Network Working Group S. Harhalakis Internet-Draft TEI of Thessaloniki Intended status: Standards Track August 23, 2007 Expires: February 24, 2008 Header Request for HTTP draft-sharhalakis-httphreq-00.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on February 24, 2008. Copyright Notice Copyright (C) The IETF Trust (2007). Harhalakis Expires February 24, 2008 [Page 1] Internet-Draft Header Request for HTTP August 2007 Abstract This document describes a method for HTTP to support optional on- demand headers as an addition to HTTP dialogs. Any server side application using this method will be able to request additional headers from conforming HTTP clients. This way the HTTP protocol will is extended to support optional on-demand headers that can be sent from clients uppon request. It can also serve as an intermediate step for introducing new HTTP headers without initialy requiring that they will always be sent. An additional HTTP header is described and its ABNF description is provided. Harhalakis Expires February 24, 2008 [Page 2] Internet-Draft Header Request for HTTP August 2007 Discussion Discussion about this document takes place in http-wg mailing list (ietf-http-wg@w3.org). Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Purpose . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2. Requirements . . . . . . . . . . . . . . . . . . . . . . . 4 1.3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 2. Definition . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.1. Protocol definition . . . . . . . . . . . . . . . . . . . 6 2.2. Header syntax . . . . . . . . . . . . . . . . . . . . . . 6 2.3. Proxy considerations . . . . . . . . . . . . . . . . . . . 7 3. Security Considerations . . . . . . . . . . . . . . . . . . . 8 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 5.1. Normative . . . . . . . . . . . . . . . . . . . . . . . . 10 5.2. Informative . . . . . . . . . . . . . . . . . . . . . . . 10 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 11 Intellectual Property and Copyright Statements . . . . . . . . . . 12 Harhalakis Expires February 24, 2008 [Page 3] Internet-Draft Header Request for HTTP August 2007 1. Introduction 1.1. Purpose Web based applications are exploiting the HTTP protocol to achieve better results and provide additional capabilities. Every now and then server side applications introduce additional needs for HTTP clients. Current HTTP specs require that any newly introduced HTTP header need to always be sent, resulting in additional worldwide overhead. Discussions about a new HTTP header revealed that the need for optional headers actually exists. The HTTP protocol can be further extended to provide such a framework. This document addresses this need by describing a method and a header to be used in HTTP [RFC2616] so that server side applications may request additional headers from clients. By providing support for on-demand offering of headers from clients, the HTTP protocol will be able to be further extended without adopting additional headers that need to be exchanged all of the time. Also, the community will be able to test newly introduced headers that are defined by future RFCs without placing the requirement for always sending them. 1.2. Requirements The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. An implementation is not compliant if it fails to satisfy one or more of the MUST or REQUIRED level requirements. An implementation that satisfies all the MUST or REQUIRED level and all the SHOULD level requirements is said to be "unconditionally compliant"; one that satisfies all the MUST level requirements but not all the SHOULD level requirements is said to be "conditionally compliant". 1.3. Terminology This document uses the following terms: HTTP client Every client of the HTTP protocol. Commonly referred to as a web browser. Harhalakis Expires February 24, 2008 [Page 4] Internet-Draft Header Request for HTTP August 2007 HTTP header A HTTP header as described in [RFC2616]. Header request A list of requested headers. The HTTP header specification of this document is presented in the augmented Backus-Naur Form that is described in [RFC2616]. Harhalakis Expires February 24, 2008 [Page 5] Internet-Draft Header Request for HTTP August 2007 2. Definition 2.1. Protocol definition Server side applications MAY use the Header Request (HRQ) header to request additional headers from HTTP clients. Those applications MUST NOT assume that clients will respond to their requests nor that clients support the HRQ header. Server side MUST always send the same HRQ, even if the requested headers exist, to elliminate the ping-pong effect. This means