idnits 2.17.1 

draft-frystyk-http-extensions-03.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Looks like you're using RFC 2026 boilerplate.  This must be updated to
     follow RFC 3978/3979, as updated by RFC 4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  ** Missing expiration date.  The document expiration date should appear on
     the first and last page.

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)

  ** The document seems to lack separate sections for Informative/Normative
     References.  All references will be assumed normative when checking for
     downward references.

  == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the
     document.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The "Author's Address" (or "Authors' Addresses") section title is
     misspelled.

  == Line 443 has weird spacing: '...se when  fulfi...'

  == Line 628 has weird spacing: '...pported   proc...'

  == Line 631 has weird spacing: '...pported   proc...'

  == Line 633 has weird spacing: '...cessing  proce...'

  == Line 643 has weird spacing: '...pported   exte...'

  == (3 more instances...)

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (Mar 15, 1999) is 9167 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Unused Reference: '1' is defined on line 555, but no explicit reference
     was found in the text

  == Unused Reference: '2' is defined on line 557, but no explicit reference
     was found in the text

  ** Obsolete normative reference: RFC  822 (ref. '1') (Obsoleted by RFC 2822)

  ** Downref: Normative reference to an Informational RFC: RFC 1945 (ref. '2')

  ** Obsolete normative reference: RFC 2068 (ref. '5') (Obsoleted by RFC 2616)

  ** Downref: Normative reference to an Informational RFC: RFC 2324 (ref. '7')

  ** Obsolete normative reference: RFC 2396 (ref. '8') (Obsoleted by RFC 3986)

  -- No information found for draft-http-pep - is the name correct?

  -- Possible downref: Normative reference to a draft: ref. '9' 


     Summary: 9 errors (**), 0 flaws (~~), 11 warnings (==), 4 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	INTERNET-DRAFT           HTTP Extensions  H. Frystyk Nielsen, W3C
3	draft-frystyk-http-extensions-03              P. Leach, Microsoft
4	                                  Scott Lawrence, Agranat Systems
5	Expires: Sep 15, 1999                           Mon, Mar 15, 1999

7	                       HTTP Extension Framework

9	Status of this Document

11	This document is an Internet-Draft and is in full conformance with all
12	provisions of Section 10 of RFC2026.

14	Internet-Drafts are working documents of the Internet Engineering Task
15	Force (IETF), its areas, and its working groups. Note that other
16	groups may also distribute working documents as Internet-Drafts.
17	Internet-Drafts are draft documents valid for a maximum of six months
18	and may be updated, replaced, or obsoleted by other documents at any
19	time. It is inappropriate to use Internet-Drafts as reference material
20	or to cite them other than as "work in progress."

22	The list of current Internet-Drafts can be accessed at
23	http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft
24	Shadow Directories can be accessed at http://www.ietf.org/shadow.html.

26	General information about this document is linked from
27	"http://www.w3.org/Protocols/HTTP/ietf-http-ext/". Send comments to
28	the <ietf-http-ext@w3.org> mailing list. This list is archived at
29	"http://lists.w3.org/Archives/Public/ietf-http-ext/".

31	Abstract

33	A wide range of applications have proposed various extensions of the
34	HTTP protocol. Current efforts span an enormous range, including
35	distributed authoring, collaboration, printing, and remote procedure
36	call mechanisms. These HTTP extensions are not coordinated, since
37	there has been no standard framework for defining extensions and thus,
38	separation of concerns. This document describes a generic extension
39	mechanism for HTTP, which is designed to address the tension between
40	private agreement and public specification and to accommodate
41	extension of applications using HTTP clients, servers, and proxies.
42	The proposal associates each extension with a globally unique
43	identifier, and uses HTTP header fields to carry the extension
44	identifier and related information between the parties involved in the
45	extended communication.

