Confirm
717
edits
Changes
Created page with "= Mozilla App Project Security = == About this Page == This page is meant as a general living resources for security information related to the Mozilla App Store project. Indiv..."
= Mozilla App Project Security =
== About this Page ==
This page is meant as a general living resources for security information related to the Mozilla App Store project. Individual formal design and implementation reviews should be stored in separate sub-page.
== Introduction to Mozilla App Project ==
The high level goals of the project can be grouped around:
=== Platform ===
* provide an open web app playground for easily building portable apps
* extend web technologies into new terrain
* Firefox, JS and IOS/android pieces (maybe chrome os, windows, mac os, etc)
=== Acquisition and Monetization ===
* how to improve the web app discovery/acquisition, monetization, etc. strategy (whether we run the store or not is TBD)
=== Delivering apps/services via the platform ===
* services around contacts, identity, wallet, etc. Note that monetization implies payment implies identity anyway, at minimum.
== Platform Detail ==
* An appid is basically a URL for a manifest
* currently contemplating a rule of one app per domain to avoid intra-site security quagmire (vs fighting same-origin)
* therefore an app is really a domain
* the UA keeps a list of apps (URLs)
* apps not required to be hosted on HTTPS (otherwise possible conflict with one-app-per-origin rule?)
* installed app discovery should be easy & seamless (user-agent UI/dashboard, awesome bar integration, etc.)
* domain related app management functionality: query if app is installed, version/update check, list apps installed (from that store), list + delete + launch dashboard (ours, potentially 3rd party ones)
* capabilities was there for a while, but its been pulled for now due to lack of consensus
* permission UI during install vs. at run time is under discussion
* sync integration to help propagate apps to end user devices, maybe with metadata to enumerate supported platforms
* playing with concept apps: web service advertisement and subscription to currently installed apps (i.e. this site provides a photo feed at /services/photostream, would you like to subscribe to it with your Flickr or iPhoto app?)
== Resources ==
* Technical docs: https://developer.mozilla.org/en/OpenWebApps
* Main site: https://https://apps.mozillalabs.com
== Milestones ==
* 2011/3 First Developer Release: http://mozillalabs.com/blog/2011/03/first-developer-release-of-web-apps-project/
* As of 4/1/11: Currently working on PRD, rough draft after all-hands and meet during platform work week. Mike Hanson working on general architectural overview, can have something ready for above meeting.
== About this Page ==
This page is meant as a general living resources for security information related to the Mozilla App Store project. Individual formal design and implementation reviews should be stored in separate sub-page.
== Introduction to Mozilla App Project ==
The high level goals of the project can be grouped around:
=== Platform ===
* provide an open web app playground for easily building portable apps
* extend web technologies into new terrain
* Firefox, JS and IOS/android pieces (maybe chrome os, windows, mac os, etc)
=== Acquisition and Monetization ===
* how to improve the web app discovery/acquisition, monetization, etc. strategy (whether we run the store or not is TBD)
=== Delivering apps/services via the platform ===
* services around contacts, identity, wallet, etc. Note that monetization implies payment implies identity anyway, at minimum.
== Platform Detail ==
* An appid is basically a URL for a manifest
* currently contemplating a rule of one app per domain to avoid intra-site security quagmire (vs fighting same-origin)
* therefore an app is really a domain
* the UA keeps a list of apps (URLs)
* apps not required to be hosted on HTTPS (otherwise possible conflict with one-app-per-origin rule?)
* installed app discovery should be easy & seamless (user-agent UI/dashboard, awesome bar integration, etc.)
* domain related app management functionality: query if app is installed, version/update check, list apps installed (from that store), list + delete + launch dashboard (ours, potentially 3rd party ones)
* capabilities was there for a while, but its been pulled for now due to lack of consensus
* permission UI during install vs. at run time is under discussion
* sync integration to help propagate apps to end user devices, maybe with metadata to enumerate supported platforms
* playing with concept apps: web service advertisement and subscription to currently installed apps (i.e. this site provides a photo feed at /services/photostream, would you like to subscribe to it with your Flickr or iPhoto app?)
== Resources ==
* Technical docs: https://developer.mozilla.org/en/OpenWebApps
* Main site: https://https://apps.mozillalabs.com
== Milestones ==
* 2011/3 First Developer Release: http://mozillalabs.com/blog/2011/03/first-developer-release-of-web-apps-project/
* As of 4/1/11: Currently working on PRD, rough draft after all-hands and meet during platform work week. Mike Hanson working on general architectural overview, can have something ready for above meeting.
