draft-iab-escape-report-00.txt   rfc8752.txt 
Network Working Group M. Thomson Internet Architecture Board (IAB) M. Thomson
Internet-Draft Request for Comments: 8752
Intended status: Informational M. Nottingham Category: Informational M. Nottingham
Expires: March 21, 2020 September 18, 2019 ISSN: 2070-1721 March 2020
Report from the IAB Workshop on Exploring Synergy between Content Report from the IAB Workshop on Exploring Synergy between Content
Aggregation and the Publisher Ecosystem (ESCAPE) Aggregation and the Publisher Ecosystem (ESCAPE)
draft-iab-escape-report-00
Abstract Abstract
The Exploring Synergy between Content Aggregation and the Publisher The Exploring Synergy between Content Aggregation and the Publisher
Ecosystem (ESCAPE) Workshop was convened by the Internet Architecture Ecosystem (ESCAPE) Workshop was convened by the Internet Architecture
Board (IAB) in July 2019. This report summarizes its significant Board (IAB) in July 2019. This report summarizes its significant
points of discussion and identifies topics that may warrant further points of discussion and identifies topics that may warrant further
consideration. consideration.
Status of This Memo Note that this document is a report on the proceedings of the
workshop. The views and positions documented in this report are
those of the workshop participants and do not necessarily reflect IAB
views and positions.
This Internet-Draft is submitted in full conformance with the Status of This Memo
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering This document is not an Internet Standards Track specification; it is
Task Force (IETF). Note that other groups may also distribute published for informational purposes.
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Architecture Board (IAB)
and may be updated, replaced, or obsoleted by other documents at any and represents information that the IAB has deemed valuable to
time. It is inappropriate to use Internet-Drafts as reference provide for permanent record. It represents the consensus of the
material or to cite them other than as "work in progress." Internet Architecture Board (IAB). Documents approved for
publication by the IAB are not candidates for any level of Internet
Standard; see Section 2 of RFC 7841.
This Internet-Draft will expire on March 21, 2020. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8752.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document.
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction
1.1. Mention of Specific Entities . . . . . . . . . . . . . . 3 1.1. Mention of Specific Entities
2. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Use Cases
2.1. Instant Navigation . . . . . . . . . . . . . . . . . . . 4 2.1. Instant Navigation
2.2. Offline Content Sharing . . . . . . . . . . . . . . . . . 5 2.2. Offline Content Sharing
2.3. Other Use Cases . . . . . . . . . . . . . . . . . . . . . 5 2.3. Other Use Cases
2.3.1. Book Publishing . . . . . . . . . . . . . . . . . . . 6 2.3.1. Book Publishing
2.3.2. Web Archiving . . . . . . . . . . . . . . . . . . . . 7 2.3.2. Web Archiving
3. Interactions Between Web Publishers and Aggregators . . . . . 8 3. Interactions between Web Publishers and Aggregators
3.1. Incentives for Web Packages . . . . . . . . . . . . . . . 8 3.1. Incentives for Web Packages
3.2. Operational Costs . . . . . . . . . . . . . . . . . . . . 9 3.2. Operational Costs
3.3. Content Regulation . . . . . . . . . . . . . . . . . . . 9 3.3. Content Regulation
3.4. Web Performance . . . . . . . . . . . . . . . . . . . . . 10 3.4. Web Performance
4. Systemic Effects . . . . . . . . . . . . . . . . . . . . . . 11 4. Systemic Effects
4.1. Consolidation . . . . . . . . . . . . . . . . . . . . . . 11 4.1. Consolidation
4.1.1. Consolidation of Power in Linking Sites . . . . . . . 11 4.1.1. Consolidation of Power in Linking Sites
4.1.2. Consolidation of Power in Publishers . . . . . . . . 12 4.1.2. Consolidation of Power in Publishers
4.1.3. Consolidation of User Preferences . . . . . . . . . . 12 4.1.3. Consolidation of User Preferences
4.2. Effect on Web Security . . . . . . . . . . . . . . . . . 13 4.2. Effect on Web Security
4.3. Privacy of Content . . . . . . . . . . . . . . . . . . . 14 4.3. Privacy of Content
5. AMP Issues Unrelated to Web Packaging . . . . . . . . . . . . 15 5. AMP Issues Unrelated to Web Packaging
5.1. AMP Governance . . . . . . . . . . . . . . . . . . . . . 15 5.1. AMP Governance
5.2. Constraints on the AMP Format . . . . . . . . . . . . . . 16 5.2. Constraints on the AMP Format
5.3. Performance . . . . . . . . . . . . . . . . . . . . . . . 16 5.3. Performance
5.4. Implementation of Paywalls . . . . . . . . . . . . . . . 16 5.4. Implementation of Paywalls
6. Venues for Future Discussion . . . . . . . . . . . . . . . . 17 6. Venues for Future Discussion
7. Security Considerations . . . . . . . . . . . . . . . . . . . 17 7. Security Considerations
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 8. Informative References
8.1. Informative References . . . . . . . . . . . . . . . . . 17 Appendix A. About the Workshop
8.2. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 20 A.1. Agenda
Appendix A. About the Workshop . . . . . . . . . . . . . . . . . 20 A.1.1. Thursday 2019-07-18
A.1. Agenda . . . . . . . . . . . . . . . . . . . . . . . . . 20 A.1.2. Friday 2019-07-19
A.1.1. Thursday 2019-07-18 . . . . . . . . . . . . . . . . . 20 A.2. Workshop Attendees
A.1.2. Friday 2019-07-19 . . . . . . . . . . . . . . . . . . 21 Appendix B. Web Packaging Overview
A.2. Workshop Attendees . . . . . . . . . . . . . . . . . . . 21 B.1. Authority in HTTPS
Appendix B. Web Packaging Overview . . . . . . . . . . . . . . . 22 B.2. Authority in Web Packaging
B.1. Authority in HTTPS . . . . . . . . . . . . . . . . . . . 23 B.3. Applicability
B.2. Authority in Web Packaging . . . . . . . . . . . . . . . 23 B.4. The AMP Format, Google Search Results, and Web Packaging
B.3. Applicability . . . . . . . . . . . . . . . . . . . . . . 24 IAB Members at the Time of Approval
B.4. The AMP Format, Google Search Results, and Web Packaging 24 Authors' Addresses
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25
1. Introduction 1. Introduction
The IAB convened this workshop to examine some proposed changes to The Internet Architecture Board (IAB) holds occasional workshops
the Internet and the Web, and their potential effects on the Internet designed to consider long-term issues and strategies for the
publishing landscape. Of particular interest was the Web Packaging Internet, and to suggest future directions for the Internet
proposal from Google, under consideration in the IETF, the W3C's Web architecture. This long-term planning function of the IAB is
Incubator Community Group (WICG), and the Web Hypertext Application complementary to the ongoing engineering efforts performed by working
Technology Working Group (WHATWG). groups of the Internet Engineering Task Force (IETF).
The IAB convened the ESCAPE Workshop to examine some proposed changes
to the Internet and the Web, and their potential effects on the
Internet publishing landscape. Of particular interest was the Web
Packaging proposal from Google, under consideration in the IETF, the
W3C's Web Incubator Community Group (WICG), and the Web Hypertext
Application Technology Working Group (WHATWG).
In considering these proposals, we heard about both positive effects In considering these proposals, we heard about both positive effects
of Web Packaging, and concerns that it could have significant effects of Web Packaging and concerns that it could have significant effects
on the relationship between publishers (e.g., news Web sites) and on the relationship between publishers (e.g., news web sites) and
content aggregators (e.g., search engines and social networks). As content aggregators (e.g., search engines and social networks). As
such, our focus was primarily on this relationship, rather than being such, our focus was primarily on this relationship, rather than
a technical discussion. technical discussion.
Online publishers do not regularly participate in standards Online publishers do not regularly participate in standards
activities directly. A Workshop format was used to solicit input activities directly. A workshop format was used to solicit input
from them. The workshop had 27 participants from a diverse set of from them. The workshop had 27 participants from a diverse set of
backgrounds, including a small number of attendees from publishers, backgrounds, including a small number of attendees from publishers,
one aggregator (Google), plus representatives from browsers, the AMP one aggregator (Google), plus representatives from browsers, the
community, CDNs, network operators, academia, and standards bodies. Accelerated Mobile Pages (AMP) community, Content Distribution
See the Workshop Call for Participation [CFP] for more information Networks (CDNs), network operators, academia, and standards bodies.
and a complete listing of submissions. See the workshop call for papers [CFP] for more information and a
complete listing of submissions.
As intended, the Workshop was primarily a forum for discussion, so it As intended, the workshop was primarily a forum for discussion, so it
did not reach definite conclusions. Instead, this report is the did not reach definite conclusions. Instead, this report is the
primary output of the Workshop, as a record of that discussion. primary output of the workshop, as a record of that discussion.
This report documents the use cases discussed in Section 2 and This report documents the use cases discussed in Section 2 and
explains the interactions between publishers and aggregators that explains the interactions between publishers and aggregators that
might be affected by it in Section 3. Appendix A includes more might be affected by it in Section 3. Appendix A includes more
details about the Workshop itself. For those unfamiliar with Web details about the workshop itself. For those unfamiliar with Web
Packaging, Appendix B provides a summary as background material. Packaging, Appendix B provides a summary as background material.
1.1. Mention of Specific Entities 1.1. Mention of Specific Entities
Participants agreed to conduct the Workshop under the Chatham House Participants agreed to conduct the workshop under the Chatham House
Rule [CHATHAM-HOUSE], so this report does not attribute statements to Rule [CHATHAM-HOUSE], so this report does not attribute statements to
individuals or organizations without express permission. Submissions individuals or organizations without express permission. Submissions
to the Workshop were public, and thus attributable; they are used to the workshop were public and thus attributable; they are used here
here to provide substance and context. to provide substance and context.
