w3c / strategy

team-strat, on GitHub, working in public. Current state: DRAFT
158 stars 47 forks source link

Packaging #96

Open samuelweiler opened 7 years ago

samuelweiler commented 7 years ago

Jeffrey Yasskin is proposing new web packaging work at the IETF - see presentation to the DISPATCH WG at IETF99 (July 2017). https://github.com/WICG/webpackage

2020: the IETF has a WG for this: https://tools.ietf.org/wg/wpack/

This additional information from @sideshowbarker:

allow people to bundle together the resources that make up a website, so they can be shared offline, either with or without a proof that they came from the original website
An HTTP exchange consists of an HTTP request and its response. A publisher (like https://theestablishment.co/) writes (or has an author write) some content and owns the domain where it's published. A client (like Firefox) downloads content and uses it. An intermediate (like Fastly, the AMP cache, or old HTTP proxies) downloads content from its author (or another intermediate) and forwards it to a client (or another intermediate). When an HTTP exchange is encoded into a resource, the resource can be fetched from a distributing URL that is different from the publishing URL of the encoded exchange.

Use cases: https://wicg.github.io/webpackage/draft-yasskin-webpackage-use-cases.html Explainer: https://github.com/WICG/webpackage/blob/master/explainer.md

As noted at https://www.chromestatus.com/feature/5745285984681984, representatives from both the Firefox dev team and Safari dev team has expressed unwillingness to implement:

The gist of the feedback is that the associated security considerations are serious to the degree that the Signed HTTP Exchanges feature is harmful:

Using signed HTTP exchanges to enhance the security of accessing a resource or verifying its authenticity seems like a good thing; but it seems positively harmful to use signed HTTP exchanges as a replacement for the longstanding web security model

samuelweiler commented 7 years ago

Based on feedback from IETF99, Jeffrey published two new docs (also visible at the link above):

dontcallmedom commented 6 years ago

this is being tied to the #44 AMP discussion with the recent announcement https://amphtml.wordpress.com/2018/01/09/improving-urls-for-amp-pages/amp/

torgo commented 6 years ago

Related TAG Issue: https://github.com/w3ctag/design-reviews/issues/235

swickr commented 6 years ago

Related: Packaging on the Web, TAG First Public Working Draft 15 January 2015 [retired]

samuelweiler commented 6 years ago

IETF mailing list: https://www.ietf.org/mailman/listinfo/wpack Slideware for intro that was NOT given at IETF 102 (Montreal, July 2018): https://github.com/danyork/wpack-intro-ietf102

sideshowbarker commented 5 years ago

Response today from Jeffrey Yaskin to Mozilla feedback:

https://github.com/mozilla/standards-positions/issues/29#issuecomment-459547918

samuelweiler commented 5 years ago

Updated state copied from @jyasskin's message to the IETF dispatch list: https://mailarchive.ietf.org/arch/msg/dispatch/e6ZSh7ocW6n2afnbwGzBlX1WT8Y

TL;DR: I'd like to request another discussion of Web Packaging at IETF104. We think it'll be ready for a BOF at IETF105, but mnot suggested we take it back here for a second look.

We dispatched Web Packaging, https://github.com/WICG/webpackage/, at IETF99, with the discussion at https://mailarchive.ietf.org/arch/msg/dispatch/lZohQ8ypodcpB2f_jhxoBRMYl0o. On your advice, we split the proposal into two pieces, "signed exchanges", and "bundles". We also created the https://mailarchive.ietf.org/arch/browse/wpack/ mailing list, although it hasn't seen as much activity as the github issue tracker.

The signed exchanges specification is mostly complete, in an IETF draft that specifies the format: https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html, and a WICG draft that specifies how it integrates with Fetch: https://wicg.github.io/webpackage/loading.html. We've implemented that specification in Chromium, run an origin trial in Chrome, and will be shipping the current version in Chrome 73: https://groups.google.com/a/chromium.org/d/topic/blink-dev/gPH_BcOBEtc/discussion .

Despite shipping the current version, we expect standards bodies to make more changes, and we've built in a way to migrate users to new versions of the specification.

The Bundles specification is very roughly sketched, but we expect to flesh that out and start implementing it in the next few months.

The W3C TAG recently discussed the state of things at https://github.com/w3ctag/meetings/blob/gh-pages/2019/02-tokyo/02-06-minutes.md#signed-exchanges-and-bundling .

Mark Nottingham and a representative of the TAG are organizing an "ESCAPE" conference at a TBD date to help publishers organize their feedback on the proposals. This has been pushed back a couple times, but it sounds like it's more solidly planned for either May or July before IETF105.

We think we'll be able to write a WG charter that we can discuss in a BOF at IETF105, with the goal of handing control of the specifications to a more formal group. However, mnot suggested that we come back to DISPATCH to see if anyone's sense of the right plan has changed now that we have a little more experience with the proposals.

samuelweiler commented 5 years ago

Report from the IAB's 2019 Workshop on Exploring Synergy between Content Aggregation and the Publisher Ecosystem (ESCAPE): https://tools.ietf.org/html/rfc8752

Announcement/CFP: https://www.iab.org/activities/workshops/escape-workshop/ https://www.iab.org/2019/05/02/call-for-papers-escape-workshop/

samuelweiler commented 4 years ago

IETF WPACK group: https://tools.ietf.org/wg/wpack/