INTERNET-DRAFT Saveen Reddy, Microsoft draft-dasl-protocol-01.txt Dale Lowry, Novell Surendra Reddy, Oracle Rick Henderson, Netscape Jim Davis, CourseNet Alan Babich, Filenet Expires Jan xx, 2000 July xx, 1999
Status of this Memo
This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026.
This document is an Internet draft. Internet drafts are working documents of the Internet Engineering Task Force (IETF), its areas and its working groups. Note that other groups may also distribute working information as Internet drafts.
Internet Drafts are draft documents valid for a maximum of six months and can be updated, replaced or obsoleted by other documents at any time. It is inappropriate to use Internet drafts as reference material or to cite them as other than as "work in progress".
The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html.
Distribution of this document is unlimited. Please send comments to the mailing list at <www-webdav-dasl@w3.org>, which may be joined by sending a message with subject "subscribe" to <www-webdav-dasl-request@w3.org>.
Discussions of the list are archived at <URL:http://www.w3.org/pub/WWW/Archives/Public/www-webdav-dasl>.
Abstract
This document specifies a set of methods, headers, and content-types composing DASL, an application of the HTTP/1.1 protocol to efficiently search for DAV resources based upon a set of client-supplied criteria.
DASL will minimize the complexity of clients so as to facilitate widespread deployment of applications capable of utilizing the DASL search mechanisms.
DASL consists of:
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
The SEARCH method plays the role of transport mechanism for the query and the result set. It does not define the semantics of the query. The type of the query defines the semantics.
The SEARCH method defines no relationship between the arbiter and the scope of the search, rather the particular query grammar used in the query defines the relationship. For example, the FOO query grammar may force the request-URI to correspond exactly to the search scope.
If the client sends a text/xml or application/xml body, it MUST include the DAV:searchrequest XML element. The DAV:searchrequest XML element identifies the query grammar, defines the criteria, the result record, and any other details needed to perform the search.
<!ELEMENT searchrequest ANY >The DAV:searchrequest XML element contains a single XML element that defines the query. The name of the query element defines the type of the query. The value of that element defines the query itself.
There MUST be one DAV:response for each resource that matched the search criteria. For each such response, the DAV:href element contains the URI of the resource, and the response MUST include a DAV:propstat element.
In addition, the server MAY include DAV:response items in the reply where the DAV:href element contains a URI that is not a matching resource, e.g. that of a scope or the query arbiter. Each such response item MUST NOT contain a DAV:propstat element, and MUST contain a DAV:status. It SHOULD contain a DAV:responsedescription.
SEARCH / HTTP/1.1 Host: ryu.com Content-Type: text/xml Connection: Close Content-Length: 243 <?xml version="1.0"?> <D:searchrequest xmlns:D = "DAV:" xmlns:F = "FOO:"> <F:natural-language-query> Find the locations of good Thai restaurants in Los Angeles </F:natural-language-query> </D:searchrequest>>> Response
HTTP/1.1 207 Multi-Status Content-Type: text/xml Content-Length: 333 <?xml version="1.0"?> <D:multistatus xmlns:D="DAV:" xmlns:F="FOO:" xmlns:R="http://ryu.com/propschema"> <D:response> <D:href>http://siamiam.com/</D:href> <D:propstat> <D:prop> <R:location>259 W. Hollywood</R:location> <R:rating><R:stars>4</R:stars></R:rating> </D:prop> </D:propstat> </D:response> </D:multistatus>
400 Bad Request. The query could not be executed. The request may be malformed (not valid XML for example). Additionally, this can be used for invalid scopes and search redirections.
422 Unprocessable entity. The query could not be executed. If a text/xml request entity was provided, then it may have been valid (well-formed) but may have contained an unsupported or unimplemented query operator.
507 (Insufficient Storage). The query produced more results than the server was willing to transmit. Partial results have been transmitted. The server MUST send a body that matches that for 207, except that there MAY exist resources that matched the search criteria for which no corresponding DAV:response exists in the reply.
When a result set is truncated, there may be many more resources that satisfy the search criteria but that were not examined.
If partial results are included and the client requested an ordered result set in the original request, then any partial results that are returned MUST be ordered as the client directed.
Note that the partial results returned MAY be any subset of the result set that would have satisfied the original query.
