On Tue, Sep 17, 2013 at 8:39 AM, Sebastien Blanc <scm.blanc@gmail.com> wrote:

On Tue, Sep 17, 2013 at 7:48 AM, Daniel Bevenius <daniel.bevenius@gmail.com> wrote:

We have been discussing the possibility of adding batch notifications support to our SimplePush and UnifiedPush Server. The use case for this would be when doing a selective send using a category, or a broadcast, and instead of sending a number of individual HTTP PUT notifications, a single HTTP PUT notification could be sent.

That's a good idea. When I first start playing with SPS I thought sending PUTs was working this way so for me it's a quite natural "enhancement"

I think the reason why the SimplePush spec keeps them 'separate' or 'individual' is because for most use cases, these are really individual notifications.

Think 'mail': I'd implement a separate version "state" for every user, to be submitted over each of the individual channels.

For things like 'chat' it would make a bit more sense to have the same "version" sent to different channels, but that's not the intention of SimplePush. Pure WebSocket (for instance) would be a better option there.

However :-) I am not against batching, as it might be handy for some other uses cases, when 'broadcasting' the same update to a group of users;

When sending a notification an endpoint that looks something like this is used:
https://localhost:7777/update/7linbl5LD9XwCMDfwMeM4vLV8yIwY8Kem32lG2igDngQBqkVPG9u179gpu_y7sxWXvPXpN3-CmLwRpXbJtWAig

The suggestion for sending batch notifications might work by sending a HTTP PUT but only using:
https://localhost:7777/update

In this case the body of the PUT request must be a valid json in the following format:

{
"version":"1",
"pushEndpoints":["R32EU3Ct3PuHpEJZbeFQH0JWt_ERUtC4fxox44isNINyWDwatnJ1l1thxQyI1M4-IGvwX3AexkaDiMKpeh3P327MeOm809f9LcCdLw562nOcxxMLmMrhNI4ey4TlQ1mi",

"J_hIZkdLfKZpiwgpQ68QsPPlljnDGBbmPwAwGoe_6mE7ZBaKmebqf1mCDy_c9zII8CyaFC5t9BsGeUSU0nylToQgBKYdV4DFj3zdcpCMnxIHsSpX8Zx9DAjWCv7nfAJz"]
}
The version is pretty much the same as when sending a normal notification except that it is in json format instead of simply 'version=1'.

The pushEndpoints is an array of channel endpoints. The format of these could be different for different SimplePush Server implementations so they are simple strings and the server implementation will know how to interpret them.

Since batch notifications are outside of the SimplePush specification this would only work with our implementation and that will complicate things for the clients, like the UnifiedPush Server for example. It would have to distinguish between our SImplePush implementation and others.

Is that something in which we could contribute back to Mozilla or at least discuss with us if this could be added to the specs ?

Yeah, I agree it would be interesting to hear what the Mozilla guys think about 'batch support'. Regarding 'contributing back', not sure if our Java code would be helpful for their (Go?) Server. Getting a discussion on their IRC channel is for sure the best option for 'contribution'

-M

Another issue that came up while discussing this is the question if this opens up for denial of service attacks where an attacker could send one batch notification with a long list of pushEndpoints to try to keep the server busy. At the moment, for an attacker to do the same thing he/she would have to send individual request which would be easier to notice and defend against as there would be a high volume of HTTP traffic.

Should be nice if we had a security expert in the team ... oh wait ... ;)

Thoughts?

_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev

_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev

--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf