Extensions for Distributed Authoring on the World Wide Web -- WEBDAV

7.2.2 Example

>>Request

   PROPPATCH /bar.html HTTP/1.1
   Host: www.foo.com
   Content-Type: text/xml
   Content-Length: xxxx

   <?xml version="1.0"?>
   <?namespace href="http://www.iana.org/standards/dav/" as="D"?>
   <?namespace href="http://www.w3.com/standards/z39.50/" as="Z"?>
   <D:propertyupdate>
     <D:set>
          <D:prop>
               <Z:authors>
                    <Z:Author>Jim Whitehead</Z:Author>
                    <Z:Author>Roy Fielding</Z:Author>
               </Z:authors>
          </D:prop>
     </D:set>
     <D:remove>
          <D:prop><Z:Copyright-Owner/></D:prop>
     </D:remove>
   </D:propertyupdate>

>>Response

   HTTP/1.1 207 Multi-Status
   Content-Type: text/xml
   Content-Length: xxxxx

   <?xml version="1.0"?>
   <?namespace href="http://www.iana.org/standards/dav/" as="D"?>
   <?namespace href="http://www.w3.com/standards/z39.50/" as="Z"?>
   <D:multistatus>
     <D:response>
          <D:href>http://www.foo.com/bar</D:href>
          <D:propstat>
               <D:prop><Z:Authors/></D:prop>
               <D:status>HTTP/1.1 424 Method Failure</D:status>
          </D:propstat>
          <D:propstat>
               <D:prop><Z:Copyright-Owner/></D:prop>
               <D:status>HTTP/1.1 409 Conflict</D:status>
          </D:propstat>
          <D:responsedescription> Copyright Owner can not be deleted or
   altered.</D:responsedescription>
     <D:response>
   </D:multistatus>

In this example, the client requests the server to set the value of the http://www.w3.com/standards/z39.50/Authors property, and to remove the property http://www.w3.com/standards/z39.50/Copyright-Owner. Since the Copyright-Owner property could not be removed, no property modifications occur. The Method Failure status code for the Authors property indicates this action would have succeeded if it were not for the conflict with removing the Copyright-Owner property.

7.3 MKCOL Method

The MKCOL method is used to create a new collection. All DAV compliant resources MUST support the MKCOL method.

7.3.1 Request

MKCOL creates a new collection resource at the location specified by the Request-URI. If the resource identified by the Request-URI is non-null then the MKCOL must fail. During MKCOL processing, a server MUST make the Request-URI a member of its parent collection. If no such ancestor exists, the method MUST fail. When the MKCOL operation creates a new collection resource, all ancestors MUST already exist, or the method MUST fail with a 409 Conflict status code. For example, if a request to create collection /a/b/c/d/ is made, and neither /a/b/ nor /a/b/c/ exists, the request MUST fail.

When MKCOL is invoked without a request body, the newly created collection has no members.

A MKCOL request message MAY contain a message body. The behavior of a MKCOL request when the body is present is limited to creating collections, members of a collection, bodies of members and properties on the collections or members. If the server receives a MKCOL request entity type it does not support or understand it MUST respond with a 415 Unsupported Media Type status code. The exact behavior of MKCOL for various request media types is undefined in this document, and will be specified in separate documents.

7.3.2 Response Codes

Responses from a MKCOL request are not cacheable, since MKCOL has non-idempotent semantics.

7.3.3 Example

This example creates a collection called /webdisc/xfiles/ on the server www.server.org.

>>Request

   MKCOL /webdisc/xfiles/ HTTP/1.1
   Host: www.server.org

>>Response

   HTTP/1.1 201 Created

7.4 ADDREF Method

The ADDREF method is used to add external members to a resource. All DAV compliant collection resources MUST support the ADDREF method. All other DAV compliant resources MAY support the ADDREF method as appropriate.

7.4.1 The Request

The ADDREF method adds the URI specified in the Collection-Member header as an external member to the collection specified by the Request-URI.

It is not an error if the URI specified in the Collection-Member header already exists as an external member of the collection. However, after processing the ADDREF there MUST be only one instance of the URI in the collection. If the URI specified in the Collection-Member header already exists as an internal member of the collection, the ADDREF method MUST fail with a 412 Precondition Failed status code.

More than one Collection-Member request header MUST NOT be used with the ADDREF method.

7.4.2 Example

>>Request

   ADDREF /~ejw/dav/ HTTP/1.1
   Host: www.ics.uci.edu
   Collection-Member: http://www.iana.org/standards/dav/

>>Response

   HTTP/1.1 204 No Content

This example adds the URI http://www.iana.org/standards/dav/ as an external member resource of the collection http://www.ics.uci.edu/~ejw/dav/.

7.5 DELREF Method

The DELREF method is used to remove external members from a resource. All DAV compliant collection resources MUST support the DELREF method. All other DAV compliant resources MUST support the DELREF method only if they support the ADDREF method.

7.5.1 The Request

The DELREF method removes the URI specified in the Collection-Member header from the collection specified by the Request-URI.

DELREFing a URI which is not a member of the collection is not an error. DELREFing an internal member MUST fail with a 412 Precondition Failed status code.

More than one Collection-Member request header MUST NOT be used with the DELREF method.

7.5.2 Example

>>Request

   DELREF /~ejw/dav/ HTTP/1.1
   Host: www.ics.udi.edu
   Collection-Member: http://www.iana.org/standards/dav/

>>Response

   HTTP/1.1 204 No Content

This example removes the URI http://www.iana.org/standards/dav/, an external member resource, from the collection http://www.ics.uci.edu/~ejw/dav/.

7.6 GET, HEAD for Collections

The semantics of GET are unchanged when applied to a collection, since GET is defined as, "retrieve whatever information (in the form of an entity) is identified by the Request-URI" [Fielding et al., 1997]. GET when applied to a collection MAY return the contents of an "index.html" resource, a human-readable view of the contents of the collection, or something else altogether. Hence it is possible that the result of a GET on a collection will bear no correlation to the state of the collection.

Similarly, since the definition of HEAD is a GET without a response message body, the semantics of HEAD are unmodified when applied to collection resources.

7.7 POST for Collections

Since by definition the actual function performed by POST is determined by the server and often depends on the particular resource, the behavior of POST when applied to collections cannot be meaningfully modified because it is largely undefined. Thus the semantics of POST are unmodified when applied to a collection.

7.8 DELETE

7.8.1 DELETE for Non-Collection Resources

If the DELETE method is issued to a non-collection resource which is an internal member of a collection, then during DELETE processing a server MUST remove the Request-URI from its parent collection. A server MAY remove the URI of a deleted resource from any collections of which the resource is an external member.

7.8.2 DELETE for Collections

The DELETE method on a collection MUST act as if a Depth = infinity header was used on it. A client MUST NOT submit a Depth header on a DELETE on a collection with any value but infinity.

DELETE instructs that the collection specified in the request-URI, the records of its external member resources, and all its internal member resources, are to be deleted.

If any member cannot be deleted then all of the member's ancestors MUST NOT be deleted, so as to maintain the namespace.

Any headers included with DELETE MUST be applied in processing every resource to be deleted.

When the DELETE method has completed processing it MUST return a consistent namespace. The response SHOULD be a Multi-Status response that describes the result of the DELETE on each affected resource.

7.8.2.1 Example

>>Request

   DELETE  /container/ HTTP/1.1
   Host: www.foo.bar

>>Response

   HTTP/1.1 207 Multi-Status
   Content-Type: text/xml
   Content-Length: xxxxx

   <?xml version="1.0"?>
   <?namespace href="http://www.iana.org/standards/dav/" as="d"?>
   <d:multistatus>
     <d:response>
          <d:href>http://www.foo.bar/container/resource1</d:href>
          <d:href>http://www.foo.bar/container/resource2</d:href>
          <d:status>HTTP/1.1 200 OK</d:status>
     </d:response>
     <d:response>
          <d:href>http://www.foo.bar/container/</d:href>
          <d:status>HTTP/1.1 424 Method Failure</d:status>
     </d:response>
     <d:response>
          <d:href>http://www.foo.bar/container/resource3</d:href>
          <d:status>HTTP/1.1 425 Locked</d:status>
     </d:response>
   </d:multistatus>

In this example the attempt to delete http://www.foo.bar/container/resource3 failed because it is locked, and no lock token was submitted with the request. Consequently, the attempt to delete http://www.foo.bar/container/ also failed, but resource1 and resource2 were deleted. Even though a Depth header has not been included, a depth of infinity is assumed because the method is on a collection. As this example illustrates, DELETE processing need not be atomic.

7.9 PUT

7.9.1 PUT for Non-Collection Resources

A PUT performed on an existing resource replaces the GET response entity of the resource. Properties defined on the resource MAY be recomputed during PUT processing but are not otherwise effected. For example, if a server recognizes the content type of the request body, it may be able to automatically extract information that could be profitably exposed as properties.

A PUT that would result in the creation of a resource without an appropriately scoped parent collection MUST fail with a 409 Conflict.

7.9.2 PUT for Collections

As defined in the HTTP/1.1 specification [Fielding et al., 1997], the "PUT method requests that the enclosed entity be stored under the supplied Request-URI." Since submission of an entity representing a collection would implicitly encode creation and deletion of resources, this specification intentionally does not define a transmission format for creating a collection using PUT. Instead, the MKCOL method is defined to create collections. If a PUT is invoked on a collection resource it MUST fail.

