[WIP] Wrapping RFC 8030

[ArnyminerZ]

Note

Still a work in progress, will be further expanded.

Note

To be clear, this only talks about subscription method. There's no definition here on how the push distribution should work. That is being discussed in #16, #17, #18 and #20.

As discussed, I think that we can define WebDAV PUSH on top of RFC-8030. This way we don't have to reinvent some things, and also we work over some standards, which is always good.

And commented in our Bitfire internal discussion, it can be a good option to just reference sections of RFC8030, and build the specification by referencing and extending.

Push properties

Following this idea, and developing what we have come up with until now, I think it's safe to say that we will be providing the information about PUSH in the propstat section of a PROPFIND to the resource. So to illustrate some examples. Let's say we make a propfind to our personal collection in Nextcloud. Using curl:

curl -X PROPFIND -u username:password https://nextcloud.local/remote.php/dav/calendars/username/personal

Let's say that the response is something like this:

<?xml version="1.0"?>
<d:multistatus
    xmlns:d="DAV:"
    xmlns:s="http://sabredav.org/ns"
    xmlns:cal="urn:ietf:params:xml:ns:caldav"
    xmlns:cs="http://calendarserver.org/ns/"
    xmlns:oc="http://owncloud.org/ns"
    xmlns:nc="http://nextcloud.org/ns">
    <d:response>
        <d:href>/remote.php/dav/calendars/arnyminerz/personal/</d:href>
        <d:propstat>
            <d:prop>
                <d:resourcetype>
                    <d:collection/>
                    <cal:calendar/>
                </d:resourcetype>
                <cs:getctag>http://sabre.io/ns/sync/19</cs:getctag>
                <s:sync-token>19</s:sync-token>
                <cal:supported-calendar-component-set>
                    <cal:comp name="VEVENT"/>
                </cal:supported-calendar-component-set>
                <cal:schedule-calendar-transp>
                    <cal:opaque/>
                </cal:schedule-calendar-transp>
                <d:displayname>Personal</d:displayname>
                <x1:calendar-order
                    xmlns:x1="http://apple.com/ns/ical/">0
                </x1:calendar-order>
                <x1:calendar-color
                    xmlns:x1="http://apple.com/ns/ical/">#0082c9
                </x1:calendar-color>
                <x2:owner-displayname
                    xmlns:x2="http://nextcloud.com/ns">Your Name
                </x2:owner-displayname>
            </d:prop>
            <d:status>HTTP/1.1 200 OK</d:status>
        </d:propstat>
    </d:response>
    <d:response>
        <d:href>/remote.php/dav/calendars/username/personal/8fb57d3f-de61-49e3-83bb-ba5ac140375d.ics</d:href>
        <d:propstat>
            <d:prop>
                <d:getlastmodified>Tue, 07 Nov 2023 13:48:51 GMT</d:getlastmodified>
                <d:getcontentlength>0</d:getcontentlength>
                <d:resourcetype/>
                <d:getetag>&quot;7c56d206bf33caf6607a27217d8fea13&quot;</d:getetag>
                <d:getcontenttype>text/calendar; charset=utf-8; component=vevent</d:getcontenttype>
            </d:prop>
            <d:status>HTTP/1.1 200 OK</d:status>
        </d:propstat>
    </d:response>
</d:multistatus>

Note that I'm omitting all the XML namespaces from now on for simplicity.

Then what we can do is provide an extra property in the first response > propstat > prop. Let's call it push-subscription, for example, which targets a subscription endpoint as defined in RFC-8030~4.

Following this idea, we can even provide another property, for example supported-push-component-set, that specifies exactly which PUSH providers are available to subscribe with. So for example, if this subscription endpoint supports FCM and UnifiedPush, the contents of this set can be as simple as:

<supported-push-component-set>
  <fcm />
  <unified-push />
</supported-push-component-set>

Then we already know which services or PUSH providers are available for this endpoint. Scoping it this way also provides the server the possibility to restrict PUSH support for specific collections for example.