2. Use Cases 2. Use Cases
Much of the Workshop concentrated on discussion of the validity and Much of the workshop concentrated on discussion of the validity and
relative merits of the use cases that might be enabled by Web relative merits of the use cases that might be enabled by Web
Packaging. See Appendix B for an overview of what Web Packaging is. Packaging. See Appendix B for an overview of Web Packaging.
2.1. Instant Navigation 2.1. Instant Navigation
The largest use of Web Packaging so far is in Google Search, where The largest use of Web Packaging so far is in Google Search, where
packages are intended to improve the perceived performance of packages are intended to improve the perceived performance of
navigation to pages that are linked from search results when navigation to pages that are linked from search results when
"clicked". "clicked".
To enable this, when a linking (or referring) web page includes links To enable this, when a linking (or referring) web page includes links
to pages on another site, it also provides the browser with a to pages on another site, it also provides the browser with a
packaged copy of the target content, signed by the origin of the packaged copy of the target content, signed by the origin of the
target content. In effect, the referring page provides a cache for target content. In effect, the referring page provides a cache for
the target page's content. If navigation to one of those links the target page's content. If navigation to one of those links
occurs, having the Web Package gives a browser the assurance that the occurs, having the Web Package gives a browser the assurance that the
cache didn't change the content, so it can treat that content as if cache didn't change the content, so it can treat that content as if
it were acquired directly from the server for the target page - even it were acquired directly from the server for the target page -- even
though it came from a different server. In many cases, this results though it came from a different server. In many cases, this results
in significantly lower perceived delay in displaying the target page. in significantly lower perceived delay in displaying the target page.
A vital characteristic of this technique is that the browser does not A vital characteristic of this technique is that the browser does not
contact the target site before navigation. The browser does not make contact the target site before navigation. The browser does not make
any requests to sites until after navigation occurs, and only then if any requests to sites until after navigation occurs, and only then if
the site requires additional content or makes a request directly. the site requires additional content or makes a request directly.
Similar improvements could also be realized by downloading content Similar improvements could also be realized by downloading content
(packaged or otherwise) directly from the target site through a (packaged or otherwise) directly from the target site through a
technique called prefetching. However, doing so would reveal technique called "prefetching". However, doing so would reveal
information about the user's activity on the linking page to those information about the user's activity on the linking page to those
sites - even when the user never actually navigates to it. sites -- even when the user never actually navigates to it.
Note: This technique that uses Web Packaging is also referred to as | Note: This technique that uses Web Packaging is also referred
"privacy-preserving prefetch". This document avoids that term as | to as "privacy-preserving prefetch". This document avoids that
there was some contention at the workshop about what aspects of | term as there was some contention at the workshop about which
privacy might be preserved by the technique. | aspects of privacy might be preserved by the technique.
Sites bundled with Web Packaging can additionally be constructed in a Sites bundled with Web Packaging can additionally be constructed in a
way that ensures that they render without needing any additional way that ensures that they render without needing any additional
network access. This makes it possible to provide near-instantaneous network access. This makes it possible to provide near-instantaneous
navigation. The proposed changes to web navigation in support of navigation. The proposed changes to web navigation in support of
loading Web Packages is designed to support this use case. loading Web Packages is designed to support this use case.
Workshop participants recognized the value of web performance for Workshop participants recognized the value of web performance for
usability, as well as for business metrics like retention and bounce usability, as well as for business metrics like retention and bounce
rates. Such improvements were seen as a valuable goal, but rates. Such improvements were seen as a valuable goal, but
publishers raised questions about whether they justified the cost of publishers raised questions about whether they justified the cost of
supporting an additional format, while others raised concerns about supporting an additional format, while others raised concerns about
different aspects of the Web Packaging proposal. different aspects of the Web Packaging proposal.
2.2. Offline Content Sharing 2.2. Offline Content Sharing
Another primary use case discussed was the ability to share Web Another primary use case discussed was the ability to share web
content between devices where neither has an active connection to the content between devices where neither has an active connection to the
Internet. One of the stated goals of Web Packaging is to enable Internet. One of the stated goals of Web Packaging is to enable
sharing of content offline. sharing of content offline.
Several participants reported that in areas where Internet access is Several participants reported that in areas where Internet access is
expensive, slow, or intermittent, the use of direct peer-to-peer file expensive, slow, or intermittent, the use of direct peer-to-peer file
exchange (e.g., "saving a Web site and sharing it on a USB stick") is exchange (e.g., "saving a website and sharing it on a USB stick") is
commonplace. Most Web browsers already have some affordances for commonplace. Most web browsers already have some affordances for
this, but these are recognized as in need of improvements. this, but these are recognized as in need of improvements.
In the discussion, several rejected an assumed requirement of this In the discussion, several rejected an assumed requirement of this
use case - that there be no difference between the treatment of a use case -- that there be no difference between the treatment of a
"normal" Web page and that of one loaded from an offline Web Package. "normal" web page and that of one loaded from an offline Web Package.
The ability for a Web Package to provide clear attribution for The ability for a Web Package to provide clear attribution for
content was seen as valuable by some participants for a range of content was seen as valuable by some participants for a range of
reasons. However, reservations were expressed about the subtleties reasons. However, reservations were expressed about the subtleties
of the properties that signatures provide and the effect of this on of the properties that signatures provide and the effect of this on
Web security; see also Section 4.2 and Section 2.3.2. web security; see also Sections 4.2 and 2.3.2.
Many participants pointed out that using "unsigned bundles" - that Many participants pointed out that using "unsigned bundles" -- that
is, Web Packages without Signed Exchanges - could be adequate for is, Web Packages without signed exchanges -- could be adequate for
this use case, since most users don't need cryptographic proof of the this use case, since most users don't need cryptographic proof of the
site's identity. However, some expressed concerns that this might site's identity. However, some expressed concerns that this might
worsen the propagation of falsehood. worsen the propagation of falsehood.
Some suggested that the value of Signed Exchanges was not realized in Some suggested that the value of signed exchanges was not realized in
small-scale interpersonal exchange of information, but in the small-scale interpersonal exchange of information but in the building
building of systems for content delivery that might include of systems for content delivery that might include capabilities like
capabilities like discovery and automated distribution. The discovery and automated distribution. The contention here was that
contention here was that effective use of digital signatures in effective use of digital signatures in offline distribution of
offline distribution of content implied considerably more content implied considerably more infrastructure than was described
infrastructure than was described in current proposals. in current proposals.
No definite conclusions about offline sharing were reached during the No definite conclusions about offline sharing were reached during the
workshop. workshop.
2.3. Other Use Cases 2.3. Other Use Cases
A session on the second morning concentrated on two other significant A session on the second morning concentrated on two other significant
potential use cases for Web Packages: book publishing and Web potential use cases for Web Packages: book publishing and Web
archiving. These were not seen as "primary" by the proponents of Web archiving. These were not seen as "primary" by the proponents of Web
Packaging; the original intent was not to spend significant time on Packaging; the original intent was not to spend significant time on
skipping to change at page 6, line 19 skipping to change at line 260
from web content. Specialists from that industry pointed out that from web content. Specialists from that industry pointed out that
book delivery can vary greatly from typical web content delivery. book delivery can vary greatly from typical web content delivery.
Workshop participants briefly explored existing solutions. PDF was Workshop participants briefly explored existing solutions. PDF was
seen as particularly challenging for this use case, due to its seen as particularly challenging for this use case, due to its
limitations, and EPUB has constraints that also make it challenging limitations, and EPUB has constraints that also make it challenging
for publishers. for publishers.
Although Web Packaging might help to address this use case, the Although Web Packaging might help to address this use case, the
question of how to identify book content was not resolved. The use question of how to identify book content was not resolved. The use
of Signed Exchanges in this context might offer means of tying of signed exchanges in this context might offer means of tying
content in books to a Web site, but several limitations inherent in content in books to a website, but several limitations inherent in
doing that were identified. doing that were identified.
In particular, book publication specialists represented that books In particular, book publication specialists represented that books
don't have the same requirements for timeliness or currency as web don't have the same requirements for timeliness or currency as web
pages. For instance, Dave Cramer's submission [CRAMER] observed that pages. For instance, Dave Cramer's submission [CRAMER] observed that
Moby Dick was published over 61,000 days ago, which is considerably Moby Dick was published over 61,000 days ago, which is considerably
longer than the proposed limit of 7 days for Signed Exchanges. The longer than the proposed limit of 7 days for signed exchanges. The
limited length of time that a Web Package can be considered valid was limited length of time that a Web Package can be considered valid was
discussed at some length. discussed at some length.
Additionally, the risk of a publisher going out of business during Additionally, the risk of a publisher going out of business during
the lifetime of a book is significant, because books - at least the lifetime of a book is significant, because books -- at least
successful ones - often span generations in their applicability. To successful ones -- often span generations in their applicability. To
that end, having a means of attributing content to a publisher was that end, having a means of attributing content to a publisher was
considered less practical, and potentially undesirable (much like the considered less practical and potentially undesirable (much like the
discussion above regarding "unsigned bundles"). discussion above regarding "unsigned bundles").
There were other aspects of book publication that participants saw as There were other aspects of book publication that participants saw as
challenging for packaging. For example, it is currently not challenging for packaging. For example, it is currently not
understood what it is to refer to distinct parts of a book. understood what it means to refer to distinct parts of a book.
Participants saw this as an area where providing stable references Participants saw this as an area where providing stable references
for bundles of content might offer possibilities, but nothing for bundles of content might offer possibilities, but nothing
concrete came from that discussion. concrete came from that discussion.
The potential for active content in a bundle to use Web APIs to The potential for active content in a bundle to use web APIs to
enrich content or enable new features was considered valuable. enrich content or enable new features was considered valuable.
Models for enabling paywalls were discussed at some length (see Models for enabling paywalls were discussed at some length (see
Section 5.4). Section 5.4).
2.3.2. Web Archiving 2.3.2. Web Archiving
Web archiving is a complicated discipline that is made more difficult Web archiving is a complicated discipline that is made more difficult
by the complex nature of the web itself. by the complex nature of the Web itself.
From an archival standpoint, the potential for Web content to be From an archival standpoint, the potential for web content to be
provided in a self-contained form was viewed positively. Several provided in a self-contained form was viewed positively. Several
improvements to the structure of Web Packaging were considered, such improvements to the structure of Web Packaging were considered, such
as providing complete sets of content and the use of Memento as providing complete sets of content and the use of Memento
[MEMENTO]. [MEMENTO].
Though there were potential applications of a packaging scheme, many Though there were potential applications of a packaging scheme, many
challenges were recognized as requiring additional work on the part challenges were recognized as requiring additional work on the part
of content producers to be fully effective. For example, JavaScript of content producers to be fully effective. For example, JavaScript
is needed to render some archived content faithfully, but attributing is needed to render some archived content faithfully, but attributing
that content to an origin in all scenarios is challenging. that content to an origin in all scenarios is challenging.
If packaging were to be widely deployed it might improve the If packaging were to be widely deployed, it might improve the
situation for archival replay. In particular, the speculation is situation for archival replay. In particular, the speculation is
that there would be less "live leakage" as packaged content might be that there would be less "live leakage" as packaged content might be
less likely to refer to live resources that currently tend to "leak" less likely to refer to live resources that currently tend to "leak"
into views of archives. It was also noted that subresources might into views of archives. It was also noted that subresources might
also be more likely to be packaged, especially those that are needed also be more likely to be packaged, especially those that are needed
for deferred representations (i.e., after JavaScript execution on the for deferred representations (i.e., after JavaScript execution on the
page or some user interactions). Other potential applications and page or some user interactions). Other potential applications and
enhancements are discussed in [ALAM]. enhancements are discussed in [ALAM].
Participants discussed the use of a signature for non-repudiation at Participants discussed the use of a signature for non-repudiation at
some length. In one case related to the Internet Archive, a public some length. In one case related to the Internet Archive, a public
figure disputed the accuracy of archived content, asserting that figure disputed the accuracy of archived content, asserting that the
either the original content was modified at the source, or in the original content was modified either at the source or in the archive.
archive.
Some participants initially saw digital signatures as a way to Some participants initially saw digital signatures as a way to
address such issues of provenance. As similar problems exist in address such issues of provenance. As similar problems exist in
other areas, such as in book publication, medical research, and news, other areas, such as in book publication, medical research, and news,
a solution to this problem was considered to have broad a solution to this problem was considered to have broad
applicability. applicability.
However, the discussion ultimately concluded that providing non- However, the discussion ultimately concluded that providing non-
repudiation in retrospect is challenging. Signing keys are not repudiation in retrospect is challenging. Signing keys are not
expected to remain secure for long periods. If keys are leaked expected to remain secure for long periods. If keys are leaked
afterwards, an attacker could retroactively generate fraudulent afterwards, an attacker could retroactively generate fraudulent
signatures. Alternative solutions were discussed, such as providing signatures. Alternative solutions were discussed, such as providing
independent archives for the same data, using consensus protocols, or independent archives for the same data, using consensus protocols, or
using an append-only construct like a Haber-Stornetta log [AOLOG], using an append-only construct like a Haber-Stornetta log [AOLOG],
all of which can be used to increase the difficulty of altering or all of which can be used to increase the difficulty of altering or
misrepresenting established archives. misrepresenting established archives.
3. Interactions Between Web Publishers and Aggregators 3. Interactions between Web Publishers and Aggregators
A significant motivation for holding the Workshop was to provide a A significant motivation for holding the workshop was to provide a
forum where publishers could discuss the impact of Web Packaging on forum where publishers could discuss the impact of Web Packaging on
the online publishing ecosystem. Of primary interest was whether Web the online publishing ecosystem. Of primary interest was whether Web
Packages might effectively enable a transfer of power from publishers Packages might effectively enable a transfer of power from publishers
to aggregators. to aggregators.
Both publishers and aggregators at the workshop expressed the Both publishers and aggregators at the workshop expressed the
importance of maintaining a positive relationship. Publishers in importance of maintaining a positive relationship. Publishers in
particular expressed the need to be able to trust that aggregators particular expressed the need to be able to trust that aggregators
won't misrepresent their work, or de-emphasize it for reasons won't misrepresent their work or de-emphasize it for reasons
unrelated to quality and perceived value to the user. unrelated to quality and perceived value to the user.
One key question from [BERJON] was discussed: One key question from [BERJON] was discussed:
Web Packaging has other uses, but it is primarily seen by a large | Web Packaging has other uses, but it is primarily seen by a large
proportion of its stakeholders as a solution to problems that AMP | proportion of its stakeholders as a solution to problems that AMP
created. Before we agree to solve those issues, should we not ask | created. Before we agree to solve those issues, should we not ask
if AMP was a useful approach in the first place - and useful to | if AMP was a useful approach in the first place -- and useful to
whom? | whom?
In examining this issue, discussion focused on the current incentive In examining this issue, discussion focused on the current incentive
model offered by aggregators. The costs that publishers incur for model offered by aggregators. The costs that publishers incur for
participation in that system were considered. Considerable time was participation in that system were considered. Considerable time was
spent on AMP, a summary of that discussion can be found in Section 5. spent on AMP; a summary of that discussion can be found in Section 5.
We also considered the question of whether standardizing Web We also considered the question of whether standardizing Web
Packaging confers credibility to aggregators exercising unwelcome Packaging confers credibility to aggregators exercising unwelcome
control over publisher content, or whether the technical safeguards control over publisher content or whether the technical safeguards
Web Packaging provides could allow aggregators to relax their Web Packaging provides could allow aggregators to relax their
restrictions on the kinds of content they're willing to cache and restrictions on the kinds of content they're willing to cache and
serve. No conclusions were drawn. serve. No conclusions were drawn.
3.1. Incentives for Web Packages 3.1. Incentives for Web Packages
Submissions to the Workshop indicated that the use of inducements Submissions to the workshop indicated that the use of inducements
involving better placement and formatting of links to publisher involving better placement and formatting of links to publisher
content had a significant effect on the uptake of related technology. content had a significant effect on the uptake of related technology.
For example, in [DEPUYDT-NELSON]: For example, in [DEPUYDT-NELSON]:
[...] The Washington Post has always placed a great deal of trust | [...] The Washington Post has always placed a great deal of trust
in Google to represent its content--and their reward for doing so | in Google to represent its content--and their reward for doing so
is more traffic, which positively impacts the business. | is more traffic, which positively impacts the business.
During the Workshop, several online publishers indicated that if it During the workshop, several online publishers indicated that if it
weren't for the privileged position in the Google Search carousel weren't for the privileged position in the Google Search carousel
given to AMP content, they would not publish in that format. given to AMP content, they would not publish in that format.
Publishers that do produce AMP said they see a non-trivial increase Publishers that do produce AMP said they see a non-trivial increase
in traffic as a result of deploying AMP content. For example, Yahoo in traffic as a result of deploying AMP content. For example, Yahoo
Japan reported a 60% increase in traffic as a result of deploying AMP Japan reported a 60% increase in traffic as a result of deploying AMP
on Yahoo Travel [OTSU]. There was no data presented as to whether on Yahoo Travel [OTSU]. There was no data presented as to whether
this increase was due to better placement in Google Search results, this increase was due to better placement in Google Search results,
from the inherent benefits of the AMP cache, or the use of the AMP the inherent benefits of the AMP Cache, or the use of the AMP format.
format.
Anecdotal evidence was offered by another large publisher that saw a Anecdotal evidence was offered by another large publisher that saw a
10% drop in traffic as a result of accidentally disabling AMP 10% drop in traffic as a result of accidentally disabling AMP
content. However, increases in traffic might not result in similarly content. However, increases in traffic might not result in similarly
proportioned increases in revenue, as observed in [BREWSTER]. proportioned increases in revenue, as observed in [BREWSTER].
3.2. Operational Costs 3.2. Operational Costs
Several participants pointed out that introducing a new, parallel Several participants pointed out that introducing a new, parallel
format for Web content incurs operational costs. In particular, format for Web content incurs operational costs. In particular,
supporting any new format - such as Web Packaging, Apple News, or supporting any new format -- such as Web Packaging, Apple News, or
Facebook Instant Articles - requires not only initial development of Facebook Instant Articles -- requires not only initial development of
tooling (some generic, some specific to a site's requirements) but tooling (some generic and some specific to a site's requirements) but
also an ongoing investment in maintaining its operability. Some also an ongoing investment in maintaining its operability. Some
participants expressed concern about the impact upon small publishers participants expressed concern about the impact upon small publishers
with limited technical and financial resources, especially in the with limited technical and financial resources, especially in the
current publishing climate. current publishing climate.
Increased exposure from new formats might not always justify the Increased exposure from new formats might not always justify the
added expense of providing articles in that format [BREWSTER]. added expense of providing articles in that format [BREWSTER].
However, a standardized format might help publishers reduce the cost However, a standardized format might help publishers reduce the cost
of maintaining multiple formats. of maintaining multiple formats.
skipping to change at page 10, line 34 skipping to change at line 463
Though data was presented to demonstrate potential rather than be a Though data was presented to demonstrate potential rather than be a
definitive result, discussions raised a number of questions that definitive result, discussions raised a number of questions that
suggest the need for further study. Attendees suggested that future suggest the need for further study. Attendees suggested that future
measurements consider the effect of signed bundles distinct from the measurements consider the effect of signed bundles distinct from the
enhancements derived from the AMP format. Future research in this enhancements derived from the AMP format. Future research in this
area might also consider the effectiveness of different strategies on area might also consider the effectiveness of different strategies on
devices with varying capabilities, bandwidth, power consumption devices with varying capabilities, bandwidth, power consumption
requirements, or network conditions. requirements, or network conditions.
Of particular interest is the additional work required to fetch and Of particular interest is the additional work required to fetch and
render multiple web pages in prepation for navigation. This might render multiple web pages in preparation for navigation. This might
ultimately use fewer connections, but comes with an increased network ultimately use fewer connections but comes with an increased network
and CPU cost for clients. Some participants pointed out that and CPU cost for clients. Some participants pointed out that
different clients or applications might require different tuning; for different clients or applications might require different tuning --
example, when users have limited (or expensive) bandwidth, or for for example, when users have limited (or expensive) bandwidth or for
sites with less clear knowledge about the use of outbound links. sites with less clear knowledge about the use of outbound links.
Workshop participants also expressed interest in learning about the Workshop participants also expressed interest in learning about the
effect of Web Packages on subsequent navigations within the target effect of Web Packages on subsequent navigations within the target
site. site.
In discussion, some participants suggested that their experience In discussion, some participants suggested that their experience
supported a theory that operating a cache at the linking site was supported a theory that operating a cache at the linking site was
most effective and the additional work done prior to navigation in most effective and the additional work done prior to navigation in
terms of fetching and preparing content was what provided the most terms of fetching and preparing content was what provided the most
gains; others suggested that the benefits inherent in the AMP format gains; others suggested that the benefits inherent in the AMP format
was a dominant factor. was a dominant factor.
Understanding the complete effect of Web Packaging on web performance Understanding the complete effect of Web Packaging on web performance
will require further work. will require further work.
4. Systemic Effects 4. Systemic Effects
It is not straightforward to estimate how a proposed technology It is not straightforward to estimate how a proposed technology
change might affect all of the parts of a system - including not only change might affect all of the parts of a system -- including not
other components but also things like end-user rights and the balance only other components, but also things like end-user rights and the
of power between parties - ahead of time. To date, when evaluating balance of power between parties -- ahead of time. To date, when
proposals, the IETF has generally focused on more immediate concerns, evaluating proposals, the IETF has generally focused on more
such as interoperability and security. immediate concerns, such as interoperability and security.
Moreover, people often find new uses for successful standards Moreover, people often find new uses for successful standards
[SUCCESS] after they are deployed. It is rarely possible to [SUCCESS] after they are deployed. It is rarely possible to
accurately predict all applications of a protocol or format, whether accurately predict all applications of a protocol or format, whether
they are harmful or beneficial. Refusing standardization only they are harmful or beneficial. Refusing standardization only
impedes both outcomes. impedes both outcomes.
With the understanding that predictions are difficult to make, there With the understanding that predictions are difficult to make, there
was considerable speculation at the Workshop about the possible was considerable speculation at the workshop about the possible
effect of Web Packaging on the Web. Some of that speculation is effect of Web Packaging on the Web. Some of that speculation is
informed by experience, but that experience is necessarily limited in informed by experience, but that experience is necessarily limited in
scope. This section attempts to capture that discussion. scope. This section attempts to capture that discussion.
4.1. Consolidation 4.1. Consolidation
Concerns about the consolidation of power on the Internet have Concerns about the consolidation of power on the Internet have
significantly increased lately, as a result of several factors. significantly increased lately, as a result of several factors.
While the IAB, the Internet Society, and others are examining this While the IAB, the Internet Society, and others are examining this
phenomenon to understand it better, it is nevertheless prudent to phenomenon to understand it better, it is nevertheless prudent to
consider whether proposals for changes to how the Internet works consider whether proposals for changes to how the Internet works
favors or counters consolidation. Favoring entities with existing favors or counters consolidation. Favoring entities with existing
advantages - like resources, size, or market share - is not advantages -- like resources, size, or market share -- is not
necessarily a factor that disqualifies a new proposal, but it needs necessarily a factor that disqualifies a new proposal, but it needs
to be considered as a cost of enabling that technology. to be considered as a cost of enabling that technology.
While it isn't clear what all of the outcomes of adopting Web Although the outcomes of adopting Web Packaging are unclear, the
Packaging would be, the Workshop revealed several concerns for workshop revealed several concerns for consolidation risks for all
consolidation risks for all involved parties: users, publisher sites, involved parties: users, publisher sites, linking sites, and services
linking sites, and services they each rely on. they each rely on.
4.1.1. Consolidation of Power in Linking Sites 4.1.1. Consolidation of Power in Linking Sites
Several participants noted that Web Packaging's enablement of instant Several participants noted that Web Packaging's enabling of instant
navigation (Section 2.1) might advantage larger linking sites - such navigation (Section 2.1) might advantage larger linking sites -- such
as social networks or search engines - over smaller ones in the same as social networks or search engines -- over smaller ones in the same
industry because doing so requires careful selections of which links industry because doing so requires careful selections of which links
to optimize, so as not to create unneeded traffic. to optimize, so as not to create unneeded traffic.
For example, a news article often has many links, but not all of them For example, a news article often has many links, but not all of them
are equally likely to be followed. Deciding which ones to pre-fetch are equally likely to be followed. Deciding which ones to prefetch
requires considerable data collection and engineering, so this requires considerable data collection and engineering, so this
technique might not be feasible for smaller entities. Additionally, technique might not be feasible for smaller entities. Additionally,
some participants noted that this technique favors sites that have a some participants noted that this technique favors sites that have a
linear set of ranked links, like search results; it is more difficult linear set of ranked links, like search results; it is more difficult
to apply to a page of news (for example) because predicting what link to apply to a page of news (for example) because predicting what link
a user will follow is less obvious. a user will follow is less obvious.
This technique also requires access to a cache with terms of use This technique also requires access to a cache with terms of use
compatible with the requirements of the site. It was pointed out compatible with the requirements of the site. It was pointed out
that the Google AMP Cache has policies that might be acceptable to that the Google AMP Cache has policies that might be acceptable to
many, and there are other caches. Sites operated by entities other many, and there are other caches. Sites operated by entities other
than Google already use this cache, though it was observed that a than Google already use this cache, though it was observed that a
site that does not host its own cache suffers a minor performance site that does not host its own cache suffers a minor performance
degradation. degradation.
4.1.2. Consolidation of Power in Publishers 4.1.2. Consolidation of Power in Publishers
Participants seemed to agree that if performance is strong enough Participants seemed to agree that if performance is a strong enough
differentiator, the effective use of Web Packaging might turn out to differentiator, the effective use of Web Packaging might turn out to
be a condition for success for online publishers. Google Search's be a condition for success for online publishers. Google Search's
choice to privilege content that is served using HTTPS was pointed choice to privilege content that is served using HTTPS was pointed
out as showing that this sort of influence can be effective. out as showing that this sort of influence can be effective.
Equally, it is not necessarily the case that standardization of new Equally, it is not necessarily the case that standardization of new
capabilities will affect such policies materially, as noted in capabilities will affect such policies materially, as noted in
[YASSKIN]: [YASSKIN]:
It seems unlikely that any decisions we make in a packaging or | It seems unlikely that any decisions we make in a packaging or
distribution system will affect the considerations aggregators use | distribution system will affect the considerations aggregators use
when deciding how to rank recommendations or the power this gives | when deciding how to rank recommendations or the power this gives
them over publishers. | them over publishers.
The most common concern raised in the discussion was the effect of The most common concern raised in the discussion was the effect of
this technology on smaller publishers who might be less able to this technology on smaller publishers who might be less able to
optimize the packages they produce, where their primary optimize the packages they produce, where their primary
differentiation in the market has previously been the quality of differentiation in the market has previously been the quality of
their content. their content.
4.1.3. Consolidation of User Preferences 4.1.3. Consolidation of User Preferences
In typical operation of the Web, servers have an opportunity to In typical operation of the Web, servers have an opportunity to
skipping to change at page 13, line 31 skipping to change at line 605
(provided by TLS [TLS]), but Web Packaging adds a limited form of (provided by TLS [TLS]), but Web Packaging adds a limited form of
object security. That is, the package protects the integrity of a object security. That is, the package protects the integrity of a
message, rather than providing integrity and confidentiality for its message, rather than providing integrity and confidentiality for its
delivery. Object security is not a new concept in the context of the delivery. Object security is not a new concept in the context of the
Web; designs like SHTTP [SHTTP] are as old as HTTPS. Though the Web; designs like SHTTP [SHTTP] are as old as HTTPS. Though the
intent is for Web Packaging to have a far more narrow applicability, intent is for Web Packaging to have a far more narrow applicability,
it provides fewer security guarantees than HTTPS, since it provides it provides fewer security guarantees than HTTPS, since it provides
only authentication, no confidentiality with respect to the cache, only authentication, no confidentiality with respect to the cache,
and no assurance of liveness. and no assurance of liveness.
Object-based security - such as proposed in Web Packaging - allows Object-based security -- such as proposed in Web Packaging -- allows
the use of content regardless of how it is obtained; some the use of content regardless of how it is obtained; some
participants noted that third parties gain greater control over the participants noted that third parties gain greater control over the
distribution of content, reducing the ability of publishers to distribution of content, reducing the ability of publishers to
retract or alter content over the validity period of signed content. retract or alter content over the validity period of signed content.
Another topic of discussion was composition attacks. In its proposed Another topic of discussion was composition attacks. In its proposed
form, Web Packaging only provides authentication of independent form, Web Packaging only provides authentication of independent
resources, not a web page as a single unit, allowing an attacker to resources, not a web page as a single unit, allowing an attacker to
control the composition of resources. This weakness was acknowledged control the composition of resources. This weakness was acknowledged
as a known shortcoming of the current proposal that would be as a known shortcoming of the current proposal that would be
addressed. addressed.
The issue of managing the trade-off between control and performance The issue of managing the trade-off between control and performance
in caches arose. While participants recognized that problems with in caches arose. While participants recognized that problems with
resource composition already occur by accident - for example, when a resource composition already occur by accident -- for example, when a
cache stores different versions of resources - Web Packaging allows cache stores different versions of resources -- Web Packaging allows
an attacker more direct control over what resources are available to an attacker more direct control over what resources are available to
clients. clients.
For example, an attacker might be able to cause content with a For example, an attacker might be able to cause content with a
security flaw to be used up to a week past the time that the defect security flaw to be used up to a week past the time that the defect
was fixed. was fixed.
As an example of how Web Packaging might change the risk profile for As an example of how Web Packaging might change the risk profile for
sites, participants discussed recovery from cross-site scripting sites, participants discussed recovery from cross-site scripting
attacks. It is already the case that a brief exposure to this class attacks. It is already the case that a brief exposure to this class
of attack can result in an attacker gaining persistent access, but of attack can result in an attacker gaining persistent access, but
mechanisms exist that can be used to avoid or correct issues, like mechanisms exist that can be used to avoid or correct issues, like
cache validation and Clear Site Data [CLEAR-DATA]. These measures cache validation and Clear Site Data [CLEAR-DATA]. These measures
are not available to clients unless they connect to the site. are not available to clients unless they connect to the site.
The discussion pointed out that these concerns are not new or The discussion pointed out that these concerns are not new or
uniquely enabled by Web Packaging. However, it was pointed out that uniquely enabled by Web Packaging. However, it was pointed out that
new features are routinely subject to higher security and privacy new features are routinely subject to higher security and privacy
expectations. In an example unrelated to Web Packaging but with expectations. In an example unrelated to Web Packaging but with
similar tradeoffs, shared compression of multiple resources has similar trade-offs, shared compression of multiple resources has
significant performance benefits. The risk with shared compression significant performance benefits. The risk with shared compression
exposes is the potential for exposing encrypted information through is the potential for exposing encrypted information through side
side-channels. Though sites can use shared compression without this channels. Though sites can use shared compression without this
exposure, shared compression will likely only be enabled once it is exposure, shared compression will likely only be enabled once it is
clear that measures to prevent accidental information exposure are clear that measures to prevent accidental information exposure are
understood to be effective in a broad set of deployments. understood to be effective in a broad set of deployments.
The discussion also addressed the question of whether concerns might The discussion also addressed the question of whether concerns might
equally apply to the typical use of a Content Distribution Network equally apply to the typical use of a CDN as a third-party provider
(CDN) as a third-party provider of the content. Some participants of the content. Some participants concluded that CDNs are typically
concluded that CDNs are typically in a contractual relationship with in a contractual relationship with the sites they serve and so are
the sites they serve and so are more likely to have their interests more likely to have their interests aligned.
aligned.
4.3. Privacy of Content 4.3. Privacy of Content
Discussion and submissions raised concerns regarding how serving Discussion and submissions raised concerns regarding how serving
content using Web Packages might adversely affect privacy of content using Web Packages might adversely affect privacy of
individuals. There are challenges here, but the very narrow individuals. There are challenges here, but the very narrow
applicability of Web Packaging to what is effectively static content applicability of Web Packaging to what is effectively static content
limits the privacy risk. The conclusion was that provided sufficient limits the privacy risk. The conclusion was that, provided
care is taken in implementation, use of Web Packages does not sufficient care is taken in implementation, the use of Web Packages
substantially increase the information that an aggregator gains about does not substantially increase the information that an aggregator
what content is consumed. gains about what content is consumed.
Concretely, an aggregator knows what content it serves in Concretely, an aggregator knows what content it serves in
anticipation of navigation. This is - at least in theory - anticipation of navigation. This is -- at least in theory --
substantially the same as the content that the aggregator might substantially the same as the content that the aggregator might
receive if it performed the navigation itself. Assuming that content receive if it performed the navigation itself. Assuming that content
is stripped of personalization, the aggregator gains no new is stripped of personalization, the aggregator gains no new
information. information.
5. AMP Issues Unrelated to Web Packaging 5. AMP Issues Unrelated to Web Packaging
On multiple occasions, discussion at the Workshop concentrated on On multiple occasions, discussion at the workshop concentrated on
problems that arise as a result of constraints on the AMP format or problems that arise as a result of constraints on the AMP format or
details of its inclusion in Google Search. For instance, the details of its inclusion in Google Search. For instance, the
requirement to make metadata about pages to be exposed by pages is requirement to make pages expose their metadata is unlikely to be
unlikely to be affected by any standardization of a packaging format affected by any standardization of a packaging format as that
as that requirement is independent of the process of delivering requirement is independent of the process of delivering content.
content.
This section provides some detail on aspects of the discussion that This section provides some detail on aspects of the discussion that
touched on AMP more generally in this way. Some treatment of these touched on AMP more generally in this way. Some treatment of these
points is considered relevant as some of the discussion at the points is considered relevant as some of the discussion at the
workshop, even under the remit of discussing Web Packaging, workshop, even under the remit of discussing Web Packaging,
concentrated on the effect of AMP on the ecosystem. concentrated on the effect of AMP on the ecosystem.
Note: Of the four formats mentioned in the workshop call for papers | Note: Of the four formats mentioned in the workshop call for
[CFP], only AMP sent representatives to the workshop. The | papers [CFP], only AMP sent representatives to the workshop.
discussion was therefore concentrated around AMP; this section | The discussion was therefore concentrated around AMP; this
should not be read to imply anything about other formats. | section should not be read to imply anything about other
| formats.
Discussion and submissions referred to a commitment [AMP-LESSONS] to Discussion and submissions referred to a commitment [AMP-LESSONS] to
allow publishers to use content that met specific criteria to access allow publishers to use content that met specific criteria to access
privileged positions in search results, regardless of their adoption privileged positions in search results, regardless of their adoption
of AMP. Participants felt that this approach might address some of of AMP. Participants felt that this approach might address some of
these concerns if it were adopted and durable. For instance, the use these concerns if it were adopted and durable. For instance, the use
of Web Packaging might be sufficient to remove some constraints on of Web Packaging might be sufficient to remove some constraints on
active content on the basis that the active content would be active content on the basis that the active content would be
attributed to the publisher and not the AMP cache. attributed to the publisher and not the AMP Cache.
5.1. AMP Governance 5.1. AMP Governance
There was interest from workshop participants in the governance model There was interest from workshop participants in the governance model
used for AMP. In particular, the question of how independent the AMP used for AMP. In particular, the question of how independent the AMP
project would be of Google and Google Search. project would be of Google and Google Search arose.
Three of the seven members of the AMP Technical Steering Committee, Three of the seven members of the AMP Technical Steering Committee,
the body that governs AMP, are Google employees, which gives Google the body that governs AMP, are Google employees, which gives Google
considerable influence over the project. It was asserted that the considerable influence over the project. It was asserted that the
governance structure was intended to be more independent of Google governance structure was intended to be more independent of Google
over time. The understanding was that any consumer of the format, over time. The understanding was that any consumer of the format,
such as Google Search, would make an independent assessment about such as Google Search, would make an independent assessment about
whether to use or require different aspects of the AMP project whether to use or require different aspects of the AMP project
products. products.
skipping to change at page 16, line 18 skipping to change at line 731
parallel to their regular HTML content. Publishers noted this as a parallel to their regular HTML content. Publishers noted this as a
high cost, particularly for smaller sites. It was pointed out that high cost, particularly for smaller sites. It was pointed out that
websites can serve AMP-compliant content exclusively. However, websites can serve AMP-compliant content exclusively. However,
several publishers referred to limitations in the format that made it several publishers referred to limitations in the format that made it
unsuitable for their needs. unsuitable for their needs.
Many cited reasons for this duplication were related to the necessity Many cited reasons for this duplication were related to the necessity
of running arbitrary active content (typically, JavaScript). For of running arbitrary active content (typically, JavaScript). For
example: example:
o AMP provides a framework for supporting user authentication, but * AMP provides a framework for supporting user authentication, but
publishers asserted that using this framework was not considered publishers asserted that using this framework was not considered
practical. practical.
o AMP content does not support rendering of certain content, which * AMP content does not support rendering of certain content, which
can affect the ability of publishers to innovate in how they can affect the ability of publishers to innovate content
produce content. production.
o The AMP model for the implementation of paywalls (Section 5.4) was * The AMP model for the implementation of paywalls (Section 5.4) was
claimed to be inimical to some publisher business models. claimed to be inimical to some publisher business models.
More broadly, they considered AMP's constraints on the use of active More broadly, they considered AMP's constraints on the use of active
content as problematic, since they prevent the use of capabilities content as problematic, since they prevent the use of capabilities
that are provided on equivalent non-AMP pages. Reference was made to that are provided on equivalent non-AMP pages. Reference was made to
a proposed <amp-script> element - which has since been made fully a proposed <amp-script> element -- which has since been made fully
available - that seeks to provide limited access to some dynamic available -- that seeks to provide limited access to some dynamic
content. content.
5.3. Performance 5.3. Performance
Publishers observed that using the AMP format does not provide any Publishers observed that using the AMP format does not provide any
guarantee of performance gains and in some cases could contribute to guarantee of performance gains and, in some cases, could contribute
performance degradation. It was suggested that this was most to performance degradation. It was suggested that this was most
problematic for sites that are already well-tuned for performance. problematic for sites that are already well-tuned for performance.
5.4. Implementation of Paywalls 5.4. Implementation of Paywalls
The use of "paywalls" by Web publishers to control access to content The use of paywalls by web publishers to control access to content in
in return for payment is increasingly common. One popular approach return for payment is increasingly common. One popular approach is
is to offer a limited number of articles without payment while to offer a limited number of articles without payment while insisting
insisting on a paid subscription to access further articles. on a paid subscription to access further articles.
