Internet-Draft | Serverside Subscriptions | February 2021 |
Douglass | Expires 5 August 2021 | [Page] |
This specification provides a mechanism whereby subscriptions to external resources can be handled by the server.¶
This specification updates [RFC4791] to add new properties for the MKCOL request.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 5 August 2021.¶
Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.¶
The motivation for this specification was initially to handle external subscriptions to calendar data. However, any resource which allows subscriptions might make use of this specification.¶
Currently subscriptions to calendar feeds are handled by calendar clients. There are a number of disadvantages to this approach: users have to subscribe from multiple devices and the subscription cannot affect scheduling handled by the server.¶
This specification defines a mechanism whereby the server will subscribe to the feed and make it visible in the user's home.¶
The advantages are popular feeds can be cached by the server and the user only has to make a single subscription.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].¶
A client will subscribe to a URL by performing a MKCOL request with resource type elements of at least DAV:collection and DAV:subscription. For a calendar subscription there will also be a caldav calendar element.¶
This is an example of the MKCOL request and response from a server that supports extended MKCOL.¶
>> Request << POST /caldav/user/mike/calendars/parrots HTTP/1.1 Host: example.com Content-Type: text/calendar; component=VEVENT; method=REQUEST Content-Length: xxxx <?xml version="1.0" encoding="utf-8" ?> <D:mkcol xmlns:D="DAV:" xmlns:C="urn:ietf:params:xml:ns:caldav"> <D:set> <D:prop> <D:resourcetype> <D:collection/> <C:calendar/> <D:subscription/> </D:resourcetype> <D:displayname>Parrot Events</D:displayname> <D:subscription-href>http://example.org/parrot-events.ics</D:subscription-href> <D:subscription-deletions-suppressed>true</D:subscription-deletions-suppressed> <D:subscription-suggested-refresh-interval>PT1H</D:subscription-suggested-refresh-interval> </D:prop> </D:set> </D:mkcol> >> Response << HTTP/1.1 200 OK¶
<!ELEMENT subscription empty>¶
<!ELEMENT vpoll-max-items (#PCDATA)> PCDATA value: a url¶
<D:subscription-href xmlns:D="DAV" >https://example.com/events.ics</D:subscription-href>¶
<!ELEMENT subscription-deletions-suppressed empty>¶
<!ELEMENT subscription-enabled empty>¶
<!ELEMENT subscription-next-refresh-interval (#PCDATA)> PCDATA value: a duration value¶
<D:subscription-next-refresh-interval xmlns:D="DAV" >PT30M</D:subscription-next-refresh-interval>¶
<!ELEMENT subscription-suggested-refresh-interval (#PCDATA)> PCDATA value: a duration value¶
<D:subscription-suggested-refresh-interval xmlns:D="DAV" >PT30M</D:subscription-suggested-refresh-interval>¶
When creating the subscription the client may indicate to the server a desired refresh interval using the a refresh of the data is desired by using the PROPPATCH method to set the subscription-next-refresh-interval to 0, e.g. "PT0S".¶
The client may indicate to the server that a refresh of the data is desired by using the PROPPATCH method to set the subscription-next-refresh-interval to 0, e.g. "PT0S".¶
A server MAY choose to always ignore the attempted refresh or to ignore the patch if it appears too often.¶
If the server decides to initiate a refresh it MAY choose to respond with a 102 HTTP status indicating that it is still waiting for the data or a 202 HTTP status to indicate the request was accepted.¶
Implementations of this feature may have an outboard or background process handling the actaul synchronization of the data. The target may be hosted on a slow service or the data may be very large¶
All these factors may lead to a significant delay in having data ready for delivery to the client.¶
The following approaches are more or less appropriate for handling requests:¶
As mentioned above, this feature is particularly useful for CalDAV servers and clients. There are some specific considerations.¶
If subscription-deletions-suppressed is specified then the server SHOULD retain all events. However, the server MAY choose to remove old events once they become older than the CALDAV:min-date-time property as specified in [RFC4791] section 5.2.6.¶
A server SHOULD apply all appropriate restrictions on events obtained from a subscription. In particular the CALDAV:min-date-time and CALDAV:max-date-time properties as specified in [RFC4791] sections 5.2.6 and 5.2.7 SHOULD be applied.¶
Additionally the CALDAV:max-resource-size property restricts the size of events and the CALDAV:max-instances property the number of instances.¶
Any reason not to allow them?¶
Servers implementing this feature need to be aware of the risks entailed in using the URIs provided as values to subscription-href. See [RFC3986] for a discussion of the security considerations relating to URIs.¶
Properties with a "URI" value type can expose their users to privacy leaks as any network access of the URI data can be tracked. Clients SHOULD NOT automatically download data referenced by the URI without explicit instruction from users. This specification does not introduce any additional privacy concerns beyond those described in [RFC5545].¶
The author would also like to thank the members of the Calendaring and Scheduling Consortium Calendar Sharing technical committee and the following individuals for contributing their ideas and support:¶
...¶
The authors would also like to thank CalConnect, the Calendaring and Scheduling Consortium, for advice with this specification.¶
v00 2018-06-26 MD¶