The CMIS interface is designed to be layered on top of existing Content Management systems and their existing programmatic interfaces. It is not intended to prescribe how specific features should be implemented within those CM systems, nor to exhaustively expose all of the CM system’s capabilities through the CMIS interfaces. Rather, it is intended to define a generic/universal set of capabilities provided by a CM system and a set of services for working with those capabilities.
Technical Committee members should send comments on this specification to the Technical Committee’s email list. Others should send comments to the Technical Committee by using the "Send A Comment" button on the Technical Committee’s web page at http://www.oasis-open.org/committees/cmis/.
For information on whether any patents have been disclosed that may be essential to implementing this specification, and any offers of patent licensing terms, please refer to the Intellectual Property Rights section of the Technical Committee web page (http://www.oasis-open.org/committees/cmis/ipr.php).
[CMIS-v1.1-Plus-Errata01]
Content Management Interoperability Services (CMIS) Version 1.1.
Edited by Florian Müller and Ken Baclawski. 13 July 2015.
OASIS Standard Incorporating Draft 01 of Errata 01.
http://docs.oasis-open.org/cmis/CMIS/v1.1/errata01/csd01/CMIS-v1.1-errata01-csd01-complete.pdf.
Latest version: http://docs.oasis-open.org/cmis/CMIS/v1.1/CMIS-v1.1.pdf.
Copyright © OASIS Open 2015. All Rights Reserved.
All capitalized terms in the following text have the meanings assigned to them in the OASIS Intellectual Property Rights Policy (the "OASIS IPR Policy"). The full Policy may be found at the OASIS website.
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published, and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this section are included on all such copies and derivative works. However, this document itself may not be modified in any way, including by removing the copyright notice or references to OASIS, except as needed for the purpose of developing any document or deliverable produced by an OASIS Technical Committee (in which case the rules applicable to copyrights, as set forth in the OASIS IPR Policy, must be followed) or as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.
This document and the information contained herein is provided on an "AS IS" basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY OWNERSHIP RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
OASIS requests that any OASIS Party or any other party that believes it has patent claims that would necessarily be infringed by implementations of this OASIS Committee Specification or OASIS Standard, to notify OASIS TC Administrator and provide an indication of its willingness to grant patent licenses to such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that produced this specification.
OASIS invites any party to contact the OASIS TC Administrator if it is aware of a claim of ownership of any patent claims that would necessarily be infringed by implementations of this specification by a patent holder that is not willing to provide a license to such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that produced this specification. OASIS may include such claims on its website, but disclaims any obligation to do so.
OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS’ procedures with respect to rights in any document or deliverable produced by an OASIS Technical Committee can be found on the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this OASIS Committee Specification or OASIS Standard, can be obtained from the OASIS TC Administrator. OASIS makes no representation that any information or list of intellectual property rights will at any time be complete, or that any claims in such list are, in fact, Essential Claims.
The name "OASIS" is a trademark of OASIS, the owner and developer of this
specification, and should be used only to refer to the organization and its official
outputs. OASIS welcomes reference to, and implementation and use of, specifications,
while reserving the right to enforce its marks against misleading uses. Please see
http://www.oasis-open.org/policies-guidelines/trademark for above guidance.
__________________________________________________________________
The CMIS interface is designed to be layered on top of existing Content Management systems and their existing programmatic interfaces. It is not intended to prescribe how specific features should be implemented within those CM systems, nor to exhaustively expose all of the CM system’s capabilities through the CMIS interfaces. Rather, it is intended to define a generic/universal set of capabilities provided by a CM system and a set of services for working with those capabilities.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
[RFC1867] |
E. Nebel, L. Masinter, Form-based File Upload in HTML, |
[RFC2045] |
N. Freed, N. Borenstein, Multipurpose Internet Mail Extensions (MIME) Part One:
Format of Internet Message Bodies, |
[RFC2046] |
N. Freed, N. Borenstein, Multipurpose Internet Mail Extensions (MIME) Part Two:
Media Types, |
[RFC2119] |
S. Bradner, Key words for use in RFCs to Indicate Requirement Levels, |
[RFC2388] |
L. Masinter, Returning Values from Forms: multipart/form-data |
[RFC2616] |
R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, T. Berners-Lee,
Hypertext Transfer Protocol – HTTP/1.1, |
[RFC2617] |
J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Luotonen, L.
Stewart, HTTP Authentication: Basic and Digest Access Authentication, |
[RFC2818] |
Rescorla, E., HTTP Over TLS, |
[RFC3023] |
M. Murata, S. St.Laurent, D. Kohn, XML Media Types, |
[RFC3986] |
T. Berners-Lee, R. Fielding, L. Masinter, Unified Resource Identifier, |
[RFC4287] |
M. Nottingham, R. Sayre, Atom Syndication Format, |
[RFC4288] |
N. Freed, J. Klensin, Media Type Specifications and Registration Procedures, |
[RFC4627] |
D. Crockford, The application/json Media Type for JavaScript Object Notation
(JSON), |
[RFC4918] |
L. Dusseault, HTTP Extensions for Web Distributed Authoring and Versioning
(WebDAV), |
[RFC5023] |
J. Gregorio, B. de hOra, Atom Publishing Protocol, |
[RFC6234] |
D. Eastlake 3rd, T. Hansen, US Secure Hash Algorithms (SHA and SHA-based
HMAC and HKDF), |
[RFC6266] |
J. Reschke, Use of the Content-Disposition Header Field in the Hypertext Transfer
Protocol (HTTP), |
[XMLSchema] |
W3C, XML Schema Part 2: Datatypes Second Edition, |
[SameOriginPolicy] |
W3C, Same Origin Policy, |
[ID-Brown] |
J. Reschke Editor, A. Brown, G. Clemm, Link Relation Types for Simple Version
Navigation between Web Resources, |
[ID-WebLinking] |
M. Nottingham, Web Linking, |
A set of request and response examples is attached to this specification document. These examples are non-normative and their sole purpose is to illustrate the data structures and bindings that are defined in this specification.
Boxes like the following point to appropriate example files throughout this document. There is usually a request file describing the request sent from a CMIS client to a CMIS repository and a matching response file that contains the content returned from the CMIS repository.
This section provides a very brief description of each major new CMIS 1.1 feature along with links to the sections of this document for complete descriptions.
Defines the services and protocol binding extensions that allow CMIS clients to create, modify and delete Type Definitions and Property Definitions for a given repository.
Please see section 2.1.10 Object-Type Creation, Modification and Deletion for a detailed discussion of this feature.
Defines additional schema for the getRepositoryInfo service that allows CMIS clients to discover any extensions or additional CMIS based standards supported on each repository.
Please see section 2.1.1.3 Repository Features for a detailed discussion of this feature.
Defines named sets of properties that can be dynamically added and removed from CMIS objects.
Please see section 2.1.9 Secondary Object-Types for a detailed discussion of this feature.
Defines secondary types for formally representing Retentions and Holds on CMIS objects. These in turn can be used by the repository to protect objects from being deleted or modified. A Retention describes a period of time that a document must not be deleted, while a Hold marks the document as protected as long as the Hold is applied.
Please see section 2.1.16 Retentions and Holds for a detailed discussion of these features.
A new optional binding specifically designed to support applications running in a web browser or other client without the need for any additional client libraries. Notable among the differences in this binding are the use of JSON (Java Script Object Notation, [RFC4627]) instead of XML and the exclusive use of HTTP GET and POST for all operations.
Please see section 5 Browser Binding for a detailed discussion of this feature.
A new top level data model type that is an extension point for repositories that need to expose any other object types via CMIS that do not fit the model’s definition for document, folder, relationship or policy.
Please see section 2.1.8 Item Object for a detailed discussion of this feature.
A method for supporting bulk property updates on a set of objects within a single service call.
Please see section 2.2.4.14 bulkUpdateProperties for a detailed discussion of this feature.
Support for appending to a content stream. Enables clients to break very large uploads of document content into numerous smaller calls.
Please see section 2.2.4.19 appendContentStream for a detailed discussion of this feature.
CMIS provides an interface for an application to access a repository. To do so, CMIS specifies a core data model that defines the persistent information entities that are managed by the repository, and specifies a set of basic services that an application can use to access and manipulate these entities. In accordance with the CMIS objectives, this data model does not cover all the concepts that a full-function ECM repository typically supports. Specifically, transient entities (such as programming interface objects), administrative entities (such as user profiles), and extended concepts (such as compound or virtual document, work flow and business process, event and subscription) are not included.
However, when an application connects to a CMIS service endpoint, the same endpoint MAY provide access to more than one CMIS repository. (How an application obtains a CMIS service endpoint is outside the scope of CMIS. How the application connects to the endpoint is a part of the protocol that the application uses.) An application MUST use the CMIS getRepositories service to obtain a list of repositories that are available at that endpoint. The repository id MUST uniquely identify an available repository at this service endpoint. Both the repository name and the repository id are opaque to CMIS. Aside from the getRepositories service, all other CMIS services are single-repository-scoped, and require a repository id as an input parameter. In other words, except for the getRepositories service, multi-repository and inter-repository operations are not supported by CMIS.
The repository itself is described by the CMIS "Get Repository Information" service. The service output is fully described in section 2.2.2.2 getRepositoryInfo.
Commercial ECM repositories vary in their designs. Moreover, some repositories are designed for a specific application domain and may not provide certain capabilities that are not needed for their targeted domain. Thus, a repository implementation may not necessarily be able to support all CMIS capabilities. A few CMIS capabilities are therefore "optional" for a repository to be compliant. A repository’s support for each of these optional capabilities is discoverable using the getRepositoryInfo service. The following is the list of these optional capabilities. All capabilities are "boolean" (i.e. the repository either supports the capability entirely or not at all) unless otherwise noted.
See section 2.2.1.2.7 Object Order.
See section 2.1.4.1 Content Stream.
See section 2.1.15 Change Log.
See section 2.1.4.2 Renditions.
The repository MUST set the object-type attributes that cannot be set by
a client or are not set by a client.
See section 2.1.10 Object-Type Creation, Modification and Deletion.
See section 2.1.12 Access Control.
The getRepositoryInfo service MUST also return implementation information including vendor name, product name, product version, version of CMIS that it supports, the root folder id (see section 2.1.5.2 Folder Hierarchy), and MAY include other implementation-specific information. The version of CMIS that the repository supports MUST be expressed as a String that matches the specification version. For this version it is the string "1.1".
Repositories MAY provide information about additional features that are supported by the repository but that are outside the CMIS specification. This information is returned by the getRepositoryInfo service.
Clients that don’t understand this information SHOULD ignore it.
The repository MUST provide a unique id for each feature. This id SHOULD take the form of a URI (see [RFC3986]). The repository MAY also provide a version label as well as a human-readable common name and description for each feature.
Furthermore, each feature MAY supply an arbitrary number of key-value pairs. The semantics and rules for these key-value pairs are not defined by CMIS but MAY be constrained by other specifications.
The CMIS Technical Committee defines feature extensions over time and publishes
them on the CMIS TC web site: https://www.oasis-open.org/committees/cmis
These optional extensions are describing features that can be supported by a wide
range of repositories and are likely to become part of the next CMIS specification
version.
The entities managed by CMIS are modeled as typed objects. There are five primary base types of objects: document objects, folder objects, relationship objects, policy objects, and item objects.
Additional object-types MAY be defined in a repository as subtypes of these base types. CMIS services are provided for the discovery of object-types that are defined in a repository. Furthermore, object-type management services are provided to create, modify and delete object-types if that is supported by the repository.
Every CMIS object has an opaque and immutable object id, which is assigned by the repository when the object is created. An id uniquely identifies an object within a repository regardless of the type of the object. Repositories SHOULD assign ids that are "permanent" – that is, they remain unchanged during the lifespan of the identified objects, and they are never reused or reassigned after the objects are deleted from the repository.
Every CMIS object has a set of named, but not explicitly ordered, properties. (However, a repository SHOULD always return object properties in a consistent order.) Within an object, each property is uniquely identified by its property definition id. The object properties are defined by the object-type.
An object must have one and only one primary object-type, which cannot be changed. An object’s primary object-type may be simply called its object-type. The primary object-type of an object classifies the object and defines the properties that the object must have.
An object MAY have zero or more secondary object types applied to it. A secondary type is a named marking that may add extra properties to an object in addition to the properties defined by the object’s primary type. That is, applying a secondary type to an object adds the properties defined by this type to the object. Removing a secondary type removes the properties. Secondary object-types can only be defined as subtypes or descendant types of the cmis:secondary base type. All other base object types and their descendant types are primary object-types.
Consequently, each instance of a primary object-type corresponds to a distinct object, whereas each instance of a secondary object type does not. Therefore, the "creatable", "fileable", "controllablePolicy", and "controllableACL" object type attributes are not applicable to a secondary object type and must be set to FALSE.
The support for secondary types is optional, and may be discovered via the getTypeChildren service. See section 2.1.9 Secondary Object-Types.
In addition, a document object MAY have a content stream, which may be used to hold a raw digital asset such as an image or a word-processing document. A repository MUST specify, in each object-type definition, whether document objects of that type MAY, MUST, or MUST NOT have a content stream. A document MAY also have one or more renditions associated with it. A rendition can be a thumbnail or an alternate representation of the content stream.
Objects MAY have one Access Control List (ACL), which controls access to the object. A set of policy objects may also control access to the object. An ACL represents a list of Access Control Entries (ACEs). An ACE in turn represents one or more permissions being granted to a principal (a user, group, role, or something similar).
The notion of localization of the objects in the data model is entirely repository specific.
CMIS objects MAY expose additional information, such as vendor-specific workflow data, beyond the attributes described above. In this respect, the data model can be extended as desired. This specification does not standardize such extensions.
A property MAY hold zero, one, or more typed data value(s). Each property MAY be single-valued or multi-valued. A single-valued property contains a single data value, whereas a multi-valued property contains an ordered list of data values of the same type. The ordering of values in a multi-valued property SHOULD be preserved by the repository.
A property, either single-valued or multi-valued, MAY be in a "not set" state. CMIS does not support "null" property value. If a multi-valued property is not in a "not set" state, its property value MUST be a non-empty list of individual values. Each individual value in the list MUST NOT be in a "not set" state and MUST conform to the property’s property-type.
A multi-valued property is either set or not set in its entirety. An individual value of a multi-valued property MUST NOT be in an individual "value not set" state and hold a position in the list of values. An empty list of values MUST NOT be allowed.
Every property is typed. The property-type defines the data type of the data value(s) held by the property. CMIS specifies the following property-types. They include the following data types defined by "XML Schema Part 2: Datatypes Second Edition" (see [XMLSchema]):
In addition, the following property-types are also specified by CMIS:
Individual protocol bindings MAY override or re-specify these property-types.
For single valued String, Id and HTML properties, a repository MAY support the distinction between a set value with an empty string (length = 0), and a "not set" value. In this case an empty value element (e.g. <cmis:value/>) inside of a property element will indicate a "set but empty" string property. A property element without a <cmis:value/> will indicate a property in a "not set" state. For repositories that do not support this distinction the latter example (absence of the <cmis:value> element) should be used for all cases.
While all CMIS identities share the same property-type, they do not necessarily share the same address space. Unless explicitly specified, id properties NEED NOT maintain a referential integrity constraint. Therefore, storing the id of one object in another object NEED NOT constrain the behavior of either object. A repository MAY, however, support referential constraint underneath CMIS if the effect on CMIS services remains consistent with an allowable behavior of the CMIS model. For example, a repository MAY return a constraint exception when a CMIS service call violates an underlying referential constraint maintained by the repository. In that case, an error message SHOULD be returned to the application to describe the cause of the exception and suggest a remedial action. The content of such messages is outside the scope of CMIS.
An object-type defines a fixed and non-hierarchical set of properties ("schema") that all objects of that type have. This schema is used by a repository to validate objects and enforce constraints, and is also used by a user to compose object-type-based (structured) queries.
All CMIS objects are strongly typed. If a property not specified in an object’s object-type definition is supplied by an application, an exception SHOULD be thrown.
Each object-type is uniquely identified within a repository by a system-assigned and immutable object-type identifier, which is of type Id.
A CMIS repository MUST expose exactly one collection of object-types via the "repository" services (getTypeChildren, getTypeDescendants, getTypeDefinition).
While a repository MAY define additional object-types beyond the CMIS base object-types, these object-types MUST NOT extend or alter the behavior or semantics of a CMIS service (for example, by adding new services). A repository MAY attach additional constraints to an object-type underneath CMIS, provided that the effect visible through the CMIS interface is consistent with the allowable behavior of CMIS.
Hierarchy and Inheritance for object-types are supported by CMIS in the following manner:
This opaque attribute identifies this object-type in the repository. | |
This attribute represents the underlying repository’s name for the object-type. This field is opaque and has no uniqueness constraint imposed by this specification. | |
This attribute allows repositories to represent the internal namespace of the underlying repository’s name for the object-type. | |
Used for query and filter operations on object-types. This is an opaque string with limitations. See 2.1.2.1.3 Query Names for details. | |
Used for presentation by application. | |
A value that indicates whether the base type for this object-type is the document, folder, relationship, policy, item, or secondary base type. | |
The id of the object-type’s immediate parent type. It MUST be "not set" for a base type. Depending on the binding this means it might not exist on the base type object-type definition. | |
Description of this object-type, such as the nature of content, or its intended use. Used for presentation by application. | |
Indicates whether new objects of this type MAY be created. If the value of this attribute is FALSE, the repository MAY contain objects of this type already, but MUST NOT allow new objects of this type to be created. | |
Indicates whether or not objects of this type are file-able. | |
Indicates whether or not this object-type can appear in the FROM clause of a query statement. A non-queryable object-type is not visible through the relational view that is used for query, and CAN NOT appear in the FROM clause of a query statement. | |
Indicates whether or not objects of this type are controllable via policies. Policy objects can only be applied to controllablePolicy objects. | |
This attribute indicates whether or not objects of this type are controllable by ACL’s. Only objects that are controllableACL can have an ACL. | |
Indicates whether objects of this type are indexed for full-text search for querying via the CONTAINS() query predicate. If the value of this attribute is TRUE, the full-text index MUST cover the content and MAY cover the metadata. | |
Indicates whether this type and its subtypes appear in a query of this type’s ancestor types. For example: if Invoice is a sub-type of cmis:document, if this is TRUE on Invoice then for a query on cmis:document, instances of Invoice will be returned if they match. If this attribute is FALSE, no instances of Invoice will be returned even if they match the query. | |
Indicates whether new child types may be created with this type as the parent. | |
Indicates whether clients may make changes to this type per the constraints defined in this specification. | |
Indicates whether clients may delete this type if there are no instances of it in the repository. | |
Besides these object-type attributes, an object-type definition SHOULD contain inherited property definitions and zero or more additional property definitions. All the properties of an object, including inherited properties, MUST be retrievable through the "get" services, and MAY appear in the SELECT clause of a query.
This opaque attribute uniquely identifies the property in the repository. If two object-types each contain property definitions with the same id, the basic property definitions (property type, query name, cardinality) MUST be the same. Other attributes MAY be different for each type. | |
This attribute represents the underlying repository’s name for the property. This field is opaque and has no uniqueness constraint imposed by this specification. | |
This attribute allows repositories to represent the internal namespace of the underlying repository’s name for the property. | |
Used for query operations on properties. This is an opaque string with limitations. See 2.1.2.1.3 Query Names for details. | |
Used for presentation by application. | |
This is an optional attribute containing a description of the property. | |
This attribute indicates the type of this property. It MUST be one of the allowed property types. (See section 2.1.2.1 Property.) | |
Indicates whether the property can have "zero or
one" or "zero or more" values. Values:
Repositories SHOULD preserve the ordering of values in a multi-valued property. That is, the order in which the values of a multi-valued property are returned in "get" services operations SHOULD be the same as the order in which they were supplied during previous create/update operation. |
|
Indicates under what circumstances the value of
this property MAY be updated. Values:
|
|
Indicates whether the property definition is inherited from the parent type when TRUE or it is explicitly defined for this object-type when FALSE. | |
This attribute is only applicable to non-system
properties, i.e. properties whose value is
provided by the application.
If TRUE, then the value of this property MUST never be set to the "not set" state when an object of this type is created/updated. If not provided during a create or update operation, the repository MUST provide a value for this property. If a value is not provided, then the default value defined for the property MUST be set. If no default value is provided and no default value is defined, the repository MUST throw a constraint exception. This attribute is not applicable when the "updatability" attribute is "readonly". In that case, "required" SHOULD be set to FALSE. Note: For CMIS-defined object-types, the value of a system property (such as cmis:objectId, cmis:createdBy) MUST be set by the repository. However, the property’s "required" attribute SHOULD be FALSE because it is read-only to applications. |
|
Indicates whether or not the property MAY
appear in the WHERE clause of a CMIS query
statement.
This attribute MUST have a value of FALSE if the object-type’s attribute for "queryable" is set to FALSE. |
|
Indicates whether the property can appear
in the ORDER BY clause of a CMIS query
statement or an orderBy parameter of
getChildren or getCheckedOutDocs.
This property MUST be FALSE for any property whose cardinality is "multi". |
|
Indicates an explicit ordered set of single
values allowed for this property.
If the cardinatity of the property definition is "single" and the "openChoice" attribute is FALSE, then the property value MUST be at most one of the values listed in this attribute. If the cardinatity of the property definition is "single" and the "openChoice" attribute is TRUE, then the property value MAY be one of the values listed in this attribute. If the cardinatity of the property definition is "multi" and the "openChoice" attribute is FALSE, then the property value MUST be zero, one or more than one of the values listed in this attribute. If the cardinatity of the property definition is "multi" and the "openChoice" attribute is TRUE, then the property value MAY be zero, one, or more than one of the values listed in this attribute. If this attribute is "not set", then any valid value for this property based on its type may be used. Each choice includes a displayName and a value. The displayName is used for presentation purpose. The value will be stored in the property when selected. Choices MAY be hierarchically presented. For example: a value of "choices" for a geographic location would be represented as follows:
|
|
This attribute is only applicable to properties
that provide a value for the "Choices"
attribute.
If FALSE, then the data value for the property MUST only be one of the values specified in the "Choices" attribute. If TRUE, then values other than those included in the "Choices" attribute may be set for the property. |
|
The value that the repository MUST set for
the property if a value is not provided by an
application when the object is created.
If no default value is specified and an application creates an object of this type without setting a value for the property, the repository MUST attempt to store a "not set" property value. If this occurs for a property that is defined to be required, then the creation attempt MUST throw an exception. The attributes on the default value element are the same as the attributes on the property definition. |
|
The minimum value allowed for this property.
If an application tries to set the value of this property to a value lower than minValue, the repository MUST throw a constraint exception. |
|
The maximum value allowed for this property.
If an application tries to set the value of this property to a value higher than maxValue, the repository MUST throw a constraint exception. |
|
This is the resolution supported for values of
this property. Valid values for this attribute
are:
|
|
This is the precision in bits supported for values
of this property. Valid values for this attribute
are:
|
|
The minimum value allowed for this property.
If an application tries to set the value of this property to a value lower than minValue, the repository MUST throw a constraint exception. |
|
The maximum value allowed for this property.
If an application tries to set the value of this property to a value higher than maxValue, the repository MUST throw a constraint exception. |
|
The maximum length (in characters) allowed
for a value of this property.
If an application attempts to set the value of this property to a string longer than the specified maximum length, the repository MUST throw a constraint exception. |
|
Document objects are the elementary information entities managed by the repository.
Depending on its object-type definition, a document object may be:
Additionally, whether a document object MUST, MAY or MUST NOT have a content stream is specified in its object-type definition. A document object MAY be associated with zero or more renditions.
Note: When a document is versioned, each version of the document is a separate document object. Thus, for document objects, an object id actually identifies a specific version of a document.
