RFC 6638
Scheduling Extensions to CalDAV
Internet Engineering Task Force (IETF) C. Daboo Request for Comments: 6638 Apple Inc. Updates: 4791, 5546 B. Desruisseaux Category: Standards Track Oracle ISSN: 2070-1721 June 2012 Scheduling Extensions to CalDAVAbstract
This document defines extensions to the Calendaring Extensions to WebDAV (CalDAV) "calendar-access" feature to specify a standard way of performing scheduling operations with iCalendar-based calendar components. This document defines the "calendar-auto-schedule" feature of CalDAV. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6638. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.Table of Contents
1. Introduction ....................................................5 1.1. Terminology ................................................6 1.2. Notational Conventions .....................................7 1.3. XML Namespaces and Processing ..............................7 2. Scheduling Support ..............................................8 2.1. Scheduling Outbox Collection ...............................9 2.1.1. CALDAV:schedule-outbox-URL Property ................10 2.2. Scheduling Inbox Collection ...............................10 2.2.1. CALDAV:schedule-inbox-URL Property .................11 2.3. Calendaring Reports Extensions ............................12 2.4. Additional Principal Properties ...........................12 2.4.1. CALDAV:calendar-user-address-set Property ..........12 2.4.2. CALDAV:calendar-user-type Property .................13 3. Scheduling Operations ..........................................14 3.1. Identifying Scheduling Object Resources ...................14 3.2. Handling Scheduling Object Resources ......................15 3.2.1. Organizer Scheduling Object Resources ..............15 3.2.1.1. Create ....................................16 3.2.1.2. Modify ....................................17 3.2.1.3. Remove ....................................18 3.2.2. Attendee Scheduling Object Resources ...............18 3.2.2.1. Allowed "Attendee" Changes ................18 3.2.2.2. Create ....................................19 3.2.2.3. Modify ....................................20 3.2.2.4. Remove ....................................21 3.2.3. HTTP Methods .......................................21 3.2.3.1. PUT .......................................22 3.2.3.2. DELETE ....................................22 3.2.3.3. COPY ......................................23 3.2.3.4. MOVE ......................................24
3.2.4. Additional Method Preconditions ....................24
3.2.4.1. CALDAV:unique-scheduling-object-resource
Precondition ..............................24
3.2.4.2. CALDAV:same-organizer-in-all-components
Precondition ..............................25
3.2.4.3. CALDAV:allowed-organizer-scheduling-
object-change Precondition .............25
3.2.4.4. CALDAV:allowed-attendee-scheduling-
object-change Precondition .............26
3.2.5. DTSTAMP and SEQUENCE Properties ....................26
3.2.6. Restrict Recurrence Instances Sent to "Attendees" ..27
3.2.7. Forcing the Server to Send a Scheduling Message ....27
3.2.8. "Attendee" Participation Status ....................28
3.2.9. Schedule Status Values .............................29
3.2.10. Avoiding Conflicts when Updating Scheduling Object
Resources .........................................31
3.2.10.1. PUT .....................................33
3.2.10.2. DELETE, COPY, or MOVE ...................33
4. Processing Incoming Scheduling Messages ........................34
4.1. Processing "Organizer" Requests, Additions, and
Cancellations .............................................34
4.2. Processing "Attendee" Replies .............................35
4.3. Default Calendar Collection ...............................35
4.3.1. Additional Method Preconditions ....................36
4.3.1.1. CALDAV:default-calendar-needed
Precondition ..............................36
4.3.1.2. CALDAV:valid-schedule-default-calendar-URL
Precondition ..............................36
5. Request for Busy Time Information ..............................37
5.1. Status Codes ..............................................38
5.2. Additional Method Preconditions ...........................38
5.2.1. CALDAV:valid-scheduling-message Precondition .......38
5.2.2. CALDAV:valid-organizer Precondition ................39
6. Scheduling Privileges ..........................................39
6.1. Privileges on Scheduling Inbox Collections ................39
6.1.1. CALDAV:schedule-deliver Privilege ..................40
6.1.2. CALDAV:schedule-deliver-invite Privilege ...........40
6.1.3. CALDAV:schedule-deliver-reply Privilege ............40
6.1.4. CALDAV:schedule-query-freebusy Privilege ...........40
6.2. Privileges on Scheduling Outbox Collections ...............40
6.2.1. CALDAV:schedule-send Privilege .....................41
6.2.2. CALDAV:schedule-send-invite Privilege ..............41
6.2.3. CALDAV:schedule-send-reply Privilege ...............41
6.2.4. CALDAV:schedule-send-freebusy Privilege ............41
6.3. Aggregation of Scheduling Privileges ......................42