SEARCH / HTTP/1.1 Host: gdr.com Content-Type: text/xml Connection: Close Content-Length: xxxxx <?xml version="1.0"?> <D:searchrequest xmlns:D="DAV:"> <D:basicsearch> … the query goes here … </D:basicsearch> </D:searchrequest>
>> Response HTTP/1.1 507 Insufficient Storage Content-Type: text/xml Content-Length: 738 <?xml version="1.0"?> <D:multistatus xmlns:D="DAV:"> <D:response> <D:href>http://www.gdr.com/sounds/unbrokenchain.au</D:href> <D:propstat> <D:prop/> <D:status>HTTP/1.1 200 OK</D:status> </D:propstat> </D:response> <D:response> <D:href>http://tech.mit.edu/archive96/photos/Lesh1.jpg</D:href> <D:propstat> <D:prop/> <D:status>HTTP/1.1 200 OK</D:status> <D:/propstat> </D:response> <D:response> <D:href>http://gdr.com</href> <D:status>HTTP/1.1 507 Insufficient Storage</D:status> <D:responsedescription> Only first two matching records were returned </D:responsedescription> </D:response> </D:multistatus>
To indicate an invalid scope, the server MUST respond with a 400 (Bad Request).
The response includes a text/xml body with a DAV:multistatus element. Each DAV:response in the DAV:multistatus identifies a scope. To indicate that this scope is the source of the error, the server MUST include the DAV:scopeerror element.
HTTP/1.1 400 Bad-Request Content-Type: text/xml Content-Length: xxxxx <?xml version="1.0" ?> <d:multistatus xmlns:d="DAV:"> <d:response> <d:href>http://www.foo.com/X</d:href> <d:status>HTTP/1.1 404 Object Not Found</d:status> <d:scopeerror/> </d:response> </d:multistatus>
In this case, the server MUST:
(1) include the DAV:scopeerror element
(2) include the DAV:status element for that scope. The value of this element MUST be a 303 (See Other) response.
(3) include the DAV:redirectarbiter element for each arbiter the client should use for the redirect. The value of this element is the URI of the arbiter to use. Multiple DAV:redirectarbiter elements are allowed.
HTTP/1.1 400 Bad-Request Content-Type: text/xml Content-Length: xxxxx <?xml version="1.0" ?> <?xml:namespace ns="DAV:" prefix="d" ?> <d:multistatus> <d:response> <d:href>http://www.foo.com/X</d:href> <d:status>HTTP/1.1 303 See Other</d:status> <d:scopeerror/> <d:redirectarbiter>http://bar.com/B</d:redirectarbiter> <d:redirectarbiter>http://baz.com/B</d:redirectarbiter> </d:response> </d:multistatus>
<!ELEMENT scopeerror EMPTY>
<!ELEMENT redirectarbiter (#PCDATA)>The contents must be a URL.
Clients can determine which query grammars are supported by an arbiter by invoking OPTIONS on the search arbiter. If the resource supports SEARCH, then the DASL response header will appear in the response. The DASL response header lists the supported grammars.
The client issues the OPTIONS method against a resource named by the Request-URI. This is a normal invocation of OPTIONS defined in [RFC2068].
If a resource supports the SEARCH method, then the server MUST list SEARCH in the OPTIONS response as defined by [RFC2068].
DASL servers MUST include the DASL header in the OPTIONS response. This header identifies the search grammars supported by that resource.
DASLHeader = "DASL" ":" Coded-URL-List Coded-URL-List : Coded-URL [ "," Coded-URL-List ] Coded-URL ; defined in section 9.4 of [WEBDAV]The DASL response header indicates server support for a query grammar in the OPTIONS method. The value is a URI that indicates the type of grammar. This header MAY be repeated.
