Publishing WG Telco, 2017-09-01: Web Packaging
See minutes online for a more detailed record of the discussions.
Apart from some administrative issues, the meeting was around the Web Packaging work, that is currently on the way to define a packaging spec for the Web. This effort replaces the older Web Packaging spec by the TAG. The work has been presented by our guest, Jeffrey Yasskin, who is the main editor of the work.
The work is currently planned to be under the auspices of IETF rather than W3C, although some of the main sections may be, eventually, taken over the W3C. The "Explainer" document on the Web gives an introduction to the technology. The project came out of our emerging markets‚ — a system might have an expensive or limited data plan — so there is peer-to-peer data sharing. Our team wanted to share web pages in the same way. The current sketch is that the whole thing will be a CBOR (binary version of JSON with a few extra features); it has a sequence of features with an index of sections pointing to the offset of the file. The sections are HTTP requests and answers. There will be some mechanisms for sub-packages, as well. The request is where the interesting stuff happens. It has a set of signatures and a certificate on how to trust those signatures. Then there is the manifest - which is the app manifest - and a set of hashes of the sub-resources. There can be a set of hashes for each resource. The thing that is hashed is the concatenation of the request headers, the request, and the body.
The short presentation was followed by some questions and answers, considering issues like relationships to Service Workers (which is very good, ie, a service worker based implementation may hide the details of packaging on the network layer), how to handle this approach with non-browser clients, relationships to (and difficulties with) certificate management, relationship to ZIP, etc.