11.3. Verifying Busy Time Information Requests
When handling a POST request on a scheduling Outbox collection:
1. Servers MUST verify that the principal associated with the calendar user address specified in the "ORGANIZER" property of the scheduling message data in the request contains a CALDAV: schedule-outbox-URL property value that matches the scheduling Outbox collection targeted by the request.
2. Servers MUST verify that the currently authenticated user has the CALDAV:schedule-send privilege, or a sub-privilege aggregated under this privilege, on the scheduling Outbox collection targeted by the request. 3. Servers MUST only return valid freebusy information for recipients when the CALDAV:schedule-deliver privilege, or a sub-privilege aggregated under this privilege, is granted on the recipient's scheduling Inbox collection for the principal associated with the DAV:owner of the scheduling Outbox collection targeted by the request.
This document was automatically converted to XHTML using an RFC to HTML converter with the original text document at the Internet Engineering Task Force web site at ietf.org . The original text document should be referred to if there are any errors or discrepancies found in this document.
Need to test your iCalendar feeds? The iCalendar Validator provides developers and testers a method to validate their iCalendar feeds, which can take data from either a URL, file or text snippet and compare it against the RFC 5545 specification. We believe we have one of the best iCalendar validation tools available on the internet. More information about the validator can be found here.