[Webpush] Message payload format
Peter Beverloo <beverloo@google.com> Thu, 15 May 2014 19:03 UTC
Return-Path: <beverloo@google.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C047E1A0178 for <webpush@ietfa.amsl.com>; Thu, 15 May 2014 12:03:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.029
X-Spam-Level:
X-Spam-Status: No, score=-2.029 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TL0n_zzfQ3rW for <webpush@ietfa.amsl.com>; Thu, 15 May 2014 12:03:00 -0700 (PDT)
Received: from mail-qg0-x233.google.com (mail-qg0-x233.google.com [IPv6:2607:f8b0:400d:c04::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C58FB1A014E for <webpush@ietf.org>; Thu, 15 May 2014 12:02:59 -0700 (PDT)
Received: by mail-qg0-f51.google.com with SMTP id q107so2526090qgd.10 for <webpush@ietf.org>; Thu, 15 May 2014 12:02:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=hmtJxgQPH/KkCKPYunO7a4ZPFLOpY5UqMYtt9QsjDMc=; b=B/R7mA42eUksfiMPouyDxEm0mriggZdorKipu7/1KGkFv3OIN8/CSxmzUeTlf/hP7Q XQ6aKJ+PJERoZhFAEinxU+tZN0cicGWIqTZGfkAO5EpA8JUob/AZZUY/n89NkgHsBpHZ X6qCsXTlXbS6ong22s/87J+BzDPVMWQGfKOxZ1tnN8fzGAnHtqu3XQGNAPGv7TVFI6hk vZJXtbBoAsoAKsVQiz2KrTJ9db+uD5/l43YsMNkkewN2XKJrcuzICwY0p8WheKb6Rrus 13VovkGkmpbiTpwr6OJoa8KJQnc5mfg3J7wJEOo6v8ApaRbYaUGaKdBAirchRdlLP7uL dpDA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to:cc :content-type; bh=hmtJxgQPH/KkCKPYunO7a4ZPFLOpY5UqMYtt9QsjDMc=; b=ffut9wMua1FWpeT49RcD+5u1A5xUmPLrzznj2Icq4et2eDWZ/qwoppVjaitZNYY8o4 ucqtlgFAaCbce1nqzzmCT4K8BIK5Lyd1J5bz8yLXNjO82sfOQ6EDYIrEt5HzXJJmwAO7 yrm4hGNNMbP4OkTvYt5P5oQIsmgrCyPEfU5KqFF6HUFHOtKvY/uI44ChYvywiaIlW6qa LLDh16ulKo5VGPt5YUOeqvXrB7v0mjHy6ySgj7JUf9U4LICSSvY2YBbl/Vv7C1WepjlN zWWwB9M+8wmkVvoqgtrv8N2nr5TG+gI2m2aNbkvRt73Wg7kEAlEL0rAdDAn9TJPgCoog vHNA==
X-Gm-Message-State: ALoCoQktUGyHqdb3DoIGLe4eFZeTzmb+J59t2M0ggKZqJ3m1Cr/GwlwKmXMlt5uwu5O6R9PRI8zZ
MIME-Version: 1.0
X-Received: by 10.140.80.229 with SMTP id c92mr17447197qgd.79.1400180572222; Thu, 15 May 2014 12:02:52 -0700 (PDT)
Received: by 10.229.214.196 with HTTP; Thu, 15 May 2014 12:02:52 -0700 (PDT)
Date: Thu, 15 May 2014 20:02:52 +0100
Message-ID: <CALt3x6==SWVdT_fuwBng3hGEMTz6APXeTk1=C=Mq6WszDPkjTg@mail.gmail.com>
From: Peter Beverloo <beverloo@google.com>
To: webpush@ietf.org, Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="001a11c126c8a10feb04f974f1ba"
Archived-At: http://mailarchive.ietf.org/arch/msg/webpush/jL4JFLnbulLzvOMT3SHg2UpIyME
Cc: Doug Turner <dougt@mozilla.com>
Subject: [Webpush] Message payload format
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 May 2014 19:03:02 -0000
Hi Martin, On Thu, May 15, 2014 at 5:16 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > > > * Definition of the payload itself. > > > > This seems to be missing in the draft. I assume we’ll work on this later? > > :-). > > Doug asked about it too. > > That was entirely intentional. The payload is defined. It's whatever > you can put in an HTTP PUT. I see. I understand that by consolidating the Push registration Id and the endpoint, as the Web Push API currently describes, the developer would be able to utilize the entirety of the HTTP PUT request body for the data payload. There are a few reasons why I don't think this is a good idea. (1) It requires a push message to have a 1:1 relationship with a specific channel. This is sufficient for many instant messages use-cases, but presents a limitation for broadcasting (1:N relationships) use-cases. To name two examples, in the instant message situation a message might be directed to a group of people. For a news service, an important article will be sent to a series of users, not just individuals. Sending individual HTTP requests for each of them introduces a large amount of overhead. You mention that it compromises end-to-end security, I would like to understand what you are thinking of exactly. It is true that the developer loses the ability to use per-user encryption keys when multicasting a message, but unless the draft enforces payload encryption this seems like a trade-off which the developer should make. (2) It limits the ability to specify advanced options. GCM supports various advanced options, which have gained a lot of traction from developers. To name a few notable examples of our features: collapse_key - override previous messages to a channel having the same collapse_key. time_to_live - timeout before which the message should be delivered, before it will be dropped. delay_while_idle - postpone delivery of a message until the user wakes up their device. Given the traction these features have, I would propose including options in the protocol. These could be specified in the query string of the PUT request, but this doesn't scale very well, especially when considering the 1:N relationships. As such, what would your opinion be on using a minimalistic JSON syntax? { "recipients": "..", // 1:1 "recipients": ["..", ".."], // 1:N "data": ..., // an object or an opaque string. "delay_while_idle": 1, // optional options. } We can consider standardizing smaller satellite specifications to describe the available options, and the basic behavior to expect from them. Thanks, Peter
- [Webpush] Message payload format Peter Beverloo