Providing two-way communication back to a server from a Web page from Ian Hickson on 2009-01-09 (ietf-http-wg@w3.org from January to March 2009)

From: Ian Hickson <ian@hixie.ch>
Date: Fri, 9 Jan 2009 22:35:00 +0000 (UTC)
To: ietf-http-wg@w3.org
Message-ID: <Pine.LNX.4.62.0901092140560.29785@hixie.dreamhostps.com>

Hi,

In collecting requirements for developing the HTML5 specification, on 
particular problem kept coming up: how to get two-way communication back 
with a server in a cleaner way than repeated client-pull. It can be 
summarised as these requirements:

 - The ability for Web pages to send arbitrary text to the server from a 
   script in a Web page, in the form of ordered discrete blocks.

 - The ability for Web servers to send arbitrary text to a Web page that 
   has established a connection, in the form of ordered discrete blocks.

 - Text messages should support all of Unicode.

 - The protocol should support running over ports 80 and 443, ideally 
   with the ability to share the port on the server with an HTTP server.

 - It must be possible to implement a fully-conforming server-side 
   component for this in a few dozen lines of scripting code, in the case 
   where sharing the connection with an HTTP server isn't required.

 - The must be extensible so that it can be extended to support binary 
   data and structured data in both directions in the future, without 
   breaking deployments from the first generation.

 - It must not be possible for the mechanism to be used to successfully 
   connect to existing servers and send them arbitrary commands. In 
   particular, SMTP, HTTP, HTTPS, IMAP, POP, and similar protocols must be 
   safe from this.

 - It must be possible to connect to arbitrary remote hosts, but 
   connections to these hosts must only be allowed if the remote host 
   explicitly opts in to allowing that Web page to connect (ideally using 
   the 'origin' convention).

I would be interested in any suggestions people may have along these 
lines. Are there existing protocols that satisfy these requirements?


There is a straw-man proposal for such a protocol in HTML5, which I 
recently converted to Internet-Draft form:

   http://www.ietf.org/internet-drafts/draft-hixie-thewebsocketprotocol-01.txt

Any comments on this, or suggestions for a better way to do this, would be 
welcome.

For what it's worth, the API that is being proposed (somewhat independent 
of the protocol) is currently at:

   http://dev.w3.org/html5/websockets/

You can see both together here:

   http://www.whatwg.org/specs/web-apps/current-work/multipage/#network

Cheers,
-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Friday, 9 January 2009 22:35:37 UTC