A content stream is a binary stream. Its maximum length is repository specific. Each content stream has a MIME Media Type, as defined by [RFC2045] and [RFC2046]. A content stream’s attributes are represented as properties of the content stream’s containing document object. There is no MIME type specific attribute or name directly associated with the content stream outside of the document object.
CMIS provides basic CRUD1 services for content stream, using the id of a content stream’s containing document object for identification. A content stream also has a contentStreamId which is used for access to the stream. The setContentStream service either creates a new content stream for a document object or replaces an existing content stream. The appendContentStream service either creates a new content stream or appends content to an existing content stream. The getContentStream service retrieves a content stream. The deleteContentStream service deletes a content stream from a document object. In addition, the createDocument and checkIn services MAY also take a content stream as an optional input. A content stream MUST be specified if required by the object-type definition. These are the only services that operate on content stream. The getObject and query services, for example, do not return a content stream.
setContentStream, appendContentStream and deleteContentStream services are considered modifications to a content stream’s containing document object, and SHOULD therefore change the object’s last modification date property upon successful completion.
The ability to set or delete a content stream is controlled by the capabilityContentStreamUpdatability capability.
Some ECM repositories provide a facility to retrieve alternative representations of a document. These alternative representations are known as renditions. This could apply to a preview case which would enable the client to preview the content of a document without needing to download the full content. Previews are generally reduced fidelity representations such as thumbnails. Renditions can take on any general form, such as a PDF version of a word processing document.
A CMIS repository MAY expose zero or more renditions for a document or folder in addition to a document’s content stream. CMIS provides no capability to create or update renditions accessed through the rendition services. Renditions are specific to the version of the document or folder and may differ between document versions. Each rendition consists of a set of rendition attributes and a rendition stream. Rendition attributes are not object properties, and are not queryable. They can be retrieved using the getRenditions service. A rendition stream can be retrieved using the getContentStream service with the rendition’s streamId parameter.
Identifies the rendition stream. | |
The MIME type of the rendition stream. | |
The length of the rendition stream in bytes. | |
Human readable information about the rendition. | |
A categorization String associated with the rendition. See section 2.1.4.2.2 Rendition Kind. | |
Typically used for ’image’ renditions
(expressed as pixels). SHOULD be present if kind = cmis:thumbnail. |
|
Typically used for ’image’ renditions
(expressed as pixels). SHOULD be present if kind = cmis:thumbnail. |
|
If specified, then the rendition can also be accessed as a document object in the CMIS services. If not set, then the rendition can only be accessed via the rendition services. Referential integrity of this id is repository specific. | |
CMIS defines the following kind:
This section describes the definition of the document object-type’s attribute values and property definitions which must be present on document instance objects. All attributes and property definitions are listed by their id.
Indicates whether or not objects of this type are version-able. (See section 2.1.13 Versioning.) If this attribute is set to TRUE, then documents of this type MUST be versionable. If this attribute is set to FALSE, then documents of this type MUST NOT be versionable. | |
A value that indicates whether a content stream
MAY, MUST, or MUST NOT be included in
objects of this type. Values:
|
|
Notes:
id
Value: cmis:document
localName
Value: <repository-specific>
localNamespace
Value: <repository-specific>
queryName
Value: cmis:document
displayName
Value: <repository-specific>
baseId
Value: cmis:document
parentId
Value: MUST NOT be set
description
Value: <repository-specific>
creatable
Value: <repository-specific>
fileable
Value: SHOULD be TRUE
queryable
Value: SHOULD be TRUE
controllablePolicy
Value: <repository-specific>
controllableACL
Value: <repository-specific>
includedInSupertypeQuery
Value: <repository-specific>
fulltextIndexed
Value: <repository-specific>
typeMutability.create
Value: <repository-specific>
typeMutability.update
Value: <repository-specific>
typeMutability.delete
Value: <repository-specific>
versionable
Value: <repository-specific>
contentStreamAllowed
Value: <repository-specific>
cmis:name | Name of the object. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | TRUE | |
Cardinality: | single | |
Updatability: | SHOULD be readwrite or whencheckedout | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | SHOULD be TRUE | |
cmis:description | Description of the object. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | SHOULD be readwrite or whencheckedout | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | <repository specific> | |
If
the
repository
doesn’t
support
object
descriptions,
the
Updatability
SHOULD
be
readonly
and
the
repository
SHOULD
return
a
"not
set"
value
for
this
property. | ||
cmis:objectId | Id of the object. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly oncreate | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:baseTypeId | Id of the base object-type for the object. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:objectTypeId | Id of the object’s type. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:secondaryObjectTypeIds | Ids of the object’s secondary types. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | multi | |
Updatability: | readwrite if secondary types are supported, readonly otherwise |
|
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | FALSE | |
If
the
repository
does
not
support
secondary
types,
the
repository
MUST
return
"not
set". | ||
cmis:createdBy | User who created the object. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | TRUE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:creationDate | DateTime when the object was created. | |
Property Type: | DateTime | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | TRUE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:lastModifiedBy | User who last modified the object. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | TRUE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:lastModificationDate | DateTime when the object was last modified. | |
Property Type: | DateTime | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | TRUE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:changeToken | Opaque token used for optimistic locking and concurrency checking. (See section 2.2.1.3 Change Tokens.) | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | FALSE | |
Orderable: | FALSE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. If
the
repository
does
not
support
change
tokens,
this
property
SHOULD
not
be
set. | ||
cmis:isImmutable | Defines if the object can be modified. If TRUE the repository MUST throw an error at any attempt to update or delete the object. | |
Property Type: | Boolean | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:isLatestVersion | See section 2.1.13 Versioning. | |
Property Type: | Boolean | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it.
Version
property
values
are
repository-specific
when
a
document
is
defined
as
non-versionable. | ||
cmis:isMajorVersion | See section 2.1.13 Versioning. | |
Property Type: | Boolean | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it.
Version
property
values
are
repository-specific
when
a
document
is
defined
as
non-versionable. | ||
cmis:isLatestMajorVersion | See section 2.1.13 Versioning. | |
Property Type: | Boolean | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it.
Version
property
values
are
repository-specific
when
a
document
is
defined
as
non-versionable. | ||
cmis:isPrivateWorkingCopy | See section 2.1.13 Versioning. | |
Property Type: | Boolean | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it.
Version
property
values
are
repository-specific
when
a
document
is
defined
as
non-versionable. | ||
cmis:versionLabel | See section 2.1.13 Versioning. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it.
Version
property
values
are
repository-specific
when
a
document
is
defined
as
non-versionable. | ||
cmis:versionSeriesId | See section 2.1.13 Versioning. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it.
Version
property
values
are
repository-specific
when
a
document
is
defined
as
non-versionable. | ||
cmis:isVersionSeriesCheckedOut | See section 2.1.13 Versioning. | |
Property Type: | Boolean | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it.
Version
property
values
are
repository-specific
when
a
document
is
defined
as
non-versionable. | ||
cmis:versionSeriesCheckedOutBy | See section 2.1.13 Versioning. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | <repository specific> | |
The
repository
SHOULD
return
this
property
with
a
non-empty
value
if
the
document
is
checked
out
and
the
property
filter
does
not
exclude
it.
The
repository
MUST
return
"not
set"
if
the
document
is
not
checked
out.
Version
property
values
are
repository-specific
when
a
document
is
defined
as
non-versionable. | ||
cmis:versionSeriesCheckedOutId | See section 2.1.13 Versioning. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | <repository specific> | |
The
repository
SHOULD
return
this
property
with
a
non-empty
value
if
the
document
is
checked
out,
the
PWC
is
visible
to
the
current
user
and
the
property
filter
does
not
exclude
it. If
the
PWC
is
not
visible
to
the
current
user,
the
repository
SHOULD
return
"not
set".
The
repository
MUST
return
"not
set"
if
the
document
is
not
checked
out.
Version
property
values
are
repository-specific
when
a
document
is
defined
as
non-versionable. | ||
cmis:checkinComment | See section 2.1.13 Versioning. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | <repository specific> | |
Version
property
values
are
repository-specific
when
a
document
is
defined
as
non-versionable. | ||
cmis:contentStreamLength | Length of the content stream (in bytes). See also section 2.1.4.1 Content Stream. |
|
Property Type: | Integer | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
document
has
a
content
stream
and
the
property
filter
does
not
exclude
it. If
the
document
has
no
content
stream,
the
repository
MUST
return
"not
set". | ||
cmis:contentStreamMimeType | MIME type of the content stream. See also section 2.1.4.1 Content Stream. |
|
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
document
has
a
content
stream
and
the
property
filter
does
not
exclude
it. If
the
document
has
no
content
stream,
the
repository
MUST
return
"not
set". | ||
cmis:contentStreamFileName | File name of the content stream. See also section 2.1.4.1 Content Stream. |
|
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
document
has
a
content
stream
and
the
property
filter
does
not
exclude
it. If
the
document
has
no
content
stream,
the
repository
MUST
return
"not
set". | ||
cmis:contentStreamId | Id of the content stream. See also section 2.1.4.1 Content Stream. |
|
Property Type: | String Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | <repository specific> | |
If
the
document
has
no
content
stream,
the
repository
MUST
return
"not
set". | ||
A folder object serves as the anchor for a collection of file-able objects. The folder object has an implicit hierarchical relationship with each object in its collection, with the anchor folder object being the parent object and each object in the collection being a child object. This implicit relationship has specific containment semantics which MUST be maintained by the repository with implicit referential integrity. (That is, there will never be a dangling parent-relationship or a dangling child-relationship. Furthermore, object A is a parent of object B if and only if object B is a child of object A.) This system-maintained implicit relationship is distinct from an explicit relationship which is instantiated by an application-maintained relationship object. (See section 2.1.6 Relationship Object.)
A folder object does not have a content-stream and is not version-able. A folder object MAY be associated with zero or more renditions (see section 2.1.4.2 Renditions).
A file-able object is one that MAY be "filed" into a folder. That is, it MAY be a child object of a folder object. The following list defines whether the base CMIS object-types are file-able:
When the child objects of a folder are retrieved, a specific version of a document MAY be returned. If the repository supports version-specific filing, the specific version filed in that folder is returned. If the repository does not support version-specific filing, the latest version or the latest major version of the document is returned.
Likewise, this version sensitivity in child-binding also affects the behavior of parent retrieval for a document object, as well as the scope of the IN_FOLDER() and IN_TREE() function calls in a query. For non-versionable fileable objects, their membership in a folder does not have version sensitivity.
Because of these filing constraints, when a new folder object is created, an existing folder object MUST be specified as its parent.
When a non-file-able object is created, a parent folder MUST NOT be specified.
When a file-able object is deleted, it is removed from any folder collection in which the object is a member. In other words, when an object is deleted, all implicit parent-child relationships with the deleted object as a child cease to exist.
CMIS imposes the following constraints on folder objects:
With these constraints, the folder objects in a CMIS repository necessarily form a strict hierarchy, with the root folder being the root of the hierarchy.
The child objects of a given folder object, their child objects, and grandchild objects, etc., are called descendant objects of the given folder object. A folder object together with all its descendant objects are collectively called a tree rooted at that folder object.
A non-folder object does not have any descendant objects. Thus, a folder graph that consists of all fileable objects as nodes, and all the implicit folder containment relationships as directed edges from parent to child, is a directed acyclic graph, possibly with some disconnected (orphan) nodes. It follows that the tree rooted at any given folder object is also a directed acyclic graph, although a non-folder object in the tree MAY have ancestors that are not ancestors of the rooted folder.
Folder objects are handled using the basic CRUD services for objects, and the folder graph is traversed using the navigation services.
The root folder is a special folder such that it cannot be created, deleted, or moved using CMIS services. Otherwise, it behaves like any other folder object.
A folder hierarchy MAY be represented in a canonical notation such as path. For CMIS, a path is represented by:
That is, if folder A is under the root, and folder B is under A, then the path would be /A/B.
A path for an object may be calculated in the following way:
This constructed path may be given as input to the getObjectByPath service for object by path retrieval.
The getObjectParents service returns relativePathSegment tokens. These tokens are the pathSegment of the input object relative to the parent folders.
This section describes the definition of the folder object-type’s attribute values and property definitions which must be present on folder instance objects. All attributes and property definitions are listed by their id.
Notes:
id
Value: cmis:folder
localName
Value: <repository-specific>
localNamespace
Value: <repository-specific>
queryName
Value: cmis:folder
displayName
Value: <repository-specific>
baseId
Value: cmis:folder
parentId
Value: MUST NOT be set
description
Value: <repository-specific>
creatable
Value: <repository-specific>
fileable
Value: TRUE
queryable
Value: SHOULD be TRUE
controllablePolicy
Value: <repository-specific>
controllableACL
Value: <repository-specific>
includedInSupertypeQuery
Value: <repository-specific>
fulltextIndexed
Value: <repository-specific>
typeMutability.create
Value: <repository-specific>
typeMutability.update
Value: <repository-specific>
typeMutability.delete
Value: <repository-specific>
cmis:name | Name of the object. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | TRUE | |
Cardinality: | single | |
Updatability: | SHOULD be readwrite | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | SHOULD be TRUE | |
cmis:description | Description of the object. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | SHOULD be readwrite | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | <repository specific> | |
If
the
repository
doesn’t
support
object
descriptions,
the
Updatability
SHOULD
be
readonly
and
the
repository
SHOULD
return
a
"not
set"
value
for
this
property. | ||
cmis:objectId | Id of the object. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly oncreate | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:baseTypeId | Id of the base object-type for the object. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:objectTypeId | Id of the object’s type. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:secondaryObjectTypeIds | Ids of the object’s secondary types. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | multi | |
Updatability: | readwrite if secondary types are supported, readonly otherwise |
|
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | FALSE | |
If
the
repository
does
not
support
secondary
types,
the
repository
MUST
return
"not
set". | ||
cmis:createdBy | User who created the object. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | TRUE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:creationDate | DateTime when the object was created. | |
Property Type: | DateTime | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | TRUE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:lastModifiedBy | User who last modified the object. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | TRUE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:lastModificationDate | DateTime when the object was last modified. | |
Property Type: | DateTime | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | TRUE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:changeToken | Opaque token used for optimistic locking and concurrency checking. (See section 2.2.1.3 Change Tokens.) | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | FALSE | |
Orderable: | FALSE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. If
the
repository
does
not
support
change
tokens,
this
property
SHOULD
not
be
set. | ||
cmis:parentId | Id of the parent folder of the folder. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | FALSE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:path | The fully qualified path to this folder. See section 2.1.5.3 Paths. |
|
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:allowedChildObjectTypeIds | Id’s of the set of object-types that can be
created, moved or filed into this folder. See section 2.1.5.1.2 Filing Restrictions by Object-Type. |
|
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | multi | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | FALSE | |
Orderable: | FALSE | |
A relationship object is semantically a dependent object. A relationship object MUST NOT have a content stream, and MUST NOT be versionable, MAY be queryable, and MUST NOT be fileable, although it MAY be controllable.
If a repository does not support relationship objects, the relationship base object-type SHOULD NOT be returned by a getTypeChildren service call.
A relationship object instantiates an explicit, binary, directional, non-invasive, and typed relationship between a source object and a target object. The source object and the target object MUST both be independent objects, such as a document object, a folder object, a policy object, or an item object. Whether a policy object is allowed to be the source or target object of a relationship object is repository-specific.
The relationship instantiated by a relationship object is explicit since it is explicitly represented by an object and is explicitly managed by application.
This relationship is non-invasive in the sense that creating or removing this relationship SHOULD NOT modify either the source or the target object. That is, it SHOULD NOT require an update capability (or permission) on either object; SHOULD NOT affect the versioning state of either object; and SHOULD NOT change their "Last Modification Date".
Explicit relationships can be used to create an arbitrary relationship graph among independent objects. Such a relationship graph is only structural in nature. No inheritance or transitive properties are attached to a relationship graph.
The notion of a source object and a target object of a relationship is used solely to indicate the direction of the relationship. No semantics or implementation bias is implied by this terminology.
The binding of a relationship object to a source document object or to a target document object MAY be either version-specific or version-independent. This version sensitivity is repository-specific, and is largely transparent to CMIS. An independent object MAY participate in any number of explicit relationships, as the source object for some and as the target object for others. Multiple relationships MAY exist between the same pair of source and target objects.
Referential integrity, either between the source object and the target object, or between the relationship object and the source or target object, is repository-specific. Therefore, creating an explicit relationship between two objects MAY impose a constraint on any of the three objects, and removing a relationship or deleting either the source or the target object MAY be restricted by such a constraint. If the source or the target object of a relationship is deleted, the repository MAY automatically delete the relationship object.
Like all CMIS objects, relationship objects are typed. Typing relationship allows them to be grouped, identified, and traversed by type id, and for properties to be defined for individual relationship types.
Additionally, a relationship object-type MAY specify that only objects of a specific object-type can participate as the source object or target object for relationship objects of that type. If no such constraints are specified, then an independent object of any type MAY be the source or the target of a relationship object of that type.
When a relationship object is created, the source object id and the target object id MUST reference valid non-relationship CMIS objects. When a relationship object is retrieved, its source object or target object MAY no longer exist, since referential integrity MAY not be maintained by a repository.
In addition to object CRUD services, a getObjectRelationships service may be used to return a set of relationship objects in which a given independent object is identified as the source or the target object, according to the binding semantics maintained by the repository (i.e., either a version-specific or a version-independent binding as described above).
This section describes the definition of the relationship object-type’s attribute values and property definitions which must be present on relationship instance objects. All attributes and property definitions are listed by their id.
A list of object-type ids, indicating that the
source object of a relationship object of this
type MUST only be one of the types listed.
If this attribute is "not set", then the source object MAY be of any type. |
|
A list of object-type ids, indicating that the
target object of a relationship object of this
type MUST only be one of the types listed.
If this attribute is "not set", then the target object MAY be of any type. |
|
Notes:
id
Value: cmis:relationship
localName
Value: <repository-specific>
localNamespace
Value: <repository-specific>
queryName
Value: cmis:relationship
displayName
Value: <repository-specific>
baseId
Value: cmis:relationship
parentId
Value: MUST NOT be set
description
Value: <repository-specific>
creatable
Value: <repository-specific>
fileable
Value: FALSE
queryable
Value: <repository-specific>
controllablePolicy
Value: <repository-specific>
controllableACL
Value: <repository-specific>
includedInSupertypeQuery
Value: <repository-specific>
fulltextIndexed
Value: <repository-specific>
typeMutability.create
Value: <repository-specific>
typeMutability.update
Value: <repository-specific>
typeMutability.delete
Value: <repository-specific>
allowedSourceTypes
Value: <repository-specific>
allowedTargetTypes
Value: <repository-specific>
cmis:name | Name of the object. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | TRUE | |
Cardinality: | single | |
Updatability: | SHOULD be readwrite | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | SHOULD be TRUE | |
cmis:description | Description of the object. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | SHOULD be readwrite | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | <repository specific> | |
If
the
repository
doesn’t
support
object
descriptions,
the
Updatability
SHOULD
be
readonly
and
the
repository
SHOULD
return
a
"not
set"
value
for
this
property. | ||
cmis:objectId | Id of the object. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly oncreate | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:baseTypeId | Id of the base object-type for the object. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:objectTypeId | Id of the object’s type. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:secondaryObjectTypeIds | Ids of the object’s secondary types. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | multi | |
Updatability: | readwrite if secondary types are supported, readonly otherwise |
|
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | FALSE | |
If
the
repository
does
not
support
secondary
types,
the
repository
MUST
return
"not
set". | ||
cmis:createdBy | User who created the object. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | TRUE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:creationDate | DateTime when the object was created. | |
Property Type: | DateTime | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | TRUE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:lastModifiedBy | User who last modified the object. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | TRUE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:lastModificationDate | DateTime when the object was last modified. | |
Property Type: | DateTime | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | TRUE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:changeToken | Opaque token used for optimistic locking and concurrency checking. (See section 2.2.1.3 Change Tokens.) | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | FALSE | |
Orderable: | FALSE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. If
the
repository
does
not
support
change
tokens,
this
property
SHOULD
not
be
set. | ||
cmis:sourceId | Id of the source object of the relationship. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly SHOULD be oncreate | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:targetId | Id of the target object of the relationship. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly SHOULD be oncreate | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
A policy object represents an administrative policy that can be enforced by a repository. CMIS does not specify what kinds of administrative policies that are specifically supported, nor attempts to model administrative policy of any particular kind. Only a base object-type is specified for policy objects. Each policy object holds the text of an administrative policy as a repository-specific string, which is opaque to CMIS and which may be used to support policies of various kinds. A repository may create subtypes of this base type to support different kinds of administrative policies more specifically. If a repository does not support policy objects, the policy base object-type SHOULD NOT be returned by a getTypeChildren service call. This is an extension point for repositories that want to expose other capabilities via CMIS that are not supported directly in CMIS.
Aside from allowing an application to create and maintain policy objects, CMIS allows an application to "apply" a policy to an object, and to remove an applied policy from an object. An object to which a policy may be applied is called a controllable object. A policy MAY be applied to multiple controllable objects. Conversely, a repository MAY allow multiple policies applied to a controllable object. (A repository may, for example, impose constraints such as only one policy of each kind can be applied to an object.) Whether or not an object is controllable is specified by the object’s type definition. Applying a policy to an object is to place the object under the control of that policy (while the object may also be under the control of other policies at the same time), and removing an applied policy from one of its controlled objects is to remove the corresponding control from that object. This control may change the state of the object, may impose certain constraints on service calls operating on this object, or may cause certain management actions to take place. The effect of this control, when this effect takes place, and how this control interacts with other controls, are repository-specific. Only directly/explicitly applied policies are covered by CMIS. Indirectly applying policy to an object, e.g. through inheritance, is outside the scope of CMIS.
A policy object does not have a content stream and is not versionable. It may be fileable, queryable or controllable. Policy objects are handled using the basic CRUD services for objects. If a policy is updated, the change may alter the corresponding control on objects that the policy is currently applied to. If a controlled object is deleted, all the policies applied to that object, if there are any, are removed from that object. A policy object that is currently applied to one or more controllable objects CAN NOT be deleted. That is, there is an implicit referential constraint from a controlled object to its controlling policy object(s). Besides the basic CRUD services, the applyPolicy and the removePolicy services may be used to apply a policy object to a controllable object and respectively to remove an applied policy from one of its controlled objects. In addition, the getAppliedPolicies service may be used to obtain the policy objects that are currently applied to a controllable object.
This section describes the definition of the policy object-type’s attribute values and property definitions which must be present on policy instance objects. All attributes and property definitions are listed by their id.
Notes:
id
Value: cmis:policy
localName
Value: <repository-specific>
localNamespace
Value: <repository-specific>
queryName
Value: cmis:policy
displayName
Value: <repository-specific>
baseId
Value: cmis:policy
parentId
Value: MUST NOT be set
description
Value: <repository-specific>
creatable
Value: <repository-specific>
fileable
Value: <repository-specific>
queryable
Value: <repository-specific>
controllablePolicy
Value: <repository-specific>
controllableACL
Value: <repository-specific>
includedInSupertypeQuery
Value: <repository-specific>
fulltextIndexed
Value: <repository-specific>
typeMutability.create
Value: <repository-specific>
typeMutability.update
Value: <repository-specific>
typeMutability.delete
Value: <repository-specific>
cmis:name | Name of the object. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | TRUE | |
Cardinality: | single | |
Updatability: | SHOULD be readwrite | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | SHOULD be TRUE | |
cmis:description | Description of the object. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | SHOULD be readwrite | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | <repository specific> | |
If
the
repository
doesn’t
support
object
descriptions,
the
Updatability
SHOULD
be
readonly
and
the
repository
SHOULD
return
a
"not
set"
value
for
this
property. | ||
cmis:objectId | Id of the object. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly oncreate | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:baseTypeId | Id of the base object-type for the object. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:objectTypeId | Id of the object’s type. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:secondaryObjectTypeIds | Ids of the object’s secondary types. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | multi | |
Updatability: | readwrite if secondary types are supported, readonly otherwise |
|
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | FALSE | |
If
the
repository
does
not
support
secondary
types,
the
repository
MUST
return
"not
set". | ||
cmis:createdBy | User who created the object. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | TRUE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:creationDate | DateTime when the object was created. | |
Property Type: | DateTime | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | TRUE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:lastModifiedBy | User who last modified the object. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | TRUE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:lastModificationDate | DateTime when the object was last modified. | |
Property Type: | DateTime | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | TRUE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:changeToken | Opaque token used for optimistic locking and concurrency checking.(See section 2.2.1.3 Change Tokens.) | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | FALSE | |
Orderable: | FALSE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. If
the
repository
does
not
support
change
tokens,
this
property
SHOULD
not
be
set. | ||
cmis:policyText | User-friendly description of the policy. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly readwrite | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | <repository specific> | |
The item object is an extension point for repositories that want to expose other object types via CMIS that do not fit the definition for document, folder, relationship or policy. For example an independently persistable collection of properties that was not versionable and did not have content. Another example could be a base identity object for users and groups.