7. Additional iCalendar Property Parameters .......................42 7.1. Schedule Agent Parameter ..................................42 7.2. Schedule Force Send Parameter .............................44 7.3. Schedule Status Parameter .................................45 8. Additional Message Header Fields ...............................46 8.1. Schedule-Reply Request Header .............................46 8.2. Schedule-Tag Response Header ..............................46 8.3. If-Schedule-Tag-Match Request Header ......................47 9. Additional WebDAV Properties ...................................47 9.1. CALDAV:schedule-calendar-transp Property ..................47 9.2. CALDAV:schedule-default-calendar-URL Property .............48 9.3. CALDAV:schedule-tag Property ..............................49 10. XML Element Definitions .......................................50 10.1. CALDAV:schedule-response XML Element .....................50 10.2. CALDAV:response XML Element ..............................50 10.3. CALDAV:recipient XML Element .............................50 10.4. CALDAV:request-status XML Element ........................51 11. Security Considerations .......................................51 11.1. Preventing Denial-of-Service Attacks .....................51 11.2. Verifying Scheduling Operations ..........................52 11.3. Verifying Busy Time Information Requests .................52 11.4. Privacy Issues ...........................................53 11.5. Mitigation of iTIP Threats ...............................53 12. IANA Considerations ...........................................54 12.1. Message Header Field Registrations .......................54 12.1.1. Schedule-Reply ....................................54 12.1.2. Schedule-Tag ......................................54 12.1.3. If-Schedule-Tag-Match .............................54 12.2. iCalendar Property Parameter Registrations ...............55 12.3. iCalendar REQUEST-STATUS Value Registrations .............55 12.4. Additional iCalendar Elements Registries .................55 12.4.1. Schedule Agent Values Registry ....................56 12.4.2. Schedule Force Send Values Registry ...............56 13. Acknowledgements ..............................................56 14. References ....................................................57 14.1. Normative References .....................................57 14.2. Informative References ...................................58
Appendix A. Scheduling Privileges Summary .........................59 A.1. Scheduling Inbox Privileges ................................59 A.2. Scheduling Outbox Privileges ...............................60 Appendix B. Example Scheduling Operations .........................60 B.1. Example: "Organizer" Inviting Multiple "Attendees" .........61 B.2. Example: "Attendee" Receiving an Invitation ................63 B.3. Example: "Attendee" Replying to an Invitation ..............64 B.4. Example: "Organizer" Receiving a Reply to an Invitation ....66 B.5. Example: "Organizer" Requesting Busy Time Information ......69 B.6. Example: User Attempting to Invite "Attendee" on Behalf of "Organizer" ......................................71 B.7. Example: "Attendee" Declining an Instance of a Recurring Event ............................................72 B.8. Example: "Attendee" Removing an Instance of a Recurring Event ............................................751. Introduction
This document specifies extensions to the CalDAV "calendar-access" [RFC4791] feature to enable scheduling of iCalendar-based [RFC5545] calendar components between calendar users. This extension leverages the scheduling methods defined in the iCalendar Transport-independent Interoperability Protocol (iTIP) [RFC5546] to permit calendar users to perform scheduling operations such as schedule, reschedule, respond to scheduling request, or cancel calendar components, as well as search for busy time information. However, the following iTIP [RFC5546] features are not covered: publishing, countering, delegating, refreshing, and forwarding calendar components, as well as replacing the "Organizer" of a calendar component. It is expected that future extensions will be developed to address these. This specification defines a client/server scheduling protocol, where the server is made responsible for sending scheduling messages and processing incoming scheduling messages. The client operations of creating, modifying, or deleting a calendar component in a calendar are enough to trigger the server to deliver the necessary scheduling messages to the appropriate calendar users. This approach is sometimes referred to as "implicit scheduling". This specification only addresses how scheduling occurs with users on a single system (i.e., scheduling between CalDAV servers, or some other calendaring and scheduling system, is not defined). However, this specification is compatible with servers being able to send or receive scheduling messages with "external" users (e.g., using the iCalendar Message-Based Interoperability Protocol (iMIP) [RFC6047]).
