- From: Dominique Hazael-Massieux <dom@w3.org>
- Date: Mon, 19 Sep 2022 15:43:03 +0200
- To: "'public-networks-ig@w3.org'" <public-networks-ig@w3.org>
Hi,
The minutes of our TPAC meeting on September 13 are available at:
https://www.w3.org/2022/09/13-web-networks-minutes.html
and copied as text below.
Dom
Web & Networks TPAC F2F
13 September 2022
[2]Agenda. [3]IRC log.
[2] https://www.w3.org/wiki/Networks/TPAC2022
[3] https://www.w3.org/2022/09/13-web-networks-irc
Attendees
Present
Chris_Needham, CHrisN, DanD, Dapeng, David_Ezell,
DavidEzell, DingWei, Dom, Eric, EricMwobobia, EricS,
HuaqiSHan, JakeHolland, Jeff, Kunihiko, LarryZhao,
LiLin, Louay_Bassbouss, LouayBassbouss, LukeWagner,
McCool, MichaelMcCool, MotokiMizusako, PiersO'Hanlon,
Song, SOngXu, Sudeep, YanZ, ZoltanKis
Regrets
-
Chair
-
Scribe
cpn, dom
Contents
1. [4]Web & Networks IG introduction
2. [5]Web & Networks IG introduction
3. [6]Client-Edge-Cloud coordination Use Cases and
Requirements
Meeting minutes
Web & Networks IG introduction
DanD: Song from China Mobile, Sudeep from INtel and I (from
AT&T) are co-chairs of Web & Networks IG
… Dom is our staff contact
Slideset: [7]https://lists.w3.org/Archives/Public/www-archive/
2022Sep/att-0001/W3C_WNIG_TPAC2022_V1.1.pdf
[7]
https://lists.w3.org/Archives/Public/www-archive/2022Sep/att-0001/W3C_WNIG_TPAC2022_V1.1.pdf
[8][Slide 1]
[8]
https://lists.w3.org/Archives/Public/www-archive/2022Sep/att-0001/W3C_WNIG_TPAC2022_V1.1.pdf#page=1
DanD: our agenda today will cover an overview of our group's
work and progress
… hopefully useful starting point for later reading
… next we'll dive into Edge Use Cases & Requirements
… followed by an open discussion
Web & Networks IG introduction
[9][Slide 4]
[9]
https://lists.w3.org/Archives/Public/www-archive/2022Sep/att-0001/W3C_WNIG_TPAC2022_V1.1.pdf#page=4
[10][Slide 5]
[10]
https://lists.w3.org/Archives/Public/www-archive/2022Sep/att-0001/W3C_WNIG_TPAC2022_V1.1.pdf#page=5
[11][Slide 6]
[11]
https://lists.w3.org/Archives/Public/www-archive/2022Sep/att-0001/W3C_WNIG_TPAC2022_V1.1.pdf#page=6
[slide 7)
[12][Slide 8]
[12]
https://lists.w3.org/Archives/Public/www-archive/2022Sep/att-0001/W3C_WNIG_TPAC2022_V1.1.pdf#page=8
<sudeep> Link to WNIG Wiki: [13]https://www.w3.org/wiki/
Networks
[13] https://www.w3.org/wiki/Networks
[14][Slide 9]
[14]
https://lists.w3.org/Archives/Public/www-archive/2022Sep/att-0001/W3C_WNIG_TPAC2022_V1.1.pdf#page=9
[15][Slide 10]
[15]
https://lists.w3.org/Archives/Public/www-archive/2022Sep/att-0001/W3C_WNIG_TPAC2022_V1.1.pdf#page=10
Jake: breakout scheduled tomorrow on multicast, with focus on
security discussions
[16][Slide 11]
[16]
https://lists.w3.org/Archives/Public/www-archive/2022Sep/att-0001/W3C_WNIG_TPAC2022_V1.1.pdf#page=11
[17][Slide 12]
[17]
https://lists.w3.org/Archives/Public/www-archive/2022Sep/att-0001/W3C_WNIG_TPAC2022_V1.1.pdf#page=12
<jholland> tomorrow's multicast breakout: [18]https://
www.w3.org/events/meetings/527d52eb-f8df-4875-844b-09a27a67d772
[18]
https://www.w3.org/events/meetings/527d52eb-f8df-4875-844b-09a27a67d772
Michael: we're mostly focused on edge offload
… maybe this should expand to split browser, but that's not
part of what we've doing so far
Client-Edge-Cloud coordination Use Cases and Requirements
Slideset: [19]https://lists.w3.org/Archives/Public/www-archive/
2022Sep/att-0002/2022-09-13-WNIG-F2F-Edge.pdf
[19]
https://lists.w3.org/Archives/Public/www-archive/2022Sep/att-0002/2022-09-13-WNIG-F2F-Edge.pdf
[20][Slide 1]
[20]
https://lists.w3.org/Archives/Public/www-archive/2022Sep/att-0002/2022-09-13-WNIG-F2F-Edge.pdf#page=1
[21][Slide 2]
[21]
https://lists.w3.org/Archives/Public/www-archive/2022Sep/att-0002/2022-09-13-WNIG-F2F-Edge.pdf#page=2
[22][Slide 3]
[22]
https://lists.w3.org/Archives/Public/www-archive/2022Sep/att-0002/2022-09-13-WNIG-F2F-Edge.pdf#page=3
Michael: our 13 use cases could still be improved from a
categorization perspective
[23][Slide 4]
[23]
https://lists.w3.org/Archives/Public/www-archive/2022Sep/att-0002/2022-09-13-WNIG-F2F-Edge.pdf#page=4
Michael: some of the main drivers for edge computing are
latency and privacy
… e.g. in AR, tracking the environment and overlaying
information on the environment needs to happen with very low
latency
… cloud is ~10x slower to reach than an edge node
… using edge computing is applicable both for webapps and IoT -
I'm also a co-chair of the Web oF things WG
[24][Slide 5]
[24]
https://lists.w3.org/Archives/Public/www-archive/2022Sep/att-0002/2022-09-13-WNIG-F2F-Edge.pdf#page=5
Michael: what kind of businesses & users will be using these
systems, with what kind of needs & priorities
… what are their business models and why would they do this?
… we will cross-reference these stakeholders with our use cases
[25][Slide 6]
[25]
https://lists.w3.org/Archives/Public/www-archive/2022Sep/att-0002/2022-09-13-WNIG-F2F-Edge.pdf#page=6
Michael: these requirements derive from our use cases
… a common requirement is improved performance
… some of the requirements are up for negotiation
… compatibility with existing APIs vs building a new one
[26][Slide 7]
[26]
https://lists.w3.org/Archives/Public/www-archive/2022Sep/att-0002/2022-09-13-WNIG-F2F-Edge.pdf#page=7
Michael: 2 proposals: one focused on seamless code sharing baed
on WASM, benefitting from the JS/WASM sandbox
… the other is distributed worker, extending the existing
threading model in browsers based on Workers
… the comm model they use could be extended to instantiate a
worker on a remote machine
… Web of Things has ongoing work on discovery that could be
used for compute utility discovery
… Both of these are extended the web model beyond client &
server, to a distributed model, some of the resources being
location sensitive
<Max__Liu> +
[27][Slide 8]
[27]
https://lists.w3.org/Archives/Public/www-archive/2022Sep/att-0002/2022-09-13-WNIG-F2F-Edge.pdf#page=8
DavidE: what is WASM?
Michael: WebAssembly provides a binary representation of
machine bytecode, that operates in sandboxed runtime with near
native performance
… similar to LLVM
Max: detailed use cases are available in the document
[28]Client-Edge-Cloud coordination Use Cases and Requirements
[28] https://w3c.github.io/edge-computing-web-exploration/
Max: I also want to mention that we've been focused on use
cases & requirements, with only high level initial proposals
for solutions
… the purpose is to gather enough interest for this work
Michael: we're trying to establish feasability and the
potential path to standardization
<DanD> +
Michael: we need to prioritize requirements (essential vs nice
to have)
<DanD> +1
CPN: you mentioned extending a worker to offload compute
… are there solutions out there that could inform what kind of
standardization would be helpful?
Michael: Akamai has EdgeWorkers; Fastly runs WASM on the edge
… but they're not using standardized interfaces so can't be
deployed seamlessly by developers without adapting to each CDN
providers
chris: could this be captured in the document?
Michael: that's what we would want to achieve by
cross-referencing stakeholders with use cases / requirements
Chris: I'm not necessarily suggesting to capture in the
document, but it's useful information to gather
DanD: thanks for putting this together, and it helps
consolidating the many ideas that have been floating around
… the trust model with the edge computing for the Web is a very
critical aspect
… things that are in a given administrative domain has a
well-defined trust boundary compared to a fully open web setup
… CDNs typically represent content providers, they're an
extension of content providers
… what would be the relationship between the ISP and the
content provider?
… it's not just technical solutions, this needs to be grounded
reality
Michael: does the end user trust the edge computer? does the
edge provider trust the code it is running?
… a threat could be drive-by mining that would steal my
computing resources
… Sandboxing helps with running untrusted code
… harder to protect the code from the platform - probably best
addressed by a social solution
Michael: this could be dealt with in a way similar to
permissions e.g. to access camera
DanD: there is also the possibility to extend the same origin
policy as long as the edge is seen as an extension to the
server
… it's all about who has a relationship with whom
… it's not just the trust, it's also about not abusing the
resource
Michael: CORS is designed for developers to delegate access to
another developer
Dom: Delegating to the edge, question about trust, when you're
using edge resources, the content provider is paying. If it's
under user control, does the user pay?
… Are there business models that enable that? We should clarify
how the computing delegation would work in practice, don't know
if there are examples today
michael: it enables new business models
… today the content provider pays a CDN for edge resources
… if that moves to the user, it could be bundled into an ISP
plan
Max: regarding the trust model, it's already covered a bit - it
varies across use cases, with different business models
… there are existing B2B models for cloud->edge
… the service provider pays the fee to the edge computing
provider
… we should consider the same origin policy of the web
architecture
… for consitency
<Zakim> dezell, you wanted to talk about sandboxing
David: re sandboxing - how much thoughts have been put into
keyvault / software validation?
… PCI regulations enforced rules in terms of private key
generation and management
… how do you prevent a user asked to do something that might be
appropriate?
… very hard questions to consider
jholland: the developer-controlled vs user-controlled models
… they're very different use cases with very different control
surfaces, different trust model and sandboxing constraints
… there may be some similar aspects
… but they should be approached as different APIs that might be
able to share a component
DanD: my suggestion for Michael & Max: we went through use
cases and requirements
… there may be an opportunity to look at the different
offloading models (developer centric vs user centric)
… the different realms of controls (enterprise vs user)
… I think it would be worth digging more into these questions
McCool: re user vs dev - a user could be an enterprise wanting
to do sensitive work on their premises or using their own
machine
… e.g. Web Apps doing video processing
… Establishing the right trust model is key
Jake: I would suggest an enterprise capability could operate
under a developer centric model, vs a home user
McCool: we should add discussion of this topic in the doc
… there are similar components around workload packaging,
sandboxing
Max__Liu: +1 to Dan's suggestion
… we'll put more analysis on this topic in the document
sudeep: the sandboxing and trust models sounds like important
topics
… we have the <script> tag that allows to run JS - could it be
extended to allow the user to establish trust with the edge
node?
McCool: the value of Worker is that they operate in a different
thread/memory space, which isn't the case of the <script> tag
Yan: re security model, a user centric trust model is key to
forward looking standards
McCool: SOLID is also an interesting approach to manage private
data
… managing keys in the LAN doesn't work well with browsers
Yan: I'm also involved in the VC & DID WGs which could help
acl Piers_O_Hanlon
Piers_O_Hanlon: could be useful to distinguish the user data
from the code
… privacy around the data that is being processed vs the code
that is doing the processing
… one can secure the code or use sub-resource-integrity to
ensure it hasn't been tampered with
… the data flows then get processed by that
… homomorphic encryption might provide a useful way to protect
the data from the edge
Yan: we use a trust zone to run the code
… for the data, we use VC to preserve the privacy of data
itself
McCool: separating data and code fits well with stateless
computing models
… with the sandbox, we could control the connections the code
can make to avoid it to send the data to any other endpoint
Piers_O_Hanlon: users may have their credentials used by the
edge to accomplish tasks on their behalf
McCool: homomorphic processing is probably not ideal if you're
looking at performance as a goal
McCool: next step includes discussing the aspects that were
raised today around security / trust
DanD: there is also an opportunity to look at the gap analysis
… are the standards identified going to fulfill the needs? or
what will it take to make them so?
… incl WASM, CORS
… How can we extend the dialogue? DO we need dedicated calls to
help make progress?
… does it have the elevated visibility an activity on its own?
<Zakim> jeff, you wanted to comment on next steps
Jeff: looking at the current editors draft of the use cases
doc, it's already a pretty impressive document
… on the balance of making it even better or moving forward
with the gap analysis and addressing it
… the weight of the effort needs to shift towards resolving the
gap
… this may require cross-meeting with other groups
… figure who should address the gaps and how we ensure progress
… possibly with a new CG
McCool: we need to get more stakeholders at the table
… what can we do to increase engagement?
Max__Liu: we probably need a CG, a dedicated way to focus on
how to move forward
… I personally think that before we go to a WG, we can prepare
a charter
… or a CG that focuses on the topic, which could be more open
to non-W3C members and open source projects
… helps with greater engagement
… key is pushing progress on the work coordination more than on
the draft
<Zakim> jeff, you wanted to support Michael's idea about
stakeholders
jeff: before reaching out to more stakeholders, we need greater
clarity on the next steps (incubation vs WG vs existing groups)
… in terms of stakeholders, there is a long list of
stakeholders that used to be but are no longer W3C members that
came in the Mobile Initiative days
… we should reach out to them as we're making progress in
deploying our action plan
McCool: +1 to outreach
… re CG vs WG - we can't have a WG until we know exactly what
deliverables we need
… a CG or an IG focused on doing that would be a useful next
step
jeff: we already have the IG
McCool: but the name of the IG doesn't scream "edge computing"
DanD: two different things we're talking: making the story
crisper (with doc improvements)
… and gathering input & support, administrative stuff
… they can be done in parallel
… If we need an edge IG, or a CG
… we still need to improve the gap analysis in terms of what
other groups need to provide & support
… figure out the incentives for the stakeholders
… we talked about organizing some sort of the workshop to help
moving forward
Max: a CG being more open is helpful compared to an IG
… we can also have a liaison with the IG to report back what
would happen in the CG
… the CG could have more frequent teleconferences
DanD: Thanks again for showing up and for the very fruitful
discussions
Received on Monday, 19 September 2022 13:43:07 UTC