For example:
DASL: <http://foo.bar.com/syntax1> DASL: <http://akuma.com/syntax2> DASL: <FOO:natural-language-query>
>> Request
OPTIONS /somefolder HTTP/1.1 Connection: Close Host: ryu.com>> Response
HTTP/1.1 200 OK Date: Tue, 20 Jan 1998 20:52:29 GMT Connection: close Accept-Ranges: none Allow: OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH Public: OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH DASL: <DAV:basicsearch> DASL: <http://foo.bar.com/syntax1> DASL: <http://akuma.com/syntax2>
The DASL response header provides means for clients to discover the set of query grammars supported by a resource. This alone is not sufficient information for a client to generate a query. For example, the DAV:basicsearch grammar defines a set of queries consisting of a set of operators applied to a set of properties and values, but the grammar itself does not specify which properties may be used in the query. QSD for the DAV:basicsearch grammar allows a client to discover the set of properties that are searchable, selectable, and sortable. Moreover, although the DAV:basicsearch grammar defines a minimal set of operators, it is possible that a resource might support additional operators in a query. For example, a resource might support a optional operator that can be used to express content-based queries in a proprietary syntax. QSD allows a client to discover these operators and their syntax. The set of discoverable quantities will differ from grammar to grammar, but each grammar can define a means for a client to discover what can be discovered.
In general, the schema for a given query grammar depends on both the resource (the arbiter) and the scope. A given resource might have access to one set of properties for one potential scope, and another set for a different scope. For example, consider a server able to search two distinct collections, one holding cooking recipes, the other design documents for nuclear weapons. While both collections might support properties such as author, title, and date, the first might also define properties such as calories and preparation time, while the second defined properties such as yield and applicable patents. Two distinct arbiters indexing the same collection might also have access to different properties. For example, the recipe collection mentioned above might also indexed by a value-added server that also stored the names of chefs who had tested the recipe. Note also that the available query schema might also depend on other factors, such as the identity of the principal conducting the search, but these factors are not exposed in this protocol.
Each query grammar supported by DASL defines its own syntax for expressing the possible query schema. A client retrieves the schema for a given query grammar on an arbiter resource with a given scope by invoking the SEARCH method on that arbiter, with that grammar and scope, with a query whose DAV:select element includes the DAV:queryschema property. This property is defined only in the context of such a search, a server SHOULD not treat it as defined in the context of a PROPFIND on the scope. The content of this property is an XML element whose name and syntax depend upon the grammar, and whose value may (and likely will) vary depending upon the grammar, arbiter, and scope.
The query schema for DAV:basicsearch is defined in section 5.19.
<!ELEMENT queryschema ANY >
SEARCH / HTTP/1.1 Host: recipes.com Content-Type: application/xml Connection: Close Content-Length: xxx <?xml version="1.0"?> <D:searchrequest xmlns:D="DAV:" > <D:basicsearch> <D:select> <D:queryschema/> </D:select> <D:from><D:scope><D:href>http://recipes.com</d:href></D:scope></D:from> </D:basicsearch> </D:searchrequest>Response:
HTTP/1.1 207 Multistatus Content-Type: application/xml Content-Length: xxx <?xml version="1.0"?> <D:multistatus xmlns:D="DAV:"> <D:response> <D:href>http://recipes.com</D:href> <D:propstat> <D:prop> <D:querygrammar> <D:basicsearchschema> See section 5.19.9 for actual contents </D:basicsearchschema> </D:querygrammar> </D:prop> <D:status>HTTP/1.1 200 Okay</D:status> </D:propstat> </D:response> </D:multistatus>
DAV:basicsearch has several components:
<!ELEMENT basicsearch (select, from, where?, orderby?, limit?) > <!ELEMENT select (allprop | prop) > <!ELEMENT from (scope) > <!ELEMENT scope (href, depth?) >
<!ENTITY %comp_ops "eq | lt | gt| lte | gte"> <!ENTITY %log_ops "and | or | not"> <!ENTITY %special_ops "isdefined"> <!ENTITY %string_ops "like"> <!ENTITY %content_ops "contains"> <!ENTITY %all_ops "%comp_ops; | %log_ops; | %special_ops; |%string_ops; | %content_ops;">