A repository may create subtypes of this base type to support different kinds of generic base objects more specifically. If a repository does not support item objects, the item base object-type SHOULD NOT be returned by a getTypeChildren service call. Like the other CMIS objects (folder, policy and relationship), item objects are not versionable and do not have content. Item objects are manipulated with the basic CRUD operations as well as with query if the repository has them marked as queryable.
This section describes the definition of the item object-type’s attribute values and property definitions which must be present on item instance objects. All attributes and property definitions are listed by their id.
Notes:
id
Value: cmis:item
localName
Value: <repository-specific>
localNamespace
Value: <repository-specific>
queryName
Value: cmis:item
displayName
Value: <repository-specific>
baseId
Value: cmis:item
parentId
Value: MUST NOT be set
description
Value: <repository-specific>
creatable
Value: <repository-specific>
fileable
Value: <repository-specific>
queryable
Value: <repository-specific>
controllablePolicy
Value: <repository-specific>
controllableACL
Value: <repository-specific>
includedInSupertypeQuery
Value: <repository-specific>
fulltextIndexed
Value: <repository-specific>
typeMutability.create
Value: <repository-specific>
typeMutability.update
Value: <repository-specific>
typeMutability.delete
Value: <repository-specific>
cmis:name | Name of the object. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | TRUE | |
Cardinality: | single | |
Updatability: | SHOULD be readwrite | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | SHOULD be TRUE | |
If
the
repository
does
not
support
names
for
items,
it
MAY
ignore
the
value
of
this
property
when
provided
by a
client.
The
repository
MUST
return
a
name
even
if
the
item
has
no
name.
It
MAY
return
the
object
id in
this
case. | ||
cmis:description | Description of the object. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | SHOULD be readwrite | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository specific> | |
Orderable: | <repository specific> | |
If
the
repository
doesn’t
support
object
descriptions,
the
Updatability
SHOULD
be
readonly
and
the
repository
SHOULD
return
a
"not
set"
value
for
this
property. | ||
cmis:objectId | Id of the object. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly oncreate | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:baseTypeId | Id of the base object-type for the object. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:objectTypeId | Id of the object’s type. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | <repository specific> | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:secondaryObjectTypeIds | Ids of the object’s secondary types. | |
Property Type: | Id | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | multi | |
Updatability: | readwrite if secondary types are supported, readonly otherwise | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | FALSE | |
If
the
repository
does
not
support
secondary
types,
the
repository
MUST
return
"not
set". | ||
cmis:createdBy | User who created the object. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | TRUE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:creationDate | DateTime when the object was created. | |
Property Type: | DateTime | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | TRUE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:lastModifiedBy | User who last modified the object. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | TRUE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:lastModificationDate | DateTime when the object was last modified. | |
Property Type: | DateTime | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | TRUE | |
Orderable: | TRUE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. | ||
cmis:changeToken | Opaque token used for optimistic locking and concurrency checking.(See section 2.2.1.3 Change Tokens.) | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readonly | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | FALSE | |
Orderable: | FALSE | |
The
repository
MUST
return
this
property
with
a
non-empty
value
if
the
property
filter
does
not
exclude
it. If
the
repository
does
not
support
change
tokens,
this
property
SHOULD
not
be
set. | ||
A secondary type defines a set of properties that can be dynamically added to and removed from objects. That is, an object can get and lose additional properties that are not defined by its primary type during its lifetime. Multiple secondary types can be applied to the same object at the same time.
Secondary types can be simple markers without properties. Alternatively, they can contain technical information about an object. For example, a repository might analyze the content of a document, detects a photo and adds a secondary type that adds EXIF data to the document. Applications might want to attach temporary data to an object such the state of the object in a workflow. Secondary types may also change the behaviour of the repository.
The CMIS specification does not define the semantics of secondary types with the exception of secondary types for retentions and holds (see section 2.1.16 Retentions and Holds). CMIS provides a way to apply and remove secondary types to/from an object. Additionally, CMIS provides an optional ability to create, update and remove secondary types.
If a repository does not support secondary types, the secondary type base object-type cmis:secondary SHOULD NOT be returned by a getTypeChildren service call.
The base object-type does not specify any property definitions and its sole purpose is to be the root type of all other secondary object-types. Repositories MAY provide property definitions on the base type that are then inherited by other secondary object-types.
Secondary types can be applied to and removed from an object at any time. An object MAY have zero or more secondary types assigned to it. When a secondary type is applied, the object provides the properties that are defined by the secondary type. When a secondary type is removed, it loses these properties and its values.
A repository MAY not allow applying or removing certain secondary object-types to certain objects based on rules that are not determined in this specification. The repository SHOULD throw a constraint exception if such an operation is not allowed. Secondary object-types CAN NOT be used as primary object-types. That is, when an object is created, its object-type has to be either one of the other base types or an object-type that is derived from the other base types. Hence, a secondary object-type MUST NOT be creatable.
Whether an object is fileable, versionable or controllable is determined by its primary object-type.
Secondary types can be applied at creation time by populating the multi-value property cmis:secondaryObjectTypeIds with the ids of the secondary types. All properties defined by these secondary types can be set as well.
Secondary types can be added and removed later by changing the cmis:secondaryObjectTypeIds property, either through the updateProperties service or the checkIn service. Adding the id of a secondary type to this multi value property adds the secondary type. Removing the id of a secondary type from this multi value property removes the type and all associated properties and values.
A repository MUST throw a constraint exception if a secondary type cannot be added or removed.
Adding a secondary type and providing values for the associated properties of this secondary type MAY be done in the same operation.
This section describes the definition of the secondary object-type’s attribute values. All attributes are listed by their id.
Notes:
id
Value: cmis:secondary
localName
Value: <repository-specific>
localNamespace
Value: <repository-specific>
queryName
Value: cmis:secondary
displayName
Value: <repository-specific>
baseId
Value: cmis:secondary
parentId
Value: MUST NOT be set
description
Value: <repository-specific>
creatable
Value: FALSE
fileable
Value: FALSE
queryable
Value: <repository-specific>
controllablePolicy
Value: FALSE
controllableACL
Value: FALSE
includedInSupertypeQuery
Value: <repository-specific>
fulltextIndexed
Value: <repository-specific>
Note: This attribute defines if the properties of this secondary type are full-text
indexed. It does not make a statement about the content.
typeMutability.create typeMutability.update typeMutability.delete
Value: <repository-specific>
Value: <repository-specific>
Value: <repository-specific>
A repository MAY support the creation, modification and deletion of primary and secondary object-types.
Each object-type definition SHOULD include a set of flags that indicate if the object-type can be used as a parent type or if the object-type can be modified or deleted. Please see section 2.1.3.2.1 Attributes common to ALL Object-Type Definitions for details.
These flags are not to be interpreted as the rights for the current user. These are the rights that would apply to an administrator user or a user that has sufficient rights to modify metadata. For example, a non-administrator would see that an object-type is extendable (the type mutability capabilities create flag is set to TRUE) even though they would not be allowed to actually perform the operation. If a user tries to create, modify or delete a type definition and does not have the required permissions, the repository MUST return a permissionDenied error.
A repository MAY also place additional restrictions on these operations where necessary. These restrictions are repository specific.
The optional capabilities capabilityNewTypeSettableAttributes and capabilityCreatablePropertyTypes SHOULD indicate which object-type attributes can be set by a client and which properties data types can be used to create or extend an object-type.
Note, that the client CANNOT define whether a new object-type can be used as a parent type, or can be updated or deleted. How the repository determines a given object-type’s mutability capabilities is repository specific.
When an object-type is created the client MUST suggest a type id for the new object-type. The repository may do the following with this suggested value:
When a property definition is created the client MUST suggest a property definition id for the new property. The repository may do the following with this suggested value:
When an object-type is created or updated, the repository MUST return the created or updated type definition whereby the order of ALL newly created property definitions MUST match the order of the input. This is so that there will be no ambiguity for clients who need to know which property matches a specific suggested Id value for a new property definition. This special ordering is only required for the return value for createType and updateType. There is no special ordering of the properties returned for subsequent calls to getTypeDefinition for this new or modified type.
When an object-type is updated the following rules MUST be obeyed:
This ensures that the new constraints will not leave any existing data out of the permitted constraint range.
The execution of the createType and updateType services MUST not affect the definition of any other types or any other type’s current property definitions. For example, any properties on the type being created must not place constraints on other type’s properties when/if other properties ’share’ property definitions.
An object-type can only be deleted if there are no objects of this type and the object-type has no sub-types. The deleteType service MUST return a constraint error if an instance of the object-type exists or the object-type is a parent type of another object-type.
The following diagrams illustrate the CMIS object model. Please note that they only reflect the logical model. The CMIS bindings use slightly different data structures.
A repository can support either a base set of CMIS-defined permissions and/or its own set of repository specific permissions.
The getACL service allows the requestor to specify that the result be expressed using only the CMIS defined permissions. Without this restriction, the response may include, or be solely expressed in repository specific permissions. The applyACL service permits either CMIS permissions or repository permissions, or a combination of both, to be used.
An Access Control List (ACL) is a list of Access Control Entries (ACEs) and MAY hold zero or more ACEs. If an ACL has no ACEs, the behavior is the same as if the ACL is not set.
An ACE holds:
There are three basic permissions predefined by CMIS:
How these basic permissions are mapped to the allowable actions is repository specific. However, the actual repository semantics for the basic permissions with regard to allowable actions can be discovered by the mappings parameter returned by the getRepositoryInfo service.
Repositories MAY extend this set with repository-specific permissions.
Whether a repository supports ACLs at all, may be discovered via capabilityACL attribute returned by the getRepositoryInfo service (see section 2.1.1.1 Optional Capabilities). If the value of the capabilityACL attribute is none, ACLs are not supported by the repository.
If the value of the capabilityACL attribute is discover or manage, additional information about the repository’s permission model and how ACL modifications are handled are provided by the getRepositoryInfo service:
A PermissionDefinition holds:
The set of allowable actions on an object at a point in time are affected not only by CMIS ACLs, but also by other factors such as:
CMIS defines several services that applications can use at run-time to discover the allowable actions for an object.
If a repository supports ACLs, then the repository MUST provide a mapping table that defines how the permissions supported by the repository interact with the CMIS allowable actions, i.e. which permissions are necessary for a principal to have on one or more objects in order to potentially perform each action, subject to the other constraints on allowable actions mentioned above.
This section defines both the allowable actions as well as how those actions are presented in the permission mapping table.
The permission mapping table contains a set of key–permissions pairs:
The following list defines all mapping keys, as well as a permissions mapping that repositories SHOULD use. Repositories MAY require additional permissions.
For convenience, the list groups all mapping entries by the underlying allowable actions, and includes descriptive information. For each allowable action the following information is given:
Description: | Can get the descendants of the folder (getDescendants and getFolderTree). | |
Base Type: | cmis:folder | |
Operand: | Folder | |
Key: | canGetDescendants.Folder | |
Permission: | cmis:read | |
Description: | Can get the children of the folder (getChildren). | |
Base Type: | cmis:folder | |
Operand: | Folder | |
Key: | canGetChildren.Folder | |
Permission: | cmis:read | |
Description: | Can get the parent folder of the folder (getFolderParent). | |
Base Type: | cmis:folder | |
Operand: | Folder | |
Key: | canGetFolderParent.Object | |
Permission: | cmis:read | |
Description: | Can get the parent folders of the object (getObjectParents). | |
Base Type: | cmis:document, cmis:policy, cmis:item | |
Operand: | Object | |
Key: | canGetParents.Folder | |
Permission: | cmis:read | |
Description: | Can create a cmis:document object in the specified folder (createDocument). | |
Base Type: | cmis:folder | |
Operand: | Folder | |
Key: | canCreateDocument.Folder | |
Permission: | cmis:read | |
Description: | Can create a cmis:folder object as a child of the specified folder (createFolder). | |
Base Type: | cmis:folder | |
Operand: | Folder | |
Key: | canCreateFolder.Folder | |
Permission: | cmis:read | |
Description: | Can create a cmis:policy object as a child of the specified folder (createPolicy). | |
Base Type: | cmis:folder | |
Operand: | Folder | |
Key: | canCreatePolicy.Folder | |
Permission: | cmis:read | |
Description: | Can create a relationship object with the object as its source (createRelationship). | |
Base Type: | cmis:document, cmis:folder, cmis:policy, cmis:item | |
Operand: | Object | |
Key: | canCreateRelationship.Source | |
Permission: | cmis:read | |
Description: | Can create a relationship object with the object as its target (createRelationship). | |
Base Type: | cmis:document, cmis:folder, cmis:policy, cmis:item | |
Operand: | Object | |
Key: | canCreateRelationship.Target | |
Permission: | cmis:read | |
Description: | Can read the properties of the specified object (getProperties, getObject and getObjectByPath). | |
Base Type: | cmis:document, cmis:folder, cmis:relationship, cmis:policy, cmis:item | |
Operand: | Object | |
Key: | canGetProperties.Object | |
Permission: | cmis:read | |
Description: | Can update the properties of the specified object (updateProperties). | |
Base Type: | cmis:document, cmis:folder, cmis:relationship, cmis:policy, cmis:item | |
Operand: | Object | |
Key: | canUpdateProperties.Object | |
Permission: | cmis:write | |
Description: | Can move the specified object (moveObject). | |
Base Type: | cmis:document, cmis:folder, cmis:policy, cmis:item | |
Operand: | Object | |
Key: | canMove.Object | |
Permission: | cmis:write | |
Description: | Can move an object into this folder (moveObject). | |
Base Type: | cmis:folder | |
Operand: | Folder | |
Key: | canMove.Target | |
Permission: | cmis:read | |
Description: | Can move an object from this folder (moveObject). | |
Base Type: | cmis:folder | |
Operand: | Folder | |
Key: | canMove.Source | |
Permission: | cmis:read | |
Description: | Can delete the specified object (deleteObject). | |
Base Type: | cmis:document, cmis:folder, cmis:relationship, cmis:policy, cmis:item | |
Operand: | Object | |
Key: | canDelete.Object | |
Permission: | cmis:write | |
Description: | Can get the content stream for the document object (getContentStream). | |
Base Type: | cmis:document | |
Operand: | Object | |
Key: | canViewContent.Object | |
Permission: | cmis:write | |
Description: | Can set the content stream for the document object (setContentStream). | |
Base Type: | cmis:document | |
Operand: | Object | |
Key: | canSetContent.Document | |
Permission: | cmis:write | |
Description: | Can delete the content stream for the Document object (deleteContentStream). | |
Base Type: | cmis:document | |
Operand: | Object | |
Key: | canDeleteContent.Document | |
Permission: | cmis:write | |
Description: | Can delete the specified folder and all contained objects (deleteTree). | |
Base Type: | cmis:folder | |
Operand: | Object | |
Key: | canDeleteTree.Folder | |
Permission: | cmis:write | |
Description: | Can file the object in a folder (addObjectToFolder). | |
Base Type: | cmis:document, cmis:policy, cmis:item | |
Operand: | Object | |
Key: | canAddToFolder.Object | |
Permission: | cmis:read | |
Description: | Can file an object in the specified folder (addObjectToFolder). | |
Base Type: | cmis:document, cmis:policy, cmis:item cmis:folder | |
Operand: | Folder | |
Key: | canAddToFolder.Folder | |
Permission: | cmis:read | |
Description: | Can unfile the specified document from a folder (removeObjectFromFolder). | |
Base Type: | cmis:document, cmis:policy, cmis:item | |
Operand: | Object | |
Key: | canRemoveFromFolder.Object | |
Permission: | cmis:read | |
Description: | Can unfile an object from the specified folder (removeObjectFromFolder). | |
Base Type: | cmis:document, cmis:policy cmis:folder | |
Operand: | Folder | |
Key: | canRemoveFromFolder.Folder | |
Permission: | cmis:read | |
Description: | Can check out the specified document (checkOut). | |
Base Type: | cmis:document | |
Operand: | Object | |
Key: | canCheckout.Document | |
Permission: | cmis:write | |
Description: | Can cancel the check out the specified PWC (cancelCheckOut). | |
Base Type: | cmis:document | |
Operand: | Object | |
Key: | canCancelCheckout.Document | |
Permission: | cmis:write | |
Description: | Can check in the specified PWC (checkIn). | |
Base Type: | cmis:document | |
Operand: | Object | |
Key: | canCheckin.Document | |
Permission: | cmis:write | |
Description: | Can get the version series of the specified document (getAllVersions). | |
Base Type: | cmis:document | |
Operand: | Object | |
Key: | canGetAllVersions.VersionSeries | |
Permission: | cmis:read | |
Description: | Can get the relationship in which this object is a source or a target (getObjectRelationships). | |
Base Type: | cmis:document, cmis:folder, cmis:policy, cmis:item | |
Operand: | Object | |
Key: | canGetObjectRelationships.Object | |
Permission: | cmis:read | |
Description: | Can apply a policy to the specified object (applyPolicy). | |
Base Type: | cmis:document, cmis:folder, cmis:policy, cmis:relationship, cmis:item | |
Operand: | Object | |
Key: | canAddPolicy.Object | |
Permission: | cmis:read | |
Description: | Can apply the specified policy to an object (applyPolicy). | |
Base Type: | cmis:policy | |
Operand: | Object | |
Key: | canAddPolicy.Policy | |
Permission: | cmis:read | |
Description: | Can remove a policy from the specified object (removePolicy). | |
Base Type: | cmis:document, cmis:folder, cmis:policy, cmis:relationship, cmis:item | |
Operand: | Object | |
Key: | canRemovePolicy.Object | |
Permission: | cmis:read | |
Description: | Can remove the specified policy from an object (removePolicy). | |
Base Type: | cmis:policy | |
Operand: | Object | |
Key: | canRemovePolicy.Policy | |
Permission: | cmis:read | |
Description: | Can get the list of policies applied to the specified object (getAppliedPolicies). | |
Base Type: | cmis:document, cmis:folder, cmis:policy, cmis:relationship, cmis:item | |
Operand: | Object | |
Key: | canGetAppliedPolicies.Object | |
Permission: | cmis:read | |
Description: | Can get ACL of the specified object (getACL). | |
Base Type: | cmis:document, cmis:folder, cmis:relationship, cmis:policy, cmis:item | |
Operand: | Object | |
Key: | canGetACL.Object | |
Permission: | cmis:read | |
Description: | Can apply ACL to this object (applyACL). | |
Base Type: | cmis:document, cmis:folder, cmis:relationship, cmis:policy, cmis:item | |
Operand: | Object | |
Key: | canApplyACL.Object | |
Permission: | cmis:write | |
CMIS supports versioning of document objects. Folder objects, relationship objects, policy objects, and item objects cannot be versioned.
Whether or not a document object is versionable (i.e. whether or not operations performed on the object via the Versioning Services MUST be allowed) is specified by the "versionable" attribute on its object-type.
A version of a document object is an explicit/"deep" copy of the object, preserving its state at a certain point in time. Each version of a document object is itself a document object, i.e. has its own object id, property values, MAY be acted upon using all CMIS services that act upon document objects, etc.
A version series for a document object is a transitively closed collection of all document objects, other than any Private Working Copy (see section 2.1.13.5.1 Checkout), that have been created from an original document in the repository. Each version series has a unique, system-assigned, and immutable version series id.
The version series has transitive closure – that is, if object B is a version of object A, and object C is a version of object B, then object C is also a version of object A. The objects in a version series can be conceptually sequenced by their respective creation date properties (cmis:creationDate).
Additionally, the repository MAY expose a textual version label (cmis:versionLabel) that describes to a user the position of an individual object with respect to the version series. (For example, version 1.0).
Note: A document object that is NOT versionable will always have a single object in its version series. A versionable document object MAY have one or more objects in its version series.
The version that has the most recent last modification date (cmis:lastModificationDate) is called the latest version of the series, or equivalently, the latest version of any document object in the series.
When the latest version of a version series is deleted, a previous version (if there is one) becomes the latest version.
Repositories NEED NOT allow the non-latest versions in a version series to be updated, queried, or searched.
A document object in a version series MAY be designated as a major version.
The CMIS specification does not define any semantic/behavioral differences between major and non-major versions in a version series. Repositories may enforce/apply additional constraints or semantics for major versions, if the effect on CMIS services remains consistent with an allowable behavior of the CMIS model.
If the version series contains one or more major versions, the one that has the most recent last modification date (property cmis:lastModificationDate) is the latest major version of the version series.
(Note that while a version series MUST always have a latest version, it NEED NOT have a latest major version.)
When the latest major version is deleted, a previous major version (if there is one) becomes the latest major version.
The effects of invoking the checkOut service MUST be as follows:
After a successful checkOut operation is completed, and until such time when the PWC is deleted (via the cancelCheckOut service) or checked-in (via the checkIn service), the effects on the PWC or on other documents in the version series MUST be as follows:
If the repository does NOT support the "PWCUpdatable" capability, then the PWC object can only be modified as part of the checkIn service call.
The checkIn service allows users to provide update property values and a content
stream for the PWC object.
The effects of the checkIn service MUST be as follows for successful checkins:
Note: A repository MAY automatically create new versions of document objects without an explicit invocation of the checkOut/checkIn services.
All document objects will have the following read-only property values pertaining to
versioning:
cmis:isPrivateWorkingCopy | Boolean |
TRUE if the document object is a Private Working Copy. FALSE otherwise. | |
cmis:isLatestVersion | Boolean |
TRUE if the document object is the latest version (most recent last modification date) in its version series. FALSE otherwise. MUST be FALSE for Private Working Copy objects. | |
cmis:isMajorVersion | Boolean |
TRUE if the document object is a major version in its version series. FALSE otherwise. MUST be FALSE for Private Working Copy objects. | |
cmis:isLatestMajorVersion | Boolean |
TRUE if the document object is the latest major version in its version series. FALSE otherwise. MUST be FALSE for Private Working Copy objects. | |
cmis:versionLabel | String |
Textual description the position of an individual object with respect to the version series. (For example, "version 1.0"). MAY be "not set". | |
cmis:versionSeriesId | Id |
Id of the version series for this object. | |
cmis:isVersionSeriesCheckedOut | Boolean |
TRUE if there currenly exists a Private Working Copy for this version series. FALSE otherwise. | |
cmis:versionSeriesCheckedOutBy | String |
If cmis:isVersionSeriesCheckedOut is TRUE: An identifier for the user who created the Private Working Copy. "Not set" otherwise. | |
cmis:versionSeriesCheckedOutId | String |
If cmis:isVersionSeriesCheckedOut is TRUE: The object id for the Private Working Copy. "Not set" otherwise. | |
cmis:checkinComment | String |
Textual comment associated with the given version. MAY be "not set". | |
Note: Changes made via the Versioning Services that affect the values of these properties MUST NOT constitute modifications to the document objects in the version series (e.g. MUST NOT affect the cmis:lastModificationDate, etc.).
When calling the createDocument service or the createDocumentFromSource service, a versioningState parameter can be used to specify what the versioning state of the newly-created object MUST be.
A repository MAY create new document objects in a "Private Working Copy" state. This state is logically equivalent to having a version series that contains exactly one object (the PWC) and 0 other documents.
The repository MAY also create new document objects in a "major version" state. This state is logically equivalent to having a version series that contains exactly one major version and 0 other documents.
The repository MAY also create new document objects in a "non-major version" state. This state is logically equivalent to having a version series that contains exactly one non-major version and 0 other documents.
If the repository does not support versioning the repository MUST ignore the value of the versioningState parameter.
Repositories MAY treat membership of a document object in a folder collection as "version-specific" or "version-independent".
Repositories MUST indicate whether they support version-specific membership in a folder via the "capabilityVersionSpecificFiling" optional capability flag. (See section 2.1.1.1 Optional Capabilities.)
If the repository is treating folder collection membership as "version-independent", then:
If the repository is treating folder collection membership as "version-specific", then moving or filing a document object into a folder MUST NOT result in other documents in the version series being moved/filed.
A relationship object MAY have either a version-specific or version-independent binding to its source and/or target objects. This behavior MAY vary between repositories and between individual relationship types defined for a repository.
If a relationship object has a version-independent binding to its source/target object, then:
If a relationship object has a version-specific binding to its source/target object, then:
Repositories MAY include non-latest-versions of document objects in results to the query service.
Repositories MUST indicate whether they support querying for non-latest-versions via the "capabilityAllVersionsSearchable" optional capability flag. (See section 2.1.1.1 Optional Capabilities.)
If "capabilityAllVersionsSearchable" is TRUE then the repository MUST include in the query results ANY document object in the version series that matches the query criteria. (Subject to other query constraints such as security.)
Additionally, repositories MAY include Private Working Copy objects in results to the query service. Repositories MUST indicate whether they support querying for Private Working Copy objects via the "capabilityPWCSearchable" optional capability flag.
If "capabilityPWCSearchable" is TRUE then the repository MUST include in the query results ANY Private Working Copy Document objects that matches the query criteria. (Subject to other query constraints such as security.)
If "capabilityPWCSearchable" is FALSE then the repository MUST NOT include in the query results ANY Private Working Copy Document Objects that match the query criteria. (Subject to other query constraints such as security.)
CMIS provides a type-based query service for discovering objects that match specified criteria, by defining a read-only projection of the CMIS data model into a relational view.
Through this relational view, queries may be performed via a simplified SQL SELECT statement. This query language is based on a subset of the SQL-92 grammar (ISO/IEC 9075: 1992 – Database Language SQL), with a few extensions to enhance its filtering capability for the CMIS data model, such as existential quantification for multi-valued property, full-text search, and folder membership. Other statements of the SQL language are not adopted by CMIS. The semantics of this query language is defined by the SQL-92 standard, plus the extensions, in conjunction with the model mapping defined by CMIS’s relational view.
The relational view of a CMIS repository consists of a collection of virtual tables that are defined on top of the CMIS data model. This relational view is used for query purposes only.
In this relational view a virtual table is implicitly defined for each queryable object-type defined in the repository. (Non-queryable object-types are NOT exposed through this relational view.)
In each virtual table, a virtual column is implicitly defined for each property defined in the object-type definition AND for all properties defined on ANY ancestor-type of the object-type but NOT defined in the object-type definition. Virtual columns for properties defined on ancestor-types of the object-type but NOT defined in the object-Type definition MUST contain the SQL NULL value. Virtual columns for properties whose value is "not set" MUST contain the SQL NULL value.
An object-type’s queryName attribute is used as the table name for the corresponding virtual table, and a property’s queryName attribute is used as the column name for the corresponding table column. Please see the restrictions on queryName in section 2.1.2.1.3 Query Names.
The virtual column for a multi-valued property MUST contain a single list value that includes all values of the property.
Please note that the following text and the BNF grammar are inconsistent. The text
allows the use of secondary object types in FROM clauses and the BNF grammar
does not. Because the BNF grammar is the formal description of the query language,
it takes precedence over the text. That is, secondary object types MUST NOT be
used in FROM clauses.
The next version of the CMIS specification will correct the BNF grammar and allow
the use of secondary object types in FROM clauses.
A CMIS feature extension has been defined by the CMIS Technical Committee that
allows support of secondary object types in FROM clauses also for CMIS 1.1
repositories.
Additionally, an object-type definition’s includedInSupertypeQuery specifies whether objects of that object-type MUST be included in the virtual table for any of its ancestor types. If the includedInSupertypeQuery attribute of the object-type is FALSE, then objects of that object-type MUST NOT be included in the virtual table for any of its ancestor types.
In each virtual table, a virtual column is implicitly defined for each property defined in the object-type definition. In addition, a virtual column is also implicitly defined for each property defined on ANY ancestor-type of this object-type but NOT defined in this object-type definition. In addition, the virtual table for a secondary object type has one more virtual column for the cmis:objectId property defined by each object’s primary type. If a secondary object type does not define any property, then its virtual table will have cmis:objectId as the only column, identifying the objects to which the secondary type has been applied. Virtual columns for properties defined on ancestor-types of the object-type but NOT defined (inherited) in the object-type definition MUST contain the SQL NULL value. Virtual columns for properties whose value is "not set" MUST contain the SQL NULL value. The rows of a virtual table corresponding to a queryable primary type represent the objects of that type. The rows of a virtual table corresponding to a queryable secondary type represent objects of various primary types (which may or may not be queryable) that the secondary type is applied to. To query on both an object’s primary type properties and its secondary type properties, a SQL JOIN of the respective tables on the cmis:objectId column may be performed. Explicit JOIN support, as defined in 2.1.1.1 Optional Capabilities, is not required for a repository to provide join between a primary type and secondary type tables based on cmis:objectId.
For each property in each object in the result set, the repository MUST include the property definition id as well as either the query name (if no alias is used) or the alias in place of the query name (if an alias is used).
If the select clause of the query statement contains properties from a single type reference then the repository MAY represent these pseudo-objects with additional object information.
This query languages is based on a subset of the SQL-92 grammar. CMIS-specific language extensions to SQL-92 are called out explicitly.
The basic structure of a CMIS query is a SQL statement that MUST include the following clauses:
Additionally, a CMIS query MAY include the following clauses:
All column names MUST be valid "queryName" values for properties whose virtual tables are listed in the FROM clause. For each "queryName" an alias MAY be defined by adding the string " AS " and the name of the alias to the query name. Alias names MUST comply with the rules for query names. (See section 2.1.2.1.3 Query Names.)
The FROM clause MUST contain only the "queryNames" of object-types whose queryable attribute value is TRUE. For each "queryName" an alias MAY be defined by adding the string " AS " and the name of the alias to the query name. Alias names MUST comply with the rules for query names. (See section 2.1.2.1.3 Query Names.)
Only explicit joins using the "JOIN" keyword is supported. Queries MUST NOT include implicit joins as part of the WHERE clause of a CMIS query.
CMIS queries MUST only support join operations using the "equality" predicate on single-valued properties.
All column names MUST be valid "queryName" or their aliased values for properties that are defined as "queryable" in the object-type(s) whose virtual tables are listed in the FROM clause.
Properties are defined to not support a "null" value, therefore the <null predicate> MUST be interpreted as testing the not set or set state of the specified property.
Repositories SHOULD support the comparisons for the property types as described
in the list below. Repositories MAY support additional comparisons and operators.
Any additional operators not specified are repository-specific:
Property Type | Operators supported on Type | Supported type of Literal in comparison |
String | =, <>, [NOT] LIKE | String |
String (IN) | [NOT] IN | List of Strings |
Decimal | =, <>, <, <=, >, >= | Decimal |
Decimal (IN) | [NOT] IN | List of Decimal |
Integer | =, <>, <, <=, >, >= | Integer |
Integer (IN) | [NOT] IN | List of Integer |
Boolean | = | Boolean literal |
DateTime | =, <>, <1, <=1, >1, >=1 | DateTime literal |
DateTime (IN) | [NOT] IN | List of DateTime literals |
ID | =, <> | String |
ID (IN) | [NOT] IN | List of strings |
URI | =, <>, [NOT] LIKE | String |
URI (IN) | [NOT] IN | List of strings |
Operations on the SCORE() output MUST be treated the same as decimal operations.
When using properties in a join statement, comparison MUST be allowed on properties of the same types as defined by the table above. Repositories MAY extend this behavior.
The ANY operation argument MUST be one of the properties found in the table above which supports equality operations.
The collation rules used to evaluate comparison predicates for String properties are
repository specific. For example, a predicate of the form
... where cmis:name LIKE ’a%’ ...
MUST match a cmis:name starting with ’a’ and MAY match a cmis:name starting
with ’A’.
These are non-terminals defined for multi-valued properties whereas SQL-92’s <column reference> and <column name> are retained for single-valued properties only. This is to preserve the single-value semantics of a regular "column" in the SQL-92 grammar. Quantified comparison predicate The SQL-92 production rule for <quantified comparison predicate> is extended to accept a multi-valued property in place of a <table subquery>. This operation is restricted to equality tests only.
<Table subquery> is not supported in CMIS-SQL.
The SQL-92 <quantifier> is restricted to ANY only.
The SQL-92 <row value constructor> is restricted to a literal only.
The quantifier is restricted to ANY. The predicate MUST be evaluated to TRUE if at least one of the property’s values is (or, is not, if NOT is specified) among the given list of literal values. Otherwise the predicate is evaluated to FALSE.
The ANY operation argument MUST be one of the properties found in the
comparison list above which supports IN operations.
Example 1: | |
SELECT *
FROM CAR_REVIEW WHERE (MAKE = ’buick’) OR (ANY FEATURES IN (’NAVIGATION SYSTEM’, ’SATELLITE RADIO’, ’MP3’)) (Note: FEATURES is a multi-valued String property.) |
|
Usage:
| |
This is a predicate function that encapsulates the full-text search capability that MAY be provided by a repository. See the optional capability
attribute capabilityQuery.
|
|
Inputs: | |
|
|
Return value: | |
The predicate returns a Boolean value.
|
|
Constraints: | |
|
|
Usage:
| |
This is a predicate function that encapsulates the full-text search capability that MAY be provided by a repository. (See previous section.) | |
Inputs:
| |
No inputs MUST be provided for this predicate function. | |
Return value: | |
The SCORE() predicate function returns a decimal value in the interval [0,1].
|
|
Constraints: | |
|
|
Usage:
| |
This is a predicate function that tests whether or not a candidate object is a child-object of the folder object identified by the given <folder id>. | |
Inputs: | |
|
|
Return value: | |
The predicate returns a Boolean value.
|
|
Usage:
| |
This is a predicate function that tests whether or not a candidate object is a descendant-object of the folder object identified by the given <folder id>. | |
Inputs: | |
|
|
Return value: | |
The predicate returns a Boolean value.
|
|
All column names referenced in this clause MUST be valid "queryName" or their aliased values for properties defined as orderable in the object-type(s) whose virtual tables are listed in the FROM clause.
Only columns in the SELECT clause MAY be in the ORDER BY clause.
Collation rules for the ORDER BY clause are repository specific.
Character escaping for character strings differs from SQL-92’s escaping. A repository MUST support the escaping of certain literal characters in a character string, or in a text search expression, using a backslash character (\) in the following manner. For a <character string literal>, which MUST BE a string enclosed in single-quotes according to the SQL-92 grammar, any occurrence of the single-quote character (’) and the escape character (\) in the string MUST BE escaped. This applies to <folder id>, which is a <character string literal>. Furthermore, when a <character string literal> is used in a LIKE predicate, any occurrence of the percent character (%) and the underscore character (_) in the string as a literal MUST BE escaped also. Therefore, within a quoted string in a query:
Using double single-quotes (”) as a SQL-92 way to escape a literal single-quote (’) character SHOULD BE supported as an allowable alternative to the double character \’.
For a <text search expression>, a second-level character escaping is required so that the <text search expression> sub-grammar is isolatable from the query statement-level grammar. When a text search expression is composed for a query according to the <text search expression> sub-grammar, any occurrence of the following four characters in the expression as a literal character MUST BE escaped: double-quote ("), hyphen (-), single-quote (’), and the escape character (\). Then, before this expression is enclosed in single-quotes and inserted into a CONTAINS() predicate, the query statement-level escaping rules described in the above MUST BE applied. This two-level character escaping allows a query statement parser, using statement-level escaping rules, to correctly extract a <text search expression> as a character string literal independent of the <text search expression> sub-grammar. This extracted <text search expression> can then be correctly interpreted by a full-text search parser independent of the query-statement grammar, using second-level escaping rules. Since the <text search expression> sub-grammar is isolated from the SQL-92 grammar, double single-quotes is not a valid way to escape a literal single-quote character for second-level character escaping.
An <identifier> in a query statement MUST conform to the SQL-92 identifier
syntax, and MUST NOT require character escaping.
Example:
A query statement that contains a full-text search for the literal string
"John’sPresentation-Version2" may be composed as:
SELECT ... FROM ... WHERE ... CONTAINS(’John\\\’sPresentation\\-Version2’)
...
A query parser extracts from this statement the text search expression "John\’sPresentation\-Version2" as a character string literal, and passes it to a text-search parser, which interprets it as a single-word full-text search criteria: John’sPresentation-Version2.
CMIS provides a "change log" mechanism, the getContentChanges service, to allow applications to easily discover the set of changes that have occurred to objects stored in the repository since a previous point in time. This change log can then be used by applications such as search services that maintain an external index of the repository to efficiently determine how to synchronize their index to the current state of the repository (rather than having to query for all objects currently in the repository).
Entries recorded in the change log are referred to below as "change events".
Note that change events in the change log MUST be returned in ascending order from the time when the change event occurred.
The change log mechanism exposed by a repository MAY be able to return an entry for every change ever made to content in the repository, or may only be able to return an entry for all changes made since a particular point in time. This "completeness" level of the change log is indicated via the changesIncomplete value found on the getRepositoryInfo service response.
However, repositories MUST ensure that if an application requests the entire contents of the repository’s change log, that the contents of the change log includes ALL changes made to any object in the repository after the first change listed in the change log. (I.e. repositories MAY truncate events from the change log on a "first-in first-out" basis, but not in any other order.)
A repository MAY record events such as filing/unfiling/moving of documents as change events on the documents, their parent folder(s), or both the documents and the parent folders.
The primary index into the change log of a repository is the "change log token". The change log token is an opaque string that uniquely identifies a particular change in the change log.
Repositories that support the changeLogToken event MUST expose the latest change log token (i.e. the change log token corresponding to the most recent change to any object in the repository) as a property returned by the getRepositoryInfo service.
This will enable applications to begin "subscribing" to the change log for a repository by discovering what change log token they should use on a going-forward basis to discover change events to the repository.
A change event represents a single action that occurred to an object in the repository that affected the persisted state of the object.
A repository that supports the change log capability MUST expose at least the following information for each change object:
Repositories MUST indicate whether they include properties for "updated" change events via the optional capabilityChanges.
Retentions and Holds can be used to protect documents from being deleted or modified. A Retention describes a period of time where the document must not be deleted, while a Hold just marks the document as protected as long as the Hold is applied to a document.
This specification defines a basic interface for end user operations. Administrative operations such as managing a file plan or shortening retention periods are out of scope. A repository MAY support settings that require administrative privileges and bend the rules described in the following section. The implications are repository specific.
Retentions and Holds can be applied to documents by applying predefined secondary types for Retentions and Holds. CMIS specifies secondary types for:
If a repository does not support one of the predefined types for Retention and Hold management, the corresponding secondary type MUST NOT be returned by a getTypeChildren service call.
All secondary types for retention and hold management SHOULD be able to be applied to objects derived from the cmis:document base type. Applying such types to other CMIS objects and its behavior is repository specific. A repository MUST throw a constraint exception if the operation is not supported.
Retentions and Holds are applied to document versions. How this affects other versions in the version series is repository specfic.
Retentions and Holds protect at least the content of a document from modifications. If this protection also applies to the properties, ACL, policies, relationships, etc. of a document, is repository specific. Clients may use the Allowable Actions to discover what they can do with protected documents.
Repository Managed Retentions are used in scenarios where the repository is responsible for calculating the concrete expiration date and potential destruction date for a document. As a first step a records manager usually creates a file plan in the repository and assigns rules which are used to calculate the retention period for a specific entry in the file plan. Creating a file plan is out-of-scope for CMIS. It has to be done using the native (user) interfaces of the repository. In order to enable a client to classify documents according to this file plan, the repository exposes the file plan as a secondary type hierarchy. The CMIS client can now apply one of the exposed file plan categories to a document. This process is called classification:
Support for Repository Managed Retentions is optional. A repository that does not support Repository Managed Retentions will not expose a file plan via the secondary type hierarchy. Repositories that support Repository Managed Retentions MUST expose the categories of the file plan as a subtype of the CMIS defined secondary type cmis:rm_repMgtRetention. The secondary type cmis:rm_repMgtRetention does not require any properties. A repository MAY add repository specific properties. A secondary type hierarchy for Repository Managed Retentions could look like this (white boxes are CMIS defined types, orange boxes are repository specific):
The usage of Repository Managed Retentions allows support of support advanced scenarios where the retention period is not fixed at creation time, but managed more dynamically (e.g. depending on certain property changes like "3 years after setting status to released"). The capabilities that are kind of rules are supported and how they are enforced varies widely between repository implementations. Some may do this automatically, some may require manually triggered batch runs, require an approval or workflow for certain actions etc. This model has minimal requirements for the application but can use much of the functionality that a repository provides.
This specification only defines the classification process, that is applying a Repository Managed Retention to a document. Creating and managing the rules and how rules are mapped to file plan categories is out-of-scope and repository specific. Which set of Repository Managed Retentions can be assigned to which objects is also repository specific.
Whether a user is allowed to apply a Repository Managed Retention is repository specific. If the user has no permission to do so, a permissionDenied exception MUST be thrown. In case of others constraints, a constraint exception MUST be thrown.
id
Value: cmis:rm_repMgtRetention
localName
Value: <repository-specific>
localNamespace
Value: <repository-specific>
queryName
Value: cmis:rm_repMgtRetention
displayName
Value: <repository-specific>
baseId
Value: cmis:secondary
parentId
Value: cmis:secondary
description
Value: <repository-specific>
creatable
Value: FALSE
fileable
Value: FALSE
queryable
Value: SHOULD be TRUE
controllablePolicy
Value: FALSE
controllableACL
Value: FALSE
includedInSupertypeQuery
Value: <repository-specific>
fulltextIndexed
Value: <repository-specific>
typeMutability.create
Value: <repository-specific>
typeMutability.update
Value: <repository-specific>
typeMutability.delete
Value: <repository-specific>
Client Managed Retentions are used in scenarios where the CMIS client is responsible to calculate the concrete expiration date for a document. This is usually required when documents are related to other objects (like a Business Object in an ERP system) and the documents must get the same retention period than the object where they are related to. In this case a CMIS client can apply a retention period to a document using the Client Managed Retention object-type.
If a repository supports Client Managed Retentions, it exposes the secondary type cmis:rm_clientMgtRetention via the secondary type hierarchy. The CMIS defined secondary type cmis:rm_clientMgtRetention defines two properties:
A repository MAY define its own secondary types for Client Managed Retentions with additional properties. Those types MUST be derived from the type cmis:rm_clientMgtRetention.
Repositories that support a process to dispose documents after a certain period of time, MAY expose the type cmis:rm_destructionRetention which is derived from cmis:rm_clientMgtRetention. This type provides an additional property that defines the date when destruction process SHOULD be triggered:
A repository MAY define its own Destruction Retentions. A repository specific Destruction Retention MUST be derived from the type cmis:rm_destructionRetention.
The repository MAY round up the dates used for expiration and destruction dates according to its internal capabilities. A secondary type hierarchy for Client Managed Retentions could look like this (white boxes are CMIS defined types, orange boxes are repository specific):
Assignment rule:
Prolongation rule:
Whether a user is allowed to apply a Client Managed Retention or Destruction Retention is repository specific. If the user has no permission to do so, a permissionDenied exception MUST be thrown. In case of others constraints, a constraint exception MUST be thrown.
id
Value: cmis:rm_clientMgtRetention
localName
Value: <repository-specific>
localNamespace
Value: <repository-specific>
queryName
Value: cmis:rm_clientMgtRetention
displayName
Value: <repository-specific>
baseId
Value: cmis:secondary
parentId
Value: cmis:secondary
description
Value: <repository-specific>
creatable
Value: FALSE
fileable
Value: FALSE
queryable
Value: SHOULD be TRUE
controllablePolicy
Value: FALSE
controllableACL
Value: FALSE
includedInSupertypeQuery
Value: <repository-specific>
fulltextIndexed
Value: <repository-specific>
typeMutability.create
Value: <repository-specific>
typeMutability.update
Value: <repository-specific>
typeMutability.delete
Value: <repository-specific>
cmis:rm_expirationDate | Expiration date. | |
Property Type: | DateTime | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readwrite | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | <repository-specific> | |
cmis:rm_startOfRetention | Start of retention. | |
Property Type: | DateTime | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | SHOULD be readwrite | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository-specific> | |
Orderable: | <repository-specific> | |
id
Value: cmis:rm_destructionRetention
localName
Value: <repository-specific>
localNamespace
Value: <repository-specific>
queryName
Value: cmis:rm_destructionRetention
displayName
Value: <repository-specific>
baseId
Value: cmis:secondary
parentId
Value: cmis:rm_clientMgtRetention
description
Value: <repository-specific>
creatable
Value: FALSE
fileable
Value: FALSE
queryable
Value: SHOULD be TRUE
controllablePolicy
Value: FALSE
controllableACL
Value: FALSE
includedInSupertypeQuery
Value: <repository-specific>
fulltextIndexed
Value: <repository-specific>
typeMutability.create
Value: <repository-specific>
typeMutability.update
Value: <repository-specific>
typeMutability.delete
Value: <repository-specific>
cmis:rm_destructionDate | Destruction date. | |
Property Type: | DateTime | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | single | |
Updatability: | readwrite | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | <repository-specific> | |
Orderable: | <repository-specific> | |
A Hold assures that a document can be restored to the state it was in when the hold has been applied (usually by protecting the document from being deleted or modified). Support for other objects than documents is repository specific.
If a repository supports holds, it exposes the secondary type cmis:rm_hold. This type defines the multi-valued property cmis:rm_holdIds which contains a list of identifiers for the affected litigations or audits.
As long as the property cmis:rm_holdIds is "not set", the document is not protected by a hold. To protect a document, this property must contain at least one value. The hold type CANNOT be removed from an object as long as the property cmis:rm_holdIds contains values.
A repository MAY define its own secondary types for holds with additional properties. Those types MUST be derived from cmis:rm_hold.
A secondary type hierarchy for holds could look like this (white boxes are CMIS defined types, orange boxes are repository specific):
Whether a user is allowed to apply a hold is repository-specific. If the user has no permission to do so, a permissionDenied exception MUST be thrown. In case of others constraints, a constraint exception MUST be thrown.
id
Value: cmis:rm_hold
localName
Value: <repository-specific>
localNamespace
Value: <repository-specific>
queryName
Value: cmis:rm_hold
displayName
Value: <repository-specific>
baseId
Value: cmis:secondary
parentId
Value: cmis:secondary
description
Value: <repository-specific>
creatable
Value: FALSE
fileable
Value: FALSE
queryable
Value: SHOULD be TRUE
controllablePolicy
Value: FALSE
controllableACL
Value: FALSE
includedInSupertypeQuery
Value: <repository-specific>
fulltextIndexed
Value: <repository-specific>
typeMutability.create
Value: <repository-specific>
typeMutability.update
Value: <repository-specific>
typeMutability.delete
Value: <repository-specific>
cmis:rm_holdIds | Hold Identifiers. | |
Property Type: | String | |
Inherited: | FALSE | |
Required: | FALSE | |
Cardinality: | multi | |
Updatability: | SHOULD be readwrite | |
Choices: | Not Applicable | |
Open Choice: | Not Applicable | |
Queryable: | SHOULD be TRUE | |
Orderable: | FALSE | |
The Services section of the CMIS specification defines a set of services that are described in a protocol/binding-agnostic fashion.
