This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1998). All Rights Reserved.
Abstract
This document, [iMIP], specifies a binding from the iCalendar Transport-independent Interoperability Protocol (iTIP) to Internet email-based transports. Calendaring entries defined by the iCalendar Object Model [iCAL] are composed using constructs from [RFC-822], [RFC-2045], [RFC-2046], [RFC-2047], [RFC-2048] and [RFC-2049].
This document is based on discussions within the Internet Engineering Task Force (IETF) Calendaring and Scheduling (CALSCH) working group. More information about the IETF CALSCH working group activities can be found on the IMC web site at http://www.imc.org, the IETF web site at http://www.ietf.org/html.charters/calsch-charter.html. Refer to the references within this document for further information on how to access these various documents.
Dawson, et. al. Standards Track [Page 1]
RFC 2447 iMIP November 1998
Table of Contents
1 INTRODUCTION........................................................2 1.1 RELATED MEMOS ...................................................2 1.2 FORMATTING CONVENTIONS ..........................................3 1.3 TERMINOLOGY .....................................................4 2 MIME MESSAGE FORMAT BINDING.........................................4 2.1 MIME MEDIA TYPE .................................................4 2.2 SECURITY ........................................................4 2.2.1 Authorization ...............................................4 2.2.2 Authentication ..............................................5 2.2.3 Confidentiality .............................................5 2.3 [RFC-822] ADDRESSES .............................................5 2.4 CONTENT TYPE ....................................................5 2.5 CONTENT-TRANSFER-ENCODING .......................................6 2.6 CONTENT-DISPOSITION .............................................6 3 SECURITY CONSIDERATIONS.............................................7 4 EXAMPLES............................................................8 4.1 SINGLE COMPONENT WITH AN ATTACH PROPERTY ........................8 4.2 USING MULTIPART ALTERNATIVE FOR LOW FIDELITY CLIENTS ............8 4.3 SINGLE COMPONENT WITH AN ATTACH PROPERTY AND INLINE ATTACHMENT ..9 4.4 MULTIPLE SIMILAR COMPONENTS ....................................10 4.5 MULTIPLE MIXED COMPONENTS ......................................11 4.6 DETAILED COMPONENTS WITH AN ATTACH PROPERTY ....................13 5RECOMMENDED PRACTICES..............................................14 5.1 USE OF CONTENT AND MESSAGE IDS .................................14 6 BIBLIOGRAPHY.......................................................15 7 AUTHORS' ADDRESSES.................................................16 8 FULL COPYRIGHT STATEMENT...........................................18
This binding document provides the transport specific information necessary convey iCalendar Transport-independent Interoperability Protocol (iTIP) over MIME as defined in [RFC-822] and [RFC-2045].
Implementers will need to be familiar with several other memos that, along with this memo, form a framework for Internet calendaring and scheduling standards.
This document, [iMIP], specifies an Internet email binding for iTIP.
[iCAL] - specifies a core specification of objects, data types, properties and property parameters;
Dawson, et. al. Standards Track [Page 2]
RFC 2447 iMIP November 1998
[iTIP] - specifies an interoperability protocol for scheduling between different implementations;
This memo does not attempt to repeat the specification of concepts or definitions from these other memos. Where possible, references are made to the memo that provides for the specification of these concepts or definitions.
The mechanisms defined in this memo are defined in prose. In order to refer to elements of the calendaring and scheduling model, core object or interoperability protocol defined in [iCAL] and [iTIP] some formatting conventions have been used.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this document are to be interpreted as described in [RFC-2119].
Calendaring and scheduling roles are referred to in quoted-strings of text with the first character of each word in upper case. For example, "Organizer" refers to a role of a "Calendar User" within the scheduling protocol defined by [iTIP].
Calendar components defined by [iCAL] are referred to with capitalized, quoted-strings of text. All calendar components start with the letter "V". For example, "VEVENT" refers to the event calendar component, "VTODO" refers to the to-do calendar component and "VJOURNAL" refers to the daily journal calendar component.