When the PUT operation creates a new non-collection resource all ancestors MUST already exist. If all ancestors do not exist, the method MUST fail with a 409 Conflict status code. For example, if resource /a/b/c/d.html is to be created and /a/b/c/ does not exist, then the request must fail.

7.10 COPY Method

The COPY method creates a duplicate of the source resource, given by the Request-URI, in the destination resource, given by the Destination header. The Destination header MUST be present. The exact behavior of the COPY method depends on the type of the source resource.

Support for the COPY method does not guarantee the ability to copy a resource. For example, separate programs may control resources on the same server. As a result, it may not even be possible to copy a resource to a location that appears to be on the same server.

7.10.1 COPY for HTTP/1.1 resources

When the source resource is not a collection the body of the destination resource MUST be octet-for-octet identical to the body of the source resource. Subsequent alterations to the destination resource will not modify the source resource. Subsequent alterations to the source resource will not modify the destination resource. Thus, all copies are performed "by-value".

All properties on the source resource MUST be duplicated on the destination resource, subject to modifying headers and XML elements, following the definition for copying properties.

7.10.2 COPY for Properties

The following section defines how properties on a resource are handled during a COPY operation.

Live properties SHOULD be duplicated as identically behaving live properties at the destination resource. If a property cannot be copied live, then its value MUST be duplicated, octet-for-octet, in an identically named, dead property on the destination resource.

The propertybehavior XML element can specify that properties are copied on best effort, that all live properties MUST be successfully copied or the method MUST fail, or that a specified list of live properties MUST be successfully copied or the method must fail. The propertybehavior XML element is defined in Section 11.12.

If a property on the source already exists on the destination resource and the Overwrite header is set to "T" then the property at the destination MUST be overwritten with the property from the source. If the Overwrite header is "F" and the previous situation exists, then the COPY MUST fail with a 412 Precondition Failed.

7.10.3 COPY for Collections

The COPY method on a collection without a Depth header MUST act as if a Depth header with value "infinity" was included. A client MAY submit a Depth header on a COPY on a collection with a value of "0" or "infinity". DAV compliant servers MUST support the "0" and "infinity" behaviors.

A COPY of depth infinity instructs that the collection specified in the Request-URI and the records of its external member resources is to be copied to the location specified in the Destination header, and all its internal member resources are to be copied to a location relative to it, recursively through all levels of the collection hierarchy.

A COPY of depth "0" only instructs that the collection, the properties, and the records of its external members, not its internal members, are to be copied.

Any headers included with a COPY are to be applied in processing every resource to be copied.

The exception to this rule is the Destination header. This header only specifies the destination for the Request-URI. When applied to members of the collection specified in the request-URI the value of Destination is to be modified to reflect the current location in the hierarchy. So, if the request-URI is "a" and the destination is "b" then when a/c/d is processed it MUST use a destination of b/c/d.

When the COPY method has completed processing it MUST have created a consistent namespace at the destination. However, if an error occurs while copying an internal member collection, all members of this collection MUST NOT be copied. In this case, after detecting the error, the COPY operation SHOULD try to finish as much of the original copy operation as possible. So, for example, if an infinite depth copy operation is performed on collection /a/, which contains collections /a/b/ and /a/c/, and an error occurs copying /a/b/, an attempt should still be made to copy /a/c/. Similarly, after encountering an error copying a non-collection resource as part of an infinite depth copy, the server SHOULD try to finish as much of the original copy operation as possible.

The response is a Multi-Status status code with an entity body that describes the result of the COPY on each affected resource. The href XML element in the response refers to the resource that was to be copied, not the resource that was created as a result of the copy. In other words, each entry indicates whether the copy on the resource specified in the href XML element succeeded or failed and why.

The exception to this rule is for errors that occurred on the destination. For example, if the destination was locked the response would indicate the destination URL and a 425 Locked error.

7.10.4 Type Interactions

If the destination resource identifies a collection and the Overwrite header is "T", prior to performing the copy the server MUST perform a DELETE operation on the collection.

7.10.5 Status Codes

7.10.6 Overwrite Example

This example shows resource http://www.ics.uci.edu/~fielding/index.html being copied to the location http://www.ics.uci.edu/users/f/fielding/index.html. The 204 No Content status code indicates the existing resource at the destination was overwritten.

>>Request

   COPY /~fielding/index.html HTTP/1.1
   Host: www.ics.uci.edu
   Destination: http://www.ics.uci.edu/users/f/fielding/index.html

>>Response

   HTTP/1.1 204 No Content

7.10.7 No Overwrite Example

The following example shows the same copy operation being performed, except with the Overwrite header set to "F." A response of 412 Precondition Failed is returned because the destination resource has a non-null state.

>>Request

   COPY /~fielding/index.html HTTP/1.1
   Host: www.ics.uci.edu
   Destination: http://www.ics.uci.edu/users/f/fielding/index.html
   Overwrite: F

>>Response

   HTTP/1.1 412 Precondition Failed

7.10.8 Collection Example

>>Request

   COPY /container/ HTTP/1.1
   Host: www.foo.bar
   Destination: http://www.foo.bar/othercontainer/
   Depth: infinity
   Content-Type: text/xml
   Content-Length: xxxxx

   <?xml version="1.0"?>
   <?namespace href="http://www.iana.org/standards/dav/" as="d"?>
   <d:propertybehavior>
     <d:keepalive>*</d:keepalive>
   </d:propertybehavior>

>>Response

   HTTP/1.1 207 Multi-Status
   Content-Type: text/xml
   Content-Length: xxxxx

   <?xml version="1.0"?>
   <?namespace href="http://www.iana.org/standards/dav/" as="d"?>
   <d:multistatus>
     <d:response>
       <d:href>http://www.foo.bar/othercontainer/resource1</d:href>
       <d:href>http://www.foo.bar/othercontainer/resource2</d:href>
       <d:href>http://www.foo.bar/othercontainer/</d:href>
     <d:status>HTTP/1.1 201 Created</d:status>
     </d:response>


  <d:response>
       <d:href>http://www.foo.bar/othercontainer/R2/</d:href>
       <d:href>http://www.foo.bar/othercontainer/R2/D2</d:href>
       <d:status>HTTP/1.1 412 Precondition Failed</d:status>
     </d:response>
   </d:multistatus>

The Depth header is unnecessary as the default behavior of COPY on a collection is to act as if a "Depth: infinity" header had been submitted. In this example most of the resources, along with the collection, were copied successfully. However the collection R2 failed, most likely due to a problem with maintaining the liveness of properties (this is specified by the propertybehavior XML element). Since an error occurred copying R2, R2's member D2 was not copied.

7.11 MOVE Method

The MOVE operation on a non-collection resource is the logical equivalent of a copy (COPY) followed by a delete, where the actions are performed atomically. All DAV compliant resources MUST support the MOVE method.

However, support for the MOVE method does not guarantee the ability to move a resource to a particular destination. For example, separate programs may actually control different sets of resources on the same server. Therefore, it may not even be possible to move a resource within a namespace that appears to belong to the same server.

If a resource exists at the destination, the destination resource will be DELETEd as a side effect of the MOVE operation, subject to the restrictions of the Overwrite header.

7.11.1 MOVE for Collections

A MOVE of depth infinity instructs that the collection specified in the Request-URI, including the records of its external member resources, is to be moved to the location specified in the Destination header, and all its internal member resources are to be moved to locations relative to it, recursively through all levels of the collection hierarchy.

The MOVE method on a collection MUST act as if a Depth "infinity" header was used on it. A client MUST NOT submit a Depth header on a MOVE on a collection with any value but "infinity".

Any headers included with MOVE are to be applied in processing every resource to be moved.

The exception to this rule is the Destination header. The behavior of this header is the same as given for COPY on collections.

When the MOVE method has completed processing it MUST have created a consistent namespace on both the source and destination. However, if an error occurs while moving an internal member collection, all members of the failed collection MUST NOT be moved. In this case, after detecting the error, the move operation SHOULD try to finish as much of the original move as possible. So, for example, if an infinite depth move is performed on collection /a/, which contains collections /a/b/ and /a/c/, and an error occurs moving /a/b/, an attempt should still be made to try moving /a/c/. Similarly, after encountering an error moving a non-collection resource as part of an infinite depth move, the server SHOULD try to finish as much of the original move operation as possible.

As specified in the definition of MOVE, a MOVE of a collection over another collection causes the destination collection and all its members to be deleted.

The response is a Multi-Status response that describes the result of the MOVE on each affected resource. The href XML element in the response refers to the resource that was to be moved, not the resource that was created as a result of the move. In other words, each entry indicates whether the move on the resource specified in the href succeeded or failed and why.

The exception to this rule is for errors that occurred on the destination. For example, if the destination was locked the response would indicate the destination URL and a 425 Locked error.

7.11.2 Status Codes

7.11.3 Non-Collection Example

This example shows resource http://www.ics.uci.edu/~fielding/index.html being moved to the location http://www.ics.uci.edu/users/f/fielding/index.html. The contents of the destination resource would have been overwritten if the destination resource had been non-null. In this case, since there was nothing at the destination resource, the response code is 201 Created.

