RE: Comments to Problem Statement Document 1f

Hi Bryan

Interesting points. 

I suppose that I see this as an issue where the choice is in the hands
of the user and the content provider. Not the intermediary. The
intermediary can be seen as acting on behalf of the user if the user has
given their consent to the proxy so acting. So, if I have signed up to a
bad-word removal service and use it as a proxy and it refuses to honour
the no-transform directive, that's OK. As it's my choice.

Equally the content provider's choice is being thwarted. Consequently I
agree that in this case the proxy should (Or MUST return a response with
a status indicating that it could not comply with both the user's and
the content provider's wishes). However, I think that this is at the
level of a guideline and not a requirement and hence think that this
should feature in that document, not the problem statement. i.e. it's
not a problem today because no one does it. It is a consequence of some
likely proposed solution so should be dealt with in that context.

In any case if the content provider is not prepared to honour the
no-transform directive then the one thing that the proxy must not do is
alter the content and forward it - causing the error message we agree
should be displayed. That means that the server has in fact been
successful in prohibiting transformation.

The wording "request" suggests that the proxy has a choice. And though I
guess we need to work though detailed use cases before saying "never" I
think that in general at least the proxy, and its owner, does not have
that choice of independent action.

Jo


> -----Original Message-----
> From: public-bpwg-ct-request@w3.org
[mailto:public-bpwg-ct-request@w3.org]
> On Behalf Of Sullivan, Bryan
> Sent: 11 October 2007 09:53
> To: public-bpwg-ct@w3.org
> Subject: Comments to Problem Statement Document 1f
> 
> 
> Hi all,
> Here are some comments to the current version
>
http://www.w3.org/2005/MWI/BPWG/Group/TaskForces/CT/editors-drafts/Probl
> emStatement/071008
> 
> Re "4. Origin servers must be able to selectively enable or disable
> features of transforming proxies.":
> [bryan] I would say here "must be able to request selective enabling
or
> disabling...". It may not be the policy of the CT proxy provider to
> allow sites to control the proxy's behavior. For example, a CT proxy
> that removes "bad words" etc as a "Parental Control" feature may not
> allow content providers to disable this function. Another example is
the
> insertion of content, e.g. footers or ads, which the CT proxy may not
> allow to be disabled per the service agreement betweem the CT proxy
> provider and the user. I agree that selective control will be useful,
> but compliance by the CT proxy cannot be mandated in all cases.
> 
> Re "5. Origin servers and proxies must be able to identify the actual
> identity of components of the delivery context, including (other)
> proxies and browsers.":
> [bryan] For proxies, it's not the "identity" that is important but the
> configuration of the proxy for the current delivery context. One proxy
> can provide different CT service for different users and delivery
> context attributes (e.g. mobile access network in use). What the
> downstream proxies and origin servers (may) need to know is what the
> proxy is configured to do in the current context.
> 
> Re "6. Origin servers must be able to prohibit any kind of
> transformation of its content.":
> [bryan] This should be covered by [4] above, and is subject to the
same
> limitations per CT proxy provider policy.
> 
> Re "2.2.2.2 Non Web Applications":
> [bryan] The same comment as for [6] applies, otherwise an alternate
> requirement is proposed: "Transforming proxies must be configurable to
> disable transformation for non-web applications, e.g. if
transformation
> would serve no useful purpose or break non-web applications.". The key
> difference here is that the control of the transformation disabling is
> in the configuration of the CT proxy, and thus does not require
> transformation-control enhancements to arbitrary non-web application
> protocols.
> 
> Re "2.2.2.3 Legal, Moral and Commercial Issues":
> [bryan] The same comment as for [6] applies.
> 
> Re "11. It must be possible for origin servers selectively to indicate
> that content of various types must not be removed, replaced or
inserted
> by transforming proxies."
> [bryan] This should be covered by [4] above, as a detailed feature of
> transforming proxies.
> 
> One additional requirement that could be added as a compromise on the
> policy control issues, is that "Transforming proxies must return an
> error response to the user agent if the transforming proxy cannot
comply
> with an origin server request to enable or disable a transformation
> proxy feature".
> 
> Best regards,
> Bryan Sullivan
>

Received on Thursday, 11 October 2007 17:13:08 UTC