An Ode to WebDAV, CalDAV, and CardDAV: The Origins of a Secure, Dynamic, and Interactive Web

WebDAV, CalDAV, and CardDAV Secure Protocol Gives You Access to Web Servers

TL; DR: Created to explore the concept of distributed authoring on a fledgling World Wide Web in the mid-1990s, WebDAV securely extended HTTP to allow direct and secure access to web servers. With WebDAV, users can create, change, and move documents, as well as manage rules for file access and modification. Developers refined WebDAV to apply the protocol to online calendars and address books, among several other extensions. WebDAV usage has evolved as file server protocols and operating systems have improved, but WebDAV still resonates with Linux users and organizations with sensitive information, such as businesses and higher education.

To hear early adopters describe getting started with WebDAV, as well as the CalDAV and CardDAV extensions, you’d wonder why they still use the HTTP extension to connect to servers.

“It was a pain in the ass to learn and pick up,” WebDAV user Jimmy Anuszewski said.

“I’m most proud of the fact that I actually got the thing working,” said CalDAV and CardDAV contributor Ken Murchison. “I’ve certainly blown up my calendars and lost a lot of data in the past.”

WebDAV, however, provided a crucial function in the early days of the World Wide Web — before you could turn to Google for help using a new program. Short for Web Distributed Authoring and Versioning, WebDAV enabled users to securely connect to web servers and create, change, or move files.

Both Ken and Jimmy stressed the relevance of the protocol today — particularly in business and higher-education sectors. More specifically, the WebDAV protocol has been extended to securely access and share calendar and contacts data with CalDAV and CardDAV, respectively.

Created in 1996 as a collaboration between the World Wide Web consortium and the Internet Engineering Task Force, WebDAV gave web users write access instead of the read access provided by HTTP, according to Jim Whitehead, who led the IETF working group.

“WebDAV is completing the original vision of the web as a writeable, collaborative, medium,” he wrote in a WebDAV FAQ.

Creation of WebDAV Provides Secure and Remote Access to Website Files

Communicating remotely with any server could be challenging in the mid-1990s, according to Jimmy, but web servers presented a unique hurdle.

“There was no web interface, content management system, or anything like that,” Jimmy said. “You could see a website, or the result of the files, but you couldn’t access the files themselves.”

Geographically distributed teams would fill directories with sometimes unorganized files and revisions and relied on email to communicate their progress. WebDAV, however, empowered teams to edit the documents in place, protect them from being overwritten, limit user access rights, and store metadata such as author and date modified.

Photos from WebDAV interoperability testing

As an open project, WebDAV relies on contributors and users for interoperability testing.

Microsoft, Netscape, Xerox, and IBM contributed to WebDAV’s development. The original protocol, RFC 2518, introduced how developers and engineers could use HTTP to collaborate online. WebDAV, which was updated with RFC 4918 in 2007, also provided a way for Macs to connect to Windows networks.

“If the Windows server had WebDAV installed, great,” Jimmy said. “If it didn’t, it was a nightmare. If WebDAV wasn’t there, you were never going to hook up to it.”

Now, as network protocols and file server systems evolve, the two manufacturers have opened up their operating systems to be more collaborative.

WebDAV Still Used for Safe and Protected Server Communications

Ken, an Engineer at Carnegie Mellon University, and Jimmy, an IT and Web Specialist at the University of Florida, represent the types of users who have relied on distributed authoring and versioning tools to work remotely with sensitive information.

Although the File Transfer Protocol, or FTP, had been around since the early 1970s, the added features and security of WebDAV quickly made the HTTP extension the more popular option for file management.

“Because WebDAV works over HTTP, you get all the benefits of HTTP that FTP cannot provide,” Jim wrote, specifically mentioning strong authentication, encryption, proxy support, and caching.

FTP works best for intranet uses, according to Jimmy, because of the network’s isolated nature. FTP is too susceptible to brute force attacks for businesses or institutes of higher education to rely on it, he said.

“They have lawyers breathing down their throats, so the network has to be secure,” Jimmy said. “You have to be on the network in order to access WebDAV. It’s traceable, and you can’t spoof it or fake it.”

CalDAV and CardDAV Extend the Protocol to Calendars and Contacts

Ken, who primarily works on Carnegie Mellon’s email infrastructure, started experimenting with CalDAV and CardDAV roughly five years ago as a skunkworks project. When the university chose to use Microsoft Exchange, Ken continued working with CalDAV and CardDAV on the side.

“I was the sole developer working on it, finally got it going, and now my personal contacts and calendar are on it,” he said.

CalDAV extends WebDAV and uses the iCalendar format to allow multiple users to access shared calendars for cooperative planning purposes. The finished specification, RFC 4791, was published in 2007 and authored by representatives of Apple, Oracle, and CommerceNet.

CardDAV syncs address books across platforms using the vCard format while still providing the same overwrite protections and access controls as WebDAV. Apple, which uses CalDAV and CardDAV for macOS and iOS, led the development of the RFC 6352 specification.

CalDAV and CardDAV contributors gather a few times each year to discuss specifications to the protocols.

CalDAV and CardDAV contributors gather a few times each year to discuss specifications to the protocols.

Recently, Apple and Google representatives collaborated to add CalDAV support for non-Gregorian calendars. The project originated in CalConnect, a group of vendors, developers, and users working to standardize calendars and scheduling across platforms and products.

“That’s useful if you want to set up a recurring event around, let’s say, the Chinese New Year,” Ken said. “Obviously, the dates bounce around because of the way the Chinese calendar works, but that can all be done now in a standard kind of way.”

WebDAV Lives on With Linux Users and Higher Education

Ken, also a member of CalConnect, mentioned that most — if not all — development of CardDAV and CalDAV features start in the grassroots organization.

“We’re always looking to add new features,” Ken said. “There are a whole bunch of technical committees that have weekly or biweekly calls where people hash out specifications, talk about their implementations, and what needs to change.”

Photos of CalConnect meeting

Members of CalConnect gather three times a year to test and discuss potential specifications. (Credit: Thomas Schäfer)

CalConnect members meet in person three times a year for interoperability testing and discussing possible specifications. Moving forward, Ken said one of the biggest challenges facing the calendaring world is using time zones properly and communicating changes through HTTP instead of device operating systems.

While CalDAV and CardDAV advance with Apple products and mobile devices, the core WebDAV protocol still thrives among Linux users and IT professionals needing secure ways to remotely access files.

“In the computer world, 10 years is a long time,” Jimmy said. “Not only has WebDAV survived twice that, but it has reinvented itself and evolved into all sorts of productive modules.”

Laura Stamey

Questions or Comments? Ask Laura!

Ask a question and Laura will respond to you. We strive to provide the best advice on the net and we are here to help you in any way we can.