Re: HTTP Caching Design from Roy T. Fielding on 1996-01-10 (http-caching-historical@w3.org from January 1996)

From: Roy T. Fielding <fielding@avron.ICS.UCI.EDU>
Date: Wed, 10 Jan 1996 06:49:12 -0800
To: http-caching@pa.dec.com
Message-Id: <9601100649.aa09937@paris.ics.uci.edu>
Koen mentioned:

> ...  I would like to propose a rule in 1.1 that a
> response without a valid Expires/Fresh-until/Cache-control/whatever
> header may not be served unvalidated from a cache if more than 7 days
> have past since the previous validation.

I have no problem with including a set of heuristics in the spec for
normal cache behavior, with some maximum criteria as well.  However,
it should also take into consideration things like user-defined requirements
for cached responses (such as the "never check" mode of Netscape).
Jeff's draft fails to consider these because the definition of
"valid" does not consider what the user and provider want the cache to do.

> - (2.11) If the warnings are in a response header, they should not use
>   numbers from the Status-Codes space.

Agreed -- it would lead to confusion over whether the warning should be
in a header or as a separate message.

> ...
>   draft caching features. (Some examples of unplugged holes:
>   description assumes global clock,

Because lack of a global clock has no significant effect on the algorithm.
What the description lacks is the explanation of why that is true and
the set of requirements to make it obvious what the correct behavior
would be.  What is missing from the spec is:

    Date is required on all HTTP/1.1 responses, and represents the time
    at which the origin server generated the message (or the last refresh
    of that message as received from the origin server in a 304 response).

    Max-age is measured relative to Date *and* the cache's internal
    clock at time of message receipt -- the cache should use whichever
    time is least.

    For the purpose of freshness, Expires is just max-age = (Expires - Date)
    if no max-age is given.

Let's consider the options:

 a) OS-clock = Cache-clock
      ---> no problem

 b) OS-clock > Cache-clock
      ---> OS-clock + max-age > Cache-clock + max-age
      ---> cache will consider it stale max-age seconds after receipt

 c) OS-clock < Cache-clock
      ---> OS-clock + max-age < Cache-clock + max-age
      ---> cache will consider it stale (max-age - (Cache-clock - OS-clock))
           seconds after receipt

Although (b) allows for the possibility that a more-than-two cascaded cache 
would introduce some additional time gap, I don't think that this can be
avoided using any scheme.  Similarly, (c) will cause poorly clocked systems to
prematurely age a response, but that is a fail-safe condition and can't
be avoided.  Finally, since all but the User-Agent should never have a
clock skewed more than 10 seconds while connected to the Internet, the
possibility of cache-skew problems is limited.

>   cascaded proxy caches and max-age,

Not a problem, for the same reason.  Date is never changed by proxies.

>   failure to be more explicit about (the allowedness of) caching
>   heuristics when cache-related response headers are absent.)

Hmmm, yes, that is the result of never writing the section on Caching.

>>  I have also
>>yet to see an example of cache usage/requirements that has not already
>>been met by the HTTP/1.1 design.
> 
> I have an example. Currently, if servers use authentication, responses
> can never be cached.  See Section 10.6 in the 1.1 draft:
> 
>  # Responses to requests containing an Authorization field are not 
>  # cachable. 
> 
> There exists a great number of servers that use authentication just to
> recognize different users, not to protect content from being accessed
> by everybody.  www.wired.com and www.dds.nl are two examples I know
> of.  Almost all of the responses from these servers are not secret,
> and highly cachable.  Yet, there is no easy way for these servers to
> get the cachable responses cached.  I believe that wired.com uses a
> second server for the inline pictures, just to get around the
> restriction in Section 10.6.

Yes, that is a conflict with the HTTP/1.1 draft 00 (there are probably
others, since it was not finished in any sense).  I have no problem with
changing the above restriction appropriately -- same goes for the default
requirement not to cache other methods.

> I therefore propose (again, I also did this somewhere in the summer) a
> 
>  Cache-control: public
> 
> response header that could be used to override the restriction in
> Section 10.6.

Why not just use the existing options:

   Cache-control: cachable
or
   Cache-control: private

Hmmm, come to think of it, "public" would be better than "cachable"
in any case.

......Roy
Received on Wednesday, 10 January 1996 15:17:34 UTC