27502
US

Phone: +1 919 272 3764
Email: joe@bitworking.com
URI: http://bitworking.com/

Robert Sayre (editor)
Boswijck Memex Consulting
148 N 9th St. 4R
Brooklyn, NY 11211
US

Email: rfsayre@boswijck.com
URI: http://boswijck.com

Gregorio & Sayre Expires September 19, November 10, 2005 [Page 18] 34]

Internet-Draft The Atom Publishing Protocol March May 2005

Intellectual Property Statement

The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.

Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.

The IETF has been notified of intellectual property rights claimed in
regard to some or all of the specification contained in this
document. For more information consult the online list of claimed
rights.

Disclaimer of Validity

This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.

Gregorio & Sayre Expires September 19, November 10, 2005 [Page 19] 35]

Internet-Draft The Atom Publishing Protocol March May 2005

Acknowledgment

Funding for the RFC Editor function is currently provided by the
Internet Society.

Gregorio & Sayre Expires September 19, November 10, 2005 [Page 20] 36]

----