W3C home > Mailing lists > Public > public-appformats@w3.org > November 2007

Re: Design issues for access-control

From: Thomas Roessler <tlr@w3.org>
Date: Mon, 5 Nov 2007 09:37:04 -0500
To: Anne van Kesteren <annevk@opera.com>
Cc: Jonas Sicking <jonas@sicking.cc>, "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <20071105143704.GB9549@raktajino.does-not-exist.org>

On 2007-11-05 06:13:01 -0500, Anne van Kesteren wrote:

>> Another thing that occurred to me is does HTTP caches take the
>> full set of request headers into account when caching?
>> Otherwise it could be directly harmful to include Referer-Root
>> and Method-Check headers. The cache might store an "authorize"
>> reply when the request is made for Referer-Root A and wrongly
>> respond with the same document is checked for Referer-Root B.

> The authentication request cache is a seperate thing that uses
> the Referer-Root and request URI as "primary key". Or do you mean
> something else?

Björn is talking about HTTP proxy caches on the network.  You really
don't want to get these into the critical path for deploying the
access-control spec.

-- 
Thomas Roessler, W3C  <tlr@w3.org>
Received on Monday, 5 November 2007 14:37:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:50:08 UTC