>>Request

   MOVE /~fielding/index.html HTTP/1.1
   Host: www.ics.uci.edu
   Destination: http://www.ics.uci.edu/users/f/fielding/index.html

>>Response

   HTTP/1.1 201 Created
   Location: http://www.ics.uci.edu/users/f/fielding/index.html

7.11.4 Collection Example

>>Request

   MOVE /container/ HTTP/1.1
   Host: www.foo.bar
   Destination: http://www.foo.bar/othercontainer/
   Overwrite: F
   Lock-Token: <opaquelocktoken:fe184f2e-6eec-41d0-c765-01adc56e6bb4>,
      <opaquelocktoken:e454f3f3-acdc-452a-56c7-00a5c91e4b77>
   Content-Type: text/xml
   Content-Length: xyz
   Authorization: Digest username="rohit",
      realm="rohit@www.foo.bar", nonce="...",
      uri="/container/", response="...",
      opaque="..."

   <?xml version="1.0"?>
   <?namespace href="http://www.iana.org/standards/dav/" as="d"?>
   <d:propertybehavior>
     <d:keepalive>*</d:keepalive>
   </d:propertybehavior>

>>Response

   HTTP/1.1 207 Multi-Status
   Content-Type: text/xml
   Content-Length: zzz

   <?xml version="1.0"?>
   <?namespace href="http://www.iana.org/standards/dav/" as="d"?>
   <d:multistatus>
     <d:response>
       <d:href>http://www.foo.bar/container/resource1</d:href>
       <d:href>http://www.foo.bar/container/resource2</d:href>
       <d:href>http://www.foo.bar/container/</d:href>
       <d:status>HTTP/1.1 204 No Content</d:status>
     </d:response>
     <d:response>
       <d:href>http://www.foo.bar/container/C2/R2</d:href>
       <d:status>HTTP/1.1 424 Method Failure</d:status>
     <d:response>
       <d:href>http://www.foo.bar/othercontainer/C2/</d:href>
       <d:status>HTTP/1.1 425 Locked</d:status>
     </d:response>
   </d:multistatus>

In this example the client has submitted a number of lock tokens with the request. A lock token will need to be submitted for every resource, both source and destination, anywhere in the scope of the method, that is locked. In this case the proper lock token was not submitted for the destination http://www.foo.bar/othercontainer/C2/. This means that the resource /container/C2/ could not be moved. As the attempt to move /container/C2/ failed then the resource /container/C2/R2 MUST also fail since it is a child of /container/C2/.

7.12 LOCK Method

The following sections describe the LOCK method, which is used to take out a lock of any access type. These sections on the LOCK method describe only those semantics that are specific to the LOCK method and are independent of the access type of the lock being requested.

7.12.1 Operation

A LOCK method invocation creates the lock specified by the lockinfo XML element on the Request-URI. Lock method requests SHOULD have a XML request body which contains an owner XML element for this lock request, unless this is a refresh request. The LOCK request MAY have a Timeout header.

A successful response to a lock invocation MUST include Lock-Token and Timeout headers. Clients MUST assume that locks may arbitrarily disappear at any time, regardless of the value given in the Timeout header. The Timeout header only indicates the behavior of the server if "extraordinary" circumstances do not occur. For example, an administrator may remove a lock at any time or the system may crash in such a way that it loses the record of the lock's existence. The response MUST also contain the value of the lockdiscovery property in a prop XML element.

7.12.2 The Effect of Locks on Properties and Collections

The scope of a lock is the entire state of the resource, including its body and associated properties. As a result, a lock on a resource also locks the resource's properties.

For collections, a lock also affects the ability to add or remove members. The nature of the effect depends upon the type of access control involved.

7.12.3 Locking Replicated Resources

Some servers automatically replicate resources across multiple URLs. In such a circumstance the server MAY only accept a lock on one of the URLs if the server can guarantee that the lock will be honored across all the URLs.

7.12.4 Depth and Locking

The Depth header MAY be used with the LOCK method. Values other than 0 or infinity MUST NOT be used with the Depth header.

A Depth header of value 0 means to just lock the resource specified by the request-URI.

If the Depth header is set to infinity then the resource specified in the request-URI along with all its internal members, all the way down the hierarchy, are to be locked. A successful result will return a single lock token which represents all the resources that have been locked. If an UNLOCK is executed on this token, all associated resources are unlocked. If the lock cannot be granted to all resources, a 409 Conflict status code MUST be returned with a response entity body containing a multistatus XML element describing which resource(s) prevented the lock from being granted. Hence, partial success is not an option. Either the entire hierarchy is locked or no resources are locked.

7.12.5 Interaction with other Methods

The interaction of a LOCK with various methods is dependent upon the lock type. However, independent of lock type, a successful DELETE of a resource MUST cause all of its locks to be removed.

7.12.6 Lock Compatibility Table

The table below describes the behavior that occurs when a lock request is made on a resource.

Current lock state/ Lock request	Shared Lock	Exclusive Lock
None	True	True
Shared Lock	True	False
Exclusive Lock	False	False*

Legend: True = lock MAY be granted. False = lock MUST NOT be granted. *=if the principal requesting the lock is the owner of the lock, the lock MUST be regranted.

The current lock state of a resource is given in the leftmost column, and lock requests are listed in the first row. The intersection of a row and column gives the result of a lock request. For example, if a shared lock is held on a resource, and an exclusive lock is requested, the table entry is "false", indicating the lock must not be granted.

If an exclusive or shared lock is re-requested by the principal who owns the lock, the lock MUST be regranted. If the lock is regranted, the same lock token that was previously issued MUST be returned.

7.12.7 Lock Response

A successful lock response MUST contain a Lock-Token response header, a Timeout header and a prop XML element in the response body which contains the value of the lockdiscovery property.

7.12.8 Status Codes

7.12.9 Example - Simple Lock Request

>>Request

   LOCK /workspace/webdav/proposal.doc HTTP/1.1
   Host: webdav.sb.aol.com
   Timeout: Infinite, Second-4100000000
   Content-Type: text/xml
   Content-Length: xyz
   Authorization: Digest username="ejw",
      realm="ejw@webdav.sb.aol.com", nonce="...",
      uri="/workspace/webdav/proposal.doc",
      response="...", opaque="..."

   <?xml version="1.0"?>
   <?namespace href="http://www.iana.org/standards/dav/" as="D"?>
   <D:lockinfo>
     <D:locktype><D:write/></D:locktype>
     <D:lockscope><D:exclusive/></D:lockscope>
     <D:owner>
       <D:href>http://www.ics.uci.edu/~ejw/contact.html</D:href>
     </D:owner>
   </D:lockinfo>

>>Response

   HTTP/1.1 200 OK
   Lock-Token: <opaquelocktoken:e71d4fae-5dec-22d6-fea5-00a0c91e6be4>
   Timeout: Second-604800
   Content-Type: text/xml
   Content-Length: xxxxx

   <?xml version="1.0"?>
   <?namespace href ="http://www.iana.org/standards/dav/" as="D"?>
   <D:prop>
     <D:lockdiscovery>
       <D:activelock>
         <D:locktype><D:write/></D:locktype>
         <D:lockscope><D:exclusive/></D:lockscope>
         <D:owner>
           <D:href>http://www.ics.uci.edu/~ejw/contact.html</D:href>
         </D:owner>
         <D:timeout>Second-604800</D:timeout>
         <D:locktoken>
           <D:href>
     opaquelocktoken:e71d4fae-5dec-22d6-fea5-00a0c91e6be4
           </D:href>
         </D:locktoken>
       </D:activelock>
     </D:lockdiscovery>
   </D:prop>

This example shows the successful creation of an exclusive write lock on resource http://webdav.sb.aol.com/workspace/webdav/proposal.doc. The resource http://www.ics.uci.edu/~ejw/contact.html contains contact information for the owner of the lock. The server has an activity-based timeout policy in place on this resource, which causes the lock to automatically be removed after 1 week (604800 seconds). The response has a Lock-Token header that gives the lock token URL that uniquely identifies the lock created by this lock request. Note that the nonce, response, and opaque fields have not been calculated in the Authorization request header.

7.12.10 Example - Refreshing a Write Lock

>>Request

   LOCK /workspace/webdav/proposal.doc HTTP/1.1
   Host: webdav.sb.aol.com
   Timeout: Infinite, Second-4100000000
   Lock-Token: <opaquelocktoken:e71d4fae-5dec-22d6-fea5-00a0c91e6be4>
   Authorization: Digest username="ejw",
      realm="ejw@webdav.sb.aol.com", nonce="...",
      uri="/workspace/webdav/proposal.doc",
      response="...", opaque="..."

>>Response

   HTTP/1.1 200 OK
   Lock-Token: <opaquelocktoken:e71d4fae-5dec-22d6-fea5-00a0c91e6be4>
   Timeout: Second-604800
   Content-Type: text/xml
   Content-Length: xxxxx

   <?xml version="1.0"?>
   <?namespace href ="http://www.iana.org/standards/dav/" as="D"?>
   <D:prop>
     <D:lockdiscovery>
       <D:activelock>
         <D:locktype><D:write/></D:locktype>
         <D:lockscope><D:exclusive/></D:lockscope>
         <D:owner>
           <D:href>http://www.ics.uci.edu/~ejw/contact.html</D:href>
         </D:owner>
         <D:timeout>Second-604800</D:timeout>
         <D:locktoken>
           <D:href>
     opaquelocktoken:e71d4fae-5dec-22d6-fea5-00a0c91e6be4
           </D:href>
         </D:locktoken>
       </D:activelock>
     </D:lockdiscovery>
   </D:prop>

This request would refresh the lock, resetting any time outs. Notice that the client asked for an infinite time out but the server choose to ignore the request. In this example, the nonce, response, and opaque fields have not been calculated in the Authorization request header.

7.12.11 Example - Multi-Resource Lock Request

>>Request

   LOCK /webdav/ HTTP/1.1
   Host: webdav.sb.aol.com
   Timeout: Infinite, Second-4100000000
   Depth: infinity
   Authorization: Digest username="ejw",
      realm="ejw@webdav.sb.aol.com", nonce="...",
      uri="/workspace/webdav/proposal.doc",
      response="...", opaque="..."

   <?xml version="1.0"?>
   <?namespace href="http://www.iana.org/standards/dav/" as="D"?>
   <D:lockinfo>
     <D:locktype><D:write/></D:locktype>
     <D:lockscope><D:exclusive/></D:lockscope>
     <D:owner>
       <D:href>http://www.ics.uci.edu/~ejw/contact.html</D:href>
     </D:owner>
   </D:lockinfo>

>>Response

   HTTP/1.1 207 Multistatus
   Content-Type: text/xml
   Content-Length: xxxxx

   <?xml version="1.0"?>
   <?namespace href="http://www.iana.org/standards/dav/" as="D"?>
   <D:multistatus>
     <D:response>
          <D:href>http://webdav.sb.aol.com/webdav/proposal.doc</D:href>
          <D:href>http://webdav.sb.aol.com/webdav/</D:href>
          <D:status>HTTP/1.1 424 Method Failure</D:status>
     </D:response>
     <D:response>
          <D:href>http://webdav.sb.aol.com/webdav/secret</D:href>
          <D:status>HTTP/1.1 403 Forbidden</D:status>
     </D:response>
   </D:multistatus>

This example shows a request for an exclusive write lock on a collection and all its children. In this request, the client has specified that it desires an infinite length lock, if available, otherwise a timeout of 4.1 billion seconds, if available. The request entity body contains the contact information for the principal taking out the lock, in this case a web page URL.

The 424 Method Failure indicates that a lock was not taken out on these resources due to an error elsewhere. Note that this does not mean that a lock would have succeeded on these resources had the other error not occurred. It only means that another error has occurred and so the entire method has been aborted. The error is a 403 Forbidden response on the resource http://webdav.sb.aol.com/webdav/secret. Because this resource could not be locked, none of the resources were locked.

In this example, the nonce, response, and opaque fields have not been calculated in the Authorization request header.

7.13 UNLOCK Method

The UNLOCK method removes the lock identified by the lock token in the Lock-Token header from the Request-URI, and all other resources included in the lock.

Any DAV compliant resource which supports the LOCK method MUST support the UNLOCK method.

7.13.1 Example

>>Request

   UNLOCK /workspace/webdav/info.doc HTTP/1.1
   Host: webdav.sb.aol.com
   Lock-Token:<opaquelocktoken:a515cfa4-5da4-22e1-f5b5-00a0451e6bf7>
   Authorization: Digest username="ejw",
      realm="ejw@webdav.sb.aol.com", nonce="...",
      uri="/workspace/webdav/proposal.doc",
      response="...", opaque="..."

>>Response

   HTTP/1.1 204 No Content

In this example, the lock identified by the lock token "opaquelocktoken:a515cfa4-5da4-22e1-f5b5-00a0451e6bf7" is successfully removed from the resource http://webdav.sb.aol.com/workspace/webdav/info.doc. If this lock included more than just one resource, the lock is removed from all resources included in the lock. The 204 status code is used instead of 200 OK because there is no response entity body.

In this example, the nonce, response, and opaque fields have not been calculated in the Authorization request header.

8 HTTP Headers for Distributed Authoring

8.1 Collection-Member Header

   CollectionMember = "Collection-Member" ":" absoluteURI   ;
   absoluteURI is defined in section 3.2.1 of [Fielding et al., 1997]

The Collection-Member header specifies the URI of an external resource to be added/deleted to/from a collection.

8.2 DAV Header

   DAV = "DAV" ":" ["1"] [",2"] ["," 1#extend]

This header indicates that the resource supports the DAV schema and protocol as specified. All DAV compliant resources MUST return the DAV header on all OPTIONS responses.

The value is a list of all compliance classes that the resource supports. Note that above a comma has already been added to the 2. This is because a resource can not be level 2 compliant unless it is also level 1 compliant. Please refer to Section 13 for more details. In general, however, support for one compliance class does not entail support for any other.

8.3 Depth Header

   Depth = "Depth" ":" ("0" | "1" | "infinity")

The Depth header is used with methods executed on resources which could potentially have internal members to indicate whether the method is to be applied only to the resource (Depth = 0), to the resource and its immediate children, (Depth = 1), or the resource and all its progeny (Depth = infinity).

The Depth header is only supported if a method's definition explicitly provides for such support.

The following rules are the default behavior for any method that supports the Depth header. A method MAY override these defaults by defining different behavior in its definition.

Methods which support the Depth header MAY choose not to support all of the header's values and MAY define, on a case by case basis, the behavior of the method if a Depth header is not present. For example, the MOVE method only supports Depth = infinity and if a Depth header is not present will act as if a Depth = infinity header had been applied.

Clients MUST NOT rely upon methods executing on members of their hierarchies in any particular order or on the execution being atomic. Note that methods MAY provide guarantees on ordering and atomicity.

Upon execution, a method with a Depth header will perform as much of its assigned task as possible and then return a response specifying what it was able to accomplish and what it failed to do.

So, for example, an attempt to COPY a hierarchy may result in some of the members being copied and some not.

Any headers on a method with a Depth header MUST be applied to all resources in the scope of the method. For example, an If-Match header will have its value applied against every resource in the method's scope and will cause the method to fail if the header fails to match.

If a resource, source or destination, within the scope of the method is locked in such a way as to prevent the successful execution of the method, then the lock token for that resource MUST be submitted with the request in the Lock-Token request header.

The Depth header only specifies the behavior of the method with regards to internal children. If a resource does not have internal children then the Depth header is ignored.

Please note, however, that it is always an error to submit a value for the Depth header that is not allowed by the method's definition. Thus submitting a "Depth: 1" on a COPY, even if the resource does not have internal members, MUST result in a 400 Bad Request. The method should fail not because the resource doesn't have internal members, but because of the illegal value in the header.

8.4 Destination Header

   Destination = "Destination" ":" URI

The Destination header specifies a destination resource for methods such as COPY and MOVE, which take two URIs as parameters.

8.5 If-None-State-Match

   If-None-State-Match = "If-None-State-Match" ":" 1#Coded-URL
   Coded-URL = "<" URI ">"

The If-None-State-Match header is intended to have similar functionality to the If-None-Match header defined in section 14.26 of [Fielding et al., 1997]. However the If-None-State-Match header is intended for use with any URI which represents state information about a resource, referred to as a state token. A typical example is a lock token.

If any of the state tokens identifies the current state of the resource, the server MUST NOT perform the requested method. Instead, if the request method was GET, HEAD, or PROPFIND, the server SHOULD respond with a 304 Not Modified response, including the cache-related entity-header fields (particularly ETag) of the current state of the resource. For all other request methods, the server MUST respond with a status of 412 Precondition Failed.

If none of the state tokens identifies the current state of the resource, the server MAY perform the requested method.

If any of the tokens is not recognized, the method MUST fail with a 412 Precondition Failed.

Note that the "AND" and "OR" keywords specified with the If-State-Match header are intentionally not defined for If-None-State-Match, because this functionality is not required.

8.6 If-State-Match

   If-State-Match = "If-State-Match" ":" ("AND" | "OR") 1#Coded-URL

The If-State-Match header is intended to have similar functionality to the If-Match header defined in section 14.25 of [Fielding et al., 1997]. However the If-State-Match header is intended for use with any URI which represents state information about a resource. A typical example is a lock token.

If the AND keyword is used and all of the state tokens identify the state of the resource, then the server MAY perform the requested method. If the OR keyword is used and any of the state tokens identifies the current state of the resource, then the server MAY perform the requested method. If the keyword requirement for the keyword used is not met, the server MUST NOT perform the requested method, and MUST return a 412 Precondition Failed response.

If any of the tokens is not recognized, the method MUST fail with a 412 Precondition Failed.

8.7 Lock-Token Request Header

   Lock-Token = "Lock-Token" ":" 1#Coded-URL

The Lock-Token request header, containing a lock token owned by the requesting principal, is used by the principal to indicate that the principal is aware of the existence of the lock specified by the lock token.

