JMAP Contacts

This document specifies a data model for synchronising contacts data with a server using JMAP.

Introduction

JMAP ([@!RFC8620] JSON Meta Application Protocol) is a generic protocol for synchronising data, such as mail, calendars or contacts, between a client and a server. It is optimised for mobile and web environments, and aims to provide a consistent interface to different data types.

This specification defines a data model for synchronising contacts between a client and a server using JMAP.

Notational conventions

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “NOT RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in BCP 14 [@!RFC2119] [@!RFC8174] when, and only when, they appear in all capitals, as shown here.

Type signatures, examples and property descriptions in this document follow the conventions established in Section 1.1 of [@!RFC8620]. The Id and UnsignedInt data types defined in Sections 1.2 and 1.3 of [@!RFC8620] are also used in this document.

Terminology

The same terminology is used in this document as in the core JMAP specification, see [@!RFC8620], Section 1.6.

The terms AddressBook and ContactCard (with these specific capitalizations) are used to refer to the data types defined in this document and instances of those data types.

Data Model Overview

An Account (see [@!RFC8620], Section 1.6.2) with support for the contacts data model contains zero or more AddressBook objects, which is a named collection of zero or more ContactCards. A ContactCard is a representation of a person, company, or other entity, or a group of such entities, in RFCXXXX JSContact Card format. Each ContactCard belongs to one or more AddressBooks.

In servers with support for JMAP Sharing [RFC XXX], data may be shared with other users. Sharing permissions are managed per AddressBook.

Addition to the Capabilities Object

The capabilities object is returned as part of the JMAP Session object; see [@!RFC8620], Section 2. This document defines two additional capability URIs.

urn:ietf:params:jmap:contacts

This represents support for the AddressBook and ContactCard data types and associated API methods. The value of this property in the JMAP Session capabilities property is an empty object.

The value of this property in an account’s accountCapabilities property is an object that MUST contain the following information on server capabilities and permissions for that account:

• maxAddressBooksPerCard: UnsignedInt|null The maximum number of AddressBooks (see Section XXX) that can be can assigned to a single ContactCard object (see Section XXX). This MUST be an integer >= 1, or null for no limit (or rather, the limit is always the number of AddressBooks in the account).
• mayCreateAddressBook: Boolean If true, the user may create an AddressBook in this account.

AddressBooks

An AddressBook is a named collection of ContactCards. All ContactCards are associated with one or more AddressBook.

A AddressBook object has the following properties:

• id: Id (immutable; server-set) The id of the AddressBook.
• name: String The user-visible name of the AddressBook. This may be any UTF-8 string of at least 1 character in length and maximum 255 octets in size.
• description: String|null (default: null) An optional longer-form description of the AddressBook, to provide context in shared environments where users need more than just the name.

• sortOrder: UnsignedInt (default: 0) Defines the sort order of AddressBooks when presented in the client’s UI, so it is consistent between devices. The number MUST be an integer in the range 0 <= sortOrder < 2^31.

  An AddressBook with a lower order should be displayed before a AddressBook with a higher order in any list of AddressBooks in the client’s UI. AddressBooks with equal order SHOULD be sorted in alphabetical order by name. The sorting should take into account locale-specific character order convention.

• isDefault: Boolean (server-set) This SHOULD be true for exactly one AddressBook in any account, and MUST NOT be true for more than one AddressBook within an account. The default AddressBook should be used by clients whenever they need to choose an AddressBook for the user within this account, and they do not have any other information on which to make a choice. For example, if the user creates a new contact card, the client may automatically set the card as belonging to the default AddressBook from the user’s primary account.

• isSubscribed: Boolean True if the user has indicated they wish to see this AddressBook in their client. This SHOULD default to false for AddressBooks in shared accounts the user has access to and true for any new AddressBooks created by the user themself.

  If false, the AddressBook and its contents SHOULD only be displayed when the user explicitly requests it or to offer it for the user to subscribe to.

• shareWith: Id[AddressBookRights]|null (default: null) A map of Principal id to rights for principals this AddressBook is shared with. The principal to which this AddressBook belongs MUST NOT be in this set. This is null if the AddressBook is not shared with anyone. May be modified only if the user has the mayAdmin right. The account id for the principals may be found in the urn:ietf:params:jmap:principals:owner capability of the Account to which the AddressBook belongs.
• myRights: AddressBookRights (server-set) The set of access rights the user has in relation to this AddressBook.

An AddressBookRights object has the following properties:

• mayRead: Boolean The user may fetch the ContactCards in this AddressBook.
• mayWrite: Boolean The user may create, modify or destroy all ContactCards in this AddressBook, or move them to or from this AddressBook.
• mayAdmin: Boolean The user may modify the “shareWith” property for this AddressBook.
• mayDelete: Boolean The user may delete the AddressBook itself.

AddressBook/get

This is a standard “/get” method as described in [@!RFC8620], Section 5.1. The ids argument may be null to fetch all at once.

AddressBook/changes

This is a standard “/changes” method as described in [@!RFC8620], Section 5.2.

AddressBook/set

This is a standard “/set” method as described in [@!RFC8620], Section 5.3 but with the following additional request argument:

• onDestroyRemoveContents: Boolean (default: false) If false, any attempt to destroy an AddressBook that still has ContactCard in it will be rejected with an addressBookHasContents SetError. If true, any ContactCards that were in the AddressBook will be removed from it, and if in no other AddressBooks they will be destroyed.

• onSuccessSetIsDefault: Id|null If an id is given, and all creates, updates and destroys (if any) succeed without error, the server will try to set this AddressBook as the default. (For references to AddressBook creations, this is equivalent to a creation-reference, so the id will be the creation id prefixed with a “#”.)

  If the id is not found, or the change is not permitted by the server for policy reasons, it MUST be ignored and the currently default AddressBook (if any) will remain as such. No error is returned to the client in this case.

  As per [@!RFC8620], Section 5.3, if the default is successfully changed, any changed objects MUST be reported in either the “created” or “updated” argument in the response as appropriate, with the server-set value included.

The “shareWith” property may only be set by users that have the mayAdmin right. When modifying the shareWith property, the user cannot give a right to a principal if the principal did not already have that right and the user making the change also does not have that right. Any attempt to do so must be rejected with a forbidden SetError.

Users can subscribe or unsubscribe to an AddressBook by setting the “isSubscribed” property. The server MAY forbid users from subscribing to certain AddressBooks even though they have permission to see them, rejecting the update with a forbidden SetError.

The following extra SetError types are defined:

For “destroy”:

• addressBookHasContents: The AddressBook has at least one ContactCard assigned to it, and the “onDestroyRemoveContents” argument was false.

ContactCards

A ContactCard object contains information about a person, company, or other entity, or represents a group of such entities. It is a JSCard object, as defined in RFCXXXX, with the following additional properties:

• id: Id (immutable; server-set) The id of the ContactCard. The id uniquely identifies a ContactCard with a particular “uid” within a particular account.
• addressBookIds: Id[Boolean] The set of AddressBook ids this ContactCard belongs to. A card MUST belong to at least one AddressBook at all times (until it is destroyed). The set is represented as an object, with each key being an AddressBook id. The value for each key in the object MUST be true.

For any Media object in the card (see RFCXXX, Section XXX), a new property is defined:

• blobId: Id An id for the Blob representing the binary contents of the resource.

When returning ContactCards, any Media with a data: URI SHOULD return a blobId property and omit the uri property. The “mediaType” property MUST also be set. Similarly, when creating or updating a ContactCard, clients MAY send a blobId instead of the uri property for a Media object.

A contact card with a “kind” property equal to “group” represents a group of contacts. Clients often present these separately from other contact cards. The “members” property, as defined in RFC XXX, Section XXX, contains a set of UIDs for other contacts that are the members of this group. Clients should consider the group to contain any ContactCard with a matching UID, from any account they have access to with support for the urn:ietf:params:jmap:contacts capability. UIDs that cannot be found SHOULD be ignored but preserved. For example, suppose a user adds contacts from a shared address book to their private group, then temporarily loses access to this address book. The UIDs cannot be resolved so the contacts will disappear from the group. However, if they are given permission to access the data again the UIDs will be found and the contacts will reappear.

ContactCard/get

This is a standard “/get” method as described in [@!RFC8620], Section 5.1.

ContactCard/changes

This is a standard “/changes” method as described in [@!RFC8620], Section 5.2.

ContactCard/query

This is a standard “/query” method as described in [@!RFC8620], Section 5.5.

