JSON Meta Application Protocol (JMAP) for Quotas

JSON Meta Application Protocol (JMAP) for Quotas Linagora Vietnam

5 Dien Bien Phu Hanoi 10000 Vietnam rcordier@linagora.com https://linagora.vn

art jmap JMAP JSON email quotas This document specifies a data model for handling quotas on accounts with a server using the JSON Meta Application Protocol (JMAP).

Introduction The JSON Meta Application Protocol (JMAP) is a generic protocol for synchronizing data, such as mails, calendars, or contacts between a client and a server. It is optimized for mobile and web environments and aims to provide a consistent interface to different data types. This specification defines a data model for handling quotas over JMAP, allowing a user to obtain details about a certain quota. This specification does not address quota administration, which should be handled by other means.

Notational Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. Type signatures, examples, and property descriptions in this document follow the conventions established in . Data types defined in the core specification are also used in this document.

Terminology This document reuses the terminology from the core JMAP specification established in . The term "Quota" (when capitalized) is used to refer to the data type defined in and instance of that data type.

Addition to the Capabilities Object The capabilities object is returned as part of the JMAP Session object; see . This document defines one additional capability URI.

urn:ietf:params:jmap:quota This represents support for the Quota data type and associated API methods. Servers supporting this specification MUST add a property called "urn:ietf:params:jmap:quota" to the capabilities object. The value of this property is an empty object in both the JMAP Session capabilities property and an account's accountCapabilities property.

Sub-types of the Quota Data Type There are two fields within the Quota data type, which have an enumerated set of possible values. These are:

Scope The Scope data type is used to represent the entities the quota applies to. It is defined as a "String" with values from the following set:

account: The quota information applies to just the client's account.
domain: The quota information applies to all accounts sharing this domain.
global: The quota information applies to all accounts belonging to the server.

ResourceType The ResourceType data type is used to act as a unit of measure for the quota usage. It is defined as a "String" with values from the following set:

count: The quota is measured in a number of data type objects. For example, a quota can have a limit of 50 "Mail" objects.
octets: The quota is measured in size (in octets). For example, a quota can have a limit of 25000 octets.

Quota The Quota is an object that displays the limit set to an account usage. It then shows as well the current usage in regard to that limit.

Properties of the Quota Object The Quota object MUST contain the following fields:

id: Id The unique identifier for this object.
resourceType: String The resource type of the quota as defined in .
used: UnsignedInt The current usage of the defined quota, using the "resourceType" defined as unit of measure. Computation of this value is handled by the server.
hardLimit: UnsignedInt The hard limit set by this quota, using the "resourceType" defined as unit of measure. Objects in scope may not be created or updated if this limit is reached.
scope: String The "Scope" of this quota as defined in .
name: String The name of the quota. Useful for managing quotas and using queries for searching.
types: String[] A list of all the type names as defined in the "JMAP Types Names" registry (e.g., Email, Calendar, etc.) to which this quota applies. This allows the quotas to be assigned to distinct or shared data types. The server MUST filter out any types for which the client did not request the associated capability in the "using" section of the request. Further, the server MUST NOT return Quota objects for which there are no types recognized by the client.

The Quota object MAY contain the following fields:

warnLimit: UnsignedInt|null The warn limit set by this quota, using the "resourceType" defined as unit of measure. It can be used to send a warning to an entity about to reach the hard limit soon, but with no action taken yet. If set, it SHOULD be lower than the "softLimit" (if present and different from null) and the "hardLimit".
softLimit: UnsignedInt|null The soft limit set by this quota, using the "resourceType" defined as unit of measure. It can be used to still allow some operations but refuse some others. What is allowed or not is up to the server. For example, it could be used for blocking outgoing events of an entity (sending emails, creating calendar events, etc.) while still receiving incoming events (receiving emails, receiving calendars events, etc.). If set, it SHOULD be higher than the "warnLimit" (if present and different from null) but lower than the "hardLimit".
description: String|null Arbitrary, free, human-readable description of this quota. It might be used to explain where the different limits come from and explain the entities and data types this quota applies to. The description MUST be encoded in UTF-8 as described in , and selected based on an Accept-Language header in the request (as defined in ) or out-of-band information about the user's language or locale.

