New content negotiation sections (long)

I'm mailing this document to both the content negotiation and the
caching mailing lists.

For the caching list: yes, this is very long, but it does, among other
things, specify how the interaction between content negotiation and
caching can work.  I don't know if such a specification can be much
shorter.  Some text can be skipped if you are only interested in
caching.

For the content negotiation list: this is an update on the draft I
sent on Sunday.  Now would be a good time to read this document.  I
will not write more text before I get some feedback.

  --------snip!---------


     New content negotiation sections
     ================================

                                         Koen Holtman, koen@win.tue.nl
	                                 version 2, 31 Jan 1996

INTRODUCTION

Parts of this document are unfinished.

This document contains new versions of some sections in the HTTP
1.1-01 draft that describe content negotiation.  The text below
reflects the consensus of the content negotiation subgroup, as I
perceive it now, but also adds a many details not previously discussed
in the content negotiation subgroup or the caching subgroup.

The intention is that these new versions replace the old versions in
the HTTP 1.1 draft.

This text is also written to transmit my view how the interaction
between content negotiation and caching should work to the caching
subgroup.

I claim that the mechanisms defined here are powerful enough to allow
efficient caching of all kinds of content negotiation, and that they
are still simple enough to allow implementation.

I also claim that the mechanisms cannot be made much simpler without
affecting cachability, the power of the negotiation mechanism, or
both.

The text blocks marked with ## signs are comments.  Some of them will
be removed in later versions of this document, others may be kept
until the last version, but should be removed when text is taken from
this document and put into a HTTP 1.1 draft.

I'm a bit disturbed as the increase in length of the text below with
respect to the old Chapter 12, but I can't find anything I'd want to
take out, so I guess the increase in length just reflects (our
increased understanding of the) complexity of content negotiation.

The text below follows the structure of the 1.1 draft.  The beginning
is therefore not necessarily the best place to start reading!  A good
reading order may be:
 1 introduction of Section 12
 2 header descriptions
 3 response code descriptions
 4 Sections 12.1, 12.2
 5 Section xx.yy (Caching issues connected to content negotiation)
 6 Section pp.qq.

Koen.

       -----------------------------------------------------

[##
Changes wrt version mailed to conneg list on Sunday:
- added introduction
- new sections
- new comments
- grammar check done
- send-no-body-for replaced by variant-if-modified-since
- changed the word `field' to `attribute' or `directive' several times
##]

       -----------------------------------------------------

[## Question to be resolved: Should a rudimentary feature negotiation
facilities that work for 90% of the cases be added as a stopgap??  I
wonder if we won't be doing the web community a disservice if we delay
a 90% solution in order to construct a 99% solution for HTTP 1.2 After
all, most negotiation that happens now is on tables vs. no tables, not
on language or MIME type.  ##]

[## Question to be resolved: should URI and Location really be called
entity headers? ##]

       -----------------------------------------------------

9.3  Redirection 3xx

[.....]

300 Multiple Choices

The requested resource is a negotiable resource and the server is
engaging in reactive content negotiation (Section 12).  This response
may only be generated if specific conditions given in Section 12.2 are
met.  The response must include an URI header describing the variants
bound to the resource, allowing a user agent to automatically select
and retrieve a variant if appropriate.  Unless it was a HEAD request,
the response may include an entity.  If an entity is included, this
entity must give the user the option to select the most appropriate
variant manually must never be included.  The suggested entity media
type as given in the Content-Type response header is "text/html".  If
the service author finds it appropriate for a user agent that does not
implement a variant selection algorithm to automatically retrieve a
certain variant, then a Location response header giving the URI of
that variant may be included in the response.  This response is
cachable, subject to the restrictions specified in the caching related
directives of the included URI header, if such directives are present.

[.....]

9.4  Client Error 4xx

[.....]

406 None Acceptable

The requested resource is a negotiable resource and the server is
engaging in reactive content negotiation (Section 12).  The response
must include an URI header describing the variants bound to the
resource, allowing a user agent to automatically select and retrieve a
variant if appropriate.  Unless it was a HEAD request, the response
should include an entity that describes the variants bound to the
negotiable resource in a form that gives the user the option to select
the most appropriate variant manually.  The suggested entity media
type as given in the Content-Type response header is "text/html".  If
the service author finds it appropriate for a user agent that does not
implement a variant selection algorithm to automatically retrieve a
certain variant, then a Location response header giving the URI of
that variant should be included in the response.  This response is
cachable, subject to the restrictions specified in the caching related
directives of the included URI header, if such directives are present.


