The Web’s Next Adventure(s)Mark Nottingham

1

2

What is the Web?

• Formats ⇒ HTML+CSS

• Protocols ⇒ HTTP(S)

• Identifiers ⇒ URL

• Mobile Code ⇒ JavaScript

3

Web as Information SpaceThe Web was designed to be a universal space of information, so when you

make a bookmark or a hypertext link, you should be able to make that link to

absolutely any piece of information that can be accessed using networks.

The universality is essential to the Web: it looses its power if there are certain

types of things to which you can’t link.

Tim Berners-Lee, Realising the Full Potential of the Web (1998)

”4

Well the kettle is back online and responding to voice control,but now we're eating dinner in dark while lights download afirmware update5:10 AM - 12 Oct 2016 · Hove, England, United Kingdom

979 1,591

Mark Rittman @markrittman

Follow

5

The Web as a PlatformComputing platform means in general sense, where any piece of software is

executed. It may be the hardware or OS, even a web browser as long as the

code is executed in it.

Wikipedia

Most successful software platforms have exploited network effects between

applications and users: more applications attract more users, and more users

attract more applications.

Invisible Engines

””

6

7

Platform Openness

8

9

User Agent

10

What Makes the Web Special• Open specification

• No single gatekeeper

• Multiple implementations

• Anyone can create / consume

• Balance of interests, incentives

11

POSIX

12

Happy 25th birthday, #Linux! Here's your f-ing #cake, go aheadand compile it yourself.8:28 PM - 25 Aug 2016 · Bucharest, Romania, Romania

23,328 31,206

Bogdan Botezatu @bbotezatu

Follow

13

Building Platforms on the Web

R

14

AMP is coming to eat our mobile page views.

Helen Havlak, the Verge”

15

More Web.

16

17

A Bigger Web

18

Progressive Web Applications• "Web Apps" have been a goal, but parity with native has proven difficult

• PWAs use the Web's best features to deliver app-like experiences:

• Responsive for many devices

• Offline using Service Workers

• Discoverable and Installable

• Linkable using URLs

No stores. Seamless transitions from Web to App.

19

Peer-to-Peer WebWebRTC expands the scope of a browser to real-time peer-to-peer:

• Video,

• Audio, and

• Data

demo

20

Web Payments• Advertising is the major model for Web revenue

• Payments ecosystem has made other platforms wildly successful

• Web Payments might give us another option

• Payment flows, browser APIs and messages

21

22

A Secure Web

A Secure Web• The Web isn't just for research any more

• World Economic Forum: “Personal data is a new asset class” (2011)

• A powerful Web: geolocation, camera access, persistent storage...

• “Coffee Shop” attacks (e.g., FireSheep)

• Pervasive Monitoring revealed by Edward Snowden

Goal: Moving the Web from HTTP ⇒ HTTPS

Using Powerful Features now requires HTTPS

23

A Secure Web: Challenges• HTTPS has a performance impact

• Certificates are expensive

• Certificates are hard to set up

• Mixed Content

• Authentication

24

HTTPS Performance• Encryption overhead is small (and ChaCha20 Poly1305 helps )

• Most of the impact is handshake latency

• Session Tickets

• ORT Handshake - TLS 1.3

• TLS record size tuning

https://istlsfastyet.com

25

Certificates

26

Mixed Content• upgrade-insecure-requests

• HSTS Priming

• Opportunistic Security for HTTP

27

Web Authentication• Goal: Replace passwords

• Strong security and easy usability

• Includes registration scenarios

• External and embedded authenticators

• Based on FIDO 2.0

• Draft in progress, but strong engagement

28

29

A Faster Web

A Faster Web• Web pages are bigger: 2.5MB, 130+ requests

• HTTP headers are bigger

• HTTP “head of line blocking” means browsers use multiple connections

• Many connections interferes with TCP congestion control

30

A Faster Web: HTTP/2• Multiplexing

• Multiple Connections ⇒ One Connection

• Header Compression

• Server Push

Supported in > 75% of the browser market

demo

31

A Faster Web: QUIC• Head of Line Blocking in TCP

• Protocol Stack Ossification

• Goals: Video, Bad connections (and replacing TCP)

32

33

Adventure & Risk

How it feels to learn JavaScript in2016

34

35

The web bloat crisis is not in my imagination. This AM: someonesays "lets use this new messaging system! It even has a webinterface..."8:41 PM - 21 Oct 2016

51 152

Alex Russell @slightlylate

Follow

36

37

38

39

The Web'sAdventure is Just

Beginning.