WDIFF

draft-ietf-atompub-protocol-04.txt --> draft-ietf-atompub-protocol-05.txt

Network Working Group J. Gregorio, Ed.
Internet-Draft BitWorking, Inc
Expires: November 10, 2005 R. Sayre, April 14, 2006 B. de hOra, Ed.
May 9,
Propylon Ltd.
October 11, 2005

The Atom Publishing Protocol
draft-ietf-atompub-protocol-04.txt
draft-ietf-atompub-protocol-05.txt

Status of this Memo

By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.

Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.

This Internet-Draft will expire on November 10, 2005. April 14, 2006.

Abstract

This memo presents a protocol for using XML (Extensible Markup
Language) and HTTP (HyperText Transport Protocol) to edit content.

The Atom Publishing Protocol (APP) is an application-level protocol
for publishing and editing Web resources belonging to periodically
updated websites. resources. The protocol at its core
is the HTTP transport of Atom-formatted representations. The Atom
format is documented in the Atom Syndication Format (draft-ietf-atompub-format-06.txt).

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 1]

Internet-Draft The Atom Publishing Protocol May October 2005

(draft-ietf-atompub-format-11.txt).

Editorial Note

To provide feedback on this Internet-Draft, join the atom-protocol
mailing list (http://www.imc.org/atom-protocol/index.html) [1].

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 4
2. XML Namespace and Language . . . . . . . . . . . . . . . . . 5
3. Notational Conventions . . . . . . . . . . . . . . . . . . . . 4
3. 6
4. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. 7
5. The Atom Publishing Protocol Model . . . . . . . . . . . . . . 6
4.1 8
5.1 Collections . . . . . . . . . . . . . . . . . . . . . . . 6
4.2 Discovery 8
5.2 Editable Resources . . . . . . . . . . . . . . . . . . . . 9
5.2.1 Read . . . . 6
4.3 Listing . . . . . . . . . . . . . . . . . . . . . 10
5.2.2 Update . . . . 7
4.4 Authoring . . . . . . . . . . . . . . . . . . . . 10
5.2.3 Delete . . . . 7
4.4.1 Create . . . . . . . . . . . . . . . . . . . . 10
5.3 Capabilities Discovery . . . . 7
4.4.2 Read . . . . . . . . . . . . . . 11
5.4 Listing . . . . . . . . . . . 8
4.4.3 Update . . . . . . . . . . . . . . 11
5.5 Success and Failure . . . . . . . . . . 8
4.4.4 Delete . . . . . . . . . 12
6. Atom Publishing Protocol Documents . . . . . . . . . . . . . 13
6.1 Use of xml:base xml:lang . . 8
4.5 Success and Failure . . . . . . . . . . . . . . . 13
6.2 Collection Documents . . . . 9
5. Collections . . . . . . . . . . . . . . . 14
6.2.1 Element Definitions . . . . . . . . . . 10
5.1 Collection Documents . . . . . . . 14
6.3 Introspection Documents . . . . . . . . . . . . 10
5.1.1 . . . . . 16
6.3.1 Element Definitions . . . . . . . . . . . . . . . . . 10
5.2 Collection 17
7. Introspection Resource . . . . . . . . . . . . . . . . . . . 12
5.2.2 POST 20
7.1 Discovery . . . . . . . . . . . . . . . . . . . . . . . . 20
8. Collection Resources . 14
5.2.3 Usage Scenarios . . . . . . . . . . . . . . . . . . . 15
5.2.4 Range: Header 21
8.1 GET . . . . . . . . . . . . . . . . . . . . 16
5.2.5 Accept-Ranges: Header . . . . . . . 21
8.2 POST . . . . . . . . . 16
5.2.6 Name: Header . . . . . . . . . . . . . . . . . . 21
8.3 Title: Header . . . . 17
6. Entry Collection . . . . . . . . . . . . . . . . . . 22
9. Entry Collections . . . . . 18
6.1 . . . . . . . . . . . . . . . . 23
9.1 Editing Entry Resources . . . . . . . . . . . . . . . . . 18
6.2 23
9.2 Role of Atom Entry Elements During Editing . . . . . . . . 18
7. 23
10. Generic Collection . . Collections . . . . . . . . . . . . . . . . . . . . 20
7.1 25
10.1 Editing Generic Resources . . . . . . . . . . . . . . . . 20
8. Introspection . . . . . . . 25
10.2 Title: Header . . . . . . . . . . . . . . . . . 21
8.1 Introspection Document . . . . 25
11. List Resources . . . . . . . . . . . . . . 21
8.1.1 Element Definitions . . . . . . . . . 26
11.1 URI Templates . . . . . . . . 21
8.2 Introspection Resource . . . . . . . . . . . . . 26
11.2 URI Template Parameters . . . . . 23
8.2.1 Discovery . . . . . . . . . . . 27
11.2.1 \{index\} URI template variable . . . . . . . . . . 27
11.2.2 \{daterange\} URI template variable . 24
9. Securing the Atom Protocol . . . . . . . 27
11.2.3 Other URI Template parameters . . . . . . . . . . . 25
10. Security Considerations 28
12. Atom Entry Extensions . . . . . . . . . . . . . . . . . . 26
11. IANA Considerations . 29
13. Securing the Atom Protocol . . . . . . . . . . . . . . . . . 30

Gregorio & de hOra Expires April 14, 2006 [Page 2]

Internet-Draft The Atom Publishing Protocol October 2005

14. Security Considerations . . 27
12. . . . . . . . . . . . . . . . . 31
15. IANA Considerations . . . . . . . . . . . . . . . . . . . . 32
16. References . . . . . . . . . . . . . . . . . . . . . . . . . 30
12.1 35
16.1 Normative References . . . . . . . . . . . . . . . . . . . 30
12.2 35
16.2 Informative References . . . . . . . . . . . . . . . . . . 31 36
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 32 37
A. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 38
B. Revision History . . . . . . . . . . . . . . . . . . . . . . . 33 39
Intellectual Property and Copyright Statements . . . . . . . . 35 41

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 2] 3]

Internet-Draft The Atom Publishing Protocol May October 2005

1. Introduction

The Atom Publishing Protocol is an application-level protocol for
publishing and editing Web resources using HTTP [RFC2616] and XML 1.0
[W3C.REC-xml-20040204].

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 3] 4]

Internet-Draft The Atom Publishing Protocol May October 2005

2. XML Namespace and Language

The XML Namespaces URI [W3C.REC-xml-names-19990114] for the XML data
format described in this specification is: http://purl.org/atom/app#

XML elements defined by this specification MAY have an xml:lang
attribute, whose content indicates the natural language for the
element (and its descendents). The language context is only
significant for elements and attributes declared to be "Language-
Sensitive" by this specification. Requirements regarding the content
and interpretation of xml:lang are specified in [W3C.REC-xml-
20040204], Section 2.12.

Gregorio & de hOra Expires April 14, 2006 [Page 5]

Internet-Draft The Atom Publishing Protocol October 2005

3. Notational Conventions

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].

Some sections of this specification are illustrated with fragments of
a non-normative RELAX NG Compact schema [RNC]. However, the text of
this specification provides the definition of conformance.

This specification uses the namespace prefix "app:" for the Namespace
URI identified in Section 2 above. It uses the namespace prefix
"atom:" for the Namespace URI identified in [AtomFormat]. Note that
choices of namespace prefix are arbitrary and not semantically
significant.

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 4] 6]

Internet-Draft The Atom Publishing Protocol May October 2005

4. Terminology

For convenience, this protocol may be referred to as "Atom Protocol"
or "APP". This specification uses both internally.

URI/IRI - A Uniform Resource Identifier and Internationalized
Resource Identifier, respectively. These terms (and the distinction
between them) are defined in [RFC3986] and [RFC3987].

Resource - an item A network data object or service that can be identified
by a URI [W3C.REC-webarch-20041215].

Collection Resource URI, as defined in [RFC2616].

Representation - A resource that contains An entity included with a listing of Member
Resources and meets the requirements request or response as
defined in Section 5 of this
specification.

Member Resource - A resource whose URI is listed by a Collection
Resource. [RFC2616].