The following JMAP methods are supported.

Quota/get Standard "/get" method as described in . The id's argument may be "null" to fetch all quotas of the account at once, as demonstrated in .

Quota/changes Standard "/changes" method as described in , but with one extra argument in the response:

updatedProperties: String[]|null If only the "used" Quota property has changed since the old state, this will be a list containing only that property. If the server is unable to tell if only "used" has changed, it MUST be null.

Since "used" frequently changes, but other properties are generally only changed rarely, the server can help the client optimize data transfer by keeping track of changes to quota usage separate from other state changes. The updatedProperties array may be used directly via a back-reference in a subsequent Quota/get call in the same request, so only these properties are returned if nothing else has changed. Servers MAY decide to add other properties to the list that they judge to be changing frequently. This method's usage is demonstrated in .

Quota/query This is a standard "/query" method as described in . A FilterCondition object has the following properties, any of which may be included or omitted:

name: String The Quota name property contains the given string.
scope: String The Quota scope property must match the given value exactly.
resourceType: String The Quota resourceType property must match the given value exactly.
type: String The Quota types property contains the given value.

A Quota object matches the FilterCondition if, and only if, all the given conditions match. If zero properties are specified, it is automatically true for all objects. The following Quota properties MUST be supported for sorting:

name
used

Quota/queryChanges This is a standard "/queryChanges" method as described in .

Examples

Fetching Quotas Request fetching all quotas related to an account: With response:

Requesting Latest Quota Changes Request fetching the changes for a specific quota: With response:

Push Servers MUST support the JMAP push mechanisms, as specified in , to allow clients to receive notifications when the state changes for the Quota type defined in this specification.

IANA Considerations

JMAP Capability Registration for "quota" IANA has registered the "quota" JMAP Capability as follows:

Capability Name:: urn:ietf:params:jmap:quota
Reference:: RFC 9425
Intended Use:: common
Change Controller:: IETF
Security and Privacy Considerations:: RFC 9425,

JMAP Data Type Registration for "Quota" IANA has registered the "Quota" Data Type as follows:

Type Name:: Quota
Can Reference Blobs:: No
Can Use for State Change:: Yes
Capability:: urn:ietf:params:jmap:quota
Reference:: RFC 9425

Security Considerations All security considerations of JMAP apply to this specification. Implementors should be careful to make sure the implementation of the extension specified in this document does not violate the site's security policy. The resource usage of other users is likely to be considered confidential information and should not be divulged to unauthorized persons. As for any resource shared across users (for example, a quota with the "domain" or "global" scope), a user that can consume the resource can affect the resources available to the other users. For example, a user could spam themselves with events and make the shared resource hit the limit and unusable for others (implementors could mitigate that with some rate-limiting implementation on the server). Also, revealing domain and global quota counts to all users may cause privacy leakage of other sensitive data, or at least the existence of other sensitive data. For example, some users are part of a private list belonging to the server, so they shouldn't know how many users are in there. However, by comparing the quota count before and after sending a message to the list, it could reveal the number of people of the list, as the domain or global quota count would go up by the number of people subscribed. In order to limit those attacks, quotas with "domain" or "global" scope SHOULD only be visible to server administrators and not to general users.

Normative References

Acknowledgements Thank you to , who co-wrote the first draft version of this document, before deciding to turn to other matters. Thank you to for his constant help and support on writing this document. Thank you to for sharing his own experience on how to write an RFC after finalizing his own document: . Thank you to , , , , and the people from the IETF JMAP working group in general, who helped with extensive discussions, reviews, and feedback. Thank you to the people in the IETF organization, who took the time to read, understand, comment, and give great feedback in the last rounds.