https://wiki.mozilla.org/api.php?action=feedcontributions&user=Anant&feedformat=atomMozillaWiki - User contributions [en]2024-03-29T15:45:16ZUser contributionsMediaWiki 1.27.4https://wiki.mozilla.org/index.php?title=Engagement/Developer_Engagement/FirefoxAppDays/ResourcesSV&diff=503092Engagement/Developer Engagement/FirefoxAppDays/ResourcesSV2013-01-21T07:40:40Z<p>Anant: /* Demos */</p>
<hr />
<div>== Firefox OS App Days Silicon Valley - Resources ==<br />
<br />
===Slides===<br />
<br />
* Andreas: <br />
* Potch: <br />
* Maureen<br />
<br />
===Design===<br />
<br />
* Gaia Design Building Blocks - https://wiki.mozilla.org/Gaia/Design/BuildingBlocks<br />
<br />
===Demos===<br />
<p>Add your github links here!<br />
</p><br />
* Babbage84 - Nick Desaulniers - https://github.com/nickdesaulniers/babbage84<br />
* Helicopter - Christian Sonne - https://github.com/cers/helicopter<br />
* xkcd Viewer - The "You & Me" team - https://github.com/treeform/xkcdOpenWebApp<br />
* Contributing a patch to Gaia - Gary Kwong - https://bugzilla.mozilla.org/show_bug.cgi?id=832706 (demo'ing another way to participate in building Firefox OS)<br />
* Firefeed - Firebase - https://github.com/firebase/firefeed</div>Ananthttps://wiki.mozilla.org/index.php?title=MozCampEU2012/TheRecord&diff=472884MozCampEU2012/TheRecord2012-09-23T18:41:26Z<p>Anant: /* Videos */</p>
<hr />
<div>= The Record of MozCamp EU 2012 =<br />
<br />
If you have blog posts, pictures, videos, or comments on on MozCamp EU 2012 in Warsaw, please add them here.<br />
<br />
== Blog Posts ==<br />
<br />
Tag your videos with ''mozcamp'' and ''mozcampeu2012''.<br />
<br />
* Oskar Ivanić: [https://gingerzillian.wordpress.com/2012/09/13/mozillians-at-warsaw-mozcamp/ Mozillians at Warsaw (MozCamp)]<br />
* Ludovic Hirlimann [http://sietch-tabr.tumblr.com/post/31270244886/my-mozcamp-warsaw-2012-recap My m0zcamp warsaw 2012 recap]<br />
* Taras Glek: [https://blog.mozilla.org/tglek/2012/09/18/moacamp-eu-in-warsaw/ MozCamp.EU in Warsaw]<br />
* Lawrence Mandel: [http://lawrencemandel.com/2012/09/21/mozcamp-eu-2012-in-a-word-passion/ MozCamp EU 2012 in a word: Passion]<br />
* Ibrahima Sarr: [http://i-sarr.ibrahima-sarr.com/?p=75#more-75/ MOZCAMP Europe 2012: A weekend to remember!]<br />
* Anant Narayanan: [http://kix.in/2012/09/16/mozcamp-eu-2012-mobilize-mozilla/ MozCampEU 2012: Mobilize Mozilla]<br />
<br />
== Photos ==<br />
<br />
Tag your photos with ''mozcamp'' and ''mozcampeu2012''.<br />
<br />
* [http://www.flickr.com/photos/king-molan/sets/72157631500382506/ Brian King's Flickr Set]<br />
* [http://www.flickr.com/photos/lhirlimann/sets/72157631431599232/ Ludovic Hirlimann's Flickr Set]<br />
* [http://www.flickr.com/photos/flore_frmoz/sets/72157631500309862/ Flore Allemandou's Flickr Set]<br />
* [http://www.flickr.com/photos/83973540@N02/sets/72157631512237089/ Lawrence Mandel's Flickr Set]<br />
* [https://www.dropbox.com/sh/j0pn6oc8eauwk9i/nQv5p3o_xP Elad Alfassa's DropBox folder]<br />
* [http://www.flickr.com/photos/barzogh/ Achraf Fouwad's Flickr Set]<br />
<br />
== Videos ==<br />
<br />
Tag your videos with ''mozcamp'' and ''mozcampeu2012''.<br />
<br />
* [http://vimeo.com/49453681 Firefox closing dance]<br />
* [https://www.youtube.com/watch?v=1nj0cTKAzaI The firefox costume]<br />
* [https://www.youtube.com/watch?v=z1pUiUrGaUI Firefox closing dance 2]<br />
* [https://www.youtube.com/watch?v=_HRiLIkzvFQ BananaBread demo]<br />
<br />
== Testimonials ==<br />
<br />
* "The Best Yet!" - Brian King<br />
* "it was my first Mozcabuddmp and it was AWESOME, met fantastic mozillians, my buddy Chris Heillman which is a genius, the sumo team gave me the motivation to settle soon a firefox-clinic ( i'll made a public annoucement about this very soon ).. i'm still nostalgic !* - Achraf Fouwad</div>Ananthttps://wiki.mozilla.org/index.php?title=MozCampEU2012/TheRecord&diff=472883MozCampEU2012/TheRecord2012-09-23T18:40:43Z<p>Anant: /* Blog Posts */</p>
<hr />
<div>= The Record of MozCamp EU 2012 =<br />
<br />
If you have blog posts, pictures, videos, or comments on on MozCamp EU 2012 in Warsaw, please add them here.<br />
<br />
== Blog Posts ==<br />
<br />
Tag your videos with ''mozcamp'' and ''mozcampeu2012''.<br />
<br />
* Oskar Ivanić: [https://gingerzillian.wordpress.com/2012/09/13/mozillians-at-warsaw-mozcamp/ Mozillians at Warsaw (MozCamp)]<br />
* Ludovic Hirlimann [http://sietch-tabr.tumblr.com/post/31270244886/my-mozcamp-warsaw-2012-recap My m0zcamp warsaw 2012 recap]<br />
* Taras Glek: [https://blog.mozilla.org/tglek/2012/09/18/moacamp-eu-in-warsaw/ MozCamp.EU in Warsaw]<br />
* Lawrence Mandel: [http://lawrencemandel.com/2012/09/21/mozcamp-eu-2012-in-a-word-passion/ MozCamp EU 2012 in a word: Passion]<br />
* Ibrahima Sarr: [http://i-sarr.ibrahima-sarr.com/?p=75#more-75/ MOZCAMP Europe 2012: A weekend to remember!]<br />
* Anant Narayanan: [http://kix.in/2012/09/16/mozcamp-eu-2012-mobilize-mozilla/ MozCampEU 2012: Mobilize Mozilla]<br />
<br />
== Photos ==<br />
<br />
Tag your photos with ''mozcamp'' and ''mozcampeu2012''.<br />
<br />
* [http://www.flickr.com/photos/king-molan/sets/72157631500382506/ Brian King's Flickr Set]<br />
* [http://www.flickr.com/photos/lhirlimann/sets/72157631431599232/ Ludovic Hirlimann's Flickr Set]<br />
* [http://www.flickr.com/photos/flore_frmoz/sets/72157631500309862/ Flore Allemandou's Flickr Set]<br />
* [http://www.flickr.com/photos/83973540@N02/sets/72157631512237089/ Lawrence Mandel's Flickr Set]<br />
* [https://www.dropbox.com/sh/j0pn6oc8eauwk9i/nQv5p3o_xP Elad Alfassa's DropBox folder]<br />
* [http://www.flickr.com/photos/barzogh/ Achraf Fouwad's Flickr Set]<br />
<br />
== Videos ==<br />
<br />
Tag your videos with ''mozcamp'' and ''mozcampeu2012''.<br />
<br />
* [http://vimeo.com/49453681 Firefox closing dance]<br />
* [https://www.youtube.com/watch?v=1nj0cTKAzaI The firefox costume]<br />
* [https://www.youtube.com/watch?v=z1pUiUrGaUI Firefox closing dance 2]<br />
<br />
== Testimonials ==<br />
<br />
* "The Best Yet!" - Brian King<br />
* "it was my first Mozcabuddmp and it was AWESOME, met fantastic mozillians, my buddy Chris Heillman which is a genius, the sumo team gave me the motivation to settle soon a firefox-clinic ( i'll made a public annoucement about this very soon ).. i'm still nostalgic !* - Achraf Fouwad</div>Ananthttps://wiki.mozilla.org/index.php?title=MozCampEU2012/Buddyprogram/AnantNarayanan&diff=466559MozCampEU2012/Buddyprogram/AnantNarayanan2012-09-01T09:58:23Z<p>Anant: </p>
<hr />
<div><h1>Name</h1><br />
Anant Narayanan<br />
<br />
<h1>Link to My Mozillians/Reps/Twitter Accounts</h1><br />
[http://twitter.com/#!/anantn @anantn]<br />
<br />
<h2>What is the overall goal I want to accomplish by attending MozCamp Europe</h2><br />
<ul><br />
<li>Help Mozillians learn more about our Apps program.</li><br />
<li>Demonstrate and enlist contributors for our WebRTC effort.</li><br />
<li>Meet old friends and make some new ones!</li><br />
</ul><br />
<br />
<h2>What I want to achieve by Sunday (September 9th)</h2><br />
<ul><br />
<li>Hope to have accomplished my goals above.</li><br />
</ul><br />
<br />
<h3>What I will achieve by September 23rd</h3><br />
<ul><br />
<li>Blog about my MozCampEU2012 experience.</li><br />
</ul><br />
<br />
<h3>What I will achieve by October 7th</h3><br />
<br />
[[Category:MozCampEU2012Buddy]]</div>Ananthttps://wiki.mozilla.org/index.php?title=MozCampEU2012/Buddyprogram/AnantNarayanan&diff=466558MozCampEU2012/Buddyprogram/AnantNarayanan2012-09-01T09:56:51Z<p>Anant: Created page with "<h1>Name</h1> Anant Narayanan <h1>Link to My Mozillians/Reps/Twitter Accounts</h1> [http://twitter.com/#!/anantn @anantn] <h2>What is the overall goal I want to accomplish by a..."</p>
<hr />
<div><h1>Name</h1><br />
Anant Narayanan<br />
<br />
<h1>Link to My Mozillians/Reps/Twitter Accounts</h1><br />
[http://twitter.com/#!/anantn @anantn]<br />
<br />
<h2>What is the overall goal I want to accomplish by attending MozCamp Europe</h2><br />
<ul><br />
<li>Help Mozillians learn more about our Apps program.</li><br />
<li>Demonstrate and enlist contributors for our WebRTC effort.</li><br />
<li>Meet old friends and make some new ones!</li><br />
</ul><br />
<br />
<h2>What I want to achieve by Sunday (September 9th)</h2><br />
Hope to have accomplished by goals above.<br />
<br />
<h3>What I will achieve by September 23rd</h3><br />
<ul><br />
<li>Blog about my MozCampEU2012 experience.</li><br />
</ul><br />
<br />
<h3>What I will achieve by October 7th</h3><br />
<br />
[[Category:MozCampEU2012Buddy]]</div>Ananthttps://wiki.mozilla.org/index.php?title=Events/Campus_Party&diff=463522Events/Campus Party2012-08-23T08:46:03Z<p>Anant: /* What is it? */</p>
<hr />
<div>__NOTOC__<br />
<br />
<div style="display:block;-moz-border-radius:10px;background-color:GhostWhite;padding:20px;margin-top:20px;"><br />
<br />
= Campus Party =<br />
[[Image:campus_party.png|500px|right]]<br />
[[Image:mozparty_circle.png|thumb|right]]<br />
<br />
This is a planning page for Mozilla goals and activities at [http://www.campus-party.org/ Campus Party]. <br />
<br />
Activities planned so far: <br />
<br />
* '''[[#Keynotes | Keynotes]]'''<br />
* '''[[#Webmaker_Pop_Up | Webmaker Pop Up]]'''<br />
* '''[[#App_Workshop | App Workshop]]'''<br />
* '''[[#Hacking Biological Open Data | Web and Science Design Jam]]'''<br />
* '''[[#Firefox_Flicks_Short-Film_Screening | Firefox Flicks Short-Film Screening]]'''<br />
<br />
Event Details: <br />
<br />
* August 21 - 26<br />
* Berlin, Tempelhof Airport<br />
* [http://www.campus-party.eu/2012/index.html Website]<br />
<br />
This event is part of the [https://webmaker.org/en-US/events/about/summer_campaign/ Mozilla Summer Code Party].<br />
<br />
== Goals ==<br />
<br />
* Share a vision of empowering a generation of webmakers.<br />
* Galvanize local learning organizations around learning and making on the web. <br />
* Weave webmaking into Mozilla's mobile efforts (Firefox OS).<br />
* Build web apps with European talent.<br />
* Seed a larger conversation about mobile webmaking in 2013.<br />
<br />
== Schedule ==<br />
<br />
{| class="wikitable" style="text-align:center; width:100%;"<br />
|+ Schedule<br />
|-<br />
|<br />
! scope="col" | Wednesday, Aug 23<br />
! scope="col" | Thursday, Aug 23<br />
! scope="col" | Friday, Aug 24<br />
! scope="col" | Sunday, Aug 26<br />
|-<br />
! scope="row" | Morning<br />
| style="background:PaleGreen"|<br />
| style="background: silver" | Pop-Up (10.00 - 12.00)<br />
| style="background:LightSteelBlue" | Pop-Up (10.00 - 12.00) & Mark keynote (11:00 - 12:00)<br />
| style="background:PaleGoldenrod" | Hive Berlin: Speed-Geeking Prep (12:00)<br />
|-<br />
! scope="row" | Afternoon<br />
| style="background:PaleGreen"| Mozfest Planning (13:30 & 15:30, internal)<br />
| style="background: silver" | Mozfest Planning (14:30, internal)<br />
| style="background:LightSteelBlue" | Christian Keynote (14:30 - 15:30), Tour of new Mozspace (16:00)<br />
| style="background:PaleGoldenrod" | Hive Berlin: Speed-Geeking (13:00 - 15:00)<br />
|-<br />
! scope="row" | Evening<br />
| style="background:PaleGreen"| Mozfest Fireside Chat (17:00)<br />
| style="background: silver" | Team dinner (19:00 at http://www.katerholzig.de/restaurant/ at KaterHolzig)<br />
| style="background:LightSteelBlue" | Firefox-Flicks Screening 8pm<br />
| style="background:PaleGoldenrod" |<br />
|-<br />
|}<br />
<br />
== Press Conference ==<br />
<br />
* August 7 10:30 - 11:30 near Rathaus Schöneberg.<br />
<br />
== Mozilla Office ==<br />
<br />
* Josetti Höfe. Rungestraße 22, 10179 Berlin. [https://plus.google.com/101136833803837150483/about?gl=de&hl=de Map]<br />
<br />
== Who's Coming ==<br />
<br />
* Michelle Thorne (Berlin)<br />
* Barbara Hueppe (Berlin)<br />
* Valerie Ponell (Berlin)<br />
* Eric Eitel (Berlin)<br />
* Rosana Ardila (Berlin)<br />
* Anant Narayanan (Netherlands)<br />
* Cole Gillespie (Berlin)<br />
* Laura Hilliger (Dresden)<br />
* John Bevan (London)<br />
* Chloe Varelidi (London)<br />
* Christian Heilmann (London)<br />
* Mark Surman (Toronto)<br />
* Ryan Merkley (Toronto)<br />
* Chris Lawrence (New York)<br />
* Rob Middleton (Mountain view)<br />
* Tobias Leingruber (Munich)<br />
* Toni Hermoso (Barcelona)<br />
* Alina Mierluș (Barcelona)<br />
* Forrest Oliphant (Helsinki)<br />
</div><br />
<br />
<div style="display:block;-moz-border-radius:10px;background-color:Steelblue;padding:20px;margin-top:20px;"><br />
<br />
=== Keynotes === <br />
<div style="display:block;background-color:LightSteelBlue;-moz-column-gap:20px;padding:20px;margin-top:20px;-moz-border-radius:10px;"><br />
<div style="width:100%;display:block;"><br />
<br />
[[Image:popup_thumb.jpg|right]]<br />
<br />
* Mark Surman (Executive Director of the Mozilla Foundation): <br />
** Topic: Movement Making: What we can learn from punk rock, scouts, and the Royal Society<br />
** Time: Friday, Aug. 24 from 11:00 - 12:00 on the Socrates stage.<br />
* Chris Heilmann (Principal Technical Evangelist at Mozilla): <br />
** Topic: Developing for the Mobile Web(?)<br />
** Time: Friday, Aug. 24 14:30 - 15:30 on Pythagoras, the developers stage.<br />
<br />
</div><br />
</div><br />
</div><br />
<br />
<br />
<div style="display:block;-moz-border-radius:10px;background-color:LimeGreen;padding:20px;margin-top:20px;"><br />
<br />
=== Webmaker Pop Up === <br />
<div style="display:block;background-color:PaleGreen;-moz-column-gap:20px;padding:20px;margin-top:20px;-moz-border-radius:10px;"><br />
<div style="width:100%;display:block;"><br />
<br />
[[Image:kitchen_table_thumb.jpg|right]]<br />
<br />
We'll host a tent with several learning stations teaching you to hack the web.<br />
<br />
==== What is it? ==== <br />
<br />
* A participatory 4-hour session with 5-7 learning stations. <br />
* It will be held twice during Campus Party (2x 4hr = 8hr total)<br />
* Participants move from station to station as they like, learning & making along the way.<br />
* At the end, we share back what we made & talk about next steps.<br />
<br />
==== What will the stations be? ==== <br />
<br />
* Tell a story with video & audio<br />
* Augment video & audio with live web content<br />
* Get started with HTML in fun, easy ways<br />
* Make a website to share your ideas with the world<br />
* Use data from the city to tell a story<br />
* Make a hackable app or animation with [http://meemoo.org/ Meemoo] visual programming<br />
<br />
==== Who should come? ====<br />
<br />
* Young adults<br />
* Their friends<br />
* Educators<br />
* Hackers<br />
* Lovers of media, tech and learning<br />
<br />
==== Planning ====<br />
<br />
* Mozilla coordinator: Michelle Thorne<br />
* Supported by: John Bevan (European Partners) and Chris Lawrence (Event Design)<br />
* Time: Thursday, Aug. 23 from 10:00 - 12:00 and Friday, Aug. 24 from 10:00 - 12:00<br />
* Space: Workshop Area 1<br />
* Equipment: 30 seats, tables, no wifi but LAN cable. Need to bring own computers.<br />
<br />
</div><br />
</div><br />
</div><br />
<br />
<div style="display:block;-moz-border-radius:10px;background-color:Silver;padding:20px;margin-top:20px;"><br />
<br />
=== App Workshop === <br />
<div style="display:block;background-color:LightGrey;-moz-column-gap:20px;padding:20px;margin-top:20px;-moz-border-radius:10px;"><br />
<div style="width:100%;display:block;"><br />
<br />
[[Image:hack_jam_thumb.jpg|right]]<br />
<br />
==== What is it? ==== <br />
<br />
Join Mozilla and Telefonica for a great day of open web hacking on Firefox OS. We'll start the day by introducing the Apps platform, the latest tools for app developers and the Gaia front-end for Firefox OS.<br />
<br />
We'll show you how to get started and present an overview of the platform. We'll be around all day on August 23rd to answer technical questions or provide feedback on your app project.<br />
<br />
==== Planning ====<br />
<br />
* Mozilla coordinator: Anant Narayanan<br />
* August 23, 2:30 - 6:00pm<br />
<br />
</div><br />
</div><br />
</div><br />
<br />
<div style="display:block;-moz-border-radius:10px;background-color:Khaki;padding:20px;margin-top:20px;"><br />
<br />
=== Hacking Biological Open Data === <br />
<div style="display:block;background-color:LightPink;-moz-column-gap:20px;padding:20px;margin-top:20px;-moz-border-radius:10px;"><br />
<div style="width:100%;display:block;"><br />
<br />
[[Image:popup_thumb.jpg|right]]<br />
* Who:<br />
** Toni Hermoso (Scientific Webmaker, Mozillian);<br />
** Alina Mierlus (Mozillian, session design); <br />
<br />
* Topic: Hacking Biological Open Data<br />
<br />
== What is it? == <br />
<br />
During this hands-on session we would like to show existing public<br />
available biological resources and explore how anyone, not necessarily<br />
from an academical background, can use and remix them in their own<br />
projects.<br />
<br />
The session aims to be a design/hack jam session that, from<br />
existing bibliographic, taxonomy and genomic projects data, enables<br />
anyone to make tools that can potentially address biologically (or<br />
even personal) relevant questions.<br />
<br />
** Time: Saturday, Aug. 25 from 10:00 - 12:00 on workshops area (tbd).<br />
<br />
==== Planning ====<br />
<br />
* Coordinators: Toni and Alina<br />
* Equipment needs: people should bring their computers, WiFi.<br />
* Space needs: <br />
* Time needs?<br />
<br />
</div><br />
</div><br />
</div><br />
<br />
<br />
<div style="display:block;-moz-border-radius:10px;background-color:#e06666;padding:20px;margin-top:20px;"><br />
=== Firefox Flicks Short-Film Screening === <br />
<div style="display:block;background-color:#ea9999;-moz-column-gap:20px;padding:20px;margin-top:20px;-moz-border-radius:10px;"><br />
<div style="width:100%;display:block;"><br />
<br />
[[Image:Flicks_logo_500px.png|right|250px]]<br />
<br />
==== What is it? ==== <br />
<br />
* Firefox Flicks is a global short-film competition to tell the story of Firefox. http://firefoxflicks.org<br />
* Tobias Leingruber will show & moderate winning-entries of the Flicks 2012 short-film competition<br />
* There will also be a basic introduction about Mozilla & Firefox Flicks + insights on the upcoming 2013 competition.<br />
<br />
==== Where and when? ==== <br />
Friday, 20:00-21:00; Mixed Media Space (More details TBA)<br />
<br />
==== Planning ====<br />
<br />
* Mozilla coordinator: Tobias Leingruber, Brand Engagement (twitter.com/tbx)<br />
* Equipment needs: 1 projector with video-adapter for current MacBook; Audio-set to plug-in computer and show films; Fast internet connection; Eventually USB-LAN adapter since I will be using a MacBook Air.<br />
* Space needs? The bigger the better ;D<br />
* Time needs? 1h<br />
<br />
[[Image:Flicks_berlin_CAMPUS_PARTY_small.jpg|center|640px]]<br />
<br />
</div><br />
</div><br />
</div></div>Ananthttps://wiki.mozilla.org/index.php?title=Apps/ShowAndTells&diff=459981Apps/ShowAndTells2012-08-10T17:37:08Z<p>Anant: </p>
<hr />
<div>= Meeting information =<br />
* Fridays, noon Pacific<br />
* How to join:<br />
** Room '''Warp Core''' via [https://intranet.mozilla.org/Webdev:Vidyo Vidyo]<br />
*** please mute and turn off your camera, so everyone can see the shared screens.<br />
** Room '''9 5312''' via [[Teleconferencing]]<br />
** Mountain View office in room '''Warp Core'''<br />
* irc.mozilla.org #openwebapps for backchannel<br />
<br />
= 2012-08-10 =<br />
<br />
== WebRT on desktop (including webapp mode and native app experience) ==<br />
<br />
== WebRT on Android (including webapp mode and native app experience) ==<br />
<br />
== Apps in the Cloud ==<br />
<br />
== Marketplace - developer interfaces on desktop; consumer interfaces on mobile & desktop ==<br />
<br />
== Developer Ecosystem - everything else that leads to more Apps in our marketplace ==<br />
<br />
== Other - Apps Hack Day ==<br />
WebRTC-BrowserID integration demo!<br />
<br />
= History =<br />
Older show and tells - https://wiki.mozilla.org/Apps/ShowAndTells/Older</div>Ananthttps://wiki.mozilla.org/index.php?title=Events/Campus_Party&diff=457243Events/Campus Party2012-08-02T05:06:13Z<p>Anant: /* What is it? */</p>
<hr />
<div>__NOTOC__<br />
<br />
<div style="display:block;-moz-border-radius:10px;background-color:GhostWhite;padding:20px;margin-top:20px;"><br />
<br />
= Campus Party =<br />
[[Image:campus_party.png|500px|right]]<br />
[[Image:mozparty_circle.png|thumb|right]]<br />
<br />
This is a planning page for Mozilla goals and activities at [http://www.campus-party.org/ Campus Party]. <br />
<br />
Activities planned so far: <br />
<br />
* '''[[#Keynotes | Keynotes]]'''<br />
* '''[[#Webmaker_Pop_Up | Webmaker Pop Up]]'''<br />
* '''[[#App_Workshop | App Workshop]]'''<br />
* '''[[#MDN_& _Apps_Localization_Sprint | MDN & Apps Localization Sprint]]'''<br />
* '''[[#Hacking Biological Open Data | Web and Science Design Jam]]'''<br />
* '''[[#Firefox_Flicks_Short-Film_Screening | Firefox Flicks Short-Film Screening]]'''<br />
<br />
Event Details: <br />
<br />
* August 21 - 26<br />
* Berlin, Tempelhof Airport<br />
* [http://www.campus-party.eu/2012/index.html Website]<br />
<br />
This event is part of the [https://webmaker.org/en-US/events/about/summer_campaign/ Mozilla Summer Code Party].<br />
<br />
== Goals ==<br />
<br />
* Share a vision of empowering a generation of webmakers.<br />
* Galvanize local learning organizations around learning and making on the web. <br />
* Weave webmaking into Mozilla's mobile efforts (Firefox OS).<br />
* Build web apps with European talent.<br />
* Seed a larger conversation about mobile webmaking in 2013.<br />
<br />
== Schedule ==<br />
<br />
{| class="wikitable" style="text-align:center; width:100%;"<br />
|+ Schedule<br />
|-<br />
|<br />
! scope="col" | Thursday, Aug 23<br />
! scope="col" | Friday, Aug 24<br />
! scope="col" | Saturday, Aug 25<br />
! scope="col" | Sunday, Aug 26<br />
|-<br />
! scope="row" | Morning<br />
| style="background: silver" | Pop-Up<br />
| style="background:LightSteelBlue" | Pop-Up & Mark keynote<br />
| style="background:PaleGreen"| Mozfest Planning (internal)<br />
| style="background:PaleGoldenrod" | Hive Berlin: Speed-Geeking Prep<br />
|-<br />
! scope="row" | Afternoon<br />
| style="background: silver" | Press event at office<br />
| style="background:LightSteelBlue" | Tour of new Mozspace<br />
| style="background:PaleGreen" | Mozfest Planning (internal) <br />
| style="background:PaleGoldenrod" | Hive Berlin: Speed-Geeking<br />
|-<br />
! scope="row" | Evening<br />
| style="background: silver" | Team dinner<br />
| style="background:LightSteelBlue" | Firefox-Flicks Screening 8pm<br />
| style="background:PaleGreen" | <br />
| style="background:PaleGoldenrod" |<br />
|-<br />
|}<br />
<br />
== Press Conference ==<br />
<br />
* August 7 10:30 - 11:30 near Rathaus Schöneberg.<br />
<br />
== Who's Coming ==<br />
<br />
* Michelle Thorne (Berlin)<br />
* Barbara Hueppe (Berlin)<br />
* Cole Gillespie (Berlin)<br />
* Laura Hilliger (Dresden)<br />
* John Bevan (London)<br />
* Chloe Varelidi (London)<br />
* Christian Heilmann (London)<br />
* Mark Surman (Toronto)<br />
* Ryan Merkley (Toronto)<br />
* Chris Lawrence (New York)<br />
* Rob Middleton (Mountain view)<br />
* Tobias Leingruber (Munich)<br />
* Toni Hermoso (Barcelona)<br />
* Alina Mierluș (Barcelona)<br />
* Jean-Yves Perrier<br />
</div><br />
<br />
<div style="display:block;-moz-border-radius:10px;background-color:Steelblue;padding:20px;margin-top:20px;"><br />
<br />
=== Keynotes === <br />
<div style="display:block;background-color:LightSteelBlue;-moz-column-gap:20px;padding:20px;margin-top:20px;-moz-border-radius:10px;"><br />
<div style="width:100%;display:block;"><br />
<br />
[[Image:popup_thumb.jpg|right]]<br />
<br />
* Mark Surman (Executive Director of the Mozilla Foundation): <br />
** Topic: Movement Making: What we can learn from punk rock, scouts, and the Royal Society<br />
** Time: Friday, Aug. 24 from 11:00 - 12:00 on the Socrates stage.<br />
* Chris Heilmann (Principal Technical Evangelist at Mozilla): <br />
** Topic: Developing for the Mobile Web(?)<br />
** Time: Friday, Aug. 24 on the developers stage.<br />
<br />
==== Planning ====<br />
<br />
* Mozilla coordinator: Mark Surman<br />
* Equipment needs?<br />
* Space needs?<br />
* Time needs?<br />
<br />
</div><br />
</div><br />
</div><br />
<br />
<br />
<div style="display:block;-moz-border-radius:10px;background-color:LimeGreen;padding:20px;margin-top:20px;"><br />
<br />
=== Webmaker Pop Up === <br />
<div style="display:block;background-color:PaleGreen;-moz-column-gap:20px;padding:20px;margin-top:20px;-moz-border-radius:10px;"><br />
<div style="width:100%;display:block;"><br />
<br />
[[Image:kitchen_table_thumb.jpg|right]]<br />
<br />
We'll host a tent with several learning stations teaching you to hack the web.<br />
<br />
==== What is it? ==== <br />
<br />
* A participatory 4-hour session with 5-7 learning stations. <br />
* It will be held twice during Campus Party (2x 4hr = 8hr total)<br />
* Participants move from station to station as they like, learning & making along the way.<br />
* At the end, we share back what we made & talk about next steps.<br />
<br />
==== What will the stations be? ==== <br />
<br />
* Tell a story with video & audio<br />
* Augment video & audio with live web content<br />
* Get started with HTML in fun, easy ways<br />
* Make a website to share your ideas with the world<br />
* Use data from the city to tell a story<br />
<br />
==== Who should come? ====<br />
<br />
* Young adults<br />
* Their friends<br />
* Educators<br />
* Hackers<br />
* Lovers of media, tech and learning<br />
<br />
==== Planning ====<br />
<br />
* Mozilla coordinator: Michelle Thorne<br />
* Supported by: John Bevan (European Partners) and Chris Lawrence (Event Design)<br />
* Time: Thursday, Aug. 23 from 10:00 - 12:00 and Friday, Aug. 24 from 10:00 - 12:00<br />
* Equipment: 30 seats, tables, no wifi but LAN cable. Need to bring own computers.<br />
* Space needs?<br />
<br />
</div><br />
</div><br />
</div><br />
<br />
<div style="display:block;-moz-border-radius:10px;background-color:Silver;padding:20px;margin-top:20px;"><br />
<br />
=== App Workshop === <br />
<div style="display:block;background-color:LightGrey;-moz-column-gap:20px;padding:20px;margin-top:20px;-moz-border-radius:10px;"><br />
<div style="width:100%;display:block;"><br />
<br />
[[Image:hack_jam_thumb.jpg|right]]<br />
<br />
==== What is it? ==== <br />
<br />
A workshop around building HTML5 web apps. Led by Mozilla's App team member, Anant Narayanan.<br />
<br />
==== Planning ====<br />
<br />
* Mozilla coordinator: ?<br />
* Equipment needs?<br />
* Space needs?<br />
* Time needs?<br />
<br />
</div><br />
</div><br />
</div><br />
<br />
<div style="display:block;-moz-border-radius:10px;background-color:Khaki;padding:20px;margin-top:20px;"><br />
<br />
=== MDN & Apps Localization Sprint === <br />
<div style="display:block;background-color:PaleGoldenrod;-moz-column-gap:20px;padding:20px;margin-top:20px;-moz-border-radius:10px;"><br />
<div style="width:100%;display:block;"><br />
<br />
[[Image:Kitchen_beta2.jpg|right|250px]]<br />
<br />
==== What is it? ==== <br />
<br />
Mozilla Developer Network is a resource for web developers to learn about web technologies (HTML, CSS, JS, etc.) and App development, as well as Mozilla products and technologies such as FireFoxOS, Marketplace. This Workshop will focus on attendees writing & translating documentation, as well as connect to the Mozilla community.<br />
<br />
All attendees will be able to<br />
<br />
* Hands-on translate pages on MDN / translate Apps<br />
* Set up new locales for translation, if needed<br />
* Meet and coordinate with other contributors to halp build a l10n community<br />
<br />
====Desired Audience Type or Skill-set:==== <br />
<br />
Current Mozillians, new localizers, translators, and people w/o experience with MDN/Apps are welcome. Being able to read English is helpful as this is the language of most of the source documentation.<br />
<br />
====Short promo ====<br />
<br />
Help make more translated Apps and documentation on the Mozilla Developers Network more relevant & available to users and developers in your language. Come by for an hour or an afternoon, pick a project, and help us translate. Don’t know how to code? No problem! You can contribute to the promotion HTML Apps, and/or OpenWeb technologies by translating documentation and guides (Apps, HTML, CSS, Javascript, & more). Coders can help update our documentation and add their knowledge to that of thousands of Mozilla contributors – from documentation for FireFox to HTML5. Everyone is welcome! Together we can continue to drive innovation on the Web to serve the greater good. It starts here, with you.<br />
<br />
====Localization Sprint Plan====<br />
<br />
Have 2-3 MDN team members present at all times. Sprint Lasts 3-4 hours.<br />
<br />
# 15 minute presentation on Mozilla mission & MDN<br />
# 15 minutes - walk through how to edit/translate docs & tools<br />
# Get to work! Loosely structured format – list of recommended pages to translate/update will be provided – people come in, pick a project, and get to work. They can stay as long or short as they want.<br />
<br />
==== Planning ====<br />
<br />
* Mozilla coordinator: Jean-Yves Perrier<br />
<br />
</div><br />
</div><br />
</div><br />
<br />
<br />
<div style="display:block;-moz-border-radius:10px;background-color:pink;padding:20px;margin-top:20px;"><br />
<br />
=== Hacking Biological Open Data === <br />
<div style="display:block;background-color:LightPink;-moz-column-gap:20px;padding:20px;margin-top:20px;-moz-border-radius:10px;"><br />
<div style="width:100%;display:block;"><br />
<br />
[[Image:popup_thumb.jpg|right]]<br />
* Who:<br />
** Toni Hermoso (Scientific Webmaker, Mozillian);<br />
** Alina Mierlus (Mozillian, session design); <br />
<br />
* Topic: Hacking Biological Open Data<br />
<br />
== What is it? == <br />
<br />
During this hands-on session we would like to show existing public<br />
available biological resources and explore how anyone, not necessarily<br />
from an academical background, can use and remix them in their own<br />
projects.<br />
<br />
The session aims to be a design/hack jam session that, from<br />
existing bibliographic, taxonomy and genomic projects data, enables<br />
anyone to make tools that can potentially address biologically (or<br />
even personal) relevant questions.<br />
<br />
** Time: Friday, Aug. 24 from 14:30 - 16:30 on workshops area (tbd).<br />
<br />
==== Planning ====<br />
<br />
* Coordinators: Toni and Alina<br />
* Equipment needs: people should bring their computers, WiFi.<br />
* Space needs: <br />
* Time needs?<br />
<br />
</div><br />
</div><br />
</div><br />
<br />
<br />
<div style="display:block;-moz-border-radius:10px;background-color:#e06666;padding:20px;margin-top:20px;"><br />
=== Firefox Flicks Short-Film Screening === <br />
<div style="display:block;background-color:#ea9999;-moz-column-gap:20px;padding:20px;margin-top:20px;-moz-border-radius:10px;"><br />
<div style="width:100%;display:block;"><br />
<br />
[[Image:Flicks_logo_500px.png|right|250px]]<br />
<br />
==== What is it? ==== <br />
<br />
* Firefox Flicks is a global short-film competition to tell the story of Firefox. http://firefoxflicks.org<br />
* Tobias Leingruber will show & moderate winning-entries of the Flicks 2012 short-film competition<br />
* There will also be a basic introduction about Mozilla & Firefox Flicks + insights on the upcoming 2013 competition.<br />
<br />
==== Where and when? ==== <br />
Friday, 20:00-21:00; Mixed Media Space (More details TBA)<br />
<br />
==== Planning ====<br />
<br />
* Mozilla coordinator: Tobias Leingruber, Brand Engagement (twitter.com/tbx)<br />
* Equipment needs: 1 projector with video-adapter for current MacBook; Audio-set to plug-in computer and show films; Fast internet connection; Eventually USB-LAN adapter since I will be using a MacBook Air.<br />
* Space needs? The bigger the better ;D<br />
* Time needs? 1h<br />
<br />
[[Image:Flicks_berlin_CAMPUS_PARTY_small.jpg|center|640px]]<br />
<br />
</div><br />
</div><br />
</div></div>Ananthttps://wiki.mozilla.org/index.php?title=MozCampEU2012/ProposedTalks&diff=455318MozCampEU2012/ProposedTalks2012-07-27T02:02:42Z<p>Anant: /* PLEASE NOTE: The link to your wiki page should appear as your NAME (and not your proposed participation) */</p>
<hr />
<div>==MozCamp Format Reminder==<br />
<br />
For MozCamp Europe, we're evolving the format from presentation-based conference to an interactive camp featuring tracks, workshops, sprints, and hacking opportunities with clear deliverables + goals to achieve by the end of the weekend. <br />
