| Network Working Group | C. Daboo |
| Internet-Draft | Apple |
| Intended status: Standards Track | January 6, 2018 |
| Expires: July 10, 2018 |
vCard Extensions to WebDAV (CardDAV)
draft-ietf-vcarddav-carddav-08
This document defines extensions to the Web Distributed Authoring and Versioning (WebDAV) protocol to specify a standard way of accessing, managing, and sharing contact information based on the vCard format.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 10, 2018.
Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.
Address books containing contact information are a key component of personal information management tools, such as email, calendaring and scheduling, and instant messaging clients. To date several protocols have been used for remote access to contact data, including Lightweight Directory Access Protocol (LDAP), Internet Message Support Protocol (IMSP) and Application Configuration Access Protocol (ACAP), together with SyncML used for synchronization of such data.
WebDAV offers a number of advantages as a framework or basis for address book access and management. Most of these advantages boil down to a significant reduction in design costs, implementation costs, interoperability test costs and deployment costs.
The key features of address book support with WebDAV are:
The key disadvantages of address book support in WebDAV are:
vCard is a MIME directory profile aimed at encapsulating personal addressing and contact information about people. The specification of vCard was originally done by the Versit consortium, with a subsequent 3.0 version standardized by the IETF. vCard is in wide spread use in email clients and mobile devices as a means of encapsulating address information for transport via email, or for import/export and synchronization operations.
An update to vCard is currently being developed [I-D.ietf-vcarddav-vcardrev] and is compatible with this specification.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
The term "protected" is used in the Conformance field of property definitions as defined in Section 15 of [RFC4918].
This document uses XML DTD fragments ([W3C.REC-xml-20081126], Section 3.2) as a purely notational convention. WebDAV request and response bodies cannot be validated by a DTD due to the specific extensibility rules defined in Section 17 of [RFC4918] and due to the fact that all XML elements defined by this specification use the XML namespace name "DAV:". In particular:
The namespace "urn:ietf:params:xml:ns:carddav" is reserved for the XML elements defined in this specification, its revisions, and related CardDAV specifications. XML elements defined by individual implementations MUST NOT use the "urn:ietf:params:xml:ns:carddav" namespace, and instead should use a namespace that they control.
When XML element types in the namespaces "DAV:" and "urn:ietf:params:xml:ns:carddav" are referenced in this document outside of the context of an XML fragment, the strings "DAV:" and "CARDDAV:" will be prefixed to the element types, resposectively.
This document inherits, and sometimes extends, DTD productions from Section 14 of [RFC4918].
Also note that some CardDAV XML element names are identical to WebDAV XML element names, though their namespace differs. Care must be taken not to confuse the two sets of names.
This section lists what functionality is required of a CardDAV server. To advertise support for CardDAV, a server:
In addition, a server:
As a brief overview, a CardDAV address book is modeled as a WebDAV collection with a well defined structure; each of these address book collections contain a number of resources representing address objects as their direct child resources. Each resource representing an address object is called an "address object resource". Each address object resource and each address book collection can be individually locked and have individual WebDAV properties. Requirements derived from this model are provided in Section 5.1 and Section 5.2.
A CardDAV server is an address-aware engine combined with a WebDAV server. The server may include address data in some parts of its URL namespace, and non-address data in other parts.
A WebDAV server can advertise itself as a CardDAV server if it supports the functionality defined in this specification at any point within the root of its repository. That might mean that address data is spread throughout the repository and mixed with non-address data in nearby collections (e.g. address data may be found in /lisa/addressbook/ as well as in /bernard/addressbook/, and non-address data in /lisa/calendars/). Or, it might mean that address data can be found only in certain sections of the repository (e.g. /addressbooks/user/). Address book features are only required in the repository sections that are or contain address objects. So a repository confining address data to the /carddav/ collection would only need to support the CardDAV required features within that collection.
The CardDAV server is the canonical location for address data and state information. Clients may submit requests to change data or download data. Clients may store address objects offline and attempt to synchronize at a later time. Address data on the server can change between the time of last synchronization and when attempting an update, as address book collections may be shared and accessible via multiple clients. Entity tags and locking help this work.
This specification uses vCard as the default format for address or contact information being stored on the server. However, this specification does allow other formats for address data provided that the server advertises support for those additional formats as described below. The requirements in this section pertain to vCard address data, or formats that follow the semantics of vCard data.
Address object resources contained in address book collections MUST contain a single vCard component only.
vCard components in an address book collection MUST have a UID property value that MUST be unique in the scope of the address book collection in which it is contained.
<!ELEMENT addressbook EMPTY>
Address book collections appear to clients as a WebDAV collection resource, identified by a URL. An address book collection MUST report the DAV:collection and CARDDAV:addressbook XML elements in the value of the DAV:resourcetype property. The element type declaration for CARDDAV:addressbook is:
An address book collection can be created through provisioning (e.g., automatically created when a user's account is provisioned), or it can be created with the extended MKCOL method (see Section 6.3.1). This can be used by a user to create additional address books (e.g., "soccer team members") or for users to share an address book (e.g., "sales team contacts"). Note however that this document doesn't define what extra address book collections are for. Users must rely on non-standard cues to find out what an address book collection is for, or use the CARDDAV:addressbook-description property defined in Section 6.2.1 to provide such a cue.
