summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc4825.txt
diff options
context:
space:
mode:
authorThomas Voss <mail@thomasvoss.com> 2024-11-27 20:54:24 +0100
committerThomas Voss <mail@thomasvoss.com> 2024-11-27 20:54:24 +0100
commit4bfd864f10b68b71482b35c818559068ef8d5797 (patch)
treee3989f47a7994642eb325063d46e8f08ffa681dc /doc/rfc/rfc4825.txt
parentea76e11061bda059ae9f9ad130a9895cc85607db (diff)
doc: Add RFC documents
Diffstat (limited to 'doc/rfc/rfc4825.txt')
-rw-r--r--doc/rfc/rfc4825.txt3979
1 files changed, 3979 insertions, 0 deletions
diff --git a/doc/rfc/rfc4825.txt b/doc/rfc/rfc4825.txt
new file mode 100644
index 0000000..41d28eb
--- /dev/null
+++ b/doc/rfc/rfc4825.txt
@@ -0,0 +1,3979 @@
+
+
+
+
+
+
+Network Working Group J. Rosenberg
+Request for Comments: 4825 Cisco
+Category: Standards Track May 2007
+
+
+ The Extensible Markup Language (XML)
+ Configuration Access Protocol (XCAP)
+
+Status of This Memo
+
+ This document specifies an Internet standards track protocol for the
+ Internet community, and requests discussion and suggestions for
+ improvements. Please refer to the current edition of the "Internet
+ Official Protocol Standards" (STD 1) for the standardization state
+ and status of this protocol. Distribution of this memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The IETF Trust (2007).
+
+Abstract
+
+ This specification defines the Extensible Markup Language (XML)
+ Configuration Access Protocol (XCAP). XCAP allows a client to read,
+ write, and modify application configuration data stored in XML format
+ on a server. XCAP maps XML document sub-trees and element attributes
+ to HTTP URIs, so that these components can be directly accessed by
+ HTTP.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rosenberg Standards Track [Page 1]
+
+RFC 4825 XCAP May 2007
+
+
+Table of Contents
+
+ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
+ 2. Overview of Operation . . . . . . . . . . . . . . . . . . . . 5
+ 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
+ 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 6
+ 5. Application Usages . . . . . . . . . . . . . . . . . . . . . . 7
+ 5.1. Application Unique ID (AUID) . . . . . . . . . . . . . . . 7
+ 5.2. Default Document Namespace . . . . . . . . . . . . . . . . 8
+ 5.3. Data Validation . . . . . . . . . . . . . . . . . . . . . 9
+ 5.4. Data Semantics . . . . . . . . . . . . . . . . . . . . . . 10
+ 5.5. Naming Conventions . . . . . . . . . . . . . . . . . . . . 11
+ 5.6. Resource Interdependencies . . . . . . . . . . . . . . . . 11
+ 5.7. Authorization Policies . . . . . . . . . . . . . . . . . . 12
+ 5.8. Data Extensibility . . . . . . . . . . . . . . . . . . . . 12
+ 5.9. Documenting Application Usages . . . . . . . . . . . . . . 13
+ 5.10. Guidelines for Creating Application Usages . . . . . . . . 13
+ 6. URI Construction . . . . . . . . . . . . . . . . . . . . . . . 15
+ 6.1. XCAP Root . . . . . . . . . . . . . . . . . . . . . . . . 15
+ 6.2. Document Selector . . . . . . . . . . . . . . . . . . . . 16
+ 6.3. Node Selector . . . . . . . . . . . . . . . . . . . . . . 18
+ 6.4. Namespace Bindings for the Selector . . . . . . . . . . . 23
+ 7. Client Operations . . . . . . . . . . . . . . . . . . . . . . 24
+ 7.1. Create or Replace a Document . . . . . . . . . . . . . . . 26
+ 7.2. Delete a Document . . . . . . . . . . . . . . . . . . . . 26
+ 7.3. Fetch a Document . . . . . . . . . . . . . . . . . . . . . 26
+ 7.4. Create or Replace an Element . . . . . . . . . . . . . . . 26
+ 7.5. Delete an Element . . . . . . . . . . . . . . . . . . . . 29
+ 7.6. Fetch an Element . . . . . . . . . . . . . . . . . . . . . 30
+ 7.7. Create or Replace an Attribute . . . . . . . . . . . . . . 30
+ 7.8. Delete an Attribute . . . . . . . . . . . . . . . . . . . 31
+ 7.9. Fetch an Attribute . . . . . . . . . . . . . . . . . . . . 31
+ 7.10. Fetch Namespace Bindings . . . . . . . . . . . . . . . . . 32
+ 7.11. Conditional Operations . . . . . . . . . . . . . . . . . . 32
+ 8. Server Behavior . . . . . . . . . . . . . . . . . . . . . . . 34
+ 8.1. POST Handling . . . . . . . . . . . . . . . . . . . . . . 35
+ 8.2. PUT Handling . . . . . . . . . . . . . . . . . . . . . . . 35
+ 8.2.1. Locating the Parent . . . . . . . . . . . . . . . . . 35
+ 8.2.2. Verifying Document Content . . . . . . . . . . . . . . 36
+ 8.2.3. Creation . . . . . . . . . . . . . . . . . . . . . . . 37
+ 8.2.4. Replacement . . . . . . . . . . . . . . . . . . . . . 41
+ 8.2.5. Validation . . . . . . . . . . . . . . . . . . . . . . 42
+ 8.2.6. Conditional Processing . . . . . . . . . . . . . . . . 43
+ 8.2.7. Resource Interdependencies . . . . . . . . . . . . . . 44
+ 8.3. GET Handling . . . . . . . . . . . . . . . . . . . . . . . 44
+ 8.4. DELETE Handling . . . . . . . . . . . . . . . . . . . . . 45
+ 8.5. Managing Etags . . . . . . . . . . . . . . . . . . . . . . 46
+ 9. Cache Control . . . . . . . . . . . . . . . . . . . . . . . . 47
+
+
+
+Rosenberg Standards Track [Page 2]
+
+RFC 4825 XCAP May 2007
+
+
+ 10. Namespace Binding Format . . . . . . . . . . . . . . . . . . . 47
+ 11. Detailed Conflict Reports . . . . . . . . . . . . . . . . . . 47
+ 11.1. Document Structure . . . . . . . . . . . . . . . . . . . . 48
+ 11.2. XML Schema . . . . . . . . . . . . . . . . . . . . . . . . 50
+ 12. XCAP Server Capabilities . . . . . . . . . . . . . . . . . . . 53
+ 12.1. Application Unique ID (AUID) . . . . . . . . . . . . . . . 54
+ 12.2. XML Schema . . . . . . . . . . . . . . . . . . . . . . . . 54
+ 12.3. Default Document Namespace . . . . . . . . . . . . . . . . 56
+ 12.4. MIME Type . . . . . . . . . . . . . . . . . . . . . . . . 56
+ 12.5. Validation Constraints . . . . . . . . . . . . . . . . . . 56
+ 12.6. Data Semantics . . . . . . . . . . . . . . . . . . . . . . 56
+ 12.7. Naming Conventions . . . . . . . . . . . . . . . . . . . . 56
+ 12.8. Resource Interdependencies . . . . . . . . . . . . . . . . 56
+ 12.9. Authorization Policies . . . . . . . . . . . . . . . . . . 56
+ 13. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
+ 14. Security Considerations . . . . . . . . . . . . . . . . . . . 59
+ 15. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 60
+ 15.1. XCAP Application Unique IDs . . . . . . . . . . . . . . . 60
+ 15.2. MIME Types . . . . . . . . . . . . . . . . . . . . . . . . 61
+ 15.2.1. application/xcap-el+xml MIME Type . . . . . . . . . . 61
+ 15.2.2. application/xcap-att+xml MIME Type . . . . . . . . . . 62
+ 15.2.3. application/xcap-ns+xml MIME Type . . . . . . . . . . 63
+ 15.2.4. application/xcap-error+xml MIME Type . . . . . . . . . 64
+ 15.2.5. application/xcap-caps+xml MIME Type . . . . . . . . . 64
+ 15.3. URN Sub-Namespace Registrations . . . . . . . . . . . . . 65
+ 15.3.1. urn:ietf:params:xml:ns:xcap-error . . . . . . . . . . 65
+ 15.3.2. urn:ietf:params:xml:ns:xcap-caps . . . . . . . . . . . 66
+ 15.4. XML Schema Registrations . . . . . . . . . . . . . . . . . 67
+ 15.4.1. XCAP Error Schema Registration . . . . . . . . . . . . 67
+ 15.4.2. XCAP Capabilities Schema Registration . . . . . . . . 67
+ 16. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 67
+ 17. References . . . . . . . . . . . . . . . . . . . . . . . . . . 67
+ 17.1. Normative References . . . . . . . . . . . . . . . . . . . 67
+ 17.2. Informative References . . . . . . . . . . . . . . . . . . 69
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rosenberg Standards Track [Page 3]
+
+RFC 4825 XCAP May 2007
+
+
+1. Introduction
+
+ In many communications applications, such as Voice over IP, instant
+ messaging, and presence, it is necessary for network servers to
+ access per-user information in the process of servicing a request.
+ This per-user information resides within the network, but is managed
+ by the end user themselves. Its management can be done through a
+ multiplicity of access points, including the web, a wireless handset,
+ or a PC application.
+
+ There are many examples of per-user information. One is presence
+ [20] authorization policy, which defines rules about which watchers
+ are allowed to subscribe to a presentity, and what information they
+ are allowed to access. Another is presence lists, which are lists of
+ users whose presence is desired by a watcher [26]. One way to obtain
+ presence information for the list is to subscribe to a resource which
+ represents that list [21]. In this case, the Resource List Server
+ (RLS) requires access to this list in order to process a SIP [16]
+ SUBSCRIBE [28] request for it. Another way to obtain presence for
+ the users on the list is for a watcher to subscribe to each user
+ individually. In that case, it is convenient to have a server store
+ the list, and when the client boots, it fetches the list from the
+ server. This would allow a user to access their resource lists from
+ different clients.
+
+ This specification describes a protocol that can be used to
+ manipulate this per-user data. It is called the Extensible Markup
+ Language (XML) Configuration Access Protocol (XCAP). XCAP is a set
+ of conventions for mapping XML documents and document components into
+ HTTP URIs, rules for how the modification of one resource affects
+ another, data validation constraints, and authorization policies
+ associated with access to those resources. Because of this
+ structure, normal HTTP primitives can be used to manipulate the data.
+ XCAP is based heavily on ideas borrowed from the Application
+ Configuration Access Protocol (ACAP) [25], but it is not an extension
+ of it, nor does it have any dependencies on it. Like ACAP, XCAP is
+ meant to support the configuration needs for a multiplicity of
+ applications, rather than just a single one.
+
+ XCAP was not designed as a general purpose XML search protocol, XML
+ database update protocol, nor a general purpose, XML-based
+ configuration protocol for network elements.
+
+
+
+
+
+
+
+
+
+Rosenberg Standards Track [Page 4]
+
+RFC 4825 XCAP May 2007
+
+
+2. Overview of Operation
+
+ Each application (where an application refers to a use case that
+ implies a collection of data and associated semantics) that makes use
+ of XCAP specifies an application usage (Section 5). This application
+ usage defines the XML schema [2] for the data used by the
+ application, along with other key pieces of information. The
+ principal task of XCAP is to allow clients to read, write, modify,
+ create, and delete pieces of that data. These operations are
+ supported using HTTP/1.1 [6]. An XCAP server acts as a repository
+ for collections of XML documents. There will be documents stored for
+ each application. Within each application, there are documents
+ stored for each user. Each user can have a multiplicity of documents
+ for a particular application. To access some component of one of
+ those documents, XCAP defines an algorithm for constructing a URI
+ that can be used to reference that component. Components refer to
+ any element or attribute within the document. Thus, the HTTP URIs
+ used by XCAP point to a document, or to pieces of information that
+ are finer grained than the XML document itself. An HTTP resource
+ that follows the naming conventions and validation constraints
+ defined here is called an XCAP resource.
+
+ Since XCAP resources are also HTTP resources, they can be accessed
+ using HTTP methods. Reading an XCAP resource is accomplished with
+ HTTP GET, creating or modifying one is done with HTTP PUT, and
+ removing one of the resources is done with an HTTP DELETE. XCAP
+ resources do not represent processing scripts; as a result, POST
+ operations to HTTP URIs representing XCAP resources are not defined.
+ Properties that HTTP associates with resources, such as entity tags,
+ also apply to XCAP resources. Indeed, entity tags are particularly
+ useful in XCAP, as they allow a number of conditional operations to
+ be performed.
+
+ XML documents that are equivalent for the purposes of many
+ applications may differ in their physical representation. With XCAP
+ resources, the canonical form with comments [19] of an XML document
+ determines the logical equivalence. In other words, the canonical
+ specification determines how significant whitespace MUST be
+ processed. It also implies that, for example, new inserted
+ attributes may appear in any order within the physical
+ representation.
+
+3. Terminology
+
+ In this document, the key words "MUST", "MUST NOT", "REQUIRED",
+ "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
+ and "OPTIONAL" are to be interpreted as described in RFC 2119 [7] and
+ indicate requirement levels for compliant implementations.
+
+
+
+Rosenberg Standards Track [Page 5]
+
+RFC 4825 XCAP May 2007
+
+
+4. Definitions
+
+ The following terms are used throughout this document:
+
+ XCAP Resource: An HTTP resource representing an XML document, an
+ element within an XML document, or an attribute of an element
+ within an XML document that follows the naming and validation
+ constraints of XCAP.
+
+ XCAP Server: An HTTP server that understands how to follow the
+ naming and validation constraints defined in this specification.
+
+ XCAP Client: An HTTP client that understands how to follow the
+ naming and validation constraints defined in this specification.
+
+ Application: A collection of software components within a network
+ whose operation depends on data managed and stored on an XCAP
+ server.
+
+ Application Usage: Detailed information on the interaction of an
+ application with the XCAP server.
+
+ Application Unique ID (AUID): A unique identifier within the
+ namespace of application unique IDs created by this specification
+ that differentiates XCAP resources accessed by one application
+ from XCAP resources accessed by another.
+
+ Naming Conventions: The part of an application usage that specifies
+ well-known URIs used by an application, or more generally,
+ specifies the URIs that are typically accessed by an application
+ during its processing.
+
+ XCAP User Identifier (XUI): The XUI is a string, valid as a path
+ element in an HTTP URI, that is associated with each user served
+ by the XCAP server.
+
+ XCAP Root: A context that contains all the documents across all
+ application usages and users that are managed by the server.
+
+ Document Selector: A sequence of path segments, with each segment
+ being separated by a "/", that identify the XML document within an
+ XCAP root that is being selected.
+
+ Node Selector: A sequence of path segments, with each segment being
+ separated by a "/", that identify the XML node (element or
+ attribute) being selected within a document.
+
+
+
+
+
+Rosenberg Standards Track [Page 6]
+
+RFC 4825 XCAP May 2007
+
+
+ Node Selector Separator: A single path segment equal to two tilde
+ characters "~~" that is used to separate the document selector
+ from the node selector within an HTTP URI.
+
+ Document URI: The HTTP URI containing the XCAP root and document
+ selector, resulting in the selection of a specific document. As a
+ result, performing a GET against the document URI would retrieve
+ the document.
+
+ Node URI: The HTTP URI containing the XCAP root, document selector,
+ node selector separator, and node selector, resulting in the
+ selection of a specific XML node.
+
+ XCAP Root URI: An HTTP URI that represents the XCAP root. Although
+ a syntactically valid URI, the XCAP Root URI does not correspond
+ to an actual resource on an XCAP server. Actual resources are
+ created by appending additional path information to the XCAP Root
+ URI.
+
+ Global Tree: A URI that represents the parent for all global
+ documents for a particular application usage within a particular
+ XCAP root.
+
+ Home Directory: A URI that represents the parent for all documents
+ for a particular user for a particular application usage within a
+ particular XCAP root.
+
+ Positional Insertion: A PUT operation that results in the insertion
+ of a new element into a document such that its position, relative
+ to other children of the same parent, is set by the client.
+
+5. Application Usages
+
+ Each XCAP resource on a server is associated with an application. In
+ order for an application to use those resources, application specific
+ conventions must be specified. Those conventions include the XML
+ schema that defines the structure and constraints of the data, well-
+ known URIs to bootstrap access to the data, and so on. All of those
+ application specific conventions are defined by the application
+ usage.
