Page tree
Skip to end of metadata
Go to start of metadata

Fedora's alignment with each category of the Fedora API Specification needs to be verified for completeness and correctness. Below is a listing of the specification categories, the person/people taking the lead on ensuring alignment, and the current status of alignment.

Legend

(question) - Untested
(tick) - Tested, working
(error) - Tested, not working
(minus) - Tested, not applicable
(warning)- Needs review

Environment


3 Resource Management

Lead

 Click here to expand...

3.1 General (Jared Whiklo)

  • Empty section

3.1.1 LDP Containers

  • (tick) MUST be able to create LDP Containers: Tested in 3.3
  • (tick)  MUST distinguish between triple types OR MUST return 409 with constrainedBy Link in headers for ldp:contains membership predicate if server cannot distinguish between triple types
    • We return a 409 because we can't distinguish and therefore the next 2 tests are not applicable.
  • (minus) MAY permit ldp:contains membership predicate if server can distinguish between triple types
  • (minus) SHOULD allow Prefer header in request to distinguish triple types if server can distinguish triple types

3.1.2 LDP-NR creation

  • (tick) SHOULD create an LDP-NR if creation request includes NonRDFSource type Link in headers, regardless of Content-Type headers

3.1.3 Constraints Document

3.1.4 Data Model

3.2 HTTP GET

3.2.1 Additional values for the Prefer header

3.2.2 LDP-RSs

  • (tick) MUST return Preference-Applied header if request's Prefer header is honored (Always applied)
    • note: also test with a combinations of Prefer headers: some valid(tick), some invalid (error)
  • (tick) MUST return describes Link to LDP-NR if request is to associated LDP-RS

3.2.3 LDP-NRs

  • (tick) MUST return Digest header as directed by request's Want-Digest header

3.3 HTTP HEAD

  • (tick) MUST NOT return a body
  • (tick) SHOULD return same headers as if the request was a GET
    • (tick) Almost perfect: Binary resources have duplicate headers that are not seen on HEAD FCREPO-2714 - Getting issue details... STATUS
  • (tick) MUST return a Digest header if the same request as a GET would have
  • (minus) MAY omit payload headers from response

3.4 HTTP OPTIONS (Yinlin Chen)

  • (tick) Any LDPR must support OPTIONS per [LDP] 4.2.8. 4.2. LDP servers must support the HTTP OPTIONS method. 

3.5 HTTP POST

  • (tick) MUST be supported on LDPC
  • (minus) MAY not be supported on LDPCv
  • (tick) MUST include default interaction model in constrainedBy Link header
    • Correct for both LDP-RS and LDP-NR

3.5.1 LDP-NRs

  • (tick) MUST support creation of LDP-NRs
  • (tick) MUST create and associate an LDP-RS when an LDP-NR is created
  • (tick) MUST return 409 if request Digest header does not match calculated value for content of new LDP-NR
  • (tick) SHOULD return 400 if request Digest header's type is not supported (Should 'type' be 'algorithm', like the RFC?)

3.6 HTTP PUT

  • (tick) MAY include type Link header in request
  • (tick) SHOULD return 409 if request's type Link is not resource's current type or subtype thereof, or not in LDP namespace
  • (minus) MUST change resource's type if request's type Link is a subtype of resource's current type
  • (minus) MUST change resource's interaction model if request's type Link has an LDP interaction model

3.6.1 LDP-RSs

  • (tick) MUST support PUT on LDP-RSs for non-server-managed triples
  • (tick)  MUST return 4xx (409) if request modifies server-managed triples on a LDP-RS
  • (tick) MUST return constrainedBy Link in headers if request modifies server-managed triples on a LDP-RS
  • (tick) MUST return info in body about which statements could not be persisted if request modifies server-managed triples on a LDP-RS
    • Currently we allow the use of the -Dfcrepo.properties.management=relaxed option to allow updating server managed triples, which is fine

3.6.2 LDP-NRs (Danny Bernstein)

  • (tick) MUST support PUT on LDP-NRs to replace binary content
  • (tick) MUST return 409 if request Digest header does not match calculated value for new content of target LDP-NR
  • (tick) SHOULD return 400 if request Digest header's type is not supported

3.6.3 Creating resources with HTTP PUT

  • (tick) If PUT is supported for creation of LDP-NRs, MUST create and associate an LDP-RS when an LDP-NR is created (Jared Whiklo )

3.7 HTTP PATCH (Jared Whiklo)

  • (tick) MUST be supported on LDP-RSs
  • (tick) MUST support Content-Type: application/sparql-update
  • (minus) MAY support other update types
  • (tick) MUST return 4xx (409) when modifying protected resource statements
    • Tested by attempting to add "fedora:lastModifiedBy" property to a container via PATCH
  • (tick) MUST return info in body about which statements could not be persisted when modifying protected resource statements
  • (tick) MUST return constrainedBy Link in headers when modifying protected resource statements
  • (tick) MUST return 2xx if successful

3.7.1 Containment Triples

3.7.2 Interaction models

  • (tick) MUST return 409 when modifying the interaction model to a type that is not a subtype of the current type

3.8 HTTP DELETE (Yinlin Chen)

  • (warning) MAY be supported

3.8.1 Recursive Delete

  • (tick) An implementation that cannot recurse should not advertise DELETE in response to OPTIONS requests for container with contained resources. 
  • (tick) MUST use LDP containment relations for recursive deletion, if recursive deletion is supported
    • NOTE: Contained resource and all subresources were return the tombstone of the root resource deleted
  • (tick) An implementation must not return a 200 (OK) or 204 (No Content) response unless the entire operation successfully completed. 
  • (tick) An implementation must not emit a message that implies successful DELETE of a resource until the resource has been successfully removed. 
  • (tick) Compliance with LDP 5.2.5.1 When a contained LDPR is deleted, the LDPC server must also remove the corresponding containment triple, which has the effect of removing the deleted LDPR from the containing LDPC.
  • (tick)  Compliance with LDP 5.2.5.2 When a contained LDPR is deleted, and the LDPC server created an associated LDP-RS (see the LDPC POST section), the LDPC server must also delete the associated LDP-RS it created.
    • LDP-NR and associated LDP-RS both return 410
    • Confirm LDP-NR and LDP-RS both return 410 after being deleted recursively

3.9 External Binary Content

  • (tick) Fedora servers should support the creation of LDP-NRs with content external to the request entity, as indicated by a link with rel="http://fedora.info/definitions/fcrepo#ExternalContent" and target that is the location of the external content.

    • (tick) handling="copy"
    • (tick)handling="redirect"
    • (tick)handling="proxy"
  • (tick) Fedora servers should support the update of LDP-NRs with content external to the request entity, as indicated by a link with rel="http://fedora.info/definitions/fcrepo#ExternalContent" and target that is the location of the external content.

    • (tick) handling="redirect"
    • (tick) handing="copy"
    • (tick) handling="proxy"
  • (minus) Fedora servers that do not support the creation of LDP-NRs with content external must reject with a 4xx range status code
  • (minus) Fedora servers that do not support the creation of LDP-NRs with content external must describe this restriction in a resource indicated by a rel="http://www.w3.org/ns/ldp#constrainedBy" link in the Link response header.

  • (tick)Fedora servers must use the handling attribute in the external content link to determine how to process the request.

    • At least one of the following handling attributes must be supported

      • (tick) copy - requests that the server dereference the external content URI and treat that as if it were the entity body of the request.

      • (tick) redirect - requests that the server record the location of the external content and handle requests for that content using HTTP redirect responses with the Content-Location header specifying the external content location.

      • (tick) proxy - requests that the server record the location of the external content and handle requests for that content by proxying. See also  3.9.3 Redirected and Proxied External Content .

  • (tick) Fedora servers must reject with a 4xx range status code requests for which the handling attribute is not present or cannot be respected.

  • (tick)In the case that the specified handling cannot be respected, the restrictions causing the request to fail must be described in a resource indicated by a rel="http://www.w3.org/ns/ldp#constrainedBy" link in the Link response header.

  • (tick)Fedora servers  must  use the value of the  type  attribute in the external content link as the media type of the external content, if provided.
  • (tick) Fedora servers should ignore any  Content-Type  header in the request .
    • (tick) no "type=" attribute in the Link header results in 'application/octet-stream'
    • (tick) "type=" as well as 'Content-Type' header result in "type=" taking precedence
    • (tick) no "type=", but with 'Content-Type' results in 'Content-Type' being ignored (as it should be)
  • If there is no  type  attribute:
    • (minus)   Servers may use the media type obtained when accessing the external content via the specified scheme (e.g. the Content-Type header for external content accessed via http).
    • (tick) Servers may use a default media type.
      • server uses default content type of "application/octet-stream"
    • (minus)   Servers may reject the request with a 4xx range status code.
  • (tick) A Fedora server receiving requests that would create or update an  LDP-NR  with content external to the request entity  must  reject request if it cannot guarantee all of the response headers required by the  LDP-NR  interaction model in this specification
    • Required "describedby" Link header present for all non-historic-memento
      • (tick)Historic mementos of external binaries are currently failing, so cannot confirm behavior for historic mementos (although they most likely will violate the Link requirement after the historic binary has been created but not the historic description):

        curl -i -XPUT -H "Link: <http://mementoweb.org/ns#OriginalResource>; rel=\"type\"" -H "Link: <https://duraspace.org/wp-content/themes/duraspace/assets/images/whitedura.png>; rel=\"http://fedora.info/definitions/fcrepo#ExternalContent\"; handling=\"proxy\"; type=\"image/png\"" "http://localhost:8080/rest/coollogo" -ufedoraAdmin:fedoraAdmin
        
        curl -XPOST http://localhost:8080/rest/coollogo/fcr:versions -H "Memento-Datetime: Sat, 1 Jan 2000 00:00:00 GMT" -H "Link: <https://wiki.duraspace.org/download/attachments/31655033/fedora_logo_2in.png>; rel=\"http://fedora.info/definitions/fcrepo#ExternalContent\"; handling=\"proxy\"; type=\"image/png\"" -ufedoraAdmin:fedoraAdmin
        
        #Response:
        # < HTTP/1.1 415 Unsupported Media Type
        # Invalid Content Type application/octet-stream
      • FCREPO-2815 - Getting issue details... STATUS
    • Server provides a default "application/octet-stream" Content-type if one is not determined from a proxied or redirected resource
      • Confirmed for copy, redirect and proxy HTTP URLs.
    • NOTE: For a proxy binary from a HTTP URL that does not return a Content-Length header, the premis:hasSize property will be set to -1 and no Content-Length header is returned from Fcrepo.

3.9.1 Advertising External Content Support

  • (error) Fedora servers supporting external content MUST include "Accept-External-Content-Handling" header in response to "OPTIONS" request.
    • FCREPO-2814 - Getting issue details... STATUS currently only binary resources will return this header on an OPTIONS request. This ticket is to make containers return it as well.
  • (error) The value of the "Accept-External-Content-Handling" response header MUST be a comma-separated list of supported behaviors (copy|redirect|proxy).

3.9.2 External Content for RDF Resources

  • Non-normative section

3.9.3 Redirected and Proxied External Content

  • (tick) Fedora servers supporting "redirect" external content types MUST correctly respond to the "Want-Digest" header
  • (tick) Fedora servers supporting "proxy" external content types MUST correctly respond to the "Want-Digest" header
  • (tick) A successful response to a  GET  and  HEAD  request for external content with  handling  of  redirect   must  have status code of either 302 (Found) or 307 (Temporary Redirect)


