1 |
|
2 |
|
3 |
|
4 |
|
5 |
|
6 |
|
7 |
HTTP Working Group D. Connolly |
8 |
Internet Draft W3 Consortium |
9 |
March 1997 |
10 |
Expire in six months |
11 |
|
12 |
PEP: an Extension Mechanism for HTTP |
13 |
Status of this Document |
14 |
|
15 |
This document is an Internet-Draft. Internet-Drafts are working |
16 |
documents of the Internet Engineering Task Force (IETF), its areas, |
17 |
and its working groups. Note that other groups may also distribute |
18 |
working documents as Internet-Drafts. |
19 |
|
20 |
Internet-Drafts are draft documents valid for a maximum of six months |
21 |
and may be updated, replaced, or obsoleted by other documents at any |
22 |
time. It is inappropriate to use Internet-Drafts as reference |
23 |
material or to cite them other than as "work in progress". |
24 |
|
25 |
To learn the current status of any Internet-Draft, please check the |
26 |
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow |
27 |
Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), |
28 |
munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or |
29 |
ftp.isi.edu (US West Coast). |
30 |
|
31 |
This document is also available as a W3C Working Draft. The most |
32 |
recent release is available at http://www.w3.org/pub/WWW/TR/WD-http- |
33 |
pep. |
34 |
|
35 |
Distribution of this document is unlimited. Please send comments to |
36 |
the HTTP working group at http-wg@cuckoo.hpl.hp.com. Discussions of |
37 |
the working group are archived at |
38 |
http://www.ics.uci.edu/pub/ietf/http/. The editor maintains |
39 |
background information about PEP at |
40 |
http://www.w3.org/pub/WWW/Protocols/PEP/ |
41 |
|
42 |
The contribution of W3 Consortium staff time to the HTTP working |
43 |
group is part of the W3C HTTP Activity. |
44 |
Abstract |
45 |
|
46 |
HTTP is an extensible protocol. PEP is an extension mechanism |
47 |
designed to address the tension between private agreement and public |
48 |
specification and to accommodate extension of HTTP clients and |
49 |
servers by software components. |
50 |
|
51 |
The PEP mechanism is to associate each extension with a URI, and use |
52 |
a few new header fields to carry the extension identifier and related |
53 |
information from HTTP clients, thru proxies and intermediaries, to |
54 |
servers, and back again. |
55 |
|
56 |
|
57 |
|
58 |
|
59 |
Connolly W3C Working Draft [Page 1] |
60 |
|
61 |
|
62 |
|
63 |
|
64 |
|
65 |
WD-pep PEP $Date: 1997/03/21 20:59:19 $ |
66 |
|
67 |
|
68 |
PEP relies on some HTTP 1.1 features, but is intended to be |
69 |
compatible with all versions of HTTP from 1.1 on, and to be |
70 |
compatible with HTTP/1.0 inasmuch as HTTP 1.1 is compatible with |
71 |
HTTP/1.0. |
72 |
|
73 |
The kinds of extension protocol capable of being introduced by PEP |
74 |
are envisioned as ranging from: |
75 |
|
76 |
* |
77 |
a simple qualification of a normal HTTP transaction; |
78 |
* |
79 |
changes to HTTP semantics; |
80 |
* |
81 |
HTTP-like protocols for new applications; |
82 |
* |
83 |
new HTTP methods; |
84 |
* |
85 |
new HTTP syntax, encoding or marshaling; |
86 |
* |
87 |
modification of replacement of lower layers such as TCP; |
88 |
to... |
89 |
* |
90 |
protocols which, once initatiated by a PEP transaction, |
91 |
runcompletely indepdently |
92 |
of HTTP, TCP and IP. |
93 |
|
94 |
Contents |
95 |
Introduction |
96 |
|
97 |
HTTP is a generic request-response protocol, designed to accommodate |
98 |
a variety of applications, from network information retrieval and |
99 |
searching to file transfer and repository access to query and forms |
100 |
processing. |
101 |
|
102 |
HTTP is used increasingly in applications that need more facilities |
103 |
than the standard version of the protocol provides, from distributed |
104 |
authoring, collaboration and printing, to various remote procedure |
105 |
call mechanisms. |
106 |
|
107 |
Many of these applications do not require agreement across the whole |
108 |
Internet about the extended facilities; rather, it suffices: |
109 |
|
110 |
* |
111 |
That conforming HTTP peers supporting a particular protocol |
112 |
extension or |
113 |
feature should be able to employ this in real time with no |
114 |
prior agreement; |
115 |
* |
116 |
That it should be possible for one party having a |
117 |
capability for a new protocol |
118 |
to require that the the other party either understand and |
119 |
abide by the new |
120 |
|
121 |
|
122 |
|
123 |
Connolly W3C Working Draft [Page 2] |
124 |
|
125 |
|
126 |
|
127 |
|
128 |
WD-pep PEP $Date: 1997/03/21 20:59:19 $ |
129 |
|
130 |
