W3C home > Mailing lists > Public > public-bpwg-ct@w3.org > January 2008

ACTION-604 ACTION-615 Proposed Treatment of Bryan's Contribution in Preparation for a New Draft CT

From: Jo Rabin <jrabin@mtld.mobi>
Date: Thu, 17 Jan 2008 16:26:54 -0000
Message-ID: <C8FFD98530207F40BD8D2CAD608B50B4AD75C6@mtldsvr01.DotMobi.local>
To: <public-bpwg-ct@w3.org>

Hi folks

I have done a write through of Bryan's proposed "requirements" to fit in
with the style of the rest of the document and to make it a little more
discursive, as discussed on various calls. Before weaving this into the
current draft in various places I thought I would put it to the group
for comments and to see if there are any major objections. If not I will
create a new draft tomorrow afternoon (Friday) for discussion on the
call Tuesday.

I have tried to cross reference the section numbers from the present
draft to make sure everything is covered. I know I've missed a couple of
references out accidentally and there are a couple of sections I don't
think fit, exactly, and I have noted those below. I've also included
Bryan's original contribution for easy reference.

thanks
Jo

Current Draft:
http://www.w3.org/2005/MWI/BPWG/Group/TaskForces/CT/editors-drafts/Guide
lines/071124

ACTION-604 ACTION-615

Control of Proxy

A proxy may be active or passive. When active, a proxy offers various
[@@] features involving the transformation of content and manipulation
of HTTP headers. When passive a proxy may alter content and headers only
in the respects described in [HTTP] as if a Cache-Control: no-transform
directive were present (with the exception of "Dangerous Content"
below).

[Note: In practice a proxy may be made passive by configuration of the
network such that it is by-passed]

A proxy MUST offer basic control of its features to users, clients and
origin servers and MAY offer more advanced control [2.1.1 MAY-> MUST].
Basic control means transitioning between active and passive roles.  

When active, proxies MUST offer basic control on a per request basis and
MAY allow the registration of persistent user preferences [2.1.1
MUST->MAY].

Behavior When Active

A proxy SHOULD NOT alter HTTP requests unless not doing so would result
in the users request being rejected by the CP [this includes 406 as well
as 200 Your browser is not supported][2.1.4]

A proxy should only alter the format, layout, dimensions [@@how to
better express this] to match the capabilities of the client [2.1.2
"highest Quality"]. For example, when resizing images, they should only
be reduced so that they are suitable for the specific client, and should
not be done on a generic basis.
 
Proxies MUST NOT alter URIs with the https scheme unless specific
consent is granted by both the user and the origin server. [@@How in the
case of the origin server).
 

Interaction with the User (when Active)

If the client is known not to conform to this specification CT Unaware
[@@by ...] the proxy MUST offer a means of interacting with it to
provide at least basic control of its services. Proxies MAY in addition
offer user interaction via CTAware browsers.

Proxies MUST offer, via this interaction, a means of rendering itself
passive for [@@does the following make sense?] the following request
[2.2.2], for the current domain and for all future requests [2.2]. The
proxy MAY offer further features which SHOULD be offered on the same
basis (current domain, all future requests, etc.). Proxies MAY also
offer this interaction to browsers that do conform to this specification
but MUST offer a means of disabling it [@@by interaction as well as via
HTTP? If the latter need further cache control directive]

If content has been transformed proxies MUST indicate this to the user
[2.5.3] and MUST provide a means of retrieving the original content.
Proxies MAY provide a cached copy of the response prior to
transformation in fulfilling this requirement. [@@ should this be
available by some HTTP mechanism too [2.5.4] says yes which requires
further elaboration of current section 4.1]

Note: Further user control of the proxy MAY also be achieved by
administrative means, by providing a specific proxy configuration
facility or by other means.

The proxy MAY annotate hyperlinks with the https scheme noting that it
is unable to offer active service on such a request.

Dangerous Content

[@@note that this must steer clear of recommending a deviation from the
HTTP spec which I don't think is acceptable. However there are parallels
with the operation of e.g. child protection mechanisms]

Proxies MAY offer a feature when passive which MUST be under control of
the user [2.3.1][2.5.1] to block or transform content which it has been
determined would cause serious mis-operation of the client, such as
causing it to crash.

===

2.1.3 detection of CT-awareness
[JR: not sure why is this necessary]

A CT proxy shall be capable of detecting CT-awareness in CP and
browsers.

===


2.4 CT proxy capabilities disclosure to CP
[This should be covered in section 4.2 of the earlier draft ...]

A CT proxy shall disclose its CT capabilities to CT-aware CP without
affecting user agent identification or capabilities disclosure.

===

2.5.2 CT proxy capabilities disclosure to CT-aware browser
[This should covered in section 4.5 of the earlier draft]

A CT proxy shall disclose its CT capabilities to CT-aware browsers
without affecting CP-provided headers.


===

2.7 non-browser user agents

[JR I don't think I understand how the proxy would know this -
especially as non browser user agents would typically masquerade as
browsers so as not to get blocked by proxies]

A CT proxy should be capable of detecting non-browser user agents.

A CT proxy shall be capable of bypassing CT service for detected
non-browser user agents.

=============

Bryan's original text

CT = Content Transformation, CP = Content Provider(s)

An entity that is "CT-aware" is assumed to be specifically designed to
use or provide CT service per these guidelines. A "CT proxy" is assumed
to be CT-aware. A "non-CT proxy" is assumed to be CT-unaware. Browsers
and CP may be CT-aware or CT-unaware.
2.1 general requirements
2.1.1 preferences

A CT proxy may enable a user or user agent to select preferences for CT
service features.

A CT proxy that offers preference selection shall be capable of
retaining the selections.
2.1.2 provision of highest-quality content

When selecting a content representation by default, CT proxies shall
provide the highest-quality representation compatible with the browser.

"Compatible" in this requirement means a representation that the browser
supports, and results in a usable user experience.
2.1.3 detection of CT-awareness

A CT proxy shall be capable of detecting CT-awareness in CP and
browsers.
2.1.4 user agent identification and capabilities disclosure

A CT proxy may enable a user to select preferences for user agent
identification and capabilities disclosure to CP.

A CT proxy shall forward requests to CP without affecting user agent
identification or capabilities disclosure, except as necessary to
provide a user-selected content representation, or as otherwise
specified by user preferences.
2.1.5 original representation availability

A CT proxy shall provide availability of the original representation for
a CP response.

A CT proxy may support local caching of CP responses in their original
representation.
2.2 CT proxy serving CT-unaware CP and browser

A CT proxy shall be capable of providing CT service to CT-unaware CP and
browsers.
2.2.1 CT-unaware browser user selection of content representation

A CT proxy may enable a CT-unaware browser user to select a preference
for a content representation from among those available through the
proxy.

A CT proxy that offers user-selection of content representations should
be capable of user selection of such preferences for specific domains
and globally for all domains.

A CT proxy that offers user-selection of content representations should
be capable of offering the user the ability to switch representations
when viewing a page.
2.2.2 CT-unaware browser user selection of original content
representation

A CT proxy should support the ability of a CT-unaware browser user to
select the original representation for a CP response.
2.2.3 CT-unaware browser user selection of alternate content
representation

A CT proxy shall support the disclosure of available alternate
representations for a CP response to a CT-unaware browser user.

A CT proxy shall support the ability of a CT-unaware browser user to
select an alternate representation for a CP response.
2.3 CT proxy serving CT-aware CP and CT-unaware browser
2.3.1 CP directives

A CT proxy shall recognize and honor CP directives for supported CT
services.

As an exception to the previous requirement, a CT proxy should deny CP
directives that would result in dangerous markup being sent to the
browser.

A CT proxy may enable a user to select preferences for error handing
related to CP directives.
2.4 CT proxy capabilities disclosure to CP

A CT proxy shall disclose its CT capabilities to CT-aware CP without
affecting user agent identification or capabilities disclosure.
2.5 CT proxy serving CT-aware CP and CT-aware browser
2.5.1 browser directives

A CT proxy shall recognize and honor browser directives for supported CT
services.

As an exception to the previous requirement, a CT proxy should deny
browser directives that would result in dangerous markup being sent to
the browser.
2.5.2 CT proxy capabilities disclosure to CT-aware browser

A CT proxy shall disclose its CT capabilities to CT-aware browsers
without affecting CP-provided headers.
2.5.3 CT actions disclosure to CT-aware browser

A CT proxy shall disclose CT actions taken on CP responses to CT-aware
browsers.
2.5.4 CT-aware browser selection of original content representation

A CT proxy shall support the disclosure of the original representation
for a CP response to a CT-aware browser.

A CT proxy shall support the ability of a CT-aware browser to select the
original representation for a CP response.
2.5.5 CT-aware browser selection of alternate content representation

A CT proxy shall support the disclosure of available alternate
representations for a CP response to a CT-aware browser.

A CT proxy shall support the ability of a CT-aware browser to select an
alternate representation for a CP response.
2.6 security considerations

A CT proxy shall not rewrite secure links as a way to enable CT service
for those links, without the consent of the CP and user.

A CT proxy that does not support or is not allowed to provide CT service
for secure links should disclose to the user that the CT service will be
unavailable for those links.
2.7 non-browser user agents

A CT proxy should be capable of detecting non-browser user agents.

A CT proxy shall be capable of bypassing CT service for detected
non-browser user agents.
Received on Thursday, 17 January 2008 16:27:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 17 January 2008 16:27:10 GMT