New protocol gives serious speed to Web apps
There are security concerns, but WebSockets can significantly ramp up Web applications
- By Dan Rowinski
- Mar 29, 2011
Who wouldn't want to speed up Web applications? IT administrators would jump at the chance to dramatically reduce data loads and latency times between clients and servers, and users wouldn't complain about faster applications and better performance.
The technology is available. It is just not quite mature.
WebSockets, a protocol within HTML5, functions by keeping a single Transmission Control Protocol port always open for bi-directional data transfers between a client and a server. That would enable faster and easier communication for Web applications than Hypertext Transfer Protocol (HTTP), which closes and reopens the port between client and server every time a communication is made.
“What they're hoping to do with WebSocket is use Port 80 for bi-direction, full-duplex communications between a Web browser and a server,” said Tom Bridge, a partner at Technolutionary, an IT solutions company. “That means that fewer ports will have to be exposed, and you can do a lot more data interaction over Port 80.”
W3C unveils Superman-like logo for HTML 5
Microsoft Rolls Out HTML 5 Test Site
The system is not without its drawbacks, especially coming from an IT perspective. With WebSockets, Web applications function within a browser and provide a universal platform to couch communication with a server. In the HTTP environment, that communication can be very secure, as system administrators can control access to various applications and servers by limiting access to ports in the environment, like a dyke system in an irrigated field.
Because WebSockets keeps the ports always open, there is less control by the systems administrator on what comes and goes, and what type of possibly malicious caches are hidden between the client and the server.
“Many businesses block outbound traffic on non-standard ports, as a security (data loss) management technique, and this would permit a browser to act as intermediary, which means that blocking certain Web applications will no longer be possible at the port level, since WebSockets routes all traffic through the single open Web port,” Bridge said.
Think about it in terms of the irrigated field. An always-open dyke creates flood of water, which could be a good thing for the crops. It also creates more of an opportunity for someone to sit on the edge of the stream and siphon off water (data) or poison it (malicious caches or applications) between the source and the destination.
“You're not going to close Port 80 unless you're ready to cut your employees off from the Web entirely,” Bridge said. “Since WebSockets supports TLS (Transport Layer Security), it's also entirely possible to hide what that stream is doing, which tends to make some of the security guys pretty nervous since you can't see what it's doing or where it's going.”
The major browsers all have the capability to support WebSockets protocols. But Firefox and Opera have disabled WebSockets until the vulnerability can be patched. Google’s Chrome and Apple Safari (and iOS 4.2.1 mobile Safari) support it, and Microsoft’s Internet Explorer provides functionality as an add-on.
The protocol supports proxy servers
WebSockets is well on its way to becoming certified by the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF), which would give the protocols – ws:// for unencrypted and wss:// (WebSocket Secure) for encrypted – credence as tools to be developed upon.
In an article at Technology Review, a magazine produced by the Massachusetts Institute of Technology, Ian Hickson, who's in charge of HTML5 specifications for Google, said that the protocol is very interesting for the company, which is obsessed with the speed of the Web.
“Reducing kilobytes of data to 2 bytes ... and reducing latency from 150 milliseconds to 50 milliseconds is far more than marginal,” Hickson told Technology Review. "In fact, these two factors alone are enough to make WebSockets seriously interesting to Google.
Google is a huge proponent of HTML5 and has a vested interest in making the protocol and all its functions, like WebSockets, a ubiquitous part of using the Internet.
One company using WebSockets is a startup in Mountain View, Calif., called Kaazing, according to Technology Review. The company’s early customers are gambling companies for whom saving milliseconds on communications could be worth significant money. There is a clear use-case as well in financial markets, where speed is important. There are still pitfalls, but WebSockets could be an Internet-changing innovation.
“Since it will work anywhere, WebSockets could be a game-changer,” Bridge said.