Section 3 defines the automated "Scheduling Operations" that allow a client to store iCalendar data on a CalDAV server, with the server taking specific actions in response. One of three scheduling operations can take place -- "create", "modify", or "remove", based on the HTTP method used for the request -- in addition to a comparison between any existing and any new iCalendar data. Section 4 defines how the server processes scheduling messages sent as the result of a scheduling operation. Section 5 defines how freebusy requests with an immediate response are accomplished. Section 6 defines access control privileges for the scheduling operations defined in this specification. For the majority of the following discussion, scheduling of events will be discussed. However, scheduling of to-dos is also fully supported by this specification. This specification has been under development for a number of years, and most current implementations of CalDAV support it. With the publication of this document, it is expected that all new CalDAV implementations will support it by default. Interoperability tests have been performed regularly. Significant issues with incompatible CalDAV implementations are not anticipated.1.1. Terminology
This specification reuses much of the same terminology as iCalendar [RFC5545], iTIP [RFC5546], WebDAV [RFC4918], and CalDAV [RFC4791]. Additional terms used by this specification are as follows: Scheduling object resource: A calendar object resource contained in a calendar collection for which the server will take care of sending scheduling messages on behalf of the owner of the calendar collection. Organizer scheduling object resource: A scheduling object resource owned by the "Organizer". Attendee scheduling object resource: A scheduling object resource owned by an "Attendee". Scheduling operation: Add, change, or remove operations on a scheduling object resource for which the server will deliver scheduling messages to other calendar users.
Scheduling message: A calendar object that describes a scheduling
operation such as schedule, reschedule, reply, or cancel.
Scheduling Outbox collection: A resource at which busy time
information requests are targeted.
Scheduling Inbox collection: A collection in which incoming
scheduling messages are delivered.
1.2. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
The Augmented BNF (ABNF) syntax used by this document to specify the
format definition of new iCalendar elements is defined in [RFC5234].
The ABNF syntax used by this document to specify the format
definition of new message header fields to be used with the HTTP/1.1
protocol is described in Section 2.1 of [RFC2616]. Since this
Augmented BNF uses the basic production rules provided in Section 2.2
of [RFC2616], these rules apply to this document as well.
The term "protected" is used in the Conformance field of WebDAV
property definitions as defined in Section 15 of [RFC4918].
Calendaring and scheduling roles are referred to in quoted-strings of
text with the first character of each word in uppercase. For
example, "Organizer" refers to a role of a calendar user within the
scheduling protocol defined by [RFC5546].
1.3. XML Namespaces and Processing
This document uses XML DTD fragments ([W3C.REC-xml-20081126],
Section 3.2) as a purely notational convention. WebDAV request and
response bodies cannot be validated by a DTD due to the specific
extensibility rules defined in Section 17 of [RFC4918] and due to the
fact that all XML elements defined by that specification use the XML
namespace name "DAV:". In particular,
1. element names use the "DAV:" namespace,
2. element ordering is irrelevant unless explicitly stated,
3. extension elements (elements not already defined as valid child
elements) can be added anywhere, except when explicitly stated
otherwise, and
4. extension attributes (attributes not already defined as valid for
this element) can be added anywhere, except when explicitly
stated otherwise.
The XML elements specified in this document are defined in the
"urn:ietf:params:xml:ns:caldav" XML namespace registered by CalDAV
[RFC4791].
When XML element types in the namespaces "DAV:" and
"urn:ietf:params:xml:ns:caldav" are referenced in this document
outside of the context of an XML fragment, the strings "DAV:" and
"CALDAV:" will be prefixed to the element types, respectively.
This document inherits, and sometimes extends, DTD productions from
Section 14 of [RFC4918].
Also note that some CalDAV XML element names are identical to WebDAV
XML element names, though their namespace differs. Care needs to be
taken not to confuse the two sets of names.
2. Scheduling Support
A server that supports the features described in this document is
REQUIRED to support the CalDAV "calendar-access" [RFC4791] feature.
Servers include "calendar-auto-schedule" as a field in the DAV
response header from an OPTIONS request on any resource that supports
any scheduling operations, properties, privileges, or methods.
