A Quick List of WebDAV Properties in the IETF Process (i.e., RFCs or I-Ds) Mark Nottingham, 2004/04/22 ====================================================================== * WebDAV - RFC 2518 13.1 creationdate Property Name: creationdate Namespace: DAV: Purpose: Records the time and date the resource was created. Value: date-time ; See Appendix 2 Description: The creationdate property should be defined on all DAV compliant resources. If present, it contains a timestamp of the moment when the resource was created (i.e., the moment it had non- null state). 13.2 displayname Property Name: displayname Namespace: DAV: Purpose: Provides a name for the resource that is suitable for presentation to a user. Description: The displayname property should be defined on all DAV compliant resources. If present, the property contains a description of the resource that is suitable for presentation to a user. 13.3 getcontentlanguage Property Name: getcontentlanguage Namespace: DAV: Purpose: Contains the Content-Language header returned by a GET without accept headers Description: The getcontentlanguage property MUST be defined on any DAV compliant resource that returns the Content-Language header on a GET. Value: language-tag ;language-tag is defined in section 14.13 of [RFC2068] 13.4 getcontentlength Property Name: getcontentlength Namespace: DAV: Purpose: Contains the Content-Length header returned by a GET without accept headers. Description: The getcontentlength property MUST be defined on any DAV compliant resource that returns the Content-Length header in response to a GET. Value: content-length ; see section 14.14 of [RFC2068] 13.5 getcontenttype Property Name: getcontenttype Namespace: DAV: Purpose: Contains the Content-Type header returned by a GET without accept headers. Description: This getcontenttype property MUST be defined on any DAV compliant resource that returns the Content-Type header in response to a GET. Value: media-type ; defined in section 3.7 of [RFC2068] 13.6 getetag Property Name: getetag Namespace: DAV: Purpose: Contains the ETag header returned by a GET without accept headers. Description: The getetag property MUST be defined on any DAV compliant resource that returns the Etag header. Value: entity-tag ; defined in section 3.11 of [RFC2068] 13.7 getlastmodified Property Name: getlastmodified Namespace: DAV: Purpose: Contains the Last-Modified header returned by a GET method without accept headers. Description: Note that the last-modified date on a resource may reflect changes in any part of the state of the resource, not necessarily just a change to the response to the GET method. For example, a change in a property may cause the last-modified date to change. The getlastmodified property MUST be defined on any DAV compliant resource that returns the Last-Modified header in response to a GET. Value: HTTP-date ; defined in section 3.3.1 of [RFC2068] 13.8 lockdiscovery Property Name: lockdiscovery Namespace: DAV: Purpose: Describes the active locks on a resource Description: The lockdiscovery property returns a listing of who has a lock, what type of lock he has, the timeout type and the time remaining on the timeout, and the associated lock token. The server is free to withhold any or all of this information if the requesting principal does not have sufficient access rights to see the requested data. 13.9 resourcetype Property Name: resourcetype Namespace: DAV: Purpose: Specifies the nature of the resource. Description: The resourcetype property MUST be defined on all DAV compliant resources. The default value is empty. 13.10 source Property Name: source Namespace: DAV: Purpose: The destination of the source link identifies the resource that contains the unprocessed source of the link's source. Description: The source of the link (src) is typically the URI of the output resource on which the link is defined, and there is typically only one destination (dst) of the link, which is the URI where the unprocessed source of the resource may be accessed. When more than one link destination exists, this specification asserts no policy on ordering. 13.11 supportedlock Property Name: supportedlock Namespace: DAV: Purpose: To provide a listing of the lock capabilities supported by the resource. Description: The supportedlock property of a resource returns a listing of the combinations of scope and access types which may be specified in a lock request on the resource. Note that the actual contents are themselves controlled by access controls so a server is not required to provide information the client is not authorized to see. ======================================================================= * Versioning Extensions to WebDAV - RFC 3253 3.1.1 DAV:comment This property is used to track a brief comment about a resource that is suitable for presentation to a user. The DAV:comment of a version can be used to indicate why that version was created. PCDATA value: string 3.1.2 DAV:creator-displayname This property contains a description of the creator of the resource that is suitable for presentation to a user. The DAV:creator- displayname of a version can be used to indicate who created that version. PCDATA value: string 3.1.3 DAV:supported-method-set (protected) This property identifies the methods that are supported by the resource. A method is supported by a resource if there is some state of that resource for which an application of that method will successfully satisfy all postconditions of that method, including any additional postconditions added by the features supported by that resource. name value: a method name 3.1.4 DAV:supported-live-property-set (protected) This property identifies the live properties that are supported by the resource. A live property is supported by a resource if that property has the semantics defined for that property. The value of this property MUST identify all live properties defined by this document that are supported by the resource, and SHOULD identify all live properties that are supported by the resource. ANY value: a property element type 3.1.5 DAV:supported-report-set (protected) This property identifies the reports that are supported by the resource. ANY value: a report element type 3.2 Version-Controlled Resource Properties The version-control feature introduces the following REQUIRED properties for a version-controlled resource. 3.2.1 DAV:checked-in (protected) This property appears on a checked-in version-controlled resource, and identifies a version that has the same content and dead properties as the version-controlled resource. This property is removed when the resource is checked out, and then added back (identifying a new version) when the resource is checked back in. 3.2.2 DAV:auto-version If the DAV:auto-version value is DAV:checkout-checkin, when a modification request (such as PUT/PROPPATCH) is applied to a checked-in version-controlled resource, the request is automatically preceded by a checkout and followed by a checkin operation. If the DAV:auto-version value is DAV:checkout-unlocked-checkin, when a modification request is applied to a checked-in version-controlled resource, the request is automatically preceded by a checkout operation. If the resource is not write-locked, the request is automatically followed by a checkin operation. If the DAV:auto-version value is DAV:checkout, when a modification request is applied to a checked-in version-controlled resource, the request is automatically preceded by a checkout operation. If the DAV:auto-version value is DAV:locked-checkout, when a modification request is applied to a write-locked checked-in version-controlled resource, the request is automatically preceded by a checkout operation. If an update to a write-locked checked-in resource is automatically preceded by a checkout of that resource, the checkout is associated with the write lock. When this write lock is removed (e.g. from an UNLOCK or a lock timeout), if the resource has not yet been checked in, the removal of the write lock is automatically preceded by a checkin operation. A server MAY refuse to allow the value of the DAV:auto-version property to be modified, or MAY only support values from a subset of the valid values. 3.3 Checked-Out Resource Properties The version-control feature introduces the following REQUIRED properties for a checked-out resource. 3.3.1 DAV:checked-out (protected) This property identifies the version that was identified by the DAV:checked-in property at the time the resource was checked out. This property is removed when the resource is checked in. 3.3.2 DAV:predecessor-set This property determines the DAV:predecessor-set property of the version that results from checking in this resource. A server MAY reject attempts to modify the DAV:predecessor-set of a version-controlled resource. 3.4 Version Properties The version-control feature introduces the following REQUIRED properties for a version. 3.4.1 DAV:predecessor-set (protected) This property identifies each predecessor of this version. Except for the root version, which has no predecessors, each version has at least one predecessor. 3.4.2 DAV:successor-set (computed) This property identifies each version whose DAV:predecessor-set identifies this version. 3.4.3 DAV:checkout-set (computed) This property identifies each checked-out resource whose DAV:checked-out property identifies this version. 3.4.4 DAV:version-name (protected) This property contains a server-defined string that is different for each version in a given version history. This string is intended for display for a user, unlike the URL of a version, which is normally only used by a client and not displayed for a user. ===================================================================== * Bindings - 3.1 DAV:resource-id Property The DAV:resource-id property is a REQUIRED property that enables clients to determine whether two bindings are to the same resource. The value of DAV:resource-id is a URI, and may use any registered URI scheme that guarantees the uniqueness of the value across all resources for all time (e.g. the opaquelocktoken: scheme defined in [RFC2518]). 3.2 DAV:parent-set Property The DAV:parent-set property is an OPTIONAL property that enables clients to discover what collections contain a binding to this resource (i.e. what collections have that resource as an internal member). It contains an of href/segment pair for each collection that has a binding to the resource. The href identifies the collection, and the segment identifies the binding name of that resource in that collection. A given collection MUST appear only once in the DAV:parent-set for any given binding, even if there are multiple URI mappings to that collection. For example, if collection C1 is mapped to both /CollX and /CollY, and C1 contains a binding named "x.gif" to a resource R1, then either [/CollX, x.gif] or [/CollY, x.gif] can appear in the DAV:parent-set of R1, but not both. But if C1 also had a binding named "y.gif" to R1, then there would be two entries for C1 in the DAV:binding-set of R1 (i.e. either both [/CollX, x.gif] and [/CollX, y.gif] or alternatively, both [/CollY, x.gif] and [/CollY, y.gif]). PCDATA value: segment, as defined in section 3.3 of [RFC2396] ======================================================================== * Redirectref - 12.1 DAV:redirect-lifetime (protected) This property provides information about the lifetime of a redirect. It can either be DAV:permanent (HTTP status 301) or DAV:temporary (HTTP status 302). Future protocols MAY define additional values. 12.2 DAV:reftarget (protected) This property provides an efficient way for clients to discover the URI of the target resource. This is a read-only property after its initial creation. Its value can only be set in a MKREDIRECTREF request. The value is a DAV:href element containing the URI of the target resource. ======================================================================== * WebDAV Ordered Collections - RFC 3648 - 4.1.1. DAV:ordering-type (protected) The DAV:ordering-type property indicates whether the collection is ordered and, if so, uniquely identifies the semantics of the ordering. It may also point to an explanation of the semantics in human and/or machine-readable form. At a minimum, this allows human users who add members to the collection to understand where to position them in the ordering. This property cannot be set using PROPPATCH. Its value can only be set by including the Ordering-Type header with a MKCOL request or by submitting an ORDERPATCH request. Ordering types are identified by URIs that uniquely identify the semantics of the collection's ordering. The following two URIs are predefined: DAV:custom: The value DAV:custom indicates that the collection is ordered, but the semantics governing the ordering are not being advertised. DAV:unordered: The value DAV:unordered indicates that the collection is not ordered. That is, the client cannot depend on the repeatability of the ordering of results from a PROPFIND request. An ordering-aware client interacting with an ordering-unaware server (e.g., one that is implemented only according to [RFC2518]) SHOULD assume that the collection is unordered if a collection does not have the DAV:ordering-type property. ========================================================================= * WebDAV Access Control - 5.1 DAV:owner This property identifies a particular principal as being the "owner" of the resource. Since the owner of a resource often has special access control capabilities (e.g., the owner frequently has permanent DAV:write-acl privilege), clients might display the resource owner in their user interface. Servers MAY implement DAV:owner as protected property and MAY return an empty DAV:owner element as property value in case no owner information is available. 5.2 DAV:group This property identifies a particular principal as being the "group" of the resource. This property is commonly found on repositories that implement the Unix privileges model. Servers MAY implement DAV:group as protected property and MAY return an empty DAV:group element as property value in case no group information is available. 5.3 DAV:supported-privilege-set This is a protected property that identifies the privileges defined for the resource. Each privilege appears as an XML element, where aggregate privileges list as sub-elements all of the privileges that they aggregate. An abstract privilege MUST NOT be used in an ACE for that resource. Servers MUST fail an attempt to set an abstract privilege. A description is a human-readable description of what this privilege controls access to. Servers MUST indicate the human language of the description using the xml:lang attribute and SHOULD consider the HTTP Accept-Language request header when selecting one of multiple available languages. It is envisioned that a WebDAV ACL-aware administrative client would list the supported privileges in a dialog box, and allow the user to choose non-abstract privileges to apply in an ACE. The privileges tree is useful programmatically to map well-known privileges (defined by WebDAV or other standards groups) into privileges that are supported by any particular server implementation. The privilege tree also serves to hide complexity in implementations allowing large number of privileges to be defined by displaying aggregates to the user. 5.4 DAV:current-user-privilege-set DAV:current-user-privilege-set is a protected property containing the exact set of privileges (as computed by the server) granted to the currently authenticated HTTP user. Aggregate privileges and their contained privileges are listed. A user-agent can use the value of this property to adjust its user interface to make actions inaccessible (e.g., by graying out a menu item or button) for which the current principal does not have permission. This property is also useful for determining what operations the current principal can perform, without having to actually execute an operation. If the current user is granted a specific privilege, that privilege must belong to the set of privileges that may be set on this resource. Therefore, each element in the DAV:current-user-privilege-set property MUST identify a non-abstract privilege from the DAV:supported-privilege-set property. 5.5 DAV:acl This is a protected property that specifies the list of access control entries (ACEs), which define what principals are to get what privileges for this resource. Each DAV:ace element specifies the set of privileges to be either granted or denied to a single principal. If the DAV:acl property is empty, no principal is granted any privilege. 5.6 DAV:acl-restrictions This protected property defines the types of ACLs supported by this server, to avoid clients needlessly getting errors. When a client tries to set an ACL via the ACL method, the server may reject the attempt to set the ACL as specified. The following properties indicate the restrictions the client must observe before setting an ACL: Deny ACEs are not supported Inverted ACEs are not supported All deny ACEs must occur before any grant ACEs Indicates which principals are required to be present 5.7 DAV:inherited-acl-set This protected property contains a set of URLs that identify other resources that also control the access to this resource. To have a privilege on a resource, not only must the ACL on that resource (specified in the DAV:acl property of that resource) grant the privilege, but so must the ACL of each resource identified in the DAV:inherited-acl-set property of that resource. Effectively, the privileges granted by the current ACL are ANDed with the privileges granted by each inherited ACL. 5.8 DAV:principal-collection-set This protected property of a resource contains a set of URLs that identify the root collections that contain the principals that are available on the server that implements this resource. A WebDAV Access Control Protocol user agent could use the contents of DAV:principal-collection-set to retrieve the DAV:displayname property (specified in Section 13.2 of [RFC2518]) of all principals on that server, thereby yielding human-readable names for each principal that could be displayed in a user interface. Since different servers can control different parts of the URL namespace, different resources on the same host MAY have different DAV:principal-collection-set values. The collections specified in the DAV:principal-collection-set MAY be located on different hosts from the resource. The URLs in DAV:principal-collection-set SHOULD be http or https scheme URLs. For security and scalability reasons, a server MAY report only a subset of the entire set of known principal collections, and therefore clients should not assume they have retrieved an exhaustive listing. Additionally, a server MAY elect to report none of the principal collections it knows about, in which case the property value would be empty. The value of DAV:principal-collection-set gives the scope of the DAV:principal-property-search REPORT (defined in Section 9.4). Clients use the DAV:principal-property-search REPORT to populate their user interface with a list of principals. Therefore, servers that limit a client's ability to obtain principal information will interfere with the client's ability to manipulate access control lists, due to the difficulty of getting the URL of a principal for use in an ACE.