+
+5.1. Application Unique ID (AUID)
+
+ Each application usage is associated with a name, called an
+ Application Unique ID (AUID). This name uniquely identifies the
+ application usage within the namespace of application usages, and is
+ different from AUIDs used by other applications. AUIDs exist in one
+ of two namespaces. The first namespace is the IETF namespace. This
+
+
+
+Rosenberg Standards Track [Page 7]
+
+RFC 4825 XCAP May 2007
+
+
+ namespace contains a set of tokens, each of which is registered with
+ IANA. These registrations occur with the publication of standards
+ track RFCs [27], based on the guidelines in Section 15. The second
+ namespace is the vendor-proprietary namespace. Each AUID in that
+ namespace is prefixed with the reverse domain name of the
+ organization creating the AUID, followed by a period, followed by any
+ vendor defined token. As an example, the example.com domain can
+ create an AUID with the value "com.example.foo" but cannot create one
+ with the value "org.example.foo". AUIDs within the vendor namespace
+ do not need to be registered with IANA. The vendor namespace is also
+ meant to be used in lab environments where no central registry is
+ needed. The syntax for AUIDs, expressed in ABNF [12] (and using some
+ of the BNF defined in RFC 3986 [13]), is:
+
+ AUID = global-a-uid / vendor-a-uid
+ global-a-uid = a-uid
+ a-uid = 1*a-uid-char
+ vendor-a-uid = rev-hostname "." a-uid
+ rev-hostname = toplabel *( "." domainlabel )
+ domainlabel = alphanum
+ / alphanum *( alphanum / "-" ) alphanum
+ toplabel = ALPHA / ALPHA *( alphanum / "-" ) alphanum
+ a-uid-char = a-uid-unreserved / pct-encoded / sub-delims
+ / ":" / "@"
+ ;pct-encoded from RFC 3986
+ ;sub-delims from RFC 3986
+ alphanum = ALPHA / DIGIT
+ ;DIGIT from RFC 4234
+ ;ALPHA from RFC 4234
+ a-uid-unreserved = ALPHA / DIGIT / "-" / "_" / "~"
+
+ The allowed characters for the auid production is a subset of the
+ pchar production defined in RFC 3986. In particular, it omits the
+ ".", which allows for the auid to be separated from the reverse
+ hostname.
+
+5.2. Default Document Namespace
+
+ In order for the XCAP server to match a URI to an element or
+ attribute of a document, any XML namespace prefixes used within the
+ URI must be expanded [3]. This expansion requires a namespace
+ binding context. That context maps namespace prefixes to namespace
+ URIs. It also defines a default namespace that applies to elements
+ in the URI without namespace prefixes. The namespace binding context
+ comes from two sources. First, the mapping of namespace prefixes to
+ namespace URIs is obtained from the URI itself (see Section 6.4).
+ However, the default document namespace is defined by the application
+ usage itself, and applies to all URIs referencing resources within
+
+
+
+Rosenberg Standards Track [Page 8]
+
+RFC 4825 XCAP May 2007
+
+
+ that application usage. All application usages MUST define a
+ namespace URI that represents the default document namespace to be
+ used when evaluating URIs. The default document namespace does not
+ apply to elements or attributes within the documents themselves -- it
+ applies only to the evaluation of URIs within that application usage.
+ Indeed, the term 'default document namespace' is distinct from the
+ term 'default namespace'. The latter has the standard meaning within
+ XML documents, and the former refers to the default used in
+ evaluation of XCAP URIs. XCAP does not change in any way the
+ mechanisms for determining the default namespace within XML
+ documents. However, if a document contains a URI representing an
+ XCAP resource, the default document namespace defined by the
+ application usage applies to that URI as well.
+
+5.3. Data Validation
+
+ One of the responsibilities of an XCAP server is to validate the
+ content of each XCAP resource when an XCAP client tries to modify
+ one. This is done using two mechanisms. Firstly, all application
+ usages MUST describe their document contents using XML schema [2].
+ The application usage MUST also identify the MIME type for documents
+ compliant to that schema.
+
+ Unfortunately, XML schemas cannot represent every form of data
+ constraint. As an example, one XML element may contain an integer
+ that defines the maximum number of instances of another element.
+ This constraint cannot be represented with XML schema. However, such
+ constraints may be important to the application usage. The
+ application usage defines any additional constraints beyond those in
+ the schema.
+
+ Of particular importance are uniqueness constraints. In many cases,
+ an application will require that there be only one instance of some
+ element or attribute within a particular scope. Each uniqueness
+ constraint needs to be specified by identifying the field, or
+ combinations of fields, that need to be unique, and then identifying
+ the scope in which that uniqueness applies. One typical scope is the
+ set of all elements of a certain name within the same parent.
+ Another typical scope is the set of all URIs valid within a
+ particular domain. In some cases, these constraints can be specified
+ using XML schema, which provides the <unique> element for this
+ purpose. Other uniqueness constraints, such as URI uniqueness across
+ a domain, cannot be expressed by schema. Whether or not the schema
+ is used to express some of the uniqueness requirements, the
+ application usage MUST specify all uniqueness requirements when it
+ defines its data validation needs.
+
+
+
+
+
+Rosenberg Standards Track [Page 9]
+
+RFC 4825 XCAP May 2007
+
+
+ For example, the resource lists application usage [22] requires that
+ each <list> element have a unique value for the "name" attribute
+ within a single parent. As another example, the RLS services
+ application usage [22] requires that the value of the "uri" attribute
+ of the <service> element be a URI that is unique within the domain of
+ the URI.
+
+ URI constraints represent another form of constraints. These are
+ constraints on the scheme or structure of the scheme-specific part of
+ the URI. These kinds of constraints cannot be expressed in an XML
+ schema. If these constraints are important to an application usage,
+ they need to be explicitly called out.
+
+ Another important data constraint is referential integrity.
+ Referential integrity is important when the name or value of an
+ element or attribute is used as a key to select another element or
+ attribute. An application usage MAY specify referential integrity
+ constraints. However, XCAP servers are not a replacement for
+ Relational Database Management Systems (RDBMS), and therefore clients
+ MUST NOT depend on servers to maintain referential integrity. XCAP
+ clients are responsible for making all the appropriate changes to
+ documents in order to maintain referential integrity.
+
+ Another constraint is character encoding. XML allows documents to be
+ encoded using several different character sets. However, this
+ specification mandates that all documents used with XCAP MUST be
+ encoded using UTF-8. This cannot be changed by an application usage.
+
+ The data validation information is consumed by both clients, which
+ use them to make sure they construct requests that will be accepted
+ by the server, and by servers, which validate the constraints when
+ they receive a request (with the exception of referential integrity
+ constraints, which are not validated by the server).
+
+5.4. Data Semantics
+
+ For each application usage, the data present in the XML document has
+ a well-defined semantic. The application usage defines that
+ semantic, so that a client can properly construct a document in order
+ to achieve the desired result. They are not used by the server, as
+ it is purposefully unaware of the semantics of the data it is
+ managing. The data semantics are expressed in English prose by the
+ application usage.
+
+ One particularly important semantic is the base URI that is to be
+ used for the resolution of any relative URI references pointed to
+ XCAP resources. As discussed below, relative URI references pointing
+ to XCAP resources cannot be resolved using the retrieval URI as the
+
+
+
+Rosenberg Standards Track [Page 10]
+
+RFC 4825 XCAP May 2007
+
+
+ base URI. Therefore, it is up to the application usage to specify
+ the base URI.
+
+5.5. Naming Conventions
+
+ In addition to defining the meaning of the document in the context of
+ a particular application, an application usage has to specify how the
+ applications obtain the documents they need. In particular, it needs
+ to define any well-known URIs used for bootstrapping purposes, and
+ document any other conventions on the URIs used by an application.
+ It should also document how documents reference each other. These
+ conventions are called naming conventions.
+
+ For many application usages, users need only a single document. In
+ such a case, it is RECOMMENDED that the application usage require
+ that this document be called "index" and exist within the user's home
+ directory.
+
+ As an example, the RLS services application usage allows an RLS to
+ obtain the contents of a resource list when the RLS receives a
+ SUBSCRIBE request for a SIP URI identifying an RLS service. The
+ application usage specifies that the list of service definitions is
+ present within a specific document with a specific name within the
+ global tree. This allows the RLS to perform a single XCAP request to
+ fetch the service definition for the service associated with the SIP
+ URI in a SUBSCRIBE request.
+
+ Naming conventions are used by XCAP clients to construct their URIs.
+ The XCAP server does not make use of them.
+
+5.6. Resource Interdependencies
+
+ When a user modifies an XCAP resource, the content of many other
+ resources is affected. For example, when a user deletes an XML
+ element within a document, it does so by issuing a DELETE request
+ against the URI for the element resource. However, deleting this
+ element also deletes all child elements and their attributes, each of
+ which is also an XCAP resource. As such, manipulation of one
+ resource affects the state of other resources.
+
+ For the most part, these interdependencies are fully specified by the
+ XML schema used by the application usage. However, in some
+ application usages, there is a need for the server to relate
+ resources together, and such a relationship cannot be specified
+ through a schema. This occurs when changes in one document will
+ affect another document. Typically, this is the case when an
+ application usage is defining a document that acts as a collection of
+ information defined in other documents.
+
+
+
+Rosenberg Standards Track [Page 11]
+
+RFC 4825 XCAP May 2007
+
+
+ As an example, when a user creates a new RLS service (that is, it
+ creates a new <service> element within an RLS services document), the
+ server adds that element to a read-only global list of services
+ maintained by the server in the global tree. This read-only global
+ list is accessed by the RLS when processing a SIP SUBSCRIBE request.
+
+ Resource interdependencies are used by both XCAP clients and servers.
+
+5.7. Authorization Policies
+
+ By default, each user is able to access (read, modify, and delete)
+ all the documents below their home directory, and any user is able to
+ read documents within the global directory. However, only trusted
+ users, explicitly provisioned into the server, can modify global
+ documents.
+
+ The application usage can specify a different authorization policy
+ that applies to all documents associated with that application usage.
+ An application usage can also specify whether another application
+ usage is used to define the authorization policies. An application
+ usage for setting authorization policies can also be defined
+ subsequent to the definition of the main application usage. In such
+ a case, the main application usage needs only to specify that such a
+ usage will be defined in the future.
+
+ If an application usage does not wish to change the default
+ authorization policy, it can merely state that the default policy is
+ used.
+
+ The authorization policies defined by the application usage are used
+ by the XCAP server during its operation.
+
+5.8. Data Extensibility
+
+ An XCAP server MUST understand an application usage in order to
+ process an HTTP request made against a resource for that particular
+ application usage. However, it is not required for the server to
+ understand all of the contents of a document used by an application
+ usage. A server is required to understand the baseline schema
+ defined by the application usage. However, those schemas can define
+ points of extensibility where new content can be added from other
+ namespaces and corresponding schemas. Sometimes, the server will
+ understand those namespaces and therefore have access to their
+ schemas. Sometimes, it will not.
+
+ A server MUST allow for documents that contain elements from
+ namespaces not known to the server. In such a case, the server
+
+
+
+
+Rosenberg Standards Track [Page 12]
+
+RFC 4825 XCAP May 2007
+
+
+ cannot validate that such content is schema compliant; it will only
+ verify that the XML is well-formed.
+
+ If a client wants to verify that a server supports a particular
+ namespace before operating on a resource, it can query the server for
+ its capabilities using the XCAP Capabilities application usage,
+ discussed in Section 12.
+
+5.9. Documenting Application Usages
+
+ Application usages are documented in specifications that convey the
+ information described above. In particular, an application usage
+ specification MUST provide the following information:
+
+ o Application Unique ID (AUID): If the application usage is meant
+ for general use on the Internet, the application usage MUST
+ register the AUID into the IETF tree using the IANA procedures
+ defined in Section 15.
+
+ o XML Schema
+
+ o Default Document Namespace
+
+ o MIME Type
+
+ o Validation Constraints
+
+ o Data Semantics
+
+ o Naming Conventions
+
+ o Resource Interdependencies
+
+ o Authorization Policies
+
+5.10. Guidelines for Creating Application Usages
+
+ The primary design task when creating a new application usage is to
+ define the schema. Although XCAP can be used with any XML document,
+ intelligent schema design will improve the efficiency and utility of
+ the document when it is manipulated with XCAP.
+
+ XCAP provides three fundamental ways to select elements amongst a set
+ of siblings: by the expanded name of the element, by its position, or
+ by the value of a specific attribute. Positional selection always
+ allows a client to get exactly what it wants. However, it requires a
+ client to cache a copy of the document in order to construct the
+ predicate. Furthermore, if a client performs a PUT, it requires the
+
+
+
+Rosenberg Standards Track [Page 13]
+
+RFC 4825 XCAP May 2007
+
+
+ client to reconstruct the PUT processing that a server would follow
+ in order to update its local cached copy. Otherwise, the client will
+ be forced to re-GET the document after every PUT, which is
+ inefficient. As such, it is a good idea to design schemas such that
+ common operations can be performed without requiring the client to
+ cache a copy of the document.
+
+ Without positional selection, a client can pick the element at each
+ step by its expanded name or the value of an attribute. Many schemas
+ include elements that can be repeated within a parent (often,
+ minOccurs equals zero or one, and maxOccurs is unbounded). As such,
+ all of the elements have the same name. This leaves the attribute
+ value as the only way to select an element. Because of this, if an
+ application usage expects the user to manipulate elements or
+ attributes that are descendants of an element that can repeat, that
+ element SHOULD include, in its schema, an attribute that can be
+ suitably used as a unique index. Furthermore, the naming conventions
+ defined by that application usage SHOULD specify this uniqueness
+ constraint explicitly.
+
+ URIs often make a good choice for such a unique index. They have
+ fundamental uniqueness properties, and are also usually of semantic
+ significance in the application usage. However, care must be taken
+ when using a URI as an attribute value. URI equality is usually
+ complex. However, attribute equality is performed by the server
+ using XML rules, which are based on case sensitive string comparison.
+ Thus, XCAP will match URIs based on lexical equality, not functional
+ equality. In such cases, an application usage SHOULD consider these
+ implications carefully.
+
+ XCAP provides the ability of a client to operate on a single element,
+ attribute, or document at a time. As a result, it may be possible
+ that common operations the client might perform will require a
+ sequence of multiple requests. This is inefficient, and introduces
+ the possibility of failure conditions when another client modifies
+ the document in the middle of a sequence. In such a case, the client
+ will be forced to detect this case using entity tags (discussed below
+ in Section 7.11), and undo its previous changes. This is very
+ difficult.
+
+ As a result, the schemas SHOULD be defined so that common operations
+ generally require a single request to perform. Consider an example.
+ Let's say an application usage is defining permissions for users to
+ perform certain operations. The schema can be designed in two ways.
+ The top level of the tree can identify users, and within each user,
+ there can be the permissions associated with the user. In an
+ alternative design, the top level of the tree identifies each
+ permission, and within that permission, the set of users who have it.
+
+
+
+Rosenberg Standards Track [Page 14]
+
+RFC 4825 XCAP May 2007
+
+
+ If, in this application usage, it is common to change the permission
+ for a user from one value to another, the former schema design is
+ better for xcap; it will require a single PUT to make such a change.
+ In the latter case, either the entire document needs to be replaced
+ (which is a single operation), or two PUT operations need to occur --
+ one to remove the user from the old permission, and one to add the
+ user to the new permission.
+
+ Naming conventions form another key part of the design of an
+ application usage. The application usage should be certain that XCAP
+ clients know where to "start" to retrieve and modify documents of
+ interest. Generally, this will involve the specification of a well-
+ known document at a well-known URI. That document can contain
+ references to other documents that the client needs to read or
+ modify.
+
+6. URI Construction
+
+ In order to manipulate an XCAP resource, the data must be represented
+ by an HTTP URI. XCAP defines a specific naming convention for
+ constructing these URIs. The URI is constructed by concatenating the
+ XCAP root with the document selector with the node selector separator
+ with a percent-encoded form of the node selector. This is followed
+ by an optional query component that defines namespace bindings used
+ in evaluating the URI. The XCAP root is the enclosing context in
+ which all XCAP resources live. The document selector is a path that
+ identifies a document within the XCAP root. The node selector
+ separator is a path segment with a value of double tilde ("~~"), and
+ SHOULD NOT be percent-encoded, as advised in Section 2.3 of RFC 3986
+ [13]. URIs containing %7E%7E should be normalized to ~~ for
+ comparison; they are equivalent. The node selector separator is a
+ piece of syntactic sugar that separates the document selector from
+ the node selector. The node selector is an expression that
+ identifies a component of the document, such as an element or
+ attribute. It is possible that a "~~" appears as part of the node
+ selector itself; in such a case, the first "~~" in the URI is the
+ node selector separator.
+
+ The sections below describe these components in more detail.
+
+6.1. XCAP Root
+
+ The root of the XCAP hierarchy is called the XCAP root. It defines
+ the context in which all other resources exist. The XCAP root is
+ represented with an HTTP URI, called the XCAP Root URI. This URI is
+ a valid HTTP URI; however, it doesn't point to any resource that
+ actually exists on the server. Its purpose is to identify the root
+ of the tree within the domain where all XCAP documents are stored.
+
+
+
+Rosenberg Standards Track [Page 15]
+
+RFC 4825 XCAP May 2007
+
+
+ It can be any valid HTTP URI, but MUST NOT contain a query component
+ (a complete XCAP URI may have a query component, but it is not part
+ of the XCAP root URI). It is RECOMMENDED that it be equal to
+ xcap.domain, where domain is the domain of the provider. As an
+ example, "http://xcap.example.com" might be used as the XCAP root URI
+ within the example.com domain. Typically, the XCAP root URI is
+ provisioned into client devices. If not explicitly provisioned,
+ clients SHOULD assume the form xcap.domain, where domain is the
+ domain of their service provider (for SIP, this would be the domain
+ part of their Address-of-Record (AOR)). A server or domain MAY
+ support multiple XCAP root URIs. In such a case, it is effectively
+ operating as if it were serving separate domains. There is never
+ information carryover or interactions between resources in different
+ XCAP root URIs.
+
+ When a client generates an HTTP request to a URI identifying an XCAP
+ resource, RFC 2616 procedures for the construction of the Request-URI
+ apply. In particular, the authority component of the URI may not be
+ present in the Request-URI if the request is sent directly to the
+ origin server.
+
+ The XCAP root URI can also be a relative HTTP URI. It is the
+ responsibility of the application usage to specify the base URI for
+ an HTTP URI representing an XCAP resource whenever such a URI appears
+ within a document defined by that application usage. Generally
+ speaking, it is unsafe to use the retrieval URI as the base URI.
+ This is because any URI that points to an ancestor for a particular
+ element or attribute can contain content including that element or
+ attribute. If that element or attribute contained a relative URI
+ reference, it would be resolved relative to whatever happened to be
+ used to retrieve the content, and this will often not be the base URI
+ defined by the application usage.
+
+6.2. Document Selector
+
+ Each document within the XCAP root is identified by its document
+ selector. The document selector is a sequence of path segments,
+ separated by a slash ("/"). These path segments define a
+ hierarchical structure for organizing documents within any XCAP root.
+ The first path segment MUST be the XCAP AUID. So, continuing the
+ example above, all of the documents used by the resource lists
+ application would be under "http://xcap.example.com/resource-lists".
+
+ o Implementors making use of HTTP servlets should be aware that XCAP
+ may require them to get authorization from the server
+ administrator to place resources within this specific subset of
+ the URI namespace.
+
+
+
+
+Rosenberg Standards Track [Page 16]
+
+RFC 4825 XCAP May 2007
+
+
+ It is assumed that each application will have data that is set by
+ users, and/or it will have global data that applies to all users. As
+ a result, beneath each AUID, there are two sub-trees. One, called
+ "users", holds the documents that are applicable to specific users,
+ and the other, called "global", holds documents applicable to all
+ users. The sub-tree beneath "global" is called the global tree. The
+ path segment after the AUID MUST either be "global" or "users".
+
+ Within the "users" tree are zero or more sub-trees, each of which
+ identifies documents that apply to a specific user. Each user known
+ to the server is associated with a username, called the XCAP User
+ Identifier (XUI). Typically, an endpoint is provisioned with the
+ value of the XUI. For systems that support SIP applications, it is
+ RECOMMENDED that the XUI be equal to the Address-of-Record (AOR) for
+ the user (i.e., sip:joe@example.com). Since SIP endpoints generally
+ know their AOR, they will also know their XUI. As a consequence, if
+ no XUI is explicitly provisioned, a SIP User Agent SHOULD assume it
+ is equal to their AOR. This XUI MUST be used as the path segment
+ beneath the "users" segment. Since the SIP URI allows for characters
+ that are not permitted in HTTP URI path segments (such as the '?' and
+ '/' characters, which are permitted in the user part of the SIP URI),
+ any such characters MUST be percent encoded. The sub-tree beneath an
+ XUI for a particular user is called their home directory. "User" in
+ this context should be interpreted loosely; a user might correspond
+ to a device, for example.
+
+ XCAP does not itself define what it means for documents to "apply" to
+ a user, beyond specification of a baseline authorization policy,
+ described below in Section 8. Each application usage can specify
+ additional authorization policies that depend on data used by the
+ application itself.
+
+ The remainder of the document selector (the path following "global"
+ or the XUI) points to specific documents for that application usage.
+ Subdirectories are permitted, but are NOT RECOMMENDED. XCAP provides
+ no way to create sub-directories or to list their contents, thus
+ limiting their utility. If subdirectories are used, there MUST NOT
+ be a document in a directory with the same name as a sub-directory.
+
+ The final path segment in the document selector identifies the actual
+ document in the hierarchy. This is equivalent to a filename, except
+ that XCAP does not require that its document resources be stored as
+ files in a file system. However, the term "filename" is used to
+ describe the final path segment in the document selector. In
+ traditional filesystems, the filename would have a filename
+ extension, such as ".xml". There is nothing in this specification
+ that requires or prevents such extensions from being used in the
+ filename. In some cases, the application usage will specify a naming
+
+
+
+Rosenberg Standards Track [Page 17]
+
+RFC 4825 XCAP May 2007
+
+
+ convention for documents, and those naming conventions may or may not
+ specify a file extension. For example, in the RLS services
+ application usage [22], documents in the user's home directory with
+ the filename "index" will be used by the server to compute the global
+ index, which is also a document with the filename "index". Barring
+ specific guidelines in the application usage, if a user has a single
+ document for a particular application usage, this SHOULD be called
+ "index".
+
+ When the naming conventions in an application usage do not constrain
+ the filename conventions (or, more generally, the document selector),
+ an application will know the filename (or more generally, the
+ document selector) because it is included as a reference in a
+ document accessed by the client. As another example, within the
+ index document defined by RLS services, the <service> element has a
+ child element called <resource-list> whose content is a URI pointing
+ to a resource list within the users home directory.
+
+ As a result, if the user creates a new document, and then references
+ that document from a well-known document (such as the index document
+ above), it doesn't matter whether or not the user includes an
+ extension in the filename, as long as the user is consistent and
+ maintains referential integrity.
+
+ As an example, the path segment
+ "/resource-lists/users/sip:joe@example.com/index" is a document
+ selector. Concatenating the XCAP root URI with the document selector
+ produces the HTTP URI "http://xcap.example.com/resource-lists/users/
+ sip:joe@example.com/index". In this URI, the AUID is "resource-
+ lists", and the document is in the user tree with the XUI
+ "sip:joe@example.com" with filename "index".
+
+6.3. Node Selector
+
+ The node selector specifies specific nodes of the XML document that
+ are to be accessed. A node refers to an XML element, an attribute of
+ an element, or a set of namespace bindings. The node selector is an
+ expression that identifies an element, attribute, or set of namespace
+ bindings. Its grammar is:
+
+ node-selector = element-selector ["/" terminal-selector]
+ terminal-selector = attribute-selector / namespace-selector /
+ extension-selector
+ element-selector = step *( "/" step)
+ step = by-name / by-pos / by-attr / by-pos-attr /
+ extension-selector
+ by-name = NameorAny
+ by-pos = NameorAny "[" position "]"
+
+
+
+Rosenberg Standards Track [Page 18]
+
+RFC 4825 XCAP May 2007
+
+
+ position = 1*DIGIT
+ attr-test = "@" att-name "=" att-value
+ by-attr = NameorAny "[" attr-test "]"
+ by-pos-attr = NameorAny "[" position "]" "[" attr-test "]"
+ NameorAny = QName / "*" ; QName from XML Namespaces
+ att-name = QName
+ att-value = AttValue ; from XML specification
+ attribute-selector = "@" att-name
+ namespace-selector = "namespace::*"
+ extension-selector = 1*( %x00-2e / %x30-ff ) ; anything but "/"
+
+ The QName grammar is defined in the XML namespaces [3] specification,
+ and the AttValue grammar is defined in the XML specification XML 1.0
+ [1].
+
+ The extension-selector is included for purposes of extensibility. It
+ can be composed of any character except the slash, which is the
+ delimiter amongst steps. Any characters in an extension that cannot
+ be represented in a URI MUST be percent-encoded before placement into
+ a URI.
+
+ Note that the double quote, left square bracket and right square
+ bracket characters, which are meaningful to XCAP, cannot be directly
+ represented in the HTTP URI. As a result, they are percent-encoded
+ when placed within the HTTP URI. In addition to these characters, an
+ apostrophe (') character can be used as a delimiter within XPath
+ expressions. Furthermore, since XML allows for non-ASCII characters,
+ the names of elements and attributes may not be directly
+ representable in a URI. Any such characters MUST be represented by
+ converting them to an octet sequence corresponding to their
+ representation in UTF-8, and then percent-encoding that sequence of
+ octets.
+
+ Similarly, the XML specification defines the QName production for the
+ grammar for element and attribute names, and the AttValue production
+ for the attribute values. Unfortunately, the characters permitted by
+ these productions include some that are not allowed for pchar, which
+ is the production for the allowed set of characters in path segments
+ in the URI. The AttValue production allows many such characters
+ within the US-ASCII set, including the space. Those characters MUST
+ be percent-encoded when placed in the URI. Furthermore, QName and
+ AttValue allow many Unicode characters, outside of US-ASCII. When
+ these characters need to be represented in the HTTP URI, they are
+ percent-encoded. To do this, the data should be encoded first as
+ octets according to the UTF-8 character encoding [18], and then only
+ those octets that do not correspond to characters in the pchar set
+ should be percent-encoded. For example, the character A would be
+ represented as "A", the character LATIN CAPITAL LETTER A WITH GRAVE
+
+
+
+Rosenberg Standards Track [Page 19]
+
+RFC 4825 XCAP May 2007
+
+
+ would be represented as "%C3%80", and the character KATAKANA LETTER A
+ would be represented as "%E3%82%A2".
+
+ As a result, the grammar above represents the expressions processed
+ by the XCAP server internally after it has decoded the URI. The on-
+ the-wire format is dictated by RFC 3986 [13]. In the discussions and
+ examples below, when the node selectors are not part of an HTTP URI,
+ they are presented in their internal format prior to encoding. If an
+ example includes a node selector within an HTTP URI, it is presented
+ in its percent-encoded form.
+
+ The node selector is based on the concepts in XPath [10]. Indeed,
+ the node selector expression, before it is percent-encoded for
+ representation in the HTTP URI, happens to be a valid XPath
+ expression. However, XPath provides a set of functionality far
+ richer than is needed here, and its breadth would introduce much
+ unneeded complexity into XCAP.
+
+ To determine the XML element, attribute, or namespace bindings
+ selected by the node selector, processing begins at the root node of
+ the XML document. The first step in the element selector is then
+ taken. Each step chooses a single XML element within the current
+ document context. The document context is the point within the XML
+ document from which a specific step is evaluated. The document
+ context begins at the root node of the document. When a step
+ determines an element within that context, that element becomes the
+ new context for evaluation of the next step. Each step can select an
+ element by its name (expanded), by a combination of name and
+ attribute value, by name and position, or by name, position and
+ attribute. In all cases, the name can be wildcarded, so that all
+ elements get selected.
+
+ The selection operation operates as follows. Within the current
+ document context, the children of that context are enumerated in
+ document order. If the context is the root node of the document, its
+ child element is the root element of the document. If the context is
+ an element, its children are all of the children of that element
+ (naturally). Next, those elements whose name is not a match for
+ NameorAny are discarded. An element name is a match if NameorAny is
+ the wildcard, or if it is not a wildcard, the element name matches
+ NameorAny. Matching is discussed below. The result is an ordered
+ list of elements.
+
+ The elements in the list are further filtered by the predicates,
+ which are the expressions in square brackets following NameorAny.
+ Each predicate further prunes the elements from the current ordered
+ list. These predicates are evaluated in order. If the content of
+ the predicate is a position, the position-th element is selected
+
+
+
+Rosenberg Standards Track [Page 20]
+
+RFC 4825 XCAP May 2007
+
+
+ (that is, treat "position" as a variable, and take the element whose
+ position equals that variable), and all others are discarded. If
+ there are fewer elements in the list than the value of position, the
+ result is a no-match.
+
+ If the content of the predicate is an attribute name and value, all
+ elements possessing an attribute with that name and value are
+ selected, and all others are discarded. Note that, although a
+ document can have namespace declarations within elements, those
+ elements cannot be selected using a namespace declaration as a
+ predicate. That is, a step like "el-name[@xmlns='namespace']" will
+ never match an element, even if there is an element in the list that
+ specifies a default namespace of "namespace". In other words, a
+ namespace node is NOT an attribute. If the namespaces in scope for
+ an element are needed, they can be selected using the namespace-
+ selector described below. If there are no elements with attributes
+ having the given name and value, the result is a no-match.
+
+ After the predicates have been applied, the result will be a
+ no-match, one element, or multiple elements. If the result is
+ multiple elements, the node selector is invalid. Each step in a node
+ selector MUST produce a single element to form the context for the
+ next step. This is more restrictive than general XPath expressions,
+ which allow a context to contain multiple nodes. If the result is a
+ no-match, the node selector is invalid. The node selector is only
+ valid if a single element was selected. This element becomes the
+ context for the evaluation of the next step in the node selector
+ expression.
+
+ The last location step is either the previously described element
+ selector or a "terminal selector". If the terminal selector is an
+ attribute selector, the server checks to see if there is an attribute
+ with the same expanded name in the current element context. If there
+ is not, the result is considered a no-match. Otherwise, that
+ attribute is selected. If the terminal selector is a namespace
+ selector, the result is equal to the set of namespace bindings in
+ scope for the element, including the possible default namespace
+ declaration. This specification defines a syntax for representing
+ namespace bindings, so they can be returned to the client in an HTTP
+ response.
+
+ As a result, once the entire node selector is evaluated against the
+ document, the result will either be a no-match, invalid, a single
+ element, a single attribute, or a set of namespace bindings.
+
+ Matching of element names is performed as follows. The element being
+ compared in the step has its name expanded as described in XML
+ namespaces [3]. The element name in the step is also expanded. This
+
+
+
+Rosenberg Standards Track [Page 21]
+
+RFC 4825 XCAP May 2007
+
+
+ expansion requires that any namespace prefix is converted to its
+ namespace URI. Doing that requires a set of bindings from prefixes
+ to namespace URIs. This set of bindings is obtained from the query
+ component of the URI (see Section 6.4). If the prefix of the QName
+ of an element is empty, the corresponding URI is then the default
+ document namespace URI defined by the application usage, or null if
+ not defined. Comparisons are then performed as described in XML
+ namespaces [3]. Note that the namespace prefix expansions described
+ here are different than those specified in the XPath 1.0
+ specification, but are closer to those currently defined by the XPath
+ 2.0 specification [24].
+
+ Matching of attribute names proceeds in a similar way. The attribute
+ in the document has its name expanded as described in XML namespaces
+ [3]. If the attribute name in the attribute selector has a namespace
+ prefix, its name is expanded using the namespace bindings obtained
+ from the query component of the URI. An unprefixed attribute QName
+ is in no namespace.
+
+ Comments, text content (including whitespace), and processing
+ instructions can be present in a document, but cannot be selected by
+ the expressions defined here. Of course, if such information is
+ present in a document, and a user selects an XML element enclosing
+ that data, that information would be included in a resulting GET, for
+ example. Furthermore, whitespace is respected by XCAP. If a client
+ PUTs an element or document that contains whitespace, the server
+ retains that whitespace, and will return the element or document back
+ to the client with exactly the same whitespace. Similarly, when an
+ element is inserted, no additional whitespace is added around the
+ inserted element, and the element gets inserted in a very specific
+ location relative to any whitespace, comments, or processing
+ instructions around it. Section 8.2.3 describes where the insertion
+ occurs.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rosenberg Standards Track [Page 22]
+
+RFC 4825 XCAP May 2007
+
+
+ As an example, consider the following XML document:
+
+ <?xml version="1.0"?>
+ <watcherinfo xmlns="urn:ietf:params:xml:ns:watcherinfo"
+ version="0" state="full">
+ <watcher-list resource="sip:professor@example.net"
+ package="presence">
+ <watcher status="active"
+ id="8ajksjda7s"
+ duration-subscribed="509"
+ event="approved">sip:userA@example.net</watcher>
+ <watcher status="pending"
+ id="hh8juja87s997-ass7"
+ display-name="Mr. Subscriber"
+ event="subscribe">sip:userB@example.org</watcher>
+ </watcher-list>
+ </watcherinfo>
+
+ Figure 3: Example XML Document
+
+ Assuming that the default document namespace for this application
+ usage is "urn:ietf:params:xml:ns:watcherinfo", the node selector
+ watcherinfo/watcher-list/watcher[@id="8ajksjda7s"] would select the
+ following XML element:
+
+ <watcher status="active"
+ id="8ajksjda7s"
+ duration-subscribed="509"
+ event="approved">sip:userA@example.net</watcher>
+
+6.4. Namespace Bindings for the Selector
+
+ In order to expand the namespace prefixes used in the node selector,
+ a set of bindings from those namespace prefixes to namespace URI must
+ be used. Those bindings are contained in the query component of the
+ URI. If no query component is present, it means that only the
+ default document namespace (as identified by the application usage)
+ is defined. The query component is formatted as a valid xpointer
+ expression [5] after suitable URI encoding as defined in Section 4.1
+ of the Xpointer framework. This xpointer expression SHOULD only
+ contain expressions from the xmlns() scheme [4]. A server compliant
+ to this specification MUST ignore any xpointer expressions not from
+ the xmlns() scheme. The xmlns() xpointer expressions define the set
+ of namespace bindings in use for evaluating the URI.
+
+ Note that xpointer expressions were originally designed for usage
+ within fragment identifiers of URIs. However, within XCAP, they are
+ used within query components of URIs.