47	Table of Contents
48	1.  Introduction ...............................................2
49	2.  Notational Conventions .....................................3
50	3.  Extension Declarations .....................................3
51	 3.1   Header Field Prefixes ...................................4
52	4.  Extension Header Fields ....................................6
53	 4.1   End-to-End Extensions ...................................6
54	 4.2   Hop-by-Hop Extensions ...................................7
55	 4.3   Extension Response Header Fields ........................7
56	5.  Mandatory HTTP Requests ....................................8
57	 5.1   Fulfilling a Mandatory Request ..........................9
58	6.  Mandatory HTTP Responses ..................................10
59	7.  510 Not Extended ..........................................11
60	8.  Publishing an Extension ...................................11
61	9.  Caching Considerations ....................................12
62	10. Security Considerations ...................................13
63	11. References ................................................13
64	12. Acknowledgements ..........................................13
65	13. Authors Addresses .........................................14
66	14. Summary of Protocol Interactions ..........................14
67	15. Examples ..................................................15
68	 15.1  User Agent to Origin Server ............................15
69	 15.2  User Agent to Origin Server via HTTP/1.1 Proxy .........16
70	 15.3  User Agent to Origin Server via HTTP/1.0 Proxy .........17

72	1. Introduction

74	This proposal is designed to address the tension between private
75	agreement and public specification; and to accommodate dynamic
76	extension of HTTP clients and servers by software components. The kind
77	of extensions capable of being introduced range from:

79	   o extending a single HTTP message;

81	   o introducing new encodings;

83	   o initiating HTTP-derived protocols for new applications; to...

85	   o switching to protocols which, once initiated, run independent of
86	     the original protocol stack.

88	The proposal is intended to be used as follows:

90	   o Some party designs and specifies an extension; the party assigns
91	     the extension a globally unique URI, and makes one or more
92	     representations of the extension available at that address (see
93	     section 8).

95	   o An HTTP client or server that implements this extension mechanism
96	     (hereafter called an agent) declares the use of the extension by
97	     referencing its URI in an extension declaration in an HTTP
98	     message (see section 3).

100	   o The HTTP application which the extension declaration is intended
101	     for (hereafter called the ultimate recipient) can deduce how to
102	     properly interpret the extended message based on the extension
103	     declaration.

105	The proposal uses features in HTTP/1.1 but is compatible with HTTP/1.0
106	applications in such a way that extended applications can coexist with
107	existing HTTP applications. Applications implementing this proposal
108	MUST be based on HTTP/1.1 (or later versions of HTTP).

110	2. Notational Conventions

112	This specification uses the same notational conventions and basic
113	parsing constructs as RFC 2068 [5]. In particular the BNF constructs
114	"token", "quoted-string", "Request-Line", "field-name", and
115	"absoluteURI" in this document are to be interpreted as described in
116	RFC 2068 [5].

118	The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
119	"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
120	document are to be interpreted as described in RFC 2119 [6].

122	This proposal does not rely on particular features defined in URLs [8]
123	that cannot potentially be expressed using URNs (see section 8).
124	Therefore, the more generic term URI [8] is used throughout the
125	specification.

127	3. Extension Declarations

129	An extension declaration can be used to indicate that an extension has
130	been applied to a message and possibly to reserve a part of the header
131	namespace identified by a header field prefix (see 3.1). This section
132	defines the extension declaration itself; section 4 defines a set of
133	header fields using the extension declaration.

135	This specification does not define any ramifications of applying an
136	extension to a message nor whether two extensions can or cannot
137	logically coexist within the same message. It is simply a framework
138	for describing which extensions have been applied and what the
139	ultimate recipient either must or may do in order to properly
140	interpret any extension declarations within that message.

142	The grammar for an extension declaration is as follows:

144	    ext-decl        = <"> ( absoluteURI | field-name ) <">
145	                      [ namespace ] [ decl-extensions ]

147	    namespace       = ";" "ns" "=" header-prefix
148	    header-prefix   = 2*DIGIT

150	    decl-extensions = *( decl-ext )
151	    decl-ext        = ";" token [ "=" ( token | quoted-string ) ]

153	An extension is identified by an absolute, globally unique URI or a
154	field-name. A field-name MUST specify a header field uniquely defined
155	in an IETF Standards Track RFC [3]. A URI can unambiguously be
156	distinguished from a field-name by the presence of a colon (":").

158	The support for header field names as extension identifiers provides a
159	transition strategy from decentralized extensions to extensions
160	defined by IETF Standards Track RFCs until a mapping between the
161	globally unique URI space and features defined in IETF Standards Track
162	RFCs has been defined according to the guidelines described in section
163	8.