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 5] 7]

Internet-Draft The Atom Publishing Protocol May October 2005

5. The Atom Publishing Protocol Model

The Atom Publishing Protocol is a subset of HTTP that is used to edit
resources on the web. The APP operates on collections of Web
resources. All collections support the same basic interactions, Collections are HTTP resources, as
do are the members of the
collection. Both Collections and collection member resources within support
the collections. same basic interactions. The patterns of interaction are based
on the common HTTP verbs.

o GET is used to retrieve a representation of a resource or perform
a read-only query.

o POST is used to create a new, dynamically-named resource. resource, or to
provide a block of data to a data-handling process.

o PUT is used to update a known resource.

o DELETE is used to remove a resource.

4.1

5.1 Collections

The APP groups resources into "Collections", which are analogous to
the "folders"
folders or "directories" directories found in many a file systems.

4.2 Discovery

To discover the location of the collections exposed by an APP
service, system. In the client must locate and request an Introspection Document
(Section 8).

Client Server figure we have
member resources in a collection.

+-------------------------+
| Collection |
| 1.) GET Introspection |
|------------------------------->|
| +----------------+ |
| 2.) Introspection Doc |
|<-------------------------------| Member_A | |

1. The client sends a GET request to the Service Description
Resource.

2. The server responds with an Introspection Document containing the
locations of collections provided by the service. The content of
this document can vary based on aspects of the client request,
including, but not limited to, authentication credentials.
| +----------------+ |
| |
| +----------------+ |
| | Member_B | |
| +----------------+ |
| |
| +----------------+ |
| | Member_C | |
| +----------------+ |
| |
| ... |
| |
| +----------------+ |
| | Member_Oldest | |
| +----------------+ |
| |
+-------------------------+

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 6] 8]

Internet-Draft The Atom Publishing Protocol May October 2005

4.3 Listing

Once the client has discovered

To add a new member to a collection an appropriate representation is
POSTed to the location URI of a collection, the collection resource. Here we show it can
request a listing being
added to the beginnng of the collection's membership. However, list. The ordering of the members of
collections might be extremely large, so servers are likely to list a
small subset is in terms of the time at which each resource was last
updated, which includes the act of creating the resource. The
ordering of collection by default.

Client Server members is covered in more detail in Section 8
and Section 11.

+-------------------------+
| Collection |
| 1.) GET to Collection URI |
|------------------------------->|
POST | +----------------+ |
--------->| Member_New | 2.) 200 OK, Atom Feed Doc |
|<-------------------------------|
| +----------------+ |

1. The client sends a GET request to the Collection's URI.

2. The server responds with an Atom Feed Document containing a full
or partial listing of the collection's membership.

4.4 Authoring

After locating a collection, a client can add entries by sending a
request to the collection; other changes are accomplished by sending
HTTP requests to its member resources.

4.4.1 Create

Client Server
| |
| 1.) POST to Collection URI +----------------+ |
|------------------------------->|
| | Member_A | 2.) 201 Created @ Location |
|<-------------------------------|
| +----------------+ |

1. The client sends a representation of a member to the server via
HTTP POST. The Request URI is that of the Collection.

2. The server responds with a response of "201 Created" and a
"Location" header containing the URI of the newly-created
resource.

Gregorio & Sayre Expires November 10, 2005 [Page 7]

Internet-Draft The Atom Publishing Protocol May 2005

4.4.2 Read

Client Server
| |
| 1.) GET or HEAD to Member URI +----------------+ |
|------------------------------->|
| | Member_B | 2.) 200 OK |
|<-------------------------------|
| +----------------+ |

1. The client sends a GET (or HEAD) request to the member's URI.

2. The server responds with an appropriate representation.

4.4.3 Update

Client Server
| |
| 1.) PUT to Member URI +----------------+ |
|------------------------------->|
| | Member_C | 2.) 200 OK |
|<-------------------------------|

1. The client PUTs an updated representation to the member's URI.

2. The server responds with a representation of the member's new
state.

4.4.4 Delete

Client Server
| +----------------+ |
| 1.) DELETE to Member URI |
|------------------------------->|
| ... |
| 2.) 204 No Content |
|<-------------------------------|
| +----------------+ |

1. The client sends a DELETE request to the member's URI.

2. The server responds with successful status code.

Gregorio & Sayre Expires November 10, 2005 [Page 8]

Internet-Draft The Atom Publishing Protocol May 2005

4.5 Success and Failure

HTTP defines classes
| | Member_Oldest | |
| +----------------+ |
| |
+-------------------------+

You'll note that up until now we haven't said what kinds of response. HTTP status codes
representations we are expecting at each of the form 2xx
signal that a request was successful. HTTP status codes resources. There are
two kinds of the form
4xx or 5xx signal that an error has occurred, collections, Entry and the request has
failed. Consult the HTTP specification for more detailed definitions
of each status code.

Gregorio & Sayre Expires November 10, 2005 [Page 9]

Internet-Draft The Atom Publishing Protocol May 2005

5. Generic. In Entry Collections

An
all the members MUST have representations as Atom Entries. For
further restrictions on Entry Collection see Section 9 The other type
of collection is a set Generic Collection. Generic Collections make no
restriction on the representations of related their member resources.

5.2 Editable Resources

All the members of a collection have an "updated" property, and the collection are Editable Resources. An Editable
resource is
considered to a resource whose available HTTP methods can be ordered by this property.

5.1 Collection Documents

An example Collection Document.

<?xml version="1.0" encoding='utf-8'?>
<collection xmlns="http://purl.org/atom/app#">
<member href="http://example.org/1"
hrefreadonly="http://example.com/1/bar"
title="Sample 1"
updated="2003-12-13T18:30:02Z" />
<member href="http://example.org/2"
hrefreadonly="http://example.com/2/bar"
title="Sample 2"
updated="2003-12-13T18:30:02Z" />
<member href="http://example.org/3"
hrefreadonly="http://example.com/3/bar"
title="Sample 3"
updated="2003-12-13T18:30:02Z" />
<member href="http://example.org/4"
title="Sample 4"
updated="2003-12-13T18:30:02Z" />
</collection>

Atom Collection Documents have the media-type 'application/
atomcoll+xml', see Section 11.

5.1.1 Element Definitions

5.1.1.1 The 'app:collection' Element

The 'app:collection' element represents an Atom Collection. A
collection document does not necessarily list every member of the
collection.

appCollection element app:collection {
attribute next { text } ?,
appMember*
} used to
retrieve, update and delete it.

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 10] 9]

Internet-Draft The Atom Publishing Protocol May October 2005

o 'app:collection' elements MAY contain any number of 'app:member'
elements.

o 'app:collection' elements MAY contain a 'next' attribute which
identifies a collection document containing member elements
updated earlier in time.

The members listed in a collection document MUST constitute

5.2.1 Read

To retrieve a
consecutive sequence representation of the collection's members, ordered by their
"updated" properties. That is, a collection document MUST contain resource, you send a
contiguous subset GET to the
URI of the Editable Resource. Remember that for members of Entry
Collections, the collection ordered by their
'updated' property.

5.1.1.2 The 'app:member' Element

The 'app:member' represents a single member resource.

appMember element app:member {
attribute title { text },
attribute href { text },
attribute hrefreadonly { text } ?,
attribute updated { text }
}

o 'app:member' elements MUST include served representation will be an 'href' attribute, whose
value conveys the URI used Atom Entry.

Client Server
| |
| 1.) GET to edit the member source

o 'app:member' elements MAY include an "hrefreadonly
(Section 5.1.1.3)" attribute.

o 'app:member' elements MUST include a 'title' attribute, whose
value is Editable Resource URI |
|------------------------------------------>|
| |
| 2.) 200 OK |
|<------------------------------------------|
| |

1. The client sends a human-readable name or description for the item.

o 'app:member' elements MUST include an 'updated' attribute, whose
value is the 'updated' property of the collection member. Its
format MUST conform GET request to the date-time production in [RFC3339].

5.1.1.3 member's URI.

2. The 'hrefreadonly' Attribute

This optional attribute identifies a URI which, on a GET request, server responds equivalently to how with the "href" URI would respond to representation of the same
request. Clients SHOULD NOT apply to this URI any HTTP methods that
would be expected resource.

5.2.2 Update

To update an Editable Resource the client will PUT an updated
representation to modify the state URI of the resource (e.g. PUT,
POST or DELETE). A resource.