<!ELEMENT where ( %all_ops; ) > <!ELEMENT and ( ( %all_ops; ) +) > <!ELEMENT or ( ( %all_ops; ) +) > <!ELEMENT not ( %all_ops; ) > <!ELEMENT lt ( prop , literal ) > <!ATTLIST lt casesensitive (1|0) "1" > <!ELEMENT lte ( prop , literal ) > <!ATTLIST lte casesensitive (1|0) "1" > <!ELEMENT gt ( prop , literal) > <!ATTLIST gt casesensitive (1|0) "1" > <!ELEMENT gte ( prop , literal ) > <!ATTLIST gte casesensitive (1|0) "1" > <!ELEMENT eq ( prop , literal ) > <!ATTLIST eq casesensitive (1|0) "1" > <!ELEMENT literal (#PCDATA)> <!ATTLIST literal xml:space (default|preserve) preserve > <!ELEMENT isdefined (prop) > <!ELEMENT like (prop, literal) > <!ELEMENT contains (#PCDATA)> <!ELEMENT orderby (order+) > <!ELEMENT order (prop, (ascending | descending)?) <!ATTLIST order casesensitive (1|0) "1" > <!ELEMENT ascending EMPTY> <!ELEMENT descending EMPTY> <!ELEMENT limit (nresults) > <!ELEMENT nresults (#PCDATA) >
<d:searchrequest> <d:basicsearch> <d:select> <d:prop><d:getcontentlength/></d:prop> </d:select> <d:from> <d:scope> <d:href>/container1/</d:href> <d:depth>infinity</d:depth> </d:scope> </d:from> <d:where> <d:gt> <d:prop><d:getcontentlength/></d:prop> <d:literal>10000</d:literal> </d:gt> </d:where> <d:orderby> <d:order> <d:prop><d:getcontentlength/><d:prop> <d:ascending/> </d:order> </d:orderby> </d:basicsearch> </d:searchrequest>
If the value is DAV:allprop, the result record for a given resource includes all the properties for that resource.
If the value is DAV:prop, then the result record for a given resource includes only those properties named by the DAV:prop element. Each property named by the DAV:prop element must be referenced in the Multistatus response.
The rules governing the status codes for each property match those of the PROPFIND method defined in [WebDAV].
DAV:href indicates the URI for a collection to use as a scope.
When the scope is a collection, if DAV:depth is "0", the search includes only the collection. When it is "1", the search includes the (toplevel) members of the collection. When it is "infinity", the search includes all recursive members of the collection.
If the DAV:scope element is a relative URI, the scope is taken to be relative to the request-URI.
Servers, of course, may support only particular scopes. This may include limitations for particular schemes such as "http:" or "ftp:" or certain URI namespaces.
If a scope is given that is not supported the server MUST respond with a 400 status code that includes a Multistatus error. A scope in the query appears as a resource in the response and must include an appropriate status code indicating its validity with respect to the search arbiter.
Example:
HTTP/1.1 400 Bad Request Content-Type: text/xml Content-Length: 428 <?xml version="1.0" ?> <d:multistatus xmlns:D="DAV:" xmlns:F="FOO:" > <d:response> <d:href>http://www.foo.com/scope1</d:href> <d:status>HTTP/1.1 502 Bad Gateway</d:status> </d:response> </d:multistatus>This example shows the response if there is a scope error. The response provides a Multistatus with a status for the scope. In this case, the scope cannot be reached because the server cannot search another server (502).
Consult Appendix A for details on the application of three-valued logic in query expressions.
NULL values are "less than" all other values in comparisons.
Empty strings (zero length strings) are not NULL values. An empty string is "less than" a string with length greater than zero.
The DAV:isdefined operator is defined to test if the value of a property is NULL.
<d:where> <d:eq> <d:prop> <d:getcontentlength/> </d:prop> <d:literal> 100 </d:literal> </d:eq> </d:where>
<D:where> <D:and> <D:eq> <D:prop> <D:getcontenttype/> </D:prop> <D:literal> image/gif </D:literal> </D:eq> <D:gt> <D:prop> <D:getcontentlength/> </D:prop> <D:literal> 4096 </D:literal> </D:gt> </D:and> </D:where>
The comparisons defined here use only a single property from each resource, compared using the same ordering as the DAV:lt operator (ascending) or DAV:gt operator (descending). If neither direction is specified, the default is DAV:ascending.
In the context of the DAV:orderby element, null values are considered to collate before any actual (i.e., non null) value, including strings of zero length (as in ANSI standard SQL, [ANSISQL]).
The DAV:casesensitive attribute may be used to indicate case-sensitivity for comparisons.
<d:orderby> <d:order> <d:prop><r:lastname/></d:prop> <d:ascending/> </d:order> <d:order> <d:prop><d:getcontentlength/></d:prop> <d:descending/> </d:order> </d:orderby>
The DAV:or operator performs a logical OR operation on the values it contains.
The DAV:not operator performs a logical NOT operation on the values it contains.
The DAV:casesensitive attribute may be used with this element.
Because white space in literal values is significant in comparisons, DAV:literal makes use of the xml:space attribute to identify this significance. The default value of this attribute for DAV:literal is preserve. Consult section 2.10 of [XML] for more information on the use of this attribute.
Example:
<d:isdefined> <d:prop><x:someprop/></d:prop> </d:isdefined>The DAV:isdefined operator is optional.
The operator takes two arguments.
The first argument is a DAV:prop element identifying a single property to evaluate.
The second argument is a DAV:literal element that gives the pattern matching string.
Pattern := [wildcard] 0*( text [wildcard] ) wildcard := exactlyone | zeroormore text := 1*( <octet> | escapesequence ) exactlyone : = "?" zeroormore := "%" escapechar := "\" escapesequence := "\" ( exactlyone | zeroormore | escapechar )The value for the literal is composed of wildcards separated by segments of text. Wildcards may begin or end the literal. Wildcards may not be adjacent.
The "?" wildcard matches exactly one character.
The "%" wildcard matches zero or more characters
The "\" character is an escape sequence so that the literal can include "?" and "%". To include the "\" character in the pattern, the escape sequence "\\" is used..
<D:where> <D:like> <D:prop><D:getcontenttype/></D:prop> <D:literal>image%</D:literal> </D:like> </D:where>
The DAV:contains operator evaluates to a Boolean value. It evaluates to TRUE if the content of the resource satisfies the search. Otherwise, It evaluates to FALSE.
Within the DAV:contains XML element, the client provides a phrase: a single word or whitespace delimited sequence of words. Servers MAY ignore punctuation in a phrase. Case-sensitivity is left to the server.
The following things may or may not be done as part of the search: Phonetic methods such as "soundex" may or may not be used. Word stemming may or may not be performed. Thesaurus expansion of words may or may not be done. Right or left truncation may or may not be performed. The search may be case insensitive or case sensitive. The word or words may or may not be interpreted as names. Multiple words may or may not be required to be adjacent or "near" each other. Multiple words may or may not be required to occur in the same order. Multiple words may or may not be treated as a phrase. The search may or may not be interpreted as a request to find documents "similar" to the string operand.
The DAV:score property is intended to be useful to rank documents satisfying the DAV:contains operator.
Depending on its support for content-based searching, a server MAY treat this as a search for documents that contain the words "Peter" and "Forsberg".
<D:where> <D:contains>Peter Forsberg</D:contains> </D:where>The example below shows a search for resources that contain "Peter" and "Forsberg".
<D:where> <D:and> <D:contains>Peter</D:contains> <D:contains>Forsberg</D:contains> </D:and> </D:where>
<!ELEMENT limit (nresults) >The DAV:limit XML element contains requested limits from the client to limit the size of the reply or amount of effort expended by the server.
<!ELEMENT nresults (#PCDATA)> ;only digitsThe DAV:nresults XML element contains a requested maximum number of records to be returned in a reply. The server MAY disregard this limit. The value of this element is an integer.
The possible values for DAV:casesensitive are "1" or "0". The "1" value indicates case-sensitivity. The "0" value indicates case-insensitivity. The default value is server-specified.
Support for the DAV:casesensitive is optional. A server should respond with an error 422 if the DAV:casesensitive attribute is used but cannot be supported.
<!ELEMENT score (#PCDATA)>The DAV:score XML element is a synthetic property whose value is defined only in the context of a query result where the server computes a score, e.g. based on relevance. It may be used in DAV:select or DAV:orderby elements. Servers SHOULD support this property. The value is a string representing the score, an integer from zero to 10000 inclusive, where a higher value indicates a higher score (e.g. more relevant).
Clients should note that, in general, it is not meaningful to compare the numeric values of scores from two different queries unless both were executed by the same underlying search system on the same collection of resources.
<!ELEMENT iscollection (#PCDATA)>The DAV:iscollection XML element is a synthetic property whose value is defined only in the context of a query.
The property is TRUE (the literal string "1") of a resource if and only if a PROPFIND of the DAV:resourcetype property for that resource would contain the DAV:collection XML element. The property is FALSE (the literal string "0") otherwise.
Rationale: This property is provided in lieu of defining generic structure queries, which would suffice for this and for many more powerful queries, but seems inappropriate to standardize at this time.
<D:where> <D:eq> <D:prop><D:iscollection></D:prop> <D:literal>1<D:literal> </D:eq> </D:where>
<!ELEMENT basicsearchschema (properties, operators)> <!ELEMENT properties (propdesc*)> <!ELEMENT propdesc (prop, ANY)> <!ELEMENT operators (opdesc*)> <!ELEMENT opdesc ANY> <!ELEMENT operand_property EMPTY> <!ELEMENT operand_literal EMPTY>The DAV:properties element holds a list of descriptions of properties.
The DAV:operators element describes the optional operators that may be used in a DAV:where element.
DASL defines five descriptions. The first, DAV:datatype, provides a hint about the type of the property value, and may be useful to a user interface prompting for a value. The remaining four (DAV:searchable, DAV:selectable, DAV:sortable, and DAV:casesensitive) identify portions of the query (DAV:where, DAV:select, and DAV:orderby, respectively). If a property has a description for a section, then the server MUST allow the property to be used in that section. These descriptions are optional. If a property does not have such a description, or is not described at all, then the server MAY still allow the property to be used in the corresponding section.
<!ELEMENT datatype ANY >DASL defines the following data type elements:
Name | example |
boolean | 1, 0 |
string | Foobar |
dateTime.iso8601tz | 1994-11-05T08:15:5Z |
float | .314159265358979E+1 |
int | -259, 23 |
If the data type of a property is not given, then the data type defaults to string.
<!ELEMENT searchable EMPTY >If this element is present, then the server MUST allow this property to appear within a DAV:where element where an operator allows a property. Allowing a search does not mean that the property is guaranteed to be defined on every resource in the scope, it only indicates the server's willingness to check.
<!ELEMENT selectable EMPTY >This element indicates that the property may appear in the DAV:select element.
<!ELEMENT sortable EMPTY >
<!ELEMENT casesensitive EMPTY >
<D:propdesc><D:like/><D:operand_property/><D:operand_literal/></D:propdesc>
<D:basicsearchschema xmlns:D="DAV:" xmlns:t="urn:uuid:C2F41010-65B3-11d1-A29F-00AA00C14882/" xmlns:J="http://jennicam.org"> <D:properties> <D:propdesc> <D:prop><D:getcontentlength/></D:prop> <D:datatype><t:int></D:datatype> <D:searchable/><D:selectable/><D:sortable/> </D:propdesc> <D:propdesc> <D:prop><D:getcontenttype/><D:displayname></D:prop> <D:searchable/><D:selectable/> <D:sortable/> </D:propdesc> <D:propdesc> <D:prop><J:fstop/></D:prop> <D:selectable/> </D:propdesc> </D:properties> <D:operators> <D:opdesc> <D:isdefined/><D:operand_property/> </D:opdesc> <D:opdesc> <D:like/><D:operand_property/><D:operand_literal/> </D:opdesc> </D:operators> </D:basicsearchschema>This response lists four properties. The datatype of the last three properties is not given, so it defaults to string. All are selectable, and the first three may be searched. All but the last may be used in a sort. Of the optional DAV operators, DAV:isdefined and DAV:like are supported.
Note: The schema discovery defined here does not provide for discovery of supported values of the DAV:casesensitive attribute. This may require that the reply also list the mandatory operators.
The xml:lang attribute specifies a nationalized collation sequence when properties are compared.
Comparisons when this attribute differs have undefined order.
A query must not allow one to retrieve information about values or existence of properties that one could not obtain via PROPFIND. (e.g. by use in DAV:orderby, or in expressions on properties.)
A server should prepare for denial of service attacks. For example a client may issue a query for which the result set is expensive to calculate or transmit because many resources match or must be evaluated. 7.1 Implications of XML External Entities
XML supports a facility known as "external entities", defined in section 4.2.2 of [REC-XML], which instruct an XML processor to retrieve and perform an inline include of XML located at a particular URI. An external XML entity can be used to append or modify the document type declaration (DTD) associated with an XML document. An external XML entity can also be used to include XML within the content of an XML document. For non-validating XML, such as the XML used in this specification, including an external XML entity is not required by [REC-XML]. However, [REC-XML] does state that an XML processor may, at its discretion, include the external XML entity.