If the following conditions are met:

1) The method is restricted by a lock type that requires the submission of a lock token, such as a write lock, 2) The user-agent has authenticated itself as a given principal, 3) The user-agent is submitting a method request to a resource on which the principal owns a write lock,

Then:

1) The method request MUST include a Lock-Token header with the lock token, or, 2) The method MUST fail with a 409 Conflict status code.

If multiple resources are involved with a method, such as the MOVE method, then the lock tokens, if any, for all affected resources, MUST be included in the Lock-Token request header.

For example, Program A, used by user A, takes out a write lock on a resource. Program A then makes a number of PUT requests on the locked resource. All the requests contain a Lock-Token request header that includes the write lock token. Program B, also run by User A, then proceeds to perform a PUT to the locked resource. However, program B was not aware of the existence of the lock and so does not include the appropriate Lock-Token request header. The method is rejected even though principal A is authorized to perform the PUT. Program B can, if it so chooses, now perform lock discovery and obtain the lock token. Note that programs A and B can perform GETs without using the Lock-Token header because the ability to perform a GET is not affected by a write lock.

Having a lock token provides no special access rights. Anyone can find out anyone else's lock token by performing lock discovery. Locks are to be enforced based upon whatever authentication mechanism is used by the server, not based on the secrecy of the token values.

8.8 Lock-Token Response Header

   Lock-Token = "Lock-Token" ":" 1#Coded-URL

If a resource is successfully locked then a Lock-Token header will be returned containing the lock token that represents the lock. If multiple lock-tokens are returned then they MUST all refer to the same lock. As the lock tokens all refer to the same lock a client need only record one of them.

8.9 Overwrite Header

   Overwrite = "Overwrite" ":" ("T" | "F")

The Overwrite header specifies whether the server should overwrite the state of a non-null destination resource during a COPY or MOVE. A value of "F" states that the server MUST NOT perform the COPY or MOVE operation if the state of the destination resource is non-null. By default, the value of Overwrite is "T" and a client MAY omit this header from a request when its value is "T". While the Overwrite header appears to duplicate the functionality of the If-Match: * header of HTTP/1.1, If-Match applies only to the Request-URI, and not to the Destination of a COPY or MOVE.

If a COPY or MOVE is not performed due to the value of the Overwrite header, the method MUST fail with a 409 Conflict status code.

8.10 Status-URI Response Header

The Status-URI response header MAY be used with the 102 Processing status code to inform the client as to the status of a method.

   Status-URI = "Status-URI" ":" *(Status-Code "<" URI ">") ; Status-Code is defined in 6.1.1 of [Fielding et al., 1997]

The URIs listed in the header are source resources which have been affected by the outstanding method. The status code indicates the resolution of the method on the identified resource. So, for example, if a MOVE method on a collection is outstanding and a 102 "Processing" response with a Status-URI response header is returned, the included URIs will indicate resources that have had move attempted on them and what the result was.

8.11 Timeout Header

   TimeOut = "Timeout" ":" 1#TimeType
   TimeType = ("Second-" DAVTimeOutVal | "Infinite" | Other)
   DAVTimeOutVal = 1*digit
   Other = Extend field-value   ; See section 4.2 of [Fielding et al.,
   1997]

Clients MAY include Timeout headers in their LOCK requests. However, the server is not required to honor or even consider these requests. Clients MUST NOT submit a Timeout request header with any method other than a LOCK method.

A Timeout request header MUST contain at least one TimeType and MAY contain multiple TimeType entries. The purpose of listing multiple TimeType entries is to indicate multiple different values and value types that are acceptable to the client. The client lists the TimeType entries in order of preference.

The Timeout response header MUST use a Second value, Infinite, or a TimeType the client has indicated familiarity with. The server MAY assume a client is familiar with any TimeType submitted in a Timeout header.

The "Second" TimeType specifies the number of seconds that MUST elapse between granting of the lock at the server, and the automatic removal of the lock. A server MUST not generate a timeout value for "Second" greater than 2^32-1.

The timeout counter SHOULD be restarted any time an owner of the lock sends a method to any member of the lock, including unsupported methods, or methods which are unsuccessful. However the lock MUST be refreshed if a refresh LOCK method is successfully received.

If the timeout expires then the lock is lost. Specifically the server SHOULD act as if an UNLOCK method was executed by the server on the resource using the lock token of the timed-out lock, performed with its override authority. Thus logs should be updated with the disposition of the lock, notifications should be sent, etc., just as they would be for an UNLOCK request.

Servers are advised to pay close attention to the values submitted by clients, as they will be indicative of the type of activity the client intends to perform. For example, an applet running in a browser may need to lock a resource, but because of the instability of the environment within which the applet is running, the applet may be turned off without warning. As a result, the applet is likely to ask for a relatively small timeout value so that if the applet dies, the lock can be quickly harvested. However, a document management system is likely to ask for an extremely long timeout because its user may be planning on going off-line.

9 Status Code Extensions to HTTP/1.1

The following status codes are added to those defined in HTTP/1.1 [Fielding et al., 1997].

9.1 102 Processing

Methods can potentially take a long period of time to process, especially methods that support the Depth header. In such cases the client may time-out the connection while waiting for a response. To prevent this the server MAY return a 102 status code to indicate to the client that the server is still processing the method.

If a method is taking longer than 20 seconds (a reasonable, but arbitrary value) to process the server SHOULD return a 102 "Processing" response.

9.2 207 Multi-Status

The response provides status for multiple independent operations.

9.3 422 Unprocessable Entity

The server understands the content type of the request entity, but was unable to process the contained instructions.

9.4 423 Insufficient Space on Resource

The resource does not have sufficient space to record the state of the resource after the execution of this method.

9.5 424 Method Failure

The method was not executed on a particular resource within its scope because some part of the method's execution failed causing the entire method to be aborted. For example, if a resource could not be moved as part of a MOVE method, all the other resources would fail with a 424 Method Failure.

9.6 425 Locked

The source or destination resource of a method is locked, and either the request did not contain a valid Lock-Token header, or the lock token in the Lock-Token header identifies a lock held by another principal.

10 Multi-Status Response

The default 207 Multi-Status response body is a text/xml HTTP entity that contains a single XML element called multistatus, which contains a set of XML elements called response, one for each 200, 300, 400, and 500 series status code generated during the method invocation. 100 series status codes MUST NOT be recorded in a response XML element.

11 XML Element Definitions

In the section below, the final line of each section gives the element type declaration using the format defined in [Bray, Paoli, Sperberg-McQueen, 1998]. The "Value" field, where present, specifies futher restrictions on the allowable contents of the XML element using BNF (i.e., to further restrict the values of a PCDATA element).

11.1 activelock XML Element

   <!ELEMENT activelock (locktype, lockscope, depth?, owner, timeout,
   locktoken) >

11.1.1 depth XML Element

   <!ELEMENT depth (#PCDATA) >

11.1.2 locktoken XML Element

   <!ELEMENT locktoken (href) >

11.1.3 timeout XML Element

   <!ELEMENT timeout (#PCDATA) >

11.2 collection XML Element

   <!ELEMENT collection EMPTY >

11.3 href XML Element

   <!ELEMENT href (#PCDATA)>

11.4 link XML Element

   <!ELEMENT link (src+, dst+) >

11.4.1 dst XML Element

   <!ELEMENT dst (#PCDATA) >

11.4.2 src XML Element

   <!ELEMENT src (#PCDATA) >

11.5 lockentry XML Element

   <!ELEMENT lockentry (lockscope, locktype) >

11.6 lockinfo XML Element

   <!ELEMENT lockinfo (lockscope, locktype, owner?) >

11.7 lockscope XML Element

   <!ELEMENT lockscope (exclusive | shared) >

11.7.1 exclusive XML Element

   <!ELEMENT exclusive EMPTY >

11.7.2 shared XML Element

   <!ELEMENT shared EMPTY >

11.8 locktype XML Element

   <!ELEMENT locktype (write) >

11.8.1 write XML Element

   <!ELEMENT write EMPTY >

11.9 multistatus XML Element

   <!ELEMENT multistatus (response+, responsedescription?) >

11.9.1 response XML Element

   <!ELEMENT response (href, ((href*, status)|(propstat+)),
   responsedescription?) >

11.9.1.1 propstat XML Element

   <!ELEMENT propstat (prop, status) >

11.9.1.2 status XML Element

   <!ELEMENT status (#PCDATA) >

11.9.2 responsedescription XML Element

   <!ELEMENT responsedescription (#PCDATA) >

11.10 owner XML Element

   <!ELEMENT owner (#PCDATA, ANY)* >

11.11 prop XML element

   <!ELEMENT prop ANY>

11.12 propertybehavior XML element

   <!ELEMENT propertybehavior (omit | keepalive) >

11.12.1 keepalive XML element

   <!ELEMENT keepalive (#PCDATA | href+) >

11.12.2 omit XML element

   <!ELEMENT omit EMPTY >

11.13 propertyupdate XML element

   <!ELEMENT propertyupdate (remove | set)+ >

11.13.1 remove XML element

   <!ELEMENT remove (prop) >

11.13.2 set XML element

   <!ELEMENT set (prop) >

11.14 propfind XML Element

   <!ELEMENT propfind (allprop | propname | href+) >

11.14.1 allprop XML Element

   <!ELEMENT allprop EMPTY >

11.14.2 propname XML Element

   <!ELEMENT propname EMPTY >

12 DAV Properties

For DAV properties, the name of the property is also the same as the name of the XML element which contains its value. In the section below, the final line of each section gives the element type declaration using the format defined in [Bray, Paoli, Sperberg-McQueen, 1998]. The "Value" field, where present, specifies futher restrictions on the allowable contents of the XML element using BNF (i.e., to further restrict the values of a PCDATA element).

