Httpbis H. Ruellan Internet-Draft Y. Fablet Intended status: Experimental R. Bellessort Expires: December 16, 2016 F. Denoual F. Maze Canon CRF June 14, 2016 Accept-Push-Policy Header Field draft-ruellan-http-accept-push-policy-02 Abstract The "Accept-Push-Policy" and "Push-Policy" header fields enable a client and a server to negotiate the behaviour of the server regarding the usage of push on a per-request basis. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on December 16, 2016. Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of Ruellan, et al. Expires December 16, 2016 [Page 1] Internet-Draft Accept-Push-Policy June 2016 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 2. Push Control Use Cases . . . . . . . . . . . . . . . . . . . 3 2.1. Adapting Push Behaviour . . . . . . . . . . . . . . . . . 3 2.2. Load Balancer . . . . . . . . . . . . . . . . . . . . . . 4 2.3. MPEG-DASH Fast Start . . . . . . . . . . . . . . . . . . 4 2.4. Fast Page Load . . . . . . . . . . . . . . . . . . . . . 5 2.5. WebPush Receipt Handling . . . . . . . . . . . . . . . . 5 2.6. Use Cases Requirements . . . . . . . . . . . . . . . . . 5 3. Push Policy . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1. The Accept-Push-Policy Header Field . . . . . . . . . . . 6 3.2. Push-Policy Header Field . . . . . . . . . . . . . . . . 6 3.3. Push Policy Values . . . . . . . . . . . . . . . . . . . 7 3.3.1. None Push Policy . . . . . . . . . . . . . . . . . . 7 3.3.2. Head Push Policy . . . . . . . . . . . . . . . . . . 8 3.3.3. Default Push Policy . . . . . . . . . . . . . . . . . 8 3.3.4. Fast-Load Push Policy . . . . . . . . . . . . . . . . 8 3.3.5. Push-Limit Push Policy . . . . . . . . . . . . . . . 9 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 5. Security Considerations . . . . . . . . . . . . . . . . . . . 10 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 6.1. Normative References . . . . . . . . . . . . . . . . . . 10 6.2. Informative References . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 1. Introduction HTTP/2 [RFC7540], the new version of the HTTP protocol, not only provides significant improvements compared to HTTP/1.1 (see [RFC7230] and [RFC7231]), but also provides several new features. Among these is Server Push, which enables a server to send responses to a client without having received the corresponding requests. The range of possibilities offered by Server Push is a new domain wide open for experimentation. A first usage was foreseen early in the addition of this feature into HTTP/2, which is to replace the inlining of sub-resources inside a main resource, by pushing these sub-resources in response to the request for the main resource. As described in [HighPerformance], with HTTP/1.1, a web designer may want to optimize the page load time by packing a whole web page into a single HTTP response. This can be achieved by inlining the CSS, JavaScript, and images inside the HTML document. By removing the need for the client to send requests for these sub-resources, this Ruellan, et al. Expires December 16, 2016 [Page 2] Internet-Draft Accept-Push-Policy June 2016 inlining technique can reduce the page load time by roughly a RTT. With HTTP/2, the same results can be obtained by pushing the sub- resources instead of inlining them. Using push has the advantage of keeping each sub-resource independent. HTTP/2 provides a few ways of controlling Server Push from the client side. First, the SETTINGS parameter "SETTINGS_ENABLE_PUSH" allows a client to globally enable or disable push on a HTTP/2 connection. In addition, HTTP/2 Flow Control can be used to limit the bandwidth used by pushed resources. These options provide only a coarse control of the usage of Server Push from the client side. In some cases, a more fine-grained control would be useful. This document describes several use cases where controlling Server Push would be useful for the client. It then proposes new header fields for realizing this control. 1.1. Terminology In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in BCP 14, RFC 2119 [RFC2119] and indicate requirement levels for compliant implementations. This document uses the Augmented BNF defined in [RFC5234]. 2. Push Control Use Cases 2.1. Adapting Push Behaviour A browser may want to ask the server to adapt its behaviour for pushing resources depending on the user's actions. For example, after navigating through a site for some time, the browser may have many sub-resources in its cache and may prefer that the server stop's pushing sub-resources to prevent wasting bandwidth. This could be further optimized with the browser asking the server to push only response metadata (i.e., the responses pushed by the server correspond to requests made with the HEAD method instead of requests made with the GET method). By receiving in advance the list of sub- resources corresponding to a specific request, the browser would be able to fetch early on any sub-resource missing from its cache. As another example, when a user opens many pages on the same site, the browser may want to receive pushed sub-resources only for the foreground tab and not for any background tab. This results in a better optimization of the page load time for the tab that is visible to the user. Ruellan, et al. Expires December 16, 2016 [Page 3] Internet-Draft Accept-Push-Policy June 2016 2.2. Load Balancer A second use case is a load balancer serving both HTTP/1.1 and HTTP/2 clients, and using HTTP/2 to connect to the back-end servers, as described in [LoadBalancer]. The load balancer uses the same HTTP/2 connection towards a back-end server to forward the requests received from several clients. When the client is a HTTP/1.1 client, the load balancer doesn't want the back-end server to push any resource in response to the client's request. On the contrary, when the client is a HTTP/2 client, the load balancer would like the back-end server to push sub-resources associated to the client's request. The load balancer would like to be able to enable or disable push on a per-request basis. This would enable it to optimize the server behaviour depending on the client's capacity. 2.3. MPEG-DASH Fast Start Controlling the server behaviour regarding push may also be useful for specific applications. As an example, MPEG-DASH [DASH] is a technology for streaming media content over HTTP. The media content is split into small file-based segments that can be retrieved through HTTP requests. Potentially, the media content is made available with different quality levels. A media presentation description (MPD) describes the organization of the media. To render a media, an MPEG-DASH client needs to first download the MPD, process it, and then request the necessary media segments. When requesting a MPD to play the associated media content, it would be useful for a DASH client to be able to ask the server to push some initial content (for example, the initialization segments, and possibly the first content segments). However, there are also cases when it is not useful for the DASH client to receive in advance this initial content. For example, in a video program guide, the DASH client may want to download several MPDs corresponding to different media content, but doesn't want to receive the initial content for all of these. Therefore, it is useful for the DASH client to be able to specify in a request for a MPD whether it wants the server to push some initial content. In addition, when the DASH client asks the server to push some initial content, it could be useful for it to have some feedback from the server. This feedback would indicate whether the server is intending to push this initial content. The client could adapt its behaviour depending on this indication. For example, the client Ruellan, et al. Expires December 16, 2016 [Page 4] Internet-Draft Accept-Push-Policy June 2016 could start rendering the media sooner if it knows that the server is pushing the initial content. 2.4. Fast Page Load The previous use case can be expanded to the more generic use case of downloading quickly a web page. As described in [Breaking1000msBarrier], it is important for the user perception to keep the perceived latency of loading a web page under 1000 ms. This can be difficult when using a mobile connection with a high latency. Part of the solution proposed in [Breaking1000msBarrier] for HTTP/1.1 is to inline all the sub-resources necessary for achieving a first rendering of the web page. With HTTP/2, the inlining of these sub- resources can be replaced by having the server push them. Therefore, a client detecting that it is using a high-latency network could improve the user perceived latency by asking the server to push all the sub-resources necessary for a first display of a web page. 2.5. WebPush Receipt Handling WebPush [I-D.ietf-webpush-protocol] is a protocol for delivering messages from an application server to a client through a push server. WebPush is using Server Push for delivering messages from the push server to the client and receipts from the push server to the application server. An application server may want to control the rate of incoming receipts to avoid being overwhelmed by a sudden burst of receipts. However, as a receipt consists only in HTTP Headers (the receipt is a 204, "No Content", response), HTTP/2 provides no mean for controlling the rate of such pushed resources. Providing a possibility for a client to control the rate of pushed resources sent in reference to a request would enable the client to protect itself from being overwhelmed by a too large burst of pushed resources. 2.6. Use Cases Requirements The analysis of these use cases enables to build a list of requirements for defining a fine-grained control over the usage of push by a server. o The client can ask the server not to push any resource in response to a request. o The client can ask the server to only push response metadata. Ruellan, et al. Expires December 16, 2016 [Page 5] Internet-Draft Accept-Push-Policy June 2016 o The client can ask the server to limit its usage of push. o The client can ask the server to use an application-defined behaviour regarding push. o The server can indicate to the client its behaviour regarding push when processing a request. 3. Push Policy A _push policy_ defines the behaviour of a HTTP server regarding push when processing a request. Different push policies can be used when processing different requests. This section defines new HTTP header fields enabling a client and a server to negotiate the push policy used by the server to process a given request. The new "Accept-Push-Policy" header field enables a client to express its expectations regarding the server's push policy for processing a request. The "Push-Policy" header field enables a server to indicate which push policy it selected for processing a request. 3.1. The Accept-Push-Policy Header Field A client can express the desired push policy for a request by sending an "Accept-Push-Policy" header field in the request. Accept-Push-Policy = token ; a push policy name The header field value contains the push policy that the client expects the server to use when processing the request. Possibly, the "Accept-Push-Policy" header field could be extended to support carrying multiple policies, as a comma-separated list of tokens. The server could choose its preferred policy among those proposed by the client. 3.2. Push-Policy Header Field A server can indicate to a client the push policy it used when processing a request by sending a "Push-Policy" header field in the corresponding response. Push-Policy = token ; a push policy name Ruellan, et al. Expires December 16, 2016 [Page 6] Internet-Draft Accept-Push-Policy June 2016 The server MUST follow the indicated push policy when processing the client request associated to the response. The "Push-Policy" header field can be used as an acknowledgement from the server after receiving a request containing the "Accept-Push- Policy" header field. If the "Accept-Push-Policy" header field can contain a list of push policy names, the "Push-Policy" header field can be used to express which push policy was selected by the server. The server can also choose a push policy not corresponding to the client's expectation as expressed in the "Accept-Push-Policy" header, and specify the selected push policy in the "Push-Policy" header field. 