Content Transformation Guidelines 1r

Hello folks, a new draft available, taking into account everything up to 
the F2F.

You'll find it at

Diff to previous versions linked from the doc itself.


Known Dangling ends:

a) Need to clarify that CT Dangling Ends

have all been dealt with.

b) Jo's ACTION-934 Try to draft another doc to the TAG about D.1.3.2

c) Discuss Francois's ACTION-925 on testability of link rewriting

d) Discuss Eduardos's ACTION-929

e) Any resolutions after the F2F have not been dealt with yet.


1) Abstract - from Matt Womer

inter-work? And it needs rewording to reflect bumping CP stuff into an

Rewritten omitting the reference to interworking

However, note that Eduardo's ACTION-929 has not been discussed yet.

2) A few typos, from Francois

3) ACTION-930 was a response to a crie-de-coeur from Rotan and has 
resulted in a new section in the introduction

Write something in the introduction about respect for CP prefernces, 
respect for user preferences and the CP's ultimate sanction on the 
degree of preference they are willing to accommodate

4) Resolutions from the 26th March (London F2F)

(new section on "link rewriting")

RESOLUTION: In the following and in all subsequent discussions Link 
Rewriting is considered to include insertion of links and frame 
flattening and other techniques that introduce the "same origin" issue

RESOLUTION: Link rewriting is a form of transformation and at a minimum 
is subject to the same limitations as other forms of transformation 
described in this document

RESOLUTION: Proxies MAY rewrite links, where content transformation is 
permitted, providing that content domain origin distinctions are 
preserved by the proxy such that browsers accessing content via the 
proxy do not inappropriately misconstrue different content origins as 
being the same and inappropriately share cookies, or allow execution of 
scripts or do other things that cause security problems as a result of 
not knowing that different origins are involved

RESOLUTION: Since there doesn't appear to be a way in which the URI sent 
to the User Agent can be manipulated to preserve security related to 
same origin policies it is permissible for a CT proxy to act on content 
in so that security is nonetheless preserved as adjudged by conformance 
tests that are to be researched. If no such security tests can be found 
then there cannot be conformance associated with link rewriting and it 
cannot be permissible for CT proxies to do so.

RESOLUTION: Include text on the following lines as a note under a 
section on Link Rewriting: "Link rewriting is always used by CT Proxies 
that are accessed as an origin server initially, e.g. which provide 
mobile-adapted web search and navigation to the web pages returned in 
the search results, or to which the browser is redirected through the CT 
Proxy for adaptation of a web page. Link rewriting *may* be used by CT 
Proxies acting as normal HTTP proxies (e.g. configured or transparent) 
for the browser, but may not be required since all browser requests flow 
through the CT Proxy."

RESOLUTION: Proxies must never transform https content unless a prior 
agreement has been reached with the specific origin server.


RESOLUTION: Interception of HTTPS and the circumstances in which it 
might be permissible is not a "mobile" question, as such, but is highly 
pertinent to our document. We are aware that interception of HTTPS 
happens in the network today. We think that interception of HTTPS is 
inherently problematic and may be unsafe. We'd like to refer to more 
general conformance criteria to protocol based signalling mechanisms to 
achieve this. Pending futher developments in this area the practice of 
intercepting HTTPS links is strongly NOT RECOMMENDED.

RESOLUTION: Add .mobi to the list of mandatory heuristics as it is a 
stronger indication of mobile intent than many of the content-types and 
DOCTYPEs already agreed - other URI patterns are more ambiguous as to 
their intent

ACTION-926: Inser sections under proxy decision to transform a. to 
specify SHOULD NOT in the presence of the features listed at and b. to include the 
current cullets listed as heuristics

RESOLUTION: We delete all non-normative heuristics and close issue-288

RESOLUTION: Close Issue-284

ACTION-927: To preface the first sentence in 4.1.5 with Aside from the 
usual procedures defined in [RFC 2616 HTTP]

RESOLUTION: Leave X-Device headers in as they add value and close ISSUE-289

RESOLUTION: Accept Jo's editorial changes detailed in email 13 mar 2009

RESOLUTION: adopt the text as proposed by Eduardo and modified by Jo 
regarding X- prefix, we will register the header with IETF and close 

ACTION-931 Insert informative text in the relevant appendix describing 
the use of 403 in declining to server content because of security 
concerns or whatever

ACTION-932 Specify what he means by the USer Agent editorial note under 
4.1.5 - really can't remember, note removed

ACTION-933 Propose text for section 5 referring to \"reasonable terms, 
timeliness, of access and so on, relating to the use cases of bug 
determinations, testing and so on

Received on Sunday, 7 June 2009 21:19:32 UTC