On several occasions, participants expressed dissatisfaction with the On several occasions, participants expressed dissatisfaction with the
difficulty of integrating paywall authorization when using AMP. In difficulty of integrating paywall authorization when using AMP. In
particular, they said AMP encourages publishers to include an particular, they said AMP encourages publishers to include an
article's full content, hidden by default but easily accessible to article's full content, hidden by default but easily accessible to
motivated users. The discussion extended to workarounds like cookie motivated users. The discussion extended to workarounds like cookie
syncing [COOKIE-SYNC] that is used as part of authorization, a syncing [COOKIE-SYNC], which is used as part of authorization and is
consequence of having cached content hosted on the linking site a consequence of having cached content hosted on the linking site
rather than the target site. rather than the target site.
The same topic came up concerning book publication, where publishers The same topic came up concerning book publication, where publishers
indicated that having a means of enabling different methods of indicated that having a means of enabling different methods of
distribution without also facilitating unconstrained copying of book distribution without also facilitating unconstrained copying of book
content was necessary. content was necessary.
This conflation of AMP issues with those addressed by Web Packaging This conflation of AMP issues with those addressed by Web Packaging
was recurrent in the discussion. As observed in [DAS], these was recurrent in the discussion. As observed in [DAS], these
concerns might be addressed by linking to a signed bundle. concerns might be addressed by linking to a signed bundle.
6. Venues for Future Discussion 6. Venues for Future Discussion
Web Packaging work continues in multiple forums. Questions about the Web Packaging work continues in multiple forums. Questions about the
core format and signatures is being discussed on the wpack@ietf.org core format and signatures are being discussed on the wpack@ietf.org
mailing list [1]. Changes to web browsers as proposed in [LOADING] mailing list (https://www.ietf.org/mailman/listinfo/wpack). Changes
will be discussed on the Fetch specification repository [2]. to web browsers as proposed in [LOADING] will be discussed on the
Fetch specification repository (https://github.com/whatwg/fetch/
issues/784).
7. Security Considerations 7. Security Considerations
Proposals discussed at the Workshop might have a significant security Proposals discussed at the workshop might have a significant security
impact, and these topics were discussed in some depth; see impact, and these topics were discussed in some depth; see
Section 4.2. Section 4.2.
8. References 8. Informative References
8.1. Informative References
[ALAM] Alam, S., Weigle, M., Nelson, M., Klein, M., and H. Van de [ALAM] Alam, S., Weigle, M., Nelson, M., Klein, M., and H. Van de
Sompel, "Supporting Web Archiving via Web Packaging", June Sompel, "Supporting Web Archiving via Web Packaging", 6
2019, <https://www.iab.org/wp-content/IAB-uploads/2019/06/ June 2019, <https://www.iab.org/wp-content/IAB-
sawood-alam-2.pdf>. uploads/2019/06/sawood-alam-2.pdf>.
[AMP-LESSONS] [AMP-LESSONS]
Ubl, M., "Standardizing lessons learned from AMP", March Ubl, M., "Standardizing lessons learned from AMP", 8 March
2018, <https://blog.amp.dev/2018/03/08/ 2018, <https://blog.amp.dev/2018/03/08/standardizing-
standardizing-lessons-learned-from-amp/>. lessons-learned-from-amp/>.
[AMP-PERF] [AMP-PERF] Steinlauf, E., "The Speed Benefit of AMP Prerendering", 14
Steinlauf, E., "The Speed Benefit of AMP Prerendering",
August 2019, <https://developers.googleblog.com/2019/08/ August 2019, <https://developers.googleblog.com/2019/08/
the-speed-benefit-of-amp-prerendering.html>. the-speed-benefit-of-amp-prerendering.html>.
[AOLOG] Haber, S. and W. Stornetta, "How to time-stamp a digital [AOLOG] Haber, S. and W. Stornetta, "How to time-stamp a digital
document", Journal of Cryptology Vol. 3, document", Journal of Cryptology, Vol. 3, Issue 2, pp.
DOI 10.1007/bf00196791, 1991. 99-111, DOI 10.1007/bf00196791, 1991,
<https://doi.org/10.1007/bf00196791>.
[BERJON] Berjon, R., "ESCAPE: The New York Times Position", July [BERJON] Berjon, R., "ESCAPE: The New York Times Position", 9 July
2019, <https://www.iab.org/wp-content/IAB-uploads/2019/07/ 2019, <https://www.iab.org/wp-content/IAB-uploads/2019/07/
NYT-ESCAPE.pdf>. NYT-ESCAPE.pdf>.
[BREWSTER] [BREWSTER] Brewster, A., "ESCAPE Position / Patch.com", 6 June 2019,
Brewster, A., "ESCAPE Position / Patch.com", June 2019, <https://www.iab.org/wp-content/IAB-uploads/2019/06/
<https://www.iab.org/wp-content/IAB-uploads/2019/07/ patch.pdf>.
NYT-ESCAPE.pdf>.
[BUNDLE] Yasskin, J., "Web Packaging", draft-yasskin-dispatch-web- [BUNDLE] Yasskin, J., "Bundled HTTP Exchanges", Work in Progress,
packaging-00 (work in progress), June 2017. Internet-Draft, draft-yasskin-wpack-bundled-exchanges-02,
26 September 2019, <https://tools.ietf.org/html/draft-
yasskin-wpack-bundled-exchanges-02>.
[CFP] IAB, ., "Exploring Synergy between Content Aggregation and [CFP] Internet Architecture Board, "Exploring Synergy between
the Publisher Ecosystem Workshop 2019", May 2019, Content Aggregation and the Publisher Ecosystem Workshop
<https://www.iab.org/activities/workshops/ 2019", 3 May 2019,
escape-workshop/>. <https://www.iab.org/activities/workshops/escape-
workshop/>.
[CHATHAM-HOUSE] [CHATHAM-HOUSE]
Chatham House, "Chatham House Rule", n.d., Chatham House, "Chatham House Rule",
<https://www.chathamhouse.org/chatham-house-rule>. <https://www.chathamhouse.org/chatham-house-rule>.
[CHRISTCHURCH] [CHRISTCHURCH]
Stevenson, R. and J. Anthony, "'Thousands' of Christchurch Stevenson, R. and J. Anthony, "'Thousands' of Christchurch
shootings videos removed from YouTube, Google says", March shootings videos removed from YouTube, Google says", 16
2019, <https://www.stuff.co.nz/business/111330323/ March 2019, <https://www.stuff.co.nz/business/111330323/
facebook-working-around-the-clock-to-block-christchurch- facebook-working-around-the-clock-to-block-christchurch-
shootings-video>. shootings-video>.
[CLEAR-DATA] [CLEAR-DATA]
West, M., "Clear Site Data", W3C Working Draft, November West, M., "Clear Site Data", W3C Working Draft, 30
2017, <https://www.w3.org/TR/clear-site-data/>. November 2017, <https://www.w3.org/TR/clear-site-data/>.
[COOKIE-SYNC] [COOKIE-SYNC]
Acar, G., Eubank, C., Englehardt, S., Juarez, M., Acar, G., Eubank, C., Englehardt, S., Juarez, M.,
Narayanan, A., and C. Diaz, "The Web Never Forgets", Narayanan, A., and C. Diaz, "The Web Never Forgets", CSS
Proceedings of the 2014 ACM SIGSAC Conference on Computer '14: Proceedings of the 2014 ACM SIGSAC Conference on
and Communications Security - CCS '14, Computer and Communications Security, pp. 674-689,
DOI 10.1145/2660267.2660347, 2014. DOI 10.1145/2660267.2660347, 2014,
<https://doi.org/10.1145/2660267.2660347>.
[CRAMER] Cramer, D., "Packaging Books", June 2019, [CRAMER] Cramer, D., "Packaging Books", 2 June 2019,
<https://www.iab.org/wp-content/IAB-uploads/2019/06/ <https://www.iab.org/wp-content/IAB-uploads/2019/06/
cramer-position-paper.pdf>. cramer-position-paper.pdf>.
[DAS] Das, S., "The Implication of Signed Exchanges on [DAS] Das, S., "The Implication of Signed Exchanges on
E-Commerce", June 2019, <https://www.iab.org/wp-content/ E-Commerce", 7 June 2019, <https://www.iab.org/wp-content/
IAB-uploads/2019/06/ IAB-uploads/2019/06/IAB-Position-Paper_-Signed-
IAB-Position-Paper_-Signed-Exchanges.pdf>. Exchanges.pdf>.
[DEPUYDT-NELSON] [DEPUYDT-NELSON]
DePuydt, M. and M. Nelson, "Signed Exchanges and The DePuydt, M. and M. Nelson, "Signed Exchanges and The
Importance of Trust in Aggregator/Publisher Importance of Trust in Aggregator/Publisher
relationships", June 2019, <https://www.iab.org/wp- relationships", 4 June 2019, <https://www.iab.org/wp-
content/IAB-uploads/2019/06/washpost.pdf>. content/IAB-uploads/2019/06/washpost.pdf>.
[GDPR] European Union, "General Data Protection Regulation", EU [GDPR] European Union, "General Data Protection Regulation", EU
Regulation 2016/679, April 2016, <https://eur- Regulation 2016/679, 27 April 2016, <https://eur-
lex.europa.eu/legal-content/EN/TXT/ lex.europa.eu/legal-content/EN/TXT/
HTML/?uri=CELEX:32016R0679&from=EN#d1e2606-1-1>. HTML/?uri=CELEX:32016R0679&from=EN#d1e2606-1-1>.
[HTTP] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [HTTP] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
Protocol (HTTP/1.1): Message Syntax and Routing", Protocol (HTTP/1.1): Message Syntax and Routing",
RFC 7230, DOI 10.17487/RFC7230, June 2014, RFC 7230, DOI 10.17487/RFC7230, June 2014,
<https://www.rfc-editor.org/info/rfc7230>. <https://www.rfc-editor.org/info/rfc7230>.
