CTG: non-traditional browsing applications from Eduardo Casais on 2009-10-27 (public-bpwg-comments@w3.org from October to December 2009)

From: Eduardo Casais <casays@yahoo.com>
Date: Tue, 27 Oct 2009 13:32:05 -0700 (PDT)
To: public-bpwg-comments@w3.org
Message-ID: <489032.12909.qm@web45015.mail.sp1.yahoo.com>
A proposal to amend the CTG with the objective of avoiding deleterious interferences
of transformation proxies with certain non-browsing applications.


I.	CONTEXT

Developers are deploying applications that go beyond traditional browsing, by taking
advantage of powerful devices and advanced user agents.

The cluster of technologies identified as AJAX (AJAX, JSON, XMLHttpRequest) has 
already established itself in the mobile world. Web Services (SOAP, WSDL) is another
one that, while still in its infancy regarding mobile phones, is already available
on laptops with wireless connections.

The W3C acknowledges the importance of emerging applications based on such 
technologies for the mobile world, notably with respect to AJAX in its "Mobile Web 
Applications Best Practices" (currently under review).

Section 4.1.3 of the CTG warns about potentially serious problems when content
transformation proxies alter HTTP transactions making up the communication flow
between non-traditional browsing clients and servers. However, the CTG do not 
provide any guidance as to the avoidance of such misoperations.

In the field, application developers have been facing aggressively configured CT
proxies that interfer with AJAX communications -- on the basis that the content
transmitted over HTTP does not fit into pre-defined categories of "mobile browsing",
is henceforth viewed as "desktop content", and then thoroughly garbled by 
misdirected transformations.


II.	PROPOSAL

The following text is included in the normative part of the document:

"A content transformation proxy MUST handle HTTP requests from a terminal, and 
corresponding responses to them, transparently whenever the HTTP transaction
conveys a payload advertised as one of the following MIME types:

application/json
application/xml
text/xml
application/soap+xml
application/soap+fastinfoset
application/fastsoap
application/fastinfoset

These MIME types distinguish traditional browsing transactions from AJAX 
communications and messages in Web Services."


III.	RATIONALE

a) Compliance with standards

The listed MIME types are specified by the IETF or the ITU-T: 
application/json in RFC4627; 
application/xml and text/xml in RFC3023; 
application/soap+xml in RFC3902;
application/fastinfoset in ITU-T Rec. X.891 | ISO/IEC 24824-1; 
application/soap+fastinfoset and application/fastsoap in ITU-T Rec. X.892 | ISO/IEC 
24824-2.

All are registered at IANA (see http://www.iana.org/assignments/media-types).

b) Application scope

The listed MIME types are conclusively used for non-traditional browsing applications.

application/json, application/soap+xml, application/soap+fastinfoset are exclusively
associated with AJAX, resp. Web Services applications. 

The type application/soap+xml is recommended by the W3C for marshalling messages 
between Web Service entities:

SOAP Version 1.2 Part 1: Messaging Framework (Second Edition)
W3C Recommendation 27 April 2007
http://www.w3.org/TR/2007/REC-soap12-part1-20070427

The W3C further mandates support for this MIME type in:

SOAP Version 1.2 Part 2: Adjuncts (Second Edition)
W3C Recommendation 27 April 2007
http://www.w3.org/TR/2007/REC-soap12-part2-20070427

MIME types application/xml and text/xml are preferred by the W3C for information
exchange during an AJAX session in its on-going standardization of XMLHttpRequest:

XMLHttpRequest
W3C Working Draft 20 August 2009
http://www.w3.org/TR/XMLHttpRequest

XMLHttpRequest Level 2
W3C Working Draft 20 August 2009
http://www.w3.org/TR/XMLHttpRequest2

These two MIME types are also those that application developers should or even must 
use, according to the documentation of several manufacturers of client software.

c) Overlap with browsing

The listed MIME types are neither used, nor recommended for traditional browsing;
hence, there is no ambiguity as to the non-applicability of transformations on HTTP
transactions that deal with content of those types.

d) Generality

An alternative is to insert a "no-transform" directive in the HTTP transactions of
non-traditional browsing applications. This is however not always possible because
the AJAX or SOAP modules may be compiled packages that cannot be configured or 
modified by the developer (whether in the terminal user agent or on the server Web 
platform), or that are not under the control of the developer (terminal: configuration
only possible manually by users themselves, or only by the operator; server: platform
under the control of the ISP in a shared hosting environment). 



E.Casais
Received on Tuesday, 27 October 2009 20:32:44 UTC