1 |
|
2 |
|
3 |
|
4 |
HTTP Working Group H. Frystyk |
5 |
Internet Draft W3C |
6 |
April 1997 |
7 |
PEP - an Extension Mechanism for HTTP |
8 |
|
9 |
1. Status of this Document |
10 |
|
11 |
This document is an Internet-Draft. Internet-Drafts are working |
12 |
documents of the Internet Engineering Task Force (IETF), its areas, |
13 |
and its working groups. Note that other groups may also distribute |
14 |
working documents as Internet-Drafts. |
15 |
|
16 |
Internet-Drafts are draft documents valid for a maximum of six months |
17 |
and may be updated, replaced, or obsoleted by other documents at any |
18 |
time. It is inappropriate to use Internet-Drafts as reference |
19 |
material or to cite them other than as "work in progress". |
20 |
|
21 |
To learn the current status of any Internet-Draft, please check the |
22 |
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow |
23 |
Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), |
24 |
munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or |
25 |
ftp.isi.edu (US West Coast). |
26 |
|
27 |
This document is also available as a W3C Working Draft. The most |
28 |
recent release is available at http://www.w3.org/pub/WWW/TR/WD-http- |
29 |
pep. |
30 |
|
31 |
Distribution of this document is unlimited. Please send comments to |
32 |
the HTTP working group at http-wg@cuckoo.hpl.hp.com. Discussions of |
33 |
the working group are archived at |
34 |
http://www.ics.uci.edu/pub/ietf/http/. The editor maintains |
35 |
background information about PEP at |
36 |
http://www.w3.org/pub/WWW/Protocols/PEP/ |
37 |
|
38 |
The contribution of World Wide Web Consortium staff time to the HTTP |
39 |
working group is part of the W3C HTTP Activity. |
40 |
|
41 |
|
42 |
|
43 |
|
44 |
|
45 |
|
46 |
|
47 |
|
48 |
|
49 |
|
50 |
|
51 |
|
52 |
|
53 |
|
54 |
|
55 |
Frystyk W3C Working Draft [Page 1] |
56 |
|
57 |
|
58 |
|
59 |
|
60 |
|
61 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
62 |
|
63 |
|
64 |
2. Abstract |
65 |
|
66 |
HTTP is used increasingly in applications that need more facilities |
67 |
than the standard version of the protocol provides, from distributed |
68 |
authoring, collaboration and printing, to various remote procedure |
69 |
call mechanisms. |
70 |
|
71 |
The Protocol Extension Protocol (PEP) is an extension mechanism |
72 |
designed to address the tension between private agreement and public |
73 |
specification and to accommodate extension of HTTP clients and |
74 |
servers by software components. The PEP mechanism is to associate |
75 |
each extension with a URI, and use a few new header fields to carry |
76 |
the extension identifier and related information from HTTP clients, |
77 |
through proxies and intermediaries, to servers, and back again. The |
78 |
kind of extensions capable of being introduced by PEP are envisioned |
79 |
as ranging from: |
80 |
|
81 |
* a simple qualification of a normal HTTP transaction; |
82 |
* changes to HTTP semantics; |
83 |
* new HTTP syntax, encoding or marshaling; |
84 |
* initiation of HTTP-based protocols for new applications; to... |
85 |
* protocols, which once initiated by a PEP transaction, run |
86 |
completely independently of HTTP. |
87 |
|
88 |
PEP interacts with specific features of HTTP/1.1 [RFC2068] including |
89 |
scoping rules and cache semantics. PEP is intended to be compatible |
90 |
with HTTP/1.0 [RFC1945] inasmuch as HTTP/1.1 is compatible with |
91 |
HTTP/1.0, see [RFC2068], Section 19.7. It is proposed that the PEP |
92 |
extension mechanism is included in future versions of HTTP. |
93 |
|
94 |
3. Contents |
95 |
|
96 |
1. Status of this Document ........................................ 1 |
97 |
2. Abstract ....................................................... 2 |
98 |
3. Contents ....................................................... 2 |
99 |
4. Introduction ................................................... 3 |
100 |
4.1. Purpose ................................................... 4 |
101 |
4.2. Operational Overview ...................................... 4 |
102 |
5. Notational Conventions ......................................... 6 |
103 |
5.1. Bag Syntax ................................................ 6 |
104 |
6. Extension Declarations ......................................... 6 |
105 |
6.1. Header Field Mappings ..................................... 7 |
106 |
6.2. Unmapping Header Fields ................................... 8 |
107 |
6.3. Extra Parameters ......................................... 9 |
108 |
6.4. Strength .................................................. 9 |
109 |
6.5. End-to-End Extensions .................................... 10 |
110 |
6.6. Hop-by-Hop Extensions .................................... 10 |
111 |
7. Binding HTTP Requests ......................................... 11 |
112 |
8. Extension Policy Information .................................. 12 |
113 |
8.1. End to End Policies ...................................... 13 |
114 |
8.2. Hop by Hop Policies ...................................... 13 |
115 |
9. Status Codes .................................................. 14 |
116 |
|
117 |
|
118 |
Frystyk W3C Working Draft [Page 2] |
119 |
|
120 |
|
121 |
|
122 |
|
123 |
|
124 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
125 |
|
126 |
|
127 |
9.1. 420 Bad Extensions ....................................... 14 |
128 |
9.2. 421 Bad Mapping .......................................... 14 |
129 |
10. Proxy Servers as End to End Recipients ....................... 15 |
130 |
10.1. Proxy Servers Acting on Behalf of User Agents ........... 15 |
131 |
10.2. Proxy Servers Acting on Behalf of Origin Servers ........ 15 |
132 |
11. Practical Considerations ..................................... 16 |
133 |
11.1. Publishing an Extension ................................. 16 |
134 |
11.2. Interaction with Existing HTTP/1.1 Headers .............. 16 |
135 |
11.3. Identifying the Source of a Mapping ..................... 18 |
136 |
12. Security Considerations ...................................... 18 |
137 |
13. Normative References ......................................... 19 |
138 |
14. Bibliography: Informative References ......................... 20 |
139 |
15. Acknowledgements ............................................. 21 |
140 |
16. Authors Addresses ............................................ 22 |
141 |
17. Summary of Protocol Interactions ............................. 22 |
142 |
18. Open Issues .................................................. 23 |
143 |
|
144 |
4. Introduction |
145 |
|
146 |
HTTP is a generic request-response protocol, designed to accommodate |
147 |
a variety of applications, from network information retrieval and |
148 |
searching to file transfer and repository access to query and forms |
149 |
processing. |
150 |
|
151 |
The agents in an HTTP transaction are a client and a server, which |
152 |
send HTTP messages to each other, with intermediaries between them in |
153 |
some cases. However, semantically, an HTTP transaction is between a |
154 |
client party (for example, the referent of the From: header field) |
155 |
and a principal responsible for the publication of a given resource. |
156 |
|
157 |
The publishing party is the one responsible for the service provided |
158 |
at any particular URI, for example, the mapping between the URI and |
159 |
any representation of the resource to which it refers. Exactly who |
160 |
takes this role is beyond the scope of this document, but for |
161 |
example, it may be the writer of a document, the server |
162 |
administrator, the organization running the server, or a combination |
163 |
of these. |
164 |
|
165 |
HTTP is used increasingly in applications that need more facilities |
166 |
than the standard version of the protocol provides, from distributed |
167 |
authoring, collaboration and printing, to various remote procedure |
168 |
call mechanisms. Many of these applications do not require agreement |
169 |
across the whole Internet about the extended facilities; rather, it |
170 |
suffices: |
171 |
|
172 |
* That conforming HTTP peers supporting a particular protocol |
173 |
extension or feature should be able to employ this in real time |
174 |
with no prior agreement; |
175 |
* That the extended HTTP protocol to the extend possible should |
176 |
be able to work through HTTP proxies - especially caching |
177 |
proxies; |
178 |
* That it should be possible for one party having a capability |
179 |
|
180 |
|
181 |
Frystyk W3C Working Draft [Page 3] |
182 |
|
183 |
|
184 |
|
185 |
|
186 |
|
187 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
188 |
|
189 |
|
190 |
for a new protocol to require that the other party either |
191 |
understand and abide by the new protocol or abort the |
192 |
operation; |
193 |
* That negotiation of matching capabilities should be possible. |
194 |
|
195 |
The need for extensibility creates a tension between dynamically |
196 |
extensible applications and public, static specification. |
197 |
|
198 |
4.1. Purpose |
199 |
|
200 |
The Protocol Extension Protocol (PEP) is an extension mechanism |
201 |
for HTTP/1.1 designed to accommodate dynamic extensions of HTTP |
202 |
clients and servers by software components and to address the |
203 |
tension between private agreement and public specification. The |
204 |
kind of extension s capable of being introduced by PEP are |
205 |
envisioned as ranging from: |
206 |
|
207 |
* a simple qualification of a normal HTTP transaction; |
208 |
* changes to HTTP semantics; |
209 |
* new HTTP syntax, encoding or marshaling; |
210 |
* initiation of HTTP-based protocols for new applications; |
211 |
to... |
212 |
* protocols, which once initiated by a PEP transaction, run |
213 |
completely independently of HTTP. |
214 |
|
215 |
This document defines the HTTP extension mechanism referred to as |
216 |
"PEP". The PEP design is the result of analyzing a variety of |
217 |
HTTP extensions and extension mechanisms, and the motivation |
218 |
behind them. |
219 |
|
220 |
PEP interacts with specific parts of HTTP/1.1 including scoping |
221 |
rules and cache semantics and is intended to be compatible with |
222 |
HTTP/1.0 inasmuch as HTTP/1.1 is compatible with HTTP/1.0 (see |
223 |
section "Considerations for Defining Extensions"). It is proposed |
224 |
that the PEP extension mechanism is included in future versions of |
225 |
HTTP. |
226 |
|
227 |
4.2. Operational Overview |
228 |
|
229 |
PEP allows applications to employ extensions dynamically by |
230 |
providing a mechanism for mapping the global definition of an |
231 |
extension to its local representation in a particular transaction. |
232 |
The local representation does not have to be globally unique and |
233 |
can be defined on the fly by the parties involved. |
234 |
|
235 |
The mapping is furthermore assigned a strength and a scope |
236 |
describing the requirements for interacting with the extension. |
237 |
This allows an application to require that another party either |
238 |
obeys the rules given by the extension or aborts the transaction. |
239 |
|
240 |
PEP is intended to be used as follows: |
241 |
|
242 |
|
243 |
|
244 |
Frystyk W3C Working Draft [Page 4] |
245 |
|
246 |
|
247 |
|
248 |
|
249 |
|
250 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
251 |
|
252 |
|
253 |
* Some party designs and specifies an extension to HTTP; the |
254 |
party assigns the extension an identifier, which is a URI, |
255 |
and makes one or more representations of the extension |
256 |
available at that address. |
257 |
* An HTTP/1.1 and PEP compliant application knows about that |
258 |
extension and wishes to use it in one or more transactions. |
259 |
The application can either have an a priori knowledge about |
260 |
the extension or may learn about it as a result of |
261 |
interacting with other PEP enabled applications. |
262 |
* The application declares the use of the extension by |
263 |
referencing its URI in PEP extended HTTP requests and |
264 |
responses. |
265 |
|
266 |
If the extension becomes ubiquitous, a new version of the HTTP |
267 |
specification can include the extension, and messages can declare |
268 |
use of the new HTTP version instead of the extension. |
269 |
|
270 |
The PEP mechanism is designed to accommodate dynamic extension of |
271 |
clients, servers, and proxies by software components as follows: |
272 |
|
273 |
* Clients and servers are implemented with software component |
274 |
interfaces that allow dynamic installation of extension |
275 |
facilities. |
276 |
* An extension is assigned a URI; in addition to a human- |
277 |
readable specification of an extension, a machine-readable |
278 |
implementation or description of the extension is published |
279 |
at that address. |
280 |
* If a message that refers to an extension is received by a |
281 |
party that has no awareness of the extension, the receiver |
282 |
can dereference the extension's identifier and dynamically |
283 |
load support for the extended facility. |
284 |
|
285 |
The advantage of the self-describing data model used by PEP is |
286 |
that at the cost of some extra bytes to spell out the URI in full, |
287 |
the use of a central registry of extension names is avoided. PEP |
288 |
can also be used to extend applications to support centrally |
289 |
registered extensions as long as a URI is published as part of the |
290 |
registration. The representation and implementation of dynamic |
291 |
extensible software component interfaces is outside the scope of |
292 |
this specification (see section "Publishing an Extension (Section |
293 |
11.1)"). |
294 |
|
295 |
|
296 |
|
297 |
|
298 |
|
299 |
|
300 |
|
301 |
|
302 |
|
303 |
|
304 |
|
305 |
|
306 |
|
307 |
Frystyk W3C Working Draft [Page 5] |
308 |
|
309 |
|
310 |
|
311 |
|
312 |
|
313 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
314 |
|
315 |
|
316 |
5. Notational Conventions |
317 |
|
318 |
This specification uses the same notational conventions and basic |
319 |
parsing constructs as RFC 2068 [RFC2068]. In particular the BFN |
320 |
constructs "token", "quoted-string", "URI", and "delta-seconds" in |
321 |
this document are to be interpreted as described in RFC 2068 |
322 |
[RFC2068]. |
323 |
|
324 |
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", |
325 |
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this |
326 |
document are to be interpreted as described in RFC 2119 [RFC2119]. |
327 |
|
328 |
PEP does not rely on particular features defined in URLs that cannot |
329 |
potentially be expressed using URNs, see section "Publishing an |
330 |
Extension (Section 11.1)". Therefore, the more generic term "URI" is |
331 |
used throughout this specification. |
332 |
|
333 |
5.1. Bag Syntax |
334 |
|
335 |
The bag syntax uses braces to delimit an attribute-value bag, |
336 |
which may consist of a set, list, or recursively defined tokens |
337 |
and quoted strings. The bag semantics are defined by its context |
338 |
and the bag name, which may be a URI in some fields. The BNF for |
339 |
the bag syntax is as follows: |
340 |
|
341 |
bag = "{" bagname *bagitem "}" |
342 |
bagname = token |
343 |
bagitem = bag | |
344 |
token | |
345 |
quoted-string | |
346 |
<"> URI <"> |
347 |
|
348 |
Unless explicitly stated otherwise, all tokens within a bag are |
349 |
case-insensitive. Comments as defined by RFC 822 [RFC822] |
350 |
indicated by surrounding the comment text with parentheses MUST |
351 |
NOT be used within a bag construct. |
352 |
|
353 |
6. Extension Declarations |
354 |
|
355 |
Clients and proxies can initiate a new instance or terminate an |
356 |
existing instance of an extension by issuing an extension declaration |
357 |
as part of a request. The declaration can be intended for one or more |
358 |
other agents depending on the scope of the declaration, see section |
359 |
"End-to-End Extensions (Section 6.5)" and "Hop-by-Hop Extensions |
360 |
(Section 6.6)", and either may or must be accepted depending on the |
361 |
strength, see section "Strength (Section 6.4)". The grammar for an |
362 |
extension declaration is as follows: |
363 |
|
364 |
|
365 |
|
366 |
|
367 |
|
368 |
|
369 |
|
370 |
Frystyk W3C Working Draft [Page 6] |
371 |
|
372 |
|
373 |
|
374 |
|
375 |
|
376 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
377 |
|
378 |
|
379 |
ext-decl = "{" required-decl *optional-decl "}" |
380 |
|
381 |
required-decl = ( map [ strength ] ) | unmap |
382 |
optional-decl = parameters | attribute-ext |
383 |
|
384 |
map = "{" "map" <"> absoluteURI <"> |
385 |
1#(header-wildcard) "}" |
386 |
unmap = "{" "unmap" 1#(header-wildcard) "}" |
387 |
strength = "{" "strength" ( "must" | "may" "}" |
388 |
|
389 |
parameters = "{" "params" *bagitem "}" |
390 |
attribute-ext = bag |
391 |
|
392 |
header-wildcard = field-name [ wildcard ] |
393 |
wildcard = "*" |
394 |
|
395 |
In many ways, an extension declaration is equivalent to calling |
396 |
either the constructor or destructor of the class representing the |
397 |
extension. The map attribute is equivalent to the constructor and the |
398 |
unmap attribute is equivalent to the destructor. Additional |
399 |
information can be passed using either of the following three |
400 |
mechanisms: |
401 |
|
402 |
* Construction and destruction parameters for an extension |
403 |
instance can be passed using the parameters attribute, see |
404 |
section "Extra Parameters" (Section 6.3); |
405 |
* Extension instance data can be passed using the header fields |
406 |
(header-wildcard) mapped by the map attribute, see section |
407 |
"Header Field Mappings" (Section 6.1); |
408 |
* Extensions to the PEP engine itself can be passed using the |
409 |
attribute-ext attribute. |
410 |
|
411 |
Unrecognized extension declaration attributes (attribute-ext) MUST be |
412 |
ignored; it is assumed that any unrecognized attributes will be |
413 |
combined with standard attributes such that the application behavior |
414 |
will remain minimally correct even if it does not understand the |
415 |
extension attribute(s). If neither a map nor an unmap attribute is |
416 |
present in an extension declaration, the server SHOULD respond with |
417 |
400 (Bad Request). |
418 |
|
419 |
6.1. Header Field Mappings |
420 |
|
421 |
The map attribute can be used to declare a new instance of an |
422 |
extension. The map attribute defines a mapping between a resource |
423 |
describing the syntax and semantics of the extension and a set of |
424 |
header fields representing this instance of the extension. The |
425 |
resource is identified by a URI which MAY be resolved dynamically |
426 |
by either of the parties using the extension, see section |
427 |
"Bootstrapping and Dynamic Loading". |
428 |
|
429 |
A header-wildcard can either be a single header field or a header |
430 |
field prefix. A header field prefix is indicated using a |
431 |
|
432 |
|
433 |
Frystyk W3C Working Draft [Page 7] |
434 |
|
435 |
|
436 |
|
437 |
|
438 |
|
439 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
440 |
|
441 |
|
442 |
terminating wildcard and can be used to describe that all header |
443 |
fields with this prefix are part of this instance of the |
444 |
extension. Linear white space (LWS) MUST NOT be used between the |
445 |
field-name and the wildcard (if any) and all header-wildcard |
446 |
values are case-insensitive. |
447 |
|
448 |
Clients SHOULD NOT overload well-known or widely deployed header |
449 |
fields with new semantics unless the new semantics are a superset |
450 |
of the existing semantics so that the header fields still can be |
451 |
interpreted according to the old semantics. Clients MUST not reuse |
452 |
already mapped header fields in new extension declarations. If the |
453 |
server finds that a header field is already mapped by another |
454 |
extension instance initiated by the same client, it MUST respond |
455 |
with a 421 (Bad Mapping) status code. |
456 |
|
457 |
Proxies initiating new extension instances MUST make sure that the |
458 |
header fields introduced by the map attribute does not conflict |
459 |
with header fields already mapped by user-agents or previous |
460 |
proxies taking part in a proxy chain. |
461 |
|
462 |
6.2. Unmapping Header Fields |
463 |
|
464 |
When a mapping has been declared, the mapped header fields can be |
465 |
used to convey information according to the syntax and semantics |
466 |
of the extension described by the URI. A mapping can be valid for |
467 |
zero, one, or more transactions depending on the extension and the |
468 |
agreement between the involved parties. Specifically, a mapping |
469 |
is valid until one of the following events occur: |
470 |
|
471 |
* The header fields are unmapped by the client issuing a |
472 |
request containing an extension declaration with the unmap |
473 |
attribute, or |
474 |
* the header fields are unmapped by the server issuing a 421 |
475 |
(Bad Mapping) response. |
476 |
|
477 |
This rule allows PEP aware applications to maintain long-lived |
478 |
mappings without relying on global, persistent state, see section |
479 |
"PEP - an Extension Mechanism for HTTP (Section 11.3)". At the |
480 |
cost of one additional transaction, PEP aware applications can |
481 |
always jump to a single well-known state describing which |
482 |
extension instances are currently mapped, see section "Binding |
483 |
Requests" for how this rule interacts with existing HTTP |
484 |
applications. |
485 |
|
486 |
The unmap attribute can be used to indicate that the mapping |
487 |
between a URI and one or more header-wildcards has terminated and |
488 |
the semantics described by the URI no longer are valid for these |
489 |
header fields. Unmapped header fields SHOULD be treated as unknown |
490 |
headers and ignored by the recipient and forwarded by proxies. |
491 |
Applications MAY reuse unmapped header fields in future mappings |
492 |
if they have been redeclared using the map attribute. |
493 |
|
494 |
|
495 |
|
496 |
Frystyk W3C Working Draft [Page 8] |
497 |
|
498 |
|
499 |
|
500 |
|
501 |
|
502 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
503 |
|
504 |
|
505 |
There does not have to be a 1:1 relationship between a set of |
506 |
header fields used by the map attribute and the set used by the |
507 |
unmap attribute. This allows the unmap attribute to unmap subparts |
508 |
of an extension instance or potentially multiple extension |
509 |
instances. A client SHOULD only attempt to unmap header fields |
510 |
that it has initiated itself. Unmapping extension instances |
511 |
initiated by others may cause an extra transaction to happen in |
512 |
order to reach a shared state. |
513 |
|
514 |
A server MUST always accept a client's request for unmapping a set |
515 |
of header fields. If a client in a request unmaps header fields in |
516 |
use by extensions required for accessing that resource, the server |
517 |
MUST respond with 420 (Bad Extensions). |
518 |
|
519 |
6.3. Extra Parameters |
520 |
|
521 |
The parameters attribute can be used to pass additional parameters |
522 |
to the construction or destruction of the extension instance. The |
523 |
params values may or may not be case-sensitive, depending on the |
524 |
semantics of the parameter name. No default parameters are |
525 |
defined. |
526 |
|
527 |
Note: Server implementations should pass any extra parameters to |
528 |
the module or modules handling a particular extension as this may |
529 |
have significant impact on the success of the transaction. |
530 |
|
531 |
6.4. Strength |
532 |
|
533 |
The strength attribute can be used to specify how the ultimate |
534 |
recipient MUST handle the extension instance declared using the |
535 |
map attribute. The strength indicates whether this instance is |
536 |
required (must) or optional (may) for the transaction to succeed. |
537 |
If the strength is "must", the ultimate recipient of the extension |
538 |
declaration MUST consult and adhere to the relevant extension |
539 |
specification(s) before executing the transaction or respond with |
540 |
420 (Bad Extensions), see section "Binding Requests" for how to |
541 |
interact with existing HTTP applications. |
542 |
|
543 |
Not accepting an extension instance is different from not |
544 |
accepting a mapping proposed by the map attribute. If the server |
545 |
cannot accept a mapping, for example if a header field is already |
546 |
mapped by another extension instance, it MUST respond with a 421 |
547 |
(Bad Mapping) status code, see section "421 Bad Mapping (Section |
548 |
9.2)". |
549 |
|
550 |
If the strength is "may" the ultimate recipient of the extension |
551 |
MAY consult and adhere to the relevant extension specification(s) |
552 |
before executing the transaction or ignore the extension |
553 |
completely. If no strength attribute is present, the default |
554 |
strength is "may". A client cannot distinguish whether a server |
555 |
does not understand an extension or does not want to initiate an |
556 |
extension instance of strength "may". |
557 |
|
558 |
|
559 |
Frystyk W3C Working Draft [Page 9] |
560 |
|
561 |
|
562 |
|
563 |
|
564 |
|
565 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
566 |
|
567 |
|
568 |
6.5. End-to-End Extensions |
569 |
|
570 |
For the purpose of defining the behavior of caches and non-caching |
571 |
proxies, PEP extensions are divided into two categories: End-to- |
572 |
end extensions and hop-by-hop extensions. The PEP header is an |
573 |
end-to-end request-header and is defined as follows: |
574 |
|
575 |
pep = "PEP" ":" 1#ext-decl |
576 |
|
577 |
For example |
578 |
|
579 |
GET / HTTP/1.1 |
580 |
Host: some.host |
581 |
PEP: {{map "http://www.w3.org/ext/end-to-end" Ext-1} |
582 |
{params x y z}} |
583 |
|
584 |
End-to-end extensions MUST be transmitted to the ultimate |
585 |
recipient of a request, see section "Proxy Servers as End to End |
586 |
Recipients". |
587 |
|
588 |
If multiple end-to-end extensions have been declared for a |
589 |
transaction, the extensions MUST be listed in the order in which |
590 |
they were applied. |
591 |
|
592 |
6.6. Hop-by-Hop Extensions |
593 |
|
594 |
Hop-by-hop extensions are meaningful only for a single transport- |
595 |
level connection. The C-PEP header allows the sender to specify |
596 |
hop-by-hop extensions and MUST NOT be communicated by proxies over |
597 |
further connections. The C-PEP header has the following grammar: |
598 |
|
599 |
c-pep = "C-PEP" ":" 1#ext-decl |
600 |
|
601 |
The C-PEP header uses the Connection header so that existing |
602 |
HTTP/1.1 applications can filter the information out |
603 |
appropriately. For example |
604 |
|
605 |
GET / HTTP/1.1 |
606 |
Host: some.host |
607 |
Ext-1: bar |
608 |
C-PEP: {{map "http://www.w3.org/ext/my-extension" Ext-1} |
609 |
{params x y z}} |
610 |
Connection: C-PEP, Ext-1 |
611 |
|
612 |
If multiple hop-by-hop extensions been declared for a transaction, |
613 |
the extensions MUST be listed in the order in which they were |
614 |
applied. C-PEP extensions MUST be executed before any end-to-end |
615 |
extensions. |
616 |
|
617 |
The C-PEP header MUST always be protected by a Connection header |
618 |
in a request by including C-PEP as a Connection header directive. |
619 |
The directive MUST be handled according to the HTTP/1.1 |
620 |
|
621 |
|
622 |
Frystyk W3C Working Draft [Page 10] |
623 |
|
624 |
|
625 |
|
626 |
|
627 |
|
628 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
629 |
|
630 |
|
631 |
specification of the Connection header. |
632 |
|
633 |
A client MUST NOT send the C-PEP header field to an HTTP/1.0 proxy |
634 |
as it does not obey the rules of HTTP/1.1 for parsing the |
635 |
Connection header field, see also [RFC2068], section 19.7.1. |
636 |
|
637 |
7. Binding HTTP Requests |
638 |
|
639 |
If any extension in an HTTP request is of strength "must", the |
640 |
transaction MUST NOT succeed without consulting and adhering to the |
641 |
relevant extension specification(s). We call such a request for |
642 |
"binding". In [RFC2068], Section 7.1 it is stated that "Unrecognized |
643 |
header fields SHOULD be ignored by the recipient and forwarded by |
644 |
proxies." Hence, using a PEP or a C-PEP extension declaration is not |
645 |
sufficient to evoke the correct behavior from existing HTTP agents. |
646 |
|
647 |
However, in [RFC2068], Section 5.1.1, Method, it is indicated that |
648 |
"Servers SHOULD return the status code 405 (Method Not Allowed) if |
649 |
the method is known by the server but not allowed for the requested |
650 |
resource, and 501 (Not Implemented) if the method is unrecognized or |
651 |
not implemented by the server." A similar statement is made in |
652 |
[RFC1945], Section 9.5. Therefore, PEP uses the request method to |
653 |
provide a binding mechanism for handling a binding HTTP request. |
654 |
|
655 |
The method name of all HTTP requests containing a PEP extension of |
656 |
strength "must" MUST be prefixed by "PEP-". The "PEP-" prefix is |
657 |
reserved by PEP and MUST NOT be used by other HTTP extensions. PEP- |
658 |
aware applications MUST prior to processing a binding HTTP request |
659 |
remove the "PEP-" prefix from the method name leaving the rest of the |
660 |
HTTP request as is. |
661 |
|
662 |
For example, a client might express the binding rights-management |
663 |
constraints in an HTTP request as follows: |
664 |
|
665 |
PEP-PUT /a-resource HTTP/1.1 |
666 |
PEP: {{map "http://some.org/rights-management" my-rights-*} |
667 |
{strength must} |
668 |
{params {copyright-remains-with-client} |
669 |
{nonexclusive-right-to-redistribute}} |
670 |
Host: some.host |
671 |
Content-Length: 1203 |
672 |
Content-Type: text/html |
673 |
|
674 |
<!doctype html ... |
675 |
|
676 |
|
677 |
|
678 |
|
679 |
|
680 |
|
681 |
|
682 |
|
683 |
|
684 |
|
685 |
Frystyk W3C Working Draft [Page 11] |
686 |
|
687 |
|
688 |
|
689 |
|
690 |
|
691 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
692 |
|
693 |
|
694 |
8. Extension Policy Information |
695 |
|
696 |
Servers can announce the policy for zero, one or more resources by |
697 |
issuing a policy declaration. A policy declaration is a piece of |
698 |
metainformation expressing which extensions SHOULD be deployed when |
699 |
accessing zero, one, or more resources. Extension policy information |
700 |
differs from extension declarations in that the former is |
701 |
metainformation about a set of resources whereas the latter is |
702 |
transaction information for a particular transaction. There is no |
703 |
guarantee that the policy information provided is neither adequate |
704 |
nor sufficient for accessing the resource(s). A policy declaration is |
705 |
defined as follows: |
706 |
|
707 |
policy-decl = "{" required-policy *optional-policy "}" |
708 |
|
709 |
required-policy = id |
710 |
optional-policy = for | strength | max-age | |
711 |
parameters | attribute-ext |
712 |
|
713 |
id = "{" "id" <"> absoluteURI <"> "}" |
714 |
|
715 |
for = "{" "for" #URI-wildcard "}" |
716 |
max-age = "{" "max-age" delta-seconds "}" |
717 |
|
718 |
URI-wildcard = <"> URI <"> [ wildcard ] |
719 |
|
720 |
The id attribute specifies the URI identifying the extension. The |
721 |
URI MAY be resolved dynamically by either of the parties using the |
722 |
extension (see section "Bootstrapping and Dynamic Loading"). The id |
723 |
attribute differs from the map attribute in that no header fields are |
724 |
associated with the URI. If no id attribute is present in an |
725 |
extension policy, the client SHOULD ignore it. |
726 |
|
727 |
The for attribute specifies the URI (or set of URIs) to which the |
728 |
policy declaration applies. A URI followed by a wildcard represents |
729 |
the set of URIs that contains the given URI as a prefix. A linear |
730 |
white space (LWS) MUST be used between the URI and the wildcard (if |
731 |
any). In case a for attribute does not appear, the default value is |
732 |
the Request-URI of the transaction. An empty for value indicates that |
733 |
the extension is not used by any resource. Policy declarations are |
734 |
unordered and can contain information about any number of resources. |
735 |
|
736 |
Servers MAY specify an explicit expiration time for a policy |
737 |
declaration using the max-age attribute. The max-age attribute |
738 |
indicates that the information SHOULD no longer be used if the age is |
739 |
greater than the specified time in seconds, see HTTP/1.1, Section |
740 |
13.2.3 for how to calculate the age. An expiration time cannot be |
741 |
used to force a client to discard the information or reload a |
742 |
resource; its semantics apply only to caching of policy information. |
743 |
|
744 |
If the URI is a relative URI, the URI is interpreted relative to any |
745 |
Content-Base URI provided in the response. If no Content-Base is |
746 |
|
747 |
|
748 |
Frystyk W3C Working Draft [Page 12] |
749 |
|
750 |
|
751 |
|
752 |
|
753 |
|
754 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
755 |
|
756 |
|
757 |
provided, the relative URI is interpreted relative to the Request- |
758 |
URI. Examples of URI-wildcards are |
759 |
|
760 |
{for "http://www.w3.org" *} |
761 |
{for "http://www.w3.org/pub/" *} |
762 |
{for "secret/Overview.html"} |
763 |
|
764 |
Unrecognized extension policy attributes MUST be ignored; it is |
765 |
assumed that any unrecognized attributes will be combined with |
766 |
standard attributes such that the application behavior will remain |
767 |
minimally correct even if it does not understand the attribute(s). |
768 |
|
769 |
8.1. End to End Policies |
770 |
|
771 |
As for extension declarations, extension policies are divided into |
772 |
two categories: End-to-end policies and hop-by-hop policies. The |
773 |
PEP-Info header expresses the end-to-end policies and is defined |
774 |
as follows: |
775 |
|
776 |
pep-info = "PEP-Info" ":" 1#policy-decl |
777 |
|
778 |
For example |
779 |
|
780 |
HTTP/1.1 200 OK |
781 |
Content-Type: text/html |
782 |
Content-Length: 250 |
783 |
PEP-Info: {{id "http://some.org/payment-extension"} |
784 |
{for "/cgi-bin/buy" *} |
785 |
{strength must}} |
786 |
|
787 |
<form action="/cgi-bin/buy"> |
788 |
... |
789 |
|
790 |
End-to-end policies MUST be transmitted to the ultimate recipient |
791 |
of a response, see section "Proxy Servers as End to End |
792 |
Recipients". |
793 |
|
794 |
8.2. Hop by Hop Policies |
795 |
|
796 |
Hop-by-hop policies are meaningful only for a single transport- |
797 |
level connection. The C-PEP-Info header allows the sender to |
798 |
specify hop-by-hop policies and MUST NOT be communicated by |
799 |
proxies over further connections. The C-PEP-Info header has the |
800 |
following grammar: |
801 |
|
802 |
c-pep-info = "C-PEP-Info" ":" 1#policy-decl |
803 |
|
804 |
For example |
805 |
|
806 |
|
807 |
|
808 |
|
809 |
|
810 |
|
811 |
Frystyk W3C Working Draft [Page 13] |
812 |
|
813 |
|
814 |
|
815 |
|
816 |
|
817 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
818 |
|
819 |
|
820 |
HTTP/1.1 420 Bad Extensions |
821 |
C-PEP-Info: {{id "http://some.org/provide-stats"} |
822 |
{for "/" *}} |
823 |
Connection: C-PEP-Info |
824 |
... |
825 |
|
826 |
The C-PEP-Info header MUST always be protected by a Connection |
827 |
header in a response by including C-PEP-Info as a Connection |
828 |
header directive. The directive MUST be handled according to the |
829 |
HTTP/1.1 specification of the Connection header. |
830 |
|
831 |
A server MUST NOT send the C-PEP-Info header field to an HTTP/1.0 |
832 |
proxy as it does not obey the rules of HTTP/1.1 for parsing the |
833 |
Connection header field, see also [RFC2068], section 19.7.1. |
834 |
|
835 |
9. Status Codes |
836 |
|
837 |
PEP adds two new status codes to be added to the set already defined |
838 |
by HTTP/1.1 [RFC2068]. Each Status-Code is described below, including |
839 |
a description the metainformation required in the response. |
840 |
|
841 |
9.1. 420 Bad Extensions |
842 |
|
843 |
The policy for accessing the resource has not been met in the |
844 |
request. The response MUST include a PEP-Info header field |
845 |
specifying the extensions required by the publishing party for |
846 |
accessing the resource. The server MAY also include policy |
847 |
information for other resources using the for attribute and |
848 |
optional extensions specified having a strength of "may". The |
849 |
client MAY repeat the request using the appropriate extension(s) |
850 |
if it believes that it can fulfill the policy. |
851 |
|
852 |
If the initial request already included all the extensions |
853 |
requested in the 420 response with the appropriate set of extra |
854 |
parameters (if any), then the 420 response indicates that access |
855 |
has been refused for any additional extension(s) requested by the |
856 |
client. If no extension(s) have been requested by the client, then |
857 |
the user MAY be presented the entity that was given in the |
858 |
response (if any), since that entity may include relevant |
859 |
diagnostic information. |
860 |
|
861 |
Implementers may note the similarity to the way authentication |
862 |
challenges are issued with the 401 (Unauthorized) status code. |
863 |
|
864 |
9.2. 421 Bad Mapping |
865 |
|
866 |
The mappings indicated by the map attribute in the request were |
867 |
refused. If the initial request contained a change to the current |
868 |
set of mappings using the "map" attribute then this change was |
869 |
refused but other mappings are still valid. The client MAY repeat |
870 |
the request using a new set of header fields if it believes that |
871 |
it can find a unique set of header fields for the mapping to |
872 |
|
873 |
|
874 |
Frystyk W3C Working Draft [Page 14] |
875 |
|
876 |
|
877 |
|
878 |
|
879 |
|
880 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
881 |
|
882 |
|
883 |
succeed. If the initial request did not indicate any changes to |
884 |
the current set of mappings, then all mappings currently held by |
885 |
the client MUST be discarded. |
886 |
|
887 |
10. Proxy Servers as End to End Recipients |
888 |
|
889 |
Normally, the ultimate recipients of an end-to-end extension |
890 |
declaration and extension policies are the origin server and the user |
891 |
agent participating in the extension. In some cases, however, |
892 |
intermediate caching and non-caching proxies MAY act authoritatively |
893 |
on behalf of user agents and origin servers. Note, that regardless |
894 |
of the role of the proxy, it MUST always obey the cache directives |
895 |
indicated by the cache-control directive, see also section |
896 |
"Interaction with Existing HTTP/1.1 Headers (Section 11.2)". |
897 |
|
898 |
10.1. Proxy Servers Acting on Behalf of User Agents |
899 |
|
900 |
In case a proxy is authorized to act as the ultimate recipient on |
901 |
behalf of its proxy clients on end-to-end extensions, it MUST obey |
902 |
the following rules: |
903 |
|
904 |
* The proxy MUST remove the extension policies on which it can |
905 |
act authoritatively before forwarding the response to a |
906 |
proxy client; |
907 |
* it SHOULD issue extension declarations for the extensions on |
908 |
which it can act authoritatively as if it was a user agent; |
909 |
* it MUST remove any header fields that are part of the |
910 |
extension(s) initiated by the proxy before forwarding the |
911 |
response to a proxy client; |
912 |
* if any extension(s) added by an HTTP proxy are of strength |
913 |
"must" it MUST prepend the "PEP-" method name prefix, before |
914 |
forwarding the response to the origin server, see section |
915 |
"Binding Requests". |
916 |
|
917 |
This can for example be the case if an elementary school wishes to |
918 |
enforce a certain policy for accessing information on the |
919 |
Internet. The local school proxy can then act authoritatively on |
920 |
behalf of the pupils using the proxy. |
921 |
|
922 |
10.2. Proxy Servers Acting on Behalf of Origin Servers |
923 |
|
924 |
In case a proxy is authorized to act as the ultimate recipient on |
925 |
behalf of an origin server on end-to-end extensions, it MUST obey |
926 |
the following rules: |
927 |
|
928 |
* The proxy MUST remove the extension declarations on which it |
929 |
can act authoritatively before forwarding the request to the |
930 |
origin server; |
931 |
* it SHOULD issue extension policies for the extensions on |
932 |
which it can act authoritatively as if it was an origin |
933 |
server; |
934 |
* it MUST remove any header fields that are part of the |
935 |
|
936 |
|
937 |
Frystyk W3C Working Draft [Page 15] |
938 |
|
939 |
|
940 |
|
941 |
|
942 |
|
943 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
944 |
|
945 |
|
946 |
extension(s) initiated by the proxy before forwarding the |
947 |
request to the origin server; |
948 |
* if any extension(s) added by an HTTP proxy are of strength |
949 |
"must" and there are no other extensions of strength "must" |
950 |
in the request, it MUST remove any "PEP-" method name prefix |
951 |
before forwarding the request to the origin server, see |
952 |
section "Binding Requests". |
953 |
|
954 |
An example of this is a corporation having a subscription on an |
955 |
on-line journal. All access to the origin server goes through the |
956 |
corporate firewall that runs a caching proxy server. The |
957 |
organization reports to the publisher of the journal on a monthly |
958 |
basis at which point the subscription is re-evaluated. In the |
959 |
day-to-day access, the proxy has the authority to act on behalf of |
960 |
the origin server registering usage of the journal. |
961 |
|
962 |
11. Practical Considerations |
963 |
|
964 |
11.1. Publishing an Extension |
965 |
|
966 |
While the protocol extension definition should be published at the |
967 |
address of the extension identifier, this is not a requirement of |
968 |
the PEP protocol. The only absolute requirement is that distinct |
969 |
names be used for distinct semantics. |
970 |
|
971 |
For example, one way to achieve this is to use a mid, cid, or uuid |
972 |
URI. The association between the extension identifier and the |
973 |
specification might be made by distributing a specification, which |
974 |
references the extension identifier. Care should be taken not to |
975 |
distribute conflicting specifications that reference the same |
976 |
name. |
977 |
|
978 |
Even when a URI is used to publish extension specifications, care |
979 |
must be taken that the specification made available at that |
980 |
address does not change significantly over time. One agent may |
981 |
associate the identifier with the old semantics, and another might |
982 |
associate it with the new semantics. |
983 |
|
984 |
The extension definition may be made available in different |
985 |
representations. For example, a software component that |
986 |
implements the specification may reside at the same address as a |
987 |
human-readable specification (distinguished by content |
988 |
negotiation). The human-readable representation serves to document |
989 |
the extension and encourage deployment, while the software |
990 |
component allows clients and servers to be dynamically extended. |
991 |
|
992 |
11.2. Interaction with Existing HTTP/1.1 Headers |
993 |
|
994 |
Designers of extensions to be used within the HTTP messaging model |
995 |
should consider the interaction with existing HTTP/1.1 headers. |
996 |
Especially, it should be noted that PEP is designed to be |
997 |
compatible with HTTP/1.0 [RFC1945] inasmuch as HTTP/1.1 is |
998 |
|
999 |
|
1000 |
Frystyk W3C Working Draft [Page 16] |
1001 |
|
1002 |
|
1003 |
|
1004 |
|
1005 |
|
1006 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
1007 |
|
1008 |
|
1009 |
compatible with HTTP/1.0, see [RFC2068], Section 19.7. There are |
1010 |
two specific categories of HTTP/1.1 headers that are of special |
1011 |
importance to PEP extensions: The HTTP/1.1 caching headers and |
1012 |
headers used by existing extension mechanisms provided by |
1013 |
HTTP/1.1. This section discusses some of the issues regarding |
1014 |
these two categories. |
1015 |
|
1016 |
The Cache-Control header as described in [RFC2068], Section 14.9, |
1017 |
allows a client or server to transmit a variety of directives in |
1018 |
either requests or responses with the purpose of overriding the |
1019 |
default caching algorithms performed by HTTP/1.1 caches. |
1020 |
Regardless of whether any PEP headers are used as cache-control |
1021 |
directives, PEP-aware proxies MUST always obey the cache-control |
1022 |
directives. |
1023 |
|
1024 |
The Vary header, described in [RFC2068], Section 14.43, is used by |
1025 |
a server to signal that the response entity was selected from the |
1026 |
available representations of the response using server-driven |
1027 |
negotiation. If either a PEP extension or any header fields used |
1028 |
by an extension instance is taking part in a server-driven |
1029 |
negotiation, then the server MUST include an appropriate Vary |
1030 |
header field with any cachable response that is subject to |
1031 |
server-driven negotiation. |
1032 |
|
1033 |
The Connection header as described in [RFC2068], Section 14.10, |
1034 |
allows the sender to specify options that are desired for that |
1035 |
particular transport connection only. All PEP hop-by-hop extension |
1036 |
and policy declarations along with any header fields used by hop- |
1037 |
by-hop extension instances MUST be included as Connection header |
1038 |
directives. PEP applications MUST NOT send any hop-by-hop |
1039 |
extension or policy declarations to an HTTP/1.0 proxy as it does |
1040 |
not obey the rules of HTTP/1.1 for parsing the Connection header |
1041 |
field, see also [RFC2068], section 19.7.1. |
1042 |
|
1043 |
The Upgrade header, [RFC2068], Section 14.41, allows the client to |
1044 |
specify what additional communication protocols it supports and |
1045 |
would like to use if the server finds it appropriate to switch |
1046 |
protocols. PEP supersedes the Upgrade header in that it allows the |
1047 |
same functionality but without the need for a central registry. |
1048 |
PEP extensions MAY use the 101 (Switching Protocols) status code |
1049 |
to switch to HTTP-based protocols and protocols, which once |
1050 |
initiated by a PEP transaction, run completely independently of |
1051 |
HTTP. |
1052 |
|
1053 |
The content coding values in the Content-Encoding header as |
1054 |
described in [RFC2068], Section 14.12, indicate an encoding |
1055 |
transformation that has been or can be applied to an entity. As |
1056 |
for the Upgrade header, PEP supersedes the Content-Encoding header |
1057 |
in that it allows the same functionality but without the need for |
1058 |
a central registry. As both the content encoding mechanism and the |
1059 |
PEP mechanism is ordered, using both MAY lead to ambiguous |
1060 |
situations. Simultaneous use of both mechanism is therefore |
1061 |
|
1062 |
|
1063 |
Frystyk W3C Working Draft [Page 17] |
1064 |
|
1065 |
|
1066 |
|
1067 |
|
1068 |
|
1069 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
1070 |
|
1071 |
|
1072 |
strongly discouraged. |
1073 |
|
1074 |
11.3. Identifying the Source of a Mapping |
1075 |
|
1076 |
A mapping declared by the map attribute can be valid for zero, |
1077 |
one, or more transactions depending on the extension and the |
1078 |
agreement between the involved parties. In case a server wishes to |
1079 |
maintain a mapping initiated by a client for more than a single |
1080 |
transaction, it must be able to link the mapping to the client so |
1081 |
that it can use the mapping in future requests initiated by that |
1082 |
client. In other words, the server must maintain some sort of |
1083 |
state, which uniquely links a mapping to the client initiating |
1084 |
that mapping. This requires that the server uniquely can identify |
1085 |
a client over the span of multiple, possibly unrelated |
1086 |
transactions. |
1087 |
|
1088 |
A server can identify a client initiating a mapping using one of |
1089 |
the following mechanisms (in order of precedence): |
1090 |
|
1091 |
* a parameter defined by the extension uniquely identifying |
1092 |
all requests originating from the client issuing the |
1093 |
extension declaration; |
1094 |
* a persistent transport connection. This can only the used if |
1095 |
the extension has a hop-by-hop scope and the connection is |
1096 |
maintained throughout the lifetime of the extension; |
1097 |
* an HTTP cookie provided with every request identifying the |
1098 |
originating client, see [RFC2069]; |
1099 |
* HTTP authentication credentials provided with every request |
1100 |
identifying the originating client, see [RFC2068] |
1101 |
|
1102 |
If none of the above applies then the server MAY look for a From |
1103 |
header field in the request. This MUST NOT be considered a |
1104 |
reliable mechanism and explicit care SHOULD be taken by the server |
1105 |
not to rely on this. |
1106 |
|
1107 |
12. Security Considerations |
1108 |
|
1109 |
* The for parameter allows one party to give information about |
1110 |
the extensions used by another party's resources. The parties |
1111 |
may provide resources on different servers, or at different |
1112 |
addresses on the same server. While distinguishing between the |
1113 |
parties responsible for different resources at the same server |
1114 |
may be infeasible, clients SHOULD ignore information given by |
1115 |
one server about another unless they have reason to trust it, |
1116 |
or reason to believe that trusting it will have no significant |
1117 |
negative consequences. |
1118 |
* Dynamic installation of extension facilities as described in |
1119 |
the introduction involves software written by one party (the |
1120 |
provider of the implementation) to be executed under the |
1121 |
authority of another (the party operating the host software). |
1122 |
This opens the host party to a variety of "Trojan horse" |
1123 |
attacks by the provider, or a malicious third party that forges |
1124 |
|
1125 |
|
1126 |
Frystyk W3C Working Draft [Page 18] |
1127 |
|
1128 |
|
1129 |
|
1130 |
|
1131 |
|
1132 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
1133 |
|
1134 |
|
1135 |
implementations under a provider's name. See, for example, |
1136 |
section 7.4.2 of RFC1521 for a discussion of these risks |
1137 |
|
1138 |
13. Normative References |
1139 |
|
1140 |
[RFC822] |
1141 |
D. H. Crocker. "Standard for the Format of ARPA Internet Text |
1142 |
Messages", STD 11, RFC 822, UDEL, August 1982 |
1143 |
|
1144 |
[RFC1630] |
1145 |
T. Berners-Lee, "Universal Resource Identifiers in WWW. A Unifying |
1146 |
Syntax for the Expression of Names and Addresses of Objects on the |
1147 |
Network as used in the World-Wide Web", RFC 1630, CERN, June 1994. |
1148 |
|
1149 |
[RFC1808] |
1150 |
R. Fielding, "Relative Uniform Resource Locators", RFC 1808, UC |
1151 |
Irvine, June 1995. |
1152 |
|
1153 |
[RFC1945] |
1154 |
T. Berners-Lee, R. Fielding, H. Frystyk, "Hypertext Transfer |
1155 |
Protocol -- HTTP/1.0", RFC 1945, W3C/MIT, UC Irvine, W3C/MIT, May |
1156 |
1996. |
1157 |
|
1158 |
[RFC2068] |
1159 |
R. Fielding, J. Gettys, J. C. Mogul, H. Frystyk, T. Berners-Lee, |
1160 |
"Hypertext Transfer Protocol -- HTTP/1.1", RFC 2068, U.C. Irvine, |
1161 |
DEC W3C/MIT, DEC, W3C/MIT, W3C/MIT, January 1997 |
1162 |
|
1163 |
[RFC2069] |
1164 |
D. Kristol, L. Montulli, "HTTP State Management Mechanism", RFC |
1165 |
2069, Bell Laboratories Lucent Technologies, Netscape |
1166 |
Communications, February 1997 |
1167 |
|
1168 |
[RFC2119] |
1169 |
S. Bradner, "Key words for use in RFCs to Indicate Requirement |
1170 |
Levels", RFC 2119, Harvard University, March 1997 |
1171 |
|
1172 |
[HTTPVer] |
1173 |
J. C. Mogul, R. Fielding, J. Gettys, H. Frystyk, "Use and |
1174 |
interpretation of HTTP version numbers", Internet Draft draft- |
1175 |
ietf-http-versions-01.txt, DEC, U.C. Irvine, DEC W3C/MIT, W3C/MIT, |
1176 |
HTTP Working Group, March, 1997. This is work in progress |
1177 |
|
1178 |
[URL] |
1179 |
T. Berners-Lee, R. Fielding, L. Masinter, Uniform Resource |
1180 |
Locators (URL), draft-fielding-url-syntax-03, W3C/MIT, U.C. |
1181 |
Irvine, Xerox Corporation, December 1996. This is work in progress |
1182 |
|
1183 |
|
1184 |
|
1185 |
|
1186 |
|
1187 |
|
1188 |
|
1189 |
Frystyk W3C Working Draft [Page 19] |
1190 |
|
1191 |
|
1192 |
|
1193 |
|
1194 |
|
1195 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
1196 |
|
1197 |
|
1198 |
14. Bibliography: Informative References |
1199 |
|
1200 |
[CGI] |
1201 |
D. Robinson The WWW Common Gateway Interface Version 1.1, work in |
1202 |
progress 15 February 1996 |
1203 |
|
1204 |
[NSAPI] |
1205 |
Netscape server API documentation, 1995 |
1206 |
|
1207 |
[ISAPI] |
1208 |
ISAPI documentation, Microsoft Corporation, in ActiveX Alpha SDK, |
1209 |
http://www.msn.com/download/sdk/msactivedk.zip, 1996 |
1210 |
|
1211 |
[Apache] |
1212 |
Thau, Robert, Design considerations for the Apache Server API, |
1213 |
Fifth International World Wide Web Conference, May 6-10, 1996, |
1214 |
Paris, France |
1215 |
|
1216 |
[OM] |
1217 |
OpenMarket server technical overview sometime in 1996. |
1218 |
|
1219 |
[Spy95] |
1220 |
Spyglass Server Application Development Interface Spyglass, Inc. |
1221 |
version 1.17 1995/09/11 |
1222 |
|
1223 |
[MAILCAP] |
1224 |
N. Borenstein, RFC 1524: A User Agent Configuration Mechanism For |
1225 |
Multimedia Mail Format Information, pp. 12, Sep 1993. |
1226 |
|
1227 |
[STATE] |
1228 |
D. Kristol, L. Montulli, 22 Nov 1996. "HTTP State Management |
1229 |
Mechanism", RFC xxxx. Proposed Standard Approved by the IESG, not |
1230 |
yet assigned an RFC. |
1231 |
|
1232 |
[Kristol95] |
1233 |
David M. Kristol, A Proposed Extension Mechanism for HTTP, Jan |
1234 |
1995. D. Kristol, A Proposed Extension Mechanism for HTTP, |
1235 |
Internet Draft, January 1995 (Work in Progress, Expired). |
1236 |
|
1237 |
[RFC822] |
1238 |
D. H. Crocker. Standard for the Format of ARPA Internet Text |
1239 |
Messages. STD 11, RFC 822, UDEL, August 1982. |
1240 |
|
1241 |
[UPP] |
1242 |
D. Eastlake, "Universal Payment Preamble", Internet Draft |
1243 |
CyberCash, March 1996 (Work in Progress). |
1244 |
|
1245 |
[JEPI] |
1246 |
JEPI, "Selecting Payment Mechanisms Over HTTP", Internet Draft, |
1247 |
August 1996 (Work in Progress). [Also available as |
1248 |
http://www.w3.org/pub/WWW/Payments/JEPI/draft-jepi-uppflow- |
1249 |
00.html] |
1250 |
|
1251 |
|
1252 |
Frystyk W3C Working Draft [Page 20] |
1253 |
|
1254 |
|
1255 |
|
1256 |
|
1257 |
|
1258 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
1259 |
|
1260 |
|
1261 |
[MAILEXT] |
1262 |
J. Klensin, N. Freed, M. Rose, E. Stefferud, and D. Crocker. "SMTP |
1263 |
Service Extensions." RFC 1869. MCI, Innosoft, Dover Beach |
1264 |
Consulting, Network Management Associates, Brandenburg Consulting, |
1265 |
November 1995. |
1266 |
|
1267 |
[PICS] |
1268 |
J. Miller. PICS Label Syntax and Communication Protocols (Version |
1269 |
1.1). 31 October 1996 |
1270 |
|
1271 |
[SpyClient] |
1272 |
Spyglass Client Software Development Kit |
1273 |
|
1274 |
[SpyEcom] |
1275 |
Electronic Commerce Standards for the WWW |
1276 |
|
1277 |
[WN] |
1278 |
WN server documentation, 1995 |
1279 |
|
1280 |
[Spinner] |
1281 |
Spinner server technical overview, |
1282 |
http://spinner.infovav.se/overview.html, 1995 |
1283 |
|
1284 |
15. Acknowledgements |
1285 |
|
1286 |
The PEP protocol is the product of a substantial amount of |
1287 |
investigation and collaboration. Dave Kristol did some of the first |
1288 |
writing on HTTP extension mechanisms. [Kristol95]. Jim Miller and |
1289 |
Dave Raggett sketched out an initial design, which Rohit Khare wrote |
1290 |
up in a number of drafts. Tim Berners-Lee, Paul Leach and Daniel |
1291 |
Dardailler deserve special recognition for their efforts in |
1292 |
commenting in the design phase of the protocol. |
1293 |
|
1294 |
This specification is a direct reflection of some implementation |
1295 |
work: a client implementation in Libwww (see the HTPEP module) and a |
1296 |
server implementation by Eui-Suk Chung and Anit Chakraborty for the |
1297 |
JEPI project. |
1298 |
|
1299 |
This document has benefited greatly from the comments of all those |
1300 |
participating in the HTTP-WG. In addition to those already mentioned, |
1301 |
the following individuals have contributed to this specification: |
1302 |
|
1303 |
* Don Eastlake, |
1304 |
* Roy Fielding, |
1305 |
* Yaron Goland, |
1306 |
* Phill Hallam-Baker, |
1307 |
* Paul Hoffman, |
1308 |
* Koen Holtman, and |
1309 |
* Larry Masinter |
1310 |
|
1311 |
|
1312 |
|
1313 |
|
1314 |
|
1315 |
Frystyk W3C Working Draft [Page 21] |
1316 |
|
1317 |
|
1318 |
|
1319 |
|
1320 |
|
1321 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
1322 |
|
1323 |
|
1324 |
16. Authors Addresses |
1325 |
|
1326 |
Dan |
1327 |
Connolly |
1328 |
Architecture Domain Lead, W3 Consortium |
1329 |
MIT Laboratory for Computer Science |
1330 |
545 Technology Square |
1331 |
Cambridge, MA 02139, U.S.A. |
1332 |
Tel: +1 (512) 310 2971 Email: connolly@w3.org |
1333 |
|
1334 |
Rohit Khare |
1335 |
Technical Staff, W3 Consortium |
1336 |
MIT Laboratory for Computer Science |
1337 |
545 Technology Square |
1338 |
Cambridge, MA 02139, U.S.A. |
1339 |
Tel: +1 (617) 253 5884 |
1340 |
Fax: +1 (617) 258 5999 Email: khare@w3.org |
1341 |
|
1342 |
Henrik Frystyk |
1343 |
Nielsen |
1344 |
Technical Staff, W3 Consortium |
1345 |
MIT Laboratory for Computer Science |
1346 |
545 Technology Square |
1347 |
Cambridge, MA 02139, U.S.A. |
1348 |
Tel: +1 (617) 258 8143 |
1349 |
Fax: +1 (617) 258 5999 Email: frystyk@w3.org |
1350 |
|
1351 |
|
1352 |
Appendices |
1353 |
|
1354 |
17. Summary of Protocol Interactions |
1355 |
|
1356 |
The following table summarizes the outcome of how PEP-aware servers |
1357 |
and proxies MUST handle PEP extension declarations. The table also |
1358 |
summarized how existing HTTP servers and proxies interact with PEP |
1359 |
extension declarations. Note, that applications MUST NOT send hop- |
1360 |
by-hop header fields to an HTTP/1.0 proxy as it does not obey the |
1361 |
rules of HTTP/1.1 for parsing the Connection header field, see also |
1362 |
[RFC2068], section 19.7.1. See also section "Interaction with |
1363 |
Existing HTTP/1.1 Headers (Section 11.2)". |
1364 |
|
1365 |
Pass |
1366 |
The proxy MUST pass the extension declaration along to the next |
1367 |
agent. |
1368 |
|
1369 |
Strip |
1370 |
The proxy MUST strip the extension declaration out and pass the |
1371 |
remainder along to the next agent. |
1372 |
|
1373 |
Extended processing |
1374 |
The agent MUST process the request in conformance with the |
1375 |
extension specification. |
1376 |
|
1377 |
|
1378 |
Frystyk W3C Working Draft [Page 22] |
1379 |
|
1380 |
|
1381 |
|
1382 |
|
1383 |
|
1384 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
1385 |
|
1386 |
|
1387 |
Standard processing |
1388 |
The agent MUST process the request in the standard, unextended |
1389 |
fashion. |
1390 |
|
1391 |
420 Bad Extensions |
1392 |
The agent MUST report a 420 Bad Extension error |
1393 |
|
1394 |
Strength / Scope PEP Summary Hop-by-hop *) End-to-end Optional |
1395 |
(may) Required (must) Optional (may) Required (must) Proxy PEP not |
1396 |
supported |
1397 |
Strip |
1398 |
501 (Not Implemented) |
1399 |
Pass |
1400 |
501 (Not Implemented) Extension not supported |
1401 |
Strip |
1402 |
420 (Bad Extensions) |
1403 |
Pass |
1404 |
Pass Extension supported |
1405 |
Extended processing |
1406 |
Extended processing |
1407 |
Extended processing |
1408 |
Extended processing Origin Server PEP not supported |
1409 |
Standard processing |
1410 |
501 (Not Implemented) |
1411 |
Standard processing |
1412 |
501 (Not Implemented) Extension not supported |
1413 |
Standard processing |
1414 |
420 (Bad Extensions) |
1415 |
Standard processing |
1416 |
420 (Bad Extensions) Extension supported |
1417 |
Extended processing |
1418 |
extended processing |
1419 |
Extended processing |
1420 |
Extended processing |
1421 |
|
1422 |
*) Applications MUST NOT send hop-by-hop header fields to an HTTP/1.0 |
1423 |
proxy as it does not obey the rules of HTTP/1.1 for parsing the |
1424 |
Connection header field, see also [RFC2068], section 19.7.1. |
1425 |
|
1426 |
18. Open Issues |
1427 |
|
1428 |
Some of the things we have to consider |
1429 |
|
1430 |
What can be done with Asynchronous Notification? |
1431 |
|
1432 |
If we take the limited case of having the server sending async |
1433 |
notifications on an already established TCP connection then I |
1434 |
believe that this is something that PEP needs to be able to |
1435 |
support. |
1436 |
|
1437 |
|
1438 |
|
1439 |
|
1440 |
|
1441 |
Frystyk W3C Working Draft [Page 23] |
1442 |
|
1443 |
|
1444 |
|
1445 |
|
1446 |
|
1447 |
WD-pep PEP $Date: 1997/04/28 02:58:33 $ |
1448 |
|
1449 |
|
1450 |
Does Simple PEP fulfill the Original Requirements? |
1451 |
|
1452 |
I will have to check that further - look at the JEPI requirements. |
1453 |
I have done so and believe there are no problems! |
1454 |
|
1455 |
Transparent Content Negotiation |
1456 |
|
1457 |
How does this fit with TNC and how can we use a single proposal? |
1458 |
|
1459 |
Do we need Refused? |
1460 |
|
1461 |
Note, that this proposal has removed the "strength refused" as I |
1462 |
can't find an example where this has to be part of the basic |
1463 |
extension mechanism. An extension may not be allowed because of |
1464 |
some of the parameters but not the extension itself - this can be |
1465 |
an issue with extensions using public keys, for example. Or a |
1466 |
certain combination of extensions may not be allowed but not |
1467 |
necessarily each of the individual extensions. |
1468 |
|
1469 |
Another change is that the for list is now a linked list which |
1470 |
make it possible to assign metainformation to large set of |
1471 |
resources. |
1472 |
|
1473 |
Do we need the "enc" parameter? |
1474 |
|
1475 |
There is no reason to make the "enc" parameter/flag distinction in |
1476 |
the Protocol header. After we removed the interaction with the |
1477 |
content-encoding header, there is nowhere in the protocol message |
1478 |
any encoding token may show up. It was only needed while we used |
1479 |
the content-encoding header for ordering purposes. The protocol id |
1480 |
defines the encoding. |
1481 |
|
1482 |
Generic Metainformation Syntax |
1483 |
|
1484 |
It would be nice if we could use some generic meta data mechanism |
1485 |
for handling this instead of the PI header. |
1486 |
|
1487 |
Do Certain Extensions only work for certain Methods? |
1488 |
|
1489 |
Roy mentioned whether it make sense to have an extension bound not |
1490 |
only to a particular URL but also to a particular method. It could |
1491 |
be that an extension only is valid for PUT, say, and not GET. I |
1492 |
think that we can push this of into the extension itself and don't |
1493 |
have to be concerned about it in PEP directly. |
1494 |
|
1495 |
Proxies as Ultimate Recipient |
1496 |
|
1497 |
Should a proxy acting on behalf of either an origin server or a |
1498 |
user agent issue a warning header? |
1499 |
|
1500 |
|
1501 |
|
1502 |
|
1503 |
|
1504 |
Frystyk W3C Working Draft [Page 24] |
1505 |
|
1506 |
|
1507 |
|