[Search] [txt|pdf|bibtex] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 03 04                                                
     WEBDAV Working Group                                   J. Slein, Xerox
     INTERNET DRAFT                                         J. Davis, Xerox
     <draft-ietf-webdav-collection-protocol-01>          A. Babich, FileNet
                                              E.J. Whitehead Jr., UC Irvine
                                                              July 31, 1998
     Expires January 31, 1999

                        WebDAV Advanced Collections Protocol

     Status of this Memo

        This document is an Internet-Draft. Internet-Drafts are working
        documents of the Internet Engineering Task Force (IETF), its
        areas, and its working groups. Note that other groups may also
        distribute working documents as Internet-Drafts.

        Internet-Drafts are draft documents valid for a maximum of six
        months and may be updated, replaced, or made obsolete by other
        documents at any time. It is inappropriate to use Internet-Drafts
        as reference material or to cite them other than as "work in
        progress".

        To view the entire list of current Internet-Drafts, please check
        the "1id-abstracts.txt" listing contained in the Internet-Drafts
        Shadow Directories on ftp.is.co.za (Africa), ftp.nordu.net
        (Northern Europe), ftp.nis.garr.it (Southern Europe),munnari.oz.au
        (Pacific Rim), ftp.ietf.org (US EastCoast), or ftp.isi.edu (US West
        Coast).

        Distribution of this document is unlimited. Please send comments
        to the Distributed Authoring and Versioning (WebDAV) working group
        at <w3c-dist-auth@w3.org>, which may be joined by sending a
        message with subject "subscribe" to <w3c-dist-auth-
        request@w3.org>.

        Discussions of the WEBDAV working group are archived at URL:
        <http://www.w3.org/pub/WWW/Archives/Public/w3c-dist-auth>.

     Abstract

        The base WebDAV protocol [WebDAV] provides basic support for
        collections.  It defines a MKCOL method for creating collections
        and specifies how other HTTP and WebDAV methods interact with
        collections.  It supports internal members of collections, which it
        defines as members whose URIs are immediately relative to the URI
        of the collection.

        Many applications, however, need more powerful collections.  There
        are two areas in particular where more powerful functionality is
        often needed: referential resources and ordering.

        This draft specifies extensions to the base WebDAV protocol to
        support these more powerful collections.

    Table of Contents

        1       Terminology                                     3

Slein et al.                                                    Page 1
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

        2       Introduction                                    4
        3       Referential Resources                           4
          3.1     Scope                                         4
          3.2     Overview                                      6
          3.3     Creating Referential Resources                6
            3.3.1       The MKREF Method                        6
            3.3.2       Status Codes                            7
            3.3.3       Example                                 8
          3.4     Deleting Referential Resources                8
            3.4.1       The DELREF Method                       8
            3.4.2       Status Codes                            8
            3.4.3       Example                                 8
            3.4.4       Design Rationale                        8
          3.5     Listing Referential Members of a Collection   9
          3.6     Other WebDAV Operations on Indirect References        9
          3.7     HTTP Operations on Indirect References        10
          3.8     Operations on Targets of References           11
        4       Ordered Collections                             11
          4.1     Overview                                      11
          4.2     Creating an Ordered Collection                11
            4.2.1       Overview                                11
            4.2.2       Status Codes                            12
            4.2.3       Example                                 12
          4.3     Setting the Position of a Collection Member   12
            4.3.1       Overview                                12
            4.3.2       Status Codes                            13
            4.3.3       Examples                                13
          4.4     Changing the Semantics of a Collection Ordering       14
          4.5     Changing the Position of a Collection Member  14
            4.5.1       The ORDERPATCH Method                   14
            4.5.2       Status Codes                            14
            4.5.3       Example                                 14
            4.5.4       Design Rationale                        15
        5       New Headers                                     16
          5.1     Ref-Target Request Header                     16
          5.2     Ref-Integrity Request Header                  16
          5.3     Pass-Through Request Header                   17
          5.4     Resource-Type Response Header                 17
          5.5     Ordered Request Header                        17
          5.6     Position Request Header                       18
        6       New Properties                                  18
          6.1     reftarget Property                            18
          6.2     refintegrity Property                         18
          6.3     passthrough Property                          19
          6.4     orderingtype Property                         19
        7       New XML Elements                                20
          7.1     reference XML Element                         20
          7.2     weak XML Element                              20
          7.3     arbitrary XML Element                         20
          7.4     order XML Element                             20
          7.5     member XML Element                            20
          7.6     position XML Element                          21
          7.7     first XML Element                             21
          7.8     last XML Element                              21
          7.9     before XML Element                            21

Slein et al.                                                    Page 2
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

          7.10    after XML Element                             22
        8       Compliance                                      22
          8.1     Class 3                                       22
          8.2     Class 4                                       22
        9       Dependencies on Other Specifications            22
        10      Security Considerations                         22
          10.1    Redirect Loops                                23
          10.2    References and Denial of Service              23
          10.3    Malicious Modifications of Ordering           23
          10.4    Denial of Service and DAV:orderingtype        23
        11      Internationalization Considerations             23
        12      IANA Considerations                             24
        13      Copyright                                       24
        14      Intellectual Property                           24
        15      Acknowledgements                                24
        16      References                                      24
        17      Authors' Addresses                              25

1 Terminology

        The terminology used here follows and extends that in the base
        WebDAV protocol specification [WebDAV].

        Collection
           A resource that contains member resources

        Member Resource
           A resource contained by a collection

        Referential Resource (or Reference)
           A resource that has no content of its own, but rather is
           a reference to another resource

        Ordinary Resource
           A member resource that is not a reference to another resource

        Target Resource
           The resource referenced by a referential member of a collection

        Direct Reference
           A reference that has the property that operations on it are
           passed through to its target

        Indirect Reference
           A reference that has the property that operations on it do
           not affect its target

        Strong Reference
           A reference whose referential integrity is guaranteed by the
           server

        Weak Reference
           A reference whose referential integrity is not guaranteed by the
           server


Slein et al.                                                    Page 3
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

        Referential Integrity
           A server guarantees the integrity of a reference if it ensures
           that the reference will not be broken, or enables the
           reference's owner to ensure that the reference will not be
           broken.

2 Introduction

        The simple collections that the base WebDAV specification supports
        are powerful enough to be widely useful.  They provide for the
        hierarchical organization of resources, with mechanisms for
        creating and deleting collections, copying and moving them,
        locking them, adding resources to them and deleting resources from
        them, and getting listings of their members.  Delete, copy, move,
        list, and lock operations can be applied recursively, so that a
        client can operate on whole hierarchies with a single request.

        Many applications, however, need more powerful collections.  There
        are two areas in particular where more powerful functionality is
        often needed: referential resources and ordering.

        Referential resources make it possible for many collections, on the
        same or different servers, to share the same resource.  Because
        the collections share the resource by referencing it, only one
        physical copy of the resource need exist, and any changes made in
        the resource are visible from all the collections that reference
        it.

        It is useful for many applications to be able to impose an
        ordering on a collection. Orderings may be based on property
        values, but they may be completely independent of any properties
        on the collection's member resources.  Orderings based on
        properties can be obtained using a search protocol [DASL], but
        orderings not based on properties need some other mechanism.

        Since these two areas are independent of each other, servers may
        elect to comply with the Referential Resources section of this
        specification or with the Ordered Collections section or both.
        A server MUST advertise its compliance through its response to
        an OPTIONS request, as specified in [WebDAV].  New values for the
        DAV header are defined in Section 8 below to support this
        requirement.

3 Referential Resources

3.1 Scope

        [WebDAVReq] distinguishes between "weak" references and "strong"
        references, and also between "indirect" references and "direct"
        references.  This specification supports only weak references and
        indirect references, but is designed so that it can be extended
        to support strong references and direct references in the future.

        Strong references are references whose integrity is guaranteed by
        the server; weak references are those whose integrity is not

Slein et al.                                                    Page 4
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

        guaranteed.  Strong references and weak references are both useful
        in different contexts.  Some applications cannot tolerate broken
        links.  A software development application, for example, must be
        able to rely on the integrity of references to component modules.
        Such applications must be able to request strong references.  Other
        applications may want to reference target resources on multiple
        servers, where referential integrity cannot be guaranteed, and may
        be less concerned about possible broken references.

        Several considerations led to the decision not to support strong
        references in the current specification.  First, there are many
        possible policies that applications and services might use to
        enforce referential integrity.

           o Delete strong references when their targets are deleted.

           o Decline to delete targets of strong references.

           o Notify strong references when their targets have been
             deleted.

           o Let owners of resources decide whether strong references to
             them are allowed.

        There appears to be no common practice in this area.  Moreover,
        some of the policies have significant security risks.

           o Moving a target of strong references could be a security
             risk to the owner of the target by revealing secret
             locations on the target's server.

           o A strong reference could be a security risk to the owner of
             the reference by revealing secret locations on his server.

           o The presence of strong references to resources on a server
             could make it impossible to reclaim space on that server
             by moving or deleting those target resources.

        These considerations together led to the decision not to support
        strong references in the short term.

        Operations on indirect references do not affect their target
        resources, whereas operations on direct references are passed
        through to their targets.  Both indirect and direct references may
        be useful.  Each of these types of references is implemented in
        existing systems.  Existing HTTP servers are capable of supporting
        both types of references.  In effect, indirect references give
        clients access to the reference itself, and allow the reference to
        bear properties.  Direct references, once created, simplify access
        to the target resource by hiding from clients the fact that there
        is a reference mediating between the client and the target
        resource.  They also make access to the target more efficient,
        eliminating a round trip required by indirect references to get the
        URI of the target resource.


Slein et al.                                                    Page 5
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

        Again, it was believed that supporting direct references would be
        too difficult in the short term.  Although convenient, they add no
        functionality beyond what is available through indirect references.
        Existing systems often implement hybrids of direct and indirect
        references, for which some operations are passed through to the
        target while others are not.  This fact muddies the issue of what
        exactly WebDAV should support.  It also suggests that the
        definition of direct references as those for which operations are
        passed through to their targets may not really capture a class of
        references that are useful. [what else?]

        Consequently, it was decided not to support direct references in
        the short term.

3.2 Overview

        A referential resource is a resource that has no content of its
        own, but instead references another resource.  The resource it
        references may be in the same collection or anywhere else.  This
        target resource may be a collection or a simple resource or another
        reference, or any other sort of resource that may be defined in the
        future.  A resource may be the target of any number of referential
        resources.

        Since a referential resource is a resource, it can have properties
        just like any other resource.  These properties are completely
        independent of the properties on its target resource.  A new
        DAV:reftarget property of referential resources has as its value
        the URI of the target resource.

        To make it possible to distinguish referential resources from
        ordinary resources, a new value of the DAV:resourcetype property
        is defined here.  The DAV:resourcetype property of all referential
        resources MUST have the value reference.

        Although only weak, indirect references are currently supported,
        two new DAV properties are defined in anticipation of future
        support for strong references and direct references.  These
        properties, DAV:refintegrity and DAV:passthrough, will allow
        clients to distinguish between weak and strong references, and
        between indirect and direct references.  All referential resources
        MUST have these properties.  Although the only value currently
        defined for DAV:refintegrity is weak, other values may be defined
        in the future.  Although the only value currently defined for
        DAV:passthrough is none, other values may be defined in the future.

3.3 Creating Referential Resources

3.3.1 The MKREF Method

        Referential resources are created using the MKREF method.  The
        request-URI of the MKREF request identifies the resource to be
        created.  The required Ref-Target header contains the URI of the
        target resource.


