W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2009

[whatwg] Worker feedback

From: Drew Wilson <atwilson@google.com>
Date: Mon, 30 Mar 2009 11:22:29 -0700
Message-ID: <f965ae410903301122h48fa2b92gd2ed99bba6219a74@mail.gmail.com>
On Fri, Mar 27, 2009 at 6:23 PM, Ian Hickson <ian at hixie.ch> wrote:

>
> Another use case would be keeping track of what has been done so far, for
> this I guess it would make sense to have a localStorage API for shared
> workers (scoped to their name). I haven't added this yet, though.


On a related note, I totally understand the desire to protect developers
from race conditions, so I understand why we've removed localStorage access
from dedicated workers. In the past we've discussed having synchronous APIs
for structured storage that only workers can use - it's a much more
convenient API, particularly for applications porting to HTML5 structured
storage from gears. It sounds like if we want to support these APIs in
workers, we'd need to enforce the same kind of serializability guarantees
that we have for localStorage in browser windows (i.e. add some kind of
structured storage mutex similar to the localStorage mutex).



>
>
> > > > Gears had an explicit permissions variable applications could check,
> > > > which seems valuable - do we do anything similar elsewhere in HTML5
> > > > that we could use as a model here?
> > >
> > > HTML5 so far has avoided anything that requires explicit permission
> > > grants, because they are generally a bad idea from a security
> > > perspective (users will grant any permissions the system asks them
> > > for).
> >
> > The Database spec has a strong implication that applications can request
> > a larger DB quota, which will result in the user being prompted for
> > permission either immediately, or at the point that the default quota is
> > exceeded. So it's not without precedent, I think. Or maybe I'm just
> > misreading this:
> >
> > User agents are expected to use the display name and the estimated
> > database size to optimize the user experience. For example, a user agent
> > could use the estimated size to suggest an initial quota to the user.
> > This allows a site that is aware that it will try to use hundreds of
> > megabytes to declare this upfront, instead of the user agent prompting
> > the user for permission to increase the quota every five megabytes.
>
> There are many ways to expose this, e.g. asynchronously as a drop-down
> infobar, or as a pie chart showing the disk usage that the user can click
> on to increase the allocaton whenever they want, etc.


Certainly. I actually think we're in agreement here - my point is not that
you need a synchronous permission grant (since starting up a worker is an
inherently asynchronous operation anyway) - just that there's precedent in
the spec for applications to request access to resources (storage space,
persistent workers) that are not necessarily granted to all sites by
default. It sounds like the specifics of how the UA chooses to expose this
access control (pie charts, async dropdowns, domain whitelists, trusted
zones with security levels) left to the individual implementation.


> Re: cookies
> I suppose that network activity should also wait for the lock. I've made
> that happen.
>

Seems like that would restrict parallelism between network loads and
executing javascript, which seems like the wrong direction to go.

It feels like we are jumping through hoops to protect running script from
having document.cookies modified out from underneath it, and now some of the
ramifications may have real performance impacts. From a pragmatic point of
view, I just want to remind people that many current browsers do not make
these types of guarantees about document.cookies, and yet the tubes have not
imploded.


>
>
> > Cookies have a cross-domain aspect (multiple subdomains can share cookie
> > state at the top domain) - does this impact the specification of the
> > storage mutex since we need to lockout multiple domains?
>
> There's only one lock, so that should work fine.
>

OK, I was assuming a single per-domain lock (ala localStorage) but it sounds
like there's a group lock, cross-domain. This makes it even more onerous if
network activity across all related domains has to serialize on a single
lock.

-atw
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090330/7799062c/attachment-0001.htm>
Received on Monday, 30 March 2009 11:22:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:47:49 GMT