- From: Koen Holtman <koen@win.tue.nl>
- Date: Sat, 12 Aug 1995 12:03:07 +0200 (MET DST)
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
- Cc: Koen Holtman <koen@win.tue.nl>
In section 10 of <draft-ietf-http-v10-spec-01.txt>, it says:
Proxies must be completely transparent regarding user agent
authentication. That is, they must forward the WWW-Authenticate and
Authorization headers untouched. HTTP/1.0 does not provide a means
for a client to be authenticated with a proxy.
I read this to imply that caching proxies may never cache responses to
requests with Authorization headers.
Is this really the intended meaning? It sounds like a wasteful
requirement to me.
I feel that passing along Authorization headers untouched is fine as a
default, but that there has to be some way to override this default.
A response message could contain a header to explicitly _allow_ a
proxy cache not to be transparent, e.g.
URI: <http://shopping.com/food/vegetables/carrots.gif>;
unvary="authorization"
The `unvary' would tell the cache that the response does not vary if
the Authorization header varies, implying that no authentication is
done on http://shopping.com/food/vegetables/carrots.gif. This would
allow the proxy cache to act non-transparently, to serve future
requests for that picture from cache memory without ever contacting
the origin server.
Koen.
Received on Saturday, 12 August 1995 04:01:01 UTC