Fwd: I-D ACTION:draft-pettersen-cache-context-00.txt from Yngve N. Pettersen (Developer Opera Software ASA) on 2007-02-28 (ietf-http-wg@w3.org from January to March 2007)

From: Yngve N. Pettersen (Developer Opera Software ASA) <yngve@opera.com>
Date: Wed, 28 Feb 2007 22:48:04 +0100
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <op.tohaueidqrq7tp@nimisha.oslo.opera.com>

Hello all,

I've submitted a draft proposing a way for web servers to indicate to the  
client that certain URLs belong together and that they become invalid and  
should not be presented to the user without validation either at some  
specific time indicated by the server or when the server explicitly tells  
the client to discard those resources, for example when the user logs out  
of a netbank.

Beside the referenced Internet draft, available through the URL below,  
I've posted a short article about the background at my home page <URL:  
http://my.opera.com/yngve/blog/2007/02/27/introducing-cache-contexts-or-why-the  
>.


------- Forwarded message -------
From: Internet-Drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D ACTION:draft-pettersen-cache-context-00.txt
Date: Wed, 28 Feb 2007 21:50:02 +0100

A New Internet-Draft is available from the on-line Internet-Drafts
directories.


	Title		: A context mechanism for controlling caching of HTTP responses
	Author(s)	: Y. Pettersen
	Filename	: draft-pettersen-cache-context-00.txt
	Pages		: 17
	Date		: 2007-2-28
	
    A common problem for sensitive web services is informing the client,
    in a reliable fashion, when a password protected resource is no
    longer valid because the user is logged out of the service.  This is,
    in particular, considered a potential security problem by some
    sensitive services, such as online banking, when the user navigates
    the client's history list, which is supposed to display the resource
    as it was when it was loaded, not as it is at some later point in
    time.

    This document presents a method for collecting such sensitive
    resources into a group, a Cache Context, which permits the server to
    invalidate all the resources belonging in the group either by direct
    action, or according to some expiration policy.  The context can be
    configured to invalidate not just the resources, but also specific
    cookies, HTTP authentication credentials and HTTP over TLS session
    information.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-pettersen-cache-context-00.txt

-- 
Sincerely,
Yngve N. Pettersen
 
********************************************************************
Senior Developer                     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************

Received on Wednesday, 28 February 2007 21:48:32 UTC