1 |
Content negotiation subgroup of HTTP working group Koen Holtman/TUE |
2 |
Internet-Draft 22 February 1996 |
3 |
Expires: 27 August 1996 |
4 |
|
5 |
|
6 |
Proposed Content Negotiation Definitions for HTTP/1.1 |
7 |
|
8 |
draft-holtman-http-negotiation-00.txt |
9 |
|
10 |
|
11 |
STATUS OF THIS MEMO |
12 |
|
13 |
This is a snapshot of a working draft of the content |
14 |
negotiation subgroup of the HTTP working group. It does not |
15 |
at the moment represent the consensus of the content |
16 |
negotiation subgroup of the http working group, or of the http |
17 |
working group. |
18 |
|
19 |
This document is an Internet-Draft. Internet-Drafts are |
20 |
working documents of the Internet Engineering Task Force |
21 |
(IETF), its areas, and its working groups. Note that other |
22 |
groups may also distribute working documents as |
23 |
Internet-Drafts. |
24 |
|
25 |
Internet-Drafts are draft documents valid for a maximum of |
26 |
six months and may be updated, replaced, or obsoleted by |
27 |
other documents at any time. It is inappropriate to use |
28 |
Internet-Drafts as reference material or to cite them other |
29 |
than as "work in progress". |
30 |
|
31 |
To learn the current status of any Internet-Draft, please |
32 |
check the "1id-abstracts.txt" listing contained in the |
33 |
Internet-Drafts Shadow Directories on ftp.is.co.za |
34 |
(Africa), nic.nordu.net (Europe), munnari.oz.au (Pacific |
35 |
Rim), ds.internic.net (US East Coast), or ftp.isi.edu (US |
36 |
West Coast). |
37 |
|
38 |
Distribution of this document is unlimited. Please send |
39 |
comments to the HTTP working group at |
40 |
<http-wg@cuckoo.hpl.hp.com>. Discussions of the working |
41 |
group are archived at |
42 |
<URL:http://www.ics.uci.edu/pub/ietf/http/>. General |
43 |
discussions about HTTP and the applications which use HTTP |
44 |
should take place on the <www-talk@w3.org> mailing list. |
45 |
|
46 |
|
47 |
ABSTRACT |
48 |
|
49 |
This document proposes a content negotiation mechanism for |
50 |
HTTP/1.1. It contains a number of sections that should be read |
51 |
as definitions in the context of the current draft HTTP/1.1 |
52 |
specification (draft-ietf-http-v11-spec-01.txt). It is intended |
53 |
that these sections are merged into a future version of this |
54 |
specification. |
55 |
|
56 |
|
57 |
[Page 1] |
58 |
|
59 |
Internet-Draft Content Negotiation 22 February 1996 |
60 |
|
61 |
Content negotiation, as proposed in this document, is an |
62 |
optional feature for the HTTP/1.1 protocol: resources may be |
63 |
negotiable, but they need not be. If a resource is negotiable, |
64 |
this changes the semantics of GET and HEAD transactions on the |
65 |
resource. Other transactions are not affected. |
66 |
|
67 |
A negotiable resource has a number of alternates bound to it. |
68 |
The proposed content negotiation mechanism allows for automatic |
69 |
selection of the preferred alternate bound to a negotiable |
70 |
resource based on the properties of the alternates and on the |
71 |
user agent preferences for the retrieval action. |
72 |
|
73 |
|
74 |
1 Introduction |
75 |
|
76 |
This document proposes a content negotiation mechanism for HTTP/1.1. |
77 |
It contains a number of sections that should be read as definitions |
78 |
in the context of the current draft HTTP/1.1 specification [1]. It |
79 |
is intended that these sections are merged into a future version of |
80 |
the draft HTTP/1.1 specification. |
81 |
|
82 |
Content negotiation, as proposed in this document, is an optional |
83 |
feature for the HTTP/1.1 protocol: resources may be negotiable, but |
84 |
they need not be. If a resource is negotiable, this changes the |
85 |
semantics of GET and HEAD transactions on the resource. Other |
86 |
transactions are not affected. |
87 |
|
88 |
A negotiable resource has a number of alternates bound to it. The |
89 |
proposed content negotiation mechanism allows for automatic selection |
90 |
of the preferred alternate bound to a negotiable resource based on |
91 |
the properties of the alternates and on the user agent preferences |
92 |
for the retrieval action. |
93 |
|
94 |
This document builds on the content negotiation descriptions in [1], |
95 |
and directly incorporates text from [1] in some places. A new |
96 |
directive, reactive-on-wildcard, is introduced to allow user agents |
97 |
to signal the capability of doing content negotiation. If this |
98 |
directive is absent, the proposed definitions produce server |
99 |
behavior that yields adequate results for (HTTP/1.0) user agents |
100 |
that do not support content negotiation. |
101 |
|
102 |
|
103 |
2 Terminology and notation |
104 |
|
105 |
This document uses the terminology and notational conventions defined |
106 |
in [1]. It sometimes refers directly to sections in [1], using the |
107 |
notation `Section (1.2[1])'. If a (sub)section title below is marked |
108 |
with (*), is intended as a replacement for the (sub)section with the |
109 |
same title in [1]. All other (sub)sections below, up to Section 7, |
110 |
contain new material intended as an addition to [1]. |
111 |
|
112 |
|
113 |
3 Status code definitions |
114 |
|
115 |
3.1 Redirection 3xx |
116 |
|
117 |
[Page 2] |
118 |
|
119 |
Internet-Draft Content Negotiation 22 February 1996 |
120 |
|
121 |
|
122 |
300 Multiple Choices (*) |
123 |
|
124 |
The requested resource is a negotiable resource and the server is |
125 |
engaging in reactive content negotiation (Section 5). The server has |
126 |
determined that multiple alternates are acceptable, but is not able |
127 |
to determine which alternate is the best alternate. This response |
128 |
may only be generated if specific conditions given in Section 5.2 are |
129 |
met. The response must include an Alternates header describing the |
130 |
alternates bound to the resource, allowing a user agent to |
131 |
automatically select and retrieve an alternate if appropriate. |
132 |
|
133 |
This response is cachable, subject to the restrictions specified in |
134 |
the cache-control directive, if present, of the included Alternates |
135 |
header. |
136 |
|
137 |
If no Accept header in the request contains a reactive-on-wildcard |
138 |
directive, and it was not a HEAD request, the response must include |
139 |
an entity that gives the user the option to select the most |
140 |
appropriate alternate manually. The suggested entity media type as |
141 |
given in the Content-Type response header is "text/html". If there |
142 |
is a reactive-on-wildcard directive, no entity should be included. |
143 |
|
144 |
If the service author finds it appropriate for any user agent that |
145 |
does not implement an alternate selection algorithm to automatically |
146 |
retrieve a certain alternate, then a Location response header giving |
147 |
the URI of that alternate may be included in the response. |
148 |
|
149 |
|
150 |
9.4 Client Error 4xx |
151 |
|
152 |
406 None Acceptable (*) |
153 |
|
154 |
The requested resource is a negotiable resource and the server is |
155 |
engaging in reactive content negotiation (Section 5). Usually, this |
156 |
response indicates that the server was not able to positively |
157 |
determine that at least one of the available alternates would be |
158 |
acceptable. The response must include an Alternates header |
159 |
describing the alternates bound to the resource, allowing a user |
160 |
agent to automatically select and retrieve an alternate if |
161 |
appropriate. |
162 |
|
163 |
This response is cachable, subject to the restrictions specified in |
164 |
the cache-control directive, if present, of the included Alternates |
165 |
header. |
166 |
|
167 |
If no Accept header in the request contains a reactive-on-wildcard |
168 |
directive, and it was not a HEAD request, the response must include |
169 |
an entity that gives the user the option to select the most |
170 |
appropriate alternate manually. The suggested entity media type as |
171 |
given in the Content-Type response header is "text/html". If there |
172 |
is a reactive-on-wildcard directive, no entity should be included. |
173 |
|
174 |
If the service author finds it appropriate for any user agent that |
175 |
does not implement an alternate selection algorithm to automatically |
176 |
|
177 |
[Page 3] |
178 |
|
179 |
Internet-Draft Content Negotiation 22 February 1996 |
180 |
|
181 |
retrieve a certain alternate, then a Location response header giving |
182 |
the URI of that alternate may be included in the response. |
183 |
|
184 |
|
185 |
408 Not Acceptable (*) |
186 |
|
187 |
The resource identified by the Request-URI has content |
188 |
characteristics that are not acceptable according to the accept |
189 |
headers sent in the request. This response code must only be |
190 |
generated by un-negotiable resources. |
191 |
|
192 |
|
193 |
3 Protocol parameter descriptions |
194 |
|
195 |
3.1 Language Tags (*) |
196 |
|
197 |
A language tag identifies a natural language spoken, written, or |
198 |
otherwise conveyed by human beings for communication of information |
199 |
to other human beings. Computer languages are explicitly excluded. |
200 |
HTTP uses language tags within the Accept-Language, Content-Language, |
201 |
and Alternates fields. |
202 |
|
203 |
The syntax and registry of HTTP language tags is the same as that |
204 |
defined by RFC 1766 [2]. In summary, a language tag is composed of 1 |
205 |
or more parts: A primary language tag and a possibly empty series of |
206 |
subtags: |
207 |
|
208 |
language-tag = primary-tag *( "-" subtag ) |
209 |
|
210 |
primary-tag = 1*8ALPHA |
211 |
subtag = 1*8ALPHA |
212 |
|
213 |
Whitespace is not allowed within the tag and all tags are |
214 |
case-insensitive. The namespace of language tags is administered by |
215 |
the IANA. Example tags include: |
216 |
|
217 |
en, en-US, en-cockney, i-cherokee, x-pig-latin |
218 |
|
219 |
where any two-letter primary-tag is an ISO 639 language abbreviation |
220 |
and any two-letter initial subtag is an ISO 3166 country code. |
221 |
|
222 |
|
223 |
4 Header field definitions |
224 |
|
225 |
4.1 Accept (*) |
226 |
|
227 |
The Accept request-header field can be used to specify certain media |
228 |
types which are acceptable for the response. Accept headers can be |
229 |
used to guide content negotiation (Section 5), and can also be used |
230 |
to indicate that the request is specifically limited to a small set |
231 |
of desired types, as in the case of a request for an in-line image. |
232 |
In general, it is not efficient to send long Accept headers in every |
233 |
request. See Section 5.2 for a discussion of Accept header |
234 |
efficiency considerations. |
235 |
|
236 |
|
237 |
[Page 4] |
238 |
|
239 |
Internet-Draft Content Negotiation 22 February 1996 |
240 |
|
241 |
The field may be folded onto several lines and more than one |
242 |
occurrence of the field is allowed, with the semantics being the same |
243 |
as if all the entries had been in one field value. |
244 |
|
245 |
Accept = "Accept" ":" #( |
246 |
( media-range |
247 |
[ ";" "q" "=" qvalue ] |
248 |
[ ";" "mxb" "=" 1*DIGIT ] ) |
249 |
| reactive-on-wildcard ) |
250 |
|
251 |
media-range = ( "*/*" |
252 |
| ( type "/" "*" ) |
253 |
| ( type "/" subtype ) |
254 |
) *( ";" parameter ) |
255 |
|
256 |
reactive-on-wildcard = "reactive-on-wildcard" | "r-o-w" |
257 |
|
258 |
The asterisk "*" character is used to group media types into ranges, |
259 |
with "*/*" indicating all media types and "type/*" indicating all |
260 |
subtypes of that type. |
261 |
|
262 |
The parameter q is used to indicate the media type quality factor, |
263 |
which represents the user's preference for that range of media |
264 |
types. The parameter mxb gives the maximum acceptable size of the |
265 |
Entity-Body, in decimal number of octets, for that range of media |
266 |
types. The default values are: q=1 and mxb=undefined (i.e., |
267 |
infinity). Section 5 describes the content negotiation algorithm |
268 |
which makes use of these values. |
269 |
|
270 |
The example |
271 |
|
272 |
Accept: audio/*; q=0.2, audio/basic |
273 |
|
274 |
should be interpreted as "I prefer audio/basic, but send me any audio |
275 |
type if it is the best available after an 80% mark-down in quality." |
276 |
|
277 |
If no Accept header is present, then it is assumed that the client |
278 |
accepts all media types. If Accept headers are present, and if the |
279 |
resource is an un-negotiable resource which cannot generate a |
280 |
response which is acceptable according to the Accept headers, then |
281 |
the server should generate an error response with the 408 (not |
282 |
acceptable) status code. |
283 |
|
284 |
A more elaborate example is |
285 |
|
286 |
Accept: text/plain; q=0.5, text/html, |
287 |
text/x-dvi; q=0.8; mxb=100000, text/x-c |
288 |
|
289 |
Verbally, this would be interpreted as "text/html and text/x-c are |
290 |
the preferred media types, but if they do not exist, then send the |
291 |
text/x-dvi entity if it is less than 100000 bytes, otherwise send the |
292 |
text/plain entity." |
293 |
|
294 |
Media ranges can be overridden by more specific media ranges or |
295 |
specific media types. If more than one media range applies to a given |
296 |
|
297 |
[Page 5] |
298 |
|
299 |
Internet-Draft Content Negotiation 22 February 1996 |
300 |
|
301 |
type, the most specific reference has precedence. For example, |
302 |
|
303 |
Accept: text/*, text/html, text/html;version=2.0, */* |
304 |
|
305 |
have the following precedence: |
306 |
|
307 |
1) text/html;version=2.0 |
308 |
2) text/html |
309 |
3) text/* |
310 |
4) */* |
311 |
|
312 |
The media type quality factor and maximum acceptable size associated |
313 |
with a given type are determined by finding the media range with the |
314 |
highest precedence which matches that type. |
315 |
|
316 |
For example, |
317 |
|
318 |
Accept: text/*;q=0.3, text/html;q=0.7, text/html;version=2.0, |
319 |
*/*;q=0.5 |
320 |
|
321 |
would cause the following type quality factors to be associated: |
322 |
|
323 |
text/html;version=2.0 = 1 |
324 |
text/html = 0.7 |
325 |
text/plain = 0.3 |
326 |
image/jpeg = 0.5 |
327 |
text/html;level=3 = 0.7 |
328 |
|
329 |
The inclusion of a reactive-on-wildcard directive in an Accept header |
330 |
will change the rules for the sending of reactive negotiation |
331 |
responses (Section 5). The example |
332 |
|
333 |
Accept: text/html; */*;q=0.95, r-o-w |
334 |
|
335 |
should be interpreted as "text/html is my preferred media type, and I |
336 |
assign media type quality factors in the range 0 - 0.95 to all other |
337 |
media types. Send me a reactive negotiation response, so that I can |
338 |
pick the best alternate myself, if you have any non-text/html |
339 |
alternate which might give me a higher overall quality than any |
340 |
text/html alternate." |
341 |
|
342 |
Note: A user agent may be provided with a default set of |
343 |
quality values for certain media ranges. However, unless the |
344 |
user agent is a closed system which cannot interact with |
345 |
other rendering agents, this default set should be |
346 |
configurable by the user. |
347 |
|
348 |
|
349 |
4.2 Accept-Charset (*) |
350 |
|
351 |
The Accept-Charset request-header field can be used to indicate what |
352 |
character sets are acceptable for the response. This field allows |
353 |
clients capable of understanding more comprehensive or |
354 |
special-purpose character sets to signal that capability to a server |
355 |
which is capable of representing documents in those character |
356 |
|
357 |
[Page 6] |
358 |
|
359 |
Internet-Draft Content Negotiation 22 February 1996 |
360 |
|
361 |
sets. The US-ASCII character set can be assumed to be acceptable to |
362 |
all user agents. |
363 |
|
364 |
Accept-Charset = "Accept-Charset" ":" 1#charset |
365 |
|
366 |
Character set values are described in Section (3.4[1]). An example is |
367 |
|
368 |
Accept-Charset: iso-8859-1, unicode-1-1 |
369 |
|
370 |
If no Accept-Charset header is present, the default is that any |
371 |
character set is acceptable. If an Accept-Charset header is present, |
372 |
and if the resource is an un-negotiable resource which cannot |
373 |
generate a response which is acceptable according to the |
374 |
Accept-Charset header, then the server should generate an error |
375 |
response with the 408 (not acceptable) status code. |
376 |
|
377 |
|
378 |
4.3 Accept-Encoding (*) |
379 |
|
380 |
The Accept-Encoding request-header field is similar to Accept, but |
381 |
restricts the content-coding values (Section (3.5[1])) which are |
382 |
acceptable in the response. |
383 |
|
384 |
Accept-Encoding = "Accept-Encoding" ":" |
385 |
#( content-coding ) |
386 |
|
387 |
An example of its use is |
388 |
|
389 |
Accept-Encoding: compress, gzip |
390 |
|
391 |
If no Accept-Encoding header is present in a request, the server may |
392 |
assume that the client will accept any content coding. If an |
393 |
Accept-Encoding header is present, and if the resource is an |
394 |
un-negotiable resource which cannot generate a response which is |
395 |
acceptable according to the Accept-Encoding header, then the server |
396 |
should generate an error response with the 408 (not acceptable) |
397 |
status code. |
398 |
|
399 |
|
400 |
4.4 Accept-Language (*) |
401 |
|
402 |
The Accept-Language request-header field is similar to Accept, but |
403 |
restricts the set of natural languages that are preferred as a |
404 |
response to the request. |
405 |
|
406 |
Accept-Language = "Accept-Language" ":" |
407 |
1#( language-range [ ";" "q" "=" qvalue ] ) |
408 |
|
409 |
language-range = ( ( 1*8ALPHA *( "-" 1*8ALPHA ) ) |
410 |
| "*" ) |
411 |
|
412 |
Each language-range may be given an associated quality value which |
413 |
represents an estimate of the user's comprehension of the languages |
414 |
specified by that range. The quality value defaults to "q=1" (100% |
415 |
comprehension). This value may be used in the server's content |
416 |
|
417 |
[Page 7] |
418 |
|
419 |
Internet-Draft Content Negotiation 22 February 1996 |
420 |
|
421 |
negotiation algorithm (Section 5). For example, |
422 |
|
423 |
Accept-Language: da, en-gb;q=0.8, en;q=0.7 |
424 |
|
425 |
would mean: "I prefer Danish, but will accept British English (with |
426 |
80% comprehension) and other types of English (with 70% |
427 |
comprehension)." |
428 |
|
429 |
A language-range matches a language-tag if it exactly equals the tag, |
430 |
or if it is a prefix of the tag such that the first tag character |
431 |
following the prefix is "-". The special range "*", if present in |
432 |
the Accept-Language field, matches every tag not matched by any other |
433 |
ranges present in the Accept-Language field. |
434 |
|
435 |
Note: This use of a prefix matching rule does not imply that |
436 |
language tags are assigned to languages in such a way that it is |
437 |
always true that if a user understands a language with a certain |
438 |
tag, then this user will also understand all languages with tags |
439 |
for which this tag is a prefix. The prefix rule simply allows |
440 |
the use of prefix tags if this is the case. |
441 |
|
442 |
The language quality factor assigned to a language-tag by the |
443 |
Accept-Language field is the quality value of the longest |
444 |
language-range in the field that matches the language-tag. If no |
445 |
language-range in the field matches the tag, the language quality |
446 |
factor assigned is 0. |
447 |
|
448 |
If no Accept-Language header is present in a request, the server |
449 |
should assume that all languages are equally acceptable. If an |
450 |
Accept-Language header is present, then all languages which are |
451 |
assigned a quality factor greater than 0 are acceptable. If the |
452 |
resource is an un-negotiable resource which cannot generate a |
453 |
response for an audience capable of understanding at least one |
454 |
acceptable language, it is acceptable to serve a response that uses |
455 |
other languages. |
456 |
|
457 |
It may be contrary to be privacy expectations of the user to send an |
458 |
Accept-Language header with the complete linguistic preferences of |
459 |
the user in every request. For a complete discussion of this issue, |
460 |
see Section 6.3. If a reactive-on-wildcard directive is present in |
461 |
an Accept header, the user agent can safely omit certain languages |
462 |
intelligible to the user from the Accept-Language header, without |
463 |
affecting the quality of the negotiation process in requests on |
464 |
negotiated resources, if the language-range "*" is included with an |
465 |
appropriate language quality factor, |
466 |
|
467 |
Note: As intelligibility is highly dependent on the |
468 |
individual user, it is recommended that client applications |
469 |
make the choice of linguistic preference available to the |
470 |
user. If the choice is not made available, then the |
471 |
Accept-Language header field must not be given in the |
472 |
request. |
473 |
|
474 |
|
475 |
|
476 |
|
477 |
[Page 8] |
478 |
|
479 |
Internet-Draft Content Negotiation 22 February 1996 |
480 |
|
481 |
4.5 URI (*) |
482 |
|
483 |
The URI entity-header field is used to inform the recipient of other |
484 |
Uniform Resource Identifiers (Section (3.2[1])) by which the resource |
485 |
can be identified. |
486 |
|
487 |
URI-header = "URI" ":" 1#( uri-mirror | uri-name ) |
488 |
|
489 |
uri-mirror = "{" "mirror" <"> URI <"> "}" |
490 |
uri-name = "{" "name" <"> URI <"> "}" |
491 |
|
492 |
Any URI specified in this field can be absolute or relative to the |
493 |
Request-URI. The "mirror" form of URI refers to a location which is a |
494 |
mirror copy of the Request-URI. The "name" form refers to a |
495 |
location-independent name corresponding to the Request-URI. |
496 |
|
497 |
|
498 |
4.6 Alternates |
499 |
|
500 |
The Alternates entity-header field is used to describe the alternate |
501 |
resources bound to a negotiable resource. |
502 |
|
503 |
Alternates = "Alternates" ":" 1#( alternate-descr |
504 |
| caching-directive ) |
505 |
|
506 |
alternate-descr = |
507 |
"{" <"> URI <"> source-quality |
508 |
[ "{" "type" <"> media-type <"> "}" ] |
509 |
[ "{" "language" <"> 1#language-tag <"> "}" ] |
510 |
[ "{" "encoding" <"> 1#content-coding <"> "}" ] |
511 |
[ "{" "length" 1*DIGIT "}" ] |
512 |
[ "{" "description" quoted-string "}" ] |
513 |
[ extension-attribute ] |
514 |
"}" |
515 |
|
516 |
source-quality = qvalue |
517 |
|
518 |
extension-attribute = "{" extension-name extension-value "}" |
519 |
extension-name = token |
520 |
extension-value = #( token | quoted-string |
521 |
| <any element of tspecials except "}"> ) |
522 |
|
523 |
Note: the extension-attribute is included because it is |
524 |
expected that HTTP/1.2 will define new attributes for use in |
525 |
the Alternates header. Also, this attribute eases content |
526 |
negotiation experiments under HTTP/1.1. |
527 |
|
528 |
caching-directive = "{" "cache-control" 1#cache-directive "}" |
529 |
|
530 |
Cache-directives are defined in Section (10.8[1]). |
531 |
|
532 |
Any URI specified in this field can be absolute or relative to the |
533 |
Request-URI. For each of the alternates bound to the negotiable |
534 |
resource, the alternates header should include an alternate-descr |
535 |
form describing that alternate. |
536 |
|
537 |
[Page 9] |
538 |
|
539 |
Internet-Draft Content Negotiation 22 February 1996 |
540 |
|
541 |
|
542 |
The source-quality attribute given in an alternate description is |
543 |
measured by the content provider as representing the amount of |
544 |
degradation from the original source. For example, a picture |
545 |
originally in JPEG form would have a lower source quality when |
546 |
translated to the XBM format, and much lower source quality when |
547 |
translated to an ASCII-art alternate. Note, however, that this is a |
548 |
function of the source -- an original piece of ASCII-art may degrade |
549 |
in quality if it is captured in JPEG form. |
550 |
|
551 |
Content providers should use the following table as a guide when |
552 |
assigning source quality values: |
553 |
|
554 |
1.000 no degradation |
555 |
0.999-0.900 no noticeable degradation |
556 |
0.899-0.700 noticeable, but acceptable degradation |
557 |
0.699-0.500 barely acceptable degradation |
558 |
0.499-0.000 unacceptable degradation |
559 |
|
560 |
It is important that content providers do not assign very low source |
561 |
quality values without good reason, as this will limit the ability of |
562 |
users to influence the negotiation process with their own preference |
563 |
settings. |
564 |
|
565 |
If alternates are not converted from one source, but constructed |
566 |
separately to represent the same abstract information in different |
567 |
ways, then the source quality attributes can be used to express |
568 |
differences in quality between the alternates. |
569 |
|
570 |
An example Alternates header for a negotiable resource with the URI |
571 |
http://www.w3.org/pub/WWW/TheProject is: |
572 |
|
573 |
Alternates: {"TheProject.fr.html" 1.0 |
574 |
{type "text/html"} {language "fr"}}, |
575 |
{"TheProject.en.html" 1.0 |
576 |
{type "text/html"} {language "en"}}, |
577 |
{"TheProject.fr.txt" 0.7 |
578 |
{type "text/plain"} {language "fr"}}, |
579 |
{"TheProject.en.txt" 0.8 |
580 |
{type "text/plain"} {language "en"}} |
581 |
|
582 |
which indicates that the negotiable resource binds to four alternate |
583 |
resources that differ in media type and natural language. |
584 |
|
585 |
The type, language, encoding, and length attributes of an alternate |
586 |
description refer to their Content-* header counterparts. Though all |
587 |
attributes are optional, it is often desirable to include as many |
588 |
attributes as possible as this will increase the quality of the |
589 |
negotiation process. Servers must only generate extension-attributes |
590 |
whose names start with "x-". Clients should ignore all extension |
591 |
attributes they do not recognize. |
592 |
|
593 |
The description attribute is meant to provide a textual description |
594 |
of some properties of the alternate, to be displayed by a user agent |
595 |
when showing the list of all alternates bound to a negotiable |
596 |
|
597 |
[Page 10] |
598 |
|
599 |
Internet-Draft Content Negotiation 22 February 1996 |
600 |
|
601 |
resource (see Section 5). This attribute can be included if the URI |
602 |
and normal attributes of an alternate are considered too opaque to |
603 |
allow interpretation by the user. |
604 |
|
605 |
The cache-control directive of the Alternates header field can be |
606 |
used to restrict the cachability of the Alternates header, and, for |
607 |
300 (multiple choices) and 406 (none acceptable) responses, the other |
608 |
parts of the response. This directives duplicates the control |
609 |
functionality offered for un-negotiated resources by the |
610 |
Cache-Control header. |
611 |
|
612 |
|
613 |
4.7 Alt-Header |
614 |
|
615 |
The Alt-Header request-header can be used in requests to negotiable |
616 |
resources to introduce new request headers in any derived requests on |
617 |
alternate resources (see section 5.2). |
618 |
|
619 |
Alt-Header = "Alt-Header" ":" <"> URI <"> Request-Header |
620 |
|
621 |
The URI specified in this field can be absolute or relative to the |
622 |
Request-URI. A typical example is |
623 |
|
624 |
Alt-Header: "TheProject.en.html" If-Validator-Valid: 6a7bf |
625 |
|
626 |
If it already has a copy of the "TheProject.en.html" alternate in |
627 |
cache, a caching client can include this header in requests to allow |
628 |
the server to shorten a 200 (OK) preemptive negotiation response to a |
629 |
304 (not Modified) response in case that preemptive negotiation |
630 |
yields "TheProject.en.html" as the best alternate. |
631 |
|
632 |
Servers are always allowed to ignore Alt-Header request headers. |
633 |
|
634 |
|
635 |
5 Content negotiation (*) |
636 |
|
637 |
Content negotiation is an optional feature of the HTTP/1.1 protocol: |
638 |
resources may be negotiable, but they need not be. If a resource is |
639 |
negotiable, this changes the semantics of GET and HEAD transactions |
640 |
on the resource. Other transactions are not affected. |
641 |
|
642 |
A negotiable resource has a number of alternates bound to it. The |
643 |
HTTP content negotiation mechanism allows for automatic selection of |
644 |
the preferred alternate bound to a negotiable resource based on the |
645 |
properties of the alternates and on the user agent preferences for |
646 |
the retrieval action on the negotiated resource. |
647 |
|
648 |
An alternate is a resource, identified by an alternate URI, that |
649 |
provides one possible representation of the `contents' of the |
650 |
negotiable resource. An alternate resource must never be a |
651 |
negotiable resource itself. It is the responsibility of the author |
652 |
of the negotiable resource, not the author of the alternate, to |
653 |
ensure that this restriction is not violated. |
654 |
|
655 |
The negotiability of a resource is expressed by the Alternates |
656 |
|
657 |
[Page 11] |
658 |
|
659 |
Internet-Draft Content Negotiation 22 February 1996 |
660 |
|
661 |
response header. If a 2xx or 3xx class response does not include an |
662 |
Alternates response header, then the resource is un-negotiable. If |
663 |
any response does include an Alternates response header, then the |
664 |
resource is negotiable. |
665 |
|
666 |
When displaying an alternate as the end result of a retrieval action |
667 |
on a negotiable resource, a user agent should allow the user to |
668 |
review a list of all alternates bound to the negotiable resource, and |
669 |
to initiate retrieval of another alternate if desired. The list can |
670 |
be annotated with some or all of the properties of the alternates, as |
671 |
given by the Alternates header in the negotiable resource response. |
672 |
|
673 |
When displaying an alternate as the end result of a retrieval action |
674 |
on a negotiable resource, a user agent should show the negotiable |
675 |
resource URI, not the alternate resource URI, as being the URI the |
676 |
contents of which were retrieved. If the user agent stores a |
677 |
reference to the content displayed for future use, it is the the |
678 |
negotiable resource URI, not the alternate resource URI, which should |
679 |
be stored. |
680 |
|
681 |
HTTP/1.1 provides for two types of content negotiation: preemptive |
682 |
and reactive. Preemptive negotiation is generally faster than |
683 |
reactive negotiation, but it can only be used if sufficient |
684 |
information about user agent capabilities and user preferences is |
685 |
present in the request on the negotiable resource. Reactive |
686 |
negotiation can always be used. Therefore, preemptive negotiation is |
687 |
best seen as mechanism that can sometimes optimize on reactive |
688 |
negotiation transactions. |
689 |
|
690 |
|
691 |
5.1 Reactive negotiation |
692 |
|
693 |
In reactive negotiation, the selection and retrieval of an alternate |
694 |
bound to the negotiable resource spans two transactions. In the |
695 |
first transaction, the client transmits a request on the negotiable |
696 |
resource URI, and the server responds with a 300 (multiple choices) |
697 |
or 406 (none acceptable) response, which includes an alternates |
698 |
header describing the alternates bound to the negotiable resource. A |
699 |
406 response may always be generated, a 300 response may only be |
700 |
generated if specific conditions given in Section 5.2 are met. The |
701 |
client can use the Alternates header in the 300 or 406 response to |
702 |
select the alternate that matches best to the preferences for the |
703 |
retrieval action. |
704 |
|
705 |
In the second transaction, the user agent transmits a request on the |
706 |
URI of the selected alternate resource, and the server will typically |
707 |
respond with a 200 (OK) response, though other response codes like |
708 |
302 (moved temporarily) are also possible. Only the user agent needs |
709 |
to know that the second request is part of a reactive negotiation |
710 |
process, all other parties can treat it as a normal request on an |
711 |
un-negotiated resource. |
712 |
|
713 |
User agents should use the reactive alternate selection algorithm |
714 |
below when automatically selecting the best alternate listed in an |
715 |
alternates header. User agents are allowed to use other selection |
716 |
|
717 |
[Page 12] |
718 |
|
719 |
Internet-Draft Content Negotiation 22 February 1996 |
720 |
|
721 |
algorithms, but this is not recommended, as preemptive negotiation is |
722 |
defined to optimize the case in which the reactive alternate |
723 |
selection algorithm below is used. |
724 |
|
725 |
User agents that do not wish to implement an alternate selection |
726 |
algorithm can, by only using Accept request headers of a certain |
727 |
form, force servers to always include an entity when a reactive |
728 |
negotiation response is sent. They can then use this entity to allow |
729 |
the user to select an alternate manually, or use the reactive |
730 |
response Location header, if present, to automatically fetch the |
731 |
alternate recommended by the server. |
732 |
|
733 |
In the first step of the reactive alternate selection algorithm, the |
734 |
overall quality for every alternate listed in the Alternates header |
735 |
of the negotiable resource is computed. The overall quality of an |
736 |
alternate is a real number Q in the range 0 through 1, where 0 is the |
737 |
minimum and 1 the maximum value, defined as |
738 |
|
739 |
Q = qs * qe * qc * ql * q * qml |
740 |
|
741 |
The values qs,qe,qc,ql,q,qml for a particular alternate are all |
742 |
determined using the part of the received Alternates header |
743 |
describing that alternate, called the alternate description below. |
744 |
|
745 |
qs The source quality factor for the alternate is given by the |
746 |
source-quality attribute in the alternate description. |
747 |
|
748 |
qe The encoding quality factor is 1 if there is no encoding |
749 |
attribute in the alternate description. If there is an |
750 |
encoding attribute in the alternate description, the encoding |
751 |
quality factor is 1 if the user agent can decode the given |
752 |
content encoding, 0 otherwise. |
753 |
|
754 |
qc The charset quality factor is 1 if there is no type attribute |
755 |
in the alternate description, or if the media type given in |
756 |
the type attribute of the alternate description does not have |
757 |
a charset parameter. If there is a charset parameter, then |
758 |
the charset quality factor is 1 if the user agent can process |
759 |
a message with the given character set, 0 otherwise. User |
760 |
agents must always be able to process a message with the |
761 |
US-ASCII charset. |
762 |
|
763 |
ql The language quality factor is 1 if there is no language |
764 |
attribute in the alternate description. If there is a |
765 |
language attribute, then the language quality factor is the |
766 |
highest quality factor assigned to any one of the listed |
767 |
languages according to the user agent language preferences |
768 |
for the retrieval action. |
769 |
|
770 |
q The media type quality factor is 1 if there is no type |
771 |
attribute in the alternate description. If there is a type |
772 |
attribute, then the media type quality factor is the quality |
773 |
factor assigned to the given media type in in the user agent |
774 |
media type preferences for the retrieval action. |
775 |
|
776 |
|
777 |
[Page 13] |
778 |
|
779 |
Internet-Draft Content Negotiation 22 February 1996 |
780 |
|
781 |
qml The maximum length quality factor is 1 if there is no length |
782 |
attribute in the alternate description. If there is a length |
783 |
attribute in the alternate description, then the maximum |
784 |
length quality factor is 1 if the length given is less than |
785 |
or equal to the maximum acceptable length according to the |
786 |
user agent maximum length preferences for the retrieval |
787 |
action, 0 otherwise. Preferred maximum lengths are often |
788 |
equal to `infinity'. |
789 |
|
790 |
In the second step of the the reactive alternate selection algorithm, |
791 |
the overall qualities of all alternates are compared to select the |
792 |
best alternate. If there is one alternate with the highest overall |
793 |
quality value, then that alternate is the best alternate. If there |
794 |
are multiple alternates that share the highest overall quality value, |
795 |
then the alternate that is listed first in the received Alternates |
796 |
header is the best alternate. |
797 |
|
798 |
If all alternates have an overall quality value of zero, a user agent |
799 |
should not automatically retrieve the first alternate, but stop the |
800 |
reactive negotiation process, allowing the user to decide on the next |
801 |
action. |
802 |
|
803 |
|
804 |
5.2 Preemptive negotiation (*) |
805 |
|
806 |
In preemptive negotiation, the selection and retrieval of an |
807 |
alternate bound to the negotiable resource is done in a single |
808 |
transaction, saving one round trip time over reactive negotiation. A |
809 |
preemptive negotiation response must only be generated by a server if |
810 |
the request on the negotiable resource contains enough information |
811 |
about user agent capabilities and user preferences to allow the |
812 |
server to determine which alternate would be chosen if the reactive |
813 |
alternate selection algorithm outlined above were used by the user |
814 |
agent in reactive negotiation. |
815 |
|
816 |
When engaging in preemptive negotiation, the server must use the |
817 |
following algorithm, or any other algorithm that produces the same |
818 |
result, to construct the preemptive response message. |
819 |
|
820 |
1. Construct a request message on the best alternate resource by |
821 |
modifying the received request message on the negotiable |
822 |
resource in the following way. First, the Request-URI and the |
823 |
Host request header must be rewritten to point to the best |
824 |
alternate resource. Then, if there are any Alt-Header request |
825 |
headers that match the best alternate resource URI, the headers |
826 |
given in these matching Alt-Header request headers may be added |
827 |
to the headers in the request message. Finally, the Alt-Header |
828 |
request headers in the request message may be removed. |
829 |
|
830 |
2. Generate a valid HTTP response message for the request message |
831 |
constructed in step 1. If the server is a proxy, this may |
832 |
involve sending the constructed request to the origin server. |
833 |
|
834 |
3. Add two headers to the HTTP response message generated in step |
835 |
2. These are an Alternates header describing the alternates |
836 |
|
837 |
[Page 14] |
838 |
|
839 |
Internet-Draft Content Negotiation 22 February 1996 |
840 |
|
841 |
bound to the negotiable resource, and a Location header that |
842 |
gives the URI of the best alternate resource. |
843 |
|
844 |
A preemptive response message satisfies the origin server restriction |
845 |
if and only if the full URI of the best alternate resource can be |
846 |
obtained by adding a sequence of characters excluding "/" to the end |
847 |
of the full URI of the negotiable resource, where the first character |
848 |
added may not be an US-ASCII uppercase or lowercase letter. |
849 |
|
850 |
Origin servers should not generate a preemptive response message that |
851 |
violates the origin server restriction. If a client receives a |
852 |
preemptive response message that violates the origin server |
853 |
restriction directly from an origin server, then that client must |
854 |
reject the message as a probable spoofing attempt. If the client is |
855 |
a proxy, it must not pass on the response, it can pass on a 502 (bad |
856 |
gateway) response instead. Servers acting as proxies may generate |
857 |
preemptive responses that do violate the origin server restriction, |
858 |
and clients should not reject these responses. |
859 |
|
860 |
Clients, including caching proxies, may treat the HTTP response that |
861 |
can be derived from a reactive negotiation response by deleting the |
862 |
Alternates and Location headers as being controlled by the author of |
863 |
the best alternate resource, not the author of the negotiable |
864 |
resource on which the actual request was made. It is the |
865 |
responsibility of the server to ensure that the best alternate |
866 |
resource author indeed has this control. Section 6.1 discusses |
867 |
the implications of this rule on server design and administration. |
868 |
|
869 |
User agents can transmit information about their capabilities and |
870 |
preferences for a retrieval action using the various accept request |
871 |
headers. If the accept headers present in a request on a negotiable |
872 |
resource contain enough information, a server may be able to generate |
873 |
a preemptive negotiation response. As most resources will be |
874 |
un-negotiable, user agents are encouraged to send empty or small |
875 |
accept headers, or even omit some accept headers entirely, by |
876 |
default. If a user agent knows or discovers that an origin server |
877 |
provides negotiated resources, it is encouraged to use data from the |
878 |
negotiated responses received so far to dynamically add or extend |
879 |
accept headers sent in future requests on resources provided by that |
880 |
origin server, in order to increase the probability that preemptive |
881 |
negotiation can be used instead of the slower reactive negotiation. |
882 |
|
883 |
Servers that want to support preemptive negotiation must use the |
884 |
preemptive alternate selection algorithm below. This algorithm can |
885 |
be applied to determine |
886 |
|
887 |
o whether a preemptive negotiation response may be sent, and if so, |
888 |
which alternate is the best alternate |
889 |
|
890 |
o the appropriate response code, either 300 (Multiple Choices) or |
891 |
or 406 (None Acceptable), when a reactive response is sent. |
892 |
|
893 |
The algorithm uses the alternate descriptions for each of the |
894 |
available alternates, as will be included in the Alternates header of |
895 |
the response, and the Accept headers of the request on the negotiable |
896 |
|
897 |
[Page 15] |
898 |
|
899 |
Internet-Draft Content Negotiation 22 February 1996 |
900 |
|
901 |
resource as input. |
902 |
|
903 |
In the first step of the preemptive alternate selection algorithm, |
904 |
the overall quality for every alternate bound to the negotiable |
905 |
resource is computed. The overall quality is a real number Q in the |
906 |
range 0 through 1, where 0 is the minimum and 1 the maximum value, |
907 |
defined as |
908 |
|
909 |
Q = qs * qe * qc * ql * q * qml |
910 |
|
911 |
The overall quality values computed in the preemptive algorithm are |
912 |
not necessarily equal to the overall quality values values computed |
913 |
in the reactive algorithm of Section 5.1. |
914 |
|
915 |
The values qs,qe,qc,ql,q,qml for a particular alternate are all |
916 |
determined using the alternate description of the particular |
917 |
alternate and the Accept headers of the request. |
918 |
|
919 |
qs The source quality factor for the alternate is given by the |
920 |
source-quality attribute in the alternate description. |
921 |
|
922 |
qe The encoding quality factor is 1 if there is no encoding |
923 |
attribute in the alternate description. If there is an |
924 |
encoding attribute in the alternate description, the encoding |
925 |
quality factor is 1 if no Accept-Encoding header is present |
926 |
in the request, 1 if an Accept-Encoding header present |
927 |
indicates the ability to decode the given content encoding, |
928 |
and 0 otherwise. |
929 |
|
930 |
qc The charset quality factor is 1 if there is no type attribute |
931 |
in the alternate description, or if the media type given in |
932 |
the type attribute of the alternate description does not have |
933 |
a charset parameter. If there is a charset parameter, then |
934 |
the charset quality factor is 1 if the charset is US-ASCII, 1 |
935 |
if no Accept-Charset header is present in the request, 1 if |
936 |
an Accept-Charset header present indicates the ability to |
937 |
handle the given character set, and 0 otherwise. |
938 |
|
939 |
ql The language quality factor is 1 if there is no language |
940 |
attribute in the alternate description. If there is a |
941 |
language attribute, then the language quality factor is the |
942 |
highest quality factor assigned by the Accept-Language header |
943 |
in the request to any one of the languages listed in the |
944 |
attribute, 0 if none of the listed languages are assigned a |
945 |
quality factor by the Accept-Language header in the request, |
946 |
and 1 if there is no Accept-Language header in the request. |
947 |
|
948 |
q The media type quality factor is 1 if there is no type |
949 |
attribute in the alternate description. If there is a type |
950 |
attribute, then the media type quality factor is the quality |
951 |
factor assigned to the given media type by the Accept headers |
952 |
in the request, 0 if the Accept headers do not assign a |
953 |
quality factor to the media type, and 1 if there are no |
954 |
Accept headers in the request. |
955 |
|
956 |
|
957 |
[Page 16] |
958 |
|
959 |
Internet-Draft Content Negotiation 22 February 1996 |
960 |
|
961 |
qml The maximum length quality factor is 1 if there is no length |
962 |
attribute or no type attribute in the alternate description. |
963 |
If there is a length and a type attribute in the alternate |
964 |
description, then the maximum length quality factor is 0 if |
965 |
is the "mxb" value assigned to the given media type by the |
966 |
Accept headers in the request is less than the value given in |
967 |
the length attribute, 1 if the "mxb" value is greater or |
968 |
equal, 1 if the Accept headers do not assign an "mxb" value |
969 |
to the media type, and 1 if there are no Accept headers in |
970 |
the request. |
971 |
|
972 |
In the second step of the algorithm, the overall qualities of all |
973 |
alternates are compared to select the best one. If there is one |
974 |
alternate with the highest overall quality value, then this is the |
975 |
best alternate. If there are multiple alternates that share the |
976 |
highest overall quality value, then the alternate that is listed |
977 |
first in the Alternates header is the best alternate. |
978 |
|
979 |
If all alternates have an overall quality value of zero, then any |
980 |
reactive negotiation response sent must use the 406 (None Acceptable) |
981 |
response code. Else, any reactive negotiation response sent should |
982 |
use the 300 (Multiple Choices) response code. |
983 |
|
984 |
In the third step of the preemptive negotiation alternate selection |
985 |
algorithm, it is determined whether a preemptive negotiation response |
986 |
may be sent to return the best alternate found. |
987 |
|
988 |
If the best alternate has an overall quality value of zero, then the |
989 |
server must not generate a preemptive response, it should generate a |
990 |
reactive response with the 406 (None Acceptable) response code. |
991 |
|
992 |
If the best alternate has an overall quality factor greater than |
993 |
zero, and no Accept header in the request contains a |
994 |
reactive-on-wildcard directive, then the server may generate a |
995 |
preemptive response, provided that the origin server restriction, if |
996 |
applicable, is met. |
997 |
|
998 |
If the best alternate has an overall quality factor greater than |
999 |
zero, and an Accept header in the request contains a |
1000 |
reactive-on-wildcard directive, then the server may generate a |
1001 |
preemptive response, provided that the origin server restriction, if |
1002 |
applicable, is met, if |
1003 |
|
1004 |
o the type quality factor (q) of the best alternate was not derived |
1005 |
from a match to a media range containing an asterisk "*" wildcard |
1006 |
character in an Accept header, and |
1007 |
|
1008 |
o the language quality factor (ql) of the best alternate was not |
1009 |
derived from a match to a "*" language-range in the |
1010 |
Accept-Language header. |
1011 |
|
1012 |
In all other cases, the server must generate a reactive response. |
1013 |
|
1014 |
|
1015 |
|
1016 |
|
1017 |
[Page 17] |
1018 |
|
1019 |
Internet-Draft Content Negotiation 22 February 1996 |
1020 |
|
1021 |
|
1022 |
5.3 Caching issues |
1023 |
|
1024 |
HTTP/1.1 does not provide a mechanism for conditional GET requests on |
1025 |
negotiable resources, but does provide a mechanism, the Alt-Header |
1026 |
request header, for conditional GET requests on alternate resources. |
1027 |
|
1028 |
When generating a 300 (Multiple Options) response, a 406 (None |
1029 |
Acceptable) response, or the Alternates headers for a preemptive |
1030 |
response, a cache may re-use an Alternates header received earlier |
1031 |
from the negotiable resource, as long as the restrictions expressed |
1032 |
by any cache-control directive in the Alternates header are met. If |
1033 |
the presence of an entity is required in a 300 or 406 response, |
1034 |
caches may generate that entity on behalf of the origin server. |
1035 |
|
1036 |
When relaying a preemptive response, a cache may infer the request |
1037 |
and response messages of the HTTP transaction on the best alternate |
1038 |
resource performed by the server that generated the preemptive |
1039 |
response, and may update its internal data structures to reflect the |
1040 |
occurrence of this HTTP transaction. |
1041 |
|
1042 |
Caches are encouraged to perform such updates because they increase |
1043 |
efficiency and prevent strange (but otherwise allowed) effects if the |
1044 |
contents of an alternate resource are changed at the origin server |
1045 |
while there is still a non-expired version of these contents in |
1046 |
cache. |
1047 |
|
1048 |
|
1049 |
6 Security and Privacy considerations |
1050 |
|
1051 |
6.1 Spoofing using Location headers |
1052 |
|
1053 |
Clients, including caching proxies, may treat the HTTP response that |
1054 |
can be derived from a reactive negotiation response by deleting the |
1055 |
Alternates and Location headers as being controlled by the author of |
1056 |
the best alternate resource, not the author of the negotiable |
1057 |
resource on which the actual request was made. It is the |
1058 |
responsibility of the server to ensure that the best alternate |
1059 |
resource author indeed has this control, because if this control is |
1060 |
lost, control over the responses generated by direct requests on the |
1061 |
best alternate resource is also lost. Origin servers are helped |
1062 |
carrying this responsibility by the rule that clients must reject |
1063 |
preemptive responses that do not satisfy the origin server |
1064 |
restrictions. |
1065 |
|
1066 |
This paragraph discusses the implications of the above on server |
1067 |
design and administration. First, it is intended that any negotiable |
1068 |
resource authoring mechanism built into the server, and accessible to |
1069 |
authors of static content and CGI scripts, generates preemptive |
1070 |
responses by internally doing a request on the best variant resource, |
1071 |
and adding the required Alternates and Location headers to the |
1072 |
generated response. Second, it is intended that, if the CGI |
1073 |
interface has a feature that allows script authors to generate a |
1074 |
preemptive response directly, then a) two distrusting parties will |
1075 |
never be able to author CGI scripts in a shared directory, or b) use |
1076 |
|
1077 |
[Page 18] |
1078 |
|
1079 |
Internet-Draft Content Negotiation 22 February 1996 |
1080 |
|
1081 |
of this feature is only enabled for a CGI script if the script author |
1082 |
is trusted by all other authors that use the same directory, or c) |
1083 |
the server filters the Location headers generated by the CGI script |
1084 |
to prevent spoofing that is not prevented by clients applying the |
1085 |
origin server restriction. |
1086 |
|
1087 |
|
1088 |
6.2 User tracking based on accept headers |
1089 |
|
1090 |
If users fine-tune quality factors put into the default user agent |
1091 |
accept headers to the third decimal, these accept headers can be used |
1092 |
as relatively long-lived user identifiers, enabling content providers |
1093 |
(even if they do not provide negotiable resources) to tell apart |
1094 |
different users behind a proxy. This identification allows content |
1095 |
providers to do click-trail tracking, and allows collaborating |
1096 |
content providers to match cross-server click-trails or form |
1097 |
submissions of individual users. Thus, privacy reasons demand that |
1098 |
user agents are conservative in the amount of quality factor fine |
1099 |
tuning they allow to users without giving a warning about privacy and |
1100 |
in the sending of long accept headers by default in a request. (See |
1101 |
also the remarks on sending short accept headers for performance |
1102 |
reasons in Section 5.2). |
1103 |
|
1104 |
|
1105 |
6.3 Accept headers revealing information of private nature |
1106 |
without real need. |
1107 |
|
1108 |
Preferences sent in accept headers, in particular language quality |
1109 |
factors sent in Accept-Language headers, may reveal information that |
1110 |
the user rather keeps private unless it will directly improve the |
1111 |
quality of the service. The content negotiation mechanism allows |
1112 |
users to leave some languages (e.g. languages the knowledge of which |
1113 |
strongly correlates with membership of a particular ethnic group) out |
1114 |
of the Accept-Language header without decreasing the quality of the |
1115 |
negotiation process if the request happens to be on a negotiable |
1116 |
resource. Note however that the speed of the negotiation process may |
1117 |
be affected. |
1118 |
|
1119 |
No matter how much information is left out of the Accept headers, |
1120 |
automatic reactive negotiation by a user agent on a negotiable |
1121 |
resource will inevitably reveal some of the user preferences by the |
1122 |
generation of a request on the best alternate resource as partly |
1123 |
determined by the user preferences. Malicious service authors could |
1124 |
provide `fake' negotiable resources, which not even bind to alternate |
1125 |
resources that are in fact different, whose only purpose is to get |
1126 |
information about (ethnicity correlated) languages understood by the |
1127 |
visiting users. Such plots would however be visible to alert |
1128 |
victims, as user agents will allow the user to review a list of all |
1129 |
alternates bound to the negotiable resource. |
1130 |
|
1131 |
Maintainers of firewall proxies may want to process outgoing accept |
1132 |
headers to enhance privacy beyond the level provided by the user |
1133 |
agents behind the firewall. |
1134 |
|
1135 |
|
1136 |
|
1137 |
[Page 19] |
1138 |
|
1139 |
Internet-Draft Content Negotiation 22 February 1996 |
1140 |
|
1141 |
7 Acknowledgments |
1142 |
|
1143 |
This document builds on the content negotiation descriptions in [1], |
1144 |
and directly incorporates text from [1] in some places. Many members |
1145 |
of the HTTP working group have contributed to discussions that are |
1146 |
reflected in this document. |
1147 |
|
1148 |
|
1149 |
8 References |
1150 |
|
1151 |
[1] Roy T. Fielding, Henrik Frystyk Nielsen, and Tim Berners-Lee. |
1152 |
Hypertext Transfer Protocol -- HTTP/1.1. Internet-Draft |
1153 |
draft-ietf-http-v11-spec-01.txt, HTTP Working Group, January, |
1154 |
1996. |
1155 |
|
1156 |
[2] H. Alvestrand. "Tags for the identification of languages." RFC |
1157 |
1766, UNINETT, March 1995. |
1158 |
|
1159 |
|
1160 |
9 Author's address |
1161 |
|
1162 |
Koen Holtman |
1163 |
Technische Universiteit Eindhoven |
1164 |
Postbus 513 |
1165 |
Kamer HG 6.57 |
1166 |
5600 MB Eindhoven (Holland) |
1167 |
|
1168 |
e-mail: koen@win.tue.nl |
1169 |
|
1170 |
|
1171 |
|
1172 |
|
1173 |
|
1174 |
|
1175 |
|
1176 |
|
1177 |
|
1178 |
|
1179 |
|
1180 |
|
1181 |
|
1182 |
|
1183 |
|
1184 |
|
1185 |
|
1186 |
|
1187 |
|
1188 |
|
1189 |
|
1190 |
|
1191 |
|
1192 |
|
1193 |
|
1194 |
|
1195 |
Expires: 27 August 1996 |
1196 |
|
1197 |
[Page 20] |
1198 |
|
1199 |
|