       -----------------------------------------------------

### Todo (maybe): Include improved descriptions of Accept* headers
### here

### Todo: introduce reactive-on-wildcard directive for the Accept header.

### Todo: adjust terminology in the description of the Location header.

       -----------------------------------------------------

10.42  URI

[## Note: the "mirror" and "name" directives found in the URI header
of the 1.1-01 draft have been deleted from this URI header definition.
These directives have nothing to do with content negotiation, and they
make the definition of the role of the URI header as indicating
negotiability a lot more difficult.  The content negotiation subgroup
advises that "mirror" and "name" functionality, if kept in the next
HTTP 1.1 draft, is put in one or two other headers.##]

If an URI entity-header header is present in a response, this
indicates that the resource is negotiable (Section 12).  The URI
header field describes the variants bound to the negotiable resource.
The URI header field can also contain directives that control the
cachability and express the variance of the URI header, and, for some
response codes, the whole response.

    URI-header  = "URI" ":" 1#( uri-variant | uri-caching )

    uri-variant = "{" "variant" <"> URI <"> source-quality
                      [ "{" "type" <"> media-type <"> "}" ]
                      [ "{" "language" <"> 1#language-tag <"> "}" ]
                      [ "{" "encoding" <"> 1#content-coding <"> "}" ]
                      [ "{" "length" 1*DIGIT "}" ]
                      [ "{" "description" quoted-string "}" ]
                  "}"

    source-quality = qvalue

    uri-caching = "{" "cache-control" 1#cache-directive "}"
                | "{" "vary" 1#vary-directive "}"

[##Note: the uri-caching directives are supposed to replicate the
caching and vary features offered for normal responses by the
Cache-Control and Vary response headers.  The syntax below should be
adjusted to the syntax of the Cache-Control and Vary response
headers.##]

Any URI specified in this field can be absolute or relative to the
Request-URI.

For each of the variants bound to the negotiable resource, the URI
header must include a "variant" form describing that variant.  

The source-quality attribute given in a variant description is
measured by the content provider as representing the amount of
degradation from the original source.  For example, a picture
originally in JPEG form would have a lower source quality when
translated to the XBM format, and much lower source quality when
translated to an ASCII-art representation.  Note, however, that this
is a function of the source -- an original piece of ASCII-art may
degrade in quality if it is captured in JPEG form.  If variants are
not converted from one source, but constructed separately to represent
the same abstract information in different ways, then the source
quality values can be used to express differences in quality between
the variants.

An example URI header for a negotiable resource with the URI
http://www.w3.org/pub/WWW/TheProject is:

    URI: {variant "TheProject.fr.html" 1.0
                 {type "text/html"} {language "fr"}},
         {variant "TheProject.en.html" 1.0
                 {type "text/html"} {language "en"}},
         {variant "TheProject.fr.txt" 0.7
                 {type "text/plain"} {language "fr"}},
         {variant "TheProject.en.txt" 0.8
                 {type "text/plain"} {language "en"}}

which indicates that the negotiable resource binds to four individual
variant resources that differ in media type and natural language.

The type, language, encoding, and length attributes of a variant
description refer to their Content-* header counterparts.  Though all
attributes are optional, it is often desirable to include as many
attributes as possible as this will increase the quality of the
negotiation process.

The description attribute is meant to provide a textual description of
some properties of the variant, to be displayed by a user agent when
showing the list of all variants bound to a negotiable resource (see
Section 12).  This attribute can be included if the URI and normal
attributes of a variant are considered too opaque to allow
interpretation by the user.