Slein et al.                                                    Page 6
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

        An optional Ref-Integrity request header is defined below,
        primarily for future support for strong references.  The only value
        currently defined for this header is "DAV:weak",although other
        values may be used by private agreement.  "DAV:weak" is the default
        value if the header is not present.

        An optional Pass-Through request header is defined below, primarily
        for future support for direct references.  Currently, its value is
        always empty, although other values may be used by private
        agreement.  The default value is empty if the header is not
        present.

        An optional Position request header supports ordered collections by
        allowing the client to specify where the new referential member is
        to be placed in the collection's ordering.  (This header can also
        be used with PUT to create an ordinary collection member at a
        specific position in the ordering.)

        When a server processes a MKREF request, it MUST set the
        DAV:resourcetype property (defined in [WebDAV]) of the new resource
        to be DAV:reference.

        When a server processes a MKREF request, it MUST set the
        DAV:reftarget property to the URI of the target resource.

        When a server processes a MKREF request, it MUST set the
        DAV:refintegrity property and the DAV:passthrough property.

        The client MUST NOT send any content with the MKREF request, and so
        MUST NOT use the Content-Length or Transfer-Encoding headers.  (See
        [HTTP].)

        If a MKREF request is submitted for an existing resource, the
        existing resource's content and headers will be overwritten.  This
        behavior is analogous to the behavior of the HTTP PUT method.  Live
        properties may get new values at the server's discretion; dead
        properties will retain their existing values.  If the Position
        header is absent in this case and the collection is ordered, the
        server MUST leave the member at its previous position in the
        collection ordering.  If the Position header is present and the
        collection is ordered, the server MUST remove it from its previous
        position, and then insert it at the requested position.

3.3.2 Status Codes

        201 Created
        200 OK: modified an existing resource
        409 Conflict: no resource at Ref-Target
        unrecognized / unsupported value for Ref-Integrity
        unrecognized / unsupported value for Pass-Through
        400 Bad Request: content not allowed
        409 Conflict: Position Before / After a URI that is not in this
                      collection
        400 Bad Request: Position Before / After self
        409 Conflict: Position header, but not an ordered collection

Slein et al.                                                    Page 7
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

        425 Insufficient Space on Resource
        409 Conflict: Parent collection does not exist

3.3.3 Example

        Request:

        MKREF /~whitehead/dav/spec08.ref HTTP/1.1
        HOST: www.ics.uci.edu
        Ref-Target: <http://www.ics.uci.edu/i-d/draft-webdav-protocol-        08.txt>

        Response:

        HTTP/1.1 201 Created

        This request resulted in the creation of a new referential resource
        at www.ics.uci.edu/~whitehead/dav/spec08.ref, which points to the
        resource identified by the Ref-Target header.  Its DAV:resourcetype
        property is set to DAV:reference.  Its DAV:reftarget property is
        set to the URI of its target resource.  Its DAV:refintegrity
        property is set to the default value of DAV:weak.  Its
        DAV:passthrough property is set to the default value of EMPTY.

3.4 Deleting Referential Resources

3.4.1 The DELREF Method

        The new DELREF method is used to delete referential resources.
        DELREF on a referential resource has no effect on its target
        resource.

3.4.2 Status Codes

        200 OK
        405 Method Not Allowed: Request-URI is not a reference
        404 Not Found: No resource at Request-URI

3.4.3 Example

        Request:

        DELREF /~whitehead/dav/spec08.ref HTTP/1.1
        HOST: www.ics.uci.edu

        Response:

        HTTP/1.1 200 OK

        The referential resource /~whitehead/dav/spec08.ref has been
        deleted, but its target resource still exists.

3.4.4 Design Rationale

        The HTTP DELETE method can be used to delete indirect references,
        since by definition these references do not pass operations through

Slein et al.                                                    Page 8
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

        to their targets.

        If direct references are supported in the future, however, a method
        distinct from the HTTP DELETE method will be needed for deleting
        the reference itself.  Since direct references do pass operations
        through to their targets, DELETE would delete the target resource
        rather than the reference itself.

        DELREF is being introduced now in anticipation of future needs,
        and can be used in all cases where a reference is to be deleted.

3.5 Listing Referential Members of a Collection

        Since a referential member of a collection is just a resource in
        the collection, a listing of members of the collection shows
        referential members along with ordinary members.  That is, a WebDAV
        PROPFIND request on a collection resource with Depth = 1 or
        infinity MUST return a response XML element for each ordinary
        member and for each referential member.

        If Depth = infinity in the PROPFIND request, the server MUST NOT
        follow indirect references into any collections to which they may
        refer.

3.6 Other WebDAV Operations on Indirect Referential Resources

        By definition, operations on an indirect reference affect only the
        reference, and not its target resource.  Since only indirect
        references are supported by this specification, WebDAV operations
        that are applied to them affect only the referential resource, not
        its target resource.

        A LOCK operation on an indirect reference locks the referential
        resource, not its target.  A LOCK on the collection with
        Depth = 1 or infinity locks the referential members along with all
        the other members of the collection, but not the targets of the
        indirect referential members.

        A PROPPATCH on an indirect referential resource modifies the
        properties of the referential resource, not the properties of its
        target resource.

        A PROPFIND on an indirect referential resource returns the
        properties of the referential resource, not the properties of its
        target resource.

        A MOVE operation on an indirect referential resource moves the
        referential resource to a different location, but has no effect on
        the location of its target. The DAV:reftarget property is unchanged
        after a MOVE unless the Ref-Target header is used to change it.

        A COPY operation on an indirect referential resource copies the
        referential resource, not its target resource, to another location.
        The DAV:reftarget property of the destination resource is the same
        as the DAV:reftarget of the source resource, unless the Ref-Target

Slein et al.                                                    Page 9
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

        header is used to change it.

3.7 HTTP Operations on Indirect Referential Resources

        Although existing HTTP clients cannot create referential resources,
        they should be able to read collections created by Class 3 WebDAV
        clients.  They should be able to follow any references in those
        collections to their targets.  To make this possible, a server that
        receives a GET or HEAD on an indirect reference MUST return a 302
        (Moved Temporarily) status code.  The server MUST follow [HTTP]
        Section 10.3.3 "302 Moved Temporarily," but with these additional
        rules:

           o The Location header MUST contain the target URI of the
             reference.

           o The response MUST include a Resource-Type header with the
             value "Reference".  This header allows Class 3 WebDAV clients
             to recognize the resource as a reference and understand the
             reason for the redirection.

           o The response MUST also include those HTTP headers that make
             sense for referential resources, at a minimum: Cache-Control,
             Age, ETag, Expires, and Last-Modified.

        POST cannot be applied to an indirect reference.  A reference
        cannot accept another entity as its subordinate.  Depending upon
        the nature of the target resource, however, it might make sense to
        apply POST to the target.  A server that receives a POST request
        on an indirect reference MUST return a 302 (Moved Temporarily).
        The rules for constructing and using the response are the same as
        for GET and HEAD, except that there is no requirement to return
        Cache-Control, Age, ETag, Expires, or Last-Modified.

        PUT cannot be applied to an indirect reference.  To replace one
        indirect reference with another, MKREF MUST be used.  To replace an
        indirect reference with an ordinary resource, the reference MUST
        first be deleted with DELREF, after which a PUT MUST be used to
        create the ordinary resource.

        Existing HTTP clients that do not understand referential resources
        need to be accommodated, however.  To enable these clients to
        operate reasonably on indirect references, a server that receives a
        PUT request on an indirect reference MUST return a 302 (Moved
        Temporarily).  The client and server MUST follow [HTTP] Section
        10.3.3 "302 Moved Temporarily," but with these additional rules:

           o The Location response header MUST contain the target URI of
             the reference.

           o The response MUST include a Resource-Type header, defined in
             Section 5.n below, with the value "Reference".  This header
             allows Class 3 WebDAV clients to recognize the resource as a
             reference and understand the reason for the redirection.


Slein et al.                                                    Page 10
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

           o The response MUST include an entity body for display to users.
             The entity body explains that the requested resource is a
             reference to another resource, and allows the user to choose
             whether to replace the target resource or to replace the
             reference.

        This last rule is needed for PUT, but not for GET, HEAD, or
        POST.  Only for PUT does it make sense for the user to confirm
        that the operation is to be performed at the request-URI.  GET or
        HEAD will already have returned all useful information about the
        request-URI.  POST makes no sense for the indirect reference at the
        request-URI.  But the user might really want to replace the
        indirect reference with the entity in the PUT request.

        Although the new DELREF method has been defined for deleting
        references, DELETE can be used to delete an indirect reference.
        Since by definition operations on an indirect reference affect the
        reference, and not its target, DELETE will delete the indirect
        reference and leave its target untouched.

3.8 Operations on Targets of Referential Resources

        Operations on targets of weak, indirect referential resources have
        no effect on the referential resource.

4 Ordered Collections

4.1 Overview

        Collections on a compliant server may be ordered, but need not be.
        It is up to the client to decide whether a given collection is
        ordered and, if so, to specify the semantics to be used for
        ordering its members.  If a collection is ordered, each of its
        members must be in the ordering exactly once, and the ordering must
        not include any resource that is not a member of the collection.
        Only one ordering can be attached to any collection.  Multiple
        orderings of the same resources can be achieved by creating
        multiple collections referencing those resources, and attaching a
        different ordering to each collection.

        The server is responsible for enforcing these constraints on
        orderings.  The server MUST remove a resource from the ordering
        when it is removed from the collection. The server MUST add a
        resource to the ordering when it is added to the collection.

        When responding to a PROPFIND on a collection, the server MUST
        order the response elements according to the ordering defined
        on the collection.

4.2 Creating an Ordered Collection

4.2.1 Overview

        When a collection is created, the client can request that it be
        ordered and specify the semantics of the ordering by using the

Slein et al.                                                    Page 11
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

        new Ordered header in the MKCOL request, setting its value to the
        URI of the semantics to be used.  If the client does not want the
        collection to be ordered, it may omit the Ordered header, or use
        it with the value "DAV:arbitrary".

        Every collection MUST have the new DAV:orderingtype property,
        which indicates whether the collection is ordered and, if so,
        identifies the semantics of the ordering.  A value of DAV:arbitrary
        indicates that that collection is not ordered.  That is, the client
        cannot depend on the repeatability of the ordering of results from
        a PROPFIND request.  Otherwise the value of DAV:orderingtype is an
        href that SHOULD point to a resource that contains a definition of
        the semantics of the ordering, allowing a human user or software
        package to insert new collection members into the ordering
        intelligently.

        If the Ordered header is present on a MKCOL request, the server
        MUST set the collection's DAV:orderingtype property to the value of
        the Ordered header.  If the Ordered header is not present, the
        server MUST treat the request as if it had an Ordered header with
        the value "DAV:arbitrary", meaning that the collection is not
        ordered.  If the collection is ordered, the server MUST respond to
        PROPFIND requests on the collection using the specified ordering.

4.2.2 Status Codes

        No new error conditions are introduced.

4.2.3 Example

        Request:

        MKCOL /theNorth/ HTTP/1.1
        Host: www.server.org
        Ordered: <http://www.server.org/orderings/compass.html>

        Response:

        HTTP/1.1 201 Created

        In this example, a new, ordered collection was created.  Its
        DAV:orderingtype property has as its value the URI from the
        Ordered header.  In this case, the URI points to a description of
        the semantics governing the ordering.  As new members are added to
        the collection, clients or end users can consult the semantics to
        determine how to position the new members in the ordering.

