XCAP (Extensible Markup Language Configuration Access Protocol) allows users to read, add, and modify XML formatted friend data stored on a server. It maps XML document elements and attributes to HTTP URIs. XCAP can be used in presence systems for buddy lists, authorization policies, and storing hard state presence data.

1. XCAP
The Extensible Markup Language (XML)
Configuration Access Protocol (XCAP)
邱振剛

2. What is XCAP?
2
 XCAP能夠讓使用者讀取、新增、修改儲存在
Server上的好友資料(XML格式)
 XCAP能將XML文件內的元素、屬性等，映射
到HTTP URI
 XCAP在Presence System中的應用
 Buddy Lists
 Authorization Policies
 Hard state presence data

3. Buddy List Use Case
 Client wants to subscribe
to a list of users
 Send SUBSCRIBE to
server using SIP event
list extension
 Server retrieves list
associated with buddylist
URI
 Generates SUBSCRIBEs to
them
 Client can manage that
list
 Add, remove, modify entries
Subscribe Joe
Subscribe Bob
Subscribe Mary
Subscribe List
Read
List
Write
List
Data
Manipulation
Server
Client
Standard Ifaces
Hiroshi
Hiroshi

4. Authorization Use Case
 User Hiroshi subscribes to
Petri
 No auth policy in place,
generates a winfo
NOTIFY to Petri
 Petri needs to be able to
set authorization decision
for Hiroshi
 Want to be able to set
such policies outside of a
subscription as well
Subscribe Petri
Read
List
Write
List
Data
Manipulation
Server
Client
Standard Ifaces
winfo
Hiroshi
Petri

5. Hard State Presence Management
 Hiroshi subscribes to Petri
 Petri has been offline for
weeks
 Server sends NOTIFY
with current presence
state
 Petri wants to control
default state when offline
 Set it to
<activity>vacation</activit
y>
Subscribe Petri
Read
PIDF
Write
PIDF
Data
Manipulation
Server
Client
Standard Ifaces
Notify
Hiroshi
Petri

6. XML-Extensible Markup Language(1/2)
6
 能夠建立特殊標記的通用標記語言。
 <name>、<phone>、<姓名>、<電話>
 XML 是屬於純本文的資料，因此適合做資訊交換使用。
 XML著重在如何將文件資料以結構化的方式來表示，
HTML著重在如何將文件顯示在瀏覽器中。
 XML有簡明的語法和明確的結構，無論是對人或程式，讀
取和解析都很簡單。

7. <?xml version="1.0"
encoding="UTF-8"?>
<resource-lists>
<list name="friends">
<entry
uri="sip:bob@example.com">
<name>Bob Jones</name>
</entry>
</list>
<other/>
</resource-lists>
</xml>
<?xml version="1.0"
encoding="UTF-8"?>
<resource-lists>
<list name="friends">
<entry
uri="sip:bob@example.com">
<name>Bob Jones</name>
</entry>
</list>
<other/>
</resource-lists>
</xml>
XML-Extensible Markup Language(2/2)
7
 XML Document: 如左為XML文
檔，被設計用來傳輸和儲存資料。
 XML element: <list>…</list>，
元素也可空元素<other/>
 XML Attributes: 可以將元素加入
標籤，提供額外的訊息內容。
XML Document: 如左為XML文
檔。
XML element: <list>…</list>，
元素也可空元素<other/>。
XML Attributes: 可以將元素加
入標籤，提供額外的訊息內容
<?xml version="1.0"
encoding="UTF-8"?>
<resource-lists>
<list name="friends">
<entry
uri="sip:bob@example.com">
<name>Bob Jones</name>
</entry>
</list>
<other/>
</resource-lists>
</xml>
<?xml version="1.0"
encoding="UTF-8"?>
<resource-lists">
<list name="friends">
<entry
uri="sip:bob@example.com">
<name>Bob Jones</name>
</entry>
</list>
<other/>
</resource-lists>
</xml>

8. XPath
8
 XPath = XML Addressing
 XPath 是在 XML 檔案中查找訊息的語言。
 XPath 可用在 XML 檔案中對元素和屬性進行瀏覽。
 Positional Selectors
resource-
lists/list/entry/name
<?xml version="1.0" encoding="UTF-8"?>
<resource-lists">
<list name="friends">
<entry uri="sip:bob@example.com">
<name>Bob Jones</name>
</entry>
</list>
</resource-lists>
resource-lists/list/entry/@uri