[##Note: the text below may need some editing depending on changes to
the Cache-control header and the kind of Vary header introduced.##]

The cache-control directive of the URI header field can be used to
restrict the cachability of the URI header, and, for some response
codes, the other parts of the response.  This directives duplicates
the control functionality offered for un-negotiated resources by the
Cache-Control header.  The vary directive of the URI header field
expresses the variance of the the URI header, and, for some response
codes, the other parts of the response, on properties of the request.
This directive duplicates the functionality offered for un-negotiated
resources by the Vary header.  Caching of negotiated resources is
covered in Section xx.yy.  An example is:

    URI: {variant "plan.html" 0.9
                 {type "text/html"}},
         {variant "plan.wuxta.html" 0.2
                 {type "text/html"}
                 {description "Does not trigger bug in WuxtaWeb 1.x"}},
         {variant "plan.dvi" 1.0
                 {type "text/x-dvi"}},
         {vary User-Agent},
         {cache-control max-age=1209600}

which indicates that the variant set bound to the resource varies on
the User-Agent request header.  In responses to requests done with a
WuxtaWeb 1.x user agent, the server would presumably generate an URI
header with the same variants, while assigning a source quality of 0
to the plan.html variant and a source quality of 0.8 to the
plan.wuxta.html variant.  The cache-control directive limits the
cachability of the URI header to two weeks, presumably because the
content author wants to have the possibility of adding more special
variants if bugs in other user agents are found.

[## Issue to be resolved: Should there be cookie and user-agent-prefix
variant description attributes as an alternative to varying on Cookie
and User-Agent? ##]

[## Note: adding feature negotiation would add a "feature" variant
description attribute in the URI header.  This attribute would contain
feature identifiers, which are short codes for things like `user agent
supports HTML 3.0 tables', `user agent supports java', and the
negations of feature identifiers. ##]

       -----------------------------------------------------

10.aa Variant-If-Modified-Since

The Variant-If-Modified-Since request-header is used with the GET
method on negotiable resources to make the transmission of a variant
in a preemptive negotiation response (Section 12.2) conditional.  If
the selected variant resource has not been modified since the time
specified in this field, a copy of the resource will not be returned
from the server; instead, a 304 (not modified) response will be
returned without any Entity-Body.

     Variant-If-Modified-Since = 
           "Variant-If-Modified-Since" ":" URI LWS HTTP-date

[## Todo: check if the LWS (linear whitespace) above is required in
the syntax description ##]

The URI specified in this field can be absolute or relative to the
Request-URI.  A request can contain multiple Variant-If-Modified-Since
headers, but must not contain multiple Variant-If-Modified-Since
headers which refer to the same variant.

[## Todo (maybe): specify the exact semantics of conditional variant
GET requests, by giving an algorithm as is done in the
If-Modified-Since header description. Alternative: point to such an
exact description in Section 12.##]

[## Question to be resolved: Should we name this header Variant-IMS,
which is shorter? ##]

       ------------------------------------------------------

12.  Content negotiation

Content negotiation is an optional feature of the HTTP protocol:
resources may be negotiable, but they need not be.  If a resource is
negotiable, this changes the semantics of GET and HEAD transactions on
the resource.  Other transactions are not affected.

A negotiable resource has a number of variants bound to it.  The HTTP
content negotiation mechanisms allow for selection of the preferred
variant bound to a negotiable resource based on the the properties of
the variants and on the user agent preferences for the retrieval
action.

[## Note: `retrieval action' is a new term I had to introduce because
`request' is not entirely accurate here: with reactive negotiation,
one retrieval action causes two requests. ##]

A variant is a resource, identified by a variant URI, that provides a
representation of the content of a negotiable resource.  A variant
must never be a negotiable resource itself.  It is the responsibility
of the author of the negotiable resource, not the author of the
variant, to ensure that this restriction is not violated.

The negotiability of a resource is expressed by the URI response
header.  If a 2xx, 3xx, or 406 class response does not include an URI
response header, then clients can treat the corresponding resource as
un-negotiable.  If a response does include an URI response header,
then clients must treat the resource as negotiable.  This has
implications for user agent behavior and for the behavior of caches.
Caching of negotiable and variant resources is treated in Section
[xx.yy].

The URI response header corresponding to a negotiable resource
describes the variants bound to the negotiable resource.  User agents
can use the descriptions in the URI header to automatically retrieve
and display the variant which best fits the preferences for the
retrieval action.

When displaying a variant as the end result of a retrieval action on a
negotiable resource, a user agent should allow the user to review a
list of all variants bound to the negotiable resource, and to
initiate retrieval of another variant if desired.  The list can be
annotated with some or all of the properties of the variants, as given
in the URI header of the negotiable resource.

When displaying a variant as the end result of a retrieval action on a
negotiable resource, a user agent should show the negotiable resource
URI, not the variant URI, as being the URI the contents of which were
retrieved.  If the user agent stores a reference to the content
displayed for future use, it is the the negotiable resource URI, not
the variant URI, which should be stored.

HTTP/1.1 provides for two types of content negotiation: preemptive and
reactive.  Preemptive negotiation is generally faster than reactive
negotiation, but it can only be used if sufficient information about
user agent preferences is present in the request on the negotiable
resource.  Reactive negotiation can always be used.  Therefore,
preemptive negotiation is best seen as mechanism that can sometimes
optimize on reactive negotiation transactions.

The If-Modified-Since header (Section 10.23) cannot make GET requests
on negotiable resources conditional.  Servers should ignore this
header if it is present in a request on a negotiable resource.

12.1  Reactive negotiation

In reactive negotiation, the selection and retrieval of a variant
bound to the negotiable resource spans two transactions.  In the first
transaction, the client transmits a request on the negotiable resource
URI, and the server responds with a 300 (multiple choices) or 406
(none acceptable) response, which includes an URI header describing
the variants bound to the negotiable resource.  A 406 response may
always be generated, a 300 response may only be generated if specific
conditions given in Section 12.2 are met.  The client can use the the
URI header in the 300 or 406 response to select the variant that
matches best to the preferences for the retrieval action.

In the second transaction, the user agent transmits a request on the
variant URI of the selected variant, and the server will typically
respond with a 200 (OK) response, though other response codes like 302
(moved temporarily) are also possible.  Only the user agent needs to
know that the second request is part of a reactive negotiation
process, all other parties can treat it as a normal request on an
un-negotiated resource.

User agents should use the reactive variant selection algorithm below
when automatically selecting the best variant listed in an URI header.
User agents are allowed to use other variant selection algorithms, but
this is not recommended, as preemptive negotiation is defined to
optimize the case in which the reactive variant selection algorithm
below is used.

User agents that do not wish to implement a variant selection
algorithm can, by only using Accept request headers of a certain form
[##(*)##], force servers to only send 406 (none acceptable) responses
when engaging in reactive negotiation.  They can then use the 406
response body to allow the user to select a variant manually, or use
the 406 response Location header, if present, to automatically fetch
the variant recommended by the server.

[##(*) note: 1.0 clients will always use Accept headers of the certain
form that forces a 406 response if no preemptive negotiation can be
done##]

In the first step of the reactive variant selection algorithm, the overall
quality for every variant listed in the URI header of the negotiable
resource is computed.  The overall quality of a variant is a real
number Q in the range 0 through 1, where 0 is the minimum and 1 the
maximum value, defined as

   Q = qs * qe * qc * ql * q * qml

The values qs,qe,qc,ql,q,qml for a particular variant are all
determined using the part of URI header field describing that variant,
called the variant description below.

   qs   The source quality factor for the variant is given by the
        source-quality attribute in the variant description.

[## Todo: the text about the service author determining qs that was
here in the 1.1 draft should be moved to the section describing the
URI header##]

   qe   The encoding quality factor is 1 if there is no encoding
        attribute in the variant description.  If there is an encoding
        attribute in the variant description, the encoding quality
        factor is 1 if the user agent can decode a message with the
        given content encoding, 0 otherwise.

[## Todo: describe format of content encoding attribute in the URI header
description]

   qc   The charset quality factor is 1 if there is no type attribute in
        the variant description, or if the media type given in the
        type attribute of the variant description does not have a
        charset parameter.  If there is a charset parameter, then the
        charset quality factor is 1 if the user agent can process a
        message with the given character set (Section 3.4), 0
        otherwise.  User agents must assign a charset quality factor
        of 1 to the US-ASCII charset.

[## Should we have charset quality factors in the range 0 through 1
rather than plain 0 or 1 here?  There have been some comments that
this is desirable##]

   ql   The language quality factor is 1 if there is no language
        attribute in the variant description.  If there is a language
        attribute, then the language quality factor is the highest
        quality factor assigned to any one of the listed languages
        according to the user agent language preferences for the
        retrieval action.  User agents must assign a language quality
        factor of at least 0.001 to every language.

[## Note: the 1.1-01 draft says: `If at least one variant has an
assigned content language, but the one currently under consideration
does not, then it should be assigned the value "ql=0.5".'  I deleted
this requirement, service authors can more accurately use the qs
attribute to adjust things in situations where only some of the
variants have languages##]

   q    The media type quality factor is 1 if there is no type attribute in
        the variant description.  If there is a type attribute, then the
        media type quality factor is the quality factor assigned to
        the given media type in in the user agent media type
        preferences for the retrieval action.

   qml  The maximum length quality factor is 1 if there is no length
        attribute in the variant description.  If there is a length
        attribute in the variant description, then the maximum length
        quality factor is 1 if the length given is less than or equal
        to the maximum acceptable length according to the user agent
        maximum length preferences for the retrieval action, 0
        otherwise.  Preferred maximum lengths are often equal to
        `infinity'.  The prefered maximum length for a variant can
        vary on the type of the variant as given by the type attribute
        in the variant description, if present.

In the second step of the the reactive variant selection algorithm,
the overall qualities of all variants are compared to select the best
variant.  If there is one variant with the highest overall quality
value, then that variant is the best variant.  If there are multiple
variants that share the highest overall quality value, then the
variant that is listed first in the URI header is the best variant.

If all variants have an overall quality value of zero, a user agent
should not automatically retrieve the first variant, but stop the
reactive negotiation process, allowing the user can decide on the next
action.


12.2  Preemptive negotiation

In preemptive negotiation, the selection and retrieval of a variant
bound to the negotiable resource is done in a single transaction,
saving one round trip time over reactive negotiation.  A preemptive
negotiation response must only be generated by a server if the request
on the negotiable resource contains enough information about the
capabilities and preferences of the user agent to allow the server to
determine which variant would be chosen if the reactive variant
selection algorithm outlined above were used by the user agent in
reactive negotiation.

A preemptive negotiation response must always contain an URI header
describing the variants bound to the negotiable resource, and a
Location header that gives the variant URI of the best variant as
determined by the server.  

The status code of a preemptive negotiation response can never be 300
or 406, as these status codes indicate reactive negotiation.  A
preemptive response contains a representation of the best variant
resource, which has the URI given the Location header of the response,
and the status code of the response is part of that representation.

The representation of the best variant resource consists of a `virtual
response', as generated by the server, using HTTP semantics for
un-negotiated resources, to a `virtual request' on the variant URI.

The virtual response can be constructed by taking the actual
preemptive negotiation response, and deleting the URI and Location
headers.

The virtual request can be constructed by taking the actual request on
the negotiable resource, replacing the request URI by the variant URI
as given in the Location response header, deleting all
Variant-If-Modified-Since headers, and, if there was a
Variant-If-Modified-Since header with an URI matching the variant URI
as given in the Location response header, adding an If-Modified-Since
header with the date given by that Variant-If-Modified-Since header.

Clients can use the virtual response to display the contents of the
best variant resource.  Clients may present the information in a
virtual response as being controlled by the author of the variant
resource, not the author of the negotiable resource on which the
actual request was made.  It is the responsibility of the server to
ensure that variant resource author indeed has this control.  Section
[pp.qq] discusses the implications of this rule on server design and
administration.  Clients that get a reactive negotiation response
directly from an origin server must reject this response as a probable
spoofing attempt if the Location header in the response gives the URI
of a variant resource not located on the same origin server.  If the
client is a proxy, it must never pass on the rejected response to its
own clients, it can generate a 502 (bad gateway) response instead.

User agents can transmit information about their capabilities and
preferences for a retrieval action using the various accept request
headers.  If the accept headers present in a request on a negotiable
resource contain enough information, a server will be able to generate
a preemptive negotiation response.  As most resources will be
un-negotiable, user agents are encouraged to send empty or small
accept headers, or even omit some accept headers entirely, by default.
If a user agent knows or discovers that an origin server provides
negotiated resources, it is encouraged to use data from the negotiated
responses received so far to dynamically add or extend accept headers
sent to the origin server in future requests, in order to increase the
probability that preemptive negotiation can be used instead of the
slower reactive negotiation.

