LWS Protocol

The LWS Protocol defines standard interactions by which a some party can make some resources available to some agents.

• served resource - ( available resource? published resource? ) ( not defined in UCS ) A network-accessible entity exposed by a service for interaction, retrieval, or manipulation using the protocol defined in this document.
• requesting agent - ( entity in UCS ) An entity (e.g., client, user, or process) that initiates a request to interact with a servable resource.

A resource manager may keep a served resource private, may make it publicly available to anyone, or may limited its visibility to a constrained set of requesting agents .

• authentication - the process of verifying the identity of an agent executing a request.
• authorization - the process of determining whether an agent has permission to access a specific resource or perform one of a set of operations .
• resource manager - ( controller in UCS) An agent that has permission to control access to a served resource .

As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.

The key words MAY , MUST and , MUST NOT , OPTIONAL , SHOULD , and SHOULD NOT in this document are to be interpreted as described in BCP 14 [ RFC2119 ] [ RFC8174 ] when, and only when, they appear in all capitals, as shown here.

A LWS REST Server is an HTTP server [ rfc9112 ] that complies with all of the relevant " MUST " statements in this specification. Specifically, the relevant normative " MUST " statements in Sections 999 REST Binding of this document MUST be respected.

A LWS REST Client is an HTTP client [ rfc9112 ] that complies with all of the relevant " MUST " statements in this specification. Specifically, the relevant normative " MUST " statements in Sections 999 REST Binding of this document MUST be respected.

Define This section delineates the abstract data model for logical resource governing the organization of resources within LWS, including how the Linked Web Storage (LWS) system. It encompasses the structuring of containers are structured, and resources, their hierarchical interrelations, the functional semantics of containers as organizational units, rules pertaining to containment, and mechanisms for clients to organize and navigate resource collections. This model establishes the logical namespace of the storage, delineating inter-resource relationships between therein, without presupposing any specific identifier structure or semantic implications derived from identifier composition. Logical organization MUST prioritize discoverability and self-descriptive APIs, avoiding hardcoded locations. Containment is represented as metadata to enable multiple containers per resource without URL changes, supporting sharing use cases. All entities MUST have associated metadata resources using Link Sets (RFC 9264), distinguishing server-managed and user-managed data.

In LWS, a resource constitutes the fundamental unit of storage and access. Each resource possesses a unique identifier within the system. A resource may encompass data, such as content or structured information, alongside associated metadata, including attributes like type or modification timestamps. Resources MUST be classified as 'DataResource', 'Container', or 'MetadataResource' via metadata types. DataResources MAY have multiple representations; servers MUST track original media types and support reification in metadata using the 'representation' property, which includes 'mediaType' and optional 'sizeInBytes'.

A container represents a specialized resource type capable of encompassing other resources as members. Containers function as organizational constructs, facilitating the grouping of resources in a manner akin to collections or directories. A container maintains references to its member resources, which may comprise both non-container resources and additional container semantics, containment rules, resources, thereby enabling hierarchical formations. Typically, a container holds minimal intrinsic content beyond metadata or enumerations of its members; its principal role is to aggregate and structure subordinate resources. The storage system's root is designated as a container, serving as the mechanisms apex organizational unit devoid of a superior parent. Containers MUST support pagination for organizing membership listings using 'ContainerPage' types, with properties such as 'first', 'next', 'prev', and navigating collections 'last'. Representations MUST use JSON-LD with a specific frame and normative context, optionally advertising content negotiation via 'Vary: Accept' headers. Storage MAY function as a root container, enabling direct writes.

With the exception of related resources. the root container, every resource is affiliated with precisely one parent container. This should cover affiliation engenders a strict hierarchical structure, manifesting as a tree with a singular root container at its pinnacle. Upon creation within a designated container, a new resource becomes a member of that container, appearing within its membership enumeration. Cycles or multiple parent affiliations are prohibited within this model; a resource cannot concurrently belong to multiple containers without duplication or alternative referencing mechanisms external to the core containment framework. This constraint enhances model simplicity and aligns with conventional organizational paradigms. Containment MUST be modeled as metadata links using 'contains' (from container to member) and 'partOf' (from member to container), allowing transitive queries and multiple hierarchies without slash semantics. Servers MAY support hierarchy arrays for ancestors.

Operations involving the creation, deletion, or relocation of resources influence container memberships as follows:

• Upon creation, a new resource is associated with a specified parent container. This association integrates the resource into the parent's membership.
• Deletion of a resource entails its removal from the parent container's membership. Should this render the container devoid of members, it assumes an empty state, potentially permitting its subsequent deletion if warranted. Container deletion typically necessitates an empty state or invokes recursive removal of members.
• The core operations (create, read, update, delete) do not incorporate an explicit relocation or renaming function. To reassign a resource to an alternative container, a client may replicate or recreate the resource in the target location followed by deletion of the original. Implementations may optionally extend non-core operations for relocation or renaming, achievable logically through combined creation and deletion. Membership is managed via create/delete operations; direct updates to membership management, listings are server-managed and not client-writable to avoid concurrency issues.

Container instantiation occurs via the relationship between standard resource creation operation (Section 7.1), differentiated by an indicator specifying the intent to establish a container rather than a non-container resource. This process yields an empty container amenable to subsequent population with members, including sub-containers to extend the hierarchy. Servers MUST assign identifiers, and empty containers MUST be supported.

Clients navigate the resources they contain. hierarchy through read operations on containers, which yield enumerations of member identifiers. A container's representation furnishes a listing of its members, enabling traversal and discovery of subordinate resources. Listings MUST include metadata for each member, such as resource IDs ( MUST ), types (array of system and user-defined), representations ( MUST for DataResources, including mediaType and optional sizeInBytes), and modified timestamps ( SHOULD ).

This section defines the model for associating metadata with LWS resources. The LWS metadata system is based on the principles of Web Linking RFC 8288 , which allows servers to describe the relationships between resources using typed links. Metadata enhances discoverability, supports self-descriptive APIs, and aligns with resource operations, container hierarchies, and REST conventions. bindings as outlined in sections 7 and 8.

Metadata Model All metadata in LWS is expressed as a set of typed links originating from a resource (the link context). Each link consists of:

• A link target: A URI identifying the related resource.
• A relation type: A string that defines the nature of the relationship.
• Optional target attributes: Additional key-value pairs that further describe the link or the target resource (e.g., mediaType, title, modified).

Metadata distinguishes between resources and their representations, allowing for multiple media types where applicable. For containers, metadata includes membership details and supports pagination to handle large sets efficiently. For DataResources, metadata includes representations, each with mediaType and optional sizeInBytes.

The Linkset Resource For resources with extensive metadata, an LWS server MUST expose the complete set of links in a separate linkset resource, as defined in RFC 9264 . A resource's linkset is discovered via a Link header with the relation type linkset. A server MUST have one and only one linkset. The linkset resource itself contains a serialized representation of all links.

RFC 9264 does not require any specific format for the linkset document. It only suggests and defines two formats. For LWS, servers MUST support application/linkset+json linkset serialization. A LWS server MAY implement application/linkset or additional RDF formats such as Turtle via content negotiation. Servers SHOULD use JSON-LD with a normative context for linkset representations to facilitate RDF interpretation and extensibility, reusing existing vocabularies.

The 'linkset' link MUST point to a server-managed resource with a fixed media type (application/linkset+json or application/linkset), and servers MUST ensure its integrity upon operations like deletions or ACL changes on related resources. For example, if a client attempts to redirect 'linkset' to an arbitrary resource, the server MUST reject this to avoid risks such as dangling links or authorization discrepancies. Clients SHOULD NOT attempt such redirections, as this specification does not define their behavior, and support is OPTIONAL at the server's discretion. Updates to the linkset MUST be atomic with associated resource operations to maintain consistency.

Discovering Metadata Clients discover a resource's metadata primarily through Link headers returned in response to GET or HEAD requests on the resource's URI. To enhance discoverability, servers MUST support a Link header with rel="storageDescription" on relevant responses, such as 401 Unauthorized, and include a WWW-Authenticate header with parameters directing to the storage metadata. This aligns with self-descriptive principles and avoids hardcoded URI locations.

To manage response verbosity, servers SHOULD support the Prefer header RFC 7240 . A client can request the inclusion of descriptive metadata links by sending a Prefer header with the include preference. For LWS, the following table maps preference tokens are defined:

• https://www.w3.org/ns/lws#linkfilter - limits properties that are returned as a link header only. If no linkfilter is specified, all properties are returned as link headers.
• https://www.w3.org/ns/lws#linksetfilter - limits properties that are returned in the linkset only. If no linksetfilter is specified, all properties are returned in the linkset document.

To provide finer-grained control over the response payload, the include preference MAY be parameterized with a "rels" parameter and/or an "attrs" parameter. The "rels" parameter specifies a space-separated, case-sensitive string of link relation types to filter which links are included in the response. The "attrs" parameter specifies a space-separated, case-sensitive string of link attribute names to control which attributes of the selected links are returned. If the "rels" parameter is provided, only links matching the specified relation types are included; if omitted, all applicable links are considered. If the "attrs" parameter is provided, only the specified attributes are returned for the selected links; if omitted, all available attributes are included. Servers MUST always include the target URI (href) for each link, regardless of the parameters specified. If neither parameter is provided, all applicable links and their attributes are returned.

A client MAY supply multiple include preferences in a single Prefer header by separating them with a space. This allows for the retrieval of metadata from multiple vocabularies in a single request. Any parameters, such as "prop", are scoped locally to the specific include preference they are attached to. For containers, responses MUST support pagination mechanics and include metadata fields such as resource IDs ( MUST ), types (array of system and user-defined), sizeInBytes ( SHOULD for representations in DataResources), and timestamps ( SHOULD ), filtered by ACL visibility to ensure privacy.

Metadata Types LWS defines three classes of metadata - system, core, and user. The terms listed in this section are defined at relevant vocabularies.

System-Managed - System-managed metadata is maintained by a LWS server and is read-only. A server MUST NOT allow users to manipulate this data. Mandatory fields include acl, linkset, partOf, type, and mediaType. Optional fields include sizeInBytes, modified, and publisher.

Clients SHOULD NOT attempt to modify, add, or delete server-managed links, such as those with relation types 'acl' or 'linkset', as these are read-only and maintained exclusively by the server. Attempts to do so may result in errors or undefined behavior. Servers MAY choose to support such operations in limited scenarios, but this specification does not define their semantics or outcomes; clients MUST NOT rely on such support for interoperability.

To mitigate risks associated with server-managed links, clients MUST handle cases where links become inaccessible or inconsistent gracefully, such as by falling back to default behaviors or retrying discovery. For example, altering the 'linkset' link could lead to dangling references, media-type mismatches, or access control discrepancies. Similarly, modifications to the 'acl' link could compromise security if not strictly prohibited.

Core Metadata - Core metadata MAY include optional fields such as label, schema, and storage.

Modifiability Considerations Core metadata, such as 'partOf', 'contains', 'type', 'title', and 'creator', MAY be modified by clients via PUT or PATCH operations on the associated linkset resource. However, servers MAY impose restrictions on certain core links to maintain system integrity. For instance, modifying the 'partOf' or 'contains' link to 'move' a resource is OPTIONAL for server implementations, as it may involve complex operations like updating slash-based semantics or decoupling containment meanings. Clients SHOULD NOT assume universal support for such changes and MUST handle server rejections. Servers that do not support modifications to 'partOf' MUST document this in their conformance statements. Metadata lifecycles are tied to the described resource, with automatic deletion upon resource removal.

User-Defined Metadata Users MAY create or add additional metadata using existing or custom vocabularies, including user-defined types and indexes.

Managing Metadata Metadata is managed by modifying a resource's associated linkset resource using PUT or PATCH operations. Servers MUST support concurrency controls for updates.

Replacing Metadata (PUT): A client can replace the entire set of metadata links by sending a PUT request to the linkset URI with a complete linkset document in the body.

Partially Updating Metadata (PATCH): A client can add, remove, or modify individual links by sending a PATCH request to the linkset URI. LWS servers SHOULD support a standard patch format, such as JSON Merge Patch RFC 7396 (application/merge-patch+json). Servers MAY support SPARQL Update for RDF-based partial updates to enhance flexibility for complex modifications.

New resources are created using POST to a target container URI, with the server assigning the final identifier. Clients MAY suggest a name via the Slug header, but servers MUST have authority over naming to ensure uniqueness and compliance with policies. PUT is reserved for updates to existing resources and MUST NOT be used for creation in this version of the specification, to prioritize server-managed identifiers and simplify client-server interactions. Clients MAY provide initial user-managed metadata for the new resource by including one or more Link headers in the POST request, following the syntax of Web Linking - RFC 8288 . Server-managed metadata MUST be generated automatically by the server upon creation and MUST NOT be overridden by client-provided links. On success, return 201 Created with the new URI in the Location header. The server MUST include Link headers for key server-managed metadata, such as a link to the parent container (rel="partOf"), a link to the ACL resource (rel="acl"), and a link to its dedicated linkset resource (rel="linkset"; type="application/linkset+json"). Additional links SHOULD include rel="type" (indicating Container or DataResource) and rel="mediaType" if applicable. The body MAY be empty or include a minimal representation of the resource. All metadata creation and linking MUST be atomic with the resource creation to maintain consistency. POST (to a container URI) – Create with server-assigned name: Use POST to add a new resource inside an existing container, letting the server assign or modify the final name (optionally suggested via the Slug header). Send the request to the container's URI with a Content-Type header matching the uploaded data (omit for empty resources like containers) and the new content in the body. The server MAY honor the Slug if it does not conflict with naming rules or existing resources. Example (POST to create a new data resource):

POST /alice/notes/ HTTP/1.1Host: example.comAuthorization: Bearer <token>Content-Type: text/plainContent-Length: 47Slug: shoppinglist.txtmilkeggsbreadbutterapplesorange juice

In this example, the client is posting to the container /alice/notes/ . It provides text/plain content (a grocery list) and suggests the name shoppinglist.txt for the new resource. If /alice/notes/ exists and the client is authorized, the server will create a new resource, generate associated metadata, and link it via the linkset. Example (Response to POST):

