Minutes
IAB Teleconference (Techchat)

2011-02-02

1. Roll-call, agenda-bash, administrivia, approval of minutes

1.1. Attendance

PRESENT
Bernard Aboba
Ron Bonica (IESG liaison to the IAB)
Ross Callon
Spencer Dawkins
John Klensin
Glenn Kowack (RFC Editor Liaison)
Danny McPherson
Jon Peterson
Andrei Robachevsky
Dow Street (IAB Executive Director)
Hannes Tschofenig
APOLOGIES
Marcelo Bagnulo
Aaron Falk (IRTF Chair)
Russ Housley (IETF Chair)
Olaf Kolkman (IAB Chair)
Lynn St.Amour (ISOC Liaison)
Dave Thaler
Vittal Krishnamurthy (IAB Scribe)

1.2. Agenda

No agenda items were added.

1.3. Administrivia

No administrative items were discussed.

1.4. Meeting Minutes

No meeting minutes were reviewed during this call.

2. Techchat on the Future of Web Applications

Hannes, Bernard, and Jon led a discussion of the Future of Web Applications, focusing on how the migration of many applications to the web browser could affect protocol standardization. They walked through a series of slides which were based on a paper they had submitted to the “RTC in the Browser Workshop” held in October. Real Time Communications (RTC) is an important new functional area in web applications made possible by enhancements in HTML 5.

There are several key components of browser RTC functionality still in development. The RTCWEB BOF proposal currently under discussion proposes work in this area. Furthermore, the IAB technical plenary at IETF 80 looks at this space, although its scope is larger than just RTC.

The change in landscape is due largely to these characteristics of web applications:

– can be updated instantly when a new version becomes available – can be used across a wide range of devices
– are approaching the power of regular desktop applications

This new functionality is due largely to Javascript, and to a lesser degree, HTML 5. Example applications that can now be run in a browser, without plug-ins, include email clients, games, chat, e-books, and web conferencing. Entire protocols are now sometimes implemented in Javascript (e.g., XMPP). A key advantage of this approach is the speed of innovation that becomes possible. However, there are many security and privacy issues that remain, and in most cases it is not possible to exchange information directly between two browsers without a 3rd party backend. The visibility of source code and interaction with server-side infrastructure leads to a different communication paradigm.

The board discussed this ongoing evolution, and the IETF areas that might be impacted, including RAI, APPS, Security (ABFAB), Internet (mobility protocols, IoT), OAM, and Transport (behave, decade, other transport protocols). They then moved into a discussion of browser RTC, specifically, whether media exchanged between two end users could/should be delivered directly (i.e., P2P) or via the intermediate web server.

Bernard noted that today Javascript is intentionally prevented from obtaining the IP address of the local machine, which is one limit to direct P2P applications. Hannes elaborated that many security people had been focused on ‘delivered code’, but now since Javascript is necessary for most web pages, it is difficult to block. Browsers often now get dynamic code that is generated by the server on the fly. Danny raised the trend of ‘democratization of name resolution’, where there are multiple sources for name information (e.g., shim hosts, app with its own resolver address, etc.) Jon added that this path does not require standardization for interoperability, and that the IETF could end up simply specifying the edges around the browser.

Dow asked if there were any specific areas where the performance difference between web apps and native applications mattered now. Bernard noted the high signaling latency through Javascript, and some 3D graphics and sound, but stated there were not many. Danny described the recent use of web pages for opt-in participation in network attacks, such as the wikileaks payback events in recent weeks, which is a shift from more traditional distribution of attack tools. Andrei noted the limits of web applications when offline, and John concurred, but pointed out the increasingly few situations where connectivity is not available.

It was broadly acknowledged that the protocol experience in the W3C is not nearly as deep as the IETF, and that few in the IETF have deep JS and web experience like the W3C, so close coordination between the bodies will remain vital. Jon, Bernard, and others have been working with the W3C to appropriately direct the various pieces of work to the right organization.

Also during the call there was a short discussion of the FCC NOI on the Do Not Track proposal, which is related to the recent Privacy Workshop. Several IAB members are considering writing an ID in this area.