Fwd: I-D Action:draft-pettersen-cache-context-04.txt

My suggestion for grouping HTTP resources together in a context whose  
cache validity can be controlled by the server has been refreshed,

------- Forwarded message -------
From: Internet-Drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action:draft-pettersen-cache-context-04.txt
Date: Sun, 05 Jul 2009 21:30:02 +0200

A New Internet-Draft is available from the on-line Internet-Drafts  

	Title           : A context mechanism for controlling caching of HTTP  
	Author(s)       : Y. Pettersen
	Filename        : draft-pettersen-cache-context-04.txt
	Pages           : 17
	Date            : 2009-07-05

A common problem for sensitive web services is informing the client,
in a reliable fashion, when a password protected resource is no
longer valid because the user is logged out of the service.  This is,
in particular, considered a potential security problem by some
sensitive services, such as online banking, when the user navigates
the client's history list, which is supposed to display the resource
as it was when it was loaded, not as it is at some later point in

This document presents a method for collecting such sensitive
resources into a group, called a "Cache Context", which permits the
server to invalidate all the resources belonging in the group either
by direct action, or according to some expiration policy.  The
context can be configured to invalidate not just the resources, but
also specific cookies, HTTP authentication credentials and HTTP over
TLS session information.

A URL for this Internet-Draft is:

Internet-Drafts are also available by anonymous FTP at:

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the

Yngve N. Pettersen
Senior Developer                     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01

Received on Sunday, 5 July 2009 19:41:02 UTC