[LOADING] Yasskin, J., "Loading Signed Exchanges", September 2019, [LOADING] Yasskin, J., "Loading Signed Exchanges", 4 September 2019,
<https://wicg.github.io/webpackage/loading.html>. <https://wicg.github.io/webpackage/loading.html>.
[MEMENTO] Van de Sompel, H., Nelson, M., and R. Sanderson, "HTTP [MEMENTO] Van de Sompel, H., Nelson, M., and R. Sanderson, "HTTP
Framework for Time-Based Access to Resource States -- Framework for Time-Based Access to Resource States --
Memento", RFC 7089, DOI 10.17487/RFC7089, December 2013, Memento", RFC 7089, DOI 10.17487/RFC7089, December 2013,
<https://www.rfc-editor.org/info/rfc7089>. <https://www.rfc-editor.org/info/rfc7089>.
[ORIGIN] Barth, A., "The Web Origin Concept", RFC 6454, [ORIGIN] Barth, A., "The Web Origin Concept", RFC 6454,
DOI 10.17487/RFC6454, December 2011, DOI 10.17487/RFC6454, December 2011,
<https://www.rfc-editor.org/info/rfc6454>. <https://www.rfc-editor.org/info/rfc6454>.
[OTSU] Ohtsu, S., "Deployment Experience of Signed HTTP Exchanges [OTSU] Ohtsu, S., "Deployment Experience of Signed HTTP Exchanges
with AMP as a Publisher", June 2019, <https://www.iab.org/ with AMP as a Publisher", 4 June 2019,
wp-content/IAB-uploads/2019/06/shigeki-ohtsu.pdf>. <https://www.iab.org/wp-content/IAB-uploads/2019/06/
shigeki-ohtsu.pdf>.
[SHTTP] Rescorla, E. and A. Schiffman, "The Secure HyperText [SHTTP] Rescorla, E. and A. Schiffman, "The Secure HyperText
Transfer Protocol", RFC 2660, DOI 10.17487/RFC2660, August Transfer Protocol", RFC 2660, DOI 10.17487/RFC2660, August
1999, <https://www.rfc-editor.org/info/rfc2660>. 1999, <https://www.rfc-editor.org/info/rfc2660>.
[SUCCESS] Thaler, D. and B. Aboba, "What Makes for a Successful [SUCCESS] Thaler, D. and B. Aboba, "What Makes for a Successful
Protocol?", RFC 5218, DOI 10.17487/RFC5218, July 2008, Protocol?", RFC 5218, DOI 10.17487/RFC5218, July 2008,
<https://www.rfc-editor.org/info/rfc5218>. <https://www.rfc-editor.org/info/rfc5218>.
[SXG] Yasskin, J., "Signed HTTP Exchanges", draft-yasskin-http- [SXG] Yasskin, J., "Signed HTTP Exchanges", Work in Progress,
origin-signed-responses-06 (work in progress), July 2019. Internet-Draft, draft-yasskin-http-origin-signed-
responses-08, 4 November 2019,
<https://tools.ietf.org/html/draft-yasskin-http-origin-
signed-responses-08>.
[TAG-DC] Betts, A., "Distributed and syndicated content", July [TAG-DC] Betts, A., Ed., "Distributed and syndicated content", W3C
2017, <https://www.iab.org/wp-content/IAB-uploads/2019/06/ TAG Finding, 27 July 2017,
IAB-Position-Paper_-Signed-Exchanges.pdf>. <https://www.w3.org/2001/tag/doc/distributed-content/>.
[TLS] Rescorla, E., "The Transport Layer Security (TLS) Protocol [TLS] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>. <https://www.rfc-editor.org/info/rfc8446>.
[YASSKIN] Yasskin, J., "Chrome's position on the ESCAPE workshop", [YASSKIN] Yasskin, J., "Chrome's position on the ESCAPE workshop", 6
June 2019, <https://www.iab.org/wp-content/IAB- June 2019, <https://www.iab.org/wp-content/IAB-
uploads/2019/06/chrome.html>. uploads/2019/06/chrome.html>.
8.2. URIs
[1] https://www.ietf.org/mailman/listinfo/wpack
[2] https://github.com/whatwg/fetch/issues/784
[3] https://amp.dev/
[4] https://schema.org/
[5] https://developers.google.com/amp/cache/
Appendix A. About the Workshop Appendix A. About the Workshop
The ESCAPE Workshop was held on 2019-07-18 and the morning of The ESCAPE Workshop was held on 2019-07-18 and the morning of
2019-07-19 at Cisco's facility in Herndon, Virginia USA. 2019-07-19 at Cisco's facility in Herndon, Virginia, USA.
Attendees to the Workshop were asked to submit position papers. Workshop attendees were asked to submit position papers. These
These papers are published on the IAB website [CFP]. papers are published on the IAB website [CFP].
The Workshop was conducted under Chatham House rule [CHATHAM-HOUSE], The workshop was conducted under the Chatham House Rule
meaning that statements cannot be attributed to individuals or [CHATHAM-HOUSE], meaning that statements cannot be attributed to
organizations without explicit authorization. individuals or organizations without explicit authorization.
A.1. Agenda A.1. Agenda
This section outlines the broad areas of discussion on each day. This section outlines the broad areas of discussion on each day.
A.1.1. Thursday 2019-07-18 A.1.1. Thursday 2019-07-18
Web Packaging Overview:&#173;&#173;&#173;&#173; A technical summary Web Packaging Overview: A technical summary of Web Packaging was
of Web Packaging was provided, plus a longer discussion of a range provided, plus a longer discussion of a range of use cases.
of use cases.
Web Packaging and Aggregators: The use of web packaging from the Web Packaging and Aggregators: The use of Web Packaging from the
perspective of a content aggregator was given. perspective of a content aggregator was given.
Web Packaging and Publishers: After a break, presentations from web Web Packaging and Publishers: After a break, presentations from web
publishers talked about the benefits and costs of Web Packaging. publishers talked about the benefits and costs of Web Packaging.
This included some discussion of the effect of developing AMP- This included some discussion of the effect of developing AMP-
conformant versions of content from a publisher perspective. conformant versions of content from a publisher perspective.
Web Packaging and Security: This session concentrated on how the Web Web Packaging and Security: This session concentrated on how the Web
Packaging proposal might affect the Web security model. Packaging proposal might affect the web security model.
Alternatives to Web Packaging: This session looked at alternative Alternatives to Web Packaging: This session looked at alternative
technologies, including those that were attempted in the past and technologies, including those that were attempted in the past and
some more recent ideas for addressing the use case of making web some more recent ideas for addressing the use case of making web
navigations more performant. navigations more performant.
A.1.2. Friday 2019-07-19 A.1.2. Friday 2019-07-19
Web Archival: This session talked about the potential application of Web Archival: This session talked about the potential application of
a technology like Web Packaging in addressing some of the myriad a technology like Web Packaging in addressing some of the myriad
problems faced by web archival systems. problems faced by web archival systems.
Book Publishing: A discussion of the effect of technologies for Book Publishing: The effect of technologies for bundling and
bundling and distribution of books. distribution of books was discussed.
Conclusions: A wrap up session attempted to capture key learnings Conclusions: A wrap-up session attempted to capture key takeaways
from the Workshop. from the workshop.
A.2. Workshop Attendees A.2. Workshop Attendees
Attendees to the Workshop are listed with their primary affiliation Attendees of the workshop are listed with their primary affiliation
as it appeared in submissions. Attendees from the program committee as it appeared in submissions. Attendees from the program committee
(PC), the Internet Architecture Board (IAB), and Internet Engineering (PC), the Internet Architecture Board (IAB), and the Internet
Steering Group (IESG) are also marked. Engineering Steering Group (IESG) are also marked.
o Sawood Alam, Old Dominion University
o Jari Arkko, Ericsson (IAB)
o Richard Barnes, Cisco
o Robin Berjon, New York Times (PC)
o Zack Bloom, Cloudflare
o Abraham Brewster, Patch.com
o Alissa Cooper, Cisco (IESG, IAB)
o Dave Cramer, Hachette Book Group
o Melissa DePuydt, Washington Post
o Levi Durfee, AMP Advisory Committee
o Rudy Galfi, Google
o Joseph Lorenzo Hall, Center for Democracy & Technology (PC)
o Matthew Nelson, Washington Post
o Michael Nelson, Old Dominion University
o Mark Nottingham, Fastly (IAB, PC)
o Shigeki Ohtsu, Yahoo
o Eric Rescorla, Mozilla
o Adam Roach, Mozilla (IESG)
o Rich Salz, Akamai Technologies
o Wendy Seltzer, W3C
o David Strauss, Pantheon (PC)
o Chi-Jiun Su, Hughes
o Ralph Swick, W3C
o Martin Thomson, Mozilla (IAB, PC)
o Jeffrey Yasskin, Google
o Dan York, Internet Society
o Benjamin Young, John Wiley & Sons * Sawood Alam, Old Dominion University
* Jari Arkko, Ericsson (IAB)
* Richard Barnes, Cisco
* Robin Berjon, New York Times (PC)
* Zack Bloom, Cloudflare
* Abraham Brewster, Patch.com
* Alissa Cooper, Cisco (IESG, IAB)
* Dave Cramer, Hachette Book Group
* Melissa DePuydt, Washington Post
* Levi Durfee, AMP Advisory Committee
* Rudy Galfi, Google
* Joseph Lorenzo Hall, Center for Democracy & Technology (PC)
* Matthew Nelson, Washington Post
* Michael Nelson, Old Dominion University
* Mark Nottingham, Fastly (IAB, PC)
* Shigeki Ohtsu, Yahoo
* Eric Rescorla, Mozilla
* Adam Roach, Mozilla (IESG)
* Rich Salz, Akamai Technologies
* Wendy Seltzer, W3C
* David Strauss, Pantheon (PC)
* Chi-Jiun Su, Hughes
* Ralph Swick, W3C
* Martin Thomson, Mozilla (IAB, PC)
* Jeffrey Yasskin, Google
* Dan York, Internet Society
* Benjamin Young, John Wiley & Sons
Appendix B. Web Packaging Overview Appendix B. Web Packaging Overview
Web Packaging is comprised of two separate technologies: resource Web Packaging is comprised of two separate technologies: resource
bundling [BUNDLE] and signed exchanges [SXG]. bundling [BUNDLE] and signed exchanges [SXG].
In both the submissions and Workshop discussion, the most In both the submissions and workshop discussion, the most
controversial aspect of the technology is the use of signed exchanges controversial aspect of the technology is the use of signed exchanges
as an alternative means of providing authority over a particular as an alternative means of providing authority over a particular
resource, for a few different reasons. resource, for a few different reasons.
This appendix explains how authority works on the Web and how Web This appendix explains how authority works on the Web and how Web
Packaging proposes to change that. Packaging proposes to change that.
B.1. Authority in HTTPS B.1. Authority in HTTPS
The web currently uses HTTPS [HTTP] to establish a server's authority The Web currently uses HTTPS [HTTP] to establish a server's authority
- that is, to give an assurance that the content came from where the -- that is, to give an assurance that the content came from where the
URL implies. The combination of URI scheme (https), domain name (or URL implies. The combination of URI scheme (https), domain name (or
host), and port number are formed into a single identifier, the host), and port number are formed into a single identifier, the
origin [ORIGIN] to which content is attributed. origin [ORIGIN] to which content is attributed.
Web browsers use the certificate offered as part of a TLS connection Web browsers use the certificate offered as part of a TLS connection
[TLS] to servers in determining whether a server is authoritative for [TLS] to servers in determining whether a server is authoritative for
that origin; see [ORIGIN] and Section 9.1 of [HTTP]. Content is that origin; see [ORIGIN] and Section 9.1 of [HTTP]. Content is
attributed to a given URL only if it is received from a connection to attributed to a given URL only if it is received from a connection to
a server that is authoritative for the associated origin. a server that is authoritative for the associated origin.
As an example, a web browser seeking to load "https://example.com/ As an example, a web browser seeking to load "https://example.com/
index.html" makes a TLS connection to a server. As part of the TLS index.html" makes a TLS connection to a server. As part of the TLS
connection establishment, the server offers a certificate for the connection establishment, the server offers a certificate for the
name "example.com". If the browser accepts the certificate, it will name "example.com". If the browser accepts the certificate, it will
then make requests for URLs on the "https://example.com" origin on then make requests for URLs on the "https://example.com" origin on
that connection and consider any answers the server to be that connection and consider any answers from the server to be
authoritative. authoritative.
This notion of authority is a crucial property of web security: only This notion of authority is a crucial property of web security: only
content that is attributed to the same web origin can access all content that is attributed to the same web origin can access all
information in that origin, including the content of most resources information in that origin, including the content of most resources
as well as state associated with the origin, such as cookies. This as well as state associated with the origin, such as cookies. This
separation ensures that sites can keep secrets from each other, even separation ensures that sites can keep secrets from each other, even
when they are both loaded in the same browser. when they are both loaded in the same browser.
B.2. Authority in Web Packaging B.2. Authority in Web Packaging
Web Packaging, through the use of signed exchanges, aims to provide Web Packaging, through the use of signed exchanges, aims to provide
an alternative means of establishing authority. A signed exchange is an alternative means of establishing authority. A signed exchange is
an expression of an HTTP request and response (an exchange) with an expression of an HTTP request and response (an exchange) with
certain information stripped and a digital signature applied. certain information stripped and a digital signature applied.
The signature is made with a similar certificate to the one a server The signature is made with a similar certificate to the one a server
might offer in HTTPS - that certificate can also be used for HTTPS - might offer in HTTPS -- that certificate can also be used for HTTPS
but it includes a special attribute that denotes its suitability for -- but it includes a special attribute that denotes its suitability
signed exchanges. for signed exchanges.
A web browser that has been provided with a signed exchange can A web browser that has been provided with a signed exchange can
verify the signature, and - if the signature is valid and the verify the signature and, if the signature is valid and the
certificate is acceptable - use the content from the signed exchange. certificate is acceptable, use the content from the signed exchange.
Critically, the web browser does not make an HTTPS connection to a Critically, the web browser does not make an HTTPS connection to a
server to get the content or to verify the signature. server to get the content or to verify the signature.
In effect, Web Packaging moves from a model where authority is In effect, Web Packaging moves from a model where authority is
derived from the delivery method (i.e., TLS) to an object security derived from the delivery method (i.e., TLS) to an object security
model, where authority is derived from a signature on objects. In model, where authority is derived from a signature on objects. In
doing so, it aims to render the means of delivery irrelevant to doing so, it aims to render the means of delivery irrelevant to
determinations of security. determinations of security.
B.3. Applicability B.3. Applicability
Web Packaging does not claim to supplant the authority model of the Web Packaging does not claim to supplant the authority model of the
Web completely, but to provide an alternative that might be used Web completely, but it does provide an alternative that might be used
under certain narrow conditions. In particular, Web Packaging is under certain narrow conditions. In particular, Web Packaging is
intended for use with content that is not secret from an entity that intended for use with content that is not secret from an entity that
is aware of the existence of that content. is aware of the existence of that content.
In aid of this goal, web packaging does not include information from In aid of this goal, Web Packaging does not include information from
exchanges that is related either the process of acquiring content as exchanges that is related to the process of acquiring content nor
well as any information that relates to individual requests. For does it include any information that is related to individual
instance, use of the Set-Cookie header field is expressly forbidden, requests. For instance, use of the Set-Cookie header field is
as it often contains information that is related to a particular expressly forbidden, as it often contains information that is related
user. to a particular user.
B.4. The AMP Format, Google Search Results, and Web Packaging B.4. The AMP Format, Google Search Results, and Web Packaging
The relationship between the AMP Project https://amp.dev/ [3] and Web The relationship between the AMP Project <https://amp.dev/> and Web
Packaging is complicated. The AMP Project, sponsored by Google, Packaging is complicated. The AMP Project, sponsored by Google,
establishes a profile of HTML with a stated goal of providing support establishes a profile of HTML with a stated goal of providing support
for the best practices for the format, with a strong emphasis on for the best practices for the format, with a strong emphasis on
performance. The format tightly constrains the use of HTML features performance. The format tightly constrains the use of HTML features
but also offers a library of components that provide sanitized but also offers a library of components that provide sanitized
implementations of many commonly used capabilities. implementations of many commonly used capabilities.
The connection to Web Packaging is bound up in the way that Google The connection to Web Packaging is bound up in the way that Google
Search treats AMP content specially. AMP content provides two Search treats AMP content specially. AMP content provides two
properties that Google Search exploits: metadata exposure and static properties that Google Search exploits: metadata exposure and static
analysis of active content. analysis of active content.
AMP content provides metadata in a form that can be reliably AMP content provides metadata in a form that can be reliably
extracted, using the microformats defined by the Schema.org project extracted, using the microformats defined by the Schema.org project
https://schema.org/ [4]. This aspect of AMP has no effect on the <https://schema.org/>. This aspect of AMP has no effect on the
discussion, except to the extent that this relates to Google Search discussion, except to the extent that this relates to Google Search
and their use of this metadata in populating the carousel. and their use of this metadata in populating the carousel.
Constrained use of active content - such as JavaScript - in AMP makes Constrained use of active content -- such as JavaScript -- in AMP
it possible to analyze content to verify that actions taken are makes it possible to analyze content to verify that actions taken are
narrowly limited. This static analysis assures that AMP content can narrowly limited. This static analysis assures that AMP content can
be served without affecting other content on the same site. For be served without affecting other content on the same site. For
Google Search, this is what enables the loading of AMP content Google Search, this is what enables the loading of AMP content
alongside search content and other AMP resources. alongside search content and other AMP resources.
To provide preloading, Google operates an AMP Cache To provide preloading, Google operates the Google AMP Cache
https://developers.google.com/amp/cache/ [5], from which AMP content <https://developers.google.com/amp/cache/>, from which AMP content is
is served. As a consequence, browsers attribute the content to the served. As a consequence, browsers attribute the content to the
origin [ORIGIN] of the AMP Cache and not the publisher, creating some origin [ORIGIN] of the AMP Cache and not the publisher, creating some
confusion about how content is attributed, as discussed in the W3C confusion about how content is attributed, as discussed in the W3C
finding on distributed content [TAG-DC]. finding on distributed content [TAG-DC].
An important goal of Web Packaging is to attribute content loaded An important goal of Web Packaging is to attribute content loaded
from a cache, such as the AMP cache, to the publisher that created from a cache, such as the Google AMP Cache, to the publisher that
that content. For more on this see Section 2.1. created that content. For more on this, see Section 2.1.
IAB Members at the Time of Approval
Internet Architecture Board members at the time this document was
approved for publication were:
Jari Arkko
Alissa Cooper
Stephen Farrell
Wes Hardaker
Ted Hardie
Christian Huitema
Zhenbin Li
Erik Nordmark
Mark Nottingham
Melinda Shore
Jeff Tantsura
Martin Thomson
Brian Trammell
Authors' Addresses Authors' Addresses
Martin Thomson Martin Thomson
Email: mt@lowentropy.net Email: mt@lowentropy.net
Mark Nottingham Mark Nottingham
Email: mnot@mnot.net Email: mnot@mnot.net
 End of changes. 130 change blocks. 
368 lines changed or deleted 359 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/