3.3. Push Policy Values This section defines some generic push policies. Other push policies can be standardized for either a generic usage, or for an application-specific usage. In addition, private push policies can be used by a web application. TBD: select the form of private push policies (URN, "X-" values...). 3.3.1. None Push Policy The "None" push policy value indicates that no resource is pushed when processing a request. None-Push-Policy = "none" ; 'None' push policy token For example, a browser sending a request for a background tab could ask the server not to push any resources in response to this request by sending an "Accept-Push-Policy" header with the "None" value. This would result in the following HTTP/2 header block: :method = GET :scheme = https :path = /index.html host = example.org accept = text/html accept-push-policy = none Ruellan, et al. Expires December 16, 2016 [Page 7] Internet-Draft Accept-Push-Policy June 2016 3.3.2. Head Push Policy The "Head" push policy value indicates that only response metadata are pushed (the server is pushing responses corresponding to requests made with the HEAD method). Head-Push-Policy = "head" ; 'Head' push policy token For example, a browser may already have many resources from a web site in its cache. It could ask the server to push only response metadata. This would allow the browser to know early on the resources useful for rendering a web page (i.e., before receiving and parsing the HTML document), without taking the risk of wasting bandwidth with resources already in its cache. In this example, the browser's request would contain the following HTTP/2 header block: :method = GET :scheme = https :path = /index.html host = example.org accept = text/html accept-push-policy = head 3.3.3. Default Push Policy The "Default" push policy value indicates that the server is using its default behaviour for pushing resources when processing a request. Default-Push-Policy = "default" ; 'Default' push policy token For example, a server not fulfilling a client's expectation regarding the push policy could indicate this with the "Default" push policy. It would send the following HTTP/2 header block in its response: :status 200 push-policy = default 3.3.4. Fast-Load Push Policy The "Fast-Load" push policy value indicates that the sub-resources necessary for a first rendering of a main resource are pushed alongside the response containing this main resource. Fast-Load-Push-Policy = "fast-load" ; 'Fast-Load' push policy token Ruellan, et al. Expires December 16, 2016 [Page 8] Internet-Draft Accept-Push-Policy June 2016 A server using the "Fast-Load" push policy while processing a request can push sub-resources not necessary for a first rendering, but SHOULD prioritize sub-resources necessary for this first rendering. For example, a client detecting that it is using a high-latency network can try to improve the user perceived latency by asking the server to push the sub-resources necessary for a first rendering of a main page by including an "Accept-Push-Policy" header with the "Fast- Load" value. This would result in the following HTTP/2 header block: :method = GET :scheme = https :path = /index.html host = example.org accept = text/html accept-push-policy = fast-load 3.3.5. Push-Limit Push Policy The "Push-Limit" push policy value indicates that the specified number is the maximum number of resources pushed when processing a request. Push-Limit-Push-Policy = "push-limit=" 1*DIGIT ; 'Push-Limit' ; push policy ; token and value For example, a client wanting to limit a server to pushing a maximum of 100 resources in relation to a request can indicate it in the request by including an "Accept-Push-Policy" header field with the "Push-Limit" value. This would result in the following HTTP/2 header block: :method = GET :scheme = https :path = /index.html host = example.org accept = text/html accept-push-policy = push-limit=100 4. IANA Considerations TBD Ruellan, et al. Expires December 16, 2016 [Page 9] Internet-Draft Accept-Push-Policy June 2016 5. Security Considerations TBD 6. References 6.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ RFC2119, March 1997, . [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, DOI 10.17487/ RFC5234, January 2008, . [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext Transfer Protocol Version 2 (HTTP/2)", RFC 7540, DOI 10.17487/RFC7540, May 2015, . 6.2. Informative References [Breaking1000msBarrier] Grigorik, I., "Breaking the 1000 ms mobile barrier", November 2013. [DASH] "Dynamic adaptive streaming over HTTP (DASH)", ISO/IEC: 23009-1:2014 , 2014. [HighPerformance] Grigorik, I., "High Performance Browser Networking", September 2013. [I-D.ietf-webpush-protocol] Thomson, M., Damaggio, E., and B. Raymor, "Generic Event Delivery Using HTTP Push", draft-ietf-webpush-protocol-05 (work in progress), May 2016. [LoadBalancer] Douglas, S., "PUSH_PROMISE and load balancers", September 2014, . Ruellan, et al. Expires December 16, 2016 [Page 10] Internet-Draft Accept-Push-Policy June 2016 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing", RFC 7230, DOI 10.17487/RFC7230, June 2014, . [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content", RFC 7231, DOI 10.17487/RFC7231, June 2014, . Authors' Addresses Herve Ruellan Canon CRF Email: herve.ruellan@crf.canon.fr Youenn Fablet Canon CRF Email: youenn.fablet@crf.canon.fr Romain Bellessort Canon CRF Email: romain.bellessort@crf.canon.fr Franck Denoual Canon CRF Email: franck.denoual@crf.canon.fr Frederic Maze Canon CRF Email: frederic.maze@crf.canon.fr Ruellan, et al. Expires December 16, 2016 [Page 11]