1 |
|
2 |
|
3 |
|
4 |
|
5 |
|
6 |
|
7 |
|
8 |
INTERNET-DRAFT HTTP Extensions H. Frystyk Nielsen, W3C |
9 |
draft-frystyk-http-extensions-02 P. Leach, Microsoft |
10 |
Scott Lawrence, Agranat Systems |
11 |
Expires: Jul 20, 1999 Wed, Jan 20, 1999 |
12 |
|
13 |
|
14 |
HTTP Extension Framework |
15 |
|
16 |
|
17 |
Status of this Document |
18 |
|
19 |
This document is an Internet-Draft. Internet-Drafts are working |
20 |
documents of the Internet Engineering Task Force (IETF), its areas, |
21 |
and its working groups. Note that other groups may also distribute |
22 |
working documents as Internet-Drafts. Internet-Drafts are draft |
23 |
documents valid for a maximum of six months and may be updated, |
24 |
replaced, or obsoleted by other documents at any time. It is |
25 |
inappropriate to use Internet-Drafts as reference material or to cite |
26 |
them other than as "work in progress". |
27 |
|
28 |
To learn the current status of any Internet-Draft, please check the |
29 |
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow |
30 |
Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), |
31 |
munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or |
32 |
ftp.isi.edu (US West Coast). |
33 |
|
34 |
Distribution of this document is unlimited. Please send comments to |
35 |
the <ietf-http-ext@w3.org> mailing list. This list is archived at |
36 |
"http://lists.w3.org/Archives/Public/ietf-http-ext/". |
37 |
|
38 |
|
39 |
Abstract |
40 |
|
41 |
A wide range of applications have proposed various extensions of the |
42 |
HTTP protocol. Current efforts span an enormous range, including |
43 |
distributed authoring, collaboration, printing, and remote procedure |
44 |
call mechanisms. These HTTP extensions are not coordinated, since |
45 |
there has been no standard framework for defining extensions and thus, |
46 |
separation of concerns. This document describes a generic extension |
47 |
mechanism for HTTP, which is designed to address the tension between |
48 |
private agreement and public specification and to accommodate |
49 |
extension of applications using HTTP clients, servers, and proxies. |
50 |
The proposal associates each extension with a globally unique |
51 |
identifier, and uses HTTP header fields to carry the extension |
52 |
identifier and related information between the parties involved in the |
53 |
extended communication. |
54 |
|
55 |
|
56 |
Table of Contents |
57 |
|
58 |
1. Introduction............................................... 2 |
59 |
2. Notational Conventions..................................... 3 |
60 |
|
61 |
Frystyk et al [Page 1] |
62 |
|
63 |
|
64 |
|
65 |
|
66 |
|
67 |
|
68 |
INTERNET-DRAFT HTTP Extensions Wed, Jan 20, 1999 |
69 |
|
70 |
3. Extension Declarations..................................... 3 |
71 |
3.1 Header Field Prefixes................................... 4 |
72 |
4. Extension Header Fields.................................... 5 |
73 |
4.1 End-to-End Extensions................................... 6 |
74 |
4.2 Hop-by-Hop Extensions................................... 6 |
75 |
4.3 Extension Response Header Fields........................ 7 |
76 |
5. Mandatory HTTP Requests.................................... 7 |
77 |
5.1 Fulfilling a Mandatory Request.......................... 9 |
78 |
6. Mandatory HTTP Responses.................................. 10 |
79 |
7. 510 Not Extended.......................................... 10 |
80 |
8. Publishing an Extension................................... 10 |
81 |
9. Caching Considerations.................................... 12 |
82 |
10. Security Considerations.................................. 12 |
83 |
11. References............................................... 12 |
84 |
12. Acknowledgements......................................... 13 |
85 |
13. Authors Addresses........................................ 13 |
86 |
14. Summary of Protocol Interactions......................... 13 |
87 |
15. Examples................................................. 14 |
88 |
15.1 User Agent to Origin Server............................ 15 |
89 |
15.2 User Agent to Origin Server via HTTP/1.1 Proxy......... 15 |
90 |
15.3 User Agent to Origin Server via HTTP/1.0 Proxy......... 16 |
91 |
|
92 |
1. Introduction |
93 |
|
94 |
This proposal is designed to address the tension between private |
95 |
agreement and public specification; and to accommodate dynamic |
96 |
extension of HTTP clients and servers by software components. The kind |
97 |
of extensions capable of being introduced range from: |
98 |
|
99 |
o extending a single HTTP message; |
100 |
o introducing new encodings; |
101 |
o initiating HTTP-derived protocols for new applications; to... |
102 |
o switching to protocols which, once initiated, run independent of |
103 |
the original protocol stack. |
104 |
|
105 |
The proposal is intended to be used as follows: |
106 |
|
107 |
o Some party designs and specifies an extension; the party assigns |
108 |
the extension a globally unique URI, and makes one or more |
109 |
representations of the extension available at that address (see |