|
131 |
protocol or abort the operation; |
132 |
* |
133 |
That the HTTP protocol as extended should still be able to |
134 |
work through proxies |
135 |
- especially caching proxies; |
136 |
* |
137 |
That negotiation of matching capabilities should be |
138 |
possible. |
139 |
|
140 |
This document defines PEP, an extension mechanism for HTTP. The PEP |
141 |
design is the result of analyzing a variety of HTTP extensions and |
142 |
extension mechanisms, and the motivation behind them. |
143 |
|
144 |
PEP relies on some HTTP 1.1 features, but is intended to be |
145 |
compatible with all versions of HTTP from 1.1 on, and to be |
146 |
compatible with HTTP/1.0 inasmuch as HTTP 1.1 is compatible with |
147 |
HTTP/1.0. See section Considerations for Defining Extensions. |
148 |
Operational Overview |
149 |
|
150 |
PEP is intended to be used as follows: |
151 |
|
152 |
* |
153 |
Some party designs and specifies an extension to HTTP; |
154 |
the party assigns |
155 |
the extension an identifier which is a URI, and they |
156 |
make the specification |
157 |
of the protocol available at that address. |
158 |
* |
159 |
Extended clients and servers are implemented per the |
160 |
HTTP specification as |
161 |
extended by the extension specification. |
162 |
* |
163 |
Requests and responses declare the use of the extension |
164 |
by reference to its |
165 |
URI. |
166 |
* |
167 |
If the extension becomes ubiquitous, a new version of |
168 |
the HTTP specification |
169 |
can include the extension, and messages can declare use |
170 |
of the new HTTP version |
171 |
instead of the extension. |
172 |
|
173 |
Editor's note: I have used the term URI throughout this |
174 |
specification, |
175 |
since PEP relies only on the identification of resources, not on |
176 |
location nor resolution. URNs are expected to serve just as well |
177 |
as URLs |
178 |
for use as PEP extension identifiers. Hence, I cite the URL |
179 |
syntax draft |
180 |
in progress. |
181 |
|
182 |
Note that, at the cost of some extra bytes to spell out the URI in |
183 |
|
184 |
|
185 |
|
186 |
Connolly W3C Working Draft [Page 3] |
187 |
|
188 |
|
189 |
|
190 |
|
191 |
WD-pep PEP $Date: 1997/03/21 20:59:19 $ |
192 |
|
193 |
|
194 |
full, the use of a central registry of extension names is avoided. |
195 |
|
196 |
See Considerations for Defining Extensions for more on defining |
197 |
extensions. |
198 |
|
199 |
The PEP mechanism is designed to accommodate extension of clients, |
200 |
servers, and proxies by software components as follows: |
201 |
|
202 |
* |
203 |
Clients and servers are implemented with software |
204 |
component interfaces that |
205 |
allow dynamic installation of extension facilities. |
206 |
* |
207 |
An extension is assigned a URI; in addition to a human- |
208 |
readable specification |
209 |
of an extension, a machine-readable implementation or |
210 |
description of the |
211 |
extension is published at that address. |
212 |
* |
213 |
If a message that refers to an extension is received by |
214 |
a party that has |
215 |
no awareness of the extension, the receiver can |
216 |
dereference the extension's |
217 |
identifier and dynamically load support for the extended |
218 |
facility. |
219 |
|
220 |
Strength, Scope and Semantics of Extended Transactions |
221 |
|
222 |
The agents in an HTTP transaction are a client and a server, which |
223 |
send HTTP messages to each other, with intermediaries between them |
224 |
in some cases. However, semantically, an HTTP transaction is |
225 |
between a client party (for example, the referent of the From: |
226 |
header field) and a the principle responsible for the publication |
227 |
of a given resource. |
228 |
|
229 |
The publishing party is basically the one responsible for the |
230 |
service provided at any particular URI, for example, the mapping |
231 |
between the URI and any representation of the resource to which it |
232 |
refers. Exactly who takes this role is beyond the scope this |
233 |
document, but for example, it may be the writer of a document, the |
234 |
server administrator, the organization running the server, or a |
235 |
combination of these. |
236 |
|
237 |
PEP extensions MAY be used to extend the end-to-end transaction |
238 |
semantics, or, using the Connection header field (see [HTTP] |
239 |
section 14.10 Connection), they MAY be used to extend the hop-by- |
240 |
hop transaction semantics. See The Protocol Header Field and Hop- |
241 |
by-hop Extensions for details. |
242 |
|
243 |
A PEP extension declaration has a strength which MAY be either |
