Very rough first draft of HTTP caching "issues" list from Jeffrey Mogul on 1995-12-21 (http-caching-historical@w3.org from December 1995)

From: Jeffrey Mogul <mogul@pa.dec.com>
Date: Thu, 21 Dec 95 15:37:35 PST
To: http-caching@pa.dec.com
Message-Id: <9512212337.AA08306@acetes.pa.dec.com>

Since I'm about to disappear for 6 days or so, I thought I should
send this out.  I put it together with some help from several of
you, but it's probably fairly cryptic at this point and not complete.

Suggested additions are welcome.

-Jeff

Basic caching model issues:
	What is the unit of caching? (e.g., "entity + response headers")
	What is the cache key?  How flexible is this?
	How does the cache determine if an entry is valid?
	When must/should validation be done?
	What does Expires: do?
	What does Cache-control: do?
	What happens if validation isn't possible?
	How can UAs override default policies?
	Compatibility with 1.0 implementations (If-Modified-Since)	

How is caching supposed to work with content negotiation?
	Can the cache tell the server something that will
	result in the use of a cached item instead of a
	variant?

Security issues
	Spoofing using Location headers (prevention thereof?)
	[or leave this to the content-negotiation subgroup?]

Privacy issues
	TBS

Compatibility with post-1.0 implementations
	Is anyone using Cache-control?  If so, what syntax+semantics?

Which response-headers are kept in the cache?
	who gets to decide?
	is this a priori (i.e., listed in the spec) or dynamic?

Review "proxy authentication" (requested by David Morris)

Multiple URLs for the same object: should the cache avoid
	storing multiple copies?  Should the protocol make copy-combination
	easier?  Are there invalidation problems?

Extension methods: Can we define a reliable and secure mechanism that
	allows proxies to forward methods that they do not understand,
	and perhaps to cache the results?

Cache-prevention: Can providers ensure that no copy of an object is
	cached 	anywhere?  This is for content-providers who are worried
	about leakage of sensitive information.

History-prevention: can the origin-server control what goes into the
	history list on a browser?  (More precisely, can/should a
	response specify "not to be placed in history list"?)  [Maybe
	not a topic for this subgroup]

Cached-copy-update problem: How to preserve cache consistency when
	an update is made.  For example, what happens if an obejct
	is cached in two different proxies and one client does an
	update?

Tradeoff between validation traffic and stateness: given that this
	is unavoidable:
		how can the protocol design optimize things?
		who gets to decide how to set the tradeoff point?
		how does the protocol allow the tradeoff point to be set?

Received on Thursday, 21 December 1995 23:44:53 UTC