Client Server
| |
| 1.) PUT or POST request to this Editable Resource URI MAY NOT affect

Gregorio & Sayre Expires November 10, 2005 [Page 11] |
|------------------------------------------>|
| |
| 2.) 200 OK |
|<------------------------------------------|

1. The client PUTs an updated representation to the member's URI.

2. The server MAY respond with an updated representation of the
member's new state.

5.2.3 Delete

An Editable Resource is deleted by sending it DELETE. Note that this
also removes it from all the collections that it belonged to.

Gregorio & de hOra Expires April 14, 2006 [Page 10]

Internet-Draft The Atom Publishing Protocol May October 2005

the underlying resource. If the "hrefreadonly" attribute is not
given, its value defaults

Client Server
| |
| 1.) DELETE to the "href" value. If the "hrefreadonly"
attribute is present, and its value is an empty string, then there is
no Editable Resource URI that can be treated in the way such |
|------------------------------------------>|
| |
| 2.) 200 Ok |
|<------------------------------------------|
| |

1. The client sends a value would be treated.

Clients SHOULD use the "href" value DELETE request to manipulate the member's URI.

2. The server responds with successful status code.

5.3 Capabilities Discovery

Each collection resource within responds to GET and can return a Collection
Document as it's representation. The Collection Document enumerates
the context capabilities of each collection and the APP itself. Clients SHOULD prefer the
"hrefreadonly" value in any other context. For example, if the
resource format is an image, a described in
Section 6.2.

Client Server
| |
| 1.) GET to Collection |
|------------------------------->|
| |
| 2.) Collection Document |
|<-------------------------------|
| |

1. The client may replace the image data using sends a PUT
on GET request to the "href" value, and may even display Collection Resource.

2. The server responds with a preview Collection Document containing a
description of the image by
fetching the "href" URI. But when creating a public, read-only
reference to capabilities of the same image resource, the client should use the
"hrefreadonly" value. If the "hrefreadonly" value is an empty
string, the client SHOULD NOT make public reference to the "href"
value.

[[anchor10: Define extensibility for Collection Documents.]]

5.2 Collection Resource

This specification defines two HTTP methods for use with collection
resources: GET and POST.

5.2.1 GET

Collections collection. The content
of this document can contain extremely large numbers vary based on aspects of resources. A
naive client such as a web spider or web browser would be overwhelmed
if the response to client request,
including, but not limited to, authentication credentials.

5.4 Listing

Clients can request a GET reflected the full membership listing of the
collection, and Collection's membership.
Listing the server would waste large amounts Editable Resources that are members of bandwidth and
processing time on clients unable to handle the response. As a
result, responses to a simple GET request represent a server-
determined subset collection is
done using one of the collection's membership.

In addition, List Resources in the client MAY send a 'Range' header Introspection Document,
utilizing the 'app:uri-template' element. The List Resource returns
Atom Feed Documents with a range type
of 'udpated', indicating one Atom Entry for each member resource that
match the subset of selection criteria. This is true whether the collection to be returned.
The 'Range' header is described in Section 5.2.4.

This specification defines two serializations for Atom Collections.
Servers MUST provide both, but MAY also provide additional
serializations.

1. Atom
an Entry Collection Documents (application/atomcoll+xml),
Section 5.1.

2. Atom or a Generic Collection. If an Entry Collection Documents wrapped
is being interrogated, the entries returned by a SOAP envelope
(application/soap+xml), .

Clients use the HTTP 'Accept' request header to indicate their list resource SHOULD

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 12] 11]

Internet-Draft The Atom Publishing Protocol May October 2005

preference.

Example Request, with Accept header

GET /collection HTTP/1.1
Host: example.org
User-Agent: Agent/1.0
Accept: application/atomcoll+xml

Here, the server could return any subset

NOT to be considered complete representations of the collection as an Atom
Collection Document.

Example Response, Atom Collection Document

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2005 17:15:33 GMT
Last-Modified: Mon, 04 Oct 2004 18:31:45 GMT
ETag: "2b3f6-a4-5b572640"
Accept-Ranges: updated
Content-Length: nnnn
Content-Type: application/atomcoll+xml; charset="utf-8"

<?xml version="1.0" encoding="utf-8"?>
<collection xmlns="http://purl.org/atom/app#">
...
<member href="http://example.org/1"
hrefreadonly="http://example.com/1/bar"
title="Example 1"
updated="2003-12-13T18:30:02Z" />
...
</collection>

Example Request, with SOAP Accept header

GET /collection HTTP/1.1
Host: example.org
User-Agent: Cosimo/1.0
Accept: application/soap+xml

Here, member
resources. See Section 11 and Section 12 for more details on the server could return any subset of
extensions and constraints found on the collection as an entries returned from List
Resources.

Client Server
| |
| 1.) GET to List Resource |
|------------------------------->|
| |
| 2.) 200 OK, Atom Feed Document wrapped by Doc |
|<-------------------------------|
| |

1. The client sends a SOAP envelope.

Gregorio & Sayre Expires November 10, 2005 [Page 13]

Internet-Draft GET request to the Collection's URI.

2. The Atom Publishing Protocol May 2005

Example Response, server responds with an Atom Feed Document wrapped by a SOAP envelope

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2005 17:15:33 GMT
Last-Modified: Mon, 04 Oct 2004 18:31:45 GMT
ETag: "2b3f6-a4-5b572640-89"
Accept-Ranges: bytes
Content-Length: nnnn
Content-Type: application/soap+xml; charset="utf-8"

<?xml version="1.0" encoding="utf-8"?>
<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope">
<env:Header />
<env:Body>
<collection xmlns="http://purl.org/atom/app#">
...
<member href="http://example.org/1"
hrefreadonly="http://example.com/1/bar"
title="Example 1"
updated="2003-12-13T18:30:02Z" />
...
</collection>
</env:Body>
</env:Envelope>

5.2.2 POST

In addition to GET, a Collection Resource also accepts POST requests.
The client POSTs containing a representation full
or partial listing of the desired resource to Collection's membership.

5.5 Success and Failure

HTTP defines different classes of response, which are used by the
Collection Resource. Note that some collections only allow members
Atom Protocol. HTTP status codes of the form 2xx signal that a specific media-type and a POST MAY generate a response with a
request was successful. HTTP status code codes of 415 ("Unsupported Media Type").

In the case of a successful creation, form 4xx or 5xx
signal that an error has occurred, and the request has failed.
Consult the HTTP specification [RFC2616] for more detailed
definitions of each status code MUST be 201
("Created"). code.

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 14] 12]

Internet-Draft The Atom Publishing Protocol May October 2005

Example Request, Create a resource in a collection.

POST /collection HTTP/1.1
Host: example.org
User-Agent: Cosimo/1.0
Accept: application/atomcoll+xml
Content-Type: image/png
Content-Length: nnnn
Name: trip-to-beach.png

...binary data...

Here, the client is adding a new image resource to a collection. The
Name: header indicates the client's desired name for the resource,
see Section 5.2.6.

Example Response, resource created successfully.

HTTP/1.1 201 Created
Date: Fri, 25 Mar 2005 17:17:11 GMT
Content-Length: nnnn
Content-Type: application/atomcoll+xml; charset="utf-8"
Location: http://example.org/images/trip-to-the-beach-01.png

<?xml version="1.0" encoding="UTF-8"?>
<collection xmlns="http://purl.org/atom/app#">
<member href="http://example.org/images/trip-to-beach.png"
hrefreadonly="http://example.com/ed/im/trip-01.png"
title="trip-to-beach.png"
updated="2005-03-25T17:17:09Z" />
</collection>

5.2.3 Usage Scenarios

These scenarios illustrate common idioms for interactin with
Collections.

The

6. Atom Collection can be used by clients in Publishing Protocol Documents

This specification describes two ways. In the first
case the client encounters a Collection for the first time kinds of Atom Publishing Protocol
Documents: Atom Collections Documents and Atom Introspection
Documents.

An Atom Collection Document is
doing an initial syncronization, that is, retrieving a list of all
the members representation of an Atom
collection, including metadata about the collections collection, and possibly retrieving some or all the
members
of the collection also. The client can perform a non-partial
GET on the collection resource and it will receive a collection
document that either contains all the members of associated with it. Its root is the collection, app:collection
element.

An Atom Introspection Document represents one or
the collection document more workspaces,
which describe server-defined groupings of collections. Its root element 'collection' will contain a
'next' attribute pointing to the next collection document. By
repeatedly following is
the 'next' attribute from document to document

Gregorio & Sayre Expires November 10, 2005 [Page 15]

Internet-Draft The app:service element.

namespace app = "..." start = appCollection | appIntrospection

Both kinds of Atom Publishing Protocol May 2005

the client can find all the members Documents are specified in
terms of the collection.

In the second case the client has already done an initial sync, XML Information Set, serialised as XML 1.0 ([W3C.REC-
xml-20040204]). Atom Publishing Protocol Documents MUST be well-
formed XML. This specification does not define a DTD for Atom
Protocol, and
now needs hence does not require them to re-sync, because be valid (in the client was just restarted, or some
time has passed since a re-sync, etc. The client does a partial GET
on the collection document, supplying a Range header that begins from sense
used by XML).

Atom Collection Documents are identified with the last time "application/
atomcoll+xml" media type.

Atom Introspection Documents are identified with the client sync'd to "application/
atomserv+xml" media type.

Atom allows the current time. The collection
document returned will contain only those members use of the collection
that have changed since the last time the client syncronized.

5.2.4 Range: Header

HTTP/1.1 allows a client IRIs [RFC3987], as well as URIs [RFC3986].
Every URI is an IRI, so any URI can be used where an IRI is needed.
While IRIs must, for many protocols, be mapped to request that only part (a range of) the
collection URIs prior to
dereferencing, they MUST NOT be included within the response. HTTP/1.1 uses range
units so mapped for comparison when used in the Range header field. A collection can be broken down
into subranges according
atom:id. Section 3.1 of [RFC3987] describes how to map an IRI to the members 'updated' property. If a
Range: header
URI when necessary.

6.1 Use of xml:base xml:lang

Any element defined by this specification MAY have an xml:base
attribute [W3C.REC-xmlbase-20010627]. When xml:base is present used in an
Atom Publishing Protocol Document, it serves the request, its value explictly
identifies the a time interval interval function described
in which all section 5.1.1 of [RFC3986], establishing the members
'updated' property must fall to be included in base URI (or IRI) for
resolving any relative references found within the response.

Range = "Range" ":" ranges-specifier

The value effective scope of
the Range: header should be a pair of ISO 8601 dates,
separated xml:base attribute.

Any element defined by a slash character; either date may be optionally
omitted, in which case this specification MAY have an xml:lang
attribute, whose content indicates the range natural language for the

Gregorio & de hOra Expires April 14, 2006 [Page 13]

Internet-Draft The Atom Publishing Protocol October 2005

element and its descendents. The language context is understood as stretching only
significant for elements and attributes declared to
infinity on that end.

ranges-specifier = updated-ranges-specifier
updated-ranges-specifier = updated-unit "=" updated-range
updated-unit = "updated"
updated-range = [iso-date] "/" [iso-date]

The response to a collection request MUST be a collection document,
all of whose 'member' elements fall within "Language-
Sensitive" by this specification. Requirements regarding the requested range. The
request range is considered a closed set, that is, if a 'member'
element matches one end content
and interpretation of the range exactly it MUST be included in
the response. If no members fall xml:lang are specified in the requested range, the server
MUST respond with a collection document containing no 'member'
elements. XML 1.0 ([W3C.REC-
xml-20040204]), Section 2.12.

appCommonAttributes =
attribute xml:base { atomUri }?,
attribute xml:lang { atomLanguageTag }?,
undefinedAttribute*

6.2 Collection Documents

The inclusion of Collection Document describes the Range: header in capabilities of a request changes Collection,
the request
to a "partial GET" [RFC2616].

5.2.5 Accept-Ranges: Header

The response to a non-partial GET request MUST include an Accept-
Ranges header that indicates types of Entries that it will support, the server accepts 'updated' range
requests.

Gregorio & Sayre Expires November 10, 2005 [Page 16]

Internet-Draft The Atom Publishing Protocol May 2005

Accept-Ranges = "Accept-Ranges" ":" acceptable-ranges
acceptable-ranges = updated-unit ( 1#range-unit )

5.2.6 Name: Header

[[anchor13: this is new...]] URI Templates it
supports.

The POST to a Collection Resource MAY contain a Name: header Document has the media-type 'application/atomcoll+xml'
(see Section 15).

Here's an example document:

<?xml version="1.0" encoding='utf-8'?>
<app:collection xmlns:app="http://purl.org/atom/app#">
<app:member-type>entry</pub:member-type>
<app:uri-template>http://example.org/{index}</pub:uri-template>
<app:uri-template>http://example.org/{daterange}</pub:uri-template>
</app:collection>

This example says the Collection contains Atom Entry documents, and
that
indicates there are two means of selecting entries using what are called
'URI Templates'; one based on the clients suggested name collection's order, and another
based on dates. See Section 11.1 for the resource. more about URI Templates.

6.2.1 Element Definitions

6.2.1.1 The server
MAY ignore the Name: header or modify the requested name to suit
local conventions.

Name = "Name" ":" relative-part 'app:collection' Element

The relative-part production app:collection is defined in [RFC3986]. the document element of a Collection Document.

appCollection =
element app:collection {
appCommonAttributes,
( appMemberType+
appSearchTemplate
& anyElement* )

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 17] 14]

Internet-Draft The Atom Publishing Protocol May October 2005

6. Entry Collection

Entry Collections are Collections that restrict their membership to
Atom entries.

}

This specification defines two serializations child elements for Atom
entries. Servers MUST provide both serializations.

1. Atom Entry Documents (application/atom+xml), [AtomFormat].

2. Atom Entry Documents wrapped by a SOAP envelope (application/
soap+xml), .

Clients use the HTTP 'Accept' request header to indicate their
preference [RFC2616]. If no 'Accept' header is present in app:collection:

o app:member-type: any number of elements listing the
request, types of
Entries that the server is free to choose Collection may contain.

o app:uri-template: any serialization. When an
HTTP request contains number of URI Templates for a body, clients List Resource
(See Section 11).

6.2.1.2 The 'app:member-type' Element

The app:member-type element contains information elements about the
types of Entries that the Collection may contain.

appMember =
element app:member-type {
appCommonAttributes,
appTypeValue
}

The element content of an app:member-type MUST include be a 'Content-Type'
header, string that is
non-empty, and servers matches either the "isegment-nz-nc" or the "IRI"
production in [RFC3987]. Note that use of a relative reference other
than a simple name is not allowed. If a name is given,
implementations MUST accept both application/atom+xml consider the link relation type to be equivalent
to the same name registered within the IANA Registry of Member Types
(Section 15), and
application/soap+xml message bodies.

6.1 Editing Entry Resources

Atom entries are edited thus the IRI that would be obtained by sending HTTP requests appending
the value of the rel attribute to the string
"http://www.iana.org/assignments/entrytype/".

The content of an individual
entry's URI. Servers can determine app:member-type specifies constraints on the processing necessary
Entries that may appear in the Collection. The app:collection
element MAY have multiple app:member-type elements. An Entry POSTed
to
interpret a request by examining Collection MUST meet the request's HTTP method and
'Content-Type' header.

If constraints of at least one of the request method is POST and app:
member-type constraints. It MAY meet more than one, but the 'Content-Type' minimum
requirement is application/
soap+xml, the SOAP document MUST contain a Web-Method property . at least one.

This specifcation specification defines two initial values for that property, PUT and
DELETE.

Processing Client Requests

+----------------------------------+------+--------+--------+--------+
| | GET | PUT | DELETE | POST |
+----------------------------------+------+--------+--------+--------+
| No Body | Read | x | Delete | x |
| | | | | |
| Atom Body | x | Update | x | x |
| | | | | |
| SOAP Body with Web-Method PUT | x | x | x | Update |
| | | | | |
| SOAP Body with Web-Method DELETE | x | x | x | Delete |
+----------------------------------+------+--------+--------+--------+

6.2 Role of Atom Entry Elements During Editing app:member-type
IANA registry:

o "entry" - The elements of Collection is an Atom Entry Document are either a 'Writable Collection as defined in
Section 9.