<br />
For a list of our MozCamp goals, please see here: https://wiki.mozilla.org/MozCampEU2012/Tracks<br />
<br />
With this new format, we ask that at least 40% of each presentation be an interactive activity which results in an outcome or deliverable which furthers these goals. This activity can take many forms. Examples include: <br />
<br />
*Tutorial on how to contribute to B2G<br />
*Code of Conduct Discussion<br />
*Workshop on how to recruit HTML5 developers<br />
*Apps Brainstorm + Creation Sprint<br />
<br />
==Ways to Participate in MozCamp==<br />
<br />
There are two key ways in which an individual can participate in MozCamp: <br />
<br />
1. Host or co-host a Session<br />
<br />
2. Join the onsite team to help support and run the event<br />
<br />
==Host or cohost a session or workshop==<br />
<br />
1. Review the MozCamp goals, tracks, and sessions that we're on the lookout for here: https://wiki.mozilla.org/MozCampEU2012/Tracks<br />
<br />
2. Make your proposal compelling by being able to illustrate in your wiki page how the content of your session will help accomplish the larger MozCamp goals. <br />
<br />
3. Decide on the ideal length of your session. Proposals will be considered for sessions of 30, 60, 90, or 120 minutes (with exceptions for shorter workshops and sprints). <br />
<br />
4. Decide the track in which your session would best belong. The MozCamp are as follows:<br />
<br />
*Apps + B2G<br />
<br />
*Mobile + Desktop<br />
<br />
*Grow Mozilla<br />
<br />
5. Create a wiki page (according to the format listed below) and post the link to this wiki page under the track in which you would anticipate giving your talk.<br />
<br />
'''<font color="red">NOTE: You attendance at MozCamp Europe is dependent on your completion of a wiki page. All wiki pages must be linked to the appropriate track under "List of Participation Proposals" by JULY 26th. It should take you ~5 minutes to complete the wiki page.</font>'''<br />
<br />
===Template for Participation Proposal [Hosting or co-hosting a Session]===<br />
<br />
<pre><br />
<br />
'''Title of Session (should also be the title of your Wiki page)''':<br />
<br />
'''Facilitator(s)''':<br />
<br />
'''Are you paid or volunteer staff?''':<br />
<br />
'''Area of Contribution (Team Name)''':<br />
<br />
'''How are you currently involved with the community?''':<br />
<br />
'''Location of Work (where do you reside?)''':<br />
<br />
'''Talk Length (please choose between 30, 60, 90, 120 minutes)''':<br />
<br />
'''Summary''':<br />
<br />
'''How your session furthers the MozCamp Goals (https://wiki.mozilla.org/MozCampEU2012/Tracks)''':<br />
<br />
'''Expected Outcome or Deliverable''':<br />
<br />
'''Desired Audience Type or Skill-set''':<br />
<br />
'''Equipment Needs (Video projector already included)''': <br />
<br />
--------------------------------------------------------------------<br />
<br />
To Be Completed by the Audience-<br />
<br />
(If you would like) Submit a Question for the Speaker(s) or indicate what <br />
information you hope to gain by attending this talk here:<br />
<br />
Place your name here if you would like to attend this talk:<br />
<br />
</pre><br />
<br />
==List of Participation Proposals [Hosting or co-hosting a Session]==<br />
<br />
===Desktop and Mobile===<br />
<br />
Please submit all participation proposals for the Desktop and Mobile Track here: https://wiki.mozilla.org/MozCampEU/Schedule/Desktopandmobile<br />
<br />
===Boot-to-Gecko and Apps===<br />
<br />
Please submit all participation proposals for the B2G and Apps Track here: https://wiki.mozilla.org/MozCampEU2012/Schedule/appsandb2g<br />
<br />
===Grow Mozilla===<br />
<br />
Please submit all participation proposals for the Grow Mozilla Track here: https://wiki.mozilla.org/MozCampEU2012/Schedule/GrowMozilla<br />
<br />
==Attend (with a set of team objectives) or join the onsite team to help support and run the event==<br />
<br />
If you are not interested in giving a talk, but still would like to be an active participant at MozCamp Europe, there are many roles which you could propose to fill, including:<br />
<br />
*Recruit volunteers into a functional area<br />
*Engage with your current active + core contributors and work with them on how you can realign your activities in order to further Mozilla's 2012 goals<br />
*Re-group with your core contributors and make substantial progress on some of the initiatives you've set forth for the year<br />
*Volunteer coordinator (for those individuals who will be volunteering at the event)<br />
*Leadership Q&A moderator<br />
*Assistance with Welcome Event or Saturday night dinner<br />
*Track lead support <br />
*Communications lead (responsible for compiling the MozCamp Guidebook and daily communications at the event itself)<br />
*Gear organizer <br />
*Keeper of the Firefox costume (and it's schedule)<br />
*Edit the wiki<br />
*Dress up as Firefox to welcome people to the event :-)<br />
<br />
For more questions on how to be directly involved with MozCamp (without giving a talk), please contact Kate directly at knaszradi@mozilla.com<br />
<br />
===Template to use for a Participation Proposal [Attend with team objectives or join the onsite team to help support and run the event]===<br />
<br />
<pre><br />
<br />
PLEASE NOTE: The link to your wiki page should appear as your NAME (and not your proposed participation)<br />
<br />
Name:<br />
<br />
Area of Contribution (Team Name):<br />
<br />
Paid or Non-paid Staff:<br />
<br />
How are you currently involved with (or in) the community?:<br />
<br />
Location of Work (where do you reside?):<br />
<br />
How you would like to participate in MozCamp:<br />
<br />
How your presence would help further the MozCamp goals (https://wiki.mozilla.org/MozCampEU2012/Tracks):<br />
<br />
Goals in Attending MozCamp:<br />
<br />
</pre><br />
<br />
==List of Participation Proposals [Attend with team objectives or join the onsite team to help support and run the event]==<br />
<br />
====PLEASE NOTE: The link to your wiki page should appear as your NAME (and not your proposed participation)====<br />
<br />
1. [https://wiki.mozilla.org/MozCampEU2012/Edit-Wiki Jennifer Zickerman] (Edit the Wiki)<br />
<br />
2. [https://wiki.mozilla.org/MozCampEU2012/Thunderbird Anne Marie Bourcier] (Thunderbird Summit Support)<br />
<br />
3. [https://wiki.mozilla.org/MozCampEU2012/Leadership_QA Gervase Markham] (Leadership Q&A Moderation Assistance)<br />
<br />
4. [https://wiki.mozilla.org/MozCampEU2012/Recruit-New-QA Marcia Knous] (Recruit New QA)<br />
<br />
5. [https://wiki.mozilla.org/MozCampEU2012/Gear-Organizer Blake Winton] (Gear Organizer)<br />
<br />
6. [https://wiki.mozilla.org/MozCampEU2012/BYK Burak Yiğit Kaya] (Generic)<br />
<br />
7. [https://wiki.mozilla.org/MozCampEU2012/Another-Gear-Organizer Mike Conley] (Gear Organizer)<br />
<br />
8. [https://wiki.mozilla.org/MozCampEU2012/evangelism-reps-training Christian Heilmann and Tristan Nitot] (Evangelism Reps Training)<br />
<br />
9. [https://wiki.mozilla.org/MozCampEU2012/JulianViereck Julian Viereck] (Assistance with Welcome Event)<br />
<br />
10.[https://wiki.mozilla.org/MozCampEU2012/AMOEditor_Meetup Andrew Williamson] (Meetup with Addon Editors on AMO)<br />
<br />
11.[https://wiki.mozilla.org/MozCampEU2012/RolandTanglao Roland Tanglao] (Assist with Welcome Event and help Jen with Wiki if more than one person is needed)<br />
<br />
12.[https://wiki.mozilla.org/MozCampEU2012/MichelleMarovich Michelle Marovich] (Assist with Welcome Event, Support As Needed)<br />
<br />
13.[https://wiki.mozilla.org/MozCampEU2012/Sandraghassen S Pillai](Volunteer coordinator (for those individuals who will be volunteering at the event) )<br />
<br />
14. [https://wiki.mozilla.org/MozCampEU2012/Firefox_Flicks_2013 Tobias Leingruber] (Brand Engagement) Title: "Firefox Flicks 2013 - Get involved!"<br />
<br />
15. [https://wiki.mozilla.org/MozCampEU2012/Community_Voices_15_Years_of_Mozilla Eric Eitel] Community Voices "15 Years of Mozilla"<br />
<br />
16. [https://wiki.mozilla.org/MozCampEU2012/FirefoxOS-launch Fabio Magnoni] Firefox OS launch<br />
<br />
17. [https://wiki.mozilla.org/MozCampEU2012/IrvingReid Irving Reid] Thunderbird community, Setup and Support<br />
<br />
18. [https://wiki.mozilla.org/MozCampEU2012/Manifesto_Evolution Alex Fowler] Evolution of Mozilla Manifesto<br />
<br />
19. [https://wiki.mozilla.org/MozCampEU2012/Manifesto_Help Stacy Martin] Manifesto Session and Privacy<br />
<br />
20. [[MozCampEU2012/WebAPI | Andrew Overholt, Jan Varga, and Andrea Marchesini]] WebAPI Outreach<br />
<br />
21. [https://wiki.mozilla.org/MozCampEU2012/AndreiHajdukewycz Andrei Hajdukewycz] Thunderbird community & support, keeper of the firefox costume, or whatever else.<br />
<br />
22. [https://wiki.mozilla.org/MozCampEU2012/AppsHacking Anant Narayanan] Help run the Apps track.<br />
<br />
==Indicate which Sessions you'd like to attend==<br />
<br />
Please let us know which talk you are interested in attending by including your name on the talk's wiki page under the category, 'Place your name here if you would like to attend this talk'. '''<font color="red">Please indicate which talks you would like to attend by JULY 30th.</font>'''</div>Ananthttps://wiki.mozilla.org/index.php?title=MozCampEU2012/AppsHacking&diff=455317MozCampEU2012/AppsHacking2012-07-27T02:01:52Z<p>Anant: Created page with "Name: Anant Narayanan Area of Contribution (Team Name): Labs Paid or Non-paid Staff: Paid How are you currently involved with (or in) the community?: I'm a tech lead on the Ap..."</p>
<hr />
<div>Name: Anant Narayanan<br />
<br />
Area of Contribution (Team Name): Labs<br />
<br />
Paid or Non-paid Staff: Paid<br />
<br />
How are you currently involved with (or in) the community?: I'm a tech lead on the Apps team and would love to help spread the word about what we're doing and how the community can help. I've previously given various talks at MozCamps, introducing the community to new Mozilla projects. <br />
<br />
Location of Work (where do you reside?): San Francisco<br />
<br />
How you would like to participate in MozCamp: I'd like to help organize and run the Apps track, and conduct an apps hack session with interested developers (or co-host if one has already been proposed and accepted).<br />
<br />
Goals in Attending MozCamp: Drive interest and awareness of the Mozilla Apps initiative, and engage with all interested community members, Mozillians or otherwise.</div>Ananthttps://wiki.mozilla.org/index.php?title=MozCampEU2012/WebRTC-demystified&diff=455159MozCampEU2012/WebRTC-demystified2012-07-26T18:31:08Z<p>Anant: </p>
<hr />
<div>'''Title of Session (should also be the title of your Wiki page)''': WebRTC Demystified: What is it & how can you help?<br />
<br />
'''Facilitator(s)''': Anant Narayanan<br />
<br />
'''Are you paid or volunteer staff?''': Paid<br />
<br />
'''Area of Contribution (Team Name)''': Labs<br />
<br />
'''How are you currently involved with the community?''': I'm an editor for the WebRTC specification on behalf of Mozilla at the W3C and work with the Mozilla media team on the Firefox implementation. I've previously given various talks at MozCamps, introducing the community to new Mozilla projects.<br />
<br />
'''Location of Work (where do you reside?)''': San Francisco<br />
<br />
'''Talk Length (please choose between 30, 60, 90, 120 minutes)''': 60<br />
<br />
'''Summary''': [[WebRTC]] (Web Real Time Communication) is an exciting new technology that will enable web developers to build interesting applications involving video and audio communications. This talk will give an overview of the various APIs that will be made available via JavaScript to access the local webcam & microphone, as well as APIs to create peer-to-peer channels to transmit audio, video and other arbritrary data. We will then delve into how the project is currently architectured, and how you can get involved!<br />
<br />
'''How your session furthers the MozCamp Goals (https://wiki.mozilla.org/MozCampEU2012/Tracks)''': Builds awareness and encourages contributors for a Mobile+Desktop Firefox feature.<br />
<br />
'''Expected Outcome or Deliverable''': Spread the word about WebRTC, encourage developers to contribute and build novel applications based on the technology.<br />
<br />
'''Desired Audience Type or Skill-set''': Basic understanding of JavaScript required, C++ hackers welcome. The first half of the talk should be interesting to everyone (there will be demos), the latter half will be focused on how the community can make technical contributions to the project.<br />
<br />
'''Equipment Needs (Video projector already included)''': N/A<br />
<br />
--------------------------------------------------------------------<br />
<br />
To Be Completed by the Audience-<br />
<br />
(If you would like) Submit a Question for the Speaker(s) or indicate what <br />
information you hope to gain by attending this talk here:<br />
<br />
Place your name here if you would like to attend this talk:</div>Ananthttps://wiki.mozilla.org/index.php?title=MozCampEU2012/WebRTC-demystified&diff=455154MozCampEU2012/WebRTC-demystified2012-07-26T18:28:29Z<p>Anant: </p>
<hr />
<div>'''Title of Session (should also be the title of your Wiki page)''': WebRTC Demystified: What is it & how can you help?<br />
<br />
'''Facilitator(s)''': Anant Narayanan<br />
<br />
'''Are you paid or volunteer staff?''': Paid<br />
<br />
'''Area of Contribution (Team Name)''': Labs<br />
<br />
'''How are you currently involved with the community?''': I'm an editor for the WebRTC specification on behalf of Mozilla at the W3C and work with the Mozilla media team on the Firefox implementation. I've previously given various talks at MozCamps, introducing the community to new Mozilla projects.<br />
<br />
'''Location of Work (where do you reside?)''': San Francisco<br />
<br />
'''Talk Length (please choose between 30, 60, 90, 120 minutes)''': 60<br />
<br />
'''Summary''': [[WebRTC]] (Web Real Time Communication) is an exciting new technology that will enable web developers to build interesting applications involving video and audio communications. This talk will give an overview of the various APIs that will be made available via JavaScript to access the local webcam & microphone, as well as APIs to create peer-to-peer channels to transmit audio, video and other arbritrary data. We will then delve into how the project is currently architectured, and how you can get involved!<br />
<br />
'''How your session furthers the MozCamp Goals (https://wiki.mozilla.org/MozCampEU2012/Tracks)''': Builds awareness and encourages contributors for a Mobile+Desktop Firefox feature.<br />
<br />
'''Expected Outcome or Deliverable''': Spread the word about WebRTC, encourage developers to contribute and build novel applications based on the technology.<br />
<br />
'''Desired Audience Type or Skill-set''': Basic understanding of JavaScript required, C++ hackers welcome. The first half of the talk should be interesting to everyone (there will be demos), the latter half will be focused on how the community can make technical contributions to the project.<br />
<br />
'''Equipment Needs (Video projector already included)''': N/A</div>Ananthttps://wiki.mozilla.org/index.php?title=MozCampEU/Schedule/Desktopandmobile&diff=455146MozCampEU/Schedule/Desktopandmobile2012-07-26T18:20:36Z<p>Anant: </p>
<hr />
<div>==Desktop and Mobile Track==<br />
<br />
List of Proposed Sessions:<br />
<br />
1. [[MozCampEU2012/Brainstorming:Firefox User Experience (UX) Feedback)|Brainstorming: User Experience (UX) Feedback ]]<br />
<br />
2. [[MozCampEU2012/Opening_Up_the_Mobile_Web_for_Firefox|Hands-on: Opening Up the Mobile Web for Firefox]]<br />
<br />
3. [[MozCampEU2012/Firefox Stability Programs|Firefox Stability Programs: How we use crash statistics, telemetry, and other measures to improve the stability of Firefox and 3rd-party software]]<br />
<br />
4. [[MozCampEU2012/Add-ons-Back-On-Top|Add-ons back on top! Get excited about upcoming UI changes in Firefox and how they will give add-on developers much more interesting ways to integrate with the Firefox UI]]<br />
<br />
5. [[MozCampEU2012/Firebug-tips-and-tricks|Firefox for Developers: Firebug Tips & Tricks]]<br />
<br />
6. [[MozCampEU2012/Pocket Sized Add-ons: Extension development for Firefox Mobile|Pocket Sized Add-ons: Extension development for Firefox Mobile]]<br />
<br />
7. [[MozCampEU2012/Release-Management|Here Come the Trains: Releasing Mozilla Products, Growing the Mozilla Community]] (could also fit under the other two tracks)<br />
<br />
8. [[MozCampEU2012/Security_and_Privacy_Roadmap|Security and Privacy Roadmap - and YOU!]]<br />
<br />
9. [[MozCampEU2012/FirefoxDesktop:WriteCode|Write code for Firefox]] (desktop, for super beginners, css/js/xml)<br />
<br />
10. [[MozCampEU2012/Firefox-for-Android-community-marketing-plan|Firefox for Android community marketing plan & updates]]<br />
<br />
11. [[MozCampEU2012/Schedule/Desktopandmobile/Build_and_Release|Mozilla Build and Release]]<br />
<br />
12. [[MozCampEU2012/Schedule/Desktopandmobile/Firefox-for-Android-support|Firefox for Android support]]<br />
<br />
13. [[MozCampEU2012/Schedule/Desktopandmobile/All-About-Performance|All About Performance]]<br />
<br />
14. [[MozCampEU2012/Schedule/Desktopandmobile/Firefox-L10n-Under-Rapid-Release|Firefox L10n Under Rapid Release]]<br />
<br />
15. [[MozCampEU2012/Schedule/Desktopandmobile/hands-on-profiling|Hands-on Profiling: Scratch Your Own Itch]]<br />
<br />
16. [[MozCampEU2012/FirefoxDesktop:IntroducingSocialAPI|Introducing the Social API]] (overview and workshop)<br />
<br />
17. [[MozCampEU2012/DesigningUsableSecurity|Designing Usable Security: Is it Secure if it's Unusable?]] (overview and workshop)<br />
<br />
18. [https://wiki.mozilla.org/MozCampEU2012/Firefox_Flicks_2013 Firefox Flicks 2013 - Get involved!] Get the inside scoop (Flicks goes mobile) + Get involved (Events, talks, marketing) Host: Tobias Leingruber, Brand Engagement<br />
<br />
19. [https://wiki.mozilla.org/MozCampEU2012/GraphicsContributions Platform Graphics Contribution] (low-barrier entry gecko/graphics contributions)<br />
<br />
20. [https://wiki.mozilla.org/MozCampEU2012/Take-part-in-the-Firefox-for-Android-story Help us build the Firefox for Android story]<br />
<br />
21. [https://wiki.mozilla.org/MozCampEU2012/Marketing-for-Fennec Marketing for Fennec]<br />
<br />
22. [https://wiki.mozilla.org/MozCampEU2012/bizdevmobiledesktopcommunity How the Community can help Business Development identify and engage with potential partners to grow Firefox Desktop and Mobile]<br />
<br />
23. [https://wiki.mozilla.org/MozCampEU2012/Tigerteam Firefox Desktop Tiger Team Community Marketing: How you can help Firefox grow in your market sessions]<br />
<br />
24. [https://wiki.mozilla.org/MozCampEU2012/WebRTC-demystified WebRTC Demystified: What is it & how can you help?]</div>Ananthttps://wiki.mozilla.org/index.php?title=MozCampEU/Schedule/Desktopandmobile&diff=455144MozCampEU/Schedule/Desktopandmobile2012-07-26T18:20:07Z<p>Anant: </p>
<hr />
<div>==Desktop and Mobile Track==<br />
<br />
List of Proposed Sessions:<br />
<br />
1. [[MozCampEU2012/Brainstorming:Firefox User Experience (UX) Feedback)|Brainstorming: User Experience (UX) Feedback ]]<br />
<br />
2. [[MozCampEU2012/Opening_Up_the_Mobile_Web_for_Firefox|Hands-on: Opening Up the Mobile Web for Firefox]]<br />
<br />
3. [[MozCampEU2012/Firefox Stability Programs|Firefox Stability Programs: How we use crash statistics, telemetry, and other measures to improve the stability of Firefox and 3rd-party software]]<br />
<br />
4. [[MozCampEU2012/Add-ons-Back-On-Top|Add-ons back on top! Get excited about upcoming UI changes in Firefox and how they will give add-on developers much more interesting ways to integrate with the Firefox UI]]<br />
<br />
5. [[MozCampEU2012/Firebug-tips-and-tricks|Firefox for Developers: Firebug Tips & Tricks]]<br />
<br />
6. [[MozCampEU2012/Pocket Sized Add-ons: Extension development for Firefox Mobile|Pocket Sized Add-ons: Extension development for Firefox Mobile]]<br />
<br />
7. [[MozCampEU2012/Release-Management|Here Come the Trains: Releasing Mozilla Products, Growing the Mozilla Community]] (could also fit under the other two tracks)<br />
<br />
8. [[MozCampEU2012/Security_and_Privacy_Roadmap|Security and Privacy Roadmap - and YOU!]]<br />
<br />
9. [[MozCampEU2012/FirefoxDesktop:WriteCode|Write code for Firefox]] (desktop, for super beginners, css/js/xml)<br />
<br />
10. [[MozCampEU2012/Firefox-for-Android-community-marketing-plan|Firefox for Android community marketing plan & updates]]<br />
<br />
11. [[MozCampEU2012/Schedule/Desktopandmobile/Build_and_Release|Mozilla Build and Release]]<br />
<br />
12. [[MozCampEU2012/Schedule/Desktopandmobile/Firefox-for-Android-support|Firefox for Android support]]<br />
<br />
13. [[MozCampEU2012/Schedule/Desktopandmobile/All-About-Performance|All About Performance]]<br />
<br />
14. [[MozCampEU2012/Schedule/Desktopandmobile/Firefox-L10n-Under-Rapid-Release|Firefox L10n Under Rapid Release]]<br />
<br />
15. [[MozCampEU2012/Schedule/Desktopandmobile/hands-on-profiling|Hands-on Profiling: Scratch Your Own Itch]]<br />
<br />
16. [[MozCampEU2012/FirefoxDesktop:IntroducingSocialAPI|Introducing the Social API]] (overview and workshop)<br />
<br />
17. [[MozCampEU2012/DesigningUsableSecurity|Designing Usable Security: Is it Secure if it's Unusable?]] (overview and workshop)<br />
<br />
18. [https://wiki.mozilla.org/MozCampEU2012/Firefox_Flicks_2013 Firefox Flicks 2013 - Get involved!] Get the inside scoop (Flicks goes mobile) + Get involved (Events, talks, marketing) Host: Tobias Leingruber, Brand Engagement<br />
<br />
19. [https://wiki.mozilla.org/MozCampEU2012/GraphicsContributions Platform Graphics Contribution] (low-barrier entry gecko/graphics contributions)<br />
<br />
20. [https://wiki.mozilla.org/MozCampEU2012/Take-part-in-the-Firefox-for-Android-story Help us build the Firefox for Android story]<br />
<br />
21. [https://wiki.mozilla.org/MozCampEU2012/Marketing-for-Fennec Marketing for Fennec]<br />
<br />
22. [https://wiki.mozilla.org/MozCampEU2012/bizdevmobiledesktopcommunity How the Community can help Business Development identify and engage with potential partners to grow Firefox Desktop and Mobile]<br />
<br />
23. [https://wiki.mozilla.org/MozCampEU2012/Tigerteam Firefox Desktop Tiger Team Community Marketing: How you can help Firefox grow in your market sessions]<br />
<br />
24. [https://wiki.mozilla.org/MozCampEU2012/WebRTC-demystified| WebRTC Demystified: What is it & how can you help?]</div>Ananthttps://wiki.mozilla.org/index.php?title=MozCampEU2012/WebRTC-demystified&diff=455141MozCampEU2012/WebRTC-demystified2012-07-26T18:16:56Z<p>Anant: </p>
<hr />
<div>'''Title of Session (should also be the title of your Wiki page)''': WebRTC Demystified: What is it & how can you help?<br />
<br />
'''Facilitator(s)''': Anant Narayanan<br />
<br />
'''Are you paid or volunteer staff?''': Paid<br />
<br />
'''Area of Contribution (Team Name)''': Labs<br />
<br />
'''How are you currently involved with the community?''': I'm an editor for the WebRTC specification on behalf of Mozilla at the W3C and work with the Mozilla media team on the Firefox implementation.<br />
<br />
'''Location of Work (where do you reside?)''': San Francisco<br />
<br />
'''Talk Length (please choose between 30, 60, 90, 120 minutes)''': 60<br />
<br />
'''Summary''': [[WebRTC]] (Web Real Time Communication) is an exciting new technology that will enable web developers to build interesting applications involving video and audio communications. This talk will give an overview of the various APIs that will be made available via JavaScript to access the local webcam & microphone, as well as APIs to create peer-to-peer channels to transmit audio, video and other arbritrary data. We will then delve into how the project is currently architectured, and how you can get involved!<br />
<br />
'''How your session furthers the MozCamp Goals (https://wiki.mozilla.org/MozCampEU2012/Tracks)''': Builds awareness and encourages contributors for a Mobile+Desktop Firefox feature.<br />
<br />
'''Expected Outcome or Deliverable''': Spread the word about WebRTC, encourage developers to contribute and build novel applications based on the technology.<br />
<br />
'''Desired Audience Type or Skill-set''': Basic understanding of JavaScript required, C++ hackers welcome. The first half of the talk should be interesting to everyone (there will be demos), the latter half will be focused on how the community can make technical contributions to the project.<br />
<br />
'''Equipment Needs (Video projector already included)''': N/A</div>Ananthttps://wiki.mozilla.org/index.php?title=MozCampEU2012/WebRTC-demystified&diff=455132MozCampEU2012/WebRTC-demystified2012-07-26T18:11:02Z<p>Anant: </p>
<hr />
<div>'''Title of Session (should also be the title of your Wiki page)''': WebRTC Demystified: What is it & how can you help?<br />
<br />
'''Facilitator(s)''': Anant Narayanan<br />
<br />
'''Are you paid or volunteer staff?''': Paid<br />
<br />
'''Area of Contribution (Team Name)''': Labs<br />
<br />
'''How are you currently involved with the community?''': I'm an editor for the WebRTC specification on behalf of Mozilla at the W3C and work with the Mozilla media team on the Firefox implementation.<br />
<br />
'''Location of Work (where do you reside?)''': San Francisco<br />
<br />
'''Talk Length (please choose between 30, 60, 90, 120 minutes)''': 60<br />
<br />
'''Summary''': WebRTC (Web Real Time Communication) is an exciting new technology that will enable web developers to build interesting applications involving video and audio communications. This talk will give an overview of the various APIs that will be made available via JavaScript to access the local webcam & microphone, as well as APIs to create peer-to-peer channels to transmit audio, video and other arbritrary data. We will then delve into how the project is currently architectured, and how you can get involved!<br />
<br />
'''How your session furthers the MozCamp Goals (https://wiki.mozilla.org/MozCampEU2012/Tracks)''': Builds awareness and encourages contributors for a Mobile+Desktop Firefox feature.<br />
<br />
'''Expected Outcome or Deliverable''': Spread the word about WebRTC, encourage developers to contribute and build novel applications based on the technology.<br />
<br />
'''Desired Audience Type or Skill-set''': Basic understanding of JavaScript required, C++ hackers welcome. The first half of the talk should be interesting to everyone (there will be demos), the latter half will be focused on how the community can make technical contributions to the project.<br />
<br />
'''Equipment Needs (Video projector already included)''': N/A</div>Ananthttps://wiki.mozilla.org/index.php?title=MozCampEU2012/WebRTC-demystified&diff=455129MozCampEU2012/WebRTC-demystified2012-07-26T18:09:34Z<p>Anant: Created page with "'''Title of Session (should also be the title of your Wiki page)''': WebRTC Demystified: What is it & how can you help? '''Facilitator(s)''': Anant Narayanan '''Are you paid or..."</p>
<hr />
<div>'''Title of Session (should also be the title of your Wiki page)''': WebRTC Demystified: What is it & how can you help?<br />
<br />
'''Facilitator(s)''': Anant Narayanan<br />
<br />
'''Are you paid or volunteer staff?''': Paid<br />
<br />
'''Area of Contribution (Team Name)''': Labs<br />
<br />
'''How are you currently involved with the community?''': I'm an editor for the WebRTC specification at the W3C and work with the media team on the implementation.<br />
<br />
'''Location of Work (where do you reside?)''': San Francisco<br />
<br />
'''Talk Length (please choose between 30, 60, 90, 120 minutes)''': 60<br />
<br />
'''Summary''': WebRTC (Web Real Time Communication) is an exciting new technology that will enable web developers to build interesting applications involving video and audio communications. This talk will give an overview of the various APIs that will be made available via JavaScript to access the local webcam & microphone, as well as APIs to create peer-to-peer channels to transmit audio, video and other arbritrary data. We will then delve into how the project is currently architectured, and how you can get involved!<br />
<br />
'''How your session furthers the MozCamp Goals (https://wiki.mozilla.org/MozCampEU2012/Tracks)''':<br />
<br />
'''Expected Outcome or Deliverable''': Spread the word about WebRTC, encourage developers to contribute and build novel applications based on the technology.<br />
<br />
'''Desired Audience Type or Skill-set''': Basic understanding of JavaScript required, C++ hackers welcome. The first half of the talk should be interesting to everyone (there will be demos), the latter half will be focused on how the community can make technical contributions to the project.<br />
<br />
'''Equipment Needs (Video projector already included)''': N/A</div>Ananthttps://wiki.mozilla.org/index.php?title=Apps/StatusMeetings/Engineering/2012-07-18&diff=451675Apps/StatusMeetings/Engineering/2012-07-182012-07-17T18:45:39Z<p>Anant: /* Agenda */</p>
<hr />
<div>= Details =<br />
<br />
* Time: Tuesday, 2012 July 3, 9:00 - 9:45am PT (16:00 - 16:45 UTC)<br />
* Backchannel:<br />
** irc.mozilla.org #openwebapps<br />
* Virtual Location:<br />
** [https://v.mozilla.com/flex.html?roomdirect.html&key=GSAT2ujy1RDw "Mozilla Apps" Vidyo room]<br />
* Physical Locations:<br />
** Mountain View: 4K - Kung Fu<br />
** San Francisco: 7N - Noise Pop<br />
* Audio-only Access:<br />
** +1-650-903-0800 or +1-650-215-1282, x92, conf#: 98652 (US/INTL)<br />
** +1-800-707-2533, pin: 369, conf#: 98652 (US toll free)<br />
<br />
= Agenda =<br />
<br />
* Significant Updates<br />
** Implementing security changes to the manifest, tracker bug 768862:<br />
*** Needs changes to be written up in the spec<br />
*** Needs enforcement in WebRTs across desktop, android and b2g<br />
*** Needs update to marketplace validator<br />
*** Affects current platform work<br />
* Questions and Concerns<br />
* Roundtable<br />
<br />
= Minutes =<br />
<br />
= Actions =</div>Ananthttps://wiki.mozilla.org/index.php?title=Apps/StatusMeetings/Engineering/2012-07-18&diff=451672Apps/StatusMeetings/Engineering/2012-07-182012-07-17T18:43:42Z<p>Anant: /* Agenda */</p>
<hr />
<div>= Details =<br />
<br />
* Time: Tuesday, 2012 July 3, 9:00 - 9:45am PT (16:00 - 16:45 UTC)<br />
* Backchannel:<br />
** irc.mozilla.org #openwebapps<br />
* Virtual Location:<br />
** [https://v.mozilla.com/flex.html?roomdirect.html&key=GSAT2ujy1RDw "Mozilla Apps" Vidyo room]<br />
* Physical Locations:<br />
** Mountain View: 4K - Kung Fu<br />
** San Francisco: 7N - Noise Pop<br />
* Audio-only Access:<br />
** +1-650-903-0800 or +1-650-215-1282, x92, conf#: 98652 (US/INTL)<br />
** +1-800-707-2533, pin: 369, conf#: 98652 (US toll free)<br />
<br />
= Agenda =<br />
<br />
* significant updates<br />
** implementing security changes to the manifest:<br />
*** needs changes to be written up in the spec<br />
*** needs enforcement in WebRTs across desktop, android and b2g<br />
*** needs update to marketplace validator<br />
*** affects current platform work<br />
* questions and concerns<br />
* roundtable<br />
<br />
= Minutes =<br />
<br />
= Actions =</div>Ananthttps://wiki.mozilla.org/index.php?title=WeeklyUpdates/2012-07-16&diff=451171WeeklyUpdates/2012-07-162012-07-16T17:38:48Z<p>Anant: /* Friends of the Tree Friends of the Tree */</p>
<hr />
<div><small>[[WeeklyUpdates/{{#time:Y-m-d|{{SUBPAGENAME}} -1 week}}|« previous week]] | [[WeeklyUpdates|index]] | [[WeeklyUpdates/{{#time:Y-m-d|{{SUBPAGENAME}} +1 week}}|next week »]]</small><br />
<br />
{{conf|8600}}<br />
<br />
__TOC__<br />
<br />
= All-hands Status Meeting Agenda =<br />
<br />
Items in this section will be shared during the live all-hand status meeting.<br />
<br />
== Friends of the Tree [[Image:Tree.gif|Friends of the Tree]] ==<br />
* The [https://wiki.mozilla.org/ContributorEngagement Contributor Engagement team] nominates the [http://mozilla-kenya.org Mozilla Kenya Community] for spreading the awesomeness of Mozilla in East Africa about 10,000 miles away from the Mozilla HQ in Mountain View, and especially [https://reps.mozilla.org/u/xelawafs Alex Wafula], [https://reps.mozilla.org/u/hezbucho/ Hezron Obuchele], [https://reps.mozilla.org/u/caargwings/ Cliff Argwings] and [https://reps.mozilla.org/u/vickyjr/ Viactor Karanja] for their MozTour in Rwanda. More infos [https://blog.mozilla.org/community/2012/07/16/spotlight-on-mozilla-kenya-moztour-rwanda/ here].<br />
