IETF Logo Mail Archive

Re: Mnot's Pub/Sub for the Web

Seph Gentle <me@josephg.com> Wed, 23 February 2022 00:05 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B89853A0916 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 22 Feb 2022 16:05:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.747
X-Spam-Level:
X-Spam-Status: No, score=-2.747 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=josephg.com header.b=g66G48eX; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=jnLbN8rg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8pz0TW5bQ_Dg for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 22 Feb 2022 16:05:00 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FBB53A0914 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 22 Feb 2022 16:04:59 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1nMf6o-0006cE-AX for ietf-http-wg-dist@listhub.w3.org; Wed, 23 Feb 2022 00:02:18 +0000
Resent-Date: Wed, 23 Feb 2022 00:02:18 +0000
Resent-Message-Id: <E1nMf6o-0006cE-AX@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <me@josephg.com>) id 1nMf6n-0006bF-1a for ietf-http-wg@listhub.w3.org; Wed, 23 Feb 2022 00:02:17 +0000
Received: from out4-smtp.messagingengine.com ([66.111.4.28]) by mimas.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <me@josephg.com>) id 1nMf6j-0004rL-RD for ietf-http-wg@w3.org; Wed, 23 Feb 2022 00:02:16 +0000
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 335015C0110 for <ietf-http-wg@w3.org>; Tue, 22 Feb 2022 19:02:03 -0500 (EST)
Received: from imap42 ([10.202.2.92]) by compute1.internal (MEProxy); Tue, 22 Feb 2022 19:02:03 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=josephg.com; h= cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; bh=zuAXQGZN2qSczmNFuB3L1PXdRjDgVm6jkLKadY lCdkw=; b=g66G48eXNrFmPXyl3WwwVAVs28lJilbW4OES0c9SQ0wetUr7ZobBHr mXH1mrBvKtv0FvysAxmSNWHoBXAM/wsaOG9vIQkeqmn0MFIsOK+JDr9OM2XXyjF2 hI60gs5Bm9o9dHylDEpT5thdwP4vmwC9o94dlR03RvR7ei21VlBCqusf4p7eLBi7 9yzSi5oM+s+peGQAFmTm1VtVzyOcoRdCDl+6NBKQniXERIMvByxlhokkQoriU6gi rOpX8YyD/2pP18H1CWeuH/EonsXvMFKNuogR4b3Df+++H7OyKCdqkxKSY1wSmSpY AW/d7lD90J+8RrSp2ISSfenYn7/7uTWA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=zuAXQGZN2qSczmNFu B3L1PXdRjDgVm6jkLKadYlCdkw=; b=jnLbN8rgy5WJlUtmCJSADdm93x9fKl8ZG G8zg8d10zpVmj9+NcSjbEdlMuJkkuELir8z2tv8WDIqNbQrP790a7sTYckeJF5uP BAlx8A8WEFJYYCam5nguRC4bURAwMpybyFysUhZOLrOPs1ERGi0olukKWu+IdV/B FieNWuc5nEQOry04aSOL9V5ZWJaSW6DgT763uWg2giUolH47LrEp4hh849G7zDfh LC6VNzi1CwcrkIUcwxcfl5vHfb1ZMP04yIa7NLUAYtQsJVxJCDUG+znfDyKZyKBb KZ+uhxkjWPg+HWm6XenptZFmerac0CNRtr/xw09Den28usmO+6iag==
X-ME-Sender: <xms:enkVYmZDQF-FQ3oh7SVZR4B_22Kl0lx7TR6b4zOz1s4lcT5mali87g> <xme:enkVYpZy6CiurGE6qf3chrk-MXZ0YPwdy0KHovupMsiClOW_yWB7bR631GjGOSaxo OJUkB6Iv0bOs2VSoA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrkeelgdduhecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesrgdtre erreerjeenucfhrhhomhepfdfuvghphhcuifgvnhhtlhgvfdcuoehmvgesjhhoshgvphhh ghdrtghomheqnecuggftrfgrthhtvghrnhepjeevueekffffteeuhfetffdvieetteehvd eiteegheevleeigfevtdegjeeikefhnecuffhomhgrihhnpeiffedrohhrghdpmhgvrhgt uhhrvgdrrhhotghkshdpghhithhhuhgsrdgtohhmpdguuhhnghhlrghsrdhfrhdpmhhnoh htrdhnvghtpdhivghtfhdrohhrghdphhhtthhpsghishgrshgrghhrohhuphhthhhinhhk shdrihhsnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epmhgvsehjohhsvghphhhgrdgtohhm
X-ME-Proxy: <xmx:enkVYg_mk--M-agpzfxjJ1K26oiuAIBgglCkyJ_s2jgBXTn7GxXaaA> <xmx:enkVYoraYT-GZcWxhDq7K6XsBXpVXRzkCIrC3CeElJwusNu_VV9dkQ> <xmx:enkVYhrNfUYJyEfA6oLfzq7djMy2hSy73ilrn9vItoyXetbusQsZSg> <xmx:e3kVYo2jJ8D8hHphp4eO68V3et_B9JH0-sIrEdAIsvOf6pWINoPllQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id B3EEC2180085; Tue, 22 Feb 2022 19:02:02 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-4778-g14fba9972e-fm-20220217.001-g14fba997
Mime-Version: 1.0
Message-Id: <684e1ecf-8504-4ca1-9be8-7eb8e9e07d6c@www.fastmail.com>
In-Reply-To: <PH0PR22MB3102FCEEB29C1084899DBC6DDA3B9@PH0PR22MB3102.namprd22.prod.outlook.com>
References: <8a75a96a-286d-9260-498f-0b7dd8260156@gmail.com> <CADU7aos5T=hhPvtDz1aUAQ8PrZtFYwGVPp40se+yP=i2hFbZ0Q@mail.gmail.com> <PH0PR22MB3102FCEEB29C1084899DBC6DDA3B9@PH0PR22MB3102.namprd22.prod.outlook.com>
Date: Wed, 23 Feb 2022 11:01:42 +1100
From: Seph Gentle <me@josephg.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="8ae448526e1e4075ab587588570970e2"
Received-SPF: pass client-ip=66.111.4.28; envelope-from=me@josephg.com; helo=out4-smtp.messagingengine.com
X-W3C-Hub-DKIM-Status: validation passed: (address=me@josephg.com domain=josephg.com), signature is good
X-W3C-Hub-DKIM-Status: validation passed: (address=me@josephg.com domain=messagingengine.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-4.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1nMf6j-0004rL-RD ff9f6a397bebd1f087f4cb448c5704e9
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Mnot's Pub/Sub for the Web
Archived-At: <https://www.w3.org/mid/684e1ecf-8504-4ca1-9be8-7eb8e9e07d6c@www.fastmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/39852
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

