1. Field of the Invention
The present invention relates to the field of computer systems. More particularly, the present invention provides a method and an apparatus for implementing a web object access authorization protocol based on an HTTP validation model.
2. Related Art
Caching systems are often employed on the Internet to enable faster responses to data requests, especially where the data being requested is stored or created on an origin server. A caching system can generally improve performance by storing all or a portion of the data in another device (e.g., a cache server).
In today's computing environments, cache servers typically cache data retrieved from an origin server. In this way, subsequent requests for the data can be sent directly to the requester from the cache server without having to retrieve the data from the origin server. Retrieving the data from the cache server helps eliminate network traffic. Additionally, retrieving data from the cache server obviates the need to request the data from the origin server and for the origin server to either look up or otherwise generate the data. Thus, caching the data at one or more cache servers reduces the load on the origin server, thereby allowing better response to requests for other data.
For high-volume, dynamic environments such as the Internet, existing caching systems are not designed to maintain a steady level of performance. Instead, such environments are generally configured to maintain a consistent level of data quality, typically by attempting to always provide the newest or more recent version of requested data. Thus, when a master copy or version of data that is cached is altered or replaced, the version in the cache must be updated or replaced before the cache can once again be used to satisfy users' requests. Until the cache is updated, requests for the data must be satisfied from the origin server. When a large amount of cached data must be replaced, data requests cannot be served from the cache and, unless the web site maintains a sufficient number of alternative, slower, devices to respond to the requests, performance of the web site may decline precipitously.
Sensitive data typically requires authentication and authorization of the requester or user prior to releasing the data to the user. This authentication and authorization can be performed by the origin server if all requests for the sensitive data are forwarded to the origin server. This solution, however, prevents the use of the cache server for the sensitive data.
Another technique is to place a copy of an access control list on each cache server. In this case the cache server can use the access control list to authenticate and authorize a requestor prior to sending the cached data to the user. One drawback to this technique is that multiple copies of the access control list exist on different cache servers, and these multiple copies must somehow remain synchronized. Synchronizing such access control lists is not an easy task.
Additionally, in some systems there is no access control list available at the origin server. Instead, the logic for access control is embedded in the application that generates the data. Hence, in these systems, no access control list is available to distribute to the cache servers. Instead, the logic for access control must somehow be distributed to the cache servers.
What is needed, therefore, is a method and an apparatus for storing sensitive data on a cache server without the problems described above.