Scheduling methods defined by [iTIP] are referred to with capitalized, quoted-strings of text. For example, "REQUEST" refers to the method for requesting a scheduling calendar component be created or modified, "REPLY" refers to the method a recipient of a request uses to update their status with the "Organizer" of the calendar component.
Properties defined by [iCAL] are referred to with capitalized, quoted-strings of text, followed by the word "property". For example, "ATTENDEE" property refers to the iCalendar property used to convey the calendar address of a calendar user.
Property parameters defined by [iCAL] are referred to with lower case, quoted-strings of text, followed by the word "parameter". For example, "value" parameter refers to the iCalendar property parameter used to override the default data type for a property value.
The email terms used in this memo are defined in [RFC-822] and [RFC- 2045]. The calendaring and scheduling terms used in this memo are defined in [iCAL] and [iTIP].
This section defines the message binding to the MIME electronic mail transport.
The sections below refer to the "originator" and the "respondent" of an iMIP message. Typically, the originator is the "Organizer" of an event. The respondent is an "Attendee" of the event.
The [RFC-822] "Reply-To" header typically contains the email address of the originator or respondent of an event. However, this cannot be guaranteed as Mail User Agents (MUA) are not required to enforce iMIP semantics.
A MIME entity containing content information formatted according to this document will be referenced as a "text/calendar" content type. It is assumed that this content type will be transported through a MIME electronic mail transport.
This section addresses several aspects of security including Authentication, Authorization and Confidentiality. Authentication and confidentiality can be achieved using [RFC-1847] that specifies the Security Multiparts for MIME. This framework defines new content types and subtypes of multipart: signed and encrypted. Each contains two body parts: one for the protected data and another for the control information necessary to remove the protection.
In [iTIP] messages, only the "Organizer" is authorized to modify or cancel calendar entries they organize. That is, spoof@xyz.com is not allowed to modify or cancel a meeting that was organized by a@example.com. Furthermore, only the respondent has the authorization to indicate their status to the "Organizer". That is, the "Organizer" must ignore an [iTIP] message from spoof@xyz.com that declines a meeting invitation for b@example.com.
Dawson, et. al. Standards Track [Page 4]
RFC 2447 iMIP November 1998
Implementations of iMIP SHOULD verify the authenticity of the creator of an iCalendar object before taking any action. The methods for doing this are presented later in this document.
[RFC-1847] Message flow in iTIP supports someone working on behalf of a "Calendar User" through use of the "sent-by" parameter that is associated with the "ATTENDEE" and "ORGANIZER" properties. However, there is no mechanism to verify whether or not a "Calendar User" has authorized someone to work on their behalf. It is left to implementations to provide mechanisms for the "Calendar Users" to make that decision.
Authentication can be performed using an implementation of [RFC-1847] "multipart/signed" that supports public/private key certificates. Authentication is possible only on messages that have been signed. Authenticating an unsigned message may not be reliable.
To ensure confidentiality using iMIP implementations should utilize [RFC-1847]-compliant encryption. The protocol does not restrict a "Calendar User Agent" (CUA) from forwarding iCalendar objects to other users or agents.
The calendar address specified within the "ATTENDEE" property in an iCalendar object MUST be a fully qualified, [RFC-822] address specification for the corresponding "Organizer" or "Attendee" of the "VEVENT" or "VTODO".
Because [iTIP] does not preclude "Attendees" from forwarding "VEVENTS" or "VTODOS" to others, the [RFC-822] "Sender" value may not equal that of the "Organizer". Additionally, the "Organizer" or "Attendee" cannot be reliably inferred by the [RFC-822] "Sender" or "Reply-to" values of an iMIP message. The relevant address MUST be ascertained by opening the "text/calendar" MIME body part and examining the "ATTENDEE" and "ORGANIZER" properties.