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 18] 15]

Internet-Draft The Atom Publishing Protocol May October 2005

Element' or

o "generic" - The Collection is a 'Round Trip Element'.

Writable Generic Collection as defined in
Section 10.

6.2.1.3 The 'app:uri-template' Element - An

The element content of an Atom Entry app:uri-template is a URI Template for a
List Resource (See Section 11). Every List resource, whose value URI is
editable
determined by filling in the client and parameters in a URI Template, MUST
return an Atom feed document as its representation. This Atom feed
document MUST NOT contain entries which do not enforced by match the server.

Round Trip Element - An element selection
criteria.

6.3 Introspection Documents

In order for authoring to commence, a client must first discover the
capabilities and locations of an Atom Entry whose value collections offered.

The Introspection Document describes "workspaces", which are server-
defined groupings of collections. There is
enforced by the server no requirement that
servers support multiple workspaces, and not editable by the client.

That categorization will determine a collection may appear in
more than one workspace.

The Introspection Document has the elements' disposition during
editing.

Here's an example document:

<?xml version="1.0" encoding='utf-8'?>
<app:service xmlns:app="http://purl.org/atom/app#">
<app:workspace title="Main Site" >
<app:collection contents="entries"
title="My Blog Entries"
href="http://example.org/reilly/feed" />
<app:collection contents="generic"
title="Documents"
href="http://example.org/reilly/pic" />
</app:workspace>
<app:workspace title="Side Bar Blog">
<app:collection contents="entries" title="Entries"
href="http://example.org/reilly/feed" />
<app:collection contents="http://example.net/booklist"
title="Books"
href="http://example.org/reilly/books" />
</app:workspace>
</app:service>

This example says there are two workspaces, each consisting of two

Gregorio & de hOra Expires April 14, 2006 [Page 16]

Internet-Draft The Atom Publishing Protocol October 2005

collections. The first workspace is called 'Mail', and has two
collections, called 'My Blog Entries' and 'Documents' whose locations
are 'http://example.org/reilly/feed' and
'http://example.org/reilly/pic'. 'My Blog Entries' contains Atom
Entries and 'Documents' contains Generic Entries. The second
workspace is called 'Side Bar Blog' and also has two collections,
called 'Entries' and 'Books' whose locations are
'http://example.org/reilly/feed' and
'http://example.org/reilly/booklist'. 'Entries' contains Atom
Entries and 'Books' contains Generic Entries (since its contents
attribute is not present you MUST assume it is a Generic Collection).

6.3.1 Element Definitions

6.3.1.1 The 'app:service' Element

The "app:service" element is the document element of a Introspection
Document, acting as a container for service data associated with one
or more workspaces. An app:service elements MAY contain any number
of app:workspace elements.

appService =
element app:service {
appCommonAttributes,
( appWorkspace*
& anyElement* )
}

6.3.1.2 The 'app:workspace' Element

The 'workspace' element contains information elements about the
collections of resources available for editing. The app:workspace
elements MAY contain any number of app:collection elements.

appWorkspace =
element app:workspace {
appCommonAttributes,
attribute title { text },
( appCollection*
& anyElement* )
}

Gregorio & de hOra Expires April 14, 2006 [Page 17]

Internet-Draft The Atom Publishing Protocol October 2005

6.3.1.2.1 The 'title' Attribute

The app:workspace element MUST contain a 'title' attribute, which
conveys a human-readable name for the workspace. This attribute is
Language-Sensitive.

6.3.1.3 The 'app:collection' Element

The 'app:collection' element describes collections and their member
resources.

appCollection =
element app:collection {
appCommonAttributes,
attribute title { text },
attribute href { text },
attribute contents { text },
anyElement*
}

6.3.1.3.1 The 'title' Attribute

The app:collection element MUST contain a 'title' attribute, whose
value conveys a human-readable name for the workspace. This
attribute is Language-Sensitive.

6.3.1.3.2 The 'href' Attribute

The app:collection element MUST contain an 'href' attribute, whose
value conveys the IRI of the collection.

6.3.1.3.3 The 'contents' Attribute

The app:collection element MAY contain a 'contents' attribute. The
'contents' attribute conveys the nature of a collection's member
resources. This specification defines two initial values for the
'contents' attribute:

o 'entry': A value of 'entry' for the contents attribute indicates
that the Collection is an Entry Collection (Section 9).

o 'generic': A value of 'generic' for the contents attribute
indicates that the Collection is a Generic Collection
(Section 10).

If the attribute is not present, its value MUST be considered to be

Gregorio & de hOra Expires April 14, 2006 [Page 18]

Internet-Draft The Atom Publishing Protocol October 2005

'generic'.

Gregorio & de hOra Expires April 14, 2006 [Page 19]

Internet-Draft The Atom Publishing Protocol October 2005

7. Introspection Resource

To retrieve an Introspection Document, the client sends a GET request
to its URI.

GET /service-desc HTTP/1.1
Host: example.org
User-Agent: Cosimo/1.0
Accept: application/atomserv+xml

The server responds to a GET request by returning an Introspection
Document in the message body.

HTTP/1.1 200 OK
Date: Mon, 21 Mar 2005 19:20:19 GMT
Server: CountBasic/2.0
Last-Modified: Mon, 21 Mar 2005 19:17:26 GMT
ETag: "4c083-268-423f1dc6"
Content-Length: nnnn
Content-Type: application/atomserv+xml

<?xml version="1.0" encoding='utf-8'?>
<app:service xmlns:app="http://purl.org/atom/app#">
...
</app:service>

7.1 Discovery

[[anchor18: Add in desc of an HTML link element that points to the
Introspection Resource, or add it to the autodisco draft]]

Gregorio & de hOra Expires April 14, 2006 [Page 20]

Internet-Draft The Atom Publishing Protocol October 2005

8. Collection Resources

An Atom Collection is a set of related resources. All members of a
collection have an "app:updated" property, and the Collection is
considered to be ordered by this property.

This specification defines two HTTP methods for use with collection
resources: GET and POST.

8.1 GET

A GET to a Collection Resource returns a Collection Document,
outlining the Collection. Collection Documents are described in
Section 6.2.

8.2 POST

In addition to GET, a Collection Resource also accepts POST requests.
The client POSTs a representation of the desired resource to the
Collection Resource. Note that some collections may impose
constraints on the media-types that are created in a Collection and
MAY generate a response with a status code of 415 ("Unsupported Media
Type").

In the case of a successful creation, the status code MUST be 201
("Created").

Every successful POST MUST return a Location: header with the URI of
the newly created resource.

Here's an example. Below, the client requests to create a resource
in a Collection:

Gregorio & de hOra Expires April 14, 2006 [Page 21]

Internet-Draft The Atom Publishing Protocol October 2005

POST /edit HTTP/1.1
Host: example.org
User-Agent: Cosimo/1.0
Accept: application/atom+xml
Content-Type: application/atom+xml
Content-Length: 601

<atom:entry xmlns:atom="http://www.w3.org/2005/Atom">
<atom:title>Mars Attacks!</atom:title>
<atom:summary type="html">
Why cant we all just... get along?
</atom:summary>
<atom:author>
<atom:name>The President</atom:name>
<atom:uri>http://www.example.org/blog</atom:uri>
</atom:author>
<atom:content type="html" xml:lang="en"
xml:base="http://www.example.org/blog/">
<p>
Why can't we...work out our differences?
Why can't we...work things out?
Little people...why can't we all just...get along?
</p>
</atom:content>
</atom:entry>

The resource is created by sending an Atom Entry as the entity body.

Assuming the server created the resource successfully, it sends back
a 201 Created response with a Location: header that contains the IRI
of the newly created member as an Editable Resource.

HTTP/1.1 201 Created
Date: Fri, 7 Oct 2005 17:17:11 GMT
Content-Length: 663
Content-Type: application/atom+xml; charset="utf-8"
Location: http://example.org/edit/first-post.atom

8.3 Title: Header

The POST to a Collection Resource MAY contain a Title: header that
indicates the clients suggested name for the resource. The server
MAY ignore the Title: header or modify the requested name to suit
local conventions.

Title = "Title" ":" [text]

Gregorio & de hOra Expires April 14, 2006 [Page 22]

Internet-Draft The Atom Publishing Protocol October 2005

9. Entry Collections

Entry Collections are Collections that restrict their membership to
Atom entries.

