Presented by group #3 Olena Hunsicker and Divya Josyula

Presented by group #3 Olena Hunsicker and Divya Josyula
The Atom Publishing Protocol (RFC 5023 October 2007) J. Gregorio, Google B. de hOra, NewBay Software Presented by group #3 Olena Hunsicker and Divya Josyula

Index Introduction Terminology Brief Overview Collections
- Description - Resource Classification Protocol Documents - Category Documents - Service Documents Creating Resources Creating Media Resources and Media Link Entries Editing Media Resources and Media Link Entries Listing Collections Caching and Entity Tags Security Considerations Blogger and APP example Conclusion

Introduction The Protocol was issued as a Proposed Standard in IETF RFC 5023 in October 2007 Atom Publishing protocol is based on the content management of resources using basic HTTP protocol operations like GET, PUT,POST and DELETE. Atom Publishing Protocol uses REST principles for accessing resources

Introduction HTTP CRUD
Representational State Transfer : In order to manipulate resources, components of the internet (clients and servers) communicate via a standardized interface (e.g. HTTP) and exchange representations of these resources (the actual documents conveying the information) HTTP CRUD POST Create,Update Delete GET Read PUT Create,Update DELETE Delete

Terminology - A set or group of resources Collection Service document
- Gives a description of the available collections of resources Category document - Gives a description of the various categories in the collection

Brief Overview ATOM protocol provides facilities for :
Publishing - pushing content out to others, or simply granting digital access rights to certain content to a particular person or group of persons. Retrieving Service Information Retrieving Service Documents giving a Description of the available collections. Retrieving collections A set of resources can be retrieved in whole or in part as collections. Retrieving Category Information Retrieving Category Documents giving a description of the categories provided in the resource. Managing resources - Creating, Editing or Deleting Resources like blog entries , wiki pages etc.

Collections-Description
A collection is a group of resources called member resources. A collection is represented as an atom feed document where the feed’s entries contain the IRI’s and metadata about the collection’s member resources <feed xmlns=" xml:base=" <id> <title>My Blog Entries</title> <updated> T13:40:03Z</updated> <link rel="self" href="/blog/entries" /> <link href=" /> <entry> <id>tag:example.org,2006:/blog/entries/1</id> <title>Atom-Powered Robots Run Amok</title> <link href=" <link rel="edit" href=" /> <author><name>James</name></author> <summary>Some text.</summary> </entry> ... </feed>

Collections- Resource Classification
<feed xmlns=" xml:base=" <id> <title>My Blog Entries</title> <updated> T13:40:03Z</updated> <link rel="self" href="/blog/entries" /> <link href=" /> <entry> <id>tag:example.org,2006:/blog/entries/1</id> <title>Atom-Powered Robots Run Amok</title> <link href=" <link rel="edit" href=" /> <author><name>James</name></author> <summary>Some text.</summary> </entry> <entry xmlns=" <id>tag:example.org,2006:/blog/photos/a_trip_to_the_beach</id> <title>A trip to the beach</title> <link rel="edit" href=" /> <link rel="edit-media" type="image.png" href=" /> <updated> T14:11:04Z</updated> <summary>A trip to the beach</summary> <content type="image/png" src=" /> ... </feed> MEMBER RESOURCES ENTRY RESOURCES MEDIA RESOURCES MEDIA LINK ENTRY

Protocol Documents

Category Documents Category Documents contain a list of categories specifying the categories supported by the resources Example : <?xml version="1.0" ?> <app:categories xmlns:app=" xmlns:atom=" fixed="yes" scheme=" <atom:category term="animal" /> <atom:category term="vegetable" /> <atom:category term="mineral" /> </app:categories>

IRI’s,categories,media types IRI’s,categories,media types
Service Documents These documents contain a description of the available collections and their locations The collections are grouped into workspaces Service Workspace Collection IRI’s,categories,media types Workspace Collection IRI’s,categories,media types

Service Document – Example
Service Main Site My Blog Entries Workspace Pictures Collections SideBar Blog Remaindered Links

