- From: Larry Masinter <masinter@parc.xerox.com>
- Date: Sat, 10 Feb 1996 00:50:26 PST
- To: http-caching@pa.dec.com
From the minutes: > MYSTERY ITEM: My notes say "Larry will write up Authenticate + Vary" > but I have no idea what I meant by that. Larry? Writeup: One might consider the authenticator merely to be another item on which response varies; that is, 'wrong authentication' = authentication error and 'right authentication' = value as appropriate to that authenticator. It is up to the origin server to decide whether it cares whether proxies cache results. While the default is that the result varies on the authenticator and that responses cannot be cached, origin servers might override that default by supplying a response that has an Expires and a vary clause that denotes either that "this response does not vary on authenticator" (e.g., you may serve it to anyone who comes along, authenticated or no) or "this response does vary on authenticator" (e.g., you may serve this to any client that supplies the same credentials.) This all only makes sense for basic authentication or for clients that use digest authentication. ================================================================ Jeff: > I'm not sure that the current Vary: proposal allows you to say > "this response does NOT depend on the Authentication: request header." > Can you check that? I'm not sure where 'the current vary:' proposal is at this point. I guess it's in the mail archive. My guess is that it doesn't, but it should.
Received on Saturday, 10 February 1996 09:06:49 UTC