244 |
required or optional. If it is optional, the transaction may |
245 |
succeed even if some of the parties within its scope do not |
246 |
|
247 |
|
248 |
|
249 |
Connolly W3C Working Draft [Page 4] |
250 |
|
251 |
|
252 |
|
253 |
|
254 |
WD-pep PEP $Date: 1997/03/21 20:59:19 $ |
255 |
|
256 |
|
257 |
participate. If it is reuired, it MUST be understood and |
258 |
responded to by all parties within its scope. See The Protocol |
259 |
Header Field and Binding Request for details. |
260 |
The Protocol Header Field |
261 |
|
262 |
The extensions used in a message are declared using the Protocol |
263 |
request/response header field. |
264 |
|
265 |
The syntax is: |
266 |
|
267 |
Protocol = "Protocol" ":" 1#extension-decl |
268 |
| "C-Protocol" ":" 1#extension-decl |
269 |
extension-decl = "{" extension-id 1*LWS *ext-info "}" |
270 |
extension-id = URI |
271 |
ext-info = str | enc | params |
272 |
params = "{" "params" *bagitem "}" |
273 |
str = "{" "str" ("req" | "opt" ) "}" |
274 |
enc = "enc" |
275 |
|
276 |
bag = "{" bagname *bagitem "}" |
277 |
bagname = token ¦ URI |
278 |
bagitem = bag ¦ token ¦ quoted-string |
279 |
URI = 1*<any char except CTLs or space> |
280 |
|
281 |
Each extension-decl: |
282 |
|
283 |
* |
284 |
MUST contain an extension-id, which is a URI [URLSYN] for |
285 |
an extension specification. |
286 |
* |
287 |
MAY contain a params bag of items whose semantics are |
288 |
specified |
289 |
by the extension specification. |
290 |
* |
291 |
MAY signal contain an enc token, which signals that the |
292 |
extension |
293 |
is an encoding. See Extension Encodings. |
294 |
* |
295 |
MAY specify a strength of optional ({str opt}) or required |
296 |
({str |
297 |
req}). The strength defaults to optional if it is |
298 |
unspecified. See Strength |
299 |
|
300 |
Note that, since URIs may contain { and } characters, a space is |
301 |
required after the extension-id. |
302 |
|
303 |
For example: |
304 |
|
305 |
|
306 |
|
307 |
|
308 |
|
309 |
|
310 |
|
311 |
|
312 |
Connolly W3C Working Draft [Page 5] |
313 |
|
314 |
|
315 |
|
316 |
|
317 |
WD-pep PEP $Date: 1997/03/21 20:59:19 $ |
318 |
|
319 |
|
320 |
GET /a-document HTTP/1.1 |
321 |
Host: a.host |
322 |
Protocol: {http://some.org/an-extension } |
323 |
|
324 |
HTTP/1.1 200 OK |
325 |
Protocol: {http://some.org/an-extension } |
326 |
Vary: Protocol |
327 |
Content-Type: text/plain |
328 |
|
329 |
Glad you're using an-extension! |
330 |
|
331 |
Note the use of the Vary header to notify proxies that responses to |
332 |
GET /a-document depend on the Protocol header fields used in the |
333 |
request. See [HTTP], section 14.43 Vary. |
334 |
Strength |
335 |
|
336 |
Each extension-decl declares the use of the extension to be one |
337 |
of: |
338 |
|
339 |
Required: {str req} |
340 |
Ignorance of the extension or failure to process the |
341 |
extension declaration |
342 |
by the relevant agent(s) is an error that results in |
343 |
failure of the entire |
344 |
transaction, and SHOULD be reported using the 420 Bad |
345 |
Extension status code. See also: Binding Request. |
346 |
|
347 |
Optional: {str opt} |
348 |
The success of the transaction does not depend on any |
349 |
agents recognizing |
350 |
or processing the extension declaration. This is the |
351 |
default. |
352 |
|
353 |
If any of the extension declarations in a request is required, |
354 |
then the request is a binding request. See: Binding Request. |
355 |
|
356 |
The issue of "relevant agents" is defined in section Hop-by-hop |
357 |
Extensions and summarized in section Summary of Protocol |
358 |
Interactions. |
359 |
Hop-by-hop Extensions |
360 |
|
361 |
Extensions declared with the Protocol header field are end-to-end |
362 |
extensions. Hop-by-hop extensions are declared with the C- |
363 |
Protocol header field, in conjunction with the Connection header |
364 |
([HTTP], section 13.5.1 and 14.10). |
365 |
|
366 |
The relevant agents in a hop-by-hop extension are the agents at |
367 |
the ends of the connection. |
368 |
|
369 |
The relevant agents in an end-to-end extension are the origin |
370 |
client and server, and depending on the extension in question any |
371 |
intermediaries acting on behalf of the origin client and server in |
372 |
|
373 |
|
374 |
|
375 |
Connolly W3C Working Draft [Page 6] |
376 |
|
377 |
|
378 |
|
379 |
|
380 |
WD-pep PEP $Date: 1997/03/21 20:59:19 $ |
381 |
|
382 |
|
383 |
ccordance with the extension specification and any private |
384 |
agreements. |
385 |
Binding Request |
386 |
|
387 |
