W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2010

New version of Cache Context draft

From: Yngve N. Pettersen (Developer Opera Software ASA) <yngve@opera.com>
Date: Sun, 07 Mar 2010 19:54:22 +0100
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <op.u87n4wbeqrq7tp@acorna>
Hello all,

I have refreshed draft-pettersen-cache-context.


A new version of I-D, draft-pettersen-cache-context-05.txt has been  
successfuly submitted by Yngve Pettersen and posted to the IETF repository.

Filename:	 draft-pettersen-cache-context
Revision:	 05
Title:		 A context mechanism for controlling caching of HTTP responses
Creation_date:	 2010-03-07
WG ID:		 Independent Submission
Number_of_pages: 17

A common problem for sensitive web services is informing the client,
in a reliable fashion, when a password protected resource is no
longer valid because the user is logged out of the service.  This is,
in particular, considered a potential security problem by some
sensitive services, such as online banking, when the user navigates
the client's history list, which is supposed to display the resource
as it was when it was loaded, not as it is at some later point in

This document presents a method for collecting such sensitive
resources into a group, called a "Cache Context", which permits the
server to invalidate all the resources belonging in the group either
by direct action, or according to some expiration policy.  The
context can be configured to invalidate not just the resources, but
also specific cookies, HTTP authentication credentials and HTTP over
TLS session information.

Yngve N. Pettersen

Senior Developer                     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
Received on Sunday, 7 March 2010 18:55:02 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:21 UTC