External XML entities have no inherent trustworthiness and are subject to all the attacks that are endemic to any HTTP GET request. Furthermore, it is possible for an external XML entity to modify the DTD, and hence affect the final form of an XML document, in the worst case significantly modifying its semantics, or exposing the XML processor to the security risks discussed in [RFC2376]. Therefore, implementers must be aware that external XML entities should be treated as untrustworthy.
There is also the scalability risk that would accompany a widely deployed application which made use of external XML entities. In this situation, it is possible that there would be significant numbers of requests for one external XML entity, potentially overloading any server which fields requests for the resource containing the external XML entity.
[RFC2068] R. Fielding, J. Gettys, J. C. Mogul, H. Frystyk, and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2068, U.C. Irvine, DEC, MIT/LCS, January 1997.
[RFC2119] S. Bradner, "Key words for use in RFCs to Indicate Requirement Levels." RFC 2119, BCP 14. Harvard University. March, 1997.
[RFC2376] E. Whitehead, M. Murata, "XML Media Types". RFC 2376, July 1998.
[WebDAV] Y. Goland, E.J. Whitehead, A. Faizi, S.R. Carter, D. Jenson, "HTTP Extensions for Distributed Authoring -- WebDAV", RFC 2518, February 1999.
[XML] T. Bray, J. Paoli, C. M. Sperberg-McQueen, "Extensible Markup Language (XML) 1.0", September 16, 1998, W3C Recommendation.
[XMLNS] T. Bray, D. Hollander, A. Layman, "Namespaces in XML", 14-January-1999, W3C Recommendation. http://www.w3.org/TR/REC-xml-names/.
Saveen Reddy Microsoft One Microsoft Way Redmond WA, 9085-6933 Email:saveenr@microsoft.com Dale Lowry Novell 1555 N. Technology Way M/S ORM-M-314 Orem, UT 84097 Email: dlowry@novell.com Surendra Reddy Oracle Corporation 600 Oracle Parkway, M/S 6op3, Redwoodshores, CA 94065 Email: skreddy@us.oracle.com Phone:(650) 506 5441 Rick Henderson Netscape Email: rickh@netscape.com Jim Davis CourseNet Systems San Francisco, CA Email: jrd3@alum.mit.edu Alan Babich Filenet 3565 Harbor Blvd. Costa Mesa, CA 92626 714-966-3403 Email: ababich@filenet.com
ANSI standard three valued logic is undoubtedly the most widely practiced method of dealing with the issues of properties in the search condition not having a value (e.g., being null or not defined) for the resource under scan, and with undefined expressions in the search condition (e.g., division by zero, etc.). Three valued logic works as follows.
Undefined expressions are expressions for which the value of the expression is not defined. Undefined expressions are a completely separate concept from the truth value UNKNOWN, which is, in fact, well defined. Property names and literal constants are considered expressions for purposes of this section. If a property in the current resource under scan has not been set to a value (either because the property is not defined for the current resource, or because it is null for the current resource), then the value of that property is undefined for the resource under scan. DASL 1.0 has no arithmetic division operator, but if it did, division by zero would be an undefined arithmetic expression.
If any subpart of an arithmetic, string, or datetime subexpression is undefined, the whole arithmetic, string, or datetime subexpression is undefined.
There are no manifest constants to explicitly represent undefined number, string, or datetime values.
Since a Boolean value is ultimately returned by the search condition, arithmetic, string, and datetime expressions are always arguments to other operators. Examples of operators that convert arithmetic, string, and datetime expressions to Boolean values are the six relational operators ("greater than", "less than", "equals", etc.). If either or both operands of a relational operator have undefined values, then the relational operator evaluates to UNKNOWN. Otherwise, the relational operator evaluates to TRUE or FALSE, depending upon the outcome of the comparison.
The Boolean operators DAV:and, DAV:or and DAV:not are evaluated according to the following rules:
UNKNOWN and UNKNOWN = UNKNOWN
UNKNOWN or UNKKNOWN = UNKNOWN
not UNKNOWN = UNKNOWN
UNKNOWN and TRUE = UNKNOWN
UNKNOWN and FALSE = FALSE
UNKNOWN and UNKNOWN = UNKNOWN
UNKNOWN or TRUE = TRUE
UNKNOWN or FALSE = UNKNOWN
UNKNOWN or UNKNOWN = UNKNOWN