- From: Jo Rabin <jrabin@mtld.mobi>
- Date: Thu, 17 Jan 2008 16:26:54 -0000
- To: <public-bpwg-ct@w3.org>
Hi folks I have done a write through of Bryan's proposed "requirements" to fit in with the style of the rest of the document and to make it a little more discursive, as discussed on various calls. Before weaving this into the current draft in various places I thought I would put it to the group for comments and to see if there are any major objections. If not I will create a new draft tomorrow afternoon (Friday) for discussion on the call Tuesday. I have tried to cross reference the section numbers from the present draft to make sure everything is covered. I know I've missed a couple of references out accidentally and there are a couple of sections I don't think fit, exactly, and I have noted those below. I've also included Bryan's original contribution for easy reference. thanks Jo Current Draft: http://www.w3.org/2005/MWI/BPWG/Group/TaskForces/CT/editors-drafts/Guide lines/071124 ACTION-604 ACTION-615 Control of Proxy A proxy may be active or passive. When active, a proxy offers various [@@] features involving the transformation of content and manipulation of HTTP headers. When passive a proxy may alter content and headers only in the respects described in [HTTP] as if a Cache-Control: no-transform directive were present (with the exception of "Dangerous Content" below). [Note: In practice a proxy may be made passive by configuration of the network such that it is by-passed] A proxy MUST offer basic control of its features to users, clients and origin servers and MAY offer more advanced control [2.1.1 MAY-> MUST]. Basic control means transitioning between active and passive roles. When active, proxies MUST offer basic control on a per request basis and MAY allow the registration of persistent user preferences [2.1.1 MUST->MAY]. Behavior When Active A proxy SHOULD NOT alter HTTP requests unless not doing so would result in the users request being rejected by the CP [this includes 406 as well as 200 Your browser is not supported][2.1.4] A proxy should only alter the format, layout, dimensions [@@how to better express this] to match the capabilities of the client [2.1.2 "highest Quality"]. For example, when resizing images, they should only be reduced so that they are suitable for the specific client, and should not be done on a generic basis. Proxies MUST NOT alter URIs with the https scheme unless specific consent is granted by both the user and the origin server. [@@How in the case of the origin server). Interaction with the User (when Active) If the client is known not to conform to this specification CT Unaware [@@by ...] the proxy MUST offer a means of interacting with it to provide at least basic control of its services. Proxies MAY in addition offer user interaction via CTAware browsers. Proxies MUST offer, via this interaction, a means of rendering itself passive for [@@does the following make sense?] the following request [2.2.2], for the current domain and for all future requests [2.2]. The proxy MAY offer further features which SHOULD be offered on the same basis (current domain, all future requests, etc.). Proxies MAY also offer this interaction to browsers that do conform to this specification but MUST offer a means of disabling it [@@by interaction as well as via HTTP? If the latter need further cache control directive] If content has been transformed proxies MUST indicate this to the user [2.5.3] and MUST provide a means of retrieving the original content. Proxies MAY provide a cached copy of the response prior to transformation in fulfilling this requirement. [@@ should this be available by some HTTP mechanism too [2.5.4] says yes which requires further elaboration of current section 4.1] Note: Further user control of the proxy MAY also be achieved by administrative means, by providing a specific proxy configuration facility or by other means. The proxy MAY annotate hyperlinks with the https scheme noting that it is unable to offer active service on such a request. Dangerous Content [@@note that this must steer clear of recommending a deviation from the HTTP spec which I don't think is acceptable. However there are parallels with the operation of e.g. child protection mechanisms] Proxies MAY offer a feature when passive which MUST be under control of the user [2.3.1][2.5.1] to block or transform content which it has been determined would cause serious mis-operation of the client, such as causing it to crash. === 2.1.3 detection of CT-awareness [JR: not sure why is this necessary] A CT proxy shall be capable of detecting CT-awareness in CP and browsers. === 2.4 CT proxy capabilities disclosure to CP [This should be covered in section 4.2 of the earlier draft ...] A CT proxy shall disclose its CT capabilities to CT-aware CP without affecting user agent identification or capabilities disclosure. === 2.5.2 CT proxy capabilities disclosure to CT-aware browser [This should covered in section 4.5 of the earlier draft] A CT proxy shall disclose its CT capabilities to CT-aware browsers without affecting CP-provided headers. === 2.7 non-browser user agents [JR I don't think I understand how the proxy would know this - especially as non browser user agents would typically masquerade as browsers so as not to get blocked by proxies] A CT proxy should be capable of detecting non-browser user agents. A CT proxy shall be capable of bypassing CT service for detected non-browser user agents. ============= Bryan's original text CT = Content Transformation, CP = Content Provider(s) An entity that is "CT-aware" is assumed to be specifically designed to use or provide CT service per these guidelines. A "CT proxy" is assumed to be CT-aware. A "non-CT proxy" is assumed to be CT-unaware. Browsers and CP may be CT-aware or CT-unaware. 