The following restrictions are applied to the resources within an address book collection:
Multiple address book collections MAY be children of the same collection.
A server supporting the features described in this document, MUST include "addressbook" as a field in the DAV response header from an OPTIONS request on any resource that supports any address book properties, reports, or methods. A value of "addressbook" in the DAV response header MUST indicate that the server supports all MUST level requirements and REQUIRED features specified in this document.
>> Request <<
OPTIONS /addressbooks/users/ HTTP/1.1
Host: addressbook.example.com
>> Response <<
HTTP/1.1 200 OK
Allow: OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, COPY, MOVE
Allow: MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, REPORT, ACL
DAV: 1, 2, 3, access-control, addressbook
DAV: extended-mkcol
Date: Sat, 11 Nov 2006 09:32:12 GMT
Content-Length: 0
In this example, the OPTIONS response indicates that the server supports CardDAV in this namespace, therefore the '/addressbooks/users/' collection may be used as a parent for address book collections as the extended MKCOL method is available, and as a possible target for REPORT requests for address book reports.
<!ELEMENT addressbook-description (#PCDATA)>
<!-- PCDATA value: string -->
<C:addressbook-description xml:lang="fr-CA"
xmlns:C="urn:ietf:params:xml:ns:carddav"
>Adresses de Oliver Daboo</C:addressbook-description>
<!ELEMENT supported-address-data (address-data-type+)>
<!ELEMENT address-data-type EMPTY>
<!ATTLIST address-data-type content-type CDATA "text/vcard"
version CDATA "3.0">
<!-- content-type value: a MIME media type -->
<!-- version value: a version string -->
<C:supported-address-data
xmlns:C="urn:ietf:params:xml:ns:carddav">
<C:address-data-type content-type="text/vcard" version="3.0"/>
</C:supported-address-data>
<!ELEMENT max-resource-size (#PCDATA)>
<!-- PCDATA value: a numeric value (positive decimal integer) -->
<C:max-resource-size xmlns:C="urn:ietf:params:xml:ns:carddav"
>102400</C:max-resource-size>
Address book collections and address object resources may be created by either a CardDAV client or by the CardDAV server. This specification defines restrictions and a data model that both clients and servers MUST adhere to when manipulating such address data.
An HTTP request using the extended MKCOL method [I-D.ietf-vcarddav-webdav-mkcol] can be used to create a new address book collection resource. A server MAY restrict address book collection creation to particular collections.
To create an address book, the client sends an extended MKCOL request to the server and in the body of the request sets the DAV:resourcetype property to the resource type for an address book collection as defined in Section 5.2.
Support for creating address books on the server is only RECOMMENDED and not REQUIRED because some address book stores only support one address book per user (or principal), and those are typically pre-created for each account. However, servers and clients are strongly encouraged to support address book creation whenever possible to allow users to create multiple address book collections to help organize their data better.
The DAV:displayname property can be used for a human-readable name of the address book. Clients can either specify the value of the DAV:displayname property in the request body of the extended MKCOL request, or alternatively issue a PROPPATCH request to change the DAV:displayname property to the appropriate value immediately after using the extended MKCOL request. When displaying address book collections to users, clients SHOULD check the DAV:displayname property and use that value as the name of the address book. In the event that the DAV:displayname property is not set, the client MAY use the last part of the address book collection URI as the name, however that path segment may be "opaque" and not represent any meaningful human-readable text.
This example creates an address book collection called /home/lisa/addressbook/ on the server addressbook.example.com with specific values for the properties DAV:resourcetype, DAV:displayname and CARDDAV:addressbook-description.
>> Request <<
MKCOL /home/lisa/addressbook/ HTTP/1.1
Host: addressbook.example.com
Content-Type: text/xml; charset="utf-8"
Content-Length: xxx
<?xml version="1.0" encoding="utf-8" ?>
<D:mkcol xmlns:D="DAV:"
xmlns:C="urn:ietf:params:xml:ns:carddav">
<D:set>
<D:prop>
<D:resourcetype>
<D:collection/>
<C:addressbook/>
</D:resourcetype>
<D:displayname>Lisa's Contacts</D:displayname>
<C:addressbook-description xml:lang="en"
>My primary address book.</C:addressbook-description>
</D:prop>
</D:set>
</D:mkcol>
>> Response <<
HTTP/1.1 201 Created
Cache-Control: no-cache
Date: Sat, 11 Nov 2006 09:32:12 GMT
Content-Type: application/xml; charset="utf-8"
Content-Length: xxxx
<?xml version="1.0" encoding="utf-8" ?>
<D:mkcol-response xmlns:D="DAV:"
xmlns:C="urn:ietf:params:xml:ns:carddav">
<D:propstat>
<D:prop>
<D:resourcetype/>
<D:displayname/>
<C:addressbook-description/>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:mkcol-response>
Clients populate address book collections with address object resources. The URL for each address object resource is entirely arbitrary, and does not need to bear a specific relationship (but might) to the address object resource's vCard properties or other metadata. New address object resources MUST be created with a PUT request targeted at an unmapped URI. A PUT request targeted at a mapped URI updates an existing address object resource.
When servers create new resources, it's not hard for the server to choose a unique URL. It's slightly tougher for clients, because a client might not want to examine all resources in the collection, and might not want to lock the entire collection to ensure that a new one isn't created with a name collision. However, there is an HTTP feature to mitigate this. If the client intends to create a new address resource the client SHOULD use the HTTP header "If-None-Match: *" on the PUT request. The Request-URI on the PUT request MUST include the target collection, where the resource is to be created, plus the name of the resource in the last path segment. The "If-None-Match" header ensures that the client will not inadvertently overwrite an existing resource even, if the last path segment turned out to already be used.
>> Request <<
PUT /lisa/addressbook/newvcard.vcf HTTP/1.1
If-None-Match: *
Host: addressbook.example.com
Content-Type: text/vcard
Content-Length: xxx
BEGIN:VCARD
VERSION:3.0
FN:Cyrus Daboo
N:Daboo;Cyrus
ADR;TYPE=POSTAL:;2822 Email HQ;Suite 2821;RFCVille;PA;15213;USA
EMAIL;TYPE=INTERNET,PREF:cyrus@example.com
NICKNAME:me
NOTE:Example VCard.
ORG:Self Employed
TEL;TYPE=WORK,VOICE:412 605 0499
TEL;TYPE=FAX:412 605 0705
URL:http://www.example.com
UID:1234-5678-9000-1
END:VCARD
>> Response <<
HTTP/1.1 201 Created
Date: Thu, 02 Sep 2004 16:53:32 GMT
Content-Length: 0
ETag: "123456789-000-111"
The request to change an existing address object resource without overwriting a change made on the server, uses a specific ETag in an "If-Match" header, rather than the "If-None-Match" header.
File names for vCards are commonly suffixed by ".vcf", and clients may choose to use the same convention for URLs.
This specification creates additional Preconditions for PUT, COPY and MOVE methods. These preconditions apply:
<!ELEMENT no-uid-conflict (DAV:href)>
The new preconditions are:
vCard provides a "standard mechanism for doing non-standard things". This extension support allows implementers to make use of non-standard vCard properties and parameters whose names are prefixed with the text "X-".
Servers MUST support the use of non-standard properties and parameters in address object resources stored via the PUT method.
Servers may need to enforce rules for their own "private" properties or parameters, so servers MAY reject any attempt by the client to change those or use values for those outside of any restrictions the server may have. Servers SHOULD ensure that any "private" properties or parameters it uses follow the convention of including a vendor id in the "X-" name, as described in Section 3.8 of [RFC2426], e.g., "X-ABC-PRIVATE".
The DAV:getetag property MUST be defined and set to a strong entity tag on all address object resources.
A response to a GET request targeted at an address object resource MUST contain an ETag response header field indicating the current value of the strong entity tag of the address object resource.
Servers SHOULD return a strong entity tag (ETag header) in a PUT response when the stored address object resource is equivalent by octet equality to the address object resource submitted in the body of the PUT request. This allows clients to reliably use the returned strong entity tag for data synchronization purposes. For instance, the client can do a PROPFIND request on the stored address object resource and have the DAV:getetag property returned, and compare that value with the strong entity tag it received on the PUT response, and know that if they are equal, then the address object resource on the server has not been changed.
In the case where the data stored by a server as a result of a PUT request is not equivalent by octet equality to the submitted address object resource, the behavior of the ETag response header is not specified here, with the exception that a strong entity tag MUST NOT be returned in the response. As a result, clients may need to retrieve the modified address object resource (and ETag) as a basis for further changes, rather than use the address object resource it had sent with the PUT request.
CardDAV servers MUST support and adhere to the requirements of WebDAV ACL. WebDAV ACL provides a framework for an extensible set of privileges that can be applied to WebDAV collections and ordinary resources.
This section defines additional properties for WebDAV principal resources as defined in [RFC3744].
<!ELEMENT addressbook-home-set (DAV:href*)>
<C:addressbook-home-set xmlns:D="DAV:"
xmlns:C="urn:ietf:params:xml:ns:carddav">
<D:href>/bernard/addresses/</D:href>
</C:addressbook-home-set>
<!ELEMENT principal-address (DAV:href)>
<C:principal-address xmlns:D="DAV:"
xmlns:C="urn:ietf:params:xml:ns:carddav">
<D:href>/system/cyrus.vcf</D:href>
</C:principal-address>
This section defines the reports that CardDAV servers MUST support on address book collections and address object resources.
CardDAV servers MUST advertise support for these reports on all address book collections and address object resources with the DAV:supported-report-set property defined in Section 3.1.5 of [RFC3253]. CardDAV servers MAY also advertise support for these reports on ordinary collections.
Some of these reports allow address data (from possibly multiple resources) to be returned.
The REPORT method (defined in Section 3.6 of [RFC3253]) provides an extensible mechanism for obtaining information about a resource. Unlike the PROPFIND method, which returns the value of one or more named properties, the REPORT method can involve more complex processing. REPORT is valuable in cases where the server has access to all of the information needed to perform the complex request (such as a query), and where it would require multiple requests for the client to retrieve the information needed to perform the same request.
A server that supports this specification MUST support the DAV:expand-property report (defined in Section 3.8 of [RFC3253]).
Servers MAY support the reports defined in this document on ordinary collections (collections that are not address book collections) in addition to address book collections or address object resources. In computing responses to the reports on ordinary collections, servers MUST only consider address object resources contained in address book collections that are targeted by the REPORT based on the value of the Depth request header.
Some of the reports defined in this section do text matches of character strings provided by the client and compared to stored address data. Since vCard data is by default encoded in the UTF-8 charset and may include characters outside of the US-ASCII charset range in some property and parameter values, there is a need to ensure that text matching follows well-defined rules.
To deal with this, this specification makes use of the IANA Collation Registry defined in [RFC4790] to specify collations that may be used to carry out the text comparison operations with a well-defined rule.
Collations supported by the server MUST support "equality" and "substring" match operations as per [RFC4790] Section 4.2, including the "prefix" and "suffix" options for "substring" matching. CardDAV uses these match options for "equals", "contains", "starts-with" and "ends-with" match operations.
CardDAV servers are REQUIRED to support the "i;ascii-casemap" [RFC4790] and "i;unicode-casemap" [RFC5051] collations, and MAY support other collations.
Servers MUST advertise the set of collations that they support via the CARDDAV:supported-collation-set property defined on any resource that supports reports that use collations.
In the absence of a collation explicitly specified by the client, or if the client specifies the "default" collation identifier (as defined in [RFC4790] Section 3.1), the server MUST default to using "i;unicode-casemap" as the collation.
Wildcards (as defined in [RFC4790] Section 3.2) MUST NOT be used in the collation identifier.
If the client chooses a collation not supported by the server, the server MUST respond with a CARDDAV:supported-collation precondition error response.
<!ELEMENT supported-collation-set (
supported-collation
supported-collation
supported-collation*)>
<!-- Both "i;ascii-casemap" and "i;unicode-casemap"
will be present -->
<!ELEMENT supported-collation (#PCDATA)>
<C:supported-collation-set
xmlns:C="urn:ietf:params:xml:ns:carddav">
<C:supported-collation>i;ascii-casemap</C:supported-collation>
<C:supported-collation>i;octet</C:supported-collation>
<C:supported-collation>i;unicode-casemap</C:supported-collation>
</C:supported-collation-set>
Some address book reports defined in this document allow partial retrieval of address object resources. A CardDAV client can specify what information to return in the body of an address book REPORT request.
A CardDAV client can request particular WebDAV property values, all WebDAV property values, or a list of the names of the resource's WebDAV properties. A CardDAV client can also request address data to be returned and whether all vCard properties should be returned or only particular ones. See CARDDAV:address-data in Section 10.4.
Servers MUST support the use of non-standard vCard property or parameter names in the CARDDAV:address-data XML element in address book REPORT requests to allow clients to request that non-standard properties and parameters be returned in the address data provided in the response.
Servers MAY support the use of non-standard vCard property or parameter names in the CARDDAV:prop-filter and CARDDAV:param-filter XML elements specified in the CARDDAV:filter XML element of address book REPORT requests.
Servers MUST fail with the CARDDAV:supported-filter precondition if an address book REPORT request uses a CARDDAV:prop-filter or CARDDAV:param-filter XML element that makes reference to a non-standard vCard property or parameter name which the server does not support queries on.
The CARDDAV:addressbook-query REPORT performs a search for all address object resources that match a specified filter. The response of this report will contain all the WebDAV properties and address object resource data specified in the request. In the case of the CARDDAV:address-data XML element, one can explicitly specify the vCard properties that should be returned in the address object resource data that matches the filter.
The format of this report is modeled on the PROPFIND method. The request and response bodies of the CARDAV:addressbook-query report use XML elements that are also used by PROPFIND. In particular the request can include XML elements to request WebDAV properties to be returned. When that occurs the response should follow the same behavior as PROPFIND with respect to the DAV:multistatus response elements used to return specific WebDAV property results. For instance, a request to retrieve the value of a WebDAV property which does not exist is an error and MUST be noted with a response XML element which contains a 404 (Not Found) status value.
Support for the CARDDAV:addressbook-query REPORT is REQUIRED.
Marshalling:
<!ELEMENT supported-filter (prop-filter*,
param-filter*)>
Preconditions:
Postconditions:
A client can limit the number of results returned by the server through use of the CARDDAV:limit element in the request body. This is useful when clients are only interested in a few matches, or only have limited space to display results to users and thus don't need the overhead of receiving more than that. When the results are truncated by the server, the server MUST follow the rules below for indicating a result set truncation to the client.
A server MAY limit the number of resources in a response, for example, to limit the amount of work expended in processing a query, or as the result of an explicit limit set by the client. If it does so, the response MUST use status code 207, return a DAV:multistatus response body, and indicate a status of 507 (Insufficient Storage) for the request URI. That DAV:response element SHOULD include a DAV:error element with the DAV:number-of-matches-within-limits pre-condition, as defined in [RFC3744] (Section 9.2).
The server SHOULD also include the partial results in additional DAV:response elements. If a client requested limit is being applied, the 507 response for the request URI MUST NOT be included in calculating the limit (e.g., if the client requests that only a single result be returned, and multiple matches are present, then the DAV:multistatus response will include one DAV:response for the matching resource and one DAV:response for the 507 status on the request URI).
In this example, the client requests the server to search for address object resources that contain a NICKNAME property whose value equals some specific text, and to return specific vCard properties for those vCards found. In addition the DAV:getetag property is also requested and returned as part of the response.
>> Request <<
REPORT /home/bernard/addressbook/ HTTP/1.1
Host: addressbook.example.com
Depth: 1
Content-Type: text/xml; charset="utf-8"
Content-Length: xxxx
<?xml version="1.0" encoding="utf-8" ?>
<C:addressbook-query xmlns:D="DAV:"
xmlns:C="urn:ietf:params:xml:ns:carddav">
<D:prop>
<D:getetag/>
<C:address-data>
<C:prop name="VERSION"/>
<C:prop name="UID"/>
<C:prop name="NICKNAME"/>
<C:prop name="EMAIL"/>
<C:prop name="FN"/>
</C:address-data>
</D:prop>
<C:filter>
<C:prop-filter name="NICKNAME">
<C:text-match collation="i;unicode-casemap"
match-type="equals"
>me</C:text-match>
</C:prop-filter>
</C:filter>
</C:addressbook-query>
>> Response <<
HTTP/1.1 207 Multi-Status
Date: Sat, 11 Nov 2006 09:32:12 GMT
Content-Type: text/xml; charset="utf-8"
Content-Length: xxxx
<?xml version="1.0" encoding="utf-8" ?>
<D:multistatus xmlns:D="DAV:"
xmlns:C="urn:ietf:params:xml:ns:carddav">
<D:response>
<D:href>/home/bernard/addressbook/v102.vcf</D:href>
<D:propstat>
<D:prop>
<D:getetag>"23ba4d-ff11fb"</D:getetag>
<C:address-data>BEGIN:VCARD
VERSION:3.0
NICKNAME:me
UID:34222-232@example.com
FN:Cyrus Daboo
EMAIL:daboo@example.com
END:VCARD
</C:address-data>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
</D:multistatus>
In this example, the client requests the server to search for address object resources that contain a FN property whose value contains some specific text or that contain an EMAIL property whose value contains other text, and to return specific vCard properties for those vCards found. In addition the DAV:getetag property is also requested and returned as part of the response.
>> Request <<
REPORT /home/bernard/addressbook/ HTTP/1.1
Host: addressbook.example.com
Depth: 1
Content-Type: text/xml; charset="utf-8"
Content-Length: xxxx
<?xml version="1.0" encoding="utf-8" ?>
<C:addressbook-query xmlns:D="DAV:"
xmlns:C="urn:ietf:params:xml:ns:carddav">
<D:prop>
<D:getetag/>
<C:address-data>
<C:prop name="VERSION"/>
<C:prop name="UID"/>
<C:prop name="NICKNAME"/>
<C:prop name="EMAIL"/>
<C:prop name="FN"/>
</C:address-data>
</D:prop>
<C:filter test="anyof">
<C:prop-filter name="FN">
<C:text-match collation="i;unicode-casemap"
match-type="contains"
>daboo</C:text-match>
</C:prop-filter>
<C:prop-filter name="EMAIL">
<C:text-match collation="i;unicode-casemap"
match-type="contains"
>daboo</C:text-match>
</C:prop-filter>
</C:filter>
</C:addressbook-query>
>> Response <<
HTTP/1.1 207 Multi-Status
Date: Sat, 11 Nov 2006 09:32:12 GMT
Content-Type: text/xml; charset="utf-8"
Content-Length: xxxx
<?xml version="1.0" encoding="utf-8" ?>
<D:multistatus xmlns:D="DAV:"
xmlns:C="urn:ietf:params:xml:ns:carddav">
<D:response>
<D:href>/home/bernard/addressbook/v102.vcf</D:href>
<D:propstat>
<D:prop>
<D:getetag>"23ba4d-ff11fb"</D:getetag>
<C:address-data>BEGIN:VCARD
VERSION:3.0
NICKNAME:me
UID:34222-232@example.com
FN:David Boo
EMAIL:daboo@example.com
END:VCARD
</C:address-data>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
<D:response>
<D:href>/home/bernard/addressbook/v104.vcf</D:href>
<D:propstat>
<D:prop>
<D:getetag>"23ba4d-ff11fc"</D:getetag>
<C:address-data>BEGIN:VCARD
VERSION:3.0
NICKNAME:oliver
UID:34222-23222@example.com
FN:Oliver Daboo
EMAIL:oliver@example.com
END:VCARD
</C:address-data>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
</D:multistatus>
In this example, the client requests the server to search for address object resources that contain a FN property whose value contains some specific text, and to return the DAV:getetag property for two results only. The server response includes a 507 status for the request URI indicating that there were more than two resources that matched the query, but that the server truncated the result set as requested by the client.
