A Publication Server is responsible for serving one or more publications over HTTPS which means at a minimum:
This document identifies multiple levels of conformance for a Publication Server that we can use as reference points.
- Serves everything using static files
- The manifest and its resources must be served over HTTPS
- All HTTPS responses must include CORS headers to allow access from any domain to these resources
Any HTTP server can be properly configured to reach level 0 compliance for a Publication Server.
Publication Servers which implement level 1 support are dynamic apps that usually follow the streamer architecture.
- The manifest and its resources are served using dynamic routes
- They must have an in-memory representation of the publications that they serve
- They must be capable of parsing and streaming resources from packaged publications (EPUB, CBZ, audiobooks) and exposing them over HTTPS if needed
- They should be capable of injecting CSS or JS in resources of a publication
- Ability to obfuscate resources and provide access control over the manifest and its resources
- Search within a publication or across all publications
- Positions List API per publication
- Dictionary/Index API per publication
Storing and Accessing Publications
A Publication Server can store and access publications is many different ways:
- it could serve packaged publications from a directory on its file system
- access exploded publications from an object storage
- download packaged publications from a CDN and keep them in a LRU cache for a limited amount of time
- proxy resouces available through a different API
All implementations are free to select their preferred approach as long as they respect the requirements listed for the different levels of compliance.
A separate document dedicated to HTTP caching is available, with recommendations regarding the use of HTTP headers for both the manifest and its resources.
One of the most challenging part of distributing Web Publications is tied to the security model of the Web. A separate document dedicated to Web Origin is available to tackle this specific issue.