iSchedule ================== The iSchedule protocol is a server-to-server calendar protocol that allows servers to exchange iTIP (iCalendar-based) scheduling messages in real time over the HTTP protocol. About iSchedule ---------------- The basic protocol is this: 1) Server detects a calendar user trying to schedule with another calendar user not hosted on that server. 2) Server extracts "domain" portion of the non-hosted calendar user address and does a DNS SRV query for the _ischedules service. 3) If no result is found, the server has to fall back to other options (e.g., iMIP - email invites). 4) If the DNS record is found the server extracts a hostname and port and makes an HTTPS request on /.well-known/ischedule querying for capabilities of any iSchedule server there. 5) Once legitimate service is discovered, the server constructs an iTIP message for the invite and sends that in an HTTP request to the iSchedule server, supplying Originator and Recipient headers in the HTTP request. 6) The iSchedule server receiving the iTIP message immediately processes it and sends the status back in the HTTP response. Domain-level Security --------------------- iSchedule uses DKIM (Domain-Keys Identified Mail) adapted for use with HTTP as a security protocol to allow iSchedule servers to verify that an iSchedule client (sender) is authorized to send iSchedule messages on behalf of the domain the client is operating in. To implement DKIM, the iSchedule client creates an HTTP request and adds a DKIM-Signature header containing various bits of information that include: a cryptographic hash of the request body, a cryptographic signature of select HTTP headers (including the DKIM-Signature header itself). The signature uses a private/public key pair. The public key is made available via a DNS TXT record (or through HTTP or a private exchange). Upon receipt of a DKIM signed iSchedule message, the iSchedule server will verify that the body hash value in the DKIM-Signature header matches the actual request body, and that the signature of the selected headers is also a match (it retrieves the specified public key for the client domain). Configuration of Calendar Server -------------------------------- Configuring the server for iSchedule is done as follows: 1) Create an RSA private/public key file stored with your server configuration: a) bin/calendarserver_dkimtool -g -k -p -t b) Add the TXT record output to your domain's DNS server 2) Edit caldavd.plist and make the following changes: a) Set Schedule.iSchedule to b) Set Schedule.iSchedule.DKIM.PrivateKeyFile to the RSA private key c) Set Schedule.iSchedule.DKIM.PublicKeyFile to the RSA public key d) Set Schedule.iSchedule.DKIM.Domain to the domain portion of your users' calendar user addresses if that is different from the ServerHostName value in caldavd.plist.