12.1 creationdate Property

   <!ELEMENT creationdate (#PCDATA) >

12.2 displayname Property

   <!ELEMENT displayname (#PCDATA) >

12.3 externalmembers Property

   <!ELEMENT externalmembers (href*) >

12.4 getcontentlanguage Property

   <!ELEMENT getcontentlanguage (#PCDATA) >

12.5 getcontentlength Property

   <!ELEMENT getcontentlength (#PCDATA) >

12.6 getcontenttype Property

   <!ELEMENT getcontenttype (#PCDATA) >

12.7 getetag Property

   <!ELEMENT getetag (#PCDATA) >

12.8 getlastmodified Property

   <!ELEMENT getlastmodified (#PCDATA) >

12.9 lockdiscovery Property

   <!ELEMENT lockdiscovery (activelock)* >

12.9.1 Example

>>Request

   PROPFIND /container/ HTTP/1.1
   Host: www.foo.bar
   Content-Length: xxxx
   Content-Type: text/xml

   <?xml version="1.0"?>
   <?namespace href="http://www.iana.org/standards/dav/" as="D"?>
   <D:propfind>
     <D:prop><lockdiscovery/></D:prop>
   </D:propfind>

>>Response

HTTP/1.1 207 Multi-Status
   Content-Type: text/xml
   Content-Length: xxxxx
   <?xml version="1.0"?>
   <?namespace href ="http://www.iana.org/standards/dav/" as="D"?>
   <D:multistatus>
     <D:response>
       <D:propstat>
          <D:prop>
            <D:lockdiscovery>
              <D:activelock>
                <D:locktype>write</D:locktype>
                <D:lockscope>exclusive</D:lockscope>
                <D:Depth>0</D:Depth>
                <D:owner>Jane Smith</D:owner>
                <D:timeout>Infinite</D:timeout>
                <D:locktoken>
                    <D:href>
                  opaquelocktoken:f81de2ad-7f3d-a1b2-4f3c-00a0c91a9d76
                    </D:href>
                </D:locktoken>
              </D:activelock>
            </D:lockdiscovery>
          </D:prop>
          <D:status>HTTP/1.1 200 OK</D:status>
       </D:propstat>
     </D:response>
   </D:multistatus>

This resource has a single exclusive write lock on it, with an infinite timeout. Note that the Depth element could have been omitted as 0 is the default value of Depth.

12.10 resourcetype Property

   <!ELEMENT resourcetype ANY >

12.11 source Property

   <!ELEMENT source (link)* >

12.11.1 Example

   <?xml version="1.0"?>
   <?namespace href="http://www.iana.org/standards/dav/" as="D"?>
   <?namespace href="http://www.foocorp.com/Project/" as="F"?>
   <D:prop>
     <D:source>
          <D:link>
               <F:projfiles>Source</F:projfiles>
               <D:src>http://foo.bar/program</D:src>
               <D:dst>http://foo.bar/src/main.c</D:dst>
          </D:link>
          <D:link>
               <F:projfiles>Library</F:projfiles>
               <D:src>http://foo.bar/program</D:src>
               <D:dst>http://foo.bar/src/main.lib</D:dst>
          </D:link>
          <D:link>
               <F:projfiles>Makefile</F:projfiles>
               <D:src>http://foo.bar/program</D:src>
               <D:dst>http://foo.bar/src/makefile</D:dst>
          </D:link>
     </D:source>
   </D:prop>

In this example the resource http://foo.bar/program has a source property that contains three links. Each link contains three elements, two of which, src and dst, are part of the DAV schema defined in this document, and one which is defined by the schema http://www.foocorp.com/project/ (Source, Library, and Makefile). A client which only implements the elements in the DAV spec will not understand the foocorp elements and will ignore them, thus seeing the expected source and destination links. An enhanced client may know about the foocorp elements and be able to present the user with additional information about the links. This example demonstrates the power of XML markup, allowing element values to be enhanced without breaking older clients.

12.12 supportedlock Property

   <!ELEMENT supportedlock (lockentry)* >

12.12.1 Example

>>Request

   PROPFIND  /container/ HTTP/1.1
   Host: www.foo.bar
   Content-Length: xxxx
   Content-Type: text/xml

   <?xml version="1.0"?>
   <?namespace href="http://www.iana.org/standards/dav/" as="D"?>
   <D:propfind>
     <D:prop><supportedlock/></D:prop>
   </D:propfind>

>>Response

HTTP/1.1 207 Multi-Status
   Content-Type: text/xml
   Content-Length: xxxxx

   <?xml version="1.0"?>
   <?namespace href ="http://www.iana.org/standards/dav/" as="D"?>
   <D:multistatus>
     <D:response>
       <D:propstat>
         <D:prop>
           <D:supportedlock>
             <D:LockEntry>
               <D:locktype><D:Write/></D:locktype>
               <D:lockscope><D:Exclusive/></D:lockscope>
             </D:LockEntry>
             <D:LockEntry>
               <D:locktype><D:Write/></D:locktype>
               <D:lockscope><D:Shared/></D:lockscope>
             </D:LockEntry>
           </D:supportedlock>
         </D:prop>
         <D:status>HTTP/1.1 200 OK</D:status>
       </D:propstat>
     </D:response>
   </D:multistatus>

13 DAV Compliance Classes

A DAV compliant resource can choose from two classes of compliance. A client can discover the compliance classes of a resource by executing OPTIONS on the resource, and examining the "DAV" header which is returned.

Since this document describes extensions to the HTTP/1.1 protocol, minimally all DAV compliant resources, clients, and proxies MUST be compliant with [Fielding et al., 1997].

Compliance classes are not necessarily sequential. A resource that is class 2 compliant MUST also be class 1 compliant; but if additional compliance classes are defined later, a resource that is class 1, 2, and 4 compliant might not be class 3 compliant.

13.1 Class 1

A class 1 compliant resource MUST meet all "MUST" requirements in all sections of this document.

Class 1 compliant resources MUST return, at minimum, the value "1" in the DAV header on all responses to the OPTIONS method.

13.2 Class 2

A class 2 compliant resource MUST meet all class 1 requirements and support the supportedlock property as well as the LOCK method. It MUST also support the lockdiscovery property, since Section 12.9 specifies that the LOCK method MUST also support the lockdiscovery property.

Class 2 compliant resources MUST return, at minimum, the value "2" in the DAV header on all responses to the OPTIONS method.

14 Internationalization Considerations

In the realm of internationalization, this specification complies with the IETF Character Set Policy [Alvestrand, 1998]. In this specification, human-readable fields can be found either in the value of a property, or in an error message returned in a response entity body. In both cases, the human-readable content is encoded using XML, which has explicit provisions for character set tagging and encoding, and requires that XML processors read XML elements encoded using the UTF-8 and UCS-2 encodings of the ISO 10646 basic multilingual plane. Furthermore, XML contains provisions for encoding XML elements using other encoding schemes, notable among them UCS-4, which permits encoding of characters from any ISO 10646 character plane.

The default character set encoding for XML data in this specification, and in general, is UTF-8. WebDAV compliant applications MUST support the UTF-8 and UCS-2 character set encodings for XML elements, and SHOULD support the UCS-4 encoding. The XML character set encoding declaration for each supported character set MUST also be supported, since it is by using this encoding declaration that an XML processor determines the encoding of an element.

XML also provides a language tagging capability for specifying the language of the contents of a particular XML element. XML uses either IANA registered language tags (see RFC 1766, [Alvestrand, 1995]) or ISO 639 language tags [ISO-639] in the "xml:lang" attribute of an XML element to identify the language its content and attributes.

Names used within this specification fall into three categories: names of protocol elements such as methods and headers, names of XML elements, and names of properties. Naming of protocol elements follows the precedent of HTTP, using English names encoded in USASCII for methods and headers. Since these protocol elements are not visible to users, and are in fact simply long token identifiers, they do not need to support encoding in multiple character sets. Similarly, though the names of XML elements used in this specification are English names encoded in UTF-8, these names are not visible to the user, and hence do not need to support multiple character set encodings.

The name of a property defined on a resource is a URI. Although some applications (e.g., a generic property viewer) will display property URIs directly to their users, it is expected that the typical application will use a fixed set of properties, and will provide a mapping from the property name URI to a human-readable field when displaying the property name to a user. It is only in the case where the set of properties is not known ahead of time that an application need display a property name URI to a user. We recommend that applications provide human-readable property names wherever feasible.

For error reporting, we follow the convention of HTTP/1.1 status codes, including with each status code a short, English description of the code (e.g., 425 Locked). While the possibility exists that a poorly crafted user agent would display this message to a user, internationalized applications will ignore this message, and display an appropriate message in the user's language and character set.

Since interoperation of clients and servers does not require locale information, this specification does not specify any mechanism for transmission of this information.