4.3 Setting the Position of a Collection Member

4.3.1 Overview

        When a new member is added to a collection with MKREF, PUT, COPY,
        or MOVE, its position in the ordering can be set with the new
        Position header.  The Position header allows the client to specify
        that the member should be first in the collection's ordering, last

Slein et al.                                                    Page 12
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

        in the collection's ordering, before some other collection member
        in the collection's ordering, or after some other collection member
        in the collection's ordering.

        The server MUST insert the new member into the ordering at the
        location specified in the Position header, if one is present (and
        if the collection is ordered); otherwise, it MUST append the new
        member to the end of the ordering (if the collection is ordered).
        If a PUT or MKREF causes an existing resource to be replaced, and
        if the Position header is absent, the server MUST leave the member
        at its previous position in the collection ordering.  If the
        Position header is present, the server MUST remove the member from
        its previous position, and then insert it at the requested
        position.

4.3.2 Status Codes

        201 Created
        409 Conflict: Before / After a URI that is not in this collection
        400 Bad Request: Before / After self
        405 Method Not Allowed: Not an ordered collection

4.3.3 Examples

        Request:

        MKREF /~whitehead/dav/spec08.ref HTTP/1.1
        HOST: www.ics.uci.edu
        Ref-Target: <http://www.ics.uci.edu/i-d/draft-webdav-protocol-08.txt>
        Position: After <requirements.html>

        Response:

        HTTP/1.1 201 Created

        This request resulted in the creation of a new referential resource
        at www.ics.uci.edu/~whitehead/dav/spec08.ref, which points to the
        resource identified by the Ref-Target header.  The Position header
        in this example caused the server to set its position in the
        ordering of the /~whitehead/dav/ collection immediately after the
        requirements.html resource.

        Request:

        MOVE /i-d/draft-webdav-protocol-08.txt HTTP/1.1
        Host: www.ics.uci.edu
        Destination: </~whitehead/dav/draft-webdav-protocol-08.txt>
        Position: First

        Response:

        HTTP/1.1 409 Conflict

        In this case, the server returned a 409 Conflict status code
        because the /~whitehead/dav/ collection is an unordered collection.

Slein et al.                                                    Page 13
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

        Consequently, the server was unable to satisfy the Position
        header.

4.4 Changing the Semantics of a Collection Ordering

        After a collection has been created, a client can change its
        ordering semantics, or change an ordered collection to an unordered
        collection or vice versa, by using PROPPATCH to change the value of
        its DAV:orderingtype property.  The client is then responsible for
        updating the ordering of the collection members according to the
        new semantics.  PROPPATCH is defined in [WebDAV], Section 7.2.

4.5 Changing the Position of a Collection Member

4.5.1 The ORDERPATCH Method

        To change the position of a collection member in the collection's
        ordering, the client MUST use an ORDERPATCH request with a request
        body containing an order XML element.  The request-URI of an
        ORDERPATCH request is the URI of the collection whose ordering is
        to be updated.  The order XML element identifies the member
        resource whose position is to be changed, and describes its new
        position in the ordering.  The new position can be specified as
        first in the ordering, last in the ordering, before some other
        collection member in the ordering, or after some other collection
        member in the ordering.

4.5.2 Status Codes

        Although the protocol currently allows only a single change to be
        requested with ORDERPATCH, it is anticipated that this may change
        in the future.  Consequently, the server MUST return a 207
        Multi-Status response, as defined in [WebDAV].

        Within the 207 Multi-Status response, the following status codes
        are possible:

        200 OK
        409 Conflict: Before / After a URI that is not in this collection
        409 Conflict: href doesn't point to a member of this collection
        400 Bad Request: only one change allowed
        400 Bad Request: Before / After self
        405 Method Not Allowed: Not an ordered collection
        405 Method Not Allowed: Not a collection
        (It's ok to reposition to the same position)

4.5.3 Example

        Consider a collection /coll-1/ with members ordered as follows:

                nunavut.map
                nunavut.img
                baffin.map
                baffin.desc
                baffin.img

Slein et al.                                                    Page 14
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

                iqaluit.map
                nunavut.desc
                iqaluit.desc
                iqaluit.img

        Request:

        ORDERPATCH /coll-1/ HTTP/1.1
        Host: www.nunanet.com
        Content-Type: text/xml
        Content-Length: xxx

        <?xml version="1.0" ?>
        <?xml:namespace ns="DAV:" prefix="d" ?>
        <d:order>
           <d:member>
              <d:href>nunavut.desc</d:href>
              <d:position>
                 <d:after>
                    <d:href>nunavut.map</d:href>
                 </d:after>
              </d:position>
           </d:member>
        </d:order>

        Response:

        HTTP/1.1 207 Multi-Status
        Content-Type: text/xml
        Content-Length: xxx

        <?xml version="1.0" ?>
        <?xml:namespace ns="DAV:" prefix="d" ?>
        <d:multistatus>
           <d:response>
              <d:href>http://www.nunanet.com/coll-1/nunavut.desc</d:href>
              <d:status>HTTP/1.1 200 OK</d:status>
           </d:response>
        </d:multistatus>

        In this example, after the request has been processed, the
        map of nunavut is the first member in the collection's ordering:

                nunavut.map
                nunavut.desc
                nunavut.img
                baffin.map
                baffin.desc
                baffin.img
                iqaluit.map
                iqaluit.desc
                iqaluit.img

4.5.4 Design Rationale


Slein et al.                                                    Page 15
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

        The decision to introduce the new ORDERPATCH method was made after
        investigating the possibility of using the existing MOVE method
        with a Position header.  The use of MOVE initially looked
        appealingly simple:

        MOVE /root/coll-1/foo HTTP/1.1
        Host: www.somehost.com
        Destination: </root/coll-1/foo>
        Position: First

        Unfortunately, several features of the semantics of MOVE make it
        unsuitable for changing the position of a collection member in the
        collection's ordering.  First, [WebDAV] defines MOVE as logically
        equivalent to a copy followed by a delete of the source resource.
        This definition makes it impossible to MOVE a resource to a
        destination URL that is the same as the source URL.  The resource
        would be deleted rather than moved.  Second, [WebDAV] states that
        when moving a resource to a destination where a resource already
        exists, the Overwrite header must be "T", and in this case the
        server must DELETE the resource at the destination before
        performing the MOVE.  Again, this makes it impossible to MOVE
        a resource to the same location.  Finally, [WebDAV] states that
        locks are lost on a MOVE, an outcome that seems undesirable in this
        case.