9. XML Namespaces (1/2)
9
 減少定義不明的元素，讓元素
具有唯一性。
 如左圖XML文件中有兩個
<state>標籤，而程式指定
<state>時該如何區分？
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<email>jdrosen@dynamicsoft.com</email>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<state>synchronized</state>
<ietf-participant/>
</entry>
</address-book>

10. XML Namespaces (2/2)
10
 解決方式:
 使用XML Namespaces
 Namespaces利用單一
的URI定義
 定義好的名稱，在所屬
元素前，利用冒號與元
素名相接。
 XML解析器不會對定義
的URI有任何動作，XML
解析器只判斷是否為唯
一值。
<?xml version="1.0" encoding="UTF-8"?
xmlns:post=“http://www.post.com”
xmlns:sync=“http://www.sync.com”>
<post:address-book>
<!—This guy is a bozo --
<post:entry>
<post:name>Jonathan Rosenberg</post:name>
<post:email>jdrosen@dynamicsoft.com</post:email>
<post:postal>
<post:street paved=“true”>600 Lanidex
Pl</post:street>
<post:city>Parsippany</post:city>
<post:state>NJ</post:state>
<post:country>USA</post:country>
</post:postal>
<post:ietf-participant/>
<sync:state>synchronized</sync:state>
</post:entry>
</post:address-book>

11. XML Schema
11
 描述與限定XML文件的結構：
 包含哪些元素(elements)、屬性(attributes)
 元素的順序與重複性
 限定每個元素與屬性的資料型態與值域
 xs:string
 xs:decimal
 xs:integer
 xs:boolean
 xs:date
 xs:time
0~99的整數
xs:minInclusive
xs:maxInclusive
<xs:element name="age">
<xs:simpleType>
<xs:restriction
base="xs:integer">
<xs:minInclusive value="0"/>
<xs:maxInclusive
value="100"/>
</xs:restriction>
</xs:simpleType>
</xs:element>

12. 12
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="http://www.post.com" xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="http://www.post.com" elementFormDefault="qualified" attributeFormDefault="unqualified">
<xs:element name="address-book">
<xs:complexType>
<xs:sequence>
<xs:element name="entry" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element name="name" type="xs:string"/>
<xs:element name="email" type="xs:string"/>
<xs:element name="postal">
<xs:complexType>
<xs:sequence>
<xs:element name="street" type="xs:string"/>
<xs:element name="city" type="xs:string"/>
<xs:element name="state">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="NJ"/>
<xs:enumeration value="NY"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="country" type="xs:string"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="ietf-participant"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
XML Schema
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<email>jdrosen@dynamicsoft.com</email>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>

13. Application Usage(1/5)
13
 Each application has its own Application
Usage
 Define how the XCAP server can
manipulate corresponding application
documents
 Key components:
 AUID
 XML Schema
 Data Semantics
 Resource Interdependency
 Authorization Policies

14. 14
 Application Unique ID
 Unique Identifier for each application
 Two sub-namespaces
 IETF tree
 Example : “resource-lists” , “pidf-
manipulation” , “pres-rules”
 Vendor tree:
 prefixed with the reverse domain name of the
organization
 Example: “com.example.customer-list”
Application Usage(2/5)

15. 15
 Data Semantics
 An address book is a series of <entry> elements
 Each <entry> is information about an entry in the
address book
 It has a <name>, which is the use persons first and
last name
 It has an <email> element, which contains the email
address of the person
 It has a <postal> element that has the postal address
Application Usage(3/5)

16. 16
 Resource interdependency
 Operation of one element may affect other elements;
especially cross-document affection
Application Usage(4/5)
 Think of the application usage
as a client of XCAP
 Handset puts a new resource
list (1)
 Application learns of change (4)
 Acting as a client, application
modifies data(5)

17. 17
 Authorization policies
 User can read & write their own data
 User can only read global data
 Global data is readable by everyone, writeable by no one except
privileged users
Application Usage(5/5)

18. URI Construction
18
Based on the Concept of XPath
Example: XCAP root / Document Selector / Node Selector
 XCAP root
Context in which all other resources exist
"http://xcap.example.com" for domain "example.com "
 Document Selector
"/resource-lists/users/sip:joe@example.com/index"
 Node Selector
~~/resource-lists/list%5b@name=%22l1%22%5d

19. XCAP URI的樹狀結構
<?xml version="1.0" encoding="UTF-8"?>
<resource-lists xmlns="urn:ietf:params:xml:ns:resource-lists">
<list name="friends">
<entry uri="sip:bob@example.com">
<name>Bob Jones</name>
</entry>
<list name="close-friends">
<entry uri="sip:hiroshi@example.com">
<name>Hiroshi Aukia</name>
</entry>
</list>
</list>
</resource-lists>
GET
http://xcap.example.com/
resource-lists/users/hiroshi/buddlist/
~~/resource-lists/list/list/entry/name

