Track description
forDevelopers’ track

A lot of great publications are accompanied by great implementations that sometimes risk going almost unnoticed in favor of the more glamorous research results they helped produce. Likewise—the Web being a moving and ever-developing target—a lot of sometimes tedious and oftentimes less obvious work happens on standardization of future Web APIs and programming languages.

The Developers’ Track aims to put this implementation and standardization work front and center. It will highlight research submissions that describe technically challenging Web applications of all sorts, including (but by no means limited to) bleeding edge technologies like WebAssembly, Service Workers, or WebVR; multimedia-related topics like WebRTC, Web MIDI, Web Bluetooth, WebUSB, or Encrypted Media Extensions; and advanced Web features like Payment Request, Credential Management, or Web Share.

Apart from classic papers (that we do understand are a fixed requirement for some people in order be allowed to the conference), the Developers’ Track is not limited to formats that can be printed, but authors are encouraged to be creative in finding the most effective way to communicate their work, and we will discuss dynamic or interactive contributions.

List of accepted papers :

• Surfing the API Web: Web Concepts
  Authors: Erik Wilde

  Keywords: Web Architecture, Standards, API, Design

  Abstract:
  The Web is based on numerous standards that together make up the surface of the Web: By knowing and supporting those standards, problems can be solved in well-known ways. This general design pattern on the Web applies to APIs in the very same way as it does to the human Web: By using an (evolving) set of standards, API developers benefit by not having to reinvent the wheel, and developers benefit by the same problem being solved in the same way across a variety of APIs. The evolving set of standards for Web APIs can be regarded as a set of building blocks or vocabularies for API design. Web Concepts is a site and a repository that can be used to manage how within organizations these building blocks are used, thus helping to establish a Web API design culture. The main idea of Web Concepts is to promote reuse of existing standards and technologies, and to therefore make it easier for teams to understand which options are available generally speaking, and maybe which ones are popular choices within their organization.

• Exploiting Web API Documentations for Generating User Interfaces
  Authors: István Koren and Ralf Klamma

  Keywords: Web Components, OpenAPI, Web Services, Internet of Things

  Abstract:
  New Web services and Internet of Things enabled device types are introduced on a daily basis. Open documentation specifications describe their functionalities in terms of possible API calls. Based on these specifications, Web-based try-out-style solutions exist that allow developers to quickly get an understanding what the services and devices do and how they work. However, the generated user interfaces are far from real-world practices of end users. We present an approach to overcome this gap, by using a model-driven methodology resulting in state-of-the-art responsive Web user interfaces. Our implementation is based on recent standards like Web Components. The resulting framework helps bridging communication gaps between end users and developers, leading to a more goal-oriented and diverse world of Web applications.

• Linked Specifications, Test Suites, and Implementation Reports
  Authors: Sarven Capadisli

  Keywords: Evaluation and Report Language, Implementation reports, Linked Data, RDF Data Cube, Statistics, Test suite, W3C specifications

  Abstract:
  URL: http://csarven.ca/linked-specifications-reports
  Archived URLs:

  • https://web.archive.org/web/20180116085033/
  • http://csarven.ca/linked-specifications-reports
  • http://archive.is/8lk5y

  This article describes the semantic structure and linking of the W3C Recommendation Linked Data Notifications (LDN), its test suite, and implementation reports. Semantically interlinking and detailed machine-readability of components related to Web standards and their implementations is novel, and can be useful for coherently documenting software projects and their conformance with specifications. Everything presented here is open source and reusable by other specifications (W3C standards or not), test suites, and implementations. As a concrete example of the benefits of this approach, the LDN test suite is itself an LDN implementation for the purpose of automating the collection and aggregation of implementation reports which were used directly towards the formal standardisation process.

• Transforming the JSON Output of SPARQL Queries for Linked Data Client
  Authors: Pasquale Lisena and Raphaël Troncy

  Keywords: SPARQL, JSON, JSON-LD, transformer, JavaScript

  Abstract:
  SPARQL endpoints are one possible access method to linked data. The results of SPARQL queries serialized in JSON are, however, not suitable to be directly used by web developers in end-user applications who often need to merge the values resulting from variable bindings. In this work, we propose a generic approach implemented in a JavaScript module that takes as input a JSON file describing both the SPARQL query and the shape of the expected output at the same time.

• An Empirical Study of the Framework Impact on the Security of JavaScript Web Applications
  Authors: Ksenia Peguero, Nan Zhang and Xiuzhen Cheng

  Keywords: JavaScript security, web frameworks, framework analysis, template engines, cross-site scripting

  Abstract:
  JavaScript frameworks are widely used to create client-side and server-side parts of contemporary web applications. Vulnerabilities like cross-site scripting introduce significant risks in web applications. The goal of our study is to understand how the security features of a framework impact the security of the applications written using that framework. In this paper, we present four locations in an application, relative to the framework being used, where a mitigation can be applied. We perform an empirical study of JavaScript applications that use the three most common template engines: Jade/Pug, EJS, and Angular. Using automated and manual analysis of each group of applications, we identify the number of projects vulnerable to cross-site scripting, and the number of vulnerabilities in each project, based on the framework used. We analyze the results to compare the number of vulnerable projects to the mitigation locations used in each framework and perform statistical analysis of confounding variables. Our findings demonstrated that the location of the mitigation impacts the application’s security posture, with mitigations placed within the framework resulting in more secure applications.

• Components.js: A Semantic Dependency Injection Framework
  Authors: Ruben Taelman and Ruben Verborgh

  Keywords: JavaScript, Dependency Injection, Semantic, Framework, RDF, JSON-LD

  Abstract:
  Components.js is a dependency injection framework for JavaScript applications that allows components to be instantiated and wired together declaratively using semantic configuration files. The advantage of these semantic configuration files is that software components can be uniquely and globally identified using URIs. As an example, this documentation has been made self-instantiatable using Components.js. This makes it possible to view the HTML-version of any page to the console, or serve it via HTTP on a local webserver. http://componentsjs.readthedocs.io/

• Toward an open standard for WebAudio plugins
  Authors: Michel Buffa, Jerôme Lebrun, Stéphane Letz, Jari Kleimola and Oliver Larkin

  Keywords: WebAudio, Plugin architecture, Audio effects and instruments, Web Standards, Audio processing

  Abstract:
  WebAudio is a recent W3C API that brings the world of computer music applications into the browser. While hundreds of developers have been very active since its first beta implementations in 2012, the number of tools, plugins, libraries, applications, developed in pure WebAudio/JavaScript code cannot yet be compared to the thousands of products (commercial and open source) developed for native platforms. While JavaScript and Web standards are increasingly flexible and powerful, C/C++ has been the language of choice for real-time audio applications and domain specific languages such as FAUST facilitate rapid development with high performance. Our work aims to create a continuum between native and browser based audio app development, as well as being attractive for JS developers. This paper presents guidelines, a proposal and a proof of concept by implementations for an open WebAudio plugin standard, essentially the infrastructure to support high level audio plugins for the Web browser.

• The Liquid User Experience API
  Authors: Andrea Gallidabino and Cesare Pautasso

  Keywords: Liquid Software, Web Components, API

  Abstract:
  Web applications are traditionally designed having in mind a server-centric architecture, whereby the whole persistent data, dynamic state and logic of the application are stored and executed on the Web server. The endpoint client device running the Web browser traditionally only renders pre-computed views fetched from the server. As more data, state and computations are shifted to the client, it becomes more challenging to run Web applications across multiple devices while ensuring they can synchronize their state and react in real-time to changes of the set of available devices. In this paper we present the API of the Liquid.JS framework, which allows developers to deploy their component-based rich Web applications across multiple Web-enabled devices. The framework is based on state of the art technologies such as Polymer, WebRTC DataChannel, WebWorkers, PouchDB and Yjs. Liquid.JS helps to build decentralized Web applications whose components can seamlessly flow directly between Web browsers carrying along their execution state. The Liquid.JS API deals with device discovery, the lifecycle of liquid components and the fine-grained control of the liquid user experience primitives.

• Showing Promise: Prototyping a Server Push API With Service Worker and QUIC
  Authors: Lucas Pardue

  Keywords: HTTP, Server Push, Service Worker, WebAssembly, QUIC, MPEG-DASH, IP Multicast

  Abstract:
  The Hypertext Transfer Protocol Version 2 (HTTP/2), published in 2015, introduced Server Push – an interaction mode that supports the unsolicited delivery of resources from server to client. A Push Promise message (a simulated HTTP Request) is first sent by the server followed by an HTTP Response. Server Push has seen uptake in HTTP User Agent implementations. However, it is in essence hidden from the Web Application layer. Widely used web browsers store pushed resources in a so-called Push Cache, where they exist in effective purgatory, until explicitly requested by a Web Application e.g. loading a tag or exercising the JavaScript Fetch API. This approach negates some user-perceived latency optimisations offered by Server Push. In this paper, we posit that exposing Server Push events, via a standardised web API, provides an opportunity to apply Web Application business logic that could restore Server Push advantages in several cases. We propose such an API and present a JavaScript library implementation that is used to exercise it. Our prototype combines Service Worker and Server Push to provide generic handling of long-lived unidirectional HTTP bulk data flows. These are transported using an experimental IP multicast profile of HTTP over QUIC. We present a native Web Application that utilises the Web Platform where possible, and identify current capability gaps. The reception of IP multicast in a browser is difficult and the paper describes a workaround that deserialises QUIC packets using a WebAssembly component wrapped within a JavaScript library.

• What is in a Web View? An Analysis of Progressive Web App Features When the Means of Web Access is not a Web Browser
  Authors: Thomas Steiner

  Keywords: Progressive Web Apps, Service Workers, Web Views

  Abstract:
  Progressive Web Apps (PWA) are a new class of Web applications, enabled for the most part by the Service Workers APIs. Service Workers allow apps to work offline by intercepting network requests to deliver programmatic or cached responses, Service Workers can receive push notifications and synchronize data in the background even when the app is not running, and—together with Web App Manifests—allow users to install PWAs to their devices’ home screens. Service Workers being a Web standard, support has landed in several stand-alone Web browsers—among them (but not limited to) Chrome and its open-source foundation Chromium, Firefox, Edge, Opera, UC Browser, Samsung Internet, as well as preview versions of Safari. In this paper, we examine the PWA feature support situation in Web Views, that is, in-app Web experiences that are explicitly not stand-alone browsers. Such in-app browsers can commonly be encountered in chat applications like WeChat or WhatsApp, online social networks like Facebook or Twitter, but also email clients like Gmail, or simply anywhere where Web content is displayed inside native apps. We have developed an open-source application called PWA Feature Detector that allows for easily testing in-app browsers (and naturally stand-alone browsers as well), and have evaluated the level of support for PWA features on different devices and Web Views. On the one hand, our results show that there are big differences between the various Web View technologies and the browser engines they are based upon, but on the other hand, that the results are independent from the devices’ operating systems, which is good news given the problematic update policy of many device manufacturers. These findings help developers make educated choices when it comes to determining whether a PWA is the right approach given their target users’ means of Web access.