JMAP for Contacts

Introduction JMAP ( JSON Meta Application Protocol) is a generic protocol for synchronising data, such as mail, calendars or contacts, between a client and a server. It is optimised for mobile and web environments, and aims to provide a consistent interface to different data types. This specification defines a data model for synchronising contacts between a client and a server using JMAP.

Notational conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. Type signatures, examples and property descriptions in this document follow the conventions established in Section 1.1 of . Data types defined in the core specification are also used in this document.

Terminology The same terminology is used in this document as in the core JMAP specification, see , Section 1.6. The terms AddressBook and ContactCard (with these specific capitalizations) are used to refer to the data types defined in this document and instances of those data types.

Data Model Overview An Account (see , Section 1.6.2) with support for the contacts data model contains zero or more AddressBook objects, which is a named collection of ContactCards. A ContactCard is a representation of a person, company, or other entity, or a group of such entities, in RFCXXXX JSContact Card format. Each ContactCard belongs to one or more AddressBooks. In servers with support for JMAP Sharing [RFC XXX], data may be shared with other users. Sharing permissions are managed per AddressBook.

Addition to the Capabilities Object The capabilities object is returned as part of the JMAP Session object; see , Section 2. This document defines two additional capability URIs.

urn:ietf:params:jmap:contacts This represents support for the AddressBook and ContactCard data types and associated API methods. The value of this property in the JMAP Session capabilities property is an empty object. The value of this property in an account’s accountCapabilities property is an object that MUST contain the following information on server capabilities and permissions for that account:

maxAddressBooksPerCard: UnsignedInt|null The maximum number of AddressBooks (see Section XXX) that can be can assigned to a single ContactCard object (see Section XXX). This MUST be an integer >= 1, or null for no limit (or rather, the limit is always the number of AddressBooks in the account).
mayCreateAddressBook: Boolean If true, the user may create an AddressBook in this account.

AddressBooks An AddressBook is a named collection of ContactCards. All ContactCards are associated with one or more AddressBook. A AddressBook object has the following properties:

id: Id (immutable; server-set) The id of the AddressBook.
name: String The user-visible name of the AddressBook. This may be any UTF-8 string of at least 1 character in length and maximum 255 octets in size.
isSubscribed: Boolean Has the user indicated they wish to see this AddressBook in their client? This SHOULD default to false for AddressBooks in shared accounts the user has access to and true for any new AddressBooks created by the user themself. If false, the AddressBook and its contents should only be displayed when the user explicitly requests it or to offer it for the user to subscribe to.
shareWith: Id[AddressBookRights]|null (default: null) A map of Principal id to rights for principals this AddressBook is shared with. The principal to which this AddressBook belongs MUST NOT be in this set. This is null if the AddressBook is not shared with anyone. May be modified only if the user has the mayAdmin right. The account id for the principals may be found in the urn:ietf:params:jmap:principals:owner capability of the Account to which the AddressBook belongs.
myRights: AddressBookRights (server-set) The set of access rights the user has in relation to this AddressBook.

An AddressBookRights object has the following properties:

mayRead: Boolean The user may fetch the ContactCards in this AddressBook.
mayWrite: Boolean The user may create, modify or destroy all ContactCards in this AddressBook, or move them to or from this AddressBook.
mayAdmin: Boolean The user may modify sharing for this AddressBook.
mayDelete: Boolean The user may delete the AddressBook itself.

AddressBook/get This is a standard "/get" method as described in , Section 5.1. The ids argument may be null to fetch all at once.

AddressBook/changes This is a standard "/changes" method as described in , Section 5.2.

AddressBook/set This is a standard "/set" method as described in , Section 5.3 but with the following additional request argument:

onDestroyRemoveContents: Boolean (default: false) If false, any attempt to destroy an AddressBook that still has a ContactCard in it will be rejected with a addressBookHasContents SetError. If true, any ContactCards that were in the AddressBook will be destroyed.

The "shareWith" property may only be set by users that have the mayAdmin right. When modifying the shareWith property, the user cannot give a right to a principal if the principal did not already have that right and the user making the change also does not have that right. Any attempt to do so must be rejected with a forbidden SetError. Users can subscribe or unsubscribe to an AddressBook by setting the "isSubscribed" property. The server MAY forbid users from subscribing to certain AddressBooks even though they have permission to see them, rejecting the update with a forbidden SetError. The following extra SetError types are defined: For "destroy":

addressBookHasContents: The AddressBook has at least one ContactCard assigned to it, and the "onDestroyRemoveContents" argument was false.

ContactCards A ContactCard object contains information about a person, company, or other entity, or represents a group of such entities. It is a JSCard object, as defined in RFCXXXX, with the following additional properties:

id: Id (immutable; server-set) The id of the ContactCard. The id uniquely identifies a ContactCard with a particular "uid" within a particular account.
addressBookId: Id[Boolean] The set of AddressBook ids this ContactCard belongs to. A card MUST belong to at least one AddressBook at all times (until it is destroyed). The set is represented as an object, with each key being an AddressBook id. The value for each key in the object MUST be true.

For any Media object in the card (see RFCXXX, Section XXX), a new property is defined:

blobId: Id An id for the Blob representing the binary contents of the resource.

