- From: Jo Rabin <jrabin@mtld.mobi>
- Date: Wed, 23 Jan 2008 16:00:19 -0000
- To: <public-bpwg-ct@w3.org>
Oops, sorry about spam, this is an update of the ACTION number plus I should have spelled out that I have comments in line with Bryan's original. Jo > > -----Original Message----- > > From: public-bpwg-ct-request@w3.org > [mailto:public-bpwg-ct-request@w3.org] > > On Behalf Of Sullivan, Bryan > > Sent: 22 January 2008 19:06 > > To: public-bpwg-ct@w3.org > > Subject: RE: ACTION-604 ACTION-615 Proposed Treatment of Bryan's > > Contribution in Preparation for a New Draft CT > > > > > > Jo, > > Comments to > > > http://www.w3.org/2005/MWI/BPWG/Group/TaskForces/CT/editors-drafts/Guide > > lines/071124. Some of the items from my earlier contribution don't > > appear to be covered but I will circle back as needed in the next > draft. > > > > Re 2.1 Requirements "I'm not actually sure how useful this is any > more, > > I think it may have served its purpose in stimulating debate and > > thought": I think the section is useful. It helps set the context for > > the reader. > > OK I will flesh this out as discussed on the call. > > > > Re 2.4 Proxy States "This must steer clear of recommending a deviation > > from the HTTP spec which I don't think is acceptable. However there > are > > parallels with the operation of e.g. child protection mechanisms?": I > > think we are OK referring to any case in which a proxy modifies > content, > > causing that proxy to be considered non-transparent for that > particular > > request. We might mention that there may be cases where the reason for > > transformation overrides the objectives in this document (e.g. > > compliance to no-transform directives), and that even in those cases > the > > other requirements in this document should apply (e.g. disclosing that > > the content had been transformed). > > I think the problem is that it is not OK to condone the idea that a > no-transform directive may be ignored, a) because that would be a > deviation from the spec and b) it would mean that a content provider had > no means of sending the content in exactly the form they intended, > whether the proxy understands that intention or not. There are plenty of > good reasons why a CP might want to do that. > > On the other side I can see that it seems like a good idea to stop users > having unexpected experiences when the CP did not do it intentionally. > > Reconciling those perspectives is one of the reasons why we need to > enrich the no-transform vocabulary. > > > > > 3.1 Client Origination of Request > > Re "The client may request that the Content-Type and Content-Encoding > > must not be altered in the response by setting the Cache-Control: > > no-transform directive.": maybe reword as "The client may set the > > Cache-Control: no-transform directive to request that the Content-Type > > and Content-Encoding must not be altered in the response." > > > > Re the "The client may add an..." statements: We should mention which > of > > these are new parameters (defined here). > > Yes, as things stand that is clear because the old ones are named and > the new ones are all referred to as the @@xxx directive. I think there > is a case for discussing the limits of what can be achieved using just > no-transform and Vary and to make that a separate section. > > > > > Re "[It would be nice if the client were able to indicate what type of > > presentational capabilities it has, for example, zoom, linearize, > > keyhole ... @@@ client-feature indication]": these should supported > via > > a DDR ala the DDWG is working on. > > Um yes, I suppose. I think I was more getting at the user agent being > able to express presentational preferences in a dynamic way, but I agree > that is not the way it reads now. > > > > > Re "[It would also be useful if the client were able to turn off the > > User Interaction features of the proxy via HTTP]": do you mean via an > > HTTP header, or via a web-based CT user control interface, or both? > > I meant by HTTP header. It's discussed later that it must be available > as a user interaction. That could do with clarification. > > It > > begins to get complicated if we start talking about stateful > > requirements on turning features on and off, so I recommend we start > at > > least with a stateless assumption, i.e. the directives relate to the > > current request only. See comments to 3.2.3 below; I have atttempted > to > > address this but you can see it will get complex. > > > > I think that we need to be able to tell the proxy to act transparently > "while on this site" whatever this means. I don't think this is > especially stateful, or at least no more so than the default > presentation of credentials following a 401 response from a site. > > > As I provided in my contribution, do we want to address "A CT proxy > MAY > > enable a user to select preferences for user agent identification and > > capabilities disclosure to CP.", or is that going to far functionally? > > I would prefer to leave that buried in the generic statement that > proxies may off more features than are discussed in the document and may > offer control over them via user interactions. I think if we start > naming additional optional features we could get buried in a morass of > HTTP signalling to control them. > > > > 3.2 Proxy Receipt, Forwarding or response to a Request > > Re "Irrespective of the presence of the no-transform directive, the > > proxy must behave transparently (q.v.) if it detects that the user > agent > > is not a browser [@@open question as to how it does that].": I > recommend > > we say "CT proxies MUST be capable of recognizing browsers and > > non-browsers via the User-Agent header.". We could leave other methods > > unspecified. > > I think there is a problem with this as there is nothing in the user > agent header that specifically identifies the user agent as a browser, > is there? So the best we could do would be to say that the proxy SHOULD > make "reasonable efforts" to determine whether a user agent is a > browser, using heuristics applied to an a priori knowledge base (or > perhaps we should just recommend they use dotMobi's DeviceAtlas product > :-) ) > > > > > Re "Proxies must not intervene in HTTPS requests and should not > > intervene in methods other than GET and HEAD." We should explain why. > > I'm not sure of the reason for restricting POST. > > > Heiko mentioned this too. Clearly the proxy shouldn't interfere with any > POST body, but that is probably it ... we should probably mention PUT > and all the other methods too for that matter, at least to say that they > are out of scope. > > > > 3.2.3 Proxy Interaction with the User when Active > > > > Re "If neither a no-transform nor a [@@ct-aware] directive is present > in > > a request from the client, the proxy must offer a means of interacting > > with it to provide at least basic control (the ability to transition > the > > proxy to passive role) of its services. Proxies may in addition offer > > user interaction when those directives are present - i.e. interaction > > with the user is not prohibited if the client is aware of the > > conventions of this document, unless the client has requested > disabling > > them.": I suggest to reword this, as it currently states a general > > capability requirement in the context of a particular event. The > general > > capability requirement needs to be stated first, followed by the > > requirements in the specific case. Here is the way I would write the > > requirements in this section: > > > > "CT proxies MUST offer a means of user control for CT services for > users > > of non-CT aware browsers, via a web-based user preferences interface > or > > through preselection via the CP proxy operator (e.g. by proxy > > administration)." > > > > "CT proxies MUST offer a means of user control for CT service related > to > > the current request". > > > > "CT proxies MAY offer a means of user control for CT service via > > persistent CT service preferences, which upon selection, apply to all > > requests, unless overridden by client request." > > > > "CT proxies MAY offer a means to scope user control preferences for CT > > service to specific domains or other criteria, e.g. for specific > content > > types." > > > > "If neither a no-transform nor a [@@ct-aware] directive is present in > a > > request from the client, and no persistent preference for CT services > is > > defined, CT proxies MUST provide a web-based means of user control for > > CT service related to the current request." > > > > (remaining requirements can stay as-is, unless they need to be > modified > > to be consistent with the above) > > I am trying to avoid using the terminology CT aware etc which I think > leads us down a path of discussion about how aware you have to be to be > considered aware. From a specification point of view, we have already > stated the reason for requiring user interaction in the previous main > section and so in this section I want to concentrate on the events that > trigger behaviour of certain kinds, and that is the reason for writing > it this way round. > > So I know that it says "when x happens, do [that voodoo that you do so > well]" but that seems fine to me. > > > > > > 3.3 Server Response to Proxy > > Re "Servers should distinguish URIs that are intended for access only > by > > HTTPS from those that are intended for insecure access in order to be > > able to detect and reject requests that should have been submitted by > > HTTPS but have been re-written in contravention of its directives.": > > Note in most cases the proxy will never see the URI anyway as most > > clients (especially mobile ones) should be using HTTP CONNECT (if they > > are aware that they are using a proxy, otherwise the SSL connection is > > direct and the proxy doesn't apply anyway). > Agreed that proxy will never see the request in the first place (or > rather will have no choice but to act transparently at the TCP level) - > but this is here specifically to catch the case where a proxy has > converted https://example.mobi/aservice to http://example.mobi/aservice > the server should just take into account that it may not want to serve > the content in an insecure way. A stupid point in many ways, but > possibly worth making. > > > > > Re "If the response contains URIs with the scheme https and the server > > is content to allow the scheme to be re-written as the http scheme > then > > it must indicate this using the [@@allow-https-rewrite] directive, > > otherwise rewriting is inhibited.": I don't think its necessary or > good > > to open this box, as there are serious security implications. The only > > valid reason I see for rewriting HTTPS URIs is so that the resource > can > > appear to be hosted on the CT proxy itself. Even so it should still be > > rewritten as a secure URI. Thus the CT proxy recreates the WAP gap in > > the interest of transforming content sent over two secure connections > in > > which it provides the bridge. At least there, the actual request > > transmission is secure over each hop. > > OK I thought I was reflecting what you had written earlier. As you say > it should at least be rewritten as must rewrite as an https, and > probably also only with the permission of the CP and the user. > > > > > Re "Note that including a no-transform directive may [@@should > actually] > > disrupt the behavior of WAP/WML proxies, because this inhibits such > > proxies from converting WML to WMLC (because this is a > content-encoding > > behavior). Adding [@@allow-recoding] or [@@allow-compression] is > > unlikely to be recognized in the short-term by such proxies which > > predate these guidelines." Note by the time this gets implemented > there > > are likely to be *very few* WAP1 devices still out there, and you can > > count on two things as a result: > > 1) Most devices support text WML directly, and compression occurs > > through GZIP (we are already nearing 95% WAP2 on our network, and this > > is the case across the board for WAP2 devices). > > 2) The vendors and operators of WAP1 proxies will be loathe to make > > *any* changes to these products at this time, as there is little value > > and a lot of risk (to the stability of the WAP1 gateway functions > > overall, since most bugs are unintended side-effects). Also, because > any > > CT proxy other than a WAP gateway would be on the CP side of the > > gateway, its non-conversion of WML would be irrelevant as the WAP1 > > gateway would still do it. > > We are seeing problems of this kind in the field actually - seems that > there are a number of WAP gateways that act on this directive, as they > should according to the spec - with the result that the users browser > becomes very confused. [Ironic perhaps that proxies the directive is > aimed at ignore it and the ones it is not aimed at don't ignore it] > > > > > Re "The server should not choose a Content-Type for its response based > > on its assumptions about the heuristic behavior of any intermediaries. > > (e.g. it should not choose content-type: application/vnd.wap.xhtml+xml > > solely on the basis that it suspects that transforming proxies will > > apply heuristics that make them not restructure it).": Maybe rephrase > > this, exactly what it means is unclear to me. > > Hmmm, yup, it's not clear is it. I am trying to say that we having the > proxy second guessing the server and the server second guessing the > proxy is a situation we'd like to avoid. So if the server wants to > control the proxy it should do so by the means indicated in this rec - > and not try to guess the heuristics any proxy might be employing. I am > prepared to believe that this is not correct and that we should > encourage the server to serve with distinctively mobile content-type and > with the various uses of <link> in order to work around non CT protocol > aware CT proxies (like all the ones out there today) > > > > > Re "406 Response - Note that some clients (MSIE for instance) don't > > display the body of a 406 response, this is in contravention of > HTTP/1.1 > > as far as I can see.": Also, most mobile browsers don't actually > display > > the body of error responses either. This has been a problem since day > > one; it has been impossible to create a consistent user experience for > > error handling, even when we sent so far as to customize the response > > body for compatibility with the clients (which was the main reason > that > > most ignored it from the beginning). > > Well that should not stop us recommending that the response is > constructed sensibly and maybe life will improve one day :-( > > > > > Can you tell me how you address in this section, the statement I had > in > > my contribution: "A CT proxy SHALL be capable of detecting > CT-awareness > > in CP and browsers." Maybe we can add "A CT-aware server MUST indicate > > that it understands the conventions of this document by including a > > [@@ct-proxy-aware directive] in responses." > > I don't see where the proxy's behaviour would change as a result of > knowing this - or another way of looking at it is to say that the > server's use of no-transform and vary indicate that it is ct aware, > though not that it know about or uses any other aspect of the spec. > > On the user agent side, I suggest a @@ct-aware directive which means "I > didn't say no to transformation of any kind", not sure this is actually > necessary though one part of the description of the proxy's behaviour > refers to it. > > > > > Best regards, > > Bryan > > -----Original Message----- > > From: public-bpwg-ct-request@w3.org > > [mailto:public-bpwg-ct-request@w3.org] On Behalf Of Jo Rabin > > Sent: Thursday, January 17, 2008 8:27 AM > > To: public-bpwg-ct@w3.org > > Subject: ACTION-604 ACTION-615 Proposed Treatment of Bryan's > > Contribution in Preparation for a New Draft CT > > > > > > Hi folks > > > > I have done a write through of Bryan's proposed "requirements" to fit > in > > with the style of the rest of the document and to make it a little > more > > discursive, as discussed on various calls. Before weaving this into > the > > current draft in various places I thought I would put it to the group > > for comments and to see if there are any major objections. If not I > will > > create a new draft tomorrow afternoon (Friday) for discussion on the > > call Tuesday. > > > > I have tried to cross reference the section numbers from the present > > draft to make sure everything is covered. I know I've missed a couple > of > > references out accidentally and there are a couple of sections I don't > > think fit, exactly, and I have noted those below. I've also included > > Bryan's original contribution for easy reference. > > > > thanks > > Jo > > > > Current Draft: > > > http://www.w3.org/2005/MWI/BPWG/Group/TaskForces/CT/editors-drafts/Guide > > lines/071124 > > > > ACTION-604 ACTION-615 > > > > Control of Proxy > > > > A proxy may be active or passive. When active, a proxy offers various > > [@@] features involving the transformation of content and manipulation > > of HTTP headers. When passive a proxy may alter content and headers > only > > in the respects described in [HTTP] as if a Cache-Control: > no-transform > > directive were present (with the exception of "Dangerous Content" > > below). > > > > [Note: In practice a proxy may be made passive by configuration of the > > network such that it is by-passed] > > > > A proxy MUST offer basic control of its features to users, clients and > > origin servers and MAY offer more advanced control [2.1.1 MAY-> MUST]. > > Basic control means transitioning between active and passive roles. > > > > When active, proxies MUST offer basic control on a per request basis > and > > MAY allow the registration of persistent user preferences [2.1.1 > > MUST->MAY]. > > > > Behavior When Active > > > > A proxy SHOULD NOT alter HTTP requests unless not doing so would > result > > in the users request being rejected by the CP [this includes 406 as > well > > as 200 Your browser is not supported][2.1.4] > > > > A proxy should only alter the format, layout, dimensions [@@how to > > better express this] to match the capabilities of the client [2.1.2 > > "highest Quality"]. For example, when resizing images, they should > only > > be reduced so that they are suitable for the specific client, and > should > > not be done on a generic basis. > > > > Proxies MUST NOT alter URIs with the https scheme unless specific > > consent is granted by both the user and the origin server. [@@How in > the > > case of the origin server). > > > > > > Interaction with the User (when Active) > > > > If the client is known not to conform to this specification CT Unaware > > [@@by ...] the proxy MUST offer a means of interacting with it to > > provide at least basic control of its services. Proxies MAY in > addition > > offer user interaction via CTAware browsers. > > > > Proxies MUST offer, via this interaction, a means of rendering itself > > passive for [@@does the following make sense?] the following request > > [2.2.2], for the current domain and for all future requests [2.2]. The > > proxy MAY offer further features which SHOULD be offered on the same > > basis (current domain, all future requests, etc.). Proxies MAY also > > offer this interaction to browsers that do conform to this > specification > > but MUST offer a means of disabling it [@@by interaction as well as > via > > HTTP? If the latter need further cache control directive] > > > > If content has been transformed proxies MUST indicate this to the user > > [2.5.3] and MUST provide a means of retrieving the original content. > > Proxies MAY provide a cached copy of the response prior to > > transformation in fulfilling this requirement. [@@ should this be > > available by some HTTP mechanism too [2.5.4] says yes which requires > > further elaboration of current section 4.1] > > > > Note: Further user control of the proxy MAY also be achieved by > > administrative means, by providing a specific proxy configuration > > facility or by other means. > > > > The proxy MAY annotate hyperlinks with the https scheme noting that it > > is unable to offer active service on such a request. > > > > Dangerous Content > > > > [@@note that this must steer clear of recommending a deviation from > the > > HTTP spec which I don't think is acceptable. However there are > parallels > > with the operation of e.g. child protection mechanisms] > > > > Proxies MAY offer a feature when passive which MUST be under control > of > > the user [2.3.1][2.5.1] to block or transform content which it has > been > > determined would cause serious mis-operation of the client, such as > > causing it to crash. > > > > === > > > > 2.1.3 detection of CT-awareness > > [JR: not sure why is this necessary] > > > > A CT proxy shall be capable of detecting CT-awareness in CP and > > browsers. > > > > === > > > > > > 2.4 CT proxy capabilities disclosure to CP [This should be covered in > > section 4.2 of the earlier draft ...] > > > > A CT proxy shall disclose its CT capabilities to CT-aware CP without > > affecting user agent identification or capabilities disclosure. > > > > === > > > > 2.5.2 CT proxy capabilities disclosure to CT-aware browser [This > should > > covered in section 4.5 of the earlier draft] > > > > A CT proxy shall disclose its CT capabilities to CT-aware browsers > > without affecting CP-provided headers. > > > > > > === > > > > 2.7 non-browser user agents > > > > [JR I don't think I understand how the proxy would know this - > > especially as non browser user agents would typically masquerade as > > browsers so as not to get blocked by proxies] > > > > A CT proxy should be capable of detecting non-browser user agents. > > > > A CT proxy shall be capable of bypassing CT service for detected > > non-browser user agents. > > > > ============= > > > > Bryan's original text > > > > CT = Content Transformation, CP = Content Provider(s) > > > > An entity that is "CT-aware" is assumed to be specifically designed to > > use or provide CT service per these guidelines. A "CT proxy" is > assumed > > to be CT-aware. A "non-CT proxy" is assumed to be CT-unaware. Browsers > > and CP may be CT-aware or CT-unaware. > > 2.1 general requirements > > 2.1.1 preferences > > > > A CT proxy may enable a user or user agent to select preferences for > CT > > service features. > > > > A CT proxy that offers preference selection shall be capable of > > retaining the selections. > > 2.1.2 provision of highest-quality content > > > > When selecting a content representation by default, CT proxies shall > > provide the highest-quality representation compatible with the > browser. > > > > "Compatible" in this requirement means a representation that the > browser > > supports, and results in a usable user experience. > > 2.1.3 detection of CT-awareness > > > > A CT proxy shall be capable of detecting CT-awareness in CP and > > browsers. > > 2.1.4 user agent