Proposed HTML ping attribute

During its teleconference of of 10 January 2008 (agenda at [1]), the W3C 
TAG discussed some issues relating to the  proposed "ping" attribute [2] 
in HTML.  We noted that the HTML working group  has an open issue [3] 
regarding the proposal to use POST for doing ping  notifications, and we 
also discussed an email [4] in which Roy Fielding mentions several 
concerns.  In particular, Roy raises at least the following issues, though 
not in this order:

1) Based on his personal knowledge of the needs of the "user tracking" 
community, Roy speculates that the proposed ping attribute will not be 
widely used for its intended purpose, and thus is a bad idea.

2) He notes that while some particular resources may indeed interpret 
empty body posts in the intended manner, others may not.  If we understand 
 him correctly, Roy is suggesting that a malicious (or negligent) author 
of  Web pages with ping attributes could "trick" a user into causing such 
a  POST to be sent to a resource that would interpret it in ways that were 
 destructive.

3) He suggests that if a ping attribute is to exist, user agents must 
distinguish for users actions that will cause pings to be sent from 
actions that won't.  I.e., an ordinary hyperlink access is "safe" in the 
sense we discuss in Web architecture;  the ping is not safe and could have 
 consequences, including unintended consequences as in (2) above, so "the 
UI for a user action that is safe (a link) must be rendered differently 
from all other actions that might be unsafe."

Members of the TAG believe that the ping attribute as proposed in HTML5 
may have a deep impact on the architecture of the Web itself. Accordingly, 
the purpose of this note is to invite the wider Web community to discuss 
these architectural issues on on public mailing list www-tag@w3.org 
(archives at [5]) -- the issues raised appear to have impact beyond HTML5, 
which is why we would like to broaden the audience, and at the same time 
to focus on the wider architectural questions of how HTTP, HTML and the 
Web come together.   We also note that to serve as an umbrella for its own 
consideration of these questions, the TAG has re-opened its issue 
"whenToUseGet-7" [6].

Regarding Roy's first point, we current members of the TAG do not feel 
that we have the necessary expertise or involvement with the "user 
tracking" community to comment usefully.  We do, of course, encourage the 
HTML working group to satisfy themselves that important use cases will 
indeed  be well met by the proposed "ping" attribute before finalizing the 
 proposal to include it in HTML.

Note: our purpose here is specifically to involve the Web Architecture 
community in the discussion of these issues.  Accordingly, we are 
suggesting that discussion be held on the www-tag mailing list.  To avoid 
the messiness of cross posting, particular to lists that are widely 
shadowed, we are bcc:'ing this note to public-html@w3.org (and to Roy). If 
 you "Reply to All", your response will go to www-tag.  Thank you.

Noah Mendelsohn
For: the W3C Technical Architecture Group

[1] http://www.w3.org/2001/tag/2008/01/10-agenda
[2] http://www.w3.org/html/wg/html5/#hyperlink0
[3] http://www.w3.org/html/wg/tracker/issues/1
[4] http://lists.w3.org/Archives/Public/public-html/2007Nov/0101
[5] http://lists.w3.org/Archives/Public/www-tag/
[6] http://www.w3.org/2001/tag/group/track/issues/7

Received on Tuesday, 15 January 2008 22:08:40 UTC