calext B. Gondwana, Ed.
Internet-Draft FastMail
Updates: 6638 (if approved) March 8, 2019
Intended status: Standards Track
Expires: September 9, 2019

CalDAV Extension for scheduling controls
draft-gondwana-caldav-scheduling-controls-01

Abstract

This document adds headers to control and restrict the scheduling behaviour of CalDAV servers when updating calendaring resources.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on September 9, 2019.

Copyright Notice

Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.


Table of Contents

1. Introduction

[RFC6638] defines automatic scheduling operations for resources stored on [!@RFC4791] CalDAV servers.

[RFC6638] defines the Schedule-Reply header in Section 8.1, however this header is not sufficient for controlling scheduling in all cases.

Cases where it might be necessary to update the data store on a server without causing scheduling messages to be sent include backup after a data loss event on the server, or importing calendar events from another system.

Calendar server operators deal with these other needs by either using a different method than CalDAV to update their server, or by adding a custom method to suppress scheduling. This document defines a standard method to suppress scheduling, allowing CalDAV to be directly used for restores and imports.

Complex sites can have users who have multiple aliases, and in the most complex cases, a user may have multiple identities who are present on a scheduling event as organizer and/or attendee. When an event is updated over CalDAV, the server must calculate or guess which of those addresses the current user is acting as. This document defines a header which allows the client to inform the server precisely which address they are acting as when adding, modifying or removing a resource.

2. Conventions Used In This Document

In examples, "C:" indicates data sent by a client that is connected to a server. "S:" indicates data sent by the server to the client.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119] when they appear in ALL CAPS. These words may also appear in this document in lower case as plain English words, absent their normative meanings.

3. Extending the CalDAV OPTIONS response

A server supporting the features described in this document MUST include "scheduling-controls" as a field in the DAV response header from an OPTIONS request. A value of "scheduling-controls" in the DAV response header indicates to clients that the server supports all the requirements specified in this document.

3.1. Example: Using OPTIONS for the Discovery of Scheduling Controls Support

Request:

OPTIONS /home/brong/calendars/ HTTP/1.1
Host: cal.example.com

Response:

HTTP/1.1 200 OK
Allow: OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, COPY, MOVE
Allow: PROPFIND, PROPPATCH, LOCK, UNLOCK, REPORT, ACL
DAV: 1, 2, 3, access-control, calendar-access,
 scheduling-controls
Date: Thu, 8 Feb 2019 10:16:37 GMT
Content-Length: 0

4. New headers

This document adds two new headers for use on PUT, PROPPATCH and DELETE:

4.1. Scheduling header

Scheduling: {all|none|internal-only|external-only|X-...}

Default: all

Not providing this header, or providing the value of "all", instructs the server to follow the behaviour in [RFC6638] Section 3.2.

Providing the value "none" instructs the server to perform no scheduling at all, and to just store the event (useful for restoring from backup)

The value "internal-only" instructs the server to update the events in other calendars within its system where that can be done silently, but not to send visible notifications to users (where permitted by policy). This is useful when importing multiple related calendars into a new system without flooding external parties with notifications.

The value "external-only" instructs the server to import the data without updating local calendars, but to send notifications to external attendees so they are aware of the event. This is useful when migrating calendar events to a new system where external parties need to have a way to update their participation status in the new system.

e.g.

Scheduling: none

TODO: specify error codes

4.2. Schedule-User-Address header

Schedule-User-Address: URI

Default: not present

If this header is not present, the server will calculate the address from the authenticated user, or from the CALDAV:schedule-user-address property on the calendar or principal.

If this header is provided, it overrides the server's internal calculation, and informs the server to perform any scheduling as the specified user.

TODO: specify error codes

e.g.

Schedule-User-Address: mailto:foo@example.com

5. Implementation considerations

Any server implementing this extension MUST ensure it has a way to validate Schedule-User-Address settings.

6. IANA Considerations

TODO: IANA request for OPTIONS item

TODO: IANA request for named headers

7. Security Considerations

The "Scheduling" header only allows reduction of the cases in which the server will creating scheduling requests. This is generally good for user privacy, allowing copies of events to be updated without notifying the owner or attendees. This is particularly valuable for cleaning up spam.

The "Schedule-User-Address" header allows the client to override the server choice of address for the user to act as. Servers MUST ensure that the authenticated user has permission to act as the specified address, as well as applying any local policy limitations.

8. Acknowledgments

9. Version History

Remove before publishing

9.1. v01, 2019-03-08

9.2. v00, 2019-02-08

10. Normative References

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997.
[RFC6638] Daboo, C. and B. Desruisseaux, "Scheduling Extensions to CalDAV", RFC 6638, DOI 10.17487/RFC6638, June 2012.

Author's Address

Bron Gondwana (editor) FastMail Level 2, 114 William St Melbourne, VIC 3000 Australia EMail: brong@fastmailteam.com URI: https://www.fastmail.com