Mounting Web Distributed Authoring and Versioning (WebDAV) Servers

Mounting Web Distributed Authoring and Versioning (WebDAV) Servers greenbytes GmbH

Hafenweg 16 MuensterNW48155 Germany +49 251 2807760 +49 251 2807761 [email protected] http://greenbytes.de/tech/webdav/

In current Web browsers, there is no uniform way to specify that a user clicking on a link will be presented with an editable view of a Web Distinguished Authoring and Versioning (WebDAV) server. For example, it is frequently desirable to be able to click on a link and have this link open a window that can handle drag-and-drop interaction with the resources of a WebDAV server. This document specifies a mechanism and a document format that enables WebDAV servers to send "mounting" information to a WebDAV client. The mechanism is designed to work on any platform and with any combination of browser and WebDAV client, relying solely on the well-understood dispatch of documents through their MIME type.

By definition, a Web Distributed Authoring and Versioning (WebDAV) server () is an HTTP server as well (). Most WebDAV servers can be (at least partly) operated from an HTML-based user interface in a web browser. However, it is frequently desirable to be able to switch from an HTML-based view to a presentation provided by a native WebDAV client, directly supporting the authoring features defined in WebDAV and related specifications. This document specifies a platform-neutral mechanism based on the dispatch of documents through their MIME type. For completeness, lists other approaches that have been implemented in existing clients. For example, many educational institutions use WebDAV servers as a mechanism for sharing documents among students. Each student owns a separate collection structure on a WebDAV server, often called his/her "locker". Ideally, when users click on a link in an HTML page provided by the university (perhaps by their university Web portal), an editable view of their locker will appear.

The terminology used here follows that in the WebDAV Distributed Authoring Protocol specification . The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in . This document uses XML DTD fragments () as a purely notational convention. In particular: Element names use the namespace "http://purl.org/NET/webdav/mount". When an XML element type in this namespace is referenced in this document outside of the context of an XML fragment, the string "dm:" will be prefixed to the element name. Element ordering is irrelevant. Extension elements/attributes (elements/attributes not already defined as valid child elements) may be added anywhere, except when explicitly stated otherwise.

A WebDAV mount request is encoded in a specific XML format () with a well-defined MIME type (see ). The MIME type allows user agents to dispatch the content to a handler specific to the system's WebDAV client. The elements defined below use the namespace "http://purl.org/NET/webdav/mount".

<!ELEMENT mount (url, open?, username?) > <!ELEMENT url (#PCDATA) >  <!ELEMENT open (#PCDATA) >  <!ELEMENT username (#PCDATA) >

The <dm:mount> element acts as a container for all the remaining elements defined by this protocol.

The mandatory <dm:url> element provides the HTTP URL of the WebDAV collection that should be mounted by the client.

The optional <dm:open> element instructs the client to display the specified child collection; its URL is computed by concatenating this element's value with the URL obtained from the <dm:url> element (see for a discussion about why this element only supports displaying collections rather than opening arbitrary documents).

The server can use the optional <dm:username> element to specify the name of the currently authenticated principal. A client can use this value to select a matching mount point (different users may have mounted the URL with different credentials under different local mount points) or to provide a meaningful default for authentication against the server. It is common that a browser and WebDAV client do not share HTTP connections, so including this information in the mount document increases usability. Implementation Note: If a <dm:username> element is present, public caching of the document should be disallowed. Thus, appropriate 'Vary' or 'Cache-Control' headers are needed in the server response.

In the example below, the client first retrieves a representation of a WebDAV collection using a generic Web browser (1). The returned HTML content contains a hyperlink that identifies the "davmount" document in the format defined in (2). The user follows this link (3), which causes the server to return the "davmount" document to the user's browser (4). The browser in turn passes the content to the application that was registered to handle the "application/davmount+xml" MIME type, usually the default WebDAV client on the client's system.

(1) Client retrieves representation of WebDAV collection "/user42/inbox/". GET /user42/inbox/ HTTP/1.1 Host: www.example.com

(2) Server returns representation. HTTP/1.1 200 OK Content-Type: text/html Content-Length: xxx .. <a href="?action=davmount">View this collection in your WebDAV client</a> .. (note that the example shows only that part of the HTML page that contains the relevant link)

(3) Client follows link to "davmount" document GET /user42/inbox/?action=davmount HTTP/1.1 Host: www.example.com

(4) Server returns "davmount" document HTTP/1.1 200 OK Content-Type: application/davmount+xml Content-Length: xxx Cache-Control: private <dm:mount xmlns:dm="http://purl.org/NET/webdav/mount"> <dm:url>http://www.example.com/user42/</dm:url> <dm:open>inbox/</dm:open> </dm:mount>

This document does not introduce any new internationalization considerations beyond those discussed in .

Type name: application Subtype name: davmount+xml Required parameters: none Optional parameters: "charset": This parameter has identical semantics to the charset parameter of the "application/xml" media type as specified in . Encoding considerations: Identical to those of "application/xml" as described in . Security considerations: As defined in this specification. In addition, as this media type uses the "+xml" convention, it shares the same security considerations as described in . Interoperability considerations: There are no known interoperability issues. Published specification: This specification. Applications that use this media type: SAP Netweaver Knowledge Management, Xythos Drive. Additional information: Magic number(s): As specified for "application/xml" in . File extension(s): .davmount Fragment identifiers: As specified for "application/xml" in . Base URI: As specified in . Macintosh file type code(s): TEXT Person & email address to contact for further information: Julian Reschke <[email protected]> Intended usage: COMMON Restrictions on usage: None. Author: Julian Reschke Change controller: IESG

All security considerations connected to HTTP/WebDAV and XML apply for this specification as well, namely, and . In addition, client implementers must be careful when implementing the <dm:open> element (see ). It MUST NOT be used to initiate any action beyond displaying the contents of a WebDAV collection (supporting "opening" documents could be abused to trick a user into letting the operating system's shell execute arbitrary content, possibly running it as an executable program). The OPTIONAL <dm:username> element defined in allows the inclusion of user names into mount documents. However in some cases, user name information is considered to be security sensitive. Should this be the case, parties generating mount documents are advised to either not to include user names, or to use access control to restrict access to the information as desired.

This document has benefited from thoughtful discussion by Emile Baizel, Spencer Dawkins, Lisa Dusseault, Stefan Eissing, Joe Gregorio, Michal Gregr, Russ Housley, Jim Luther, Jaroslav Mazanec, and Jim Whitehead.

Key words for use in RFCs to Indicate Requirement Levels Harvard University