identification and capabilities disclosure > > > > A CT proxy may enable a user to select preferences for user agent > > identification and capabilities disclosure to CP. > > > > A CT proxy shall forward requests to CP without affecting user agent > > identification or capabilities disclosure, except as necessary to > > provide a user-selected content representation, or as otherwise > > specified by user preferences. > > 2.1.5 original representation availability > > > > A CT proxy shall provide availability of the original representation > for > > a CP response. > > > > A CT proxy may support local caching of CP responses in their original > > representation. > > 2.2 CT proxy serving CT-unaware CP and browser > > > > A CT proxy shall be capable of providing CT service to CT-unaware CP > and > > browsers. > > 2.2.1 CT-unaware browser user selection of content representation > > > > A CT proxy may enable a CT-unaware browser user to select a preference > > for a content representation from among those available through the > > proxy. > > > > A CT proxy that offers user-selection of content representations > should > > be capable of user selection of such preferences for specific domains > > and globally for all domains. > > > > A CT proxy that offers user-selection of content representations > should > > be capable of offering the user the ability to switch representations > > when viewing a page. > > 2.2.2 CT-unaware browser user selection of original content > > representation > > > > A CT proxy should support the ability of a CT-unaware browser user to > > select the original representation for a CP response. > > 2.2.3 CT-unaware browser user selection of alternate content > > representation > > > > A CT proxy shall support the disclosure of available alternate > > representations for a CP response to a CT-unaware browser user. > > > > A CT proxy shall support the ability of a CT-unaware browser user to > > select an alternate representation for a CP response. > > 2.3 CT proxy serving CT-aware CP and CT-unaware browser > > 2.3.1 CP directives > > > > A CT proxy shall recognize and honor CP directives for supported CT > > services. > > > > As an exception to the previous requirement, a CT proxy should deny CP > > directives that would result in dangerous markup being sent to the > > browser. > > > > A CT proxy may enable a user to select preferences for error handing > > related to CP directives. > > 2.4 CT proxy capabilities disclosure to CP > > > > A CT proxy shall disclose its CT capabilities to CT-aware CP without > > affecting user agent identification or capabilities disclosure. > > 2.5 CT proxy serving CT-aware CP and CT-aware browser > > 2.5.1 browser directives > > > > A CT proxy shall recognize and honor browser directives for supported > CT > > services. > > > > As an exception to the previous requirement, a CT proxy should deny > > browser directives that would result in dangerous markup being sent to > > the browser. > > 2.5.2 CT proxy capabilities disclosure to CT-aware browser > > > > A CT proxy shall disclose its CT capabilities to CT-aware browsers > > without affecting CP-provided headers. > > 2.5.3 CT actions disclosure to CT-aware browser > > > > A CT proxy shall disclose CT actions taken on CP responses to CT-aware > > browsers. > > 2.5.4 CT-aware browser selection of original content representation > > > > A CT proxy shall support the disclosure of the original representation > > for a CP response to a CT-aware browser. > > > > A CT proxy shall support the ability of a CT-aware browser to select > the > > original representation for a CP response. > > 2.5.5 CT-aware browser selection of alternate content representation > > > > A CT proxy shall support the disclosure of available alternate > > representations for a CP response to a CT-aware browser. > > > > A CT proxy shall support the ability of a CT-aware browser to select > an > > alternate representation for a CP response. > > 2.6 security considerations > > > > A CT proxy shall not rewrite secure links as a way to enable CT > service > > for those links, without the consent of the CP and user. > > > > A CT proxy that does not support or is not allowed to provide CT > service > > for secure links should disclose to the user that the CT service will > be > > unavailable for those links. > > 2.7 non-browser user agents > > > > A CT proxy should be capable of detecting non-browser user agents. > > > > A CT proxy shall be capable of bypassing CT service for detected > > non-browser user agents. > > > > >
Received on Wednesday, 23 January 2008 16:01:34 UTC