- From: Adrien de Croy <adrien@qbik.com>
- Date: Wed, 09 Jun 2010 12:55:00 +1200
- To: Mark Nottingham <mnot@mnot.net>
- CC: HTTP Working Group <ietf-http-wg@w3.org>, Roy Fielding <fielding@gbiv.com>
I think there's a slight difference between the 2 cases 1. Authenticated response containing Cache-control: public 2. Response (authenticated or not) containing Cache-control: private, public In the first case it's obvious the server wants to make the response cachable in spite of the fact that it's the result of an authenticated request. In the second case, it's not at all obvious what the server wants, and an optimist might choose public, and a conservative might choose private. In most if not all computer languages, there is a concept of defined operator precedence. Maybe such a concept would be useful here, e.g. define which tokens have precedence over others. I'd expect however in that case that for security reasons private would take priority over public, which then leads us to problems treating authenticated responses as if they included the public directive. So in short, I think it needs to be treated as a special case. Regards Adrien On 9/06/2010 12:37 p.m., Mark Nottingham wrote: > Actually, that's not a good proposal, because it doesn't cover the 'defaulting' concept Roy has been talking about. > > Roy, can you propose some text, if you want to pursue this? I feel like we're approaching diminishing returns here... > > > On 08/06/2010, at 3:36 PM, David Morris wrote: > > >> Use the 2nd form and save the extra words to make sure "Cache-Control: >> private" is clear if it isn't already. >> >> On Tue, 8 Jun 2010, Mark Nottingham wrote: >> >> >>> Well, most of the proposal is defining what 'explicitly given otherwise' means (and noting the consequences)... >>> >>> Which is more clear? >>> >>> >>>> Shared caches MUST NOT use a cached response to a request with an Authorization [ref] header to satisfy any subsequent request unless a cache directive that allows such responses to be stored is present in the response. >>>> >>> or >>> >>> """ >>> Requests with Authoration [ref] headers MUST have the same effect as Cache-Control: private [ref] on the response. >>> """ >>> >> > > -- > Mark Nottingham http://www.mnot.net/ > > >
Received on Wednesday, 9 June 2010 00:55:37 UTC