Servers that want to support preemptive negotiation must use the
preemptive variant selection algorithm below.  This algorithm can be
applied to determine

 o whether a preemptive negotiation response may be sent, and if so,
   which variant must be selected as the best variant

 o whether a 300 (multiple choices) reactive negotiation response
   may be sent.

The algorithm uses the variant descriptions for each of the available
variants, as will be included in the URI header of the response, and
the Accept headers of the request as input.

In the first step of the preemptive variant selection algorithm, the
overall quality for every variant bound to the negotiable resource is
computed.  The overall quality of a variant is a real number Q in the
range 0 through 1, where 0 is the minimum and 1 the maximum value,
defined as

   Q = qs * qe * qc * ql * q * qml

The values qs,qe,qc,ql,q,qml for a particular variant are all
determined using the variant description of the particular variant and
the Accept headers of the request.  

The overall quality values computed in the preemptive algorithm are
not necessarily equal to the overall quality values values computed in
the reactive algorithm of Section 12.1.

   qs   The source quality factor for the variant is given by the
        source-quality attribute in the variant description.

###################################################################
[## Todo: paste and edit other parameter descriptions from 1.1-00
draft.  Alternative: put these descriptions in the subsections of the
individual accept headers and point to them here.  Second
alternative: do both.  This todo has no connection to caching, so it
does not have a high priority.  ##]
###################################################################

In the second step of the preemptive negotiation variant selection
algorithm, the overall qualities of all variants are compared to
select the best one.  If there is one variant with the highest overall
quality value, then that variant is the best variant.  If there are
multiple variants that share the highest overall quality value, then
the variant that is listed first in the URI header is the best
variant.

In the third step of the preemptive negotiation variant selection
algorithm, it is determined whether a preemptive negotiation response
may be sent to return the best variant found, and also whether a 300
whether a 300 (multiple choices) reactive negotiation response may be
sent.

If the best variant has an overall quality value of zero, then the
server must not not generate a preemptive response, nor must it
generate a reactive response with the 300 (multiple choices) response
code. It should generate a reactive response with the 406 (none
acceptable) response code.

If the best variant has a quality factor greater than zero, and the
Accept header of the request does not contain a reactive-on-wildcard
directive, then the server may generate a preemptive response with the
URI of the best variant in the Location header.  It may also generate
a reactive response with the 300 (multiple choices) response code. It
should not generate a reactive response with the 406 (none acceptable)
response code.

If the best variant has a quality factor greater than zero, and the
Accept header of the request contains a reactive-on-wildcard
directive, and the type quality factor (q) of the best variant was
derived from an Accept header media range containing an asterisk "*"
wildcard character, then the server must not not generate a preemptive
response, nor must it generate a reactive response with the 300
(multiple choices) response code. It should generate a reactive
response with the 406 (none acceptable) response code.

If the best variant has a quality factor greater than zero, and the
Accept header of the request contains a reactive-on-wildcard
directive, and the type quality factor (q) of the best variant was not
derived from an Accept header media range containing an asterisk "*"
wildcard character, then the server may generate a preemptive response
with the URI of the best variant in the Location header.  It may also
generate a reactive response with the 300 (multiple choices) response
code. It should not generate a reactive response with the 406 (none
acceptable) response code.

An origin server should not generate a preemptive response if the best
variant resource is located on another origin server, because clients
must reject such responses as probable spoofing attempts.  In this
case, the server should generate a reactive response with the 300
(multiple choices) response code instead.  Proxies may generate a
preemptive response if the negotiable resource and the best variant
resource are located on different origin servers.

       ------------------------------------------------------

xx.yy  Caching issues connected to content negotiation

[##Note: the text below may need some editing depending on changes to
the Cache-control header and the kind of Vary header introduced.##]

Below, the caching of the responses in the first transaction in a
reactive negotiation process (Section 12.1), and the caching of
preemptive negotiation responses (Section 12.2) is discussed.  For the
second transaction in a reactive negotiation process, which is done on
an un-negotiated variant resource (at least if no errors are made by
the author of the negotiable resource), the normal caching rules
apply.

To generate a response to a new request on a negotiable resource, a
proxy or user agent cache may sometimes re-use parts of old responses.

