1 |
|
2 |
|
3 |
|
4 |
INTERNET-DRAFT HTTP-NG Overview H. Frystyk Nielsen, W3C |
5 |
draft-frystyk-httpng-overview-00.txt Mike Spreitzer, Xerox PARC |
6 |
Bill Janssen, Xerox PARC |
7 |
Jim Gettys, Compaq/W3C |
8 |
|
9 |
Expires: May 17, 1999 Tuesday, November 17, 1998 |
10 |
|
11 |
|
12 |
HTTP-NG Overview |
13 |
Problem Statement, Requirements, and Solution Outline |
14 |
|
15 |
|
16 |
Status of this Document |
17 |
|
18 |
This document is an Internet-Draft. Internet-Drafts are working |
19 |
documents of the Internet Engineering Task Force (IETF), its areas, |
20 |
and its working groups. Note that other groups may also distribute |
21 |
working documents as Internet-Drafts. Internet-Drafts are draft |
22 |
documents valid for a maximum of six months and may be updated, |
23 |
replaced, or obsoleted by other documents at any time. It is |
24 |
inappropriate to use Internet-Drafts as reference material or to cite |
25 |
them other than as "work in progress". |
26 |
|
27 |
To learn the current status of any Internet-Draft, please check the |
28 |
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow |
29 |
Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), |
30 |
munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or |
31 |
ftp.isi.edu (US West Coast). |
32 |
|
33 |
Distribution of this document is unlimited. Please send comments to |
34 |
the <ietf-http-ng@w3.org> mailing list. This list is archived at |
35 |
"http://lists.w3.org/Archives/Public/ietf-http-ng/". |
36 |
|
37 |
|
38 |
Abstract |
39 |
|
40 |
This document gives the authors' opinion of a rough outline of (1) the |
41 |
problems to be addressed by the proposed IETF HTTP-NG Working Group; |
42 |
(2) the requirements on the solution; and (3) the architecture of the |
43 |
solution. It draws heavily on contributions from the whole Protocol |
44 |
Design Group of the W3C HTTP-NG Activity. A suite of problems should |
45 |
be addressed, summarized as observing that the World Wide Web's |
46 |
tremendous success has created some strains on the Internet, its |
47 |
users, and its application developers. The requirements on the |
48 |
solution include modularity, extensibility, scalability, and |
49 |
efficiency. The proposed solution is to factor HTTP, the Web's central |
50 |
protocol, into three layers and look into performance improvements in |
51 |
the lower two of those resultant layers. |
52 |
|
53 |
|
54 |
Table of Contents |
55 |
|
56 |
1. Problem Statement..............................................2 |
57 |
2. Requirements...................................................3 |
58 |
2.1 Simplicity at the Core.......................................3 |
59 |
2.2 Distributed Extensibility....................................4 |
60 |
2.3 Global Scalability...........................................5 |
61 |
|
62 |
|
63 |
Frystyk et al [Page 1] |
64 |
|
65 |
|
66 |
|
67 |
INTERNET-DRAFT HTTP-NG Overview Tuesday, November 17, 1998 |
68 |
|
69 |
|
70 |
2.4 Network Efficiency...........................................5 |
71 |
2.5 Transport Flexibility........................................6 |
72 |
3. Solution Outline: The Three Layers of HTTP-NG..................6 |
73 |
3.1 Message Transport............................................7 |
74 |
3.2 Remote Invocation............................................7 |
75 |
3.3 The Web Application..........................................8 |
76 |
4. Security Considerations........................................9 |
77 |
5. Deployment and Transition Strategies..........................10 |
78 |
6. References....................................................11 |
79 |
7. Acknowledgements..............................................12 |
80 |
8. Authors.......................................................12 |
81 |
|
82 |
1. Problem Statement |
83 |
|
84 |
The World Wide Web is a tremendous and growing success and HTTP has |
85 |
been at the core of this success as the primary substrate for |
86 |
exchanging information on the Web. However, HTTP/1.1 [3] is becoming |
87 |
strained modularity wise as well as performance wise and those |
88 |
problems are to be addressed by HTTP-NG. |
89 |
|
90 |
Modularity is an important kind of simplicity, and HTTP/1.x isn't very |
91 |
modular. If we look carefully at HTTP/1.x, we can see it addresses |
92 |
three layers of concerns, but in a way that does not cleanly separate |
93 |
those layers: message transport, general-purpose remote method |
94 |