Filtering

A FilterCondition object has the following properties, any of which may be omitted:

• inAddressBook: Id An AddressBook id. A card must be in this address book to match the condition.
• uid: String A card must have this string exactly as its uid to match.
• hasMember: String A card must have a “members” property that contains this string as one of the uids in the set to match.
• kind: String A card must have a type property that equals this string exactly to match.
• createdBefore: UTCDate The “created” date-time of the ContactCard must be before this date-time to match the condition.
• createdAfter: UTCDate The “created” date-time of the ContactCard must be the same or after this date-time to match the condition.
• updatedBefore: UTCDate The “updated” date-time of the ContactCard must be before this date-time to match the condition.
• updatedAfter: UTCDate The “updated” date-time of the ContactCard must be the same or after this date-time to match the condition.
• text: String A card matches this condition if the text matches with text in the card.
• name: String A card matches this condition if the value of any NameComponent in the “name” property, or the “full” property in the “name” property of the card matches the value.
• name/given: String A card matches this condition if the value of a NameComponent with kind “given” inside the “name” property of the card matches the value.
• name/surname: String A card matches this condition if the value of a NameComponent with kind “surname” inside the “name” property of the card matches the value.
• name/surname2: String A card matches this condition if the value of a NameComponent with kind “surname2” inside the “name” property of the card matches the value.
• nickName: String A card matches this condition if the “name” of any NickName in the “nickNames” property of the card matches the value.
• organization: String A card matches this condition if the “name” of any Organization in the “organizations” property of the card matches the value.
• email: String A card matches this condition if the “address” or “label” of any EmailAddress in the “emails” property of the card matches the value.
• phone: String A card matches this condition if the “number” or “label” of any Phone in the “phones” property of the card matches the value.
• onlineService: String A card matches this condition if the “service”, “uri”, “user”, or “label” of any OnlineService in the “onlineServices” property of the card matches the value.
• address: String A card matches this condition if the value of any StreetComponent in the “street” property, or the “locality”, “region”, “country”, or “postcode” property in any Address in the “addresses” property of the card matches the value.
• note: String A card matches this condition if the “note” of any Note in the “notes” property of the card matches the value.

If zero properties are specified on the FilterCondition, the condition MUST always evaluate to true. If multiple properties are specified, ALL must apply for the condition to be true (it is equivalent to splitting the object into one-property conditions and making them all the child of an AND filter operator).

The exact semantics for matching String fields is deliberately not defined to allow for flexibility in indexing implementation, subject to the following:

• Text SHOULD be matched in a case-insensitive manner.
• Text contained in either (but matched) single or double quotes SHOULD be treated as a phrase search, that is a match is required for that exact sequence of words, excluding the surrounding quotation marks. Use \", \' and \\ to match a literal ", ' and \ respectively in a phrase.
• Outside of a phrase, white-space SHOULD be treated as dividing separate tokens that may be searched for separately in the contact, but MUST all be present for the contact to match the filter.
• Tokens MAY be matched on a whole-word basis using stemming (so for example a text search for bus would match “buses” but not “business”).

Sorting

The following value for the “property” field on the Comparator object MUST be supported for sorting:

• “created” - The “created” date on the ContactCard.
• “updated” - The “updated” date on the ContactCard.

The following values for the “property” field on the Comparator object SHOULD be supported for sorting:

• “name/given” - The value of the first NameComponent in the “name” property whose “kind” is “given”.
• “name/surname” - The value of the first NameComponent in the “name” property whose “kind” is “surname”.
• “name/surname2” - The value of the first NameComponent in the “name” property whose “kind” is “surname2”.

ContactCard/queryChanges

This is a standard “/queryChanges” method as described in [@!RFC8620], Section 5.6.

ContactCard/set

This is a standard “/set” method as described in [@!RFC8620], Section 5.3.

To set a new photo, the file must first be uploaded using the upload mechanism as described in [@!RFC8620], Section 6.1. This will give the client a valid blobId/size/type to use. The server SHOULD reject attempts to set a file that is not a recognised image type as the photo for a card.

ContactCard/copy

This is a standard “/copy” method as described in [@!RFC8620], Section 5.4.

Security considerations

All security considerations of JMAP ([@!RFC8620]) apply to this specification. Additional considerations specific to the data types and functionality introduced by this document are described in the following subsection.

Privacy

Contacts consist almost entirely of private, personally identifiable information, and represent the social connections of users. Privacy leaks can have real world consequences, and contacts servers and clients MUST be mindful of the need to keep all data secure.

Servers MUST enforce the ACLs set on address books to ensure only authorised data is shared.

IANA Considerations

JMAP capability registration for “contacts”

IANA will register the “contacts” JMAP Capability as follows:

Capability Name: urn:ietf:params:jmap:contacts

Specification document: this document

Intended use: common

Change Controller: IETF

Security and privacy considerations: this document, section XXX