The AtomAPI

The AtomAPI
RFC
TOC
yes
J.C. Gregorio
BitWorking, Inc
December 2003
The
AtomAPI
draft-gregorio-09.html
Abstract
This memo presents a technique for
using XML (Extensible Markup Language) and HTTP (HyperText Transport Protocol)
to edit content.
To provide feedback on this draft RFC
please visit the
Atom Wiki
or join the
atom-syntax mailing list
RFC
TOC
Table of Contents
Introduction
Terminology
Scope
Introduction
4.1
Purpose
4.2
Terminology
4.3
The
AtomAPI
Model
Functional Specification
5.1
PostURI
5.1.1
Locating
5.1.2
Request
5.1.3
Response
5.1.3.1
201
5.1.3.2
303
5.1.3.3
400
5.1.3.4
500
5.2
EditURI
5.2.1
Locating
5.2.2
Request
5.3
FeedURI
5.3.1
Locating
5.3.2
Request
5.3.3
Response
5.3.3.1
301
5.3.3.2
307
5.4
Link Tag
5.4.1
rel
5.4.2
href
5.4.3
title
5.4.4
type
5.5
Atom Request and Response Body Constraints
5.5.1
id
5.5.2
link
5.5.3
title
5.5.4
summary
5.5.5
content
5.5.6
issued
5.5.7
modified
5.5.8
created
5.5.9
author
5.5.10
contributor
5.5.11
generator
Security Considerations
Appendices
7.1
SOAP Enabling
7.1.1
Servers
7.1.2
Clients
7.2
Example for a weblog
7.3
Example for a wiki
Revision History
References
Author's Address
Full Copyright Statement
TOC
Introduction
The
AtomAPI
is an application level protocol for publishing and editing web resources.
The protocol at its core is the HTTP transport of Atom formatted representations.
To provide feedback on this draft RFC
please visit the
Atom Wiki
or join the
atom-syntax mailing list
TOC
Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",the
and "OPTIONAL" in this document are to be interpreted as
described in RFC2119.
TOC
Scope
This document covers the editing of content of a periodically updating website using the
HTTP and XML. All of the XML payloads are in Atom format, which is documented in
the draft
Atom
Syndication Format RFC
TOC
Introduction
4.1
Purpose
The
AtomAPI
is an application level protocol for publishing
and editing web resources.
4.2
Terminology
Atom Entry
A fragment of a full Atom feed. In this case the fragment is
a single 'entry' element and all it's child elements.
PostURI
A URI that is used to create new resources. POSTing an
Atom Entry to this URI will create a new resource.
EditURI
A URI that is used to edit a resource. The editing is done using
the HTTP verbs GET, PUT and DELETE. The representation of the
resource is always that of an Atom Entry.
FeedURI
A URI that has a representation as a full Atom feed.
4.3
The
AtomAPI
Model
AtomAPI
is an application level protocol for publishing
and editing web resources. Using the common HTTP verbs provides a pattern
for working with all such web resources:
GET is used to retrieve a representation of a resource or perform a read-only query.
PUT is used to update a known resource.
POST is used to create a new dynamically-named resource.
DELETE is used to remove a resource.
There are different kinds of resources managed by the
AtomAPI
, each of these
have URIs and those URIs support a subset of the above methods. There are
three major classes of URIs in this specification: PostURI, FeedURI
and EditURI. This specification defines the expected actions
for each of the methods listed. Note that this does not restrict
a URI to only supporting just those methods listed, for example
an EditURI could support a POST method, or the OPTIONS method, what
those methods do is beyond the scope of this specification.
EditURI: PUT, GET, DELETE
PostURI: POST
FeedURI: GET
This RFC does not specify the form of the URIs that are used. The URI space
of each server is controlled, as defined by HTTP, by the server alone. What
this RFC does specify are the formats of the files that are exchanged
and the actions that can be performed on the URIs embedded in those files.
TOC
Functional Specification
5.1
PostURI
The PostURI is used to create entries. These can be either full
entries, such as a weblog post, or they can be comments, or
even a wiki page. The client
POSTs a filled in Atom Entry to this URI. If the request is succesful
then multiple new URIs may be created that contain representations
of varying types. For example, POSTing an Atom entry to a PostURI
may create a new weblog entry with both an HTML and Atom representation
now available. The URI of the newly created Atom representation may in
fact be an EditURI through which the resource can be edited.
5.1.1
Locating
For creating a new site Entry, the link tag is used.
Note that a link tag is used in both HTML and in the Atom
format. A link tag of the following format points to the
PostURI for a site. In HTML the link tags are always found
in the head element, while in Atom they may appear as children
of the Feed and entry elements.
type="application/x.atom+xml"
href="URI for Posting goes here"
title="The name of the site.">
Note: Multiple link tags may appear together and can be
distinguished by having different 'rel', 'type' and 'title' attributes.
