W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: [IndexedDB] Granting storage quotas

From: Michael Nordman <michaeln@google.com>
Date: Tue, 20 Apr 2010 14:37:33 -0700
Message-ID: <i2tfa2eab051004201437xf2649d5bk7b0d52df8624e81@mail.gmail.com>
To: public-webapps@w3.org
Cc: Joćo Eiras <joaoe@opera.com>, Mark Seaborn <mseaborn@chromium.org>
I'd like to back up and challenge the notion of a per-site quota.

In this discussion and others there is an underlying assumption that each
site has some well defined limit that the user-agent has granted it. I doubt
that's the best model. (Fyi: the chrome team's overly simplistic model
whereby each site gets 5M was not chosen because its a good model, this was
done just to proceed with building out the storage APIs independent of a
real storage management strategy).

I'd like to set aside the per-site quota assumption and explore some
alternative models for web storage management.

Some thoughts about the world we're designing for. There are an open ended
number of sites, each of which *could* use web storage in some form. From
that fact alone, it's impossible to come up with a quota that could be
granted to each and every site. It seems likely that the number of sites
that will actually require "permanent" storage is small compared to the
number of sites that *could* make use of more "volatile" storage, to borrow
jorlow's term, where the volatile data on disk can get scrapped by the
user-agent as needed. Maybe a better term for that class of storage is

Maybe we should be designing for what seems to be the more common case, lots
of sites that make use of volatile/purgeable storage. But also come up a
means whereby the smaller number of sites that require stronger guarantees
can express the need for more permanent storage.

"What if" by default all local storage is "purgeable". A lot of quota issues
melt away in this case since the user agent is free to reclaim anything at
anytime. I think it'd be reasonable if the user-agent never asked the user
anything on a per-site basis. A user-agent could warn when system disk space
crossed thresholds and give the user an option to set limits  on system disk
space usage for webstorage as a whole.

"What if" when creating local storage repositories (WebDBs or IndexedDBs or
WebFileSystems or AppCaches) there was an optional means for the webapp to
express "please consider this a permanent storage repository". The first
time a site request "permanent" storage could be a reasonable time to
interact with the user in some form, or to consult the user prefs about
allowing permanent storage w/o being asked.

I think ericu is baking in a distinction in between 'permanent' and
'temporary' in the FileSystem API he's working on. Some harmony across all
flavors of local storage could be good.

I actually think local storage management is an area where the webplatform
has a chance to do a much better job then the desktop platforms have
historically done. We don't need no stinking quotas ;) But we also don't
need untold amounts of unused permanent storage littering disk drives
needlessly around the globe (until the user gets a new system). A silly
analogy. A computer is like a ship at sea. After years of usage, a whole
bunch of barnacles build up on the hull and slow the vessel down. The
webplatform to date is barnacle free in this area because there are no
permanent local storage facilities... lets try to make these new features
not so barnacle prone too.


On Tue, Apr 20, 2010 at 11:17 AM, Shawn Wilsher <sdwilsh@mozilla.com> wrote:

> On 4/20/2010 4:11 AM, Mark Seaborn wrote:
>> 1) It doesn't allow a web app to ask for a storage allocation up front,
>> before it starts to consume the storage.
> Why does that matter?
>  2) In Opera, the quota can only be increased in multiples of about 15, so
>> it
>> takes three prompts to get up into the range of gigabytes.
> But there is an unlimited option, yeah?
>  3) The web app can't choose when the question is put to the user.
>> 4) The web app doesn't know how much storage has been allocated, so it
>> doesn't know when a question will be asked.
>> 5) In Opera, if the user chooses "Reject", they don't get prompted again.
>> This means that asking the user at an appropriate time is important for
>> the
>> continued functioning of the web app.  Prompting the user at the wrong
>> time
>> will interrupt them with a page-modal dialog which they might want to get
>> rid of with "Reject", which would potentially break the web app by leaving
>> it unable to get more storage.
> These all feel like user-agent specific worries on how the user agent wants
> to bring this to the attention of the user.
> Cheers,
> Shawn
Received on Tuesday, 20 April 2010 21:38:04 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:13:07 UTC