        The decision to allow only a single change to be described in a
        PROPPATCH request was made in order to accommodate many existing
        systems that do not allow multiple changes to be requested at once.
        However, the protocol design is extensible to support multiple
        requests in the future.

        In particular, the decision to define a new order XML element for
        ORDERPATCH was made for the sake of extensibility.  Although the
        current definition of the order XML element allows only a single
        change in the ordering per ORDERPATCH request, using an XML element
        keeps open the option of later allowing multiple changes to be
        described in a single ORDERPATCH request.  Similarly, a
        Multi-Status response is used in order to keep open the option of
        multiple changes in a single request in the future.

5 New Headers

5.1 Ref-Target Request Header

        Ref-Target = "Ref-Target" ":" Coded-url

        Coded-url is defined in [WebDAV], Section 8.4.

        The Ref-Target request header is used with the MKREF method to
        identify the target resource of the new referential resource being
        created.  It is a required header in MKREF requests.  This header
        may also be used with COPY and MOVE requests to change the target
        of the destination reference.

5.2 Ref-Integrity Request Header

Slein et al.                                                    Page 16
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998


        Ref-Integrity = "Ref-Integrity" ":" ("DAV:weak")

        The Ref-Integrity header is defined to allow future support for
        strong references.  It specifies whether the server should
        enforce referential integrity for a referential resource being
        created with MKREF.  The only value currently defined for the
        Ref-Integrity header is "DAV:weak", which means that the server
        need not [should not? must not?] enforce referential integrity for
        the newly created reference.  Other values may be used by private
        agreement between the client and server.  If the header is not
        present on a MKREF request, the server MUST treat the request as
        if it has a Ref-Integrity header set to "DAV:weak".  This header
        may also be used with COPY and MOVE requests.  If this header is
        not present on a COPY or MOVE request, the DAV:refintegrity
        property MUST be treated like any other live property, as
        specified in [WebDAV] sections 7.8.2 and 7.9.1.

5.3 Pass-Through Request Header

        Pass-Through = "Pass-Through" ":" ""

        The Pass-Through header is defined to allow future support for
        direct references.  Indirect references do not pass operations
        through to their target resources, so for them the value of
        the Pass-Through header is empty.  Direct references pass all
        operations through to their target resources.  Other types of
        references may pass certain operations through, while others may
        affect the reference itself.  Since only indirect references are
        supported today, the only value currently defined for Pass-Through
        is empty.  Other values may be used by private agreement between
        the client and server.  If the header is not present on a MKREF
        request, the server MUST treat the request as if it has a
        Pass-Through header with the value empty.  This header may also be
        used with a COPY or MOVE request on a reference.  If this header is
        not present on a COPY or MOVE request, the DAV:passthrough
        property MUST be treated like any other live property, as
        specified in [WebDAV] sections 7.8.2 and 7.9.1.

5.4 Resource-Type Response Header

        Resource-Type = "Resource-Type" ":" ["DAV:collection" |
                                             "DAV:reference" | ""]

        The Resource-Type response header contains the value of the
        DAV:resourcetype property.  It is used with 302 responses to PUT,
        POST, GET, or HEAD requests on referential resources to indicate to
        the client that the reason for the redirection is that the
        request-URI pointed to a referential resource.

5.5 Ordered Request Header

        Ordered = "Ordered" ":" ("DAV:arbitrary" | Coded-url)

        The Ordered request header may be used with MKCOL to request that

Slein et al.                                                    Page 17
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

        the new collection be ordered and to specify its ordering
        semantics.  A value of "DAV:arbitrary" indicates that the
        collection is not ordered.  That is, the client cannot depend on
        the repeatability of the ordering of results from a PROPFIND
        request. A Coded-url value indicates that the collection is
        ordered, and identifies the semantics of the ordering.  The
        Coded-url SHOULD point to a resource that contains a definition of
        the semantics of the ordering, allowing a human user or software
        package to insert new collection members into the ordering
        intelligently.

        If the Ordered header is not present on a MKCOL request, the
        server MUST treat the request as if it had an Ordered header with
        the value "DAV:arbitrary".

5.6 Position Request Header

        Position = "Position" ":" ("First" | "Last" |
                                  (("Before" | "After") Coded-url))

        The Position header may be used with MKREF, PUT, COPY, or MOVE to
        tell the server where in the collection ordering to position the
        resource being added to the collection.  It may be used for both
        ordinary and referential members.

        If the Coded-url is a relative URL, it is interpreted relative to
        the collection in which the resource is being created.

        If the Position request header is not used, then:

            If the request is replacing an existing resource, the server
            MUST preserve the present ordering.

            If the request is adding a new member to the collection, the
            server MUST append the new member to the end of the ordering
            (if the collection is ordered).

6 New Properties

6.1 reftarget Property

        Name:           reftarget
        Namespace:      DAV:
        Purpose:        A required property of referential resources that
                        provides an efficient way for clients to discover
                        the URI of the target resource.  This is a readonly
                        property, whose value can only be set by using the
                        Ref-Target header with a MKREF, COPY, or MOVE
                        request.
        Value:          URI of the target resource.

