ࡱ > 6t bjbjcc 44 v v 4l ` ` #$ #$ #$ #$ #$ 7$ 7$ 7$ 7$ 8 o$ ) d 7$ h $ o+ F 1 1 1 1 2 V
= "@
.
#$ A 2 2 A A
C #$ #$ 1 1 " C C C A #$ 1 #$ 1 C A C C V @ #$ #$ k
7$ C X 4 8 0 h O l C C #$ A A A ` " :
International
Virtual
Observatory
Alliance
VOSpace specification
Version 2.00
IVOA Working Draft 2009 May 13
This version:
-
Latest version:
-
Previous version(s):
-
Author(s):
Matthew Graham (Editor)
Pat Dowler
Kim Gillies
Dave Morris
Guy Rixon
Andreas Schaaff
Doug Tody
Abstract
VOSpace is the IVOA interface to distributed storage. This specification presents the first RESTful version of the interface, which is functionally equivalent to the SOAP-based VOSpace 1.1 specification. Note that all prior VOSpace clients will not work with this new version of the interface.
Status of This Document
This is an IVOA Working Draft. The first release of this document was 2009 May 15.
This is an IVOA Working Draft for review by IVOA members and other interested parties. It is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to use IVOA Working Drafts as reference materials or to cite them as other than work in progress.
A list of HYPERLINK "http://www.ivoa.net/Documents/" current IVOA Recommendations and other technical documents can be found at http://www.ivoa.net/Documents/.
Acknowledgements
This document derives from discussions among the Grid and Web Services working group of the IVOA.
This document has been developed with support from the National Science Foundations Information Technology Research Program under Cooperative Agreement AST0122449 with the John Hopkins University, from the UK Science and Technology Facilities Council (STFC), and from the European Commissions Sixth Framework Program via the Optical Infrared Coordination Network (OPTICON).
Conformance related definitions
The words MUST, SHALL, SHOULD, MAY, RECOMMENDED, and OPTIONAL (in upper or lower case) used in this document are to be interpreted as described in IETF standard, RFC 2119 [RFC 2119].
The Virtual Observatory (VO) is a general term for a collection of federated resources that can be used to conduct astronomical research, education, and outreach. The International Virtual Observatory Alliance (IVOA) is a global collaboration of separately funded projects to develop standards and infrastructure that enable VO applications. The International Virtual Observatory (IVO) application is an application that takes advantage of IVOA standards and infrastructure to provide some VO service.
Contents
TOC \o "1-3" \h \z 1 Introduction PAGEREF _Toc103831801 \h 4
1.1 Typical use of a VOSpace service PAGEREF _Toc103831802 \h 4
1.2 Document roadmap PAGEREF _Toc103831803 \h 6
2 VOSpace identifiers PAGEREF _Toc103831804 \h 6
2.1 HTTP URL mapping PAGEREF _Toc103831805 \h 7
3 VOSpace data model PAGEREF _Toc103831806 \h 8
3.1 Nodes and node types PAGEREF _Toc103831807 \h 8
3.2 Properties PAGEREF _Toc103831808 \h 10
3.2.1 Property values PAGEREF _Toc103831809 \h 10
3.2.2 Property identifiers PAGEREF _Toc103831810 \h 11
3.2.3 Property descriptions PAGEREF _Toc103831811 \h 11
3.2.4 Standard properties PAGEREF _Toc103831812 \h 12
3.3 Capabilities PAGEREF _Toc103831813 \h 12
3.3.1 Example use cases PAGEREF _Toc103831814 \h 13
3.3.2 Capability identifiers PAGEREF _Toc103831815 \h 13
3.3.3 Capability descriptions PAGEREF _Toc103831816 \h 13
3.3.4 UI display name PAGEREF _Toc103831817 \h 14
3.3.5 Standard capabilities PAGEREF _Toc103831818 \h 14
3.4 Views PAGEREF _Toc103831819 \h 15
3.4.1 Example use cases PAGEREF _Toc103831820 \h 15
3.4.2 View identifiers PAGEREF _Toc103831821 \h 16
3.4.3 View descriptions PAGEREF _Toc103831822 \h 17
3.4.4 Default views PAGEREF _Toc103831823 \h 18
3.4.5 Container views PAGEREF _Toc103831824 \h 18
3.5 Protocols PAGEREF _Toc103831825 \h 19
3.5.1 Protocol identifiers PAGEREF _Toc103831826 \h 19
3.5.2 Protocol descriptions PAGEREF _Toc103831827 \h 20
3.5.3 Standard protocols PAGEREF _Toc103831828 \h 20
3.5.4 Custom protocols PAGEREF _Toc103831829 \h 20
3.6 Transfers PAGEREF _Toc103831830 \h 22
3.6.1 Service-initiated transfers PAGEREF _Toc103831831 \h 22
3.6.2 Client-initiated transfers PAGEREF _Toc103831832 \h 23
3.7 Listings PAGEREF _Toc103831833 \h 24
3.8 REST bindings PAGEREF _Toc103831834 \h 25
4 Access control PAGEREF _Toc103831835 \h 25
5 Web service operations PAGEREF _Toc103831836 \h 26
5.1 Service metadata PAGEREF _Toc103831837 \h 26
5.1.1 getProtocols PAGEREF _Toc103831838 \h 26
5.1.2 getViews PAGEREF _Toc103831839 \h 27
5.1.3 getProperties PAGEREF _Toc103831840 \h 27
5.2 Creating and manipulating data nodes PAGEREF _Toc103831841 \h 28
5.2.1 createNode PAGEREF _Toc103831842 \h 28
5.2.2 deleteNode PAGEREF _Toc103831843 \h 29
5.2.3 listNodes PAGEREF _Toc103831844 \h 30
5.2.4 findNodes PAGEREF _Toc103831845 \h 32
5.2.5 moveNode PAGEREF _Toc103831846 \h 34
5.2.6 copyNode PAGEREF _Toc103831847 \h 35
5.3 Accessing metadata PAGEREF _Toc103831848 \h 36
5.3.1 getNode PAGEREF _Toc103831849 \h 36
5.3.2 setNode PAGEREF _Toc103831850 \h 36
5.4 Transferring data PAGEREF _Toc103831851 \h 37
5.4.1 pushToVoSpace PAGEREF _Toc103831852 \h 37
5.4.2 pullToVoSpace PAGEREF _Toc103831853 \h 38
5.4.3 pullFromVoSpace PAGEREF _Toc103831854 \h 39
5.4.4 pushFromVoSpace PAGEREF _Toc103831855 \h 40
5.5 Fault arguments PAGEREF _Toc103831856 \h 41
5.5.1 InternalFault PAGEREF _Toc103831857 \h 41
5.5.2 PermissionDenied PAGEREF _Toc103831858 \h 41
5.5.3 InvalidURI PAGEREF _Toc103831859 \h 41
5.5.4 NodeNotFound PAGEREF _Toc103831860 \h 41
5.5.5 DuplicateNode PAGEREF _Toc103831861 \h 42
5.5.6 InvalidToken PAGEREF _Toc103831862 \h 42
5.5.7 InvalidArgument PAGEREF _Toc103831863 \h 42
5.5.8 TypeNotSupported PAGEREF _Toc103831864 \h 42
5.5.9 ViewNotSupported PAGEREF _Toc103831865 \h 42
5.5.10 InvalidData PAGEREF _Toc103831866 \h 42
5.5.11 LinkFoundFault PAGEREF _Toc103831867 \h 42
6 Appendix 1: Machine readable definitions PAGEREF _Toc103831868 \h 42
6.1 WSDL/WADL PAGEREF _Toc103831869 \h 42
6.2 Message schema PAGEREF _Toc103831870 \h 42
7 Appendix 2: Compliance matrix PAGEREF _Toc103831871 \h 42
References PAGEREF _Toc103831872 \h 42
Introduction
VOSpace is the IVOA interface to distributed storage. It specifies how VO agents and applications can use network attached data stores to persist and exchange data in a standard way.
A VOSpace web service is an access point for a distributed storage network. Through this access point, a client can:
add or delete data objects
manipulate metadata for the data objects
obtain URIs through which the content of the data objects can be accessed
VOSpace does not define how the data is stored or transferred, only the control messages to gain access. Thus, the VOSpace interface can readily be added to an existing storage system.
When we speak of a VOSpace, we mean the arrangement of data accessible through one particular VOSpace service.
Each data object within a VOSpace service is represented as a node and has a description called a representation. A useful analogy to have in mind when reading this document is that a node is equivalent to a file.
Nodes in VOSpace have unique identifiers expressed as URIs in the 'vos://' scheme, as defined below.
VOSpace 2.0 does not introduce any new functionality to that already offered by prior (SOAP-based) versions of the interface (VOSpace 1 1 [VOSpace1.1]) but defines a RESTful binding for the interface.
Typical use of a VOSpace service
A typical use case for VOSpace is uploading a local data file to a remote VOSpace service. This is a two-stage process: creating a description of the data file (representation) in the VOSpace including any metadata (its properties) that they want to associate with it, e.g. MIME type and defining the transfer operation that will actually see the data file bytes uploaded to the VOSpace service. The order of the processes should not matter. The user may want to create the representation first and then perform the transfer or transfer the bytes first and then update the representation with the appropriate metadata.
Lets consider the first sequence: the user provides a XML description of the data file which they HTTP PUT to the appropriate VOSpace URI this will be the HTTP identifier for the data file in the VOSpace, e.g. http://nvo.caltech.edu/vospace/myData/table123. The description will resemble this:
text/xml
The service will reply with an amended version of the representation containing service-specific details in addition to the information supplied by the user. These will include data formats that the service can handle for the type of node created in the VOSpace, third-party interfaces (capabilities) to the data that the service offers and system metadata.
The user will then describe the data format (the view) they want to use in uploading the file, e.g. VOTable, and the transport protocol (the protocol) that they want to employ to upload the file, e.g. HTTP PUT. This will result in the HTTP POSTing of a XML description of the transfer request to the appropriate VOSpace URI, e.g. HYPERLINK "http://nvo.caltech.edu/vospace/myData/table123/transfers" http://nvo.caltech.edu/vospace/myData/table123/transfers. The description will resemble this:
pushToVoSpace
The service will reply with the URL that the user will HTTP PUT the data file to, e.g. HYPERLINK "http://nvo.caltech.edu/bvospace/myData/table123/transfers/147516ab" http://nvo.caltech.edu/bvospace/myData/table123/transfers/147516ab. The user will then use a regular HTTP client to transfer (PUT) the local file to the specified endpoint. This illustrates an important point about VOSpace it is only concerned with the management of data storage and transfer. A client negotiates the details of a data transfer with a VOSpace service but the actual transfer of bytes across a network is handled by other tools.
Similarly, when a user wants to retrieve a data file from a VOSpace service, they will specify the data format (view) they want to use in downloading the file, e.g. VOTable, and the transport protocol (the protocol) that they want to employ to download the file, e.g. HTTP GET, and HTTP POST a XML description of this transfer request to the appropriate VOSpace URI the transfer URI for the node in the VOSpace, e.g. HYPERLINK "http://nvo.caltech.edu/vospace/myDataNode/table123/transfers" http://nvo.caltech.edu/vospace/myDataNode/table123/transfers. The description will resemble this:
pullFromVoSpace
The service will reply with the URL for the user to use, e.g. HYPERLINK "http://nvo.caltech.edu/vospace/myDataNode/table123/transfers/3df89ab4" http://nvo.caltech.edu/vospace/myDataNode/table123/transfers/3df89ab4. The user can then download the data file by pointing an HTTP client (e.g. web browser) at the specified endpoint.
[NOTE: Do we want UML diagrams illustrating these use cases?]
Document roadmap
The rest of this document is structured as follows:
In Section 2, we specify the URI syntax for identifying data objects (nodes) in VOSpace.
In Section 3, we present the data model that underpins the VOSpace architecture. This consists of a number of data structures, which have XML representations that are used across the wire in message exchanges with a VOSpace service. These structures represent:
the data objects themselves (nodes)
metadata that can be associated with a data object (properties)
third-party interfaces to the data (capabilities)
the data format used when transferring data objects across the wire (views)
the transport protocol employed in a data transfer (protocols)
the data transfer itself (transfers)
listings of data objects (listings)
We also describe the REST bindings between these representations and their URIs (HTTP identifiers).
In Section 4, we outline how security and access control policies are currently handled in VOSpace.
In Section 5, we detail the operations that the VOSpace interface supports. These handle access to service-level metadata, the creation and manipulation of nodes within the VOSpace, access to node metadata (properties) and data transfer to and from the VOSpace.
In Section 6, we define a machine readable version of the VOSpace interface.
VOSpace identifiers
The identifier for a node in VOSpace SHALL be a URI with the scheme vos://.
Such a URI shall have the following parts with the meanings and encoding rules defined in RFC2396 [2].
scheme
naming authority
path
(optional) query
(optional) fragment identifier
The naming authority for a VOSpace node shall be the VOSpace service through which the node was created. The authority part of the URI shall be constructed from the IVO registry identifier [2] for that service by deleting the ivo:// prefix and changing all forward-slash characters(/) in the resource key to exclamation marks (!).
This is an example of a possible VOSpace identifier.
vos://nvo.caltech!vospace/myresults/siapout1.vot
The URI scheme is vos://
Using a separate URI scheme for VOSpace identifiers enables clients to distinguish between IVO registry identifiers and VOSpace identifiers.
nvo.caltech!vospace
is the authority part of the URI, corresponding to the IVO registry identifier
ivo://nvo.caltech/vospace
This is the IVO registry identifier of the VOSpace service that contains the node.
/siapout1.vot is the URI path
Slashes in the URI path imply a hierarchical arrangement of data: the data object identified by vos://nvo.caltech!vospace/myresults/siap-out-1.vot is within the container identified by vos://nvo.caltech!vospace/myresults.
All ancestors in the hierarchy must be resolvable as containers (ContainerNodes), all the way up to the root node of the space (this precludes any system of implied hierarchy in the naming scheme for nodes with ancestors that are just logical entities and cannot be reified, e.g. the Amazon S3 system).
A VOSpace identifier is globally unique, and identifies one specific node in a specific VOSpace service.
HTTP URL mapping
A VOSpace identifier has a mapping to a HTTP endpoint for accessing representations of the node associated with it. A client should use the following procedure to resolve access to a VOSpace node from a VOSpace identifier:
Convert the VOSpace to the HTTP access URL of the node in the VOSpace service by changing any ! characters to / and adding the http:// prefix
Given the example identifier
vos://org.astrogrid.cam!vospace!container-6/siap-out-1.vot?foo=bar#baz
processing the URI to resolve the VOSpace service would involve :
Convert the identifier of the node in VOSpace service by changing any ! characters to /
org.astrogrid.cam/vospace/container6 /siap-out-1.vot?foo=bar#baz
Adding the http://prefix
http://org.astrogrid.cam/vospace/container6/siap-out-1.vot?foo-bar#baz
VOSpace data model
Nodes and node types
We refer to the arrangement of data accessible through one particular VOSpace service as a VOSpace.
Each data object within a VOSpace SHALL be represented as a node that is identified by a URI.
There are different types of nodes and the type of a VOSpace node determines how the VOSpace service stores and interprets the node data.
The types are arranged in a hierarchy, with more detailed types inheriting the structure of
more generic types.
The following types (and representations) are defined:
Node is the most basic type
ContainerNode describes a data item that can contain other data items
DataNode describes a data item stored in the VOSpace
UnstructuredDataNode describes a data item for which the VOSpace does not understand the data format
StructuredDataNode describes a data item for which the space understands the format and may make transformations that preserve the meaning of the data.
LinkNode describes a node that points to another node.
When data is stored and retrieved from an UnstructuredDataNode, the bit pattern read back shall be identical to that written.
When data is stored and retrieved from a StructuredDataNode, the bit pattern returned may be different to the original. For example, storing tabular data from a VOTable file will preserve the tabular data, but any comments in the original XML file may be lost.
A Node representation MUST have the following elements:
uri : the vos:// identifier for the node , URI-encoded according to RFC2396 [2]
properties : a set of metadata properties for the node
capabilities: a third-party interface to a data object
Figure SEQ Figure \* ARABIC 1: The type hierarchy for the VOSpace data model
In addition, a DataNode representation MUST have the following elements:
accepts: a list of the views (data formats) that the node can accept
provides: a list of the views (data formats) that the node can provide
busy: a boolean flag to indicate that the data associated with the node cannot be accessed
The busy flag is used to indicate that an internal operation is in progress, and the node data is not available.
A LinkNode representation MUST have the following elements, in addition to those it inherits from the Node representation:
target: the target URI, URI-encoded according to RFC2396 [2]
The link target can be a URI that points to any type of resource, including other VOSpace Nodes (within the same VOSpace service or in another service), or external resources outside VOSpace altogether.
The properties of a LinkNode do not propagate to the target of the LinkNode. One use case is to enable third-party annotations to be associated with a resource but without the resource itself getting cluttered with unnecessary metadata. In this case, the client creates a LinkNode pointing to the resource in question and then adds the annotations as properties of the LinkNode.
Both the ContainerNode and the LinkNode MUST have no data bytes associated with them.
The set of node types defined by this standard is closed; new types may be introduced only via new versions of the standard.
To comply with the standard, a client or service MUST be able to parse XML representations of all the node types defined in the current specification.
Note - This does not require all services to support all of the Node types, just that it can process an XML request containing any of the types. If the service receives a request for a type that it does not support, the service should return a TypeNotSupported fault. The service must not throw an XML parser error if it receives a request for a type that it does not support.
Properties
Properties are simple string-based metadata properties associated with a node.
Individual Properties should contain simple short string values, not large blocks of information. If a system needs to attach a large amount of metadata to a node, then it should either use multiple small Properties, or a single Property containing a URI or URL pointing to an external resource that contains the additional metadata.
A Property representation MUST have the following elements:
uri : the Property identifier
value : the string value of the Property
readOnly : a boolean flag to indicate that the Property cannot be changed by the client
Properties may be set by the client or the service.
Property values
Unless they have special meaning to the service or client, Properties are treated as simple string values.
Some Properties may have meaning to the service; others may have meaning only to one specific type of client. A service implementation does not need to understand the meaning of all the Properties of a node. Any Properties that it does not understand can simply be stored as text strings.
Property identifiers
Every new type of Property SHALL require a unique URI to identify the Property and its meaning.
The rules for the Property identifiers are similar to the rules for namespace URIs in XML schema. The only restriction is that it must be a valid (unique) URI.
An XML schema namespace identifier can be just a simple URN, e.g. urn:mynamespace
Within the IVOA, the convention for namespace identifiers is to use a HTTP URL pointing to the namespace schema or a resource describing it
The current VOSpace schema defines Property identifiers as anyURI. The only restriction is that it must be a valid (unique) URI.
A Property URI can be a simple URN, e.g. urn:myproperty
This may be sufficient for testing and development on a private system, but it is not scalable for use on a public service.
For a production system, any new Properties should have unique URIs that can be resolved into to a description of the Property.
Ideally, these should be IVO registry URIs that point to a description registered in the IVO registry:
ivo://myregistry/vospace/properties#myproperty
Using an IVO registry URI to identify Properties has two main advantages :
IVO registry URIs are by their nature unique, which makes it easy to ensure that different teams do not accidentally use the same URI
If the IVO registry URI points to a description registered in the IVO registry, this provides a mechanism to discover what the Property means
Property descriptions
If the URI for a particular Property is resolvable, i.e. an IVO registry identifier or a HTTP URL, then it should point to an XML resource that describes the Property.
A Property description should describe the data type and meaning of a Property.
A PropertyDescription should have the following members :
uri : the formal URI of the Property
DisplayName : A display name for the Property
Description : A text block describing the meaning and validation rules of the Property
A PropertyDescription may have the following optional members :
UCD : the Universal Content Descriptor (in the UCD1+ scheme) for the Property
Unit : the unit of measurement of the Property
The information in a Property description can be used to generate a UI for displaying and modifying the different types of Properties.
Note that at the time of writing, the schema for registering PropertyDescriptions in the IVO registry has not been finalized.
UI display name
If a client is unable to resolve a Property identifier into a description, then it may just display the identifier as a text string:
urn:modifieddate
If the client can resolve the Property identifier into a description, then the client may use the information in the description to display a human readable name and description of the Property:
Last modification date of the node data
Property editors
If the client is unable to resolve a Property identifier into a description, or does not understand the type information defined in the description, then the client may treat the Property value as a simple text string.
If the client can resolve the Property identifier into a description, then the client may use the information in the description to display an appropriate editing tool for the Property.
In the current version of the specification the rules for editing Properties are as follows:
A service may impose validation rules on the values of specific types of Properties
If a client attempts to set a Property to an invalid value, then the service may reject the change
Where possible, the validation rules for a type of Property should be defined in the Property description
Future versions of the VOSpace specification may extend the PropertyDescription to include more specific machine readable validation rules for a Property type.
Note that at the time of writing, the schema for registering validation rules in PropertyDescriptions has not been finalized.
Standard properties
Property URIs and PropertyDescriptions for the core set of Properties will be registered as soon as extension schemas are supported. However, this is not intended to be a closed list, different implementations are free to define and use their own Properties.
Capabilities
A Capability describes a third-party interface to a node. One application of this would be to enable data access to a node or its contents using a 3rd party service interface.
A Capability representation SHALL have the following members:
uri: the Capability identifier
endpoint: the endpoint URL to use for the third-party interface
param: a set of parameters for the capability
Example use cases
A ContainerNode containing image files may offer a DAL SIAP capability so that the images in the container can be accessed using a SIAP service. In this way, a user could create a (DAL enabled) Container in VOSpace, transfer some images into it and then query the set of images using the SIAP interface.
Another example is a DataNode that provides an iRODS capability so that the data replication for this data object can be handled using the iRODS service API.
Capability identifiers
Every new type of Capability SHALL require a unique URI to identify the Capability. The rules for the Capability identifiers are similar to the rules for namespace URIs in XML schema. The only restriction is that it must be a valid (unique) URI.
An XML schema namespace identifier can be just a simple URN, e.g. urn:my-namespace
Within the IVOA, the convention for namespace identifiers is to use a HTTP URL pointing to the namespace schema, or a resource describing it.
The VOSpace schema defines Capability identifiers as anyURI. The only restriction is that it must be a valid (unique) URI.
A Capability URI can be a simple URN, e.g. urn:my-capability
This may be sufficient for testing and development on a private system, but it is not suitable for use on a public service. For a production system, any new Capabilities should have unique URIs that can be resolved into a description of the Capability. Ideally, these should be IVO registry URIs that point to a description registered in the IVO registry:
ivo://my-registry/vospace/capabilities#my-capability
Using an IVO registry URI to identify Capabilities has two main advantages:
IVO registry URIs are by their nature unique, which makes it easy to ensure that different teams do not accidentally use the same URI
If the IVO registry URI points to a description registered in the IVO registry, this provides a mechanism to discover how to use the Capability.
Capability descriptions
If the URI for a particular Capability is resolvable, i.e. an IVO registry identifier or a HTTP URL then it should point to an XML resource that describes the Capability.
A CapabilityDescription should describe the third-party interface and how it should be used in this context. A CapabilityDescription should have the following members:
uri: the formal URI of the Capability
DisplayName: a simple display name of the Capability.
Description: a text block describing the third-party interface and how it should be used in this context.
Note that at the time of writing, the schema for registering CapabilityDescriptions in the IVO registry has not been finalized.
UI display name
If a client is unable to resolve a Capability identifier into a description then it may just display the identifier as a text string:
Access data using urn:edu.sdsc.irods
If a client can resolve the Capability identifier into a description then the client may use the information in the description to display a human readable name and description of the Capability:
Access data using iRODS
Standard capabilities
Capability URIs and CapabilityDescriptions for the core set of Capabilities will be registered as soon as extension schemas are supported. The following URIs SHALL be used to represent the service capabilities:
ivo://ivoa.net/vospace/core#vospace-1.0 SHALL be used as the capability URI for a VOSpace 1.0 service
ivo://ivoa.net/vospace/core#vospace-1.1 SHALL be used as the capability URI for a VOSpace 1.1 service
ivo://ivoa.net/vospace/core#vospace-2.0 SHALL be used as the capability URI for a VOSpace 2.0 service
If a service implementation supports more than one version of the VOSpace interface then these capability URIs can be used with a VOSpace service to identify different VOSpace capabilities for a node.
One use case for this would be a VOSpace 1.1 client talking to a service that implements both VOSpace 1.0 and VOSpace 1.1, where the client is acting on behalf of a third party agent that only understands VOSpace 1.0. In this case, the client can use the information in the VOSpace 1.0 capability to direct the third party agent to the VOSpace 1.0 endpoint.
Other standard service interfaces will also be registered, e.g.
Cone Search
SIAP
SSAP
TAP
However, this is not intended to be a closed list and different implementations are free to define and use their own Capabilities.
Views
A View describes the data formats and contents available for importing or exporting data to or from a VOSpace node.
The metadata for a DataNode contains two lists of Views.
accepts is a list of Views that the service can accept for importing data into the Node
provides is a list of Views that the service can provide for exporting data from Node
A View representation SHALL have the following members:
uri the View identifier
original: an optional boolean flag to indicate that the View preserves the original bit pattern of the data
param: a set of name-value pairs that can be used to specify additional arguments for the View
Example use cases
Simple file store
A simple VOSpace system that stores data as a binary files can just return the contents of the original file. The client supplies a View identifier when it imports the data, and the service uses this information to describe the data to other clients.
A file based system can use the special case identifier 'ivo://ivoa.net/vospace/core#viewany' to indicate that it will accept any data format or
View for a Node.
For example:
A client imports a file into the service, specifying a View to describe the file contents
The service stores the data as a binary file and keeps a record of the View
The service can then use the View supplied by the client to describe the data to other clients
This type of service is not required to understand the imported data, or to verify that it
contents match the View, it treats all data as binary files.
Database store
A VOSpace system that stores data in database tables would need to be able to understand the data format of an imported file in order to parse the data and store it correctly. This means that the service can only accept a specific set of Views, or data formats, for importing data into the Node.
In order to tell the client what input data formats it can accept, the service publishes a list of specific Views in the accepts list for each Node.
On the output side, a database system would not be able to provide access to the original input file. The contents of file would have been transferred into the database table and then discarded. The system has to generate the output results from the contents of the database table.
In order to support this, the service needs to be able to tell the client what Views of the data are available.
A database system may offer access to the table contents as either VOTable or FITS files, it may also offer zip or tar.gz compressed versions of these. In which case the system needs to be able to express nested file formats such as 'zip containing VOTable' and 'tar.gz containing FITS'.
A service may also offer subsets of the data. For example, a work flow system may only want to look at the table headers to decide what steps are required to process the data. If the table contains a large quantity of data, then downloading the whole contents just to look at the header information is inefficient. To make this easier, a database system may offer a 'metadata only' View of the table, returning a VOTable or FITS file containing just the metadata headers and no rows.
So our example service may want to offer the following Views of a database table:
Table contents as FITS
Table contents as VOTable
Table contents as zip containing FITS
Table contents as zip containing VOTable
Table contents as tar.gz containing FITS
Table contents as tar.gz containing VOTable
Table metadata as FITS
Table metadata as VOTable
The service would publish this information as a list of Views in the provides section of the metadata for each Node.
The VOSpace specification does not mandate what Views a service must provide. The VOSpace specification is intended to provide a flexible mechanism enabling services to describe a variety of different Views of data. It is up to the service implementation to decide what Views of the data it can accept and provide.
View identifiers
Every new type of View SHALL require a unique URI to identify the View and its content.
The rules for the View identifiers are similar to the rules for namespace URIs in XML schema. The only restriction is that it must be a valid (unique) URI.
An XML schema namespace identifier can be just a simple URN, e.g. urn:mynamespace
Within the IVOA, the convention for namespace identifiers is to use a HTTP URL pointing to the namespace schema, or a resource describing it
The current VOSpace schema defines View identifiers as anyURI. The only restriction is that it must be a valid (unique) URI.
A View URI can be a simple URN, e.g. urn:myview
This may be sufficient for testing and development on a private system, but it is not scalable for use on a public service.
For a production system, any new Views should have unique URIs that can be resolved into to a description of the View.
Ideally, these should be IVO registry URIs that point to a description registered in the IVO registry:
ivo://myregistry/vospace/views#myview
Using an IVO registry URI to identify Views has two main advantages :
IVO registry URIs are by their nature unique, which makes it easy to ensure that different teams do not accidentally use the same URI
If the IVO registry URI points to a description registered in the IVO registry, this provides a mechanism to discover what the View contains
View descriptions
If the URI for a particular View is resolvable, i.e. an IVO registry identifier or a HTTP URL, then it should point to an XML resource that describes the View.
A ViewDescription should describe the data format and/or content of the view.
A ViewDescription should have the following members :
Uri: the formal URI of the View
DisplayName: A simple text display name of the View
Description: Text block describing the data format and content of the View
A ViewDescription may have the following optional members :
MimeType : the standard MIME type of the View, if applicable
However, at the time of writing, the schema for registering ViewDescriptions in the IVO registry has not been finalized.
UI display name
If a client is unable to resolve a View identifier into a description, then it may just display the identifier as a text string:
Download as urn:table.meta.fits
If the client can resolve the View identifier into a description, then the client may use the
information in the description to display a human readable name and description of the View:
Download table metadata as FITS header
MIME types
If a VOSpace service provides HTTP access to the data contained in a Node, then if the ViewDescription contains a MimeType field, this should be included in the appropriate header field of the HTTP response.
Default views
The following standard URIs SHALL be used to refer to the default import and export views:
ivo://ivoa.net/vospace/core#anyview SHALL be used as the view URI to indicate that a service will accept any view for an import operation
ivo://ivoa.net/vospace/core#binaryview SHALL be used as the view URI to import or export data as a binary file
ivo://ivoa.net/vospace/core#defaultview SHALL be used by a client to indicate that the service should choose the most appropriate view for a data export
Default import view
If a client imports data using this view, the data SHALL be treated as a binary BLOB, and stored as is with no additional processing. This is equivalent to the application/binary MIME type.
Note, this view is OPTIONAL, and the service may throw a ViewNotSupported exception if it does not accept this view. In particular, this view cannot be used to import data into a StructuredDataNode as the service needs to know about and understand the data format to be able to create the StructuredDataNode.
Note, this view is only valid for the data import operations, pullToVoSpace and pushToVoSpace. If this view is requested in an export operation, pullFromVoSpace and pushToVoSpace, then the service SHOULD throw a ViewNotSupported exception.
Default export view
If a client requests data using this view, the server SHALL choose whichever of the available views (the server) thinks is the most appropriate, based on how the data is stored. In a simple file-based system, this will probably be the same format that the data was originally imported in. In a database table system, this will probably either be VOTable or CVS, depending on the level of metadata available.
Note, this view is OPTIONAL, and the server may throw a ViewNotSupported exception if it does not provide this view. However, in most cases, it is expected that a service would be able to select an appropriate default format for data held within the service.
Note, this view is only valid for the data export operations, pullFromVoSpace and pushFromVoSpace. If this view is requested in an import operation, pullToVoSpace and pushToVoSpace, then the service SHOULD throw a ViewNotSupported fault.
Container views
In VOSpace 2.0, a view of a ContainerNode describes the data representation (format) of a file or data stream that represents the combined contents of the node and its children. If the view describes an archive format (tar, zip, etc.) then a service that accepts this view (format) for a ContainerNode SHALL provide access to the archive contents as children nodes of the container. Whether or not the service actually unpacks the archive is implementation dependent but the service SHALL behave as though it has done so. For example, a client may want to upload a tar file containing several images to a VOSpace service. If they associate it with (upload it to) a UnstructuredDataNode then it will be treated as a blob and its contents will be not be available. However, if they upload it to a ContainerNode with an accepts view of "tar" then the image files within the tar file will be represented as children nodes of the ContainerNode and accessible like any other data object within the space.
If a service provides an archive format (tar, zip, etc.) view of a ContainerNode then the service SHALL package the contents of the container and all its child nodes in the specified format.
Protocols
A Protocol describes the parameters required to perform a data transfer using a particular protocol.
A Protocol representation SHALL have the following members:
uri : the Protocol identifier
endpoint : the endpoint URL to use for the data transfer
param : A list of name-value pairs that specify any additional arguments required for the transfer
Protocol identifiers
Every new type of Protocol requires a unique URI to identify the Protocol and how to use it.
The rules for the Protocol identifiers are similar to the rules for namespace URIs in XML schema. The only restriction is that it must be a valid (unique) URI
An XML schema namespace identifier can be just a simple URN, e.g. urn:mynamespace
Within the IVOA, the convention for namespace identifiers is to use a HTTP URL pointing to the namespace schema, or a resource describing it
The current VOSpace schema defines Protocol identifiers as anyURI. The only restriction is that it must be a valid (unique) URI.
A Protocol URI can be a simple URN, e.g. urn:myprotocol
This may be sufficient for testing and development on a private system, but it is not scalable for use on a public service.
For a production system, any new Protocols should have unique URIs that can be resolved into to a description of the Protocol.
Ideally, these should be IVO registry URIs that point to a description registered in the IVO registry :
ivo://myregistry/vospace/protocols#myprotocol
Using an IVO registry URI to identify Protocols has two main advantages:
IVO registry URIs are by their nature unique, which makes it easy to ensure that different teams do not accidentally use the same URI
If the IVO registry URI points to a description registered in the IVO registry, this provides a mechanism to discover how to use the Protocol
Protocol descriptions
If the URI for a particular Protocol is resolvable, i.e. an IVO registry identifier or a HTTP URL, then it should point to an XML resource that describes the Protocol.
A ProtocolDescription should describe the underlying transport protocol, and how it should be used in this context.
A ProtocolDescription should have the following members :
uri : the formal URI of the Protocol
DisplayName : A simple display name of the Protocol
Description : Text block describing describing the underlying transport protocol, and how it should be used in this context
However, at the time of writing, the schema for registering ProtocolDescriptions in the IVO registry has not been finalized.
UI display name
If a client is unable to resolve a Protocol identifier into a description, then it may just display the identifier as a text string:
Download using urn:myprotocol
If the client can resolve the Protocol identifier into a description, then the client may use the information in the description to display a human readable name and description of the Protocol:
Download using standard HTTP GET
Standard protocols
Protocol URIs and ProtocolDescriptions for the core set of standard transport protocols will be registered as soon as extension schemas are supported. The following URIs SHALL be used to represent the standard protocols:
ivo://ivoa.net/vospace/core#httpget SHALL be used as the protocol URI for a HTTP GET transfer
ivo://ivoa.net/vospace/core#httpput SHALL be used as the protocol URI for a HTTP PUT transfer
However, this is not intended to be a closed list, different implementations are free to define and use their own transfer Protocols.
Custom protocols
There are several use cases where a specific VOSpace implementation may want to define and use a custom VOSpace transfer Protocol, either extending an existing Protocol, or defining a new one.
SRB gateway
One example would be a VOSpace service that was integrated with a SRB system. In order to enable the service to use the native SRB transport protocol to transfer data, the service providers would need to register a new ProtocolDescription to represent the SRB transport protocol.
The ProtocolDescription would refer to the technical specification for the SRB transport protocol, and define how it should be used to transfer data to and from the VOSpace service.
Clients that do not understand the SRB transport protocol would not recognize the URI for the SRB Protocol, and would ignore Transfer options offered using this Protocol.
Clients that were able to understand the SRB transport protocol would recognize the URI for the SRB Protocol, and could use the 'srb://..' endpoint address in a Protocol option to transfer data using the SRB transport protocol.
Enabling different groups to define, register and use their own custom Protocols in this way means that support for new transport protocols can be added to VOSpace systems without requiring changes to the core VOSpace specification.
In this particular example, it is expected that one group within the IVOA will work with the SRB team at SDSC to define and register the Protocol URI and ProtocolDescription for using the SRB protocol to transfer data to and from VOSpace systems.
Other implementations that plan to use the SRB transport protocol in the same way could use the same Protocol URI and ProtocolDescription to describe data transfers using the SRB transport protocol.
The two implementations would then be able use the common Protocol URI to negotiate data transfers using the SRB transport protocol.
Local NFS transfers
Another example of a custom Protocol use case would to transfer data using the local NFS file system within an institute.
If an institute has one or more VOSpace services co-located with a number of data processing applications, all located within the same local network, then it would be inefficient to use HTTP GET and PUT to transfer the data between the services if they could all access the same local file system.
In this case, the local system administrators could register a custom ProtocolDescription which described how to transfer data using their local NFS file system.
ivo://my.institute/vospace/protocols#internalnfs
Data transfers using this Protocol would be done using file://URLs pointing to locations within the local NFS file system:
file:///net/host/path/file
These URLs would only have meaning to services and applications located within the local network, and would not be usable from outside the network.
Services and applications located within the local network would be configured to recognize the custom Protocol URI, and to use local file system operations to move files within the NFS file system.
Services and applications located outside local network would not recognize the custom Protocol URI and so would not attempt to use the internal file URLs to transfer data.
Note that in this example the custom Protocol URI and the associated ProtocolDescription refer to data transfers using file URLs within a specific local NFS file system.
If a different institute wanted to use a similar system to transfer data within their own local network, then they would have to register their own custom Protocol URI and associated ProtocolDescription.
The two different Protocol URIs and ProtocolDescriptions describe how to use the same underlying transport protocol (NFS) in different contexts.
Enabling different groups to define, register and use their own custom Protocols in this way means that systems can be configured to use the best available transport protocols for transferring data, without conflicting with other systems who may be using similar a transport protocol in a different context.
Transfers
A Transfer describes the details of a data transfer to or from a space.
A Transfer representation SHALL have the following members:
direction: denotes the direction of a data transfer
It can be a URI for internal data transfers (move and copy operations) or one of: pushToVoSpace, pullToVoSpace, pushFromVoSpace or pullFromVoSpace for an external data transfer.
status: indicates the status of a data transfer
Possible values include: pending, underway, completed, failed, timed out
view: A View specifying the requested View
For the transfer to be valid, the specified View must match one of those listed in the accepts or provides list of the Node
protocol: one or more Protocols specifying the transfer protocols to use
A Transfer may contain more than one Protocol element with different Protocol URIs
A Transfer may contain more than one Protocol element with the same Protocol URI with different endpoints
Service-initiated transfers
Two of the external data transfers (pullToVoSpace and pushFromVoSpace) rely on the server performing the data transfer itself.
The client constructs a Transfer request containing details of the View and one or more Protocol elements with valid endpoint addresses.
The service may ignore Protocols with URIs that it does not recognize.
If the server is unable to handle any of the requested Protocols in a Transfer request, then it SHALL respond with a fault.
The order of the Protocols in the request indicates the order of preference that the client would like the server to use. However, this is only a suggestion, and the server is free to use its own preferences to select which Protocol it uses first.
The service selects the first Protocol it wants to use from the list and attempts to transfer the data using the Protocol endpoint.
If the first attempt fails, the server may choose another Protocol from the list and re-try the transfer using that Protocol endpoint. The status flag will be updated to reflect this.
The server may attempt to transfer the data using any or all of the Protocols in the list until either, the data transfer succeeds, or there are no more Protocol options left.
The server SHALL be allowed to only use each Protocol option once. This allows a data source to issue one time URLs for a Transfer, and cancel each URL once it has been used.
Once one of the Protocol options succeeds the transfer SHALL be considered to have completed the status flag needs to be updated to reflect this , and the server is not allowed to use any of the remaining Protocol options. This allows a data source to issue a set of one time URLs for a transfer, and to cancel any unused URLs once the transfer has been completed.
Some Protocols may require the service to call a callback address when a data transfer completes. This behavior is specific to the Protocol, and should be defined in the ProtocolDescription.
If none of the Protocol options succeed, then the transfer SHALL be considered to have failed, and the service SHALL return a fault containing details of the Protocol options it tried. The status flag will be updated to reflect this.
Client-initiated transfers
Two of the VOSpace external transfer methods rely on an external actor performing the data transfer outside the scope of the service call.
In these methods, the client sends a template Transfer request to the server.
The Transfer request should contain details of the View and one or more Protocol elements without endpoint addresses.
In effect, the client is sending a list of Protocols that it (the client) wants to use for the transfer.
The service may ignore Protocols with URIs that it does not recognize.
The service selects the Protocols from the request that it is capable of handling, and builds a Transfer response containing the selected Protocol elements filling in valid endpoint addresses for each of them.
The order of the Protocol elements in the request indicates the order of preference that the client would like to use. However, this is only a suggestion, and the server is free to use its own preferences when generating the list of Protocols in the response.
In effect, the server is responding with the subset of the requested Protocols that it (the server) is prepared to offer.
If the server is unable to accept any of the requested Protocols, then it SHALL respond with a fault.
On receipt of the response, the client can use the list of Protocols itself, or pass them on to another agent to perform the data transfer on its behalf.
The agent may ignore Protocols URIs that it does not recognize.
The agent selects the first Protocol it wants to use from the list and attempts to transfer the data using the Protocol endpoint. The status flag will be updated to reflect this.
If the first attempt fails, the agent may choose another Protocol from the list and re-try the transfer using that Protocol endpoint.
The agent may attempt to transfer the data using any or all of the Protocols in the list until either, the data transfer succeeds, or there are no more Protocol options left.
The agent SHALL be allowed to only use each Protocol option once. This allows a data source to issue one time URLs for a Transfer, and cancel each URL once it has been used.
Once one of the Protocol options succeeds the transfer SHALL be considered to have completed and the status flag will be updated correspondingly. The agent is not allowed to use any of the remaining unused Protocol options. This allows a data source to issue a set of one time URLs for a transfer, and to cancel any unused URLs once the transfer has been completed.
Some Protocols may require the agent to call a callback address when a data transfer completes. This behavior is specific to the Protocol, and SHOULD be defined in the ProtocolDescription.
If none of the Protocol options succeed, then the transfer SHALL be considered to have failed and the status will be updated.
Listings
A Listing describes the details of data objects in the space which meet specified search criteria.
A Listing representation SHALL have the following members:
token: An optional continuation token from a previous request
The server MAY impose a limited lifetime on the continuation token.
limit: An optional limit indicating the maximum number of results in the response
No limit indicates a request for an unpaged list. However the server may still impose its own limit on the size of an individual response, splitting the results into more than one page if required
detail: The level of detail in the returned listing
min : The list contains the minimum detail for each Node with all optional parts removed the node type should be returned
e.g.
max : The list contains the maximum detail for each Node, including any xsi:type specific extensions
properties : The list contains a basic node element with a list of properties for each Node with no xsi:type specific extensions.
matches: An OPTIONAL list of match elements identifying the properties and values to match against and whether these should be applied in conjunction (and) or disjunction (or).
The match element has a uri attribute to identify the property to which it is applying. The regular expression against which the property values are to be matched is then specified as the value of the match element:
regex
The match elements can be combined in conjunction and/or disjunction by specifying them as subelements of and respectively. For example, the predicate (property1 and property2) or property3 would be specified as:
regex regex regex
The regex syntax MUST comply with POSIX conventions.
nodes: A list containing zero or more Nodes identifying the target URIs to be listed
REST bindings
In a REST (Representational State Transfer) binding of VOSpace, each of the objects defined above is available as a web resource with its own URI.
/{properties} the properties employed in the space
/{views} the views employed in the space
/{protocols} the protocols employed in the space
/{listings} the listings of the space
/(node-path) a Node
/(node-path)/transfer the transfers for a Node
The service implementor is free to choose the names given in parentheses above; the other names are part of the VOSpace 2.0 standard.
Access control
[NOTE: use HTTPS with client authentication and valid X.509 certificate)
The access control policy for a VOSpace is defined by the implementor of that space according to the use cases for which the implementation is intended.
A human-readable description of the implemented access policy must be declared in the registry metadata for the space.
These are the most probable access policies:
No access control is asserted. Any client can create, read, write and delete nodes anonymously
No authorization is required, but clients must authenticate an identity (for logging purposes) in each request to the space
Clients may not create or change nodes (i.e. the contents of the space are fixed by the implementation or set by some interface other than VOSpace), but any client can read any node without authentication
Nodes are considered to be owned by the user who created them. Only the owner can operate on a node
No operations to modify the access policy (e.g. to set permissions on an individual node) are included in this standard. Later versions may add such operations.
Where the access policy requires authentication of callers, the VOSpace service shall support one of the authentication methods defined in the IVOA Single Sign On profile.
Web service operations
A VOSpace 2.0 service shall be a REST service with the following operations:
Note: The URL HYPERLINK "http://rest-endpoint" http://rest-endpoint denotes the URL of the top node in the VOSpace. The URL HYPERLINK "http://rest-endpoint/path" http://rest-endpoint/path denotes a specific node within the VOSpace.
Service metadata
getProtocols
Get a list of the transfer Protocols supported by the space service.
Request
A HTTP GET [or HEAD?] to http://rest-endpoint/protocols
Response
A HTTP 200 status code
A Protocols representation giving:
accepts: A list of Protocols that the service SHALL accept
In this context 'accepting a protocol' means that the service SHALL act as a client for the protocol
e.g. 'accepting http-get' means the service can read data from an external HTTP web server
provides: A list of Protocols that the service SHALL provide
In this context 'providing a protocol' means that the service SHALL act as a server for the protocol
e.g. 'providing http-get' means the service can act as a http web server
Faults
The service shall throw a HTTP 500 status code including an InternalFault fault in the entity body if the operation fails
getViews
Get a list of the Views and data formats supported by the space service.
Request
A HTTP GET [or HEAD?] to http://rest-endpoint/views
Response
A HTTP 200 status code
A Views representation giving:
accepts: A list of Views that the service SHALL accept
In this context 'accepting a view' means that the service SHALL receive input data in this format
A simple file based system may use the reserved View URI ivo://net.ivoa.vospace/views/anyto indicate that it can accept data in any format
provides: A list of Views that the service SHALL provide
In this context 'providing a view' means that the service SHALL produce output data in this format
A simple file based system may use the reserved View URI ivo://net.ivoa.vospace/views/any to indicate that it can provide data in any format
Faults
The service shall throw a HTTP 500 status code including an InternalFault fault in the entity body if the operation fails
getProperties
Request
A HTTP GET [or HEAD?] to http://rest-endpoint/properties
Response
A HTTP 200 status code
A Properties representation including:
accepts: A list of identifiers for the Properties that the service SHALL accept and understand. This refers to metadata (Properties) that is implementation dependent but can be used by a client to control operational aspects of the service: for example, a VOSpace implementation might allow individual users to control the permissions on data objects via a Property called permissions. If the VOSpace receives a data object with this Property then it 'understands' what this property refers to and can deal with it accordingly.
provides: A list of identifiers for the Properties that the service SHALL provide
contains: A list of identifiers for all the Properties currently used by Nodes within the service
Faults
The service shall throw a HTTP 500 status code including an InternalFault fault in the entity body if the operation fails
Creating and manipulating data nodes
createNode
Create a new node at a specified location.
Request
A HTTP PUT of a node representation to the node URL:
node: A template Node (as defined in Section 3.1) for the node to be created
A valid uri attribute SHALL be required. The name .auto is a reserved URI to indicate an auto-generated URI for the destination, i.e. given the following URI vos://service/path/.auto a service SHALL create a new unique URI for the node within vos://service/path.
If the Node xsi:type is not specified then a generic node of type Node is implied.
The permitted values of xsi:type are:
vos:Node
vos:DataNode
vos:UnstructuredDataNode
vos:StructuredDataNode
vos:ContainerNode
vos:LinkNode
When creating a new Node the service may substitute a valid subtype, i.e. If xsi:typeis
set to vos:DataNodethen this may be implemented as a DataNode, StructuredDataNode
or an UnstructuredDataNode.
The properties of the new Node can be set by adding Properties to the template.
Attempting to set a Property that the service considers to be 'readonly' SHALL cause a
PermissionDenied fault.
The accepts and provides lists of Views for the Node cannot be set using this method.
The capabilities list for the Node cannot be set using this method.
Response
A HTTP 201 status code
A node representation including
node: details of the new Node
The accepts list of Views for the Node SHALL be filled in by the service based on service
capabilities.
The provides list of Views for the Node MAY not be filled in until some data has been
imported into the Node.
The capabilities list for the Node may not be filled in until some data has been imported into the Node.
Faults
The service shall throw a HTTP 500 status code including an InternalFault fault in the entity body if the operation fails
The service shall throw a HTTP 409 status code including a DuplicateNode fault in the entity body if a Node already exists with the same URI
The service shall throw a HTTP 400 status code including an InvalidURI fault in the entity body if the requested URI is invalid
The service shall throw a HTTP 400 status code including a TypeNotSupported fault in the entity body if the type specified in xsi:type is not supported
The service SHALL throw a HTTP 401 status code including PermissionDenied fault in the entity body if the user does not have permissions to perform the operation
If a parent node in the URI path does not exist then the service must throw a HTTP 500 status code including a ContainerNotFound fault in the entity body.
For example, given the URI path /a/b/c, the service must throw a HTTP 500 status code including a ContainerNotFound fault in the entity body if either /a or /a/b do not exist.
If a parent node in the URI path is a LinkNode, the service must throw a HTTP 500 status code including a LinkFound fault in the entity body.
For example, given the URI path /a/b/c, the service must throw a HTTP 500 status code including a LinkFound fault in the entity body if either /a or /a/b are LinkNodes.
deleteNode
Delete a node.
When the target is a ContainerNode, all its children (the contents of the container) SHALL also be deleted.
Request
A HTTP DELETE to the URL of an existing node
Response
A HTTP 200 status code
Faults
The service shall throw a HTTP 500 status code including an InternalFault fault in the entity-body if the operation fails
The service shall throw a HTTP 401 status code including a PermissionDenied fault in the entity-body if the user does not have permissions to perform the operation
The service shall throw a HTTP 404 status code including a NodeNotFound fault in the entity-body if the target node does not exist
If a parent node in the URI path does not exist then the service MUST throw a HTTP 500 status code including a ContainerNotFound fault in the entity-body
For example, given the URI path /a/b/c, the service must throw a HTTP 500 status code including a ContainerNotFound fault in the entity-body if either /a or /a/b do not exist.
If a parent node in the URI path is a LinkNode, the service must throw a HTTP 500 status code including a LinkFound fault in the entity-body.
For example, given the URI path /a/b/c, the service must throw a HTTP 500 status code including a LinkFound fault in the entity-body if either /a or /a/b are LinkNodes.
If the target node in the URI path does not exist, the service must throw a HTTP 404 status code including a NodeNotFound fault in the entity-body.
For example, given the URI path /a/b/c, the service must throw a HTTP 404 status code including a NodeNotFound fault in the entity-body if /a/b/c does not exist.
listNodes
List nodes in a space.
In order to support large numbers of nodes, this method uses a continuation token to
enable the list of results to be split across more than response.
When a target URI is a ContainerNode, only direct (first generation) children of the node SHALL be listed.
Request
A HTTP POST of a Listing representation to HYPERLINK "http://rest-endpoint/listing" http://rest-endpoint/listing including
token: An optional continuation token from a previous request
No token indicates a request for a new list
The server may impose a limited lifetime on the continuation token. If a token has expired,
the server SHALL throw a fault, and the client will have to make a new request.
limit: An optional limit indicating the maximum number of results in the response
No limit indicates a request for an unpaged list. However the server may still impose its own limit on the size of an individual response, splitting the results into more than one page if required
detail: The level of detail in the returned listing
min : The list contains the minimum detail for each Node with all optional parts removed the node type should be returned
e.g.
max : The list contains the maximum detail for each Node, including any xsi:type specific extensions
properties : The list contains a basic node element with a list of properties for each Node with no xsi:type specific extensions.
nodes: A list containing zero or more Nodes identifying the target URIs to be listed
Only the uri of the Nodes in the request list are used, the service SHALL ignore any other
elements or attributes. This method does not perform a search based on the Node
Properties or other attributes.
The Node URIs in the request list MAY contain a '*' wild card character in the name part of
the URI (the remaining text following the last '/' character).
A single request may include more than one target Node containing a wild card. For
example, the following request lists all Nodes with names that that match either '*.xml' or
'*.txt'
Note that the wild card substitution for the '*' is a simple 'zero or more of any characters'
match.
So a request for '*.txt' will match Nodes with the the following names :
.txt
frog.txt
Wild cards MUST only be used in the final part of the URL path: for example, a/b/c/*.txt is allowed but a/*/c/*.txt is not.
This method does not support regular expression matches.
An empty list of target Nodes list SHALL imply a full listing of the space.
A request with an empty list of target Nodes :
is equivalent to a request with a single target Node URI of '*' :
Response
A HTTP 202 status code with the Location header keyword assigned to the URL of the completed Listing representation HYPERLINK "http://rest-endpoint/listing/
The Listing representation includes:
token : An optional continuation token, indicating that the list is incomplete
The client may use this token to request the next block of Nodes in the sequence
No token SHALL indicate that the list is complete.
limit : An optional limit which must be present if a limit parameter was used in the request
If present, the value is the value from the original request and not any limit imposed by the service
nodes : A list of the Nodes matching the requested Node URIs
Faults
The service shall throw a HTTP 500 status code including an InternalFault fault in the entity-body if the operation fails
The service shall throw a HTTP 401 status code including a PermissionDenied fault in the entity-body if the user does not have permissions to perform the operation
The service shall throw a HTTP 404 status code including a NodeNotFound fault in the entity-body if a specific target Node does not exist
This does not apply if the target Node URI contains a wild card
The service shall throw a HTTP 400 status code including an InvalidToken fault in the entity-body if it does not recognize the continuation token
The service shall throw a HTTP 400 status code including an InvalidToken fault in the entity-body if the continuation token has expired
If a parent node in one of the search paths does not exist then the service must throw a HTTP 500 status code including ContainerNotFound fault in the entity-body.
For example, given the search path /a/b/*, the service must throw a HTTP 500 status code including a ContainerNotFound fault in the entity-body if either /a or /a/b do not exist.
If a parent node in one of the search paths is a LinkNode, the service musT throw a HTTP 500 status code including a LinkFound fault in the entity-body.
For example, given the search path /a/b/*, the service must throw a HTTP 500 status code including a LinkFound fault in the entity-body if either /a or /a/b are LinkNodes.
findNodes
Find nodes whose properties match the specified values.
This operation is optional.
Request
A HTTP POST of a Listing representation to HYPERLINK "http://rest-endpoint/listing" http://rest-endpoint/listing including:
token: An optional continuation token from a previous request
No token indicates a request for a new find operation.
The server may impose a limited lifetime on the continuation token. If a token has expired, the server SHALL throw a fault, and the client will have to make a new request.
limit: An optional limit indicating the maximum number of requests in the response
No limit SHALL indicate a request for an unpaged response. However the server may still impose its own limit on the size of an individual response, splitting the results into more than one page if required.
detail: The level of detail in the returned response
min: The response contains the minimum detail for each Node with all optional parts removed however, the node type should still be returned in the xsi:type attribute
e.g.
max: The response contains the maximum detail for each Node, including any type specific extensions
properties: The response contains a basic node element with a list of properties for each Node with no type specific extensions.
matches: A list of match elements identifying the properties and values to match against and whether these should applied in conjunction (and) or disjunction (or).
An empty list of implies a full listing of the space.
Response
A HTTP 202 status code with the Location header keyword assigned to the URL of the completed Listing representation HYPERLINK "http://rest-endpoint/listing/
The Listing representation includes:
token: An optional continuation token, indicating that the response is incomplete
The client may use this token to request the next block of Nodes in the sequence
No token indicates that the list is complete.
limit: An optional limit which must be present if a limit parameter was used in the request
If present, the value is the value from the original request and not any limit imposed by the service
nodes: A list of the Nodes matching the requested properties
Faults
The service shall throw a HTTP 500 status code including an InternalFault fault in the entity-body if the operation fails
The service shall throw a HTTP 401 status code including a PermissionDenied fault in the entity-body if the user does not have permissions to perform the operation
The service shall throw a HTTP 400 status code including a PropertyNotFound fault in the entity-body if a particular property is specified and does not exist in the space
The service shall throw a HTTP 400 status code including an InvalidToken fault in the entity-body if it does not recognize the continuation token
The service shall throw a HTTP 400 status code including an InvalidToken fault in the entity-body if the continuation token has expired
moveNode
Move a node within a VOSpace service.
Note that this does not cover moving data between two separate VOSpace services.
Moving nodes between separate VOSpace services should be handled by the client, using the import, export and delete methods.
When the source is a ContainerNode, all its children (the contents of the container) SHALL also be moved to the new destination.
When the destination is an existing ContainerNode, the source SHALL be placed under it (i.e. within the container).
Request
A HTTP POST of a Transfer representation to the transfer URL of an existing node: HYPERLINK "http://rest-endpoint/path/transfer" http://rest-endpoint/path/transfer including:
direction: The URI of the destination node
.auto is a reserved URI to indicate an autogenerated URI for the destination, i.e. vos://service/path/.auto SHALL cause a new unique URI for the node within vos://service/path to be generated.
Response
A HTTP 201 status code with the Location header keyword assigned to the URL of the destination node and a representation of the Node included in the entity-body
Faults
The service shall throw a HTTP 500 status code including an InternalFault fault in the entity-body if the operation fails
The service SHALL throw a HTTP 401 status code including a PermissionDenied fault in the entity-body if the user does not have permissions to perform the operation
The service shall throw a HTTP 404 status code including a NodeNotFound fault in the entity-body if the source Node does not exist
The service shall throw a HTTP 409 status code including a DuplicateNode fault in the entity-body if a Node already exists at the destination and it is not a ContainerNode
The service shall throw a HTTP 400 status code including an InvalidURI fault in the entity-body if a specified URI is invalid
If the source node does not exist, the service must throw a HTTP 404 status code including a NodeNotFound fault in the entity-body.
For example, given the source URI /a/b/c, the service must throw a HTTP 404 status code including a NodeNotFound fault in the entity-body if /a/b/c does not exist.
If a parent node in the destination URI path does not exist then the service must throw a HTTP 500 status code including a ContainerNotFound fault in the entity-body.
For example, given the destination URI /x/y/z, the service must throw a HTTP 500 status code including a ContainerNotFound fault in the entity-body if either /x or /x/y do not exist.
If a parent node in the destination URI is a LinkNode, the service must throw a HTTP 500 status code including a LinkFound fault.
For example, given the destination URI /x/y/z, the service must throw a HTTP 500 status code including a LinkFound fault in the entity-body if either /x or /x/y are LinkNodes.
copyNode
Copy a node with a VOSpace service.
Note that this does not cover copying data between two separate VOSpace services.
Copying nodes between separate VOSpace services should be handled by the client, using the import and export methods.
When the source is a ContainerNode, all its children (the full contents of the container) SHALL get copied, i.e. this is a deep recursive copy.
When the destination is an existing ContainerNode, the copy SHALL be placed under it (i.e. within the container).
Request
A HTTP POST of a Transfer representation to the transfer URL of an existing node: HYPERLINK "http://rest-endpoint/path/transfer" http://rest-endpoint/path/transfer including:
direction: The URI of the destination node
.auto is the reserved URI to indicate an auto-generated URI for the destination, i.e. vos://service/path/.auto SHALL cause a new unique URI for the node within vos://service/path to be generated.
Response
A HTTP 201 status code with the Location header keyword assigned to the URL of the destination node and a representation of the Node included in the entity-body
Faults
The service shall throw a HTTP 500 status code including an InternalFault fault in the entity-body if the operation fails
The service shall throw a HTTP 401 status code including a PermissionDenied fault in the entity-body if the user does not have permissions to perform the operation
The service shall throw a HTTP 404 status code including a NodeNotFound fault in the entity-body if the source Node does not exist
The service shall throw a HTTP 409 status code including a DuplicateNode fault in the entity-body if a Node already exists at the destination and it is not a ContainerNode
The service shall throw a HTTP 400 status code including an InvalidURI fault in the entity-body if a specified URI is invalid
If a parent node in the destination URI path does not exist then the service must throw a HTTP 500 status code including a ContainerNotFound fault in the entity-body.
For example, given the destination URI /x/y4/z, the service must throw a HTTP 500 status code including a ContainerNotFound fault in the entity-body if either /x or /x/y do not exist.
If a parent node in the destination URI is a LinkNode, the service must throw a HTTP 500 status code including a LinkFound fault in the entity-body.
For example, given the destination URI /x/y/z, the service must throw a HTTP 500 status code including a LinkFound fault in the entity-body if either /x or /x/y are LinkNodes.
Accessing metadata
getNode
Get the details for a specific Node.
Request
A HTTP GET to the URL of an existing node http://rest-endpoint/path
Response
A HTTP 200 status code and a Node representation in the entity-body
The full expanded record for the node SHALL be returned, including any xsi:type specific extensions.
Faults
The service shall throw a HTTP 500 status code including an InternalFault fault in the entity-body if the operation fails
The service shall throw a HTTP 401 status code including a PermissionDenied fault in the entity-body if the user does not have permissions to perform the operation
The service shall throw a HTTP 404 status code including a NodeNotFound fault in the entity-body if the target Node does not exist
setNode
Set the property values for a specific node.
Request
A HTTP POST of a Node representation to the URL of an existing node HYPERLINK "http://rest-endpoint/path" http://rest-endpoint/path including:
node: A Node containing the Node uri and a list of the Properties to set (as defined in section 3.1)
This will add or update the node properties including any xsi:type specific elements.
The operation is the union of existing values and new ones.
An empty value sets the value to blank.
To delete a Property, set the xsi:nill attribute to true
This method cannot be used to modify the Node type.
This method cannot be used to modify the accepts or provides list of Views for the Node.
Response
A HTTP 200 status code and a Node representation in the entity-body
The full expanded record for the node SHALL be returned, including any xsi:type specific extensions.
Faults
The service shall throw a HTTP 500 status code including an InternalFault fault in the entity-body if the operation fails
The service shall throw a HTTP 401 status code including a PermissionDenied fault in the entity-body if the request attempts to modify a readonly Property
The service shall throw a HTTP 401 status code including a PermissionDenied fault in the entity-body if the user does not have permissions to perform the operation
The service shall throw a HTTP 404 status code including a NodeNotFound fault in the entity-body if the target Node does not exist
The service shall throw a HTTP 400 status code including an InvalidArgument fault in the entity-body if a specified property value is invalid
Transferring data
pushToVoSpace
Request a list of URLs to send data to a VOSpace node.
This method asks the server for a list of one or more URLs that the client can use to send
data to.
The data transfer is initiated by the client, after it has received the response from the
VOSpace service.
The primary use case for this method is client that wants to send some data directly to a
VOSpace service.
Request
A HTTP POST of a Transfer representation to the transfer URL of a node http://rest-endpoint/path/transfer
If a Node already exists at the target URI, then the data SHALL be imported into the existing Node and the Node properties SHALL be cleared unless the node is a ContainerNode.
If there is no Node at the destination URI, then the service SHALL create a new Node using the uri and the default xsi:type for the space.
The Transfer representation contains details of the View and a list of the Protocols that the client wants to use.
The list of Protocols should not contain endpoint addresses, the service will supply the endpoint addresses in the response.
The service SHALL ignore any of the requested protocols that it does not understand or is unable to support.
.auto is the reserved URI to indicate an auto-generated URI for the destination, i.e. vos://service/path/.auto SHALL cause a new unique URI for the node within vos://service/path to be generated.
Response
A HTTP 201 status code with the Location header keyword assigned to the transfer URL of the node and an updated representation of the Transfer included in the entity-body
The service SHALL select which of the requested Protocols it is willing to provide and fill in the operational details for each one this SHOULD normally include specifying the destination URL of the transfer protocol endpoint.
The service response should not include any Protocols that it is unable to support.
Faults
The service shall throw a HTTP 500 status code including an InternalFault fault in the entity-body if the operation fails
The service shall throw a HTTP 401 status code including a PermissionDenied fault in the entity-body if the user does not have permissions to perform the operation
The service shall throw a HTTP 400 status code including a ViewNotSupported fault in the entity-body if the service does not support the requested View
The service shall throw a HTTP 400 status code including a ProtocolNotSupported fault in the entity-body if it supports none of the requested Protocols
The service shall throw a HTTP 400 status code including an InvalidArgument fault in the entity-body if a View parameter is invalid
The service shall throw a HTTP 400 status code including an InvalidArgument fault in the entity-body if a Protocol parameter is invalid
pullToVoSpace
Import data into a VOSpace node.
This method asks the server to fetch data from a remote location.
The data transfer is initiated by the VOSpace service and transferred direct into the target Node.
The data source can be another VOSpace service, or a standard HTTP or FTP server.
The primary use case for this method is transferring data from one server or service to another.
Request
A HTTP POST of a Transfer representation to the transfer URL of a node http://rest-endpoint/path/transfer
If a Node already exists at the target URI, then the data SHALL be imported into the existing Node and the Node properties SHALL be cleared unless the node is a ContainerNode.
If there is no Node at the destination URI, then the service SHALL create a new Node using the uri, and the default xsi:type for the space.
The Transfer details should include the View and a list of one or more Protocols with valid endpoints and parameters. The endpoint SHOULD normally refer to the source URL for the transfer protocol.
Response
A HTTP 201 status code with the Location header keyword assigned to the transfer URL of the node and an updated representation of the Transfer included in the entity-body
Faults
The service shall throw a HTTP 500 status code including an InternalFault fault in the entity-body if the operation fails
The service shall throw a HTTP 401 status code including a PermissionDenied fault in the entity-body if the user does not have permissions to perform the operation
The service shall throw a HTTP 400 status code including a ViewNotSupported fault in the entity-body if the service does not support the requested View
The service shall throw a HTTP 400 status code including a ProtocolNotSupported fault in the entity-body if it supports none of the requested Protocols
The service shall throw a HTTP 400 status code including an InvalidURI fault in the entity-body if the destination URI is invalid
The service shall throw a HTTP 400 status code including an InvalidArgument fault in the entity-body if a View parameter is invalid
The service shall throw a HTTP 400 status code including an InvalidArgument fault in the entity-body if a Protocol parameter is invalid
The service shall throw a HTTP 400 status code including an InvalidData fault in the entity-body if the data does not match the View
Notes
If the Transfer request contains more than one Protocol option, then the service may fail over to use one or more of the options if the first one fails. The service should try each Protocol option in turn until one succeeds or all have been tried.
pullFromVoSpace
Request a set of URLs that the client can read data from.
The client requests access to the data in a Node, and the server SHALL respond with a set of
URLs that the client can read the data from.
Request
A HTTP POST of a Transfer representation to the transfer URL of an existing node http://rest-endpoint/path/transfer
The template for the Transfer should contain details of the View and a list of the Protocols that the client would like to use.
The list of Protocols should not contain endpoint addresses; the service SHALL supply the endpoint addresses in the response.
The service SHALL ignore any of the requested protocols that it does not understand or is unable to support.
Response
A HTTP 201 status code with the Location header keyword assigned to the transfer URL of the node and an updated representation of the Transfer included in the entity-body
The service SHALL select which of the requested Protocols it is willing to provide and fill in the operational details for each one this SHOULD normally include specifying the source URL of the transfer protocol endpoint.
The service response should not include any Protocols that it is unable to support.
Faults
The service shall throw a HTTP 500 status code including an InternalFault fault in the entity-body if the operation fails
The service shall throw a HTTP 401 status code including a PermissionDenied fault in the entity-body if the user does not have permissions to perform the operation
The service shall throw a HTTP 404 status code including a NodeNotFound fault in the entity-body if the source Node does not exist.
The service shall throw a HTTP 400 status code including a ProtocolNotSupported fault in the entity-body if it none of the requested Protocols are supported
The service shall throw a HTTP 400 status code including a ViewNotSupported fault in the entity-body if it does not support the requested View
The service shall throw a HTTP 400 status code including an InvalidArgument fault in the entity-body if a View parameter is invalid
The service shall throw a HTTP 400 status code including an InvalidArgument fault in the entity-body if a Protocols parameter is invalid
Notes
The endpoint URLs supplied in the response should be considered as 'one shot' URLs. A VOSpace service connected to a standard web server may return the public URL for the data. However, a different implementation may create a unique single use URL specifically for this transfer.
pushFromVoSpace
Ask the server to send data to a remote location.
The client supplies a list of URLs and asks the server to send the data to the remote location.
The transfer is initiated by the server, and the data transferred direct from the server to the remote location.
Request
A HTTP POST of a Transfer representation to the transfer URL of an existing node http://rest-endpoint/path/transfer
The Transfer details should include the View and a list of one or more Protocols with valid endpoint and parameters. The endpoints will normally refer to the destination URLs for the transfer protocols.
Response
A HTTP 201 status code with the Location header keyword assigned to the transfer URL of the node and an updated representation of the Transfer included in the entity-body
Faults
The service shall throw a HTTP 500 status code including an InternalFault fault in the entity-body if the operation fails
The service shall throw a HTTP 401 status code including a PermissionDenied fault in the entity-body if the user does not have permissions to perform the operation
The service shall throw a HTTP 404 status code including a NodeNotFound fault in the entity-body if the source Node does not exist
The service shall throw a HTTP 400 status code including a ProtocolNotSupported fault in the entity-body if it supports none of the requested Protocols
The service shall throw a HTTP 400 status code including a ViewNotSupported fault in the entity-body if it does not support the requested View
The service shall throw a HTTP 400 status code including an InvalidArgument fault in the entity-body if a Protocols parameter is invalid
The service shall throw a HTTP 500 status code including a TransferFailed fault in the entity-body if the data transfer does not complete
Notes
In VOSpace version 1.0, the transfer is synchronous, and the SOAP call does not return until the transfer has been completed.
If the Transfer request contains more than one Protocol then the service may fail over to use one or more of the options if the first one fails. The service should try each Protocol option in turn until one succeeds or all have been tried.
Fault arguments
Faults thrown by a VOSpace service SHALL contain the following information:
InternalFault
This is thrown with a description of the cause of the fault.
PermissionDenied
This is thrown with a description of why the credentials (if any were provided) were rejected.
InvalidURI
This is thrown with details of the invalid URI.
NodeNotFound
This is thrown with the URI of the missing Node.
DuplicateNode
This is thrown with the URI of the duplicate Node.
InvalidToken
This is thrown with the invalid token.
InvalidArgument
This is thrown with a description of the invalid argument, including the View or Protocol URI and the name and value of the parameter that caused the fault.
TypeNotSupported
This is thrown with the QName of the unsupported type.
ViewNotSupported
This is thrown with the uri of the View.
InvalidData
This is thrown with any error message that the data parser produced.
LinkFoundFault
The fault details must contain the full details of the LinkNode.
Appendix 1: Machine readable definitions
WSDL/WADL
A proposed recommendation version of the VOSpace 2.0 [WSDL 2.0 or WADL?] can be found on the IVOA VOSpace page at: HYPERLINK "http://www.ivoa.net/twiki/bin/view/IVOA/VOSpaceHome" http://www.ivoa.net/twiki/bin/view/IVOA/VOSpaceHome.
Message schema
A proposed recommendation version of the XML message schema for VOSpace 2.0 can be found on the IVOA VOSpace page at: http://www.ivoa.net/twiki/bin/view/IVOA/VOSpaceHome.
Appendix 2: Compliance matrix
This table summarizes the mandatory behaviour required of a fully compliant VOSpace 2.0 service, i.e. those operations denoted as SHALL and MUST occurring. Note that for faults the general condition is specified but specific details should be checked in the relevant sections.
TBC
References
[VOSpace] Matthew Graham, Paul Harrison, Dave Morris, Guy Rixon, VOSpace service specification v1.02, IVOA Recommendation 2007 October 01, http://www.ivoa.net/Documents/cover/VOSpace-20070907.html
" , - . 5 6 7 8 ; P Q ^ } ~ µ筩oibXbXbP hl7= CJ ^J hl7= CJ ^J aJ
hl7= 5^J
hl7= ^J hl7= 56B*
CJ$ \]ph Z hl7= 5B*
CJ( \ph Z hO<( h`x 5B*
CJ( \ph Z h`x 5B*
CJ( \ph Z h`x h`x CJ aJ h`x 6B*]^J ph !h`x 6B*
CJ ]^J aJ ph Z 'h`x 56B*
CJ \]^J aJ ph Z h`x B*^J ph j h`x B*U^J ph - 7 8 9 : ; Q ^ } ~ gdl7= I kdL3 $$If 0 O ^6 3 4 a $If $If * + - . 7 ]
^
v
$a$ gdl7= gdl7= $a$gdl7= gdl7= ' ^ ` gdl7= `gdl7= ) * + , . 6 7 r \
]
^
v
& ο}}p}_Q_Q_Q hl7= 0J B*CJ ]ph hC hl7= 0J B*CJ ]ph hC hl7= B*^J ph hl7= B*CJ ^J ph hC hl7= B*CJ ^J ph hC hl7= 5B*
CJ \ph Z hl7= 5B*
CJ \ph Z hl7= B*^J ph j3 hl7= B*U^J ph
hl7= 0J(
hl7= ^J h@ hl7= 5^J
hl7= 5^J hl7= CJ ^J aJ h. hl7= CJ ^J 1 2 3 m n
r F d m n o خznnj[Q[H hl7= mH nH uhl7= B*
KH ph Z j hl7= B*
KH Uph Z hl7= hC hl7= 5CJ \
hl7= CJ \hC hl7= CJ \hl7= 5B*
CJ \ph Z hl7= 6B*]^J ph hC hl7= CJ hC hl7= 0J 6CJ ]^J 2jM4 hC hl7= 6B*CJ U]^J ph *j hC hl7= 0J B*CJ U^J ph !hC hl7= 0J B*CJ ^J ph
n d m n - c 6 m ! S @ }
%
X gdl7=
( ) * + , - . / C D ^ _ ` a b c wf js6 hl7= UmH nH u j5 hl7= UmH nH u h/ hl7= mH nH u jy5 hl7= UmH nH u hl7= mH nH tH u'h/ hl7= OJ QJ ^J mH nH tH u j4 hl7= UmH nH u j hl7= UmH nH u hl7= mH nH u%hl7= OJPJQJ^JmH nH tH u (c f g w x y
0 1 ʼʫʼʼʚʼކʼuʼކʼd jg8 hl7= UmH nH u j7 hl7= UmH nH u 'h/ hl7= OJ QJ ^J mH nH tH u jm7 hl7= UmH nH u j6 hl7= UmH nH u j hl7= UmH nH u hl7= mH nH uhl7= mH nH tH u%hl7= OJPJQJ^JmH nH tH uh/ hl7= mH nH tH u '1 2 4 5 6 ; < K L M g h i k l m r s o j9 hl7= UmH nH u ja9 hl7= UmH nH u j8 hl7= UmH nH u hl7= mH nH tH u)hl7= CJ OJPJQJ^JmH nH tH u'h/ hl7= OJ QJ ^J mH nH tH u%hl7= OJPJQJ^JmH nH tH uhl7= mH nH uj hl7= UmH nH u+ ! $ % 2 3 M N O Q R S X Y k l ÷ؓq j; hl7= UmH nH u jU; hl7= UmH nH u j: hl7= UmH nH u %hl7= OJPJQJ^JmH nH tH uh/ hl7= mH nH u)hl7= CJ OJPJQJ^JmH nH tH uhl7= mH nH uj hl7= UmH nH u j[: hl7= UmH nH u( : ; < > ? @ E F \ ] w x y { | } زءÍzo^z j= hl7= UmH nH u hl7= mH nH tH u%hl7= OJPJQJ^JmH nH tH u'h/ hl7= OJ QJ ^J mH nH tH u jI= hl7= UmH nH u j<