A request with {str req} in any of its Protocol header fields is a |
388 |
binding request -- the transaction cannot be succeed without |
389 |
consulting and adhering to the relevant extension specification(s). |
390 |
|
391 |
Because legacy HTTP agents MAY ignore all protocol header fields, the |
392 |
{str req} is not sufficient to evoke the correct behaviour from HTTP |
393 |
agents. |
394 |
|
395 |
The method name of all binding request MUST be prefixed by BINDING-. |
396 |
Legacy HTTP agents (i.e. agents implemented without consulting this |
397 |
specification) SHOULD respond with 501 (Not Implemented) (see [HTTP] |
398 |
section 5.1.1, Method). Other agents MUST process the request |
399 |
resulting from removing the BINDING- from the method name and leaving |
400 |
the rest of the request (request URI, version, header fields, body) |
401 |
as is. |
402 |
|
403 |
NOTE: All method names beginning with BINDING- are reserved for this |
404 |
use. |
405 |
|
406 |
For example, a client might express the binding rights-management |
407 |
constraints on its request as follows: |
408 |
|
409 |
BINDING-PUT /a-resource HTTP/1.2 |
410 |
Protocol: {http://some.org/rights-management {str req} |
411 |
{params {copyright-remains-with-client} |
412 |
{nonexclusive-right-to-redistribute} } |
413 |
Host: some.hose |
414 |
Content-Length: 1203 |
415 |
Content-Type: text/html |
416 |
|
417 |
<!doctype html ... |
418 |
|
419 |
Summary of Protocol Interactions |
420 |
|
421 |
The processing of PEP extensions is subject to a number of |
422 |
considerations: |
423 |
|
424 |
Proxy or Origin server? |
425 |
Proxies need not process end-to-end extensions, but they do |
426 |
Connection header |
427 |
processing. |
428 |
|
429 |
Extension supported? PEP supported? |
430 |
Some agents will have no support for PEP (in particular, the |
431 |
BINDING- syntax). |
432 |
Some agents will have support for the relevant extension, and |
433 |
some will not. |
434 |
Even those that support the extension may elect not to process |
435 |
|
436 |
|
437 |
|
438 |
Connolly W3C Working Draft [Page 7] |
439 |
|
440 |
|
441 |
|
442 |
|
443 |
WD-pep PEP $Date: 1997/03/21 20:59:19 $ |
444 |
|
445 |
|
446 |
it in some |
447 |
cases; this is indistinguishable from lack of support. |
448 |
|
449 |
Hop-by-hop or End-to-end? |
450 |
The Connection header is used to be sure that C-Protocol and |
451 |
C-Protocol-Info |
452 |
headers are processed by exactly one receiving agent. |
453 |
|
454 |
Optional or Required? |
455 |
Is the extension essential to the transaction? |
456 |
|
457 |
The following table summarizes the outcome in each case: |
458 |
|
459 |
pass |
460 |
The proxy MUST pass the extension declaration along to the |
461 |
next agent. |
462 |
|
463 |
strip |
464 |
The proxy MUST strip the extension declaration out and pass |
465 |
the remainder |
466 |
along to the next agent. |
467 |
|
468 |
extended processing |
469 |
The agent MUST process the request in conformance with the |
470 |
extesion speification. |
471 |
|
472 |
standard processing |
473 |
The agent MUST process the request in the standard, unextended |
474 |
fashion. |
475 |
|
476 |
420 Bad Extension |
477 |
The agent MUST report a 420 Bad Extension error |
478 |
|
479 |
Editor's note: I need to make a plain-text equivalent of the |
480 |
following |
481 |
table. Until then, please see the HTML version. |
482 |
Strength / Scope PEP Summary |
483 |
|
484 |
Hop-by-hop |
485 |
End-to-end |
486 |
Optional |
487 |
Required |
488 |
Optional |
489 |
Required |
490 |
Proxy |
491 |
PEP not supported |
492 |
strip*1 |
493 |
501 not implemented |
494 |
pass |
495 |
501 not implemented |
496 |
Extension not supported |
497 |
strip |
498 |
|
499 |
|
500 |
|
501 |
Connolly W3C Working Draft [Page 8] |
502 |
|
503 |
|
504 |
|
505 |
|
506 |
WD-pep PEP $Date: 1997/03/21 20:59:19 $ |
507 |
|
508 |
|
509 |
420 Bad Extensions |
510 |
pass |
511 |
pass |
512 |
Extension supported |
513 |
extended processing |
514 |
extended processing |
515 |
extended processing |
516 |
extended processing |
517 |
Origin Server |
518 |
PEP not supported |
519 |
standard processing |
520 |
501 not implemented |
521 |
standard processing |
522 |
501 not implemented |
523 |
Extension not supported |
524 |
standard processing |
525 |
420 |
526 |
standard processing |
527 |
420 |
528 |
Extension supported |
529 |
extended processing |
530 |
extended processing |
531 |
extended processing |
532 |
extended processing |
533 |
|
534 |
*1: HTTP/1.0 proxies might not do Connection: processing, so they |