15 Security Considerations

This section is provided to detail issues concerning security implications of which WebDAV applications need to be aware.

All of the security considerations of HTTP/1.1 also apply to WebDAV. In addition, the security risks inherent in remote authoring require stronger authentication technology, and introduce several new privacy concerns, and may increase the hazards from poor server design. These issues are detailed below.

15.1 Authentication of Clients

Due to their emphasis on authoring, WebDAV servers need to use authentication technology to protect not just access to a network resource, but the integrity of the resource as well. Furthermore, the introduction of locking functionality requires support for authentication.

A password sent in the clear over an insecure channel is an inadequate means for protecting the accessibility and integrity of a resource as the password may be intercepted. Since Basic authentication for HTTP/1.1 performs essentially clear text transmission of a password, Basic authentication MUST NOT be used to authenticate a WebDAV client to a server unless the connection is secure. Furthermore, a WebDAV server MUST NOT send Basic authentication credentials in a WWW-Authenticate header unless the connection is secure. Examples of secure connections include a Transport Layer Security (TLS) connection, or a connection over a network which is physically secure, for example, an isolated network in a building with restricted access.

WebDAV applications MUST support the Digest authentication scheme [Franks, et al., 1997]. Since Digest authentication verifies that both parties to a communication know a shared secret, a password, without having to send that secret in the clear, Digest authentication avoids the security problems inherent in Basic authentication while providing a level of authentication which is useful in a wide range of scenarios.

15.2 Denial of Service

Denial of service attacks are of special concern to WebDAV servers. WebDAV plus HTTP enables denial of service attacks on every part of a system's resources.

The underlying storage can be attacked by PUTting extremely large files.

Asking for recursive operations on large collections can attack processing time.

Making multiple pipelined requests on multiple connections can attack network connections.

WebDAV servers need to be aware of the possibility of a denial of service attack at all levels.

15.3 Security through Obscurity

WebDAV provides, through the PROPFIND method, a mechanism for listing the member resources of a collection. This greatly diminishes the effectiveness of security or privacy techniques which rely only on the difficulty of discovering the names of network resources. Users of WebDAV servers are encouraged to use access control techniques to prevent unwanted access to resources, rather than depending on the relative obscurity of their resource names.

15.4 Privacy Issues Connected to Locks

When submitting a lock request a user agent may also submit an owner XML field giving contact information for the person taking out the lock (for those cases where a person, rather than a robot, is taking out the lock). This contact information is stored in a lockdiscovery property on the resource, and can be used by other collaborators to begin negotiation over access to the resource. However, in many cases this contact information can be very private, and should not be widely disseminated. Servers SHOULD limit read access to the lockdiscovery property as appropriate. Furthermore, user agents SHOULD provide control over whether contact information is sent at all, and if contact information is sent, control over exactly what information is sent.

15.5 Privacy Issues Connected to Properties

Since property values are typically used to hold information such as the author of a document, there is the possibility that privacy concerns could arise stemming from widespread access to a resource's property data. To reduce the risk of inadvertent release of private information via properties, servers are encouraged to develop access control mechanisms that separate read access to the resource body and read access to the resource's properties. This allows a user to control the dissemination of their property data without overly restricting access to the resource's contents.

15.6 Reduction of Security due to Source Link

HTTP/1.1 warns against providing read access to script code because it may contain sensitive information. Yet WebDAV, via its source link facility, can potentially provide a URL for script resources so they may be authored. For HTTP/1.1, a server could reasonably prevent access to source resources due to the predominance of read-only access. WebDAV, with its emphasis on authoring, encourages read and write access to source resources, and provides the source link facility to identify the source. This reduces the security benefits of eliminating access to source resources. Users and administrators of WebDAV servers should be very cautious when allowing remote authoring of scripts, limiting read and write access to the source resources to authorized principals.

16 IANA Considerations

This document defines two namespaces, the namespace of property names, and the namespace of WebDAV-specific XML elements used within property values.

URLs are used for both names, for several reasons. Assignment of a URL does not require a request to a central naming authority, and hence allow WebDAV property names and XML elements to be quickly defined by any WebDAV user or application. URLs also provide a unique address space, ensuring that the distributed users of WebDAV will not have collisions among the property names and XML elements they create.

This specification defines a distinguished set of property names and XML elements which are understood by all WebDAV applications. The property names and XML elements in this specification are all derived from the base URL: http://www.iana.org/standards/dav/ by adding a suffix to this URL, for example, http://www.iana.org/standards/dav/creationdate for the "creationdate" property.

To ensure correct interoperation of this specification, IANA MUST reserve the URL namespace starting with http://www.iana.org/standards/dav/ for use by this specification, its revisions, and related WebDAV specifications.

17 Terminology

Collection - A resource that contains member resources.

Member Resource - A resource contained by a collection. There are two types of member resources: external and internal.

Internal Member Resource - A member resource of a collection whose URI is relative to the URI of the collection.

External Member Resource - A member resource of a collection with an absolute URI that is not relative to its parent's URI.

Property - A name/value pair that contains descriptive information about a resource.

Live Property - A property whose semantics and syntax are enforced by the server. For example, a live "content-length" property would have its value, the length of the entity returned by a GET request, automatically calculated by the server.

Dead Property - A property whose semantics and syntax are not enforced by the server. The server only records the value of a dead property; the client is responsible for maintaining the consistency of the syntax and semantics of a dead property.

18 Copyright

The following copyright notice is copied from RFC 2026 [Bradner, 1996], Section 10.4, and describes the applicable copyright for this document.

Copyright (C) The Internet Society January 18, 1998. All Rights Reserved.

This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.

The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees.

This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

19 Intellectual Property

The following notice is copied from RFC 2026 [Bradner, 1996], Section 10.4, and describes the position of the IETF concerning intellectual property claims made against this document.

The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use other technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat.

The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director.

20 Acknowledgements

A specification such as this thrives on piercing critical review and withers from apathetic neglect. The authors gratefully acknowledge the contributions of the following people, whose insights were so valuable at every stage of our work.

Terry Allen, Harald Alvestrand, Alan Babich, Dylan Barrell, Bernard Chester, Tim Berners-Lee, Dan Connolly, Jim Cunningham, Ron Daniel, Jr., Jim Davis, Keith Dawson, Mark Day, Brian Deen, Martin Duerst, David Durand, Lee Farrell, Chuck Fay, Roy Fielding, Mark Fisher, Alan Freier, George Florentine, Jim Gettys, Phill Hallam-Baker, Dennis Hamilton, Steve Henning, Alex Hopmann, Andre van der Hoek, Ben Laurie, Paul Leach, Ora Lassila, Karen MacArthur, Steven Martin, Larry Masinter, Michael Mealling, Keith Moore, Henrik Nielsen, Kenji Ota, Bob Parker, Glenn Peterson, Jon Radoff, Saveen Reddy, Henry Sanders, Christopher Seiwald, Judith Slein, Mike Spreitzer, Einar Stefferud, Ralph Swick, Kenji Takahashi, Richard N. Taylor, Robert Thau, John Turner, Sankar Virdhagriswaran, Fabio Vitali, Gregory Woodhouse, and Lauren Wood.

Two from this list deserve special mention. The contributions by Larry Masinter have been invaluable, both in helping the formation of the working group and in patiently coaching the authors along the way. In so many ways he has set high standards we have toiled to meet. The contributions of Judith Slein in clarifying the requirements, and in patiently reviewing draft after draft, both improved this specification and expanded our minds on document management.

We would also like to thank John Turner for developing the XML DTD.

21 References

[Alvestrand, 1995] H. T. Alvestrand, "Tags for the Identification of Languages." RFC 1766. Uninett. March, 1995.

[Alvestrand, 1998] H. T. Alvestrand, "IETF Policy on Character Sets and Languages." RFC XXXX, BCP YY. Maxware. January, 1998.

[Bradner, 1996] S. Bradner, "The Internet Standards Process -Revision 3." RFC 2026, BCP 9. Harvard University. October, 1996.

[Bradner, 1997] S. Bradner, "Key words for use in RFCs to Indicate Requirement Levels." RFC 2119, BCP 14. Harvard University. March, 1997.

[Bray, Paoli, Sperberg-McQueen, 1998] T. Bray, J. Paoli, C. M. Sperberg-McQueen, "Extensible Markup Language (XML)." World Wide Web Consortium Recommendation REC-XML-ZZZZ. http://www.w3.org/TR/PR-xml-971208.

[Fielding et al., 1997] R. Fielding, J. Gettys, J. Mogul, H. Frystyk, T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1." RFC 2068. U.C. Irvine, DEC, MIT/LCS. January, 1997.

[ISO-639] ISO (International Organization for Standardization). ISO 639:1988. "Code for the representation of names of languages."

[ISO-8601] ISO (International Organization for Standardization). ISO 8601:1988. "Data elements and interchange formats - Information interchange - Representation of dates and times."

[Lasher, Cohen, 1995] R. Lasher, D. Cohen, "A Format for Bibliographic Records," RFC 1807. Stanford, Myricom. June, 1995.

