Well, Mozilla is indeed focusing more on WebPush rather than Simplepush.
There are only a few products that use SimplePush at the moment, and
frankly, the feature set for WebPush makes it far more interesting.
If I may, I'd suggest focusing on areas we've seen folks struggle with,
1) Data encryption -
Not terribly surprising, but folks have problems getting ECDH
encryption and header
publication right. I can only presume that folks that have problems
with this lead rich,
full lives surrounded by friends and loved ones and for some
inexplicable reason, don't
enjoy delving into frustrating bouts of brain melting math.
Giving these poor souls a way to easily bundle up data that
endpoints can decrypt so they
can continue their care-free lives of joy might be useful.
2) Subscriber management -
Somewhat in hand with the previous point, dealing with subscribers
using WebPush is
a fair bit more complicated than it would first seem. Subscribers
can have multiple endpoints
that may shift, or simply disappear in a puff of 410 smoke. Plus,
there's the encryption keys
that need to persist and be safe-guarded from compromise, and all
the fun that goes with
3) VAPID -
Mozilla currently uses VAPID to allow subscription providers a way
to voluntarily provide
info about themselves. The process involves a bit more
brain-tweaking ECDH crypto, and there
are some considerations that might escape the casual user (Keep your
VAPID key separate from
your publication keys; Keep your private VAPID key private;
Resubscribe your customers on key
VAPID is strongly favored for how subscriptions updates would be
authorized for other service
So, yeah, full plate. More than enough to scrape SimplePush off to make
room, and the nice bonus is that the new stuff isn't just for one
provider, and will make your library that much more attractive.
I've got a few resources to help folks get going on this:
- The WebPush
Data Test Page, which is a stand alone page that encrypts a data block
and shows you as much as possible for key auditing. I recommend opening
the Browser Console, since I'm a bit verbose. That page includes VAPID
header support, but if you just wanted to see that bit:
- VAPID test page, which
again is stand alone and can encode and decode VAPID header claims. The
other languages (hint, hint). https://github.com/mozilla-services/vapid/
I'm also working on a document that (hopefully) lays out the various
steps and considerations for App Servers / subscription providers.
Does that make sense to y'all?
On 5/24/2016 11:45 PM, Matthias Wessendorf wrote:
I wonder if we should call it a day on our SimplePush efforts?
We had a 0.12.1 release in November 2014:
and the latest commit to the source code was in February 2015:
We do have some open JIRAs for a potential 0.13 release, as well as
some future tickets:
Now, that there is a follow up standard on this, WebPush, and we have
a more active community around that, and a Google Summer of Code
student, I do see this being much more interesting than SimplePush,
I think our friends at Mozilla are also seeing much more value in
focusing on WebPush. I guess it's a bit different there as they have
SimplePush in production.
Now... what we could do it, get a last release out and instead
'0.13'call it 1.0.0, and put a note to the Github repository that this
is the last release and we stop maintaining this stuff.
Or do some really feel they want to actively continue the SimplePush
I think it was a good research project and I am happy we got some
momentum around it, but I believe the future is WebPush instead of
Feedback is more than welcome!