Internet DRAFT - draft-calext-caldav-scheduling-controls

draft-calext-caldav-scheduling-controls







calext                                                  B. Gondwana, Ed.
Internet-Draft                                                  FastMail
Updates: 6638 (if approved)                               March 26, 2019
Intended status: Standards Track
Expires: September 27, 2019


                CalDAV Extension for scheduling controls
               draft-calext-caldav-scheduling-controls-00

Abstract

   This document adds headers to control and restrict the scheduling
   behaviour of CalDAV servers when updating calendaring resources.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 27, 2019.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.





Gondwana               Expires September 27, 2019               [Page 1]

Internet-Draft             CalDAV SchedControl                March 2019


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions Used In This Document . . . . . . . . . . . . . .   3
   3.  Extending the CalDAV OPTIONS response . . . . . . . . . . . .   3
     3.1.  Example: Using OPTIONS for the Discovery of Scheduling
           Controls Support  . . . . . . . . . . . . . . . . . . . .   3
   4.  New headers . . . . . . . . . . . . . . . . . . . . . . . . .   3
     4.1.  Scheduling header . . . . . . . . . . . . . . . . . . . .   4
     4.2.  Schedule-User-Address header  . . . . . . . . . . . . . .   4
   5.  Implementation considerations . . . . . . . . . . . . . . . .   5
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   5
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
   8.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .   5
   9.  Version History . . . . . . . . . . . . . . . . . . . . . . .   5
     9.1.  calext-v00, 2019-03-26  . . . . . . . . . . . . . . . . .   5
     9.2.  gondwana-v01, 2019-03-08  . . . . . . . . . . . . . . . .   6
     9.3.  gondwana-v00, 2019-02-08  . . . . . . . . . . . . . . . .   6
   10. Normative References  . . . . . . . . . . . . . . . . . . . .   6
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   6

1.  Introduction

   [RFC6638] defines automatic scheduling operations for resources
   stored on [!@RFC4791] CalDAV servers.

   [RFC6638] defines the "Schedule-Reply" header in Section 8.1, however
   this header is not sufficient for controlling scheduling in all
   cases.

   Cases where it might be necessary to update the data store on a
   server without causing scheduling messages to be sent include backup
   after a data loss event on the server, or importing calendar events
   from another system.

   Calendar server operators deal with these other needs by either using
   a different method than CalDAV to update their server, or by adding a
   custom method to suppress scheduling.  This document defines a
   standard method to suppress scheduling, allowing CalDAV to be
   directly used for restores and imports.

   Complex sites can have users who have multiple aliases, and in the
   most complex cases, a user may have multiple identities who are
   present on a scheduling event as organizer and/or attendee.  When an
   event is updated over CalDAV, the server must calculate or guess
   which of those addresses the current user is acting as.  This
   document defines a header which allows the client to inform the




Gondwana               Expires September 27, 2019               [Page 2]

Internet-Draft             CalDAV SchedControl                March 2019


   server precisely which address they are acting as when adding,
   modifying or removing a resource.

2.  Conventions Used In This Document

   In examples, "C:" indicates data sent by a client that is connected
   to a server.  "S:" indicates data sent by the server to the client.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119] when they
   appear in ALL CAPS.  These words may also appear in this document in
   lower case as plain English words, absent their normative meanings.

3.  Extending the CalDAV OPTIONS response

   A server supporting the features described in this document MUST
   include "scheduling-controls" as a field in the DAV response header
   from an OPTIONS request.  A value of "scheduling-controls" in the DAV
   response header indicates to clients that the server supports all the
   requirements specified in this document.

3.1.  Example: Using OPTIONS for the Discovery of Scheduling Controls
      Support

   Request:

                  OPTIONS /home/brong/calendars/ HTTP/1.1
                  Host: cal.example.com

   Response:

      HTTP/1.1 200 OK
      Allow: OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, COPY, MOVE
      Allow: PROPFIND, PROPPATCH, LOCK, UNLOCK, REPORT, ACL
      DAV: 1, 2, 3, access-control, calendar-access,
       scheduling-controls
      Date: Thu, 8 Feb 2019 10:16:37 GMT
      Content-Length: 0

4.  New headers

   This document adds two new headers for use on PUT, PROPPATCH and
   DELETE:







Gondwana               Expires September 27, 2019               [Page 3]

Internet-Draft             CalDAV SchedControl                March 2019


4.1.  Scheduling header

   Scheduling: {all|none|internal-only|external-only|X-...}

   Default: all

   Not providing this header, or providing the value of "all", instructs
   the server to follow the behaviour in [RFC6638] Section 3.2.

   Providing the value "none" instructs the server to perform no
   scheduling at all, and to just store the event (useful for restoring
   from backup)

   The value "internal-only" instructs the server to update the events
   in other calendars within its system where that can be done silently,
   but not to send visible notifications to users (where permitted by
   policy).  This is useful when importing multiple related calendars
   into a new system without flooding external parties with
   notifications.

   The value "external-only" instructs the server to import the data
   without updating local calendars, but to send notifications to
   external attendees so they are aware of the event.  This is useful
   when migrating calendar events to a new system where external parties
   need to have a way to update their participation status in the new
   system.

   e.g.

                             Scheduling: none

   TODO: specify error codes

4.2.  Schedule-User-Address header

   Schedule-User-Address: URI

   Default: not present

   If this header is not present, the server will calculate the address
   from the authenticated user, or from the CALDAV:schedule-user-address
   property on the calendar or principal.

   If this header is provided, it overrides the server's internal
   calculation, and informs the server to perform any scheduling as the
   specified user.

   TODO: specify error codes



Gondwana               Expires September 27, 2019               [Page 4]

Internet-Draft             CalDAV SchedControl                March 2019


   e.g.

               Schedule-User-Address: mailto:foo@example.com

5.  Implementation considerations

   Any server implementing this extension MUST ensure it has a way to
   validate Schedule-User-Address settings.

6.  IANA Considerations

   TODO: IANA request for OPTIONS item

   TODO: IANA request for named headers

7.  Security Considerations

   The "Scheduling" header only allows reduction of the cases in which
   the server will creating scheduling requests.  This is generally good
   for user privacy, allowing copies of events to be updated without
   notifying the owner or attendees.  This is particularly valuable for
   cleaning up spam.

   The "Schedule-User-Address" header allows the client to override the
   server choice of address for the user to act as.  Servers MUST ensure
   that the authenticated user has permission to act as the specified
   address, as well as applying any local policy limitations.

8.  Acknowledgments

   o  Lucia Kristiansen, Google

   o  CalConnect

   o  The calext working group

9.  Version History

   Remove before publishing

9.1.  calext-v00, 2019-03-26

   o  Adopt into calext working group based on no objections on the list








Gondwana               Expires September 27, 2019               [Page 5]

Internet-Draft             CalDAV SchedControl                March 2019


9.2.  gondwana-v01, 2019-03-08

   o  correct name in acknowledgements

9.3.  gondwana-v00, 2019-02-08

   o  Initial draft based on discussion at CalConnect about Google and
      FastMail private implementations.

10.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC6638]  Daboo, C. and B. Desruisseaux, "Scheduling Extensions to
              CalDAV", RFC 6638, DOI 10.17487/RFC6638, June 2012,
              <https://www.rfc-editor.org/info/rfc6638>.

Author's Address

   Bron Gondwana (editor)
   FastMail
   Level 2, 114 William St
   Melbourne  VIC 3000
   Australia

   Email: brong@fastmailteam.com
   URI:   https://www.fastmail.com





















Gondwana               Expires September 27, 2019               [Page 6]