110 |
section 8). |
111 |
o An HTTP client or server that implements this extension mechanism |
112 |
(hereafter called an agent) declares the use of the extension by |
113 |
referencing its URI in an extension declaration in an HTTP |
114 |
message (see section 3). |
115 |
o The HTTP application which the extension declaration is intended |
116 |
for (hereafter called the ultimate recipient) can deduce how to |
117 |
|
118 |
|
119 |
|
120 |
Frystyk, et al [Page 2] |
121 |
|
122 |
|
123 |
|
124 |
|
125 |
|
126 |
|
127 |
INTERNET-DRAFT HTTP Extensions Wed, Jan 20, 1999 |
128 |
|
129 |
properly interpret the extended message based on the extension |
130 |
declaration. |
131 |
|
132 |
The proposal uses features in HTTP/1.1 but is compatible with HTTP/1.0 |
133 |
applications in such a way that extended applications can coexist with |
134 |
existing HTTP applications. Applications implementing this proposal |
135 |
MUST be based on HTTP/1.1 (or later versions of HTTP). |
136 |
|
137 |
|
138 |
2. Notational Conventions |
139 |
|
140 |
This specification uses the same notational conventions and basic |
141 |
parsing constructs as RFC 2068 [5]. In particular the BNF constructs |
142 |
"token", "quoted-string", "Request-Line", "field-name", and |
143 |
"absoluteURI" in this document are to be interpreted as described in |
144 |
RFC 2068 [5]. |
145 |
|
146 |
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", |
147 |
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this |
148 |
document are to be interpreted as described in RFC 2119 [6]. |
149 |
|
150 |
This proposal does not rely on particular features defined in URLs [8] |
151 |
that cannot potentially be expressed using URNs (see section 8). |
152 |
Therefore, the more generic term URI [8] is used throughout the |
153 |
specification. |
154 |
|
155 |
|
156 |
3. Extension Declarations |
157 |
|
158 |
An extension declaration can be used to indicate that an extension has |
159 |
been applied to a message and possibly to reserve a part of the header |
160 |
namespace identified by a header field prefix (see 3.1). This section |
161 |
defines the extension declaration itself; section 4 defines a set of |
162 |
header fields using the extension declaration. |
163 |
|
164 |
This specification does not define any ramifications of applying an |
165 |
extension to a message nor whether two extensions can or cannot |
166 |
logically coexist within the same message. It is simply a framework |
167 |
for describing which extensions have been applied and what the |
168 |
ultimate recipient either must or may do in order to properly |
169 |
interpret any extension declarations within that message. |
170 |
|
171 |
The grammar for an extension declaration is as follows: |
172 |
|
173 |
|
174 |
|
175 |
|
176 |
|
177 |
|
178 |
|
179 |
Frystyk, et al [Page 3] |
180 |
|
181 |
|
182 |
|
183 |
|
184 |
|
185 |
|
186 |
INTERNET-DRAFT HTTP Extensions Wed, Jan 20, 1999 |
187 |
|
188 |
ext-decl = <"> ( absoluteURI | field-name ) <"> |
189 |
[ namespace ] [ decl-extensions ] |
190 |
|
191 |
namespace = ";" "ns" "=" header-prefix |
192 |
header-prefix = 2*DIGIT |
193 |
|
194 |
decl-extensions = *( decl-ext ) |
195 |
decl-ext = ";" token [ "=" ( token | quoted-string ) ] |
196 |
|
197 |
An extension is identified by an absolute, globally unique URI or a |
198 |
field-name. A field-name MUST specify a header field uniquely defined |
199 |
in an IETF Standards Track RFC [3]. A URI can unambiguously be |
200 |
distinguished from a field-name by the presence of a colon (":"). |
201 |
|
202 |
The support for header field names as extension identifiers provides a |
203 |
transition strategy from decentralized extensions to extensions |
204 |
defined by IETF Standards Track RFCs until a mapping between the |
205 |
globally unique URI space and features defined in IETF Standards Track |
206 |
RFCs has been defined according to the guidelines described in section |
207 |
8. |
208 |
|
209 |
Examples of extension declarations are |
210 |
|
211 |
"http://www.company.com/extension"; ns=11 |
212 |
"Range" |
213 |
|
214 |
An agent MAY use the decl-extensions mechanism to include optional |
215 |
extension declaration parameters but cannot assume these parameters to |
216 |
be recognized by the recipient. An agent MUST NOT use decl-extensions |
217 |
to pass extension instance data, which MAY be passed using header |
218 |
field prefix values (see section 3.1). Unrecognized decl-ext |
219 |
parameters SHOULD be ignored and MUST NOT be removed by proxies when |
220 |
forwarding the extension declaration. |
221 |
|
222 |
|
223 |
3.1 Header Field Prefixes |
224 |
|
225 |
The header-prefix is a dynamically generated string. All header fields |
226 |
in the message that match this string, using string prefix-matching, |
227 |
belong to that extension declaration. Header field prefixes allow an |
228 |
extension declaration to dynamically reserve a subspace of the header |
229 |
space in a protocol message in order to prevent header field name |
230 |
clashes and to allow multiple declarations using the same extension to |
231 |
be applied to the same message without conflicting. |
232 |
|
233 |
Header fields using a header-prefix are of the form: |
234 |
|
235 |
prefixed-header = prefix-match field-name |
236 |
prefix-match = header-prefix "-" |
237 |
|
238 |
|
239 |
Frystyk, et al [Page 4] |
240 |
|
241 |
|
242 |
|
243 |
|
244 |
|
245 |
|
246 |
INTERNET-DRAFT HTTP Extensions Wed, Jan 20, 1999 |
247 |
|
248 |
Linear white space (LWS) MUST NOT be used between the header-prefix |
249 |
and the dash ("-") or between the prefix-match and the field-name. The |
250 |
string prefix matching algorithm is applied to the prefix-match |
251 |
string. |
252 |
|
253 |
The format of the prefix using a combination of digits and the dash |
254 |
("-") guarantees that no extension declaration can reserve the whole |
255 |
header field name space. The header-prefix mechanism was preferred |
256 |
over other solutions for exchanging extension instance parameters |
257 |
because it is header based and therefore allows for easy integration |
258 |
of new extensions with existing HTTP features. |
259 |
|
260 |
Agents MUST NOT reuse header-prefix values in the same message unless |
261 |
explicitly allowed by the extension (see section 4.1 for a discussion |
262 |
of the ultimate recipient of an extension declaration). |
263 |
|
264 |
Clients SHOULD be as consistent as possible when generating header- |
265 |
prefix values as this facilitates use of the Vary header field in |
266 |
responses that vary as a function of the request extension |
267 |
declaration(s) (see [5], section 13.6). |
268 |
|
269 |
Examples of header-prefix values are |
270 |
|
271 |
12 |
272 |
15 |
273 |
23 |
274 |
|
275 |
Old applications may introduce header fields independent of this |
276 |
extension mechanism, potentially conflicting with header fields |
277 |
introduced by the prefix mechanism. In order to minimize this risk, |
278 |
prefixes MUST contain at least 2 digits. |
279 |
|
280 |
|
281 |
4. Extension Header Fields |
282 |
|
283 |
This proposal introduces two types of extension declaration strength: |
284 |
mandatory and optional, and two types of extension declaration scope: |
285 |
hop-by-hop and end-to-end (see section 4.1 and 4.2). |
286 |
|
287 |
A mandatory extension declaration indicates that the ultimate |
288 |
recipient MUST consult and adhere to the rules given by the extension |
289 |
when processing the message or reporting an error (see section 5 and |
290 |
7). |
291 |
|
292 |
An optional extension declaration indicates that the ultimate |
293 |
recipient of the extension MAY consult and adhere to the rules given |
294 |
by the extension when processing the message, or ignore the extension |
295 |
declaration completely. An agent may not be able to distinguish |
296 |
|
297 |
|
298 |
Frystyk, et al [Page 5] |
299 |
|
300 |
|
301 |
|
302 |
|
303 |
|
304 |
|
305 |
INTERNET-DRAFT HTTP Extensions Wed, Jan 20, 1999 |
306 |
|
307 |
whether the ultimate recipient does not understand an extension |
308 |
referred to by an optional extension or simply ignores the extension |
309 |
declaration. |
310 |
|
311 |
The combination of the declaration strength and scope defines a 2x2 |
312 |
matrix which is distinguished by four new general HTTP header fields: |
313 |
Man, Opt, C-Man, and C-Opt. (See sections 4.1 and 4.2; also see |
314 |
appendix 14, which has a table of interactions with origin servers and |
315 |
proxies.) |
316 |
|
317 |
The header fields are general header fields as they describe which |
318 |
extensions actually are applied to an HTTP message. Optional |
319 |
declarations MAY be applied to any HTTP message without any change to |
320 |
existing HTTP semantics (see section 5 for how to apply mandatory |
321 |
extension declarations to requests and section 6 for how to apply them |
322 |
to responses). |
323 |
|
324 |
|
325 |
4.1 End-to-End Extensions |
326 |
|
327 |
End-to-end declarations MUST be transmitted to the ultimate recipient |
328 |
of the declaration. The Man and the Opt general header fields are end- |
329 |
to-end header fields and are defined as follows: |
330 |
|
331 |
mandatory = "Man" ":" 1#ext-decl |
332 |
optional = "Opt" ":" 1#ext-decl |
333 |
|
334 |
For example |
335 |
|
336 |
HTTP/1.1 200 OK |
337 |
Content-Length: 421 |
338 |
Opt: "http://www.digest.org/Digest"; ns=15 |
339 |
15-digest: "snfksjgor2tsajkt52" |
340 |
... |
341 |
|
342 |
The ultimate recipient of a mandatory end-to-end extension declaration |
343 |
MUST handle that extension declaration as described in section 5 and |
344 |
6. |
345 |
|
346 |
|
347 |
4.2 Hop-by-Hop Extensions |
348 |
|
349 |
Hop-by-hop extension declarations are meaningful only for a single |
350 |
HTTP connection. In HTTP/1.1, C-Man, C-Opt and all header fields with |
351 |
matching header-prefix values defined by C-Man and C-Opt MUST be |
352 |
protected by a Connection header field. That is, these header fields |
353 |
are to be included as Connection header field directives (see [5], |
354 |
section 14.10). The two header fields have the following grammar: |
355 |
|
356 |
c-mandatory = "C-Man" ":" 1#ext-decl |
357 |
c-optional = "C-Opt" ":" 1#ext-decl |
358 |
|
359 |
Frystyk, et al [Page 6] |
360 |
|
361 |
|
362 |
|
363 |
|
364 |
|
365 |
|
366 |
INTERNET-DRAFT HTTP Extensions Wed, Jan 20, 1999 |
367 |
|
368 |
For example |
369 |
|
370 |
M-GET / HTTP/1.1 |
371 |
Host: some.host |
372 |
C-Man: "http://www.digest.org/ProxyAuth"; ns=14 |
373 |
14-Credentials="g5gj262jdw@4df" |
374 |
Connection: C-Man, 14-Credentials |
375 |
|
376 |
The ultimate recipient of a mandatory hop-by-hop extension declaration |
377 |
MUST handle that extension declaration as described in section 5 and |
378 |
6. |
379 |
|
380 |
|
381 |
4.3 Extension Response Header Fields |
382 |
|
383 |
Two extension response header fields are used to indicate that a |
384 |
request containing mandatory extension declarations has been fulfilled |
385 |
by the ultimate recipient as described in section 5.1. The extension |
386 |
response header fields are exclusively intended to serve as extension |
387 |
acknowledgements and can not carry any other information. |
388 |
|
389 |
The Ext header field is used to indicate that all end-to-end mandatory |
390 |
extension declarations in the request were fulfilled: |
391 |
|
392 |
|
393 |
ext = "Ext" ":" |
394 |
|
395 |
The C-Ext response header field is used to indicate that all hop-by- |
396 |
hop mandatory extension declarations in the request were fulfilled. |
397 |
|
398 |
c-ext = "C-Ext" ":" |
399 |
|
400 |
In HTTP/1.1, the C-Ext header fields MUST be protected by a Connection |
401 |
header (see [5], section 14.10). |
402 |
|
403 |
The Ext and the C-Ext header fields are not mutually exclusive; they |
404 |
can both occur within the same message as described in section 5.1. |
405 |
|
406 |
|
407 |
5. Mandatory HTTP Requests |
408 |
|
409 |
An HTTP request is called a mandatory request if it includes at least |
410 |
one mandatory extension declaration (using the Man or the C-Man header |
411 |
fields). The method name of a mandatory request MUST be prefixed by |
412 |
"M-". For example, a client might express the binding rights- |
413 |
management constraints in an HTTP PUT request as follows: |
414 |
|
415 |
|
416 |
|
417 |
|
418 |
|
419 |
|
420 |
Frystyk, et al [Page 7] |
421 |
|
422 |
|
423 |
|
424 |
|
425 |
|
426 |
|
427 |
INTERNET-DRAFT HTTP Extensions Wed, Jan 20, 1999 |
428 |
|
429 |
M-PUT /a-resource HTTP/1.1 |
430 |
Man: "http://www.copyright.org/rights-management"; ns=16 |
431 |
16-copyright: http://www.copyright.org/COPYRIGHT.html |
432 |
16-contributions: http://www.copyright.org/PATCHES.html |
433 |
Host: www.w3.org |
434 |
Content-Length: 1203 |
435 |
Content-Type: text/html |
436 |
|
437 |
<!doctype html ... |
438 |
|
439 |
An ultimate recipient conforming to this specification receiving a |
440 |
mandatory request MUST process the request by performing the following |
441 |
actions in the order listed below: |
442 |
|
443 |
1. Identify all mandatory extension declarations (both hop-by-hop |
444 |
and end-to-end); the server MAY ignore optional declarations |
445 |
without affecting the result of processing the HTTP message; |
446 |
2. Examine all extensions identified in 1) and determine if they |
447 |
are supported for this message. If not, respond with a 510 (Not |
448 |
Extended) status-code (see section 7); |
449 |
3. If 2) did not result in a 510 (Not Extended) status code, then |
450 |
strip the "M-" prefix from the method name and process the |
451 |
remainder of the request according to the semantics of the |
452 |
extensions and of the existing HTTP method name as defined in |
453 |
HTTP/1.1 [5] or later versions of HTTP. |
454 |
4. If the evaluation in 3) was successful and the mandatory |
455 |
request fulfilled, the server MUST respond as defined in |
456 |
section 5.1. A server MUST NOT fulfill a request without |
457 |
understanding and obeying all mandatory extension |
458 |
declaration(s) in a request. |
459 |
|
460 |
A proxy that does not act as the ultimate recipient of a mandatory |
461 |
extension declaration MUST NOT remove the extension declaration or the |
462 |
"M-" method name prefix when forwarding the message. HTTP proxies that |
463 |
do not understand the "M-" method name prefix SHOULD return 501 (Not |
464 |
Implemented) or turn themselves into a tunnel (see [5]) in which case |
465 |
they do not take any part in the communication. |
466 |
|
467 |
A server receiving an HTTP/1.0 (or earlier versions of HTTP) message |
468 |
that includes a Connection header MUST, for each connection-token in |
469 |
this field, remove and ignore any header field(s) from the message |
470 |
with the same name as the connection-token. |
471 |
|
472 |
A server receiving a mandatory request including the "M-" method name |
473 |
prefix without any mandatory extension declarations to follow MUST |
474 |
return a 510 (Not Extended) response. |
475 |
|
476 |
|
477 |
|
478 |
Frystyk, et al [Page 8] |
479 |
|
480 |
|
481 |
|
482 |
|
