IETF Logo Mail Archive

Re: Mnot's Pub/Sub for the Web

Kévin Dunglas <kevin@dunglas.fr> Tue, 22 February 2022 17:58 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EEE43A0940 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 22 Feb 2022 09:58:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.646
X-Spam-Level:
X-Spam-Status: No, score=-2.646 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dunglas-fr.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8uFg0-ZwClNB for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 22 Feb 2022 09:58:30 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D4713A090B for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 22 Feb 2022 09:58:30 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1nMZOW-0000w4-0A for ietf-http-wg-dist@listhub.w3.org; Tue, 22 Feb 2022 17:56:12 +0000
Resent-Date: Tue, 22 Feb 2022 17:56:12 +0000
Resent-Message-Id: <E1nMZOW-0000w4-0A@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <kevin@dunglas.fr>) id 1nMZOU-0000v5-8c for ietf-http-wg@listhub.w3.org; Tue, 22 Feb 2022 17:56:10 +0000
Received: from mail-vk1-xa2f.google.com ([2607:f8b0:4864:20::a2f]) by mimas.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <kevin@dunglas.fr>) id 1nMZOO-0004DY-Oo for ietf-http-wg@w3.org; Tue, 22 Feb 2022 17:56:10 +0000
Received: by mail-vk1-xa2f.google.com with SMTP id j12so10921984vkr.0 for <ietf-http-wg@w3.org>; Tue, 22 Feb 2022 09:56:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dunglas-fr.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CQmLDLo0JBdFIPuumB465HE71qIwXTHkEu7sn+tMZ94=; b=ItJIb29Hzhcv+itUQJO+i2qUCFIPwykJaOhrZzL+F+FR3rZkD/fMsfZb158CiCbt3j vR7uJX6VuqJRO/W2PGVNsEvqTuQzyR6YdrFnMrZVMoBRBpznfO7Cn83R02SN0tvCBsxF ZwDcmkQIsVxkQU89OWoe7GazfpiFmIdBcJVsuN8rOEmRNTrKbJB5L5afRMav8J3CYhsD oiLHLs+ph44/I+ITQ6HM1uvGBCZWEgWXEy9rBYiWlc1bdKKhvcpHv+O7wnp4QTfpxxLg VWW8hnWr24acnJGepc/W4N2b+JK7Y8+r9+NQwacO54RcvlgsbCDjIxBJHZX54JoJt/xG 9Pbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CQmLDLo0JBdFIPuumB465HE71qIwXTHkEu7sn+tMZ94=; b=hG+oYXC+ZwJhRJ2Jo6sGnYgDp+aWQG/Ezp61XqEKRv2CWPpfbrrOXS/9CE8woQU8qC ejuD3Z9n8wGFLzLnHkc45jWKlQ2Zc9omldZWL0JHVST4qYekwarT9W66wgoBAmVwv+Ir u6v7DNHb+BXL5x+XvgrdXaiWR7+CdfAXwtnc6Vm1xzqm6Hh34SVrpu/dY0EvG7mRxpGE A19YMJI5siLyYC2NazNGYTcqE4sDMAnBJhw7pKqKgCFA55bB2DJEigQXo0e8WO/zUMTI xke8mvuU5mpXlWrk+v8YF9dvIhZlXCaU8Z2kNWHolOFYBE3+op7sh0LUhgWggUw8YZUY TXXQ==
X-Gm-Message-State: AOAM532goN7tVdcJ4FtPG2DL8F0HDU52oxzVJzsrsJvd/APj7o60WTD1 ZvA4Hq4fVYVzNyr3RiXnpBf87h5j7AzU3pPmqCgGhDjEtSvvvA==
X-Google-Smtp-Source: ABdhPJwC5/bMPuwjv763Bvjr4RtGrfS+l6bm/wXdXRwk4nrNQLrWDvX0hRT5bw/E8UYFmCuawpAR6PMiQy80InQ9UyA=
X-Received: by 2002:a05:6122:7c8:b0:331:5fd8:1e83 with SMTP id l8-20020a05612207c800b003315fd81e83mr8960294vkr.25.1645552553588; Tue, 22 Feb 2022 09:55:53 -0800 (PST)
MIME-Version: 1.0
References: <8a75a96a-286d-9260-498f-0b7dd8260156@gmail.com>
In-Reply-To: <8a75a96a-286d-9260-498f-0b7dd8260156@gmail.com>
From: Kévin Dunglas <kevin@dunglas.fr>
Date: Tue, 22 Feb 2022 18:55:42 +0100
Message-ID: <CADU7aos5T=hhPvtDz1aUAQ8PrZtFYwGVPp40se+yP=i2hFbZ0Q@mail.gmail.com>
To: Michael Toomim <toomim@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Mark Nottingham <mnot@mnot.net>
Content-Type: multipart/alternative; boundary="0000000000006a8b4305d89f0f34"
Received-SPF: pass client-ip=2607:f8b0:4864:20::a2f; envelope-from=kevin@dunglas.fr; helo=mail-vk1-xa2f.google.com
X-W3C-Hub-DKIM-Status: validation passed: (address=kevin@dunglas.fr domain=dunglas-fr.20210112.gappssmtp.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1nMZOO-0004DY-Oo b13bb4e3c9501203949fad5ce8493a5a
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Mnot's Pub/Sub for the Web
Archived-At: <https://www.w3.org/mid/CADU7aos5T=hhPvtDz1aUAQ8PrZtFYwGVPp40se+yP=i2hFbZ0Q@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/39848
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Thanks for bringing this topic to the list again!

On the Mercure side, the spec has stabilized. Several open-source and
proprietary implementations are available (
https://mercure.rocks/spec#implementation-status), and adoption is growing:
2.7K stars on GitHub, dozens of open source projects using it, large
companies publicly declaring use...

Many new use cases have been reported on the bug tracker over the years,
and we improved the spec to cover most of them. Some minor issues still
need to be handled (https://github.com/dunglas/mercure/labels/spec), but
we're very soon to publish the final version of the specification.

As demonstrated by the discussions on Hacker News, Mark's great article,
and by the adoption of Mercure, the community is in demand of a pub/sub
standard for web resources.

Even if most discussions occurred on GitHub, Slack, Twitter, and other
channels instead of on IETF mailing lists, the Mercure spec is now
implemented by production-grade "running code" and has reached "rough
consensus".

Mercure is less ambitious than Braid. Its scope is more limited. It is
focusing on providing a simple pub/sub protocol for web content proved
working with the current web infrastructure (web browsers, proxies,,
firewalls, etc). In its current state, it doesn't require any JS library or
polyfill client-side.

The spec is very similar to the WebSub specification from the W3C, but
mainly targets web browsers instead of servers. As WebSub, Mercure uses a
hub to distribute web resources, which allows implementing the protocol
easily even in legacy applications, with languages not designed to handle
long-living connections (e.g. PHP), and when using modern infrastructure
such as serverless and edge computing platforms (
https://dunglas.fr/2019/07/mercure-real-time-apis-for-serverless-and-beyond/).
Unlike WebSub, Mercure natively supports authorization, end-to-end
encryption, and state reconciliation. Both clients and servers can be
publishers.

Currently, Mercure only allows using SSE as transport, but we'll maybe
allow using other transports such as WebSockets and Web Transports,
probably as extensions to the current spec, to cover use case such as
transmitting non-base64-encoded binary data (
https://github.com/dunglas/mercure/issues/616).

Braid is very interesting and has a much broader scope (state
synchronization, P2P, etc). It also requires more changes to the current
software stack to be natively supported by the web platform. Mercure
overlaps only with the "subscribe" feature of Braid, and I've the feeling
than Braid could use Mercure (and probably WebSub too) for its subscribe
feature, at least in a first iteration.

I wonder how we can move forward regarding the standardization of a pub/sub
protocol for web content and web browsers. Even if Mercure gained traction
outside of the IETF, it hasn't on this group. I was thinking about
proposing the final version of the spec as an independent-track RFC, or to
the W3C as it is very close to WebSub, and is also related to the other
specs published by the Social Web Working Group (ActivityPub, and even
Solid). But as the this topic is discussed again, maybe could we work on a
pub/sub protocol here?



On Sun, Feb 20, 2022 at 10:39 AM Michael Toomim <toomim@gmail.com> wrote:

> Hello, HTTP!
>
> Today Mark Nottingham posted a great articulation of the issues
> programmers face when choosing between using SSE, WebSockets, and
> WebTransports:
>
> https://www.mnot.net/blog/2022/02/20/websockets
>
> I'll attempt to summarize Mark's beautiful insight as: in almost all
> cases, what the programmer *really* wants is a Pub/Sub protocol, not an
> arbitrary socket. And we could standardize a Pub/Sub protocol, and that
> would have great benefits.
>
> These benefits are real and I think could improve performance
> dramatically. CDNs could cache realtime updates, not just static data.
>
> However, I'll take Mnot one further, and propose that when a programmer is
> choosing a Pub/Sub protocol, what he *really* wants is a State
> Synchronization protocol, not an arbitrary Pub/Sub protocol.
>
> He wants to Subscribe specifically to *state updates*. He wants to Publish
> specifically *updates to state*.
>
> What we need is not a general Pub/Sub standard, but specifically a State
> Synchronization standard. State Synchronization is a constrained type of
> general Pub/Sub. And we'll need to constrain Pub/Sub in this way to address
> some of the issues Mark brings up, such as:
>
> > There are also some architectural/philosophical concerns about how
> non-final responses **relate to the state of the resource**.
>
> The relationship between a server's "responses" and the "state of the
> resource" is what a State Synchronization protocol defines. And, in fact,
> we have two proposed solutions to State Synchronization in the IETF!
>
> Braid:
> https://datatracker.ietf.org/doc/html/draft-toomim-httpbis-braid-http
> Mercure:    https://datatracker.ietf.org/doc/draft-dunglas-mercure/
>
> I am seeing a growing awareness that HTTP needs to add State
> Synchronization abilities, as well as excitement about the new fundamental
> power it gives programmers on the web.
>
> These protocols transform HTTP from a State *Transfer* into a State
> *Synchronization* protocol. Whereas a transfer protocol can move a resource
> from server to client in a single request/response, it requires an
> application programmer to take over if the resource ever changes after the
> response completes. That sucks for programmers. A synchronization protocol
> provides a much better programming abstraction. The programmer just says "I
> want state X", and can assume it will be kept up-to-date by the protocol.
>
> If we standardize this, we also get CDNs that automatically cache dynamic
> content (the stuff currently hidden within websockets), just as easily as
> they cache static content today. We get collaborative editing and offline
> modes available in web apps for free. We also take an important step
> towards decentralizing the web, by creating an open standard for the
> trickiest part of decentralized app development — data synchronization —
> that is compatible with P2P CRDT and OT algorithms.
>
> Since this all seems to be coming together, I would like to know what
> HTTPbis as a group thinks. Is there interest in this topic?
>
> If so, what aspects might we want to work on?
>

v2.23.0 | Report a Bug | By Email