9.1 Editing Entry Resources

Atom entries are edited by sending HTTP requests to an individual
entry's URI. Servers can determine the processing necessary to
interpret a request by examining the request's HTTP method and
'Content-Type' header.

Processing Client Requests

+-----------+------+--------+--------+------+
| | GET | PUT | DELETE | POST |
+-----------+------+--------+--------+------+
| No Body | Read | x | Delete | x |
| | | | | |
| Atom Body | x | Update | x | x |
+-----------+------+--------+--------+------+

9.2 Role of Atom Entry Elements During Editing

The elements of an Atom Entry Document are either a 'Writable
Element' or a 'Round Trip Element'.

Writable Element - An element of an Atom Entry whose value is
editable by the client and not enforced by the server.

Round Trip Element - An element of an Atom Entry whose value is
enforced by the server and not editable by the client.

That categorization will determine the elements' disposition during
editing.

Gregorio & de hOra Expires April 14, 2006 [Page 23]

Internet-Draft The Atom Publishing Protocol October 2005

Table 2

Gregorio & de hOra Expires April 14, 2006 [Page 24]

Internet-Draft The Atom Publishing Protocol October 2005

10. Generic Collections

Generic Collections are Collections that do not have uniform
restrictions on the representations of the member resources.

10.1 Editing Generic Resources

Member resources are edited by sending HTTP requests to an individual
resource's URI. Servers can determine the processing necessary to
interpret a request by examining the request's HTTP method and
'Content-Type' header.

Processing Client Requests

+----------+------+--------+--------+------+
| | GET | PUT | DELETE | POST |
+----------+------+--------+--------+------+
| No Body | Read | x | Delete | x |
| | | | | |
| Any Body | x | Update | x | x |
+--------------------+------------+

Table 2
+----------+------+--------+--------+------+

When a List resource returns an Atom Feed enumerating the contents of
a Generic Collection, all the Entries MUST have an atom:content
element with a 'src' attribute.

10.2 Title: Header

The POST to a Generic Collection Resource MAY contain a Title: header
that indicates the clients suggested title for the resource. The
server MAY ignore the Title: header or modify the requested title to
suit local conventions.

Title = "Title" ":" [text]

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 19] 25]

Internet-Draft The Atom Publishing Protocol May October 2005

7. Generic Collection

Generic Collections

11. List Resources

List resources are Collections resources which are identified by URI templates
indicating selection criteria. They can be used where clients
require fine control over the range or size of a server's response.
A list resource MUST return an Atom feed document as its
representation. The entries in the returned document MUST be ordered
by their 'atom:updated' property, with the most recently updated
entries coming first in the document order. Clients MUST NOT assume
that do not have uniform
restrictions on the representations entry returned in the feed is a full representation of a
member resource. If the entry is an Editable Resource then the
client should perform a GET on the member resources.

7.1 Editing Generic Resources

Member resources are edited resource before editing.

note: in this section some URIs carry across onto the next line; this
is indicated by sending HTTP requests to an individual
resource's a '\'

11.1 URI Templates

URI Templates are a mechanism for declaring criteria against a list
resource. By itself a URI Template is not a valid URI. Servers can determine Instead
there are multiple parameters embedded in the processing necessary URI and distinguished
by closing braces which can be populated and used as selection
criteria. The value of each app:uri-template element in a Collection
document is a URI Template.

Each URI template has one or more parameters that MUST be substituted
with values to
interpret construct a request by examining valid URI. The substitution MUST ensure
that the request's HTTP method resulting value is also properly percent-encoded utf-8.

Here are some examples of template URIs and
'Content-Type' header.

Processing Client Requests

http://example.org/blog/edit/{index}
http://example.org/blog/edit/3-9

http://example.org/blog/edit/{index}/foo
http://example.org/blog/edit/0-100/foo

http://example.org/blog/edit/{daterange}
http://example.org/blog/edit/daterange=\
2003-12-13T18:30:02Z-2003-12-13T18:30:02Z

http://example.org/blog/edit?dr={daterange}/bar/
http://example.org/blog/edit?dr=\
2003-12-13T18:30:02Z,2003-12-13T18:30:02Z/bar/

Note that the parameters MAY appear at any place in the URI template.

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 20] 26]

Internet-Draft The Atom Publishing Protocol May October 2005

8. Introspection

In order

11.2 URI Template Parameters

This specification defines two parameters for authoring to commence, use in URI Templates:

o index: allows selection into a client must first discover collection's resources based as
though ordered by their 'atom:updated' property.

o daterange: allows selection into a collection's resources based on
their 'atom:updated' property

In both cases, the
capabilities and locations of collections offered.

8.1 Introspection Document response to the selection request MUST be an Atom
Feed where all the entries fall within the requested criteria. The Introspection Document describes "workspaces", which are server-
defined groupings of collections. There
request range is no requirement that
servers support multiple workspaces, and considered a collection may appear in
more than closed set - if an entry matches one workspace.

The Introspection Document has
end of the media-type 'application/
atomserv+xml', see Section 11

<?xml version="1.0" encoding='utf-8'?>
<service xmlns="http://purl.org/atom/app#">
<workspace title="Main Site" >
<collection contents="entries" title="My Blog Entries"
href="http://example.org/reilly/feed" />
<collection contents="generic" title="Documents"
href="http://example.org/reilly/pic" />
</workspace>
<workspace title="Side Bar Blog">
<collection contents="entries" title="Entries"
href="http://example.org/reilly/feed" />
<collection contents="http://example.net/booklist" title="Books"
href="http://example.org/reilly/books" />
</workspace>
</service>

8.1.1 Element Definitions

8.1.1.1 range exactly it MUST be included in the response. If no
members fall in the requested range, the server MUST respond with an
Atom Feed containing no entries.

A Collection Document MUST contain at least two app:uri-template
elements - one for the {index} parameter template and the other for
the {daterange} parameter template. The 'app:service' Element two parameters are not
mutually exclusive and MAY appear together in a single Template URI.

11.2.1 \{index\} URI template variable

The "service" element is value of the document element {index} criterion MUST be a pair of non-negative
integer indices separated by a Service Document,
acting dash character. One or other index
MAY omitted, in which case the range is understood as a container for service data associated with one stretching to
zero, or more
workspaces.

appService element app:service {
( appWorkspace*
& anyElement* )
}

The following child elements are defined by infinity.

index-specifier = [index] "-" [index]

For example, suppose the client is supplied this specification: {index} URI
template:

http://example.org/blog/edit/{index}

If the client wants the first 15 entries in the Collection it would
substitute the brace-delimited parameter {index}, with the value
1-15, giving:

http://example.org/blog/edit/1-15

11.2.2 \{daterange\} URI template variable

A URI Template with the variable 'daterange' allows querying for Atom
Entries in a Collection according to their 'atom:updated' property.

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 21] 27]

Internet-Draft The Atom Publishing Protocol May October 2005

o app:service elements MAY contain any number of app:workspace
elements.

8.1.1.2 The 'app:workspace' Element

The 'workspace' element element contains information elements about value of the collections {daterange} criterion should be a pair of resources available for editing.

appWorkspace element app:workspace {
attribute title { text },
( appCollection*
& anyElement* )
}

The following attributes and child elements are defined ISO
formatted dates separated by this
specification:

o app:workspace elements MUST contain a 'title' attribute, dash character; either index may be
optionally omitted, in which
conveys a human-readable name for case the range is understood as
stretching to infinity on that end.

daterange-specifier = [iso-date] "," [iso-date]

The [iso-date] terminal MUST conform to the "date-time" production in
[RFC3339]. In addition, an uppercase "T" character MUST be used to
separate date and time, and an uppercase "Z" character MUST be
present in the workspace

o app:workspace elements MAY contain any number absence of app:collection
elements.

8.1.1.3 The 'app:collection' Element

The 'app:collection' element describes collections and their member
resources.

[[anchor19: We have a collection element that's different than numeric time zone offset.