483 |
|
484 |
|
485 |
INTERNET-DRAFT HTTP Extensions Wed, Jan 20, 1999 |
486 |
|
487 |
The "M-" prefix is reserved by this proposal and MUST NOT be used by |
488 |
other HTTP extensions. |
489 |
|
490 |
|
491 |
5.1 Fulfilling a Mandatory Request |
492 |
|
493 |
A server MUST NOT claim to have fulfilled any mandatory request unless |
494 |
it understood and obeyed all the mandatory extension declarations in |
495 |
the request. This section defines a mechanism for conveying this |
496 |
information to the client in such a way that it interoperates with |
497 |
existing HTTP applications and prevents broken servers from giving the |
498 |
false impression that an extended request was fulfilled by responding |
499 |
with a 200 (Ok) response without understanding the method. |
500 |
|
501 |
If any end-to-end mandatory extension declarations were among the |
502 |
fulfilled extensions then the server MUST include an Ext response |
503 |
header field in the response. In order to avoid that the Ext header |
504 |
field inadvertently is cached in an HTTP/1.1 cache, the response MUST |
505 |
contain a no-cache cache-control directive. If the response is |
506 |
otherwise cachable, the no-cache cache-control directive SHOULD be |
507 |
limited to only affect the Ext header field: |
508 |
|
509 |
HTTP/1.1 200 OK |
510 |
Ext: |
511 |
Cache-Control: no-cache="Ext" |
512 |
... |
513 |
|
514 |
If the mandatory request has been forwarded by an HTTP/1.0 |
515 |
intermediary proxy then this is indicated either directly in the |
516 |
Request-Line or by the presence of an HTTP/1.1 Via header field. In |
517 |
this case, the server MUST include an Expires header field with a date |
518 |
equal to or earlier than the value of the Date header field. If the |
519 |
response is otherwise cachable by HTTP/1.1 caches, the server SHOULD |
520 |
include an appropriate max-age cache-control directive: |
521 |
|
522 |
HTTP/1.1 200 OK |
523 |
Date: Sun, 25 Oct 1998 08:12:31 GMT |
524 |
Expires: Sun, 25 Oct 1998 08:12:31 GMT |
525 |
Ext: |
526 |
Cache-Control: no-cache="Ext", max-age=3600 |
527 |
... |
528 |
|
529 |
If any hop-by-hop mandatory extension declarations were among the |
530 |
fulfilled extensions then the server MUST include a C-Ext response |
531 |
header field in the response. The C-Ext header field MUST be protected |
532 |
by a Connection header field (see [5], section 14.10). |
533 |
|
534 |
HTTP/1.1 200 OK |
535 |
C-Ext: |
536 |
Connection: C-Ext |
537 |
|
538 |
Frystyk, et al [Page 9] |
539 |
|
540 |
|
541 |
|
542 |
|
543 |
|
544 |
|
545 |
INTERNET-DRAFT HTTP Extensions Wed, Jan 20, 1999 |
546 |
|
547 |
Note, that the Ext and C-Ext header fields are not mutually exclusive; |
548 |
they can be both be present in a response when fulfilling mandatory |
549 |
request containing both hop-by-hop as well as end-to-end mandatory |
550 |
extension declarations. |
551 |
|
552 |
|
553 |
6. Mandatory HTTP Responses |
554 |
|
555 |
A server MUST NOT include mandatory extension declarations in an HTTP |
556 |
response unless it is responding to a mandatory HTTP request whose |
557 |
definition allowed for the mandatory response or the server has some a |
558 |
priori knowledge that the recipient can handle the extended response. |
559 |
A server MAY include optional extension declarations in any HTTP |
560 |
response (see section 4). |
561 |
|
562 |
If a client is the ultimate recipient of a mandatory HTTP response |
563 |
containing mandatory extension declarations that either the client |
564 |
does not understand or does not want to use, then it SHOULD discard |
565 |
the complete response as if it were a 500 (Internal Server Error) |
566 |
response. |
567 |
|
568 |
|
569 |
7. 510 Not Extended |
570 |
|
571 |
The policy for accessing the resource has not been met in the request. |
572 |
The server SHOULD send back all the information necessary for the |
573 |
client to issue an extended request. It is outside the scope of this |
574 |
specification to specify how the extensions inform the client. |
575 |
|
576 |
If the 510 response contains information about extensions that were |
577 |
not present in the initial request then the client MAY repeat the |
578 |
request if it has reason to believe it can fulfill the extension |
579 |
policy by modifying the request according to the information provided |
580 |
in the 510 response. Otherwise the client MAY present any entity |
581 |
included in the 510 response to the user, since that entity may |
582 |
include relevant diagnostic information. |
583 |
|
584 |
|
585 |
8. Publishing an Extension |
586 |
|
587 |
While the protocol extension definition should be published at the |
588 |
address of the extension identifier, this is not a requirement of this |
589 |
specification. The only absolute requirement is that extension |
590 |
identifiers MUST be globally unique identifiers and that distinct |
591 |
names be used for distinct semantics. |
592 |
|
593 |
Likewise, applications are not required to attempt resolving extension |
594 |
identifiers included in an extension declaration. The only absolute |
595 |
requirement is that an application MUST NOT claim conformance with an |
596 |
|
597 |
Frystyk, et al [Page 10] |
598 |
|
599 |
|
600 |
|
601 |
|
602 |
|
603 |
|
604 |
INTERNET-DRAFT HTTP Extensions Wed, Jan 20, 1999 |
605 |
|
606 |
extension that it does not recognize regardless of whether it has |
607 |
tried to resolve the extension identifier or not. This document does |
608 |
not provide any policy for how long or how often an application may |
609 |
attempt to resolve an extension identifier. |
610 |
|
611 |
The association between the extension identifier and the specification |
612 |
might be made by distributing a specification, which references the |
613 |
extension identifier. |
614 |
|
615 |
It is strongly recommended that the integrity and persistence of the |
616 |
extension identifier be maintained and kept unquestioned throughout |
617 |
the lifetime of the extension. Care should be taken not to distribute |
618 |
conflicting specifications that reference the same name. Even when an |
619 |
extension specification is made available at the address of the URI, |
620 |
care must be taken that the specification made available at that |
621 |
address does not change over time. One agent may associate the |
622 |
identifier with the old semantics, and another might associate it with |
623 |
the new semantics. |
624 |
|
625 |
The extension definition may be made available in different |
626 |
representations ranging from |
627 |
|
628 |
o a human-readable specification defining the extension semantics |
629 |
(see for example [7]), |
630 |
o downloadable code which implements the semantics defined by the |
631 |
extension, |
632 |
o a formal interface description provided by the extension, to |
633 |
o a machine-readable specification defining the extension |
634 |
semantics. |
635 |
|
636 |
For example, a software component that implements the specification |
637 |
may reside at the same address as a human-readable specification |
638 |
(distinguished by content negotiation). The human-readable |
639 |
representation serves to document the extension and encourage |
640 |
deployment, while the software component allows clients and servers to |
641 |
be dynamically extended. |
642 |
|
643 |
|
644 |
9. Caching Considerations |
645 |
|
646 |
Use of extensions using the syntax defined by this document may have |
647 |
additional implications on the cachability of HTTP response messages |
648 |
other than the ones described in section 5.1. |
649 |
|
650 |
The originator of an extended message should be able to determine from |
651 |
the semantics of the extension whether or not the extension's presence |
652 |
impacts the cachability of the response message. If an extension does |
653 |
change the default cachability of the response, the originator MUST |
654 |
|
655 |
|
656 |
Frystyk, et al [Page 11] |
657 |
|
658 |
|
659 |
|
660 |
|
661 |
|
662 |
|
663 |
INTERNET-DRAFT HTTP Extensions Wed, Jan 20, 1999 |
664 |
|
665 |
include a Cache-Control header field containing the cache directives |
666 |
corresponding to the desired result of the extended semantics. |
667 |
|
668 |
|
669 |
10. Security Considerations |
670 |
|
671 |
Dynamic installation of extension facilities as described in the |
672 |
introduction involves software written by one party (the provider of |
673 |
the implementation) to be executed under the authority of another (the |
674 |
party operating the host software). This opens the host party to a |
675 |
variety of "Trojan horse" attacks by the provider, or a malicious |
676 |
third party that forges implementations under a provider's name. See, |
677 |
for example RFC2046 [4], section 4.5.2 for a discussion of these |
678 |
risks. |
679 |
|
680 |
|
681 |
11. References |
682 |
|
683 |
[1] D. H. Crocker. "Standard for the Format of ARPA Internet Text |
684 |
Messages", STD 11, RFC 822, UDEL, August 1982 |
685 |
[2] T. Berners-Lee, R. Fielding, H. Frystyk, "Hypertext Transfer |
686 |
Protocol -- HTTP/1.0", RFC 1945, W3C/MIT, UC Irvine, W3C/MIT, May |
687 |
1996. |
688 |
[3] S. Bradner, "The Internet Standards Process -- Revision 3", RFC |
689 |
2026, Harvard University, October 1996 |
690 |
[4] N. Freed, N. Borenstein, "Multipurpose Internet Mail Extensions |
691 |
(MIME) Part Two: Media Types", RFC 2046, Innosoft, First Virtual, |
692 |
November 1996. |
693 |
[5] R. Fielding, J. Gettys, J. C. Mogul, H. Frystyk, T. Berners-Lee, |
694 |
"Hypertext Transfer Protocol -- HTTP/1.1", RFC 2068, U.C. Irvine, |
695 |
DEC W3C/MIT, DEC, W3C/MIT, W3C/MIT, January 1997 |
696 |
[6] S. Bradner, "Key words for use in RFCs to Indicate Requirement |
697 |
Levels", RFC 2119, Harvard University, March 1997 |
698 |
[7] L. Masinter, "Hyper Text Coffee Pot Control Protocol |
699 |
(HTCPCP/1.0)", RFC 2324, Xerox PARC, 1 April 1998 |
700 |
[8] T. Berners-Lee, R. Fielding, L. Masinter, "Uniform Resource |
701 |
Identifiers (URI): Generic Syntax", RFC 2396, August 12, 1998 |
702 |
[9] H. F. Nielsen, D. Connolly, R. Khare, "PEP - an extension |
703 |
mechanism for HTTP", draft-http-pep-05.txt, November 21, 1997. |
704 |
This work has expired |
705 |
|
706 |
12. Acknowledgements |
707 |
|
708 |
Roy Fielding, Rohit Khare, and Yaron Y. Goland deserve special |
709 |
recognition for their efforts in commenting in all phases of this |
710 |
specification. Also thanks to Josh Cohen, Ross Patterson, Jim Gettys, |
711 |
Larry Masinter, and to the people involved in PEP [9]. |
712 |
|
713 |
|
714 |
|
715 |
Frystyk, et al [Page 12] |
716 |
|
717 |
|
718 |
|
719 |
|
720 |
|
721 |
|
722 |
INTERNET-DRAFT HTTP Extensions Wed, Jan 20, 1999 |
723 |
|
724 |
The contribution of World Wide Web Consortium (W3C) staff is part of |
725 |
the W3C HTTP Activity (see "http://www.w3.org/Protocols/Activity"). |
726 |
|
727 |
|
728 |
13. Authors Addresses |
729 |
|
730 |
Henrik Frystyk Nielsen |
731 |
Technical Staff, World Wide Web Consortium |
732 |
MIT Laboratory for Computer Science |
733 |
545 Technology Square |
734 |
Cambridge, MA 02139, USA |
735 |
Email: frystyk@w3.org |
736 |
|
737 |
Paul J. Leach |
738 |
Microsoft Corporation |
739 |
1 Microsoft Way |
740 |
Redmond, WA 98052, USA |
741 |
Email: paulle@microsoft.com |
742 |
|
743 |
Scott Lawrence |
744 |
Agranat Systems, Inc. |
745 |
1345 Main Street |
746 |
Waltham, MA 02154, USA |
747 |
Email: lawrence@agranat.com |
748 |
|
749 |
|
750 |
Appendices |
751 |
|
752 |
|
753 |
14. Summary of Protocol Interactions |
754 |
|
755 |
The following tables summarize the outcome of strength and scope rules |
756 |
of the mandatory proposal of compliant and non-compliant HTTP proxies |
757 |
and origin servers. The summary is intended as a guide and index to |
758 |
the text, but is necessarily cryptic and incomplete. This summary |
759 |
should never be used or referenced separately from the complete |
760 |
specification. |
761 |
|
762 |
|
763 |
|
764 |
|
765 |
|
766 |
|
767 |
|
768 |
|
769 |
|
770 |
|
771 |
|
772 |
|
773 |
|
774 |
Frystyk, et al [Page 13] |
775 |
|
776 |
|
777 |
|
778 |
|
779 |
|
780 |
|
781 |
INTERNET-DRAFT HTTP Extensions Wed, Jan 20, 1999 |
782 |
|
783 |
Table 1: Origin Server |
784 |
|
785 |
Scope Hop-by-hop End-to-end |
786 |
|
787 |
Strength Optional Required Optional Required |
788 |
(may) (must) (may) (must) |
789 |
|
790 |
Mandatory Standard 501 (Not Standard 501 (Not |
791 |
unsupported processing Implemented)processing Implemented) |
792 |
|
793 |
Extension Standard 510 (Not Standard 510 (Not |
794 |
unsupported processing Extended) processing Extended) |
795 |
|
796 |
Extension Extended Extended Extended Extended |
797 |
supported processing processing processing processing |
798 |
|
799 |
|
800 |
|
801 |
|
802 |
Table 2: Proxy Server |
803 |
|
804 |
Scope Hop-by-hop End-to-end |
805 |
|
806 |
Strength Optional Required Optional Required |
807 |
(may) (must) (may) (must) |
808 |
|
809 |
Mandatory Strip 501 (Not Forward 501 (Not |
810 |
unsupported extension Implemented)extension Implemented) |
811 |
or tunnel or tunnel |
812 |
|
813 |
Extension Strip 510 (Not Forward Forward |
814 |
unsupported extension Extended) extension extension |
815 |
|
816 |
Extension Extended Extended Extended Extended |
817 |
supported processing processing processing, processing, |
818 |
and strip and strip may strip may strip |
819 |
|
820 |
|
821 |
15. Examples |
822 |
|
823 |
The following examples show various scenarios using mandatory in |
824 |
HTTP/1.1 requests and responses. Information not essential for |
825 |
illustrating the examples is left out (referred to as "...") |
826 |
|
827 |
|
828 |
|
829 |
|
830 |
|
831 |
|
832 |
|
833 |
|
834 |
|
835 |
|
836 |
|
837 |
|
838 |
Frystyk, et al [Page 14] |
839 |
|
840 |
|
841 |
|
842 |
|
843 |
|
844 |
|
845 |
INTERNET-DRAFT HTTP Extensions Wed, Jan 20, 1999 |
846 |
|
847 |
15.1 User Agent to Origin Server |
848 |
|
849 |
|
850 |
Table 3: User Agent directly to origin server |
851 |
|
852 |
Client issues a M-GET /some-document HTTP/1.1 |
853 |
request with one Opt: "http://www.my.com/tracking" |
854 |
optional and one Man: "http://www.foo.com/privacy" |
855 |
mandatory ... |
856 |
extension |
857 |
|
858 |
Origin server HTTP/1.1 200 OK |
859 |
accepts the Ext: |
860 |
mandatory Cache-Control: max-age=120, no-cache="Ext" |
861 |
extension but ... |
862 |
ignores the |
863 |
optional one. The |
864 |
client can not see |
865 |
in this case that |
866 |
the optional |
867 |
extension was |
868 |
ignored. |
869 |
|
870 |
|
871 |
Table 4: Origin server with Vary header field |
872 |
|
873 |
Client issues a M-GET /p/q HTTP/1.1 |
874 |
request with one Man: "http://www.x.y/transform"; ns=16 |
875 |
mandatory 16-use-transform: xyzzy |
876 |
extension ... |
877 |
|
878 |
Origin server HTTP/1.1 200 OK |
879 |
accepts the Ext: |
880 |
mandatory but Vary: Man |
881 |
indicates that the Date: Sun, 25 Oct 1998 08:12:31 GMT |
882 |
response varies on Expires: Sun, 25 Oct 1998 08:12:31 GMT |
883 |
the request Cache-Control: no-cache="Ext", max- |
884 |
extension age=100000 |
885 |
declaration ... |
886 |
|
887 |
|
888 |
15.2 User Agent to Origin Server via HTTP/1.1 Proxy |
889 |
|
890 |
These two examples show how an extended request interacts with an |
891 |
HTTP/1.1 proxy. |
892 |
|
893 |
|
894 |
|
895 |
|
896 |
|
897 |
|
898 |
|
899 |
|
900 |
Frystyk, et al [Page 15] |
901 |
|
902 |
|
903 |
|
904 |
|
905 |
|
906 |
|
907 |
INTERNET-DRAFT HTTP Extensions Wed, Jan 20, 1999 |
908 |
|
909 |
Table 5: HTTP/1.1 Proxy forwards extended request |
910 |
|
911 |
Client issues a M-GET /some-document HTTP/1.1 |
912 |
request with one C-Opt: "http://www.meter.org/hits" |
913 |
optional and one C-Man: "http://www.copy.org/rights" |
914 |
mandatory hop-by- Connection: C-Opt, C-Man |
915 |
hop extension ... |
916 |
|
917 |
HTTP/1.1 proxy M-GET /some-document HTTP/1.1 |
918 |
forwards the Via: 1.1 new |
919 |
request and takes ... |
920 |
out the connection |
921 |
headers |
922 |
|
923 |
Origin server HTTP/1.1 510 Not Extended |
924 |
fails as the ... |
925 |
request does not |
926 |
contain any |
927 |
information |
928 |
belonging to the |
929 |
M-GET method |
930 |
|
931 |
|
932 |
Table 6: HTTP/1.1 Proxy does not forward extended request |
933 |
|
934 |
Client issues a M-GET /some-document HTTP/1.1 |
935 |
request with one C-Opt: "http://www.meter.org/hits" |
936 |
optional and one C-Man: "http://www.copy.org/rights" |
937 |
mandatory hop-by- Connection: C-Opt, C-Man |
938 |
hop extension ... |
939 |
|
940 |
HTTP/1.1 proxy HTTP/1.1 501 Not Implemented |
941 |
refuses to forward ... |
942 |
the M-GET method |
943 |
and returns an |
944 |
error |
945 |
|
946 |
Origin server |
947 |
never sees the |
948 |
extended request |
949 |
|
950 |
|
951 |
15.3 User Agent to Origin Server via HTTP/1.0 Proxy |
952 |
|
953 |
These two examples show how an extended request interacts with an |
954 |
HTTP/1.0 proxy in the message path |
955 |
|
956 |
|
957 |
|
958 |
|
959 |
|
960 |
|
961 |
|
962 |
Frystyk, et al [Page 16] |
963 |
|
964 |
|
965 |
|
966 |
|
967 |
|
968 |
|
969 |
INTERNET-DRAFT HTTP Extensions Wed, Jan 20, 1999 |
970 |
|
971 |
Table 7: HTTP/1.0 Proxy forwards extended request |
972 |
|
973 |
Client issues a M-GET /some-document HTTP/1.1 |
974 |
request with one Man: "http://www.price.com/sale" |
975 |
mandatory ... |
976 |
extension |
977 |
|
978 |
HTTP/1.0 proxy M-GET /some-document HTTP/1.0 |
979 |
forwards the Man: "http://www.price.com/sale" |
980 |
request as a ... |
981 |
HTTP/1.0 request |
982 |
without changing |
983 |
the method |
984 |
|
985 |
Origin server HTTP/1.1 200 OK |
986 |
accepts Ext: |
987 |
declaration and Date: Sun, 25 Oct 1998 08:12:31 GMT |
988 |
returns a 200 Expires: Sun, 25 Oct 1998 08:12:31 GMT |
989 |
response and an Cache-Control: no-cache="Ext", max-age=600 |
990 |
extension ... |
991 |
acknowledgement. |
992 |
The response can |
993 |
be cached by |
994 |
HTTP/1.1 caches |
995 |
for 10 minutes. |
996 |
|
997 |
|
998 |
|
999 |
|
1000 |
|
1001 |
|
1002 |
|
1003 |
|
1004 |
|
1005 |
|
1006 |
|
1007 |
|
1008 |
|
1009 |
|
1010 |
|
1011 |
|
1012 |
|
1013 |
|
1014 |
|
1015 |
|
1016 |
|
1017 |
|
1018 |
|
1019 |
|
1020 |
|
1021 |
Frystyk, et al [Page 17] |
1022 |
|
1023 |
|
1024 |
|
1025 |
|
1026 |
|
1027 |
|
1028 |
INTERNET-DRAFT HTTP Extensions Wed, Jan 20, 1999 |
1029 |
|
1030 |
Table 8: HTTP/1.0 and HTTP/1.1 Proxy Chain |
1031 |
|
1032 |
Client issues a M-GET /some-document HTTP/1.1 |
1033 |
request with one Man: "http://www.copy.org/rights" |
1034 |
mandatory and one C-Opt: "http://www.ads.org/noads" |
1035 |
hop-by-hop Connection: C-Opt |
1036 |
optional extension ... |
1037 |
|
1038 |
HTTP/1.0 proxy M-GET /some-document HTTP/1.0 |
1039 |
forwards the Man: "http://www.copy.org/rights" |
1040 |
request as C-Opt: "http://www.ads.org/noads" |
1041 |
HTTP/1.0 request Connection: C-Man |
1042 |
without changing ... |
1043 |
the method and |
1044 |
without honoring |
1045 |
the Connection |
1046 |
header field. |
1047 |
|
1048 |
HTTP/1.1 proxy M-GET /some-document HTTP/1.1 |
1049 |
deletes (and Man: "http://www.copy.org/rights" |
1050 |
ignores) the C-Man: "http://www.ads.org/givemeads" |
1051 |
optional extension Connection: C-Man |
1052 |
and forwards the Via: 1.0 new |
1053 |
rest including a ... |
1054 |
via header field. |
1055 |
It also add it's |
1056 |
own hop-by-hop |
1057 |
mandatory |
1058 |
extension |
1059 |
|
1060 |
Origin server HTTP/1.1 200 OK |
1061 |
accepts both Ext: |
1062 |
mandatory C-Ext |
1063 |
extensions. The Connection: C-Man |
1064 |
response is not Date: Sun, 25 Oct 1998 08:12:31 GMT |
1065 |
cachable by the Expires: Sun, 25 Oct 1998 08:12:31 GMT |
1066 |
HTTP/1.0 cache but Cache-Control: no-cache="Ext", max-age=3600 |
1067 |
can be cached for ... |
1068 |
1 hour by HTTP/1.1 |
1069 |
caches. |
1070 |
|
1071 |
HTTP/1.1 proxy HTTP/1.1 200 OK |
1072 |
removes the hop- Ext: |
1073 |
by-hop extension Date: Sun, 25 Oct 1998 08:12:31 GMT |
1074 |
acknowledgement Expires: Sun, 25 Oct 1998 08:12:31 GMT |
1075 |
and forwards the Cache-Control: no-cache="Ext", max-age=3600 |
1076 |
remainder of the ... |
1077 |
response. |
1078 |
|
1079 |
|
1080 |
|
1081 |
Frystyk, et al [Page 18] |