WebDAV

WebDAV
Port(s)	80, 443
RFC(s)	RFC 2518, RFC 4918
OSI layer	Application

Web Distributed Authoring and Versioning (WebDAV) is an extension of the Hypertext Transfer Protocol (HTTP) that facilitates collaboration between users in editing and managing documents and files stored on World Wide Web servers. A working group of the Internet Engineering Task Force (IETF) defines WebDAV in RFC 4918.

The WebDAV protocol makes the Web a readable and writable medium.^[1] It provides a framework for users to create, change and move documents on a server; typically a web server or web share. The most important features of the WebDAV protocol include the maintenance of properties about an author or modification date, namespace management, collections, and overwrite protection. Maintenance of properties includes such things as the creation, removal, and querying of file information. Namespace management deals with the ability to copy and move web pages within a server’s namespace. Collections deals with the creation, removal, and listing of various resources. Lastly, overwrite protection handles aspects related to locking of files.

The WebDAV working group concluded its work in March 2007, after the Internet Engineering Steering Group (IESG) accepted an incremental update to RFC 2518. Other extensions left unfinished at that time, such as the BIND method, have been finished by their individual authors, independent of the formal working group.

As of 2013^[update], many modern operating systems provide built-in client-side support for WebDAV.

1 History
2 Implementations
- 2.1 Servers
- 2.2 Clients
3 Alternatives to WebDAV
4 Documents produced by the working group
5 Other documents published through IETF
6 Extensions and derivatives
- 6.1 Additional Windows-specific extensions
7 Security concerns
8 See also
9 References
10 External links

History

WebDAV1 began in 1996 when Jim Whitehead worked with the World Wide Web Consortium (W3C) to host two meetings to discuss the problem of distributed authoring on the World Wide Web with interested people.^[2]^[3] Tim Berners-Lee's original vision of the Web was that of a medium for both reading and writing. In fact, Berners-Lee's first web browser, called WorldWideWeb, was able to both view and edit web pages; but, as the Web grew, it became a read-only medium for most users. Whitehead and other like-minded people wanted to fix that limitation.^[4]

The W3C meeting decided to form an IETF working group, because the new effort would lead to extensions to HTTP, which was being standardized at the IETF.

As work began on the protocol, it became clear that handling both distributed authoring and versioning would involve too much work and that the tasks would have to be separated. The WebDAV group focused on distributed authoring, and left versioning for the future. Versioning was added later by the Delta-V extension — see the Extensions section below.

The protocol consists of a set of new methods and headers for use in HTTP. The added methods include:

PROPFIND — used to retrieve properties, stored as XML, from a web resource. It is also overloaded to allow one to retrieve the collection structure (a.k.a. directory hierarchy) of a remote system.
PROPPATCH — used to change and delete multiple properties on a resource in a single atomic act
MKCOL — used to create collections (a.k.a. a directory)
COPY — used to copy a resource from one URI to another
MOVE — used to move a resource from one URI to another
LOCK — used to put a lock on a resource. WebDAV supports both shared and exclusive locks.
UNLOCK — used to remove a lock from a resource

Implementations

Servers

The cross-platform Apache HTTP Server provides WebDAV modules based on both davfs and Apache Subversion (svn).
Cross-platform OpenLink Virtuoso can expose any local filesystem resource through WebDAV. Virtuoso-accessible database content (local or remote) can also be exposed through WebDAV. Additionally, Virtuoso can provide ACL-protected WebDAV proxy access to several third-party file services (e.g., Dropbox, Google Drive, Amazon S3, Microsoft SkyDrive, Box). Virtuoso's simple login and/or rule-based ACLs can be brought to bear on any resource exposed through Virtuoso's WebDAV implementation.
The ODS-Briefcase application from the cross-platform OpenLink Data Spaces can expose any local filesystem resource through WebDAV. Database content (local or remote) can also be exposed through WebDAV. Additionally, ODS-Briefcase can provide ACL-protected WebDAV proxy access to several third-party file services (e.g., Dropbox, Google Drive, Amazon S3, Microsoft SkyDrive, Box). Virtuoso's simple login and/or rule-based ACLs can be brought to bear on any resource exposed through Virtuoso's WebDAV implementation.