+
+
+
+Rosenberg Standards Track [Page 23]
+
+RFC 4825 XCAP May 2007
+
+
+ The following example shows a more complex matching operation, this
+ time including the usage of namespace bindings. Consider the
+ following document:
+
+ <?xml version="1.0"?>
+ <foo xmlns="urn:test:default-namespace">
+ <ns1:bar xmlns:ns1="urn:test:namespace1-uri"
+ xmlns="urn:test:namespace1-uri">
+ <baz/>
+ <ns2:baz xmlns:ns2="urn:test:namespace2-uri"/>
+ </ns1:bar>
+ <ns3:hi xmlns:ns3="urn:test:namespace3-uri">
+ <there/>
+ </ns3:hi>
+ </foo>
+
+ Assume that this document has a document URI of
+ "http://xcap.example.com/test/users/sip:joe@example.com/index", where
+ "test" is the application usage. This application usage defines a
+ default document namespace of "urn:test:default-namespace". The XCAP
+ URI:
+
+ http://xcap.example.com/test/users/sip:joe@example.com/index/
+ ~~/foo/a:bar/b:baz?xmlns(a=urn:test:namespace1-uri)
+ xmlns(b=urn:test:namespace1-uri)
+
+ will select the first <baz> child element of the <bar> element in the
+ document. The XCAP URI:
+
+ http://xcap.example.com/test/users/sip:joe@example.com/index/
+ ~~/foo/a:bar/b:baz?xmlns(a=urn:test:namespace1-uri)
+ xmlns(b=urn:test:namespace2-uri)
+
+ will select the second <baz> child element of the <bar> element in
+ the document. The following XCAP URI will also select the second
+ <baz> child element of the <bar> element in the document:
+
+ http://xcap.example.com/test/users/sip:joe@example.com/index/
+ ~~/d:foo/a:bar/b:baz?xmlns(a=urn:test:namespace1-uri)
+ xmlns(b=urn:test:namespace2-uri)
+ xmlns(d=urn:test:default-namespace)
+
+7. Client Operations
+
+ An XCAP client is an HTTP/1.1 compliant client. Specific data
+ manipulation tasks are accomplished by invoking the right set of HTTP
+ methods with the right set of headers on the server. This section
+ describes those in detail.
+
+
+
+Rosenberg Standards Track [Page 24]
+
+RFC 4825 XCAP May 2007
+
+
+ In all cases where the client modifies a document, by deleting or
+ inserting a document, element or attribute resource, the client
+ SHOULD verify that, if the operation were to succeed, the resulting
+ document would meet the data constraints defined by the application
+ usage, including schema validation. For example, if the client
+ performs a PUT operation to "http://xcap.example.com/rls-services/
+ users/sip:joe@example.com/mybuddies", rls-services is the application
+ unique ID, and the constraints defined by it SHOULD be followed.
+
+ The client will know what URI to use based on the naming conventions
+ described by the application usage.
+
+ If the document, after modification, does not meet the data
+ constraints, the server will reject it with a 409. The 409 response
+ may contain an XML body, formatted according to the schema in
+ Section 11.2, which provides further information on the nature of the
+ error. The client MAY use this information to try and alter the
+ request so that, this time, it might succeed. The client SHOULD NOT
+ simply retry the request without changing some aspect of it.
+
+ In some cases, the application usage will dictate a uniqueness
+ constraint that the client cannot guarantee on its own. One such
+ example is that a URI has to be unique within a domain. Typically,
+ the client is not the owner of the domain, and so it cannot be sure
+ that a URI is unique. In such a case, the client can either generate
+ a sufficiently random identifier, or it can pick a "vanity"
+ identifier in the hopes that it is not taken. In either case, if the
+ identifier is not unique, the server will reject the request with a
+ 409 and suggest alternatives that the client can use to try again.
+ If the server does not suggest alternatives, the client SHOULD
+ attempt to use random identifiers with increasing amounts of
+ randomness.
+
+ HTTP also specifies that PUT and DELETE requests are idempotent.
+ This means that, if the client performs a PUT on a document and it
+ succeeds, it can perform the same PUT, and the resulting document
+ will look the same. Similarly, when a client performs a DELETE, if
+ it succeeds, a subsequent DELETE to the same URI will generate a 404;
+ the resource no longer exists on the server since it was deleted by
+ the previous DELETE operation. To maintain this property, the client
+ SHOULD construct its URIs such that, after the modification has taken
+ place, the URI in the request will point to the resource just
+ inserted for PUT (i.e., the body of the request), and will point to
+ nothing for DELETE. If this property is maintained, it is the case
+ that GET to the URI in the PUT will return the same content (i.e.,
+ GET(PUT(X)) == x). This property implies idempotency. Although a
+ request can still be idempotent if it does not possess this property,
+ XCAP does not permit such requests. If the client's request does not
+
+
+
+Rosenberg Standards Track [Page 25]
+
+RFC 4825 XCAP May 2007
+
+
+ have this property, the server will reject the request with a 409 and
+ indicate a cannot-insert error condition.
+
+ If the result of the PUT is a 200 or 201 response, the operation was
+ successful. Other response codes to any request, such as a
+ redirection, are processed as per RFC 2616 [6].
+
+7.1. Create or Replace a Document
+
+ To create or replace a document, the client constructs a URI that
+ references the location where the document is to be placed. This URI
+ MUST be a document URI, and therefore contain the XCAP root and
+ document selector. The client then invokes a PUT method on that URI.
+
+ The MIME content type MUST be the type defined by the application
+ usage. For example, it would be "application/rls-services+xml" for
+ an RLS services [22] document, and not "application/xml".
+
+ If the Request-URI identifies a document that already exists in the
+ server, the PUT operation replaces that document with the content of
+ the request. If the Request-URI does not identify an existing
+ document, the document is created on the server at that specific URI.
+
+7.2. Delete a Document
+
+ To delete a document, the client constructs a URI that references the
+ document to be deleted. This URI MUST be a document URI. The client
+ then invokes a DELETE operation on the URI to delete the document.
+
+7.3. Fetch a Document
+
+ As one would expect, fetching a document is trivially accomplished by
+ performing an HTTP GET request with the Request URI set to the
+ document URI.
+
+7.4. Create or Replace an Element
+
+ To create or replace an XML element within an existing document, the
+ client constructs a URI whose document selector points to the
+ document to be modified. The node selector MUST be present in the
+ URI, delimited from the document selector with the node selector
+ separator. The query component MUST be present if the node selector
+ makes use of namespace prefixes, in which case, the xmlns()
+ expressions in the query component MUST define those prefixes. To
+ create this element within the document, the node selector is
+ constructed such that it is a no-match against the current document,
+ but if the element in the body of the request was added to the
+ document as desired by the client, the node selector would select
+
+
+
+Rosenberg Standards Track [Page 26]
+
+RFC 4825 XCAP May 2007
+
+
+ that element. To replace an element in the document, the node
+ selector is constructed so that it is a match against the element in
+ the current document to be replaced, as well as a match to the new
+ element (present in the body of the PUT request) that is to replace
+ it.
+
+ Oftentimes, the client will wish to insert an element into a document
+ in a certain position relative to other children of the same parent.
+ This is called a positional insertion. They often arise because the
+ schema constrains where the element can occur, or because ordering of
+ elements is significant within the schema. To accomplish this, the
+ client can use a node selector of the following form:
+
+ parent/*[position][unique-attribute-value]
+
+ Here, "parent" is an expression for the parent of the element to be
+ inserted. "position" is the position amongst the existing child
+ elements of this parent where the new element is to be inserted.
+ "unique-attribute-value" is an attribute name and value for the
+ element to be inserted, which is different from the current element
+ in "position". The second predicate is needed so that the overall
+ expression is a no-match when evaluated against the current children.
+ Otherwise, the PUT would replace the existing element in that
+ position. Note that in addition to wildcard "*" a QName can also be
+ used as a node test. The insert logic is described in more detail in
+ Section 8.2.3.
+
+ Consider the example document in Figure 3. The client would like to
+ insert a new <watcher> element as the second element underneath
+ <watcher-list>. However, it cannot just PUT to a URI with the
+ watcherinfo/watcher-list/*[2] node selector; this node selector would
+ select the existing second child element of <watcher-list> and
+ replace it. Thus, the PUT has to be made to a URI with watcherinfo/
+ watcher-list/*[2][@id="hhggff"] as the node selector, where "hhggff"
+ is the value of the "id" attribute of the new element to be inserted.
+ This node-selector is a no-match against the current document, and
+ would be a match against the new element if it was inserted as the
+ second child element of <watcher-list>.
+
+ The "*" indicates that all element children of <watcher-info> are to
+ be considered when computing the position for insertion. If, instead
+ of a wildcard *, an element name (QName) was present, the expression
+ above would insert the new element as the position-th element amongst
+ those with the same expanded name (see Section 8.2.3 for a discussion
+ on insertion rules).
+
+ Once the client constructs the URI, it invokes the HTTP PUT method.
+ The content in the request MUST be an XML element. Specifically, it
+
+
+
+Rosenberg Standards Track [Page 27]
+
+RFC 4825 XCAP May 2007
+
+
+ contains the element, starting with the opening bracket for the begin
+ tag for that element, including the attributes and content of that
+ element (whether it be text or other child elements), and ending with
+ the closing bracket for the end tag for that element. The MIME type
+ in the request MUST be "application/xcap-el+xml", defined in
+ Section 15.2.1. If the node selector, when evaluated against the
+ current document, results in a no-match, the server performs a
+ creation operation. If the node selector, when evaluated against the
+ current document, is a match for an element in the current document,
+ the server replaces it with the content of the PUT request. This
+ replacement is complete; that is, the old element (including its
+ attributes, namespace declarations and content: text, element,
+ comment and processing instruction nodes) are removed, and the new
+ one, including its attributes, namespace declarations and content, is
+ put in its place.
+
+ To be certain that element insertions have the GET(PUT(x))==x
+ property, the client can check that the attribute predicates in the
+ final path segment of the URI match the attributes of the element in
+ the body of the request. As an example of a request that would not
+ have this property, and therefore would not be idempotent, consider
+ the following PUT request (URIs are line-folded for readability):
+
+ PUT
+ /rls-services/users/sip:bill@example.com/index/~~/rls-services/
+ service%5b@uri=%22sip:good-friends@example.com%22%5d
+ HTTP/1.1
+ Content-Type:application/xcap-el+xml
+ Host: xcap.example.com
+
+ <service uri="sip:mybuddies@example.com">
+ <resource-list>http://xcap.example.com/resource-lists/users
+ /sip:joe@example.com/index/~~/resource-lists/list%5b@name=%22l1%22%5d
+ </resource-list>
+ <packages>
+ <package>presence</package>
+ </packages>
+ </service>
+
+ This request will fail with a 409. The Request URI contains a final
+ path segment with a predicate based on attributes:
+ @uri="sip:good-friends@example.com". However, this will not match
+ the value of the "uri" attribute in the element in the body
+ (sip:mybuddies@example.com).
+
+ The GET(PUT(x))==x property introduces some limitations on the types
+ of operations possible. It will not be possible to replace an
+ element with one that has a new value for an attribute that is the
+
+
+
+Rosenberg Standards Track [Page 28]
+
+RFC 4825 XCAP May 2007
+
+
+ sole unique element identifier, if the URI contained a node selector
+ that was using the previous value of that attribute for purposes of
+ selecting the element. This is exactly the use case in the example
+ above. To get around this limitation, the selection can be done by
+ position instead of attribute value, or the parent of the element to
+ be replaced can be selected, and then the body of the PUT operation
+ would contain the parent, the child to be replaced, and all other
+ siblings.
+
+7.5. Delete an Element
+
+ To delete an element from a document, the client constructs a URI
+ whose document selector points to the document containing the element
+ to be deleted. The node selector MUST identify a single element.
+ The node selector MUST be present following the node selector
+ separator, and identify the specific element to be deleted.
+ Furthermore, the node selector MUST match no element after the
+ deletion of the target element. This is required to maintain the
+ idempotency property of HTTP deletions. The query component MUST be
+ present if the node selector makes use of namespace prefixes, in
+ which case the xmlns() expressions in the query component MUST define
+ those prefixes.
+
+ If the client wishes to delete an element in a specific position,
+ this is referred to as a positional deletion. Like a positional
+ insertion, the node selector has the following form:
+
+ parent/*[position][unique-attribute-value]
+
+ Where "parent" is an expression for the parent of the element to be
+ deleted, "position" is the position of the element to be deleted
+ amongst the existing child elements of this parent, and "unique-
+ attribute-value" is an attribute name and value for the element to be
+ deleted, where this attribute name and value are different than any
+ of the siblings of the element.
+
+ Positional deletions without using a unique attribute name and value
+ are possible, but only in limited cases where idempotency is
+ guaranteed. In particular, if a DELETE operation refers to an
+ element by name and position alone (parent/elname[n]), this is
+ permitted only when the element to be deleted is the last element
+ amongst all its siblings with that name. Similarly, if a DELETE
+ operation refers to an element by position alone (parent/*[n]), this
+ is permitted only when the element to be deleted is the last amongst
+ all sibling elements, regardless of name.
+
+ The client then invokes the HTTP DELETE method. The server will
+ remove the element from the document (including its attributes,
+
+
+
+Rosenberg Standards Track [Page 29]
+
+RFC 4825 XCAP May 2007
+
+
+ namespace declarations, and its descendant nodes, such as any
+ children).
+
+7.6. Fetch an Element
+
+ To fetch an element of a document, the client constructs a URI whose
+ document selector points to the document containing the element to be
+ fetched. The node selector MUST be present following the node
+ selector separator, and must identify the element to be fetched. The
+ query component MUST be present if the node selector makes use of
+ namespace prefixes, in which case the xmlns() expressions in the
+ query component MUST define those prefixes.
+
+ The client then invokes the GET method. The 200 OK response will
+ contain that XML element. Specifically, it contains the content of
+ the XML document, starting with the opening bracket for the begin tag
+ for that element, and ending with the closing bracket for the end tag
+ for that element. This will, as a result, include all attributes,
+ namespace declarations and descendant nodes: elements, comments,
+ text, and processing instructions of that element.
+
+7.7. Create or Replace an Attribute
+
+ To create or replace an attribute in an existing element of a
+ document, the client constructs a URI whose document selector points
+ to the document to be modified. The node selector, following the
+ node selector separator, MUST be present. The node selector MUST be
+ constructed such that, if the attribute was created or replaced as
+ desired, the node selector would select that attribute. If the node
+ selector, when evaluated against the current document, results in a
+ no-match, it is a creation operation. If it matches an existing
+ attribute, it is a replacement operation. The query component MUST
+ be present if the node selector makes use of namespace prefixes, in
+ which case the xmlns() expressions in the query component MUST define
+ those prefixes.
+
+ The client then invokes the HTTP PUT method. The content defined by
+ the request MUST be the value of the attribute, compliant to the
+ grammar for AttValue as defined in XML 1.0 [1]. Note that, unlike
+ when AttValue is present in the URI, there is no percent-encoding of
+ the body. This request MUST be sent with the Content-Type of
+ "application/xcap-att+xml" as defined in Section 15.2.2. The server
+ will add the attribute such that, if the node selector is evaluated
+ on the resulting document, it will return the attribute present in
+ the request.
+
+ To be certain that attribute insertions have the GET(PUT(x))==x
+ property, the client can check that any attribute predicate in the
+
+
+
+Rosenberg Standards Track [Page 30]
+
+RFC 4825 XCAP May 2007
+
+
+ path segment that selects the element into which the attribute is
+ inserted, matches a different attribute than the one being inserted
+ by the request. As an example of a request that would not have this
+ property, and therefore would not be idempotent, consider the
+ following PUT request (URIs are line-folded for readability):
+
+ PUT
+ /rls-services/users/sip:bill@example.com/index/~~/rls-services
+ /service%5b@uri=%22sip:good-friends@example.com%22%5d/@uri
+ HTTP/1.1
+ Content-Type:application/xcap-att+xml
+ Host: xcap.example.com
+
+ "sip:bad-friends@example.com"
+
+ This request will fail with a 409.
+
+ As with element insertions and replacements, the GET(PUT(x))==x
+ property introduces limitations on attribute replacements. It will
+ not be possible to replace the attribute value of an attribute, when
+ that attribute is the sole unique element identifier, and the URI
+ contains a node selector that uses the previous value of the
+ attribute to select the affected element. This is the use case in
+ the example above. Instead, the element can be selected
+ positionally, or its entire parent replaced.
+
+7.8. Delete an Attribute
+
+ To delete an attribute from the document, the client constructs a URI
+ whose document selector points to the document containing the
+ attribute to be deleted. The node selector MUST be present following
+ the node selector separator, and evaluate to an attribute in the
+ document to be deleted. The query component MUST be present if the
+ node selector makes use of namespace prefixes, in which case the
+ xmlns() expressions in the query component MUST define those
+ prefixes.
+
+ The client then invokes the HTTP DELETE method. The server will
+ remove the attribute from the document.
+
+7.9. Fetch an Attribute
+
+ To fetch an attribute of a document, the client constructs a URI
+ whose document selector points to the document containing the
+ attribute to be fetched. The node selector MUST be present following
+ the node selector separator, containing an expression identifying the
+ attribute whose value is to be fetched. The query component MUST be
+ present if the node selector makes use of namespace prefixes, in
+
+
+
+Rosenberg Standards Track [Page 31]
+
+RFC 4825 XCAP May 2007
+
+
+ which case the xmlns() expressions in the query component MUST define
+ those prefixes.
+
+ The client then invokes the GET method. The 200 OK response will
+ contain an "application/xcap-att+xml" document with the specified
+ attribute, formatted according to the grammar of AttValue as defined
+ in the XML 1.0 specifications.
+
+7.10. Fetch Namespace Bindings
+
+ If a client wishes to insert an element or attribute into a document,
+ and that element or attribute is part of a namespace declared
+ elsewhere in the document, the client will need to know the namespace
+ bindings in order to construct the XML content in the request. If
+ the client has a cached copy of the document, it will know the
+ bindings. However, if it doesn't have the whole document cached, it
+ can be useful to fetch just the bindings that are in scope for an
+ element, in order to construct a subsequent PUT request.
