- From: Yngve N. Pettersen (Developer Opera Software ASA) <yngve@opera.com>
- Date: Sun, 07 Mar 2010 19:54:22 +0100
- To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Hello all, I have refreshed draft-pettersen-cache-context. http://www.ietf.org/id/draft-pettersen-cache-context-05.txt A new version of I-D, draft-pettersen-cache-context-05.txt has been successfuly submitted by Yngve Pettersen and posted to the IETF repository. Filename: draft-pettersen-cache-context Revision: 05 Title: A context mechanism for controlling caching of HTTP responses Creation_date: 2010-03-07 WG ID: Independent Submission Number_of_pages: 17 Abstract: A common problem for sensitive web services is informing the client, in a reliable fashion, when a password protected resource is no longer valid because the user is logged out of the service. This is, in particular, considered a potential security problem by some sensitive services, such as online banking, when the user navigates the client's history list, which is supposed to display the resource as it was when it was loaded, not as it is at some later point in time. This document presents a method for collecting such sensitive resources into a group, called a "Cache Context", which permits the server to invalidate all the resources belonging in the group either by direct action, or according to some expiration policy. The context can be configured to invalidate not just the resources, but also specific cookies, HTTP authentication credentials and HTTP over TLS session information. -- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: yngve@opera.com Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ********************************************************************
Received on Sunday, 7 March 2010 18:55:02 UTC