165	Examples of extension declarations are

167	    "http://www.company.com/extension"; ns=11
168	    "Range"

170	An agent MAY use the decl-extensions mechanism to include optional
171	extension declaration parameters but cannot assume these parameters to
172	be recognized by the recipient. An agent MUST NOT use decl-extensions
173	to pass extension instance data, which MAY be passed using header
174	field prefix values (see section 3.1). Unrecognized decl-ext
175	parameters SHOULD be ignored and MUST NOT be removed by proxies when
176	forwarding the extension declaration.

178	3.1 Header Field Prefixes

180	The header-prefix is a dynamically generated string. All header fields
181	in the message that match this string, using string prefix-matching,
182	belong to that extension declaration. Header field prefixes allow an
183	extension declaration to dynamically reserve a subspace of the header
184	space in a protocol message in order to prevent header field name
185	clashes and to allow multiple declarations using the same extension to
186	be applied to the same message without conflicting.

188	Header fields using a header-prefix are of the form:

190	    prefixed-header = prefix-match field-name
191	    prefix-match    = header-prefix "-"

193	Linear white space (LWS) MUST NOT be used between the header-prefix
194	and the dash ("-") or between the prefix-match and the field-name. The
195	string prefix matching algorithm is applied to the prefix-match
196	string.

198	The format of the prefix using a combination of digits and the dash
199	("-") guarantees that no extension declaration can reserve the whole
200	header field name space. The header-prefix mechanism was preferred
201	over other solutions for exchanging extension instance parameters
202	because it is header based and therefore allows for easy integration
203	of new extensions with existing HTTP features.

205	Agents MUST NOT reuse header-prefix values in the same message unless
206	explicitly allowed by the extension (see section 4.1 for a discussion
207	of the ultimate recipient of an extension declaration).

209	Clients SHOULD be as consistent as possible when generating header-
210	prefix values as this facilitates use of the Vary header field in
211	responses that vary as a function of the request extension
212	declaration(s) (see [5], section 13.6).

214	Servers including prefixed-header header fields in a Vary header field
215	value MUST also include the corresponding extension declaration field-
216	name as part of that value. For example, if a response depends on the
217	value of the 16-use-transform header field defined by an optional
218	extension declaration in the request, the Vary header field in the
219	response could look like this:

221	    Vary: Opt, 16-use-transform

223	Note, that header-prefix consistency is no substitute for including an
224	extension declaration in the message: header fields with header-prefix
225	values not defined by an extension declaration in the same message are
226	not defined by this specification.

228	Examples of header-prefix values are
229	    12
230	    15
231	    23

233	Old applications may introduce header fields independent of this
234	extension mechanism, potentially conflicting with header fields
235	introduced by the prefix mechanism. In order to minimize this risk,
236	prefixes MUST contain at least 2 digits.

238	4. Extension Header Fields

240	This proposal introduces two types of extension declaration strength:
241	mandatory and optional, and two types of extension declaration scope:
242	hop-by-hop and end-to-end (see section 4.1 and 4.2).

244	A mandatory extension declaration indicates that the ultimate
245	recipient MUST consult and adhere to the rules given by the extension
246	when processing the message or reporting an error (see section 5 and
247	7).

249	An optional extension declaration indicates that the ultimate
250	recipient of the extension MAY consult and adhere to the rules given
251	by the extension when processing the message, or ignore the extension
252	declaration completely. An agent may not be able to distinguish
253	whether the ultimate recipient does not understand an extension
254	referred to by an optional extension or simply ignores the extension
255	declaration.

257	The combination of the declaration strength and scope defines a 2x2
258	matrix which is distinguished by four new general HTTP header fields:
259	Man, Opt, C-Man, and C-Opt. (See sections 4.1 and 4.2; also see
260	appendix 14, which has a table of interactions with origin servers and
261	proxies.)

263	The header fields are general header fields as they describe which
264	extensions actually are applied to an HTTP message. Optional
265	declarations MAY be applied to any HTTP message if appropriate (see
266	section 5 for how to apply mandatory extension declarations to
267	requests and section 6 for how to apply them to responses).

