W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: [IndexedDB] Granting storage quotas

From: Michael Nordman <michaeln@google.com>
Date: Tue, 20 Apr 2010 18:21:26 -0700
Message-ID: <i2wfa2eab051004201821re3ab2d8fj13ae92e8136a4932@mail.gmail.com>
To: Nikunj Mehta <nikunj@o-micron.com>
Cc: Jeremy Orlow <jorlow@chromium.org>, public-webapps@w3.org, Joćo Eiras <joaoe@opera.com>, Mark Seaborn <mseaborn@chromium.org>
On Tue, Apr 20, 2010 at 5:18 PM, Nikunj Mehta <nikunj@o-micron.com> wrote:

>
> On Apr 20, 2010, at 3:19 PM, Jeremy Orlow wrote:
>
> This way of thinking is incompatible with offline web apps.  If I'm offline
> and I "send" and email, it needs to stay queued up to send until I'm
> reconnected to the internet.
>
>
> I think the problem is that data loss could occur regardless of
> "guarantees".
>
> Here are the classes of storage I hear you asking for:
>
> 1. temporary (no likelihood of data being being stored after session ends)
> 2. evictable (no limit per site, except global limits, eviction candidates
> chosen arbitrarily, including while application is running)
> 3. non-evictable (no eviction, but data loss possible, limited by user)
>
> Is this making sense?
>

That categorization does make sense, including the temporary.

I think we're (i know i am) most interested in the distinction between
evictable and non-evictable right now because the quota management and ui
implications. We've introduced these storage APIs that result in files on
disk, and now we want to put in some real-world storage management features.
The dumbed down 5MB per origin was a stop gap measure.

This is reminding me of Mike Wilson's  "state handling" post about different
scopes and lifetimes...
http://old.nabble.com/html5-state-handling:-overview-and-extensions-td24034773.html


>
> Anyone wanting to debate whether or not the UA should be free to clean up
> "persistent storage" without asking the user should read
> http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2009-August/thread.html#22289 and
> the various other threads it spawned first and only re-start things if they
> have new information to add.
>
> J
>
> On Tue, Apr 20, 2010 at 3:10 PM, Nikunj Mehta <nikunj@o-micron.com> wrote:
>
>> As I see it, there's no such thing as "permanent" storage for Web browser
>> managed data. Even if a site expresses preferences that it would like to
>> keep its data resident for a long time, there cannot be a "guarantee" for
>> the data to be there permanently. If applications are bound to have to deal
>> with data disappearing while they are not running, we should not need to
>> spec browser behavior around the notion of purgeable or permanent.
>>
>> It makes sense for an application, OTOH, to say that it does not need data
>> to be stored on disk. IOW, create a database that is non-durable and, hence,
>> kept only in memory. Such databases are required to be empty upon creation.
>> They may be spilled over to disk, if implementations like to, but they will
>> not be retained from session to session.
>>
>> Nikunj
>>
>>
>> On Apr 20, 2010, at 2:37 PM, Michael Nordman wrote:
>>
>> I'd like to back up and challenge the notion of a per-site quota.
>>
>> In this discussion and others there is an underlying assumption that each
>> site has some well defined limit that the user-agent has granted it. I doubt
>> that's the best model. (Fyi: the chrome team's overly simplistic model
>> whereby each site gets 5M was not chosen because its a good model, this was
>> done just to proceed with building out the storage APIs independent of a
>> real storage management strategy).
>>
>> I'd like to set aside the per-site quota assumption and explore some
>> alternative models for web storage management.
>>
>> Some thoughts about the world we're designing for. There are an open ended
>> number of sites, each of which *could* use web storage in some form. From
>> that fact alone, it's impossible to come up with a quota that could be
>> granted to each and every site. It seems likely that the number of sites
>> that will actually require "permanent" storage is small compared to the
>> number of sites that *could* make use of more "volatile" storage, to borrow
>> jorlow's term, where the volatile data on disk can get scrapped by the
>> user-agent as needed. Maybe a better term for that class of storage is
>> "purgeable"?
>>
>> Maybe we should be designing for what seems to be the more common case,
>> lots of sites that make use of volatile/purgeable storage. But also come up
>> a means whereby the smaller number of sites that require stronger guarantees
>> can express the need for more permanent storage.
>>
>> "What if" by default all local storage is "purgeable". A lot of quota
>> issues melt away in this case since the user agent is free to reclaim
>> anything at anytime. I think it'd be reasonable if the user-agent never
>> asked the user anything on a per-site basis. A user-agent could warn when
>> system disk space crossed thresholds and give the user an option to set
>> limits  on system disk space usage for webstorage as a whole.
>>
>> "What if" when creating local storage repositories (WebDBs or IndexedDBs
>> or WebFileSystems or AppCaches) there was an optional means for the webapp
>> to express "please consider this a permanent storage repository". The first
>> time a site request "permanent" storage could be a reasonable time to
>> interact with the user in some form, or to consult the user prefs about
>> allowing permanent storage w/o being asked.
>>
>> I think ericu is baking in a distinction in between 'permanent' and
>> 'temporary' in the FileSystem API he's working on. Some harmony across all
>> flavors of local storage could be good.
>>
>> I actually think local storage management is an area where the webplatform
>> has a chance to do a much better job then the desktop platforms have
>> historically done. We don't need no stinking quotas ;) But we also don't
>> need untold amounts of unused permanent storage littering disk drives
>> needlessly around the globe (until the user gets a new system). A silly
>> analogy. A computer is like a ship at sea. After years of usage, a whole
>> bunch of barnacles build up on the hull and slow the vessel down. The
>> webplatform to date is barnacle free in this area because there are no
>> permanent local storage facilities... lets try to make these new features
>> not so barnacle prone too.
>>
>> Cheers
>> -Michael
>>
>> On Tue, Apr 20, 2010 at 11:17 AM, Shawn Wilsher <sdwilsh@mozilla.com>wrote:
>>
>>> On 4/20/2010 4:11 AM, Mark Seaborn wrote:
>>>
>>>> 1) It doesn't allow a web app to ask for a storage allocation up front,
>>>> before it starts to consume the storage.
>>>>
>>> Why does that matter?
>>>
>>>
>>>  2) In Opera, the quota can only be increased in multiples of about 15,
>>>> so it
>>>> takes three prompts to get up into the range of gigabytes.
>>>>
>>> But there is an unlimited option, yeah?
>>>
>>>
>>>  3) The web app can't choose when the question is put to the user.
>>>> 4) The web app doesn't know how much storage has been allocated, so it
>>>> doesn't know when a question will be asked.
>>>> 5) In Opera, if the user chooses "Reject", they don't get prompted
>>>> again.
>>>> This means that asking the user at an appropriate time is important for
>>>> the
>>>> continued functioning of the web app.  Prompting the user at the wrong
>>>> time
>>>> will interrupt them with a page-modal dialog which they might want to
>>>> get
>>>> rid of with "Reject", which would potentially break the web app by
>>>> leaving
>>>> it unable to get more storage.
>>>>
>>> These all feel like user-agent specific worries on how the user agent
>>> wants to bring this to the attention of the user.
>>>
>>> Cheers,
>>>
>>> Shawn
>>>
>>>
>>
>>
>
>
Received on Wednesday, 21 April 2010 01:21:56 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:38 GMT