This specification introduces new collection resource types that are
used to manage scheduling object resources, and scheduling privileges
(as per Section 6), as well as provide scheduling functionality. It
is the server's responsibility to create these collection resources,
and clients have no way to create or delete them.
2.1. Scheduling Outbox Collection
A scheduling Outbox collection is used as the target for busy time information requests, and to manage privileges that apply to outgoing scheduling requests. A scheduling Outbox collection MUST report the DAV:collection and CALDAV:schedule-outbox XML elements in the value of the DAV: resourcetype property. The element type declaration for CALDAV: schedule-outbox is <!ELEMENT schedule-outbox EMPTY> Example: <D:resourcetype xmlns:D="DAV:"> <D:collection/> <C:schedule-outbox xmlns:C="urn:ietf:params:xml:ns:caldav"/> </D:resourcetype> A scheduling Outbox collection MUST NOT be a child (at any depth) of a calendar collection resource. The following WebDAV properties specified in CalDAV "calendar-access" [RFC4791] MAY also be defined on scheduling Outbox collections and apply to scheduling messages submitted to the scheduling Outbox collection with the POST method: o CALDAV:supported-calendar-component-set o CALDAV:supported-calendar-data o CALDAV:max-resource-size o CALDAV:min-date-time o CALDAV:max-date-time o CALDAV:max-attendees-per-instance The use of child resources in a scheduling Outbox collection is reserved for future revisions or extensions of this specification. The following WebDAV property is defined on principal resources and used to locate the corresponding Outbox collection for the associated principal.
2.1.1. CALDAV:schedule-outbox-URL Property
Name: schedule-outbox-URL Namespace: urn:ietf:params:xml:ns:caldav Purpose: Identify the URL of the scheduling Outbox collection owned by the associated principal resource. Protected: This property MAY be protected. PROPFIND behavior: This property SHOULD NOT be returned by a PROPFIND DAV:allprop request (as defined in Section 14.2 of [RFC4918]). COPY/MOVE behavior: This property value SHOULD be preserved in COPY and MOVE operations. Description: This property is needed for a client to determine where the scheduling Outbox collection of the current user is located so that sending of scheduling messages can occur. If not present, then the associated calendar user is not enabled for the sending of scheduling messages on the server. Definition: <!ELEMENT schedule-outbox-URL (DAV:href)>2.2. Scheduling Inbox Collection
A scheduling Inbox collection contains copies of incoming scheduling messages. These can be requests sent by an "Organizer", or replies sent by an "Attendee" in response to a request. The scheduling Inbox collection is also used to manage scheduling privileges. A scheduling Inbox collection MUST report the DAV:collection and CALDAV:schedule-inbox XML elements in the value of the DAV: resourcetype property. The element type declaration for CALDAV: schedule-inbox is <!ELEMENT schedule-inbox EMPTY> Example: <D:resourcetype xmlns:D="DAV:"> <D:collection/> <C:schedule-inbox xmlns:C="urn:ietf:params:xml:ns:caldav"/> </D:resourcetype>
Scheduling Inbox collections MUST only contain calendar object resources that obey the restrictions specified in iTIP [RFC5546]. Consequently, scheduling Inbox collections MUST NOT contain any types of collection resources. Restrictions defined in Section 4.1 of CalDAV "calendar-access" [RFC4791] on calendar object resources contained in calendar collections (e.g., Unique Identifier ("UID") uniqueness) do not apply to calendar object resources contained in a scheduling Inbox collection. Thus, multiple calendar object resources contained in a scheduling Inbox collection can have the same "UID" property value (i.e., multiple scheduling messages for the same calendar component). A scheduling Inbox collection MUST NOT be a child (at any depth) of a calendar collection resource. The following WebDAV properties specified in CalDAV "calendar-access" [RFC4791] MAY also be defined on scheduling Inbox collections and apply to scheduling messages delivered to the collection: o CALDAV:supported-calendar-component-set o CALDAV:supported-calendar-data o CALDAV:max-resource-size o CALDAV:min-date-time o CALDAV:max-date-time o CALDAV:max-instances o CALDAV:max-attendees-per-instance o CALDAV:calendar-timezone The following WebDAV property is defined on principal resources and used to locate the corresponding Inbox collection for the associated principal.2.2.1. CALDAV:schedule-inbox-URL Property
Name: schedule-inbox-URL Namespace: urn:ietf:params:xml:ns:caldav Purpose: Identify the URL of the scheduling Inbox collection owned by the associated principal resource.