535 |
might pass such extension declarations along. |
536 |
Extension Encodings |
537 |
|
538 |
An extension declaration MAY use the enc to signal that it is an |
539 |
extension encoding, that is, an extension that involves encoding the |
540 |
body of the message. |
541 |
|
542 |
For example: |
543 |
|
544 |
GET /sparse-document HTTP/1.1 |
545 |
Host: a.host |
546 |
Protocol: {http://some.org/special-encoding enc} |
547 |
|
548 |
HTTP/1.1 200 OK |
549 |
Protocol: {http://some.org/special-encoding enc} |
550 |
Content-Type: application/sparse-data |
551 |
|
552 |
... sparse data encoded with special-encoding ... |
553 |
|
554 |
Encodings are applied in the order that they occur in the head of the |
555 |
message. For example: |
556 |
|
557 |
|
558 |
|
559 |
|
560 |
|
561 |
|
562 |
|
563 |
|
564 |
Connolly W3C Working Draft [Page 9] |
565 |
|
566 |
|
567 |
|
568 |
|
569 |
WD-pep PEP $Date: 1997/03/21 20:59:19 $ |
570 |
|
571 |
|
572 |
HTTP/1.1 200 OK |
573 |
Protocol: {http://some.org/inner-encoding enc}, |
574 |
{http://some.org/outer-encoding enc} |
575 |
Content-Type: text/plain |
576 |
|
577 |
... text encoded with inner-encoding, then outer-encoding... |
578 |
|
579 |
While the order of Protocol header fields is guaranteed to be |
580 |
preserved across proxy boundaries, the order of Protocol header |
581 |
fields with respect to Content-Encoding header fields is not ([HTTP] |
582 |
section 4.2 Message Headers); hence the use of Content-Encoding is |
583 |
prohibited in messages with extension encodings. |
584 |
Extension Policy Information |
585 |
|
586 |
Some extensions are used spontaneously by participating agents; for |
587 |
example, a client may be configured to use and extension, or a user |
588 |
interface option may trigger the use of an extension. |
589 |
|
590 |
But in many cases, a server dictates the use of one or more |
591 |
extensions. In this case, it is useful for the server to communicate |
592 |
its policies to clients. |
593 |
|
594 |
The server MAY notify the client that some resources SHOULD be |
595 |
accessed using one or more extensions with the Protocol-Info entity |
596 |
header field. The resources are specified by a relative or absolute |
597 |
URI, with an optional wildcard flag indicating that the notification |
598 |
applies to all URIs containing the specified URI as a prefix. |
599 |
|
600 |
The syntax is: |
601 |
|
602 |
Protocol-Info = "Protocol-Info" ":" 1#policy-decl |
603 |
| "C-Protocol-Info" ":" 1#policy-decl |
604 |
policy-decl = "{" extension-id 1*LWS *policy-info "}" |
605 |
policy-info = policy-str | params | for |
606 |
policy-str = "{" "str" ("req" | "ref" | "opt" ) "}" |
607 |
for = "{" "for" URI [ wildcard ] "}" |
608 |
wildcard = "*" |
609 |
|
610 |
The for syntax specifies the URI (or set of URIs) to which the policy |
611 |
declaration applies. A URI followed by a wildcard represents the set |
612 |
of URIs that contain the given URI as a prefix. The default, in the |
613 |
case that the for syntax does not appear, is the request URI of the |
614 |
transaction. |
615 |
|
616 |
Note that A policy-decl with a for parameter MAY give information |
617 |
about a different resource from the resource described by the other |
618 |
header fields in the same message. Nonetheless, the freshness of the |
619 |
information in the Protocol-Info header field is the same as the rest |
620 |
of the header fields (which see [HTTP] section 13.2, "Expiration |
621 |
Model"). |
622 |
|
623 |
The policy-decl is strictly advisory. The client SHOULD heed the |
624 |
|
625 |
|
626 |
|
627 |
Connolly W3C Working Draft [Page 10] |
628 |
|
629 |
|
630 |
|
631 |
|
632 |
WD-pep PEP $Date: 1997/03/21 20:59:19 $ |
633 |
|
634 |
|
635 |
policy-decl on its next request to the relevant server, unless the |
636 |
delay between receiving the policy-decl and that next request far |
637 |
exceeds the freshness of the reply containing the Protocol-Info |
638 |
header. |
639 |
|
640 |
The strength of the policy for an extension for the resources MUST be |
641 |
one of req, ref, or opt. |
642 |
|
643 |
req |
644 |
Required. The resource MUST be accessed using the extension; |
645 |
that |
646 |
is, the server expects any attempt to access the resource |
647 |
without using the extension to fail. |
648 |
|
649 |
opt |
650 |
Optional. The resource MAY be accessed using the extension or |
651 |
not using the |
652 |
extension. |
653 |
|
654 |
ref |
655 |
Refused. The resource MUST NOT be accessed using the |
656 |
extension; that |
657 |