20. Operations
20
 HTTP PUT
Create or Replace a Document/Element/Attribute
 HTTP DELETE
Delete a Document/Element/Attribute
 HTTP GET
Fetch a Document/Element/Attribute

21. Fetching a Document
GET http://xcap.example.com/address-book/users/petri/adbook1 HTTP/1.1
HTTP/1.1 200 OK
Content-Type: application/adbook+xml
Content-Length: …
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<email>jdrosen@dynamicsoft.com</email>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<email>jdrosen@dynamicsoft.com</email>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>
adbook1

22. Fetching an Element
GET http://xcap.example.com/address-book/users/petri/adbook1/
address-book/entry/name HTTP/1.1
HTTP/1.1 200 OK
Content-Type: application/xml-fragment-body
Content-Length: …
<name>Jonathan Rosenberg</name>
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<email>jdrosen@dynamicsoft.com</email>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>
adbook1

23. Fetching an Attribute
GET http://xcap.example.com/address-book/users/petri/adbook1/
address-book/entry/street/@paved HTTP/1.1
HTTP/1.1 200 OK
Content-Type: application/xml-attribute-value
Content-Length: …
true
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<email>jdrosen@dynamicsoft.com</email>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>
adbook1

24. Delete a Document
DELETE http://xcap.example.com/address-book/users/petri/adbook1 HTTP/1.1
HTTP/1.1 200 OK
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<email>jdrosen@dynamicsoft.com</email>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>
adbook1
NULL

25. Deleting an Element
DELETE http://xcap.example.com/address-
book/users/petri/adbook1/
address-book/entry/name/email HTTP/1.1
HTTP/1.1 200 OK
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<email>jdrosen@dynamicsoft.com</email>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>
adbook1
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>

26. Deleting an Attribute
DELETE http://xcap.example.com/address-
book/users/petri/adbook1/
address-
book/entry/name/postal/street/@paved
HTTP/1.1
HTTP/1.1 200 OK
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<email>jdrosen@dynamicsoft.com</email>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>
adbook1
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<postal>
<street>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>

27. 新增、修改
27
 兩個操作都是使用PUT Request操作文件的內容。
 Server 根據 URI 檢查的方式如下
 解析URI並檢查，文件是否存在、元素是否存在、屬性是
否存在
 不存在就新增 : 新增到同階層的位置
 存在就修改 : 根據URI修改替換舊資料

28. Add an Element
PUT http://xcap.example.com/address-
book/users/petri/adbook1/
address-book/entry/phone HTTP/1.1
Content-Type: application/xml-fragment-body
<phone>+19739525000</phone>
HTTP/1.1 200 OK
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<email>jdrosen@dynamicsoft.com</email>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>
adbook1
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<phone>+19739525000</phone>
<email>jdrosen@dynamicsoft.com</email>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>

29. Modify an Element
PUT http://xcap.example.com/address-
book/users/petri/adbook1/
address-book/entry/name HTTP/1.1
Content-Type: application/xml-fragment-body
<name>Jonathan D. Rosenberg</name>
HTTP/1.1 200 OK
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<email>jdrosen@dynamicsoft.com</email>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>
adbook1
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan D. Rosenberg</name>
<email>jdrosen@dynamicsoft.com</email>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>

30. Conditional Operation
30
 若多方對同一個XML檔進行編輯時，就會發生的衝
突。
 ETag : 可以讓client端與server端的資源關聯記號
(token)。
 配合HTTP定義的header
 if-Match : 若符合，則進行程序
 if-Non-Match : 若不符合，則進行程序
 衝突發生時，Server回傳 412 condition fails

31. 流程範例
31
 User A has version ABC
 Adds buddy, adds If-
Match: ABC
 Buddy added, new
version DEF
 User B also has version
ABC
 Tries to modify it, but it
fails
 B can now fetch it and
make its diff against the
current version

32. Security Considerations
32
 Data manipulated by XCAP often contains
sensitive information
 Using HTTP port: 80
– Hard to apply port-based filtering

33. Solutions
33
 Connection over TLS(Transport Layer Security)
 HTTP Digest Authentication
 Authorization policies in Application Usage

34. Conclusion
34
 Access configuration documents on server:
Presence system
 Maps XML documents and document components
into HTTP URIs
 HTTP primitives can be used to directly manipulate
the data