1
2
3
4
5
6
7Network Working Group J. Whitehead
8Request for Comments: 4437 U.C. Santa Cruz
9Category: Experimental G. Clemm
10 IBM
11 J. Reschke, Ed.
12 greenbytes
13 March 2006
14
15
16 Web Distributed Authoring and Versioning (WebDAV)
17 Redirect Reference Resources
18
19
20Status of This Memo
21
22 This memo defines an Experimental Protocol for the Internet
23 community. It does not specify an Internet standard of any kind.
24 Discussion and suggestions for improvement are requested.
25 Distribution of this memo is unlimited.
26
27Copyright Notice
28
29 Copyright (C) The Internet Society (2006).
30
31Abstract
32
33 This specification defines an extension to Web Distributed Authoring
34 and Versioning (WebDAV) to allow clients to author HTTP redirect
35 reference resources whose default response is an HTTP/1.1 3xx
36 (Redirection) status code. A redirect reference makes it possible to
37 access the target resourced indirectly through any URI mapped to the
38 redirect reference resource. This specification does not address
39 remapping of trees of resources or regular expression based
40 redirections. There are no integrity guarantees associated with
41 redirect reference resources. Other mechanisms can also be used to
42 achieve the same functionality as this specification. This
43 specification allows operators to experiment with this mechanism and
44 develop experience on what is the best approach to the problem.
45
46Table of Contents
47
48 1. Introduction ....................................................3
49 2. Notational Conventions ..........................................4
50 3. Terminology .....................................................4
51 4. Overview of Redirect Reference Resources ........................5
52 5. Operations on Redirect Reference Resources ......................6
53 6. MKREDIRECTREF Method ............................................7
54
55
56
57
58Whitehead, et al. Experimental [Page 1]
59
60RFC 4437 WebDAV Redirect Reference Resources March 2006
61
62
63 6.1. Example: Creating a Redirect Reference Resource
64 with MKREDIRECTREF .........................................8
65 7. UPDATEREDIRECTREF Method ........................................9
66 7.1. Example: Updating a Redirect Reference Resource with
67 UPDATEREDIRECTREF .........................................10
68 8. Operations on Collections That Contain Redirect
69 Reference Resources ............................................11
70 8.1. Example: PROPFIND on a Collection with Redirect
71 Reference .................................................11
72 8.2. Example: PROPFIND with Apply-To-Redirect-Ref on a
73 Collection with Redirect Reference Resources ..............13
74 9. Operations on Targets of Redirect Reference Resources ..........15
75 10. Relative References in DAV:reftarget ..........................15
76 10.1. Example: Resolving a Relative Reference in a
77 Multi-Status Response.....................................16
78 11. Redirect References to Collections ............................17
79 12. Headers .......................................................18
80 12.1. Redirect-Ref Response Header .............................18
81 12.2. Apply-To-Redirect-Ref Request Header .....................19
82 13. Redirect Reference Resource Properties ........................19
83 13.1. DAV:redirect-lifetime (protected) ........................19
84 13.2. DAV:reftarget (protected) ................................19
85 14. XML Elements ..................................................19
86 14.1. redirectref XML Element ..................................19
87 15. Extensions to the DAV:response XML Element for Multi-Status
88 Responses .....................................................20
89 16. Capability Discovery ..........................................20
90 16.1. Example: Discovery of Support for Redirect
91 Reference Resources ......................................20
92 17. Security Considerations .......................................21
93 17.1. Privacy Concerns .........................................21
94 17.2. Redirect Loops ...........................................21
95 17.3. Redirect Reference Resources and Denial of Service .......21
96 17.4. Revealing Private Locations ..............................22
97 18. Internationalization Considerations ...........................22
98 19. IANA Considerations ...........................................22
99 19.1. HTTP headers .............................................22
100 19.1.1. Redirect-Ref ......................................22
101 19.1.2. Apply-To-Redirect-Ref .............................23
102 20. Contributors ..................................................23
103 21. Acknowledgements ..............................................23
104 22. Normative References ..........................................23
105
106
107
108
109
110
111
112
113
114Whitehead, et al. Experimental [Page 2]
115
116RFC 4437 WebDAV Redirect Reference Resources March 2006
117
118
1191. Introduction
120
121 This specification extends the Web Distributed Authoring Protocol
122 (WebDAV) to enable clients to create new access paths to existing
123 resources. This capability is useful for several reasons.
124
125 WebDAV makes it possible to organize HTTP resources into hierarchies,
126 placing them into groupings, known as collections, that are more
127 easily browsed and manipulated than a single flat collection.
128 However, hierarchies require categorization decisions that locate
129 resources at a single location in the hierarchy, a drawback when a
130 resource has multiple valid categories. For example, in a hierarchy
131 of vehicle descriptions containing collections for cars and boats, a
132 description of a combination car/boat vehicle could belong in either
133 collection. Ideally, the description should be accessible from both.
134 Allowing clients to create new URIs that access the existing resource
135 lets them put that resource into multiple collections.
136
137 Hierarchies also make resource sharing more difficult, since
138 resources that have utility across many collections are still forced
139 into a single collection. For example, the mathematics department at
140 one university might create a collection of information on fractals
141 that contains bindings to some local resources, but also provides
142 access to some resources at other universities. For many reasons, it
143 may be undesirable to make physical copies of the shared resources:
144 to conserve disk space, to respect copyright constraints, or to make
145 any changes in the shared resources visible automatically. Being
146 able to create new access paths to existing resources in other
147 collections or even on other unrelated systems is useful for this
148 sort of case.
149
150 The redirect reference resources defined here provide a mechanism for
151 creating alternative access paths to existing resources. A redirect
152 reference resource is a resource in one collection whose purpose is
153 to redirect requests to another resource (its target), possibly in a
154 different collection. In this way, it allows clients to submit
155 requests to the target resource from another collection. It
156 redirects most requests to the target resource using an HTTP status
157 code from the 3xx range (Redirection), thereby providing a form of
158 mediated access to the target resource.
159
160
161
162
163
164
165
166
167
168
169
170Whitehead, et al. Experimental [Page 3]
171
172RFC 4437 WebDAV Redirect Reference Resources March 2006
173
174
175 A redirect reference is a resource with properties but with no body
176 of its own. Properties of a redirect reference resource can contain
177 information such as who created the reference, when, and why. Since
178 redirect reference resources are implemented using HTTP 3xx
179 responses, it generally takes two round trips to submit a request to
180 the intended resource. Redirect references work equally well for
181 local resources and for resources that reside on a different system
182 from the reference.
183
184 The remainder of this document is structured as follows: Section 3
185 defines terms that will be used throughout the specification.
186 Section 4 provides an overview of redirect reference resources.
187 Section 5 defines the semantics of existing methods when applied to
188 redirect reference resources. Section 6 discusses how to create a
189 redirect reference resource, and Section 7 discusses updating
190 redirect references. Section 8 discusses their semantics when
191 applied to collections that contain redirect reference resources.
192 Sections 9 through 11 discuss several other issues raised by the
193 existence of redirect reference resources. Sections 12 through 15
194 define the new headers, properties, and XML elements required to
195 support redirect reference resources. Section 16 discusses
196 capability discovery. Sections 17 through 19 present the security,
197 internationalization, and IANA concerns raised by this specification.
198 The remaining sections provide a variety of supporting information.
199
2002. Notational Conventions
201
202 Since this document describes a set of extensions to the WebDAV
203 Distributed Authoring Protocol [RFC2518], itself an extension to the
204 HTTP/1.1 protocol, the augmented BNF used here to describe protocol
205 elements is exactly the same as described in Section 2.1 of
206 [RFC2616]. Since this augmented BNF uses the basic production rules
207 provided in Section 2.2 of [RFC2616], these rules apply to this
208 document as well.
209
210 In this document, the key words "MUST", "MUST NOT", "REQUIRED",
211 "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
212 and "OPTIONAL" are to be interpreted as described in [RFC2119].
213
2143. Terminology
215
216 The terminology used here follows and extends that in the WebDAV
217 Distributed Authoring Protocol specification [RFC2518]. Definitions
218 of the terms resource, Uniform Resource Identifier (URI), and Uniform
219 Resource Locator (URL) are provided in [RFC3986].
220
221
222
223
224
225
226Whitehead, et al. Experimental [Page 4]
227
228RFC 4437 WebDAV Redirect Reference Resources March 2006
229
230
231 Redirect Reference Resource
232
233 A resource created to redirect all requests made to it, using an
234 HTTP status code from the 3xx range, to a defined target resource.
235
236 Non-Reference Resource
237
238 A resource that is not a reference to another resource.
239
240 Target Resource
241
242 The resource to which requests are redirected by a redirect
243 reference resource. A target resource can be anything that can be
244 identified by an absolute URI (see [RFC3986], "absolute-URI").
245
246 This document uses the terms "precondition", "postcondition", and
247 "protected property" as defined in [RFC3253]. Servers MUST report
248 pre-/postcondition failures as described in Section 1.6 of this
249 document.
250
2514. Overview of Redirect Reference Resources
252
253 For all operations submitted to a redirect reference resource, the
254 default response is a 302 (Found), accompanied by the Redirect-Ref
255 header (defined in Section 12.1, below) and the Location header
256 ([RFC2616], Section 14.30) set to the URI of the target resource.
257 With this information, the client can resubmit the request to the URI
258 of the target resource.
259
260 A redirect reference resource never automatically forwards requests
261 to its target resource. Redirect resources bring the same benefits
262 as links in HTML documents. They can be created and maintained
263 without the involvement or even knowledge of their target resource.
264 This reduces the cost of linking between resources.
265
266 If the client is aware that it is operating on a redirect reference
267 resource, it can resolve the reference by retrieving the reference
268 resource's DAV:reftarget property (defined in Section 13.2, below),
269 whose value contains the URI of the target resource. It can then
270 submit requests to the target resource.
271
272 A redirect reference resource is a new type of resource. To
273 distinguish redirect reference resources from non-reference
274 resources, a new value of the DAV:resourcetype property (defined in
275 [RFC2518]), DAV:redirectref, is defined in Section 14.1, below.
276
277 Since a redirect reference resource is a resource, methods can be
278 applied to the reference resource as well as to its target resource.
279
280
281
282Whitehead, et al. Experimental [Page 5]
283
284RFC 4437 WebDAV Redirect Reference Resources March 2006
285
286
287 The Apply-To-Redirect-Ref request header (defined in Section 12.2,
288 below) is provided so that referencing-aware clients can control
289 whether an operation is applied to the redirect reference resource or
290 standard HTTP/WebDAV behaviour (redirection with a 3xx status code)
291 should occur. The Apply-To-Redirect-Ref header can be used with most
292 requests to redirect reference resources. This header is
293 particularly useful with PROPFIND, to retrieve the reference
294 resource's own properties.
295
296 Implementation Note: Operations on the target of a redirect reference
297 usually do not affect the redirect reference itself. However,
298 clients should not rely on this behaviour (for instance, some servers
299 may update redirect references as a result of namespace operations on
300 the reference's target).
301
3025. Operations on Redirect Reference Resources
303
304 Although non-referencing-aware clients cannot create reference
305 resources, they should be able to submit requests through the
306 reference resources created by reference-aware WebDAV clients. They
307 should be able to follow any references to their targets. To make
308 this possible, a server that receives any request made via a redirect
309 reference resource MUST return a 3xx range (Redirection) status code,
310 unless the request includes an Apply-To-Redirect-Ref header
311 specifying "T". The client and server MUST follow [RFC2616], Section
312 10.3, but with these additional rules:
313
314 o The Location response header MUST contain a URI (see [RFC3986],
315 Section 3) that identifies the target of the reference resource.
316
317 o The response MUST include the Redirect-Ref header. This header
318 allows reference-aware WebDAV clients to recognize the resource as
319 a reference resource and to understand the reason for the
320 redirection.