The URI header in an old response from the negotiable resource may be
re-used provided that

  o any caching restrictions specified by the caching related request
    headers of the new request, if present, and the cache-control
    directive of the URI header, is present, are met, and provided
    that

  o if a vary directive is present in the URI header, then the old
    request and the new request match according to the matching
    function specified by the vary directive.

[##Note: the text above assumes that the Vary header is defined as
generating a request matching function##]

If an URI header that may be re-used is present, then the proxy may
assume that the resource requested is still a negotiable resource.  In
other cases, no assumptions about negotiability or un-negotiability of
the resource must be made.

The response headers and response body of a reactive negotiation
response (a response with a 300 or 406 response code) may be re-used
if the URI header in the such a response may be re-used.

A virtual response included in a preemptive negotiation response may
be re-used provided that

  o any caching restrictions specified by the caching related request
    headers of the new request, if present, and in the caching related
    headers of the virtual response, if present, are met, and provided
    that

  o if a Vary response header is present in the virtual response, then the
    old request and the new request match according to the matching
    function specified by the vary directive.

[##Note: the text above assumes that the Vary header is defined as
generating a request matching function##]

A real response for a variant, that is a response generated by a
request on the URI of that variant, is re-usable if

  o any caching restrictions specified by the caching related request
    headers of the new request, if present, and in the caching related
    headers of the real response, if present, are met, and provided
    that

  o if a Vary response header is present in the real response, then
    the old request on the variant URI and the new request match
    according to the matching function specified by the vary
    directive.

[##Note: the text above assumes that the Vary header is defined as
generating a request matching function##]

If a proxy or user agent cache gets a new request on negotiable
resource, and it has a re-usable URI header for that request, then it
may apply the reactive variant selection algorithm from Section 12.2
to the re-usable URI header and the request accept headers to
determine which types of negotiation responses it is allowed to send.
Note that the algorithm always allows the server to send a 406 (none
acceptable) reactive negotiation response.

If a certain response can be sent by the proxy or user agent cache,
then this response must be constructed from re-usable components only,
according to the restrictions below.

The URI header in the response must be the URI header re-used in the
the reactive variant selection algorithm.

If the response is a 300 or 406 reactive negotiation response and an
entity is included, then this entity must either be constructed from
the contents of the URI header re-used, or be taken from a re-usable
300 or 406 response that has an URI header identical to the URI header
re-used.  A Location header may only be included in the response if it
has been taken from a re-usable 300 or 406 response that has an URI
header identical to the URI header re-used.

If the response is a preemptive negotiation response, then the
Location header included should give the URI of the best variant as
determined by the variant selection algorithm.  

The virtual part of the response, which is the preemptive negotiation
response with the URI and Location headers deleted, should be
identical to either a re-usable virtual response for the best variant,
a re-usable real response for the best variant, or the response to a
new request on the best variant URI made by the cache, where the new
request is constructed according to the rules for the construction of
a virtual request given in Section 12.2.

[## Todo: the above description does not take new virtual 304 (not
modified) responses into account, which may be generated (I believe)
without there being an old re-usable 304 (not modified) response.  The
text above needs to be extended to account for this.  (Are 304
responses re-usable anyway?  Or can they just be generated on the fly
using re-usable 200 responses?  Either view will work I guess) ##]

[## Todo: discuss the use of Variant-If-Modified-Since headers, and
the modification of a 304 (not modified) response into a 200 response
that includes a variant body by using a cached re-usable 200
response.##]

[##Todo: somewhere, there should be text saying that caches should
throw away older cachable URI headers and variant responses if they
receive newer ones##]

       ------------------------------------------------------

pp.qq Security considerations connected to content negotiation

#### - spoofing using Location headers.

###Clients may present the information in a virtual response as being
###controlled by the author of the variant resource, not the author of
###the negotiable resource on which the actual request was made.  It
###is the responsibility of the server to ensure that variant resource
###author indeed has this control. This section discusses the
###implications of this rule on server design and administration.
###Basically, if you run a server with multiple non-cooperating users,
###you have to either trust those people who may author scripts (CGI
###or other kinds), or you have to restrict the CGI script mechanism
###to either reject or restrict preemptive negotiation responses made
###by scripts (including nph CGI scripts, which means that you will
###have to parse the headers they generate).

[end of text]

Received on Thursday, 1 February 1996 00:02:39 UTC