[Standards] HTTP file upload and administrative boundaries

Hi all, Some of the work I'm dealing with has the requirement that clients belonging to their organisation shouldn't access arbitrary HTTP endpoints outside their administrative boundary. I think this is a reasonable requirement. As an example, if A(a)a.example wants to send a file to B(a)b.example, A uploads to their own server, which: * Might (or might not) perform virus scanning, and * Might (or might not) log IP addresses and other activity, and * Might (or might not) expire the file sooner than B's organisation's retention policy. Some of these "might (or might not)" cases are probably specific to enterprise cases, but others are more general and apply to consumer/private messaging too. What I'd like to explore therefore is whether we could have B's server pull a copy of the file for B to access, processing and retaining it as B's organisation requires. But, and here lies my problem, I have literally no idea how to go about this without disruption to the generally working case of HTTP upload. Anyone got any ideas? Dave.