321
322 A reference-aware WebDAV client can, like a non-referencing client,
323 resubmit the request to the URI in the Location header in order to
324 operate on the target resource. Alternatively, it can resubmit the
325 request to the URI of the redirect reference resource with the
326 "Apply-To-Redirect-Ref: T" header in order to operate on the
327 reference resource itself. In this case, the request MUST be applied
328 to the reference resource itself, and a 3xx response MUST NOT be
329 returned.
330
331 As redirect references do not have bodies, GET and PUT requests with
332 "Apply-To-Redirect-Ref: T" MUST fail with status 403 (forbidden).
333
334
335
336
337
338Whitehead, et al. Experimental [Page 6]
339
340RFC 4437 WebDAV Redirect Reference Resources March 2006
341
342
3436. MKREDIRECTREF Method
344
345 The MKREDIRECTREF method requests the creation of a redirect
346 reference resource.
347
348 If a MKREDIRECTREF request fails, the server state preceding the
349 request MUST be restored.
350
351 Responses from a MKREDIRECTREF request MUST NOT be cached, as
352 MKREDIRECTREF has non-idempotent and non-safe semantics (see
353 [RFC2616], Section 9.1).
354
355 Marshalling
356
357 The request body MUST be a DAV:mkredirectref XML element.
358
359 <!ELEMENT mkredirectref (reftarget, redirect-lifetime?)>
360 <!ELEMENT reftarget (href)>
361 <!ELEMENT redirect-lifetime (permanent | temporary)>
362 <!ELEMENT permanent EMPTY>
363 <!ELEMENT temporary EMPTY>
364
365 The DAV:href element is defined in [RFC2518] (Section 12.3) and
366 MUST contain either a URI or a relative-ref (see [RFC3986],
367 Sections 3 and 4.2).
368
369 If no DAV:redirect-lifetime element is specified, the server MUST
370 behave as if a value of DAV:temporary was specified.
371
372 If the request succeeds, the server MUST return 201 (Created)
373 status.
374
375 If a response body for a successful request is included, it MUST
376 be a DAV:mkredirectref-response XML element. Note that this
377 document does not define any elements for the MKREDIRECTREF
378 response body, but the DAV:mkredirectref-response element is
379 defined to ensure interoperability between future extensions that
380 do define elements for the response body.
381
382 <!ELEMENT mkredirectref-response ANY>
383
384 Preconditions
385
386 (DAV:resource-must-be-null): A resource MUST NOT exist at the
387 Request-URI.
388
389 (DAV:parent-resource-must-be-non-null): The Request-URI minus the
390 last past segment MUST identify a collection.
391
392
393
394Whitehead, et al. Experimental [Page 7]
395
396RFC 4437 WebDAV Redirect Reference Resources March 2006
397
398
399 (DAV:name-allowed): The last segment of the Request-URI is
400 available for use as a resource name.
401
402 (DAV:locked-update-allowed): If the collection identified by the
403 Request-URI minus the last path segment is write-locked, then the
404 appropriate token MUST be specified in an If request header.
405
406 (DAV:redirect-lifetime-supported): If the request body contains a
407 DAV:redirect-lifetime element, the server MUST support the
408 specified lifetime. Support for DAV:temporary is REQUIRED, while
409 support for DAV:permanent is OPTIONAL.
410
411 (DAV:legal-reftarget): The specified is a legal URI or relative-
412 ref.
413
414 Postconditions
415
416 (DAV:new-redirectref): a new redirect reference resource is
417 created whose DAV:reftarget property has the value specified in
418 the request body.
419
4206.1. Example: Creating a Redirect Reference Resource with MKREDIRECTREF
421
422 >> Request:
423
424 MKREDIRECTREF /~whitehead/dav/spec08.ref HTTP/1.1
425 Host: www.example.com
426 Content-Type: text/xml; charset="utf-8"
427 Content-Length: xxx
428
429 <?xml version="1.0" encoding="utf-8" ?>
430 <D:mkredirectref xmlns:D="DAV:">
431 <D:reftarget>
432 <D:href>/i-d/draft-webdav-protocol-08.txt</D:href>
433 </D:reftarget>
434 </D:mkredirectref>
435
436 >> Response:
437
438 HTTP/1.1 201 Created
439
440
441
442
443
444
445
446
447
448
449
450Whitehead, et al. Experimental [Page 8]
451
452RFC 4437 WebDAV Redirect Reference Resources March 2006
453
454
455 This request resulted in the creation of a new redirect reference
456 resource at http://www.example.com/~whitehead/dav/spec08.ref, which
457 points to the resource identified by the DAV:reftarget property. In
458 this example, the target resource is identified by the URI
459 http://www.example.com/i-d/draft-webdav-protocol-08.txt. The
460 redirect reference resource's DAV:resourcetype property is set to
461 DAV:redirectref, and its DAV:redirect-lifetime property has the value
462 DAV:temporary.
463
4647. UPDATEREDIRECTREF Method
465
466 The UPDATEREDIRECTREF method requests the update of a redirect
467 reference resource.
468
469 If a UPDATEREDIRECTREF request fails, the server state preceding the
470 request MUST be restored.
471
472 Responses from a UPDATEREDIRECTREF request MUST NOT be cached, as
473 UPDATEREDIRECTREF has non-safe semantics (see [RFC2616], Section
474 9.1).
475
476 Marshalling
477
478 The request body MUST be a DAV:updateredirectref XML element.
479
480 <!ELEMENT updateredirectref (reftarget?, redirect-lifetime?)>
481
482 See Section 6 for a definition of DAV:reftarget and DAV:redirect-
483 lifetime.
484
485 If no DAV:reftarget element is specified, the server MUST NOT
486 change the target of the redirect reference.
487
488 If no DAV:redirect-lifetime element is specified, the server MUST
489 NOT change the lifetime of the redirect reference.
490
491 If a response body for a successful request is included, it MUST
492 be a DAV:updateredirectref-response XML element. Note that this
493 document does not define any elements for the UPDATEREDIRECTREF
494 response body, but the DAV:updateredirectref-response element is
495 defined to ensure interoperability between future extensions that
496 do define elements for the response body.