Clients

Linux users can mount WebDAV shares using the davfs2 and the fusedav file system modules which mount them as Coda or FUSE filesystems. KDE has native WebDAV support as part of kio_http.^[5] This enables Dolphin, Konqueror,^[6] and every other KDE application to interact directly with WebDAV servers. All applications using GIO, including Nautilus, have access to WebDAV through GVFS. Many Linux distributions also include the cadaver command-line client interface,^[7] which provides an FTP-like command set.

Mac OS X version 10.0 and following support WebDAV shares natively as a type of filesystem. The system can mount WebDAV-enabled server directories to the filesystem using the traditional BSD mounting mechanism or through the "Connect to Server" dialog found in the Finder. Mac OS X version 10.1.1 introduced support for HTTP Digest Access authentication. Mac OS X 10.4 (Tiger) extended WebDAV interoperability to include support for the HTTPS scheme, proxies, and additional methods of authentication.^[8] The Finder presents a WebDAV share as an external disk, allowing users to interact with WebDAV just as they would with any other filesystem. Apple's iDisk, part of its former MobileMe service, used WebDAV for file access.^[9]

Microsoft introduced WebDAV client support in Microsoft Windows 98 with a feature called "Web folders". This client consisted of an OLE object which could be accessed by any OLE software, and was installed as an extension to Windows Explorer (the desktop/file manager) and was later included in Windows 2000. In Windows XP, Microsoft added the Web Client service also known as the WebDAV mini-redirector^[10] which is preferred by default over the old Web folders client. This newer client works as a system service at the network-redirector level (immediately above the file-system), allowing WebDAV shares to be assigned to a drive letter and used by any software. The redirector also allows WebDAV shares to be addressed via UNC paths (e.g. http://host/path/ is converted to \host\path\) for compatibility with Windows filesystem APIs. Some versions of the redirector are reported to have some limitations in authentication support.^[11] In addition, WebDAV over HTTPS works only if a computer has KB892211-version files or newer installed. Otherwise Windows displays "The folder you entered does not appear to be valid. Please choose another" when adding a network resource. NOTE: 892211 has been superseded by KB907306. Windows Vista includes only the WebDAV redirector, but if you install a version of Office, Internet Explorer, OLE-DB or "Microsoft Update for Web Folders" you will get the original "Web folders" client. The update will only work on the 32-bit version of XP/Vista.^[12] Microsoft states that 64 bit versions of Windows will never support the "Web folders" client. Instead users are limited to using WebDAV via the native Web Client service redirector.^[13]

Alternatives to WebDAV

File Transfer Protocol (FTP) is a simple network protocol based on IP, which allows users to transfer files between network hosts. FTPS is an extension for secure traffic.
SSH File Transfer Protocol (SFTP) is an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capability.
A distributed file system such as the Server Message Block (SMB) protocol allows Microsoft Windows and open-source Samba clients to access and manage files and folders remotely on a suitable file server.
AtomPub is an HTTP-based protocol for creating and updating web resources, which can be used for some of the use cases of WebDAV. It is based on standard HTTP verbs with standardized collection resources that behave somewhat like the WebDAV model of directories.
CMIS is a standard consisting of a set of Web services for sharing information among disparate content repositories that seeks to ensure interoperability for people and applications using multiple content repositories; it has both SOAP and AtomPub based interfaces.