+
+ To get those bindings, the client constructs a URI whose document
+ selector points to the document containing the element whose
+ namespace bindings are to be fetched. The node selector MUST be
+ present following the node selector separator, containing an
+ expression identifying the desired namespace bindings. The query
+ component MUST be present if the node selector makes use of namespace
+ prefixes, in which case the xmlns() expressions in the query
+ component MUST define those prefixes.
+
+ The client then invokes the GET method. The 200 OK response will
+ contain an "application/xcap-ns+xml" document with the namespace
+ definitions. The format for this document is defined in Section 10.
+
+ A client cannot set the namespace prefixes in scope for an element.
+ As such, a node selector that identifies namespace prefixes MUST NOT
+ appear in a PUT or DELETE request.
+
+7.11. Conditional Operations
+
+ The HTTP specification defines several header fields that can be used
+ by a client to make the processing of the request conditional. In
+ particular, the If-None-Match and If-Match header fields allow a
+ client to make them conditional on the current value of the entity
+ tag for the resource. These conditional operations are particularly
+ useful for XCAP resources.
+
+ For example, it is anticipated that clients will frequently wish to
+ cache the current version of a document. So, when the client starts
+ up, it will fetch the current document from the server and store it.
+
+
+
+Rosenberg Standards Track [Page 32]
+
+RFC 4825 XCAP May 2007
+
+
+ When it does so, the GET response will contain the entity tag for the
+ document resource. Each resource within a document maintained by the
+ server will share the same value of the entity tag. As a result, the
+ entity tag returned by the server for the document resource is
+ applicable to element and attribute resources within the document.
+
+ If the client wishes to insert or modify an element or attribute
+ within the document, but it wants to be certain that the document
+ hasn't been modified since the client last operated on it, it can
+ include an If-Match header field in the request, containing the value
+ of the entity tag known to the client for all resources within the
+ document. If the document has changed, the server will reject this
+ request with a 412 response. In that case, the client will need to
+ flush its cached version, fetch the entire document, and store the
+ new entity tag returned by the server in the 200 OK to the GET
+ request. It can then retry the request, placing the new entity tag
+ in the If-Match header field. If this succeeds, the Etag header
+ field in the response to PUT contains the entity tag for the resource
+ that was just inserted or modified. Because all resources in a
+ document share the same value for their entity tag, this entity tag
+ value can be applied to the modification of other resources.
+
+ A client can also conditionally delete elements or attributes by
+ including an If-Match header field in DELETE requests. Note that the
+ 200 OK responses to a DELETE will contain an Etag header field,
+ containing the entity tag for all of the other resources in the
+ document, even though the resource identified by the DELETE request
+ no longer exists.
+
+ When a client uses conditional PUT and DELETE operations, it can
+ apply those changes to its local cached copy, and update the value of
+ the entity tag for the locally cached copy based on the Etag header
+ field returned in the response. As long as no other clients try to
+ modify the document, the client will be able to perform conditional
+ operations on the document without ever having to perform separate
+ GET operations to synchronize the document and its entity tags with
+ the server. If another client tries to modify the document, this
+ will be detected by the conditional mechanisms, and the client will
+ need to perform a GET to resynchronize its copy unless it has some
+ other means to learn about the change.
+
+ If a client does not perform a conditional operation, but did have a
+ cached copy of the document, that cached copy will become invalid
+ once the operation is performed (indeed, it may have become invalid
+ even beforehand). Unconditional operations should only be performed
+ by clients when knowledge of the entire document is not important for
+ the operation to succeed.
+
+
+
+
+Rosenberg Standards Track [Page 33]
+
+RFC 4825 XCAP May 2007
+
+
+ As another example, a when a client fetches a document, and there is
+ an older version cached, it is useful for clients to use a
+ conditional GET in order to reduce network usage if the cached copy
+ is still valid. This is done by including, in the GET request, the
+ If-None-Match header field with a value equal to the current etag
+ held by the client for the document. The server will only generate a
+ 200 OK response if the etag held by the server differs than that held
+ by the client. If it doesn't differ, the server will respond with a
+ 304 response.
+
+8. Server Behavior
+
+ An XCAP server is an HTTP/1.1 compliant origin server. The behaviors
+ mandated by this specification relate to the way in which the HTTP
+ URI is interpreted and the content is constructed.
+
+ An XCAP server MUST be explicitly aware of the application usage
+ against which requests are being made. That is, the server must be
+ explicitly configured to handle URIs for each specific application
+ usage, and must be aware of the constraints imposed by that
+ application usage.
+
+ When the server receives a request, the treatment depends on the URI.
+ If the URI refers to an application usage not understood by the
+ server, the server MUST reject the request with a 404 (Not Found)
+ response. If the URI refers to a user (identified by an XUI) that is
+ not recognized by the
+ server, it MUST reject the request with a 404 (Not Found). If the
+ URI includes extension-selectors that the server doesn't understand,
+ it MUST reject the request with a 404 (Not Found).
+
+ Next, the server authenticates the request. All XCAP servers MUST
+ implement HTTP Digest [11]. Furthermore, servers MUST implement HTTP
+ over TLS, RFC 2818 [14]. It is RECOMMENDED that administrators use
+ an HTTPS URI as the XCAP root URI, so that the digest client
+ authentication occurs over TLS.
+
+ Next, the server determines if the client has authorization to
+ perform the requested operation on the resource. The application
+ usage defines the authorization policies. An application usage may
+ specify that the default is used. This default is described in
+ Section 5.7.
+
+ Next, the server makes sure that it can properly evaluate the request
+ URI. The server MUST separate the document selector from the node
+ selector, by splitting the URI at the first instance of the node
+ selector separator ("~~"). The server MUST check the node selector
+ in the request URI, if present. If any qualified names are present
+
+
+
+Rosenberg Standards Track [Page 34]
+
+RFC 4825 XCAP May 2007
+
+
+ that use a namespace prefix, and that prefix is not defined in an
+ xmlns() expression in the query component of the request URI, the
+ server MUST reject the request with a 400 response.
+
+ After checking the namespace prefix definitions, the specific
+ behavior depends on the method and what the URI refers to.
+
+8.1. POST Handling
+
+ XCAP resources do not represent processing scripts. As a result,
+ POST operations to HTTP URIs representing XCAP resources are not
+ defined. A server receiving such a request for an XCAP resource
+ SHOULD return a 405.
+
+8.2. PUT Handling
+
+ The behavior of a server in receipt of a PUT request is as specified
+ in HTTP/1.1, Section 9.6 -- the content of the request is placed at
+ the specified location. This section serves to define the notion of
+ "placement" and "specified location" within the context of XCAP
+ resources.
+
+ If the request URI contained a namespace-selector, the server MUST
+ reject the request with a 405 (Method Not Allowed) and MUST include
+ an Allow header field including the GET method.
+
+8.2.1. Locating the Parent
+
+ The first step the server performs is to locate the parent, whether
+ it is a directory or element, in which the resource is to be placed.
+ To do that, the server removes the last path segment from the URI.
+ The rest of the URI refers to the parent. This parent can be a
+ document, element, or prefix of a document selector (called a
+ directory, even though this specification does not mandate that
+ documents are actually stored in a filesystem). This URI is called
+ the parent URI. The path segment that was removed is called the
+ target selector, and the node (element, document, or attribute) it
+ describes is called the target node.
+
+ If the parent URI has no node selector separator, it is referring to
+ the directory into which the document should be inserted. In normal
+ XCAP operations, this will be either the user's home directory or the
+ global directory, which will always exist on the server. However, if
+ an application usage is making use of subdirectories (despite the
+ fact that this is not recommended), it is possible that the directory
+ into which the document should be inserted does not exist. In this
+ case, the server MUST return a 409 response, and SHOULD include a
+ detailed conflict report including the <no-parent> element. Detailed
+
+
+
+Rosenberg Standards Track [Page 35]
+
+RFC 4825 XCAP May 2007
+
+
+ conflict reports are discussed in Section 11. If the directory does
+ exist, the server checks to see if there is a document with the same
+ filename as the target node. If there is, the operation is the
+ replacement operation, discussed in Section 8.2.4. If it does not
+ exist, it is the creation operation discussed in Section 8.2.3.
+
+ If the parent URI has a node selector separator, the document
+ selector is extracted, and that document is retrieved. If the
+ document does not exist, the server MUST return a 409 response, and
+ SHOULD include a detailed conflict report including the <no-parent>
+ element. If it does exist, the node selector is extracted and
+ decoded (recall that the node selector is percent-encoded). The node
+ selector is applied to the document based on the matching operations
+ discussed in Section 6.3. If the result is a no-match or invalid,
+ the server MUST return a 409 response, and SHOULD include a detailed
+ conflict report including the <no-parent> element.
+
+ If the node-selector is valid, the server examines the target
+ selector, and evaluates it within the context of the parent node. If
+ the target node exists within the parent, the operation is a
+ replacement, as described in Section 8.2.4. If it does not exist, it
+ is the creation operation, discussed in Section 8.2.3.
+
+ Before performing the replacement or creation, as determined based on
+ the logic above, the server validates the content of the request as
+ described in Section 8.2.2.
+
+8.2.2. Verifying Document Content
+
+ If the PUT request is for a document (the request URI had no node
+ selector separator), the content of the request body has to be a
+ well-formed XML document. If it is not, the server MUST reject the
+ request with a 409 response code. That response SHOULD include a
+ detailed conflict report including the <not-well-formed> element. If
+ the document is well-formed but not UTF-8 encoded, the server MUST
+ reject the request with a 409 response code. That response SHOULD
+ include a detailed conflict report including the <not-utf-8> element.
+ If the MIME type in the Content-Type header field of the request is
+ not equal to the MIME type defined for the application usage, the
+ server MUST reject the request with a 415.
+
+ If the PUT request is for an element, the content of the request body
+ has to be a well-balanced region of an XML document, also known as an
+ XML fragment body in The XML Fragment Interchange [23] specification,
+ including only a single element. If it is not, the server MUST
+ reject the request with a 409 response code. That response SHOULD
+ include a detailed conflict report including the <not-xml-frag>
+ element. If the fragment body is well-balanced but contains
+
+
+
+Rosenberg Standards Track [Page 36]
+
+RFC 4825 XCAP May 2007
+
+
+ characters outside of the UTF-8 character set, the server MUST reject
+ the request with a 409 response code. That response SHOULD include a
+ detailed conflict report including the <not-utf-8> element. If the
+ MIME type in the Content-Type header field of the request is not
+ equal to "application/xcap-el+xml", the server MUST reject the
+ request with a 415.
+
+ If the PUT request is for an attribute, the content of the request
+ body has to be a sequence of characters that comply with the grammar
+ for AttValue as defined above. If it is not, the server MUST reject
+ the request with a 409 response code. That response SHOULD include a
+ detailed conflict report including the <not-xml-att-value> element.
+ If the attribute value is valid but contains characters outside of
+ the UTF-8 character set, the server MUST reject the request with a
+ 409 response code. That response SHOULD include a detailed conflict
+ report including the <not-utf-8> element.If the MIME type in the
+ Content-Type header field of the request is not equal to
+ "application/xcap-att+xml", the server MUST reject the request with a
+ 415.
+
+8.2.3. Creation
+
+ The steps in this sub-section are followed if the PUT request will
+ result in the creation of a new document, element, or attribute.
+
+ If the PUT request is for a document, the content of the request body
+ is placed into the directory, and its filename is associated with the
+ target node, which is a document.
+
+ If the PUT request is for an element, the server inserts the content
+ of the request body as a new child element of the parent element
+ selected in Section 8.2.1. The insertion is done such that the
+ request URI, when evaluated, would now point to the element that was
+ inserted. There exist three possible ways in which new elements are
+ positioned.
+
+ First, if there were no other sibling elements with the same expanded
+ name, and the insertion is not positionally constrained, the new
+ element is inserted such that it is the last element amongst all
+ element siblings. Furthermore, if there were comment, text, or
+ processing instruction nodes after the former last element, they MUST
+ occur prior to the insertion of the new element. This case occurs
+ when one of the following are true:
+
+ o The element name in the target selector is not wildcarded. There
+ could be an attribute selector (in which case, it would have to
+ match an attribute of the element being inserted), and the
+ position in the target selector will either be absent or have a
+
+
+
+Rosenberg Standards Track [Page 37]
+
+RFC 4825 XCAP May 2007
+
+
+ value of 1 (a value greater than 1 would always result in
+ rejection of the request, since this is the first element with the
+ given name underneath the parent).
+
+ o The element name in the target selector is wildcarded, but there
+ are no other elements underneath the same parent. There could be
+ an attribute selector (in which case, it would have to match an
+ attribute of the element being inserted), and the position in the
+ target selector will either be absent or have a value of 1 (a
+ value greater than 1 would always result in rejection of the
+ request, since this is the first element underneath the parent).
+
+ o The element name in the target selector is wildcarded, and there
+ are other elements underneath the same parent. However, there is
+ an attribute selector that matches none of the attributes in the
+ other sibling elements underneath the parent, but does match an
+ attribute of the element to be inserted. The position in the
+ target selector is absent.
+
+ Secondly, if there were sibling elements with the same name already
+ in the document, but the insertion is positionally unconstrained, the
+ server MUST insert the element such that it is in the "earliest last"
+ position. "Earliest last" means that the new element MUST be
+ inserted so that there are no elements after it with the same
+ expanded name, and for all insertion positions where this is true, it
+ is inserted such that as many sibling nodes (element, comment, text,
+ or processing instruction) appear after it as possible. This case
+ occurs when the target selector is defined by a by-name or by-attr
+ production, and there is no position indicated.
+
+ Lastly, if the element is positionally constrained, the server MUST
+ insert the element so that it is in the "earliest nth" position.
+ When n>1 and NameofAny is not a wildcard, the element MUST be
+ inserted so that there are n-1 sibling elements before it with the
+ same expanded name. If there are not n-1 sibling elements with the
+ same expanded name, the request will fail. When n>1 and NameorAny is
+ a wildcard, the element MUST be inserted so that there are n-1
+ sibling elements before it, each of which can have any expanded name.
+ If there are not n-1 sibling elements in the document, the request
+ will fail. In both of these cases, the new element is inserted such
+ that as many sibling nodes appear after it as possible. When n=1 and
+
+ NameorAny is not a wildcard, the insertion is positionally
+ constrained when an element with the same expanded name already
+ appears as a child of the same parent. In this case, the new element
+ MUST appear just before the existing first element with this same
+ expanded name. When n=1 and NameorAny is wildcarded, the insertion
+ is positionally constrained when there is also an attribute selector
+
+
+
+Rosenberg Standards Track [Page 38]
+
+RFC 4825 XCAP May 2007
+
+
+ that didn't match the first sibling of the parent (if it did match,
+ or was absent, this wouldn't have been an insertion). In this case,
+ the new element MUST appear just before all existing elements,
+ regardless of their expanded name.
+
+ In practice, this insertion logic keeps elements with the same
+ expanded names closely together. This simplifies the application
+ logic when the content model is described by XML schema with
+ <sequence> rules and maxOccurs="unbounded" cardinalities, like:
+
+ <xs:element name="foobar">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element ref="foo" maxOccurs="unbounded" />
+ <xs:element ref="bar" maxOccurs="unbounded" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ Based on this schema, the document contains some number of <foo>
+ elements followed by some number of <bar> elements. Either <bar> or
+ <foo> elements may easily be added without wildcards and positional
+ constraints. Note that if "minOccurs" cardinality of <foo> element
+ were zero and <foo> elements do not yet exist, a positional predicate
+ with the * wildcard must be used.
+
+ The whole insert logic is best described by complete examples.
+ Consider the following document:
+
+ <?xml version="1.0"?>
+ <root>
+ <el1 att="first"/>
+ <el1 att="second"/>
+ <!-- comment -->
+ <el2 att="first"/>
+ </root>
+
+ A PUT request whose content is <el1 att="third"/> and whose node
+ selector is root/el1[@att="third"] would result in the following
+ document:
+
+ <?xml version="1.0"?>
+ <root>
+ <el1 att="first"/>
+ <el1 att="second"/><el1 att="third"/>
+ <!-- comment -->
+ <el2 att="first"/>
+ </root>
+
+
+
+Rosenberg Standards Track [Page 39]
+
+RFC 4825 XCAP May 2007
+
+
+ Notice how it has been inserted as the third <el1> element in the
+ document, and just before the comment and whitespace nodes. It would
+ have been inserted in exactly the same place if the node selector had
+ been root/el1[3][@att="third"] or root/*[3][@att="third"].