497
498 <!ELEMENT updateredirectref-response ANY>
499
500
501
502
503
504
505
506Whitehead, et al. Experimental [Page 9]
507
508RFC 4437 WebDAV Redirect Reference Resources March 2006
509
510
511 Preconditions
512
513 (DAV:locked-update-allowed): if the resource is write-locked, then
514 the appropriate token MUST be specified in an If request header.
515
516 (DAV:must-be-redirectref): the resource identified by the
517 Request-URI must be a redirect reference resource as defined by
518 this specification.
519
520 (DAV:redirect-lifetime-supported): see Section 6.
521
522 (DAV:redirect-lifetime-update-supported): servers MAY support
523 changing the DAV:redirect-lifetime property; if they don't, this
524 condition code can be used to signal failure.
525
526 (DAV:legal-reftarget): see Section 6.
527
528 Postconditions
529
530 (DAV:redirectref-updated): the DAV:reftarget and DAV:redirect-
531 lifetime properties of the redirect reference have been updated
532 accordingly.
533
5347.1. Example: Updating a Redirect Reference Resource with
535 UPDATEREDIRECTREF
536
537 >> Request:
538
539 UPDATEREDIRECTREF /~whitehead/dav/spec08.ref HTTP/1.1
540 Host: www.example.com
541 Apply-To-Redirect-Ref: T
542 Content-Type: text/xml; charset="utf-8"
543 Content-Length: xxx
544
545 <?xml version="1.0" encoding="utf-8" ?>
546 <D:updateredirectref xmlns:D="DAV:">
547 <D:reftarget>
548 <D:href>/i-d/draft-webdav-protocol-08b.txt</D:href>
549 </D:reftarget>
550 </D:updateredirectref>
551
552 >> Response:
553
554 HTTP/1.1 200 OK
555
556 This request has updated the redirect reference's DAV:reftarget
557 property to "/i-d/draft-webdav-protocol-08b.txt" and has not changed
558 the DAV:redirect-lifetime value. Note that the "Apply-To-Redirect-
559
560
561
562Whitehead, et al. Experimental [Page 10]
563
564RFC 4437 WebDAV Redirect Reference Resources March 2006
565
566
567 Ref" request header must be used; otherwise, the request would result
568 in a redirect (3xx) response status.
569
5708. Operations on Collections That Contain Redirect Reference Resources
571
572 According to [RFC2518], Section 9.2, methods that have defined
573 interactions with the "Depth" request header should apply all other
574 request headers to each resource in scope. However, applying this
575 principle to the "Apply-To-Redirect-Ref" header uniformly would make
576 it impractical to implement this specification on top of existing
577 servers and also would result in unexpected server behaviour for
578 clients that do not take the existence of redirect references into
579 account. On the other hand, the definition of the "Depth" header
580 allows alternate behaviours to be explicitly defined.
581
582 For this reason, this specification defines the interaction between
583 "Depth" and "Apply-To-Redirect-Ref" request headers on a case-by-case
584 basis and also provides a default for methods not mentioned here that
585 do not specify the behaviour themselves.
586
587 +-------------+-----------------+------------------+-----------+
588 | method name | defined in | supported depths | behaviour |
589 +-------------+-----------------+------------------+-----------+
590 | COPY | [RFC2518], 8.9 | 0, infinity | "T" |
591 | DELETE | [RFC2518], 8.7 | infinity | "T" |
592 | LOCK | [RFC2518], 8.11 | 0, infinity | "T" |
593 | MOVE | [RFC2518], 8.10 | 0, infinity | "T" |
594 | PROPFIND | [RFC2518], 8.2 | 0, 1, infinity | inherit |
595 | REPORT | [RFC3253], 3.6 | 0, 1, infinity | inherit |
596 | default | | | "T" |
597 +-------------+-----------------+------------------+-----------+
598
599 When the behaviour is defined to be "inherit", the method should
600 follow RFC2518's default behaviour for "Depth" operations, which
601 means applying the value given for "Apply-To-Redirect-Ref" to each
602 resource in scope. On the other hand, when it is defined to be "T",
603 the method should behave as if a "Apply-To-Redirect-Ref: T" header
604 was specified for each operation on child resources. The latter
605 ensures that "Depth: infinity" operations will not fail unexpectedly
606 just because there was a redirect reference resource in scope.
607
6088.1. Example: PROPFIND on a Collection with Redirect Reference
609 Resources
610
611 Suppose a PROPFIND request with Depth: infinity is submitted to the
612 following collection, with the members shown here:
613
614
615
616
617
618Whitehead, et al. Experimental [Page 11]
619
620RFC 4437 WebDAV Redirect Reference Resources March 2006
621
622
623 /MyCollection/
624 (non-reference resource) diary.html
625 (redirect reference resource) nunavut
626
627 >> Request:
628
629 PROPFIND /MyCollection/ HTTP/1.1
630 Host: example.com
631 Depth: infinity
632 Apply-To-Redirect-Ref: F
633 Content-Type: text/xml
634 Content-Length: xxxx
635
636 <?xml version="1.0" ?>
637 <D:propfind xmlns:D="DAV: ">
638 <D:prop xmlns:J="http://example.com/jsprops/">
639 <D:resourcetype/>
640 <J:keywords/>
641 </D:prop>
642 </D:propfind>
643
644 >> Response:
645
646 HTTP/1.1 207 Multi-Status
647 Content-Type: text/xml
648 Content-Length: xxxx
649
650 <?xml version="1.0" ?>
651 <D:multistatus xmlns:D="DAV:" xmlns:J="http://example.com/jsprops/">
652 <D:response>
653 <D:href>/MyCollection/</D:href>
654 <D:propstat>
655 <D:prop>
656 <D:resourcetype><D:collection/></D:resourcetype>
657 <J:keywords>diary, interests, hobbies</J:keywords>
658 </D:prop>
659 <D:status>HTTP/1.1 200 OK</D:status>
660 </D:propstat>
661 </D:response>
662 <D:response>
663 <D:href>/MyCollection/diary.html</D:href>
664 <D:propstat>
665 <D:prop>
666 <D:resourcetype/>
667 <J:keywords>diary, travel, family, history</J:keywords>
668 </D:prop>
669 <D:status>HTTP/1.1 200 OK</D:status>
670 </D:propstat>
671
672
673
674Whitehead, et al. Experimental [Page 12]
675
676RFC 4437 WebDAV Redirect Reference Resources March 2006
677
678
679 </D:response>
680 <D:response>
681 <D:href>/MyCollection/nunavut</D:href>
682 <D:status>HTTP/1.1 302 Found</D:status>
683 <D:location>
684 <D:href>http://example.ca/art/inuit/</D:href>
685 </D:location>
686 </D:response>
687 </D:multistatus>
688
689 In this example, the Depth header is set to infinity, and the Apply-
690 To-Redirect-Ref header is set to "F". The collection contains one
691 URI that identifies a redirect reference resource. The response
692 element for the redirect reference resource has a status of 302
693 (Found) and includes a DAV:location extension element to allow
694 clients to retrieve the properties of its target resource. (The
695 response element for the redirect reference resource does not include
696 the requested properties. The client can submit another PROPFIND
697 request to the URI in the DAV:location pseudo-property to retrieve
698 those properties.)
