[w3ctag/design-reviews] Navigation to Unsigned Web Bundles (Web Packaging) (#509) from Kunihiko Sakamoto on 2020-04-24 (public-webapps-github@w3.org from April 2020)

From: Kunihiko Sakamoto <notifications@github.com>
Date: Thu, 23 Apr 2020 23:31:55 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/509@github.com>

Hello TAG!

I'm requesting a TAG review of Navigation to Unsigned Web Bundles (Web Packaging).

We propose to use the [Web Bundle format](https://wicg.github.io/webpackage/draft-yasskin-wpack-bundled-exchanges.html), without origin-trusted signatures, to give users a format they can create from any website they're visiting, share it using existing peer-to-peer sharing apps, and then have a peer load it in their browser. 

  - Explainer¹ (minimally containing user needs and example code): https://github.com/WICG/webpackage/blob/master/explainers/navigation-to-unsigned-bundles.md

    - Format spec proposal: https://wicg.github.io/webpackage/draft-yasskin-wpack-bundled-exchanges.html; this is being discussed in the [IETF's WPACK WG](https://datatracker.ietf.org/wg/wpack/about/).

  - Security and Privacy self-review²: [Security/Privacy Questionaire section in the explainer](https://github.com/WICG/webpackage/blob/master/explainers/navigation-to-unsigned-bundles.md#securityprivacy-questionaire)
  - GitHub repo (if you prefer feedback filed there): https://github.com/WICG/webpackage/

  - Primary contacts (and their relationship to the specification):
    - Jeffrey Yasskin (@jyasskin), Google
    - Kinuko Yasuda (@kinu), Google
    - Kunihiko Sakamoto (@irori), Google
    - Kenji Baheux (@kenjibaheux), Google
  - Organization/project driving the design: Google 
  - External status/issue trackers for this feature (publicly visible, e.g. Chrome Status): [Chrome Status](https://www.chromestatus.com/feature/5377722941440000)

Further details:

  - [x] I have reviewed the TAG's [API Design Principles](https://w3ctag.github.io/design-principles/)
  - The group where the incubation/design work on this is being done (or is intended to be done in the future): WICG
  - The group where standardization of this work is intended to be done ("unknown" if not known): IETF WPACK WG for the format and unknown for the browser side
  - Existing major pieces of multi-stakeholder review or discussion of this design: https://github.com/mozilla/standards-positions/issues/264

  - Major unresolved issues with or opposition to this design: It's complex, and it's not clear how to define or render the URLs for non-authoritative subresources.
  - This work is being funded by: 

You should also know that...

- The format spec mentions “signature” section and relation to [Signed Exchanges (SXG)](https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html), while we'd like to scope this TAG review to unsigned WBNs (unique-origin WBN navigation and same-origin WBN navigation).  For signed bundle navigation it can act like SXG, and likely don’t need extra review beyond [previous](https://github.com/w3ctag/design-reviews/issues/235) SXG discussion and this review.

We'd prefer the TAG provide feedback as (please delete all but the desired option):

  🐛 open issues in our GitHub repo for **each point of feedback**


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/509

Received on Friday, 24 April 2020 06:32:09 UTC