The same can be applied to CalDAV, I've modified the response from Nextcloud to include the features described above.

<?xml version="1.0"?>
<d:multistatus
    xmlns:d="DAV:"
    xmlns:s="http://sabredav.org/ns"
    xmlns:card="urn:ietf:params:xml:ns:carddav"
    xmlns:oc="http://owncloud.org/ns"
    xmlns:nc="http://nextcloud.org/ns">
    <d:response>
        <d:href>/remote.php/dav/addressbooks/users/username/z-server-generated--system/</d:href>
        <d:propstat>
            <d:prop>
                <d:resourcetype>
                    <d:collection/>
                    <card:addressbook/>
                </d:resourcetype>
                ----
                <push-subscription>https://nextcloud.local/remote.php/dav/push/addressbooks/username/z-server-generated--system</push-subscription>
                <supported-push-component-set>
                    <fcm />
                    <unified-push />
                </supported-push-component-set>
                ----
            </d:prop>
            <d:status>HTTP/1.1 200 OK</d:status>
        </d:propstat>
    </d:response>
    <d:response>
        <d:href>/remote.php/dav/addressbooks/users/username/z-server-generated--system/Database:aaa.vcf</d:href>
        <d:propstat>
            <d:prop>
                <d:getlastmodified>Fri, 30 Jun 2023 10:20:05 GMT</d:getlastmodified>
                <d:getcontentlength>0</d:getcontentlength>
                <d:resourcetype/>
                <d:getetag>&quot;acf559d422812061f3483c11f2518117&quot;</d:getetag>
                <d:getcontenttype>text/vcard; charset=utf-8</d:getcontenttype>
            </d:prop>
            <d:status>HTTP/1.1 200 OK</d:status>
        </d:propstat>
    </d:response>
</d:multistatus>

Note that the endpoints have been invented and are arbitrary, further specification, if any shall be discussed.

Subscription

Now that we know where to subscribe to, we can follow up the instructions at RFC-8030~4, with even the possibility of adopting RFC-8030~4.1, which maybe can be useful in cases where topics are not supported, I'm not sure about this, but in any case, I think it can be useful to group subscriptions.

To summarize a little bit Section 4, let's say we want to subscribe to the adressbook above, we can make the following POST request:

   POST /remote.php/dav/push/addressbooks/username/z-server-generated--system HTTP/1.1
   Host: nextcloud.local

In here we can also pass the PUSH provider in some way, I think a header may be enough. I've done some research, and even though it's not intended for this use, the Push-Policy draft header (which has expired), may be used. So if we want to use FCM, the full request would be:

   POST /remote.php/dav/push/addressbooks/username/z-server-generated--system HTTP/1.1
   Host: nextcloud.local
   Push-Policy: fcm

Though maybe we can just make up a new header name, something like Push-Method, for example, which may be more suitable, and we really don't need to adapt to an existing header name.

Then, the server can respond with the 201 Created specified by RFC-8030:

   HTTP/1.1 201 Created
   Date: Thu, 11 Dec 2014 23:56:52 GMT
   Link: </remote.php/dav/push/addressbooks/username/v4QjZ53F8B4G2GM2N7Urjt4XxuNW4DY4>;
           rel="urn:ietf:params:push"
   Location: https://nextcloud.local/remote.php/dav/push/subscription/2yqa5pzcavQtPZXVEWnmQh2LKdTG83XU

I think it's important to know that in this case, the Nextcloud installation (DAV server) and the PUSH server are on the same machine, but the push-subscription can really be anywhere, that's why the whole HTTP address is written down, and not a relative path.

As specified by RFC-8030:

The push service MUST provide a URI for the push resource corresponding to the push message subscription in a link relation of type "urn:ietf:params:push".