        <!ELEMENT reftarget href>

6.2 refintegrity Property


Slein et al.                                                    Page 18
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

        Name:           refintegrity
        Namespace:      DAV:
        Purpose:        A required property of a referential resource that
                        indicates whether the server guarantees referential
                        integrity for that reference.  The refintegrity
                        property is defined to allow future support for
                        strong references.  The only value currently
                        defined for refintegrity is weak, which means that
                        the server need not [does not?] enforce referential
                        integrity for the reference.  Other values may be
                        used by private agreement between the client and
                        server.  This is a readonly property, whose value
                        can only be set by using the Ref-Integrity header
                        with a MKREF, COPY, or MOVE request.
        Value:          weak

        <!ELEMENT refintegrity (weak)>

6.3 passthrough Property

        Name:           passthrough
        Namespace:      DAV
        Purpose:        A required property of a referential resource that
                        indicates what operations are passed through to its
                        target resource.  The passthrough property is
                        defined to allow future support for direct
                        references, which pass all operations through to
                        their targets.  This specification currently
                        supports only indirect references, which do not
                        pass any operations through to their targets.  The
                        only value currently defined for passthrough is
                        EMPTY.  Other values may be used by private
                        agreement between the client and server.  This is
                        a read-only property, whose value can only be set
                        by using the Pass-Through header with a MKREF,
                        COPY, or MOVE request.
        Value:          EMPTY

        <!ELEMENT passthrough EMPTY>

6.4 orderingtype Property

        Name:           orderingtype
        Namespace:      DAV:
        Purpose:        Indicates whether the collection is ordered and, if
                        so, uniquely identifies the semantics of the
                        ordering being used.  SHOULD also provide an
                        explanation of the semantics in human and / or
                        machine-readable form.  At a minimum, this allows
                        human users who add members to the collection to
                        understand where to position them in the ordering.
        Value:          arbitrary for an unordered collection, or a URI
                        that uniquely identifies the semantics of the
                        collection's ordering.  The URI SHOULD point to
                        a definition of the ordering semantics.

Slein et al.                                                    Page 19
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998


        <!ELEMENT orderingtype (arbitrary | href) >

7 New XML Elements

7.1 reference XML Element

        Name:           reference
        Namespace:      DAV:
        Purpose:        A new value of the DAV:resourcetype property that
                        identifies its resource as a referential resource.
                        The DAV:resourcetype property of a referential
                        resource MUST have this value.
        Value:          EMPTY

        <!ELEMENT reference EMPTY >

7.2 weak XML Element

        Name:           weak
        Namespace:      DAV:
        Purpose:        The only value currently defined for the
                        DAV:refintegrity property.  It means that the
                        server need not [does not?] enforce referential
                        integrity for the reference to which the property
                        belongs.
        Value:          EMPTY

        <!ELEMENT weak EMPTY >

7.3 arbitrary XML Element

        Name:           arbitrary
        Namespace:      DAV:
        Purpose:        A value of the DAV:orderingtype property that
                        indicates that the collection is not ordered.  That
                        is, the client cannot depend on the repeatability
                        of the ordering of results from a PROPFIND request.
        Value:          EMPTY

        <!ELEMENT arbitrary EMPTY >

7.4 order XML Element

        Name:           order
        Namespace:      DAV
        Purpose:        For use with the new ORDERPATCH method.  Describes
                        a change to be made in a collection ordering.
        Value:          A description of the new position of a collection
                        member in the collection's ordering.

        <!ELEMENT order member >

7.5 member XML Element


Slein et al.                                                    Page 20
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

        Name:           member
        Namespace:      DAV
        Purpose:        Occurs in the order XML Element, and describes the
                        new position of a single collection member in the
                        collection's ordering.
        Value:          An href containing the relative URI of the
                        collection member, and a description of its new
                        position in the ordering.  The href XML element is
                        defined in [WebDAV], Section 11.3.

        <!ELEMENT member (href, position) >

7.6 position XML Element

        Name:           position
        Namespace:      DAV
        Purpose:        Occurs in the member XML element.  Describes the
                        new position in a collection's ordering of one of
                        the collection's members.
        Value:          The new position can be described as first in the
                        collection's ordering, last in the collection's
                        ordering, before some other member of the
                        collection, or after some other member of the
                        collection.

        <!ELEMENT position (first | last | before | after)>

7.7 first XML Element

        Name:           first
        Namespace:      DAV
        Purpose:        Occurs in the position XML element.  Describes the
                        collection member's position as first in the
                        collection's ordering.
        Value:          EMPTY

        <!ELEMENT first EMPTY >

7.8 last XML Element

        Name:           last
        Namespace:      DAV
        Purpose:        Occurs in the position XML element.  Describes the
                        collection member's position as last in the
                        collection's ordering.
        Value:          EMPTY

        <!ELEMENT last EMPTY >

7.9 before XML Element

        Name:           before
        Namespace:      DAV
        Purpose:        Occurs in the position XML element.  Describes the
                        collection member's position as coming before some

Slein et al.                                                    Page 21
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

                        other collection member in the collection's
                        ordering.
        Value:          href of the member it precedes in the ordering

        <!ELEMENT before href >

7.10 after XML Element

        Name:           after
        Namespace:      DAV
        Purpose:        Occurs in the position XML element.  Describes the
                        collection member's position as coming after some
                        other collection member in the collection's
                        ordering.
        Value:          href of the member it follows in the ordering

        <!ELEMENT after href >

8 Compliance

        Section 14 of [Goland et al, 1998] defined a DAV header for use
        when responding to OPTIONS requests.  This header provides a way
        for clients to discover which parts of WebDAV a resource supports.
        The WebDAV specifications define numbered compliance classes
        corresponding to collections of related functions that resources
        may support.  When the server receives an OPTIONS request, it lists
        the classes that the request-URI supports in the DAV response
        header.

        Since this specification defines two independent sets of
        functionality, it defines two new compliance classes.  A WebDAV
        server may support neither, one or the other, or both for any
        resource.

