[Webpush] The Push Experience
Benjamin Bangert <bbangert@mozilla.com> Thu, 25 February 2016 04:44 UTC
Return-Path: <bbangert@mozilla.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 098131B315E
for <webpush@ietfa.amsl.com>; Wed, 24 Feb 2016 20:44:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.421
X-Spam-Level: *
X-Spam-Status: No, score=1.421 tagged_above=-999 required=5
tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id RVmrA6bkMu1p for <webpush@ietfa.amsl.com>;
Wed, 24 Feb 2016 20:44:05 -0800 (PST)
Received: from mail-yk0-x22c.google.com (mail-yk0-x22c.google.com
[IPv6:2607:f8b0:4002:c07::22c])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id B78F41B3155
for <webpush@ietf.org>; Wed, 24 Feb 2016 20:44:05 -0800 (PST)
Received: by mail-yk0-x22c.google.com with SMTP id z13so17639811ykd.0
for <webpush@ietf.org>; Wed, 24 Feb 2016 20:44:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mozilla-com.20150623.gappssmtp.com; s=20150623;
h=mime-version:date:message-id:subject:from:to:content-type
:content-transfer-encoding;
bh=QXHjI/17ZU03x7scQ7hNcBaY7z6PdfF9Ox02OMvtGZk=;
b=K7wz4/J6cjdJ/w++eb0VqJvZW48GIQHUPn8GkQ8Azx23LQj+dbjXv+ayEngnETRq+F
2wBxl7j2K87mPug9THnkrIEwIee8QbsEq7aIFJgfO8kdHtD2yUiX8Vfl1lJhYY2Gv/p8
J55X6/ezoGxZu8eup+iqjJcXbSJhuP/XiT8TXLvp5lF+hw+ARLOll29J4EckfJ4K8WUF
Ii2lJPh7ha9RmMzEbib/4urUg5wXaQCx9UJQRjh5gQX9hGnGgy2uieNMyGkRR85pAFEY
Oj9ZwgqMc6hN5QlXOw2Ad2ezl91+VP+xxhS7apJ7efWGDzrkaGROPr+telbV8z1p61/8
m4jQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:date:message-id:subject:from:to
:content-type:content-transfer-encoding;
bh=QXHjI/17ZU03x7scQ7hNcBaY7z6PdfF9Ox02OMvtGZk=;
b=Y+tnMVE0YZKm8AcOkVz4O2QqIIK1lVs2qoXIgzydG403bGlDS2vBLREUFDBXeJic56
8cX0IXMaVXXpxaAPaLvFOUhq0q2Z6VijcFSgX/b07PLWLk6XCfIkjraLFfebs28o2gJM
D5Iqfp8zrJL/noTagBsymt1X5woGYRXvY92IVUXzJWmMj/D3Udcx7GrpWevMlCnQsHR2
PSg1+ZnYh7XdJiPlEEozw+OKqnSy2hsDlK2fQMU2qdWsxrGmV1FbrnnSBxigPCmK3iZM
DENgkmPCKAIc1RT34UeqKq16eWe6FZQFYFP5ZSdNPQflEk0HcMGFxLaWCkEDE2r2x8sm
Vl4g==
X-Gm-Message-State: AG10YOQLEKqwcrWr+MwardGY7gHMpkRjcmFHUfxjxTkWTjinGqQ0T1Cqn1shMS31lCut5MT84inhVkBDM6nr9YZE
MIME-Version: 1.0
X-Received: by 10.37.95.84 with SMTP id t81mr23571945ybb.58.1456375444865;
Wed, 24 Feb 2016 20:44:04 -0800 (PST)
Received: by 10.37.196.68 with HTTP; Wed, 24 Feb 2016 20:44:04 -0800 (PST)
Date: Wed, 24 Feb 2016 20:44:04 -0800
Message-ID: <CABp8EuK=DRedhyScTK5iFZaUb3tdiA3LsTewwD9TYJUiGSD1Ug@mail.gmail.com>
From: Benjamin Bangert <bbangert@mozilla.com>
To: "webpush@ietf.org" <webpush@ietf.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/webpush/Faw3RKInWhtKz-o6oat45CUT_zk>
Subject: [Webpush] The Push Experience
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol
<webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>,
<mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>,
<mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2016 04:44:09 -0000
This may not be entirely on-topic for the webpush ietf spec per-se, but I know a lot of the right people are on this list, so I'm going to throw this out here. If this was already proposed elsewhere, and there's work proceeding on it, great, link me to it so we can choose a version to support. :) First, a little background. Almost a month ago, Firefox 44 was released which included Push support along with data payloads per the recent WebPush draft 02. Since its release, we've seen some interesting uses of it, the least of which was lots of dropped messages due to missing TTL headers which the recent spec additions remedy. The most glaring issue though, is some of the difficulty from early adopters actually trying to use it. This shouldn't be too surprising, because to provide a compelling Push experience, a developer must understand and utilize at least 4 specs, possibly 5... DOM API's Notification API: https://notifications.spec.whatwg.org/ ^^ There's also WebNotification API on W3C, how do developers ever figure this out?? Service Worker API: https://www.w3.org/TR/service-workers/ Push API: https://www.w3.org/TR/push-api/ IETF WebPush: https://datatracker.ietf.org/doc/draft-ietf-webpush-protocol/ Dep, HTTP Encryption: http://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-00 VAPID: https://datatracker.ietf.org/doc/draft-thomson-webpush-vapid/ Dep, JWT: http://tools.ietf.org/html/rfc7519 (Additional Dep. specs left out) This is.... rather overwhelming to many web developers. Nevermind trying to figure out what drafts of what specs each browser has actually implemented. So far we have already seen libraries drop to the lowest common denominator, which so far means we have not been carrying data payloads even though Firefox supports it, because Chrome does not. This doesn't include how you ask for permissions for these things, because technically the Notification permission is separate from the Push permission, but afaik, both Chrome and Firefox will accept one of them as both to reduce clutter. So you might have accepted notifications without knowing you get push when the tab is closed, though lots of users probably can't make that distinction..... ugh. How these permissions are squashed, and for which browsers, appears to be completely ignored by the docs I've seen. Do the doc writers even realize browsers are squashing these permissions? None of these specs speak to the user experience. Does the service backing my browser allow 200 or 2000 notifications to be queued? Will they all be shown? Do I want them to be? Does the browser implement safeguards to prevent my screen from being flooded with these? Is there a spec dictating the UX for how to handle 100 queued notifications in a way that doesn't make the user immediately delete the program (like the ask for permission spec)? Even ignoring the above paragraph, which some could perhaps consider a browser detail that should not be mandated (so we can all compete on how compelling our notification spam management is), there's more important questions for our developers. How do I code this in a way that works on more than one browser given there's 4-5 API's at various draft states implemented at different stages in each browser? For that last question specifically, I'm proposing there a meta-specification, perhaps called the Push Experience (I'm bad at naming specs, no clever initials like VAPID), which essentially acts as a global version pegging for the various spec dependencies needed for a good Push experience. I.e. Push Experience Draft 1: - Notification API Draft N: - Service Worker API Draft Z: .... This way it's clearly documented to a developer what the overall set of available API's they can work with are, as a base minimum for each browser. I'm not a spec-writer myself, so I don't even know what group this belongs in.... whatwg? ietf? w3c? Technically it's a meta-spec pegging specs from a variety of groups together to provide a cohesive whole that a developer won't lose their mind over implementing. I'm not sure there's much precedent for this, as I haven't heard of any other emerging web tech's that involve so many specs in such a variety of locations (back-end and front-end web dev). I'd be happy to collaborate on this, or for some others to take over this entirely, as I do believe having something like this is very important to developers attempting to use Push. I'm not sure what the appropriate venue for something of this nature to be, since it would appear to tie together specs in at least 3 different spec groups. Maybe it’s not a formal spec at all, but some other collaboration to agree on minimum definitions for each phase, like the ACID 2 vs. ACID 3 browser tests so that a developer could easily see ‘How ready is my browser for a Push Experience?’. Thoughts? Cheers, Ben
- [Webpush] The Push Experience Benjamin Bangert
- Re: [Webpush] The Push Experience Luke Crouch
- Re: [Webpush] The Push Experience Benjamin Bangert