A MIME body part containing content information that conforms to this document MUST have an [RFC-2045] "Content-Type" value of "text/calendar". The [RFC-2045] "Content-Type" header field must also include the type parameter "method". The value MUST be the same as the value of the "METHOD" calendar property within the iCalendar
Dawson, et. al. Standards Track [Page 5]
RFC 2447 iMIP November 1998
object. This means that a MIME message containing multiple iCalendar objects with different method values must be further encapsulated with a "multipart/mixed" MIME entity. This will allow each of the iCalendar objects to be encapsulated within their own "text/calendar" MIME entity.
A "charset" parameter MUST be present if the iCalendar object contains characters that are not part of the US-ASCII character set. [RFC-2046] discusses the selection of an appropriate "charset" value.
The optional "component" parameter defines the iCalendar component type contained within the iCalendar object.
The following is an example of this header field with a value that indicates an event message.
The "text/calendar" content type allows for the scheduling message type to be included in a MIME message with other content information (i.e., "multipart/mixed") or included in a MIME message with a clear-text, human-readable form of the scheduling message (i.e., "multipart/alternative").
In order to permit the information in the scheduling message to be understood by MIME user agents (UA) that do not support the "text/calendar" content type, scheduling messages SHOULD be sent with an alternative, human-readable form of the information.
Note that the default character set for iCalendar objects is UTF-8. A transfer encoding SHOULD be used for iCalendar objects containing any characters that are not part of the US-ASCII character set.
The handling of a MIME part should be based on its [RFC-2045] "Content-Type". However, this is not guaranteed to work in all environments. Some environments handle MIME attachments based on their file type or extension. To operate correctly in these environments, implementations may wish to include a "Content- Disposition" property to define a file name.
The security threats that applications must address when implementing iTIP are detailed in [iTIP]. Two spoofing threats are identified: Spoofing the "Organizer", and Spoofing an "Attendee". To address these threats, the originator of an iCalendar object must be authenticated by a recipient. Once authenticated, a determination can be made as to whether or not the originator is authorized to perform the requested operation. Compliant applications MUST support signing and encrypting text/calendar attachments using a mechanism based on Security Multiparts for MIME [RFC-1847] to facilitate the authentication the originator of the iCalendar object. Implementations MAY provide a means for users to disable signing and encrypting. The steps are described below:
1. The iCalendar object MUST be signed by the "Organizer" sending an update or the "Attendee" sending a reply.
2. Using the [RFC-1847]-compliant security mechanism, determine who signed the iCalendar object. This is the "signer". Note that the signer is not necessarily the person sending an e-mail message since an e-mail message can be forwarded.
3. Correlate the signer to an "ATTENDEE" property in the iCalendar object. If the signer cannot be correlated to an "ATTENDEE" property, ignore the message.
4. Determine whether or not the "ATTENDEE" is authorized to perform the operation as defined by [iTIP]. If the conditions are not met, ignore the message.
5. If all the above conditions are met, the message can be processed.
To address the confidentiality security threats, signed iMIP messages SHOULD be encrypted by a mechanism based on Security Multiparts for MIME [RFC-1847].
It is possible to receive iMIP messages sent by someone working on behalf of another "Calendar User". This is determined by examining the "sent-by" parameter in the relevant "ORGANIZER" or "ATTENDEE" property. [iCAL] and [iTIP] provide no mechanism to verify that a "Calendar User" has authorized someone else to work on their behalf. To address this security issue, implementations MUST provide mechanisms for the "Calendar Users" to make that decision before applying changes from someone working on behalf of a "Calendar User".
4.2 Using Multipart Alternative for Low Fidelity Clients
This example shows how a client can emit a multipart message that includes both a plain text version as well as the full iCalendar object. Clients that do not support text/calendar will still be capable of rendering the plain text representation.
