[Top] [All Lists]

Awareness of transformation

2001-03-26 14:33:41
This belonged in a separate thread to start with. My apologies for not breaking it out earlier.

At 17:54 3/23/2001 -0700, Hilarie Orman wrote:
My comments in brackets.


>>> Ian Cooper <icooper(_at_)equinix(_dot_)com> 03/23/01 09:13AM >>>
At 07:21 3/23/2001 -0800, Michael W. Condry wrote:
>Intermediary services provided in this way are not
>transparent: Either the content requestor or provider will
>be aware that a transformation has been performed.

Did we remove the case where the access provider is the one controlling the

[The security model will have to clarify this.  "Controlling" the
transformation might be a different role than "authorizing" or
"delegating" the transformation.  So the access provider may
simply be carrying out the intent of the requestor or provider.]

Also "..the content requestor.. will be aware that a transformation has
been performed".  Would this be similar to the notional Warning headers
that I've never seen used in HTTP/1.1?  The content consumer may have
requested that services be provided, but when do they know if the trigger
has fired and the transformation has been carried out?

[Again, the security work needs to clarify this; "awareness" might be
as little as "authorization", or as intrusive as "click here for element
transformation 'Language Translation English to Chinese' action".

Agreed that we need to do work in this area - I was trying to get some discussion going ;-)

What I was trying to get at was the fact that a rule may not trigger for every request a specific content consumer requests. And the "click here for action" is rather too intrusive, perhaps. So perhaps this is a candidate for an update to 2616 for some additional Warning header material?

This is a case where "you signed on the dotted line" doesn't work. The user may be aware that a certain transformation *could* occur, but I think they also need to know when it *has* occurred.

So while I agree that there needs to be some work within the security text, I also think there's a real protocol element to it.