IETF Logo Mail Archive

[JMAP] Re: JMAP for Calendars comments

Mauro De Gennaro <mauro@stalw.art> Sun, 05 October 2025 15:30 UTC

Return-Path: <mauro@stalw.art>
X-Original-To: jmap@mail2.ietf.org
Delivered-To: jmap@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id E3B466D97FCA for <jmap@mail2.ietf.org>; Sun, 5 Oct 2025 08:30:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=stalw.art header.b="Upxk+8aM"; dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=stalw.art header.b="XL00HzYT"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28OPJMD5PupZ for <jmap@mail2.ietf.org>; Sun, 5 Oct 2025 08:30:55 -0700 (PDT)
Received: from mail.stalw.art (mail.stalw.art [135.181.195.209]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id E78166D97F03 for <jmap@ietf.org>; Sun, 5 Oct 2025 08:30:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; s=202404r; d=stalw.art; c=relaxed/relaxed; h=Message-Id:To:Date:Subject:From; t=1759678251; bh=rcvMj+83ND78arKqU//13sx Dil6PVRl1dasu0hr3h28=; b=Upxk+8aMY4j5dT/d15nyDFJVuCioqOMr5JCaKsaa0waoVOVQKT Rd/3wiwfl3ghGOBrSsVu4mkdsyGRS35093SpCq+MWDfHgKS3PGR+uqLYooJ24N2PF+S+p6LGUCQ a/qbrEbw0oqtBsH0onofJX5/bI5RDDrUULrHBGF0RVigsMZUSJ3YF1A4NjedLxCagvGm1A1z9ii 4o/GU+zVTfYD8rBIp75OFhxyldsk3io4/U3o/rWuMMeIQSONK60koPZxaQ9d8easar5nmYvN70i J7PLCzH8WOZV+UrecSSaXeaxtkBFW76IqzLbYd9c3U0nEgryuYqkS9Zr9FqFGg4TRMA==;
DKIM-Signature: v=1; a=ed25519-sha256; s=202404e; d=stalw.art; c=relaxed/relaxed; h=Message-Id:To:Date:Subject:From; t=1759678251; bh=rcvMj+83ND78arKqU//13sx Dil6PVRl1dasu0hr3h28=; b=XL00HzYTLg49ubZkQMeF/sLcxkmjCC1fKExD16pYHRuTtLroFg mP2KM7FL5fY61hp23iwamFq7/X0UOaEIQ0Dw==;
From: Mauro De Gennaro <mauro@stalw.art>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6.1.11\))
Date: Sun, 05 Oct 2025 17:30:41 +0200
References: <101DEC25-A12F-4063-90FB-446C6E5190BF@stalw.art>
To: IETF JMAP Mailing List <jmap@ietf.org>
In-Reply-To: <101DEC25-A12F-4063-90FB-446C6E5190BF@stalw.art>
Message-Id: <E7E219C3-EC93-4DEA-8945-2643D9FE01E6@stalw.art>
X-Mailer: Apple Mail (2.3731.700.6.1.11)
Message-ID-Hash: 7ZA2EF2UTBIGN3NZOWSDQHWIBPHZWQ3E
X-Message-ID-Hash: 7ZA2EF2UTBIGN3NZOWSDQHWIBPHZWQ3E
X-MailFrom: mauro@stalw.art
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jmap.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [JMAP] Re: JMAP for Calendars comments
List-Id: JSON Meta Access Protocol <jmap.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/VGCf9jlSoHx6OFjFUVPpjrWhT2k>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Owner: <mailto:jmap-owner@ietf.org>
List-Post: <mailto:jmap@ietf.org>
List-Subscribe: <mailto:jmap-join@ietf.org>
List-Unsubscribe: <mailto:jmap-leave@ietf.org>

> - Section 3 (ParticipantIdentity): It’s not clear whether participant identities are associated with each calendar or if they’re account-level objects like email identities. If they are calendar-specific, which permissions apply when viewing or modifying them?

Sorry, I just realized I hit send a bit too quickly on my previous email.

The question I wrote there didn’t really make sense. What I was trying to ask is how this works when a user has access to shared accounts. For example, let’s say a user with accountId A1 has access to a shared account A2, and that shared account contains a calendar. Are the ParticipantIdentity objects defined in the user’s account (A1), or in the account where the calendar lives (A2)?

After re-reading Section 3, I now understand that ParticipantIdentity objects are per-account. If that’s the case, would it perhaps be clearer to expose them by extending the Principal object with a new property, similar to how CalDAV handles this with the calendar-user-address-set property?

For example, in Stalwart, calendar addresses are derived from the account’s email address(es) and cannot be modified by users. If we allow users to add other participant identities that are not their email addresses, how should the server validate that they are authorized to use those identities?


Thanks,
Mauro

v2.34.0 | Report a Bug | By Email | System Status