8.1 Class 3

        This new compliance class indicates compliance with Section 3
        "Referential Resources" of this specification.  Servers that comply
        with Section 3 MUST list this class in the DAV response header
        when they respond to an OPTIONS request.

8.2 Class 4

        This new compliance class indicates compliance with Section 4
        "Ordered Collections" of this specification.  Servers that comply
        with Section 4 MUST list this class in the DAV response header
        when they respond to an OPTIONS request.

9 Dependencies on Other Specifications

          TBD

10 Security Considerations

        This section is provided to detail issues concerning security

Slein et al.                                                    Page 22
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

        implications of which WebDAV applications need to be aware.

        All of the security considerations of HTTP/1.1 and the base WebDAV
        protocol also apply to WebDAV collections.  In addition,
        referential resources and ordered collections introduce several
        new security concerns and increase the risk of some existing
        threats.  These issues are detailed below.

10.1 Redirect Loops

         Although redirect loops were already possible in HTTP 1.1, the
         introduction of referential resources creates a new avenue for
         clients to create loops accidentally or maliciously.  If the
         referential resource and its target are on the same server, the
         server may be able to detect MKREF requests that would create
         loops. See also [HTTP], Section 10.3 "Redirection 3xx."

10.2 References and Denial of Service

         The introduction of referential resources creates a new avenue
         for denial of service attacks. Clients can create heavily used
         references to target locations that were not designed for heavy
         usage.

10.3 Malicious Modifications of Ordering

         Particularly in large collections, moving a collection member to
         a different position in the ordering can make it very difficult
         for users to find.

10.4 Denial of Service and DAV:orderingtype

         There may be some risk of denial of service at sites that are
         advertised in the DAV:orderingtype property of collections.
         However, it is anticipated that widely-deployed applications will
         use hard-coded values for frequently-used ordering semantics
         rather than looking up the semantics at the location specified by
         DAV:orderingtype.

11 Internationalization Considerations

         This specification follows the practices of [WebDAV] in encoding
         all human-readable content using XML [XML] and in the treatment
         of names.  Consequently, this specification complies with the
         IETF Character Set Policy [Alvestrand].

         WebDAV applications MUST support the character set tagging,
         character set encoding, and the language tagging functionality of
         the XML specification.  This constraint ensures that the human-
         readable content of this specification complies with [Alvestrand].

         As in [WebDAV}, names in this specification fall into three
         categories: names of protocol elements such as methods and
         headers, names of XML elements, and names of properties.  Naming
         of protocol elements follows the precedent of HTTP, using English

Slein et al.                                                    Page 23
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

         names encoded in USASCII for methods and headers.  The names of
         XML elements used in this specification are English names encoded
         in UTF-8.

         For error reporting, [WebDAV] follows the convention of HTTP/1.1
         status codes, including with each status code a short, English
         description of the code (e.g., 423 Locked).  Internationalized
         applications will ignore this message, and display an appropriate
         message in the user's language and character set.

         For rationales for these decisions and advice for application
         implementors, see [WebDAV].

12 IANA Considerations

          TBD

13 Copyright

14 Intellectual Property

15 Acknowledgements

        This draft has benefited from thoughtful discussion by
        Steve Carter, Ellis Cohen, Spencer Dawkins, Rajiv Dulepet,
        Chuck Fay, Roy Fielding, Yaron Goland, Fred Hitt, Alex Hopmann,
        Marcus Jager, Rohit Khare, Daniel LaLiberte, Steve Martin,
        Surendra Koduru Reddy, Sam Ruby, Bradley Sergeant, Nick Shelness,
        John Stracke, John Tigue, John Turner, and others.

16 References

        [WebDAV] Y. Y. Goland, E. J. Whitehead, Jr., A.
        Faizi, S. R. Carter, D. Jensen, "Extensions for Distributed
        Authoring on the World Wide Web - WebDAV." Draft-ietf-webdav-
        protocol-08. Internet Draft, work in progress.  Microsoft,
        U.C. Irvine, Netscape, Novell. April, 1998.

        [DASL] Saveen Reddy, D. Jensen, Surendra Reddy,
        R. Henderson, J. Davis, A. Babich, "DAV Searching & Locating."
        Draft-reddy-dasl-protocol-02. Internet Draft, work in progress.
        Microsoft, Novell, Oracle, Netscape, Xerox, Filenet.  June, 1998.

        [WebDAVReq] J. Slein, J. Davis, "Requirements for Advanced
        Collection Functionality in WebDAV." Draft-ietf-webdav-collection-
        reqts-02. Internet Draft, work in progress.  Xerox, 1998.

        [HTTP] R. Fielding, J. Gettys, J. Mogul, H. Frystyk,
        T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1."
        RFC 2068.  UC Irvine, DEC, MIT/LCS.  January, 1997.

        [XML] T. Bray, J. Paoli, C.M. Sperberg-McQueen, "Extensible Markup
        Language (XML)."  World Wide Web Consortium Recommendation
        REC-xml-19980210. http://www.w3.org/TR/1998/REC-xml-19980210.


Slein et al.                                                    Page 24
INTERNET-DRAFT            WebDAV Collection Protocol          July 1998

17 Authors' Addresses

        J. Slein
        Xerox Corporation
        800 Phillips Road, 105-50C
        Webster, NY 14580
        Email: slein@wrc.xerox.com

        J. Davis
        Xerox Corporation
        3333 Coyote Hill Road
        Palo Alto, CA 94304
        Email: jdavis@parc.xerox.com

        A. Babich
        FileNet Corporation
        3565 Harbor Boulevard
        Costa Mesa, CA 92626-1420
        Email: ababich@filenet.com

        E.J. Whitehead Jr.
        Dept. of Information and Computer Science
        University of California, Irvine
        Irvine, CA 92697-3425
        Email: ejw@ics.uci.edu

    Expires January 31, 1999

Slein et al.                                                    Page 25