Metadata Query Protocol Independent
ian@iay.org.uk
metadata web service This document defines a simple protocol for retrieving metadata about named entities, or named collections of entities. The goal of the protocol is to profile various aspects of HTTP to allow requesters to rely on certain, rigorously defined, behaviour. This document is a product of the Research and Education Federations (REFEDS) Working Group process. Discussion of this draft takes place on the MDX mailing list (mdx@lists.iay.org.uk), which is accessed from . XML versions, latest edits and the issues list for this document are available from . The changes in this draft are summarized in .
Many clients of web-based services are capable of consuming descriptive metadata about a service in order to customize or obtain information about the client's connection parameters. While the form of the metadata (e.g., JSON, XML) and content varies between services this document specifies a set of semantics for HTTP ( et seq.) that allow clients to rely on certain behavior. The defined behavior is meant to make it easy for clients to perform queries, to be efficient for both requesters and responders, and to allow the responder to scale in various ways. The Research and Education Federations group () is the voice that articulates the mutual needs of research and education identity federations worldwide. It aims to represent the requirements of research and education in the ever-growing space of access and identity management. From time to time REFEDS will wish to publish a document in the Internet RFC series. Such documents will be published as part of the RFC Independent Submission Stream ; however the REFEDS working group sign-off process will have been followed for these documents, as described in the REFEDS Participant's Agreement. This document is a product of the REFEDS Working Group process.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. This document makes use of the Augmented BNF metalanguage defined in .
A single logical construct for which metadata may be asserted. Generally this is a network accessible service. A machine readable description of certain entity characteristics. Generally metadata provides information such as end point references, service contact information, etc.
The metadata query protocol seeks to fully employ the features of the HTTP protocol. Additionally this specification makes mandatory some optional HTTP features.
The metadata query protocol makes use of the HTTP protocol () to transmit requests and responses. The underlying HTTP connection MAY make use of any appropriate transport protocol. In particular, the HTTP connection MAY make use of either TCP or TLS at the transport layer. See the section for guidance in choosing an appropriate transport protocol.
Requests from clients MUST NOT use an HTTP version prior to version 1.1. Responders MUST reply to such requests using status code 505, "HTTP Version Not Supported". Protocol responders MUST support requests using HTTP version 1.1, and MAY support later versions.
All metadata query requests MUST use the GET method.
All metadata query requests MUST include the following HTTP headers: Accept - this header MUST contain the content-type identifying the type, or form, of metadata to be retrieved. See section 5.3.2 of . All metadata query requests SHOULD include the following HTTP headers: Accept-Charset, see section 5.3.3 of Accept-Encoding, see section 5.3.4 of A metadata request to the same URL, after an initial request, MUST include the following header: If-None-Match, see section 3.2 of .
All successful metadata query responses (even those that return no results) MUST include the following headers: Content-Encoding - required if, and only if, content is compressed. See section 3.1.2.2 of . Content-Type, see section 3.1.1.5 of . ETag, see section 2.3 of . All metadata retrieval responses SHOULD include the following headers: Cache-Control, see section 5.2 of . Content-Length, see section 3.3.2 of Last-Modified, see section 2.2 of .
This protocol uses the following HTTP status codes: 200 "OK" - standard response code when returning requested metadata 304 "Not Modified" - response code indicating requested metadata has not been updated since the last request 400 "Bad Request" - response code indicating that the requester's request was malformed in some fashion 401 "Unauthorized" - response code indicating the request must be authenticated before requesting metadata 404 "Not Found" - indicates that the requested metadata could not be found; this MUST NOT be used in order to indicate a general service error. 405 "Method Not Allowed" - response code indicating that a non-GET method was used 406 "Not Acceptable" - response code indicating that metadata is not available in the request content-type 505 "HTTP Version Not Supported" - response code indicating that HTTP/1.1 was not used
Requests defined in this document are performed by issuing an HTTP GET request to a particular URL (). The final component of the path to which requests are issued is defined by the requests specified within this document. A base URL precedes such paths. Such a base URL: MUST contain the scheme and authority components. MUST contain a path component ending with a slash ('/') character. MUST NOT include a query component. MUST NOT include a fragment identifier component.