+
+ If the content of the request had been <el3 att="first"/> and the
+ node selector was root/el3, it would result in the following
+ document:
+
+ <?xml version="1.0"?>
+ <root>
+ <el1 att="first"/>
+ <el1 att="second"/>
+ <!-- comment -->
+ <el2 att="first"/>
+ <el3 att="first"/></root>
+
+ A PUT request whose content is <el2 att="2"/> and whose node selector
+ is root/el2[@att="2"] would result in the following document:
+
+ <?xml version="1.0"?>
+ <root>
+ <el1 att="first"/>
+ <el1 att="second"/>
+ <!-- comment -->
+ <el2 att="first"/><el2 att="2"/>
+ </root>
+
+ It would have been inserted in exactly the same place if the node
+ selector had been root/el2[2][@att="2"]. However, a selector root/
+ *[2][@att="2"] would result in the following document:
+
+ <?xml version="1.0"?>
+ <root>
+ <el1 att="first"/><el2 att="2"/>
+ <el1 att="second"/>
+ <!-- comment -->
+ <el2 att="first"/>
+ </root>
+
+
+
+
+
+
+
+
+
+
+
+
+Rosenberg Standards Track [Page 40]
+
+RFC 4825 XCAP May 2007
+
+
+ Lastly, if the node selector had been root/el2[1][@att="2"] the
+ result would be:
+
+ <?xml version="1.0"?>
+ <root>
+ <el1 att="first"/>
+ <el1 att="second"/>
+ <!-- comment -->
+ <el2 att="2"/><el2 att="first"/>
+ </root>
+
+ It is possible that the element cannot be inserted such that the
+ request URI, when evaluated, returns the content provided in the
+ request. Such a request is not allowed for PUT. This happens when
+ the element in the body is not described by the expression in the
+ target selector. An example of this case is described in
+ Section 7.4. If this happens, the server MUST NOT perform the
+ insertion, and MUST reject the request with a 409 response. The body
+ of the response SHOULD contain a detailed conflict report containing
+ the <cannot-insert> element. It is important to note that schema
+ compliance does not play a role while performing the insertion. That
+ is, the decision of where the element gets inserted is dictated
+ entirely by the structure of the request-URI, the current document,
+ and the rules in this specification.
+
+ If the element being inserted (or any of its children) contain
+ namespace declarations, those declarations are retained when the
+ element is inserted, even if those same declarations exist in a
+ parent element after insertion. The XCAP server MUST NOT remove
+ redundant namespace declarations or otherwise change the namespace
+ declarations that were present in the element being inserted.
+
+ If the PUT request is for an attribute, the server inserts the
+ content of the request body as the value of the attribute. The name
+ of the attribute is equal to the att-name from the attribute-selector
+ in the target selector.
+
+ Assuming that the insertion can be accomplished, the server verifies
+ that the insertion results in a document that meets the constraints
+ of the application usage. This is discussed in Section 8.2.5.
+
+8.2.4. Replacement
+
+ The steps in this sub-section are followed if the PUT request will
+ result in the replacement of a document, element, or attribute with
+ the contents of the request.
+
+
+
+
+
+Rosenberg Standards Track [Page 41]
+
+RFC 4825 XCAP May 2007
+
+
+ If the PUT request is for a document, the content of the request body
+ is placed into the directory, replacing the document with the same
+ filename.
+
+ If the PUT request is for an element, the server replaces the target
+ node with the content of the request body. As in the creation case,
+ it is possible that, after replacement, the request URI does not
+ select the element that was just inserted. If this happens, the
+ server MUST NOT perform the replacement, and MUST reject the request
+ with a 409 response. The body of the response SHOULD contain a
+ detailed conflict report containing the <cannot-insert> element.
+
+ As with creation, replacement of an element does not result in the
+ changing or elimination of namespace declarations within the newly
+ modified element.
+
+ If the PUT request is for an attribute, the server sets the value of
+ the selected attribute to the content of the request body. It is
+ possible in the replacement case (but not in the creation case),
+ that, after replacement of the attribute, the request URI no longer
+ selects the attribute that was just replaced. The scenario in which
+ this can happen is discussed in Section 7.7. If this is the case,
+ the server MUST NOT perform the replacement, and MUST reject the
+ request with a 409 response. The body of the response SHOULD contain
+ a detailed conflict report containing the <cannot-insert> element.
+
+8.2.5. Validation
+
+ Once the document, element, or attribute has been tentatively
+ inserted, the server needs to verify that the resulting document
+ meets the data constraints outlined by the application usage.
+
+ First, the server checks that the final document is compliant with
+ the schema. If it is not, the server MUST NOT perform the insertion.
+ It MUST reject the request with a 409 response. That response SHOULD
+ contain a detailed conflict report containing the <schema-validation-
+ error> element. If a schema allows for elements or attributes from
+ other namespaces, and the new document contains elements or
+ attributes from an unknown namespace, the server MUST allow the
+ change. In other words, it is not necessary for an XCAP server to
+ understand the namespaces and corresponding schemas for elements and
+ attributes within a document, as long as the schema itself allows for
+ such elements or attributes to be included. Of course, such unknown
+ namespaces would not be advertised by the server in its XCAP
+ capabilities document, discussed in Section 12.
+
+ If the final document contains elements or attributes from a
+ namespace that the server does understand (and has consequently
+
+
+
+Rosenberg Standards Track [Page 42]
+
+RFC 4825 XCAP May 2007
+
+
+ advertised in its XCAP capabilities document), but the server does
+ not have the schema for that particular element or attribute, the
+ server MUST reject the request with a 409 response. That response
+ SHOULD contain a detailed conflict report containing the <schema-
+ validation-error> element.
+
+ Next, the server checks for any uniqueness constraints identified by
+ the application usage. If the application usage required that a
+ particular element or attribute had a unique value within a specific
+ scope, the server would check that this uniqueness property still
+ exists. If the application usage required that a URI within the
+ document was unique within the domain, the server checks whether it
+ is the case. If any of these uniqueness constraints are not met, the
+ server MUST NOT perform the insertion. It MUST reject the request
+ with a 409 response. That response SHOULD contain a detailed
+ conflict report containing the <uniqueness-failure> element. That
+ element can contain suggested values that the client can use to
+ retry. These SHOULD be values that, at the time the server generates
+ the 409, would meet the uniqueness constraints.
+
+ The server also checks for URI constraints and other non-schema data
+ constraints. If the document fails one of these constraints, the
+ server MUST NOT perform the insertion. It MUST reject the request
+ with a 409 response. That response SHOULD contain a detailed
+ conflict report containing the <constraint-failure> element. That
+ element indicates that the document failed non-schema data
+ constraints explicitly called out by the application usage.
+
+ Element or attribute removals have similar constraints. The server
+ checks the document for schema validity and compliance to constraints
+ defined by the application usage, and rejects the request as
+ described above, if either check fails.
+
+8.2.6. Conditional Processing
+
+ A PUT request for an XCAP resource, like any other HTTP resource, can
+ be made conditional through usage of the If-Match and If-None-Match
+ header fields. For a replacement, these are processed as defined in
+ [6]. For an insertion of an element or attribute, conditional
+ operations are permitted. The entity tag that is used for the
+ procedures in [6] is the one for all of the resources within the same
+ document as the parent of the element or attribute being inserted.
+ One way to think of this is that, logically speaking, upon receipt of
+ the PUT request, the XCAP server instantiates the etag for the
+ resource referenced by the request, and then applies the processing
+ of the request. Because of this behavior, it is not possible to
+ perform a conditional insert on an attribute or element that is
+ conditioned on the operation being an insertion and not a
+
+
+
+Rosenberg Standards Track [Page 43]
+
+RFC 4825 XCAP May 2007
+
+
+ replacement. In other words, a conditional PUT of an element or
+ attribute with an If-None-Match: * will always fail.
+
+8.2.7. Resource Interdependencies
+
+ Because XCAP resources include elements, attributes, and documents,
+ each of which has its own HTTP URI, the creation or modification of
+ one resource affects the state of many others. For example,
+ insertion of a document creates resources on the server for all of
+ the elements and attributes within that document. After the server
+ has performed the insertion associated with the PUT, the server MUST
+ create and/or modify those resources affected by that PUT. The
+ structure of the document completely defines the inter-relationship
+ between those resources.
+
+ However, the application usage can specify other resource inter-
+ dependencies. The server MUST create or modify the resources
+ specified by the application usage.
+
+ If the creation or replacement was successful, and the resource
+ interdependencies are resolved, the server returns a 201 Created or
+ 200 OK, respectively. Note that a 201 Created is generated for
+ creation of new documents, elements, or attributes. A 200 OK
+ response to PUT MUST not contain any content. Per the
+ recommendations of RFC 2616, the 201 can contain a Location header
+ field and entity that identify the resource that was created. An
+ entity tag MUST be included in all successful responses to a PUT.
+
+8.3. GET Handling
+
+ The semantics of GET are as specified in RFC 2616. This section
+ clarifies the specific content to be returned for a particular URI
+ that represents an XCAP resource.
+
+ If the request URI contains only a document selector, the server
+ returns the document specified by the URI if it exists, else returns
+ a 404 response. The MIME type of the body of the 200 OK response
+ MUST be the MIME type defined by that application usage (i.e.,
+ "application/resource-lists+xml").
+
+ If the request URI contains a node selector, the server obtains the
+ document specified by the document selector, and if it is found,
+ evaluates the node-selector within that document. If no document is
+ found, or if the node-selector is a no-match or invalid, the server
+ returns a 404 response. Otherwise, the server returns a 200 OK
+ response. If the node selector identifies an XML element, that
+ element is returned in the 200 OK response as an XML fragment body
+ containing the selected element. The server MUST NOT add namespace
+
+
+
+Rosenberg Standards Track [Page 44]
+
+RFC 4825 XCAP May 2007
+
+
+ bindings representing namespaces used by the element or its children,
+ but declared in ancestor elements; the client will either know these
+ bindings already (since it has a cached copy of the whole document),
+ or it can learn them by explicitly querying for the bindings. The
+ MIME type of the response MUST be "application/xcap-el+xml". If the
+ node selector identifies an XML attribute, the value of that
+ attribute is returned in the body of the response. The MIME type of
+ the response MUST be "application/xcap-att+xml". If the node
+ selector identifies a set of namespace bindings, the server computes
+ the set of namespace bindings in scope for the element (including the
+ default) and encodes it using the "application/xcap-ns+xml" format
+ defined in Section 10. That document is then returned in the body of
+ the response.
+
+ GET operations can be conditional, and follow the procedures defined
+ in [6].
+
+ Note that the GET of a resource that was just PUT might not be octet-
+ for-octet equivalent to what was PUT, due to XML normalization and
+ equivalency rules.
+
+ A successful response to a GET MUST include an entity tag.
+
+8.4. DELETE Handling
+
+ The semantics of DELETE are as specified in RFC 2616. This section
+ clarifies the specific content to be deleted for a particular URI
+ that represents an XCAP resource.
+
+ If the request URI contained a namespace-selector, the server MUST
+ reject the request with a 405 (Method Not Allowed) and MUST include
+ an Allow header field including the GET method.
+
+ If the request URI contains only a document selector, the server
+ deletes the document specified by the URI if it exists and returns a
+ 200 OK, else returns a 404 response.
+
+ If the request URI contains a node selector, the server obtains the
+ document specified by the document selector, and if it is found,
+ evaluates the node-selector within that document. If no document is
+ found, or if the node-selector is a no-match or invalid (note that it
+ will be invalid if multiple elements or attributes are selected), the
+ server returns a 404 response. Otherwise, the server removes the
+ specified element or attribute from the document and performs the
+ validation checks defined in Section 8.2.5. Note that this deletion
+ does not include any white space around the element that was deleted;
+ the XCAP server MUST preserve surrounding whitespace. It is possible
+ that, after deletion, the request URI selects another element in the
+
+
+
+Rosenberg Standards Track [Page 45]
+
+RFC 4825 XCAP May 2007
+
+
+ document. If this happens, the server MUST NOT perform the deletion,
+ and MUST reject the request with a 409 response. The body of the
+ response SHOULD contain a detailed conflict report containing the
+ <cannot-delete> element. If the deletion will cause a failure of one
+ of the constraints, the deletion MUST NOT take place. The server
+ follows the procedures in Section 8.2.5 for computing the 409
+ response. If the deletion results in a document that is still valid,
+ the server MUST perform the deletion, process the resource
+ interdependencies defined by the application usage, and return a 200
+ OK response.
+
+ DELETE operations can be conditional, and follow the procedures
+ defined in [6].
+
+ Before the server returns the 200 OK response to a DELETE, it MUST
+ process the resource interdependencies as defined in Section 8.2.7.
+ As long as the document still exists after the delete operation, any
+ successful response to DELETE MUST include the entity tag of the
+ document.
+
+8.5. Managing Etags
+
+ An XCAP server MUST maintain entity tags for all resources that it
+ maintains. This specification introduces the additional constraint
+ that when one resource within a document (including the document
+ itself) changes, that resource is assigned a new etag, and all other
+ resources within that document MUST be assigned the same etag value.
+ Effectively, there is a single etag for the entire document. An XCAP
+ server MUST include the Etag header field in all 200 or 201 responses
+ to PUT, GET, and DELETE, assuming the document itself still exists
+ after the operation. In the case of a DELETE, the entity tag refers
+ to the value of the entity tag for the document after the deletion of
+ the element or attribute.
+
+ XCAP resources do not introduce new requirements on the strength of
+ the entity tags.
+
+ As a result of this constraint, when a client makes a change to an
+ element or attribute within a document, the response to that
+ operation will convey the entity tag of the resource that was just
+ affected. Since the client knows that this entity tag value is
+ shared by all of the other resources in the document, the client can
+ make conditional requests against other resources using that entity
+ tag.
+
+
+
+
+
+
+
+Rosenberg Standards Track [Page 46]
+
+RFC 4825 XCAP May 2007
+
+
+9. Cache Control
+
+ An XCAP resource is a valid HTTP resource, and therefore, it can be
+ cached by clients and network caches. Network caches, however, will
+ not be aware of the interdependencies between XCAP resources. As
+ such, a change to an element in a document by a client will
+ invalidate other XCAP resources affected by the change. For
+ application usages containing data that is likely to be dynamic or
+ written by clients, servers SHOULD indicate a no-cache directive.
+
+10. Namespace Binding Format
+
+ A node-selector can identify a set of namespace bindings that are in
+ scope for a particular element. In order to convey these bindings in
+ a GET response, a way is needed to encode them.
+
+ Encoding is trivially done by including a single XML element in an
+ XML fragment body. This element has the same local-name as the
+ element whose namespace bindings are desired, and also the same
+ namespace-prefix. The element has an xmlns attribute identifying the
+ default namespace in scope, and an xmlns:prefix declaration for each
+ prefix that is in scope.
+
+ For example, consider the XML document in Section 6.4. The node-
+ selector df:foo/df2:bar/df2:baz/namespace::* will select the
+ namespaces in scope for the <baz> element in the document, assuming
+ the request is accompanied by a query component that contains
+ xmlns(df=urn:test:default-namespace) and
+ xmlns(df2=urn:test:namespace1-uri). A GET containing this node
+ selector and namespace bindings will produce the following result:
+
+ <baz xmlns="urn:test:namespace1-uri"
+ xmlns:ns1="urn:tes:namespace1-uri"/>
+
+ It is important to note that the client does not need to know the
+ actual namespace bindings in order to construct the URI. It does
+ need to know the namespace URI for each element in the node-selector.
+ The namespace bindings present in the query component are defined by
+ the client, mapping those URIs to a set of prefixes. The bindings
+ returned by the server are the actual bindings used in the document.
+
+11. Detailed Conflict Reports
+
+ In cases where the server returns a 409 error response, that response
+ will usually include a document in the body of the response which
+ provides further details on the nature of the error. This document
+ is an XML document, formatted according to the schema of
+
+
+
+
+Rosenberg Standards Track [Page 47]
+
+RFC 4825 XCAP May 2007
+
+
+ Section 11.2. Its MIME type, registered by this specification, is
+ "application/xcap-error+xml".
+
+11.1. Document Structure
+
+ The document structure is simple. It contains the root element
+ <xcap-error>. The content of this element is a specific error
+ condition. Each error condition is represented by a different
+ element. This allows for different error conditions to provide
+ different data about the nature of the error. All error elements
+ support a "phrase" attribute, which can contain text meant for
+ rendering to a human user.
+
+ The following error elements are defined by this specification:
+
+ <not-well-formed>: This indicates that the body of the request was
+ not a well-formed XML document.
+
+ <not-xml-frag>: This indicates that the request was supposed to
+ contain a valid XML fragment body, but did not. Most likely this
+ is because the XML in the body was malformed or not balanced.
+
+ <no-parent>: This indicates that an attempt to insert a document,
+ element, or attribute failed because the directory, document, or
+ element into which the insertion was supposed to occur does not
+ exist. This error element can contain an optional <ancestor>
+ element, which provides an HTTP URI that represents the closest
+ parent that would be a valid point of insertion. This HTTP URI
+ MAY be a relative URI, relative to the document itself. Because
+ this is a valid HTTP URI, its node selector component MUST be
+ percent-encoded.
+
+ <schema-validation-error>: This element indicates that the document
+ was not compliant to the schema after the requested operation was
+ performed.
+
+ <not-xml-att-value>: This indicates that the request was supposed to
+ contain a valid XML attribute value, but did not.
+
+ <cannot-insert>: This indicates that the requested PUT operation
+ could not be performed because a GET of that resource after the
+ PUT would not yield the content of the PUT request.
+
+ <cannot-delete>: This indicates that the requested DELETE operation
+ could not be performed because it would not be idempotent.
+
+
+
+
+
+
+Rosenberg Standards Track [Page 48]
+
+RFC 4825 XCAP May 2007
+
+
+ <uniqueness-failure>: This indicates that the requested operation
+ would result in a document that did not meet a uniqueness
+ constraint defined by the application usage. For each URI,
+ element, or attribute specified by the client that is not unique,
+ an <exists> element is present as the content of the error
+ element. Each <exists> element has a "field" attribute that
+ contains a relative URI identifying the XML element or attribute
+ whose value needs to be unique, but wasn't. The relative URI is
+ relative to the document itself, and will therefore start with the
+ root element. The query component of the URI MUST be present if
+ the node selector portion of the URI contains namespace prefixes.