[Leach, Salz, 1997] P. J. Leach, R. Salz, "UUIDs and GUIDs." Internet-draft (expired), work-in-progress, February, 1997. http://www.internic.net/internet-drafts/draft-leach-uuids-guids-00.txt

[MARC, 1994] Network Development and MARC Standards, Office, ed. 1994. "USMARC Format for Bibliographic Data", 1994. Washington, DC: Cataloging Distribution Service, Library of Congress.

[Miller et al., 1996] J. Miller, T. Krauskopf, P. Resnick, W. Treese, "PICS Label Distribution Label Syntax and Communication Protocols" Version 1.1, World Wide Web Consortium Recommendation REC-PICS-labels-961031. http://www.w3.org/pub/WWW/TR/REC-PICS-labels-961031.html.

[Slein et al., 1997] J. A. Slein, F. Vitali, E. J. Whitehead, Jr., D. Durand, "Requirements for Distributed Authoring and Versioning Protocol for the World Wide Web." RFC XXXX. Xerox, Univ. of Bologna, U.C. Irvine, Boston Univ. YYY, 1997.

[Weibel et al., 1995] S. Weibel, J. Godby, E. Miller, R. Daniel, "OCLC/NCSA Metadata Workshop Report." http://purl.oclc.org/metadata/dublin_core_report.

[Yergeau, 1997] F. Yergeau, "UTF-8, a transformation format of Unicode and ISO 10646." RFC 2044. Alis Technologies. October, 1996.

22 Authors' Addresses

   Y. Y. Goland
   Microsoft Corporation
   One Microsoft Way
   Redmond, WA 98052-6399
   Email: yarong@microsoft.com

E. J. Whitehead, Jr.
   Dept. Of Information and Computer Science
   University of California, Irvine
   Irvine, CA 92697-3425
   Email: ejw@ics.uci.edu

A. Faizi
   Netscape
   685 East Middlefield Road
   Mountain View, CA 94043
   Email: asad@netscape.com

S. R. Carter
   Novell
   1555 N. Technology Way
   M/S ORM F111
   Orem, UT 84097-2399
   Email: srcarter@novell.com


D. Jensen
   Novell
   1555 N. Technology Way
   M/S ORM F111
   Orem, UT 84097-2399
   Email: dcjensen@novell.com

23 Appendices

23.1 Appendix 1 - WebDAV Document Type Definition

This section provides a document type definition, following the rules in [Bray, Paoli, Sperberg-McQueen, 1998], for the XML elements used in the protocol stream and in the values of properties. It collects the element definitions given in Sections 11 and 12.

   <!DOCTYPE webdav-1.0 [

   <!--============ XML Elements from Section 11 ==================-->

   <!ELEMENT activelock (locktype, lockscope, depth?, owner, timeout,
   locktoken) >

   <!ELEMENT lockentry (lockscope, locktype) >
   <!ELEMENT lockinfo (lockscope, locktype, owner?) >

   <!ELEMENT locktype (write) >
   <!ELEMENT write EMPTY >

   <!ELEMENT lockscope (exclusive | shared) >
   <!ELEMENT exclusive EMPTY >
   <!ELEMENT shared EMPTY >

   <!ELEMENT depth (#PCDATA) >

   <!ELEMENT owner (#PCDATA, ANY)* >

   <!ELEMENT timeout (#PCDATA) >

   <!ELEMENT locktoken (href) >

   <!ELEMENT href (#PCDATA) >

   <!ELEMENT link (src+, dst+) >
   <!ELEMENT dst (#PCDATA) >
   <!ELEMENT src (#PCDATA) >

   <!ELEMENT multistatus (response+, responsedescription?) >

   <!ELEMENT response (href, ((href*, status)|(propstat+)),
   responsedescription?) >
   <!ELEMENT status (#PCDATA) >
   <!ELEMENT propstat (prop status) >
   <!ELEMENT responsedescription (#PCDATA) >

   <!ELEMENT prop ANY >

   <!ELEMENT propertybehavior (omit | keepalive) >
   <!ELEMENT omit EMPTY >

   <!ELEMENT keepalive (#PCDATA | href+) >

   <!ELEMENT propertyupdate (remove | set)+ >
   <!ELEMENT remove (prop) >
   <!ELEMENT set (prop) >

   <!ELEMENT propfind (allprop | propname | href+) >
   <!ELEMENT allprop EMPTY >
   <!ELEMENT propname EMPTY >

   <!ELEMENT collection EMPTY >

   <!--=========== Property Elements from Section 12 ===============-->

   <!ELEMENT creationdate (#PCDATA) >
   <!ELEMENT displayname (#PCDATA) >
   <!ELEMENT externalmembers (href*) >
   <!ELEMENT getcontentlanguage (#PCDATA) >
   <!ELEMENT getcontentlength (#PCDATA) >
   <!ELEMENT getcontenttype (#PCDATA) >
   <!ELEMENT getetag (#PCDATA) >
   <!ELEMENT getlastmodified (#PCDATA) >
   <!ELEMENT lockdiscovery (activelock)* >
   <!ELEMENT resourcetype ANY >
   <!ELEMENT source (link)* >
   <!ELEMENT supportedlock (lockentry)* >

]>

23.2 Appendix 2 - ISO 8601 Date and Time Profile

The creationdate property specifies the use of the ISO 8601 date format. This section defines a profile of the ISO 8601 date format for use with this specification. This profile is quoted verbatim from draft-newman-datetime-01.txt (expired).

date-time = full-date "T" full-time

full-date = date-fullyear "-" date-month "-" date-mday full-time = partial-time time-offset

date-fullyear = 4DIGIT date-month = 2DIGIT ; 01-12 date-mday = 2DIGIT ; 01-28, 01-29, 01-30, 01-31 based on month/year time-hour = 2DIGIT ; 00-23 time-minute = 2DIGIT ; 00-59 time-second = 2DIGIT ; 00-59, 00-60 based on leap second rules time-secfrac = "." 1*DIGIT time-numoffset = ("+" / "-") time-hour ":" time-minute time-offset = "Z" / time-numoffset partial-time = time-hour ":" time-minute ":" time-second [time-secfrac]

Numeric offsets are calculated as local time minus UTC (Coordinated Universal Time). So the equivalent time in UTC can be determined by subtracting the offset from the local time. For example, 18:50:00-04:00 is the same time as 22:58:00Z.

If the time in UTC is known, but the offset to local time is unknown, this can be represented with an offset of "-00:00". This differs from an offset of "Z" which implies that UTC is the preferred reference point for the specified time.

23.3 Appendix 3 - Notes on Processing XML Elements

XML is a flexible data format that makes it easy to submit data that appears legal but in fact is not. The philosophy of "Be flexible in what you accept and strict in what you send" still applies, but it must not be applied inappropriately. XML is extremely flexible in dealing with issues of white space, element ordering, inserting new elements, etc. This flexibility does not require extension, especially not in the area of the meaning of elements.

There is no kindness in accepting illegal combinations of XML elements. At best it will cause an unwanted result and at worst it can cause real damage.

23.3.1 XML Syntax Error Example

The following request body for a PROPFIND method is illegal.

   <?xml version="1.0"?>
   <?namespace href ="http://www.iana.org/standards/dav/" as="D"?>
   <D:propfind>
     <D:allprop/>
     <D:propname/>
   </D:propfind>

The definition of the propfind element only allows for the allprop or the propname element, not both. Thus the above is an error and MUST be responded to with a 400 Bad Request.

Imagine, however, that a server wanted to be "kind" and decided to pick the allprop element as the true element and respond to it. A client running over a bandwidth limited line who intended to execute a propname would be in for a big surprise if the server treated the command as an allprop.

23.3.2 Unknown XML Element Example

The previous example was illegal because it contained two elements that were explicitly banned from appearing together in the propfind element. However, XML is an extensible language, so one can imagine new elements being defined for use with propfind. Below is the request body of a PROPFIND and, like the previous example, MUST be rejected with a 400 Bad Request by a server that does not understand the expired-props element.

   <?xml version="1.0"?>
   <?namespace href ="http://www.iana.org/standards/dav/" as="D"?>
   <?namespace href="http://www.foo.bar/standards/props/" as="E"?>
   <D:propfind>
     <E:expired-props/>
   </D:propfind>

To understand why a 400 Bad Request is returned let us look at the request body as the server unfamiliar with expired-props sees it.

   <?xml version="1.0"?>
   <?namespace href ="http://www.iana.org/standards/dav/" as="D"?>
   <?namespace href="http://www.foo.bar/standards/props/" as="E"?>
   <D:propfind>
   </D:propfind>

As the server does not understand the expired-props element, by the rules of XML, it MUST ignore it. Thus the server sees an empty propfind, which by the definition of the propfind element is illegal.

Please note that had the extension been additive it would not necessarily have resulted in a 400 Bad Request. For example, imagine the following request body for a PROPFIND:

   <?xml version="1.0"?>
   <?namespace href ="http://www.iana.org/standards/dav/" as="D"?>
   <?namespace href="http://www.foo.bar/standards/props/" as="E"?>
   <D:propfind>
     <D:propname/>
     <E:leave-out>*boss*</E:leave-out>
   </D:propfind>

The previous example contains the fictitious element leave-out. Its purpose is to prevent the return of any property whose name matches the submitted pattern. If the previous example were submitted to a server unfamiliar with leave-out, the only result would be that the leave-out element would be ignored and a propname would be executed.