yes | J.C. Gregorio |
BitWorking, Inc | |
December 2003 |
This memo presents a technique for using XML (Extensible Markup Language) and HTTP (HyperText Transport Protocol) to edit content.
To provide feedback on this draft RFC please visit the Atom Wiki or join the atom-syntax mailing list.
1
Introduction
2
Terminology
3
Scope
4
Introduction
4.1
Purpose
4.2
Terminology
4.3
The AtomAPI Model
5
Functional Specification
5.1
PostURI
5.1.1
Locating
5.1.2
Request
5.1.3
Response
5.1.3.1
201
5.1.3.2
303
5.1.3.3
400
5.1.3.4
500
5.2
EditURI
5.2.1
Locating
5.2.2
Request
5.3
FeedURI
5.3.1
Locating
5.3.2
Request
5.3.3
Response
5.3.3.1
301
5.3.3.2
307
5.4
Link Tag
5.4.1
rel
5.4.2
href
5.4.3
title
5.4.4
type
5.5
Atom Request and Response Body Constraints
5.5.1
id
5.5.2
link
5.5.3
title
5.5.4
summary
5.5.5
content
5.5.6
issued
5.5.7
modified
5.5.8
created
5.5.9
author
5.5.10
contributor
5.5.11
generator
6
Security Considerations
7
Appendices
7.1
SOAP Enabling
7.1.1
Servers
7.1.2
Clients
7.2
Example for a weblog
7.3
Example for a wiki
8
Revision History
9
Copyright
§
References
§
Author's Address
§
Full Copyright Statement
The AtomAPI is an application level protocol for publishing and editing web resources. The protocol at its core is the HTTP transport of Atom formatted representations.
To provide feedback on this draft RFC please visit the Atom Wiki or join the atom-syntax mailing list.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",the and "OPTIONAL" in this document are to be interpreted as described in RFC2119.
This document covers the editing of content of a periodically updating website using the HTTP and XML. All of the XML payloads are in Atom format, which is documented in the draft Atom Syndication Format RFC.
The AtomAPI is an application level protocol for publishing and editing web resources.
AtomAPI is an application level protocol for publishing and editing web resources. Using the common HTTP verbs provides a pattern for working with all such web resources:
There are different kinds of resources managed by the AtomAPI, each of these have URIs and those URIs support a subset of the above methods. There are three major classes of URIs in this specification: PostURI, FeedURI and EditURI. This specification defines the expected actions for each of the methods listed. Note that this does not restrict a URI to only supporting just those methods listed, for example an EditURI could support a POST method, or the OPTIONS method, what those methods do is beyond the scope of this specification.
This RFC does not specify the form of the URIs that are used. The URI space of each server is controlled, as defined by HTTP, by the server alone. What this RFC does specify are the formats of the files that are exchanged and the actions that can be performed on the URIs embedded in those files.
The PostURI is used to create entries. These can be either full entries, such as a weblog post, or they can be comments, or even a wiki page. The client POSTs a filled in Atom Entry to this URI. If the request is succesful then multiple new URIs may be created that contain representations of varying types. For example, POSTing an Atom entry to a PostURI may create a new weblog entry with both an HTML and Atom representation now available. The URI of the newly created Atom representation may in fact be an EditURI through which the resource can be edited.
For creating a new site Entry, the link tag is used. Note that a link tag is used in both HTML and in the Atom format. A link tag of the following format points to the PostURI for a site. In HTML the link tags are always found in the head element, while in Atom they may appear as children of the Feed and entry elements.
<link rel="service.post" type="application/x.atom+xml" href="URI for Posting goes here" title="The name of the site.">
Note: Multiple link tags may appear together and can be distinguished by having different 'rel', 'type' and 'title' attributes.
The request contains a filled in Atom entry, subject to the constraints in section @@ TBD @@.
The expected status codes from a POST are 201, 303, 400, and 500. 401, 404, and 410 are also possible.
Response includes a Location: header with the URI of the created resource, i.e. the URI used to edit the entry, as opposed to the URI used to display the content. The body of the response will contain the entry "filled in" with time stamps and any other data the server choses to reveal. This must contain enough information to enable a client to issue a subsequent PUT to this location. Note that the server may chose to omit the content in the response, particularly if it is large.