5.1.2
Request
The request contains a filled in Atom entry, subject to
the constraints in section @@ TBD @@.
5.1.3
Response
The expected status codes from a POST are 201, 303,
400, and 500. 401, 404, and 410 are also possible.
5.1.3.1
201
Response includes a Location: header with the URI of the created
resource, i.e. the URI used to edit the entry, as opposed
to the URI used to display the content. The body of the
response will contain the entry "filled in" with time stamps
and any other data the server choses to reveal. This must contain
enough information to enable a client to issue a subsequent PUT
to this location. Note that the server may chose to omit the content
in the response, particularly if it is large.
5.1.3.2
303
The body of this response does not contain the filled in Entry,
but the filled in Entry can be found under a different URI and
SHOULD be retrieved using a GET method on that resource. The
different URI SHOULD be given by the Location field in the response.
5.1.3.3
400
Indicates that the server believes that that data sent constitutes
an invalid request. A short description of the error will appear
on the status line itself. A longer description
will appear in the body.
5.1.3.4
500
Indicates that the server detected an internal error on the server
processing this request (such as an unhandled exception). A short
description of the error will appear on the status line itself.
A longer description will appear in the body.
5.2
EditURI
An EditURI is used to edit a single entry. Each entry that is editable
MUST have a unique URI. This URI supports both GET and PUT and they are
used in tandem for an editing cycle. The client GET's the represenation
which is formatted as an Atom entry. The client may then update the
entry and then PUT it back to the same URI. The PUT will cause all
the related resources to be updated, for example, the HTML representaion.
Note that the value of the content element in the Atom entry does not
have to exactly match the content element for the same entry
when it is represented in an Atom feed. For example, a server may allow
the client to post entries whose content is formatted as WikiML, yet
the server may clean up such markup and transform it into well-formed XHTML
before placing it in the publicly avialable Atom feed. Another scenario
is summaries, the EditURI is for editing the full content of an entry, but the
server may only present excerpts when it produces an Atom feed.
A client will send a DELETE to the EditURI to delete an entry.
5.2.1
Locating
For editing a site Entry, the link tag is used.
Note that a link tag is used in both HTML and in the Atom
format. A link tag of the following format points to the
EditURI for a site. In HTML the link tags for editing are always found
in the head element, while in Atom they may appear as children
of the entry elements.
type="application/x.atom+xml"
href="URI for Editing goes here"
title="Readable description of the e
ntry.">
Note: The critical characteristic of this link tag is the
@rel of 'service.edit' and the @type of 'application/x.atom+xml'.
5.2.2
Request
A PUT request, and a GET response both
contain a filled in Atom entry, subject to
the constraints in section @@ TBD @@.
5.3
FeedURI
The FeedURI is used to retrieve a represenation in Atom format.
Note that this feed is different from a typical Atom feed
in that it contains "link" elements for navigating
and manipulating the content of the site. For example
there should be a "link" element with rel="next" whose
URI points to the next block of entries on the site. Similarly
the feed element can contain a "link" element with
rel="service.post", the URI of which is a PostURI.
Individual entries should contain "link" elements with
rel="service.edit" whose URIs are EditURIs.
@@ Editor's Note: @@ Note that the "service.feed" takes the
place of the Introspection File and the Search facet
in previous versions of the specification. That is, facet discovery,
which was previously done by inspecting the Introspection file is now
done by looking for "link" tags with an attribute "rel" set to
"service.[something]" in the "service.feed" file.
At the same time the same representation replaces the
search facet by having "link" tags that point to other feeds using
well knows 'rel' attribute values such as 'next' and 'prev', or the
search can branch in multiple directions by specifying multiple link
tags with rel="service.feed" and having differing title attributes that
announce the kind of search results in that feed.
5.3.1
Locating
A link tag of the following format points to the
FeedURI.
type="application/x.atom+xml"
href="URI goes here"
title="The name of the site.">
5.3.2
Request
The request is a simple GET. No other verbs are currently
specified for this URI.
5.3.3
Response
The expected status codes from a GET are 200, 301, 307,
and 500. 401, 404, and 410 are also possible.
5.3.3.1
301
The Feed has moved permanently, the new URI is given in the
the Location header.
5.3.3.2
307
The Feed has moved temporarily, the new URI is given in the
the Location header.
5.4
Link Tag
The link tag is used in both HTML and Atom formats. There are slight differences
between the two usages. Here are the commonalities, differences,
and a list of well-known values for the rel attribute.
The link tag in HTML documents
appears in the 'head' of the document.
The 'head' section only allows a linear list of 'link' tags.
The Atom format allows 'link' tags as children of both the
'feed' element and of the 'entry' element. Note that this gives the information
present in the link tag more context.
For example ... @@ TBD @@
5.4.1
rel
This attribute describes the relationship
from the current document, be it HTML or Atom, to the
anchor specified by the href attribute. The value of this
attribute is a space-separated list of link types.
Note that these values are case insensitive. With type="application/x.atom+xml"
we have the following interpretations of the relations.
alternate
The URI in the href attribute points to an alternate
representation of the containing resource.
start
The Atom feed at the URI supplied in the href attribute
contains the first feed in a linear sequence of entries.
next
The Atom feed at the URI supplied in the href attribute
contains the next N entries in a linear sequence of entries.
prev
The Atom feed at the URI supplied in the href attribute
contains the previous N entries in a linear sequence of entries.
service.edit
The URI given in the href attribute is used
to edit a representation of the referred resource.
service.post
The URI in the href attribute is used to create
new resources.
service.feed
The URI given in the href attribute is a starting point
for navigating content and services.
5.4.2
href
URI of the resource being described by this link element.
5.4.3
title
Offers advisory information about the link. Rendered to the user to help
them choose among a set of links with the same rel and type attributes.
5.4.4
type
The content type of the resource avaialable at the URI given in the
href attribute of the link element. Most of the link types in this
specification are on type 'application/x.atom+xml'.
5.5
Atom Request and Response Body Constraints
The Atom format is used as the representation
of all the resources in this specification. As it is used in
differing contexts, there are different constraints
of which elements may be present, and how their values should
be interpreted.
5.5.1
id
PostURI
MUST NOT be present.
FeedURI
MUST be present.
EditURI
GET
MUST be present.
PUT
MUST be present.
5.5.2
link
PostURI
MAY be present. Servers may use the
information to determine the URI of the created resource.
Relative URLs are to be interpreted relative to xml:base.
FeedURI
MUST be present.
EditURI
GET
MUST be present.
PUT
MUST be present.
5.5.3
title
PostURI
MUST be present.
The element may be empty, to explicitly indicate "no title".
Servers SHOULD NOT try to generate a title if one is not
provided. The type attribute MAY be present, and if not it
defaults to "text/plain". If present, it MUST represent a mime
type that the server supports
The mode attribute MAY be present, if not it defaults to "xml".
If present, it must be "xml", "base64", or "escaped".
FeedURI
MUST be present.
EditURI
GET
MUST be present.
PUT
MUST be present. The element may be empty,
to explicitly indicate "no title".
Servers SHOULD NOT try to generate a title if one is not
provided.
5.5.4
summary
PostURI
MAY be present, if not present, indicates the server is welcome to
produce its own summary. If present but empty then the
server SHOULD NOT generate a summary of its own.
The type attribute MAY be present, if not it defaults
to "text/plain". If present it must represent a mime type that the server supports.
The mode attribute MAY be present and defaults to "xml".
If present, it must be "xml","base64", or "escaped".
FeedURI
MAY be present.
EditURI
GET
MAY be present.
PUT
MAY be present. The element may be empty,
to explicitly indicate "no summary".
Servers SHOULD NOT try to generate a title if one is not
provided.
5.5.5
content
PostURI
MAY be present but may be empty, to explicitly indicate "no content".
The type attribute MAY be present, but defaults to "text/plain" if not present.
It must represent a mime type that the server supports.
The MODE attribute may be present and defaults to "xml" if not present.
It must be "xml","base64", or "escaped".
FeedURI
MAY be present.
EditURI
GET
MAY be present.
PUT
MAY be present. The element may be empty,
to explicitly indicate "no content".
5.5.6
issued
PostURI
MUST be present but may be empty in which case it signifies
"now" in the timezone of the server.
FeedURI
MUST be present.
EditURI
GET
MUST be present.
PUT
MUST be present. Server policy determines
if an updated time is accepted.
5.5.7
modified
PostURI
MUST NOT be present.
FeedURI
MAY be present.
EditURI
GET
MAY be present.
PUT
MAY be present. The element may be empty,
to explicitly indicate that 'now' on the
server time is to be used.
5.5.8
created
PostURI
MAY be present.
FeedURI
MAY be present.
EditURI
GET
MAY be present.
PUT
MAY be present. The server may or may not
accept an updated value. If the server does
not allow updating the issued time then any
PUT request with a differenct issued value
MUST be rejected.
5.5.9
author
PostURI
MAY be present. If not present the server determines
the author. If present and it conflicts with valid values
as determined by the server, then the server may change
the value of author.
FeedURI
MAY be present.
EditURI
GET
MAY be present.
PUT
MAY be present.
5.5.10
contributor
PostURI
MAY be present.
FeedURI
MAY be present.
EditURI
GET
MAY be present.
PUT
MAY be present.
5.5.11
generator
PostURI
MUST be present. The
value of the element indicates the
code base used to create this request.
MUST contain a valid URI. MUST also have
an attribute 'version' with a version number.
FeedURI
MUST NOT be present.
EditURI
GET
MUST NOT be present.
PUT
MUST NOT be present.
TOC
Security Considerations
@@TBD@@ Talk here about using HTTP basic and digest authentication.
@@TBD@@ Talk here about denial of service attacks using large XML files,
or the billion laughs DTD attack.
TOC
Appendices
7.1
SOAP Enabling
All servers SHOULD support the following alternate
interface mechanisms to enable a wider variety of clients
to interact with
AtomAPI
servers. The following requirements
are in addition to the ones listed in the Functional Specification Section.
If a server supports SOAP Enabling then it MUST support
all of the following.
7.1.1
Servers
All servers MUST support the limited use of the SOAPAction
HTTP Header as described below in the Client section.
All servers MUST be able to process well formed XML. Servers need
not be able to handle processing instructions or DTDs.
Servers MUST accept content in a SOAP Envelope, and if they
receive a request that is wrapped in a SOAP Envelope then they
MUST wrap their responses in SOAP envelopes or produce a SOAP
Fault.
7.1.2
Clients
Clients SHOULD use the appropriate HTTP Method when possible.
When not possible, they should use POST and include a SOAPAction
HTTP header which is constrained as follows:
SOAPAction: "http://schemas.xmlsoap.org/wsdl/http/[METHOD]"

Where [METHOD] is replaced by the desired HTTP Method.
Clients MAY wrap their XML payload in a SOAP Envelope.
If so, they must also wrap it in an element which exactly
matches the HTTP Method.
7.2
Example for a weblog
Fill this in with an example for how all the above is
used for a weblog.
Start with main HTML page, link tag of type service.feed
to the 'introspection' file.
1. Creating a new entry
2. Finding an old entry
3. editing an old entry
4. commenting on a entry (via HTML and Atom)
7.3
Example for a wiki
Fill this in like above but for a wiki.
TOC
Revision History
Rev 09 - 10Dec2003 - Added the section on SOAP enabled clients
and servers.
Rev 08 - 01Dec2003 - Refactored the specification, merging the Introspection
file into the feed format. Also dropped the distinction between the
type of URI used to create new entries and the kind used to create comments.
Dropped user preferences.
Rev 07 - 06Aug2003 - Removed the use of the RSD file for auto-discovery. Changed copyright
until a final standards body is chosen. Changed query parameters for the search facet
to all begin with atom- to avoid name collisions. Updated all the Entries to follow
the 0.2 version. Changed the format of the search results and template file
to a pure element based syntax.
Rev 06 - 24Jul2003 - Moved to PUT for updating Entries.
Changed all the mime-types to application/x.atom+xml. Added template
editing. Changed 'edit-entry' to 'create-entry' in the Introspection file
to more accurately reflect it's purpose.
Rev 05 - 17Jul2003 - Renamed everything Echo into Atom. Added
version numbers in the Revision history.
Changed all the mime-types to application/atom+xml.
Rev 04 - 15Jul2003 - Updated the RSD version used from 0.7 to 1.0. Change the method of deleting
an Entry from POSTing to using the HTTP DELETE verb. Also changed the
query interface to GET instead of POST. Moved Introspection Discovery to be up under
Introspection. Introduced the term 'facet' for the services listed in the Introspection file.
Rev 03 - 10Jul2003 - Added a link to the Wiki near the front of the
document. Added a section on finding an Entry. Retrieving an Entry
now broken out into it's own section. Changed the HTTP status code for
a successful editing of an Entry to 205.
Rev 02 - 7Jul2003 - Entries are no longer returned from POSTs, instead they are retrieved via GET.
Cleaned up figure titles, as they are rendered poorly in HTML. All content-types
have been changed to application/atom+xml.
Rev 01 - 5Jul2003 - Renamed from EchoAPI.html to follow the more commonly used format:
draft-gregorio-NN.html. Renamed all
references to URL to URI. Broke out introspection into it's own section. Added the Revision History section.
Added more to the warning that the example URIs are not normative.
TOC
Copyright (C) Joe Gregorio (2003). All Rights Reserved.
TOC
References
[RFC2119]
Bradner, S.
, "
Key words for use in RFCs to Indicate Requirement Levels
", BCP 14, RFC 2119, March 1997.
TOC
Author's Address
Joe Gregorio
BitWorking, Inc
1002 Heathwood Dairy Rd.
Apex, NC 27502
US
Phone:
+1 919 272 3764
EMail:
joe@bitworking.com
URI: