INTERNET-DRAFT HTTP Extensions H. Frystyk Nielsen, W3C draft-frystyk-http-extensions-01 P. Leach, Microsoft Scott Lawrence, Agranat Systems Expires: May 11, 1999 Wednesday, November 11, 1998 HTTP Extension Framework Status of this Document This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress". To learn the current status of any Internet-Draft, please check the "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or ftp.isi.edu (US West Coast). Distribution of this document is unlimited. Please send comments to the mailing list. This list is archived at "http://lists.w3.org/Archives/Public/ietf-http-ext/". Abstract A wide range of applications have proposed various extensions of the HTTP protocol. Current efforts span an enormous range, including distributed authoring, collaboration, printing, and remote procedure call mechanisms. However, HTTP extensions are uncoordinated, and there has been no standard framework for defining extensions or keeping them separate from each other. This document describes a generic extension mechanism for HTTP/1.1, which is designed to address the tension between private agreement and public specification and to accommodate extension of applications using HTTP clients, servers, and proxies. The proposal associates each extension with a globally unique identifier, and uses HTTP header fields to carry the extension identifier and related information between the parties involved in the extended communication. Table of Contents 1. Introduction........................................................2 2. Notational Conventions..............................................3 3. Extension Declarations..............................................3 Frystyk et al [Page 1] INTERNET-DRAFT HTTP Extensions Wed, November 11, 1998 3.1 Header Field Prefixes............................................4 4. Extension Header Fields.............................................5 4.1 End-to-End Extensions............................................5 4.2 Hop-by-Hop Extensions............................................6 4.3 Extension Response Header Fields.................................6 5. Mandatory HTTP Requests.............................................7 5.1 Fulfilling a Mandatory Request...................................8 6. Mandatory HTTP Responses............................................9 7. 510 Not Extended....................................................9 8. Publishing an Extension............................................10 9. Caching Considerations.............................................11 10. Security Considerations...........................................11 11. References........................................................11 12. Acknowledgements..................................................12 13. Authors Addresses.................................................12 14. Summary of Protocol Interactions..................................12 15. Examples..........................................................13 15.1 User Agent to Origin Server....................................14 15.2 User Agent to Origin Server via HTTP/1.1 Proxy.................14 15.3 User Agent to Origin Server via HTTP/1.0 Proxy.................15 1. Introduction This proposal is designed to address the tension between private agreement and public specification; and to accommodate dynamic extension of HTTP clients and servers by software components. The kind of extensions capable of being introduced range from: o extending a single HTTP message; o introducing new encodings; o initiating HTTP-derived protocols for new applications; to... o switching to protocols which, once initiated, run independent of the original protocol stack. The proposal is intended to be used as follows: o Some party designs and specifies an extension; the party assigns the extension a globally unique address (URI), and makes one or more representations of the extension available at that address (see section 8). o An HTTP client or server that implements this extension mechanism (hereafter called an agent) declares the use of the extension by referencing its URI in an extension declaration in an HTTP message (see section 3). o The HTTP application which the extension declaration is intended for (hereafter called the ultimate recipient) can deduce how to properly interpret the extended message based on the extension declaration. Frystyk, et al [Page 2] INTERNET-DRAFT HTTP Extensions Wed, November 11, 1998 The proposal uses features in HTTP/1.1 but is compatible with HTTP/1.0 applications in such a way that extended applications can coexist with existing HTTP applications. Applications implementing this proposal MUST be based on HTTP/1.1 (or later versions of HTTP). 2. Notational Conventions This specification uses the same notational conventions and basic parsing constructs as RFC 2068 [5]. In particular the BNF constructs "token", "quoted-string", "Request-Line", "field-name", and "absoluteURI" in this document are to be interpreted as described in RFC 2068 [5]. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [6]. This proposal does not rely on particular features defined in URLs [8] that cannot potentially be expressed using URNs (see section 8). Therefore, the more generic term URI [8] is used throughout the specification. 3. Extension Declarations An extension declaration can be used to indicate that an extension has been applied to a message and possibly to reserve a part of the header namespace identified by a header field prefix (see 3.1). This specification does not define any ramifications of applying an extension to a message nor whether two extensions can or cannot logically coexist within the same message. It is simply a framework for describing which extensions have been applied and what the ultimate recipient either must or may do in order to properly interpret any extension declarations within that message. The grammar for an extension declaration is as follows: ext-decl = <"> ( absoluteURI | field-name ) <"> ";" namespace [ decl-extensions ] decl-extensions = *( decl-ext ) namespace = "ns" "=" header-prefix header-prefix = 2*DIGIT "-" decl-ext = ";" token [ "=" ( token | quoted-string ) ] An extension is identified by an absolute, globally unique URI or a field-name. A field-name MUST specify a header field uniquely defined in Frystyk, et al [Page 3] INTERNET-DRAFT HTTP Extensions Wed, November 11, 1998 an IETF Standards Track RFC [3]. A URI can unambiguously be distinguished from a field-name by the presence of a colon (":"). The support for header field names as extension identifiers provides a transition strategy from decentralized extensions to extensions defined by IETF Standards Track RFCs. Examples of extension declarations are "http://www.company.com/extension"; ns=11- "Range"; ns=13- An extension declaration can be extended through the use of one or more decl-ext parameters. Unrecognized decl-ext parameters SHOULD be ignored and MUST NOT be removed by proxies when forwarding the extension declaration. 3.1 Header Field Prefixes The header-prefix are dynamically generated header field prefix strings that can be used to indicate that all header fields in the message matching the header-prefix value using string prefix-matching are introduced by this extension instance. This allows an extension instance to dynamically reserve a subspace of the header space in a protocol message in order to prevent header field name clashes. Prefixes are primarily intended to avoid header field name conflicts and to allow multiple instances of a single extension using its own header fields to be applied to the same message without conflicting with each other. Linear white space (LWS) MUST NOT be used between the digits and the dash ("-"). The format of the prefix using a combination of digits and the dash ("-") guarantees that no extension declaration can reserve the whole header field name space. Agents MUST NOT reuse header-prefix values in the same message unless explicitly allowed by the extension (see section 4.1 for a discussion of the ultimate recipient of an extension declaration). Clients SHOULD be as consistent as possible when generating header- prefix values as this facilitates use of the Vary header field in responses that vary as a function of the request extension declaration(s) (see [5], section 13.6). Examples of header-prefix values are Frystyk, et al [Page 4] INTERNET-DRAFT HTTP Extensions Wed, November 11, 1998 12- 15- 23- Old applications may introduce header fields independent of this extension mechanism, potentially conflicting with header fields introduced by the prefix mechanism. In order to minimize this risk, prefixes MUST contain at least 2 digits. 4. Extension Header Fields This proposal introduces two types of extension declaration strength: mandatory and optional, and two types of extension declaration scope: hop-by-hop and end-to-end (see section 4.1 and 4.2). A mandatory extension declaration indicates that the ultimate recipient MUST consult and adhere to the rules given by the extension when processing the message or reporting an error (see section 5 and 7). An optional extension declaration indicates that the ultimate recipient of the extension MAY consult and adhere to the rules given by the extension when processing the message, or ignore the extension declaration completely. An agent may not be able to distinguish whether the ultimate recipient does not understand an extension referred to by an optional extension or simply ignores the extension declaration. The combination of the declaration strength and scope defines a 2x2 matrix which is distinguished by four new general HTTP header fields: Man, Opt, C-Man, and C-Opt. (See section 4.1 and 4.2, and appendix 14 for a table of interactions with origin servers and proxies.) The header fields are general header fields as they describe which extensions actually are applied to an HTTP message. Optional declarations MAY be applied to any HTTP message without any change to existing HTTP semantics. Mandatory declarations MUST be applied to a request message as described in section 5 and to a response message as described in section 6. 4.1 End-to-End Extensions End-to-end declarations MUST be transmitted to the ultimate recipient of the declaration. The Man and the Opt general header fields are end-to- end header fields and are defined as follows: mandatory = "Man" ":" 1#ext-decl optional = "Opt" ":" 1#ext-decl For example Frystyk, et al [Page 5] INTERNET-DRAFT HTTP Extensions Wed, November 11, 1998 HTTP/1.1 200 OK Content-Length: 421 Opt: "http://www.digest.org/Digest"; ns=15- 15-digest: "snfksjgor2tsajkt52" ... The ultimate recipient of a mandatory end-to-end extension declaration MUST handle that extension declaration as described in section 5 and 6. 4.2 Hop-by-Hop Extensions Hop-by-hop extension declarations are meaningful only for a single HTTP connection. In HTTP/1.1, the C-Man and the C-Opt header field MUST be protected by a Connection header field. That is, the header fields are to be included as Connection header field directives (see [5], section 14.10). The two header fields have the following grammar: c-mandatory = "C-Man" ":" 1#ext-decl c-optional = "C-Opt" ":" 1#ext-decl For example GET / HTTP/1.1 Host: some.host C-Man: "http://www.digest.org/ProxyAuth"; ns=14- 14-Credentials="g5gj262jdw@4df" Connection: C-Man, 14-Credentials The ultimate recipient of a mandatory hop-by-hop extension declaration MUST handle that extension declaration as described in section 5 and 6. 4.3 Extension Response Header Fields Two extension response header fields are used to indicate that a request containing mandatory extension declarations has been fulfilled by the ultimate recipient as described in section 5.1. The extension response header fields are exclusively intended to serve as extension acknowledgements and can not carry any other information. The Ext header field is used to indicate that all end-to-end mandatory extension declarations in the request were fulfilled: ext = "Ext" ":" The C-Ext response header field is used to indicate that all hop-by-hop mandatory extension declarations in the request were fulfilled. c-ext = "C-Ext" ":" Frystyk, et al [Page 6] INTERNET-DRAFT HTTP Extensions Wed, November 11, 1998 In HTTP/1.1, the C-Ext header field MUST be protected by a Connection header (see [5], section 14.10). The Ext and the C-Ext header fields are not mutually exclusive, they can both occur within the same message as described in section 5.1. 5. Mandatory HTTP Requests An HTTP request is called a mandatory request if it includes at least one mandatory extension declaration (using the Man or the C-Man header fields). The method name of a mandatory request MUST be prefixed by "M- ". For example, a client might express the binding rights-management constraints in an HTTP PUT request as follows: M-PUT /a-resource HTTP/1.1 Man: "http://www.copyright.org/rights-management"; ns=16- 16-copyright: http://www.copyright.org/COPYRIGHT.html 16-contributions: http://www.copyright.org/PATCHES.html Host: www.w3.org Content-Length: 1203 Content-Type: text/html HTTP/1.1 request with one Opt: optional and one Man: mandatory ... extension Origin server HTTP/1.1 200 OK accepts the Ext: mandatory Cache-Control: max-age=120, no-cache="Ext" extension but ... ignores the optional one. The client can not see in this case that the optional extension was ignored. 15.2 User Agent to Origin Server via HTTP/1.1 Proxy These two examples show how an extended request interacts with an HTTP/1.1 proxy. Frystyk, et al [Page 14] INTERNET-DRAFT HTTP Extensions Wed, November 11, 1998 Table 4: HTTP/1.1 Proxy forwards extended request Client issues a M-GET HTTP/1.1 request with one C-Opt: optional and one C-Man: mandatory hop-by- Connection: C-Opt, C-Man hop extension ... HTTP/1.1 proxy M-GET HTTP/1.1 forwards the Via: 1.1 new request and takes ... out the connection headers Origin server HTTP/1.1 510 Not Extended fails as the ... request does not contain any information belonging to the M-GET method Table 5: HTTP/1.1 Proxy does not forward extended request Client issues a M-GET HTTP/1.1 request with one C-Opt: optional and one C-Man: mandatory hop-by- Connection: C-Opt, C-Man hop extension ... HTTP/1.1 proxy HTTP/1.1 501 Not Implemented refuses to forward ... the M-GET method and returns an error Origin server never sees the extended request 15.3 User Agent to Origin Server via HTTP/1.0 Proxy These two examples show how an extended request interacts with an HTTP/1.0 proxy in the message path Frystyk, et al [Page 15] INTERNET-DRAFT HTTP Extensions Wed, November 11, 1998 Table 6: HTTP/1.0 Proxy forwards extended request Client issues a M-GET HTTP/1.1 request with one Man: mandatory ... extension HTTP/1.0 proxy M-GET HTTP/1.0 forwards the Man: request as a ... HTTP/1.0 request without changing the method Origin server HTTP/1.1 200 OK accepts Ext: and returns a 200 Date: Sun, 25 Oct 1998 08:12:31 GMT response and an Expires: Sun, 25 Oct 1998 08:12:31 GMT extension Cache-Control: no-cache="Ext", max-age=600 acknowledgement. ... The response can be cached by HTTP/1.1 caches for 10 minutes. Frystyk, et al [Page 16] INTERNET-DRAFT HTTP Extensions Wed, November 11, 1998 Table 7: HTTP/1.0 and HTTP/1.1 Proxy Chain Client issues a M-GET HTTP/1.1 request with one Man: mandatory and one C-Opt: hop-by-hop Connection: C-Opt optional extension ... HTTP/1.0 proxy M-GET HTTP/1.0 forwards the Man: request as C-Opt: HTTP/1.0 request Connection: C-Man without changing ... the method and without honoring the Connection header field. HTTP/1.1 proxy M-GET HTTP/1.1 deletes (and Man: ignores) the C-Man: optional extension Connection: C-Man and forwards the Via: 1.0 new rest including a ... via header field. It also add it's own hop-by-hop mandatory extension Origin server HTTP/1.1 200 OK accepts both Ext: mandatory C-Ext extensions. The Connection: C-Man response is not Date: Sun, 25 Oct 1998 08:12:31 GMT cachable by the Expires: Sun, 25 Oct 1998 08:12:31 GMT HTTP/1.0 cache but Cache-Control: no-cache="Ext", max-age=3600 can be cached for ... 1 hour by HTTP/1.1 caches. HTTP/1.1 proxy HTTP/1.1 200 OK removes the hop- Ext: by-hop extension Date: Sun, 25 Oct 1998 08:12:31 GMT acknowledgement Expires: Sun, 25 Oct 1998 08:12:31 GMT and forwards the Cache-Control: no-cache="Ext", max-age=3600 remainder of the ... response. Frystyk, et al [Page 17]