Protected: This property MAY be protected.
PROPFIND behavior: This property SHOULD NOT be returned by a
PROPFIND DAV:allprop request (as defined in Section 14.2 of
[RFC4918]).
COPY/MOVE behavior: This property value SHOULD be preserved in COPY
and MOVE operations.
Description: This property allows a client to determine where the
scheduling Inbox collection of the current user is located so that
processing of scheduling messages can occur. If not present, then
the associated calendar user is not enabled for reception of
scheduling messages on the server.
Definition:
<!ELEMENT schedule-inbox-URL (DAV:href)>
2.3. Calendaring Reports Extensions
This specification extends the CALDAV:calendar-query and CALDAV:
calendar-multiget REPORTs to return results for calendar object
resources in scheduling Inbox collections.
When a CALDAV:calendar-query REPORT includes a time-range query and
targets a scheduling Inbox collection, if any calendar object
resources contain "VEVENT" calendar components that do not include a
"DTSTART" iCalendar property (as allowed by iTIP [RFC5546]) then such
components MUST always match the time-range query test.
Note that the CALDAV:free-busy-query REPORT is not supported on
scheduling Inbox collections.
2.4. Additional Principal Properties
This section defines new properties for WebDAV principal resources as
defined in [RFC3744]. These properties are likely to be protected,
but the server MAY allow them to be written by appropriate users.
2.4.1. CALDAV:calendar-user-address-set Property
Name: calendar-user-address-set
Namespace: urn:ietf:params:xml:ns:caldav
Purpose: Identify the calendar addresses of the associated principal
resource.
Protected: This property MAY be protected.
PROPFIND behavior: This property SHOULD NOT be returned by a
PROPFIND DAV:allprop request (as defined in Section 14.2 of
[RFC4918]).
COPY/MOVE behavior: This property value SHOULD be preserved in COPY
and MOVE operations.
Description: Support for this property is REQUIRED. This property
is needed to map calendar user addresses in iCalendar data to
principal resources and their associated scheduling Inbox and
Outbox collections. In the event that a user has no well-defined
identifier for his calendar user address, the URI of his principal
resource can be used. This property SHOULD be searchable using
the DAV:principal-property-search REPORT. The DAV:principal-
search-property-set REPORT SHOULD identify this property as such.
If not present, then the associated calendar user is not enabled
for scheduling on the server.
Definition:
<!ELEMENT calendar-user-address-set (DAV:href*)>
Example:
<C:calendar-user-address-set xmlns:D="DAV:"
xmlns:C="urn:ietf:params:xml:ns:caldav">
<D:href>mailto:bernard@example.com</D:href>
<D:href>mailto:bernard.desruisseaux@example.com</D:href>
</C:calendar-user-address-set>
2.4.2. CALDAV:calendar-user-type Property
Name: calendar-user-type
Namespace: urn:ietf:params:xml:ns:caldav
Purpose: Identifies the calendar user type of the associated
principal resource.
Value: Same values allowed for the iCalendar "CUTYPE" property
parameter defined in Section 3.2.3 of [RFC5545].
Protected: This property MAY be protected.
PROPFIND behavior: This property SHOULD NOT be returned by a
PROPFIND DAV:allprop request (as defined in Section 14.2 of
[RFC4918]).
COPY/MOVE behavior: This property value SHOULD be preserved in COPY
and MOVE operations.
Description: Clients can query principal resources in order to look
up "Attendees" available on the server. When doing this, it is
useful to know, or restrict the query to, certain types of
calendar users (e.g., only search for "people", or only search for
"rooms"). This property MAY be defined on principal resources to
indicate the type of calendar user associated with the principal
resource. Its value is the same as the iCalendar "CUTYPE"
property parameter that can be used on "ATTENDEE" properties.
This property SHOULD be searchable using the DAV:principal-
property-search REPORT. The DAV:principal-search-property-set
REPORT SHOULD identify this property as such.
Definition:
<!ELEMENT calendar-user-type (#PCDATA)>
Example:
<C:calendar-user-type
xmlns:C="urn:ietf:params:xml:ns:caldav">INDIVIDUAL<
/C:calendar-user-type>
(page 14 continued on part 2)