HTTP/1.1 201 CreatedLocation: /alice/notes/shoppinglist.txtContent-Type: text/plain; charset=UTF-8ETag: "def789012"Link: </alice/notes/shoppinglist.txt.meta>; rel="linkset"; type="application/linkset+json"Link: </alice/notes/>; rel="partOf"Link: </alice/notes/shoppinglist.txt.acl>; rel="acl"Link: <https://www.w3.org/ns/lws#DataResource>; rel="type"Preference-Applied: ...Content-Length: 0

On success, return 201 Created with the new URI in the Location header. The body may be empty or a minimal representation. Include relevant headers like ETag for concurrency control and Content-Type matching the created resource; Content-Length: 0 indicates no body. Servers MUST support concurrency via ETags in subsequent operations. If the target container /alice/notes/ does not exist, the server MUST return an error (HTTP 404 Not Found) because the location to create the resource is invalid. If the client is not authorized to write to that container, the server returns 403 Forbidden. If the request violates any server constraints, the server SHOULD return 400 Bad Request or 507 Insufficient Storage, with a description of the issue in the body if appropriate. Creating Containers: To create a new container via the REST API, a client uses POST to an existing parent container, typically with no body or a Content-Type indicating an empty resource. The server MUST support creation of empty containers. For example:

POST /alice/ HTTP/1.1Host: example.comAuthorization: Bearer <token>Slug: notes

This would create a new container at /alice/notes/ , with server-generated metadata including rel="type" as https://www.w3.org/ns/lws#Container . Additional notes on Create (HTTP binding):

• POST is not idempotent. Repeating it may create duplicates; clients SHOULD avoid unintentional retries or use unique identifiers/checks to prevent this.
• Servers MUST distinguish between DataResource and Container types in metadata upon creation, based on the request.
• Metadata updates are atomic; servers MUST ensure the linkset resource is created and populated with mandatory server-managed fields before returning success.
• Clients MAY request content negotiation via Accept headers, but for creation responses, servers SHOULD default to minimal or no body unless specified.
• For discoverability, servers SHOULD include WWW-Authenticate headers on 401 responses with parameters like storageDescription to guide clients without hardcoded URIs. Managing and Retrieving Metadata (Related to Creation): While metadata is primarily retrieved via read operations (Section 9.3), it is generated during creation. Clients can immediately retrieve it post-creation using GET or HEAD on the new resource URI. As described in Section 9.1, clients can use the Prefer header to request inclusion of specific metadata links (via relation types) and attributes. Example (GET a newly created resource with specific metadata relations): The client requests only the linkset, acl, and partOf relations, with all available attributes.

GET /alice/notes/shoppinglist.txt HTTP/1.1Host: example.comAuthorization: Bearer <token>Prefer: include="http://www.w3.org/ns/lws#linkfilter"; rels="linkset acl partOf"

Expected response (showing only the specified relations, with all available attributes such as "href", "rel", "type", and mandatory fields):

HTTP/1.1 200 OKETag: "abc123456"Link: </alice/notes/shoppinglist.txt.meta>; rel="linkset"; type="application/linkset+json"Link: </alice/notes/shoppinglist.txt.acl>; rel="acl"Link: </alice/notes/>; rel="partOf"Preference-Applied: include="http://www.w3.org/ns/lws#linkfilter"; rels="linkset acl partOf"
... (response body) ...

Example (GET a resource with specific attributes across all links): The client requests all links but only the "rel" and "type" attributes for them.

GET /alice/notes/shoppinglist.txt HTTP/1.1Host: example.comAuthorization: Bearer <token>Prefer: include="http://www.w3.org/ns/lws#linkfilter"; attrs="rel type"

Expected response (all links included, but only with the specified "rel" and "type" attributes, plus the mandatory "href"):

HTTP/1.1 200 OKETag: "abc123456"Link: </alice/notes/shoppinglist.txt.meta>; rel="linkset"; type="application/linkset+json"Link: </alice/notes/shoppinglist.txt.acl>; rel="acl"Link: </alice/notes/>; rel="partOf"Link: <https://www.w3.org/ns/lws#DataResource>; rel="type"
Preference-Applied: include="http://www.w3.org/ns/lws#linkfilter"; attrs="rel type"
... (response body) ...

Example (GET a linkset resource with specific attributes): If the client then requests the linkset resource itself, it can apply a similar preference (using the linksetfilter directive) to shape the JSON response, for instance by specifying attributes. Servers SHOULD support JSON-LD framing for linkset responses with a normative context.

GET /alice/notes/shoppinglist.txt.meta HTTP/1.1Host: example.comAuthorization: Bearer <token>Accept: application/linkset+jsonPrefer: include="http://www.w3.org/ns/lws#linksetfilter"; attrs="rel type"

Expected response (all links included, but only with the specified "rel" and "type" attributes, plus the mandatory "href"):

HTTP/1.1 200 OKContent-Type: application/linkset+jsonETag: "meta-etag-111"Preference-Applied: include="http://www.w3.org/ns/lws#linksetfilter"; attrs="rel type"
{
  "linkset": [
    {
      "href": "/alice/notes/shoppinglist.txt.acl",      "rel": "acl"
    },
    {
      "href": "/alice/notes/",      "rel": "partOf",      "type": "application/ld+json"
    },
    {
      "href": "https://www.w3.org/ns/lws#DataResource",      "rel": "type"
    }
  ]
}

In this response, the link for rel="acl" does not include a type attribute because it was not present on the server for that link, while the other links include type because it was requested and available. This allows clients to reduce bandwidth and processing load by fetching only the metadata relations and attributes they require. Clients MAY combine "rels" and "attrs" in a single Prefer header for more targeted filtering, such as rels="acl partOf" attrs="rel type", in which case the server applies the relation filter first and then restricts attributes on the resulting links. For privacy, unauthorized metadata fields MUST not disclose resource existence.

The read resource operation requests a resource representation with HTTP GET requests (and HEAD for header-only requests). The behavior differs depending on whether the target URL is a container or a non-container resource (DataResource). Servers MUST distinguish resource types via metadata. All responses MUST integrate with metadata as defined in Section 9.1, including Link headers for key relations such as rel="linkset", rel="acl", rel="partOf", and rel="type". Servers MUST ensure atomicity between the resource state and its metadata during reads. For privacy, unauthorized requests MUST return 404 Not Found without disclosing resource existence, regardless of whether the resource exists. GET (non-container resource) – Retrieve a resource’s content: Send GET to the resource URI for full content (if authorized). Respond with 200 OK, body containing the data, and Content-Type matching the stored media type. Servers SHOULD support content negotiation via Accept headers, returning the original format if no alternatives are available or 406 Not Acceptable if the requested format cannot be produced. Servers MUST support range requests per RFC 7233 for partial retrieval. Responses MUST include an ETag header for concurrency control and caching. Example (GET a file):

GET /alice/notes/shoppinglist.txt HTTP/1.1Authorization: Bearer <token>Accept: text/plain

This requests the content of /alice/notes/shoppinglist.txt , indicating that the client wants it in text form. Assuming the resource exists, is text, and the client has access:

HTTP/1.1 200 OKContent-Type: text/plain; charset=UTF-8Content-Length: 34ETag: "abc123456"Link: </alice/notes/shoppinglist.txt.meta>; rel="linkset"; type="application/linkset+json"Link: </alice/notes/>; rel="partOf"Link: </alice/notes/shoppinglist.txt.acl>; rel="acl"Link: <https://www.w3.org/ns/lws#DataResource>; rel="type"
milk
cheese
bread
guacamole
soda
chocolate bars
hash
eggs

The server returned the text content (34 bytes in total, as indicated by Content-Length ). The content is exactly the stored data in the file. The ETag: "abc123456" is a version identifier for caching or concurrency purposes. The response includes Link headers for metadata discoverability, with mandatory fields such as partOf, acl, and type. GET (container resource) – List a container’s contents: When the target URI corresponds to a container (determined via metadata type), a GET request will return a listing of the container’s members rather than raw content. Servers MUST support pagination for large memberships, using query parameters or headers to return partial listings with links to subsequent pages, responding with 206 Partial Content for paginated responses. Listings MUST include metadata for each member: resource IDs ( MUST ), types as an array of system and user-defined ( MUST ), representations with mediaType and optional sizeInBytes ( MUST for DataResources), modified timestamps ( SHOULD ). Listings MUST be ACL-aware, filtering based on client permissions, but servers SHOULD grant full visibility of readable members if the container is accessible, using sub-containers for finer privacy controls. By default, in the absence of a specific format requested, the server SHOULD return an HTML page that lists the names (with links) of the resources in the container for human-readable access. For programmatic access, servers SHOULD support content negotiation via Accept headers. For example, Accept: application/ld+json MUST yield a JSON-LD representation using a normative context and optional framing, with a custom media type like application/lws+json; profile=" https://www.w3.org/ns/lws/v1 ". Servers MAY support Accept: text/turtle for RDF Turtle representations. If the server cannot provide the listing in a requested format, it MUST return 406 Not Acceptable. JSON Schema MAY be provided informatively for non-RDF clients. Example (GET a container with JSON-LD):

GET /alice/notes/ HTTP/1.1Authorization: Bearer <token>Accept: application/ld+json

Assuming the container exists and the client has access:

