The World Wide Web Consortium has finalized its specification for Web Storage, a technology that would give Web applications more flexibility in storing data on user machines.
Now that Web Storage is an official specification, browser makers and Web application developers can deploy the technology without worrying about changes to the API, or about being liable for potential patent infringement.
The W3C's Web Applications (WebApps) Working Group shepherded the W3C approval of the standard, after it was first developed by the Google engineer Ian Hickson and the Web Hypertext Application Technology Working Group (WHATWG).
Web Storage works a bit like HTTP session cookies, which can store user data on the user's machine for a Web site for extended user sessions, such as those for online purchases.
Web Storage offers a number of advantages over cookies though. It provides programmers with a richer programmatic interface. It makes it easier for a browser to support multiple sessions at the same site simultaneously. It also offers the ability to store megabytes of information on the user's computer, which could be handy for storing a user's email box, or documents that the user authored.
"One of the nice properties of Web Storage is that is a relatively simple specification from a feature and API perspective," wrote Arthur Barstow, co-chair of the WebApps Working Group, in an email interview.
For more complex offline storage needs, Barstow recommended the W3C's Indexed Database API, now in development.
Unlike many Web standards, Web Storage attracted a lot of interest early on from browser makers. It is already supported in Internet Explorer (back to version 8), Firefox, Opera, Chrome, and Safari.
With Web Storage, Each site has its own storage area on the user's machine. Material is stored as key/value pairs, where each key is a string. The data itself must be in the string format as well. Each type of browser sets its own limit of how much data could be stored on the user's computer, ranging from 5MB to 25MB.
Web Storage also provides some functionality to aid in user privacy. It provides a way to delete data after a certain period of time and restricts access to the data to just the websites that created the storage area. Domain name spoofing can be prevented by the use of Transport Layer Security (TLS) protocol.
The work is not yet finished. The group still has to reduce the high overhead of using the storage mutex (mutual exclusion) object, which was designed to avoid race conditions.
The group also has to address a number of outstanding security issues. For instance, different services all sharing a single domain name could snoop on each other's stored data. Service providers could also share user data on a machine without the user's knowledge, which could encourage surreptitious user tracking.
The W3C is a standards organization that publishes open standard protocols and guidelines to ensure the long-term growth of the Web. It is headed by Web inventor Tim Berners-Lee and CEO Jeffrey Jaffe.