As there may be many representations for a given piece of metadata, agent-driven content negotiation is used to ensure the proper representation is delivered to the requester. In addition to the required usage of the Accept header a responder SHOULD also support the use of the Accept-Charset header.
The metadata query protocol retrieves metadata either for all entities known to the responder or for a named collection based on a single "tag" or "keyword" identifier. A request returns information for none, one, or a collection of entities.
The query protocol uses identifiers to "tag" metadata for single- and multi-entity metadata collections. The assignment of such identifiers to a particular metadata document is the responsibility of the query responder. If a metadata collection already contains a well known identifier it is RECOMMENDED that such a natural identifier is used when possible. Any given metadata collection MAY have more than one identifier associated with it. An identifier used in the query protocol is a non-empty sequence of arbitrary 8-bit characters:
A metadata query request for all entities tagged with a particular identifier is performed by issuing an HTTP GET request to a URL constructed as the concatenation of the following components: The responder's base URL. The string "entities/". A single identifier, percent-encoded appropriately for use as a URL path segment (see sections 2.1 and 3.3 of ). For example, with a base URL of http://example.org/mdq/, a query for the identifier foo would be performed by an HTTP GET request to the following URL:
Correct encoding of the identifier as a URL path segment is critical for interoperability. In particular: The character '/' MUST be percent-encoded. The space character MUST be encoded as '%20' and MUST NOT be encoded as '+' as would be required in a query parameter. For example, with a base URL of http://example.org/mdq/, a query for the identifier "blue/green+light blue" would be performed by an HTTP GET request to the following URL:
A metadata query request for all entities known to the responder is performed by issuing an HTTP GET request to a URL constructed as the concatenation of the following components: The responder's base URL. The string "entities". For example, with a base URL of http://example.org/mdq/, a query for all entities would be performed by an HTTP GET request to the following URL:
The response to a metadata query request MUST be a document that provides metadata for the given request in the format described by the request's Accept header. The responder is responsible for ensuring that the metadata returned is valid. If the responder can not create a valid document it MUST respond with a 406 status code. An example of such an error would be the case where the result of the query is metadata for multiple entities but the request content type does not support returning multiple results in a single document.
The following example demonstrates a metadata query request using a base URL of http://metadata.example.org/service/ and the identifier http://example.org/idp.
.... ]]>
Upon a successful response the responder MUST return an ETag header and MAY return a Last-Modified header as well. Requesters SHOULD use either or both, with the ETag being preferred, in any subsequent requests for the same resource. In the event that a resource has not changed since the previous request, the responder SHOULD send a 304 (Not Modified) status code as a response.
Responders SHOULD include cache control information with successful (200 status code) responses, assuming the responder knows when retrieved metadata is meant to expire. The responder SHOULD also include cache control information with 404 Not Found responses. This allows the requester to create and maintain a negative-response cache. When cache controls are used only the 'max-age' directive SHOULD be used.
As should be apparent from the required request and response headers this protocol encourages the use of content compression. This is in recognition that some metadata documents can be quite large or fetched with relatively high frequency. Requesters SHOULD support, and advertise support for, gzip compression unless such usage would put exceptional demands on constrained environments. Responders MUST support gzip compression. Requesters and responders MAY support other compression algorithms.
The Metadata Query Protocol is extensible using the following protocol extension points: Profiles of this specification may assign semantics to specific identifiers, or to identifiers structured in particular ways. Profiles of this specification may define additional paths (other than entities and entities/) below the base URL.
As metadata often contains information necessary for the secure operation of interacting services it is RECOMMENDED that some form of content integrity checking be performed. This may include the use of TLS at the transport layer, digital signatures present within the metadata document, or any other such mechanism.
