IETF Logo Mail Archive

Re: Mnot's Pub/Sub for the Web

Mark Nottingham <mnot@mnot.net> Tue, 22 February 2022 23:03 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA5AF3A09A8 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 22 Feb 2022 15:03:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.748
X-Spam-Level:
X-Spam-Status: No, score=-2.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=QmFpGrA2; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=dL3D81T+
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KQR2wQk2R_GC for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 22 Feb 2022 15:03:48 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 936683A09A6 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 22 Feb 2022 15:03:47 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1nMeA7-0007kf-Lo for ietf-http-wg-dist@listhub.w3.org; Tue, 22 Feb 2022 23:01:39 +0000
Resent-Date: Tue, 22 Feb 2022 23:01:39 +0000
Resent-Message-Id: <E1nMeA7-0007kf-Lo@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mnot@mnot.net>) id 1nMeA5-0007jB-Bg for ietf-http-wg@listhub.w3.org; Tue, 22 Feb 2022 23:01:37 +0000
Received: from out4-smtp.messagingengine.com ([66.111.4.28]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mnot@mnot.net>) id 1nMeA2-0001Di-Lm for ietf-http-wg@w3.org; Tue, 22 Feb 2022 23:01:37 +0000
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 7D6A85C00EC; Tue, 22 Feb 2022 18:01:20 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Tue, 22 Feb 2022 18:01:20 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm2; bh=R3Ne361ZJGiDRu jcaHmlDsug0JP7ANAzrbGa6742X7w=; b=QmFpGrA2jFeua2QnIDgVdiezHFebiY N2ZyDvTX4usrn03PFNRPksA/OX1yEPrhTjQdk/zKNH8LJlE1dX+bgt2xQhrQZI32 ljBTVodkoWgdGW0+mLXUfJUTIAEIGod64cVtq4LRIC6IxScyyiC1Ocq4MmWY/HH3 nz0nuOetDMsdtORxo0mR6ERS9y4RHe1t9yHt1lRYCyz3zASX2P2K8XxUaTpRYEv3 3YdJaR2rt+oO3eXNcPGCPP5bGmYypnUHKQAJt19W8CmYDDWCKcvGlnZBMVvJepR0 DpMSl/BkUcU8x+KHbqweMpM2tUPmR65NQ5UvB/WWJD8OZpMq+z4GrXSQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=R3Ne361ZJGiDRujcaHmlDsug0JP7ANAzrbGa6742X 7w=; b=dL3D81T+YrToVweD58bwg4sbXwowe93ztd5fry8ajL3U1Zr3/ExwnY8Nu +oNy5fY9sUipQH6uZRDQcFt1YSI9TT4MCQuDDj9qxlablTppti2dY12M0WoYPrVc CMFa9fLe2+ak3ychdcpga3OvxDUHNmgqykISpNPjL2i10lPmdBttx04Qq34Mg0/0 MqfQHM449hh707WBS9Rl1UT1XDG4kZjI1LyPzwKnh8md5dWAlJQZ0BzK4G+UZ0yT EwAYq8rQs8tg2PVZNyd5P9V476N5UC5ms78jBWhbAx+HnSpqw1nQrbWzKqGCEJqH lpxX/xHaDB9m2GXSZ8XIYysubuG3Q==
X-ME-Sender: <xms:QGsVYmcuibc5PyuQDKN5KCQ1a058xPvnNU7rI_GvQZs85Kpyt7wyrg> <xme:QGsVYgNoA8Z2UZUBRU51Zj7FDHWnMmy_0BxZbDRSCsFV6Zu5Ce-Woh4J2cfwbg40f eO9IsT6UKTfjcWXlw>