2.1 general requirements 2.1.1 preferences A CT proxy may enable a user or user agent to select preferences for CT service features. A CT proxy that offers preference selection shall be capable of retaining the selections. 2.1.2 provision of highest-quality content When selecting a content representation by default, CT proxies shall provide the highest-quality representation compatible with the browser. "Compatible" in this requirement means a representation that the browser supports, and results in a usable user experience. 2.1.3 detection of CT-awareness A CT proxy shall be capable of detecting CT-awareness in CP and browsers. 2.1.4 user agent identification and capabilities disclosure A CT proxy may enable a user to select preferences for user agent identification and capabilities disclosure to CP. A CT proxy shall forward requests to CP without affecting user agent identification or capabilities disclosure, except as necessary to provide a user-selected content representation, or as otherwise specified by user preferences. 2.1.5 original representation availability A CT proxy shall provide availability of the original representation for a CP response. A CT proxy may support local caching of CP responses in their original representation. 2.2 CT proxy serving CT-unaware CP and browser A CT proxy shall be capable of providing CT service to CT-unaware CP and browsers. 2.2.1 CT-unaware browser user selection of content representation A CT proxy may enable a CT-unaware browser user to select a preference for a content representation from among those available through the proxy. A CT proxy that offers user-selection of content representations should be capable of user selection of such preferences for specific domains and globally for all domains. A CT proxy that offers user-selection of content representations should be capable of offering the user the ability to switch representations when viewing a page. 2.2.2 CT-unaware browser user selection of original content representation A CT proxy should support the ability of a CT-unaware browser user to select the original representation for a CP response. 2.2.3 CT-unaware browser user selection of alternate content representation A CT proxy shall support the disclosure of available alternate representations for a CP response to a CT-unaware browser user. A CT proxy shall support the ability of a CT-unaware browser user to select an alternate representation for a CP response. 2.3 CT proxy serving CT-aware CP and CT-unaware browser 2.3.1 CP directives A CT proxy shall recognize and honor CP directives for supported CT services. As an exception to the previous requirement, a CT proxy should deny CP directives that would result in dangerous markup being sent to the browser. A CT proxy may enable a user to select preferences for error handing related to CP directives. 2.4 CT proxy capabilities disclosure to CP A CT proxy shall disclose its CT capabilities to CT-aware CP without affecting user agent identification or capabilities disclosure. 2.5 CT proxy serving CT-aware CP and CT-aware browser 2.5.1 browser directives A CT proxy shall recognize and honor browser directives for supported CT services. As an exception to the previous requirement, a CT proxy should deny browser directives that would result in dangerous markup being sent to the browser. 2.5.2 CT proxy capabilities disclosure to CT-aware browser A CT proxy shall disclose its CT capabilities to CT-aware browsers without affecting CP-provided headers. 2.5.3 CT actions disclosure to CT-aware browser A CT proxy shall disclose CT actions taken on CP responses to CT-aware browsers. 2.5.4 CT-aware browser selection of original content representation A CT proxy shall support the disclosure of the original representation for a CP response to a CT-aware browser. A CT proxy shall support the ability of a CT-aware browser to select the original representation for a CP response. 2.5.5 CT-aware browser selection of alternate content representation A CT proxy shall support the disclosure of available alternate representations for a CP response to a CT-aware browser. A CT proxy shall support the ability of a CT-aware browser to select an alternate representation for a CP response. 2.6 security considerations A CT proxy shall not rewrite secure links as a way to enable CT service for those links, without the consent of the CP and user. A CT proxy that does not support or is not allowed to provide CT service for secure links should disclose to the user that the CT service will be unavailable for those links. 2.7 non-browser user agents A CT proxy should be capable of detecting non-browser user agents. A CT proxy shall be capable of bypassing CT service for detected non-browser user agents.
Received on Thursday, 17 January 2008 16:27:09 UTC