invocation, and a particular set of methods historically focused on |
95 |
document processing (broadly construed to include things like forms |
96 |
processing and searching). |
97 |
|
98 |
The lack of modularity makes the specification and evolution of HTTP |
99 |
more difficult than necessary and also causes problems for other |
100 |
applications. Applications are being layered on top of HTTP, and these |
101 |
applications are thus forced to include a lot of HTTP's design --- |
102 |
whether this is technically ideal or not. Other general invocation |
103 |
systems (notably including originally Web independent ones like DCOM, |
104 |
Java RMI, and some CORBA implementations) are also being layered on |
105 |
top of HTTP. Furthermore, to avoid some of the problems associated |
106 |
with layering on top of HTTP, other applications start by cloning a |
107 |
subset of HTTP and layering on top of that. Some of the particular |
108 |
problems that arise from HTTP/1.x's lack of modularity include (but |
109 |
are not limited to) the following. |
110 |
|
111 |
o The fact that message delimiting in HTTP/1.1 is not done in a |
112 |
distinct layer but rather is mixed with other functionality leads |
113 |
to a very complex specification involving five different ways to |
114 |
delimit a message (see [3], section 4.4). |
115 |
o Because general applications are being tunneled through HTTP's |
116 |
document fetching and forms processing methods (GET and POST) --- |
117 |
and in a wide variety of ways --- it is very difficult for a |
118 |
firewall to discern the semantic content of a given interaction, |
119 |
which makes it very difficult for a firewall to apply security |
120 |
policies. |
121 |
|
122 |
|
123 |
|
124 |
Frystyk et al [Page 2] |
125 |
|
126 |
|
127 |
|
128 |
INTERNET-DRAFT HTTP-NG Overview Tuesday, November 17, 1998 |
129 |
|
130 |
|
131 |
o Tunneling other applications through document processing methods |
132 |
invites confusion (between the document processing application |
133 |
and the tunneled application(s)) on a number of fronts (see [5] |
134 |
for a discussion of complexities of using HTTP as a substrate |
135 |
that arise even when such layering is deemed appropriate within |
136 |
HTTP/1.x) |
137 |
o Tunneling other applications through HTTP's document processing |
138 |
application requires a degree of quoting/encoding that would not |
139 |
be necessary with a more modular HTTP. |
140 |
o Because HTTP's invocation layer design is intimately tied to its |
141 |
document processing application, designers of other applications |
142 |
have a non-trivial job in trying to figure out how to use the |
143 |
invocation layer for their own applications. |
144 |
|
145 |
There are two sides to the performance strains to be addressed. One |
146 |
side is the load presented to the Internet (HTTP accounts for the |
147 |
largest fraction of traffic on the Internet). Making HTTP use Internet |
148 |
resources more efficiently would have a real benefit for everyone. The |
149 |
other side is the performance delivered to end users and applications, |
150 |
which is often low on the general Internet today. Furthermore, usage |
151 |
of wireless is anticipated to grow significantly in the near future, |
152 |
and many wireless technologies deliver relatively low bandwidth and |
153 |
high latency which makes delivering good performance to users and |
154 |
applications even more challenging. |
155 |
|
156 |
|
157 |
2. Requirements |
158 |
|
159 |
The continuous growth of the Web depends on the availability of a |
160 |
simple yet powerful mechanism for exchanging information on the |
161 |
Internet. The purpose of the work proposed here is to design the next |
162 |
generation of the HTTP protocol that fulfills a set of requirements |
163 |
and at the same time preserve a simplistic design: complex features |
164 |
should be built on a simple base. |
165 |
|
166 |
Even though HTTP/1.1 overcomes many of the deficiencies in HTTP/1.0 |
167 |
[1], it does not change the overall nature of the protocol. The |
168 |
explicit design decision of keeping HTTP/1.1 backward compatible with |
169 |
HTTP/1.0 has prevented a real cleanup of its architecture. By |
170 |
loosening this constraint, HTTP-NG can address the following |
171 |
requirements. |
172 |
|
173 |
The requirements listed below are specific points put forward where |
174 |
improvements are needed (see also [11]). These are in addition to the |
175 |