Every protocol binding of the CMIS specification MUST implement all of the methods described in this section or explain why the service is not implemented.
However, the details of how each service and operation is implemented will be described in those protocol binding specifications.
The following elements are common across many of the CMIS services.
All of the methods that allow for the retrieval of a collection of CMIS objects support
paging of their result sets except where explicitly stated otherwise. The following
pattern is used:
Input Parameters: | |
|
|
Output Parameters: | |
|
|
If the caller of a method does not specify a value for maxItems, then the repository MAY select an appropriate number of items to return, and MUST use the hasMoreItems output parameter to indicate if any additional results were not returned.
Repositories MAY return a smaller number of items than the specified value for maxItems. A repository SHOULD NOT throw an exception if maxItems exceeds the internally supported page size. It SHOULD return a smaller number of items instead.
Each binding will express the above in context and may have different mechanisms for communicating hasMoreItems and numItems.
Several CMIS services that return object information have the ability to return dependent object information as part of their response, such as the allowable actions for an object, rendition information, etc.
The CMIS service operations that support returning a result set of objects will include the ability to return the following object information:
This section describes the input parameter and output pattern for those services. All these input parameters are optional.
Description:
| |
All services that allow for the retrieval of properties for CMIS objects have a "property filter" as an optional parameter, which allows the caller to specify a subset of properties for objects that MUST be returned by the repository in the output of the operation. | |
Optional Input Parameter: | |
|
|
Unknown query names or query names that are not defined for the object-type SHOULD be ignored. For example, if getChildren is called with a filter that contains the property cmis:contentStreamMimeType, it SHOULD return all non-document objects without this property and SHOULD NOT return an error.
Description:
| |
Used to retrieve the relationships in which the object(s) are participating. | |
Optional Input Parameter: | |
|
|
Output Parameter for each object: | |
|
|
Description:
| |
Used to retrieve the policies currently applied to the object(s). | |
Optional Input Parameter: | |
|
|
Output Parameter for each object: | |
|
|
Description:
| |
Used to retrieve the renditions of the object(s). | |
Optional Input Parameter: | |
|
|
Output Parameter for each object: | |
|
|
An inclusion pattern allows: | |
|
|
Examples: | |
|
|
Description:
| |
Used to retrieve the ACLs for the object(s) described in the service response. | |
Optional Input Parameter: | |
|
|
Output Parameter for each object: | |
|
|
Description:
| |
Used to retrieve the allowable actions for the object(s) described in the service response. | |
Optional Input Parameter: | |
|
|
Output Parameter for each object: | |
|
|
Description:
| |
Used to define the order of the list of objects returned by getChildren and getCheckedOutDocs.
If the optional capability capabilityOrderBy is "none" and this parameter is set, the repository SHOULD return an invalidArgument error. If the optional capability capabilityOrderBy is "common" and this parameter contains a query name that is not in the set of common properties (see below), the repository SHOULD return an invalidArgument error. If a repository only supports a certain number of orderBy properties, it SHOULD ignore all additional properties. If this parameter contains a query name that is unknown or a query name that belongs to a property that is not queryable, the repository SHOULD ignore it. The query names of secondary type properties MUST follow this pattern: <secondaryTypeQueryName>.<propertyQueryName> When mixed-type objects are returned (e.g. getChildren), an "orderBy" property may be orderable for one type but not orderable for another type. The order is then repository specific. |
|
Common CMIS properties:
| |
The following set of properties SHOULD be supported by the repository if the optional capability capabilityOrderBy is common or
custom.
|
|
Optional Input Parameter: | |
|
|
Example:
| |
cmis:baseTypeId,cmis:contentStreamLength DESC,cmis:name | |
The CMIS base object-type definitions include an opaque string cmis:changeToken property that a repository MAY use for optimistic locking and/or concurrency checking to ensure that user updates do not conflict.
If a repository provides a value for the cmis:changeToken property for an object, then all invocations of the "update" methods on that object (updateProperties, bulkUpdateProperties, setContentStream, appendContentStream, deleteContentStream, etc.) MUST provide the value of the cmis:changeToken property as an input parameter, and the repository MUST throw an updateConflictException if the value specified for the change token does NOT match the change token value for the object being updated.
The following sections list the complete set of exceptions that MAY be returned by a repository in response to a CMIS service method call.
The "Cause" field indicates the circumstances under which a repository SHOULD return a particular exception.
For each exception, the general intent is listed.
Those services which allow for the setting of ACLs MAY take the optional macro cmis:user which allows the caller to indicate the operation applies to the current authenticated user.
If the repository info provides a value for principalAnonymous, this value can be used to in an ACE to specify permissions for anonymous users.
If the repository info provides a value for principalAnyone, this value can be used to in an ACE to specify permissions for any authenticated user.
The Repository Services are used to discover information about the repository, including information about the repository and the object-types defined for the repository. Furthermore, it provides operations to create, modify and delete object-type definitions if that is supported by the repository.
Description: Returns a list of CMIS repositories available from this CMIS service endpoint.
Description: Returns information about the CMIS repository, the optional capabilities it supports and its access control information if applicable.
Note: The base type cmis:secondary MUST NOT be used here. Only primary base types can be in this list.
Description: Returns the list of object-types defined for the repository that are children of the specified type.
Description: Returns the set of the descendant object-types defined for the Repository under the specified type.
Notes:
The default value is repository specific and SHOULD be at least 2 or -1.
Description: Gets the definition of the specified object-type.
Description: Creates a new type definition that is a subtype of an existing specified parent type.
Notes: Only properties that are new to this type (not inherited) are passed to this service.
See section 2.1.10 Object-Type Creation, Modification and Deletion for further details.
Description: Updates a type definition.
Notes: If you add an optional property to a type in error. There is no way to remove it/correct it - without deleting the type. See section 2.1.10 Object-Type Creation, Modification and Deletion for further details.
Properties that are not changing MUST NOT be included, including any inherited property definitions.
For the properties that are being included, an entire copy of the property definition should be present (with the exception of the choice values – see special note), even values that are not changing.
Special note about choice values. There are only two types of changes permitted.
For any choice that is being added or having its display name changed, both the displayName and value MUST be present.
Description: Deletes a type definition.
Notes: If there are object instances present of the type being deleted then this operation MUST fail.
See sections 2.1.10 Object-Type Creation, Modification and Deletion for further details.
The Navigation Services are used to traverse the folder hierarchy in a CMIS repository, and to locate documents that are checked out.
Description: Gets the list of child objects contained in the specified folder.
Notes: If the repository supports the optional capability capabilityVersionSpecificFiling, then the repository MUST return the document versions filed in the specified folder. Otherwise, the latest version or the latest major version of the documents MUST be returned.
Description: Gets the set of descendant objects contained in the specified folder or any of its child-folders.
Notes:
The default value is repository specific and SHOULD be at least 2 or -1.
Description: Gets the set of descendant folder objects contained in the specified folder.
Notes:
The default value is repository specific and SHOULD be at least 2 or -1.
Description: Gets the parent folder object for the specified folder object.
The repository SHOULD return an object that is equal to the object returned by getObject with default parameters.
Description: Gets the parent folder(s) for the specified fileable object.
Description: Gets the list of documents that are checked out that the user has access to.
If specified, the repository MUST only return checked out documents that are child-objects of the specified folder.
If not specified, the repository MUST return checked out documents from anywhere in the repository hierarchy.
CMIS provides id-based CRUD (Create, Retrieve, Update, Delete) operations on objects in a repository.
Description: Creates a document object of the specified type (given by the cmis:objectTypeId property) in the (optionally) specified location.
Description: Creates a document object as a copy of the given source document in the (optionally) specified location.
Description: Creates a folder object of the specified type in the specified location.
Description: Creates a relationship object of the specified type.
Description: Creates a policy object of the specified type.
Description: Creates an item object of the specified type.
Description: Gets the list of allowable actions for an object (see section 2.2.1.2.6 Allowable Actions).
Description: Gets the specified information for the object.
Description: Gets the list of properties for the object.
Description: Gets the specified information for the object.
Description: Gets the content stream for the specified document object, or gets a rendition stream for a specified rendition of a document or folder object.
Notes: Each CMIS protocol binding MAY provide a way for fetching a sub-range within a content stream, in a manner appropriate to that protocol.
Description: Gets the list of associated renditions for the specified object. Only rendition attributes are returned, not rendition stream.
Description: Updates properties and secondary types of the specified object.
Notes:
Description: Updates properties and secondary types of one or more objects.
Notes:
Change tokens are optional. See section 2.2.1.3 Change Tokens.
Objects that have not been updated MUST NOT be returned. This service does not disclose why updates failed. Clients may call updateProperties for each failed object to retrieve individual exceptions.
Description: Moves the specified file-able object from one folder to another.
Description: Deletes the specified object.
Notes: If the object is a PWC the checkout is discarded. See section 2.1.13.5.3 Discarding Check out.
Description: Deletes the specified folder object and all of its child- and descendant-objects.
Notes:
If FALSE (default), then the repository SHOULD abort this method when it fails to delete a single child object or descendant object.
Description: Sets the content stream for the specified document object.
Notes: A repository MAY automatically create new document versions as part of this service operations method . Therefore, the objectId output NEED NOT be identical to the objectId input.
If FALSE, then the repository MUST only set the input contentStream for the object if the object currently does not have a content stream.
Description: Appends to the content stream for the specified document object.
Notes:
Clients SHOULD always set this parameter but repositories SHOULD be prepared that clients don’t provide it.
Repositories may use this flag to trigger some sort of content processing. For example, only if isLastChunk is TRUE the repsoitory could generate renditions of the content.
Description: Deletes the content stream for the specified document object.
Notes: A repository MAY automatically create new document versions as part of this service method. Therefore, the obejctId output NEED NOT be identical to the objectId input.
The Multi-filing services are supported only if the repository supports the multifiling or unfiling optional capabilities (capabilityMultifiling). The Multi-filing Services are used to file/un-file objects into/from folders.
This service is NOT used to create or delete objects in the repository.
Description: Adds an existing fileable non-folder object to a folder.
Description: Removes an existing fileable non-folder object from a folder.
If no value is specified, then the repository MUST remove the object from all folders in which it is currently filed.
The Discovery Services are used to search for query-able objects within the repository.
Description: Executes a CMIS query statement against the contents of the repository.
If FALSE (default), then the repository MUST only include latest versions of documents in the query search scope.
If the repository does not support the optional capabilityAllVersionsSearchable capability, then this parameter value MUST be set to FALSE.
For query statements where the SELECT clause contains properties from only one virtual table reference (i.e. referenced object-type), any value for this enum may be used. If the SELECT clause contains properties from more than one table, then the value of this parameter MUST be none. Defaults to none.
If the SELECT clause contains properties from more than one table, then the value of this parameter MUST not be set.
For query statements where the SELECT clause contains properties from only one virtual table reference (i.e. referenced object-type), any value for this parameter may be used. If the SELECT clause contains properties from more than one table, then the value of this parameter MUST be "FALSE". Defaults to FALSE.
Each object result MUST include the following elements if they are requested:
Description: Gets a list of content changes. This service is intended to be used by search crawlers or other applications that need to efficiently understand what has changed in the repository. See section 2.1.15 Change Log.
Notes:
If not specified, then the repository MUST return the first change event recorded in the change log.
If FALSE (default), then the repository MUST NOT include the updated property values for "updated" change events. The single exception to this is that the property cmis:objectId MUST always be included.
If FALSE (default), then the repository MUST not include policy information.
The Versioning services are used to navigate or update a document version series. See section 2.1.13 Versioning.
Description: Create a private working copy (PWC) of the document. See section 2.1.13.5.1 Checkout.
FALSE if the content stream of the Private Working Copy is "not set".
Description: Reverses the effect of a check-out (checkOut). Removes the Private Working Copy of the checked-out document, allowing other documents in the version series to be checked out again. If the private working copy has been created by createDocument, cancelCheckOut MUST delete the created document. See section 2.1.13.5.3 Discarding Check out.
Description: Checks-in the Private Working Copy document. See section 2.1.13.5.4 Checkin.
Notes:
FALSE if the checked-in document object MUST NOT be a major version but a minor version.
Description: Get the latest document object in the version series.
If FALSE (default), the repository MUST return the properties for the latest (major or non-major) version object in the version series.
Description: Get a subset of the properties for the latest document object in the version series.
If FALSE (default), the repository MUST return the properties for the latest (major or non-major) version object in the version series.
Description: Returns the list of all document objects in the specified version series, sorted by cmis:creationDate descending.
Notes: If a Private Working Copy exists for the version series and the caller has permissions to access it, then it MUST be returned as the first object in the result list.
The Relationship Services are used to retrieve the dependent relationship objects associated with an independent object.
Description: Gets all or a subset of relationships associated with an independent object.
If FALSE (default), then the repository MUST only return relationships whose object-types is equivalent to the object-type specified by the typeId parameter value.
If the typeId input is not specified, then this input MUST be ignored.
If not specified, then the repository MUST return relationship objects of all types.
The Policy Services are used to apply or remove a policy object to a controllablePolicy object.
Description: Applies a specified policy to an object.
Description: Removes a specified policy from an object.
Description: Gets the list of policies currently applied to the specified object.
The ACL Services are used to discover and manage Access Control Lists.
Description: Adds or removes the given ACEs to or from the ACL of an object .
Notes: This service MUST be supported by the repository, if the optional capability capabilityACL is manage.
How ACEs are added or removed to or from the object is repository specific – with respect to the ACLPropagation parameter.
Some ACEs that make up an object’s ACL may not be set directly on the object, but determined in other ways, such as inheritance. A repository MAY merge the ACEs provided with the ACEs of the ACL already applied to the object (i.e. the ACEs provided MAY not be completely added or removed from the effective ACL for the object).
Description: Get the ACL currently applied to the specified object.
Notes: This service MUST be supported by the repository, if the optional capability capabilityACL is discover or manage. A client MUST NOT assume that the returned ACEs can be applied via applyACL.
This binding is based upon the Atom ([RFC4287]) and Atom Publishing Protocol ([RFC5023]). Implementations of CMIS MUST be compliant with [RFC4287] and [RFC5023].
In this binding, the client interacts with the repository by acquiring the service document. The client will request the service document by the URI provided by the vendor. The client will then choose a CMIS collection, and then start accessing the repository by following the references in the returned documents.
This binding consists of a service document specifying at least CMIS service collections, Atom collections, feeds and entry documents. CMIS extends the Atom and AtomPub documents utilizing the Atom and AtomPub extension mechanism. CMIS also leverages link tags to specify additional resources related to the requested resource.
When requesting a resource, optional parameters may be specified to change default behavior via query parameters.
This specification uses the following namespaces and prefixes when referring to XML or XML schema elements in the text or examples:
Authentication SHOULD be handled by the transport protocol. Please see AtomPub [RFC5023] section 14.
If the provided credentials are incorrect or unknown or entirely missing, a repository MAY return the HTTP status code 403 (Forbidden) instead of the HTTP status code 401 (Unauthorized). This may prevent attacks against the Browser Binding. See also section 5.2.9 Authentication.
The client can specify, in HTTP the Accept header, which formats are acceptable to the client. With this mechanism the client can choose which response format the CMIS implementation should respond with. The CMIS compliant implementation MUST support the appropriate Media Types specified in this document.
The binding supports adding optional parameters to CMIS resources to modify the default behavior. CMIS implementations MUST support arguments being specified as HTTP query string parameters.
Names and valid values for HTTP query string parameters are as described in the appropriate CMIS Service descriptions (see section 2.2 Services). Valid values of enumeration types are also represented in the CMIS Core XML Schema.
Exceptions MUST be mapped to the appropriate HTTP status code.
Repositories SHOULD provide sufficient information in the body of the HTTP response for a user to determine corrective action.
See section 3.2.3 HTTP Status Codes for more information.
Each rendition included in a CMIS AtomPub response is represented as an Atom link
with a relationship alternate.
The following attributes SHOULD be included on the link element:
The following attributes MAY be included:
The content stream for a document SHOULD be referenced by the content src
attribute as well as the edit-media link relation. A CMIS Repository MAY use
different URIs for both content src attribute and the edit-media link relation for
the same content stream.
The following attributes SHOULD be included on the link element:
For paging, please see the AtomPub RFC. CMIS leverages first, next, previous, and last link relations to express paging.
If the repository can include the number of items (numItems in CMIS Domain Model) in a feed, then the repository SHOULD include the cmisra:numItems extension element in the feed.
The following services are not exposed in this binding:
This service is exposed from the domain model in the AtomPub binding. However, it is not as straightforward. To remove a policy from an object, one must do:
This is also the only case in the AtomPub Binding where an URI in a collection (policies) is specific to that collection.
Repositories MAY support HTTP Range requests on content streams.
The repository MAY support the HTTP OPTIONS method on all the resources defined in this specification. If the repository supports OPTIONS, then the repository MUST at least return the HTTP methods specified for that resource in the Allow header.
Please see the HTTP specification for more information on the HTTP status codes. These are provided as guidance from the HTTP specification. If any conflict arises, the HTTP specification is authoritative.
The following listing defines the HTTP status codes that repositories MUST return for the various common exceptions defined in CMIS Domain Model.
CMIS Services Exception | HTTP Status Code |
General Exceptions | |
invalidArgument | 400 |
notSupported | 405 |
objectNotFound | 404 |
permissionDenied | 403 |
runtime | 500 |
Specific Exceptions | |
constraint | 409 |
contentAlreadyExists | 409 |
filterNotValid | 400 |
nameConstraintViolation | 409 |
storage | 500 |
streamNotSupported | 403 |
updateConflict | 409 |
versioning | 409 |
Please see [RFC2616] Section 10 for more information.
CMIS introduces new media types for:
In addition to those media types specified by CMIS, CMIS also leverages these media
types:
Media Type: | application/cmisatom+xml |
Starting tag: | atom:feed or atom:entry |
Type Parameters: | type: the semantics of the type parameter MUST be the same as the media type parameter for Atom documents. |
This allows clients to differentiate between repositories that require Atom media type with CMIS extensions (application/cmisatom+xml) for creation and repositories that allow generic Atom media type without CMIS extensions (application/atom+xml).
This is only used for CMIS repositories to advertise what media types are accepted for adding to a collection (e.g., creating resources in a collection). As such CMIS does not require specifying whether an Atom feed has CMIS markup. It is included to be consistent with the Atom media type.
All feeds and entries from a CMIS repository MUST utilize the Atom media type for exposing Atom resources. Please see the individual resources for more information on the media type. This provides the interoperability with Atom clients.
Media Type: | application/cmisquery+xml |
Starting tag: | cmis:query |
This document contains the representation of a query to be executed in a CMIS repository.
Media Type: | application/cmisallowableactions+xml |
Starting tag: | cmis:allowableActions |
This document contains the representation of the allowable actions the user may perform on the referenced object.
Media Type: | application/cmistree+xml |
Starting tag: | atom:feed |
This document is an Atom feed (application/atom+xml;type=feed) with CMIS markup to nest a hierarchy.
Please see section 3.5.2.1 Hierarchical Atom Entries.
Note: This media type is used on links with relation down (see section 3.4.3.2 Hierarchy Navigation Internet Draft Link Relations). When the individual resources are returned by the CMIS repository they will use the Atom media type (application/atom+xml)
Media Type: | application/cmisacl+xml |
Starting tag: | cmis:acl |
This document specifies an Access Control List based on the schema in CMIS Domain Model.
This element MUST take precedence over atom:content on submission of an Atom entry to a repository.
A repository MUST use the atom:content element to return back to the client the content of the document.
Note: This is required when the client has an XML document stored that might not be well formed and thus would not be able to be included inside atom:content element.
See the bulkUpdateProperties service for details.
These attributes are in the CMIS RestAtom namespace (cmisra).
This attribute is used on the atom:link element to specify the CMIS id of the resource. This attribute SHOULD be on all link relations that point to a CMIS object.
This attribute MAY also be on cmisra:type. The value of the attribute on cmis:type MUST be the same as the type definition id.
This attribute is used on the atom:link element with relation alternate to specify the renditionKind of the resource. This attribute SHOULD be on all link elements with relation alternate that are a CMIS rendition.
The listing below outlines the different link relation types in CMIS. This is in addition to the link relations specified by Atom and Atom Publishing Protocol. The registry for link relations is located at http://www.iana.org/assignments/link-relations/link-relations.xhtml.
The link element with a specified relation MUST be included if client can perform the operation. The repository SHOULD omit the link relation if the operation is not available. The operation may not be available due to a variety of reasons such as access control, administrative policies, or other mechanisms.
Links may have the following attribute in addition to the ones specified by Atom and Atom Publishing Protocol:
Existing link relations should be used where appropriate by the implementation. In addition, the following link relations are leveraged for the CMIS specification:
self
service
describedby
via
edit-media
edit
alternate
first
previous
next
last
Please see http://www.iana.org/assignments/link-relations/link-relations.xhtml for more information on these link relations.
CMIS leverages the following link relations:
up
down
CMIS leverages the following link relations from the Internet Draft:
version-history
current-version
working-copy
CMIS defines the following link relations:
http://docs.oasis-open.org/ns/cmis/link/200908/allowableactions
http://docs.oasis-open.org/ns/cmis/link/200908/relationships
http://docs.oasis-open.org/ns/cmis/link/200908/source
http://docs.oasis-open.org/ns/cmis/link/200908/target
http://docs.oasis-open.org/ns/cmis/link/200908/policies
http://docs.oasis-open.org/ns/cmis/link/200908/acl
http://docs.oasis-open.org/ns/cmis/link/200908/changes
http://docs.oasis-open.org/ns/cmis/link/200908/foldertree
http://docs.oasis-open.org/ns/cmis/link/200908/typedescendants
http://docs.oasis-open.org/ns/cmis/link/200908/rootdescendants
For all Atom resources used in this specification, the following MUST be followed:
Any feed MUST be a valid Atom Feed document and conform to the guidelines below for CMIS objects:
Any feed MUST be a valid Atom Feed document and conform to the guidelines below for CMIS types:
If on the root type, all fields are repository specific.
Ordering of entries in a feed is repository-specific if the orderBy argument is not specified. If the orderBy argument is specified, the order of the entries in the feed SHOULD conform to the ordering specified by the orderBy argument. If a repository only supports a certain number of orderBy properties, it SHOULD ignore all additional properties.
At any point where an Atom document of type Entry is sent or returned, it must be a valid Atom Entry document and conform to the guidelines below for a cmis object:
For documents that support content streams:
| |
The repository SHOULD use the atom:content/src attribute to point to the content stream. The client SHOULD use cmisra:content if the content is not well-formed or would have trouble fitting inside an atom:content element. The repository MUST use the cmisra:content element if provided by the client over the atom:content element. | |
Other objects:
| |
(Folders, relationships, policies, items, and other document types that do not support content streams, etc.)
The repository SHOULD provide an atom:summary element and no atom:content element in order to comply with the Atom specification. Any value in the content field MUST be ignored if the Atom entry represents a non-document object by the CMIS repository when the Atom entry is POST’ed to a collection or sent to the repository via a PUT. |
|
When POSTing an Atom Document, the Atom elements MUST take precedence over the corresponding writable CMIS property. For example, atom:title will overwrite cmis:name.
At any point where an Atom document of CMIS type is sent or returned, it must be a valid Atom Entry document and conform to the guidelines below for a CMIS type definition:
Any Atom element that is not specified is repository-specific.
The repository SHOULD NOT provide any links to hierarchical objects if those capabilities are not supported with the exception of getTypeDescendants which is required.
For Atom entries that are hierarchical such as Folder Trees or Descendants, the repository MUST populate a cmisra:children element in the atom:entry with the enclosing feed of its direct children. This pattern continues until the depth is satisfied.
The cmisra:children element MUST include an atom:feed element that contains the children entries of this resource.
If an entry does not contain cmisra:children element, then the entry MAY have children even though it is not represented in the Atom entry.
Please see section 3.3.4 CMIS Tree.
|
Service |
Resource | HTTP Method |
|
|||
Repository | GET | ||
| GET | ||
| GET | ||
| GET | ||
| GET | ||
| POST | ||
| PUT | ||
| DELETE | ||
Navigation | GET | ||
| GET | ||
| GET | ||
| GET | ||
| GET | ||
| GET | ||
Object | POST | ||
| |||
| POST | ||
| POST | ||
| POST | ||
| GET | ||
|
|||
|
Document Entry or | GET | |
| |||
|
objectbypath URI template | GET | |
| GET | ||
| |||
|
Document Entry or | PUT | |
| POST | ||
| POST | ||
|
Document Entry or | DELETE | |
| DELETE | ||
| PUT | ||
| PUT | ||
| DELETE | ||
Multi | POST | ||
| POST | ||
Disc | POST | ||
| GET | ||
Versioning | POST | ||
| DELETE | ||
| PUT | ||
|
|||
| PUT | ||
| |||
| GET | ||
Rel | GET | ||
Policy | POST | ||
| DELETE | ||
| GET | ||
ACL | PUT | ||
| GET | ||
|
|||
|
|||
|
The AtomPub Service Document contains the set of repositories that are available.
How the client will get the initial AtomPub (APP) service document or the URI for the service document is repository specific. Examples are via URI, or loading the service document from disk.
The service document will also be available from Atom Entry and Atom Feed documents via a link relationship service. That AtomPub service document MUST then only contain one workspace element which MUST be the workspace representing the repository containing the Atom Entry or Atom Feed document.
CMIS Services:
Arguments:
Media Type:
Each repository is mapped to a app:workspace element in the AtomPub Service document. A workspace element MUST have a collection element for each of following collections. Each collection MUST also contain a cmisra:collectionType element with the given value.
The workspace element SHOULD also contain these collections if the repository supports this functionality:
The workspace element MUST also contain the following link element with the relation:
http://docs.oasis-open.org/ns/cmis/link/200908/typedescendants
The workspace element MUST contain the following link elements of the following relations for those services which are supported by the repository:
http://docs.oasis-open.org/ns/cmis/link/200908/foldertree
http://docs.oasis-open.org/ns/cmis/link/200908/rootdescendants
http://docs.oasis-open.org/ns/cmis/link/200908/changes
The workspace element may include app:collection elements for the collections that represent folders in the repository. However, an alternative approach, especially for a repository with many folders, is to not enumerate those collections here, but include the app:collection element per [RFC5023] in the Atom Feed document.
The repository MUST include the URI templates in the workspace elements.
CMIS defines the following URI templates:
Repositories MUST provide the following URI templates:
Repositories MUST provide the URI template query if the repository supports query.
Repositories MAY extend that set of templates. Those URI template types will be repository specific. Repositories MAY have more than one entry per URI template type if the entries have different media types.
URI templates are simple replacement of the template parameter with the specified value. If a client does not want to specify a value for some of these variables, then the client MUST substitute an empty string for the variable.
For example, if the URI template that supports the variable {id} is:
If the client wants to find the entry for an object with an id of ’obj_1’ then the URI would be:
URI Templates MUST only be used with HTTP GET.
Arguments that are substituted for URI template parameters MUST be percent escaped according to [RFC3986]. Please see that RFC for more information.
All variables MUST be in the template.
Type: objectbyid
Media Type: application/atom+xml;type=entry
Service: getObject or getObjectOfLatestVersion
Variables that are supported by the template:
Type: objectbyid
Media Type: application/atom+xml;type=entry
Service: getObjectByPath
Variables that are supported by the template:
Type: query
Media Type: application/atom+xml;type=feed
Service: query
Variables that are supported by the template:
Type: typebyid
Media Type: application/atom+xml;type=entry
Service: getTypeDefinition
Variables that are supported by the template:
These are the collections that are included on an AtomPub Service document in the workspace element.
For any HTTP verb not specified on a resource, each implementation MAY chose to implement that HTTP verb in a repository-specific manner.
This collection provides access to the children of the root folder. Please see section 3.9.2 Folder Children Collection.
This is a collection for processing queries. If the implementation supports GET on this collection, then the implementation SHOULD at least return a feed consisting of zero or more Atom entries. These Atom entries should represent persisted objects related to query such as persisted queries, long running queries or search templates.
CMIS Services:
Accept:
Media Type:
The feed returned MUST contain a set of Atom entries representing the result set from the query.
The Atom entries should contain the bare minimum necessary for Atom compliance [RFC4287]. The Atom entries MUST contain the CMIS extension element (cmisra:object) containing the properties specified by the query in the select clause of the query statement.
If all the selected properties can be mapped to the same type reference, then the repository MAY include additional information in the Atom entry.
Please see [RFC5023] Section 5.3.
Link Relations:
The following CMIS Atom extension element MAY be included inside the Atom feed:
The following CMIS Atom extension element MUST be included inside the Atom entries:
Success Status Codes:
Headers returned:
Upon submission (creation) of a query document, a response must be returned with a Location header representing the feed for that query. If the query cannot be performed and an Atom feed returned, the repository MUST return the appropriate HTTP status code. In addition, the server SHOULD return the feed directly. If the server does so, the server SHOULD also return the Content-Location header.
This is a collection described in the service document that contains the Private Working Copies (PWCs) of the checked-out documents in the repository.
CMIS Services:
Arguments:
Media Type:
Link Relations:
The following CMIS Atom extension element MAY be included inside the Atom feed:
The following CMIS Atom extension element MUST be included inside the Atom entries:
Success Status Codes:
When an Atom Entry is POSTed to this collection, the document will be checked out. A Content-Location header MUST be returned containing the location of the Private Working Copy. The newly created PWC Entry MUST be returned.
CMIS Services:
Accept:
Media Type:
Success Status Codes:
Headers returned:
This is a collection described in the service document to manage unfiled document, policy, and item objects.
If this is called with an existing object, the object will be removed from all folders in the repository by default. If the optional argument removeFrom is specified, the object will only be removed from that folder.
If this is called with an entry that doesn’t have an object id, a new, unfiled object will be created.
The removed or newly created Document Entry, Policy Entry, or Item Entry MUST be returned.
CMIS Services:
If the Atom Entry POSTed has a valid cmis:objectId property, removeObjectFromFolder will be performed. If the Atom Entry POSTed has no cmis:objectId property, the value of the cmis:objectTypeId property decides if createDocument, createPolicy, or createItem will be performed. In all other cases (invalid object id, the object does not exist, the object is not in that folder, the object type id is invalid, the base type is neither cmis:document nor cmis:policy nor cmis:item, etc.) the appropriate HTTP status code MUST be returned. See also 3.9.2 Folder Children Collection.
Arguments:
Accept:
Media Type:
Success Status Codes:
Headers returned:
This is a collection described in the service document that contains the types in the repository under the specified parent type. If no parent type is specified, then the base types are returned in the feed. This feed does not include any nesting and is a flat feed.
This feed contains a set of Atom entries for each child type definition.
CMIS Services:
Arguments:
Media Type:
Link Relations:
The following CMIS Atom extension element MAY be included inside the Atom feed:
The following CMIS Atom extension element MUST be included inside the Atom entries:
Success Status Codes:
This creates a new object-type.
The server MUST return the appropriate HTTP status code if the specified parent type doesn’t match this collection.
The created object-type entry MUST be returned.
CMIS Services:
Accept:
Media Type:
Success Status Codes:
Headers returned:
This collection is used for bulk updates.
The POSTed entry MUST include a CMIS Atom extension element cmisra:bulkUpdate. It contains the set of objects that should be updated, the new property values and secondary type modifications.
CMIS Services:
Accept:
Media Type:
Link Relations:
The following CMIS Atom extension element MAY be included inside the Atom feed:
The following CMIS Atom extension element MUST be included inside the Atom entries:
The returned object entries MUST follow these rules:
Success Status Codes:
For any HTTP verb not specified on a resource, each implementation MAY chose to implement that HTTP verb in a repository-specific manner.
This collection manages relationships.
This collection contains the set of relationships available (either source or target or both) from a specific item such as a document, folder, policy, or item.
CMIS Services:
Arguments:
Media Type:
Link Relations:
The following CMIS Atom extension element MAY be included inside the Atom feed:
The following CMIS Atom extension element MUST be included inside the Atom entries:
Success Status Codes:
When an Atom entry with CMIS markup is POSTed to this collection, if that Atom entry represents a new CMIS relationship, then that relationship will be created.
The server MUST return the appropriate HTTP status code if the source is different than the sourceId or target different than the targetId for the source and targets specified in this collection.
The server MUST return the appropriate status code if the cmis:objectTypeId is not specified.
CMIS Services:
Accept:
Media Type:
Success Status Codes:
Headers returned:
This collection managed folder children.
CMIS Services:
Arguments:
Media Type:
Link Relations:
The following CMIS Atom extension element MAY be included inside the Atom feed:
The following CMIS Atom extension element MUST be included inside the Atom entries:
Success Status Codes:
CMIS Services:
POSTing an Atom Entry document with CMIS markup:
| |
If the Atom entry has a CMIS property cmis:objectId that is valid for the repository, the object (document, folder, policy, or item)
will be added to the folder.
When an object is added to the folder, in repositories that do not support multi-filing it will be removed from the previous folder and the operation treated as move. If the repository supports multiple folders, it will be added to the new folder. If the optional argument sourceFolderId is specified, then the object will be removed from the folder specified. |
|
Creating a new CMIS object in that folder:
| |
If the cmis:objectId property is missing, the object will be created and then added to the folder. If the cmis:objectId property is
present but not a valid object Id, the repository MUST return the appropriate HTTP status code. For documents:
|
|
POSTing other document formats (AtomPub):
| |
The behavior is repository specific when a non Atom entry or an atom document without the CMIS elements is posted to a folder collection.
For example, the repository MAY auto-create a document with a specific type (document) the client could edit. If the repository does not support this scenario or another exception occurs, then the repository MUST return the appropriate HTTP status code. |
|
Arguments:
Accept:
Media Type:
Success Status Codes:
Headers returned:
See HTTP DELETE description in section 3.10.4 Folder Tree Feed.
This collection managed policies applied to an object.
The policy entries displayed here are specific to the object generating this collection.
CMIS Services:
Arguments:
Media Type:
Link Relations:
The following CMIS Atom extension element MAY be included inside the Atom feed:
The following CMIS Atom extension element MUST be included inside the Atom entries:
Success Status Codes:
When an Atom Entry representing a Policy is posted to this collection, the policy will be applied to the object.
CMIS Services:
Accept:
Media Type:
Success Status Codes:
Headers returned:
This is the only collection where the URI’s of the objects in the collection MUST be specific to that collection. A DELETE on the policy object in the collection is a removal of the policy from the object NOT a deletion of the policy object itself.
CMIS Services:
Success Status Codes:
For any HTTP verb not specified on a resource, each implementation MAY chose to implement that HTTP verb in a repository-specific manner.
This is the set of parents for a specific object.
CMIS Services:
Arguments:
Media Type:
Link Relations:
The following CMIS Atom extension element MUST be included inside the Atom entries:
Success Status Codes:
This is a link relationship described in the service document that contains the changes in the repository in the workspace element. The link relation pointing to this feed is http://docs.oasis-open.org/ns/cmis/link/200908/changes.
The ChangeLog Token is specified in the URI specified by the paging link notations. Through this binding it is not possible to retrieve the ChangeLog Token from the URIs.
This feed MUST be ordered from oldest first to newest.
If the next changes does not exist yet, the link relation next MAY be available. If the next link relation is not available, the client should revisit the feed in the future and look for new items and the next link relation.
CMIS Services:
Arguments:
Media Type:
Link Relations:
The following CMIS Atom extension element MAY be included inside the Atom feed:
The following CMIS Atom extension element MUST be included inside the Atom entries:
Success Status Codes:
This is a hierarchical feed comprising items under a specified folder to a specified depth. This is available via the link relation down with the application/cmistree+xml media type. Please see section 3.5.2.1 Hierarchical Atom Entries for more information on format.
If a repository does not support capabilityGetDescendants, then these resources SHOULD NOT be exposed.
CMIS Services:
Arguments:
Media Type:
Link Relations:
The following CMIS Atom extension element MAY be included inside the Atom feed:
The following CMIS Atom extension element MUST be included inside the Atom entries:
Success Status Codes:
See HTTP DELETE description in section 3.10.4 Folder Tree Feed.
This is a hierarchical feed comprising all the folders under a specified folder. This is available via the link relation foldertree with media type application/atom+xml;type=feed. Please see section 3.5.2.1 Hierarchical Atom Entries for more information on format.
CMIS Services:
Arguments:
Media Type:
Link Relations:
The following CMIS Atom extension element MAY be included inside the Atom feed:
The following CMIS Atom extension element MUST be included inside the Atom entries:
Success Status Codes:
This deletes the folder and all sub-folders.
If the DELETE method does not delete all items, invoking GET with infinite depth on the Folder Descendants Feed will return the items not deleted. Subsequent DELETE methods can be invoked on this URI.
Note: If the repository does not implement the Folder Descendants Feed, there is no mechanism to identify the resources that were not removed.
CMIS Services:
Arguments:
Success Status Codes:
This is a feed comprised of all the versions of the given document. The feed MUST contain the newest versions at the beginning of the feed.
CMIS Services:
Arguments:
Media Type:
Link Relations:
The following CMIS Atom extension element MUST be included inside the Atom entries:
Success Status Codes:
This is a feed described in the service document that contains all the types under a specific type in the repository to a specific depth. If no parent type is specified, then the base types and their descendants are returned in the feed which is equivalent to all types in the repository if depth is infinite. The link relation is http://docs.oasis-open.org/ns/cmis/link/200908/typedescendants.
Types are nested using the CMIS hierarchy extension. Please see section 3.5.2.1 Hierarchical Atom Entries for more information on format.
CMIS Services:
Arguments:
Media Type:
Link Relations:
The following CMIS Atom extension element MAY be included inside the Atom feed:
The following CMIS Atom extension element MUST be included inside the Atom entries:
Success Status Codes:
For any HTTP verb not specified on a resource,each implementation MAY chose to implement that HTTP verb in a repository-specific manner.
This represents a type definition in the repository. This is enclosed as an Atom entry.
CMIS Services:
Media Type:
Link Relations:
The following CMIS Atom extension element MUST be included inside the Atom entry:
Success Status Codes:
This updates the object-type.
The updated object-type entry MUST be returned. See section 2.1.10 Object-Type Creation, Modification and Deletion for details.
CMIS Services:
Accept:
Media Type:
Success Status Codes:
Headers returned:
This deletes the object-type.
CMIS Services:
Success Status Codes:
This is a CMIS Document instance.
This returns the document.
CMIS Services:
Arguments:
Media Type:
Link Relations:
The following CMIS Atom extension element MUST be included inside the Atom entry:
Success Status Codes:
This does a replacement of the Atom entry with the Atom entry document specified. If readwrite properties are not included, the repository SHOULD NOT modify them. The updated entry SHOULD be returned.
CMIS Services:
Accept:
Media Type:
Success Status Codes:
Headers returned:
This removes the document or all versions of the version series.
CMIS Services:
Arguments:
Success Status Codes:
This is the private working copy of the document (checkedout version of document).
CMIS Services:
Arguments:
Media Type:
Media Type:
Link Relations:
The following CMIS Atom extension element MUST be included inside the Atom entry:
Success Status Codes:
This does a replacement of the Atom entry with the Atom entry document specified. If modifiable properties (whencheckedout or readwrite) are not included, the repository SHOULD NOT modify them. The updated entry SHOULD be returned.
CMIS Services:
Media Type:
Arguments:
Success Status Codes:
Headers returned:
This removes the document entry, in this case, cancels the check out. The PWC will be removed.
CMIS Services:
Success Status Codes:
This is a CMIS Folder instance.
CMIS Services:
Arguments:
Media Type:
Link Relations:
The following CMIS Atom extension element MUST be included inside the Atom entry:
Success Status Codes:
This does a replacement of the Atom entry with the Atom entry document specified. If readwrite properties are not included, the repository SHOULD NOT modify them. The updated entry SHOULD be returned.
CMIS Services:
Accept:
Media Type:
Success Status Codes:
Headers returned:
This removes the folder from the repository. This is deletion of the folder only and not any contained objects.
CMIS Services:
Success Status Codes:
This is a CMIS relationship instance. These objects are exposed via ’relationships’ link type.
CMIS Services:
Arguments:
Media Type:
Link Relations:
The following CMIS Atom extension element MUST be included inside the Atom entry:
Success Status Codes:
This does a replacement of the Atom entry with the Atom entry document specified. If readwrite properties are not included, the repository SHOULD NOT modify them. The updated entry SHOULD be returned.
CMIS Services:
Accept:
Media Type:
Success Status Codes:
Headers returned:
This removes the relationship from the repository.
CMIS Services:
Success Status Codes:
This is a CMIS policy instance.
CMIS Services:
Arguments:
Media Type:
Link Relations:
The following CMIS Atom extension element MUST be included inside the Atom entry:
Success Status Codes:
This does a replacement of the Atom entry with the Atom entry document specified. If readwrite properties are not included, the repository SHOULD NOT modify them. The updated entry SHOULD be returned.
CMIS Services:
Accept:
Media Type:
Success Status Codes:
Headers returned:
This removes the policy from the repository. If this policy entry was discovered through a policy collection on an object, then removePolicy is performed rather than deleteObject on the policy itself.
CMIS Services:
Success Status Codes:
CMIS Services:
Arguments:
Media Type:
Link Relations:
The following CMIS Atom extension element MUST be included inside the Atom entry:
Success Status Codes:
This does a replacement of the Atom entry with the Atom entry document specified. If readwrite properties are not included, the repository SHOULD NOT modify them. The updated entry SHOULD be returned.
CMIS Services:
Accept:
Media Type:
Success Status Codes:
Headers returned:
This removes the item from the repository.
CMIS Services:
Success Status Codes:
This is the content stream portion of the document object.
This returns the content stream.
It is RECOMMENDED that HTTP Range requests are supported on this resource. Please see [RFC2616] for more information on HTTP Range requests. It is RECOMMENDED that HTTP compression is also supported.
CMIS Services:
Arguments:
Media Type:
Success Status Codes:
Sets or replaces the content stream or appends a chunk of content to the existing content stream.
If the client wishes to set a new filename, it MAY add a Content-Disposition header, which carries the new filename. The disposition type MUST be "attachment". The repository SHOULD use the "filename" parameter and SHOULD ignore all other parameters. (See ?? and ??.)
CMIS Services:
Arguments:
Success Status Codes:
Headers returned:
This removes the content stream.
CMIS Services:
Success Status Codes:
This is an AllowableActions document.
This returns the CMIS AllowableActions for a specified object.
CMIS Services:
Media Type:
Success Status Codes:
This returns the CMIS ACL for a specified object.
CMIS Services:
Arguments:
Media Type:
Success Status Codes:
This applies the CMIS ACL for a specified object. The updated ACL SHOULD be returned.
CMIS Services:
Arguments:
Accept:
Media Type:
Success Status Codes:
All services and operations defined in the domain model specification are presented in the Web Services binding.
The WSDL for these services reference two XSD documents. One defines elements for the primary data types of documents, folders, relationships, policies, items, and secondary types as well as collections of these types of objects. The second XSD defines the message formats for each of the CMIS services; the messages often refer to the data types defined in the first XSD schema. The WSDL presents exactly the abstract services defined in the Services section.
The normative CMIS Web Services binding is defined by the WSDL and XSD as well as the details given here in this part of the CMIS specification.
A CMIS Web Services binding MUST comply with WS-I Basic Profile 1.1 and Basic Security Profile 1.0.
A CMIS Web Services binding SHOULD support WS-Security 1.1 for Username Token Profile 1.1 and MAY also support other authentication mechanisms. A CMIS repository MAY grant access to all or a subset of the CMIS services to unauthenticated clients.
All endpoints of the Web Services binding MUST be MTOM enabled.
Services MUST report errors via SOAP faults. The CMIS-Messaging.xsd defines a basic fault structure that includes an error code and an error message and the WSDL for each service defines specific messages that have the basic fault format.
The Domain Model defines all services, operations, parameters and objects of CMIS. The Web Services binding is an exact one-to-one mapping of this definition with small exceptions that are explained in the next section. Operations and parameters are named exactly after their counterparts in the Services section. All rules and exceptions defined there apply to the Web Services binding. Optional parameters and optional return values are not set if they are missing or their value is NULL.
This binding supports partial properties updates. All properties passed to updateProperties or checkIn will be updated to their new values. Properties that are passed without a value will be set to their default value or un-set if no default value is defined. All others property values remain untouched.
This binding supports the retrieval of content ranges. The operation getContentStream accepts two optional parameters:
If the offset value is greater than the size of the content the repository SHOULD throw a constraint exception. If offset + length is greater than the size of the content the repository should deliver the content from the offset to the end of the content.
On all input messages and some output messages exists an element called extension. This element is used to provide vendor or repository-specific information between client and server.
All of the types referenced by the schema also support xs:any for vendor or repository-specific information.
This binding requires specific structures that are not part of the general CMIS schema.
cmisFaultType and cmisFault SHOULD be used to generate SOAP faults.
See section 4.1.4 Reporting Errors.
cmisRepositoryEntryType is the return structure of getRepositories. It contains the id and the name of a repository.
cmisTypeContainer is the return structure of getTypeDescendants. It holds a type hierarchy.
cmisTypeDefinitionListType is the return structure of getTypeChildren. It contains a list of types, the hasMoreItems flag and the numItem element.
cmisObjectInFolderType holds, in addition to a cmisObjectType object, a path segment string. It is used in all operations that support the includePathSegments parameter. cmisObjectParentsType is similar but has a relative path segment string instead of a path segment. For details about path segments and relative path segments see section 2.1.5.3 Paths.
cmisObjectInFolderContainerType contains a folder hierarchy.
cmisObjectListType and cmisObjectInFolderListType hold lists of cmisObjectType and cmisObjectInFolderType structures. They also contain the hasMoreItems flag and the numItems element that are returned by operations that return these lists.
cmisContentStreamType wraps a content stream and additional information about the stream.
Client to Repository | Repository to Client | ||
length | Length of the content stream in bytes. If set, it MUST be a positive number. If the length is unknown it MUST NOT be set. If it is used in the context of appendContentStream this is the size of the chunk in bytes. | SHOULD be set | SHOULD be set |
mimeType | MIME Media Type of the content stream. For the primary content of a document it SHOULD match the value of the property cmis:contentStreamMimeType. If it is used in the context of appendContentStream this either MUST NOT be set or MUST match the MIME Media Type of the document. If it is the first chunk it SHOULD be set and defines the MIME Media Type of the document. | SHOULD be set | MUST be set |
filename | Filename of the content stream. For the primary content of a document it SHOULD match the value of the property cmis:contentStreamFileName. | SHOULD be set | SHOULD be set |
stream | The content stream. MUST be present even if the content stream has 0 bytes. | MUST be set | MUST be set |
cmisACLType is the return structure of getACL and applyACL. It contains the current Access Control List (ACL) of the object and the exact flag that indicates if the ACL fully describes the permission of this object.
cmisExtensionType is a placeholder for extensions. See section 4.3.3 Extensions.
The CMIS Browser Binding is based upon JSON (Java Script Object Notation, [RFC4627]) and patterns used in Web applications. This binding is specifically designed to support applications running in a web browser but is not restricted to them. It is based on technologies that developers who build such applications already understand, including HTML, HTML Forms, JavaScript and JSON (Java Script Object Notation). Importantly, it does not require a JavaScript library, but rather takes advantage of capabilities already built into modern browsers.
While this binding is optimized for use in browser applications, it can also serve as an easy to use binding in other application models.
HTTP MUST be used as the protocol for service requests. HTTP GET MUST be used for reading content and HTTP POST MUST be used for creating, updating and deleting content. Using just those two HTTP verbs makes it possible to develop applications that rely on built-in browser capabilities (e.g. HTML Forms) and typical server configurations.
The use of HTTPS is RECOMMENDED for repositories that contain non-public data.
Browser applications are typically written in JavaScript. A popular lightweight data representation format amongst JavaScript developers is JavaScript Object Notation (JSON) as described in [RFC4627]. JSON MUST be used to represent the various CMIS objects described by the data model.
This specification provides a formal definition of the CMIS JSON elements. The formal definition is short and precise and allows implementations to validate CMIS JSON at runtime.
Since there is not yet a JSON schema language approved by a standards body, this specification uses a schema language called Orderly that is introduced by Lloyd Hilaiel on http://orderly-json.org/. Since the definition of Orderly on http://orderly-json.org/ may proceed independently of this specification, and because we may need to extend Orderly to define some elements of CMIS, we provide a description of Orderly in appendix B Schema Language (Orderly) of this document.
JSON only defines a few types, including Object, String, Number, Boolean, Null and Array. Not all types used in the CMIS schema have direct JSON equivalents. The following table describes the mapping between CMIS and JSON types.
CMIS | JSON |
string | string |
boolean | boolean |
decimal | number |
integer | number |
datetime | number (Dates are represented in milliseconds from 1970/01/01 00:00:00 UTC with a day containing 86,400,000 milliseconds. Negative numbers represent dates before 1970/01/01 00:00:00 UTC.) |
uri | string |
id | string |
html | string |
The URLs used by the Browser Binding are meant to be predictable in order to simplify client development. The URL patterns allow objects to be referenced by either object Id or path. Section 5.3 URLs provides the details of how clients can construct these URLs.
Browser applications typically use HTTP multipart forms as described in [RFC2388] to create and update content. This is especially useful for updating file content with the addition of the FILE attribute in [RFC1867]. In this binding, HTTP POST of multipart/form-data MUST be used to update content streams.
The JSON value "null" MUST be used by the server when returning values that have not been set.
Modern browsers restrict a JavaScript function from making HTTP calls to servers other than the one on which the function originated. This set of restrictions is called the "same-origin policy" (see [SameOriginPolicy]). A CMIS client web application and the CMIS repositories it uses may often be deployed to different servers. This specification allows JavaScript clients to access repositories on other servers, within the constraints of the same-origin policy, by using the "JSON with Padding" (JSONP) pattern.
This binding introduces a parameter called callback to allow CMIS clients to use this pattern.
The callback MAY be included by clients on read operations defined by this protocol that answer a JSON object. The server MUST respond to valid read requests containing this token by answering the token, followed by an open parenthesis, followed by the JSON object returned, followed by a close parenthesis. If the parameter is included in a request, the server MUST validate that its value is not empty but the server MUST NOT do any additional validation of the token, such as, for example, assuring it conforms to JavaScript function naming conventions. If the parameter value is empty, or if the parameter is used on a service for which it is not allowed, then the invalidArgument exception MUST be used to signal the error.
Example:
This specification RECOMMENDS the authentication mechanisms described in the following sections. Repositories MAY provide more, other or no authentication mechanisms.
Furthermore, this specification RECOMMENDS the use of HTTPS (see [RFC2818]) to protect credentials and data.
Repositories SHOULD accept HTTP Basic Authentication (see [RFC2617] Section 2).
If the provided credentials are incorrect or unknown or entirely missing, a repository MAY return the HTTP status code 403 (Forbidden) instead of the HTTP status code 401 (Unauthorized). This prevents web browsers from providing a login dialog and subsequently remembering the credentials. This in turn can prevent a form of cross-site request forgery (CSRF).
The authentication mechanism described in this section addresses the following scenario:
A web application is hosted on one domain; the CMIS browser binding interface is served from another domain. There is no proxy process on the server that hosts the web application. That is, all communication between the application and the repository has to happen in the web browser via JavaScript. The "same-origin policy" (see [SameOriginPolicy]) enforced by the web browser prohibits a direct and secure two-way communication between the application and the repository.
To access the repository, a user has to authenticate and has to authorize the application (and only this application, not all scripts in the web browser) to make CMIS calls.
A token SHOULD be added to each request to prevent cross-site request forgery (CSRF) attacks. For this purpose, a parameter token MUST be added to the parameters of a GET request and a control token MUST be added to the controls of a HTML form.
The repository SHOULD return a permissionDenied error if the client sends an invalid token.
If the client sends any other form of authentication (Basic Authentication, OAuth, etc.), the token MAY be omitted. It is RECOMMENDED for web applications always to provide a token, even if another form of authentication is in place.
The repository provides a JavaScript script that the web application includes into its HTML page via the HTML <script> tag.
This script provides four functions:
The function takes a callback function. It is called when the login process has been completed. The callback function MUST accept a boolean parameter. The repository MUST provide TRUE if the login process was successful and FALSE if it was not successful.
The function takes a callback function. It is called when the logout process has been completed. The callback function MUST accept a boolean parameter. The repository MUST provide TRUE if the logout process was successful and FALSE if it was not successful.
The flow in a web application could looks like this:
HTTP status codes MUST be used to indicate success or failure of an operation. Please see the HTTP specification for more information on the HTTP status codes. These are provided as guidance from the HTTP specification. If any conflict arises, the HTTP specification is authoritative.
CMIS Services Exception | HTTP Status Code |
General Exceptions | |
invalidArgument | 400 |
notSupported | 405 |
objectNotFound | 404 |
permissionDenied | 403 |
runtime | 500 |
Specific Exceptions | |
constraint | 409 |
contentAlreadyExists | 409 |
filterNotValid | 400 |
nameConstraintViolation | 409 |
storage | 500 |
streamNotSupported | 403 |
updateConflict | 409 |
versioning | 409 |
This binding also introduces an object to return additional information about the response. CMIS repositories SHOULD include this object in responses. When present, the object MUST include the following JSON properties.
Example:
If the query parameter suppressResponseCodes=true is set, the repository MUST always return the HTTP status code 200.
Example:
The default representation of properties may contain redundant information such as the display name, property type, cardinality, etc. to simplify JavaScript code in a web application. This extra data is superfluous for clients that cache type and property definitions. In order to reduce the message sizes, the Browser Binding supports a parameter, which advises the repository to send a compact form of the properties.
A client MAY add the query parameter succinct (HTTP GET) or the control succinct (HTTP POST) with the value "true" to a request. If this is set, the repository MUST return properties in a succinct format. That is, whenever the repository renders an object or a query result, it MUST populate the succinctProperties value and MUST NOT populate the properties value. See the schema elements http://docs.oasis-open.org/ns/cmis/browser/201103/object and http://docs.oasis-open.org/ns/cmis/browser/201103/queryResult.
Example of a folder representation with succinct flag set to "true":
The document returned by the Service URL provides the repository information for all available repositories. How the client will get the Service URL is repository specific.
The Service URL MUST return the repository infos of all available repositories (see section 2.1.1 Repository). Each repository info MUST contain two additional properties:
The Repository URL provides access to data that is independent of the folder hierarchy such as type definitions, query and content changes. It can be obtained using the getRepositories or getRepositoryInfo services.
The Root Folder URL is used to build Object URLs (see section 5.3.4 Object URLs). It can be obtained using the getRepositories or getRepositoryInfo services.
An object is either identified by a parameter objectId added to the Root Folder URL or by a path that is appended to the Root Folder URL. If the parameter objectId is set, it takes precedence over the path.
The two forms of an Object URL are:
Examples:
Read operations use HTTP GET. The particular data that is returned by a read operation is determined by the query parameter cmisselector.
If the cmisselector parameter is absent, the following default values are used:
Base Type | cmisselector |
cmis:document | content |
cmis:folder | children |
cmis:relationship | object |
cmis:policy | object |
cmis:item | object |
The value of the cmisselector parameter is case insensitive.
All operations that create, modify, or delete objects or change the state of the repository in any way use HTTP POST. Since this binding is optimized for use in browser applications, the format of the transferred data is aligned to the capabilities of HTML forms and described in this specification in HTML terms. See section 5.4.4 Use of HTML Forms for a description of how HTML forms are used for CMIS services.
All operations that return the HTTP status code 201 SHOULD also return a HTTP Location header.
The Schema Elements mentioned in the following sections refer to the CMIS Orderly schema. See also section 5.2.3 Schema.
Service: | getRepositories |
HTTP method: | GET |
Argument cmisselector: | |
Arguments: |
|
Response: | JSON representation of the repository infos of all repositories |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/repositories |
Success HTTP status code: | 200 OK |
The Service URL has no selector.
Service: | getRepositoryInfo |
HTTP method: | GET |
Argument cmisselector: | repositoryInfo |
Arguments: |
|
Response: | JSON representation of the repository info of the specified repository |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/repositories |
Success HTTP status code: | 200 OK |
Service: | getTypeChildren |
HTTP method: | GET |
Argument cmisselector: | typeChildren |
Arguments: |
|
Response: | JSON representation of the types that are immediate children of the specified typeId, or the base types if no typeId is provided |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/typeList |
Success HTTP status code: | 200 OK |
Service: | getTypeDescendants |
HTTP method: | GET |
Argument cmisselector: | typeDescendants |
Arguments: |
|
Response: | JSON representation of all types descended from the specified typeId, or all the types in the repository if no typeId is provided |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/typeContainer |
Success HTTP status code: | 200 OK |
Service: | getTypeDefinition |
HTTP method: | GET |
Argument cmisselector: | typeDefinition |
Arguments: |
|
Response: | JSON representation of the specified type |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/typeDefinitionType |
Success HTTP status code: | 200 OK |
Service: | getCheckedOutDocs |
HTTP method: | GET |
Argument cmisselector: | checkedOut |
Arguments: |
|
Response: | JSON representation of the documents that have been checked out in the repository |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/objectList |
Success HTTP status code: | 200 OK |
Service: | createDocument |
HTTP method: | POST |
Control cmisaction: | createDocument |
Relevant CMIS Controls: |
|
Response: | JSON representation of the newly created, unfiled document |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 201 Created |
Service: | createDocumentFromSource |
HTTP method: | POST |
Control cmisaction: | createDocumentFromSource |
Relevant CMIS Controls: |
|
Response: | JSON representation of the newly created, unfiled document |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 201 Created |
Service: | createRelationship |
HTTP method: | POST |
Control cmisaction: | createRelationship |
Relevant CMIS Controls: |
|
Response: | JSON representation of the newly created relationship |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 201 Created |
Service: | createPolicy |
HTTP method: | POST |
Control cmisaction: | createPolicy |
Relevant CMIS Controls: |
|
Response: | JSON representation of the newly created, unfiled policy |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 201 Created |
Service: | createItem |
HTTP method: | POST |
Control cmisaction: | createItem |
Relevant CMIS Controls: |
|
Response: | JSON representation of the newly created, unfiled item |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 201 Created |
Service: | bulkUpdateProperties |
HTTP method: | POST |
Control cmisaction: | bulkUpdate |
Relevant CMIS Controls: |
|
Response: | List of ids of the updated objects with their new ids and change tokens |
Schema Element: | <Array>http://docs.oasis-open.org/ns/cmis/browser/201103/objectIdAndChangeToken |
Success HTTP status code: | 200 OK |
Service: | query |
HTTP method: | GET |
Argument cmisselector: | query |
Arguments: |
|
Response: | JSON representation of the results of the query |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/queryResultList |
Success HTTP status code: | 200 OK |
Service: | query |
HTTP method: | POST |
Control cmisaction: | query |
Relevant CMIS Controls: |
|
Response: | JSON representation of the results of the query |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/queryResultList |
Success HTTP status code: | 200 OK |
Service: | getContentChanges |
HTTP method: | GET |
Argument cmisselector: | contentChanges |
Arguments: |
|
Response: | JSON representation of the changed objects. The list object SHOULD contain the next change log token. |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/objectList |
Success HTTP status code: | 200 OK |
Service: | createType |
HTTP method: | POST |
Control cmisaction: | createType |
Relevant CMIS Controls: |
|
Response: | JSON representation of the newly created type |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/typeDefinitionType |
Success HTTP status code: | 201 Created |
Service: | updateType |
HTTP method: | POST |
Control cmisaction: | updateType |
Relevant CMIS Controls: |
|
Response: | JSON representation of the updated type |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/typeDefinitionType |
Success HTTP status code: | 200 OK |
Service: | deleteType |
HTTP method: | POST |
Control cmisaction: | deleteType |
Relevant CMIS Controls: |
|
Response: | empty |
Schema Element: | |
Success HTTP status code: | 200 OK |
HTTP method: | GET |
Argument cmisselector: | lastResult |
Arguments: |
|
Response: | See section 5.4.4.4 Access to Form Response Content |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/transaction |
Success HTTP status code: | 200 OK |
Service: | getChildren |
HTTP method: | GET |
Argument cmisselector: | children |
Arguments: |
|
Response: | JSON representation of the children of the specified folder |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/objectInFolderList |
Success HTTP status code: | 200 OK |
The selector can be omitted since getChildren only works on folders and the selector "children" is the default selector for folders.
Service: | getDescendants |
HTTP method: | GET |
Argument cmisselector: | descendants |
Arguments: |
|
Response: | JSON representation of the descendants of the specified folder |
Schema Element: | <Array>http://docs.oasis-open.org/ns/cmis/browser/201103/objectContainer |
Success HTTP status code: | 200 OK |
Service: | getFolderTree |
HTTP method: | GET |
Argument cmisselector: | folderTree |
Arguments: |
|
Response: | JSON representation of the folder tree of the specified folder |
Schema Element: | <Array>http://docs.oasis-open.org/ns/cmis/browser/201103/objectContainer |
Success HTTP status code: | 200 OK |
Service: | getFolderParent |
HTTP method: | GET |
Argument cmisselector: | parent |
Arguments: |
|
Response: | JSON representation of the parent folder of the specified folder |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 200 OK |
Service: | getObjectParents |
HTTP method: | GET |
Argument cmisselector: | parents |
Arguments: |
|
Response: | JSON representation of the folders that are the parents of the specified object |
Schema Element: | <Array>http://docs.oasis-open.org/ns/cmis/browser/201103/objectParent |
Success HTTP status code: | 200 OK |
Service: | getCheckedOutDocs |
HTTP method: | GET |
Argument cmisselector: | checkedout |
Arguments: |
|
Response: | JSON representation of the documents that have been checked out in this folder |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/objectList |
Success HTTP status code: | 200 OK |
Service: | createDocument |
HTTP method: | POST |
Control cmisaction: | createDocument |
Relevant CMIS Controls: |
|
Response: | JSON representation of the newly created document in this folder |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 201 Created |
Service: | createDocumentFromSource |
HTTP method: | POST |
Control cmisaction: | createDocumentFromSource |
Relevant CMIS Controls: |
|
Response: | JSON representation of the newly created document in this folder |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 201 Created |
Service: | createFolder |
HTTP method: | POST |
Control cmisaction: | createFolder |
Relevant CMIS Controls: |
|
Response: | JSON representation of the newly created folder in this folder |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 201 Created |
Service: | createPolicy |
HTTP method: | POST |
Control cmisaction: | createPolicy |
Relevant CMIS Controls: |
|
Response: | JSON representation of the newly created policy in this folder |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 201 Created |
Service: | createItem |
HTTP method: | POST |
Control cmisaction: | createItem |
Relevant CMIS Controls: |
|
Response: | JSON representation of the newly created item in this folder |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 201 Created |
Service: | getAllowableActions |
HTTP method: | GET |
Argument cmisselector: | allowableActions |
Arguments: |
|
Response: | JSON representation of the allowable actions of the specified object |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/allowableActions |
Success HTTP status code: | 200 OK |
Service: | getObject |
HTTP method: | GET |
Argument cmisselector: | object |
Arguments: |
|
Response: | JSON representation of the specified object |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 200 OK |
Service: | getProperties |
HTTP method: | GET |
Argument cmisselector: | properties |
Arguments: |
|
Response: | JSON representation of the properties of the specified object |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/properties |
Success HTTP status code: | 200 OK |
Service: | getObjectByPath |
HTTP method: | GET |
Argument cmisselector: | object |
Arguments: |
|
Response: | JSON representation of the specified object |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 200 OK |
Service: | getContentStream |
HTTP method: | GET |
Argument cmisselector: | content |
Arguments: |
|
Response: | The content stream |
Schema Element: | |
Success HTTP status code: | 200 OK |
The selector can be omitted since getContentStream only works on documents and the selector content is the default selector for documents.
If the request is not authenticated (no authentication HTTP header, no token, etc.) or the authentication details are invalid (wrong credentials, expired token, etc.), the repository MAY redirect the request to a login page (using HTTP status code 307 (Temporary Redirect)).
How the login works is repository specific. If the user can be logged on, the repository either returns the requested document content directly or redirects to a URL that provides the document content.
To control if the web browser should load and show the content or offer it for download, an application can ask the repository to set the HTTP header Content-Disposition (see [RFC6266]) by setting the download parameter. Valid values are inline (default) and attachment. These values correspond to the disposition-type in [RFC6266]. If the download parameter is not provides, the repository SHOULD set a Content-Disposition header with the disposition type inline.
Service: | getRenditions |
HTTP method: | GET |
Argument cmisselector: | renditions |
Arguments: |
|
Response: | JSON representation of the renditions for the specified object |
Schema Element: | <Array> http://docs.oasis-open.org/ns/cmis/browser/201103/rendition |
Success HTTP status code: | 200 OK |
Service: | updateProperties |
HTTP method: | POST |
Control cmisaction: | update |
Relevant CMIS Controls: |
|
Response: | JSON representation of the updated object |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 200 OK, if the object has been updated 201 Created, if a new version has been created |
Service: | moveObject |
HTTP method: | POST |
Control cmisaction: | move |
Relevant CMIS Controls: |
|
Response: | JSON representation of the moved object |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 201 Created |
Service: | deleteObject |
HTTP method: | POST |
Control cmisaction: | delete |
Relevant CMIS Controls: |
|
Response: | empty |
Schema Element: | |
Success HTTP status code: | 200 OK |
Service: | deleteTree |
HTTP method: | POST |
Control cmisaction: | deleteTree |
Relevant CMIS Controls: |
|
Response: | empty if successful. A list of Ids if at least one object could not been deleted. |
Schema Element: | |
Success HTTP status code: | 200 OK |
When the operation fails, meaning that some objects in the tree are not deleted, an instance of type http://docs.oasis-open.org/ns/cmis/browser/201103/ids containing a list of ids of the objects not deleted MUST be returned.
Service: | setContentStream |
HTTP method: | POST |
Control cmisaction: | setContent |
Relevant CMIS Controls: |
|
Response: | JSON representation of the object |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 201 Created |
Service: | appendContentStream |
HTTP method: | POST |
Control cmisaction: | appendContent |
Relevant CMIS Controls: |
|
Response: | JSON representation of the object |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 200 OK |
Service: | deleteContentStream |
HTTP method: | POST |
Control cmisaction: | deleteContent |
Relevant CMIS Controls: |
|
Response: | JSON representation of the object |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 200 OK |
Service: | addObjectToFolder |
HTTP method: | POST |
Control cmisaction: | addObjectToFolder |
Relevant CMIS Controls: |
|
Response: | JSON representation of the object |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 201 Created |
Service: | removeObjectFromFolder |
HTTP method: | POST |
Control cmisaction: | removeObjectFromFolder |
Relevant CMIS Controls: |
|
Response: | JSON representation of the object |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 201 Created |
Service: | checkOut |
HTTP method: | POST |
Control cmisaction: | checkOut |
Relevant CMIS Controls: |
|
Response: | JSON representation of the Private Working
Copy Note: The contentCopied flag is not returned. Clients may check content related properties such as the cmis:contentStreamLength property if the the Private Working Copy has a content stream. |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 201 Created |
Service: | cancelCheckOut |
HTTP method: | POST |
Control cmisaction: | cancelCheckOut |
Relevant CMIS Controls: |
|
Response: | empty |
Schema Element: | |
Success HTTP status code: | 200 OK |
Service: | checkIn |
HTTP method: | POST |
Control cmisaction: | checkIn |
Relevant CMIS Controls: |
|
Response: | JSON representation of the new version |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 201 Created |
Service: | getObjectOfLatestVersion |
HTTP method: | GET |
Argument cmisselector: | object |
Arguments: |
|
Response: | JSON representation of the specified object |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 200 OK |
Service: | getPropertiesOfLatestVersion |
HTTP method: | GET |
Argument cmisselector: | properties |
Arguments: |
|
Response: | JSON representation of the properties of the specified object |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/properties |
Success HTTP status code: | 200 OK |
Service: | getAllVersions |
HTTP method: | GET |
Argument cmisselector: | versions |
Arguments: |
|
Response: | JSON representation of all the versions in the Version Series |
Schema Element: | <array>http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 200 OK |
Service: | getObjectRelationships |
HTTP method: | GET |
Argument cmisselector: | relationships |
Arguments: |
|
Response: | JSON representations of the relationships of the specified object |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/objectList |
Success HTTP status code: | 200 OK |
Service: | getAppliedPolicies |
HTTP method: | GET |
Argument cmisselector: | policies |
Arguments: |
|
Response: | JSON representations of the policies applied to the specified object |
Schema Element: | <array>http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 200 OK |
Service: | applyPolicy |
HTTP method: | POST |
Control cmisaction: | applyPolicy |
Relevant CMIS Controls: |
|
Response: | JSON representation of the updated object |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 200 OK |
Service: | removePolicy |
HTTP method: | POST |
Control cmisaction: | removePolicy |
Relevant CMIS Controls: |
|
Response: | JSON representation of the updated object |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/object |
Success HTTP status code: | 200 OK |
Service: | applyACL |
HTTP method: | POST |
Control cmisaction: | applyACL |
Relevant CMIS Controls: |
|
Response: | JSON representation of the updated ACL |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/acl |
Success HTTP status code: | 200 OK |
Service: | getACL |
HTTP method: | GET |
Argument cmisselector: | acl |
Arguments: |
|
Response: | JSON representation of the ACL |
Schema Element: | http://docs.oasis-open.org/ns/cmis/browser/201103/acl |
Success HTTP status code: | 200 OK |
As described in section 5.4 Services HTML forms are used to create, update and delete CMIS content.
The form submission method (HTML form attribute "method") MUST be "POST". If a content stream is not attached to the form, the encoding type (HTML form attribute "enctype") MUST be either application/x-www-form-urlencoded or multipart/form-data. If a content stream is attached, the encoding type MUST be multipart/form-data.
The names of the controls within the form are defined by the patterns in the following sections. All control names are case-insensitive as defined by the HTML specification. Control names MUST be unique within a form. If the control value of an optional parameter is set to an empty string ("") the default value MUST be used.
A client MAY add controls to a form that are not defined by CMIS as long as the control names don’t conflict with the patterns described in this specification.
Since control values are strings, all other data types have to be serialized to strings. The same rules that apply to the serialization to JSON apply here.
An HTML form used to POST CMIS content MUST include a control named "cmisaction" that indicates the CMIS operation to be performed. See section 5.4 Services for valid control values. The value of the control is case insensitive.
Example:
Some CMIS operations require structured parameters and arrays of values. Since HTML forms don’t support that usage, some CMIS operation parameters are split into multiple controls in a form.