699
7008.2. Example: PROPFIND with Apply-To-Redirect-Ref on a Collection with
701 Redirect Reference Resources
702
703 Suppose a PROPFIND request with "Apply-To-Redirect-Ref: T" and Depth:
704 infinity is submitted to the following collection, with the members
705 shown here:
706
707 /MyCollection/
708 (non-reference resource) diary.html
709 (redirect reference resource) nunavut
710
711 >> Request:
712
713 PROPFIND /MyCollection/ HTTP/1.1
714 Host: example.com
715 Depth: infinity
716 Apply-To-Redirect-Ref: T
717 Content-Type: text/xml
718 Content-Length: xxxx
719
720
721
722
723
724
725
726
727
728
729
730Whitehead, et al. Experimental [Page 13]
731
732RFC 4437 WebDAV Redirect Reference Resources March 2006
733
734
735 <?xml version="1.0" ?>
736 <D:propfind xmlns:D="DAV:">
737 <D:prop>
738 <D:resourcetype/>
739 <D:reftarget/>
740 <D:redirect-lifetime/>
741 </D:prop>
742 </D:propfind>
743
744 >> Response:
745
746 HTTP/1.1 207 Multi-Status
747 Content-Type: text/xml
748 Content-Length: xxxx
749
750 <?xml version="1.0" ?>
751 <D:multistatus xmlns:D="DAV:">
752 <D:response>
753 <D:href>/MyCollection/</D:href>
754 <D:propstat>
755 <D:prop>
756 <D:resourcetype><D:collection/></D:resourcetype>
757 </D:prop>
758 <D:status>HTTP/1.1 200 OK</D:status>
759 </D:propstat>
760 <D:propstat>
761 <D:prop>
762 <D:reftarget/>
763 <D:redirect-lifetime/>
764 </D:prop>
765 <D:status>HTTP/1.1 404 Not Found</D:status>
766 </D:propstat>
767 </D:response>
768 <D:response>
769 <D:href>/MyCollection/diary.html</D:href>
770 <D:propstat>
771 <D:prop>
772 <D:resourcetype/>
773 </D:prop>
774 <D:status>HTTP/1.1 200 OK</D:status>
775 </D:propstat>
776 <D:propstat>
777 <D:prop>
778 <D:reftarget/>
779 <D:redirect-lifetime/>
780 </D:prop>
781 <D:status>HTTP/1.1 404 Not Found</D:status>
782 </D:propstat>
783
784
785
786Whitehead, et al. Experimental [Page 14]
787
788RFC 4437 WebDAV Redirect Reference Resources March 2006
789
790
791 </D:response>
792 <D:response>
793 <D:href>/MyCollection/nunavut</D:href>
794 <D:propstat>
795 <D:prop>
796 <D:resourcetype><D:redirectref/></D:resourcetype>
797 <D:reftarget>
798 <D:href>http://example.ca/art/inuit/</D:href>
799 </D:reftarget>
800 <D:redirect-lifetime><D:temporary/></D:redirect-lifetime>
801 </D:prop>
802 <D:status>HTTP/1.1 200 OK</D:status>
803 </D:propstat>
804 </D:response>
805 </D:multistatus>
806
807 Since the "Apply-To-Redirect-Ref: T" header is present, the response
808 shows the properties of the redirect reference resource in the
809 collection rather than reporting a 302 status.
810
8119. Operations on Targets of Redirect Reference Resources
812
813 Operations on targets of redirect reference resources have no effect
814 on the reference resource.
815
81610. Relative References in DAV:reftarget
817
818 The URI in the href in a DAV:reftarget property MAY be a relative
819 reference. In this case, the base URI to be used for resolving it to
820 absolute form is the URI used in the HTTP message to identify the
821 redirect reference resource to which the DAV:reftarget property
822 belongs.
823
824 When DAV:reftarget appears in the context of a Multi-Status response,
825 it is in a DAV:response element that contains a single DAV:href
826 element. The value of this DAV:href element serves as the base URI
827 for resolving a relative reference in DAV:reftarget. The value of
828 DAV:href may itself be relative, in which case it must be resolved
829 first in order to serve as the base URI for the relative reference in
830 DAV:reftarget. If the DAV:href element is relative, its base URI is
831 constructed from the scheme component "http", the value of the Host
832 header in the request, and the Request-URI.