* The [https://wiki.mozilla.org/Apps Apps] team nominates Gregory Szorc, Nick Desaulniers, Tracy Walker and Mike Connor for all the hard work over the weekend to land Apps in the Cloud in time for the Aurora merge.<br />
<br />
== Upcoming Events ==<br />
<br />
=== This Week ===<br />
<br />
=== Monday, {{#time:d F|{{SUBPAGENAME}}}} ===<br />
<br />
=== Tuesday, {{#time:d F|{{SUBPAGENAME}} +1 day}} ===<br />
<br />
=== Wednesday, {{#time:d F|{{SUBPAGENAME}} +2 days}} ===<br />
Startup Office Hours: run any questions about your startup project or idea by @pfinette or @dianeb on IRC > #webfwd from 11am - noon PST (7pm - 8pm UTC).<br />
<br />
=== Thursday, {{#time:d F|{{SUBPAGENAME}} +3 days}} ===<br />
* Security Review: [https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html?view=month&action=view&invId=110484-110483&pstat=AC&exInvId=110484-200798&useInstance=1&instStartTime=1342717200000&instDuration=3600000 navigator.pay]<br />
** {{bug|767818}}<br />
<br />
=== Friday, {{#time:d F|{{SUBPAGENAME}} +4 days}} ===<br />
<br />
=== Saturday, {{#time:d F|{{SUBPAGENAME}} +5 days}} ===<br />
<br />
<div class="h-event vevent"><br />
* <span class="dt-start dtstart">2012-07-21</span> <span class="p-summary summary">[http://cascadesf.com/ Innovators of the Web Conference]</span> at <span class="p-location location h-adr adr"><span class="p-locality locality">San Francisco</span>, <span class="p-region region">California</span>, <span class="p-country-name country-name">United States</span></span> with<br />
** <span class="p-attendee attendee h-card">[[User:Tantek|Tantek Çelik]]</span> - speaking on "[http://cascadesf.com/schedule/ HTML5 and microformats 2 – The Next Evolutionary Step For Web Data]"<br />
</div><br />
<br />
For more future events, see:<br />
* [[Events]]<br />
<br />
=== Next Week ===<br />
<br />
== Product Status Updates (voice updates) ==<br />
<br />
=== Firefox Desktop ===<br />
''Speaker Location:'' Mountain View (gavin)<br />
* Release day-eve! Firefox 14.0.1 (.0.1 to sync up with Mobile) is scheduled to be out the door tomorrow morning (Pacific time)<br />
* Merge day! mozilla-central will be Firefox 17 by end-of-day<br />
<br />
=== Firefox Mobile ===<br />
''Speaker Location:'' <br />
<br />
=== Thunderbird ===<br />
''Speaker Location:'' <br />
<br />
=== Older Branch Work ===<br />
''Speaker Location:'' <br />
<br />
=== Webmaker ===<br />
''Speaker Location:''<br />
<br />
=== Identity ===<br />
''Speaker Location:''<br />
<br />
=== Services ===<br />
''Speaker Location:''<br />
<br />
=== Firefox OS ===<br />
''Speaker Location:''<br />
<br />
== Speakers ==<br />
<br />
The limit is 3 minutes per speaker. It's like a lightning talk, but don't feel that you have to have slides in order to make a presentation.<br />
<br />
{| class="fullwidth-table"<br />
|-<br />
! Title<br />
! Presenter<br />
! Topic<br />
! Media<br />
! More Details<br />
|-<br />
| Your Title Here<br />
| Your Name Here<br />
| What are you going to talk about?<br />
| Links to slides or images you want displayed on screen<br />
| Link to where audience can find out more information<br />
|-<br />
|}<br />
<br />
== Introducing New Hires ==<br />
{| class="fullwidth-table"<br />
|-<br />
! New Hire<br />
! Introduced by<br />
! Speaker location<br />
! Will be working on<br />
|-<br />
| ''Who is the new hire?''<br />
| ''Who will be introducing that person?''<br />
| ''From which office will that introduction be transmitted?''<br />
| ''What will the new person be working on?''<br />
|-<br />
<!-- Insert new rows here --><br />
|-<br />
| ''Silvio Chiba''<br />
| ''Ron Piovesan''<br />
| ''Mountain View, CA''<br />
| ''Business Development Manager''<br />
|-<br />
| ''Holly Habstritt (pronounced hab + street)''<br />
| ''Chris More''<br />
| ''Mountain View, CA''<br />
| ''Information Architecture and UX design on Websites and Web Apps''<br />
|-<br />
| ''Jared Hirsch''<br />
| ''Ben Adida''<br />
| ''Mountain View, CA''<br />
| ''Software Engineer''<br />
|-<br />
| ''Edward Lim''<br />
| ''Justin Dow''<br />
| ''Corvallis, OR''<br />
| ''Systems Administrator''<br />
|-<br />
| ''Bram Pitoyo''<br />
| ''Bryan Clark''<br />
| ''New Zealand''<br />
| ''Web User Experience Designer''<br />
|-<br />
|}<br />
<br />
== Introducing New Interns ==<br />
{| class="fullwidth-table"<br />
|-<br />
! New Intern<br />
! Introduced by<br />
! Speaker location<br />
! Will be working on<br />
|-<br />
| ''Who is the new intern?''<br />
| ''Who will be introducing that person?''<br />
| ''From which office will that introduction be transmitted?''<br />
| ''What will the new person be working on?''<br />
|-<br />
<!-- Insert new rows here --><br />
|-<br />
|}<br />
<br />
== Roundtable ==<br />
<br />
= &lt;meta&gt; =<br />
<br />
Notes and non-voice status updates that aren't part of the live meeting go here.<br />
<br />
== Status Updates By Team (*non-voice* updates) ==<br />
<br />
=== Firefox ===<br />
<br />
=== Platform ===<br />
<br />
=== Services ===<br />
<br />
=== Messaging ===<br />
<br />
=== Mobile ===<br />
<br />
=== IT ===<br />
<br />
=== Release Engineering ===<br />
<br />
=== QA ===<br />
<br />
==== Test Execution ====<br />
<br />
==== WebQA ====<br />
*Affiliates<br />
** affiliates.mozilla.org - push to occur today for resolve [[bug 772882]]<br />
** [[Bug 772284]] Facebook app scheduled for QA on 2012-08-17 - rshetty will be unable to lead this<br />
*AMO<br />
*Marketplace<br />
*Mozillians<br />
** no releases scheduled<br />
** 2012-07-12 team meeting to discuss webdev's ability to provide resources for the project<br />
*MDN<br />
** continued work on testing Kuma migration<br />
*Socorro<br />
** Milestone 16 scheduled to ship on 2012-07-12 - https://wiki.mozilla.org/Socorro:Releases<br />
** Q3 goal of transitioning to a Django implementation - prep for Q4 goal of moving to continuous deployment<br />
*SUMO<br />
** Continuous deployment, no updates<br />
*MozTrap<br />
** v1.1 is up on stage, running a full test suite on it before pushing to prod<br />
** Automated tests are running & passing thanks to the team's hard work<br />
<br />
==== QA Community ====<br />
<br />
=== Automation & Tools ===<br />
<br />
=== Security ===<br />
<br />
=== Engagement ===<br />
<br />
==== PR ====<br />
<br />
==== Events ====<br />
<br />
==== Creative Team ====<br />
<br />
==== Community Marketing ====<br />
<br />
=== Support ===<br />
<br />
=== Metrics ===<br />
<br />
=== Evangelism ===<br />
<br />
=== Labs ===<br />
<br />
=== Apps ===<br />
<br />
=== Developer Tools ===<br />
<br />
=== Add-ons ===<br />
<br />
=== Webdev ===<br />
<br />
=== L10n ===<br />
<br />
=== People Team ===<br />
<br />
=== WebFWD ===<br />
<br />
== Foundation Updates ==</div>Ananthttps://wiki.mozilla.org/index.php?title=Media/WebRTC&diff=449940Media/WebRTC2012-07-11T23:04:23Z<p>Anant: /* Bug Tracking, Project Tracking */</p>
<hr />
<div>WebRTC is a free, open project that will bring peer-to-peer real-time audio, video and data to the web without plugins.<br />
<br />
Checkout the [http://www.webrtc.org/ WebRTC project page] set up by Google for more interesting links and details.<br />
<br />
== Meetings ==<br />
Regular team meetings will happen every Thursday at 10am Pacific time. They will move to Tuesday at 8:30am Pacific time starting on May 1, 2012.<br />
<br />
* We hold a Google Hangout (which may become a WebEx meeting if the number of people attending becomes much larger). <br />
**[mailto:mreavy@mozilla.com Maire Reavy] sends an invite out to regular participants shortly before the start of the meeting and then pastes the hangout URL into #media so that anyone hanging out in #media can join.<br />
* IRC: [irc://irc.mozilla.org/media #media]<br />
* Etherpad: [https://webrtc.etherpad.mozilla.org/weekly WebRTC] (copied to wiki after the meeting)<br />
<br />
== Meeting Notes and Progress Reports ==<br />
*[[Media/WebRTC/2012-04-19| Meeting Notes from Thu, Apr 19, 2012]]<br />
*[[Media/WebRTC/2012-04-26| Meeting Notes from Thu, Apr 26, 2012]]<br />
*[[Media/WebRTC/2012-05-01| Meeting Notes from Tue, May 1, 2012]]<br />
*[[Media/WebRTC/2012-05-08| Meeting Notes from Tue, May 8, 2012]]<br />
*[[Media/WebRTC/2012-05-15| Meeting Notes from Tue, May 15, 2012]]<br />
*[[Media/WebRTC/2012-05-25| Meeting Notes from Tue, May 25, 2012]]<br />
*[[Media/WebRTC/2012-05-31| Meeting Notes from Thu, May 31, 2012]]<br />
*[[Media/WebRTC/2012-06-05| Meeting Notes from Tue, June 5, 2012]]<br />
*[[Media/WebRTC/2012-06-19| Meeting Notes from Tue, June 19, 2012]]<br />
*[[Media/WebRTC/2012-06-26| Meeting Notes from Tue, June 26, 2012]]<br />
*[[Media/WebRTC/2012-07-03| Meeting Notes from Tue, July 3, 2012]]<br />
<br />
== Bug Tracking, Project Tracking ==<br />
Bug list coming soon.<br />
*[[Media/WebRTC/Architecture | Overview of Mozilla's WebRTC Architecture ]]<br />
*[[Platform/Features/WebRTC | WebRTC Feature Page]]<br />
*[[Media/getUserMedia | getUserMedia Implementation Plan]]<br />
*[https://bugzilla.mozilla.org/show_bug.cgi?id=webrtc WebRTC tracking bug: 665909]<br />
*[https://github.com/mozilla/webrtc/raw/master/planning/webrtc.pdf WebRTC's project map]</div>Ananthttps://wiki.mozilla.org/index.php?title=WeeklyUpdates/2012-06-04&diff=437329WeeklyUpdates/2012-06-042012-06-04T17:46:36Z<p>Anant: /* Friends of the Tree Friends of the Tree */</p>
<hr />
<div><small>[[WeeklyUpdates/{{#time:Y-m-d|{{SUBPAGENAME}} -1 week}}|« previous week]] | [[WeeklyUpdates|index]] | [[WeeklyUpdates/{{#time:Y-m-d|{{SUBPAGENAME}} +1 week}}|next week »]]</small><br />
<br />
{{conf|8600}}<br />
<br />
__TOC__<br />
<br />
= All-hands Status Meeting Agenda =<br />
<br />
Items in this section will be shared during the live all-hand status meeting.<br />
<br />
== Friends of the Tree [[Image:Tree.gif|Friends of the Tree]] ==<br />
* Anthony Hughes nominates Otilia Anica, Juan Becerra, Matt Brandt, Kevin Brosnan, Ioana Budnar, Tony Chung, Vlad Ghetiu, Naoki Hirata, and Mihaela Velimiroviciu for helping test Firefox 13 and 10.0.5esr release candidates over the weekend<br />
* Bill Walker nominates Gregory Szorc and Mike Connor for working through the weekend to help Anant Narayanan land Apps in the Cloud client code<br />
* Anant Narayanan nominates Johnny Stenbäck, Eric Rescorla, Maire Reavy, Randell Jesup and Fabrice Desré for staying up and working late hours over the weekend to land getUserMedia in time for Firefox 15<br />
<br />
== Upcoming Events ==<br />
<br />
=== This Week ===<br />
<br />
=== Monday, {{#time:d F|{{SUBPAGENAME}}}} ===<br />
*1300 PDT - [https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html?view=month&action=view&invId=130654-130653&pstat=AC&exInvId=130654-181939&useInstance=1&instStartTime=1338840000000&instDuration=3600000 SecReview: Web Telephony]<br />
* <b>Town Hall #1: meet potential new Mozilla Foundation board member, Cathy Davidson</b><br />
** June 4 @ 1630 PDT / 2330 UTC / June 5 @ 0830 JST<br />
** Chat w. Mitchell Baker and [http://en.wikipedia.org/wiki/Cathy_Davidson Cathy Davidson] (more on [https://wiki.mozilla.org/Board/CathyDavidson Cathy + Mozilla)]<br />
** <b>Dial-in: same as for this call</b><br />
*** Dial-in: conference #8600<br />
**** US/International: +1 650 903 0800 x92 Conf #8600<br />
**** US toll free: +1 800 707 2533 (pin 369) Conf #8600<br />
**** Canada: +1 416 848 3114 x92 Conf #8600<br />
*** http://air.mozilla.org/ to watch and listen<br />
*** join irc.mozilla.org #airmozilla for backchannel discussion<br />
<br />
=== Tuesday, {{#time:d F|{{SUBPAGENAME}} +1 day}} ===<br />
<br />
=== Wednesday, {{#time:d F|{{SUBPAGENAME}} +2 days}} ===<br />
June 6 @ 1800 CET / 1600 UTC / 1200 EDT<br />
* <b>Town Hall #2: meet potential new Mozilla Foundation board member, Cathy Davidson</b><br />
** Chat w. Mitchell Baker and [http://en.wikipedia.org/wiki/Cathy_Davidson Cathy Davidson] (more on [https://wiki.mozilla.org/Board/CathyDavidson Cathy + Mozilla)]<br />
** <b>Dial-in: same as for this call</b><br />
*** (see above)<br />
<br />
=== Thursday, {{#time:d F|{{SUBPAGENAME}} +3 days}} ===<br />
* <i>Tentative</i> BrownBag - [https://bugzilla.mozilla.org/show_bug.cgi?id=760815 Leading Change]<br />
<br />
=== Friday, {{#time:d F|{{SUBPAGENAME}} +4 days}} ===<br />
<br />
=== Next Week ===<br />
<br />
== Product Status Updates (voice updates) ==<br />
<br />
=== Firefox Desktop ===<br />
''Speaker Location:''<br />
<br />
=== Firefox Mobile ===<br />
''Speaker Location:'' <br />
<br />
=== Thunderbird ===<br />
''Speaker Location:'' <br />
<br />
=== Older Branch Work ===<br />
''Speaker Location:'' <br />
<br />
=== Mozilla Webmaker ===<br />
''Speaker Location:'' Matt in Toronto + Ben Simon in MV<br />
* <b>Mozilla Webmaker launched!</b> TOOLS + PROJECTS + EVENTS for making cool stuff on the web. <br />
** [http://blog.mozilla.org/blog/2012/05/22/introducing-mozilla-webmaker/ Mozilla blog post]<br />
** [http://bit.ly/NetwdV Press coverage]<br />
** [https://webmaker.org Web site] (major site update coming soon)<br />
* Kicking off with <b>Summer Code Party</b>: launches June 23 & 24, runs all summer long. Events around the world.<br />
** [https://webmaker.org/en-US/events/search/ Find an event]<br />
** [https://donate.mozilla.org/page/event/create/ Start your own event]<br />
** [https://donate.mozilla.org/page/s/Summer-Code-Volunteer-Support Volunteer]<br />
** [https://webmaker.org/en-US/events/about/summer_campaign/ Learn more]<br />
<br />
=== Identity ===<br />
''Speaker Location:''<br />
<br />
=== Services ===<br />
''Speaker Location:''<br />
<br />
=== Boot2Gecko ===<br />
''Speaker Location:''<br />
<br />
Participate and follow along: All the links you need to know are in the [https://etherpad.mozilla.org/b2g-bootstrap B2G Bootstrap document].<br />
<br />
'''Summary'''<br />
* [[WebAPI|WebAPI]]: Big push for the platform API deadline. Some big pieces still not landed, and lots of patches in review, but not landed. Expect another two weeks of heavy development of platform APIs. Major bug cleanup in all platform areas related to final phone requirements, and application of the new blocking-basecamp flag. Porting work is ongoing to support the device that'll ship.<br />
* [[Gaia|Gaia Apps]]: Tabs and Awesomescreen landed in the browser. Can import contacts from sim card. More music player functionality. Communication apps coming together with TF designs and devs. Movement to re-orient everyone to final screen size and resolution (desktop options, default theme change). Gaia try-server set up via pull-request on Github, for easy testing of UI patches.<br />
* UX/Design: Final wireframes are in for most core apps. A draft of system design patterns is now available ([https://wiki.mozilla.org/images/e/e7/Gaia_Patterns_20120525_V1.0.pdf PDF]).<br />
<br />
'''Other Updates'''<br />
* Builds: Automated builds chugging along for all supported phones/platforms. Focus now on b2g-desktop builds for easy desktop dev and testing.<br />
* Testing: Gaia try-server via Github pull requests. Work ongoing to get xpcshell testing available.<br />
* QA: Weekly build certification process is now in place, and reports being sent to both dev lists.<br />
* L10n: UX spec incoming. Gaia devs and L10n group working together on system/API that meets Gaia needs while leveraging the existing processes/teams in L10n.<br />
* Security/Privacy: Security reviews ongoing. Completed: Settings, sensors, web activities, browser, usb, tcpsocket.<br />
* Software Updates: Nothing new.<br />
* Crash reporting: Nothing new.<br />
* Support: User support draft from Michelle, they're working with TF now.<br />
* PM: Triage is now weekly. Both status meetings re-oriented around projects instead of people, to better highlight progress and gaps.<br />
<br />
== Speakers ==<br />
<br />
The limit is 3 minutes per speaker. It's like a lightning talk, but don't feel that you have to have slides in order to make a presentation.<br />
<br />
{| class="fullwidth-table"<br />
|-<br />
! Title<br />
! Presenter<br />
! Topic<br />
! Media<br />
! More Details<br />
|-<br />
| Collusion, Now With Site-Blocking<br />
| Jono<br />
| Getting close to a Collusion 1.0 release which will have the ability to block sites and many other features too. I'm looking for feedback and also looking for anyone interested in contributing to Collusion development.<br />
| I'll hook up my laptop to demo<br />
| https://addons.mozilla.org/en-US/firefox/addon/collusion/<br />
|-<br />
| Mobile Web Compatibility<br />
| Lawrence Mandel<br />
| Mobile Web Compatibility effort for Fennec and B2G<br />
| [http://lmandel.github.com/mobilewebcompatpres slides]<br />
| [[Mobile/Evangelism | https://wiki.mozilla.org/Mobile/Evangelism]]<br />
|-<br />
|}<br />
<br />
== Introducing New Hires ==<br />
{| class="fullwidth-table"<br />
|-<br />
! New Hire<br />
! Introduced by<br />
! Speaker location<br />
! Will be working on<br />
|-<br />
| ''Who is the new hire?''<br />
| ''Who will be introducing that person?''<br />
| ''From which office will that introduction be transmitted?''<br />
| ''What will the new person be working on?''<br />
|-<br />
<!-- Insert new rows here --><br />
|-<br />
| Greg Cox<br />
| Brian Hourigan<br />
| Mountain View<br />
| IT/Ops (Storage & Virtualization)<br />
|-<br />
|-<br />
| Michael Treese<br />
| Sheila Mooney<br />
| Mountain View<br />
| Program/Project Management - B2G<br />
|-<br />
| Andrew Halberstadt<br />
| Clint Talbert<br />
| Mountain View/Toronto<br />
| Automation & Tools<br />
|-<br />
| Paxton Cooper<br />
| David Slater<br />
| Mountain View<br />
| Product Management<br />
|-<br />
| Eugene Wood<br />
| Jeff Vier<br />
| Mountain View<br />
| Mozilla Services, Operations<br />
|-<br />
| Chen William <br />
| Johnny Stenback <br />
| Toronto<br />
| Platform Engineer<br />
|-<br />
| Christopher McDonald<br />
| Wil Clouser<br />
| Remote<br />
| Web Developer<br />
|- <br />
| Peter Ratcliffe<br />
| Phong Tran<br />
| Mountain View<br />
| Site Reliability Engineer<br />
|-<br />
| Jonathan Coppeard<br />
| David Mandelin<br />
| Remote<br />
| Software Engineer<br />
|-<br />
<br />
|}<br />
<br />
== Introducing New Interns ==<br />
{| class="fullwidth-table"<br />
|-<br />
! New Intern<br />
! Introduced by<br />
! Speaker location<br />
! Will be working on<br />
|-<br />
| Wilson Guaraca<br />
| Jaclyn Fu<br />
| San Francisco<br />
| Engagement<br />
|-<br />
| Diyang Tang<br />
| Gilbert Fitzgerald<br />
| MTV/San Francisco<br />
| Metrics<br />
|-<br />
| Joseph Kelly<br />
| Gilbert Fitzgerald<br />
| MTV/San Francisco<br />
| Metrics<br />
|-<br />
| Chris Lee<br />
| Alex Limi<br />
| MTV/San Francisco<br />
| UX<br />
|-<br />
| Sam Liu<br />
| Clint Talbert<br />
| Mountain View<br />
| Tools and Automation<br />
|-<br />
| Alex Crichton<br />
| Dave Mandelin<br />
| Mountain View<br />
| Platform<br />
|-<br />
| Brian Groudan<br />
| Mary Trombley or Diane Loviglio<br />
| Mountain View<br />
| User Research<br />
|-<br />
| Matthew Fuller<br />
| Eric Parker<br />
| Mountain View<br />
| Web Security<br />
|-<br />
| Xiaowei Li<br />
| Eric Parker<br />
| Mountain View<br />
| Security Reseach<br />
|-<br />
| Sawyer Hollenshead<br />
| Mike Morgan<br />
| Mountain View<br />
| UX<br />
|-<br />
| Timothy Mickel<br />
| Mike Morgan<br />
| Mountain View<br />
| Web Dev<br />
|-<br />
| Nathan Malkin<br />
| Ben Adida<br />
| Mountain View<br />
| Labs<br />
|-<br />
| Nicholas Desaulniers<br />
| Ed Lee <br />
| Mountain View<br />
| Labs<br />
|-<br />
| Benjamin Blum<br />
| Dave Herman<br />
| Mountain View<br />
| Research<br />
|-<br />
| Jonathan Wilde<br />
| Frank Yan<br />
| Mountain View<br />
| FFX<br />
|-<br />
|}<br />
<br />
== Roundtable ==<br />
<br />
= &lt;meta&gt; =<br />
<br />
Notes and non-voice status updates that aren't part of the live meeting go here.<br />
<br />
== Status Updates By Team (*non-voice* updates) ==<br />
<br />
=== IT ===<br />
* <b>IPv6</b> <br />
** Helping measure percentage of participating websites currently reachable over IPv6 from the US (ASN53371) ~ http://www.worldipv6launch.org/measurements/<br />
* [http://sheeri.com/ Sheeri Cabral], MySQL DBA, spoke at Harmony Finland, about MySQL Security and Optimizing MySQL JOINs and Subqueries ~ http://www.ougf.fi/<br />
<br />
=== Firefox ===<br />
<br />
=== Platform ===<br />
<br />
=== Services ===<br />
<br />
=== Messaging ===<br />
<br />
=== Mobile ===<br />
<br />
=== Release Engineering ===<br />
<br />
=== QA ===<br />
<br />
==== Test Execution ====<br />
<br />
==== WebQA ====<br />
*Mozilla.com<br />
** pushed a release last Thursday<br />
*Mozillians<br />
** The TaskBoard has been de-prioritized as a goal for this quarter<br />
** The Phonebook: Basecamp goals<br />
*** allow users to add geographic location data to their profiles<br />
*** enhanced search/filter capabilities: Group, Skill, and Location<br />
*** an API for the Phonebook<br />
*** the tree is open for commits - the 06-06-2012 train leaves this morning<br />
*MDN<br />
** pushed on [http://scrumbu.gs/projects/mdn/ last Tuesday]<br />
*Socorro<br />
** [upcoming] June 11th Stability Workweek - wkwk agenda - https://etherpad.mozilla.org/StabilityWorkWeek<br />
** [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced;target_milestone=10;product=Socorro;list_id=3242150 Milestone 10] and [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced;target_milestone=10;product=Socorro;list_id=3242158 milestone 10.1] released last week<br />
** [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced;target_milestone=11;product=Socorro;list_id=3242158 Milestone 11] released yesterday<br />
*MozTrap<br />
** Still working on the WebDriver migration; hope to be finished soon<br />
<br />
==== QA Community ====<br />
<br />
=== Automation & Tools ===<br />
<br />
=== Security ===<br />
<br />
=== Engagement ===<br />
<br />
==== PR ====<br />
<br />
==== Events ====<br />
<br />
==== Creative Team ====<br />
<br />
==== Community Marketing ====<br />
<br />
=== Support ===<br />
<br />
=== Metrics ===<br />
<br />
=== Evangelism ===<br />
<br />
=== Labs ===<br />
<br />
=== Apps ===<br />
<br />
=== Developer Tools ===<br />
<br />
=== Add-ons ===<br />
<br />
=== Webdev ===<br />
<br />
=== L10n ===<br />
<br />
=== People Team ===<br />
<br />
=== WebFWD ===<br />
<br />
== Foundation Updates ==</div>Ananthttps://wiki.mozilla.org/index.php?title=WeeklyUpdates/2012-06-04&diff=437327WeeklyUpdates/2012-06-042012-06-04T17:45:46Z<p>Anant: /* Friends of the Tree Friends of the Tree */</p>
<hr />
<div><small>[[WeeklyUpdates/{{#time:Y-m-d|{{SUBPAGENAME}} -1 week}}|« previous week]] | [[WeeklyUpdates|index]] | [[WeeklyUpdates/{{#time:Y-m-d|{{SUBPAGENAME}} +1 week}}|next week »]]</small><br />
<br />
{{conf|8600}}<br />
<br />
__TOC__<br />
<br />
= All-hands Status Meeting Agenda =<br />
<br />
Items in this section will be shared during the live all-hand status meeting.<br />
<br />
== Friends of the Tree [[Image:Tree.gif|Friends of the Tree]] ==<br />
* Anthony Hughes nominates Otilia Anica, Juan Becerra, Matt Brandt, Kevin Brosnan, Ioana Budnar, Tony Chung, Vlad Ghetiu, Naoki Hirata, and Mihaela Velimiroviciu for helping test Firefox 13 and 10.0.5esr release candidates over the weekend<br />
* Bill Walker nominates Gregory Szorc and Mike Connor for working through the weekend to help Anant Narayanan land Apps in the Cloud client code<br />
* Anant Narayanan nominates Johnny Stenbäck, Maire Reavy, Randell Jesup and Fabrice Desré for staying up and working late hours over the weekend to land getUserMedia in time for Firefox 15<br />
<br />
== Upcoming Events ==<br />
<br />
=== This Week ===<br />
<br />
=== Monday, {{#time:d F|{{SUBPAGENAME}}}} ===<br />
*1300 PDT - [https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html?view=month&action=view&invId=130654-130653&pstat=AC&exInvId=130654-181939&useInstance=1&instStartTime=1338840000000&instDuration=3600000 SecReview: Web Telephony]<br />
* <b>Town Hall #1: meet potential new Mozilla Foundation board member, Cathy Davidson</b><br />
** June 4 @ 1630 PDT / 2330 UTC / June 5 @ 0830 JST<br />
** Chat w. Mitchell Baker and [http://en.wikipedia.org/wiki/Cathy_Davidson Cathy Davidson] (more on [https://wiki.mozilla.org/Board/CathyDavidson Cathy + Mozilla)]<br />
** <b>Dial-in: same as for this call</b><br />
*** Dial-in: conference #8600<br />
**** US/International: +1 650 903 0800 x92 Conf #8600<br />
**** US toll free: +1 800 707 2533 (pin 369) Conf #8600<br />
**** Canada: +1 416 848 3114 x92 Conf #8600<br />
*** http://air.mozilla.org/ to watch and listen<br />
*** join irc.mozilla.org #airmozilla for backchannel discussion<br />
<br />
=== Tuesday, {{#time:d F|{{SUBPAGENAME}} +1 day}} ===<br />
<br />
=== Wednesday, {{#time:d F|{{SUBPAGENAME}} +2 days}} ===<br />
June 6 @ 1800 CET / 1600 UTC / 1200 EDT<br />
* <b>Town Hall #2: meet potential new Mozilla Foundation board member, Cathy Davidson</b><br />
** Chat w. Mitchell Baker and [http://en.wikipedia.org/wiki/Cathy_Davidson Cathy Davidson] (more on [https://wiki.mozilla.org/Board/CathyDavidson Cathy + Mozilla)]<br />
** <b>Dial-in: same as for this call</b><br />
*** (see above)<br />
<br />
=== Thursday, {{#time:d F|{{SUBPAGENAME}} +3 days}} ===<br />
* <i>Tentative</i> BrownBag - [https://bugzilla.mozilla.org/show_bug.cgi?id=760815 Leading Change]<br />
<br />
=== Friday, {{#time:d F|{{SUBPAGENAME}} +4 days}} ===<br />
<br />
=== Next Week ===<br />
<br />
== Product Status Updates (voice updates) ==<br />
<br />
=== Firefox Desktop ===<br />
''Speaker Location:''<br />
<br />
=== Firefox Mobile ===<br />
''Speaker Location:'' <br />
<br />
=== Thunderbird ===<br />
''Speaker Location:'' <br />
<br />
=== Older Branch Work ===<br />
''Speaker Location:'' <br />
<br />
=== Mozilla Webmaker ===<br />
''Speaker Location:'' Matt in Toronto + Ben Simon in MV<br />
* <b>Mozilla Webmaker launched!</b> TOOLS + PROJECTS + EVENTS for making cool stuff on the web. <br />
** [http://blog.mozilla.org/blog/2012/05/22/introducing-mozilla-webmaker/ Mozilla blog post]<br />
** [http://bit.ly/NetwdV Press coverage]<br />
** [https://webmaker.org Web site] (major site update coming soon)<br />
* Kicking off with <b>Summer Code Party</b>: launches June 23 & 24, runs all summer long. Events around the world.<br />
** [https://webmaker.org/en-US/events/search/ Find an event]<br />
** [https://donate.mozilla.org/page/event/create/ Start your own event]<br />
** [https://donate.mozilla.org/page/s/Summer-Code-Volunteer-Support Volunteer]<br />
** [https://webmaker.org/en-US/events/about/summer_campaign/ Learn more]<br />
<br />
=== Identity ===<br />
''Speaker Location:''<br />
<br />
=== Services ===<br />
''Speaker Location:''<br />
<br />
=== Boot2Gecko ===<br />
''Speaker Location:''<br />
<br />
Participate and follow along: All the links you need to know are in the [https://etherpad.mozilla.org/b2g-bootstrap B2G Bootstrap document].<br />
<br />
'''Summary'''<br />
* [[WebAPI|WebAPI]]: Big push for the platform API deadline. Some big pieces still not landed, and lots of patches in review, but not landed. Expect another two weeks of heavy development of platform APIs. Major bug cleanup in all platform areas related to final phone requirements, and application of the new blocking-basecamp flag. Porting work is ongoing to support the device that'll ship.<br />
* [[Gaia|Gaia Apps]]: Tabs and Awesomescreen landed in the browser. Can import contacts from sim card. More music player functionality. Communication apps coming together with TF designs and devs. Movement to re-orient everyone to final screen size and resolution (desktop options, default theme change). Gaia try-server set up via pull-request on Github, for easy testing of UI patches.<br />
* UX/Design: Final wireframes are in for most core apps. A draft of system design patterns is now available ([https://wiki.mozilla.org/images/e/e7/Gaia_Patterns_20120525_V1.0.pdf PDF]).<br />
<br />
'''Other Updates'''<br />
* Builds: Automated builds chugging along for all supported phones/platforms. Focus now on b2g-desktop builds for easy desktop dev and testing.<br />
* Testing: Gaia try-server via Github pull requests. Work ongoing to get xpcshell testing available.<br />
* QA: Weekly build certification process is now in place, and reports being sent to both dev lists.<br />
* L10n: UX spec incoming. Gaia devs and L10n group working together on system/API that meets Gaia needs while leveraging the existing processes/teams in L10n.<br />
* Security/Privacy: Security reviews ongoing. Completed: Settings, sensors, web activities, browser, usb, tcpsocket.<br />
* Software Updates: Nothing new.<br />
* Crash reporting: Nothing new.<br />
* Support: User support draft from Michelle, they're working with TF now.<br />
* PM: Triage is now weekly. Both status meetings re-oriented around projects instead of people, to better highlight progress and gaps.<br />
<br />
== Speakers ==<br />
<br />
The limit is 3 minutes per speaker. It's like a lightning talk, but don't feel that you have to have slides in order to make a presentation.<br />
<br />
{| class="fullwidth-table"<br />
|-<br />
! Title<br />
! Presenter<br />
! Topic<br />
! Media<br />
! More Details<br />
|-<br />
| Collusion, Now With Site-Blocking<br />
| Jono<br />
| Getting close to a Collusion 1.0 release which will have the ability to block sites and many other features too. I'm looking for feedback and also looking for anyone interested in contributing to Collusion development.<br />
| I'll hook up my laptop to demo<br />
| https://addons.mozilla.org/en-US/firefox/addon/collusion/<br />
|-<br />
| Mobile Web Compatibility<br />
| Lawrence Mandel<br />
| Mobile Web Compatibility effort for Fennec and B2G<br />
| [http://lmandel.github.com/mobilewebcompatpres slides]<br />
| [[Mobile/Evangelism | https://wiki.mozilla.org/Mobile/Evangelism]]<br />
|-<br />
|}<br />
<br />
== Introducing New Hires ==<br />
{| class="fullwidth-table"<br />
|-<br />
! New Hire<br />
! Introduced by<br />
! Speaker location<br />
! Will be working on<br />
|-<br />
| ''Who is the new hire?''<br />
| ''Who will be introducing that person?''<br />
| ''From which office will that introduction be transmitted?''<br />
| ''What will the new person be working on?''<br />
|-<br />
<!-- Insert new rows here --><br />
|-<br />
| Greg Cox<br />
| Brian Hourigan<br />
| Mountain View<br />
| IT/Ops (Storage & Virtualization)<br />
|-<br />
|-<br />
| Michael Treese<br />
| Sheila Mooney<br />
| Mountain View<br />
| Program/Project Management - B2G<br />
|-<br />
| Andrew Halberstadt<br />
| Clint Talbert<br />
| Mountain View/Toronto<br />
| Automation & Tools<br />
|-<br />
| Paxton Cooper<br />
| David Slater<br />
| Mountain View<br />
| Product Management<br />
|-<br />
| Eugene Wood<br />
| Jeff Vier<br />
| Mountain View<br />
| Mozilla Services, Operations<br />
|-<br />
| Chen William <br />
| Johnny Stenback <br />
| Toronto<br />
| Platform Engineer<br />
|-<br />
| Christopher McDonald<br />
| Wil Clouser<br />
| Remote<br />
| Web Developer<br />
|- <br />
| Peter Ratcliffe<br />
| Phong Tran<br />
| Mountain View<br />
| Site Reliability Engineer<br />
|-<br />
| Jonathan Coppeard<br />
| David Mandelin<br />
| Remote<br />
| Software Engineer<br />
|-<br />
<br />
|}<br />
<br />
== Introducing New Interns ==<br />
{| class="fullwidth-table"<br />
|-<br />
! New Intern<br />
! Introduced by<br />
! Speaker location<br />
! Will be working on<br />
|-<br />
| Wilson Guaraca<br />
| Jaclyn Fu<br />
| San Francisco<br />
| Engagement<br />
|-<br />
| Diyang Tang<br />
| Gilbert Fitzgerald<br />
| MTV/San Francisco<br />
| Metrics<br />
|-<br />
| Joseph Kelly<br />
| Gilbert Fitzgerald<br />
| MTV/San Francisco<br />
| Metrics<br />
|-<br />
| Chris Lee<br />
| Alex Limi<br />
| MTV/San Francisco<br />
| UX<br />
|-<br />
| Sam Liu<br />
| Clint Talbert<br />
| Mountain View<br />
| Tools and Automation<br />
|-<br />
| Alex Crichton<br />
| Dave Mandelin<br />
| Mountain View<br />
| Platform<br />
|-<br />
| Brian Groudan<br />
| Mary Trombley or Diane Loviglio<br />
| Mountain View<br />
| User Research<br />
|-<br />
| Matthew Fuller<br />
| Eric Parker<br />
| Mountain View<br />
| Web Security<br />
|-<br />
| Xiaowei Li<br />
| Eric Parker<br />
| Mountain View<br />
| Security Reseach<br />
|-<br />
| Sawyer Hollenshead<br />
| Mike Morgan<br />
| Mountain View<br />
| UX<br />
|-<br />
| Timothy Mickel<br />
| Mike Morgan<br />
| Mountain View<br />
| Web Dev<br />
|-<br />
| Nathan Malkin<br />
| Ben Adida<br />
| Mountain View<br />
| Labs<br />
|-<br />
| Nicholas Desaulniers<br />
| Ed Lee <br />
| Mountain View<br />
| Labs<br />
|-<br />
| Benjamin Blum<br />
| Dave Herman<br />
| Mountain View<br />
| Research<br />
|-<br />
| Jonathan Wilde<br />
| Frank Yan<br />
| Mountain View<br />
| FFX<br />
|-<br />
|}<br />
<br />
== Roundtable ==<br />
<br />
= &lt;meta&gt; =<br />
<br />
Notes and non-voice status updates that aren't part of the live meeting go here.<br />
<br />
== Status Updates By Team (*non-voice* updates) ==<br />
<br />
=== IT ===<br />
* <b>IPv6</b> <br />
** Helping measure percentage of participating websites currently reachable over IPv6 from the US (ASN53371) ~ http://www.worldipv6launch.org/measurements/<br />
* [http://sheeri.com/ Sheeri Cabral], MySQL DBA, spoke at Harmony Finland, about MySQL Security and Optimizing MySQL JOINs and Subqueries ~ http://www.ougf.fi/<br />
<br />
=== Firefox ===<br />
<br />
=== Platform ===<br />
<br />
=== Services ===<br />
<br />
=== Messaging ===<br />
<br />
=== Mobile ===<br />
<br />
=== Release Engineering ===<br />
<br />
=== QA ===<br />
<br />
==== Test Execution ====<br />
<br />
==== WebQA ====<br />
*Mozilla.com<br />
** pushed a release last Thursday<br />
*Mozillians<br />
** The TaskBoard has been de-prioritized as a goal for this quarter<br />
** The Phonebook: Basecamp goals<br />
*** allow users to add geographic location data to their profiles<br />
*** enhanced search/filter capabilities: Group, Skill, and Location<br />
*** an API for the Phonebook<br />
*** the tree is open for commits - the 06-06-2012 train leaves this morning<br />
*MDN<br />
** pushed on [http://scrumbu.gs/projects/mdn/ last Tuesday]<br />
*Socorro<br />
** [upcoming] June 11th Stability Workweek - wkwk agenda - https://etherpad.mozilla.org/StabilityWorkWeek<br />
** [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced;target_milestone=10;product=Socorro;list_id=3242150 Milestone 10] and [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced;target_milestone=10;product=Socorro;list_id=3242158 milestone 10.1] released last week<br />
** [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced;target_milestone=11;product=Socorro;list_id=3242158 Milestone 11] released yesterday<br />
*MozTrap<br />
** Still working on the WebDriver migration; hope to be finished soon<br />
<br />
==== QA Community ====<br />
<br />
=== Automation & Tools ===<br />
<br />
=== Security ===<br />
<br />
=== Engagement ===<br />
<br />
==== PR ====<br />
<br />
==== Events ====<br />
<br />
==== Creative Team ====<br />
<br />
==== Community Marketing ====<br />
<br />
=== Support ===<br />
<br />
=== Metrics ===<br />
<br />
=== Evangelism ===<br />
<br />
=== Labs ===<br />
<br />
=== Apps ===<br />
<br />
=== Developer Tools ===<br />
<br />
=== Add-ons ===<br />
<br />
=== Webdev ===<br />
<br />
=== L10n ===<br />
<br />
=== People Team ===<br />
<br />
=== WebFWD ===<br />
<br />
== Foundation Updates ==</div>Ananthttps://wiki.mozilla.org/index.php?title=Apps/StatusMeetings/Engineering/2012-05-22&diff=433304Apps/StatusMeetings/Engineering/2012-05-222012-05-22T16:26:14Z<p>Anant: /* Agenda */</p>
<hr />
<div>= Details =<br />
<br />
* Time: Tuesday, 2012 May 22, 9:00 - 9:45am PT (16:00 - 16:45 UTC)<br />
* Backchannel:<br />
** irc.mozilla.org #openwebapps<br />
* Virtual Location:<br />
** [https://v.mozilla.com/flex.html?roomdirect.html&key=GSAT2ujy1RDw "Mozilla Apps" Vidyo room]<br />
* Physical Locations:<br />
** Mountain View: 4K - Kung Fu<br />
** San Francisco: 7N - Noise Pop<br />
* Audio-only Access:<br />
** +1-650-903-0800 or +1-650-215-1282, x92, conf#: 98652 (US/INTL)<br />
** +1-800-707-2533, pin: 369, conf#: 98652 (US toll free)<br />
<br />
= Agenda =<br />
<br />
* significant changes/updates<br />
** Webapps for Firefox 15 is {{risk|}}<br />
** jsmith: Google Mobile Web Compatibility - Starting to Get Traction in Partner Communication!<br />
*** If you've got complaints with mobile google apps running on gecko, let us know!<br />
* questions and concerns<br />
** myk: a [[Apps/Status|lot of stuff]] is {{risk|}}; how do we get it back {{ok|}} so we can get it {{done|}}?<br />
** jsmith: What's the current story with B2G support for open web apps?<br />
** jsmith: How do I get my apps to come up on persona-dev.mozillalabs.com/apps?<br />
*** They don't appear to be coming up for me - Is this expected?<br />
** jsmith: Localization review for the desktop web runtime - Worth looking into?<br />
*** Seen a bunch of bugs coming up related to manifest sanitization - affects localization<br />
** jsmith: Where are we tracking AITC documentation for the Apps team outside of [https://wiki.mozilla.org/Apps/AITC AITC]?<br />
*** Looking to know where to put test plans for the AITC-related features<br />
**** Simple test plan: https://etherpad.mozilla.org/aitc-manual-testing<br />
** jsmith: Is Phase 1 of fennec native web apps still for chromefull web apps or has that changed?<br />
*** Can the chromefull and chromeless implementations be separate releases?<br />
*** Is there a compelling reason to go in one direction or the other (separating vs. going for chromeless first)?<br />
** jsmith: Would syncing up with crashkill folks (e.g. Kairo) be helpful for getting quicker traction on breakpad and socorro integration for the web runtime?<br />
** jsmith: What implementation is acceptable for supporting offline mode in firefox 15 - [https://bugzilla.mozilla.org/show_bug.cgi?id=749029 bug 749029]?<br />
** jsmith: Could we get performance telemetry hooked up for the web runtime - specifically with start-up time for launch application?<br />
*** Concerned about [https://bugzilla.mozilla.org/show_bug.cgi?id=753925 bug 753925] - Wondering how many users will be affected by it<br />
* roundtable<br />
** jsmith: Linux contributor outreach for desktop web apps - Advertising & Approach<br />
<br />
= Minutes =<br />
<br />
= Actions =</div>Ananthttps://wiki.mozilla.org/index.php?title=Apps/StatusMeetings/Engineering/2012-05-15&diff=430805Apps/StatusMeetings/Engineering/2012-05-152012-05-15T00:11:13Z<p>Anant: /* Agenda */</p>
<hr />
<div>= Details =<br />
<br />
* Time: Tuesday, 2012 May 15, 9:00 - 9:45am PT (16:00 - 16:45 UTC)<br />
* Backchannel:<br />
** irc.mozilla.org #openwebapps<br />
* Virtual Location:<br />
** [https://v.mozilla.com/flex.html?roomdirect.html&key=GSAT2ujy1RDw "Mozilla Apps" Vidyo room]<br />
* Physical Locations:<br />
** Mountain View: 4K - Kung Fu<br />
** San Francisco: 7N - Noise Pop<br />
* Audio-only Access:<br />
** +1-650-903-0800 or +1-650-215-1282, x92, conf#: 98652 (US/INTL)<br />
** +1-800-707-2533, pin: 369, conf#: 98652 (US toll free)<br />
<br />
= Agenda =<br />
<br />
* significant changes/updates<br />
* questions and concerns<br />
** myk: what is the "same origin policy" in the latest version of the [[Apps/Security|Apps Security model]]?<br />
** anant: related to the above, what was the consensus in Jonas' thread on "One app per origin"? How can we go about allowing more than one app per origin?<br />
* roundtable<br />
<br />
= Attendees =<br />
<br />
= Minutes =<br />
<br />
= Actions =</div>Ananthttps://wiki.mozilla.org/index.php?title=ReleaseEngineering/DisposableProjectRepositories&diff=428783ReleaseEngineering/DisposableProjectRepositories2012-05-08T21:28:24Z<p>Anant: /* BOOKING SCHEDULE */</p>
<hr />
<div>== What is a disposable project branch? ==<br />
These are project branches that can be cloned fresh from any mozilla-central based repo with the full gamut of tests enabled. No l10n or<br />
nightlies for now. Similar to [[ReleaseEngineering/TryServer|TryServer]] but for longer, and just for '''you'''. Unlike Try, the commit level on these branches is '''level_2 (and above) contributors only''' so please bear that in mind.<br />
<br />
===Do you need a disposable branch?===<br />
Ask yourself the following:<br />
<br />
'''Does your project have an end date?'''<br />
<br />
If your answer is '''No''' then you should follow the process at [https://wiki.mozilla.org/ReleaseEngineering:ProjectBranchPlanning Project Branch Planning]<br />
<br />
<br />
If your project is a temporary feature sprint that needs its own rapid test coverage but will eventually be merged into mozilla-central and no longer be on its own by all means, please go ahead and <br />
<br />
===Book one of our fabulous "disposable" project branches===<br />
<br />
* Sign up below in the [https://wiki.mozilla.org/DisposableProjectBranches#BOOKING_SCHEDULE BOOKING SCHEDULE]<br />
* Make a [https://bugzilla.mozilla.org/enter_bug.cgi?product=mozilla.org&component=Server%20Operations&short_desc=Requesting%20twig%20repo%20{booked_repo}%20be%20reset&comment=Please%20run%20the%20{script_name}%20and%20reset%20{booked_repo}%20to%20{url} request] to IT to reset the repo for you as a clone from your own project repo (or default mozilla-central:tip). '''Copy the script below into bug request, replacing the REPO_PATH and TWIG with your repo and booked branch'''.<br />
<pre><br />
export REPO_PATH=[path to your repo] # eg: users/lsblakk_mozilla.com/staging<br />
export TWIG=[alder|birch|cedar|holly|larch|maple] # whichever twig you booked<br />
<br />
cd /repo/hg/scripts/<br />
./reset_pp_repo.sh -s /repo/hg/mozilla/$REPO_PATH -r tip -d $TWIG<br />
</pre><br />
* Sit back and watch your builds and test results roll in ([http://tbpl.mozilla.org/?tree=Alder Alder],[http://tbpl.mozilla.org/?tree=Birch Birch],[http://tbpl.mozilla.org/?tree=Cedar Cedar],[http://tbpl.mozilla.org/?tree=Holly Holly],[http://tbpl.mozilla.org/?tree=Larch Larch],[http://tbpl.mozilla.org/?tree=Maple Maple]). <br />
** '''Special note - READ ME:''' the first push to your newly cloned repo should now trigger a build since {{bug|562026}} was checked in. If it does not, please re-open the bug.<br />
** It will take 3 build runs for the leak checking tools to establish themselves. Before the third run expect to see the builds marked as burning. Other than the leak check the builds should compile and test fine.<br />
<br />
== Using a custom mozconfig ==<br />
<br />
The mozconfigs used for builds live in the same source tree as the main code, eg<br />
* Firefox: <tt>browser/config/mozconfigs/<platform></tt><br />
* Mobile Native: <tt>mobile/android/config/mozconfigs/android</tt><br />
* Mobile XUL: <tt>mobile/xul/config/mozconfigs/android-xul</tt><br />
<br />
The 'nightly' file is used for optimised builds, 'debug' for debug. If you are unsure which file you need consult a build log to see which is used. You can adjust these as needed on your branch, and they will be carried over to mozilla-central when you merge back. Please take care with any mozconfig changes you merge back (eg exclude local conveniences).<br />
<br />
==Enabling/Disabling of platforms, tests, nightly updates ==<br />
If you know you won't need some build platforms or tests you can help everyone by not using up machine resources on your pushes. Ask RelEng to disable them by filing a bug [https://bugzilla.mozilla.org/enter_bug.cgi?assigned_to=nobody%40mozilla.org&bug_file_loc=http%3A%2F%2F&bug_severity=normal&bug_status=NEW&component=Release%20Engineering%3A%20Automation&contenttypemethod=autodetect&contenttypeselection=text%2Fplain&defined_groups=1&flag_type-4=X&flag_type-481=X&flag_type-607=X&flag_type-674=X&flag_type-720=X&flag_type-721=X&flag_type-737=X&flag_type-775=X&flag_type-780=X&form_name=enter_bug&maketemplate=Remember%20values%20as%20bookmarkable%20template&op_sys=All&priority=--&product=mozilla.org&qa_contact=catlee%40mozilla.com&rep_platform=x86&target_milestone=---&version=other here].<br />
<br />
Nightly builds and updates are disabled by default but can be enabled on request.<br />
<br />
== BOOKING SCHEDULE ==<br />
<br />
{| class="data"<br />
|-<br />
! Project Branch<br />
! Regist. bug<br />
! User/Dev Team contact <br />
! Booking Dates <br />
! Next in Line<br />
|-<br />
| [https://tbpl.mozilla.org/?tree=Alder Alder]<br />
|<br />
| jesup, anant: WebRTC integration<br />
| 2011-09-20 – indefinite<br />
| -<br />
|-<br />
| [https://tbpl.mozilla.org/?tree=Ash Ash]<br />
|<br />
| bsmith: experimenting with NSS <br />
| 2012-01-30 - 2012-03-01<br />
| -<br />
|-<br />
| [https://tbpl.mozilla.org/?tree=Birch Birch]<br />
|<br />
| ehsan: getting clang builds<br />
| 2012-04-25 - indefinite<br />
| -<br />
|-<br />
| [https://tbpl.mozilla.org/?tree=Cedar Cedar]<br />
|<br />
| paolo: [[User:P.A./Panel-based_Download_Manager|Downloads Panel]]<br />
| 2012-03-13 - 2012-04-23<br />
| -<br />
|-<br />
| [https://tbpl.mozilla.org/?tree=Elm Elm]<br />
| {{bug|686835}}<br />
| bbondy<br />
| 2012-03-09 - 2013-03-09<br />
| -<br />
|-<br />
| [https://tbpl.mozilla.org/?tree=Holly Holly]<br />
| <font color='red'>No activity since Oct. 18th</font><br />
| Mossop: Jetpack team: work on supporting running add-ons out of process<br />
| 2011-08-17 - unknown<br />
| -<br />
|-<br />
| [https://tbpl.mozilla.org/?tree=Larch Larch]<br />
|<br />
| khuey: DOM bindings<br />
| 2012-03-21 - 2012-04-01<br />
| -<br />
|-<br />
| [https://tbpl.mozilla.org/?tree=Maple Maple]<br />
| {{bug|667734}}<br />
| GPHemsley, kscanne: [[User:GPHemsley/BCP 47|Implementation of BCP 47]] ({{bug|356038}})<br />
| 2012-02-07 - 2012-04-01<br />
| <br />
|-<br />
| [https://tbpl.mozilla.org/?tree=Oak Oak]<br />
|<br />
| ehsan: integration work for {{bug|307181}} and {{bug|481815}}<br />
| 2011-10-25 - indefinite<br />
| -<br />
|-<br />
| [https://tbpl.mozilla.org/?tree=Pine Pine]<br />
| {{bug|753113}} <br />
| benadida, anant: Sign in to the browser and identity modules<br />
| 2011-05-08 - indefinite<br />
| -<br />
|}<br />
<br />
Be sure to keep a copy of anything you need from the repo prior to unbooking it.</div>Ananthttps://wiki.mozilla.org/index.php?title=Media/getUserMedia&diff=428244Media/getUserMedia2012-05-07T23:21:37Z<p>Anant: /* Phase 1 */</p>
<hr />
<div>= getUserMedia Implementation Roadmap =<br />
<br />
== Goal ==<br />
* Implement the getUserMedia specification on 3 platforms: Desktop, Android and B2G.<br />
<br />
* Includes the following uses of getUserMedia:<br />
<pre><br />
getUserMedia({picture:true}, onsuccess(Blob blob), onerror);<br />
getUserMedia({video:true,audio:true}, onsuccess(MediaStream stream), onerror);<br />
video.src = stream;<br />
audio.src = stream;<br />
</pre><br />
<br />
* Appropriate permission, notification and status UIs.<br />
<br />
== Phase 1 ==<br />
<br />
* Implement image capture {picture:true} API<br />
** Android: {{bug|738528}} [Anant]<br />
** B2G: {{bug|749886}} [Fabrice]<br />
<br />
* Define common abstraction "MediaEngine" for device access across multiple platforms.<br />
** Cross-platform: {{bug|750943}} [Suhas/Anant]<br />
*** (crypt's version in {{bug|739566}}) <br />
<br />
* Define "chrome" extensions to MediaStreams for privileged JS code (and B2G's) use. This includes CameraControl features (https://wiki.mozilla.org/WebAPI/CameraControl).<br />
** Cross-platform: {{bug|752352}} [Fabrice/Anant?]<br />
<br />
* Implement a fallback backend for MediaEngine (when hardware support not available, returnMediaStream with white noise, for example).<br />
** Cross-platform: {{bug|752351}} [???]<br />
<br />
* Write DOM bindings for getUserMedia (backed with Fallback MediaEngine).<br />
** Cross-platform: {{bug|752353}} [Anant]<br />
*** (split code from {{bug|691234}} into this one)<br />
<br />
== Phase 2 ==<br />
* Implement MediaEngine backends:<br />
** Android: bug ??? (either based on Android NDK/SDK, or, webrtc.org code).<br />
** B2G: bug ??? [Fabrice] (based on Gonk).<br />
** Desktop: {{bug|691234}} [Anant] (based on webrtc.org code).<br />
<br />
* Implement image capture {picture:true} API<br />
** Desktop: {{bug|749887}} [???]<br />
*** ({{bug|692955}} tracking <input> on Desktop, reuse possible. {{bug|748835}} tracking UI). <br />
<br />
== Phase 3 ==<br />
* Implement permissions, notification & status UI<br />
** Android: bug ???<br />
** B2G: bug ???<br />
** Desktop: {{bug|729522}} [???]<br />
<br />
Once UI lands, getUserMedia may be pref'ed on.<br />
<br />
== Phase 4 and beyond ==<br />
* Implement file backend for MediaEngine.<br />
* Refactor getUserMedia{picture:true} implementations to use MediaEngine + privileged MediaStreams and CameraControl APIs.</div>Ananthttps://wiki.mozilla.org/index.php?title=Media/getUserMedia&diff=427990Media/getUserMedia2012-05-07T16:10:45Z<p>Anant: </p>
<hr />
<div>= getUserMedia Implementation Roadmap =<br />
<br />
== Goal ==<br />
* Implement the getUserMedia specification on 3 platforms: Desktop, Android and B2G.<br />
<br />
* Includes the following uses of getUserMedia:<br />
<pre><br />
getUserMedia({picture:true}, onsuccess(Blob blob), onerror);<br />
getUserMedia({video:true,audio:true}, onsuccess(MediaStream stream), onerror);<br />
video.src = stream;<br />
audio.src = stream;<br />
</pre><br />
<br />
* Appropriate permission, notification and status UIs.<br />
<br />
== Phase 1 ==<br />
<br />
* Implement image capture {picture:true} API<br />
** Android: {{bug|738528}} [Anant]<br />
** B2G: {{bug|749886}} [Fabrice]<br />
<br />
* Define common abstraction "MediaEngine" for device access across multiple platforms.<br />
** Cross-plaform: {{bug|750943}} [Suhas/Anant]<br />
*** (crypt's version in {{bug|739566}}) <br />
<br />
* Define "chrome" extensions to MediaStreams for privileged JS code (and B2G's) use. This includes CameraControl features (https://wiki.mozilla.org/WebAPI/CameraControl).<br />
** Cross-platform: {{bug|752352}} [Fabrice/Anant?]<br />
<br />
* Implement a fallback backend for MediaEngine (when hardware support not available, returnMediaStream with white noise, for example).<br />
** Cross-platform: {{bug|752351}} [???]<br />
<br />
* Write DOM bindings for getUserMedia (backed with Fallback MediaEngine).<br />
** Cross-platform: {{bug|752353}} [Anant]<br />
*** (split code from {{bug|691234}} into this one)<br />
<br />
== Phase 2 ==<br />
* Implement MediaEngine backends:<br />
** Android: bug ??? (either based on Android NDK/SDK, or, webrtc.org code).<br />
** B2G: bug ??? [Fabrice] (based on Gonk).<br />
** Desktop: {{bug|691234}} [Anant] (based on webrtc.org code).<br />
<br />
* Implement image capture {picture:true} API<br />
** Desktop: {{bug|749887}} [???]<br />
*** ({{bug|692955}} tracking <input> on Desktop, reuse possible. {{bug|748835}} tracking UI). <br />
<br />
== Phase 3 ==<br />
* Implement permissions, notification & status UI<br />
** Android: bug ???<br />
** B2G: bug ???<br />
** Desktop: {{bug|729522}} [???]<br />
<br />
Once UI lands, getUserMedia may be pref'ed on.<br />
<br />
== Phase 4 and beyond ==<br />
* Implement file backend for MediaEngine.<br />
* Refactor getUserMedia{picture:true} implementations to use MediaEngine + privileged MediaStreams and CameraControl APIs.</div>Ananthttps://wiki.mozilla.org/index.php?title=Media/getUserMedia&diff=427801Media/getUserMedia2012-05-07T07:43:13Z<p>Anant: </p>
<hr />
<div>= getUserMedia Implementation Roadmap =<br />
<br />
== Goal ==<br />
* Implement the getUserMedia specification on 3 platforms: Desktop, Android and B2G.<br />
<br />
* Includes the following uses of getUserMedia:<br />
<pre><br />
getUserMedia({picture:true}, onsuccess(Blob blob), onerror);<br />
getUserMedia({video:true,audio:true}, onsuccess(MediaStream stream), onerror);<br />
video.src = stream;<br />
audio.src = stream;<br />
</pre><br />
<br />
* Appropriate permission, notification and status UIs.<br />
<br />
== Phase 1 ==<br />
<br />
* Implement image capture {picture:true} API<br />
** Android: {{bug|738528}} [Anant]<br />
<br />
* Define common abstraction "MediaEngine" for device access across multiple platforms.<br />
** Cross-plaform: {{bug|750943}} [Suhas/Anant]<br />
*** (crypt's version in {{bug|739566}}) <br />
<br />
* Define "chrome" extensions to MediaStreams for privileged JS code (and B2G's) use. This includes CameraControl features (https://wiki.mozilla.org/WebAPI/CameraControl).<br />
** Cross-platform: {{bug|752352}} [Fabrice/Anant?]<br />
<br />
* Implement a fallback backend for MediaEngine (when hardware support not available, returnMediaStream with white noise, for example).<br />
** Cross-platform: {{bug|752351}} [???]<br />
<br />
* Write DOM bindings for getUserMedia (backed with Fallback MediaEngine).<br />
** Cross-platform: {{bug|752353}} [Anant]<br />
*** (split code from {{bug|691234}} into this one)<br />
<br />
== Phase 2 ==<br />
* Implement MediaEngine backends:<br />
** Android: bug ??? (either based on Android NDK/SDK, or, webrtc.org code).<br />
** B2G: bug ??? [Fabrice] (based on Gonk).<br />
** Desktop: {{bug|691234}} [Anant] (based on webrtc.org code).<br />
<br />
* Implement image capture {picture:true} API<br />
** B2G: {{bug|749886}} [Fabrice]<br />
** Desktop: {{bug|749887}} [???]<br />
*** ({{bug|692955}} tracking <input> on Desktop, reuse possible. {{bug|748835}} tracking UI). <br />
<br />
== Phase 3 ==<br />
* Implement permissions, notification & status UI<br />
** Android: bug ???<br />
** B2G: bug ???<br />
** Desktop: {{bug|729522}} [???]<br />
<br />
Once UI lands, getUserMedia may be pref'ed on.<br />
<br />
== Phase 4 and beyond ==<br />
* Implement file backend for MediaEngine.<br />
* Refactor getUserMedia{picture:true} implementations to use MediaEngine + privileged MediaStreams and CameraControl APIs.</div>Ananthttps://wiki.mozilla.org/index.php?title=Media/getUserMedia&diff=427733Media/getUserMedia2012-05-06T19:26:39Z<p>Anant: Created page with "= getUserMedia Implementation Roadmap = == Goal == * Implement the getUserMedia specification on 3 platforms: Desktop, Android and B2G. * Includes the following uses of getUser..."</p>
<hr />
<div>= getUserMedia Implementation Roadmap =<br />
<br />
== Goal ==<br />
* Implement the getUserMedia specification on 3 platforms: Desktop, Android and B2G.<br />
<br />
* Includes the following uses of getUserMedia:<br />
<pre><br />
getUserMedia({picture:true}, onsuccess(Blob blob), onerror);<br />
getUserMedia({video:true,audio:true}, onsuccess(MediaStream stream), onerror);<br />
video.src = stream;<br />
audio.src = stream;<br />
</pre><br />
<br />
* Appropriate permission, notification and status UIs.<br />
<br />
== Phase 1 ==<br />
<br />
* Implement image capture {picture:true} API<br />
** Android: {{bug|738528}} [Anant]<br />
** B2G: {{bug|749886}} [Fabrice]<br />
** Desktop: {{bug|749887}} [???]<br />
*** ({{bug|692955}} tracking <input> on Desktop, reuse possible. {{bug|748835}} tracking UI). <br />
<br />
* Define common abstraction "MediaEngine" for device access across multiple platforms.<br />
** Cross-plaform: {{bug|750943}} [Suhas/Anant]<br />
*** (crypt's version in {{bug|739566}}) <br />
<br />
* Define "chrome" extensions to MediaStreams for privileged JS code (and B2G's) use. This includes CameraControl features (https://wiki.mozilla.org/WebAPI/CameraControl).<br />
** Cross-platform: {{bug|752352}} [Fabrice/Anant?]<br />
<br />
* Implement a fallback backend for MediaEngine (when hardware support not available, returnMediaStream with white noise, for example).<br />
** Cross-platform: {{bug|752351}} [???]<br />
<br />
* Write DOM bindings for getUserMedia (backed with Fallback MediaEngine).<br />
** Cross-platform: {{bug|752353}} [Anant]<br />
*** (split code from {{bug|691234}} into this one)<br />
<br />
== Phase 2 ==<br />
* Implement MediaEngine backends:<br />
** Android: bug ??? (either based on Android NDK/SDK, or, webrtc.org code).<br />
** B2G: bug ??? [Fabrice] (based on Gonk).<br />
** Desktop: {{bug|691234}} [Anant] (based on webrtc.org code).<br />
<br />
== Phase 3 ==<br />
* Implement permissions, notification & status UI<br />
** Android: bug ???<br />
** B2G: bug ???<br />
** Desktop: {{bug|729522}} [???]<br />
<br />
Once UI lands, getUserMedia may be pref'ed on.<br />
<br />
== Phase 4 and beyond ==<br />
* Implement file backend for MediaEngine.<br />
* Refactor getUserMedia{picture:true} implementations to use MediaEngine + privileged MediaStreams and CameraControl APIs.</div>Ananthttps://wiki.mozilla.org/index.php?title=Apps/ShowAndTells&diff=417473Apps/ShowAndTells2012-04-06T19:00:04Z<p>Anant: </p>
<hr />
<div>= 2012-04-06 =<br />
<br />
== WebRT on desktop (including webapp mode and native app experience) ==<br />
<br />
== WebRT on Android (including webapp mode and native app experience) ==<br />
== AppSync (for WebRTs and HTML5) ==<br />
* Demo of Apps in the Cloud<br />
== Marketplace - developer interfaces on desktop; consumer interfaces on mobile & desktop ==<br />
* in-app payment demo hooked up to the PayPal sandbox (Kumar)<br />
* andym: its a holiday in Canada, but if anyone wants to show videos (webm) or currencies be my guest<br />
* Homepage, and other initial applications of Martell's new visual design (potch)<br />
<br />
== Developer Ecosystem - everything else that leads to more Apps in our marketplace ==<br />
== Other ==<br />
Prototype personalization feedback - http://ed.agadak.net/demo.html<br />
<br />
<br />
Older show and tells - https://wiki.mozilla.org/Apps/ShowAndTells/Older</div>Ananthttps://wiki.mozilla.org/index.php?title=Apps/ShowAndTells&diff=398908Apps/ShowAndTells2012-02-17T18:46:19Z<p>Anant: /* WebRT on desktop (including webapp mode and native app experience) */</p>
<hr />
<div>= 2012-02-03 =<br />
<br />
== WebRT on desktop (including webapp mode and native app experience) ==<br />
<br />
* New "-webapp" mode in Firefox (Dan)<br />
<br />
== WebRT on Android (including webapp mode and native app experience) ==<br />
<br />
* APK Application stub builder in the cloud (Harald)<br />
<br />
== AppSync (for WebRTs and HTML5) ==<br />
<br />
* Progress on a new Token Server and overview of AppSync architecture (Bill and Ian)<br />
<br />
== Marketplace - developer interfaces on desktop; consumer interfaces on mobile & desktop ==<br />
* prototype of in-app payment flow from an app's perspective (Kumar)<br />
* prototype of HTML mockups in Desktop, Tablet, and Mobile modes<br />
* breaking ground on second-stage prototypes running on top of the marketplace server (potch)<br />
<br />
== Developer Ecosystem - everything else that leads to more Apps in our marketplace ==<br />
<br />
* reference implementation of paywall app -- Ian Bicking<br />
<br />
== Identity ==<br />
<br />
* BrowserID Identity Provider support<br />
<br />
= 2012-02-10 =<br />
<br />
== WebRT on desktop (including webapp mode and native app experience) ==<br />
== WebRT on Android (including webapp mode and native app experience) ==<br />
<br />
* Webkit-based Soup with harmonized webApps API<br />
<br />
== AppSync (for WebRTs and HTML5) ==<br />
== Marketplace - developer interfaces on desktop; consumer interfaces on mobile & desktop ==<br />
<br />
* Collections main page for Mobile - http://flee.com/mozilla/<br />
<br />
== Developer Ecosystem - everything else that leads to more Apps in our marketplace ==<br />
<br />
* Brian Dils to present Developer UX Project Map<br />
* Jason Smith to present [https://metrics.mozilla.com/pentaho/content/pentaho-cdf-dd/Render?solution=metrics2&path=%2Fbugzilla%2FWebApps&file=WebApps.wcdf QA Bugzilla Dashboard] for Web Apps<br />
* David Clarke Phase I Test Infrastructure for WebApps [https://wiki.mozilla.org/Apps/QA/Test_Infrastructure]<br />
<br />
= 2012-02-17 =<br />
<br />
<h2> WebRT on desktop (including webapp mode and native app experience) </h2><br />
<ul><br />
<li>Add-on with the new mozApps API, and the ability to install "fake" partner apps.</li><br />
</ul><br />
<br />
== WebRT on Android (including webapp mode and native app experience) ==<br />
== AppSync (for WebRTs and HTML5) ==<br />
== Marketplace - developer interfaces on desktop; consumer interfaces on mobile & desktop ==<br />
== Developer Ecosystem - everything else that leads to more Apps in our marketplace ==<br />
<br />
= 2012-02-24 =<br />
<br />
== WebRT on desktop (including webapp mode and native app experience) ==<br />
== WebRT on Android (including webapp mode and native app experience) ==<br />
== AppSync (for WebRTs and HTML5) ==<br />
== Marketplace - developer interfaces on desktop; consumer interfaces on mobile & desktop ==<br />
== Developer Ecosystem - everything else that leads to more Apps in our marketplace ==<br />
<br />
= 2012-03-02 =<br />
<br />
== WebRT on desktop (including webapp mode and native app experience) ==<br />
== WebRT on Android (including webapp mode and native app experience) ==<br />
== AppSync (for WebRTs and HTML5) ==<br />
== Marketplace - developer interfaces on desktop; consumer interfaces on mobile & desktop ==<br />
== Developer Ecosystem - everything else that leads to more Apps in our marketplace ==<br />
<br />
= 2012-03-09 =<br />
<br />
== WebRT on desktop (including webapp mode and native app experience) ==<br />
== WebRT on Android (including webapp mode and native app experience) ==<br />
== AppSync (for WebRTs and HTML5) ==<br />
== Marketplace - developer interfaces on desktop; consumer interfaces on mobile & desktop ==<br />
== Developer Ecosystem - everything else that leads to more Apps in our marketplace ==<br />
<br />
= 2012-03-16 =<br />
<br />
== WebRT on desktop (including webapp mode and native app experience) ==<br />
== WebRT on Android (including webapp mode and native app experience) ==<br />
== AppSync (for WebRTs and HTML5) ==<br />
== Marketplace - developer interfaces on desktop; consumer interfaces on mobile & desktop ==<br />
== Developer Ecosystem - everything else that leads to more Apps in our marketplace ==</div>Ananthttps://wiki.mozilla.org/index.php?title=Apps/ShowAndTells&diff=398906Apps/ShowAndTells2012-02-17T18:42:47Z<p>Anant: /* WebRT on desktop (including webapp mode and native app experience) */</p>
<hr />
<div>= 2012-02-03 =<br />
<br />
== WebRT on desktop (including webapp mode and native app experience) ==<br />
<br />
* New "-webapp" mode in Firefox (Dan)<br />
<br />
== WebRT on Android (including webapp mode and native app experience) ==<br />
<br />
* APK Application stub builder in the cloud (Harald)<br />
<br />
== AppSync (for WebRTs and HTML5) ==<br />
<br />
* Progress on a new Token Server and overview of AppSync architecture (Bill and Ian)<br />
<br />
== Marketplace - developer interfaces on desktop; consumer interfaces on mobile & desktop ==<br />
* prototype of in-app payment flow from an app's perspective (Kumar)<br />
* prototype of HTML mockups in Desktop, Tablet, and Mobile modes<br />
* breaking ground on second-stage prototypes running on top of the marketplace server (potch)<br />
<br />
== Developer Ecosystem - everything else that leads to more Apps in our marketplace ==<br />
<br />
* reference implementation of paywall app -- Ian Bicking<br />
<br />
== Identity ==<br />
<br />
* BrowserID Identity Provider support<br />
<br />
= 2012-02-10 =<br />
<br />
== WebRT on desktop (including webapp mode and native app experience) ==<br />
== WebRT on Android (including webapp mode and native app experience) ==<br />
<br />
* Webkit-based Soup with harmonized webApps API<br />
<br />
== AppSync (for WebRTs and HTML5) ==<br />
== Marketplace - developer interfaces on desktop; consumer interfaces on mobile & desktop ==<br />
<br />
* Collections main page for Mobile - http://flee.com/mozilla/<br />
<br />
== Developer Ecosystem - everything else that leads to more Apps in our marketplace ==<br />
<br />
* Brian Dils to present Developer UX Project Map<br />
* Jason Smith to present [https://metrics.mozilla.com/pentaho/content/pentaho-cdf-dd/Render?solution=metrics2&path=%2Fbugzilla%2FWebApps&file=WebApps.wcdf QA Bugzilla Dashboard] for Web Apps<br />
* David Clarke Phase I Test Infrastructure for WebApps [https://wiki.mozilla.org/Apps/QA/Test_Infrastructure]<br />
<br />
= 2012-02-17 =<br />
<br />
== WebRT on desktop (including webapp mode and native app experience) ==<br />
Add-on with the new mozApps API, and the ability to install "fake" partner apps.<br />
<br />
== WebRT on Android (including webapp mode and native app experience) ==<br />
== AppSync (for WebRTs and HTML5) ==<br />
== Marketplace - developer interfaces on desktop; consumer interfaces on mobile & desktop ==<br />
== Developer Ecosystem - everything else that leads to more Apps in our marketplace ==<br />
<br />
= 2012-02-24 =<br />
<br />
== WebRT on desktop (including webapp mode and native app experience) ==<br />
== WebRT on Android (including webapp mode and native app experience) ==<br />
== AppSync (for WebRTs and HTML5) ==<br />
== Marketplace - developer interfaces on desktop; consumer interfaces on mobile & desktop ==<br />
== Developer Ecosystem - everything else that leads to more Apps in our marketplace ==<br />
<br />
= 2012-03-02 =<br />
<br />
== WebRT on desktop (including webapp mode and native app experience) ==<br />
== WebRT on Android (including webapp mode and native app experience) ==<br />
== AppSync (for WebRTs and HTML5) ==<br />
== Marketplace - developer interfaces on desktop; consumer interfaces on mobile & desktop ==<br />
