Fastmail

Level 2, 114 William St Melbourne VIC 3000 Australia brong@fastmailteam.com https://www.fastmail.com

Applications JMAP jmap The JMAP base protocol (RFC8620) provides the ability to upload and download arbitrary binary data. This binary data is called a "blob", and can be used in all other JMAP extensions. This extension adds a method to expose blobs as a filesystem along with the types of metadata that are provided by other remote filesystem protocols.

Introduction JMAP ( — JSON Meta Application Protocol) is a generic protocol for synchronizing data between a client and a server. It is optimized for mobile and web environments, and aims to provide a consistent interface to different data types. In the same way that JMAP Calendars () replaces CalDAV () and JMAP Contacts () replaces CardDAV (), this document replaces the use of WebDAV () for remote filesystem access.

Conventions Used In This Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. The definitions of JSON keys and datatypes in the document follow the conventions described in the core JMAP specification .

Addition to the Capabilities Object The capabilities object is returned as part of the JMAP Session object; see , Section 2. This document defines an additional capability URI.

urn:ietf:params:jmap:filenode The capability urn:ietf:params:jmap:filenode being present in the "accountCapabilities" property of an account represents support for the Filenode datatype. Servers that include the capability in one or more "accountCapabilities" properties MUST also include the property in the "capabilities" property. The value of this property in the JMAP session "capabilities" property MUST be an empty object. The value of this property in an account's "accountCapabilities" property is an object that MUST contain the following information on server capabilities and permissions for that account:

• TODO: limits

Capability Example TODO

Filenode Data Type A Filenode is a set of metadata which behaves similar to an inode in a filesystem. In terminology a Filenode can refer to either a collection or a resource. The following JMAP Methods are selected by the urn:ietf:params:jmap:filenode capability.

Filenode objects The filenode object has the following keys:

• id: Id (server-set) the Id of this node
• parentId: Id|null the Id of the parent node, or null if this is the root node
• blobId: Id|null the blobId for the content of this node, or null if this node has no data (the empty file, or a collection)
• size: Number (server-set) the size in bytes of the associated blob data. This must be 0 if the blobId is null.
• name: String User-visible name for the FileNode, This can be any UTF-8 string of at least 1 character in length, except:
  • The name MUST be unique for all Filenodes with the same parentId.
  • The name MUST NOT be "." or ".."
  • The name MUST NOT contain a "/"
  A server MAY limit the name length and will return an invalidProperties error if this limit is exceeded.
• type: String|null The media type of the Filenode. This MUST be null if, and only if, the node does not have a blobId. Valid values are found in the IANA media-types registry. Servers MUST NOT reject media types that are not recognised.
• created: UTCDate The date the node was created.
• modifed: UTCDate The date the node was last updated.
• accessed: UTCDate The date the node was last accessed. NOTE: this is not updated by the server, clients must store a new value if they want to use this. It is recommended to NOT use this field, or to only lazily update it when making other changes to the server.
• executable: Boolean If true, the file is should be treated as an executable by operating systems that support this flag.
• myRights: FilesRights (server-set) The set of rights (ACLs) the user has in relation to this folder. A FilesRights object has the following properties:
  • mayRead: Boolean The user may read the contents of this node.
  • mayWrite: Boolean The user may modify the properties of this node, including renaming children.
  • mayAdmin: Boolean The user may change the sharing of this node (see )
• shareWith: String[FilesRights]|null A map of userId to rights for users this node is shared with. The owner of the node MUST NOT be in this set. This is null if the user requesting the object does not have myRights.mayAdmin, or if the node is not shared with anyone.

Filenode Methods

Filenode/set This is a standard Foo/set method, except for some things: An additional top level argument: onDestroyRemoveChildren: Boolean (default: false) If false, an attempt to destroy a Filenode which is the parentId of another Filenode will be rejected with a nodeHasChildren error. NOTE: if the other nodes are also been destroyed in the same operation, then the server MUST NOT return this error. Servers must either sort the destroys children before parents, or only check this constraint on the final state, remembering that JMAP set operations must be atomic. If true, then all child nodes will also be destroyed when a node is destroyed. Further, since parentId creates a tree structure, an attempt to move a node to a parent for which this node is also an ancestor is an error, and an invalidProperties error will be returned.