+ Since the "field" node selector is a valid HTTP URI, it MUST be
+ percent-encoded. The <exists> element can optionally contain a
+ list of <alt-value> elements. Each one is a suggested alternate
+ value that does not currently exist on the server.
+
+ <constraint-failure>: This indicates that the requested operation
+ would result in a document that failed a data constraint defined
+ by the application usage, but not enforced by the schema or a
+ uniqueness constraint.
+
+ <extension>: This indicates an error condition that is defined by an
+ extension to XCAP. Clients that do not understand the content of
+ the extension element MUST discard the xcap-error document and
+ treat the error as an unqualified 409.
+
+ <not-utf-8>: This indicates that the request could not be completed
+ because it would have produced a document not encoded in UTF-8.
+
+ As an example, the following document indicates that the user
+ attempted to create an RLS service using the URI
+ sip:friends@example.com, but that URI already exists:
+
+ <?xml version="1.0" encoding="UTF-8"?>
+ <xcap-error xmlns="urn:ietf:params:xml:ns:xcap-error">
+ <uniqueness-failure>
+ <exists field="rls-services/service/@uri">
+ <alt-value>sip:mybuddies@example.com</alt-value>
+ </exists>
+ </uniqueness-failure>
+ </xcap-error>
+
+
+
+
+
+
+
+
+
+
+Rosenberg Standards Track [Page 49]
+
+RFC 4825 XCAP May 2007
+
+
+11.2. XML Schema
+
+ <?xml version="1.0" encoding="UTF-8"?>
+ <xs:schema targetNamespace="urn:ietf:params:xml:ns:xcap-error"
+ xmlns="urn:ietf:params:xml:ns:xcap-error"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ elementFormDefault="qualified"
+ attributeFormDefault="unqualified">
+
+ <xs:element name="error-element" abstract="true"/>
+ <xs:element name="xcap-error">
+ <xs:annotation>
+ <xs:documentation>Indicates the reason for the error.
+ </xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element ref="error-element"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="extension" substitutionGroup="error-element">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:any namespace="##any" processContents="lax"
+ minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="schema-validation-error"
+ substitutionGroup="error-element">
+ <xs:annotation>
+ <xs:documentation>This element indicates
+ that the document was not compliant to the schema after the requested
+ operation was performed.</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:attribute name="phrase" type="xs:string" use="optional"/>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="not-xml-frag" substitutionGroup="error-element">
+ <xs:annotation>
+ <xs:documentation>This indicates that the request was supposed to
+ contain a valid XML fragment body, but did not.</xs:documentation>
+ </xs:annotation>
+
+
+
+Rosenberg Standards Track [Page 50]
+
+RFC 4825 XCAP May 2007
+
+
+ <xs:complexType>
+ <xs:attribute name="phrase" type="xs:string" use="optional"/>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="no-parent" substitutionGroup="error-element">
+ <xs:annotation>
+ <xs:documentation>This indicates that an attempt to insert
+ an element, attribute, or document failed because the document or
+ element into which the insertion was
+ supposed to occur does not exist.</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="ancestor" type="xs:anyURI" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>Contains an HTTP URI that points to the
+ element that is the closest ancestor that does exist.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ </xs:sequence>
+ <xs:attribute name="phrase" type="xs:string" use="optional"/>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="cannot-insert" substitutionGroup="error-element">
+ <xs:annotation>
+ <xs:documentation>This indicates that the requested
+ PUT operation could not be performed because a GET of that resource
+ after the PUT would not yield the content of the PUT request.
+ </xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:attribute name="phrase" type="xs:string" use="optional"/>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="not-xml-att-value"
+ substitutionGroup="error-element">
+ <xs:annotation>
+ <xs:documentation>This indicates that the
+ request was supposed to contain a valid XML attribute value, but did
+ not.</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:attribute name="phrase" type="xs:string" use="optional"/>
+ </xs:complexType>
+
+
+
+Rosenberg Standards Track [Page 51]
+
+RFC 4825 XCAP May 2007
+
+
+ </xs:element>
+
+ <xs:element name="uniqueness-failure"
+ substitutionGroup="error-element">
+ <xs:annotation>
+ <xs:documentation>This indicates that the
+ requested operation would result in a document that did not meet a
+ uniqueness constraint defined by the application usage.
+ </xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="exists" maxOccurs="unbounded">
+ <xs:annotation>
+ <xs:documentation>For each URI,
+ element, or attribute specified by the client that is not unique,
+ one of these is present.</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:sequence minOccurs="0">
+ <xs:element name="alt-value" type="xs:string"
+ maxOccurs="unbounded">
+ <xs:annotation>
+ <xs:documentation>An optional set of alternate values can be
+ provided.</xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ </xs:sequence>
+ <xs:attribute name="field" type="xs:string" use="required"/>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ <xs:attribute name="phrase" type="xs:string" use="optional"/>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="not-well-formed"
+ substitutionGroup="error-element">
+ <xs:annotation>
+ <xs:documentation>This indicates that the body of the request was
+ not a well-formed document.</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:attribute name="phrase" type="xs:string" use="optional"/>
+ </xs:complexType>
+ </xs:element>
+
+
+
+
+
+Rosenberg Standards Track [Page 52]
+
+RFC 4825 XCAP May 2007
+
+
+ <xs:element name="constraint-failure"
+ substitutionGroup="error-element">
+ <xs:annotation>
+ <xs:documentation>This indicates that the
+ requested operation would result in a document that failed a data
+ constraint defined by the application usage, but not enforced by the
+ schema or a uniqueness constraint.</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:attribute name="phrase" type="xs:string" use="optional"/>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="cannot-delete" substitutionGroup="error-element">
+ <xs:annotation>
+ <xs:documentation>This indicates that the requested DELETE
+ operation could not be performed because it would not be
+ idempotent.</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:attribute name="phrase" type="xs:string" use="optional"/>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="not-utf-8" substitutionGroup="error-element">
+ <xs:annotation>
+ <xs:documentation>This indicates that the request could not be
+ completed because it would have produced a document not
+ encoded in UTF-8.</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:attribute name="phrase" type="xs:string" use="optional"/>
+ </xs:complexType>
+ </xs:element>
+ </xs:schema>
+
+
+12. XCAP Server Capabilities
+
+ XCAP can be extended through the addition of new application usages
+ and extensions to the core protocol. Application usages may define
+ MIME types with XML schemas that allow new extension nodes from new
+ namespaces. It will often be necessary for a client to determine
+ what extensions, application usages, or namespaces a server supports
+ before making a request. To enable that, this specification defines
+ an application usage with the AUID "xcap-caps". All XCAP servers
+ MUST support this application usage. This usage defines a single
+
+
+
+
+Rosenberg Standards Track [Page 53]
+
+RFC 4825 XCAP May 2007
+
+
+ document within the global tree that lists the capabilities of the
+ server. Clients can read this well-known document, and therefore
+ learn the capabilities of the server.
+
+ The structure of the document is simple. The root element is <xcap-
+ caps>. Its children are <auids>, <extensions>, and <namespaces>.
+ Each of these contain a list of AUIDs, extensions, and namespaces
+ supported by the server. Extensions are named by tokens defined by
+ the extension, and typically define new selectors. Namespaces are
+ identified by their namespace URI. To 'support' a namespace, the
+ server must have the schemas for all elements within that namespace,
+ and be able to validate them if they appear within documents. Since
+ all XCAP servers support the "xcap-caps" AUID, it MUST be listed in
+ the <auids> element, and the "urn:ietf:params:xml:ns:xcap-caps"
+ namespace MUST be listed in the <namespaces> element.
+
+ The following sections provide the information needed to define this
+ application usage.
+
+12.1. Application Unique ID (AUID)
+
+ This specification defines the "xcap-caps" AUID within the IETF tree,
+ via the IANA registration in Section 15.
+
+12.2. XML Schema
+
+ <?xml version="1.0" encoding="UTF-8"?>
+ <xs:schema targetNamespace="urn:ietf:params:xml:ns:xcap-caps"
+ xmlns="urn:ietf:params:xml:ns:xcap-caps"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <xs:element name="xcap-caps">
+ <xs:annotation>
+ <xs:documentation>Root element for xcap-caps</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="auids">
+ <xs:annotation>
+ <xs:documentation>List of supported AUID.</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:sequence minOccurs="0" maxOccurs="unbounded">
+ <xs:element name="auid" type="auidType"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="extensions" minOccurs="0">
+
+
+
+Rosenberg Standards Track [Page 54]
+
+RFC 4825 XCAP May 2007
+
+
+ <xs:annotation>
+ <xs:documentation>List of supported extensions.
+ </xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:sequence minOccurs="0" maxOccurs="unbounded">
+ <xs:element name="extension" type="extensionType"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="namespaces">
+ <xs:annotation>
+ <xs:documentation>List of supported namespaces.
+ </xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:sequence minOccurs="0" maxOccurs="unbounded">
+ <xs:element name="namespace" type="namespaceType"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:any namespace="##other" processContents="lax"
+ minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:simpleType name="auidType">
+ <xs:annotation>
+ <xs:documentation>AUID Type</xs:documentation>
+ </xs:annotation>
+ <xs:restriction base="xs:string"/>
+ </xs:simpleType>
+ <xs:simpleType name="extensionType">
+ <xs:annotation>
+ <xs:documentation>Extension Type</xs:documentation>
+ </xs:annotation>
+ <xs:restriction base="xs:string"/>
+ </xs:simpleType>
+ <xs:simpleType name="namespaceType">
+ <xs:annotation>
+ <xs:documentation>Namespace type</xs:documentation>
+ </xs:annotation>
+ <xs:restriction base="xs:anyURI"/>
+ </xs:simpleType>
+ </xs:schema>
+
+
+
+
+
+
+Rosenberg Standards Track [Page 55]
+
+RFC 4825 XCAP May 2007
+
+
+12.3. Default Document Namespace
+
+ The default document namespace used in evaluating a URI is
+ urn:ietf:params:xml:ns:xcap-caps.
+
+12.4. MIME Type
+
+ Documents conformant to this schema are known by the MIME type
+ "application/xcap-caps+xml", registered in Section 15.2.5.
+
+12.5. Validation Constraints
+
+ There are no additional validation constraints associated with this
+ application usage.
+
+12.6. Data Semantics
+
+ Data semantics are defined above.
+
+12.7. Naming Conventions
+
+ A server MUST maintain a single instance of the document in the
+ global tree, using the filename "index". There MUST NOT be an
+ instance of this document in the user's tree.
+
+12.8. Resource Interdependencies
+
+ There are no resource interdependencies in this application usage
+ beyond those defined by the schema.
+
+12.9. Authorization Policies
+
+ This application usage does not change the default authorization
+ policy defined by XCAP.
+
+13. Examples
+
+ This section goes through several examples, making use of the
+ resource-lists and rls-services [22] XCAP application usages.
+
+ First, a user Bill creates a new document (see Section 7.1). This
+ document is a new resource-list, initially with a single list, called
+ friends, with no users in it:
+
+ PUT
+ /resource-lists/users/sip:bill@example.com/index HTTP/1.1
+ Content-Type:application/resource-lists+xml
+ Host: xcap.example.com
+
+
+
+Rosenberg Standards Track [Page 56]
+
+RFC 4825 XCAP May 2007
+
+
+ <?xml version="1.0" encoding="UTF-8"?>
+ <resource-lists xmlns="urn:ietf:params:xml:ns:resource-lists">
+ <list name="friends">
+ </list>
+ </resource-lists>
+
+ Figure 24: New Document
+
+ Next, Bill creates an RLS services document defining a single RLS
+ service referencing this list. This service has a URI of
+ sip:myfriends@example.com (URIs are line-folded for readability):
+
+ PUT
+ /rls-services/users/sip:bill@example.com/index HTTP/1.1
+ Content-Type:application/rls-services+xml
+ Host: xcap.example.com
+
+ <?xml version="1.0" encoding="UTF-8"?>
+ <rls-services xmlns="urn:ietf:params:xml:ns:rls-services">
+ <service uri="sip:myfriends@example.com">
+ <resource-list>http://xcap.example.com/resource-lists/users/
+ sip:bill@example.com/index/~~/resource-lists/
+ list%5b@name=%22friends%22%5d
+ </resource-list>
+ <packages>
+ <package>presence</package>
+ </packages>
+ </service>
+ </rls-services>
+
+ Figure 25: RLS Services Example
+
+ Next, Bill creates an element in the resource-lists document
+ (Section 7.4). In particular, he adds an entry to the list:
+
+ PUT
+ /resource-lists/users/sip:bill@example.com/index
+ /~~/resource-lists/list%5b@name=%22friends%22%5d/entry HTTP/1.1
+ Content-Type:application/xcap-el+xml
+ Host: xcap.example.com
+
+ <entry uri="sip:bob@example.com">
+ <display-name>Bob Jones</display-name>
+ </entry>
+
+ Figure 26: Resource Lists Document
+
+
+
+
+
+Rosenberg Standards Track [Page 57]
+
+RFC 4825 XCAP May 2007
+
+
+ Next, Bill fetches the document (Section 7.3):
+
+ GET
+ /resource-lists/users/sip:bill@example.com/index HTTP/1.1
+
+ Figure 27: Fetch Operation
+
+ And the result is (note how white space text nodes appear in the
+ document):
+
+ HTTP/1.1 200 OK
+ Etag: "wwhha"
+ Content-Type: application/resource-lists+xml
+
+ <?xml version="1.0" encoding="UTF-8"?>
+ <resource-lists xmlns="urn:ietf:params:xml:ns:resource-lists">
+ <list name="friends">
+ <entry uri="sip:bob@example.com">
+ <display-name>Bob Jones</display-name>
+ </entry></list>
+ </resource-lists>
+
+ Figure 28: Results of Fetch
+
+ Next, Bill adds another entry to the list, which is another list that
+ has three entries. This is another element creation (Section 7.4):
+
+ PUT
+ /resource-lists/users/sip:bill@example.com/index/~~/
+ resource-lists/list%5b@name=%22friends%22%5d/
+ list%5b@name=%22close-friends%22%5d HTTP/1.1
+ Content-Type: application/xcap-el+xml
+ Host: xcap.example.com
+
+ <list name="close-friends">
+ <entry uri="sip:joe@example.com">
+ <display-name>Joe Smith</display-name>
+ </entry>
+ <entry uri="sip:nancy@example.com">
+ <display-name>Nancy Gross</display-name>
+ </entry>
+ <entry uri="sip:petri@example.com">
+ <display-name>Petri Aukia</display-name>
+ </entry>
+ </list>
+
+ Figure 29: Adding an Entry
+
+
+
+
+Rosenberg Standards Track [Page 58]
+
+RFC 4825 XCAP May 2007
+
+
+ Then, Bill decides he doesn't want Petri on the list, so he deletes
+ the entry (Section 7.5):
+
+ DELETE
+ /resource-lists/users/sip:bill@example.com/index/
+ ~~/resource-lists/list/list/
+ entry%5b@uri=%22sip:petri@example.com%22%5d HTTP/1.1
+ Host: xcap.example.com
+
+ Figure 30: Deleting an Entry
+
+ Bill decides to check on the URI for Nancy, so he fetches a
+ particular attribute (Section 7.6):
+
+ GET
+ /resource-lists/users/sip:bill@example.com/index/
+ ~~/resource-lists/list/list/entry%5b2%5d/@uri HTTP/1.1
+ Host: xcap.example.com
+
+ Figure 31: Fetching an Attribute
+
+ and the server responds:
+
+ HTTP/1.1 200 OK
+ Etag: "ad88"
+ Content-Type:application/xcap-att+xml
+
+ "sip:nancy@example.com"
+
+ Figure 32: Results of Fetch
+
+14. Security Considerations
+
+ Frequently, the data manipulated by XCAP contains sensitive
+ information. To avoid eavesdroppers from seeing this information, it
+ is RECOMMENDED that an administrator hand out an HTTPS URI as the
+ XCAP root URI. This will result in TLS-encrypted communications
+ between the client and server, preventing any eavesdropping. Clients
+ MUST implement TLS, assuring that such URIs will be usable by the
+ client.
+
+ Client and server authentication are also important. A client needs
+ to be sure it is talking to the server it believes it is contacting.
+ Otherwise, it may be given false information, which can lead to
+ denial-of-service attacks against a client. To prevent this, a
+ client SHOULD attempt to upgrade [15] any connections to TLS.
+ Similarly, authorization of read and write operations against the
+ data is important, and this requires client authentication. As a
+
+
+
+Rosenberg Standards Track [Page 59]
+
+RFC 4825 XCAP May 2007
+
+
+ result, a server SHOULD challenge a client using HTTP Digest [11] to
+ establish its identity, and this SHOULD be done over a TLS
+ connection. Clients MUST implement digest authentication, assuring
+ interoperability with servers that challenge the client. Servers
+ MUST NOT perform basic authentication without a TLS connection to the
+ client.
+
+ Because XCAP is a usage of HTTP and not a separate protocol, it runs
+ on the same port numbers as HTTP traffic normally does. This makes
+ it difficult to apply port-based filtering rules in firewalls to
+ separate the treatment of XCAP traffic from other HTTP traffic.