For example, suppose the
root element of client is supplied this {daterange} URI
Template:

http://example.org/blog/edit/{daterange}

If the client wants the entries in the collection document. Messy. --R. Sayre]]

appCollection element app:collection {
attribute title { text },
attribute contents { text },
attribute href { text },
anyElement*
}

The following attributes are defined by between January and
February 2006 it would substitute the brace-delimited parameter
{daterange} with the desired selection value, giving this specification: URI:

http://example.org/blog/edit/2006-01-01T00:00:00Z,\
2006-02-01T00:00:00Z

11.2.3 Other URI Template parameters

Other specifications MAY define new parameters for use in URI
templates and declared in the app:uri-template element.

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 22] 28]

Internet-Draft The Atom Publishing Protocol May October 2005

o app:collection elements MUST

12. Atom Entry Extensions

This specification adds three new values to the Registry of Link
Relations.

The value of 'collection' signifies that the IRI in the value of the
href is the Collection that this Entry belongs to. Any entry MAY
contain a 'title' attribute, whose link with a relation of 'collection'.

The value conveys of 'edit' signifies that the IRI in the value of the href
attribute identifies the resource that is used to edit the entry.
That is, it is the URI of the Entry as an Editable Resource.

The value of 'srcedit' signifies that the IRI in the value of the
href attribute identifies the resource that is used to edit the
resource pointed to by the 'src' attribute of the atom:content
element. That is, it is the IRI of the atom:content@src as an
Editable Resource. If a human-readable name for link element with a relation of "srcedit" is
not given, then it's value defaults to the workspace

o app:collection elements MAY contain "src" attribute of the
content element. List Resources for Generic Collections MUST return
entries that have 'srcedit' links or MUST have a 'contents' attribute
(Section 8.1.1.3.1). atom:content@src
value.

If it the "srcedit" link is not present, and it's value is
considered to be 'generic'.

o app:collection elements MUST contain an 'href' attribute, whose
value conveys the empty string,
then there is no URI of the collection.

8.1.1.3.1 The 'contents' Attribute

The 'contents' attribute conveys that can be treated in the nature of way such a collection's member
resources. This specification defines two initial values for value
would be treated.

Clients SHOULD use the
'contents' attribute:

o entry

o generic

Extensibility for 'content' values is handled [[anchor20: Same as
atom:link]].

8.1.1.3.1.1 entry

A "srcedit" value of 'entry' for to manipulate the contents attribute indicates that resource
within the
Collection is an Entry Collection (Section 6).

8.1.1.3.1.2 generic

A value context of 'generic' for the contents attribute indicates that APP itself. Clients SHOULD prefer the
Collection
"atom:content@src" value in any other context. For example, if the
resource is a Generic Collection (Section 7).

8.2 Introspection Resource

To retrieve an Introspection Document, the image, a client sends may replace the image data using a GET request
to its URI.

GET /service-desc HTTP/1.1
Host: example.org
User-Agent: Cosimo/1.0
Accept: application/atomserv+xml

The server responds to PUT
on the "srcedit" value, and may even display a GET request preview of the image
by returning an Introspection
Document in fetching the message body.

Gregorio & Sayre Expires November 10, 2005 [Page 23]

Internet-Draft The Atom Publishing Protocol May 2005

<?xml version="1.0" encoding='utf-8'?>
<service xmlns="http://purl.org/atom/app#">
...
</service>

8.2.1 Discovery

[[anchor24: Add in desc of an HTML link element that points "srcedit" URI. But when creating a public, read-only
reference to the
Introspection Resource, or add it to same image resource, the client should use the autodisco draft]]
"atom:content@src" value.

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 24] 29]

Internet-Draft The Atom Publishing Protocol May October 2005

13. Securing the Atom Protocol

All instances of publishing Atom entries SHOULD be protected by
authentication to prevent posting or editing by unknown sources.
Atom servers and clients MUST support one of the following
authentication mechanisms, and SHOULD support both.

o HTTP Digest Authentication [RFC2617]

o [@@TBD@@ CGI Authentication ref]

Atom servers and clients MAY support encryption of the Atom session
using TLS [RFC2246].

There are cases where an authentication mechanism may not be
required, such as a publicly editable Wiki, or when using the PostURI
to post comments to a site that does not require authentication to
create comments.

9.1

13.1 [@@TBD@@ CGI Authentication]

This authentication method is included as part of the protocol to
allow Atom servers and clients that cannot use HTTP Digest
Authentication but where the user can both insert its own HTTP
headers and create a CGI program to authenticate entries to the
server. This scenario is common in environments where the user
cannot control what services the server employs, but the user can
write their own HTTP services.

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 25] 30]

Internet-Draft The Atom Publishing Protocol May October 2005

10.

14. Security Considerations

Because Atom is a publishing protocol, it is important that only
authorized users can create and edit entries.

The security of Atom is based on HTTP Digest Authentication and/or
[@@TBD@@ CGI Authentication]. Any weaknesses in either of these
authentication schemes will obviously affect the security of the Atom
Publishing Protocol.

Both HTTP Digest Authentication and [@@TBD@@ CGI Authentication] are
susceptible to dictionary-based attacks on the shared secret. If the
shared secret is a password (instead of a random string with
sufficient entropy), an attacker can determine the secret by
exhaustively comparing the authenticating string with hashed results
of the public string and dictionary entries.

See RFC 2617 for more detailed description of the security properties
of HTTP Digest Authentication.

@@TBD@@ Talk here about using HTTP basic and digest authentication.

@@TBD@@ Talk here about denial of service attacks using large XML
files, or the billion laughs DTD attack.

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 26] 31]

Internet-Draft The Atom Publishing Protocol May October 2005

11.

15. IANA Considerations

A Atom Collection Document, when serialized as XML 1.0, can be
identified with the following media type:

MIME media type name: application

MIME subtype name: atomcoll+xml

Mandatory parameters: None.

Optional parameters:

"charset": This parameter has identical semantics to the charset
parameter of the "application/xml" media type as specified in
[RFC3023].

Encoding considerations: Identical to those of "application/xml" as
described in [RFC3023], section 3.2.

Security considerations: As defined in this specification.
[[anchor28:
[[anchor31: update upon publication]]

In addition, as this media type uses the "+xml" convention, it
shares the same security considerations as described in [RFC3023],
section 10.

Interoperability considerations: There are no known interoperability
issues.

Published specification: This specification. [[anchor29: [[anchor32: update upon
publication]]

Applications that use this media type: No known applications
currently use this media type.

Additional information:

Magic number(s): As specified for "application/xml" in [RFC3023],
section 3.2.

File extension: .atomcoll

Fragment identifiers: As specified for "application/xml" in
[RFC3023], section 5.

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 27] 32]

Internet-Draft The Atom Publishing Protocol May October 2005

Base URI: As specified in [RFC3023], section 6.

Macintosh File Type code: TEXT

Person and email address to contact for further information: Joe
Gregorio <joe@bitworking.org>

Intended usage: COMMON

Author/Change controller: IESG

An Atom Introspection Document, when serialized as XML 1.0, can be
identified with the following media type:

MIME media type name: application

MIME subtype name: atomserv+xml

Mandatory parameters: None.

Optional parameters:

"charset": This parameter has identical semantics to the charset
parameter of the "application/xml" media type as specified in
[RFC3023].

Encoding considerations: Identical to those of "application/xml" as
described in [RFC3023], section 3.2.

Security considerations: As defined in this specification.
[[anchor30:
[[anchor33: update upon publication]]

In addition, as this media type uses the "+xml" convention, it
shares the same security considerations as described in [RFC3023],
section 10.

Interoperability considerations: There are no known interoperability
issues.

Published specification: This specification. [[anchor31: [[anchor34: update upon
publication]]

Applications that use this media type: No known applications
currently use this media type.

Additional information:

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 28] 33]

Internet-Draft The Atom Publishing Protocol May October 2005

Magic number(s): As specified for "application/xml" in [RFC3023],
section 3.2.

File extension: .atomsrv

Fragment identifiers: As specified for "application/xml" in
[RFC3023], section 5.

Base URI: As specified in [RFC3023], section 6.

Macintosh File Type code: TEXT

Person and email address to contact for further information: Joe
Gregorio <joe@bitworking.org>

Intended usage: COMMON

Author/Change controller: This specification's author(s). [[anchor32: [[anchor35:
update upon publication]]

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 29] 34]

Internet-Draft The Atom Publishing Protocol May October 2005

12.

