You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content.mkd
+20-9Lines changed: 20 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -413,7 +413,7 @@ Corresponding terminology:
413
413
* (WebDAV-Push) push server ↔ (Web Push) application server
414
414
* (WebDAV-Push) push client ↔ (Web Push) user agent
415
415
416
-
Message encryption {{RFC8291}} MUST be used. VAPID {{RFC8292}} SHOULD be used. (If other methods to provide a security context for Web Push become established, those can be used and necessary WebDAV properties shall be added to this document.)
416
+
Message encryption ({{message-encryption}}) MUST be used. VAPID ({{vapid}}) SHOULD be used. (If other methods to provide a security context for Web Push become established, those can be used and necessary WebDAV properties shall be added to this document.)
417
417
418
418
A server that supports the Web Push transport MUST list the `web-push` element in the `transports` property.
419
419
@@ -444,12 +444,14 @@ A server that supports the Web Push transport MUST list the `web-push` element i
444
444
445
445
To register a Web Push subscription, the `subscription` element of the `push-register` request contains exactly one `web-push-subscription`.
446
446
447
-
The `web-push-subscription` element represents the public information of a Web Push subscription that is shared with the WebDAV-Push server (Web Push application server).
447
+
The `web-push-subscription` element represents the public information of a Web Push subscription that is shared with the WebDAV-Push server.
448
448
449
-
It contains exactly one `push-resource` element, which contains an absolute URI that identifies the endpoint where Web Push notifications are sent to. The push resource is the unique identifier for the subscription.
449
+
It contains exactly one `push-resource` element, which specifies the absolute URI that identifies the endpoint where Web Push notifications are sent to.
450
450
451
+
A Web Push subscription is uniquely identified by its push resource.
451
452
452
-
## VAPID
453
+
454
+
## VAPID {#vapid}
453
455
454
456
VAPID binds push subscriptions to the specific WebDAV-Push server.
455
457
@@ -460,7 +462,7 @@ If available, the client MUST use this key to create a restricted subscription a
460
462
A client can expect the VAPID public key to be the same for all resources on the server. When the server provides a VAPID public key, it MUST include a corresponding `Authorization` header when sending a push message in order to prove its identity to the push service.
461
463
462
464
463
-
## Message Encryption
465
+
## Message Encryption {#message-encryption}
464
466
465
467
Message encryption hides details of push messages from the push services. Before creating the subscription, the client generates a key pair as defined in {{RFC8291}}.
466
468
@@ -470,7 +472,7 @@ When the client then registers this subscription at the server, it MUST include
470
472
*`client-public-key` – public key of the user agent's key pair in uncompressed form and base64url encoded; attribute `type="p256dh"` MUST be added to allow different key types in the future
471
473
*`auth-secret` – authentication secret
472
474
473
-
These properties are bound to the subscription, which is identified by the push resource. A server doesn't need to store these properties for every registration, but only once for the subscription.
475
+
These properties are bound to the subscription (which is identified by the push resource). A server doesn't need to store these properties for every registration, but only once for the subscription.
474
476
475
477
The server uses these data to encrypt the payload before sending it to the push service. The client then decrypts the payload again.
476
478
@@ -479,14 +481,23 @@ The server uses these data to encrypt the payload before sending it to the push
479
481
480
482
The push message is delivered via `POST` to the push resource, with `Content-Type: application/xml; charset="UTF-8"`.
481
483
482
-
The server MAY send the push message with a `Topic` header so that an undelivered push message can be replaced by an updated one. The server MUST ensure that the meaning doesn't change when a push message is potentially replaced. Usually this means that the value is derived from the collection topic and the information whether the push message indicates a content and/or property update. The `Topic` header is visible to the push service, so its value MUST NOT contain sensitive information.
484
+
The server MAY send the push message with a `Topic` header so that an undelivered push message can be replaced by an updated one. The server MUST ensure that the meaning doesn't change when a push message is potentially replaced. The `Topic` header is visible to the push service, so its value MUST NOT contain sensitive information.
485
+
486
+
For instance, the header value could be derived with a secure hash function from
483
487
484
-
The server MAY use the `Urgency` header to set the priority of the push message. For instance, a CalDAV server may send push notifications for new/changed events with alarms that are scheduled within the next 15 minutes with `Urgency: high` so that users receive the alarm as soon as possible. Updates that are not that time-critical for the user, for instance in slowly changing collections like a holiday calendar may be sent with `Urgency: low`.
488
+
- the collection topic,
489
+
- whether the push message contains a content update,
490
+
- whether the push message contains a property update, and
491
+
- a secret that is only used for this purpose.
492
+
493
+
The server MAY use the `Urgency` header to set the priority of the push message. For instance, a CalDAV server may send push notifications for new/changed events with alarms that are scheduled within the next 15 minutes with `Urgency: high` so that users receive the alarm as soon as possible. Updates that are not that time-critical, for instance in slowly changing collections like a holiday calendar could be sent with `Urgency: low`.
485
494
486
495
487
496
# XML Schema
488
497
489
-
When XML element names are used without namespace in this document, they are in the WebDAV-Push namespace (`https://bitfire.at/webdav-push`). All XML elements defined by this document reside in this namespace.
498
+
When XML element names are used without namespace in this document, they are in the WebDAV-Push namespace: `https://bitfire.at/webdav-push`
499
+
500
+
All XML elements defined by this document reside in this namespace.
490
501
491
502
To reference element names in another namespace, the `{ns}element` syntax is used. For instance, `{DAV:}prop` means the `prop` XML element in the `DAV:` namespace.
0 commit comments