is, any attempt to access the resource using the extension is |
658 |
expected to |
659 |
fail. |
660 |
|
661 |
For example, consider the case of an HTML form, where the associated |
662 |
ACTION resource requires a payment extension. In the response that |
663 |
provides the form, the server may notify the client about the ACTION |
664 |
resource: |
665 |
|
666 |
HTTP/1.1 200 OK |
667 |
Content-Type: text/html |
668 |
Protocol-Info: {http://some.org/payment-thingy {for /cgi-bin/buy *} {str req}} |
669 |
|
670 |
<form action="/cgi-bin/buy"> |
671 |
... |
672 |
|
673 |
Hop-by-hop Policies |
674 |
|
675 |
The C-Protocol-Info header field provides hop-by-hop policies; |
676 |
that is, it allows a server to express policy(ies) to an agent at |
677 |
the other end of an HTTP connection, rather than to all parties in |
678 |
an HTTP transaction. Other than scope, its semantics are the same |
679 |
as the Protocol-Info header field; the name is distinct so that |
680 |
the Connection header field can distinguish between hop-by-hop and |
681 |
end-to-end protocol information notifications. |
682 |
|
683 |
For example, consider a server whos policy is to access cache |
684 |
usage statistics from clients that connect to it. In response from |
685 |
a client, it might advertise its policy as follows: |
686 |
|
687 |
|
688 |
|
689 |
|
690 |
Connolly W3C Working Draft [Page 11] |
691 |
|
692 |
|
693 |
|
694 |
|
695 |
WD-pep PEP $Date: 1997/03/21 20:59:19 $ |
696 |
|
697 |
|
698 |
HTTP/1.1 200 OK |
699 |
C-Protocol-Info: {http://some.org/provide-stats {for / * }} |
700 |
Connection: C-Protocol-Info |
701 |
Content-Type: text/plain |
702 |
|
703 |
some content |
704 |
|
705 |
The next time that client makes a request to this server, it may |
706 |
provide statistics as follows: |
707 |
|
708 |
GET /some-resource HTTP/1.1 |
709 |
Host: some.org |
710 |
C-Protocol: {http://some.org/provide-stats {params {hits 10}}} |
711 |
Connection: C-Protocol |
712 |
|
713 |
420: Bad Extensions |
714 |
|
715 |
A server policy MAY require (or refuse) the use of some extensions in |
716 |
some circumstances. If a request fails to fulfill the policy, the |
717 |
server SHOULD respond with a 420 status code (Bad Extensions) and |
718 |
specify the policy using the Protocol-Info header field. |
719 |
|
720 |
Implementors may note the similarity to the way authentication |
721 |
challenges are issued with the 401 (Unauthorized) status code. |
722 |
Considerations for Defining Extensions |
723 |
|
724 |
While the protocol extension definition SHOULD be published at the |
725 |
address of the extension identifier, this is not strictly necessary. |
726 |
The only absolute requirement is that distinct names be used for |
727 |
distinct semantics. |
728 |
|
729 |
For example, one way to achieve this is to use an mid:, cid:, or |
730 |
uuid: URI. The association between the extension identifier and the |
731 |
specification might be made by distributing a specification which |
732 |
references the extension identifier. Care should be taken not to |
733 |
distribute conflicting specifications which reference the same name. |
734 |
|
735 |
Even when the web is used to publish extension specifications, care |
736 |
must be taken that the specification made available at that address |
737 |
does not change significantly over time. One agent may associate the |
738 |
identifier with the old semantics, and another might associate it |
739 |
with the new semantics. |
740 |
Interaction with Caching, Connections, etc. |
741 |
|
742 |
For each aspect of an extension, the interaction with other |
743 |
aspects of HTTP/1.1 SHOULD be fully specified, and the issues of |
744 |
compatibility SHOULD be discussed. For example, any extension |
745 |
headers which are not strictly entity headers require careful |
746 |
consideration. |
747 |
|
748 |
In particular: |
749 |
|
750 |
|
751 |
|
752 |
|
753 |
Connolly W3C Working Draft [Page 12] |
754 |
|
755 |
|
756 |
|
757 |
|
758 |
WD-pep PEP $Date: 1997/03/21 20:59:19 $ |
759 |
|
760 |
|
761 |
Cache-Control, [HTTP] section 14.9 |
762 |
Any interactions with existing and extended cache-control |
763 |
directives MUST |
764 |
be specified |
765 |
|
766 |
[HTTP] 19.7 Compatibility with Previous Versions |
767 |
Interaction with HTTP 1.0 clients and servers SHOULD be |
768 |
clarified. |
769 |
|
770 |
Upgrade (14.41) |
771 |
Extensions which define transitions to new application- |
772 |
layer protocols SHOULD |
773 |
discuss interaction with the Upgrade header, at least to |
774 |
mention that PEP |
775 |