833
834
835
836
837
838
839
840
841
842Whitehead, et al. Experimental [Page 15]
843
844RFC 4437 WebDAV Redirect Reference Resources March 2006
845
846
84710.1. Example: Resolving a Relative Reference in a Multi-Status
848 Response
849
850 >> Request:
851
852 PROPFIND /geog/ HTTP/1.1
853 Host: example.com
854 Apply-To-Redirect-Ref: T
855 Depth: 1
856 Content-Type: text/xml
857 Content-Length: nnn
858
859 <?xml version="1.0" ?>
860 <D:propfind xmlns:D="DAV:">
861 <D:prop>
862 <D:resourcetype/>
863 <D:reftarget/>
864 </D:prop>
865 </D:propfind>
866
867 >> Response:
868
869 HTTP/1.1 207 Multi-Status
870 Content-Type: text/xml
871 Content-Length: nnn
872
873 <?xml version="1/0" ?>
874 <D:multistatus xmlns:D="DAV:">
875 <D:response>
876 <D:href>/geog/</D:href>
877 <D:propstat>
878 <D:prop>
879 <D:resourcetype><D:collection/></D:resourcetype>
880 </D:prop>
881 <D:status>HTTP/1.1 200 OK</D:status>
882 </D:propstat>
883 <D:propstat>
884 <D:prop><D:reftarget/></D:prop>
885 <D:status>HTTP/1.1 404 Not Found</D:status>
886 </D:propstat>
887 </D:response>
888 <D:response>
889 <D:href>/geog/stats.html</D:href>
890 <D:propstat>
891 <D:prop>
892 <D:resourcetype><D:redirectref/></D:resourcetype>
893 <D:reftarget>
894 <D:href>statistics/population/1997.html</D:href>
895
896
897
898Whitehead, et al. Experimental [Page 16]
899
900RFC 4437 WebDAV Redirect Reference Resources March 2006
901
902
903 </D:reftarget>
904 </D:prop>
905 <D:status>HTTP/1.1 200 OK</D:status>
906 </D:propstat>
907 </D:response>
908 </D:multistatus>
909
910 In this example, the relative reference
911 "statistics/population/1997.html" is returned as the value of the
912 DAV:reftarget property for the reference resource identified by href
913 /geog/stats.html. The href is itself a relative reference, which
914 resolves to http://example.com/geog/stats.html. This is the base URI
915 for resolving the relative reference in reftarget. The absolute URI
916 of reftarget is
917 http://example.com/geog/statistics/population/1997.html.
918
91911. Redirect References to Collections
920
921 In a Request-URI /segment1/segment2/segment3, any of the three
922 segments may identify a redirect reference resource. (See [RFC3986],
923 Section 3.3, for definitions of "path" and "segment".) If any
924 segment in a Request-URI identifies a redirect reference resource,
925 the response SHOULD be a 3xx. The value of the Location header in
926 the response is as follows:
927
928 The leftmost path segment of the Request-URI that identifies a
929 redirect reference resource, together with all path segments and
930 separators to the left of it, is replaced by the value of the
931 redirect reference resource's DAV:reftarget property (resolved to an
932 absolute URI). The remainder of the Request-URI is concatenated to
933 this path.
934
935 Note: If the DAV:reftarget property ends with a "/" and the remainder
936 of the Request-URI is non-empty (and therefore must begin with a
937 "/"), the final "/" in the DAV:reftarget property is dropped before
938 the remainder of the Request-URI is appended.
939
940 Consider Request-URI /x/y/z.html. Suppose that /x/ is a redirect
941 reference resource, whose target resource is collection /a/, which
942 contains redirect reference resource y whose target resource is
943 collection /b/, which contains redirect reference resource z.html,
944 whose target resource is /c/d.html.
945
946
947
948
949
950
951
952
953
954Whitehead, et al. Experimental [Page 17]
955
956RFC 4437 WebDAV Redirect Reference Resources March 2006
957
958
959 /x/y/z.html
960 |
961 | /x -> /a
962 |
963 v
964 /a/y/z.html
965 |
966 | /a/y -> /b
967 |
968 v
969 /b/z.html
970 |
971 | /b/z.html -> /c/d.html
972 |
973 v
974 /c/d.html
975
976 In this case, the client must follow up three separate 3xx responses
977 before finally reaching the target resource. The server responds to
978 the initial request with a 3xx with Location: /a/y/z.html, and the
979 client resubmits the request to /a/y/z.html. The server responds to
980 this request with a 3xx with Location: /b/z.html, and the client
981 resubmits the request to /b/z.html. The server responds to this
982 request with a 3xx with Location: /c/d.html, and the client resubmits
983 the request to /c/d.html. This final request succeeds.
984
985 Note: The behaviour described above may have a very serious impact
986 on the efficiency of mapping Request-URIs to resources in HTTP
987 request processing. Therefore, servers MAY respond with a 404
988 status code if the cost of checking all leading path segments for
989 redirect references seems prohibitive.
990
99112. Headers
992
99312.1. Redirect-Ref Response Header
994
995 Redirect-Ref = "Redirect-Ref:" (URI | relative-ref)
996 ; URI: see [RFC3986], Section 3
997 ; relative-ref: see [RFC3986], Section 4.2
998
999 The Redirect-Ref header is used in all 3xx responses from redirect
1000 reference resources. The value is the link target as specified
1001 during redirect reference resource creation.
1002
1003
1004
1005
1006
1007
1008
1009
1010Whitehead, et al. Experimental [Page 18]
1011
1012RFC 4437 WebDAV Redirect Reference Resources March 2006
1013
1014
101512.2. Apply-To-Redirect-Ref Request Header
1016
1017 Apply-To-Redirect-Ref = "Apply-To-Redirect-Ref" ":" ("T" | "F")
1018
1019 The optional Apply-To-Redirect-Ref header can be used on any request
1020 to a redirect reference resource. When it is present and set to "T",
1021 the request MUST be applied to the reference resource itself, and a
1022 3xx response MUST NOT be returned.
1023
1024 If the Apply-To-Redirect-Ref header is used on a request to any other
1025 sort of resource besides a redirect reference resource, the server
1026 MUST ignore it.
1027
102813. Redirect Reference Resource Properties
1029
1030 The properties defined below are REQUIRED on redirect reference
1031 resources. A PROPFIND/allprop request SHOULD NOT return any of the
1032 properties defined in this document.
1033
103413.1. DAV:redirect-lifetime (protected)
1035
1036 This property provides information about the lifetime of a redirect.
1037 It can be either DAV:permanent (HTTP status 301) or DAV:temporary
1038 (HTTP status 302). Future protocols may define additional values.
