W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2010

Re: Questions (errata?) about caching authenticated responses [#174]

From: Roy T. Fielding <fielding@gbiv.com>
Date: Mon, 7 Jun 2010 19:40:44 -0700
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <75B93E7E-CAE4-403D-9DF8-E8A8D06EBEB5@gbiv.com>
To: Mark Nottingham <mnot@mnot.net>
Wouldn't it be easier to just say Authorization implies
"Cache-control: private" unless explicitly given otherwise?

....Roy


On Jun 7, 2010, at 6:33 PM, Mark Nottingham wrote:

> I haven't heard any comment on this proposal. I *think* it accurately reflects what's in 2616, and AFAICT from the history, what's in 2616 was intentional. 
> 
> Thoughts?
> 
> 
> On 02/06/2010, at 2:54 PM, Mark Nottingham wrote:
> 
>> 
>> Counter-proposal:
>> 
>> Add a new section to p6:
>> 
>> ---8<---
>> Shared Caching of Authenticated Responses
>> 
>> Shared caches MUST NOT use a cached response to a request with an Authorization [ref] header to satisfy any subsequent request unless a cache directive that allows such responses to be stored is present in the response.
>> 
>> In this specification, the following Cache-Control response directives [ref] have such an effect: must-revalidate, public, s-maxage.
>> 
>> Note that cached responses that contain the "must-revalidate" and/or "s-maxage" response directives are not allowed to be served stale [ref] by shared caches. In particular, a response with either "max-age=0, must-revalidate" or "s-maxage=0" cannot be used to satisfy a subsequent request without revalidating it on the origin server. 
>> --->8---
>> 
>> ... with appropriate changes to p6 2.1, 2.2, as well as the definitions of the Auth header and appropriate CC directives.
> 
> 
> --
> Mark Nottingham     http://www.mnot.net/
> 
> 
Received on Tuesday, 8 June 2010 02:41:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:20 GMT