Meeting minutes
Web & Networks IG introduction
DanD: Song from China Mobile, Sudeep from INtel and I (from AT&T) are co-chairs of Web & Networks IG
… Dom is our staff contact
Slideset: https://
DanD: our agenda today will cover an overview of our group's work and progress
… hopefully useful starting point for later reading
… next we'll dive into Edge Use Cases & Requirements
… followed by an open discussion
Web & Networks IG introduction
[slide 7)
<sudeep> Link to WNIG Wiki: https://
Jake: breakout scheduled tomorrow on multicast, with focus on security discussions
<jholland> tomorrow's multicast breakout: https://
Michael: we're mostly focused on edge offload
… maybe this should expand to split browser, but that's not part of what we've doing so far
Client-Edge-Cloud coordination Use Cases and Requirements
Slideset: https://
Michael: our 13 use cases could still be improved from a categorization perspective
Michael: some of the main drivers for edge computing are latency and privacy
… e.g. in AR, tracking the environment and overlaying information on the environment needs to happen with very low latency
… cloud is ~10x slower to reach than an edge node
… using edge computing is applicable both for webapps and IoT - I'm also a co-chair of the Web oF things WG
Michael: what kind of businesses & users will be using these systems, with what kind of needs & priorities
… what are their business models and why would they do this?
… we will cross-reference these stakeholders with our use cases
Michael: these requirements derive from our use cases
… a common requirement is improved performance
… some of the requirements are up for negotiation
… compatibility with existing APIs vs building a new one
Michael: 2 proposals: one focused on seamless code sharing baed on WASM, benefitting from the JS/WASM sandbox
… the other is distributed worker, extending the existing threading model in browsers based on Workers
… the comm model they use could be extended to instantiate a worker on a remote machine
… Web of Things has ongoing work on discovery that could be used for compute utility discovery
… Both of these are extended the web model beyond client & server, to a distributed model, some of the resources being location sensitive
<Max__Liu> +
DavidE: what is WASM?
Michael: WebAssembly provides a binary representation of machine bytecode, that operates in sandboxed runtime with near native performance
… similar to LLVM
Max: detailed use cases are available in the document
Client-Edge-Cloud coordination Use Cases and Requirements
Max: I also want to mention that we've been focused on use cases & requirements, with only high level initial proposals for solutions
… the purpose is to gather enough interest for this work
Michael: we're trying to establish feasability and the potential path to standardization
<DanD> +
Michael: we need to prioritize requirements (essential vs nice to have)
<DanD> +1
CPN: you mentioned extending a worker to offload compute
… are there solutions out there that could inform what kind of standardization would be helpful?
Michael: Akamai has EdgeWorkers; Fastly runs WASM on the edge
… but they're not using standardized interfaces so can't be deployed seamlessly by developers without adapting to each CDN providers
chris: could this be captured in the document?
Michael: that's what we would want to achieve by cross-referencing stakeholders with use cases / requirements
Chris: I'm not necessarily suggesting to capture in the document, but it's useful information to gather
DanD: thanks for putting this together, and it helps consolidating the many ideas that have been floating around
… the trust model with the edge computing for the Web is a very critical aspect
… things that are in a given administrative domain has a well-defined trust boundary compared to a fully open web setup
… CDNs typically represent content providers, they're an extension of content providers
… what would be the relationship between the ISP and the content provider?
… it's not just technical solutions, this needs to be grounded reality
Michael: does the end user trust the edge computer? does the edge provider trust the code it is running?
… a threat could be drive-by mining that would steal my computing resources
… Sandboxing helps with running untrusted code
… harder to protect the code from the platform - probably best addressed by a social solution
Michael: this could be dealt with in a way similar to permissions e.g. to access camera
DanD: there is also the possibility to extend the same origin policy as long as the edge is seen as an extension to the server
… it's all about who has a relationship with whom
… it's not just the trust, it's also about not abusing the resource
Michael: CORS is designed for developers to delegate access to another developer
Dom: Delegating to the edge, question about trust, when you're using edge resources, the content provider is paying. If it's under user control, does the user pay?
… Are there business models that enable that? We should clarify how the computing delegation would work in practice, don't know if there are examples today
michael: it enables new business models
… today the content provider pays a CDN for edge resources
… if that moves to the user, it could be bundled into an ISP plan
Max: regarding the trust model, it's already covered a bit - it varies across use cases, with different business models
… there are existing B2B models for cloud->edge
… the service provider pays the fee to the edge computing provider
… we should consider the same origin policy of the web architecture
… for consitency
<Zakim> dezell, you wanted to talk about sandboxing
David: re sandboxing - how much thoughts have been put into keyvault / software validation?