1039
1040 <!ELEMENT redirect-lifetime (permanent | temporary)>
1041 <!ELEMENT permanent EMPTY>
1042 <!ELEMENT temporary EMPTY>
1043
104413.2. DAV:reftarget (protected)
1045
1046 This property provides an efficient way for clients to discover the
1047 URI of the target resource. This is a read-only property after its
1048 initial creation. Its value can only be set in a MKREDIRECTREF
1049 request. The value is a DAV:href element containing the URI of the
1050 target resource.
1051
1052 <!ELEMENT reftarget href >
1053
105414. XML Elements
1055
105614.1. redirectref XML Element
1057
1058 Name: redirectref
1059
1060 Namespace: DAV:
1061
1062
1063
1064
1065
1066Whitehead, et al. Experimental [Page 19]
1067
1068RFC 4437 WebDAV Redirect Reference Resources March 2006
1069
1070
1071 Purpose: Used as the value of the DAV:resourcetype property to
1072 specify that the resource type is a redirect reference resource.
1073
1074 <!ELEMENT redirectref EMPTY >
1075
107615. Extensions to the DAV:response XML Element for Multi-Status
1077 Responses
1078
1079 As described in Section 8, the DAV:location element may be returned
1080 in the DAV:response element of a 207 Multi-Status response, to allow
1081 clients to resubmit their requests to the target resource of a
1082 redirect reference resource.
1083
1084 Consequently, the definition of the DAV:response XML element changes
1085 to the following:
1086
1087 <!ELEMENT response (href, ((href*, status)|(propstat+)),
1088 responsedescription?, location?) >
1089 <!ELEMENT location (href) >
1090
109116. Capability Discovery
1092
1093 Sections 9.1 and 15 of [RFC2518] describe the use of compliance
1094 classes with the DAV header in responses to OPTIONS, to indicate
1095 which parts of the WebDAV Distributed Authoring protocols the
1096 resource supports. This specification defines an OPTIONAL extension
1097 to [RFC2518]. It defines a new compliance class, called
1098 redirectrefs, for use with the DAV header in responses to OPTIONS
1099 requests. If a resource does support redirect references, its
1100 response to an OPTIONS request may indicate that it does, by listing
1101 the new redirectrefs compliance class in the DAV header and by
1102 listing the MKREDIRECTREF method as one it supports.
1103
1104 When responding to an OPTIONS request, any type of resource can
1105 include redirectrefs in the value of the DAV header. Doing so
1106 indicates that the server permits a redirect reference resource at
1107 the Request-URI.
1108
110916.1. Example: Discovery of Support for Redirect Reference Resources
1110
1111 >> Request:
1112
1113 OPTIONS /somecollection/someresource HTTP/1.1
1114 Host: example.org
1115
1116
1117
1118
1119
1120
1121
1122Whitehead, et al. Experimental [Page 20]
1123
1124RFC 4437 WebDAV Redirect Reference Resources March 2006
1125
1126
1127 >> Response:
1128
1129 HTTP/1.1 200 OK
1130 Allow: OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, COPY, MOVE
1131 Allow: MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, MKREDIRECTREF
1132 DAV: 1, 2, redirectrefs
1133
1134 The DAV header in the response indicates that the resource
1135 /somecollection/someresource is level 1 and level 2 compliant, as
1136 defined in [RFC2518]. In addition, /somecollection/someresource
1137 supports redirect reference resources. The Allow header indicates
1138 that MKREDIRECTREF requests can be submitted to
1139 /somecollection/someresource.
1140
114117. Security Considerations
1142
1143 This section is provided to make applications that implement this
1144 protocol aware of the security implications of this protocol.
1145
1146 All of the security considerations of HTTP/1.1 and the WebDAV
1147 Distributed Authoring Protocol specification also apply to this
1148 protocol specification. In addition, redirect reference resources
1149 introduce several new security concerns and increase the risk of some
1150 existing threats. These issues are detailed below.
1151
115217.1. Privacy Concerns
1153
1154 By creating redirect reference resources on a trusted server, it is
1155 possible for a hostile agent to induce users to send private
1156 information to a target on an unrelated system. This risk is
1157 mitigated somewhat, since clients are required to notify the user of
1158 the redirection for any request other than GET or HEAD. (See
1159 [RFC2616], Section 10.3.3, 302 Found.)
1160
116117.2. Redirect Loops
1162
1163 Although redirect loops were already possible in HTTP 1.1, the
1164 introduction of the MKREDIRECTREF method creates a new avenue for
1165 clients to create loops accidentally or maliciously. If the
1166 reference resource and its target are on the same server, the server
1167 may be able to detect MKREDIRECTREF requests that would create loops.
1168 See also [RFC2616], Section 10.3, "Redirection 3xx."
1169
117017.3. Redirect Reference Resources and Denial of Service
1171
1172 Denial of service attacks were already possible by posting URLs that
1173 were intended for limited use at heavily used Web sites. The
1174 introduction of MKREDIRECTREF creates a new avenue for similar denial
1175
1176
1177
1178Whitehead, et al. Experimental [Page 21]
1179
1180RFC 4437 WebDAV Redirect Reference Resources March 2006
1181
1182
1183 of service attacks. Clients can now create redirect reference
1184 resources at heavily used sites to target locations that were not
1185 designed for heavy usage.
1186
118717.4. Revealing Private Locations
1188
1189 There are several ways that redirect reference resources may reveal
1190 information about collection structures. First, the DAV:reftarget
1191 property of every redirect reference resource contains the URI of the
1192 target resource. Anyone who has access to the reference resource can
1193 discover the collection path that leads to the target resource. The
1194 owner of the target resource may have wanted to limit knowledge of
1195 this collection structure.
1196
1197 Sufficiently powerful access control mechanisms can control this risk
1198 to some extent. Property-level access control could prevent users
1199 from examining the DAV:reftarget property. (The Location header
1200 returned in responses to requests on redirect reference resources
1201 reveals the same information, however.)