When returning ContactCards, any Media with a data: URI SHOULD return a blobId property and omit the uri property. The "mediaType" property MUST also be set. Similarly, when creating or updating a ContactCard, clients MAY send a blobId instead of the uri property for a Media object. A contact card with a "kind" property equal to "group" represents a group of contacts. Clients often present these separately from other contact cards. The "members" property, as defined in RFC XXX, Section XXX, contains a set of UIDs for other contacts that are the members of this group. Clients should consider the group to contain any ContactCard with a matching UID, from any account they have access to with support for the urn:ietf:params:jmap:contacts capability. UIDs that cannot be found SHOULD be ignored but preserved. For example, suppose a user adds contacts from a shared address book to their private group, then temporarily loses access to this address book. The UIDs cannot be resolved so the contacts will disappear from the group. However, if they are given permission to access the data again the UIDs will be found and the contacts will reappear.

ContactCard/get This is a standard "/get" method as described in , Section 5.1.

ContactCard/changes This is a standard "/changes" method as described in , Section 5.2.

ContactCard/query This is a standard "/query" method as described in , Section 5.5.

Filtering A FilterCondition object has the following properties, any of which may be omitted:

inAddressBook: Id An AddressBook id. A card must be in this address book to match the condition.
uid: String A card must have this string exactly as its uid to match.
hasMember: String A card must have a "members" property that contains this string as one of the uids in the set to match.
kind: String A card must have a type property that equals this string exactly to match.
createdBefore: UTCDate The "created" date-time of the ContactCard must be before this date-time to match the condition.
createdAfter: UTCDate The "created" date-time of the ContactCard must be the same or after this date-time to match the condition.
updatedBefore: UTCDate The "updated" date-time of the ContactCard must be before this date-time to match the condition.
updatedAfter: UTCDate The "updated" date-time of the ContactCard must be the same or after this date-time to match the condition.
text: String A card matches this condition if the text matches with text in the card.
name: String A card matches this condition if the value of any NameComponent in the "name" property, or the "full" property in the "name" property of the card matches the value.
name/given: String A card matches this condition if the value of a NameComponent with kind "given" inside the "name" property of the card matches the value.
name/surname: String A card matches this condition if the value of a NameComponent with kind "surname" inside the "name" property of the card matches the value.
name/surname2: String A card matches this condition if the value of a NameComponent with kind "surname2" inside the "name" property of the card matches the value.
nickName: String A card matches this condition if the "name" of any NickName in the "nickNames" property of the card matches the value.
organization: String A card matches this condition if the "name" of any Organization in the "organizations" property of the card matches the value.
email: String A card matches this condition if the "address" or "label" of any EmailAddress in the "emails" property of the card matches the value.
phone: String A card matches this condition if the "number" or "label" of any Phone in the "phones" property of the card matches the value.
onlineService: String A card matches this condition if the "service", "uri", "user", or "label" of any OnlineService in the "onlineServices" property of the card matches the value.
address: String A card matches this condition if the value of any StreetComponent in the "street" property, or the "locality", "region", "country", or "postcode" property in any Address in the "addresses" property of the card matches the value.
note: String A card matches this condition if the "note" of any Note in the "notes" property of the card matches the value.

If zero properties are specified on the FilterCondition, the condition MUST always evaluate to true. If multiple properties are specified, ALL must apply for the condition to be true (it is equivalent to splitting the object into one-property conditions and making them all the child of an AND filter operator). The exact semantics for matching String fields is deliberately not defined to allow for flexibility in indexing implementation, subject to the following:

Text SHOULD be matched in a case-insensitive manner.
Text contained in either (but matched) single or double quotes SHOULD be treated as a phrase search, that is a match is required for that exact sequence of words, excluding the surrounding quotation marks. Use \", \' and \\ to match a literal ", ' and \ respectively in a phrase.
Outside of a phrase, white-space SHOULD be treated as dividing separate tokens that may be searched for separately in the contact, but MUST all be present for the contact to match the filter.
Tokens MAY be matched on a whole-word basis using stemming (so for example a text search for bus would match "buses" but not "business").

Sorting The following value for the "property" field on the Comparator object MUST be supported for sorting:

"created" - The "created" date on the ContactCard.
"updated" - The "updated" date on the ContactCard.

The following values for the "property" field on the Comparator object SHOULD be supported for sorting:

"name/given" - The value of the first NameComponent in the "name" property whose "kind" is "given".
"name/surname" - The value of the first NameComponent in the "name" property whose "kind" is "surname".
"name/surname2" - The value of the first NameComponent in the "name" property whose "kind" is "surname2".

ContactCard/queryChanges This is a standard "/queryChanges" method as described in , Section 5.6.

ContactCard/set This is a standard "/set" method as described in , Section 5.3. To set a new photo, the file must first be uploaded using the upload mechanism as described in , Section 6.1. This will give the client a valid blobId/size/type to use. The server SHOULD reject attempts to set a file that is not a recognised image type as the photo for a card.

ContactCard/copy This is a standard "/copy" method as described in , Section 5.4.

Security considerations All security considerations of JMAP () apply to this specification. Additional considerations specific to the data types and functionality introduced by this document are described in the following subsections.

Privacy Contacts consist almost entirely of private, personally identifiable information, and represent the social connections of users. Privacy leaks can have real world consequences, and contacts servers and clients MUST be mindful of the need to keep all data secure. Servers MUST enforce the ACLs set on address books to ensure only authorised data is shared.

IANA Considerations

JMAP capability registration for "contacts" IANA will register the "contacts" JMAP Capability as follows: Capability Name: urn:ietf:params:jmap:contacts Specification document: this document Intended use: common Change Controller: IETF Security and privacy considerations: this document, section XXX