There is a jurisdictional issue brewing over the future of internet standards - I know because I'm stirring the pot. The dispute is between the WHATWG and the IETF regarding the specification process for the websocket protocol (which I have some concerns about, but none the less is supported by Jetty).
The IETF
is the body that has been responsible for developing and/or
standardizing the vast majority of protocols which run the internet:
HTTP, FTP, SMTP, etc. It has an open collaborative based process based
on working code and rough consensus and is overseen by the Internet
Society, a non profit organization with membership open to all.
The WHATWG
was formed in response to concerns about the W3C's evolution of HTML
and has been instrumental in developing the HTML5 standards. It is
essentially a browser vendor consortium that is governed by an invitation only committee
and lead by a Google employee. While it's process is conducted openly
and all are invited to participate, only the appointed editor has any
power in the actual decision making process. The editor is appointed by
the browser vendors.
The majority of the
WHATWG efforts have been about HTML5, and most welcome the advances
they are driving in the browsers. However, the websocket API and
protocol have also come out of the HTML5 work and specify a new
protocol that will run over ports 80/443, that will start off looking
kind of like HTTP, but is expressly not HTTP.
Making
the internet work well by producing quality standards is exactly the
mission statement of the IETF. So a new protocol running over port 80
is definitely something that falls within the scope of the the IETF
mission. The WHATWG were invited to submit their protocol as a IETF
draft document, which they did and the IETF after due process has
formed the hybi working group to " take on prime responsibility for the specification of the WebSockets protocol". This appears to have shocked
the WHATWG and they saying that they do not wish to relinquish
editorial control of the protocol. It appears they were hoping for a
rubber stamp from the IETF.
Meanwhile, Google's Chrome browser has started shipping with the websocket protocol enabled and it is expected that other browser vendors in the WHATWG consortium will soon follow. The argument has been made that it's "already shipping", so it's too late to make any significant changes to the protocol.
The
problem is that the protocol has been developed by only a fragment of
the internet industry, and essentially by a single company within that
fragment. There has been no consensus sought or obtained from the wider
internet community - ie servers, routers, bridges, proxies, firewalls,
caches, load balancers, aggregators, offloaders, ISPs, filters,
corporate security policies, traffic monitoring, billing, accounting,
shaping, application frameworks etc. etc. These communities and
vendors are waking up to a world where the traffic they expected over
port 80/443 aint what it used to be. Their products and services will
be broken, bypassed or at best co-opted for unintended usage. They had
no real voice in this change. Many would not have even realized that
the HTML5 effort was going to substantially change the wire protocol.
It is easy to present this state of affairs as a takeover of port 80 by Google so that they can get Wave
to work better. That google expect the rest of the industry to
scramble to make the changes necessary to allow websockets to tunnel
through the infrastructure unhindered by any concerns other than
connectivity to Google. I know that this characterization of the
situation will be taken as personally insulting to the individuals
involved, who I'm sure are acting in good faith and not as part of some
conspiracy. However, the power of group-think is significant and
individuals are greatly affected by the environment that they operate
in. Conflicts of interest are avoided by not by peoples best
intentions, but by not creating processes that are inherently
conflicted.
I don't mean to be too Machiavellian about this, but if the IETF does not assert is roll as the primary internet standards body, then the outcome will essentially be that a Google led consortium has taken over port 80. Note that Google are also doing some great research on a HTTP replacement protocol called SPDY, which is showing some excellent promise. SPDY might be the way of the future, but do we really want it to arrive by having google simply start shipping it in Chrome? If we let port 80 be taken by websockets without consensus, then could happen with HTTP as well (mwah ha ha ha)!
The websocket protocol as specified by the WHATWG might indeed be wonderful, but unless we follow due process, we will not really know that it is. The IETF has a truly open process based on rough consensus in which all are welcome to participate. They have a proven track record and have overseen the standards that have withstood the unprecedented growth in the internet. The IETF are the natural body to oversee standardization of internet protocols and there is no evidence that this task would be better handled by a closed industry consortium lead by Google.
My
suggestion of how to break this impasse, is for the WHATWG to continue
to be the editor of the current specification and to push forward with
the deployment of 1.0, which essentially ignores intermediaries and
proxies anyway. In parallel, the IETF should continue with their
working group to develop the 1.1 specification based on 1.0, but with
an all-of-industry rough consensus.