269	4.1 End-to-End Extensions

271	End-to-end declarations MUST be transmitted to the ultimate recipient
272	of the declaration. The Man and the Opt general header fields are end-
273	to-end header fields and are defined as follows:

275	    mandatory       = "Man" ":" 1#ext-decl
276	    optional        = "Opt" ":" 1#ext-decl

278	For example

280	    HTTP/1.1 200 OK
281	    Content-Length: 421
282	    Opt: "http://www.digest.org/Digest"; ns=15
283	    15-digest: "snfksjgor2tsajkt52"
284	    ...

286	The ultimate recipient of a mandatory end-to-end extension declaration
287	MUST handle that extension declaration as described in section 5 and
288	6.

290	4.2 Hop-by-Hop Extensions

292	Hop-by-hop extension declarations are meaningful only for a single
293	HTTP connection. In HTTP/1.1, C-Man, C-Opt, and all header fields with
294	matching header-prefix values defined by C-Man and C-Opt MUST be
295	protected by a Connection header field. That is, these header fields
296	are to be included as Connection header field directives (see [5],
297	section 14.10). The two header fields have the following grammar:

299	    c-mandatory     = "C-Man" ":" 1#ext-decl
300	    c-optional      = "C-Opt" ":" 1#ext-decl

302	For example

304	    M-GET / HTTP/1.1
305	    Host: some.host
306	    C-Man: "http://www.digest.org/ProxyAuth"; ns=14
307	    14-Credentials="g5gj262jdw@4df"
308	    Connection: C-Man, 14-Credentials

310	The ultimate recipient of a mandatory hop-by-hop extension declaration
311	MUST handle that extension declaration as described in section 5 and
312	6.

314	4.3 Extension Response Header Fields

316	Two extension response header fields are used to indicate that a
317	request containing mandatory extension declarations has been fulfilled
318	by the ultimate recipient as described in section 5.1. The extension
319	response header fields are exclusively intended to serve as extension
320	acknowledgements, and can not carry any other information.

322	The Ext header field is used to indicate that all end-to-end mandatory
323	extension declarations in the request were fulfilled:

325	    ext             = "Ext" ":"

327	The C-Ext response header field is used to indicate that all hop-by-
328	hop mandatory extension declarations in the request were fulfilled.

330	    c-ext           = "C-Ext" ":"

332	In HTTP/1.1, the C-Ext header fields MUST be protected by a Connection
333	header (see [5], section 14.10).

335	The Ext and the C-Ext header fields are not mutually exclusive; they
336	can both occur within the same message as described in section 5.1.

338	5. Mandatory HTTP Requests

340	An HTTP request is called a mandatory request if it includes at least
341	one mandatory extension declaration (using the Man or the C-Man header
342	fields). The method name of a mandatory request MUST be prefixed by
343	"M-". For example, a client might express the binding rights-
344	management constraints in an HTTP PUT request as follows:

346	    M-PUT /a-resource HTTP/1.1
347	    Man: "http://www.copyright.org/rights-management"; ns=16
348	    16-copyright: http://www.copyright.org/COPYRIGHT.html
349	    16-contributions: http://www.copyright.org/PATCHES.html
350	    Host: www.w3.org
351	    Content-Length: 1203
352	    Content-Type: text/html

354	    <!doctype html ...

356	An ultimate recipient conforming to this specification receiving a
357	mandatory request MUST process the request by performing the following
358	actions in the order listed below:

360	   1.  Identify all mandatory extension declarations (both hop-by-hop
361	       and end-to-end); the server MAY ignore optional declarations
362	       without affecting the result of processing the HTTP message;

364	   2.  Examine all extensions identified in 1) and determine if they
365	       are supported for this message. If not, respond with a 510 (Not
366	       Extended) status-code (see section 7);
367	   3.  If 2) did not result in a 510 (Not Extended) status code, then
368	       process the request according to the semantics of the
369	       extensions and of the existing HTTP method name as defined in
370	       HTTP/1.1 [5] or later versions of HTTP. The HTTP method name
371	       can be obtained by ignoring the "M-" method name prefix.

373	   4.  If the evaluation in 3) was successful and the mandatory
374	       request fulfilled, the server MUST respond as defined in
375	       section 5.1. A server MUST NOT fulfill a request without
376	       understanding and obeying all mandatory extension
377	       declaration(s) in a request.

379	A proxy that does not act as the ultimate recipient of a mandatory
380	extension declaration MUST NOT remove the extension declaration or the
381	"M-" method name prefix when forwarding the message (see section 5.1
382	for how to detect when a mandatory extension has been fulfilled).

