LGTM as an IWA OWNER (3x LGTM from Blink API OWNERS are still required according to the IWA-specific API launch process <https://www.chromium.org/blink/launching-features/isolated-web-apps/>).
This API is an excellent example of a case where a small number of applications need a powerful capability even though there are existing web platform alternatives (e.g. Web Transport). Some applications do not have a choice in the endpoints they need to connect to (e.g. legacy or low-level systems) and need an unrestricted network API. Reilly Grant | Software Engineer | reil...@chromium.org | Google Chrome <https://www.google.com/chrome> On Tue, Aug 13, 2024 at 11:15 AM Andrew Rayskiy <greengr...@google.com> wrote: > + iwa-team@ for visibility. > > On Tuesday, August 13, 2024 at 7:20:25 PM UTC+2 Christian Biesinger wrote: > > On Tue, Aug 13, 2024 at 9:59 AM Chromestatus < > ad...@cr-status.appspotmail.com> wrote: > > Contact emails green...@google.com > > Explainer > https://github.com/WICG/direct-sockets/blob/main/docs/explainer.md > > Specification https://wicg.github.io/direct-sockets > > Summary > > Allows Isolated Web Apps to establish direct transmission control protocol > (TCP) and user datagram protocol (UDP) communications with network devices > and systems as well as listen to and accept incoming connections. > > > Blink component Blink>Network>Direct Sockets > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ENetwork%3EDirect%20Sockets> > > Search tags networking <http:///features#tags:networking>, TCP > <http:///features#tags:TCP>, UDP <http:///features#tags:UDP>, sockets > <http:///features#tags:sockets> > > TAG review https://github.com/w3ctag/design-reviews/issues/548 > > TAG review status Pending > > Risks > > > Interoperability and Compatibility > > Other browsers may choose to implement this API. > > > *Gecko*: Closed Without a Position ( > https://github.com/mozilla/standards-positions/issues/431) > > > This seems to be closed as harmful, not as no position? > > > Indeed -- however, the harmful resolution was issued primarily due to the > lack of adequate safeguards. It's worth pointing out that since then we've > launched > <https://groups.google.com/a/chromium.org/g/blink-dev/c/iMfYonTs414> Isolated > Web Apps with enhanced protections against these concerns. > > > > > > *WebKit*: No signal > > *Web developers*: Positive ( > https://discourse.wicg.io/t/filling-the-remaining-gap-between-websocket-webrtc-and-webtranspor/4366) > Numerous potential use cases have been suggested. > > *Other signals*: > > Security > > Various security risks and mitigations are noted in > https://github.com/WICG/raw-sockets/blob/master/docs/explainer.md#security-considerations > This is a powerful API. Users will have the opportunity to give Isolated > Web Apps access to local hardware, and information systems behind > organization firewalls. Mitigations are designed to ensure this cannot > happen accidentally, and only through enterprise policies or the friction > of installing a native app. > > > WebView application risks > > Does this intent deprecate or change behavior of existing APIs, such that > it has potentially high risk for Android WebView-based applications? > > N/A. Feature not compiled in Android. > > > Debuggability > > The code using this API can be debugged using the standard tools. > Integrating the API with the DevTools Networking tab to enable easier > introspection of the state of these connections as well as the data > transferred could be a beneficial future improvement. > > > Will this feature be supported on all six Blink platforms (Windows, Mac, > Linux, ChromeOS, Android, and Android WebView)? No > > This feature is implemented on desktop platforms, although it will only be > available to the end users on platforms that support Isolated Web Apps, > which is currently only ChromeOS. Android is excluded for historical > reasons, although there are no apparent interoperability blockers here. > > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> > ? Yes > > These tests require a specific --isolated-context-origins flag to be > tested in WPTs, so they're run as a part of a virtual suite and are not > reflected on wpt.fyi. > > > Flag name on chrome://flags #enable-direct-sockets-web-api > > Finch feature name DirectSockets > > Requires code in //chrome? False > > Tracking bug https://bugs.chromium.org/p/chromium/issues/detail?id=909927 > > Launch bug https://launch.corp.google.com/launch/4339602 > > Measurement We have the following histograms for tracking network > failures upon creating sockets (prefixed with DirectSockets.*): - > TCPNetworkFailures - UDPNetworkFailures - TCPServerNetworkFailures Separate > programmatic counters for the .idl methods and attributes (via MeasureAs) > are also included to track the stats for API usage. > > Availability expectation Feature is available only in Isolated Web Apps > on desktop platforms. https://chromestatus.com/feature/5146307550248960 > > Adoption expectation Expected to be used initially by a small number of > developers inside Isolated Web Apps. > > Adoption plan Working directly with developers that are planning to rely > on the API. > > Non-OSS dependencies > > Does the feature depend on any code or APIs outside the Chromium open > source repository and its open-source dependencies to function? > None > > Sample links > https://github.com/GoogleChromeLabs/telnet-client > > Estimated milestones Shipping on desktop 130 > > Anticipated spec changes > > Open questions about a feature may be a source of future web compat or > interop issues. Please list open issues (e.g. links to known github issues > in the project for the feature specification) whose resolution may > introduce web compat/interop risk (e.g., changing to naming or structure of > the API in a non-backward-compatible way). > None > > Link to entry on the Chrome Platform Status > https://chromestatus.com/feature/6398297361088512?gate=6732051726729216 > > This intent message was generated by Chrome Platform Status > <https://chromestatus.com>. > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/000000000000c7b248061f910247%40google.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/000000000000c7b248061f910247%40google.com?utm_medium=email&utm_source=footer> > . > > -- > You received this message because you are subscribed to the Google Groups > "iwa-team" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to iwa-team+unsubscr...@google.com. > To view this discussion on the web visit > https://groups.google.com/a/google.com/d/msgid/iwa-team/0360ba72-2c60-4190-aae4-9d2fad6722fdn%40chromium.org > <https://groups.google.com/a/google.com/d/msgid/iwa-team/0360ba72-2c60-4190-aae4-9d2fad6722fdn%40chromium.org?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/a/google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEmk%3DMZNSq0yw1qCKD4r0%3D0GC%3DgGQkVqwGL1YidaNY7UDj1Wqg%40mail.gmail.com.
