W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1997

Re: Comment on PEP draft

From: Koen Holtman <koen@win.tue.nl>
Date: Mon, 19 May 1997 16:58:03 +0200 (MET DST)
Message-Id: <199705191458.QAA17431@wsooti08.win.tue.nl>
To: Henrik Frystyk Nielsen <frystyk@w3.org>
Cc: koen@win.tue.nl, http-wg@cuckoo.hpl.hp.com
Henrik Frystyk Nielsen:
>
>At 08:33 PM 5/5/97 +0200, Koen Holtman wrote:
>
>Hi Koen,
>
>Thanks for your comments and sorry for the delay...

Hi Henrik,

Also sorry for this delay.  I finished reading the draft now, so there
are some more comments below.

[...]
>A problem with long lived mappings is that the server has to know where a
>mapping comes from, ie., what client issued the mapping. This is a problem
>as HTTP doesn't provide a good mechanism for doing this. The transport
>connection can not be used as this does not work on end-to-end extensions.
>Instead, the best way is to provide a unique extension ID when declaring
>the mapping, for example:
>
>        GET /my.resource HTTP/1.1
>        Host: some.host
> PEP: {{map http://www.w3.org/my.ext my-ext-*} {params {id abc}}
>
>and then on following requests do something like
>
>        GET /my.new.resource HTTP/1.1
>        Host: some.host
>        my-ext-id: abc
>
>This construct is very easy to put into the vary field as all the server
>needs to do is to include a header like this in the response
>
>        200 OK
>        Vary: me-ext-id
>        ...
>
>This is different from the previous model where all optional PEP extensions
>also were non-cacheable and hence I see this as being an improvement.

I do not see this as an improvement.  The contents of the
my-ext-header will be different for each user agent (because it serves
as a unique identifier), so Vary: my-ext-id has the effect of
cache-control: private.  Under the new PEP draft, there is no way to
share a cached, pep-extended response between agents.

You can only benifit from proxy caches if the same agent does exactly
the same request again while still using the same mappings, but this
case will usually have been optimised already by the local user agent
cache.

In the old (02) draft, sharing cached responses between agents was
still possible to some extent, especially (I believe) in the case that
the response ONLY has optional server-initiated extensions, so that
you do not have to send Vary: protocol.

Still, both drafts allow significantly less sharing of extended
responses than can be had by writing an RFC which defines a unique
request header for the extension.  This is bad.

[...]
>>2) I suspect that supporting header mapping will not be simple.
[...]
>I am interested in hearing why you think why it is not simple!

Now that I have read the whole draft, I agree that it is simple.
However, I also think that this it does not lead to caching which is
efficient enough.

Also, if a server allows an extended response with the header X to be
cached for 10 days, it will have to refuse a re-mapping of X to
something else for 10 days to avoid any clashes.  The server-side
overhead for keeping track of all this may be large.

All in all, I must admit that I liked the previous draft better. The
old draft had some problems with cache efficiency too, but I think
that the approach to solving these problems in the new draft actually
makes things worse.  I have not thought this through, but mappings
initiated by the *server* may get us better sharing opportunities.

Some other comments:

1.

   4.2. Operational Overview

          * An extension is assigned a URI; in addition to a human-
            readable specification of an extension, a machine-readable
            implementation or description of the extension is published
                                                           ^^^^^^^^^^^^
            at that address.

How is this publiblishing done?  By putting a link in the
human-readable specification for the user to click, or with some
medadata mechanism?  If so, which metadata mechanism?  Also, what does
`a machine-readable description of the extension' look like and what
is the machine supposed to do with it?

2.

   6.1. Header Field Mappings

      Clients SHOULD NOT overload well-known or widely deployed header
      fields with new semantics unless the new semantics are a superset
      of the existing semantics so that the header fields still can be
      interpreted according to the old semantics.

This is entirely to weak: PEP needs to partition off a particular part
of the header namespace (for example all headers which start with
`p-') for use in PEP mapping, and guarantee that PEP clients leave the
rest of the header namespace alone, except when extending a known
header.  Else we will see situations like `this internet draft cannot
define the id-blah header because the PEP implementation in
SillyUnknownBrowserX V2.3 maps to all headers which start with id-'.

3.

   11.2. Interaction with Existing HTTP/1.1 Headers

               As both the content encoding mechanism and the
      PEP mechanism is ordered, using both MAY lead to ambiguous
      situations. Simultaneous use of both mechanism is therefore
      strongly discouraged.

PEP cannot strongly discourage plain 1.1 caches to do somehting, and
HTTP/1.1 allows plain HTTP/1.1 caches to add content encodings on the
fly.  So there WILL be amgiguous situations.  This needs to be fixed.

4. 

    11.3. Identifying the Source of a Mapping

          * an HTTP cookie provided with every request identifying the
            originating client, see [RFC2069];

The cookie spec is 2109, not 2069.

          * HTTP authentication credentials provided with every request
            identifying the originating client, see [RFC2068]

HTTP authentication credentials identify users, not clients.  A user
may have multiple clients running, so authentication credentials are
not usable as source identifiers.  

      If none of the above applies then the server MAY look for a From
      header field in the request. This MUST NOT be considered a
      reliable mechanism and explicit care SHOULD be taken by the server
      not to rely on this.

I think that looking at authentication and From fields should be
explicitely forbidden.  Given that PEP is supposed to support payment
protocols, the language above is entirely too weak.


>Henrik

Koen.
Received on Monday, 19 May 1997 08:01:13 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:42 EDT