HTTP/1.1 200 OKContent-Type: application/ld+json; profile="https://www.w3.org/ns/lws/v1"ETag: "container-etag-789"Link: </alice/notes/.meta>; rel="linkset"; type="application/linkset+json"Link: </alice/>; rel="partOf"Link: </alice/notes/.acl>; rel="acl"Link: <https://www.w3.org/ns/lws#Container>; rel="type"
{
  "@context": "https://www.w3.org/ns/lws/context/v1.jsonld",  "@id": "/alice/notes/",  "@type": "Container",  "totalItems": 2,  "first": {    "@type": "ContainerPage",    "@id": "/alice/notes/?page=1",    "partOf": "/alice/notes/",    "contains": [
      {
        "@id": "/alice/notes/1.txt",        "@type": ["DataResource", "http://example.org/customType"],        "representation": [
          {
            "mediaType": "text/plain",            "sizeInBytes": 1024
          }
        ],
        "modified": "2025-11-24T12:00:00Z"
      },
      {
        "@id": "/alice/notes/2.txt",        "@type": "DataResource",        "representation": [
          {
            "mediaType": "text/plain",            "sizeInBytes": 2048
          }
        ],
        "modified": "2025-11-24T13:00:00Z"
      }
    ]
  }
}

In this example, /alice/notes/ is a container. The response uses JSON-LD with a normative context, listing members with required metadata. For large containers, the response might include a "next" property and use 206 Partial Content. In all cases, the server MUST include relevant metadata in the response headers, such as ETag (representing the listing version, which changes on membership modifications) and rel="type" indicating it is a container. Servers SHOULD use Prefer headers for finer control over included metadata, as defined in Section 9.1. HEAD (any resource or container) – Headers/metadata only: The LWS server MUST support HEAD for both containers and non-containers, returning the same headers as GET (including ETag, Content-Type, Link for metadata) but without a body. This enables metadata retrieval without transferring content. Caching and Conditional Requests: LWS leverages HTTP caching semantics. Servers MUST support conditional requests via If-None-Match (with ETags) or If-Modified-Since headers. If the resource or container listing has not changed, respond with 304 Not Modified to avoid redundant transfers. ETags MUST be provided in all GET/HEAD responses for concurrency and caching support. Discoverability and Authorization: For enhanced discoverability, servers SHOULD include WWW-Authenticate headers on 401 Unauthorized responses with parameters to guide clients without hardcoded URIs. Metadata links SHOULD be included where applicable. Content negotiation SHOULD extend to RDF formats like Turtle for metadata-heavy responses.

The update resource modifies the contents of an existing served resource by a PUT request (to replace the entire resource) or a PATCH request (to apply a partial modification). The client must have write access to the resource’s URL to perform these operations. Note: This section describes updating a resource's primary content. To update its metadata, see Section 9.3.2. LWS servers MUST handle PUT and PATCH requests on resource URIs as modifications to the resource content only, with no default impact on the associated linkset. To optionally update both content and metadata in a single atomic operation, clients MAY include Link headers in the PUT/PATCH request to the resource URI and specify the preference 'Prefer: set-linkset' (as defined in RFC 7240). In this case, the server MUST interpret the provided Link headers as a replacement (for PUT) or partial update (for PATCH) to the linkset, in addition to applying the content changes. This behavior is OPTIONAL for servers but, if supported, MUST be invoked explicitly via the Prefer header to prevent unintentional metadata overwrites. Servers that do not support combined updates MUST ignore the preference or respond with 501 Not Implemented. PUT (replace full resource) – Send PUT to the resource URI with new full content in the body and matching Content-Type (generally consistent with existing type). PUT is idempotent for existing resources. For safety, include If-Match with current ETag (per Section 7.3 concurrency); mismatch yields 412 Precondition Failed or 409 Conflict. Without checks, updates are unconditional but risk overwriting concurrent changes. If a server supports Etags for a resource, it MUST reject unconditional PUT requests that lack an If-Match header with a 428 Precondition Required response. Example (PUT to update a resource):

PUT /alice/personalinfo.json HTTP/1.1
Authorization: Bearer <token>
Content-Type: application/json
If-Match: "abc123456"
{
"name": "Alice",
"age": 30,"city": "New London","state": "Connecticut"
}

In this example, the client is updating an existing JSON resource at /alice/personalinfo.json. It includes an If-Match header with the ETag "abc123456" that it presumably got from an earlier GET or HEAD on this resource. The server will compare that to the current ETag; if they match, it proceeds to replace the content with the JSON provided. If they don’t match, the server rejects the update (because the resource was changed by someone else in the meantime). Successful response: If the update succeeds, the server can respond with 200 OK and possibly include the updated representation or some confirmation (like the new content or a part of it). Alternatively, the server may respond with 204 No Content to indicate success with no body (especially common if no further info needs to be conveyed). In either case, the server SHOULD include a new ETag to signify the new version, and maybe a Content-Type if a body is returned. For example:

HTTP/1.1 204 No ContentETag: "def789012"

This tells the client the update went through and provides the new ETag . If the server chose to return the updated content, it might use 200 OK and include the JSON in the body, along with headers.