To be more clear, as as far as I understand, the URI given in the Link response header (/remote.php/dav/push/addressbooks/username/v4QjZ53F8B4G2GM2N7Urjt4XxuNW4DY4) is where clients can PUSH to this subscription, so for example, if the client that is making the subscription does a modification, making a POST request to this endpoint should notify all the subscribed clients.

In our case, to follow the specification, the DAV server must subscribe to all the resources that support PUSH. And that's where I think the subscriptions set may be useful. We can define an interface where the DAV server "creates" new subscription sets, and then they are stored to be distributed to the requesting clients in the push-subscription property. In this sense, push-subscription won't be a proper subscription endpoint but a subscription set. So we might have to define again a new property, for example push-server, which actually holds the subscription URL, which can be a simple one, it doesn't need to have a long path, maybe just something like https://nextcloud.local/remote.php/dav/push/subscribe, and then the subscription set is specified through a Link header as specified by RFC-8030~4.1.

To give a proper example, and summarize everything, the POST request for subscribing would be something like:

   POST /remote.php/dav/push/subscribe HTTP/1.1
   Host: nextcloud.local
   Link: </subscription-set/3uy86FiXDUjoRaLgGSvSQpFwirAUsnWD>;
           rel="urn:ietf:params:push:set"
   Push-Policy: fcm

Error handling

We must provide some standarized way of notifying the client about subscription errors. RFC8030 says:

A push service MUST return a 400 (Bad Request) status code for
requests that contain an invalid subscription set. A push service
MAY return a 429 (Too Many Requests) status code [RFC6585] to reject
requests that omit a subscription set.

Then, errors would be:

• 400 Bad Request: Subscription set invalid.
• 405 Method Not Allowed: The requested PUSH provider (Push-Policy) is not acceptable.
• 429 Too Many Requests: Missing subscription set.
• 503 Service Unavailable: The requested PUSH provider is not available (service down?).

PUSH Message Delivery

Following on the specification given in RFC-8030~5, and the structure given before, the client would never know the "push resource" of the collection, instead, this information would be known by the server, which created the subscription set. So the client will never have to request the distribution of the PUSH notification, the server will handle all the work automatically when some data is updated through any request.

Then this section only applies to the DAV server, clients won't have anything to do here.

Once a resource is updated in the server, let's say a calendar event has been created, since the DAV server already knows the PUSH resource URL of the collection updated, it has to make the following POST request:

   POST /remote.php/dav/push/JzLQ3raZJfFBR0aqvOMsLrt54w4rJUsV HTTP/1.1
   Host: nextcloud.local
   TTL: 15
   Content-Type: text/plain;charset=utf8
   Content-Length: 0

   <body>

Until further specification, I think the body can remain empty. Since there's one PUSH resource set for each collection (as listed in the PROPFIND), pushing there already specifies which collection has been updated, and then the client just asks the DAV server for the new data. In this way, the PUSH server can be completely unaware of what's in the collection, it just knows there's a collection called something, somewhere.

To provide more security and get rid of metadata, DAV servers could also just generate random resource set names, and it would be really opaque for the PUSH server to know which data is being handled.

Then, once the PUSH server processes the request, a 201 Created response is given:

   HTTP/1.1 201 Created
   Date: Thu, 11 Dec 2014 23:56:55 GMT
   Location: https://nextcloud.local/remote.php/dav/push/message/zGvU9Db28bPnw3QgW2M7xBjgbyGStJSn

I'm not sure which information this message endpoint may have, but for example we can use the TTL header to hold the information about the PUSH message for a given amount of time, as specified in RFC-8030~5.2, and if a request is made to the message endpoint, some information about the delivery can be provided. Then the information of

User agents are often only intermittently connected, and so benefit from having short-term message storage at the push service.

can also be fetched from here. And maybe also being able to make DELETE requests to get rid of messages that are queued. But I think that's not important right now, and can be discussed in the future.