4 Versioning

Leads

 Click here to expand...
4 Resource Versioning

4.1 Versioned Resources

  • MUST provide TimeGate interaction model, detailed below

4.1.1 HTTP GET (LDPRv)

  • (tick) The Accept-Datetime header is used to request a past state, exactly as per [ RFC7089section 2.1.1. A successful response must be a 302 (Found) redirect to the appropriate LDPRm
  • (tick) If no LDPRm is appropriate to the Accept-Datetime value, an implementation should return a 406 (Unacceptable).
  • The response to a GET request on an LDPRv must include the following headers:

4.1.2 HTTP PUT (LDPRv) (Danny Bernstein)

  • (tick) An implementation must support PUT, as is the case for any LDPR.
4.2 Version Resources (LDPRm)
  • (tick) An  LDPRm   may  be deleted
  • (tick) An  LDPRm  must not  be modified once created.

4.2.1 HTTP GET (LDPRm)

  • (tick) An implementation must support GET, as is the case for any LDPR (LDP-RS memento)
  • (tick) An implementation must support GET, as is the case for any LDPR (LDP-NR memento)
  • (tick) The headers for  GET  requests and responses on this resource  must  conform to [ RFC7089section 2.1 . Particularly it should be noted that the relevant  TimeGate  for an  LDPRm  is the original versioned  LDPRv .
  • (tick) Any response to a GET request must include a <http://mementoweb.org/ns#Memento>; rel="type" link in the Link header.

4.2.2 HTTP OPTIONS (LDPRm)

  • (tick) An implementation must support OPTIONS.
  • (tick) A response to an OPTIONS request must include Allow: GET, HEAD, OPTIONS
  • (tick) An implementation may include Allow: DELETE if clients can remove a version from the version history

4.2.3 HTTP POST (LDPRm)

  • (tick) An implementation must not support POST for LDPRms.

4.2.4 HTTP PUT (LDPRm)

  • (tick) An implementation must not support PUT for LDPRms.

4.2.5 HTTP PATCH (LDPRm)

  • (tick) An implementation must not support PATCH for LDPRms.

4.2.6 HTTP DELETE (LDPRm)

  • (tick) An implementation may support DELETE for LDPRms. If DELETE is supported, the server is responsible for all behaviors implied by the LDP-containment of the LDPRm.
4.3 Version Containers (LDPCv) (Jared Whiklo)
  • (tick) An implementation must indicate TimeMap in the same way it indicates the container interaction model of the resource via HTTP headers.
  • (tick) An implementation must not allow the creation of an LDPCv that is LDP-contained by its associated LDPRv.

4.3.1 HTTP GET (LDPCv) (Jared Whiklo)

4.3.2 HTTP OPTIONS (LDPCv) (Jared Whiklo)

  • (tick) Implementations MUST support OPTIONS
  • (tick) Implementation's response to an OPTIONS request MUST include "Allow: GET, HEAD, OPTIONS"
  • (tick) Implementations may Allow: DELETE if the versioning behavior is removable by deleting the LDPCv
  • (tick) Implementations may Allow: PATCH if the LDPCv has mutable properties
    • (it does not allow PATCH because LDPCv does not have mutable properties).
  • (tick) Implementations may Allow: POST if versions can be explicitly minted by a client
  • (tick) If an LDPCv supports POST, the response MUST include the "Accept-Post" header
  • (tick) If an LDPCv supports PATCH, the response MUST include the "Accept-Patch" header

4.3.3 HTTP POST (LDPCv) 

  • (tick) Although an LDPCv is both a TimeMap and an LDPC, it may disallow POST requests. - POST is allowed

4.3.3.1 Implementations that allow POSTs for LDPCvs

  • (tick) If an  LDPCv  supports  POST , a  POST  request that does not contain a  Memento-Datetime  header  should  be understood to create a new  LDPRm  contained by the  LDPCv , reflecting the state of the  LDPRv  at the time of the  POST
  • (tick) If an  LDPCv  supports  POST , a  POST  request that does not contain a  Memento-Datetime  header MUST ignore any request body
  • (tick) If an LDPCv supports POST, a POST with a Memento-Datetime header should be understood to create a new LDPRm contained by the LDPCv, with the state given in the request body
  • (tick) If an LDPCv supports POST, a POST with a Memento-Datetime header should be understood to create a new LDPRm contained by the LDPCv, with the datetime given in the Memento-Datetime request header.