• Error responses: If the If-Match did not match (concurrent modification), the server could return 412 Precondition Failed (meaning the precondition header failed) or 409 Conflict – our earlier abstract description used Conflict for concurrency issues, and 409 is a natural mapping for that scenario. If the resource did not exist, a PUT meant as an update will result in 404 Not Found (unless the intent was to create, but typically clients use PUT for create only when they are sure of what they’re doing, or they use it as upsert without If-Match). If the client is not authorized, 403 Forbidden (or 401 Unauthorized if no valid credentials were provided). If the request payload is not valid, 400 Bad Request . PATCH (partial update) – The HTTP PATCH method [ RFC 5789 ] allows a client to specify partial modifications to a resource, rather than sending the whole new content. This is useful for large resources where sending the entire content would be inefficient if only a small part changed, or for concurrent editing where you want to apply specific changes. LWS server MUST minimally support JSON Merge Patch (application/merge-patch+json) as defined in [ RFC 7386 ]. Update Resource Metadata (HTTP PUT / PATCH on Linkset) A resource's metadata is updated by modifying its corresponding linkset resource, discovered via the Link header with rel="linkset". Full Replacement (PUT): A PUT request to the linkset URI with a complete linkset document in the body replaces all metadata for the resource. Partial Update (PATCH): A PATCH request to the linkset URI adds, removes, or modifies specific links. Concurrency Control for Metadata Because a resource's metadata can be modified by multiple actors, preventing concurrent overwrites is critical. To ensure data integrity, LWS servers and clients MUST implement optimistic concurrency control using conditional requests [ RFC 7232 ] for all PUT and PATCH operations on a linkset resource. Server Responsibilities: A server MUST include an Etag header in its responses to GET and HEAD requests for a linkset resource. Upon a successful PUT or PATCH on the linkset, the server MUST generate a new, unique Etag value for the modified linkset and return it in the Etag header of the response. Client Responsibilities: When modifying a linkset resource, a client MUST include an If-Match header containing the most recent Etag it received for that resource. Processing Rules: If the If-Match header value does not match the linkset's current Etag, the server MUST reject the request with a 412 Precondition Failed status code. If the If-Match header is missing from a PUT or PATCH request to a linkset URI, the server MUST reject the request with a 428 Precondition Required status code [ RFC 6585 ]. Example (PUT to replace a linkset): A client first fetches the linkset and payload: receives its ETag.

GET /alice/personalinfo.json.meta HTTP/1.1
Authorization: Bearer <token>
Accept: application/linkset+json
HTTP/1.1 200 OK
Content-Type: application/linkset+json
ETag: "meta-v1"
{
  "linkset": [
    {
      "anchor": "/alice/personalinfo.json",
      "describedby": [ { "href": "/schemas/personal-info.json" } ]
    }
  ]
}

The client now wants to add a license. It constructs a new, complete linkset document and sends a PUT request with the If-Match header.

PUT /alice/personalinfo.json.meta HTTP/1.1
Authorization: Bearer <token>
Content-Type: application/linkset+json
If-Match: "meta-v1"
{
  "linkset": [
    {
      "anchor": "/alice/personalinfo.json",
      "describedby": [ { "href": "/schemas/personal-info.json" } ],
      "license": [ { "href": "https://creativecommons.org/licenses/by/4.0/" } ]
    }
  ]
}

If successful, the server responds with success and the new ETag.

HTTP/1.1 204 No ContentETag: "meta-v2"

Summary of Update Rules If you want to change only the content of a resource → PUT/PATCH the resource itself. If you want to change only the links (metadata) of a resource → PUT/PATCH the resource’s associated linkset resource. If you want to change both content and links → PUT/PATCH the resource itself, including the appropriate Link headers AND 'Prefer: set-linkset'. Setting both is off by default.