general design principles laid out in [2]. We hope that the list will |
176 |
spur further discussion on the working group mailing list about |
177 |
inconsistencies or omissions (see [12]). |
178 |
|
179 |
|
180 |
2.1 Simplicity at the Core |
181 |
|
182 |
Simplicity is a key element in systems that are easy to understand, |
183 |
implement, and maintain. Over time, HTTP has lost a significant part |
184 |
|
185 |
|
186 |
Frystyk et al [Page 3] |
187 |
|
188 |
|
189 |
|
190 |
INTERNET-DRAFT HTTP-NG Overview Tuesday, November 17, 1998 |
191 |
|
192 |
|
193 |
of its initial simplicity by combining a number of different concerns |
194 |
at different levels into a single large protocol. The result is a |
195 |
protocol that is difficult to understand, implement, and modify in a |
196 |
robust and reliable manner; primarily because the line between |
197 |
extensions/applications and the core infrastructure has become blurry. |
198 |
|
199 |
Modularity provides one form of simplicity with the potential of |
200 |
allowing the core infrastructure to remain small and well defined over |
201 |
time while applications can grow yet more complex on top. This is |
202 |
likely to help minimal implementations with limited capabilities to |
203 |
coexist with more capable implementations. Furthermore, applications |
204 |
themselves are likely to benefit from modularization as they are less |
205 |
prone to inadvertently stepping on each other. |
206 |
|
207 |
By factoring the elements of HTTP into appropriate layers and modules, |
208 |
HTTP-NG must attempt to produce a simpler but more capable and more |
209 |
flexible system than the one currently provided by HTTP. |
210 |
|
211 |
|
212 |
2.2 Distributed Extensibility |
213 |
|
214 |
A wide range of applications have proposed various extensions to HTTP |
215 |
including distributed authoring, collaboration, printing, and remote |
216 |
procedure call mechanisms leading to a growing tension between |
217 |
dynamically extensible applications and public, static specifications. |
218 |
Due to the inherently unstructured extensibility model of HTTP/1.x, |
219 |
there is no guarantee that these extensions are dealt with as intended |
220 |
nor that they can applied to the same message without conflicting. The |
221 |
result is a lack of robustness in the current Web infrastructure which |
222 |
is unacceptable for many potential Web applications and which may lead |
223 |
to Web fragmentation and lack of interoperability. |
224 |
|
225 |
The requirement to extensibility is that extended applications do not |
226 |
require agreement across the whole Internet; rather, it suffices: |
227 |
|
228 |
o that conforming peers supporting a particular protocol extension |
229 |
or feature can employ it with no prior agreement; |
230 |
o that it is possible for one party having a capability for a new |
231 |
protocol to require that the other party either understand and |
232 |
abide by the new protocol or abort the operation; and |
233 |
o that negotiation of capabilities is possible. |
234 |
|
235 |
Note that the requirements are on the core infrastructure and not on |
236 |
the extensions and their semantic interactions using this |
237 |
infrastructure. That is, it is not a requirement that interactions |
238 |
between extensions be defined, only interactions between extensions |
239 |
and the core infrastructure. The former is a much harder problem that |
240 |
we don't believe can be solved generically. |
241 |
|
242 |
The HTTP Extension Framework proposes a mechanism for defining |
243 |
extensions in HTTP/1.x and keeping them separate from each other |
244 |
enabling better support for the type of evolution of features and |
245 |
|
246 |
|
247 |
|
248 |
Frystyk et al [Page 4] |
249 |
|
250 |
|
251 |
|
252 |
INTERNET-DRAFT HTTP-NG Overview Tuesday, November 17, 1998 |
253 |
|
254 |
|
255 |
applications seen in the Web. However, this mechanism can not change |
256 |
the behavior of existing HTTP features like the existing HTTP/1.1 |
257 |
caching model, for example, and so the applicability of the extension |
258 |
framework is limited. |
259 |
|
260 |
By putting this kind of extensibility into the core of HTTP-NG, new |
261 |
features can be introduced and existing features can be replaced |
262 |
dynamically putting better evolvability into the heart of the |
263 |
architecture. |
264 |
|
265 |
|
266 |
2.3 Global Scalability |
267 |
|
268 |
HTTP needs to be effective and efficient when deployed in the full |