>> Request <<
REPORT /home/bernard/addressbook/ HTTP/1.1
Host: addressbook.example.com
Depth: 1
Content-Type: text/xml; charset="utf-8"
Content-Length: xxxx
<?xml version="1.0" encoding="utf-8" ?>
<C:addressbook-query xmlns:D="DAV:"
xmlns:C="urn:ietf:params:xml:ns:carddav">
<D:prop>
<D:getetag/>
</D:prop>
<C:filter test="anyof">
<C:prop-filter name="FN">
<C:text-match collation="i;unicode-casemap"
match-type="contains"
>daboo</C:text-match>
</C:prop-filter>
</C:filter>
<C:limit>
<C:nresults>2</C:nresults>
</C:limit>
</C:addressbook-query>
>> Response <<
HTTP/1.1 207 Multi-Status
Date: Sat, 11 Nov 2006 09:32:12 GMT
Content-Type: text/xml; charset="utf-8"
Content-Length: xxxx
<?xml version="1.0" encoding="utf-8" ?>
<D:multistatus xmlns:D="DAV:"
xmlns:C="urn:ietf:params:xml:ns:carddav">
<D:response>
<D:href>/home/bernard/addressbook/</D:href>
<D:status>HTTP/1.1 507 OK</D:status>
<D:error><D:number-of-matches-within-limits/></D:error>
<D:responsedescription xml:lang="en">
Only two matching records were returned
</D:responsedescription>
</D:response>
<D:response>
<D:href>/home/bernard/addressbook/v102.vcf</D:href>
<D:propstat>
<D:prop>
<D:getetag>"23ba4d-ff11fb"</D:getetag>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
<D:response>
<D:href>/home/bernard/addressbook/v104.vcf</D:href>
<D:propstat>
<D:prop>
<D:getetag>"23ba4d-ff11fc"</D:getetag>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
</D:multistatus>
The CARDDAV:addressbook-multiget REPORT is used to retrieve specific address object resources from within a collection, if the Request-URI is a collection, or to retrieve a specific address object resource, if the Request-URI is a address object resource. This report is similar to the CARDDAV:addressbook-query REPORT (see Section 8.6), except that it takes a list of DAV:href elements instead of a CARDDAV:filter element to determine which address object resources to return.
Support for the addressbook-multiget REPORT is REQUIRED.
Marshalling:
Preconditions:
Postconditions:
In this example, the client requests the server to return specific vCard properties of the address components referenced by specific URIs. In addition the DAV:getetag property is also requested and returned as part of the response. Note that in this example, the resource at http://addressbook.example.com/home/bernard/addressbook/vcf1.vcf does not exist, resulting in an error status response.
>> Request <<
REPORT /home/bernard/addressbook/ HTTP/1.1
Host: addressbook.example.com
Depth: 1
Content-Type: text/xml; charset="utf-8"
Content-Length: xxxx
<?xml version="1.0" encoding="utf-8" ?>
<C:addressbook-multiget xmlns:D="DAV:"
xmlns:C="urn:ietf:params:xml:ns:carddav">
<D:prop>
<D:getetag/>
<C:address-data>
<C:prop name="VERSION"/>
<C:prop name="UID"/>
<C:prop name="NICKNAME"/>
<C:prop name="EMAIL"/>
<C:prop name="FN"/>
</C:address-data>
</D:prop>
<D:href>/home/bernard/addressbook/vcf102.vcf</D:href>
<D:href>/home/bernard/addressbook/vcf1.vcf</D:href>
</C:addressbook-multiget>
>> Response <<
HTTP/1.1 207 Multi-Status
Date: Sat, 11 Nov 2006 09:32:12 GMT
Content-Type: text/xml; charset="utf-8"
Content-Length: xxxx
<?xml version="1.0" encoding="utf-8" ?>
<D:multistatus xmlns:D="DAV:"
xmlns:C="urn:ietf:params:xml:ns:carddav">
<D:response>
<D:href>/home/bernard/addressbook/vcf102.vcf</D:href>
<D:propstat>
<D:prop>
<D:getetag>"23ba4d-ff11fb"</D:getetag>
<C:address-data>BEGIN:VCARD
VERSION:3.0
NICKNAME:me
UID:34222-232@example.com
FN:Cyrus Daboo
EMAIL:daboo@example.com
END:VCARD
</C:address-data>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
<D:response>
<D:href>/home/bernard/addressbook/vcf1.vcf</D:href>
<D:status>HTTP/1.1 404 Resource not found</D:status>
</D:response>
</D:multistatus>
Clients may not need all the properties in a vCard object when presenting information to the user, or looking up specific items for their email address, for example. Since some property data can be large (e.g., PHOTO or SOUND with inline content) clients can choose to ignore those by only requesting the specific items it knows it will use, through use of the CARDDAV:address-data XML element in the relevant reports.
However, if a client needs to make a change to a vCard, it can only change the entire vCard data via a PUT request. There is no way to incrementally make a change to a set of properties within a vCard object resource. As a result the client will have to cache the entire set of properties on a resource that is being changed.
WebDAV locks can be used to prevent two clients modifying the same resource from either overwriting each others' changes (though that problem can also be solved by using ETags) and also to prevent the user from making changes that will conflict with another set of changes. In a multi-user address book system, the address book client could lock an address object resource while the user is editing the vCard data, and unlock the address object resource when the user finishes or cancels. Locks can also be used to prevent changes while data is being reorganized. For example, an address book client might lock two address book collections prior to moving a bunch of address object resources from one to another.
Clients may request a lock timeout period that is appropriate to the use case. When the user explicitly decides to reserve a resource and prevent other changes, a long timeout might be appropriate, but in cases when the client automatically decides to lock the resource the timeout should be short (and the client can always refresh the lock should it need to). A short lock timeout means that if the client is unable to remove the lock, the other address book users aren't prevented from making changes.
When CardDAV clients need to be configured, the key piece of information that they require is the principal-URL of the user whose address book information is desired. Servers SHOULD support the DAV:current-user-principal-URL property as defined in [RFC5397] to give clients a fast way to locate user principals.
Given support for SRV records (Section 11) and DAV:current-user-principal-URL [RFC5397], users only need enter a user identifier, host name and password to configure their client. The client would take the host name and do an SRV lookup to locate the CardDAV server, then execute an authenticated PROPFIND on the root / resource looking for the DAV:current-user-principal-URL property. The value returned gives the client direct access to the user's principal-URL and from there all the related CardDAV properties needed to locate address books.
For address book sharing use cases, one might wish to find the address book belonging to another user. To find other users' address books on the same server, the DAV:principal-property-search REPORT can be used to filter on some properties and return others. To search for an address book owned by a user named "Laurie", the REPORT request body would look like this:
<?xml version="1.0" encoding="utf-8" ?>
<D:principal-property-search xmlns:D="DAV:">
<D:property-search>
<D:prop>
<D:displayname/>
</D:prop>
<D:match>Laurie</D:match>
</D:property-search>
<D:prop>
<C:addressbook-home-set
xmlns:C="urn:ietf:params:xml:ns:carddav"/>
<D:displayname/>
</D:prop>
</D:principal-property-search>
The server performs a case-sensitive or caseless search for a matching string subset of "Laurie" within the DAV:displayname property. Thus, the server might return "Laurie Dusseault", "Laurier Desruisseaux" or "Wilfrid Laurier" all as matching DAV:displayname values, and the address books for each of these.
<!ELEMENT addressbook EMPTY>
<!ELEMENT supported-collation (#PCDATA)>
<!-- PCDATA value: collation identifier -->
<!ELEMENT addressbook-query ((DAV:allprop |
DAV:propname |
DAV:prop)?, filter, limit?)>
<!ELEMENT address-data (allprop | prop*)>
when nested in the DAV:prop XML element in an address book
REPORT request to specify which parts of address object
resources should be returned in the response;
<!ELEMENT address-data (#PCDATA)>
<!-- PCDATA value: address data -->
when nested in the DAV:prop XML element in an address book
REPORT response to specify the content of a returned
address object resource.
<!ATTLIST address-data content-type CDATA "text/vcard"
version CDATA "3.0">
<!-- content-type value: a MIME media type -->
<!-- version value: a version string -->
attributes can be used on each variant of the
CALDAV:address-data XML element.
<!ELEMENT allprop EMPTY>
NOTE: The CARDDAV:allprop element defined here has the same name as the DAV:allprop element defined in WebDAV. However, the CARDDAV:allprop element defined here uses the "urn:ietf:params:xml:ns:carddav" namespace, as opposed to the "DAV:" namespace used for the DAV:allprop element defined in WebDAV.
<!ELEMENT prop EMPTY>
<!ATTLIST prop name CDATA #REQUIRED
novalue (yes | no) "no">
<!-- name value: a vCard property name -->
<!-- novalue value: "yes" or "no" -->
NOTE: The CARDDAV:prop element defined here has the same name as the DAV:prop element defined in WebDAV. However, the CARDDAV:prop element defined here uses the "urn:ietf:params:xml:ns:carddav" namespace, as opposed to the "DAV:" namespace used for the DAV:prop element defined in WebDAV.
<!ELEMENT filter (prop-filter*)>
<!ATTLIST filter test (anyof | allof) "anyof">
<!-- test value:
anyof logical OR for prop-filter matches
allof logical AND for prop-filter matches -->
<!ELEMENT prop-filter (is-not-defined |
(text-match*, param-filter*))>
<!ATTLIST prop-filter name CDATA #REQUIRED
test (anyof | allof) "anyof">
<!-- name value: a vCard property name (e.g., "NICKNAME")
test value:
anyof logical OR for text-match/param-filter matches
allof logical AND for text-match/param-filter matches -->
<!ELEMENT param-filter (is-not-defined | text-match)?>
<!ATTLIST param-filter name CDATA #REQUIRED>
<!-- name value: a property parameter name (e.g., "TYPE") -->
<!ELEMENT is-not-defined EMPTY>
<!ELEMENT text-match (#PCDATA)>
<!-- PCDATA value: string -->
<!ATTLIST text-match
collation CDATA "i;unicode-casemap"
negate-condition (yes | no) "no"
match-type (equals|contains|starts-with|ends-with) "contains">
<!ELEMENT limit (nresults)>
<!ELEMENT nresults (#PCDATA)>
<!-- nresults value: unsigned integer, must be digits -->
<!ELEMENT addressbook-multiget ((DAV:allprop |
DAV:propname |
DAV:prop)?,
DAV:href+)>
[RFC2782] defines a DNS-based service discovery protocol that has been widely adopted as a means of locating particular services within a local area network and beyond, using SRV RR records.
This specification adds two service types for use with SRV records:
Example: non-TLS service record
_carddav._tcp SRV 0 1 80 addressbook.example.com.
Example: TLS service
_carddavs._tcp SRV 0 1 443 addressbook.example.com.
CardDAV allows internationalized strings to be stored and retrieved for the description of address book collections (see Section 6.2.1).
The CARDDAV:addressbook-query REPORT (Section 8.6) includes a text searching option controlled by the CARDDAV:text-match element and details of character handling are covered in the description of that element (see Section 10.5.4).
HTTP protocol transactions are sent in the clear over the network unless protection from snooping is negotiated. This can be accomplished by use of TLS as defined in [RFC2818]. In particular, if HTTP Basic authentication is available, the server MUST allow TLS to be used at the same time, and SHOULD prevent use of Basic authentication when TLS is not in use.
With the ACL extension present, WebDAV allows control over who can access (read or write) any resource on the WebDAV server. In addition, WebDAV ACL provides for an "inheritance" mechanism, whereby resources may inherit access privileges from other resources. Often the "other" resource is a parent collection of the resource itself. Clients MUST take care to ensure users are aware of which address books may be "private" (i.e. only accessible to them) and which are "shared" (i.e. accessible to others).
Since web servers are often the target of automated indexing applications that gather data from the server, analyze it and extract 'interesting' parts, great care must be taken when allowing unauthenticated access to any address book or address object data. Clients MAY choose to warn users when they create address data in a public address book, copy or move address data into public address books, or change access privileges in such a way as to expose address data to unauthenticated users.
This specification currently relies on standard HTTP authentication mechanisms for identifying users. These comprise Basic and Digest authentication as well as TLS using client-side certificates.
This document uses a URN to describe a new XML namespace conforming to the registry mechanism described in [RFC3688].
Registration request for the carddav namespace:
URI: urn:ietf:params:xml:ns:carddav
Registrant Contact: See the "Author's Address" section of this document.
XML: None - not applicable for namespace registrations.
Thanks go to Lisa Dusseault and Bernard Desruisseaux for their work on CalDAV, on which CardDAV is heavily based. The following individuals contributed their ideas and support for writing this specification: Mike Douglass, Stefan Eissing, Helge Hess, Arnaud Quillaud, Julian Reschke, Elias Sinderson, Greg Stein, Wilfredo Sanchez, and Simon Vaillancourt.
| [IMSP] | Myers, J., "IMSP - Internet Message Support Protocol", June 1995. |
| [RFC2244] | Newman, C. and J. Myers, "ACAP -- Application Configuration Access Protocol", RFC 2244, DOI 10.17487/RFC2244, November 1997. |
| [RFC4510] | Zeilenga, K., "Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map", RFC 4510, DOI 10.17487/RFC4510, June 2006. |
Changes in -08
Changes in -07
Changes in -06
Changes in -05
Changes in -04
Changes in -03
Changes in -02
Changes in -01
Changes in -00
Changes in pre-04
Changes in pre-03
Changes in pre-02
Changes in pre-01