XCAP (Extensible Markup Language Configuration Access Protocol) allows users to read, add, and modify XML formatted friend data stored on a server. It maps XML document elements and attributes to HTTP URIs. XCAP can be used in presence systems for buddy lists, authorization policies, and storing hard state presence data.
2. What is XCAP?
2
XCAP能夠讓使用者讀取、新增、修改儲存在
Server上的好友資料(XML格式)
XCAP能將XML文件內的元素、屬性等,映射
到HTTP URI
XCAP在Presence System中的應用
Buddy Lists
Authorization Policies
Hard state presence data
3. Buddy List Use Case
Client wants to subscribe
to a list of users
Send SUBSCRIBE to
server using SIP event
list extension
Server retrieves list
associated with buddylist
URI
Generates SUBSCRIBEs to
them
Client can manage that
list
Add, remove, modify entries
Subscribe Joe
Subscribe Bob
Subscribe Mary
Subscribe List
Read
List
Write
List
Data
Manipulation
Server
Client
Standard Ifaces
Hiroshi
Hiroshi
4. Authorization Use Case
User Hiroshi subscribes to
Petri
No auth policy in place,
generates a winfo
NOTIFY to Petri
Petri needs to be able to
set authorization decision
for Hiroshi
Want to be able to set
such policies outside of a
subscription as well
Subscribe Petri
Read
List
Write
List
Data
Manipulation
Server
Client
Standard Ifaces
winfo
Hiroshi
Petri
5. Hard State Presence Management
Hiroshi subscribes to Petri
Petri has been offline for
weeks
Server sends NOTIFY
with current presence
state
Petri wants to control
default state when offline
Set it to
<activity>vacation</activit
y>
Subscribe Petri
Read
PIDF
Write
PIDF
Data
Manipulation
Server
Client
Standard Ifaces
Notify
Hiroshi
Petri
13. Application Usage(1/5)
13
Each application has its own Application
Usage
Define how the XCAP server can
manipulate corresponding application
documents
Key components:
AUID
XML Schema
Data Semantics
Resource Interdependency
Authorization Policies
14. 14
Application Unique ID
Unique Identifier for each application
Two sub-namespaces
IETF tree
Example : “resource-lists” , “pidf-
manipulation” , “pres-rules”
Vendor tree:
prefixed with the reverse domain name of the
organization
Example: “com.example.customer-list”
Application Usage(2/5)
15. 15
Data Semantics
An address book is a series of <entry> elements
Each <entry> is information about an entry in the
address book
It has a <name>, which is the use persons first and
last name
It has an <email> element, which contains the email
address of the person
It has a <postal> element that has the postal address
Application Usage(3/5)
16. 16
Resource interdependency
Operation of one element may affect other elements;
especially cross-document affection
Application Usage(4/5)
Think of the application usage
as a client of XCAP
Handset puts a new resource
list (1)
Application learns of change (4)
Acting as a client, application
modifies data(5)
17. 17
Authorization policies
User can read & write their own data
User can only read global data
Global data is readable by everyone, writeable by no one except
privileged users
Application Usage(5/5)
18. URI Construction
18
Based on the Concept of XPath
Example: XCAP root / Document Selector / Node Selector
XCAP root
Context in which all other resources exist
"http://xcap.example.com" for domain "example.com "
Document Selector
"/resource-lists/users/sip:joe@example.com/index"
Node Selector
~~/resource-lists/list%5b@name=%22l1%22%5d
20. Operations
20
HTTP PUT
Create or Replace a Document/Element/Attribute
HTTP DELETE
Delete a Document/Element/Attribute
HTTP GET
Fetch a Document/Element/Attribute
21. Fetching a Document
GET http://xcap.example.com/address-book/users/petri/adbook1 HTTP/1.1
HTTP/1.1 200 OK
Content-Type: application/adbook+xml
Content-Length: …
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<email>jdrosen@dynamicsoft.com</email>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<email>jdrosen@dynamicsoft.com</email>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>
adbook1
22. Fetching an Element
GET http://xcap.example.com/address-book/users/petri/adbook1/
address-book/entry/name HTTP/1.1
HTTP/1.1 200 OK
Content-Type: application/xml-fragment-body
Content-Length: …
<name>Jonathan Rosenberg</name>
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<email>jdrosen@dynamicsoft.com</email>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>
adbook1
23. Fetching an Attribute
GET http://xcap.example.com/address-book/users/petri/adbook1/
address-book/entry/street/@paved HTTP/1.1
HTTP/1.1 200 OK
Content-Type: application/xml-attribute-value
Content-Length: …
true
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<email>jdrosen@dynamicsoft.com</email>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>
adbook1
24. Delete a Document
DELETE http://xcap.example.com/address-book/users/petri/adbook1 HTTP/1.1
HTTP/1.1 200 OK
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<email>jdrosen@dynamicsoft.com</email>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>
adbook1
NULL
25. Deleting an Element
DELETE http://xcap.example.com/address-
book/users/petri/adbook1/
address-book/entry/name/email HTTP/1.1
HTTP/1.1 200 OK
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<email>jdrosen@dynamicsoft.com</email>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>
adbook1
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>
26. Deleting an Attribute
DELETE http://xcap.example.com/address-
book/users/petri/adbook1/
address-
book/entry/name/postal/street/@paved
HTTP/1.1
HTTP/1.1 200 OK
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<email>jdrosen@dynamicsoft.com</email>
<postal>
<street paved=“true”>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>
adbook1
<?xml version="1.0" encoding="UTF-8"?>
<address-book>
<!—This guy is a bozo --
<entry>
<name>Jonathan Rosenberg</name>
<postal>
<street>600 Lanidex Pl</street>
<city>Parsippany</city>
<state>NJ</state>
<country>USA</country>
</postal>
<ietf-participant/>
</entry>
</address-book>
31. 流程範例
31
User A has version ABC
Adds buddy, adds If-
Match: ABC
Buddy added, new
version DEF
User B also has version
ABC
Tries to modify it, but it
fails
B can now fetch it and
make its diff against the
current version
32. Security Considerations
32
Data manipulated by XCAP often contains
sensitive information
Using HTTP port: 80
– Hard to apply port-based filtering
33. Solutions
33
Connection over TLS(Transport Layer Security)
HTTP Digest Authentication
Authorization policies in Application Usage
34. Conclusion
34
Access configuration documents on server:
Presence system
Maps XML documents and document components
into HTTP URIs
HTTP primitives can be used to directly manipulate
the data