4.3.3.2 Implementations that disallow POSTs for LDPCv

  • (minus) If an implementation does not support one or both of POST cases above, it must respond to such requests with a 4xx range status code and a link to an appropriate constraints document

4.3.4 HTTP PUT  (LDPCv)

  • (tick) Implementations MAY disallow PUT - we should disallow

4.3.5 HTTP PATCH  (LDPCv)

  • (minus) Implementations MAY disallow PATCH - disallowed

4.3.6 HTTP DELETE (LDPCv)

  • (tick) An implementation may support DELETE.
  • (tick) An implementation that does support DELETE should do so by both removing the LDPCv and removing the versioning interaction model from the original LDPRv.

4.4 Implementation Patterns

  • Non-normative section

5 Resource Authorization

Leads

 Click here to expand...

5. Resource Authorization

  • (error) Implementations MUST follow the recommendations of Web Access Control


5.1 ACLs are LDP RDF Sources

  • (tick) An ACL for a controlled resource on a conforming server MUST itself be an LDP-RS.

5.2 ACL Representation and Interpretation (Danny Bernstein)

  • (tick) Implementations MUST inspect the ACL RDF for authorizations.
  • (tick) Implementations MUST use only statements associated with an authorization in the ACL RDF to determine access,
    • (tick) except in the case of acl:agentGroup statements where the group listing document is dereferenced.
      FCREPO-2275 - Getting issue details... STATUS
  • (tick) The authorizations MUST be examined to see whether they grant the requested access to the controlled resource.
  • (tick) If none of the authorizations grant the requested access then the request MUST be denied.

5.3 ACLs are discoverable via Link Headers

  • (tick) A conforming server MUST advertise the individual resource ACL for every controlled resource in HTTP responses with a rel="acl" link in the Link header, whether or not the ACL exists.
  • (tick) The ACL resource SHOULD be located in the same server as the controlled resource.

5.4 ACL linking on resource creation (Peter Eichman)

  • (error) A client HTTP POST or PUT request to create a new LDPR MAY include a rel="acl" link in the Link header referencing an existing LDP-RS to use as the ACL for the new LDPR.
    • (Peter Eichman) the rel="acl" link header for the second LDPR is ignored
    • (Peter Eichman) instead, the second LDPR's rel="acl" link is to the /fcr:acl endpoint appended to that LDPR's URI
  • (error) The server MUST reject the request and respond with a 4xx or 5xx range status code, such as 409 (Conflict) if it isn't able to create the LDPR with the specified LDP-RS as the ACL.
    • (Peter Eichman) see the previous point; a 201 is returned instead of an expected 409 (or other 4xx or 5xx)
  • (error) In that response, the restrictions causing the request to fail MUST be described in a resource indicated by a rel="http://www.w3.org/ns/ldp#constrainedBy" link in the Link response header
  • These items are silently ignoring the rel="acl" Link header, need to 4xx to change these to (minus). FCREPO-2822 - Getting issue details... STATUS

5.5 Cross-Domain ACLs (Peter Eichman)

  • (error) Implementations MAY restrict support for ACLs to local resources.
  • (error) If an implementation chooses to reject requests concerning remote ACLs,
    • (error) it MUST respond with a 4xx range status code
    • (error) and MUST advertise the restriction with a rel="http://www.w3.org/ns/ldp#constrainedBy" link in the Link response header.
      • (Peter Eichman) these are failing in the same manner as the requests in 5.4; the rel="acl" Link header in the request is silently ignored
      • FCREPO-2822 - Getting issue details... STATUS

5.6 Cross-Domain Group Listings

  • (tick) Implementations MAY restrict support for groups of agents to local Group Listing documents.
  • If an implementation chooses to reject requests concerning remote Group Listings,

5.7 Append Mode

  • (error) In the context of a Fedora implementation, acl:Append should be understood as operations that only append, such as POSTing to a container, or performing a PATCH that only adds triples.