The body of this response does not contain the filled in Entry, but the filled in Entry can be found under a different URI and SHOULD be retrieved using a GET method on that resource. The different URI SHOULD be given by the Location field in the response.
Indicates that the server believes that that data sent constitutes an invalid request. A short description of the error will appear on the status line itself. A longer description will appear in the body.
Indicates that the server detected an internal error on the server processing this request (such as an unhandled exception). A short description of the error will appear on the status line itself. A longer description will appear in the body.
An EditURI is used to edit a single entry. Each entry that is editable MUST have a unique URI. This URI supports both GET and PUT and they are used in tandem for an editing cycle. The client GET's the represenation which is formatted as an Atom entry. The client may then update the entry and then PUT it back to the same URI. The PUT will cause all the related resources to be updated, for example, the HTML representaion.
Note that the value of the content element in the Atom entry does not have to exactly match the content element for the same entry when it is represented in an Atom feed. For example, a server may allow the client to post entries whose content is formatted as WikiML, yet the server may clean up such markup and transform it into well-formed XHTML before placing it in the publicly avialable Atom feed. Another scenario is summaries, the EditURI is for editing the full content of an entry, but the server may only present excerpts when it produces an Atom feed.
A client will send a DELETE to the EditURI to delete an entry.
For editing a site Entry, the link tag is used. Note that a link tag is used in both HTML and in the Atom format. A link tag of the following format points to the EditURI for a site. In HTML the link tags for editing are always found in the head element, while in Atom they may appear as children of the entry elements.
<link rel="service.edit"
type="application/x.atom+xml"
href="URI for Editing goes here"
title="Readable description of the entry.">
Note: The critical characteristic of this link tag is the @rel of 'service.edit' and the @type of 'application/x.atom+xml'.
A PUT request, and a GET response both contain a filled in Atom entry, subject to the constraints in section @@ TBD @@.
The FeedURI is used to retrieve a represenation in Atom format. Note that this feed is different from a typical Atom feed in that it contains "link" elements for navigating and manipulating the content of the site. For example there should be a "link" element with rel="next" whose URI points to the next block of entries on the site. Similarly the feed element can contain a "link" element with rel="service.post", the URI of which is a PostURI. Individual entries should contain "link" elements with rel="service.edit" whose URIs are EditURIs.
@@ Editor's Note: @@ Note that the "service.feed" takes the place of the Introspection File and the Search facet in previous versions of the specification. That is, facet discovery, which was previously done by inspecting the Introspection file is now done by looking for "link" tags with an attribute "rel" set to "service.[something]" in the "service.feed" file. At the same time the same representation replaces the search facet by having "link" tags that point to other feeds using well knows 'rel' attribute values such as 'next' and 'prev', or the search can branch in multiple directions by specifying multiple link tags with rel="service.feed" and having differing title attributes that announce the kind of search results in that feed.
A link tag of the following format points to the FeedURI.
<link rel="service.feed" type="application/x.atom+xml" href="URI goes here" title="The name of the site.">
The request is a simple GET. No other verbs are currently specified for this URI.
The expected status codes from a GET are 200, 301, 307, and 500. 401, 404, and 410 are also possible.
The Feed has moved permanently, the new URI is given in the the Location header.
The Feed has moved temporarily, the new URI is given in the the Location header.
The link tag is used in both HTML and Atom formats. There are slight differences between the two usages. Here are the commonalities, differences, and a list of well-known values for the rel attribute.
The link tag in HTML documents appears in the 'head' of the document. The 'head' section only allows a linear list of 'link' tags. The Atom format allows 'link' tags as children of both the 'feed' element and of the 'entry' element. Note that this gives the information present in the link tag more context. For example ... @@ TBD @@
This attribute describes the relationship from the current document, be it HTML or Atom, to the anchor specified by the href attribute. The value of this attribute is a space-separated list of link types. Note that these values are case insensitive. With type="application/x.atom+xml" we have the following interpretations of the relations.
URI of the resource being described by this link element.
Offers advisory information about the link. Rendered to the user to help them choose among a set of links with the same rel and type attributes.
The content type of the resource avaialable at the URI given in the href attribute of the link element. Most of the link types in this specification are on type 'application/x.atom+xml'.
The Atom format is used as the representation of all the resources in this specification. As it is used in differing contexts, there are different constraints of which elements may be present, and how their values should be interpreted.
@@TBD@@ Talk here about using HTTP basic and digest authentication.
@@TBD@@ Talk here about denial of service attacks using large XML files, or the billion laughs DTD attack.
All servers SHOULD support the following alternate interface mechanisms to enable a wider variety of clients to interact with AtomAPI servers. The following requirements are in addition to the ones listed in the Functional Specification Section. If a server supports SOAP Enabling then it MUST support all of the following.
- All servers MUST support the limited use of the SOAPAction HTTP Header as described below in the Client section.
- All servers MUST be able to process well formed XML. Servers need not be able to handle processing instructions or DTDs.
- Servers MUST accept content in a SOAP Envelope, and if they receive a request that is wrapped in a SOAP Envelope then they MUST wrap their responses in SOAP envelopes or produce a SOAP Fault.
- Clients SHOULD use the appropriate HTTP Method when possible. When not possible, they should use POST and include a SOAPAction HTTP header which is constrained as follows: SOAPAction: "http://schemas.xmlsoap.org/wsdl/http/[METHOD]" Where [METHOD] is replaced by the desired HTTP Method.
- Clients MAY wrap their XML payload in a SOAP Envelope. If so, they must also wrap it in an element which exactly matches the HTTP Method.
Fill this in with an example for how all the above is used for a weblog. Start with main HTML page, link tag of type service.feed to the 'introspection' file. 1. Creating a new entry 2. Finding an old entry 3. editing an old entry 4. commenting on a entry (via HTML and Atom)
Fill this in like above but for a wiki.
Rev 09 - 10Dec2003 - Added the section on SOAP enabled clients and servers.
Rev 08 - 01Dec2003 - Refactored the specification, merging the Introspection file into the feed format. Also dropped the distinction between the type of URI used to create new entries and the kind used to create comments. Dropped user preferences.
Rev 07 - 06Aug2003 - Removed the use of the RSD file for auto-discovery. Changed copyright until a final standards body is chosen. Changed query parameters for the search facet to all begin with atom- to avoid name collisions. Updated all the Entries to follow the 0.2 version. Changed the format of the search results and template file to a pure element based syntax.
Rev 06 - 24Jul2003 - Moved to PUT for updating Entries. Changed all the mime-types to application/x.atom+xml. Added template editing. Changed 'edit-entry' to 'create-entry' in the Introspection file to more accurately reflect it's purpose.
Rev 05 - 17Jul2003 - Renamed everything Echo into Atom. Added version numbers in the Revision history. Changed all the mime-types to application/atom+xml.
Rev 04 - 15Jul2003 - Updated the RSD version used from 0.7 to 1.0. Change the method of deleting an Entry from POSTing <delete/> to using the HTTP DELETE verb. Also changed the query interface to GET instead of POST. Moved Introspection Discovery to be up under Introspection. Introduced the term 'facet' for the services listed in the Introspection file.
Rev 03 - 10Jul2003 - Added a link to the Wiki near the front of the document. Added a section on finding an Entry. Retrieving an Entry now broken out into it's own section. Changed the HTTP status code for a successful editing of an Entry to 205.
Rev 02 - 7Jul2003 - Entries are no longer returned from POSTs, instead they are retrieved via GET. Cleaned up figure titles, as they are rendered poorly in HTML. All content-types have been changed to application/atom+xml.
Rev 01 - 5Jul2003 - Renamed from EchoAPI.html to follow the more commonly used format: draft-gregorio-NN.html. Renamed all references to URL to URI. Broke out introspection into it's own section. Added the Revision History section. Added more to the warning that the example URIs are not normative.
Copyright (C) Joe Gregorio (2003). All Rights Reserved.
[RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. |
Joe Gregorio | |
BitWorking, Inc | |
1002 Heathwood Dairy Rd. |
|
Apex, NC 27502 | |
US | |
Phone: | +1 919 272 3764 |
EMail: | joe@bitworking.com |
URI: | http://bitworking.com/ |