1202
1203 This risk is no greater than the similar risk posed by HTML links.
1204
120518. Internationalization Considerations
1206
1207 All internationalization considerations mentioned in [RFC2518] also
1208 apply to this document.
1209
121019. IANA Considerations
1211
1212 All IANA considerations mentioned in [RFC2518] also apply to this
1213 document.
1214
121519.1. HTTP headers
1216
1217 This document specifies the two new HTTP headers listed below.
1218
121919.1.1. Redirect-Ref
1220
1221 Header field name: Redirect-Ref
1222
1223 Applicable protocol: http
1224
1225 Status: standard
1226
1227 Author/Change controller: IETF
1228
1229 Specification document: this specification (Section 12.1)
1230
1231
1232
1233
1234Whitehead, et al. Experimental [Page 22]
1235
1236RFC 4437 WebDAV Redirect Reference Resources March 2006
1237
1238
123919.1.2 Apply-To-Redirect-Ref
1240
1241 Header field name: Apply-To-Redirect-Ref
1242
1243 Applicable protocol: http
1244
1245 Status: standard
1246
1247 Author/Change controller: IETF
1248
1249 Specification document: this specification (Section 12.2)
1250
125120. Contributors
1252
1253 Many thanks to Jason Crawford, Jim Davis, Chuck Fay, and Judith
1254 Slein, who can take credit for big parts of the original design of
1255 this specification.
1256
125721. Acknowledgements
1258
1259 This document has benefited from thoughtful discussion by Jim Amsden,
1260 Peter Carlson, Steve Carter, Tyson Chihaya, Ken Coar, Ellis Cohen,
1261 Bruce Cragun, Spencer Dawkins, Mark Day, Rajiv Dulepet, David Durand,
1262 Lisa Dusseault, Stefan Eissing, Roy Fielding, Yaron Goland, Fred
1263 Hitt, Alex Hopmann, James Hunt, Marcus Jager, Chris Kaler, Manoj
1264 Kasichainula, Rohit Khare, Daniel LaLiberte, Steve Martin, Larry
1265 Masinter, Jeff McAffer, Joe Orton, Surendra Koduru Reddy, Juergen
1266 Reuter, Max Rible, Sam Ruby, Bradley Sergeant, Nick Shelness, John
1267 Stracke, John Tigue, John Turner, Kevin Wiggen, and others.
1268
126922. Normative References
1270
1271 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
1272 Requirement Levels", BCP 14, RFC 2119, March 1997.
1273
1274 [RFC2518] Goland, Y., Whitehead, E., Faizi, A., Carter, S., and D.
1275 Jensen, "HTTP Extensions for Distributed Authoring --
1276 WEBDAV", RFC 2518, February 1999.
1277
1278 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
1279 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
1280 Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
1281
1282 [RFC3253] Clemm, G., Amsden, J., Ellison, T., Kaler, C., and J.
1283 Whitehead, "Versioning Extensions to WebDAV (Web
1284 Distributed Authoring and Versioning)", RFC 3253, March
1285 2002.
1286
1287
1288
1289
1290Whitehead, et al. Experimental [Page 23]
1291
1292RFC 4437 WebDAV Redirect Reference Resources March 2006
1293
1294
1295 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
1296 Resource Identifier (URI): Generic Syntax", STD 66, RFC
1297 3986, January 2005.
1298
1299Authors' Addresses
1300
1301 Jim Whitehead
1302 UC Santa Cruz, Dept. of Computer Science
1303 1156 High Street
1304 Santa Cruz, CA 95064
1305 US
1306
1307 EMail: ejw@cse.ucsc.edu
1308
1309
1310 Geoff Clemm
1311 IBM
1312 20 Maguire Road
1313 Lexington, MA 02421
1314 US
1315
1316 EMail: geoffrey.clemm@us.ibm.com
1317
1318
1319 Julian F. Reschke (editor)
1320 greenbytes GmbH
1321 Hafenweg 16
1322 Muenster, NW 48155
1323 Germany
1324
1325 Phone: +49 251 2807760
1326 Fax: +49 251 2807761
1327 EMail: julian.reschke@greenbytes.de
1328 URI: http://greenbytes.de/tech/webdav/
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346Whitehead, et al. Experimental [Page 24]
1347
1348RFC 4437 WebDAV Redirect Reference Resources March 2006
1349
1350
1351Full Copyright Statement
1352
1353 Copyright (C) The Internet Society (2006).
1354
1355 This document is subject to the rights, licenses and restrictions
1356 contained in BCP 78, and except as set forth therein, the authors
1357 retain all their rights.
1358
1359 This document and the information contained herein are provided on an
1360 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
1361 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
1362 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
1363 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
1364 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
1365 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
1366
1367Intellectual Property
1368
1369 The IETF takes no position regarding the validity or scope of any
1370 Intellectual Property Rights or other rights that might be claimed to
1371 pertain to the implementation or use of the technology described in
1372 this document or the extent to which any license under such rights
1373 might or might not be available; nor does it represent that it has
1374 made any independent effort to identify any such rights. Information
1375 on the procedures with respect to rights in RFC documents can be
1376 found in BCP 78 and BCP 79.
1377
1378 Copies of IPR disclosures made to the IETF Secretariat and any
1379 assurances of licenses to be made available, or the result of an
1380 attempt made to obtain a general license or permission for the use of
1381 such proprietary rights by implementers or users of this
1382 specification can be obtained from the IETF on-line IPR repository at
1383 http://www.ietf.org/ipr.
1384
1385 The IETF invites any interested party to bring to its attention any
1386 copyrights, patents or patent applications, or other proprietary
1387 rights that may cover technology that may be required to implement
1388 this standard. Please address the information to the IETF at
1389 ietf-ipr@ietf.org.
1390
1391Acknowledgement
1392
1393 Funding for the RFC Editor function is provided by the IETF
1394 Administrative Support Activity (IASA).
1395
1396
1397
1398
1399
1400
1401
1402Whitehead, et al. Experimental [Page 25]
1403
1404