Re: CTG: non-traditional browsing applications from Francois Daoust on 2009-10-27 (public-bpwg-comments@w3.org from October to December 2009)

From: Francois Daoust <fd@w3.org>
Date: Wed, 28 Oct 2009 00:23:45 +0100
To: Eduardo Casais <casays@yahoo.com>
CC: public-bpwg-comments@w3.org
Message-ID: <4AE78101.1010909@w3.org>
Hi Eduardo,

Thanks for the detailed comment, I'll register it in the tracking system.

Here are a couple of links to previous discussions on the topic. This 
does not entail that it should not be discussed again, I am merely 
"linking" thoughts together here.

Tom raised similar concerns back in October 2008:
http://lists.w3.org/Archives/Public/public-bpwg-ct/2008Oct/0041.html

We also discussed this with the Webapps working group in May 2008 that 
issues the XMLHttpRequest spec:
http://lists.w3.org/Archives/Public/public-webapi/2008May/0064.html and 
replies

Thanks,
Francois.


Eduardo Casais wrote:
> A proposal to amend the CTG with the objective of avoiding deleterious interferences
> of transformation proxies with certain non-browsing applications.
> 
> 
> I.	CONTEXT
> 
> Developers are deploying applications that go beyond traditional browsing, by taking
> advantage of powerful devices and advanced user agents.
> 
> The cluster of technologies identified as AJAX (AJAX, JSON, XMLHttpRequest) has 
> already established itself in the mobile world. Web Services (SOAP, WSDL) is another
> one that, while still in its infancy regarding mobile phones, is already available
> on laptops with wireless connections.
> 
> The W3C acknowledges the importance of emerging applications based on such 
> technologies for the mobile world, notably with respect to AJAX in its "Mobile Web 
> Applications Best Practices" (currently under review).
> 
> Section 4.1.3 of the CTG warns about potentially serious problems when content
> transformation proxies alter HTTP transactions making up the communication flow
> between non-traditional browsing clients and servers. However, the CTG do not 
> provide any guidance as to the avoidance of such misoperations.
> 
> In the field, application developers have been facing aggressively configured CT
> proxies that interfer with AJAX communications -- on the basis that the content
> transmitted over HTTP does not fit into pre-defined categories of "mobile browsing",
> is henceforth viewed as "desktop content", and then thoroughly garbled by 
> misdirected transformations.
> 
> 
> II.	PROPOSAL
> 
> The following text is included in the normative part of the document:
> 
> "A content transformation proxy MUST handle HTTP requests from a terminal, and 
> corresponding responses to them, transparently whenever the HTTP transaction
> conveys a payload advertised as one of the following MIME types:
> 
> application/json
> application/xml
> text/xml
> application/soap+xml
> application/soap+fastinfoset
> application/fastsoap
> application/fastinfoset
> 
> These MIME types distinguish traditional browsing transactions from AJAX 
> communications and messages in Web Services."
> 
> 
> III.	RATIONALE
> 
> a) Compliance with standards
> 
> The listed MIME types are specified by the IETF or the ITU-T: 
> application/json in RFC4627; 
> application/xml and text/xml in RFC3023; 
> application/soap+xml in RFC3902;
> application/fastinfoset in ITU-T Rec. X.891 | ISO/IEC 24824-1; 
> application/soap+fastinfoset and application/fastsoap in ITU-T Rec. X.892 | ISO/IEC 
> 24824-2.
> 
> All are registered at IANA (see http://www.iana.org/assignments/media-types).
> 
> b) Application scope
> 
> The listed MIME types are conclusively used for non-traditional browsing applications.
> 
> application/json, application/soap+xml, application/soap+fastinfoset are exclusively
> associated with AJAX, resp. Web Services applications. 
> 
> The type application/soap+xml is recommended by the W3C for marshalling messages 
> between Web Service entities:
> 
> SOAP Version 1.2 Part 1: Messaging Framework (Second Edition)
> W3C Recommendation 27 April 2007
> http://www.w3.org/TR/2007/REC-soap12-part1-20070427
> 
> The W3C further mandates support for this MIME type in:
> 
> SOAP Version 1.2 Part 2: Adjuncts (Second Edition)
> W3C Recommendation 27 April 2007
> http://www.w3.org/TR/2007/REC-soap12-part2-20070427
> 
> MIME types application/xml and text/xml are preferred by the W3C for information
> exchange during an AJAX session in its on-going standardization of XMLHttpRequest:
> 
> XMLHttpRequest
> W3C Working Draft 20 August 2009
> http://www.w3.org/TR/XMLHttpRequest
> 
> XMLHttpRequest Level 2
> W3C Working Draft 20 August 2009
> http://www.w3.org/TR/XMLHttpRequest2
> 
> These two MIME types are also those that application developers should or even must 
> use, according to the documentation of several manufacturers of client software.
> 
> c) Overlap with browsing
> 
> The listed MIME types are neither used, nor recommended for traditional browsing;
> hence, there is no ambiguity as to the non-applicability of transformations on HTTP
> transactions that deal with content of those types.
> 
> d) Generality
> 
> An alternative is to insert a "no-transform" directive in the HTTP transactions of
> non-traditional browsing applications. This is however not always possible because
> the AJAX or SOAP modules may be compiled packages that cannot be configured or 
> modified by the developer (whether in the terminal user agent or on the server Web 
> platform), or that are not under the control of the developer (terminal: configuration
> only possible manually by users themselves, or only by the operator; server: platform
> under the control of the ISP in a shared hosting environment). 
> 
> 
> 
> E.Casais
> 
> 
>       
> 
>
Received on Tuesday, 27 October 2009 23:24:16 UTC