Service Document – Example
<?xml version="1.0" encoding="utf8" ?> <service xmlns=" xmlns:atom=" <workspace> <atom:title>Main Site</atom:title> <collection href=" <atom:title>My Blog Entries</atom:title> <categories href=" /> </collection> <collection href=" <atom:title>Pictures</atom:title> <accept>image/png</accept> <accept>image/jpeg</accept> <accept>image/gif</accept> </workspace> <workspace> <atom:title>Sidebar Blog</atom:title> <collection href=" > <atom:title>Remaindered Links</atom:title> <accept>application/atom+xml;type=entry</accept> <categories fixed="yes"> <atom:category scheme=" term="joke" /> term="serious" /> </categories> </collection> </workspace> </service>

Our approach to studying APP
We are not going to take this approach Will take a look at: - HTTP requests and responses headers - Atom Entries

Creating Resources with POST
201 “Created” POST request

POST /edit/ HTTP/1.1 Host: example.org User-Agent: Thingio/1.0 Authorization: Basic ZGFmZnk6c2VjZXJldA== Content-Type: application/atom+xml;type=entry Content-Length: nnn Slug: First Post <?xml version="1.0"?> <entry xmlns=" <title>Atom-Powered Robots Run Amok</title> <id>urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a</id> <updated> T18:30:02Z</updated> <author><name>John Doe</name></author> <content>Some text.</content> </entry> Request to use header’s value as a part of URIs (can be ignored or altered)

HTTP/ Created Date: Fri, 7 Oct :17:11 GMT Content-Length: nnn Content-Type: application/atom+xml;type=entry;charset="utf-8“ Location: ETag: "c180de84f991g8" <?xml version="1.0"?> <entry xmlns=" <title>Atom-Powered Robots Run Amok</title> <id>urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a</id> <updated> T18:30:02Z</updated> <author><name>John Doe</name></author> <content>Some text.</content> <link rel="edit" href=" </entry> URI of Atom Entry, content of Slug header was used Created Entry may not match the entry POSTed

Adding Media Resources to a Collection
APP allows to add arbitrary media resources such as photographs, documents, audio/video recordings ect. to the collection. The server creates an Atom Entry document - Media Link Entry - which linked to the Media Resource posted by the client.

Location: <content type="image/png" src=" 201 “Created” POST request

POST /edit/ HTTP/1.1 Host: media.example.org Content-Type: image/png Slug: The Sky Authorization: Basic ZGFmZnk6c2VjZXJldA== Content-Length: nnn ...some binary data...

HTTP/ Created Date: Fri, 7 Oct :17:11 GMT Content-Length: nnn Content-Type: application/atom+xml;type=entry;charset="utf-8" Location: <?xml version="1.0"?> <entry xmlns=" <title>The Sky</title> <id>urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a</id> <updated> T17:17:08Z</updated> <author><name>Daffy</name></author> <summary type="text" /> <content type="image/png" src=" <link rel="edit-media" href=" /> <link rel="edit" href=" /> </entry> “MUST include the URI of the Media Link Entry” [1] “MUST include atom:content element with src attribute”[1] SHOULD include atom:link element with link relation “edit-media” – used to modify Media Resource Used to retrieve, update, delete the Resource

Editing Media Resources with PUT
PUT /edit/the_sky.png HTTP/1.1 Host: media.example.org Content-Type: image/png Authorization: Basic ZGFmZnk6c2VjZXJldA== Content-Length: nnn ...some binary data... HTTP/ Ok Date: Fri, 8 Oct :17:11 GMT From Media Link Entry “edit-media” link

Editing Media Link Entry with PUT
PUT /media/edit/the_sky.atom HTTP/1.1 Host: example.org Authorization: Basic ZGFmZnk6c2VjZXJldA== Content-Type: application/atom+xml;type=entry Content-Length: nnn If-Match: "c181bb840673b5" <?xml version="1.0"?> <entry xmlns=" <title>The Beach</title> <id>urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a</id> <updated> T17:17:08Z</updated> <author><name>Daffy</name></author> <summary type="text"> A nice sunset picture over the water. </summary> <content type="image/png" src=" <link rel="edit-media" href=" /> <link rel="edit" href=" /> </entry> HTTP/ Ok Date: Fri, 7 Oct :19:11 GMT Content-Length: 0

Deleting Resources DELETE /media/edit/the_sky.atom HTTP/1.1
Host: example.org Authorization: BASIC ZGFmZnk6c2VjZXJldA== HTTP/ OK Date: Fri, 8 Oct :17:11 GMT

Listing Collections Collection Resources represented in a form of Atom Feed Documents. Collections can be large. On GET request MAY return partial lists. First list MUST contain most recent resources and include atom:link element with next relation: <link rel="next" href=" />

Collection Partial Lists
<feed xmlns=" <link rel="first" href=" /> <link rel="previous" href=" /> <link rel="next" href=" /> <link rel="last" href=" /> ... </feed> Final Feed Document 10 linked Feed Documents

Caching and Entity Tags
Atom Publishing protocol based on HTTP transfer. Implementers advised to use cache controls when editing Resources ETag : HTTP response header, opaque cache validator (RFC 2616) Etag allows to determine if the client have the latest representation of Entry before editing

To edit an entry, clients first need to retrieve an editable representation with GET request. Use returned ETag to construct “conditional GET” request Combined with If-None-Match HTTP headers

Client: POST request Server: HTTP/ Created Date: Fri, 23 Feb :17:11 GMT Content-Length: nnn Content-Type: application/atom+xml;type=entry Location: Content-Location: ETag: "e180ee84f0671b1" <?xml version="1.0" ?> <entry xmlns=" <title>Atom-Powered Robots Run Amok</title> <id>urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a</id> <updated> T17:09:02Z</updated> <author><name>Captain Lansing</name></author> <content>It's something moving... solid metal</content> </entry>

***Atom Entry on the Server wasn’t modified HTTP/ Not Modified Date: Sat, 24 Feb :17:11 GMT GET /edit/first-post.atom HTTP/1.1 Host: example.org Authorization: Basic ZGFmZnk6c2VjZXJldA== If-None-Match: "e180ee84f0671b1"

***Atom Entry on the Server has been modified HTTP/ OK + GET /edit/first-post.atom HTTP/1.1 Host: example.org Authorization: Basic ZGFmZnk6c2VjZXJldA== If-None-Match: "e180ee84f0671b1"

***Server has more recent copy than client HTTP/ Precondition Failed Date: Sat, 24 Feb :34:11 GMT PUT /edit/first-post.atom HTTP/1.1 Host: example.org Authorization: Basic ZGFmZnk6c2VjZXJldA== Content-Type: application/atom+xml;type=entry Content-Length: nnn If-Match: "e180ee84f0671b1"

Security Considerations
Atom Publishing Protocol does not require that implementations use authentication At least Basic Authentication is recommended in order to prevent malicious clients from creating and modifying collection members. On unauthorized request the web server sends HTTP response: HTTP/ Unauthorized Date: nnn WWW-Authenticate: Basic realm=“my blog”

Security Considerations
Denial of Service Attacks (consume CPU, memory, disc space) Replay attacks: APP cannot detect duplicate requests Code injections: Entry Documents can contain executable content types; thus need to verify the client supplied content before processing and publishing

Retrieving “CS791 APP” blog homepage over telnet connection

Example of using Entity Tags

References: 1. “The Atom Publishing Protocol” RFC 5023, Oct. 2007, 2. “Blogger: Atom API documentation”

Presented by group #3 Olena Hunsicker and Divya Josyula

Similar presentations

Presentation on theme: "Presented by group #3 Olena Hunsicker and Divya Josyula"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Presented by group #3 Olena Hunsicker and Divya Josyula

Similar presentations

Presentation on theme: "Presented by group #3 Olena Hunsicker and Divya Josyula"— Presentation transcript:

Similar presentations

About project

Feedback