caching authenticated elements

From the minutes:

> MYSTERY ITEM: My notes say "Larry will write up Authenticate + Vary"
> but I have no idea what I meant by that.  Larry?

Writeup:

One might consider the authenticator merely to be another item on
which response varies; that is, 'wrong authentication' =
authentication error and 'right authentication' = value as appropriate
to that authenticator. It is up to the origin server to decide whether
it cares whether proxies cache results. While the default is that the
result varies on the authenticator and that responses cannot be
cached, origin servers might override that default by supplying a
response that has an Expires and a vary clause that denotes either
that "this response does not vary on authenticator" (e.g., you may
serve it to anyone who comes along, authenticated or no) or "this
response does vary on authenticator" (e.g., you may serve this to any
client that supplies the same credentials.)
    
This all only makes sense for basic authentication or for clients that
use digest authentication.

================================================================
Jeff:

> I'm not sure that the current Vary: proposal allows you to say
> "this response does NOT depend on the Authentication: request header."
> Can you check that?

I'm not sure where 'the current vary:' proposal is at this point. I
guess it's in the mail archive. My guess is that it doesn't, but it
should.

Received on Saturday, 10 February 1996 09:06:49 UTC