HTTP Downgrade

From GridSiteWiki

HTTP Downgrade has now been superceded by GridHTTP, which uses the same concepts and much of the same code, but with a slightly different set of HTTP header and cookie names.




HTTP Downgrade is a protocol supported by GridSite which supports bulk data transfers via unencrypted HTTP, but still retaining the support for authentication and authorization with the usual grid credentials over HTTPS.

The protocol allows clients to set an HTTP-Downgrade-Size: header when making an HTTPS request for a file. This header gives the minimum size of file the client would prefer to be retrieved by HTTP rather than HTTPS if possible. The authentication and authorization are done via HTTPS (X.509, VOMS, GACL etc deciding whether its ok) and then the server may redirect the client to an HTTP version of the file using a standard HTTP 302 redirect response giving the HTTP URL (which can be on a different server, in the general case.) For small files, the file can just be returned over HTTPS as the response.

For the redirection to HTTP response, a standard HTTP Set-Cookie header is used to send the client a one-time passcode in the form of a cookie, which much be presented to obtain the file via HTTP. This one-time passcode only works for the file in question, and only works