384	A server receiving an HTTP/1.0 (or earlier versions of HTTP) message
385	that includes a Connection header MUST, for each connection-token in
386	this field, remove and ignore any header field(s) from the message
387	with the same name as the connection-token.

389	A server receiving a mandatory request including the "M-" method name
390	prefix without any mandatory extension declarations to follow MUST
391	return a 510 (Not Extended) response.

393	The "M-" prefix is reserved by this proposal and MUST NOT be used by
394	other HTTP extensions.

396	5.1 Fulfilling a Mandatory Request

398	A server MUST NOT claim to have fulfilled any mandatory request unless
399	it understood and obeyed all the mandatory extension declarations in
400	the request. This section defines a mechanism for conveying this
401	information to the client in such a way that it interoperates with
402	existing HTTP applications and prevents broken servers from giving the
403	false impression that an extended request was fulfilled by responding
404	with a 200 (Ok) response without understanding the method.

406	If any end-to-end mandatory extension declarations were among the
407	fulfilled extensions then the server MUST include an Ext response
408	header field in the response. In order to avoid that the Ext header
409	field inadvertently is cached in an HTTP/1.1 cache, the response MUST
410	contain a no-cache cache-control directive. If the response is
411	otherwise cachable, the no-cache cache-control directive SHOULD be
412	limited to only affect the Ext header field:

414	    HTTP/1.1 200 OK
415	    Ext:
416	    Cache-Control: no-cache="Ext"
417	    ...

419	If the mandatory request has been forwarded by an HTTP/1.0
420	intermediary proxy then this is indicated either directly in the
421	Request-Line or by the presence of an HTTP/1.1 Via header field. In
422	this case, the server MUST include an Expires header field with a date
423	equal to or earlier than the value of the Date header field (see
424	section 9 for a discussion on caching considerations):

426	    HTTP/1.1 200 OK
427	    Date: Sun, 25 Oct 1998 08:12:31 GMT
428	    Expires: Sun, 25 Oct 1998 08:12:31 GMT
429	    Ext:
430	    Cache-Control: no-cache="Ext", max-age=3600
431	    ...

433	If any hop-by-hop mandatory extension declarations were among the
434	fulfilled extensions then the server MUST include a C-Ext response
435	header field in the response. The C-Ext header field MUST be protected
436	by a Connection header field (see [5], section 14.10).

438	    HTTP/1.1 200 OK
439	    C-Ext:
440	    Connection: C-Ext

442	Note, that the Ext and C-Ext header fields are not mutually exclusive;
443	they can be both be present in a response when  fulfilling mandatory
444	request containing both hop-by-hop as well as end-to-end mandatory
445	extension declarations.

447	6. Mandatory HTTP Responses

449	A server MUST NOT include mandatory extension declarations in an HTTP
450	response unless it is responding to a mandatory HTTP request whose
451	definition allowed for the mandatory response or the server has some a
452	priori knowledge that the recipient can handle the extended response.
453	A server MAY include optional extension declarations in any HTTP
454	response (see section 4).

456	If a client is the ultimate recipient of a mandatory HTTP response
457	containing mandatory extension declarations that either the client
458	does not understand or does not want to use, then it SHOULD discard
459	the complete response as if it were a 500 (Internal Server Error)
460	response.

462	7. 510 Not Extended

464	The policy for accessing the resource has not been met in the request.
465	The server should send back all the information necessary for the
466	client to issue an extended request. It is outside the scope of this
467	specification to specify how the extensions inform the client.

469	If the 510 response contains information about extensions that were
470	not present in the initial request then the client MAY repeat the
471	request if it has reason to believe it can fulfill the extension
472	policy by modifying the request according to the information provided
473	in the 510 response. Otherwise the client MAY present any entity
474	included in the 510 response to the user, since that entity may
475	include relevant diagnostic information.

477	8. Publishing an Extension

479	While the protocol extension definition should be published at the
480	address of the extension identifier, this specification does not
481	require it. The only absolute requirement is that extension
482	identifiers MUST be globally unique identifiers, and that distinct
483	names be used for distinct semantics.

485	Likewise, applications are not required to attempt resolving extension
486	identifiers included in an extension declaration. The only absolute
487	requirement is that an application MUST NOT claim conformance with an
488	extension that it does not recognize (regardless of whether it has
489	tried to resolve the extension identifier or not). This document does
490	not provide any policy for how long or how often an application may
491	attempt to resolve an extension identifier.

493	The association between the extension identifier and the specification
494	might be made by distributing a specification, which references the
495	extension identifier.

497	It is strongly recommended that the integrity and persistence of the
498	extension identifier be maintained and kept unquestioned throughout
499	the lifetime of the extension. Care should be taken not to distribute
500	conflicting specifications that reference the same name. Even when an
501	extension specification is made available at the address of the URI,
502	care must be taken that the specification made available at that
503	address does not change over time. One agent may associate the
504	identifier with the old semantics, while another might associate it
505	with the new semantics.

507	The extension definition may be made available in different
508	representations ranging from

510	   o a human-readable specification defining the extension semantics
511	     (see for example [7]),

513	   o downloadable code which implements the semantics defined by the
514	     extension,

516	   o a formal interface description provided by the extension, to

518	   o a machine-readable specification defining the extension
519	     semantics.

521	For example, a software component that implements the specification
522	may reside at the same address as a human-readable specification
523	(distinguished by content negotiation). The human-readable
524	representation serves to document the extension and encourage
525	deployment, while the software component would allow clients and
526	servers to be dynamically extended.

528	9. Caching Considerations

530	Use of extensions using the syntax defined by this document may have
531	additional implications on the cachability of HTTP response messages
532	other than the ones described in section 5.1.

534	The originator of an extended message should be able to determine from
535	the semantics of the extension whether or not the extension's presence
536	impacts the caching constraints of the response message. If an
537	extension does require tighter constraints on the cachebility of the
538	response, the originator MUST include the appropriate combination of
539	cache header fields (Cache-Control, Vary, Expires) corresponding to
540	the required level of constraints of the extended semantics.

542	10. Security Considerations

544	Dynamic installation of extension facilities as described in the
545	introduction involves software written by one party (the provider of
546	the implementation) to be executed under the authority of another (the
547	party operating the host software). This opens the host party to a
548	variety of "Trojan horse" attacks by the provider, or a malicious
549	third party that forges implementations under a provider's name. See,
550	for example RFC2046 [4], section 4.5.2 for a discussion of these
551	risks.

553	11. References

555	[1]  D. H. Crocker. "Standard for the Format of ARPA Internet Text
556	     Messages", STD 11, RFC 822, UDEL, August 1982
557	[2]  T. Berners-Lee, R. Fielding, H. Frystyk, "Hypertext Transfer
558	     Protocol -- HTTP/1.0", RFC 1945, W3C/MIT, UC Irvine, W3C/MIT, May
559	     1996.
560	[3]  S. Bradner, "The Internet Standards Process -- Revision 3", RFC
561	     2026, Harvard University, October 1996
562	[4]  N. Freed, N. Borenstein, "Multipurpose Internet Mail Extensions
563	     (MIME) Part Two: Media Types", RFC 2046, Innosoft, First Virtual,
564	     November 1996.
565	[5]  R. Fielding, J. Gettys, J. C. Mogul, H. Frystyk, T. Berners-Lee,
566	     "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2068, U.C. Irvine,
567	     DEC W3C/MIT, DEC, W3C/MIT, W3C/MIT, January 1997
568	[6]  S. Bradner, "Key words for use in RFCs to Indicate Requirement
569	     Levels", RFC 2119, Harvard University, March 1997
570	[7]  L. Masinter, "Hyper Text Coffee Pot Control Protocol
571	     (HTCPCP/1.0)", RFC 2324, Xerox PARC, 1 April 1998
572	[8]  T. Berners-Lee, R. Fielding, L. Masinter, "Uniform Resource
573	     Identifiers (URI): Generic Syntax", RFC 2396, August 12, 1998
574	[9]  H. F. Nielsen, D. Connolly, R. Khare, "PEP - an extension
575	     mechanism for HTTP", draft-http-pep-05.txt, November 21, 1997.
576	     This work has expired

578	12. Acknowledgements

580	Roy Fielding, Rohit Khare, Yaron Y. Goland, and Koen Holtman, deserve
581	special recognition for their efforts in commenting in all phases of
582	this specification. Also thanks to Josh Cohen, Ross Patterson, Jim
583	Gettys, Larry Masinter, and to the people involved in PEP [9].

585	The contribution of World Wide Web Consortium (W3C) staff is part of
586	the W3C HTTP Activity (see "http://www.w3.org/Protocols/Activity").

588	13. Authors Addresses

590	Henrik Frystyk Nielsen
591	Technical Staff, World Wide Web Consortium
592	MIT Laboratory for Computer Science
593	545 Technology Square
594	Cambridge, MA 02139, USA
595	Email: frystyk@w3.org

597	Paul J. Leach
598	Microsoft Corporation
599	1 Microsoft Way
600	Redmond, WA 98052, USA
601	Email: paulle@microsoft.com

603	Scott Lawrence
604	Agranat Systems, Inc.
605	1345 Main Street
606	Waltham, MA 02154, USA
607	Email: lawrence@agranat.com

609	Appendices

611	14. Summary of Protocol Interactions

613	The following tables summarize the outcome of strength and scope rules
614	of the mandatory proposal of compliant and non-compliant HTTP proxies
615	and origin servers. The summary is intended as a guide and index to
616	the text, but is necessarily cryptic and incomplete. This summary
617	should never be used or referenced separately from the complete
618	specification.

620	                        Table 1: Origin Server

622	       Scope            Hop-by-hop                End-to-end

624	     Strength      Optional     Required    Optional     Required
625	                    (may)        (must)       (may)       (must)

627	   Mandatory     Standard    501 (Not     Standard     501 (Not
628	   unsupported   processing  Implemented) processing   Implemented)

630	   Extension     Standard    510 (Not     Standard     510 (Not
631	   unsupported   processing  Extended)    processing   Extended)
632	   Extension     Extended    Extended     Extended     Extended
633	   supported     processing  processing   processing   processing

635	                         Table 2: Proxy Server

637	       Scope            Hop-by-hop                End-to-end

639	     Strength      Optional     Required    Optional     Required
640	                    (may)        (must)       (may)       (must)

642	   Mandatory     Strip       501 (Not     Forward      501 (Not
643	   unsupported   extension   Implemented) extension    Implemented)
644	                             or tunnel                 or tunnel

646	   Extension     Strip       510 (Not     Forward      Forward
647	   unsupported   extension   Extended)    extension    extension

649	   Extension     Extended    Extended     Extended     Extended
650	   supported     processing  processing   processing,  processing,
651	                 and strip   and strip    may strip    may strip

653	15. Examples

655	The following examples show various scenarios using mandatory in
656	HTTP/1.1 requests and responses. Information not essential for
657	illustrating the examples is left out (referred to as "...")

659	15.1 User Agent to Origin Server

661	             Table 3: User Agent directly to origin server

663	 Client issues a request M-GET /some-document HTTP/1.1
664	 with one optional and   Opt: "http://www.my.com/tracking"
665	 one mandatory extension Man: "http://www.foo.com/privacy"
666	                         ...

668	 Origin server accepts   HTTP/1.1 200 OK
669	 the mandatory extension Ext:
670	 but ignores the         Cache-Control: max-age=120, no-cache="Ext"
671	 optional one. The       ...
672	 client can not see in
673	 this case that the
674	 optional extension was
675	 ignored.

677	             Table 4: Origin server with Vary header field

679	 Client issues a request M-GET /p/q HTTP/1.1
680	 with one mandatory      Man: "http://www.x.y/transform"; ns=16
681	 extension               16-use-transform: xyzzy
682	                         ...

684	 Origin server accepts   HTTP/1.1 200 OK
685	 the mandatory but       Ext:
686	 indicates that the      Vary: Man, 16-use-transform
687	 response varies on the  Date: Sun, 25 Oct 1998 08:12:31 GMT
688	 request extension       Expires: Sun, 25 Oct 1998 08:12:31 GMT
689	 declaration             Cache-Control: no-cache="Ext", max-age=1000
690	                         ...

692	15.2 User Agent to Origin Server via HTTP/1.1 Proxy

694	These two examples show how an extended request interacts with an
695	HTTP/1.1 proxy.

697	           Table 5: HTTP/1.1 Proxy forwards extended request

699	 Client issues a request M-GET /some-document HTTP/1.1
700	 with one optional and   C-Opt: "http://www.meter.org/hits"
701	 one mandatory hop-by-   C-Man: "http://www.copy.org/rights"
702	 hop extension           Connection: C-Opt, C-Man
703	                         ...

705	 HTTP/1.1 proxy forwards M-GET /some-document HTTP/1.1
706	 the request and takes   Via: 1.1 new
707	 out the connection      ...
708	 headers

710	 Origin server fails as  HTTP/1.1 510 Not Extended
711	 the request does not    ...
712	 contain any information
713	 belonging to the M-GET
714	 method
715	       Table 6: HTTP/1.1 Proxy does not forward extended request

717	 Client issues a request M-GET /some-document HTTP/1.1
718	 with one optional and   C-Opt: "http://www.meter.org/hits"
719	 one mandatory hop-by-   C-Man: "http://www.copy.org/rights"
720	 hop extension           Connection: C-Opt, C-Man
721	                         ...

723	 HTTP/1.1 proxy refuses  HTTP/1.1 501 Not Implemented
724	 to forward the M-GET    ...
725	 method and returns an
726	 error

728	 Origin server never
729	 sees the extended
730	 request

732	15.3 User Agent to Origin Server via HTTP/1.0 Proxy

734	These two examples show how an extended request interacts with an
735	HTTP/1.0 proxy in the message path

737	           Table 7: HTTP/1.0 Proxy forwards extended request

739	 Client issues a request M-GET /some-document HTTP/1.1
740	 with one mandatory      Man: "http://www.price.com/sale"
741	 extension               ...

743	 HTTP/1.0 proxy forwards M-GET /some-document HTTP/1.0
744	 the request as a        Man: "http://www.price.com/sale"
745	 HTTP/1.0 request        ...
746	 without changing the
747	 method

749	 Origin server accepts   HTTP/1.1 200 OK
750	 declaration and returns Ext:
751	 a 200 response and an   Date: Sun, 25 Oct 1998 08:12:31 GMT
752	 extension               Expires: Sun, 25 Oct 1998 08:12:31 GMT
753	 acknowledgement. The    Cache-Control: no-cache="Ext", max-age=600
754	 response can be cached  ...
755	 by HTTP/1.1 caches for
756	 10 minutes.

758	              Table 8: HTTP/1.0 and HTTP/1.1 Proxy Chain

760	 Client issues request   M-GET /some-document HTTP/1.1
761	 with one mandatory and  Man: "http://www.copy.org/rights"
762	 one hop-by-hop optional C-Opt: "http://www.ads.org/noads"
763	 extension               Connection: C-Opt
764	                         ...

766	 HTTP/1.0 proxy forwards M-GET /some-document HTTP/1.0
767	 request as HTTP/1.0     Man: "http://www.copy.org/rights"
768	 request without         C-Opt: "http://www.ads.org/noads"
769	 changing the method and Connection: C-Man
770	 without honoring the    ...
771	 Connection directives

773	 HTTP/1.1 proxy deletes  M-GET /some-document HTTP/1.1
774	 (and ignores) optional  Man: "http://www.copy.org/rights"
775	 extension and forwards  C-Man: "http://www.ads.org/givemeads"
776	 the rest including a    Connection: C-Man
777	 via header field. It    Via: 1.0 new
778	 also add a hop-by-hop   ...
779	 mandatory extension

781	 Origin server accepts   HTTP/1.1 200 OK
782	 both mandatory          Ext:
783	 extensions. The         C-Ext
784	 response is not         Connection: C-Ext
785	 cachable by the         Date: Sun, 25 Oct 1998 08:12:31 GMT
786	 HTTP/1.0 cache but can  Expires: Sun, 25 Oct 1998 08:12:31 GMT
787	 be cached for 1 hour by Cache-Control: no-cache="Ext", max-age=3600
788	 HTTP/1.1 caches.        ...

790	 HTTP/1.1 proxy removes  HTTP/1.1 200 OK
791	 the hop-by-hop          Ext:
792	 extension               Date: Sun, 25 Oct 1998 08:12:31 GMT
793	 acknowledgement and     Expires: Sun, 25 Oct 1998 08:12:31 GMT
794	 forwards the remainder  Cache-Control: no-cache="Ext", max-age=3600
795	 of the response.        ...