AWWW and the Web interaction model (ACTION-355) from John Kemp on 2010-06-04 (www-tag@w3.org from June 2010)

From: John Kemp <john@jkemp.net>
Date: Fri, 4 Jun 2010 10:26:55 -0400
To: "www-tag@w3.org WG" <www-tag@w3.org>
Message-Id: <53A4F59E-70EF-4DC7-8A40-B016E5E20D46@jkemp.net>

Hello,

In [ACTION-355], I was asked to investigate the extent to which the interaction model in [AWWWInteract] tells the story of modern Web applications.

From that section of AWWW:

"This section describes the architectural principles and constraints regarding interactions between agents, including such topics as network protocols and interaction styles, along with interactions between the Web as a system and the people that make use of it. The fact that the Web is a highly distributed system affects architectural constraints and assumptions about interactions."

Much of the text in [AWWWInteract] remains relevant for Web applications. Web agents still pass messages and data to each other, and they make use of Web protocols to do so. URIs are still used to identify resources, and representations of these resources are still retrieved.

So what are the features of Web applications which stretch this model, or might require additional description? Below are some possibilities:

i) Client-side manipulation and generation of URIs, such as that described in TV Raman's "Usage Patterns For Client-Side URI parameters" [HashURI]. How does a client determine that it can reliably generate URIs for access to resources at a server with which it has no particular relationship? For example, mapmyrun.com uses Google Maps APIs, and generates URIs which access resources at Google Maps. What is the relationship between the mapmyrun.com Web application and Google, such that mapmyrun.com may do this reliably? Do these kinds of relationships ever have an impact on how parties agree semantics of exchanged messages (section 3.3 of [AWWWInteract])?

ii) Update of Web application state without user interaction. For example, the use of technologies such as COMET, WebSocket or even AJAX-based polling to update Web application state without user action. Examples include dynamic text updates of sporting events, or dynamic update to my Twitter feed.

iii) "Client" provision of Web resources. When a so-called "client" exposes a Javascript API for a phone camera, or for the phone user's contact book, it is providing a resource which is "on the Web" in some way. How, however, are such resources actually identified, since they are not necessarily exposed via HTTP? Examples such as those from the Device APIs WG may be relevant here.

iv) The term "user agent" has often been used as a synonym for "Web browser". It is certainly clear that a software agent, which is not a Web browser, may act as a user agent. When any agent, however, "exposes user data" (via Web resources) it must act as an agent of the user whose data it exposes, and respect the wishes of its user. Often, however, a user agent is also acting on behalf of one or more other parties - for example, customizing content based not only on user preference, but also on, say, it's own content inventory (where content has come from multiple other sources). It is also the case that a user agent may act on behalf of the user even while the user is not physically present to "drive" the user agent. How does that affect the interaction model between the user and the user agent (or other parties)?

v) The impact of multi-party security on interactions between the various Web agents. How should multiple parties interact so that each may be assured of appropriate security and privacy of the resources exposed by each party? One currently interesting case might be the use of the fragment identifier to pass a "permission token" securely (such that the token portion is not sent automatically to a server via the Referer HTTP header) to a client, as mentioned in previous TAG work such as [ACTION-278].

vi) With regard specifically to section 3.4 of [AWWWInteract] (Safe interactions) - I would note that so many Web applications involve "unsafe" operations, that it might be worth specifically exploring those unsafe interactions to provide examples of best practice regarding the related obligations of a user agent.

I would note, finally, that section 3.6 of [AWWWInteract] already specifically notes that there are aspects of the Web interaction model which are not currently described in [AWWWInteract].

Regards,

- johnk

[ACTION-355] http://www.w3.org/2001/tag/group/track/actions/355
[AWWWInteract] http://www.w3.org/TR/webarch/#interaction
[HashURI] http://www.w3.org/TR/hash-in-uri/
[ACTION-278] http://www.w3.org/2001/tag/group/track/actions/278

Received on Friday, 4 June 2010 14:27:26 UTC