For example, a CMIS property is split into a control that holds the property id and another control that hold property value. The association between the two controls is done by convention.
The entirety of all properties is made up of an array of these property controls.
Names of controls that are part of an array end with "[<index>]" where <index> is a positive integer. Arrays MUST always start with the index 0 and MUST be gapless.
Example:
An array of three properties looks like this in a HTML form:
If a client sends invalid, incomplete or inconsistent data the repository SHOULD throw an invalidArgument exception.
This section lists all HTML form controls used by CMIS services.
Control name: | succinct |
Control value: | "true" or not set |
Example:
Control name: | token |
Control value: | Token String |
Example:
Control name: | objectId |
Control value: | Object Id |
Example:
Control name: | objectId[<idIndex>] |
Control value: | Object Id |
Example:
Control name: | folderId |
Control value: | Folder Id |
Example:
Control name: | sourceId |
Control value: | Source Id |
Example:
Control name: | sourceFolderId |
Control value: | Folder Id |
Example:
Control name: | targetFolderId |
Control value: | Folder Id |
Example:
Control name: | policyId |
Control value: | Policy Id |
Example:
Control name: | typeId |
Control value: | Object-type Id |
Example:
<propIndex> does not imply any order.
Control name: | propertyId[<propIndex>] |
Control value: | Property Id |
Control name: | propertyValue[<propIndex>] |
Control value: | Property Value |
Example:
<propIndex> does not imply any order, but <seqIndex> defines the order of the values.
Control name: | propertyId[<propIndex>] |
Control value: | Property Id |
Control name: | propertyValue[<propIndex>][<seqIndex>] |
Control value: | Property value at position <seqIndex> |
Example:
Control name: | addSecondaryTypeId[<typeIndex>] |
Control value: | Secondary Type Id |
Example:
Control name: | removeSecondaryTypeId[<typeIndex>] |
Control value: | Secondary Type Id |
Example:
<addACEIndex> and <permIndex> don’t imply any order.
Control name: | addACEPrincipal[<addACEIndex>] |
Control value: | Principal Id |
Control name: | addACEPermission[<addACEIndex>][<permIndex>] |
Control value: | Permission String |
Example:
<removeACEIndex> and <permIndex> don’t imply any order.
Control name: | removeACEPrincipal[<removeACEIndex>] |
Control value: | Principal Id |
Control name: | removeACEPermission[<removeACEIndex>][<permIndex>] |
Control value: | Permission String |
Example:
Control name: | ACLPropagation |
Control value: | ACL propagation enum ("objectonly", "propagate", "repositorydetermined") |
Example:
<policyIndex> does not imply any order.
Control name: | policy[<policyIndex>] |
Control value: | Policy Id |
Example:
Control name: | changeToken |
Control value: | Change Token |
Example:
The rules defined in section 5.4.4.3.19 Change Token apply to each change token.
Control name: | changeToken[<idIndex>] |
Control value: | Change Token |
Example:
Control name: | allVersions |
Control value: | Boolean ("true", "false") |
Example:
Control name: | unfileObjects |
Control value: | enumUnfileObject ("unfile", "deletesinglefiled", "delete") |
Example:
Control name: | continueOnFailure |
Control value: | Boolean ("true", "false") |
Example:
Control name: | overwriteFlag |
Control value: | Boolean ("true", "false") |
Example:
Control name: | isLastChunk |
Control value: | Boolean ("true", "false") |
Example:
Control name: | major |
Control value: | Boolean ("true", "false") |
Example:
Control name: | versioningState |
Control value: | Versioning state enum ("none", "major", "minor", "checkedout") |
Example:
Control name: | checkinComment |
Control value: | Checkin comment |
Example:
Control name: | statement |
Control value: | CMIS query statement |
Control name: | searchAllVersions |
Control value: | Boolean ("true", "false") |
Control name: | includeRelationships |
Control value: | includeRelationships enum ("none", "source" ,"target", "both") |
Control name: | renditionFilter |
Control value: | Rendition filter. See section 2.2.1.2.4 Renditions. |
Control name: | includeAllowableActions |
Control value: | Boolean ("true", "false") |
Example:
Control name: | content |
Control value: | none |
Control name: | type |
Control value: | JSON representation of the type definition. Schema element: http://docs.oasis-open.org/ns/cmis/browser/201103/typeDefinitionType |
JSON response content is subject to the same security constraints as any other kind of JavaScript which means that a browser will not allow JavaScript in a page to access JSON objects included in an HTML Form response if that response came from a different domain than the rest of the page content. For example, suppose a browser displayed an HTML Form from Web Server foo.example.com to create a document in a CMIS repository on server bar.example.com. When the user submits the form, there is no way for the page to access the JSON object representing the new document created as a response to the submitted form.
To make it possible for a browser client to access the JSON content answered from the CMIS repository, the repository MUST keep the core result details (the status code, object id and potential error message) of a completed request and make those details available to the client in a later request.
To correlate the result of a CMIS request with the later call to retrieve the result of that request, the "token" is used (see section 5.2.9.2 Authentication with Tokens for Browser Clients).
After the operation has been performed, the client can retrieve the result by sending a HTTP GET requested to the Repository URL with the selector set to lastResult and an parameter token which is set to the same token string previously sent with the form.
The result details MUST be answered as a JSON object containing these elements.
The result details SHOULD
If the value of the parameter token is invalid, the "code" field of this JSON object MUST be set to 0.
If the token control is not specified in the form, the repository does not need to keep the result details because there is no way for the client to retrieve them. Note that in this case some other form of authentication SHOULD be in place.
If the token control is specified, the repository MUST return the HTTP status code 200 and a HTML page. This is necessary to avoid problems with certain web browsers, which cannot display a JSON response or ask the end user to save the JSON response. Since the purpose of this method is to fetch the result of the request at a later point in time, the immediate response doesn’t matter and can be empty.
Example:
When the client submits the HTML form, it can include a form control with the name "token" like this:
Soon thereafter, the client could retrieve the results of the form post by making a request like this
http://example.com/cmis/repository/123?cmisselector=lastResult&
callback=showNewDocumentId&token=e45ab575d6fe4aab901e9
and then, the repository would answer a JSON object that contains the result details, like
The client can then retrieve the details for the object using its objectId.
Therefore, clients should redirect the response to a hidden HTML iframe. The iframe’s onLoad event can be used as an operation status notification. When it is triggered the operation is complete on the repository side and it is safe then to retrieve the results.
When a repository receives a lastResult request it should check the IP address of the client and the expiration time of the result details before it replies. This ensures that the data is not being retrieved by a malicious client, and that the requested data is relevant.
When a token control is sent with the form data, the repository can attach a cookie to its POST response. The cookie name is derived from the token value and the cookie value would contain the result details.
When the repository receives a lastResult request, it also receives the cookies from the browser. So, if the repository can find a cookie that matches the token parameter value it can send back the cookie value and delete the cookie. If there is no corresponding cookie, it can reply with an error message.
Since the browser takes care of the cookie expiration and cookies can only be sent from the originating client, there are no new additional security and lifecycle issues for the repository to handle.
Specification:
| |
This specification references a number of other specifications. In order to comply with this specification, an implementation MUST
implement the portions of referenced specifications necessary to comply with the required provisions of this specification. Additionally, the
implementation of the portions of the referenced specifications that are specifically cited in this specification MUST comply with the rules
for those portions as established in the referenced specification.
An implementation conforms to this specification if it satisfies all of the MUST or REQUIRED level requirements defined within this specification. |
|
Domain Model: | |
Normative text within this specification takes precedence over the CMIS schemas.
That is, the normative text in this specification further constrains the schemas and/or WSDL that are part of this specification; and this specification contains further constraints on the elements defined in referenced schemas. |
|
Clients:
| |
Client implementations MAY implement the AtomPub Binding or the Web Services Binding or the Browser Binding. | |
Repositories:
| |
Repositories MUST implement the following CMIS protocol bindings:
Repositories SHOULD implement the following CMIS protocol binding:
|
|
AtomPub Binding:
| |
This specification references a number of other specifications. In order to comply with this specification, an implementation MUST
implement the portions of referenced specifications necessary to comply with the required provisions of this specification. Additionally, the
implementation of the portions of the referenced specifications that are specifically cited in this specification MUST comply with the rules
for those portions as established in the referenced specification. Additionally normative text within this specification takes precedence over
the CMIS RestAtom XML Schema. That is, the normative text in this specification further constrains the schemas that are part of this
specification; and this specification contains further constraints on the elements defined in referenced schemas.
The CMIS RestAtom XML takes precedence over any examples or non-normative outlines included either in this document or as standalone examples. |
|
Web Services Binding:
| |
Normative text within this specification takes precedence over the CMIS Messaging XML and CMIS WSDL. That is, the normative text
in this specification further constrains the schemas and WSDL that are part of this specification; and this specification contains further
constraints on the elements defined in referenced schemas.
The CMIS Messaging XML and CMIS WSDL takes precedence over any examples or non-normative outlines included either in this document or as standalone examples. |
|
Browser Binding:
| |
Normative text within this specification takes precedence over the CMIS Orderly Schema. That is, the normative text in this specification
further constrains the schema that is part of this specification; and this specification contains further constraints on the elements defined
in the referenced schema.
The CMIS Orderly Schema takes precedence over any examples or non- normative outlines included either in this document or as standalone examples. |
|
A CMIS Query Document, when serialized as XML 1.0, can be identified with the following media type:
MIME media type name: application
MIME subtype name: cmisquery +xml
Mandatory parameters: None
Optional parameters: "charset": This parameter has semantics identical to the charset parameter of the "application/xml" media type as specified in [RFC3023].
Encoding considerations: Identical to those of "application/xml" as described in [RFC3023], Section 3.2.
Security considerations: As defined in this specification. In addition, as this media type uses the "+xml" convention, it shares the same security considerations as described in [RFC3023], Section 10.
Interoperability considerations: There are no known interoperability issues.
Published specification: This specification.
Applications that use this media type: No known applications currently use this media type.
Additional information:
Magic number(s): As specified for "application/xml" in [RFC3023], Section 3.2.
File extension: .cmisquery
Fragment identifiers: As specified for "application/xml" in [RFC3023], Section 5.
Base URI: As specified in [RFC3023], Section 6.
Macintosh File Type code: TEXT
Person and email address to contact for further information: OASIS CMIS TC <cmis@lists.oasis-open.org>
Intended usage: COMMON
Author/Change controller: IESG
A CMIS Allowable Actions Document, when serialized as XML 1.0, can be identified with the following media type:
MIME media type name: application
MIME subtype name: cmisallowableactions +xml
Mandatory parameters: None.
Optional parameters: "charset": This parameter has semantics identical to the charset parameter of the "application/xml" media type as specified in [RFC3023].
Encoding considerations: Identical to those of "application/xml" as described in [RFC3023], Section 3.2.
Security considerations: As defined in this specification. In addition, as this media type uses the "+xml" convention, it shares the same security considerations as described in [RFC3023], Section 10.
Interoperability considerations: There are no known interoperability issues.
Published specification: This specification.
Applications that use this media type: No known applications currently use this media type.
Additional information:
Magic number(s): As specified for "application/xml" in [RFC3023], Section 3.2.
File extension: .cmisallowableactions
Fragment identifiers: As specified for "application/xml" in [RFC3023], Section 5.
Base URI: As specified in [RFC3023], Section 6.
Macintosh File Type code: TEXT
Person and email address to contact for further information: OASIS CMIS TC <cmis@lists.oasis-open.org>
Intended usage: COMMON
Author/Change controller: IESG
A CMIS Tree Document, when serialized as XML 1.0, can be identified with the following media type:
MIME media type name: application
MIME subtype name: cmistree +xml
Mandatory parameters: None.
Optional parameters: "charset": This parameter has semantics identical to the charset parameter of the "application/xml" media type as specified in [RFC3023].
Encoding considerations: Identical to those of "application/xml" as described in [RFC3023], Section 3.2.
Security considerations: As defined in this specification. In addition, as this media type uses the "+xml" convention, it shares the same security considerations as described in [RFC3023], Section 10.
Interoperability considerations: There are no known interoperability issues.
Published specification: This specification.
Applications that use this media type: No known applications currently use this media type.
Additional information:
Magic number(s): As specified for "application/xml" in [RFC3023], Section 3.2.
File extension: .cmistree
Fragment identifiers: As specified for "application/xml" in [RFC3023], Section 5.
Base URI: As specified in [RFC3023], Section 6.
Macintosh File Type code: TEXT
Person and email address to contact for further information: OASIS CMIS TC <cmis@lists.oasis-open.org>
Intended usage: COMMON
Author/Change controller: IESG
A CMIS Atom Document, when serialized as XML 1.0, can be identified with the following media type:
MIME media type name: application
MIME subtype name: cmisatom +xml
Mandatory parameters: None.
Optional parameters: "charset": This parameter has semantics identical to the charset parameter of the "application/xml" media type as specified in [RFC3023]. "type": This parameter has semantics identical to the type parameter of the "application/atom+xml" as specified in [RFC4287]
Encoding considerations: Identical to those of "application/xml" as described in [RFC3023], Section 3.2.
Security considerations: As defined in this specification. In addition, as this media type uses the "+xml" convention, it shares the same security considerations as described in [RFC3023], Section 10.
Interoperability considerations: There are no known interoperability issues.
Published specification: This specification.
Applications that use this media type: No known applications currently use this media type.
Additional information:
Magic number(s): As specified for "application/xml" in [RFC3023], Section 3.2.
File extension: .cmisatom
Fragment identifiers: As specified for "application/xml" in [RFC3023], Section 5.
Base URI: As specified in [RFC3023], Section 6.
Macintosh File Type code: TEXT
Person and email address to contact for further information: OASIS CMIS TC <cmis@lists.oasis-open.org>
Intended usage: COMMON
Author/Change controller: IESG
Please see section 3.1.1 on why this media type is needed above the Atom Media Type.
A CMIS ACL Document, when serialized as XML 1.0, can be identified with the following media type:
MIME media type name: application
MIME subtype name: cmisacl +xml
Mandatory parameters: None.
Optional parameters: "charset": This parameter has semantics identical to the charset parameter of the "application/xml" media type as specified in [RFC3023].
Encoding considerations: Identical to those of "application/xml" as described in [RFC3023], Section 3.2.
Security considerations: As defined in this specification. In addition, as this media type uses the "+xml" convention, it shares the same security considerations as described in [RFC3023], Section 10.
Interoperability considerations: There are no known interoperability issues.
Published specification: This specification.
Applications that use this media type: No known applications currently use this media type.
Additional information:
Magic number(s): As specified for "application/xml" in [RFC3023], Section 3.2.
File extension: .cmisacl
Fragment identifiers: As specified for "application/xml" in [RFC3023], Section 5.
Base URI: As specified in [RFC3023], Section 6.
Macintosh File Type code: TEXT
Person and email address to contact for further information: OASIS CMIS TC <cmis@lists.oasis-open.org>
Intended usage: COMMON
Author/Change controller: IESG
The following is a description of the Orderly Language. In this description, we have liberally copied sections from the original Orderly definition from http://Orderly-json.org/. In some cases, there may be differences between the description here and the description from http://Orderly-json.org/. In any case, the description of Orderly in this specification SHALL be used to describe the JSON elements of this specification.
Orderly is an ergonomic micro-language that can represent a subset of JSONSchema. Orderly is designed to feel familiar to the average programmer and to be extremely easy to learn and remember. This document provides a conversational overview of Orderly as well as a normative grammar.
JSONSchema attempts to provide a representation for three distinct types of information about JSON structures:
Orderly purposefuly ignores all features of JSONSchema which aren’t useful for validation, including the following attributes:
An exhaustive list of the differences between Orderly and JSONSchema is below.
A collection of Non-normative examples of Orderly:
Orderly supports comments, comments are initiated with either ’#’ or ’//’ and continue to the first encountered newline (’\n’).
Orderly doesn’t rely overmuch on whitespace, leaving the decision of how to format your schema up to you.
Property names may be anything that is allowed inside JSON strings. Unlike JSON itself, however, Orderly provides a shorthand that allows a subset of strings to be represented without quotes.
For instance these are all valid Orderly:
From the JSONSchema specification, four options exist which apply to all data types:
The optional property indicates a value which is not required in a conformant JSON instance. Optional values are represented in Orderly with a trailing question mark:
The requires property says that if a value is present in the instance JSON, another named value MUST also be present. In Orderly a requirement on another type is expressed by placing the property name (optionally quoted) enclosed in angle brackets at the end of a type definition:
Multiple properties MAY be required, and SHOULD be separated with commas:
The enum property specifies a set of allowable values for a key in the JSON document.
In a JSONSchema document the default property specifies a default value for a property. One could imagine that as an input object passes validation it will be automatically augmented with default values for required properties missing in the instance object. The specification of default values in Orderly looks something like assignment in most programming languages:
Strings are specified in Orderly using the string type specifier. Strings in JSONSchema support "minLength" and "maxLength" properties, which are represented in Orderly using curly braces immediately after the type:
Omission of a specification of either minimum or maximum is allowed:
Regular expressions are supported in JSONSchema for string values. In Orderly you may directly provide a regular expression using ’/’ syntax to denote the beginning and end of the regular expression:
Numbers are specified in Orderly using the number type specifier. In JSONSchema numbers and integers support ranges, in Orderly these ranges for numbers are specified in the same way we specify ranges for strings:
Syntactically, numbers in Orderly follow the same rules as numbers in JSON.
Boolean types are represented in Orderly using the boolean type specifier:
Objects are represented in Orderly using the object type specifier:
Object definitions may be "closed", meaning that properties that are not explicitly mentioned are not allowed, or "open". A trailing star (*) indicates an "open" object defintion:
Arrays are specified using the array type specifier. Schemas for arrays elements may be specified in one of two ways. First, we can specify a single schema that governs all array members, with the schema enclosed by square brackets:
Alternately, "tuple typing" may be used to specify the allowable values for an array, in this case a list of schemas that apply to each member of the array in sequence:
When tuple typing is used, the * operator may be used to allow additional elements at the end of an array. For instance, to specify an array where the first element is an integer and the remaining are of arbitrary number and type, one might use the following schema:
Finally, array types also support range semantics, for min/max number of elements:
JSONSchema provides the additionalProperties attribute, which allows a schema author to either:
Orderly allows you to specify if additional properties SHOULD be allowed, but does not allow you to specify a schema which governs these additional properties. A trailing * in Orderly indicates additional properties are allowed, and occurs immediately after the definition of nested schemas (the closing curly brace) for both objects:
And for arrays:
The null type in JSONSchema specifies a value that MUST be null. The null type specifier is Orderly’s equivalent:
As explained in the JSONSchema proposal, null is useful "mainly for purpose of being able use union types to define nullability". For example:
"Any types" are represented in Orderly using the any type specifier:
It is possible in JSONSchema to specify a property that may be of one of many different types. In Orderly this functionality is represented using the union type specifier:
A key syntactic feature to note is the supported (required?) omission of property names where they would be meaningless.
Associative arrays are neither defined in Orderly nor in JSONSchema. The CMIS Browser Binding introduces associative arrays (“maps”) to describe a collection of unique keys and a collection of values.
Maps describe JSON objects without fixing the property names and the number of properties. The keys become JSON object property names and have to be non-null strings. Keys can be restricted, for example, by defining a min and max length, regular expressions, an enum, etc. The values data type can be defined by any unnamed entry including null.
Maps are specified using the map type specifier. Key and value types are defined within curly braces. The key type first, followed by “=>”, followed by the value type:
For example:
Orderly is capable of concisely representing a subset of JSONSchema, however at times it might be desirable to be able to represent properties in JSONSchema that are not supported natively in Orderly. For this reason the backtick operators will allow you to encode a JSON object as part of an Orderly schema.
For example to attach a description to a schema entry one might generate something like:
The author has full control over formatting, as whitespace is ignored:
Schema elements can have an id, specified using the property “id”.
For example:
The reference type specifier “ref” is used to refer to another Orderly schema element using the “id” described in section B.3.15. For example:
The specifier "base" is used to define the base schema element of the element. All properties are inherited from the base element. For example:
A number with a range, enumerated possible values, and a default value:
An object with enumerated possible values and a default.
When you stare hard enough at the grammar of a non-trivial language you usually learn quite a deal. Sometimes what you learn can be surprising or downright confusing. Here’s a tour of the darker parts alleys of Orderly:
Brackets and braces – visually a tad confusing:
And a little bit more confusing:
Allart, Philippe | Adullact |
Boses, Michael | Quark |
Brown, Mr. Jay | IBM |
Carlson, Mr Mark | Oracle Corporation |
Carr, Mr. Derek | IBM |
Caruana, Mr. David | Alfresco Software |
Cava, Mr. Bill | Ektron |
Chan, Mr. Eric | Oracle Corporation |
Charles, Mr. Sameer | Magnolia International AG |
Chow, Alexander | Liferay, Inc. |
Chow, Derek | Genus Technologies, LLC |
Choy, David | Individual |
Churchland, Mr. David | Hewlett-Packard |
Croisier, Mr. Stephane | RSD |
Davis, Cornelia | EMC Corporation |
de Kruijff, Mr. Bram | GX Software |
Doong, Ms. Jane | IBM |
Duerig, Mr. Michael | Adobe Systems |
Dufault, Randy | Genus Technologies, LLC |
Eberding, Karsten | Individual |
Ewing, Mr. Andrew | Hewlett-Packard |
Fanning, Betsy | AIIM |
Frederiksen, Steffen | Content Technologies ApS |
Garroni, Mr. Paolo | ISIS Papyrus America Inc. |
Geisert, Mr. Uwe | Open Text Corporation |
Goetz, Mr. Paul | SAP AG |
Guillaume, Florent | Nuxeo |
Haag, Mr. Alexander | WeWebU Software AG |
Harmetz, Adam | Microsoft Corporation |
Hemmert, Mr. Valentin | WeWebU Software AG |
Hermes, Mr. Martin | SAP AG |
Hind, Dr. Andrew | Alfresco Software |
Hübel, Mr. Jens | SAP AG |
Janssen, Mr. Gershon | Individual |
Jean, Mr. Raphael | Entropysoft |
Joyer, Mr. Neil | Microsoft Corporation |
Kadlabalu, Hareesh | FatWire |
Klamerus, Mr. Mark | Individual |
Klevenz, Mr. Stephan | SAP AG |
Kraft, Mr. Boris | Magnolia International AG |
Lee, Mr. GI | Zia Consulting, Inc. |
Macmillan, Ms. Alison | Oracle Corporation |
Malabarba, Mr. Scott | IBM |
McVeigh, Mr. Ryan | Zia Consulting, Inc. |
Melahn, Mr. Gregory | IBM |
Michel, Mr. James | WeWebU Software AG |
Miller, Mr. Pat | Microsoft Corporation |
Monks, Peter | Alfresco Software |
Mooty, Mr. Mathew | Microsoft |
Müller, Mr. Florian | SAP AG |
Newton, John | Alfresco Software |
Nuescheler, David | Adobe Systems |
OBrien, Tom | Ektron |
Palmer, Dr. Jody | Open Text Corporation |
Patel, Mr. Alpesh | Ektron |
Pausch, Rainer | WeWebU Software AG |
Piegaze, Mr. Peeter | Adobe Systems |
Pitfield, Mr. David | Oracle Corporation |
Pole, Thomas | Harris Corp |
Quinn, Norrie | EMC Corporation |
Randall, Craig | Adobe Systems |
Rodriguez, Celso | ASG Software Solutions |
Roth, Steve | Oracle Corporation |
Ryan, Mr. Patrick | IBM |
Schnabel, Bryan | Individual |
Schreiber, Angela | Adobe Systems |
Tazbaz, Paul | Wells Fargo |
Ward, Mr. Patrick | Booz Allen Hamilton |
The following changes have been made to CMIS 1.1: