HTTP Working Group J. Mogul, DECWRL Internet-Draft 12 September 1997 Expires: 28 March 1998 Format and Example of HTTP/1.1 Requirements Summary draft-ietf-http-req-sum-00.txt STATUS OF THIS MEMO This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." To learn the current status of any Internet-Draft, please check the "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or ftp.isi.edu (US West Coast). Distribution of this document is unlimited. Please send comments to the HTTP working group at . Discussions of the working group are archived at . General discussions about HTTP and the applications which use HTTP should take place on the mailing list. ABSTRACT RFC1122 [1] introduced a ``Requirements Summary'' format, to help implementors understand what aspects of a lengthy specification were mandatory, recommended, or optional. The HTTP/1.1 specification is similarly lengthy and complicated; many implementors have asked for guidance in understanding what they need to do. The latest draft revision of the HTTP/1.1 specification [2] has a placeholder section for a ``Requirements Summary'', but there has been relatively little discussion of the format and content of this summary in the HTTP working group. This document proposes a specific format for the summary, and gives an example summary for one section of the document. Mogul [Page 1] Internet-Draft HTTP requirements summary 12 September 1997 17:27 TABLE OF CONTENTS 1 Introduction 2 2 Categorizing implementations 2 2.1 Introductory material for Requirements Summary 3 3 DRAFT Requirements summary for Section 13: Caching 4 4 Security Considerations 7 5 Acknowledgments 7 6 References 7 7 Author's address 7 1 Introduction RFC1122 [1] introduced a ``Requirements Summary'' format, to help implementors understand what aspects of a lengthy specification were mandatory, recommended, or optional. The HTTP/1.1 specification is similarly lengthy and complicated; many implementors have asked for guidance in understanding what they need to do. This is especially important because there are several kinds of HTTP/1.1 implementations (including server, proxy, and client, with or without caches). Many aspects of the specification apply only to a subset of these implementation categories, which means that someone implementing, say, an HTTP client must disentangle the client-specific requirements from the (client-irrrelevant) requirements for servers and proxies. The latest draft revision of the HTTP/1.1 specification [2] has a placeholder section for a ``Requirements Summary'' (section 19.9). but there has been relatively little discussion of the format and content of this summary in the HTTP working group. What little discussion has taken place has been mostly positive, but there are some concerns about how the implementations are categorized. This document proposes a specific format for the summary, and gives an example summary for one section of the document. 2 Categorizing implementations We would like to design the format of the Requirements Summary so that it is readable even in the plain-ASCII version of the HTTP/1.1 specification, since this is the ``official'' version of an IETF specification. This places some constraints on the number of columns in the format, which in turn constrains the number of categories that can be comfortably included. Although at first glance, there might appear to be at least six different implementation categories (server, proxy, client, each with or without a cache). However, in many sections of the HTTP specification, caching is irrelevant. For many other features, it is fairly obvious whether the feature applies to a cache or not. Mogul [Page 2] Internet-Draft HTTP requirements summary 12 September 1997 17:27 Therefore, we propose a format where the applicability of a requirement to an caching implementation is signalled by a footnote, rather than expanding the number of columns to six. One possible implementation of this format would be as a spreadsheet, using a portable representation (such as ``comma separated values''). The use of a spreadsheet would allow separate editing of the requirements summary, followed by semi-automatic insertion into the master copy of the HTTP/1.1 specification. It might also allow semi-automatic extraction of subset requirements application to specific kinds of implementations. 