269 |
global system that includes all the clients, servers, caches, proxies, |
270 |
gateways, tunnels, and other intermediaries and their interactions |
271 |
over the global Internet and all the connected intranets. HTTP is the |
272 |
single protocol that now consumes most of the Internet bandwidth. Any |
273 |
replacement to HTTP/1.1 will have to address the foreseeable growth |
274 |
that one can expect in the near future. Measurements show [4] that |
275 |
scalability is not isolated to a single part in the Web model but |
276 |
affects all layers ranging from low level transport protocols to high- |
277 |
level user interfaces. Even though HTTP-NG focuses on the protocol |
278 |
related different encodings of the contents may have as big an impact |
279 |
as improving the underlying transport. An example is the potential |
280 |
savings using style sheets instead of inlined images for representing |
281 |
typographical effects in Web pages. |
282 |
|
283 |
|
284 |
2.4 Network Efficiency |
285 |
|
286 |
One can argue that bandwidth and latency of the Internet will improve |
287 |
dramatically over the next couple of years. However, wireless PDA's, |
288 |
portable machines and satellite links will continue to impose severe |
289 |
practical limits on the available bandwidth, latency and on-line |
290 |
connectivity on parts of the Internet. We consider it likely that low |
291 |
bandwidths in the 9600-19200 bps range and latency in the >1/2 second |
292 |
range will be with us for a long time. |
293 |
|
294 |
It is important to note that latency and bandwidth are independent |
295 |
variables; for example satellite IP systems exist today which provide |
296 |
good bandwidth to remote locations, but poor latency. Most users of |
297 |
the Web are today at home using a dial-up connection with a 28.8 kbps. |
298 |
On the optimistic side, this provides a minimum of 160 ms from the |
299 |
closest part of the Internet. Cellular modems and many wireless |
300 |
systems have even higher latency and lower bandwidth. |
301 |
|
302 |
HTTP is a simple request/response protocol, not designed for the |
303 |
environment where it is now most heavily used. In [4], it is described |
304 |
how persistent connections and pipelining in HTTP/1.1 will solve some, |
305 |
but not all of these problems. The reason is that HTTP/1.1 is designed |
306 |
to limit TCP overhead produced by HTTP/1.0 but not protocol overhead |
307 |
|
308 |
|
309 |
Frystyk et al [Page 5] |
310 |
|
311 |
|
312 |
|
313 |
INTERNET-DRAFT HTTP-NG Overview Tuesday, November 17, 1998 |
314 |
|
315 |
|
316 |
due to HTTP itself. As an example, HTTP/1.1 defines 5 different |
317 |
mechanisms for finding the length of a message, of which all but |
318 |
closing the TCP connection require significant parsing to determine |
319 |
which one is used. |
320 |
|
321 |
Automatable, machine-readable messages are different from human |
322 |
readable messages even though they may both be encoded using ASCII |
323 |
strings. The choice of MIME based header encoding in HTTP has led to |
324 |
the general misconception that HTTP is intended as a human readable |
325 |
protocol. The result has been verbose messages and extremely |
326 |
complicated parsers. As an example, a typical HTTP request is about |
327 |
250 bytes long. Due to the nature of typical Web usage, subsequent |
328 |
requests are often closely related leading to about 90% in redundancy |
329 |
between requests. This means slowing down information exchange over |
330 |
low bandwidth connections. |
331 |
|
332 |
If HTTP does not improve its performance dramatically on low bandwidth |
333 |
connections, it is likely that other more compact and lightweight |
334 |
protocols will be deployed with the risk of incompatibility between |
335 |
low bandwidth sensitive devices. HTTP-NG will attempt to optimize the |
336 |
bandwidth/latency usage of HTTP, at several levels. |
337 |
|
338 |
|
339 |
2.5 Transport Flexibility |
340 |
|
341 |
Although ensuring the stability of URIs to a high degree is a social |
342 |
engineering task, it is as important that the Web infrastructure |
343 |
supports evolution of transports. For example, a single resource may |
344 |
be available through different access protocols supported by the party |
345 |
serving the resource. These access protocols may or may not be |
346 |
compatible: HTTP/0.9, HTTP/1.0, and HTTP/1.1 are backwards compatible |
347 |
protocols but HTTP running on top of SSL is not although it is in fact |
348 |
using HTTP as part of the transport stack. |
349 |
|
350 |
HTTP-NG should have an architected way of using any of an open, |
351 |
extensible set of transport substacks and should allow for transport |
352 |
stacks that do not necessarily include TCP. Furthermore, HTTP/NG's |
353 |
architecture should have a generalized notion of transport |
354 |
transformers, of which SSL and TLS are examples but not the only |
355 |
possibilities. |
356 |
|
357 |
|
358 |
3. Solution Outline: The Three Layers of HTTP-NG |
359 |
|
360 |
The solution outlined in this section describes the solution that has |
361 |
been developed as part of the W3C HTTP-NG Project using a prototype |
362 |
implementation [10]. It attempts to address the requirements laid out |
363 |
above by factoring HTTP into three layers and by looking into |
364 |
performance improvements in the lower two of those resultant layers. |
365 |
Here is a brief outline of the three layers into which HTTP is to be |
366 |
factored (see also [6]). |
367 |
|
368 |
|
369 |
|
370 |
Frystyk et al [Page 6] |
371 |
|
372 |
|
373 |
|
374 |
INTERNET-DRAFT HTTP-NG Overview Tuesday, November 17, 1998 |
375 |
|
376 |
|
377 |
3.1 Message Transport |
378 |
|
379 |
The lowest layer addresses concerns of simply transporting opaque |
380 |
messages for use by the middle (remote invocation) layer. This layer |
381 |
identifies a "message transport" abstraction, and the concept of |
382 |
"transformers" or "filters" that produce new message transports from |
383 |
other message transports. "Message transports" are built on top of |
384 |
existing -- and potentially future -- Internet "transport" protocols, |
385 |
such as TCP and UDP. HTTP-NG allows the use of a variety of message |
386 |
transport substacks or services; this provides a welcome flexibility |
387 |
for addressing current, future, and evolvability concerns at the |
388 |
message transport layer. |
389 |
|
390 |
In particular, there is a set of services that have shown to be often |
391 |
needed in the Web and other applications: |
392 |
|
393 |
o Batching and pipelining of messages in order to save round trip |
394 |
times which especially on dialup lines and wireless connections |
395 |
are significant. |
396 |
o Chunking and multiplexing of messages which can help fast |
397 |
rendering of pages as well as faster responses from caches where |
398 |
already cached responses can be returned out-of-order without |
399 |
waiting for non-cached responses. |
400 |
o Efficient record marking for lowering parsing overhead of |
401 |
determining the message length. |
402 |
o Support for callback functions via endpoint identification for |
403 |
notifications etc. needed by an important set of applications. |
404 |
|
405 |
Although these services are distinct services, they are related in |
406 |
such a way that we propose to combine them in a single filter called |
407 |
WebMux [9]. WebMux is not to be considered an independent transport, |
408 |
it is likely to provide the services listed above by taking advantage |
409 |
of the services provided by lower level transports like TCP, for |
410 |
example, much like HTTP/1.x provides a set of transport services in |
411 |
combination with TCP. |
412 |
|
413 |
While WebMux potentially can work with other transports, a particular |
414 |
important combination is WebMux running on top of TCP. We are still in |
415 |
the evaluation phase of the interactions between WebMux and TCP with |
416 |
respect to handling support for announcing buffer capabilities. |
417 |
HTTP/1.x clients are currently expected to provide essentially |
418 |
unlimited buffering which especially in certain HTTP/1.0 and HTTP/1.1 |
419 |
proxy interactions can cause clients to fail in unpredictable ways |
420 |
leading to unreliable situations and denial of service attacks. We |
421 |
intend to discuss this further as part of the HTTP-NG working group. |
422 |
|
423 |
|
424 |
3.2 Remote Invocation |
425 |
|
426 |
The middle layer is a generic request/response messaging layer where |
427 |
clients make use of services exported from a server by invoking |
428 |
operations on resources resident in that server. It provides a |
429 |
mechanism for remote invocations suitable for use by the Web |
430 |
|
431 |
|
432 |
Frystyk et al [Page 7] |
433 |
|
434 |
|
435 |
|
436 |
INTERNET-DRAFT HTTP-NG Overview Tuesday, November 17, 1998 |
437 |
|
438 |
|
439 |
application and also by other applications that are currently being |
440 |
layered on top of HTTP (whether directly or indirectly via other |
441 |
layered remote invocation systems). |
442 |
|
443 |
The layer does not contain any application-specific services like |
444 |
security or caching, or other application layer functionality. It |
445 |
assumes a hop-by-hop operation where proxies are supported at the |
446 |
higher-level application layer and uses the set of services provided |
447 |
by the message transport layer. |
448 |
|
449 |
Suitability for use by the Web application means, among other things |
450 |
that |
451 |
|
452 |
o it be byte efficient which not only is important on dialup lines |
453 |
and wireless connections but also for operations like cache |
454 |
validation which are likely to become widespread used. |
455 |
o it be easy to parse which especially is important for servers and |
456 |
proxies |
457 |
o it supports the type of distributed extensibility currently seen |
458 |
in the Web |
459 |
|
460 |
By designing an invocation protocol that serves this breadth of |
461 |
applications, particularly including the ones that use other remote |
462 |
method invocation systems, we hope to eventually reduce the number of |
463 |
invocation protocols in use. |
464 |
|
465 |
It is not a goal to support every single one of the features of CORBA, |
466 |
DCOM, or Java RMI in their current forms, but rather -- by being "good |
467 |
enough" for those systems' actual applications -- to be a force for |
468 |
unification. It is not a viable solution to simply adopt CORBA, DCOM, |
469 |
or Java RMI for this layer, because each -- in its current form -- has |
470 |
technical and/or political liabilities for Web use. The hope is that |
471 |
HTTP-NG's invocation protocol is eventually adopted by those other |
472 |
systems. |
473 |
|
474 |
The HTTP-NG work should include defining a network interface |
475 |
definition language (the highest layer will need to be expressed in |
476 |
some language). It is recognized that there could be multiple |
477 |
interface languages for use with a given invocation protocol. In |
478 |
particular, it is possible that a XML based solution and/or future |
479 |
versions of existing interface definition languages will be suitable |
480 |
here. For this reason and for general modularity and clarity, the |
481 |
subject matter of the invocation protocol --- objects, other data, and |
482 |
invocations --- is defined in a language-independent way (see [8]). |
483 |
|
484 |
|
485 |
3.3 The Web Application |
486 |
|
487 |
With the lower two layers of HTTP-NG in place, it remains to express |
488 |
the operations and application layer services of HTTP/1.1 including |
489 |
the current set of methods (GET, HEAD, PUTà), content negotiation, |
490 |
|
491 |
|
492 |
|
493 |
|
494 |
Frystyk et al [Page 8] |
495 |
|
496 |
|
497 |
|
498 |
INTERNET-DRAFT HTTP-NG Overview Tuesday, November 17, 1998 |
499 |
|
500 |
|
501 |
caching, access authentication, etc. as particular network interfaces |
502 |
using those lower two layers. |
503 |
|
504 |
The application layer is application-specific meaning that the |
505 |
particular set of network interfaces defining an application varies |
506 |
from application to application. For example, the Web application |
507 |
defined by HTTP/1.1 would constitute a different application than the |
508 |
WebDAV application (though they might share some common part). |
509 |
|
510 |
The HTTP-NG architecture allows multiple applications to co-exist at |
511 |
this level, and provides a mechanism for adding new applications |
512 |
without stepping on existing applications. Furthermore, applications |
513 |
are defined both statically, in terms of the type system at the second |
514 |
layer, and dynamically, in terms of the transport elements of the |
515 |
first layer allowing for protocol evolution to happen independent of |
516 |
interface evolution. |
517 |
|
518 |
While it is tempting to try to improve on the existing Web application |
519 |
functionality, that is not the main focus of the HTTP-NG work. HTTP-NG |
520 |
is essentially about transitioning the existing functionality to a |
521 |
better technology base and as every difference from the Web |
522 |
application defined by HTTP/1.x places a strain on the transition, |
523 |
these are to be minimized. However, "the existing functionality" is |
524 |
itself a moving target and so HTTP-NG must track that closely to make |
525 |
HTTP-NG a viable replacement. |
526 |
|
527 |
|
528 |
4. Security Considerations |
529 |
|
530 |
The division of responsibility for security services should be as |
531 |
follows. The lower two layers are responsible for providing some |
532 |
subset of the authentication, message integrity, and message secrecy |
533 |
security services; applications provide whatever other security |
534 |
services they need (e.g., authorization, auditing, accounting, further |
535 |
authentication) based on the services provided by the lower layers. |
536 |
Which services are supplied by the lower two layers, and which |
537 |
mechanisms are used to supply them, is a function of the choice of |
538 |
message transport and invocation protocol(s) used. To support this |
539 |
variety of possibilities, the message transport and invocation |
540 |
abstractions must use an open, extensible categorization of security |
541 |
principals and credentials. |
542 |
|
543 |
HTTP-NG must interact with firewalls at least as well as HTTP. This |
544 |
includes |
545 |
|
546 |
1. the ability of a firewall and its operator to manage traffic |
547 |
through the firewall; and |
548 |
2. the ability of users and applications to get through firewalls |
549 |
that don't want to block them. |
550 |
|
551 |
On the first issue, HTTP-NG's very nature leads to an improvement over |
552 |
the current Web situation: by replacing a wide variety of ways of |
553 |
|
554 |
|
555 |
|
556 |
Frystyk et al [Page 9] |
557 |
|
558 |
|
559 |
|
560 |
INTERNET-DRAFT HTTP-NG Overview Tuesday, November 17, 1998 |
561 |
|
562 |
|
563 |
tunneling other applications through HTTP/1.x with a defined way of |
564 |
basing applications on a standard invocation mechanism, HTTP-NG |
565 |
traffic will be more comprehensible (and thus more manageable) to |
566 |
firewalls. One the second issue, the existing Web architecture already |
567 |
does a decent job in one direction (client behind firewall to server |
568 |
outside), and HTTP-NG should do at least as well as the current Web |
569 |
for the other direction (client outside firewall to server inside). |
570 |
|
571 |
|
572 |
5. Deployment and Transition Strategies |
573 |
|
574 |
The purpose of HTTP-NG is not only to allow for new applications to be |
575 |
developed and deployed in the Web but also to provide an incentive for |
576 |
moving existing applications already seen in the Web onto the HTTP-NG |
577 |
substrate. First and foremost, this of course includes the services |
578 |
provided by the HTTP/1.1 protocol itself like content negotiation and |
579 |
caching which are integral parts of the current Web application. |
580 |
However, HTTP/1.x is in fact only the tip of the iceberg. HTTP is |
581 |
being extended or augmented locally in intranets as well as globally |
582 |
on the Internet at large either directly or indirectly via other |
583 |
layered remote invocation systems. The myriad of applications is |
584 |
forcing extensions to HTTP/1.x and threatens the interoperability of |
585 |
the Web. The lack of an interface signature at the invocation layer |
586 |
makes security policy very difficult to enforce, and inhibits the |
587 |
deployment of automated services in the Web. |
588 |
|
589 |
In order for this situation to change, the incentive has to be strong |
590 |
enough for application providers and extension designers to actually |
591 |
deploy the HTTP-NG substrate for new as well as existing applications. |
592 |
As the investments in the current infrastructure is already extremely |
593 |
high, this is likely to be a process that will continue for a very |
594 |
long time and potentially have very slow start phase. |
595 |
|
596 |
There are at least two different types of transitions that have to |
597 |
evaluated and tested: |
598 |
|
599 |
o The transition from the current HTTP/1.x infrastructure to one |
600 |
based on HTTP-NG |
601 |
o The transition of current applications based on the HTTP/1.x |
602 |
infrastructure to the HTTP-NG infrastructure |
603 |
|
604 |
Support for transition at the application layer can be considered to |
605 |
be a special case of the larger question of support for evolvability, |
606 |
which is one of the primary design goals for HTTP-NG. Therefore, the |
607 |
claim for evolvability can to a certain extent be evaluated by HTTP- |
608 |
NG's capability of supporting applications in transition from the |
609 |
existing infrastructure to HTTP-NG. |
610 |
|
611 |
Support for transition at the infrastructure level is fundamentally |
612 |
different as this relies on interfacing features in the existing |
613 |
infrastructure and the NG substrate. Some techniques that should be |
614 |
considered for handling this task including but not limited to |
615 |
|
616 |
|
617 |
|
618 |
Frystyk et al [Page 10] |
619 |
|
620 |
|
621 |
|
622 |
INTERNET-DRAFT HTTP-NG Overview Tuesday, November 17, 1998 |
623 |
|
624 |
|
625 |
o the HTTP/1.1 Upgrade header field |
626 |
o the HTTP Extension Framework |
627 |
o protocol-conversion gateways |
628 |
o directory services for locating HTTP-NG servers |
629 |
o DHCP for locating HTTP-NG servers |
630 |
o new DNS record(s) to indicate availability of NG at a given |
631 |
server |
632 |
o new URI scheme(s) |
633 |
|
634 |
No single technique is likely to provide the full answer, but some |
635 |
combination of these and other techniques may well be sufficient to an |
636 |
overall reliable transition between the two infrastructures. |
637 |
|
638 |
|
639 |
6. References |
640 |
|
641 |
[1] T. Berners-Lee, R. Fielding, H. Frystyk, "Hypertext Transfer |
642 |
Protocol -- HTTP/1.0", RFC 1945, W3C/MIT, UC Irvine, W3C/MIT, May |
643 |
1996 |
644 |
[2] B. Carpenter, "Architectural Principles of the Internet", RFC |
645 |
1958, June 1996 |
646 |
[3] R. Fielding, J. Gettys, J. C. Mogul, H. Frystyk, T. Berners-Lee, |
647 |
"Hypertext Transfer Protocol -- HTTP/1.1", RFC 2068, U.C. Irvine, |
648 |
DEC W3C/MIT, DEC, W3C/MIT, W3C/MIT, January 1997 |
649 |
[4] H.F.Nielsen, J. Gettys, A. Baird-Smith, E. PrudĈhommeaux, H. Lie, |
650 |
and C. Lilley. "Network Performance Effects of HTTP/1.1, CSS1, |
651 |
and PNG", Proceedings of ACM SIGCOMM '97, Cannes France, |
652 |
September 1997 |
653 |
[5] K. Moore, P. Faltstrom, "On the use of HTTP as a Substrate for |
654 |
Other Protocols", Internet Draft, August 1998, draft-iesg-using- |
655 |
http-00.txt. This is work in progress. |
656 |
[6] B. Janssen, H.F.Nielsen, M.Spreitzer, "HTTP-ng Architectural |
657 |
Model", August 1998, draft-frystyk-httpng-arch-00.txt. This is |
658 |
work in progress. |
659 |
[7] D. Larner, "HTTP-ng Web Interfaces" (limited prototype used in |
660 |
testbed), Internet Draft, August 1998. draft-larner- |
661 |
nginterfaces-00.txt. This is work in progress. |
662 |
[8] B. Janssen, "HTTP-ng Binary Wire Protocol", Internet Draft, |
663 |
August 1998, draft-janssen-httpng-wire-00.txt. This is work in |
664 |
progress. |
665 |
[9] J. Gettys, H.F.Nielsen, "The WebMux Protocol", Internet Draft, |
666 |
August 1998, draft-gettys-webmux-00.txt. This is work in |
667 |
progress. |
668 |
[10] D.Veillard, "Design of HTTP-ng Testbed", W3C Note, 10 July 1998 |
669 |
[11] M.Spreitzer, H.F.Nielsen, "Short- and Long-Term Goals for the |
670 |
HTTP-NG Project", W3C Note, 27 March 1998 |
671 |
[12] Minutes from HTTP-NG BOF at the IETF Chicago Meeting, August 24, |
672 |
"http://www.w3.org/Protocols/HTTP-NG/1998/08/HTTP-NG-BOF- |
673 |
Minutes.html" |
674 |
|
675 |
|
676 |
|
677 |
|
678 |
|
679 |
|
680 |
Frystyk et al [Page 11] |
681 |
|
682 |
|
683 |
|
684 |
INTERNET-DRAFT HTTP-NG Overview Tuesday, November 17, 1998 |
685 |
|
686 |
|
687 |
7. Acknowledgements |
688 |
|
689 |
This work draws heavily on the work of the whole Protocol Design Group |
690 |
of the W3C HTTP-NG Activity notably including contributions from Paul |
691 |
Bennett, Dan Larner, and Paula Newman. Larry Masinter also made |
692 |
valuable contributions. |
693 |
|
694 |
|
695 |
8. Authors |
696 |
|
697 |
Henrik Frystyk Nielsen |
698 |
World Wide Web Consortium |
699 |
MIT Laboratory for Computer Science |
700 |
545 Technology Square |
701 |
Cambridge, MA 02139, USA |
702 |
Email: frystyk@w3.org |
703 |
|
704 |
Mike Spreitzer |
705 |
Xerox Corporation |
706 |
Palo Alto Research Center |
707 |
3333 Coyote Hill Road |
708 |
Palo Alto, California 94304, USA |
709 |
Email: spreitze@parc.xerox.com |
710 |
|
711 |
Bill Janssen |
712 |
Xerox Corporation |
713 |
Palo Alto Research Center |
714 |
3333 Coyote Hill Road |
715 |
Palo Alto, California 94304, USA |
716 |
Email: janssen@parc.xerox.com |
717 |
|
718 |
James Gettys |
719 |
World Wide Web Consortium |
720 |
MIT Laboratory for Computer Science |
721 |
545 Technology Square |
722 |
Cambridge, MA 02139, USA |
723 |
Email: jg@w3.org |
724 |
|
725 |
|
726 |
|
727 |
|
728 |
|
729 |
|
730 |
|
731 |
|
732 |
|
733 |
|
734 |
|
735 |
|
736 |
|
737 |
|
738 |
|
739 |
|
740 |
|
741 |
Frystyk et al [Page 12] |