that a server side script that requests header H, MUST send the HRQ for header H even when that header is provided. Client side applications MAY support the server side HRQ. Those clients MAY be willing to respond to the HRQ. A HRQ may include one or more headers. Willing clients MAY perform an additional and almost identical HTTP request. An additional request MUST NOT be performed when there is no corresponding Vary header. If an additional request is made it MUST include at least one of the requested headers. Clients don't need to provide all of the requested headers. The additional request SHOULD NOT be performed when doing form submission or a POST request. HRQ MAY include a Domain and Path parameter that have the semantics of [RFC2109]. Clients MAY cache per Domain/Path HRQ and automatically send the additional headers in future sessions without waiting for an HRQ. Clients MUST match all of Domain/Path information before sending any headers that are the result of cached HRQs. Clients SHOULD update their cache upon receipt of an HRQ. This ensures that they will not send data that are not required any more for more than one requests. Clients that are sending an additional header because of an old HRQ that is no longer requested SHOULD stop sending it. Clients that detect an HRQ that can be further satisfied (partially or fully) MAY perform another request including the additional headers. Clients MUST NOT perform an additional request just to not provide a header. 2.2. Header syntax For the purposes of this document the following HTTP header is defined: header-request = "Header-Request" ":" h-rq h-param h-rq = h-element *( "," h-element ) h-element = token h-param = *( ";" h-param-av ) Harhalakis Expires February 24, 2008 [Page 6] Internet-Draft Header Request for HTTP August 2007 h-param-av = "Domain" "=" value ; *1* / "Path" "=" value ; *1* / "Secure" ; *1* Where: token A name as specified in [RFC2616]. value A value as defined in HTTP State Management Mechanism [RFC2109]. *1* Same semantics as in HTTP State Management Mechanism [RFC2109]. Usage of h-param is the same as in cookie-av described in [RFC2109]. Same grammar and semantics apply. 2.3. Proxy considerations HTTP proxy servers MUST NOT alter this information. Proxy behaviour regarding the additional headers will be defined by the header's specifications. Harhalakis Expires February 24, 2008 [Page 7] Internet-Draft Header Request for HTTP August 2007 3. Security Considerations It is believed that the HRQ header does not introduce any security issues. Harhalakis Expires February 24, 2008 [Page 8] Internet-Draft Header Request for HTTP August 2007 4. IANA Considerations This specification requires registration of a Message Header Field for HTTP [RFC3864]: Header field: Header-Request Applicable protocol: HTTP Status: Experimental Author/change controller: IETF (iesg@ietf.org) Internet Engineering Task Force Specification document: [ this document ] IANA must also add an attribute for newly introduced headers that will act as a hint for HTTP clients. This attribute will be named 'on-demand' and will act as a flag, identifying headers that should be sent after server side request. IANA is advised to set and keep this flag on newly introduced client side headers at least until their corresponding RFCs reach the 'Draft Standard' state. IANA is also advised not to remove this flag from headers that are not needed for a significant portion of the worldwide web traffic. IANA's motive regarding this attribute should be the worldwide bandwidth and resource conservation. Harhalakis Expires February 24, 2008 [Page 9] Internet-Draft Header Request for HTTP August 2007 5. References 5.1. Normative [RFC2109] Kristol, D. and L. Montulli, "HTTP State Management Mechanism", RFC 2109, February 1997. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. [RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration Procedures for Message Header Fields", BCP 90, RFC 3864, September 2004. 5.2. Informative [I-D.rfc-editor-rfc2223bis] Reynolds, J. and R. Braden, "Instructions to Request for Comments (RFC) Authors", draft-rfc-editor-rfc2223bis-08 (work in progress), July 2004. Harhalakis Expires February 24, 2008 [Page 10] Internet-Draft Header Request for HTTP August 2007 Author's Address Stefanos Harhalakis Technological Educational Institute of Thessaloniki Department of Information Technology Thessaloniki, Greece GR Email: v13@it.teithe.gr, v13@priest.com Harhalakis Expires February 24, 2008 [Page 11] Internet-Draft Header Request for HTTP August 2007 Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Harhalakis Expires February 24, 2008 [Page 12]