- From: Travis Leithead <notifications@github.com>
- Date: Wed, 31 Oct 2018 07:24:25 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/235/434706534@github.com>
Hey Jeff, We reviewed the latest draft and explainer updates at today's F2F in Paris and are very happy with the progress and direction of the work. In particular, the proposed placement of Service Workers vs. SXG in the loading pipeline looks great and we're happy to see it. Looking forward to hearing how security review of this setup goes. We were hoping to find more details about the `validity-url`. What happens if oa cert matches but the validity URL does not load? Does that fetch never happen? Most of our open questions relate to Bundles, which we realize aren't in scope for this review. Specifically, we'd like to see: * A discussion of how SXG and Bundles are handled when directly `fetch()`'d. We presume those will be different (an individual SXG yeilding the content, whereas a bundle might not unwrap the content)? * An API for opening Bundles and dealing with their content; e.g. how can I populate a SW cache out of a few resources from a Bundle fetched over `fetch()`? We have a general interest in seeing the platform's encoders and decoders exposed to userspace to enable better layering. * PRegarding the last point, any plans to provide a CBOR encoding/decoding API as part of this work? Overall we're excited that this work is moving forward quickly. Hoping to hear what you're able to learn from the Origin-Trial. -Travis, Yves, Alex, and Peter -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/235#issuecomment-434706534
Received on Wednesday, 31 October 2018 14:24:46 UTC