… PCI regulations enforced rules in terms of private key generation and management
… how do you prevent a user asked to do something that might be appropriate?
… very hard questions to consider
jholland: the developer-controlled vs user-controlled models
… they're very different use cases with very different control surfaces, different trust model and sandboxing constraints
… there may be some similar aspects
… but they should be approached as different APIs that might be able to share a component
DanD: my suggestion for Michael & Max: we went through use cases and requirements
… there may be an opportunity to look at the different offloading models (developer centric vs user centric)
… the different realms of controls (enterprise vs user)
… I think it would be worth digging more into these questions
McCool: re user vs dev - a user could be an enterprise wanting to do sensitive work on their premises or using their own machine
… e.g. Web Apps doing video processing
… Establishing the right trust model is key
Jake: I would suggest an enterprise capability could operate under a developer centric model, vs a home user
McCool: we should add discussion of this topic in the doc
… there are similar components around workload packaging, sandboxing
Max__Liu: +1 to Dan's suggestion
… we'll put more analysis on this topic in the document
sudeep: the sandboxing and trust models sounds like important topics
… we have the <script> tag that allows to run JS - could it be extended to allow the user to establish trust with the edge node?
McCool: the value of Worker is that they operate in a different thread/memory space, which isn't the case of the <script> tag
Yan: re security model, a user centric trust model is key to forward looking standards
McCool: SOLID is also an interesting approach to manage private data
… managing keys in the LAN doesn't work well with browsers
Yan: I'm also involved in the VC & DID WGs which could help
acl Piers_O_Hanlon
Piers_O_Hanlon: could be useful to distinguish the user data from the code
… privacy around the data that is being processed vs the code that is doing the processing
… one can secure the code or use sub-resource-integrity to ensure it hasn't been tampered with
… the data flows then get processed by that
… homomorphic encryption might provide a useful way to protect the data from the edge
Yan: we use a trust zone to run the code
… for the data, we use VC to preserve the privacy of data itself
McCool: separating data and code fits well with stateless computing models
… with the sandbox, we could control the connections the code can make to avoid it to send the data to any other endpoint
Piers_O_Hanlon: users may have their credentials used by the edge to accomplish tasks on their behalf
McCool: homomorphic processing is probably not ideal if you're looking at performance as a goal
McCool: next step includes discussing the aspects that were raised today around security / trust
DanD: there is also an opportunity to look at the gap analysis
… are the standards identified going to fulfill the needs? or what will it take to make them so?
… incl WASM, CORS
… How can we extend the dialogue? DO we need dedicated calls to help make progress?
… does it have the elevated visibility an activity on its own?
<Zakim> jeff, you wanted to comment on next steps
Jeff: looking at the current editors draft of the use cases doc, it's already a pretty impressive document
… on the balance of making it even better or moving forward with the gap analysis and addressing it
… the weight of the effort needs to shift towards resolving the gap
… this may require cross-meeting with other groups
… figure who should address the gaps and how we ensure progress
… possibly with a new CG
McCool: we need to get more stakeholders at the table
… what can we do to increase engagement?
Max__Liu: we probably need a CG, a dedicated way to focus on how to move forward
… I personally think that before we go to a WG, we can prepare a charter
… or a CG that focuses on the topic, which could be more open to non-W3C members and open source projects
… helps with greater engagement
… key is pushing progress on the work coordination more than on the draft
<Zakim> jeff, you wanted to support Michael's idea about stakeholders
jeff: before reaching out to more stakeholders, we need greater clarity on the next steps (incubation vs WG vs existing groups)
… in terms of stakeholders, there is a long list of stakeholders that used to be but are no longer W3C members that came in the Mobile Initiative days
… we should reach out to them as we're making progress in deploying our action plan
McCool: +1 to outreach
… re CG vs WG - we can't have a WG until we know exactly what deliverables we need
… a CG or an IG focused on doing that would be a useful next step
jeff: we already have the IG
McCool: but the name of the IG doesn't scream "edge computing"
DanD: two different things we're talking: making the story crisper (with doc improvements)
… and gathering input & support, administrative stuff
… they can be done in parallel
… If we need an edge IG, or a CG
… we still need to improve the gap analysis in terms of what other groups need to provide & support
… figure out the incentives for the stakeholders
… we talked about organizing some sort of the workshop to help moving forward
Max: a CG being more open is helpful compared to an IG
… we can also have a liaison with the IG to report back what would happen in the CG
… the CG could have more frequent teleconferences
DanD: Thanks again for showing up and for the very fruitful discussions