== Developer Ecosystem - everything else that leads to more Apps in our marketplace ==<br />
<br />
= 2012-03-09 =<br />
<br />
== WebRT on desktop (including webapp mode and native app experience) ==<br />
== WebRT on Android (including webapp mode and native app experience) ==<br />
== AppSync (for WebRTs and HTML5) ==<br />
== Marketplace - developer interfaces on desktop; consumer interfaces on mobile & desktop ==<br />
== Developer Ecosystem - everything else that leads to more Apps in our marketplace ==<br />
<br />
= 2012-03-16 =<br />
<br />
== WebRT on desktop (including webapp mode and native app experience) ==<br />
== WebRT on Android (including webapp mode and native app experience) ==<br />
== AppSync (for WebRTs and HTML5) ==<br />
== Marketplace - developer interfaces on desktop; consumer interfaces on mobile & desktop ==<br />
== Developer Ecosystem - everything else that leads to more Apps in our marketplace ==</div>Ananthttps://wiki.mozilla.org/index.php?title=Sauropod&diff=359618Sauropod2011-10-19T20:58:40Z<p>Anant: /* OpenWebApps */</p>
<hr />
<div>{{draft}} <br />
<br />
= Sauropod Technical Specification =<br />
<br />
Sauropod is a secure storage system for user data. It employs end-to-end encryption and secure key storage to enable least-privilege access, fine-grain user permissioning, and a controlled and auditable process for administrative and automated data access. <br />
<br />
To application developers, Sauropod presents a key-value storage API, where each user has a completely independent universe of keys. Applications gain access to a user's store by presenting a user credential, the generation and validation of which is external to the Sauropod system. The store may also, optionally, restrict access to a particular set of user keys based on the application making the access. Applications may extend the privileges on a particular object key according to sensible transitive principles: a user that can read a file can extend read permission to any other user, and similarly for writes. (XX support locking an item down as non-sharable?) <br />
<br />
Administrative and automated access is supported through "super-credentials". These allow developers and batch processes to obtain capabilities identical to those of a user for a limited time. There is no "super-user" that is allowed to access all records; instead, an administrator acquires the permissions of a user through an authenticated, auditable process. <br />
<br />
(XX The desired implementation of Sauropod is of a key-value store with encrypted values, where the encryption keys are per-user keys that are wrapped with a small number of master secrets. Keys are only unwrapped inside the system. The API described to the client does not expose the details of the internal data protection scheme, but it is completely compatible with this internal representation) <br />
<br />
== Project Phasing ==<br />
<br />
*''Phase Zero'': In phase zero, a tentative API, including credentials, is implemented. What happens within the API is unspecified, and may not involve any cryptography to start with.<br />
<br />
*''Phase One'': In phase one, the session API is fully implemented. Callers are required to present user credentials or an administrative credential to access user data. The internal implementation is ''not'' encrypted, but uses row-level access control to enforce fine-grained access control. The Access Server, Logging, and Credential Oracle are implemented fully; the Data Server is a non-encrypted databae; the Key Server is not present. The Sharing API is not implemented. (XX how much of Administrative and Automated?)<br />
<br />
*''Phase Two'': In phase two, the Key Server is fully implemented, and the Data Server is modified to store encrypted data. The encrypted ACL system is implemented. The Sharing, Administrative, and Automated APIs are implemented.<br />
<br />
== Definition of Terms ==<br />
<br />
*Application: a process that is accessing user data on behalf of a user. Applications use Application Authentication to prove to the access server which process they are.<br />
<br />
*Access Server: a Sauropod internal process that handles requests from applications to access data and keys.<br />
<br />
*Data Server: a Sauropod internal process that maintains a table of user data. Each atom of user data has a bucket and a value.<br />
<br />
*Credential Oracle: (too cute? name?) An external process, configured as part of a Sauropod installation, which verifies a credential and translates it into a user identifier.<br />
<br />
*Credential: An string of bytes, presented by the application to the Access Server, which encodes the successful authentication of a user into the system. A credential could be a cookie (which would then be checked with a session server connected to the authentication system) or a directly-verifiable credential such as a BrowserID assertion or proof of SSL client certificate handshake.<br />
<br />
*User Identifier: An string of bytes that represents a single user in the Sauropod system. Credentials can be converted into user identifiers by the Credential Oracle.<br />
<br />
*Key Server: a Sauropod internal process that maintains a list of per-value keys. All keys are wrapped with a Master Secret that is known only to the Key Server (or, better yet, locked away in a hardware module that only the Key Server can access). Every unique value has its own key; a key may be wrapped by more than one user key (if more than one user has access to it).<br />
<br />
*Logging Aggregator: A Sauropod internal process that collates the logs of the access, data, and key servers to provide a unified view of data access behavior. It may optionally run audit logic to detect anomalous access patterns.<br />
<br />
== Basic Flow of Control ==<br />
<br />
In the course of processing a request from a user, an application needs to retrieve some data. As part of the request (or a session context connected to it), the application has a user credential. <br />
<br />
The application begins a session with the access server by sending the user credential in a BeginSession request. <br />
<br />
The Access Server validates the credential by consulting the Credential Oracle and creates a session associated with the User Identifier. A session identifier is returned to the application, which must be included with all subsequent requests. <br />
<br />
The application than issues some number of requests to the Access Server, including the session identifier with each. <br />
<br />
The Access Server authenticates the request to determine which application is making the request. It then <br />
<br />
*Determines if the application is allowed to access the requested bucket <br />
*in the Clear Data Model, verifies the credential and derives a User Identifier from it, and then determines whether that User Identifier has permissions to access the requested bucket; if permission is allowed performs the read or write <br />
*In the Encrypted Data Model, verifies the credential and derives a User Identifier from it, and then retrieves the ACL record and data ciphertext for that User Identifier at the requested bucket; the ACL is then passed to the Key Server for validation and decryption, and the key contained in the ACL is used to decrypt the ciphertext or encrypt a new ciphertext for the data.<br />
<br />
The key server and data server only respond to requests from access servers. All key server and data server operations are logged. <br />
<br />
== Data Storage Model ==<br />
<br />
(XX Need lots of feedback here). <br />
<br />
*Key-value pairs <br />
*Collections? Ordered lists? <br />
*Trees? Graphs?<br />
<br />
== Clear Data Model ==<br />
<br />
In the '''Clear Data Model''', the Data Server maintains two types of data: <br />
<br />
*A ''user data bucket'' is keyed on a bucket location, and contains the ''data''. <br />
*A ''user access bucket'' is keyed on a bucket location and a user identifier, and contains a permission (level, or bitwise mask, of read/write/admin).<br />
<br />
== Encrypted Data Model ==<br />
<br />
In the '''Encrypted Data Model''', the Data Server maintains two types of data: <br />
<br />
*A ''user data bucket'' is keyed on a bucket location, and contains the ''data'' encrypted with a ''data key'' (for location d, called K<sub>d</sub>) <br />
*A ''user access bucket'' is keyed on a bucket location and a user identifier, and contains a tuple of (perms, (location, identifier, perms, K<sub>d</sub>)_K<sub>master</sub>). That is, the access control list (ACL) record, which uniquely identifies the ability of a particular user to access a particular bucket, and contains the key to read that bucket, is encrypted with a master secret.<br />
<br />
The Key Server simply maintains a small number of master secrets. The Access Server retrieves ACL records from the data server and submits them to the Key Server, along with a credential. The Key Server verifies the credential, decrypts the ACL tuple, verifies that the identifier in the tuple matches the identifier of the credential, logs the access, and returns K<sub>d</sub> to the Access Server. (NB the Key Server should be locked down so only the Access Server can talk to it) <br />
<br />
((XX should access server include the intent of which permission it wants? would be for logging only)) <br />
<br />
== Application Authentication ==<br />
<br />
All application-level calls to the AccessServer must be authenticated **by the application**. The terms of this authentication are up to the implementation, but could include transport level or message level techniques (IP range pinning, IPsec, SSL/TLS, and API keys are all options). ((XX perhaps we could implement a couple)) <br />
<br />
== Administrative Access ==<br />
<br />
The system supports audited, fine-grained administrative access through the creation of "super-credentials". These are credentials which represents a super-user access to a **single user's data**. The Credential Oracle is required to provide features to make this work, so the exact details are out of scope for this specification, but the general flow is: <br />
<br />
*Administrative user authenticates to the credentialing system, presenting a superuser authentication and a target user <br />
*Credentialing system produces a super-credential for the target user, tagged with audit trail metadata (for example, "super user Jane, accessing user Joe, to investigate bug #6143635, at 2:25 PM 10/15/2011"). <br />
*The superuser then creates a session and issues commands as though he or she were the actual target user. The credential information is logged with all accesses.<br />
<br />
The credential system should be designed to expirte the credential in a reasonable interval to allow the administrative user to finish his or her tasks. <br />
<br />
== Batch/Automation Access ==<br />
<br />
In a similar fashion to administrative access, the system supports batch mode access for automation and aggregate analysis. The credential oracle is required to support "automation credentials" for this purpose. <br />
<br />
An automation credential is a credential that allows access to a set of users. The automated process must authenticate itself to the credential oracle and receive a credential, just like a superuser access. The process must assert the purpose of its access during this credentialing process, and the credential it receives is time- and scope-limited. ((XX details!)) For example, "Indexing batch process, handling user updates new since 10/14/2011-01:50-Z". <br />
<br />
Once the automated system has a credential, it may use that credential to begin a session and access user data. <br />
<br />
(XX If the system supports internal aggregate calculations, e.g. map-reduce or tree walking of data, the Access Server session could make use of the credential internally to access multiple user keys). <br />
<br />
== Provisioning to applications outside the trusted perimeter ==<br />
<br />
If the application-level authentication is strong enough, the Access Server could accept inbound requests from applications outside the trusted computing perimeter. These applications would still be required to authenticate themselves and present a user credential. Transport-level encryption of the communication would be mandatory. <br />
<br />
Possible topologies: <br />
<br />
*Traditional OAuth: The application authenticates with an API key and secret; the user credential is an OAuth Access Token (which was previously provisioned through an authorization flow) <br />
*BrowserID: The application authenticates with SSL/TLS or an API key and secret; the user credential is an identity assertion. ((XX what would the audience be - probably the accessing application?))<br />
<br />
<br> <br />
<br />
=== Questions ===<br />
<br />
==== "The Vault" and "The Cloud" ====<br />
<br />
Can we use this system to store non-decryptable user data without any issues? This would mean storing an ACL that contains, not K<sub>d</sub>, but a NULL key - that is, a record that we don't know how to read the document. Mozilla would still be responsible for maintaining the ACL, so that an authenticated user could extend read or write privileges to another user. <br />
<br />
==== Trusted computing base, lifecycle questions: ====<br />
<br />
*Does the access server cache credential verification, or credential to user identifier results, or key decrypt results? <br />
*Currently we need to consult the oracle twice (and maybe thrice) - once to find which identifier to use for the ACL lookup (once in access server, or once in data server, or both?), and again in the keyserver to verify that the ACL's plaintext contains the identifier in the credential. Is that really necessary?<br />
<br />
==== Data partitioning questions ====<br />
<br />
Per-user? ( identifier, datakey) Flat per-user? /identifier/datakey Flat global? /datakey <br />
<br />
Anything per user means that app needs to know user identifier to enable cross-user access. Anything global means that all users have to live in a shared namespace, which makes locality of storage harder to achieve. One option: if identifier is not reversible to user identity, could still get locality. avoiding trivial correlation means we need more than one identifier. <br />
<br />
==== Collections? Linked data structures? ====<br />
<br />
What's the right way to represent collections and graphs/trees? This probably depends a lot on the underlying persistence mechanism. <br />
<br />
If it's Riak-like, we have the ability to perform tree reassembly inside the persistence layer; this would require decrypting references inside the DB or holding references externally. Can we live with that? We could expose a collection identifier outside of the encryption envelope, for example. <br />
<br />
==== Resolution of user data to account ====<br />
<br />
As currently written, the User Identifier is the only entry point into the database, and there is only one of them. There will be cases (mostly administrative) where a valid user will need to perform discovery based on other data -- for example, to search based on givenName/familyName for a user account, when the email address has been lost, to investigate a payment. <br />
<br />
There is no efficient way to perform that query as the system is currently specified. <br />
<br />
= Strawman API =<br />
<br />
For fun, we specify the API using HTTP. <br />
<br />
== Versioning of the API ==<br />
<br />
We punt on versioning for now by using DNS, e.g. <tt>https://v1.sauropod.mozilla.org</tt> <br />
<br />
== Caller Authentication ==<br />
<br />
Every caller into the API has an API key and secret. These are used for Caller Authentication. The API key and secret are used to perform 2-legged OAuth-signed calls. There is no dance, just signing of the API call (much like Amazon S3). <br />
<br />
== Session Initiation ==<br />
<br />
POST /session/start<br />
assertion={browserid_asertion}&amp;audience={app_domain}<br />
<br />
returns a session token and secret, which are used to sign subsequent requests <br />
<br />
session_token={session_token}&amp;session_secret={session_secret}&amp;expires_at={expiration}<br />
<br />
== Set ==<br />
<br />
PUT /app/{app_id}/users/{user_id}/keys/{key}<br />
{value}<br />
<br />
== Get ==<br />
<br />
GET /apps/{app_id}/users/{user_id}/keys/{key}<br />
<br />
returns the content of the data at that key, with content-type specified at upload time. Only if authorized, of course. <br />
<br />
= Use Cases for Sauropod =<br />
<br />
== OpenWebApps ==<br />
<br />
The first use case for Sauropod is to store a user's list of installed "apps" for the OpenWebApps projects. This use-case has the following requirements (all operations are per-user): <br />
<br />
#Add an installed app. Apps are keyed by domain, and are unique. The value of an app record is an arbritrary JSON object.<br> <br />
#Retrieve the list of all installed apps, returns an array of app records.<br> <br />
#Modify an app record, disallow deleting an app (a user never unpurchases an app but may choose to uninstall it which is denoted by marking it as such in the app record).<br />
<br />
In addition, there are a few use-cases for aggregate data, not per-user.&nbsp;Ideally this aggregation would be done by the Sauropod on the server side. <br />
<br />
#Retrieve the number of installs of a particular app (without leaking information about users who have the app installed).<br><br />
#Retrieve general statistics such as: installs/hour and uninstalls/hour. <br />
#Retrieve information on how many apps have been installed from a particular app store in a given time period.<br />
<br />
<br></div>Ananthttps://wiki.mozilla.org/index.php?title=Sauropod&diff=359565Sauropod2011-10-19T19:06:24Z<p>Anant: </p>
<hr />
<div>{{draft}} <br />
<br />
= Sauropod Technical Specification =<br />
<br />
Sauropod is a secure storage system for user data. It employs end-to-end encryption and secure key storage to enable least-privilege access, fine-grain user permissioning, and a controlled and auditable process for administrative and automated data access. <br />
<br />
To application developers, Sauropod presents a key-value storage API, where each user has a completely independent universe of keys. Applications gain access to a user's store by presenting a user credential, the generation and validation of which is external to the Sauropod system. The store may also, optionally, restrict access to a particular set of user keys based on the application making the access. Applications may extend the privileges on a particular object key according to sensible transitive principles: a user that can read a file can extend read permission to any other user, and similarly for writes. (XX support locking an item down as non-sharable?) <br />
<br />
Administrative and automated access is supported through "super-credentials". These allow developers and batch processes to obtain capabilities identical to those of a user for a limited time. There is no "super-user" that is allowed to access all records; instead, an administrator acquires the permissions of a user through an authenticated, auditable process. <br />
<br />
(XX The desired implementation of Sauropod is of a key-value store with encrypted values, where the encryption keys are per-user keys that are wrapped with a small number of master secrets. Keys are only unwrapped inside the system. The API described to the client does not expose the details of the internal data protection scheme, but it is completely compatible with this internal representation) <br />
<br />
== Project Phasing ==<br />
<br />
*''Phase Zero'': In phase zero, a tentative API, including credentials, is implemented. What happens within the API is unspecified, and may not involve any cryptography to start with.<br />
<br />
*''Phase One'': In phase one, the session API is fully implemented. Callers are required to present user credentials or an administrative credential to access user data. The internal implementation is ''not'' encrypted, but uses row-level access control to enforce fine-grained access control. The Access Server, Logging, and Credential Oracle are implemented fully; the Data Server is a non-encrypted databae; the Key Server is not present. The Sharing API is not implemented. (XX how much of Administrative and Automated?)<br />
<br />
*''Phase Two'': In phase two, the Key Server is fully implemented, and the Data Server is modified to store encrypted data. The encrypted ACL system is implemented. The Sharing, Administrative, and Automated APIs are implemented.<br />
<br />
== Definition of Terms ==<br />
<br />
*Application: a process that is accessing user data on behalf of a user. Applications use Application Authentication to prove to the access server which process they are.<br />
<br />
*Access Server: a Sauropod internal process that handles requests from applications to access data and keys.<br />
<br />
*Data Server: a Sauropod internal process that maintains a table of user data. Each atom of user data has a bucket and a value.<br />
<br />
*Credential Oracle: (too cute? name?) An external process, configured as part of a Sauropod installation, which verifies a credential and translates it into a user identifier.<br />
<br />
*Credential: An string of bytes, presented by the application to the Access Server, which encodes the successful authentication of a user into the system. A credential could be a cookie (which would then be checked with a session server connected to the authentication system) or a directly-verifiable credential such as a BrowserID assertion or proof of SSL client certificate handshake.<br />
<br />
*User Identifier: An string of bytes that represents a single user in the Sauropod system. Credentials can be converted into user identifiers by the Credential Oracle.<br />
<br />
*Key Server: a Sauropod internal process that maintains a list of per-value keys. All keys are wrapped with a Master Secret that is known only to the Key Server (or, better yet, locked away in a hardware module that only the Key Server can access). Every unique value has its own key; a key may be wrapped by more than one user key (if more than one user has access to it).<br />
<br />
*Logging Aggregator: A Sauropod internal process that collates the logs of the access, data, and key servers to provide a unified view of data access behavior. It may optionally run audit logic to detect anomalous access patterns.<br />
<br />
== Basic Flow of Control ==<br />
<br />
In the course of processing a request from a user, an application needs to retrieve some data. As part of the request (or a session context connected to it), the application has a user credential. <br />
<br />
The application begins a session with the access server by sending the user credential in a BeginSession request. <br />
<br />
The Access Server validates the credential by consulting the Credential Oracle and creates a session associated with the User Identifier. A session identifier is returned to the application, which must be included with all subsequent requests. <br />
<br />
The application than issues some number of requests to the Access Server, including the session identifier with each. <br />
<br />
The Access Server authenticates the request to determine which application is making the request. It then <br />
<br />
*Determines if the application is allowed to access the requested bucket <br />
*in the Clear Data Model, verifies the credential and derives a User Identifier from it, and then determines whether that User Identifier has permissions to access the requested bucket; if permission is allowed performs the read or write <br />
*In the Encrypted Data Model, verifies the credential and derives a User Identifier from it, and then retrieves the ACL record and data ciphertext for that User Identifier at the requested bucket; the ACL is then passed to the Key Server for validation and decryption, and the key contained in the ACL is used to decrypt the ciphertext or encrypt a new ciphertext for the data.<br />
<br />
The key server and data server only respond to requests from access servers. All key server and data server operations are logged. <br />
<br />
== Data Storage Model ==<br />
<br />
(XX Need lots of feedback here). <br />
<br />
*Key-value pairs <br />
*Collections? Ordered lists? <br />
*Trees? Graphs?<br />
<br />
== Clear Data Model ==<br />
<br />
In the '''Clear Data Model''', the Data Server maintains two types of data: <br />
<br />
*A ''user data bucket'' is keyed on a bucket location, and contains the ''data''. <br />
*A ''user access bucket'' is keyed on a bucket location and a user identifier, and contains a permission (level, or bitwise mask, of read/write/admin).<br />
<br />
== Encrypted Data Model ==<br />
<br />
In the '''Encrypted Data Model''', the Data Server maintains two types of data: <br />
<br />
*A ''user data bucket'' is keyed on a bucket location, and contains the ''data'' encrypted with a ''data key'' (for location d, called K<sub>d</sub>) <br />
*A ''user access bucket'' is keyed on a bucket location and a user identifier, and contains a tuple of (perms, (location, identifier, perms, K<sub>d</sub>)_K<sub>master</sub>). That is, the access control list (ACL) record, which uniquely identifies the ability of a particular user to access a particular bucket, and contains the key to read that bucket, is encrypted with a master secret.<br />
<br />
The Key Server simply maintains a small number of master secrets. The Access Server retrieves ACL records from the data server and submits them to the Key Server, along with a credential. The Key Server verifies the credential, decrypts the ACL tuple, verifies that the identifier in the tuple matches the identifier of the credential, logs the access, and returns K<sub>d</sub> to the Access Server. (NB the Key Server should be locked down so only the Access Server can talk to it) <br />
<br />
((XX should access server include the intent of which permission it wants? would be for logging only)) <br />
<br />
== Application Authentication ==<br />
<br />
All application-level calls to the AccessServer must be authenticated **by the application**. The terms of this authentication are up to the implementation, but could include transport level or message level techniques (IP range pinning, IPsec, SSL/TLS, and API keys are all options). ((XX perhaps we could implement a couple)) <br />
<br />
== Administrative Access ==<br />
<br />
The system supports audited, fine-grained administrative access through the creation of "super-credentials". These are credentials which represents a super-user access to a **single user's data**. The Credential Oracle is required to provide features to make this work, so the exact details are out of scope for this specification, but the general flow is: <br />
<br />
*Administrative user authenticates to the credentialing system, presenting a superuser authentication and a target user <br />
*Credentialing system produces a super-credential for the target user, tagged with audit trail metadata (for example, "super user Jane, accessing user Joe, to investigate bug #6143635, at 2:25 PM 10/15/2011"). <br />
*The superuser then creates a session and issues commands as though he or she were the actual target user. The credential information is logged with all accesses.<br />
<br />
The credential system should be designed to expirte the credential in a reasonable interval to allow the administrative user to finish his or her tasks. <br />
<br />
== Batch/Automation Access ==<br />
<br />
In a similar fashion to administrative access, the system supports batch mode access for automation and aggregate analysis. The credential oracle is required to support "automation credentials" for this purpose. <br />
<br />
An automation credential is a credential that allows access to a set of users. The automated process must authenticate itself to the credential oracle and receive a credential, just like a superuser access. The process must assert the purpose of its access during this credentialing process, and the credential it receives is time- and scope-limited. ((XX details!)) For example, "Indexing batch process, handling user updates new since 10/14/2011-01:50-Z". <br />
<br />
Once the automated system has a credential, it may use that credential to begin a session and access user data. <br />
<br />
(XX If the system supports internal aggregate calculations, e.g. map-reduce or tree walking of data, the Access Server session could make use of the credential internally to access multiple user keys). <br />
<br />
== Provisioning to applications outside the trusted perimeter ==<br />
<br />
If the application-level authentication is strong enough, the Access Server could accept inbound requests from applications outside the trusted computing perimeter. These applications would still be required to authenticate themselves and present a user credential. Transport-level encryption of the communication would be mandatory. <br />
<br />
Possible topologies: <br />
<br />
*Traditional OAuth: The application authenticates with an API key and secret; the user credential is an OAuth Access Token (which was previously provisioned through an authorization flow) <br />
*BrowserID: The application authenticates with SSL/TLS or an API key and secret; the user credential is an identity assertion. ((XX what would the audience be - probably the accessing application?))<br />
<br />
<br> <br />
<br />
=== Questions ===<br />
<br />
==== "The Vault" and "The Cloud" ====<br />
<br />
Can we use this system to store non-decryptable user data without any issues? This would mean storing an ACL that contains, not K<sub>d</sub>, but a NULL key - that is, a record that we don't know how to read the document. Mozilla would still be responsible for maintaining the ACL, so that an authenticated user could extend read or write privileges to another user. <br />
<br />
==== Trusted computing base, lifecycle questions: ====<br />
<br />
*Does the access server cache credential verification, or credential to user identifier results, or key decrypt results? <br />
*Currently we need to consult the oracle twice (and maybe thrice) - once to find which identifier to use for the ACL lookup (once in access server, or once in data server, or both?), and again in the keyserver to verify that the ACL's plaintext contains the identifier in the credential. Is that really necessary?<br />
<br />
==== Data partitioning questions ====<br />
<br />
Per-user? ( identifier, datakey) Flat per-user? /identifier/datakey Flat global? /datakey <br />
<br />
Anything per user means that app needs to know user identifier to enable cross-user access. Anything global means that all users have to live in a shared namespace, which makes locality of storage harder to achieve. One option: if identifier is not reversible to user identity, could still get locality. avoiding trivial correlation means we need more than one identifier. <br />
<br />
==== Collections? Linked data structures? ====<br />
<br />
What's the right way to represent collections and graphs/trees? This probably depends a lot on the underlying persistence mechanism. <br />
<br />
If it's Riak-like, we have the ability to perform tree reassembly inside the persistence layer; this would require decrypting references inside the DB or holding references externally. Can we live with that? We could expose a collection identifier outside of the encryption envelope, for example. <br />
<br />
==== Resolution of user data to account ====<br />
<br />
As currently written, the User Identifier is the only entry point into the database, and there is only one of them. There will be cases (mostly administrative) where a valid user will need to perform discovery based on other data -- for example, to search based on givenName/familyName for a user account, when the email address has been lost, to investigate a payment. <br />
<br />
There is no efficient way to perform that query as the system is currently specified. <br />
<br />
= Strawman API =<br />
<br />
For fun, we specify the API using HTTP. <br />
<br />
== Versioning of the API ==<br />
<br />
We punt on versioning for now by using DNS, e.g. <tt>https://v1.sauropod.mozilla.org</tt> <br />
<br />
== Caller Authentication ==<br />
<br />
Every caller into the API has an API key and secret. These are used for Caller Authentication. The API key and secret are used to perform 2-legged OAuth-signed calls. There is no dance, just signing of the API call (much like Amazon S3). <br />
<br />
== Session Initiation ==<br />
<br />
POST /session/start<br />
assertion={browserid_asertion}&amp;audience={app_domain}<br />
<br />
returns a session token and secret, which are used to sign subsequent requests <br />
<br />
session_token={session_token}&amp;session_secret={session_secret}&amp;expires_at={expiration}<br />
<br />
== Set ==<br />
<br />
PUT /app/{app_id}/users/{user_id}/keys/{key}<br />
{value}<br />
<br />
== Get ==<br />
<br />
GET /apps/{app_id}/users/{user_id}/keys/{key}<br />
<br />
returns the content of the data at that key, with content-type specified at upload time. Only if authorized, of course. <br />
<br />
= Use Cases for Sauropod =<br />
<br />
== OpenWebApps ==<br />
<br />
The first use case for Sauropod is to store a user's list of installed "apps" for the OpenWebApps projects. This use-case has the following requirements (all operations are per-user): <br />
<br />
#Add an installed app. Apps are keyed by domain, and are unique. The value of an app record is an arbritrary JSON object.<br> <br />
#Retrieve the list of all installed apps, returns an array of app records.<br> <br />
#Modify an app record, disallow deleting an app (a user never unpurchases an app but may choose to uninstall it which is denoted by marking it as such in the app record).<br />
<br />
In addition, there are a few use-cases for aggregate data, not per-use.&nbsp;Ideally this aggregation would be done by the Sauropod on the server side. <br />
<br />
#Retrieve the number of installs of a particular app (without leaking information about users who have the app installed).<br><br />
#Retrieve general statistics such as: installs/hour and uninstalls/hour. <br />
#Retrieve information on how many apps have been installed from a particular app store in a given time period.<br />
<br />
<br></div>Ananthttps://wiki.mozilla.org/index.php?title=Sauropod&diff=359543Sauropod2011-10-19T18:32:27Z<p>Anant: </p>
<hr />
<div>{{draft}} <br />
<br />
= Sauropod Technical Specification =<br />
<br />
Sauropod is a secure storage system for user data. It employs end-to-end encryption and secure key storage to enable least-privilege access, fine-grain user permissioning, and a controlled and auditable process for administrative and automated data access. <br />
<br />
To application developers, Sauropod presents a key-value storage API, where each user has a completely independent universe of keys. Applications gain access to a user's store by presenting a user credential, the generation and validation of which is external to the Sauropod system. The store may also, optionally, restrict access to a particular set of user keys based on the application making the access. Applications may extend the privileges on a particular object key according to sensible transitive principles: a user that can read a file can extend read permission to any other user, and similarly for writes. (XX support locking an item down as non-sharable?) <br />
<br />
Administrative and automated access is supported through "super-credentials". These allow developers and batch processes to obtain capabilities identical to those of a user for a limited time. There is no "super-user" that is allowed to access all records; instead, an administrator acquires the permissions of a user through an authenticated, auditable process. <br />
<br />
(XX The desired implementation of Sauropod is of a key-value store with encrypted values, where the encryption keys are per-user keys that are wrapped with a small number of master secrets. Keys are only unwrapped inside the system. The API described to the client does not expose the details of the internal data protection scheme, but it is completely compatible with this internal representation) <br />
<br />
== Project Phasing ==<br />
<br />
*''Phase Zero'': In phase zero, a tentative API, including credentials, is implemented. What happens within the API is unspecified, and may not involve any cryptography to start with.<br />
<br />
*''Phase One'': In phase one, the session API is fully implemented. Callers are required to present user credentials or an administrative credential to access user data. The internal implementation is ''not'' encrypted, but uses row-level access control to enforce fine-grained access control. The Access Server, Logging, and Credential Oracle are implemented fully; the Data Server is a non-encrypted databae; the Key Server is not present. The Sharing API is not implemented. (XX how much of Administrative and Automated?)<br />
<br />
*''Phase Two'': In phase two, the Key Server is fully implemented, and the Data Server is modified to store encrypted data. The encrypted ACL system is implemented. The Sharing, Administrative, and Automated APIs are implemented.<br />
<br />
== Definition of Terms ==<br />
<br />
*Application: a process that is accessing user data on behalf of a user. Applications use Application Authentication to prove to the access server which process they are.<br />
<br />
*Access Server: a Sauropod internal process that handles requests from applications to access data and keys.<br />
<br />
*Data Server: a Sauropod internal process that maintains a table of user data. Each atom of user data has a bucket and a value.<br />
<br />
*Credential Oracle: (too cute? name?) An external process, configured as part of a Sauropod installation, which verifies a credential and translates it into a user identifier.<br />
<br />
*Credential: An string of bytes, presented by the application to the Access Server, which encodes the successful authentication of a user into the system. A credential could be a cookie (which would then be checked with a session server connected to the authentication system) or a directly-verifiable credential such as a BrowserID assertion or proof of SSL client certificate handshake.<br />
<br />
*User Identifier: An string of bytes that represents a single user in the Sauropod system. Credentials can be converted into user identifiers by the Credential Oracle.<br />
<br />
*Key Server: a Sauropod internal process that maintains a list of per-value keys. All keys are wrapped with a Master Secret that is known only to the Key Server (or, better yet, locked away in a hardware module that only the Key Server can access). Every unique value has its own key; a key may be wrapped by more than one user key (if more than one user has access to it).<br />
<br />
*Logging Aggregator: A Sauropod internal process that collates the logs of the access, data, and key servers to provide a unified view of data access behavior. It may optionally run audit logic to detect anomalous access patterns.<br />
<br />
== Basic Flow of Control ==<br />
<br />
In the course of processing a request from a user, an application needs to retrieve some data. As part of the request (or a session context connected to it), the application has a user credential. <br />
<br />
The application begins a session with the access server by sending the user credential in a BeginSession request. <br />
<br />
The Access Server validates the credential by consulting the Credential Oracle and creates a session associated with the User Identifier. A session identifier is returned to the application, which must be included with all subsequent requests. <br />
<br />
The application than issues some number of requests to the Access Server, including the session identifier with each. <br />
<br />
The Access Server authenticates the request to determine which application is making the request. It then <br />
<br />
*Determines if the application is allowed to access the requested bucket <br />
*in the Clear Data Model, verifies the credential and derives a User Identifier from it, and then determines whether that User Identifier has permissions to access the requested bucket; if permission is allowed performs the read or write <br />
*In the Encrypted Data Model, verifies the credential and derives a User Identifier from it, and then retrieves the ACL record and data ciphertext for that User Identifier at the requested bucket; the ACL is then passed to the Key Server for validation and decryption, and the key contained in the ACL is used to decrypt the ciphertext or encrypt a new ciphertext for the data.<br />
<br />
The key server and data server only respond to requests from access servers. All key server and data server operations are logged. <br />
<br />
== Data Storage Model ==<br />
<br />
(XX Need lots of feedback here). <br />
<br />
*Key-value pairs <br />
*Collections? Ordered lists? <br />
*Trees? Graphs?<br />
<br />
== Clear Data Model ==<br />
<br />
In the '''Clear Data Model''', the Data Server maintains two types of data: <br />
<br />
*A ''user data bucket'' is keyed on a bucket location, and contains the ''data''. <br />
*A ''user access bucket'' is keyed on a bucket location and a user identifier, and contains a permission (level, or bitwise mask, of read/write/admin).<br />
<br />
== Encrypted Data Model ==<br />
<br />
In the '''Encrypted Data Model''', the Data Server maintains two types of data: <br />
<br />
*A ''user data bucket'' is keyed on a bucket location, and contains the ''data'' encrypted with a ''data key'' (for location d, called K<sub>d</sub>) <br />
*A ''user access bucket'' is keyed on a bucket location and a user identifier, and contains a tuple of (perms, (location, identifier, perms, K<sub>d</sub>)_K<sub>master</sub>). That is, the access control list (ACL) record, which uniquely identifies the ability of a particular user to access a particular bucket, and contains the key to read that bucket, is encrypted with a master secret.<br />
<br />
The Key Server simply maintains a small number of master secrets. The Access Server retrieves ACL records from the data server and submits them to the Key Server, along with a credential. The Key Server verifies the credential, decrypts the ACL tuple, verifies that the identifier in the tuple matches the identifier of the credential, logs the access, and returns K<sub>d</sub> to the Access Server. (NB the Key Server should be locked down so only the Access Server can talk to it) <br />
<br />
((XX should access server include the intent of which permission it wants? would be for logging only)) <br />
<br />
== Application Authentication ==<br />
<br />
All application-level calls to the AccessServer must be authenticated **by the application**. The terms of this authentication are up to the implementation, but could include transport level or message level techniques (IP range pinning, IPsec, SSL/TLS, and API keys are all options). ((XX perhaps we could implement a couple)) <br />
<br />
== Administrative Access ==<br />
<br />
The system supports audited, fine-grained administrative access through the creation of "super-credentials". These are credentials which represents a super-user access to a **single user's data**. The Credential Oracle is required to provide features to make this work, so the exact details are out of scope for this specification, but the general flow is: <br />
<br />
*Administrative user authenticates to the credentialing system, presenting a superuser authentication and a target user <br />
*Credentialing system produces a super-credential for the target user, tagged with audit trail metadata (for example, "super user Jane, accessing user Joe, to investigate bug #6143635, at 2:25 PM 10/15/2011"). <br />
*The superuser then creates a session and issues commands as though he or she were the actual target user. The credential information is logged with all accesses.<br />
<br />
The credential system should be designed to expirte the credential in a reasonable interval to allow the administrative user to finish his or her tasks. <br />
<br />
== Batch/Automation Access ==<br />
<br />
In a similar fashion to administrative access, the system supports batch mode access for automation and aggregate analysis. The credential oracle is required to support "automation credentials" for this purpose. <br />
<br />
An automation credential is a credential that allows access to a set of users. The automated process must authenticate itself to the credential oracle and receive a credential, just like a superuser access. The process must assert the purpose of its access during this credentialing process, and the credential it receives is time- and scope-limited. ((XX details!)) For example, "Indexing batch process, handling user updates new since 10/14/2011-01:50-Z". <br />
<br />
Once the automated system has a credential, it may use that credential to begin a session and access user data. <br />
<br />
(XX If the system supports internal aggregate calculations, e.g. map-reduce or tree walking of data, the Access Server session could make use of the credential internally to access multiple user keys). <br />
<br />
== Provisioning to applications outside the trusted perimeter ==<br />
<br />
If the application-level authentication is strong enough, the Access Server could accept inbound requests from applications outside the trusted computing perimeter. These applications would still be required to authenticate themselves and present a user credential. Transport-level encryption of the communication would be mandatory. <br />
<br />
Possible topologies: <br />
<br />
*Traditional OAuth: The application authenticates with an API key and secret; the user credential is an OAuth Access Token (which was previously provisioned through an authorization flow) <br />
*BrowserID: The application authenticates with SSL/TLS or an API key and secret; the user credential is an identity assertion. ((XX what would the audience be - probably the accessing application?))<br />
<br />
<br> <br />
<br />
=== Questions ===<br />
<br />
==== "The Vault" and "The Cloud" ====<br />
<br />
Can we use this system to store non-decryptable user data without any issues? This would mean storing an ACL that contains, not K<sub>d</sub>, but a NULL key - that is, a record that we don't know how to read the document. Mozilla would still be responsible for maintaining the ACL, so that an authenticated user could extend read or write privileges to another user. <br />
<br />
==== Trusted computing base, lifecycle questions: ====<br />
<br />
*Does the access server cache credential verification, or credential to user identifier results, or key decrypt results? <br />
*Currently we need to consult the oracle twice (and maybe thrice) - once to find which identifier to use for the ACL lookup (once in access server, or once in data server, or both?), and again in the keyserver to verify that the ACL's plaintext contains the identifier in the credential. Is that really necessary?<br />
<br />
==== Data partitioning questions ====<br />
<br />
Per-user? ( identifier, datakey) Flat per-user? /identifier/datakey Flat global? /datakey <br />
<br />
Anything per user means that app needs to know user identifier to enable cross-user access. Anything global means that all users have to live in a shared namespace, which makes locality of storage harder to achieve. One option: if identifier is not reversible to user identity, could still get locality. avoiding trivial correlation means we need more than one identifier. <br />
<br />
==== Collections? Linked data structures? ====<br />
<br />
What's the right way to represent collections and graphs/trees? This probably depends a lot on the underlying persistence mechanism. <br />
<br />
If it's Riak-like, we have the ability to perform tree reassembly inside the persistence layer; this would require decrypting references inside the DB or holding references externally. Can we live with that? We could expose a collection identifier outside of the encryption envelope, for example. <br />
<br />
==== Resolution of user data to account ====<br />
<br />
As currently written, the User Identifier is the only entry point into the database, and there is only one of them. There will be cases (mostly administrative) where a valid user will need to perform discovery based on other data -- for example, to search based on givenName/familyName for a user account, when the email address has been lost, to investigate a payment. <br />
<br />
There is no efficient way to perform that query as the system is currently specified. <br />
<br />
= Strawman API =<br />
<br />
For fun, we specify the API using HTTP. <br />
<br />
== Versioning of the API ==<br />
<br />
We punt on versioning for now by using DNS, e.g. <tt>https://v1.sauropod.mozilla.org</tt> <br />
<br />
== Caller Authentication ==<br />
<br />
Every caller into the API has an API key and secret. These are used for Caller Authentication. The API key and secret are used to perform 2-legged OAuth-signed calls. There is no dance, just signing of the API call (much like Amazon S3). <br />
<br />
== Session Initiation ==<br />
<br />
POST /session/start<br />
assertion={browserid_asertion}&amp;audience={app_domain}<br />
<br />
returns a session token and secret, which are used to sign subsequent requests <br />
<br />
session_token={session_token}&amp;session_secret={session_secret}&amp;expires_at={expiration}<br />
<br />
== Set ==<br />
<br />
PUT /app/{app_id}/users/{user_id}/keys/{key}<br />
{value}<br />
<br />
== Get ==<br />
<br />
GET /apps/{app_id}/users/{user_id}/keys/{key}<br />
<br />
returns the content of the data at that key, with content-type specified at upload time. Only if authorized, of course. <br />
<br />
= Use Cases for Sauropod =<br />
<br />
== OpenWebApps ==<br />
<br />
The first use case for Sauropod is to store a user's list of installed "apps" for the OpenWebApps projects. This use-case has the following requirements (all operations are per-user): <br />
<br />
#Add an installed app. Apps are keyed by domain, and are unique. The value of an app record is an arbritrary JSON object.<br> <br />
#Retrieve the list of all installed apps, returns an array of app records.<br> <br />
#Modify an app record, disallow deleting an app (a user never unpurchases an app but may choose to uninstall it which is denoted by marking it as such in the app record).<br />
<br />
In addition, there are a few use-cases for aggregate data, not per-user:<br />
<br />
#Retrieve the number of installs of a particular app (without leaking information about users who have the app installed). Ideally this aggregation would be done by the Sauropod on the server side. <br />
#Retrieve general statistics such as: installs/hour and uninstalls/hour. <br />
#Retrieve information on how many apps have been installed from a particular app store in a given time period.<br />
<br />
<br></div>Ananthttps://wiki.mozilla.org/index.php?title=Sauropod&diff=359528Sauropod2011-10-19T18:15:13Z<p>Anant: </p>
<hr />
<div>{{draft}} <br />
<br />
= Sauropod Technical Specification =<br />
<br />
Sauropod is a secure storage system for user data. It employs end-to-end encryption and secure key storage to enable least-privilege access, fine-grain user permissioning, and a controlled and auditable process for administrative and automated data access. <br />
<br />
To application developers, Sauropod presents a key-value storage API, where each user has a completely independent universe of keys. Applications gain access to a user's store by presenting a user credential, the generation and validation of which is external to the Sauropod system. The store may also, optionally, restrict access to a particular set of user keys based on the application making the access. Applications may extend the privileges on a particular object key according to sensible transitive principles: a user that can read a file can extend read permission to any other user, and similarly for writes. (XX support locking an item down as non-sharable?) <br />
<br />
Administrative and automated access is supported through "super-credentials". These allow developers and batch processes to obtain capabilities identical to those of a user for a limited time. There is no "super-user" that is allowed to access all records; instead, an administrator acquires the permissions of a user through an authenticated, auditable process. <br />
<br />
(XX The desired implementation of Sauropod is of a key-value store with encrypted values, where the encryption keys are per-user keys that are wrapped with a small number of master secrets. Keys are only unwrapped inside the system. The API described to the client does not expose the details of the internal data protection scheme, but it is completely compatible with this internal representation) <br />
<br />
== Project Phasing ==<br />
<br />
*''Phase Zero'': In phase zero, a tentative API, including credentials, is implemented. What happens within the API is unspecified, and may not involve any cryptography to start with.<br />
<br />
*''Phase One'': In phase one, the session API is fully implemented. Callers are required to present user credentials or an administrative credential to access user data. The internal implementation is ''not'' encrypted, but uses row-level access control to enforce fine-grained access control. The Access Server, Logging, and Credential Oracle are implemented fully; the Data Server is a non-encrypted databae; the Key Server is not present. The Sharing API is not implemented. (XX how much of Administrative and Automated?)<br />
<br />
*''Phase Two'': In phase two, the Key Server is fully implemented, and the Data Server is modified to store encrypted data. The encrypted ACL system is implemented. The Sharing, Administrative, and Automated APIs are implemented.<br />
<br />
== Definition of Terms ==<br />
<br />
*Application: a process that is accessing user data on behalf of a user. Applications use Application Authentication to prove to the access server which process they are.<br />
<br />
*Access Server: a Sauropod internal process that handles requests from applications to access data and keys.<br />
<br />
*Data Server: a Sauropod internal process that maintains a table of user data. Each atom of user data has a bucket and a value.<br />
<br />
*Credential Oracle: (too cute? name?) An external process, configured as part of a Sauropod installation, which verifies a credential and translates it into a user identifier.<br />
<br />
*Credential: An string of bytes, presented by the application to the Access Server, which encodes the successful authentication of a user into the system. A credential could be a cookie (which would then be checked with a session server connected to the authentication system) or a directly-verifiable credential such as a BrowserID assertion or proof of SSL client certificate handshake.<br />
<br />
*User Identifier: An string of bytes that represents a single user in the Sauropod system. Credentials can be converted into user identifiers by the Credential Oracle.<br />
<br />
*Key Server: a Sauropod internal process that maintains a list of per-value keys. All keys are wrapped with a Master Secret that is known only to the Key Server (or, better yet, locked away in a hardware module that only the Key Server can access). Every unique value has its own key; a key may be wrapped by more than one user key (if more than one user has access to it).<br />
<br />
*Logging Aggregator: A Sauropod internal process that collates the logs of the access, data, and key servers to provide a unified view of data access behavior. It may optionally run audit logic to detect anomalous access patterns.<br />
<br />
== Basic Flow of Control ==<br />
<br />
In the course of processing a request from a user, an application needs to retrieve some data. As part of the request (or a session context connected to it), the application has a user credential. <br />
<br />
The application begins a session with the access server by sending the user credential in a BeginSession request. <br />
<br />
The Access Server validates the credential by consulting the Credential Oracle and creates a session associated with the User Identifier. A session identifier is returned to the application, which must be included with all subsequent requests. <br />
<br />
The application than issues some number of requests to the Access Server, including the session identifier with each. <br />
<br />
The Access Server authenticates the request to determine which application is making the request. It then <br />
<br />
*Determines if the application is allowed to access the requested bucket <br />
*in the Clear Data Model, verifies the credential and derives a User Identifier from it, and then determines whether that User Identifier has permissions to access the requested bucket; if permission is allowed performs the read or write <br />
*In the Encrypted Data Model, verifies the credential and derives a User Identifier from it, and then retrieves the ACL record and data ciphertext for that User Identifier at the requested bucket; the ACL is then passed to the Key Server for validation and decryption, and the key contained in the ACL is used to decrypt the ciphertext or encrypt a new ciphertext for the data.<br />
<br />
The key server and data server only respond to requests from access servers. All key server and data server operations are logged. <br />
<br />
== Data Storage Model ==<br />
<br />
(XX Need lots of feedback here). <br />
<br />
*Key-value pairs <br />
*Collections? Ordered lists? <br />
*Trees? Graphs?<br />
<br />
== Clear Data Model ==<br />
<br />
In the '''Clear Data Model''', the Data Server maintains two types of data: <br />
<br />
*A ''user data bucket'' is keyed on a bucket location, and contains the ''data''. <br />
*A ''user access bucket'' is keyed on a bucket location and a user identifier, and contains a permission (level, or bitwise mask, of read/write/admin).<br />
<br />
== Encrypted Data Model ==<br />
<br />
In the '''Encrypted Data Model''', the Data Server maintains two types of data: <br />
<br />
*A ''user data bucket'' is keyed on a bucket location, and contains the ''data'' encrypted with a ''data key'' (for location d, called K<sub>d</sub>) <br />
*A ''user access bucket'' is keyed on a bucket location and a user identifier, and contains a tuple of (perms, (location, identifier, perms, K<sub>d</sub>)_K<sub>master</sub>). That is, the access control list (ACL) record, which uniquely identifies the ability of a particular user to access a particular bucket, and contains the key to read that bucket, is encrypted with a master secret.<br />
<br />
The Key Server simply maintains a small number of master secrets. The Access Server retrieves ACL records from the data server and submits them to the Key Server, along with a credential. The Key Server verifies the credential, decrypts the ACL tuple, verifies that the identifier in the tuple matches the identifier of the credential, logs the access, and returns K<sub>d</sub> to the Access Server. (NB the Key Server should be locked down so only the Access Server can talk to it) <br />
<br />
((XX should access server include the intent of which permission it wants? would be for logging only)) <br />
<br />
== Application Authentication ==<br />
<br />
All application-level calls to the AccessServer must be authenticated **by the application**. The terms of this authentication are up to the implementation, but could include transport level or message level techniques (IP range pinning, IPsec, SSL/TLS, and API keys are all options). ((XX perhaps we could implement a couple)) <br />
<br />
== Administrative Access ==<br />
<br />
The system supports audited, fine-grained administrative access through the creation of "super-credentials". These are credentials which represents a super-user access to a **single user's data**. The Credential Oracle is required to provide features to make this work, so the exact details are out of scope for this specification, but the general flow is: <br />
<br />
*Administrative user authenticates to the credentialing system, presenting a superuser authentication and a target user <br />
*Credentialing system produces a super-credential for the target user, tagged with audit trail metadata (for example, "super user Jane, accessing user Joe, to investigate bug #6143635, at 2:25 PM 10/15/2011"). <br />
*The superuser then creates a session and issues commands as though he or she were the actual target user. The credential information is logged with all accesses.<br />
<br />
The credential system should be designed to expirte the credential in a reasonable interval to allow the administrative user to finish his or her tasks. <br />
<br />
== Batch/Automation Access ==<br />
<br />
In a similar fashion to administrative access, the system supports batch mode access for automation and aggregate analysis. The credential oracle is required to support "automation credentials" for this purpose. <br />
<br />
An automation credential is a credential that allows access to a set of users. The automated process must authenticate itself to the credential oracle and receive a credential, just like a superuser access. The process must assert the purpose of its access during this credentialing process, and the credential it receives is time- and scope-limited. ((XX details!)) For example, "Indexing batch process, handling user updates new since 10/14/2011-01:50-Z". <br />
<br />
Once the automated system has a credential, it may use that credential to begin a session and access user data. <br />
<br />
(XX If the system supports internal aggregate calculations, e.g. map-reduce or tree walking of data, the Access Server session could make use of the credential internally to access multiple user keys). <br />
<br />
== Provisioning to applications outside the trusted perimeter ==<br />
<br />
If the application-level authentication is strong enough, the Access Server could accept inbound requests from applications outside the trusted computing perimeter. These applications would still be required to authenticate themselves and present a user credential. Transport-level encryption of the communication would be mandatory. <br />
<br />
Possible topologies: <br />
<br />
*Traditional OAuth: The application authenticates with an API key and secret; the user credential is an OAuth Access Token (which was previously provisioned through an authorization flow) <br />
*BrowserID: The application authenticates with SSL/TLS or an API key and secret; the user credential is an identity assertion. ((XX what would the audience be - probably the accessing application?))<br />
<br />
<br> <br />
<br />
=== Questions ===<br />
<br />
==== "The Vault" and "The Cloud" ====<br />
<br />
Can we use this system to store non-decryptable user data without any issues? This would mean storing an ACL that contains, not K<sub>d</sub>, but a NULL key - that is, a record that we don't know how to read the document. Mozilla would still be responsible for maintaining the ACL, so that an authenticated user could extend read or write privileges to another user. <br />
<br />
==== Trusted computing base, lifecycle questions: ====<br />
<br />
*Does the access server cache credential verification, or credential to user identifier results, or key decrypt results? <br />
*Currently we need to consult the oracle twice (and maybe thrice) - once to find which identifier to use for the ACL lookup (once in access server, or once in data server, or both?), and again in the keyserver to verify that the ACL's plaintext contains the identifier in the credential. Is that really necessary?<br />
<br />
==== Data partitioning questions ====<br />
<br />
Per-user? ( identifier, datakey) Flat per-user? /identifier/datakey Flat global? /datakey <br />
<br />
Anything per user means that app needs to know user identifier to enable cross-user access. Anything global means that all users have to live in a shared namespace, which makes locality of storage harder to achieve. One option: if identifier is not reversible to user identity, could still get locality. avoiding trivial correlation means we need more than one identifier. <br />
<br />
==== Collections? Linked data structures? ====<br />
<br />
What's the right way to represent collections and graphs/trees? This probably depends a lot on the underlying persistence mechanism. <br />
<br />
If it's Riak-like, we have the ability to perform tree reassembly inside the persistence layer; this would require decrypting references inside the DB or holding references externally. Can we live with that? We could expose a collection identifier outside of the encryption envelope, for example. <br />
<br />
==== Resolution of user data to account ====<br />
<br />
As currently written, the User Identifier is the only entry point into the database, and there is only one of them. There will be cases (mostly administrative) where a valid user will need to perform discovery based on other data -- for example, to search based on givenName/familyName for a user account, when the email address has been lost, to investigate a payment. <br />
<br />
There is no efficient way to perform that query as the system is currently specified. <br />
<br />
= Strawman API =<br />
<br />
For fun, we specify the API using HTTP. <br />
<br />
== Versioning of the API ==<br />
<br />
We punt on versioning for now by using DNS, e.g. <tt>https://v1.sauropod.mozilla.org</tt> <br />
<br />
== Caller Authentication ==<br />
<br />
Every caller into the API has an API key and secret. These are used for Caller Authentication. The API key and secret are used to perform 2-legged OAuth-signed calls. There is no dance, just signing of the API call (much like Amazon S3). <br />
<br />
== Session Initiation ==<br />
<br />
POST /session/start<br />
assertion={browserid_asertion}&amp;audience={app_domain}<br />
<br />
returns a session token and secret, which are used to sign subsequent requests <br />
<br />
session_token={session_token}&amp;session_secret={session_secret}&amp;expires_at={expiration}<br />
<br />
== Set ==<br />
<br />
PUT /app/{app_id}/users/{user_id}/keys/{key}<br />
{value}<br />
<br />
== Get ==<br />
<br />
GET /apps/{app_id}/users/{user_id}/keys/{key}<br />
<br />
returns the content of the data at that key, with content-type specified at upload time. Only if authorized, of course. <br />
<br />
= Use Cases for Sauropod =<br />
<br />
== OpenWebApps ==<br />
<br />
The first use case for Sauropod is to store a user's list of installed "apps" for the OpenWebApps projects. This use-case has the following requirements (all operations are per-user): <br />
<br />
#Add an installed app. Apps are keyed by domain, and are unique. The value of an app record is an arbritrary JSON object.<br> <br />
#Retrieve the list of all installed apps, returns an array of app records.<br><br />
#Modify an app record, disallow deleting an app (a user never unpurchases an app but may choose to uninstall it which is denoted by marking it as such in the app record).<br><br />
#Retrieve the number of installs of a particular app (without leaking information about users who have the app installed). Ideally this aggregation would be done by the Sauropod on the server side.<br />
#Retrieve general statistics such as: installs/hour and uninstalls/hour.<br />
#Retrieve information on how many apps have been installed from a particular app store in a given time period.<br />
<br />
<br></div>Ananthttps://wiki.mozilla.org/index.php?title=Sauropod&diff=359526Sauropod2011-10-19T18:14:30Z<p>Anant: </p>
<hr />
<div>{{draft}} <br />
<br />
= Sauropod Technical Specification =<br />
<br />
Sauropod is a secure storage system for user data. It employs end-to-end encryption and secure key storage to enable least-privilege access, fine-grain user permissioning, and a controlled and auditable process for administrative and automated data access. <br />
<br />
To application developers, Sauropod presents a key-value storage API, where each user has a completely independent universe of keys. Applications gain access to a user's store by presenting a user credential, the generation and validation of which is external to the Sauropod system. The store may also, optionally, restrict access to a particular set of user keys based on the application making the access. Applications may extend the privileges on a particular object key according to sensible transitive principles: a user that can read a file can extend read permission to any other user, and similarly for writes. (XX support locking an item down as non-sharable?) <br />
<br />
Administrative and automated access is supported through "super-credentials". These allow developers and batch processes to obtain capabilities identical to those of a user for a limited time. There is no "super-user" that is allowed to access all records; instead, an administrator acquires the permissions of a user through an authenticated, auditable process. <br />
<br />
(XX The desired implementation of Sauropod is of a key-value store with encrypted values, where the encryption keys are per-user keys that are wrapped with a small number of master secrets. Keys are only unwrapped inside the system. The API described to the client does not expose the details of the internal data protection scheme, but it is completely compatible with this internal representation) <br />
<br />
== Project Phasing ==<br />
<br />
*''Phase Zero'': In phase zero, a tentative API, including credentials, is implemented. What happens within the API is unspecified, and may not involve any cryptography to start with.<br />
<br />
*''Phase One'': In phase one, the session API is fully implemented. Callers are required to present user credentials or an administrative credential to access user data. The internal implementation is ''not'' encrypted, but uses row-level access control to enforce fine-grained access control. The Access Server, Logging, and Credential Oracle are implemented fully; the Data Server is a non-encrypted databae; the Key Server is not present. The Sharing API is not implemented. (XX how much of Administrative and Automated?)<br />
<br />
*''Phase Two'': In phase two, the Key Server is fully implemented, and the Data Server is modified to store encrypted data. The encrypted ACL system is implemented. The Sharing, Administrative, and Automated APIs are implemented.<br />
<br />
== Definition of Terms ==<br />
<br />
*Application: a process that is accessing user data on behalf of a user. Applications use Application Authentication to prove to the access server which process they are.<br />
<br />
*Access Server: a Sauropod internal process that handles requests from applications to access data and keys.<br />
<br />
*Data Server: a Sauropod internal process that maintains a table of user data. Each atom of user data has a bucket and a value.<br />
<br />
*Credential Oracle: (too cute? name?) An external process, configured as part of a Sauropod installation, which verifies a credential and translates it into a user identifier.<br />
<br />
*Credential: An string of bytes, presented by the application to the Access Server, which encodes the successful authentication of a user into the system. A credential could be a cookie (which would then be checked with a session server connected to the authentication system) or a directly-verifiable credential such as a BrowserID assertion or proof of SSL client certificate handshake.<br />
<br />
*User Identifier: An string of bytes that represents a single user in the Sauropod system. Credentials can be converted into user identifiers by the Credential Oracle.<br />
<br />
*Key Server: a Sauropod internal process that maintains a list of per-value keys. All keys are wrapped with a Master Secret that is known only to the Key Server (or, better yet, locked away in a hardware module that only the Key Server can access). Every unique value has its own key; a key may be wrapped by more than one user key (if more than one user has access to it).<br />
<br />
*Logging Aggregator: A Sauropod internal process that collates the logs of the access, data, and key servers to provide a unified view of data access behavior. It may optionally run audit logic to detect anomalous access patterns.<br />
<br />
== Basic Flow of Control ==<br />
<br />
In the course of processing a request from a user, an application needs to retrieve some data. As part of the request (or a session context connected to it), the application has a user credential. <br />
<br />
The application begins a session with the access server by sending the user credential in a BeginSession request. <br />
<br />
The Access Server validates the credential by consulting the Credential Oracle and creates a session associated with the User Identifier. A session identifier is returned to the application, which must be included with all subsequent requests. <br />
<br />
The application than issues some number of requests to the Access Server, including the session identifier with each. <br />
<br />
The Access Server authenticates the request to determine which application is making the request. It then <br />
<br />
*Determines if the application is allowed to access the requested bucket <br />
*in the Clear Data Model, verifies the credential and derives a User Identifier from it, and then determines whether that User Identifier has permissions to access the requested bucket; if permission is allowed performs the read or write <br />
*In the Encrypted Data Model, verifies the credential and derives a User Identifier from it, and then retrieves the ACL record and data ciphertext for that User Identifier at the requested bucket; the ACL is then passed to the Key Server for validation and decryption, and the key contained in the ACL is used to decrypt the ciphertext or encrypt a new ciphertext for the data.<br />
<br />
The key server and data server only respond to requests from access servers. All key server and data server operations are logged. <br />
<br />
== Data Storage Model ==<br />
<br />
(XX Need lots of feedback here). <br />
<br />
*Key-value pairs <br />
*Collections? Ordered lists? <br />
*Trees? Graphs?<br />
<br />
== Clear Data Model ==<br />
<br />
In the '''Clear Data Model''', the Data Server maintains two types of data: <br />
<br />
*A ''user data bucket'' is keyed on a bucket location, and contains the ''data''. <br />
*A ''user access bucket'' is keyed on a bucket location and a user identifier, and contains a permission (level, or bitwise mask, of read/write/admin).<br />
<br />
== Encrypted Data Model ==<br />
<br />
In the '''Encrypted Data Model''', the Data Server maintains two types of data: <br />
<br />
*A ''user data bucket'' is keyed on a bucket location, and contains the ''data'' encrypted with a ''data key'' (for location d, called K<sub>d</sub>) <br />
*A ''user access bucket'' is keyed on a bucket location and a user identifier, and contains a tuple of (perms, (location, identifier, perms, K<sub>d</sub>)_K<sub>master</sub>). That is, the access control list (ACL) record, which uniquely identifies the ability of a particular user to access a particular bucket, and contains the key to read that bucket, is encrypted with a master secret.<br />
<br />
The Key Server simply maintains a small number of master secrets. The Access Server retrieves ACL records from the data server and submits them to the Key Server, along with a credential. The Key Server verifies the credential, decrypts the ACL tuple, verifies that the identifier in the tuple matches the identifier of the credential, logs the access, and returns K<sub>d</sub> to the Access Server. (NB the Key Server should be locked down so only the Access Server can talk to it) <br />
<br />
((XX should access server include the intent of which permission it wants? would be for logging only)) <br />
<br />
== Application Authentication ==<br />
<br />
All application-level calls to the AccessServer must be authenticated **by the application**. The terms of this authentication are up to the implementation, but could include transport level or message level techniques (IP range pinning, IPsec, SSL/TLS, and API keys are all options). ((XX perhaps we could implement a couple)) <br />
<br />
== Administrative Access ==<br />
<br />
The system supports audited, fine-grained administrative access through the creation of "super-credentials". These are credentials which represents a super-user access to a **single user's data**. The Credential Oracle is required to provide features to make this work, so the exact details are out of scope for this specification, but the general flow is: <br />
<br />
*Administrative user authenticates to the credentialing system, presenting a superuser authentication and a target user <br />
*Credentialing system produces a super-credential for the target user, tagged with audit trail metadata (for example, "super user Jane, accessing user Joe, to investigate bug #6143635, at 2:25 PM 10/15/2011"). <br />
*The superuser then creates a session and issues commands as though he or she were the actual target user. The credential information is logged with all accesses.<br />
<br />
The credential system should be designed to expirte the credential in a reasonable interval to allow the administrative user to finish his or her tasks. <br />
<br />
== Batch/Automation Access ==<br />
<br />
In a similar fashion to administrative access, the system supports batch mode access for automation and aggregate analysis. The credential oracle is required to support "automation credentials" for this purpose. <br />
<br />
An automation credential is a credential that allows access to a set of users. The automated process must authenticate itself to the credential oracle and receive a credential, just like a superuser access. The process must assert the purpose of its access during this credentialing process, and the credential it receives is time- and scope-limited. ((XX details!)) For example, "Indexing batch process, handling user updates new since 10/14/2011-01:50-Z". <br />
<br />
Once the automated system has a credential, it may use that credential to begin a session and access user data. <br />
<br />
(XX If the system supports internal aggregate calculations, e.g. map-reduce or tree walking of data, the Access Server session could make use of the credential internally to access multiple user keys). <br />
<br />
== Provisioning to applications outside the trusted perimeter ==<br />
<br />
If the application-level authentication is strong enough, the Access Server could accept inbound requests from applications outside the trusted computing perimeter. These applications would still be required to authenticate themselves and present a user credential. Transport-level encryption of the communication would be mandatory. <br />
<br />
Possible topologies: <br />
<br />
*Traditional OAuth: The application authenticates with an API key and secret; the user credential is an OAuth Access Token (which was previously provisioned through an authorization flow) <br />
*BrowserID: The application authenticates with SSL/TLS or an API key and secret; the user credential is an identity assertion. ((XX what would the audience be - probably the accessing application?))<br />
<br />
<br> <br />
<br />
=== Questions ===<br />
<br />
==== "The Vault" and "The Cloud" ====<br />
<br />
Can we use this system to store non-decryptable user data without any issues? This would mean storing an ACL that contains, not K<sub>d</sub>, but a NULL key - that is, a record that we don't know how to read the document. Mozilla would still be responsible for maintaining the ACL, so that an authenticated user could extend read or write privileges to another user. <br />
<br />
==== Trusted computing base, lifecycle questions: ====<br />
<br />
*Does the access server cache credential verification, or credential to user identifier results, or key decrypt results? <br />
*Currently we need to consult the oracle twice (and maybe thrice) - once to find which identifier to use for the ACL lookup (once in access server, or once in data server, or both?), and again in the keyserver to verify that the ACL's plaintext contains the identifier in the credential. Is that really necessary?<br />
<br />
==== Data partitioning questions ====<br />
<br />
Per-user? ( identifier, datakey) Flat per-user? /identifier/datakey Flat global? /datakey <br />
<br />
Anything per user means that app needs to know user identifier to enable cross-user access. Anything global means that all users have to live in a shared namespace, which makes locality of storage harder to achieve. One option: if identifier is not reversible to user identity, could still get locality. avoiding trivial correlation means we need more than one identifier. <br />
<br />
==== Collections? Linked data structures? ====<br />
<br />
What's the right way to represent collections and graphs/trees? This probably depends a lot on the underlying persistence mechanism. <br />
<br />
If it's Riak-like, we have the ability to perform tree reassembly inside the persistence layer; this would require decrypting references inside the DB or holding references externally. Can we live with that? We could expose a collection identifier outside of the encryption envelope, for example. <br />
<br />
==== Resolution of user data to account ====<br />
<br />
As currently written, the User Identifier is the only entry point into the database, and there is only one of them. There will be cases (mostly administrative) where a valid user will need to perform discovery based on other data -- for example, to search based on givenName/familyName for a user account, when the email address has been lost, to investigate a payment. <br />
<br />
There is no efficient way to perform that query as the system is currently specified. <br />
<br />
= Strawman API =<br />
<br />
For fun, we specify the API using HTTP. <br />
<br />
== Versioning of the API ==<br />
<br />
We punt on versioning for now by using DNS, e.g. <tt>https://v1.sauropod.mozilla.org</tt> <br />
<br />
== Caller Authentication ==<br />
<br />
Every caller into the API has an API key and secret. These are used for Caller Authentication. The API key and secret are used to perform 2-legged OAuth-signed calls. There is no dance, just signing of the API call (much like Amazon S3). <br />
<br />
== Session Initiation ==<br />
<br />
POST /session/start<br />
{assertion=$browserid_asertion&amp;audience=$app_domain}<br />
<br />
returns a session token and secret, which are used to sign subsequent requests <br />
<br />
session_token={session_token}&amp;session_secret={session_secret}&amp;expires_at={expiration}<br />
<br />
== Set ==<br />
<br />
PUT /app/{app_id}/users/{user_id}/keys/{key}<br />
{value}<br />
<br />
== Get ==<br />
<br />
GET /apps/{app_id}/users/{user_id}/keys/{key}<br />
<br />
returns the content of the data at that key, with content-type specified at upload time. Only if authorized, of course. <br />
<br />
= Use Cases for Sauropod =<br />
<br />
== OpenWebApps ==<br />
<br />
The first use case for Sauropod is to store a user's list of installed "apps" for the OpenWebApps projects. This use-case has the following requirements (all operations are per-user): <br />
<br />
#Add an installed app. Apps are keyed by domain, and are unique. The value of an app record is an arbritrary JSON object.<br> <br />
#Retrieve the list of all installed apps, returns an array of app records.<br><br />
#Modify an app record, disallow deleting an app (a user never unpurchases an app but may choose to uninstall it which is denoted by marking it as such in the app record).<br><br />
#Retrieve the number of installs of a particular app (without leaking information about users who have the app installed). Ideally this aggregation would be done by the Sauropod on the server side.<br />
#Retrieve general statistics such as: installs/hour and uninstalls/hour.<br />
#Retrieve information on how many apps have been installed from a particular app store in a given time period.<br />
<br />
<br></div>Ananthttps://wiki.mozilla.org/index.php?title=Sauropod&diff=358251Sauropod2011-10-14T18:39:41Z<p>Anant: </p>
<hr />
<div>{{draft}}<br />
<br />
= Sauropod Technical Specification =<br />
<br />
Sauropod is a secure storage system for user data. It employs end-to-end encryption and secure key storage to enable least-privilege access, fine-grain user permissioning, and a controlled and auditable process for administrative and automated data access.<br />
<br />
To application developers, Sauropod presents a key-value storage API, where each user has a completely independent universe of keys. Applications gain access to a user's store by presenting a user credential, the generation and validation of which is external to the Sauropod system. The store may also, optionally, restrict access to a particular set of user keys based on the application making the access. Applications may extend the privileges on a particular object key according to sensible transitive principles: a user that can read a file can extend read permission to any other user, and similarly for writes. (XX support locking an item down as non-sharable?)<br />
<br />
Administrative and automated access is supported through "super-credentials". These allow developers and batch processes to obtain capabilities identical to those of a user for a limited time. There is no "super-user" that is allowed to access all records; instead, an administrator acquires the permissions of a user through an authenticated, auditable process.<br />
<br />
(XX The desired implementation of Sauropod is of a key-value store with encrypted values, where the encryption keys are per-user keys that are wrapped with a small number of master secrets. Keys are only unwrapped inside the system. The API described to the client does not expose the details of the internal data protection scheme, but it is completely compatible with this internal representation)<br />
<br />
== Project Phasing ==<br />
<br />
* ''Phase Zero'': In phase zero, a tentative API, including credentials, is implemented. What happens within the API is unspecified, and may not involve any cryptography to start with.<br />
<br />
* ''Phase One'': In phase one, the session API is fully implemented. Callers are required to present user credentials or an administrative credential to access user data. The internal implementation is ''not'' encrypted, but uses row-level access control to enforce fine-grained access control. The Access Server, Logging, and Credential Oracle are implemented fully; the Data Server is a non-encrypted databae; the Key Server is not present. The Sharing API is not implemented. (XX how much of Administrative and Automated?)<br />
<br />
* ''Phase Two'': In phase two, the Key Server is fully implemented, and the Data Server is modified to store encrypted data. The encrypted ACL system is implemented. The Sharing, Administrative, and Automated APIs are implemented.<br />
<br />
== Definition of Terms ==<br />
<br />
* Application: a process that is accessing user data on behalf of a user. Applications use Application Authentication to prove to the access server which process they are.<br />
<br />
* Access Server: a Sauropod internal process that handles requests from applications to access data and keys.<br />
<br />
* Data Server: a Sauropod internal process that maintains a table of user data. Each atom of user data has a bucket and a value.<br />
<br />
* Credential Oracle: (too cute? name?) An external process, configured as part of a Sauropod installation, which verifies a credential and translates it into a user identifier.<br />
<br />
* Credential: An string of bytes, presented by the application to the Access Server, which encodes the successful authentication of a user into the system. A credential could be a cookie (which would then be checked with a session server connected to the authentication system) or a directly-verifiable credential such as a BrowserID assertion or proof of SSL client certificate handshake.<br />
<br />
* User Identifier: An string of bytes that represents a single user in the Sauropod system. Credentials can be converted into user identifiers by the Credential Oracle.<br />
<br />
* Key Server: a Sauropod internal process that maintains a list of per-value keys. All keys are wrapped with a Master Secret that is known only to the Key Server (or, better yet, locked away in a hardware module that only the Key Server can access). Every unique value has its own key; a key may be wrapped by more than one user key (if more than one user has access to it).<br />
<br />
* Logging Aggregator: A Sauropod internal process that collates the logs of the access, data, and key servers to provide a unified view of data access behavior. It may optionally run audit logic to detect anomalous access patterns.<br />
<br />
== Basic Flow of Control ==<br />
<br />
In the course of processing a request from a user, an application needs to retrieve some data. As part of the request (or a session context connected to it), the application has a user credential.<br />
<br />
The application begins a session with the access server by sending the user credential in a BeginSession request. <br />
<br />
The Access Server validates the credential by consulting the Credential Oracle and creates a session associated with the User Identifier. A session identifier is returned to the application, which must be included with all subsequent requests. <br />
<br />
The application than issues some number of requests to the Access Server, including the session identifier with each. <br />
<br />
The Access Server authenticates the request to determine which application is making the request. It then<br />
* Determines if the application is allowed to access the requested bucket<br />
* in the Clear Data Model, verifies the credential and derives a User Identifier from it, and then determines whether that User Identifier has permissions to access the requested bucket; if permission is allowed performs the read or write<br />
* In the Encrypted Data Model, verifies the credential and derives a User Identifier from it, and then retrieves the ACL record and data ciphertext for that User Identifier at the requested bucket; the ACL is then passed to the Key Server for validation and decryption, and the key contained in the ACL is used to decrypt the ciphertext or encrypt a new ciphertext for the data.<br />
<br />
The key server and data server only respond to requests from access servers. All key server and data server operations are logged.<br />
<br />
== Data Storage Model ==<br />
<br />
(XX Need lots of feedback here). <br />
* Key-value pairs<br />
* Collections? Ordered lists?<br />
* Trees? Graphs?<br />
<br />
== Clear Data Model ==<br />
<br />
In the '''Clear Data Model''', the Data Server maintains two types of data:<br />
<br />
* A ''user data bucket'' is keyed on a bucket location, and contains the ''data''.<br />
* A ''user access bucket'' is keyed on a bucket location and a user identifier, and contains a permission (level, or bitwise mask, of read/write/admin).<br />
<br />
== Encrypted Data Model ==<br />
<br />
In the '''Encrypted Data Model''', the Data Server maintains two types of data:<br />
<br />
* A ''user data bucket'' is keyed on a bucket location, and contains the ''data'' encrypted with a ''data key'' (for location d, called K<sub>d</sub>)<br />
* A ''user access bucket'' is keyed on a bucket location and a user identifier, and contains a tuple of (perms, (location, identifier, perms, K<sub>d</sub>)_K<sub>master</sub>). That is, the access control list (ACL) record, which uniquely identifies the ability of a particular user to access a particular bucket, and contains the key to read that bucket, is encrypted with a master secret.<br />
<br />
The Key Server simply maintains a small number of master secrets. The Access Server retrieves ACL records from the data server and submits them to the Key Server, along with a credential. The Key Server verifies the credential, decrypts the ACL tuple, verifies that the identifier in the tuple matches the identifier of the credential, logs the access, and returns K<sub>d</sub> to the Access Server. (NB the Key Server should be locked down so only the Access Server can talk to it)<br />
<br />
((XX should access server include the intent of which permission it wants? would be for logging only))<br />
<br />
== Application Authentication ==<br />
<br />
All application-level calls to the AccessServer must be authenticated **by the application**. The terms of this authentication are up to the implementation, but could include transport level or message level techniques (IP range pinning, IPsec, SSL/TLS, and API keys are all options). ((XX perhaps we could implement a couple))<br />
<br />
== Administrative Access ==<br />
<br />
The system supports audited, fine-grained administrative access through the creation of "super-credentials". These are credentials which represents a super-user access to a **single user's data**. The Credential Oracle is required to provide features to make this work, so the exact details are out of scope for this specification, but the general flow is:<br />
<br />
* Administrative user authenticates to the credentialing system, presenting a superuser authentication and a target user<br />
* Credentialing system produces a super-credential for the target user, tagged with audit trail metadata (for example, "super user Jane, accessing user Joe, to investigate bug #6143635, at 2:25 PM 10/15/2011").<br />
* The superuser then creates a session and issues commands as though he or she were the actual target user. The credential information is logged with all accesses.<br />
<br />
The credential system should be designed to expirte the credential in a reasonable interval to allow the administrative user to finish his or her tasks.<br />
<br />
== Batch/Automation Access ==<br />
<br />
In a similar fashion to administrative access, the system supports batch mode access for automation and aggregate analysis. The credential oracle is required to support "automation credentials" for this purpose.<br />
<br />
An automation credential is a credential that allows access to a set of users. The automated process must authenticate itself to the credential oracle and receive a credential, just like a superuser access. The process must assert the purpose of its access during this credentialing process, and the credential it receives is time- and scope-limited. ((XX details!)) For example, "Indexing batch process, handling user updates new since 10/14/2011-01:50-Z".<br />
<br />
Once the automated system has a credential, it may use that credential to begin a session and access user data.<br />
<br />
(XX If the system supports internal aggregate calculations, e.g. map-reduce or tree walking of data, the Access Server session could make use of the credential internally to access multiple user keys).<br />
<br />
== Provisioning to applications outside the trusted perimeter ==<br />
<br />
If the application-level authentication is strong enough, the Access Server could accept inbound requests from applications outside the trusted computing perimeter. These applications would still be required to authenticate themselves and present a user credential. Transport-level encryption of the communication would be mandatory.<br />
<br />
Possible topologies:<br />
<br />
* Traditional OAuth: The application authenticates with an API key and secret; the user credential is an OAuth Access Token (which was previously provisioned through an authorization flow)<br />
* BrowserID: The application authenticates with SSL/TLS or an API key and secret; the user credential is an identity assertion. ((XX what would the audience be - probably the accessing application?))<br />
<br />
<br />
=== Questions ===<br />
<br />
==== "The Vault" and "The Cloud" ====<br />
<br />
Can we use this system to store non-decryptable user data without any issues? This would mean storing an ACL that contains, not K<sub>d</sub>, but a NULL key - that is, a record that we don't know how to read the document. Mozilla would still be responsible for maintaining the ACL, so that an authenticated user could extend read or write privileges to another user.<br />
<br />
==== Trusted computing base, lifecycle questions: ====<br />
<br />
* Does the access server cache credential verification, or credential to user identifier results, or key decrypt results?<br />
* Currently we need to consult the oracle twice (and maybe thrice) - once to find which identifier to use for the ACL lookup (once in access server, or once in data server, or both?), and again in the keyserver to verify that the ACL's plaintext contains the identifier in the credential. Is that really necessary?<br />
<br />
==== Data partitioning questions ====<br />
<br />
Per-user? ( identifier, datakey)<br />
Flat per-user? /identifier/datakey<br />
Flat global? /datakey<br />
<br />
Anything per user means that app needs to know user identifier to enable cross-user access.<br />
Anything global means that all users have to live in a shared namespace, which makes locality of storage harder to achieve.<br />
One option: if identifier is not reversible to user identity, could still get locality. avoiding trivial correlation means we need more than one identifier.<br />
<br />
==== Collections? Linked data structures? ====<br />
<br />
What's the right way to represent collections and graphs/trees? This probably depends a lot on the underlying persistence mechanism.<br />
<br />
If it's Riak-like, we have the ability to perform tree reassembly inside the persistence layer; this would require decrypting references inside the DB or holding references externally. Can we live with that? We could expose a collection identifier outside of the encryption envelope, for example.<br />
<br />
==== Resolution of user data to account ====<br />
<br />
