-
Notifications
You must be signed in to change notification settings - Fork 438
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[web] Register application/wasm MIME type #573
Comments
I believe @flagxor actually just started this process. |
Nice! Maybe he can just close this issue once it's done? |
Should we register a mimetype for Wasm text format? |
We don't expect browsers to consume the text format except to display it as-is, no? |
I didn't mean for it to be interpreted by browsers. Maybe it doesn't make sense. Mimetypes aren't just for browsers, but they're also not for entirely arbitrary things with a file extension. I was just thinking about the appropriate way to note the extension in the standards universe. (There was a recent update to the JavaScript mimetype to support .mjs, FWIW.) |
IIUC .mjs changes how you parse the file (because modules don't parse the same as .js), whereas for the WebAssembly text format it seems like |
This is a tangent, but .mjs doesn't change anything for browsers and doesn't have its own mimetype; it's just included in the JS mimetype. |
As an update, .wasm is now a registered extension in mime-db which is the database used by GitHub Pages. Here's a test I just made which shows the change is live. Even better, .wasm files are marked as compressible so they are served with gzip compression. |
This should be handled by W3C-IETF registration process |
@ericprud so is there any progress on this? Otherwise maybe I'll just fill out the IANA application form to register application/wasm -- it seems rather straightforward. Maybe we should also get text/wasm for .wat? |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Any news from ietf-types at iana.org ? It shouldn't take more than one e-mail. 😔 They can't reject a MIME type even Google uses: curl 'https://earth.google.com/static/wasm/9.3.113.2/earthwasm.wasm' -I | grep "wasm" prints
|
I propose sending the following data to IANA: Type Name: application "WebAssembly provides no ambient access to the computing environment in which code is executed. Any interaction with the environment, such as I/O, access to resources, or operating system calls, can only be performed by invoking functions provided by the embedder and imported into a WebAssembly module. An embedder can establish security policies suitable for a respective environment by controlling or limiting which functional capabilities it makes available for import. Such considerations are an embedder’s responsibility and the subject of API definitions for a specific environment. Because WebAssembly is designed to be translated into machine code running directly on the host’s hardware, it is potentially vulnerable to side channel attacks on the hardware level. In environments where this is a concern, an embedder may have to put suitable mitigations into place to isolate WebAssembly computations." Interoperability considerations: WebAssembly has been carefully specified, and several interoperable implementations exist and are widely deployed. Published specification: https://webassembly.github.io/spec/core/index.html Application usage: The application/wasm media type is already in use as the type used to describe WebAssembly files when sent over HTTP to be executed by browsers, which is a common scenario. Additionally, several WebAssembly runtimes that take advantage of the safety and portability while targeting efficient execution and compact representation. Fragment identifier considerations: N/A Restrictions on usage: N/A Deprecated alias names: N/A Intended Usage: Common Contact Person: ??? In a pinch, I'd be okay being the contact person, but that seems suboptimal. Maybe @rossberg as editor? |
Last call: if there's no further feedback, I'm going to submit this to IANA with myself as contact person in ~48 hours. |
It might be worth bringing this up at a CG video meeting, since I'm sure not everyone is paying close attention to this thread. @ericprud suggested above that there might be some special W3C process, and I would want to make sure we are following that as well. |
Thanks for the feedback! I found that CG means Community Group, but the page at https://www.w3.org/community/webassembly/ has one post from 2015 and doesn't seem to mention any video meetings that I can see, so I'm not sure how I'd participate in that. I pinged ericprud already a month ago and have seen no response. |
I'm not sure how often Eric checks his github mentions, I'll ping him directly. |
I've submitted a PR for the next meeting's agenda. Unfortunately I won't be able to attend, but hopefully who does can lead the discussion. It honestly seems fairly straightforward and non-controversial to me. |
W3C specs typically include a media type registration which is mirrored at iana.org. For example, Turtle has a registration in the spec and at iana. The Web API spec includes a media type. Diffing the two (normalizing to https://www.iana.org/form/media-types), I see five diffs: Optional Parameters: None
Encoding Considerations: binary, no additional notes
Security Considerations:
-"WebAssembly provides no ambient access to the computing environment in which code is executed. Any interaction with the environment, such as I/O, access to resources, or operating system calls, can only be performed by invoking functions provided by the embedder and imported into a WebAssembly module. An embedder can establish security policies suitable for a respective environment by controlling or limiting which functional capabilities it makes available for import. Such considerations are an embedder’s responsibility and the subject of API definitions for a specific environment.
-
-Because WebAssembly is designed to be translated into machine code running directly on the host’s hardware, it is potentially vulnerable to side channel attacks on the hardware level. In environments where this is a concern, an embedder may have to put suitable mitigations into place to isolate WebAssembly computations."
+See see WebAssembly Core Security Considerations
+https://www.w3.org/TR/wasm-core/#security-considerations%E2%91%A0
Interoperability Considerations:
-WebAssembly has been carefully specified, and several interoperable implementations exist and are widely deployed.
+See see WebAssembly Core Conformance
+https://www.w3.org/TR/wasm-core/#conformance
Published specification:
-https://webassembly.github.io/spec/core/index.html
+https://www.w3.org/TR/wasm-core-1/ https://www.w3.org/TR/wasm-js-api-1/ https://www.w3.org/TR/wasm-web-api-1/
Application Usage:
- The application/wasm media type is already in use as the type used to describe WebAssembly files when sent over HTTP to be executed by browsers, which is a common scenario. Additionally, several WebAssembly runtimes that take advantage of the safety and portability while targeting efficient execution and compact representation.
+ Web browsers and runtime systems
Fragment Identifier Considerations: N/A
Restrictions on usage: N/A
Deprecated alias names: N/A
-Magic number(s): \0asm
+Magic number(s): 0x00 0x61 0x73 0x6D
File extension(s): wasm
Macintosh File Type Code(s): N/A For Security Considerations and Interoperability Considerations, I propose to go with the dereference to core's security considerations and conformance. For Published Specification, I propose the W3C latest spec links for the three specs. For Application Usage, @djc's text is more descriptive. For Magic Number, my instinct is that the hex is harder to misinterpret. Huh, Published specification has inconsistent capitalization in https://www.iana.org/form/media-types. I created a PR to this end. I will update to reflect consensus here and in the CG meeting. |
@ericprud thanks for pushing this forward. So is there anything left to do to push this into the IANA registry? |
If folks agree on the CG call, I'll send this to the ietf-types list, wait a couple weeks, submit the form. I can also raise it in an IETF-liason call if it stalls somewhere. |
We can bring this up at the CG meeting, but looking at the PR, it seems like there isn't much to discuss there. Is there something in particular you'd like to get feedback on? If not, I'd say we should merge the PR and push forward with the rest of the process, since the document has already landed in the spec repo and hasn't changed much. |
BTW, should we also submit a registration for WAT? |
@djc There was a brief discussion about that at the top of the thread. I don't think we need to, since it's not consumed or produced except by offline tools, generally. But I don't think it would hurt to do it. |
One important usage of media types is to allow tools to interoperably identify file types from extensions -- in other words, I don't think media types are only useful when exchanging files across the network. It seems like this would be useful for .wat files, too, so yeah, I think it would be useful to have that. |
@ericprud any progress on getting this done? |
@plehegar, would you be able to help move this forward? |
I get weekly email from a kind person in charge of shepherding requests saying that it's still pending review by the IESG. I've offered to help or discuss it with them but I'm basically waiting for them to get around to it. It's probable that @plehegar or @ylafon can bump up our priority, though that basically means we're cutting in line. I don't know if there's any expectation that this process will improve so I wonder if it's time for a meta-discussion with the IESG. |
Ah, I didn't know it was stuck in the IESG review queue. Thanks for the update! For how long has it been waiting there? |
couple months, at least. just got another please-don't-be-mad-at-me email:
In the olde days, reaching apparent consensus on ietf-types basically meant you were done. I wonder if a lack of participation has forced the process to evolve. |
BTW, Brad Nelson applied for a provisional registration a long time ago I guessing that if the formal registration happens tomorrow or next year, it won't change anyone's deployment. Agree/disagree? |
This adds the application/wasm mime type, which is used to represent compiled Web Assembly files, and registers it with the associated file extension, .wasm. While this isn't a registered standard, it's a widely recognized mimetype, and is the one officially set out by the WASM committee and current JavaScript standards. It's concretely useful to use this mimetype, as it enables use of the "WebAssembly.instantiateStreaming" browser API. References: https://webassembly.github.io/spec/core/binary/conventions.html - the webassembly document recommending application/wasm WebAssembly/spec#573 - progress on getting this registered as an official mimetype https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/WebAssembly/instantiateStreaming#Instantiating_streaming - JS API which requires the application/wasm mimetype to function
This adds the application/wasm mime type, which is used to represent compiled Web Assembly files, and registers it with the associated file extension, .wasm. While this isn't a registered standard, it's a widely recognized mimetype, and is the one officially set out by the WASM committee and current JavaScript standards. It's concretely useful to use this mimetype, as it enables use of the "WebAssembly.instantiateStreaming" browser API. References: https://webassembly.github.io/spec/core/binary/conventions.html - the webassembly document recommending application/wasm WebAssembly/spec#573 - progress on getting this registered as an official mimetype https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/WebAssembly/instantiateStreaming#Instantiating_streaming - JS API which requires the application/wasm mimetype to function
We got feedback on the registration with some proposed changes. Proposal: accept all reviewer's proposals and proceed. Here are the changes in question by section: Security Considerations:orig text of registration request:
reviewer's comments
reviewer's propsal
Applications which use this media:orig text of registration request:
reviewer's comments
reviewer's propsal
Meta: if asked, I'll split this out into two separate issues. [edited to fix type: s/bu/by/] |
"used bu" → "used by". Do you want to make a PR or should I? |
I'm happy for you to do it if you don't mind (saves me fixing bikeshed on my machine). Were you planning on a PR to add the Media Type registration to WebAPI? IANA has no requirement that the registration be safely ensconced in a specification so the PR can happen asynchronously. |
done -- application/wasm registered 2021-04-20 |
Thanks for dealing with this, @ericprud! |
We should follow the procedure to register 'application/wasm' as an official MIME type.
(Incidentally, lack of official registration blocks
WebAssembly.compileStreaming
from consuming.wasm
files served by GH Pages.)The text was updated successfully, but these errors were encountered: