1. Field of the Invention
The present invention relates to cache servers. More specifically, the present invention relates to a method and an apparatus to facilitate security-enabled content caching at a cache server.
2. Related Art
Computer users, both business and individual, are turning to the World Wide Web for rapid dissemination of content. This content can include business data such as financial status and inventory, and general data such as world news. Providers of this content use many devices and methods to assist the rapid delivery of content to users and to reduce the number of “hits” requesting the content that are received at the content source. One of these devices is a cache server, which stores previously accessed data, and then serves this previously accessed data in response to subsequent requests.
FIG. 1 illustrates a cache server 104 that supplies content received from an application server 106 to a browser 102. During operation, a user (not shown) at browser 102 makes a request 108 for content from application server 106. Request 108 is routed to cache server 104 where cache server 104 determines if the content is available at cache server 104. If so, cache server 104 supplies content 114 to browser 102. If the content is not available at cache server 104, cache server 104 makes a request 110 to application server 106 for the content. Application server 106 creates the content and supplies the content 112 to cache server 104. Cache server 104 then saves a copy of content 112 and supplies the content to browser 102 as content 114. Note that creating the content at application server 106 may be a lengthy operation.
FIG. 2 illustrates multiple cache servers supplying content to browsers. The system includes application server 202, cache servers 204, 208, 212, and 216, and browsers 206, 210, 214, and 218. Cache servers 204, 208, 212, and 216 can be located in different geographical areas to provide localized access to content from application server 202. For example, cache server 204 may be located in Japan, cache server 208 may be located in the United States, cache server 212 may be located in Europe, and cache server 216 may be located in India. Note that there may be more browsers communicating with each cache server than is shown in FIG. 2. These browsers, cache servers, and application server 202 operate in a similar manner as described above in conjunction with FIG. 1.
These content caching servers (cache servers) have traditionally been used only for rapid delivery of “public” (i.e., unrestricted) content to content consumers. However, in many situations, it is desirable to be able to deliver certain types of sensitive content to restricted subsets of users. In these situations, existing cache server designs do not provide mechanisms to deliver this content efficiently. In particular, content caches do not provide support to verify user identity and to apply access control checks before delivering the content to a user. Thus, restricted content presently has to be obtained from a content-originating server (an application server) so that the application server can apply the access control logic. This results in slower response to the user, reduced capacity/scalability in the system, and increased data traffic at the application server.
Hence, what is needed is a method and an apparatus that facilitates efficient content caching for restricted content without the problems described above.