16. References

12.1

16.1 Normative References

[AtomFormat]
Nottingham, M. and R. Sayre, "The Atom Syndication
Format", work-in-progress, April 1.0, July 2005.

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2246] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
RFC 2246, January 1999.

[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

[RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
Leach, P., Luotonen, A., and L. Stewart, "HTTP
Authentication: Basic and Digest Access Authentication",
RFC 2617, June 1999.

[RFC3023] Murata, M., St. Laurent, S., and D. Kohn, "XML Media
Types", RFC 3023, January 2001.

[RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet:
Timestamps", RFC 3339, July 2002.

[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, January 2005.

[RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource
Identifiers (IRIs)", RFC 3987, January 2005.

[W3C.REC-soap12-part1-20030624]
Nielsen, H., Mendelsohn, N., Gudgin, M., Hadley, M., and
J. Moreau, "SOAP Version 1.2 Part 1: Messaging Framework",
W3C REC REC-soap12-part1-20030624, June 2003.

[W3C.REC-soap12-part2-20030624]
Nielsen, H., Hadley, M., Moreau, J., Mendelsohn, N., and
M. Gudgin, "SOAP Version 1.2 Part 2: Adjuncts", W3C
REC REC-soap12-part2-20030624, June 2003.

[W3C.REC-xml-20040204]
Yergeau, F., Paoli, J., Sperberg-McQueen, C., Bray, T.,

Gregorio & Sayre Expires November 10, 2005 [Page 30]

Internet-Draft The Atom Publishing Protocol May 2005
and E. Maler, "Extensible Markup Language (XML) 1.0 (Third
Edition)", W3C REC REC-xml-20040204, February 2004.

12.2

[W3C.REC-xml-names-19990114]
Hollander, D., Bray, T., and A. Layman, "Namespaces in
XML", W3C REC REC-xml-names-19990114, January 1999.

Gregorio & de hOra Expires April 14, 2006 [Page 35]

Internet-Draft The Atom Publishing Protocol October 2005

16.2 Informative References

[RNC] Clark, J., "RELAX NG Compact Syntax", December 2001.

[W3C.REC-webarch-20041215]
Walsh, N. and I. Jacobs, "Architecture of the World Wide
Web, Volume One", W3C REC REC-webarch-20041215,
December 2004.

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 31] 36]

Internet-Draft The Atom Publishing Protocol May October 2005

URIs

[1] <http://www.imc.org/atom-protocol/index.html>

Authors' Addresses

Joe Gregorio (editor)
BitWorking, Inc
1002 Heathwood Dairy Rd.
Apex, NC 27502
US

Phone: +1 919 272 3764
Email: joe@bitworking.com
URI: http://bitworking.com/

Robert Sayre

Bill de hOra (editor)
Propylon Ltd.
45 Blackbourne Square, Rathfarnham Gate
Dublin, Dublin D14
IE

Phone: +353-1-4927444
Email: rfsayre@boswijck.com bill.dehora@propylon.com
URI: http://boswijck.com http://www.propylon.com/

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 32] 37]

Internet-Draft The Atom Publishing Protocol May October 2005

Appendix A. Contributors

The content and concepts within are a product of the Atom community
and the Atompub Working Group. Robert Sayre was an editor for drafts
00-04.

Gregorio & de hOra Expires April 14, 2006 [Page 38]

Internet-Draft The Atom Publishing Protocol October 2005

Appendix B. Revision History

draft-ietf-atompub-protocol-05 - Added: Contributors section. Added:
de hOra to editors. Fixed: typos. Added diagrams and description to
model section. Incorporates PaceAppDocuments, PaceAppDocuments2,
PaceSimplifyCollections2 (large-sized chunks of it anyhow: the
notions of Entry and Generic resources, the section 4 language on the
Protocol Model, 4.1 through 4.5.2, the notion of a Collection
document, as in Section 5 through 5.3, Section 7 "Collection
resources", Selection resources (modified from pace which talked
about search); results in major mods to Collection Documents, Section
9.2 "Title: Header" and brokeout para to section 9.1 Editing Generic
Resources). Added XML namespace and language section. Some cleanup
of front matter. Added Language Sensitivity to some attributes.
Removed resource descriptions from terminology. Some juggling of
sections. See:
http://www.imc.org/atom-protocol/mail-archive/msg01812.html.

draft-ietf-atompub-protocol-04 - Add ladder diagrams, reorganize, add
SOAP interactions

draft-ietf-atompub-protocol-03 - Incorporates PaceSliceAndDice3 and
PaceIntrospection.

draft-ietf-atompub-protocol-02 - Incorporates Pace409Response,
PacePostLocationMust, and PaceSimpleResourcePosting.

draft-ietf-atompub-protocol-01 - Added in sections on Responses for
the EditURI. Allow 2xx for response to EditURI PUTs. Elided all
mentions of WSSE. Started adding in some normative references.
Added the section "Securing the Atom Protocol". Clarified that it is
possible that the PostURI and FeedURI could be the same URI. Cleaned
up descriptions for Response codes 400 and 500.

Rev draft-ietf-atompub-protocol-00 - 5Jul2004 - Renamed the file and
re-titled the document to conform to IETF submission guidelines.
Changed MIME type to match the one selected for the Atom format.
Numerous typographical fixes. We used to have two 'Introduction'
sections. One of them was moved into the Abstract the other absorbed
the Scope section. IPR and copyright notifications were added.

Rev 09 - 10Dec2003 - Added the section on SOAP enabled clients and
servers.

Rev 08 - 01Dec2003 - Refactored the specification, merging the
Introspection file into the feed format. Also dropped the
distinction between the type of URI used to create new entries and
the kind used to create comments. Dropped user preferences.

Gregorio & de hOra Expires April 14, 2006 [Page 39]

Internet-Draft The Atom Publishing Protocol October 2005

Rev 07 - 06Aug2003 - Removed the use of the RSD file for auto-
discovery. Changed copyright until a final standards body is chosen.
Changed query parameters for the search facet to all begin with atom-
to avoid name collisions. Updated all the Entries to follow the 0.2
version. Changed the format of the search results and template file
to a pure element based syntax.

Rev 06 - 24Jul2003 - Moved to PUT for updating Entries. Changed all
the mime-types to application/x.atom+xml. Added template editing.
Changed 'edit-entry' to 'create-entry' in the Introspection file to
more accurately reflect it's purpose.

Rev 05 - 17Jul2003 - Renamed everything Echo into Atom. Added
version numbers in the Revision history. Changed all the mime-types
to application/atom+xml.

Gregorio & Sayre Expires November 10, 2005 [Page 33]

Internet-Draft The Atom Publishing Protocol May 2005

Rev 04 - 15Jul2003 - Updated the RSD version used from 0.7 to 1.0.
Change the method of deleting an Entry from POSTing <delete/> to
using the HTTP DELETE verb. Also changed the query interface to GET
instead of POST. Moved Introspection Discovery to be up under
Introspection. Introduced the term 'facet' for the services listed
in the Introspection file.

Rev 03 - 10Jul2003 - Added a link to the Wiki near the front of the
document. Added a section on finding an Entry. Retrieving an Entry
now broken out into it's own section. Changed the HTTP status code
for a successful editing of an Entry to 205.

Rev 02 - 7Jul2003 - Entries are no longer returned from POSTs,
instead they are retrieved via GET. Cleaned up figure titles, as
they are rendered poorly in HTML. All content-types have been
changed to application/atom+xml.

Rev 01 - 5Jul2003 - Renamed from EchoAPI.html to follow the more
commonly used format: draft-gregorio-NN.html. Renamed all references
to URL to URI. Broke out introspection into it's own section. Added
the Revision History section. Added more to the warning that the
example URIs are not normative.

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 34] 40]

Internet-Draft The Atom Publishing Protocol May October 2005

Intellectual Property Statement

The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.

Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.

The IETF has been notified of intellectual property rights claimed in
regard to some or all of the specification contained in this
document. For more information consult the online list of claimed
rights.

Disclaimer of Validity

This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 35] 41]

Internet-Draft The Atom Publishing Protocol May October 2005

Acknowledgment

Funding for the RFC Editor function is currently provided by the
Internet Society.

Gregorio & Sayre de hOra Expires November 10, 2005 April 14, 2006 [Page 36] 42]

----