The delete resource operation removes an existing resource (or, in some cases, an entire container) from the storage. This operation is akin to deleting a file or folder in a file system. Once completed, the target resource is no longer available for read or update, and its identifier becomes invalid (attempts to access it later should report it as not found, unless it is recreated). Servers MUST ensure that deletions are atomic, including the removal of associated metadata resources and updates to containing container memberships. Metadata lifecycles are tied to the primary resource; deleting a resource MUST automatically delete its associated linkset and any server-managed metadata, without allowing independent deletion of metadata. DELETE (non-container resource) – If the requested URI points to a regular resource (not a container), the server will delete that resource and any associated metadata, such as its linkset. On success, the server responds with 204 No Content (the standard success code for DELETE indicating the resource is gone and there’s no further data to return). After this, any GET or HEAD to that URI should return 404 Not Found (or optionally 410 Gone to indicate permanent removal) unless a new resource is later created at the same URI. The server MUST also delete any auxiliary files or metadata associated with that resource and update the containing container's membership atomically. For example, some servers store access control rules or metadata in sidecar files (like resource.acl ); those MUST be cleaned up. If the resource did not exist to begin with, the server returns 404 Not Found for the DELETE (because you’re asking to delete something that isn’t there). If the client is not authorized to delete the resource, the server returns 403 Forbidden (if the client’s identity is known but they lack permission) or possibly 401 Unauthorized (if no valid auth was provided, prompting for credentials). In some cases, as discussed, a server might also return 404 for unauthorized requests to avoid hinting that the resource exists. Servers SHOULD support concurrency checks via If-Match with ETags for deletes; mismatches yield 412 Precondition Failed. Example (DELETE a non-container resource):

DELETE /alice/notes/shoppinglist.txt HTTP/1.1Authorization: Bearer <token>If-Match: "abc123456"

Assuming the ETag matches and the client is authorized, the server deletes the resource, its metadata, and updates the containing container /alice/notes/ atomically:

HTTP/1.1 204 No Content

DELETE (container resource) – Deleting a container is more restricted. By default, an LWS server requires that a container be empty (no child resources) in order to delete it; non-recursive deletion is the default behavior. This means if a client issues a DELETE on a container that still has members, the server MUST respond with 409 Conflict . The response MAY include a message indicating the reason. This behavior protects against accidental deletion of large sets of data with a simple request. The client should then either delete the contained resources individually or (if it really intends to remove everything) use an explicit recursive delete mechanism if the server supports one. Upon deletion, the server MUST remove the container's metadata and update any containing container's membership atomically. Example (DELETE a non-empty container without recursion):

DELETE /alice/notes/ HTTP/1.1Authorization: Bearer <token>

Assume /alice/notes/ contains resources (like shoppinglist.txt and others). The server will refuse to delete since it’s not empty:

HTTP/1.1 409 ConflictContent-Type: text/plain
Cannot delete container /alice/notes/ - container is not empty.

Here a 409 Conflict is returned, possibly with a simple text message. The client then knows it must delete the contents first or try a recursive delete. LWS implementations MAY support a way to request recursive deletion of a container and all its descendants in one go, using a request header Depth: infinity on the DELETE request (as in WebDAV [ RFC 4918 ]). In LWS, this is OPTIONAL , and the default is non-recursive unless specified. Servers that support recursion MUST verify permissions for all affected resources and SHOULD abort on failures, potentially returning 403 Forbidden or 500 Internal Server Error with details. Advanced implementations MAY return a 207 Multi-Status (WebDAV style) listing what succeeded and failed, but LWS does not require that level of detail in this core spec. If recursion is not supported, servers MUST reject such requests with 501 Not Implemented. Example (DELETE a container with recursion, if supported):

DELETE /alice/notes/ HTTP/1.1Authorization: Bearer <token>Depth: infinity

If the server honors Depth: infinity to mean recursive deletion (and the user has rights to everything under /alice/notes/ ), it would proceed to delete all items in notes/ and then the container itself, including all associated metadata. A success would be 204 No Content indicating everything is gone. If, say, one file in notes/ was not deletable (maybe a permission issue on that file), the server might abort and return an error (perhaps 403 or 500 with an explanation).

This table maps generic LWS responses (from Section 7) to HTTP status codes and payloads for consistency, incorporating specific scenarios such as pagination, concurrency controls, quota constraints, and metadata integration:

This mapping table is intended to cover the typical cases, ensuring atomicity with metadata operations and support for discoverability. Note that some status codes above (206, 412, 415, 507) are standard HTTP but were not explicitly enumerated in Section 7’s generic list; they are used here to handle HTTP-specific scenarios (like pagination, conditional requests, media type handling, and quotas). LWS servers should use the most appropriate HTTP status code for each situation to enable clients to react correctly.

By adhering to these method bindings and status codes, LWS clients and servers can interoperate using HTTP in a predictable, RESTful way. This allows leveraging existing HTTP libraries, tools, and knowledge for building LWS-based systems.

Define mechanisms for content negotiation based on profiles, allowing clients to request specific representations or views of resources (e.g., JSON-LD contexts, different RDF serializations, or application-specific profiles).

this left intentionally blank

Define notification mechanisms that allow clients to be informed of changes to resources, including subscription models, event formats, and delivery mechanisms.

this left intentionally blank

Define inbox resources with specific semantics within LWS, including message posting, retrieval, and management capabilities for asynchronous communication patterns.

this left intentionally blank