- From: James M Snell <jasnell@gmail.com>
- Date: Mon, 25 Nov 2013 16:43:51 -0800
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Mon, Nov 25, 2013 at 4:10 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > On 25 November 2013 15:53, David Morris <dwm@xpasc.com> wrote: >> Powers need to be negotiated and not an absolute feature of the protocol. > > That's a nice blanket statement. Let's assume that this is true for > all combinations of powers (a point that seems suspect); who are the > parties at the negotiation table? > Great question that does not have a great answer. Part of the problem with this conversation is that we don't really have a great vocabulary developed yet to really discuss it.. we just keep saying "trusted proxy" and "untrusted proxy" without really breaking down what those really are. We need to if we're going to make any progress in this discussion. Also, without any clear shared notion about what kind of good behaviors a "trusted" intermediary ought to implement, it's going to be very difficult to really nail this down. So let's take a first stab at this: 1. A Trusted Intermediary exists in the path for the benefit of either the requesting agent, responding origin, or both. 2. A Trusted Intermediary ALWAYS makes it's presence on the path known to both the requesting agent and the origin. 3. A Trusted Intermediary ALWAYS ensures that any modification it makes to either the request or response are detectable by the receiving peer. 4. A Trusted Intermediary NEVER utilizes request or response data in a manner not authorized by the requesting agent or responding origin. 5. A Trusted Intermediary that exists for the benefit of the requesting agent ALWAYS provides proof to the responding origin that it has been authorized and trusted by the requesting agent. 6. A Trusted Intermediary that exists for the benefit of the responding agent ALWAYS provides proof to the requesting agent that it has been authorized and trusted by the responding origin. 7. A Trusted Intermediary NEVER attempts to subvert or compromise the integrity communication between the requesting agent and responding origin. 8. A Trusted Intermediary ALWAYS limits it's actions to those explicitly granted to it by the requesting agent or responding origin or both. 9. A Trusted Intermediary ALWAYS asks for permission before it performs any action (see #2) I'm sure these could use some massaging and refinement, but what this basically describes in a delegation model: A trusted intermediary is one that has been delegated some form of verifiable permission to act by either the origin or the agent. The key questions, then, become how exactly do we reliably enable this kind of delegated authorization model. Is breaking the conversation down this way helpful? - James
Received on Tuesday, 26 November 2013 00:44:40 UTC