Documents produced by the working group

The WebDAV working group produced several works:

a requirements document: "Requirements for a Distributed Authoring and Versioning Protocol for the World Wide Web" RFC 2291, issued February 1998
a base protocol document (excluding versioning, despite its title): "HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)" RFC 4918, issued June 2007 (which updates and supersedes "HTTP Extensions for Distributed Authoring — WebDAV" RFC 2518, issued February 1999)
the ordered collections protocol: "Web Distributed Authoring and Versioning (WebDAV) Ordered Collections Protocol" RFC 3648, issued December 2003
the access control protocol: "Web Distributed Authoring and Versioning (WebDAV) Access Control Protocol" RFC 3744, issued May 2004
a quota specification: "Quota and Size Properties for Distributed Authoring and Versioning (DAV) Collections" RFC 4331, issued February 2006
a redirect specification: "Web Distributed Authoring and Versioning (WebDAV) Redirect Reference Resources" RFC 4437, issued March 2006

Extensions and derivatives

For versioning, the Delta-V protocol under the Web Versioning and Configuration Management working group adds resource revision tracking, published in RFC 3253.

For searching and locating, the DAV Searching and Locating (DASL) working group never produced any official standard although there are a number of implementations of its last draft. Work continued as non-working-group activity.^[14] The WebDAV Search specification attempts to pick up where the working group left off, and was published as RFC 5323 in November 2008.^[15]

For calendaring, CalDAV is a protocol allowing calendar access via WebDAV. CalDAV models calendar events as HTTP resources in iCalendar format, and models calendars containing events as WebDAV collections.

For groupware, GroupDAV is a variant of WebDAV which allows client/server groupware systems to store and fetch objects such as calendar items and address book entries instead of web pages.

For MS Exchange interoperability, WebDAV can be used for reading/updating/deleting items in a mailbox or public folder. WebDAV for Exchange has been extended by Microsoft to accommodate working with messaging data. Exchange Server version 2000, 2003, and 2007 support WebDAV. However, WebDAV support has been discontinued in Exchange 2010 ^[16] in favor of Exchange Web Services (EWS), a SOAP/XML based API. See this training paper on WebDAV for Exchange (it also covers WebDAV usage overall and includes samples): WebDAV 101 Training. This blog covers WebDAV development: WebDAV 101..

Additional Windows-specific extensions

As part of the Windows Server Protocols (WSPP) documentation set,^[17] Microsoft published the following protocol documents detailing extensions to WebDAV:

[MS-WDVME]: Web Distributed Authoring and Versioning (WebDAV) Protocol: Microsoft Extensions.^[18] These extensions include a new verb and new headers, and properties that enable previously unmanageable file types and optimize protocol interactions for file system clients. These extensions introduce new functionality into WebDAV, optimize processing, and eliminate the need for special-case processing.

[MS-WDV]: Web Distributed Authoring and Versioning (WebDAV) Protocol: Client Extensions.^[19] The client extensions in this specification extend the WebDAV Protocol by introducing new headers that both enable the file types that are not currently manageable and optimize protocol interactions for file system clients. These extensions do not introduce new functionality into the WebDAV Protocol, but instead optimize processing and eliminate the need for special-case processing.

[MS-WDVSE]: Web Distributed Authoring and Versioning (WebDAV) Protocol: Server Extensions.^[20] The server extensions in this specification extend WebDAV by introducing new HTTP request and response headers that both enable the file types that are not currently manageable and optimize protocol interactions for file system clients. This specification also introduces a new WebDAV method that is used to send search queries to disparate search providers.

[MS-WEBDAVE]: Web Distributed Authoring and Versioning Error Extensions Protocol Specification.^[21] This SharePoint Front-End Protocol describes extended error codes and extended error handling mechanism specified in [MS-WDV] to enable compliant servers to report error condition details on a server response.

Security concerns

WebDAV is a common attack vector on some platforms.^[22]

References

External links

URI scheme

Official	aaa aaas about acap cap cid crid data dav dict dns fax file ftp geo go gopher h323 http https iax im imap info ldap mailto mid news nfs nntp pop rsync pres rtsp sip sips snmp tag tel telnet tftp urn view-source wais ws wss xmpp

Unofficial	afp aim apt bolo bzr callto coffee cvs daap dsnp ed2k feed fish gg git gizmoproject irc ircs itms javascript ldaps magnet mms msnim postal2 secondlife skype spotify ssh svn sftp smb sms steam webcal winamp wyciwyg xfire ymsgr

Protocol list

Contents