To me, the heart of HTTP is a core set of reusable verbs that we can use with different URLs (nouns). But the verbs we have now assume resources never really change. (Or if they do, you need to poll for changes).

One way of thinking of the braid proposal is that semantically we want to add a missing verb (subscribe) to URLs so the server can notify clients when a resource changes. Ideally I'd like to do this in a way which allows arbitrary clients to subscribe to arbitrary resources. (Unlike websockets or SSE, which both need applications to invent application-specific protocols for this)

And this is useful in lots of use cases:

- Caches keeping some pages "hot" without needing to revalidate
- Live updating values (eg server monitoring, watching the price of bitcoin, etc)
- Collaborative editing
... Etc.

There's a few parts we need to do this well, which aren't often considered when people mention pub sub, like:

- Versioning & reconnecting
- Patches (with named types, so generic clients can be written)

I'd be happy for it to be a GET query with options or something, but however we do it I think it would be much *cleaner* implemented as part of HTTP. I want it to be understandable by caches and middle boxes, rather than something sitting on top of HTTP in an idiosyncratic way.

-Seph


On Wed, 23 Feb 2022, at 8:22 AM, Mike Bishop wrote:
> This is a very interesting space, and I’m glad we have two such solid contenders.  I’m not convinced this fits squarely within HTTP’s mandate, as this seems more like a protocol on top of HTTP than a pure extension to HTTP.  Perhaps like OHAI, there might be enough interest to warrant a dedicated working group?
>  
> 
> *From:* Kévin Dunglas <kevin@dunglas.fr> 
> *Sent:* Tuesday, February 22, 2022 12:56 PM
> *To:* Michael Toomim <toomim@gmail.com>
> *Cc:* HTTP Working Group <ietf-http-wg@w3.org>; Mark Nottingham <mnot@mnot.net>
> *Subject:* Re: Mnot's Pub/Sub for the Web
> 
> 
>  
> Thanks for bringing this topic to the list again!
>  
> On the Mercure side, the spec has stabilized. Several open-source and proprietary implementations are available (https://mercure.rocks/spec#implementation-status), and adoption is growing: 2.7K stars on GitHub, dozens of open source projects using it, large companies publicly declaring use...
>  
> Many new use cases have been reported on the bug tracker over the years, and we improved the spec to cover most of them. Some minor issues still need to be handled (https://github.com/dunglas/mercure/labels/spec), but we're very soon to publish the final version of the specification.
>  
> As demonstrated by the discussions on Hacker News, Mark's great article, and by the adoption of Mercure, the community is in demand of a pub/sub standard for web resources.
>  
> Even if most discussions occurred on GitHub, Slack, Twitter, and other channels instead of on IETF mailing lists, the Mercure spec is now implemented by production-grade "running code" and has reached "rough consensus".
>  
> Mercure is less ambitious than Braid. Its scope is more limited. It is focusing on providing a simple pub/sub protocol for web content proved working with the current web infrastructure (web browsers, proxies,, firewalls, etc). In its current state, it doesn't require any JS library or polyfill client-side.
>  
> The spec is very similar to the WebSub specification from the W3C, but mainly targets web browsers instead of servers. As WebSub, Mercure uses a hub to distribute web resources, which allows implementing the protocol easily even in legacy applications, with languages not designed to handle long-living connections (e.g. PHP), and when using modern infrastructure such as serverless and edge computing platforms (https://dunglas.fr/2019/07/mercure-real-time-apis-for-serverless-and-beyond/). Unlike WebSub, Mercure natively supports authorization, end-to-end encryption, and state reconciliation. Both clients and servers can be publishers.
>  
> Currently, Mercure only allows using SSE as transport, but we'll maybe allow using other transports such as WebSockets and Web Transports, probably as extensions to the current spec, to cover use case such as transmitting non-base64-encoded binary data (https://github.com/dunglas/mercure/issues/616).
>  
> Braid is very interesting and has a much broader scope (state synchronization, P2P, etc). It also requires more changes to the current software stack to be natively supported by the web platform. Mercure overlaps only with the "subscribe" feature of Braid, and I've the feeling than Braid could use Mercure (and probably WebSub too) for its subscribe feature, at least in a first iteration.
>  
> I wonder how we can move forward regarding the standardization of a pub/sub protocol for web content and web browsers. Even if Mercure gained traction outside of the IETF, it hasn't on this group. I was thinking about proposing the final version of the spec as an independent-track RFC, or to the W3C as it is very close to WebSub, and is also related to the other specs published by the Social Web Working Group (ActivityPub, and even Solid). But as the this topic is discussed again, maybe could we work on a pub/sub protocol here?
>  
>  
>  
> On Sun, Feb 20, 2022 at 10:39 AM Michael Toomim <toomim@gmail.com> wrote:
>> Hello, HTTP!
>> 
>> Today Mark Nottingham posted a great articulation of the issues programmers face when choosing between using SSE, WebSockets, and WebTransports:
>> 
>>> https://www.mnot.net/blog/2022/02/20/websockets
>>> 
>> I'll attempt to summarize Mark's beautiful insight as: in almost all cases, what the programmer *really* wants is a Pub/Sub protocol, not an arbitrary socket. And we could standardize a Pub/Sub protocol, and that would have great benefits.
>> 
>> These benefits are real and I think could improve performance dramatically. CDNs could cache realtime updates, not just static data.
>> 
>> However, I'll take Mnot one further, and propose that when a programmer is choosing a Pub/Sub protocol, what he *really* wants is a State Synchronization protocol, not an arbitrary Pub/Sub protocol.
>> 
>> He wants to Subscribe specifically to *state updates*. He wants to Publish specifically *updates to state*.
>> 
>> What we need is not a general Pub/Sub standard, but specifically a State Synchronization standard. State Synchronization is a constrained type of general Pub/Sub. And we'll need to constrain Pub/Sub in this way to address some of the issues Mark brings up, such as:
>> 
>>> > There are also some architectural/philosophical concerns about how non-final responses **relate to the state of the resource**.
>>> 
>> The relationship between a server's "responses" and the "state of the resource" is what a State Synchronization protocol defines. And, in fact, we have two proposed solutions to State Synchronization in the IETF!
>> 
>>> 
>>> 
>>> Braid:         https://datatracker.ietf.org/doc/html/draft-toomim-httpbis-braid-http
>>> Mercure:    https://datatracker.ietf.org/doc/draft-dunglas-mercure/
>>> 
>>> 
>> I am seeing a growing awareness that HTTP needs to add State Synchronization abilities, as well as excitement about the new fundamental power it gives programmers on the web.
>> 
>> These protocols transform HTTP from a State *Transfer* into a State *Synchronization* protocol. Whereas a transfer protocol can move a resource from server to client in a single request/response, it requires an application programmer to take over if the resource ever changes after the response completes. That sucks for programmers. A synchronization protocol provides a much better programming abstraction. The programmer just says "I want state X", and can assume it will be kept up-to-date by the protocol.
>> 
>> If we standardize this, we also get CDNs that automatically cache dynamic content (the stuff currently hidden within websockets), just as easily as they cache static content today. We get collaborative editing and offline modes available in web apps for free. We also take an important step towards decentralizing the web, by creating an open standard for the trickiest part of decentralized app development — data synchronization — that is compatible with P2P CRDT and OT algorithms.
>> 
>> Since this all seems to be coming together, I would like to know what HTTPbis as a group thinks. Is there interest in this topic?
>> 
>> If so, what aspects might we want to work on?
>>

v2.23.0 | Report a Bug | By Email