In many cases service metadata is public information and therefore confidentiality is not required. In the cases where such functionality is required, it is RECOMMENDED that both the requester and responder support TLS. Other mechanisms, such as XML encryption, MAY also be supported.
All responders which require client authentication to view retrieved information MUST support the use of HTTP basic authentication (, ) over TLS. Responders SHOULD also support the use of X.509 client certificate authentication.
This document has no actions for IANA.
The editor would like to acknowledge the following individuals for their contributions to this document: Scott Cantor (The Ohio State University) Leif Johansson (SUNET) Thomas Lenggenhager (SWITCH) Joe St Sauver (University of Oregon) Tom Scavo (Internet2) Special acknowledgement is due to Chad LaJoie (Covisint) for his work in editing previous versions of this specification.
Uniform Resource Identifier (URI): Generic Syntax Augmented BNF for Syntax Specifications: ABNF REFEDS Home Page Research and Education Federations REFEDS Participant's Agreement Research and Education Federations MDX Mailing List md-query Project
Adopted as base for draft-young-md-query-00. Updated author and list of contributors. Changed ipr from "pre5378Trust200902" to "trust200902", submission type from IETF to independent and category from experimental to informational. Added empty IANA considerations section. Minor typographical nits but (intentionally) no substantive content changes.
Split into two documents: this one is as agnostic as possible around questions such as metadata format and higher level protocol use cases, a new layered document describes the detailed requirements for SAML support. Rewrite to clarify construction of the request URL and its relationship to the base URL. Added to clarify that the transport protocol underlying HTTP may be either TCP or SSL/TLS. Clarify position on HTTP versions which may be used to underly this protocol. Added Change Log modelled on draft-ietf-httpbis-http2. Added a reference to . Use ABNF to describe request syntax. Replace transformed identifier concept with extended identifiers (this also resulted in the removal of any discussion of specific transformed identifier formats). Add grammar to distinguish basic from extended identifiers. Changed the required response when the result can not be validly expressed in the requested format from 500 to 406. Removed the '+' operator and all references to multiple identifiers in queries. If more complex queries are required, these will be reintroduced at a different path under the base URL. Added a section describing .
Added REFEDS RFC stream boilerplate. Tidied up some normative language.
Introduced a normative reference to . Reworked the definition of the base URL so that a non-empty path ending with '/' is required. This allows the definition of request URLs to be simplified. Clarified the definition of the base URL to exclude a query component; corrected the terminology for the fragment identifier component. Added the definition for the query for all entities in . Corrected an example in to include the required double quotes in the value of an ETag header. Added text to clarify the base URL and identifier being used in the example. Simplified the definition of identifiers, so that any non-empty identifier is accepted and no semantics are defined for particular structures. Extended syntaxes such as the {sha1} notation for transformed identifiers are now left to profiles. Remove incidental references to SSL. Remove status code 501 ("not implemented") as it is no longer referenced.
Correct a typo in the identifier grammar.
Updated to rely on the new definition of HTTP/1.1 in et seq. instead of RFC 2616. Corrected to indicate that the request contains an Accept header, not a Content-Type header. Added an Editorial Note to help direct readers back to the discussion.
Remove unnecessary percent-encoding of a ':' character in the example in . Removed use of the ambiguous term "URL-encoded" in . Instead, indicate that the encoding must correspond to the rules for encoding a URL path segment specifically, and call out some of the more important implications arising from that. Added a new example illustrating these implications. Updated the description of conditional retrieval in to make the use of a 304 (Not Modified) status code a normative but non-mandatory obligation on the responder, not simply a description of what the requester will receive.
No substantive changes.
No substantive changes.
Modernise normative language to include . Reference instead of the Internet-Draft. Improved references to RFCs.
No substantive changes.
No substantive changes.
No substantive changes.
No substantive changes.
No substantive changes.
No substantive changes.
No substantive changes.
No substantive changes.
No substantive changes.
Formatting changes to allow rendering with xml2rfc version 3.
No substantive changes.