ietf-openproxy
[Top] [All Lists]

Re: OPES Ownership

2001-02-02 20:02:52
On Fri, Feb 02, 2001 at 07:16:55PM -0700, Hilarie Orman wrote:

There's an implicit integrity model in the word "cache" that's
similar.  Literally, caches don't modify content.  But caching is only
part of a proxy or a surrogate or a content service node.

I like to think of HTTP caching as a limited processing model
designed into the protocol.


There's a more complicated model for "proxies", I claim.  They
provide integrity on parts of the content (data, payload, etc.),
but they have application-level responsibilities to protect,
enhance, and add value to content.  I think there's
a legitimate question here, about what integrity guarantees
can be expected.  And I think it's difficult, but may worthwhile,
to draw up some guidelines.  Things such as

  By default, content integrity is assured.  

Maybe it would be better to say 'message' instead of 'content' (to
encompass both requests and responses)?

  Refusal to deliver content is not modification

  Publishers and users should have clear ways of specifying
  acceptable policies for content modification.

  Users should have clear ways opting out of content
  modification services.

  The content should have an audit trail of modification
  services applied end-to-end

  Content services should not move data between
  unrelated transactions

  ...

I like this list a lot; looks like a good starting point for
discussion. The other half would be guidelines for the scope of
things service authors need to consider, such as

- known and unknown request methods (PUT, DELETE, M-GET, TRACE..)
- known and unknown status codes (100 Continue...)
- known and unknown content encoding
- use of the HTTP Extension Framework
- presence of Cache-Control: no-transform in requests and responses...

and eventually, tools to help test services.

-- 
Mark Nottingham, Research Scientist
Akamai Technologies (San Mateo, CA)

<Prev in Thread] Current Thread [Next in Thread>