Filenode/get This is a standard Foo/get method.

Filenode/changes This is a standard Foo/changes method.

Filenode/query This is a standard Foo/query method except for the following: There's one more property to the query:

• depth: Number|null The number of levels of subdiretories to recurse into. If absent, null, or zero, do not recurse.

The following filter criteria are defined:

• hasParentId: Boolean If true, the node must have a non-null parentId (i.e. is not a root node).
• parentId: Id A Filenode id. A node must have a parentId equal to this to match the condition.
• ancestorId: Id A Filenode id. A node must have an ancestor (parent, parent of parent, etc.) with an id equal to this to to match the condition.
• hasType: Boolean If true, the Filenode must be a file/resource, not a directory/collection.
• blobId: Id A Filenode must have a blobId equal to this to match the condition.
• isExecutable: Boolean If true, the Filenode must have a true executable value.
• createdBefore: Date The creation date of the node (as returned on the Filenode object) must be before this date to match the condition.
• createdAfter: Date The creation date of the node (as returned on the Filenode object) must be on or after this date to match the condition.
• modifiedBefore: Date The modified date of the node (as returned on the Filenode object) must be before this date to match the condition.
• modifiedAfter: Date The modified date of the node (as returned on the Filenode object) must be on or after this date to match the condition.
• accessedBefore: Date The accessed date of the node (as returned on the Filenode object) must be before this date to match the condition.
• accessedAfter: Date The accessed date of the node (as returned on the Filenode object) must be on or after this date to match the condition.
• minSize: Number The size of the node in bytes (as returned on the Filenode object) must be equal to or greater than this number to match the condition.
• maxSize: Number The size of the node in bytes (as returned on the Filenode object) must be less than this number to match the condition.
• name: String A Filenode must have exactly the same octets in its name property to match the condition
• nameMatch: String Does a glob match of the specified name against the name property of the node.
• type: String A Filenode must have exactly the same octets in its type property to match the condition
• typeMatch: String Does a glob match of the specified type against the type property of the node.

It also supports the following sort properties:

• name: Sort by name only
• tree: Sort by tree; which means by name, but any directory/collection node is immediately followed by the recursive application of the same sort to its child nodes. This is similar to the output of the find command on a filesystem with the depth parameter provided above.
• hasType: Sort directories before files (false sorts before true)
• type: Sort directories first, AND sort by media type for files
• executable: Sort non-executable files first
• created: Sort by creation time
• modified: Sort by modification time
• accessed: Sort by access time

Filenode/queryChanges This is a standard Foo/queryChanges method.

Security considerations TODO: lots of "filesystems are risky" - I guess look at the referenced RFCs and what they said.

IANA considerations

JMAP Capability registration for "filenode" IANA is requested to register the "filenode" JMAP Capability as follows: Capability Name: urn:ietf:params:jmap:filenode Specification document: this document Intended use: common Change Controller: IETF Security and privacy considerations: this document, Section XXX

JMAP Error Codes registration for "nodeHasChildren" IANA is requested to register the "nodeHasChildren" JMAP Error Code as follows: JMAP Error Code: nodeHasChildren Intended use: common Change Controller: IETF Description: The node being destroyed is still referenced by other nodes which have not been destroyed. Reference: this document

JMAP Data Types registration for "Filenode" IANA is requested to register the "Filenode" JMAP Data Type as follows: Type Name: Filenode Can Reference Blobs: Yes Can Use For State Change: Yes Capability: urn:ietf:params:jmap:filenode Reference: this document

TODO

• support SYMLINK types
• design and document the capabilities object
• create real-world clients to test this
• security considerations

Changes EDITOR: please remove this section before publication. The source of this document exists on github at: https://github.com/brong/draft-gondwana-jmap-filenode/ draft-gondwana-jmap-filenode-00

• initial proposal

Acknowledgements Neil Jenkins and the JMAP working group at the IETF.

Normative References Informative References