This is an alternative representation of a TEXT/CALENDAR MIME Object When: 7/1/1997 10:00AM PDT - 7/1/97 10:30AM PDT Where: Organizer: foo1@example.com Summary: Phone Conference
4.3 Single Component With An ATTACH Property and Inline Attachment
This example shows how a message containing an iCalendar object references an attached document. The reference is made using a Content-id (CID). Thus, the iCalendar object and the document are packaged in a multipart/related encapsulation.
BEGIN:VCALENDAR PRODID:-//ACME/DesktopCalendar//EN METHOD:REQUEST VERSION:2.0 BEGIN:VTODO DUE:19970701T090000-0700 ORGANIZER:mailto:foo1@example.com ATTENDEE;ROLE=CHAIR;ATTSTAT=ACCEPTED:mailto:foo1@example.com ATTENDEE;RSVP=YES:mailto:foo2@example.com SUMMARY:Phone Conference DESCRIPTION:Discuss a new location for the company picnic UID:calsvr.example.com-td-8739701987387773 SEQUENCE:0 STATUS:NEEDS ACTION END:VEVENT END:VCALENDAR
This example shows the format of a message containing a group meeting between three individuals. The multipart/related encapsulation is used because the iCalendar object contains an ATTACH property that uses a CID to reference the attachment.
The [iCAL] specification makes frequent use of the URI for data types in properties such as "DESCRIPTION", "ATTACH", "CONTACT" and others. Two forms of URIs are Message ID (MID) and Content ID (CID). These are defined in [RFC-2111]. Although [RFC-2111] allows referencing messages or MIME body parts in other MIME entities or stores, it is strongly recommended that iMIP implementations include all referenced messages and body parts in a single MIME entity. Simply put, if an iCalendar object contains CID or MID references to other messages or body parts, implementations should ensure that these messages and/or body parts are transmitted with the iCalendar object. If they are not there is no guarantee that the receiving "CU" will have the access or the authorization to view those objects.
[iCAL] Dawson, F. and D. Stenerson, "Internet Calendaring and Scheduling Core Object Specification - iCalendar", RFC 2445, November 1998.
[iTIP] Silverberg, S., Mansour, S., Dawson, F. and R. Hopson, "iCalendar Transport-Independent Interoperability Protocol (iTIP): Scheduling Events, Busy Time, To-dos and Journal Entries", RFC 2446, November 1998.
[RFC-822] Crocker, D., "Standard for the Format of ARPA Internet Text Messages", STD 11, RFC 822, August 1982.
[RFC-1847] Galvin, J., Murphy, S., Crocker, S. and N. Freed, "Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted", RFC 1847, October 1995.
[RFC-2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) - Part One: Format of Internet Message Bodies", RFC 2045, November 1996.
[RFC-2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) - Part Two: Media Types", RFC 2046, November 1996.
[RFC-2047] Moore, K., "Multipurpose Internet Mail Extensions (MIME) - Part Three: Message Header Extensions for Non-ASCII Text", RFC 2047, November 1996.
[RFC-2048] Freed, N., Klensin, J. and J. Postel, "Multipurpose Internet Mail Extensions (MIME) - Part Four: Registration Procedures", RFC 2048, January 1997.
[RFC-2111] Levinson, E., "Content-ID and Message-ID Uniform Resource Locators", RFC 2111, March 1997.
[RFC-2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
The iCalendar Object is a result of the work of the Internet Engineering Task Force Calendaring and scheduling Working Group. The chairmen of that working group are:
BEGIN:VCARD VERSION:3.0 N:Ganguly;Anik FN:Anik Ganguly ORG:Open Text Inc. ADR;TYPE=WORK,POSTAL,PARCEL:;Suite 101;38777 West Six Mile Road; Livonia;MI;48152;USA TEL;TYPE=WORK,MSG:+1-734-542-5955 EMAIL;TYPE=INTERNET:ganguly@acm.org END:VCARD
Copyright (C) The Internet Society (1998). All Rights Reserved.
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.