+
+ However, this problem exists broadly today because HTTP is used to
+ access a wide breadth of content, all on the same port, and XCAP
+ views application configuration documents as just another type of
+ HTTP content. As such, separate treatment of XCAP traffic from other
+ HTTP traffic requires firewalls to examine the URL itself. There is
+ no foolproof way to identify a URL as pointing to an XCAP resource.
+ However, the presence of the double tilde (~~) is a strong hint that
+ the URL points to an XML element or attribute. As always, care must
+ be taken in looking for the double-tilde due to the breadth of ways
+ in which a URI can be encoded on-the-wire [29] [13].
+
+15. IANA Considerations
+
+ There are several IANA considerations associated with this
+ specification.
+
+15.1. XCAP Application Unique IDs
+
+ Per this specification's instructions, IANA created a new registry
+ for XCAP application unique IDs (AUIDs). This registry is defined as
+ a table that contains three columns:
+
+ AUID: This will be a string provided in the IANA registrations into
+ the registry.
+
+ Description: This is text that is supplied by the IANA registration
+ into the registry.
+
+ Reference: This is a reference to the RFC containing the
+ registration.
+
+
+
+
+
+
+
+
+
+Rosenberg Standards Track [Page 60]
+
+RFC 4825 XCAP May 2007
+
+
+ Per this specification's instructions, IANA created this table with
+ an initial entry. The resulting table looks like:
+
+ Application Unique
+ ID (AUID) Description Reference
+ -------------------- ------------------------------- ---------
+ xcap-caps Capabilities of an XCAP server RFC 4825
+
+ XCAP AUIDs are registered by the IANA when they are published in
+ standards track RFCs. The IANA Considerations section of the RFC
+ must include the following information, which appears in the IANA
+ registry along with the RFC number of the publication.
+
+ o Name of the AUID. The name MAY be of any length, but SHOULD be no
+ more than 20 characters long. The name MUST consist of alphanum
+ and mark [16] characters only.
+
+ o Descriptive text that describes the application usage.
+
+15.2. MIME Types
+
+ This specification requests the registration of several new MIME
+ types according to the procedures of RFC 4288 [8] and guidelines in
+ RFC 3023 [9].
+
+15.2.1. application/xcap-el+xml MIME Type
+
+ MIME media type name: application
+
+ MIME subtype name: xcap-el+xml
+
+ Mandatory parameters: none
+
+ Optional parameters: Same as charset parameter application/xml as
+ specified in RFC 3023 [9].
+
+ Encoding considerations: Same as encoding considerations of
+ application/xml as specified in RFC 3023 [9].
+
+ Security considerations: See Section 10 of RFC 3023 [9].
+
+ Interoperability considerations: none
+
+ Published specification: RFC 4825
+
+
+
+
+
+
+
+Rosenberg Standards Track [Page 61]
+
+RFC 4825 XCAP May 2007
+
+
+ Applications that use this media type: This document type has been
+ used to support transport of XML fragment bodies in RFC 4825, the
+ XML Configuration Access Protocol (XCAP).
+
+ Additional Information:
+
+ Magic Number: none
+
+ File Extension: .xel
+
+ Macintosh file type code: "TEXT"
+
+ Personal and email address for further information:
+ Jonathan Rosenberg, jdrosen@jdrosen.net
+
+ Intended usage: COMMON
+
+ Author/Change controller: The IETF.
+
+15.2.2. application/xcap-att+xml MIME Type
+
+ MIME media type name: application
+
+ MIME subtype name: xcap-att+xml
+
+ Mandatory parameters: none
+
+ Optional parameters: Same as charset parameter application/xml as
+ specified in RFC 3023 [9].
+
+ Encoding considerations: Same as encoding considerations of
+ application/xml as specified in RFC 3023 [9].
+
+ Security considerations: See Section 10 of RFC 3023 [9].
+
+ Interoperability considerations: none
+
+ Published specification: RFC 4825
+
+ Applications that use this media type: This document type has been
+ used to support transport of XML attribute values in RFC 4825, the
+ XML Configuration Access Protocol (XCAP).
+
+ Additional Information:
+
+ Magic Number: none
+
+ File Extension: .xav
+
+
+
+Rosenberg Standards Track [Page 62]
+
+RFC 4825 XCAP May 2007
+
+
+ Macintosh file type code: "TEXT"
+
+ Personal and email address for further information:
+ Jonathan Rosenberg, jdrosen@jdrosen.net
+
+ Intended usage: COMMON
+
+ Author/Change controller: The IETF.
+
+15.2.3. application/xcap-ns+xml MIME Type
+
+ MIME media type name: application
+
+ MIME subtype name: xcap-ns+xml
+
+ Mandatory parameters: none
+
+ Optional parameters: Same as charset parameter application/xml as
+ specified in RFC 3023 [9].
+
+ Encoding considerations: Same as encoding considerations of
+ application/xml as specified in RFC 3023 [9].
+
+ Security considerations: See Section 10 of RFC 3023 [9].
+
+ Interoperability considerations: none
+
+ Published specification: RFC 4825
+
+ Applications that use this media type: This document type has been
+ used to support transport of XML fragment bodies in RFC 4825, the
+ XML Configuration Access Protocol (XCAP).
+
+ Additional Information:
+
+ Magic Number: none
+
+ File Extension: .xns
+
+ Macintosh file type code: "TEXT"
+
+ Personal and email address for further information:
+ Jonathan Rosenberg, jdrosen@jdrosen.net
+
+ Intended usage: COMMON
+
+ Author/Change controller: The IETF.
+
+
+
+
+Rosenberg Standards Track [Page 63]
+
+RFC 4825 XCAP May 2007
+
+
+15.2.4. application/xcap-error+xml MIME Type
+
+ MIME media type name: application
+
+ MIME subtype name: xcap-error+xml
+
+ Mandatory parameters: none
+
+ Optional parameters: Same as charset parameter application/xml as
+ specified in RFC 3023 [9].
+
+ Encoding considerations: Same as encoding considerations of
+ application/xml as specified in RFC 3023 [9].
+
+ Security considerations: See Section 10 of RFC 3023 [9].
+
+ Interoperability considerations: none
+
+ Published specification: RFC 4825
+
+ Applications that use this media type: This document type conveys
+ error conditions defined in RFC 4825
+
+ Additional Information:
+
+ Magic Number: none
+
+ File Extension: .xer
+
+ Macintosh file type code: "TEXT"
+
+ Personal and email address for further information:
+ Jonathan Rosenberg, jdrosen@jdrosen.net
+
+ Intended usage: COMMON
+
+ Author/Change controller: The IETF.
+
+15.2.5. application/xcap-caps+xml MIME Type
+
+ MIME media type name: application
+
+ MIME subtype name: xcap-caps+xml
+
+ Mandatory parameters: none
+
+ Optional parameters: Same as charset parameter application/xml as
+ specified in RFC 3023 [9].
+
+
+
+Rosenberg Standards Track [Page 64]
+
+RFC 4825 XCAP May 2007
+
+
+ Encoding considerations: Same as encoding considerations of
+ application/xml as specified in RFC 3023 [9].
+
+ Security considerations: See Section 10 of RFC 3023 [9].
+
+ Interoperability considerations: none
+
+ Published specification: RFC 4825
+
+ Applications that use this media type: This document type conveys
+ capabilities of an XML Configuration Access Protocol (XCAP)
+ server, as defined in RFC 4825.
+
+ Additional Information:
+
+ Magic Number: none
+
+ File Extension: .xca
+
+ Macintosh file type code: "TEXT"
+
+ Personal and email address for further information:
+ Jonathan Rosenberg, jdrosen@jdrosen.net
+
+ Intended usage: COMMON
+
+ Author/Change controller: The IETF.
+
+15.3. URN Sub-Namespace Registrations
+
+ This specification registers several new XML namespaces, as per the
+ guidelines in RFC 3688 [17].
+
+15.3.1. urn:ietf:params:xml:ns:xcap-error
+
+ URI: The URI for this namespace is urn:ietf:params:xml:ns:xcap-error
+
+ Registrant Contact: IETF, SIMPLE working group, (simple@ietf.org),
+ Jonathan Rosenberg (jdrosen@jdrosen.net).
+
+
+
+
+
+
+
+
+
+
+
+
+Rosenberg Standards Track [Page 65]
+
+RFC 4825 XCAP May 2007
+
+
+XML:
+ BEGIN
+ <?xml version="1.0"?>
+ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
+ "http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd">
+ <html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="content-type"
+ content="text/html;charset=iso-8859-1"/>
+ <title>XCAP Error Namespace</title>
+ </head>
+ <body>
+ <h1>Namespace for XCAP Error Documents</h1>
+ <h2>urn:ietf:params:xml:ns:xcap-error</h2>
+ <p>See <a href="http://www.rfc-editor.org/rfc/rfc4825.txt">
+ RFC4825</a></p>
+ </body>
+ </html>
+ END
+
+15.3.2. urn:ietf:params:xml:ns:xcap-caps
+
+ URI: The URI for this namespace is urn:ietf:params:xml:ns:xcap-caps
+
+ Registrant Contact: IETF, SIMPLE working group, (simple@ietf.org),
+ Jonathan Rosenberg (jdrosen@jdrosen.net).
+
+XML:
+ BEGIN
+ <?xml version="1.0"?>
+ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
+ "http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd">
+ <html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="content-type"
+ content="text/html;charset=iso-8859-1"/>
+ <title>XCAP Capabilities Namespace</title>
+ </head>
+ <body>
+ <h1>Namespace for XCAP Capability Documents</h1>
+ <h2>urn:ietf:params:xml:ns:xcap-caps</h2>
+ <p>See <a href="http://www.rfc-editor.org/rfc/rfc4825.txt">
+ RFC4825</a></p>
+ </body>
+ </html>
+ END
+
+
+
+
+
+Rosenberg Standards Track [Page 66]
+
+RFC 4825 XCAP May 2007
+
+
+15.4. XML Schema Registrations
+
+ This section registers two XML schemas per the procedures in [17].
+
+15.4.1. XCAP Error Schema Registration
+
+ URI: urn:ietf:params:xml:schema:xcap-error
+
+ Registrant Contact: IETF, SIMPLE working group, (simple@ietf.org),
+ Jonathan Rosenberg (jdrosen@jdrosen.net).
+
+ XML Schema: The XML for this schema can be found as the sole content
+ of Section 11.2.
+
+15.4.2. XCAP Capabilities Schema Registration
+
+ URI: urn:ietf:params:xml:schema:xcap-caps
+
+ Registrant Contact: IETF, SIMPLE working group, (simple@ietf.org),
+ Jonathan Rosenberg (jdrosen@jdrosen.net).
+
+ XML Schema: The XML for this schema can be found as the sole content
+ of Section 12.2.
+
+16. Acknowledgements
+
+ The author would like to thank Jari Urpalainen, who has contributed
+ many important comments and has assisted with edit passes in the
+ document. The author would also like to thank Ben Campbell,
+ Eva-Maria Leppanen, Hisham Khartabil, Chris Newman, Joel Halpern,
+ Lisa Dusseault, Tim Bray, Pete Cordell, Jeroen van Bemmel, Christian
+ Schmidt, and Spencer Dawkins for their input and comments. A special
+ thanks to Ted Hardie for his input and support.
+
+17. References
+
+17.1. Normative References
+
+ [1] Maler, E., Yergeau, F., Paoli, J., Bray, T., and C. Sperberg-
+ McQueen, "Extensible Markup Language (XML) 1.0 (Third
+ Edition)", World Wide Web Consortium FirstEdition REC-xml-
+ 20040204, February 2004,
+ <http://www.w3.org/TR/2004/REC-xml-20040204>.
+
+
+
+
+
+
+
+
+Rosenberg Standards Track [Page 67]
+
+RFC 4825 XCAP May 2007
+
+
+ [2] Thompson, H., Maloney, M., Mendelsohn, N., and D. Beech, "XML
+ Schema Part 1: Structures Second Edition", World Wide Web
+ Consortium Recommendation REC-xmlschema-1-20041028,
+ October 2004,
+ <http://www.w3.org/TR/2004/REC-xmlschema-1-20041028>.
+
+ [3] Layman, A., Hollander, D., and T. Bray, "Namespaces in XML",
+ World Wide Web Consortium FirstEdition REC-xml-names-19990114,
+ January 1999,
+ <http://www.w3.org/TR/1999/REC-xml-names-19990114>.
+
+ [4] Daniel, R., DeRose, S., Maler, E., and J. Marsh, "XPointer
+ xmlns() Scheme", World Wide Web Consortium Recommendation REC-
+ xptr-xmlns-20030325, March 2003,
+ <http://www.w3.org/TR/2003/REC-xptr-xmlns-20030325>.
+
+ [5] Grosso, P., Marsh, J., Maler, E., and N. Walsh, "XPointer
+ Framework", World Wide Web Consortium Recommendation REC-xptr-
+ framework-20030325, March 2003,
+ <http://www.w3.org/TR/2003/REC-xptr-framework-20030325>.
+
+ [6] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L.,
+ Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol --
+ HTTP/1.1", RFC 2616, June 1999.
+
+ [7] Bradner, S., "Key words for use in RFCs to Indicate Requirement
+ Levels", BCP 14, RFC 2119, March 1997.
+
+ [8] Freed, N. and J. Klensin, "Media Type Specifications and
+ Registration Procedures", BCP 13, RFC 4288, December 2005.
+
+ [9] Murata, M., St. Laurent, S., and D. Kohn, "XML Media Types",
+ RFC 3023, January 2001.
+
+ [10] Clark, J. and S. DeRose, "XML Path Language (XPath) Version
+ 1.0", World Wide Web Consortium Recommendation REC-xpath-
+ 19991116, November 1999,
+ <http://www.w3.org/TR/1999/REC-xpath-19991116>.
+
+ [11] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
+ Leach, P., Luotonen, A., and L. Stewart, "HTTP Authentication:
+ Basic and Digest Access Authentication", RFC 2617, June 1999.
+
+ [12] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
+ Specifications: ABNF", RFC 4234, October 2005.
+
+
+
+
+
+
+Rosenberg Standards Track [Page 68]
+
+RFC 4825 XCAP May 2007
+
+
+ [13] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
+ Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986,
+ January 2005.
+
+ [14] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.
+
+ [15] Khare, R. and S. Lawrence, "Upgrading to TLS Within HTTP/1.1",
+ RFC 2817, May 2000.
+
+ [16] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
+ Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
+ Session Initiation Protocol", RFC 3261, June 2002.
+
+ [17] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
+ January 2004.
+
+ [18] Yergeau, F., "UTF-8, a transformation format of ISO 10646",
+ STD 63, RFC 3629, November 2003.
+
+ [19] Boyer, J., "Canonical XML Version 1.0", World Wide Web
+ Consortium Recommendation REC-xml-c14n-20010315, March 2001,
+ <http://www.w3.org/TR/2001/REC-xml-c14n-20010315>.
+
+17.2. Informative References
+
+ [20] Rosenberg, J., "A Presence Event Package for the Session
+ Initiation Protocol (SIP)", RFC 3856, August 2004.
+
+ [21] Roach, A., Campbell, B., and J. Rosenberg, "A Session
+ Initiation Protocol (SIP) Event Notification Extension for
+ Resource Lists", RFC 4662, August 2006.
+
+ [22] Rosenberg, J., "Extensible Markup Language (XML) Formats for
+ Representing Resource Lists", RFC 4826, May 2007.
+
+ [23] Grosso, P. and D. Veillard, "XML Fragment Interchange", World
+ Wide Web Consortium CR CR-xml-fragment-20010212, February 2001,
+ <http://www.w3.org/TR/2001/CR-xml-fragment-20010212>.
+
+ [24] Berglund, A., Boag, S., Chamberlin, D., Fernandez, M., Kay, M.,
+ Robie, J., and J. Simeon, "XML Path Language (XPath) 2.0",
+ World Wide Web Consortium
+ CR http://www.w3.org/TR/2005/CR-xpath20-20051103,
+ November 2005.
+
+ [25] Newman, C. and J. Myers, "ACAP -- Application Configuration
+ Access Protocol", RFC 2244, November 1997.
+
+
+
+
+Rosenberg Standards Track [Page 69]
+
+RFC 4825 XCAP May 2007
+
+
+ [26] Day, M., Rosenberg, J., and H. Sugano, "A Model for Presence
+ and Instant Messaging", RFC 2778, February 2000.
+
+ [27] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
+ Considerations Section in RFCs", BCP 26, RFC 2434,
+ October 1998.
+
+ [28] Roach, A., "Session Initiation Protocol (SIP)-Specific Event
+ Notification", RFC 3265, June 2002.
+
+ [29] Duerst, M. and M. Suignard, "Internationalized Resource
+ Identifiers (IRIs)", RFC 3987, January 2005.
+
+Author's Address
+
+ Jonathan Rosenberg
+ Cisco
+ Edison, NJ
+ US
+
+ EMail: jdrosen@cisco.com
+ URI: http://www.jdrosen.net
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rosenberg Standards Track [Page 70]
+
+RFC 4825 XCAP May 2007
+
+
+Full Copyright Statement
+
+ Copyright (C) The IETF Trust (2007).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
+ THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
+ OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
+ THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is currently provided by the
+ Internet Society.
+
+
+
+
+
+
+
+Rosenberg Standards Track [Page 71]
+