[tcitworld]

So for example, if this subscription endpoint supports FCM and UnifiedPush, the contents of this set can be as simple as:

<supported-push-component-set>
 <fcm />
 <unified-push />
</supported-push-component-set>

XML's vocabulary is supposed to be scoped to a namespace. Do we need supported-push-component-set and push-subscription to be added to one, and each push provider (fcm, unified push, webpush, …) to add their own? This would allow custom attributes and child on providers elements.

Though maybe we can just make up a new header name, something like Push-Method, for example, which may be more suitable, and we really don't need to adapt to an existing header name.

Push-Method sounds more appropriate indeed.

Until further specification, I think the body can remain empty

An interesting information Apple's caldav-pubsubdiscovery extension gave was dataChangedTimestamp and pushRequestSubmittedTimestamp, which are respectively :

• the unix epoch time (in seconds) when the change that triggered this notification took place
• the unix epoch time (in seconds) when the CalDAV/CardDAV server sent the notification to the APNs servers

(having both is probably not needed)

Such an information can be useful:

• to know if a notification can be ignored, for instance if it has been delayed and the collection has already been synced in the meantime, so no need to sync it again
• when receiving multiple notifications at the same time, to find out the order in which they were sent

[ArnyminerZ]

XML's vocabulary is supposed to be scoped to a namespace

Yeah, I know, I just skipped it right now for the sake of simplicity. I really didn't want to define one right now 😅

Do we need supported-push-component-set and push-subscription to be added to one, and each push provider (fcm, unified push, webpush, …) to add their own? This would allow custom attributes and child on providers elements.

Yup, that's the idea. If we want to keep a "more flexible" definition. Maybe we can just define the providers as

<supported-push-component-set>
  <provider key="fcm" />
  <provider key="unified-push" />
</supported-push-component-set>

And that would leave what "key" means to each implementation of the standard.

[ArnyminerZ]

The second part of your message, I think that would fit inside of the PUSH message endpoint. It still has to be discussed if we really want to define how that endpoint should be implemented, or if we just want to define "which information should it contain".

What I mean is that we can say "use JSON/XML in this format", or just: the endpoint shall contain these x fields.

I think the second approach would be more "standard-friendly", but I guess we can define whatever is decided 🤷🏼

[ArnyminerZ]

1. DAV Server setup

When the DAV Server first starts, there can be two situations:

1. First boot of the server, there are no collections created for anything.
   In this case the server doesn't need to do anything, just wait until a collection is created.
2. The server has already been started before, there's some data stored (migration).
   The server must create a subscription set for each collection (see below).

1.1. Creating a new subscription set

When a new collection that supports PUSH is created, a subscription must also be initialized. This is, creating a new subscription set which will hold all the subscriptions made to that resource. This task must be performed by the DAV server.

For security, the subscription set id must be a random string. I suggest creating a new UUIDv4, and storing it somewhere in the DAV server's database, even though I wouldn't specify it in the standard but leave it to the implementation.

So let's say the server says "I want to enable PUSH subscriptions for collection x", the steps to follow are:

1. Define a random string for the collection subscription set. Eg. 0896894c-59c7-4fa4-aba8-ef6100f6d07c
2. Ask the PUSH server to create the subscription set.

Tip

Note that maybe this step isn't really mandatory. We can just create the subscription set identifier, and store it somewhere. Then the PUSH server would create the subscription set when the first subscription is requested.

2. User PROPFINDs a collection

At some point, the user will PROPFIND a collection that supports PUSH (to be defined by the server, maybe all collections support PUSH).

<?xml version="1.0"?>
<d:multistatus
    xmlns:d="DAV:"
    xmlns:s="http://sabredav.org/ns"
    xmlns:cal="urn:ietf:params:xml:ns:caldav"
    xmlns:cs="http://calendarserver.org/ns/"
    xmlns:oc="http://owncloud.org/ns"
    xmlns:nc="http://nextcloud.org/ns"
    xmlns:ps="http://webdav-push.example.com/ns">
    <d:response>
        <d:href>/remote.php/dav/calendars/arnyminerz/personal/</d:href>
        <d:propstat>
            <d:prop>
                <d:resourcetype>
                    <d:collection/>
                    <cal:calendar/>
                </d:resourcetype>
                <!-- [...] -->
                <x2:owner-displayname xmlns:x2="http://nextcloud.com/ns">Your Name</x2:owner-displayname>
                <!-- Start PUSH information -->
                <ps:push-server>https://nextcloud.local/remote.php/dav/push/subscribe</ps:push-server>
                <ps:push-subscription>/subscription-set/3uy86FiXDUjoRaLgGSvSQpFwirAUsnWD</ps:push-subscription>
                <ps:supported-push-component-set>
                    <ps:provider key="fcm" />
                    <ps:provider key="unified-push" />
                </ps:supported-push-component-set>
                <!-- End PUSH information -->
            </d:prop>
            <d:status>HTTP/1.1 200 OK</d:status>
        </d:propstat>
    </d:response>
    <!-- More d:response... -->
</d:multistatus>

At this point two things may happen:

1. The current client doesn't support any of the given push providers.
   For example, a web browser that doesn't support FCM nor UnifiedPush.
2. The client supports at least one of the providers, then either the user or the app must choose which provider to use.

3. Create the subscription

Now that the compatibility is guaranteed, we can proceed to create the subscription.

POST /remote.php/dav/push/subscribe HTTP/1.1
Host: nextcloud.local
Link: </subscription-set/3uy86FiXDUjoRaLgGSvSQpFwirAUsnWD>;rel="urn:ietf:params:push:set"
Push-Method: fcm

HTTP/1.1 201 Created
Date: Thu, 11 Dec 2014 23:56:52 GMT
Link: </remote.php/dav/push/distribute/v4QjZ53F8B4G2GM2N7Urjt4XxuNW4DY4>;rel="urn:ietf:params:push"
Link: </subscription-set/3uy86FiXDUjoRaLgGSvSQpFwirAUsnWD>;rel="urn:ietf:params:push:set"
Location: https://nextcloud.local/remote.php/dav/push/subscription/2yqa5pzcavQtPZXVEWnmQh2LKdTG83XU

Warning

We are not specifying any authentication. RFC-8030 states that HTTP over TLS is mandatory. Even though the subscription management strings are random, maybe on applications that require a higher level of security, the implementation should set some auth criteria.

Now the client must store the Location returned (https://nextcloud.local/remote.php/dav/push/subscription/2yqa5pzcavQtPZXVEWnmQh2LKdTG83XU), since that address is where the subscription can be managed. This is checking whether the server has cancelled it, or if it has expired.

4. Subscription management

4.1. Check status

GET /remote.php/dav/push/subscription/2yqa5pzcavQtPZXVEWnmQh2LKdTG83XU HTTP/1.1
Host: nextcloud.local

HTTP/1.1 200 OK
Date: Thu, 11 Dec 2014 23:56:52 GMT
Content-Type: application/xml;charset=utf8
Content-Length: 308

<?xml version="1.0"?>
<ps:subscription xmlns:ps="http://webdav-push.example.com/ns">
    <ps:status>ONLINE</ps:status>
    <ps:data-changed-timestamp>2023-12-19T10:57:45Z</ps:data-changed-timestamp>
    <ps:push-requested-timestamp>2023-12-19T10:57:45Z</ps:push-requested-timestamp>
</ps:subscription>

4.2. Cancel subscription

DELETE /remote.php/dav/push/subscription/2yqa5pzcavQtPZXVEWnmQh2LKdTG83XU HTTP/1.1
Host: nextcloud.local

HTTP/1.1 200 OK
Date: Thu, 11 Dec 2014 23:56:52 GMT