Websockets - IETF v WHATWG?
The Web Dev Zone is brought to you in partnership with Mendix. Discover how IT departments looking for ways to keep up with demand for business apps has caused a new breed of developers to surface - the Rapid Application Developer.
There is a jurisdictional issue brewing over the future of internet standards - I know because I'm stirring the pot. The dispute is between the WHATWG and the IETF regarding the specification process for the websocket protocol (which I have some concerns about, but none the less is supported by Jetty).
The IETF is the body that has been responsible for developing and/or standardizing the vast majority of protocols which run the internet: HTTP, FTP, SMTP, etc. It has an open collaborative based process based on working code and rough consensus and is overseen by the Internet Society, a non profit organization with membership open to all.
The WHATWG was formed in response to concerns about the W3C's evolution of HTML and has been instrumental in developing the HTML5 standards. It is essentially a browser vendor consortium that is governed by an invitation only committee and lead by a Google employee. While it's process is conducted openly and all are invited to participate, only the appointed editor has any power in the actual decision making process. The editor is appointed by the browser vendors.
The majority of the WHATWG efforts have been about HTML5, and most welcome the advances they are driving in the browsers. However, the websocket API and protocol have also come out of the HTML5 work and specify a new protocol that will run over ports 80/443, that will start off looking kind of like HTTP, but is expressly not HTTP.
Making the internet work well by producing quality standards is exactly the mission statement of the IETF. So a new protocol running over port 80 is definitely something that falls within the scope of the the IETF mission. The WHATWG were invited to submit their protocol as a IETF draft document, which they did and the IETF after due process has formed the hybi working group to " take on prime responsibility for the specification of the WebSockets protocol". This appears to have shocked the WHATWG and they saying that they do not wish to relinquish editorial control of the protocol. It appears they were hoping for a rubber stamp from the IETF.
Meanwhile, Google's Chrome browser has started shipping with the websocket protocol enabled and it is expected that other browser vendors in the WHATWG consortium will soon follow. The argument has been made that it's "already shipping", so it's too late to make any significant changes to the protocol.
The problem is that the protocol has been developed by only a fragment of the internet industry, and essentially by a single company within that fragment. There has been no consensus sought or obtained from the wider internet community - ie servers, routers, bridges, proxies, firewalls, caches, load balancers, aggregators, offloaders, ISPs, filters, corporate security policies, traffic monitoring, billing, accounting, shaping, application frameworks etc. etc. These communities and vendors are waking up to a world where the traffic they expected over port 80/443 aint what it used to be. Their products and services will be broken, bypassed or at best co-opted for unintended usage. They had no real voice in this change. Many would not have even realized that the HTML5 effort was going to substantially change the wire protocol.
It is easy to present this state of affairs as a takeover of port 80 by Google so that they can get Wave to work better. That google expect the rest of the industry to scramble to make the changes necessary to allow websockets to tunnel through the infrastructure unhindered by any concerns other than connectivity to Google. I know that this characterization of the situation will be taken as personally insulting to the individuals involved, who I'm sure are acting in good faith and not as part of some conspiracy. However, the power of group-think is significant and individuals are greatly affected by the environment that they operate in. Conflicts of interest are avoided by not by peoples best intentions, but by not creating processes that are inherently conflicted.
I don't mean to be too Machiavellian about this, but if the IETF does not assert is roll as the primary internet standards body, then the outcome will essentially be that a Google led consortium has taken over port 80. Note that Google are also doing some great research on a HTTP replacement protocol called SPDY, which is showing some excellent promise. SPDY might be the way of the future, but do we really want it to arrive by having google simply start shipping it in Chrome? If we let port 80 be taken by websockets without consensus, then could happen with HTTP as well (mwah ha ha ha)!
The websocket protocol as specified by the WHATWG might indeed be wonderful, but unless we follow due process, we will not really know that it is. The IETF has a truly open process based on rough consensus in which all are welcome to participate. They have a proven track record and have overseen the standards that have withstood the unprecedented growth in the internet. The IETF are the natural body to oversee standardization of internet protocols and there is no evidence that this task would be better handled by a closed industry consortium lead by Google.
My suggestion of how to break this impasse, is for the WHATWG to continue to be the editor of the current specification and to push forward with the deployment of 1.0, which essentially ignores intermediaries and proxies anyway. In parallel, the IETF should continue with their working group to develop the 1.1 specification based on 1.0, but with an all-of-industry rough consensus.