Re: User agent context for rendering the presentation from Mark Watson on 2014-08-21 (public-webscreens@w3.org from August 2014)

From: Mark Watson <watsonm@netflix.com>
Date: Wed, 20 Aug 2014 17:04:27 -0700
To: Anton Vayvod <avayvod@google.com>
Cc: Francois Daoust <fd@w3.org>, John Mellor <johnme@google.com>, "mark a. foltz" <mfoltz@google.com>, "public-webscreens@w3.org" <public-webscreens@w3.org>, Jonas Sicking <jonas@sicking.cc>, Marco Chen <mchen@mozilla.com>, Wesley Johnston <wjohnston@mozilla.com>, Evelyn Hung <ehung@mozilla.com>
Message-ID: <CAEnTvdAqgARJGxqTdaxS3zSU=c5+zz8gcmf5xW0+hMwRhz2ejw@mail.gmail.com>
It often takes time to start from a fresh state, so there could be a UX
impact for some applications if the presentation side is not allowed to
store persistent state.

The situation can get quite complex: suppose I have two laptops (L1 and L2)
and each laptop has two user accounts (A1, ..., A4) and on each user
account there are two browser instances running (B1, ..., B8) and each
browser instance is logged in to www.netflix.com using a different Netflix
account (N1, ..., N8). And everyone is on the same wifi with a single
SmartTV, which doesn't have multiple accounts or multiple browsers and
which is logged in to Netflix on a further account N9 ?

The Presentation API model is that by virtue of being on the wifi at all
the user of any of the devices is empowered to give permission for a site
to present on the SmartTV. The question is, then, when the person using B3
and logged in with N3 tries to present on the TV, does the TV browser use
the pre-existing state and stay logged in as N9 ? Or does it log out and
log in as N3, explicitly clearing the N9 state ? I would suggest this is a
question for the web developer. Perhaps we should give the web developer
the option to avoid this complexity by requesting that the remote browsing
content be "fresh" like an incognito one ? But for my part I would prefer
to deal with this complexity in return for the improved UX in the common
case where there is only L1, A1, B1 and N1.

...Mark


On Wed, Aug 20, 2014 at 8:05 AM, Anton Vayvod <avayvod@google.com> wrote:

> The problems might arise when the same presentation is started by two
> different users. If there's any persistent state, then the second user
> might get access to the data left by the first one.
> Cache doesn't have to be cleared, perhaps, to accommodate the image
> collection use case.
>
> On Wed, Aug 20, 2014 at 3:04 PM, Francois Daoust <fd@w3.org> wrote:
>
>> Do these features have to start empty and be emptied at the end of each
>> session though? It makes sense in incognito windows because the goal is not
>> to leave any trace. Presentation sessions do not have that requirement.
>>
>> Let's say the presentation content is a slideshow that uses local storage
>> to maintain the collection of images displayed, having to retrieve that
>> collection from some backend server each time the presentation starts would
>> take much more time than simply checking whether the contents of the local
>> storage is up-to-date on subsequent loads. The app obviously needs to
>> handle the case when the local storage is empty, but it would be good if it
>> could also take advantage of the local storage across sessions.
>>
>> Francois.
>>
>>
>> On 2014-08-20 15:15, John Mellor wrote:
>>
>>> Drive-by: perhaps it would be better to say that presentation content
>>> has access to all these features as usual, but they always start off
>>> empty (and are emptied at the end of the session), as if the
>>> presentation content were launched in its own incognito window.
>>>
>>>
>>> On 20 August 2014 13:47, Anton Vayvod <avayvod@google.com
>>>
>>> <mailto:avayvod@google.com>> wrote:
>>>
>>>     Hi Francois!
>>>
>>>     The intent here wasn't to disable the feature for the presented page
>>>     but to force the developers to only use the provided messaging
>>>     channel between the presented and presenting pages. If the presented
>>>     page relies on the presenting one to store something in the cache or
>>>     IndexedDB for it, it can be implemented to work in the 1-UA case but
>>>     not in the 2-UA case. The presented page should have access to these
>>>     HTML features if the user agent running the presentation supports it.
>>>
>>>     I think the wording for the above list should be clarified that
>>>     there's "no access to cookies, local storage or IndexedDB instances
>>>     in the browser context of the page that initiated the presentation".
>>>     The same way as the same page loaded in a normal Chrome window and
>>>     in an Incognito window will have no way of communicating with its
>>>     instances through the use of cookies or storage APIs.
>>>
>>>     Hope it helps,
>>>     Anton.
>>>
>>>
>>>     On Wed, Aug 20, 2014 at 12:09 PM, Francois Daoust <fd@w3.org
>>>     <mailto:fd@w3.org>> wrote:
>>>     >
>>>     > Hi Mark, Jonas, Anton, et al.,
>>>     >
>>>     > I have a question on the need to restrict the access to certain
>>> features for presentation content.
>>>     >
>>>     > On 2014-08-14 02:05, mark a. foltz wrote:
>>>     > [...]
>>>     >>
>>>     >> 4. User agent context for rendering the presentation.
>>>     >>
>>>     >>
>>>     >> If we intend the same presentation content to be rendered either
>>> in the
>>>     >> same user agent or a remote user agent, we need to carefully
>>> define the
>>>     >> rendering context so that the application doesn’t get different
>>> behavior
>>>     >> according to whether it is rendered remotely or locally.  In
>>> particular
>>>     >> the presentation rendering context must have:
>>>     >>
>>>     >>
>>>     >> - No access to cookies, local storage or IndexedDB instances
>>>     >>
>>>     >> - No access to HTTP cache
>>>     >>
>>>     >> - No access to pre-existing SharedWorkers
>>>     >>
>>>     >> - Extensions are debatable - some may be required for e.g. VPN or
>>>     >> firewalls to work correctly
>>>     >
>>>     >
>>>     > I understand the need to have the presentation rendering context
>>> behave similarly whether it runs locally or remotely, but I don't see the
>>> implications in terms of restricting access to the features mentioned
>>> above. For instance, I don't understand why having access to the local (or
>>> remote) IndexedDB could pose a problem. A Web app that uses IndexedDB
>>> cannot assume that the database exists, has the right version, or is not
>>> being used by another tab that shares the same origin at the same time. How
>>> is running a presentation context locally or remotely any different?
>>>     >
>>>     > Could you clarify why it matters? What issues are you trying to
>>> prevent?
>>>     >
>>>     > For example, in the AwesomeGame example that Jonas presented
>>> elsewhere in the thread, it would make sense to me to have the "full game"
>>> run on the TV set. If the game makes use of IndexedDB when it's available,
>>> then not being able to use it on the TV set could noticeably affect
>>> performances or available features.
>>>     >
>>>     > From a developer perspective, it would also mean that presentation
>>> apps would not have the same powers as regular Web apps and would need to
>>> be specifically tailored as presentation apps, which strikes me as odd. I
>>> would rather expect to be able to take any Web app, even one that does not
>>> degrade gracefully when e.g. IndexedDB is not available, complete it to run
>>> within a presentation session, and be confident that it will work in any
>>> environment that supports the features that the app is using. Granted, it's
>>> always good practice to degrade gracefully (or rather to enhance
>>> progressively) but it's not a reason to make that practice a requirement,
>>> especially for features that developers rightfully start to take for
>>> granted in most browser environments.
>>>     >
>>>     > Thanks,
>>>     > Francois.
>>>
>>>
>>>
>
Received on Thursday, 21 August 2014 00:04:55 UTC