Internet DRAFT - draft-bishop-httpbis-push-cases

draft-bishop-httpbis-push-cases







HTTPbis                                                        M. Bishop
Internet-Draft                                                    Akamai
Intended status: Informational                             June 28, 2018
Expires: December 30, 2018


                      HTTP/2 Server Push Use Cases
                   draft-bishop-httpbis-push-cases-00

Abstract

   HTTP/2 defines the wire mechanics of Server Push.  Though the
   mechanics of how a pushed resource is delivered are well-specified,
   the use cases that describe which resources can be pushed, in what
   states, and for what purpose are not described in HTTP/2.  As a
   result, support between implementations varies widely.

   This document attempts to enumerate interesting scenarios, in hopes
   that a more concrete taxonomy can assist the community in arriving at
   a standard set of supported scenarios.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on December 30, 2018.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect



Bishop                  Expires December 30, 2018               [Page 1]

Internet-Draft               Push Use Cases                    June 2018


   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Types of Resources  . . . . . . . . . . . . . . . . . . . . .   3
     2.1.  Browser Scenarios . . . . . . . . . . . . . . . . . . . .   3
       2.1.1.  Static DOM contents . . . . . . . . . . . . . . . . .   3
       2.1.2.  Updated DOM contents  . . . . . . . . . . . . . . . .   4
       2.1.3.  Requests made by local script execution . . . . . . .   4
     2.2.  Non-Browser Scenarios . . . . . . . . . . . . . . . . . .   4
       2.2.1.  Subsequent API Requests . . . . . . . . . . . . . . .   4
       2.2.2.  Streaming APIs  . . . . . . . . . . . . . . . . . . .   4
   3.  Types of Pushes . . . . . . . . . . . . . . . . . . . . . . .   5
     3.1.  Pre-Satisfying Requests . . . . . . . . . . . . . . . . .   5
     3.2.  Cache Population  . . . . . . . . . . . . . . . . . . . .   5
     3.3.  Cache Revalidation  . . . . . . . . . . . . . . . . . . .   5
     3.4.  Cache Invalidation  . . . . . . . . . . . . . . . . . . .   6
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   6
   5.  Informative References  . . . . . . . . . . . . . . . . . . .   6
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   6

1.  Introduction

   HTTP is fundamentally a request/response mechanism.  Each request
   specifies some action (often content retrieval) which the user agent
   wishes the server to perform on a resource and return the result of
   the action.

   However, when a response triggers a subsequent request, network and
   processing delays cause this subsequent request not to begin
   immediately.  The client must receive the initial response (0.5 RTT
   network delay), parse it and identify the next request
   (implementation- and page-dependent), then send the request back to
   the server (0.5 RTT network delay) before the server can begin to
   satisfy the request.

   Some mechanisms attempt to reduce the client processing time by
   enumerating important follow-up requests in HTTP headers or at the
   beginning of the response payload.  However, these techniques still
   incur at least 1 RTT of network delay before the server receives the
   subsequent request.  Depending on the distance between client and
   server, this delay might be significant.





Bishop                  Expires December 30, 2018               [Page 2]

Internet-Draft               Push Use Cases                    June 2018


   HTTP/2 defines Server Push, a paradigm in which the server can also
   return the results of actions the user agent did _not_ request.  In
   order to preserve the request-response semantics of HTTP, the server
   first "promises" something by supplying the request to which it will
   later provide a response as if the user agent had made the supplied
   request.  Push is also restricted to methods which are defined to be
   safe and cacheable.  (Though the response itself need not be
   cacheable.)

   A push is always associated directly with a client-generated request.
   No chaining is permitted (a push cannot be associated with another
   push), nor can a push be promised after the client-initiated stream
   has closed, though a promised push can be fulfilled at any subsequent
   time.

   This document is an attempt to enumerate categories of resources and
   situations in which a server might choose to push a resource.

2.  Types of Resources

2.1.  Browser Scenarios

   The most visible use case for HTTP is the web browser.  Because a web
   page is composed of a large number of resources, often spread across
   different domains, browsers issue a complex series of requests in the
   course of rendering a page.  However, because browsers are generating
   these requests based on the combination of server-supplied content
   (the initial response) and local state (the contents of the cache, if
   any), the server is able to partially predict the client's rendering
   behavior.  Efforts to standardize the download process between
   clients ([FETCH]) and to supply more information about the local
   state to the server ([I-D.ietf-httpbis-cache-digest]) will improve
   the server's ability to predict such subsequent requests.

   However, web pages are increasingly dynamic, and this makes the
   browser's job of determining what is logically connected with the
   initial request more complex.

2.1.1.  Static DOM contents

   This is almost universally-supported among browsers.  If the resource
   directly references another resource, either via Link headers
   ([RFC5988]) or via the entity body, almost all browsers will accept a
   match for this resource served as a push.

   Such resources are typically CSS, JavaScript, images, or other
   elements required for the rendering or functionality of the page.




Bishop                  Expires December 30, 2018               [Page 3]

Internet-Draft               Push Use Cases                    June 2018


2.1.2.  Updated DOM contents

   After the DOM is constructed, it can be locally modified.  Some web
   sites consist of very sparse static content, then rely on the
   execution of scripts locally to create DOM elements or update
   existing elements to reference new target resources.

2.1.3.  Requests made by local script execution

   The locally executed script, rather than updating DOM elements, is
   also able to directly generate new HTTP requests (typically so that
   they can populate DOM elements by script).  Many sites have expressed
   use-cases for pre-answering queries their script would generate in
   response to user action.

   For example, the page might contain a list of e-mails, with script
   populating the contents of the e-mail once the user clicks a list
   entry.  If a site author knows the user is likely to click one of the
   first three unread e-mails, the contents of those e-mails are
   reasonable candidates for Server Push.

2.2.  Non-Browser Scenarios

   Non-browser scenarios can typically be analyzed as an API.

2.2.1.  Subsequent API Requests

   There is substantial overlap between non-browser scenarios and the
   in-browser script scenario described in Section 2.1.3.  In both
   cases, the server is predicting subsequent API calls based on where
   it believes the client is in the process of execution.

   If the server can predict subsequent actions, it can pre-satisfy the
   most likely cases in order to minimize latency.

2.2.2.  Streaming APIs

   Some APIs do not fit well with the request-response model of HTTP,
   but are better understood as a subscription to an event or a data
   stream.  Push can be used in this model, as in [RFC8030], by opening
   a request which never completes and pushing new data to the client as
   it becomes available.

   Some implementations of push do not make incoming push streams
   available to clients unless the client makes a request for the
   corresponding URL.  As a result, clients and servers implementing
   this pattern might wish to also use the original request to stream
   back the resource identifiers which are being pushed.



Bishop                  Expires December 30, 2018               [Page 4]

Internet-Draft               Push Use Cases                    June 2018


3.  Types of Pushes

   In addition to pushing different resources, push can be delivered in
   different ways and for different purposes.

3.1.  Pre-Satisfying Requests

   The most common and most widely supported variety of push simply
   provides a request that the client is expected to make, along with a
   successful (typically 200) response carrying the content.

3.2.  Cache Population

   Pushing resources into the client cache has been a subject of some
   controversy.  Almost all browsers implement a separate and ephemeral
   cache of pushed resources and do not allow pushed resources to write
   directly into the HTTP cache, theoretically as a mitigation against
   populating the cache with content that will never actually be needed.

   However, mechanisms such as Link headers ([RFC5988]) with the
   "rel=preload" attribute can cause the browser to request any
   resource, and these headers are also under the server's control.  As
   a result, any client that implements Section 3.1 will also enable
   cache population with one additional step.

3.3.  Cache Revalidation

   While no user agents are known to support this, a server could
   hypothetically pre-validate stale items in the client's cache by
   pushing a conditional request (If-Not-Match or If-Not-Modified) for a
   resource it believes is already in the cache and a 304 (Not Modified)
   response.

   Such a push could be consumed directly by the cache (updating the
   validity of the cached object) or treated as a pre-satisfied request
   should the cache attempt to revalidate an expired object.  The former
   will tend to extend the lifetime of the cached object on each use,
   while the latter will not affect the object unless it has expired.

   A push which attempts to revalidate content which is no longer cached
   could be treated equivalently to a preload link, a suggestion that
   this content might soon be needed.  Triggering a follow-up request
   for the full body might improve performance.








Bishop                  Expires December 30, 2018               [Page 5]

Internet-Draft               Push Use Cases                    June 2018


3.4.  Cache Invalidation

   Alternatively, the server could push an unconditional request for the
   resource, but use the HEAD method instead of GET.  If interpreted
   appropriately by a user agent, this could revalidate a matching item
   in the cache, or invalidate an item even if the user agent currently
   believes the item to be fresh.

4.  Security Considerations

   There probably are some.  The existing mitigations against gratuitous
   pushes are largely ineffective (see Section 3.2), but clients MUST
   verify that servers are authoritative for any resources they attempt
   to push, regardless of the scenario being considered.

5.  Informative References

   [FETCH]    "Fetch Living Standard", n.d.,
              <https://fetch.spec.whatwg.org>.

   [I-D.ietf-httpbis-cache-digest]
              Oku, K. and M. Nottingham, "Cache Digests for HTTP/2",
              draft-ietf-httpbis-cache-digest-02 (work in progress), May
              2017.

   [RFC5988]  Nottingham, M., "Web Linking", RFC 5988,
              DOI 10.17487/RFC5988, October 2010,
              <https://www.rfc-editor.org/info/rfc5988>.

   [RFC7540]  Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext
              Transfer Protocol Version 2 (HTTP/2)", RFC 7540,
              DOI 10.17487/RFC7540, May 2015,
              <https://www.rfc-editor.org/info/rfc7540>.

   [RFC8030]  Thomson, M., Damaggio, E., and B. Raymor, Ed., "Generic
              Event Delivery Using HTTP Push", RFC 8030,
              DOI 10.17487/RFC8030, December 2016,
              <https://www.rfc-editor.org/info/rfc8030>.

Author's Address

   Mike Bishop
   Akamai

   Email: mbishop@evequefou.be






Bishop                  Expires December 30, 2018               [Page 6]