X-ME-Received: <xmr:QGsVYnhTCtN3aYKRP_VekYrf0TBryprZKaSVmRjptvdX8mJLl7jo8E2Ym-qvYGo8fPwDywq_VdAQ0L_YdxspPSJKD9M3V3JIyWyjR8_Q7JKQYi6uGjrfnmtP>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrkeelgddtfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpegtggfuhfgjfffgkfhfvffosehtqhhmtdhhtdejnecuhfhrohhmpeforghrkhcu pfhothhtihhnghhhrghmuceomhhnohhtsehmnhhothdrnhgvtheqnecuggftrfgrthhtvg hrnhepuddvudeiudeuffelgffftdekteeiuedvkeeigeelkefhleehffeijedvjefhgeel necuffhomhgrihhnpeiffedrohhrghdpmhgvrhgtuhhrvgdrrhhotghkshdpghhithhhuh gsrdgtohhmpdguuhhnghhlrghsrdhfrhdpmhhnohhtrdhnvghtpdhivghtfhdrohhrghdp hhhtthhpsghishgrshgrghhrohhuphhthhhinhhkshdrihhsnecuvehluhhsthgvrhfuih iivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhnohhtsehmnhhothdrnhgvth
X-ME-Proxy: <xmx:QGsVYj_G5mlK39jPocF0HQZxG2TwX0vBknOkV_lPuRdH8oeXptrDjg> <xmx:QGsVYivHtg0h0iz2uDhULEsfMb85Oi7eTocSAvHUg2dVx-kLQy3bGg> <xmx:QGsVYqELTnSfP2ksF6ht7MIl1Rs2Vqcj4zXBhsJ0YwpKNPyl5Br2cA> <xmx:QGsVYmj7Sv4-tfXW5NFd1QxILx_IHboVC9i--pBGFjnXUv_6AUqonA>
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 22 Feb 2022 18:01:17 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.60.0.1.1\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CAD6ztsoEG4G6G5OBrJYZDZoJezckO_du0Ai=Q9Pxe3imEaDW+Q@mail.gmail.com>
Date: Wed, 23 Feb 2022 10:01:15 +1100
Cc: Mike Bishop <mbishop@evequefou.be>, Kévin Dunglas <kevin@dunglas.fr>, Michael Toomim <toomim@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D1C41B13-22ED-4A97-B3DF-7874ACB839BF@mnot.net>
References: <8a75a96a-286d-9260-498f-0b7dd8260156@gmail.com> <CADU7aos5T=hhPvtDz1aUAQ8PrZtFYwGVPp40se+yP=i2hFbZ0Q@mail.gmail.com> <PH0PR22MB3102FCEEB29C1084899DBC6DDA3B9@PH0PR22MB3102.namprd22.prod.outlook.com> <CAD6ztsoEG4G6G5OBrJYZDZoJezckO_du0Ai=Q9Pxe3imEaDW+Q@mail.gmail.com>
To: Kevin Marks <kevinmarks@gmail.com>
X-Mailer: Apple Mail (2.3693.60.0.1.1)
Received-SPF: pass client-ip=66.111.4.28; envelope-from=mnot@mnot.net; helo=out4-smtp.messagingengine.com
X-W3C-Hub-DKIM-Status: validation passed: (address=mnot@mnot.net domain=mnot.net), signature is good
X-W3C-Hub-DKIM-Status: validation passed: (address=mnot@mnot.net domain=messagingengine.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-9.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1nMeA2-0001Di-Lm 033a474206a689b6c787002faa50c28b
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Mnot's Pub/Sub for the Web
Archived-At: <https://www.w3.org/mid/D1C41B13-22ED-4A97-B3DF-7874ACB839BF@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/39851
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

As far as I can tell, that requires the client to have a URI that can be POST to, so I think this is different.


> On 23 Feb 2022, at 9:49 am, Kevin Marks <kevinmarks@gmail.com> wrote:
> 
> Does WebSub (formerly PubSubHubbub) fit this case? 
> 
> On Tue, 22 Feb 2022, 9:25 pm Mike Bishop, <mbishop@evequefou.be> wrote:
> This is a very interesting space, and I’m glad we have two such solid contenders.  I’m not convinced this fits squarely within HTTP’s mandate, as this seems more like a protocol on top of HTTP than a pure extension to HTTP.  Perhaps like OHAI, there might be enough interest to warrant a dedicated working group?
> 
>  
> 
> From: Kévin Dunglas <kevin@dunglas.fr> 
> Sent: Tuesday, February 22, 2022 12:56 PM
> To: Michael Toomim <toomim@gmail.com>
> Cc: HTTP Working Group <ietf-http-wg@w3.org>; Mark Nottingham <mnot@mnot.net>
> Subject: Re: Mnot's Pub/Sub for the Web
> 
>  
> 
> Thanks for bringing this topic to the list again!
> 
>  
> 
> On the Mercure side, the spec has stabilized. Several open-source and proprietary implementations are available (https://mercure.rocks/spec#implementation-status), and adoption is growing: 2.7K stars on GitHub, dozens of open source projects using it, large companies publicly declaring use...
> 
>  
> 
> Many new use cases have been reported on the bug tracker over the years, and we improved the spec to cover most of them. Some minor issues still need to be handled (https://github.com/dunglas/mercure/labels/spec), but we're very soon to publish the final version of the specification.
> 
>  
> 
> As demonstrated by the discussions on Hacker News, Mark's great article, and by the adoption of Mercure, the community is in demand of a pub/sub standard for web resources.
> 
>  
> 
> Even if most discussions occurred on GitHub, Slack, Twitter, and other channels instead of on IETF mailing lists, the Mercure spec is now implemented by production-grade "running code" and has reached "rough consensus".
> 
>  
> 
> Mercure is less ambitious than Braid. Its scope is more limited. It is focusing on providing a simple pub/sub protocol for web content proved working with the current web infrastructure (web browsers, proxies,, firewalls, etc). In its current state, it doesn't require any JS library or polyfill client-side.
> 
>  
> 
> The spec is very similar to the WebSub specification from the W3C, but mainly targets web browsers instead of servers. As WebSub, Mercure uses a hub to distribute web resources, which allows implementing the protocol easily even in legacy applications, with languages not designed to handle long-living connections (e.g. PHP), and when using modern infrastructure such as serverless and edge computing platforms (https://dunglas.fr/2019/07/mercure-real-time-apis-for-serverless-and-beyond/). Unlike WebSub, Mercure natively supports authorization, end-to-end encryption, and state reconciliation. Both clients and servers can be publishers.
> 
>  
> 
> Currently, Mercure only allows using SSE as transport, but we'll maybe allow using other transports such as WebSockets and Web Transports, probably as extensions to the current spec, to cover use case such as transmitting non-base64-encoded binary data (https://github.com/dunglas/mercure/issues/616).
> 
>  
> 
> Braid is very interesting and has a much broader scope (state synchronization, P2P, etc). It also requires more changes to the current software stack to be natively supported by the web platform. Mercure overlaps only with the "subscribe" feature of Braid, and I've the feeling than Braid could use Mercure (and probably WebSub too) for its subscribe feature, at least in a first iteration.
> 
>  
> 
> I wonder how we can move forward regarding the standardization of a pub/sub protocol for web content and web browsers. Even if Mercure gained traction outside of the IETF, it hasn't on this group. I was thinking about proposing the final version of the spec as an independent-track RFC, or to the W3C as it is very close to WebSub, and is also related to the other specs published by the Social Web Working Group (ActivityPub, and even Solid). But as the this topic is discussed again, maybe could we work on a pub/sub protocol here?
> 
>  
> 
>  
> 
>  
> 
> On Sun, Feb 20, 2022 at 10:39 AM Michael Toomim <toomim@gmail.com> wrote:
> 
> Hello, HTTP!
> 
> Today Mark Nottingham posted a great articulation of the issues programmers face when choosing between using SSE, WebSockets, and WebTransports:
> 
> https://www.mnot.net/blog/2022/02/20/websockets
> 
> I'll attempt to summarize Mark's beautiful insight as: in almost all cases, what the programmer *really* wants is a Pub/Sub protocol, not an arbitrary socket. And we could standardize a Pub/Sub protocol, and that would have great benefits.
> 
> These benefits are real and I think could improve performance dramatically. CDNs could cache realtime updates, not just static data.
> 
> However, I'll take Mnot one further, and propose that when a programmer is choosing a Pub/Sub protocol, what he *really* wants is a State Synchronization protocol, not an arbitrary Pub/Sub protocol.
> 
> He wants to Subscribe specifically to *state updates*. He wants to Publish specifically *updates to state*.
> 
> What we need is not a general Pub/Sub standard, but specifically a State Synchronization standard. State Synchronization is a constrained type of general Pub/Sub. And we'll need to constrain Pub/Sub in this way to address some of the issues Mark brings up, such as:
> 
> > There are also some architectural/philosophical concerns about how non-final responses **relate to the state of the resource**.
> 
> The relationship between a server's "responses" and the "state of the resource" is what a State Synchronization protocol defines. And, in fact, we have two proposed solutions to State Synchronization in the IETF!
> 
> Braid:         https://datatracker.ietf.org/doc/html/draft-toomim-httpbis-braid-http
> Mercure:    https://datatracker.ietf.org/doc/draft-dunglas-mercure/
> 
> I am seeing a growing awareness that HTTP needs to add State Synchronization abilities, as well as excitement about the new fundamental power it gives programmers on the web.
> 
> These protocols transform HTTP from a State *Transfer* into a State *Synchronization* protocol. Whereas a transfer protocol can move a resource from server to client in a single request/response, it requires an application programmer to take over if the resource ever changes after the response completes. That sucks for programmers. A synchronization protocol provides a much better programming abstraction. The programmer just says "I want state X", and can assume it will be kept up-to-date by the protocol.
> 
> If we standardize this, we also get CDNs that automatically cache dynamic content (the stuff currently hidden within websockets), just as easily as they cache static content today. We get collaborative editing and offline modes available in web apps for free. We also take an important step towards decentralizing the web, by creating an open standard for the trickiest part of decentralized app development — data synchronization — that is compatible with P2P CRDT and OT algorithms.
> 
> Since this all seems to be coming together, I would like to know what HTTPbis as a group thinks. Is there interest in this topic?
> 
> If so, what aspects might we want to work on?
> 

--
Mark Nottingham   https://www.mnot.net/

v2.23.0 | Report a Bug | By Email