5.7.1 LDP-RS (Append)

  • (error) When a client is allowed to perform acl:Append but not acl:Write operations on an LDP-RS:
    • (error) A DELETE request MUST be denied FCREPO-2715 - Getting issue details... STATUS
    • (error) A PATCH request that deletes triples MUST be denied FCREPO-2716 - Getting issue details... STATUS
    • (error) A PATCH request that only adds triples SHOULD be allowed FCREPO-2716 - Getting issue details... STATUS
    • (error) A PUT request on an existing resource MUST be denied FCREPO-2717 - Getting issue details... STATUS
    • (error) A PUT request to create a new resource MUST be allowed if the implementation supports creating resources using PUT  FCREPO-2717 - Getting issue details... STATUS

5.7.2 LDPC (Append)

  • (error) When a client is allowed to perform acl:Append but not acl:Write operations on an LDPC, a POST request MUST be allowed.
    FCREPO-2823 - Getting issue details... STATUS

5.7.3 LDP-NR (Append)

  • (error) When a client is allowed to perform acl:Append but not acl:Write operations on an LDP-NR:
    • (error) All DELETE, POST, and PUT requests MUST be denied FCREPO-2718 - Getting issue details... STATUS
    • (error) A PATCH request that deletes or modifies existing content MUST be denied
    • (error) A PATCH request that only adds content SHOULD be allowed
      • because LDP-RS attached to LDP-NR are now full resources, I think this ticket should suffice for the previous 2 (Jared Whiklo )
        FCREPO-2716 - Getting issue details... STATUS

5.8 Access To Class

  • (tick) The acl:accessToClass predicate MUST be supported.
  • (tick) When an ACL includes an acl:accessToClass statement, it gives access to all resources with the specified type, whether that type is client-managed or server-managed.
  • (minus) Implementations MAY use inference to infer types not present in a resource's triples or rel="type" links in the Link header.

5.9 Inheritance and Default ACLs

  • (tick) Inheritance of ACLs in Fedora implementations MUST be reckoned along the LDP containment relationships linking controlled resources, with the following modification:
    • (error) In the case that the controlled resource is uncontained and has no ACL, or that there is no ACL at any point in the containment hierarchy of the controlled resource, then the server MUST supply a default ACL.
      • FCREPO-2826 - Getting issue details... STATUS
      • FCREPO-2825 - Getting issue details... STATUS
      • FCREPO-2824 - Getting issue details... STATUS
      • FCREPO-2683 - Getting issue details... STATUS
      • NB: acl:default  rather than outdated acl:defaultForNew should be used.
    • (error) The default ACL resource SHOULD be located in the same server as the controlled resource.
    • (error) FCREPO-2698 - Getting issue details... STATUS acl:default is not supported - currently behaves as "acl:default" exists without the acl:default defined.

6 Notifications

Lead

 Click here to expand...

6.1 Notification Events 

  • (tick) For every resource whose state is changed as a result of an HTTP operation, there must be a corresponding notification made available describing that change.

6.2 Notification Serialization 

  • (tick) The notification serialization must conform to the [ activitystreams-core ] specification.
  • (tick) Wherever possible, data should be expressed using the [ activitystreams-vocabulary ].
  • Each event described by a notification must contain:
    • (tick)The IRI of the resource that was created, modified or deleted
    • (tick) The event type(s) corresponding to the HTTP operation
  • Each event described by a notification should contain:
    • (tick) The agent(s) that caused the change to occur
    • (tick) The RDF type(s) of the resource that was changed
    • (minus) The location of the ldp:inbox for the resource that was changed, if such an inbox link exists
  • (tick) Notifications should not contain the entire content of repository resources.

6.3 Examples

  • Non-normative section

7 Binary Resource Fixity

Lead

 Click here to expand...

7.1 Transmission Fixity

  • non-normative section

7.2 Persistance Fixity

  • non-normative section
  • No labels