2.1 Introductory material for Requirements Summary [This is repeated more or less verbatim from section 19.9 of [2], for the benefit of the reader.] This section summarizes the requirements of the HTTP/1.1 specification. (Requirements are those aspects of the protocol defined with the words "MUST", "SHOULD", or "MAY.") This list is not a normative part of the HTTP/1.1 specification, and if there is any conflict between this listing and another part of the specification, the statements elsewhere in the specification take absolute priority. Requirements are listed in the order that they appear in the the specification. For each requirement, the list includes - a very brief summary of the feature; this is meant for identification purposes only, and must not be used as a specification of the feature. - the section of the document in which the feature is specified. - A column for each of three categories of implementation (Server, Proxy, and Client), showing whether the listed feature is a MUST, SHOULD, or MAY requirement. - A column for additional footnotes Note that some aspects of the protocol may be specified in multiple sections in separated part of the document. In order to fit into the standard IETF format for ASCII text documents, some of the column headings, and the requirement keywords, are abbreviated. [End of extract from [2].] Key for column headings: Srvr = Server Mogul [Page 3] Internet-Draft HTTP requirements summary 12 September 1997 17:27 Prox = Proxy Clnt = Client Key for requirements keywords: M = MUST MN = MUST NOT S = SHOULD SN = SHOULD NOT ok = MAY na = Not applicable Some entries are listed as ``MUST NOT'' or ``SHOULD NOT'' even if the feature summary seems to indicate a ``MUST'' or ``SHOULD''. The entries reflect the words from the actual spec, rather than the feature summary. I.e., the feature summary wording is only to help the reader find the appropriate passage; it is in no way a definitive description of the requirement! 3 DRAFT Requirements summary for Section 13: Caching The following table has NOT been carefully proofread; it probably contains errors. Please do not base an implementation on this version of the summary! There is at least one bogus entry that has been inserted into the following table, to encourage careful proofreading. For section 13 (Caching), almost all of the requirements that apply to proxies apply only to caching proxies. A few requirements do also apply to non-caching proxies; this is noted where applicable. Notes: 1 Cache rule applies to client-local caches as well as proxy caches. 2 Rule applies to non-caching proxies. 98 No explicit upper-case conformance requirement stated in [2], perhaps not actually a conformance requirement. 99 No explicit upper-case conformance requirement stated in [2] Feature summary Section Srvr Prox Clnt Note =============== ======= ==== ==== ==== ==== Meets cache correctness rules 1-3 13.1.1 na M M 1 If server unreachable, follow rules 1-3 13.1.1 na S S 1 ditto, or return error/warning 13.1.1 na M M 1 Forward initially-stale response 13.1.1 na S S 1, 2 Don't revalidate initially-stale resp 13.1.1 na SN SN 1 Mogul [Page 4] Internet-Draft HTTP requirements summary 12 September 1997 17:27 Display warning on received-stale resp 13.1.1 na na ok Delete MUST-delete warning after reval 13.1.2 na M M 1 Keep MUST-keep warning after reval 13.1.2 na M M 1 Attach Warning to stale response 13.1.5 na M na Obey client request for freshness 13.1.5 na S na Revalidate init-stale cached response 13.2.1 na S S 1 Comply with Age calculation algorithm 13.2.3 na M M 1,2,99 Interpret Age rel. to initiation time 13.2.3 na M M 1 max-age overrules Expires 13.2.4 na M M 1, 99 Use heuristic if no Expires or max-age 13.2.4 na ok ok 1 Warn if heuristic & Age > 24 hours 13.2.4 na M M 1, 99 Base heuristic on Last-Mod time 13.2.4 na S S 1 Freshness test based on age 13.2.4 na M M 1, 99 Ignore new response with older Date 13.2.5 na ok ok 1 Use response with most recent Date 13.2.5 na M M 1 Re-revalidate when new resp seems old 13.2.6 na S S 1 Don't expect disambiguation for = Dates 13.2.6 MN na na Weak comparison for non-subrange reqs 13.3.3 ok ok na Strong comparison for subrange/non-GET 13.3.3 M M na Last-modified implicitly weak 13.3.3 M M M 99 Strong etag changes always 13.3.4 M na na Weak etag changes when 'significant' 13.3.4 S na na Use etag in conditionals, if available 13.3.4 na M M Use Last-Modified, if avail & no etag 13.3.4 na S S ditto, with subrange reqs 13.3.4 na ok ok Disable use of Last-Mod w/subranges 13.3.4 na na S 99 Use both Last-Mod & etag, if avail 13.3.4 na S S Use most restrictive validator 13.3.4 na M M 1 Validate only w/etag or Last-Modified 13.3.5 M M M 98 Responses normally cachable 13.4 na ok ok 99 HTTP/1.0 responses not cachable 13.4 na MN MN 1 No validator/expires/max-age ->no cache 13.4 na S S 99 ditto unless unusual situation 13.4 na ok ok 99 Cachable status codes are 200, 203, 206, 300, 301, 410 13.4 na ok ok 99 Cache 206 only if ranges supported 13.4 na MN MN 1 Other status codes w/out explict perm 13.4 na MN MN 1 Don't add or modify Content-Location, Content-MD5, or Etag 13.5.2 na MN na 2 Don't modify Expires, Content-Length 13.5.2 na MN na 2 Mogul [Page 5] Internet-Draft HTTP requirements summary 12 September 1997 17:27 Added Expires = Date 13.5.2 na M M 2 Added Content-Length is accurate 13.5.2 na M na 2 If no-transform, don't add Content-Encoding, Content-Length, Content-Range, Content-Type 13.5.2 na MN na 2 Add Warning if adding Content-Encoding, Content-Length, Content-Range, Content-Type 13.5.2 na M na 2 Combine partial resps 13.5.3 na ok ok 1 Delete 1XX Warnings on revalidate 13.5.3 na M M 1 Keep 2XX Warnings on revalidate 13.5.3 na M M 1 304/206 hdrs update cache entry 13.5.3 na M M 1 End-to-end hdrs update cache entry 13.5.3 na M M 1 Combined subranges: validators match 13.5.4 na M M 1 Combined subranges: strong validators 13.5.4 na M M 1 Otherwise: use most recent partial resp 13.5.4 na M M 1, 99 Use Vary to list selecting req hdrs 13.6 M na na New req hdrs match Vary on cache use 13.6 na M M 1 Forward non-matching requests 13.6 na M M 1 Forwarded req conditional if have Etag 13.6 na S S 1 Resp updates entry if tags match 13.6 na S S 1 Forward new response 13.6 na M na Vary * means forward new reqs 13.6 na MN MN 1 Omit Etag on conditional req and partial cache entry 13.6 na SN SN 1 Delete entry if URI matches Content-Location on newer resp and Etags don't match 13.6 na SN SN 1 Provide security for non-shared caches 13.7 S S S 1 Store incomplete response 13.8 na ok ok 1, 99 Incomplete resp. is partial 13.8 na M M 1 Mark all partial resps. as such 13.8 na M M 1 Don't use 200 with partial resp. 13.8 na MN MN 1 Forward 5xx response 13.8 na ok na 2 Treat 5xx like dead server 13.8 na ok na GET/HEAD: no side effects 13.9 SN na na PUT,DELETE,POST invalidate entries 13.10 na S S 98 Match host if invalidating by URI 13.10 na M M 1 Write-through all updates 13.11 na M M 1 Use latest response 13.12 na S S 1 History not transparent 13.13 na na SN Mogul [Page 6] Internet-Draft HTTP requirements summary 12 September 1997 17:27 Expires no effect on history 13.13 na na ok 98 History can indicate staleness 13.13 na na ok 98 4 Security Considerations This document only summarizes the specification in [2], it does not introduce any new features to HTTP. Therefore, there are no security considerations particular to the requirements summary itself. 5 Acknowledgments T.B.S. 6 References 1. R. Braden. Requirements for Internet Hosts -- Communication Layers. RFC 1122, Internet Engineering Task Force, October, 1989. 2. Roy T. Fielding, Henrik Frystyk Nielsen, and Tim Berners-Lee. Hypertext Transfer Protocol -- HTTP/1.1. Internet-Draft draft-ietf-http-v11-spec-08.txt, HTTP Working Group, September?, 1997. [As of this writing, this document has not been assigned an actual Internet-Draft name/number; however, it is available on the Web at www.ics.uci.edu/pub/ietf/http/draft-ietf-http-v11-spec-08.txt.gz and is widely known as ``draft-08'']. 7 Author's address Jeffrey C. Mogul Western Research Laboratory Digital Equipment Corporation 250 University Avenue Palo Alto, California, 94305, USA Email: mogul@wrl.dec.com Mogul [Page 7]