is being used instead of the Upgrade header. |
776 |
|
777 |
Content-Encoding (14.12) |
778 |
Extension encodings SHOULD mention the prohibition against |
779 |
mixing |
780 |
Content-Encoding with extension encodings, among other |
781 |
interactions. |
782 |
|
783 |
Bootstrapping and Dynamic Loading |
784 |
|
785 |
The extension definition MAY be made available in different |
786 |
representations. For example, a software component that |
787 |
implements the specification MAY reside at the same address as a |
788 |
human-readable specification (distinguished by content |
789 |
negotiation). |
790 |
|
791 |
The human-readable representation serves to document the extension |
792 |
and encourage deployment, while the software component to allows |
793 |
clients and servers to be dynamically extended. |
794 |
Security Considerations |
795 |
|
796 |
* |
797 |
The for parameter allows one party to give information |
798 |
about the |
799 |
extensions used by another party's resources. The parties |
800 |
may provide resources |
801 |
on different servers, or at different addresses on the same |
802 |
server. While |
803 |
distinguishing between the parties responsible for |
804 |
different resources at |
805 |
the same server may be infeasible, clients SHOULD ignore |
806 |
information |
807 |
given by one server about another unless they have reason |
808 |
to trust |
809 |
it, or reason to believe that trusting it will have no |
810 |
significant negative |
811 |
consequences. |
812 |
* |
813 |
|
814 |
|
815 |
|
816 |
Connolly W3C Working Draft [Page 13] |
817 |
|
818 |
|
819 |
|
820 |
|
821 |
WD-pep PEP $Date: 1997/03/21 20:59:19 $ |
822 |
|
823 |
|
824 |
Dynamic installation of extension facilities as described |
825 |
in the introduction |
826 |
involves software written by one party (the provider of the |
827 |
implementation) |
828 |
to be executed under the authority of another (the party |
829 |
operating the host |
830 |
software). This opens the host party to a variety of |
831 |
"trojan horse" attacks |
832 |
by the provider, or a malicious third party that forges |
833 |
implementations under |
834 |
a provider's name. See, for example, section 7.4.2 of |
835 |
RFC1521 for a discussion |
836 |
of these risks |
837 |
|
838 |
Future Work |
839 |
|
840 |
The design of some aspects of earlier drafts of this specification |
841 |
are still pending implementation experience. |
842 |
Multi-Transaction Negotiation |
843 |
|
844 |
An earlier draft of PEP included a mechanism for multi-transaction |
845 |
negotiation. Implementation experience showed the need to |
846 |
identify clients across transactions, which the mechanism did not |
847 |
provide. |
848 |
|
849 |
It is possible, within the design specified here, to do multi- |
850 |
transaction negotiation within an extension (for example, by |
851 |
putting information to disambiguate conversation threads in the |
852 |
params). |
853 |
|
854 |
Other possibilities under consideration include the use of state |
855 |
management "cookies" to disambiguate clients, or the use of an |
856 |
analogous PEP-specific mechanism. |
857 |
Appendix: Considerations for the Design of a PEP Software |
858 |
Component Interface |
859 |
|
860 |
This section got blown away in an editing disaster. If requested, the |
861 |
editor will attempt to include it in a future draft. |
862 |
Normative References |
863 |
|
864 |
[URLSYN] |
865 |
T. Berners-Lee, R. Fielding, L. Masinter, Uniform Resource |
866 |
Locators (URL), draft-fielding-url-syntax-03 , MIT/LCS, U.C. |
867 |
Irvine, Xerox Corporation, December 1996, work in progress |
868 |
|
869 |
[HTTP] |
870 |
R. Fielding, J. Gettys, J. C. Mogul, H. Frystyk, T. Berners- |
871 |
Lee, Hypertext Transfer Protocol -- HTTP/1.1. RFC 2068 U.C. |
872 |
Irvine, |
873 |
DEC, DEC, W3C/MIT, W3C/MIT, January 1997 |
874 |
|
875 |
|
876 |
|
877 |
|
878 |
|
879 |
Connolly W3C Working Draft [Page 14] |
880 |
|
881 |
|
882 |
|
883 |
|
884 |
WD-pep PEP $Date: 1997/03/21 20:59:19 $ |
885 |
|
886 |
|
887 |
[BRADNER] |
888 |
@@may/must/should RFC |
889 |
|
890 |
Bibliography: Informative References |
891 |
|
892 |
[CGI] |
893 |
D. Robinson The |
894 |
WWW Common Gateway Interface Version 1.1, work in progress 15 |
895 |
February 1996 |
896 |
|
897 |
[NSAPI] |
898 |
Netscape server |
899 |
API documentation, 1995 |
900 |
|
901 |
[ISAPI] |
902 |
ISAPI documentation, Microsoft Corporation, in ActiveX Alpha |
903 |
SDK, |
904 |
http://www.msn.com/download/sdk/msactivedk.zip, 1996 |
905 |
|
906 |
[Apache] |
907 |
Thau, Robert, Design |
908 |
considerations for the Apache Server API, Fifth International |
909 |
World Wide Web Conference, May 6-10, 1996, Paris, France |
910 |
|
911 |
[OM] |
912 |
OpenMarket |
913 |
server technical overview sometime in 1996. |
914 |
|
915 |
[Spy95] |
916 |
Spyglass |
917 |
Server Application Development Interface Spyglass, Inc. |
918 |
version |
919 |
1.17 1995/09/11 |
920 |
|
921 |
[MAILCAP] |
922 |
N. Borenstein, RFC 1524: A User Agent Configuration Mechanism |
923 |
For Multimedia Mail Format |
924 |
Information, pp. 12, Sep 1993. |
925 |
|
926 |
[STATE] |
927 |
D. Kristol, L. Montulli, 22 Nov 1996. "HTTP State Management |
928 |
Mechanism", RFC |
929 |
xxxx. Proposed Standard Approved by the IESG, not yet assigned |
930 |
an RFC. |
931 |
|
932 |
[Kristol95] |
933 |
David M. Kristol, A Proposed Extension Mechanism for HTTP, Jan |
934 |
1995. D. Kristol, A Proposed Extension |
935 |
Mechanism for HTTP, Internet Draft, January 1995 (Work in |
936 |
Progress, |
937 |
Expired). |
938 |
|
939 |
|
940 |
|
941 |
|
942 |
Connolly W3C Working Draft [Page 15] |
943 |
|
944 |
|
945 |
|
946 |
|
947 |
WD-pep PEP $Date: 1997/03/21 20:59:19 $ |
948 |
|
949 |
|
950 |
[RFC822] |
951 |
D. H. Crocker. Standard for the Format of ARPA Internet Text |
952 |
Messages. STD 11, RFC 822, UDEL, August |
953 |
1982. |
954 |
|
955 |
[UPP] |
956 |
D. Eastlake, "Universal Payment Preamble", Internet |
957 |
Draft CyberCash, March 1996 (Work in Progress). |
958 |
|
959 |
[JEPI] |
960 |
JEPI, "Selecting Payment Mechanisms Over HTTP", Internet |
961 |
Draft, August 1996 (Work in Progress). [Also available as |
962 |
http://www.w3.org/pub/WWW/Payments/JEPI/draft-jepi- |
963 |
uppflow-00.html] |
964 |
|
965 |
[MAILEXT] |
966 |
J. Klensin, N. Freed, M. Rose, E. Stefferud, and D. Crocker. |
967 |
"SMTP Service |
968 |
Extensions." RFC 1869. |
969 |
MCI, Innosoft, Dover Beach Consulting, Network Management |
970 |
Associates, Brandenburg |
971 |
Consulting, November 1995. |
972 |
|
973 |
[PICS] |
974 |
J. Miller. PICS |
975 |
Label Syntax and Communication Protocols (Version 1.1). 31 |
976 |
October |
977 |
1996 |
978 |
|
979 |
[SpyClient] |
980 |
Spyglass |
981 |
Client Software Development Kit |
982 |
|
983 |
[SpyEcom] |
984 |
Electronic |
985 |
Commerce Standards for the WWW |
986 |
|
987 |
[WN] |
988 |
WN server documentation, 1995 |
989 |
|
990 |
[Spinner] |
991 |
Spinner server technical overview, |
992 |
http://spinner.infovav.se/overview.html, |
993 |
1995 |
994 |
|
995 |
|
996 |
|
997 |
|
998 |
|
999 |
|
1000 |
|
1001 |
|
1002 |
|
1003 |
|
1004 |
|
1005 |
Connolly W3C Working Draft [Page 16] |
1006 |
|
1007 |
|
1008 |
|
1009 |
|
1010 |
WD-pep PEP $Date: 1997/03/21 20:59:19 $ |
1011 |
|
1012 |
|
1013 |
Acknowledgements |
1014 |
|
1015 |
This draft of PEP is the product of a substantial amount of |
1016 |
investigation and collaboration. Dave Kristol did some of the first |
1017 |
writing on HTTP extension mechanisms. [Kristol95]. Jim Miller and |
1018 |
Dave Raggett sketched out an initial design, which Rohit Khare wrote |
1019 |
up in a number of drafts. Rohit also coined the term "PEP." |
1020 |
|
1021 |
This draft is a direct reflection of some implementation work: a |
1022 |
client implementation Henrik Frystyk Nielsen et. al. (see the HTPEP |
1023 |
module in libwww) and a server implementation by Eui Suk Chung and |
1024 |
Anit Chakraborty for the JEPI project. |
1025 |
|
1026 |
Tim Berners-Lee contributed significantly to the requirements |
1027 |
section, and Daniel Dardailler provided extensive review comments. |
1028 |
Authors Addresses |
1029 |
|
1030 |
Dan |
1031 |
Connolly |
1032 |
Architecture Domain Lead, W3 Consortium |
1033 |
MIT Laboratory for Computer Science |
1034 |
545 Technology Square |
1035 |
Cambridge, MA 02139, U.S.A. |
1036 |
Tel: +1 (512) 310 2971 Email: connolly@w3.org |
1037 |
|
1038 |
Rohit Khare |
1039 |
Technical Staff, W3 Consortium |
1040 |
MIT Laboratory for Computer Science |
1041 |
545 Technology Square |
1042 |
Cambridge, MA 02139, U.S.A. |
1043 |
Tel: +1 (617) 253 5884 |
1044 |
Fax: +1 (617) 258 5999 Email: khare@w3.org |
1045 |
|
1046 |
Henrik Frystyk |
1047 |
Nielsen |
1048 |
Technical Staff, W3 Consortium |
1049 |
MIT Laboratory for Computer Science |
1050 |
545 Technology Square |
1051 |
Cambridge, MA 02139, U.S.A. |
1052 |
Tel: +1 (617) 253 8143 |
1053 |
Fax: +1 (617) 258 5999 Email: frystyk@w3.org |
1054 |
|
1055 |
|
1056 |
|
1057 |
|
1058 |
|
1059 |
|
1060 |
|
1061 |
|
1062 |
|
1063 |
|
1064 |
|
1065 |
|
1066 |
|
1067 |
|
1068 |
Connolly W3C Working Draft [Page 17] |
1069 |
|