As currently written, the User Identifier is the only entry point into the database, and there is only one of them. There will be cases (mostly administrative) where a valid user will need to perform discovery based on other data -- for example, to search based on givenName/familyName for a user account, when the email address has been lost, to investigate a payment.<br />
<br />
There is no efficient way to perform that query as the system is currently specified.<br />
<br />
= Strawman API =<br />
<br />
For fun, we specify the API using HTTP.<br />
<br />
== Caller Authentication ==<br />
<br />
Every caller into the API has an API key and secret. These are used for Caller Authentication. The API key and secret are used to perform 2-legged OAuth-signed calls. There is no dance, just signing of the API call (much like Amazon S3).<br />
<br />
== Session Initiation ==<br />
<br />
POST /session/start<br />
{auth_assertion}<br />
<br />
returns a session token and secret, which are used to sign subsequent requests<br />
<br />
session_token={session_token}&session_secret={session_secret}&expires_at={expiration}<br />
<br />
== Set ==<br />
<br />
PUT /app/{app_id}/users/{user_id}/keys/{key}<br />
{value}<br />
<br />
== Get ==<br />
<br />
GET /apps/{app_id}/users/{user_id}/keys/{key}<br />
<br />
returns the content of the data at that key, with content-type specified at upload time. Only if authorized, of course.</div>Ananthttps://wiki.mozilla.org/index.php?title=Sauropod&diff=358250Sauropod2011-10-14T18:37:26Z<p>Anant: Import from intranet</p>
<hr />
<div>{{draft}}<br />
<br />
= Sauropod Technical Specification =<br />
<br />
Sauropod is a secure storage system for user data. It employs end-to-end encryption and secure key storage to enable least-privilege access, fine-grain user permissioning, and a controlled and auditable process for administrative and automated data access.<br />
<br />
To application developers, Sauropod presents a key-value storage API, where each user has a completely independent universe of keys. Applications gain access to a user's store by presenting a user credential, the generation and validation of which is external to the Sauropod system. The store may also, optionally, restrict access to a particular set of user keys based on the application making the access. Applications may extend the privileges on a particular object key according to sensible transitive principles: a user that can read a file can extend read permission to any other user, and similarly for writes. (XX support locking an item down as non-sharable?)<br />
<br />
Administrative and automated access is supported through "super-credentials". These allow developers and batch processes to obtain capabilities identical to those of a user for a limited time. There is no "super-user" that is allowed to access all records; instead, an administrator acquires the permissions of a user through an authenticated, auditable process.<br />
<br />
(XX The desired implementation of Sauropod is of a key-value store with encrypted values, where the encryption keys are per-user keys that are wrapped with a small number of master secrets. Keys are only unwrapped inside the system. The API described to the client does not expose the details of the internal data protection scheme, but it is completely compatible with this internal representation)<br />
<br />
== Project Phasing ==<br />
<br />
* ''Phase Zero'': In phase zero, a tentative API, including credentials, is implemented. What happens within the API is unspecified, and may not involve any cryptography to start with.<br />
<br />
* ''Phase One'': In phase one, the session API is fully implemented. Callers are required to present user credentials or an administrative credential to access user data. The internal implementation is ''not'' encrypted, but uses row-level access control to enforce fine-grained access control. The Access Server, Logging, and Credential Oracle are implemented fully; the Data Server is a non-encrypted databae; the Key Server is not present. The Sharing API is not implemented. (XX how much of Administrative and Automated?)<br />
<br />
* ''Phase Two'': In phase two, the Key Server is fully implemented, and the Data Server is modified to store encrypted data. The encrypted ACL system is implemented. The Sharing, Administrative, and Automated APIs are implemented.<br />
<br />
== Definition of Terms ==<br />
<br />
* Application: a process that is accessing user data on behalf of a user. Applications use Application Authentication to prove to the access server which process they are.<br />
<br />
* Access Server: a Sauropod internal process that handles requests from applications to access data and keys.<br />
<br />
* Data Server: a Sauropod internal process that maintains a table of user data. Each atom of user data has a bucket and a value.<br />
<br />
* Credential Oracle: (too cute? name?) An external process, configured as part of a Sauropod installation, which verifies a credential and translates it into a user identifier.<br />
<br />
* Credential: An string of bytes, presented by the application to the Access Server, which encodes the successful authentication of a user into the system. A credential could be a cookie (which would then be checked with a session server connected to the authentication system) or a directly-verifiable credential such as a BrowserID assertion or proof of SSL client certificate handshake.<br />
<br />
* User Identifier: An string of bytes that represents a single user in the Sauropod system. Credentials can be converted into user identifiers by the Credential Oracle.<br />
<br />
* Key Server: a Sauropod internal process that maintains a list of per-value keys. All keys are wrapped with a Master Secret that is known only to the Key Server (or, better yet, locked away in a hardware module that only the Key Server can access). Every unique value has its own key; a key may be wrapped by more than one user key (if more than one user has access to it).<br />
<br />
* Logging Aggregator: A Sauropod internal process that collates the logs of the access, data, and key servers to provide a unified view of data access behavior. It may optionally run audit logic to detect anomalous access patterns.<br />
<br />
== Basic Flow of Control ==<br />
<br />
In the course of processing a request from a user, an application needs to retrieve some data. As part of the request (or a session context connected to it), the application has a user credential.<br />
<br />
The application begins a session with the access server by sending the user credential in a BeginSession request. <br />
<br />
The Access Server validates the credential by consulting the Credential Oracle and creates a session associated with the User Identifier. A session identifier is returned to the application, which must be included with all subsequent requests. <br />
<br />
The application than issues some number of requests to the Access Server, including the session identifier with each. <br />
<br />
The Access Server authenticates the request to determine which application is making the request. It then<br />
* Determines if the application is allowed to access the requested bucket<br />
* in the Clear Data Model, verifies the credential and derives a User Identifier from it, and then determines whether that User Identifier has permissions to access the requested bucket; if permission is allowed performs the read or write<br />
* In the Encrypted Data Model, verifies the credential and derives a User Identifier from it, and then retrieves the ACL record and data ciphertext for that User Identifier at the requested bucket; the ACL is then passed to the Key Server for validation and decryption, and the key contained in the ACL is used to decrypt the ciphertext or encrypt a new ciphertext for the data.<br />
<br />
The key server and data server only respond to requests from access servers. All key server and data server operations are logged.<br />
<br />
== Data Storage Model ==<br />
<br />
(XX Need lots of feedback here). <br />
* Key-value pairs<br />
* Collections? Ordered lists?<br />
* Trees? Graphs?<br />
<br />
== Clear Data Model ==<br />
<br />
In the '''Clear Data Model''', the Data Server maintains two types of data:<br />
<br />
* A ''user data bucket'' is keyed on a bucket location, and contains the ''data''.<br />
* A ''user access bucket'' is keyed on a bucket location and a user identifier, and contains a permission (level, or bitwise mask, of read/write/admin).<br />
<br />
== Encrypted Data Model ==<br />
<br />
In the '''Encrypted Data Model''', the Data Server maintains two types of data:<br />
<br />
* A ''user data bucket'' is keyed on a bucket location, and contains the ''data'' encrypted with a ''data key'' (for location d, called K<sub>d</sub>)<br />
* A ''user access bucket'' is keyed on a bucket location and a user identifier, and contains a tuple of (perms, (location, identifier, perms, K<sub>d</sub>)_K<sub>master</sub>). That is, the access control list (ACL) record, which uniquely identifies the ability of a particular user to access a particular bucket, and contains the key to read that bucket, is encrypted with a master secret.<br />
<br />
The Key Server simply maintains a small number of master secrets. The Access Server retrieves ACL records from the data server and submits them to the Key Server, along with a credential. The Key Server verifies the credential, decrypts the ACL tuple, verifies that the identifier in the tuple matches the identifier of the credential, logs the access, and returns K<sub>d</sub> to the Access Server. (NB the Key Server should be locked down so only the Access Server can talk to it)<br />
<br />
((XX should access server include the intent of which permission it wants? would be for logging only))<br />
<br />
== Application Authentication ==<br />
<br />
All application-level calls to the AccessServer must be authenticated **by the application**. The terms of this authentication are up to the implementation, but could include transport level or message level techniques (IP range pinning, IPsec, SSL/TLS, and API keys are all options). ((XX perhaps we could implement a couple))<br />
<br />
== Administrative Access ==<br />
<br />
The system supports audited, fine-grained administrative access through the creation of "super-credentials". These are credentials which represents a super-user access to a **single user's data**. The Credential Oracle is required to provide features to make this work, so the exact details are out of scope for this specification, but the general flow is:<br />
<br />
* Administrative user authenticates to the credentialing system, presenting a superuser authentication and a target user<br />
* Credentialing system produces a super-credential for the target user, tagged with audit trail metadata (for example, "super user Jane, accessing user Joe, to investigate bug #6143635, at 2:25 PM 10/15/2011").<br />
* The superuser then creates a session and issues commands as though he or she were the actual target user. The credential information is logged with all accesses.<br />
<br />
The credential system should be designed to expirte the credential in a reasonable interval to allow the administrative user to finish his or her tasks.<br />
<br />
== Batch/Automation Access ==<br />
<br />
In a similar fashion to administrative access, the system supports batch mode access for automation and aggregate analysis. The credential oracle is required to support "automation credentials" for this purpose.<br />
<br />
An automation credential is a credential that allows access to a set of users. The automated process must authenticate itself to the credential oracle and receive a credential, just like a superuser access. The process must assert the purpose of its access during this credentialing process, and the credential it receives is time- and scope-limited. ((XX details!)) For example, "Indexing batch process, handling user updates new since 10/14/2011-01:50-Z".<br />
<br />
Once the automated system has a credential, it may use that credential to begin a session and access user data.<br />
<br />
(XX If the system supports internal aggregate calculations, e.g. map-reduce or tree walking of data, the Access Server session could make use of the credential internally to access multiple user keys).<br />
<br />
== Provisioning to applications outside the trusted perimeter ==<br />
<br />
If the application-level authentication is strong enough, the Access Server could accept inbound requests from applications outside the trusted computing perimeter. These applications would still be required to authenticate themselves and present a user credential. Transport-level encryption of the communication would be mandatory.<br />
<br />
Possible topologies:<br />
<br />
* Traditional OAuth: The application authenticates with an API key and secret; the user credential is an OAuth Access Token (which was previously provisioned through an authorization flow)<br />
* BrowserID: The application authenticates with SSL/TLS or an API key and secret; the user credential is an identity assertion. ((XX what would the audience be - probably the accessing application?))<br />
<br />
<br />
=== Questions ===<br />
<br />
==== "The Vault" and "The Cloud" ====<br />
<br />
Can we use this system to store non-decryptable user data without any issues? This would mean storing an ACL that contains, not K<sub>d</sub>, but a NULL key - that is, a record that we don't know how to read the document. Mozilla would still be responsible for maintaining the ACL, so that an authenticated user could extend read or write privileges to another user.<br />
<br />
==== Trusted computing base, lifecycle questions: ====<br />
<br />
* Does the access server cache credential verification, or credential to user identifier results, or key decrypt results?<br />
* Currently we need to consult the oracle twice (and maybe thrice) - once to find which identifier to use for the ACL lookup (once in access server, or once in data server, or both?), and again in the keyserver to verify that the ACL's plaintext contains the identifier in the credential. Is that really necessary?<br />
<br />
==== Data partitioning questions ====<br />
<br />
Per-user? ( identifier, datakey)<br />
Flat per-user? /identifier/datakey<br />
Flat global? /datakey<br />
<br />
Anything per user means that app needs to know user identifier to enable cross-user access.<br />
Anything global means that all users have to live in a shared namespace, which makes locality of storage harder to achieve.<br />
One option: if identifier is not reversible to user identity, could still get locality. avoiding trivial correlation means we need more than one identifier.<br />
<br />
==== Collections? Linked data structures? ====<br />
<br />
What's the right way to represent collections and graphs/trees? This probably depends a lot on the underlying persistence mechanism.<br />
<br />
If it's Riak-like, we have the ability to perform tree reassembly inside the persistence layer; this would require decrypting references inside the DB or holding references externally. Can we live with that? We could expose a collection identifier outside of the encryption envelope, for example.<br />
<br />
==== Resolution of user data to account ====<br />
<br />
As currently written, the User Identifier is the only entry point into the database, and there is only one of them. There will be cases (mostly administrative) where a valid user will need to perform discovery based on other data -- for example, to search based on givenName/familyName for a user account, when the email address has been lost, to investigate a payment.<br />
<br />
There is no efficient way to perform that query as the system is currently specified.<br />
<br />
= Strawman API =<br />
<br />
For fun, we specify the API using HTTP.<br />
<br />
== Caller Authentication ==<br />
<br />
Every caller into the API has an API key and secret. These are used for Caller Authentication. The API key and secret are used to perform 2-legged OAuth-signed calls. There is no dance, just signing of the API call (much like Amazon S3).<br />
<br />
== Session Initiation ==<br />
<br />
POST /session/start<br />
{auth_assertion}<br />
<br />
returns a session token and secret, which are used to sign subsequent requests<br />
<br />
session_token={session_token}&session_secret={session_secret}&expires_at={expiration}<br />
<br />
== Set ==<br />
<br />
PUT /app/{app_id}/users/{user_id}/keys/{key}<br />
{value}<br />
<br />
== Get ==<br />
<br />
GET /apps/{app_id}/users/{user_id}/keys/{key}<br />
<br />
returns the content of the data at that key, with content-type specified at upload time. Only if authorized, of course.<br />
<br />
= TEXT BELOW THIS POINT IS OLDER AND MAY BE OUT OF DATE =<br />
<br />
<br />
<br />
== User Data Model ==<br />
<br />
The UDS implements a per-user key-value store abstraction. The user model is multi-identifier.<br />
<br />
User has one or more Identifiers<br />
Identifier has a type and a value<br />
<br />
User has zero or more Data<br />
Data has a key and a value<br />
<br />
XXX are identifiers unique?<br />
XXX collections? ordering?<br />
<br />
The UDS will index the user database by the known identifiers (after, internally, hashing and salting them for safety).<br />
<br />
On a per-key basis, a data element may be encrypted. <br />
<br />
XXX encryption discussion:<br />
<br />
* we don't have the keys<br />
* we have a per-user key, wrapped in a symmetric key that we have in an HSM - hard to do aggregate analysis!<br />
* the data is not per-user encrypted (on-disk encryption only)<br />
<br />
Do we explicitly model/support the conversion of a data element from one of these encryption styles to another? (how about a collection?)</div>Ananthttps://wiki.mozilla.org/index.php?title=ReleaseEngineering/DisposableProjectRepositories&diff=349688ReleaseEngineering/DisposableProjectRepositories2011-09-20T17:32:22Z<p>Anant: </p>
<hr />
<div>== What is a disposable project branch? ==<br />
These are project branches that can be cloned fresh from any mozilla-central based repo with the full gamut of tests enabled. No l10n or<br />
nightlies for now. Similar to [[ReleaseEngineering/TryServer|TryServer]] but for longer, and just for '''you'''. Unlike Try, the commit level on these branches is '''level_2 (and above) contributors only''' so please bear that in mind.<br />
<br />
===Do you need a disposable branch?===<br />
Ask yourself the following:<br />
<br />
'''Does your project have an end date?'''<br />
<br />
If your answer is '''No''' then you should follow the process at [https://wiki.mozilla.org/ReleaseEngineering:ProjectBranchPlanning Project Branch Planning]<br />
<br />
<br />
If your project is a temporary feature sprint that needs its own rapid test coverage but will eventually be merged into mozilla-central and no longer be on its own by all means, please go ahead and <br />
<br />
===Book one of our fabulous "disposable" project branches===<br />
<br />
* Sign up below in the [https://wiki.mozilla.org/DisposableProjectBranches#BOOKING_SCHEDULE BOOKING SCHEDULE]<br />
* Make a [https://bugzilla.mozilla.org/enter_bug.cgi?product=mozilla.org&component=Server%20Operations&short_desc=Requesting%20twig%20repo%20{booked_repo}%20be%20reset&comment=Please%20run%20the%20{script_name}%20and%20reset%20{booked_repo}%20to%20{url} request] to IT to reset the repo for you as a clone from your own project repo (or default mozilla-central:tip). '''Copy the script below into bug request, replacing the REPO_PATH and TWIG with your repo and booked branch'''.<br />
<pre><br />
export REPO_PATH=[path to your repo] # eg: users/lsblakk_mozilla.com/staging<br />
export TWIG=[alder|birch|cedar|holly|larch|maple] # whichever twig you booked<br />
<br />
cd /repo/hg/scripts/<br />
./reset_pp_repo.sh -s /repo/hg/mozilla/$REPO_PATH -r tip -d $TWIG<br />
</pre><br />
* Sit back and watch your builds and test results roll in ([http://tbpl.mozilla.org/?tree=Alder Alder],[http://tbpl.mozilla.org/?tree=Birch Birch],[http://tbpl.mozilla.org/?tree=Cedar Cedar],[http://tbpl.mozilla.org/?tree=Holly Holly],[http://tbpl.mozilla.org/?tree=Larch Larch],[http://tbpl.mozilla.org/?tree=Maple Maple]). <br />
** '''Special note - READ ME:''' the first push to your newly cloned repo should now trigger a build since {{bug|562026}} was checked in. If it does not, please re-open the bug.<br />
** It will take 3 build runs for the leak checking tools to establish themselves. Before the third run expect to see the builds marked as burning. Other than the leak check the builds should compile and test fine.<br />
<br />
== Using a custom mozconfig ==<br />
<br />
If you want to use setting other than those in the default mozconfigs, you can push an '''extra file''' to the $topsrcdir: <br />
<br />
*'''mozconfig-extra''' with settings to be applied to all mozconfigs <br />
*'''mozconfig-extra-$platform''' to apply changes only to that platform's mozconfig, where $platform is one of linux, linux64, win32, macosx, macosx64<br />
<br />
The options you enable/disable in your custom mozconfig are '''appended''' to the existing config. <br />
<br />
The default mozconfigs used for builds are in Hg: [http://hg.mozilla.org/build/buildbot-configs/file/6b889c254fee/mozilla2/linux/generic/nightly/mozconfig http://hg.mozilla.org/build/buildbot-configs/file/6b889c254fee/mozilla2/linux/generic/nightly/mozconfig] for example<br />
<br />
===Disabling specific platforms===<br />
You can put '''exit 1''' in any mozconfig-extra-$platform in order to cause it to not compile. This is a temporary workaround but we recommend doing this if there are platforms you know you do not need results for as it will keep our build and test resources going where they are most needed.<br />
<br />
== BOOKING SCHEDULE ==<br />
<br />
{| class="data"<br />
|-<br />
! Repo Name <br />
! User/Dev Team contact <br />
! Booking Dates <br />
! Next in Line<br />
|-<br />
| projects/alder<br />
| jesup, anant: WebRTC integration<br />
| 2011-09-20 – indefinite<br />
| -<br />
|-<br />
| projects/birch<br />
| bhackett: Maintain copy of m-c without TypeInference<br />
| 2011-08-22 - 2011-09-27<br />
| -<br />
|-<br />
| projects/cedar<br />
| dietrich: BrowserId add-on integration<br />
| 2011-08-29 - 2011-12-31<br />
| -<br />
|-<br />
| projects/holly<br />
| Jetpack team: work on supporting running add-ons out of process<br />
| 2011-08-17 - unknown<br />
| -<br />
|-<br />
| projects/larch<br />
| networking team: Pipelining followed by SSL and SPDY work.<br />
| 2011-06-13 - 2011-10-1<br />
| -<br />
|-<br />
| projects/maple<br />
| GPHemsley, kscanne: [[User:GPHemsley/BCP 47|Implementation of BCP 47]] ({{bug|356038}})<br />
| 2011-07-06 – indefinite<br />
| -<br />
|}<br />
<br />
Be sure to keep a copy of anything you need from the repo prior to unbooking it.</div>Ananthttps://wiki.mozilla.org/index.php?title=Standards&diff=320867Standards2011-06-20T22:42:43Z<p>Anant: /* WebRTC WG */</p>
<hr />
<div>There are a lot of people at Mozilla working with a variety of different standards bodies. This is a directory of standards organizations (and sub-orgs like working groups) listing who at Mozilla is working with each.<br />
<br />
<h1> Web Standards Coordination </h1><br />
<br />
To encourage better web standards coordination and cross-pollination, the sections below are organized by standards body, then working group (if any), then list of Mozilla folks participating in that working group, optionally listing which particular specifications (or sections thereof) that they edit/author/contribute to.<br />
<br />
If you actively communicate/participate with a standards body, please add yourself.<br />
<br />
If you work in multiple working groups or with multiple standards organizations, list yourself in each, linking to your wiki User page.<br />
<br />
For standards development/implementation see and add to: [[Standards implementation]]<br />
<br />
Thanks!<br />
<br />
— [[User:Tantek|Tantek]]<br />
<br />
== IETF ==<br />
http://ietf.org/<br />
* <span class="vcard"><span class="fn">Chris Blizzard</span></span> <br />
* <span class="vcard"><span class="fn">Rob Sayre</span></span><br />
=== HyBi ===<br />
* HyBi (WebSockets)<br />
** Pat McManus<br />
<br />
=== VCARDDAV ===<br />
vcarddav group/list.<br />
* <span class="vcard"><span class="fn">Tantek Çelik</span></span><br />
Specifications: [[vCard4]]<br />
<br />
== OWF ==<br />
http://openwebfoundation.org/<br />
* <span class="vcard"><span class="fn">[[User:Tantek|Tantek Çelik]]</span> (<span class="role">elected board member</span>)</span><br />
<br />
Specifications: [http://openwebfoundation.org/legal/agreement/ Open Web Foundation Agreement] (OWFa)<br />
<br />
== W3C ==<br />
http://w3.org/<br />
=== Advisory Committee representative ===<br />
* <span class="vcard"><span class="fn">[[User:Dbaron|David Baron]]</span></span><br />
<br />
=== Audio Incubator Group ===<br />
http://www.w3.org/2005/Incubator/audio/<br />
* <span class="vcard"><span class="fn">Alistair MacDonald</span></span><br />
<br />
=== CSS WG ===<br />
* home page: http://w3.org/Style/CSS/<br />
* discussions: http://lists.w3.org/Archives/Public/www-style/<br />
<br />
Working group members related to Mozilla (also on w3c-css-wg)<br />
* [[User:Dbaron|David Baron]]<br />
* [[User:Tantek|Tantek Çelik]] (invited expert)<br />
* <span class="vcard"><span class="fn">John Daggett</span></span><br />
* [[User:Fantasai|fantasai]] (invited expert)<br />
* Masayuki Nakano<br />
* Robert O'Callahan<br />
<br />
Additional www-style list participants related to Mozilla (anyone is welcome to join)<br />
* <span class="vcard"><span class="fn">Henri Sivonen</span></span><br />
* <span class="vcard"><span class="fn">Boris Zbarsky</span></span><br />
* ...<br />
<br />
Specifications: [[CSS21]], [[CSS3]]<br />
<br />
=== FSW IG ===<br />
W3C Federated Social Web Incubator<br />
http://www.w3.org/2005/Incubator/federatedsocialweb/ <br />
* [[User:Tantek|Tantek Çelik]]<br />
* ...<br />
<br />
=== HTML WG ===<br />
http://w3.org/MarkUp/<br />
* [[User:Tantek|Tantek Çelik]]<br />
* <span class="vcard"><span class="fn">Jonas Sicking<br />
* Henri Sivonen<br />
* ...<br />
<br />
Specifications: [[HTML5]]<br />
<br />
=== Internationalization WG ===<br />
http://w3.org/International/<br />
* [[User:Fantasai|fantasai]]<br />
<br />
=== SVG WG ===<br />
http://w3.org/SVG/<br />
* ... User: ...<br />
<br />
Specifications: ...<br />
<br />
=== Web Apps WG ===<br />
* sicking<br />
* sdwilsh<br />
* bent<br />
<br />
Specifications: IndexedDB<br />
<br />
=== WebRTC WG ===<br />
* Tim Terriberry<br />
* Chris Blizzard<br />
* Anant Narayanan<br />
<br />
Specifications: Media capture & [http://www.w3.org/2011/04/webrtc-charter.html streaming APIs]<br />
<br />
= Other? =<br />
<br />
=== CalConnect ===<br />
<br />
Mozilla is a member of CalConnect, which is AFAICT not actually affiliated w/ IETF or W3C but loosely affiliated w/ both. CalConnect produces CalDAV<br />
<br />
=== Federated Social Web ===<br />
<br />
A bunch of people are trying to get the social web to move towards federated standards, but there's no clear standards home yet.<br />
<br />
= related =<br />
See also:<br />
* [[Events]] - which include web standards-related events.</div>Ananthttps://wiki.mozilla.org/index.php?title=Standards&diff=320866Standards2011-06-20T22:41:50Z<p>Anant: </p>
<hr />
<div>There are a lot of people at Mozilla working with a variety of different standards bodies. This is a directory of standards organizations (and sub-orgs like working groups) listing who at Mozilla is working with each.<br />
<br />
<h1> Web Standards Coordination </h1><br />
<br />
To encourage better web standards coordination and cross-pollination, the sections below are organized by standards body, then working group (if any), then list of Mozilla folks participating in that working group, optionally listing which particular specifications (or sections thereof) that they edit/author/contribute to.<br />
<br />
If you actively communicate/participate with a standards body, please add yourself.<br />
<br />
If you work in multiple working groups or with multiple standards organizations, list yourself in each, linking to your wiki User page.<br />
<br />
For standards development/implementation see and add to: [[Standards implementation]]<br />
<br />
Thanks!<br />
<br />
— [[User:Tantek|Tantek]]<br />
<br />
== IETF ==<br />
http://ietf.org/<br />
* <span class="vcard"><span class="fn">Chris Blizzard</span></span> <br />
* <span class="vcard"><span class="fn">Rob Sayre</span></span><br />
=== HyBi ===<br />
* HyBi (WebSockets)<br />
** Pat McManus<br />
<br />
=== VCARDDAV ===<br />
vcarddav group/list.<br />
* <span class="vcard"><span class="fn">Tantek Çelik</span></span><br />
Specifications: [[vCard4]]<br />
<br />
== OWF ==<br />
http://openwebfoundation.org/<br />
* <span class="vcard"><span class="fn">[[User:Tantek|Tantek Çelik]]</span> (<span class="role">elected board member</span>)</span><br />
<br />
Specifications: [http://openwebfoundation.org/legal/agreement/ Open Web Foundation Agreement] (OWFa)<br />
<br />
== W3C ==<br />
http://w3.org/<br />
=== Advisory Committee representative ===<br />
* <span class="vcard"><span class="fn">[[User:Dbaron|David Baron]]</span></span><br />
<br />
=== Audio Incubator Group ===<br />
http://www.w3.org/2005/Incubator/audio/<br />
* <span class="vcard"><span class="fn">Alistair MacDonald</span></span><br />
<br />
=== CSS WG ===<br />
* home page: http://w3.org/Style/CSS/<br />
* discussions: http://lists.w3.org/Archives/Public/www-style/<br />
<br />
Working group members related to Mozilla (also on w3c-css-wg)<br />
* [[User:Dbaron|David Baron]]<br />
* [[User:Tantek|Tantek Çelik]] (invited expert)<br />
* <span class="vcard"><span class="fn">John Daggett</span></span><br />
* [[User:Fantasai|fantasai]] (invited expert)<br />
* Masayuki Nakano<br />
* Robert O'Callahan<br />
<br />
Additional www-style list participants related to Mozilla (anyone is welcome to join)<br />
* <span class="vcard"><span class="fn">Henri Sivonen</span></span><br />
* <span class="vcard"><span class="fn">Boris Zbarsky</span></span><br />
* ...<br />
<br />
Specifications: [[CSS21]], [[CSS3]]<br />
<br />
=== FSW IG ===<br />
W3C Federated Social Web Incubator<br />
http://www.w3.org/2005/Incubator/federatedsocialweb/ <br />
* [[User:Tantek|Tantek Çelik]]<br />
* ...<br />
<br />
=== HTML WG ===<br />
http://w3.org/MarkUp/<br />
* [[User:Tantek|Tantek Çelik]]<br />
* <span class="vcard"><span class="fn">Jonas Sicking<br />
* Henri Sivonen<br />
* ...<br />
<br />
Specifications: [[HTML5]]<br />
<br />
=== Internationalization WG ===<br />
http://w3.org/International/<br />
* [[User:Fantasai|fantasai]]<br />
<br />
=== SVG WG ===<br />
http://w3.org/SVG/<br />
* ... User: ...<br />
<br />
Specifications: ...<br />
<br />
=== Web Apps WG ===<br />
* sicking<br />
* sdwilsh<br />
* bent<br />
<br />
Specifications: IndexedDB<br />
<br />
=== WebRTC WG ===<br />
* Tim Terriberry<br />
* Chris Blizzard<br />
* Anant Narayanan<br />
<br />
Specifications: Media capture & streaming APIs<br />
<br />
= Other? =<br />
<br />
=== CalConnect ===<br />
<br />
Mozilla is a member of CalConnect, which is AFAICT not actually affiliated w/ IETF or W3C but loosely affiliated w/ both. CalConnect produces CalDAV<br />
<br />
=== Federated Social Web ===<br />
<br />
A bunch of people are trying to get the social web to move towards federated standards, but there's no clear standards home yet.<br />
<br />
= related =<br />
See also:<br />
* [[Events]] - which include web standards-related events.</div>Ananthttps://wiki.mozilla.org/index.php?title=MediaStreamAPI&diff=296945MediaStreamAPI2011-04-09T03:35:42Z<p>Anant: </p>
<hr />
<div>= Streams, RTC, audio API and media controllers =<br />
<br />
=== Scenarios ===<br />
<br />
These are higher-level than use-cases. <br />
<br />
1) Play video with processing effect applied to the audio track <br />
<br />
2) Play video with processing effects mixing in out-of-band audio tracks (in sync) <br />
<br />
3) Capture microphone input and stream it out to a peer with a processing effect applied to the audio <br />
<br />
4) Capture microphone input and visualize it as it is being streamed out to a peer and recorded <br />
<br />
5) Capture microphone input, visualize it, mix in another audio track and stream the result to a peer and record <br />
<br />
6) Receive audio streams from peers, mix them with spatialization effects, and play <br />
<br />
7) Seamlessly chain from the end of one input stream to another <br />
<br />
8) Seamlessly switch from one input stream to another, e.g. to implement adaptive streaming <br />
<br />
9) Synthesize samples from JS data <br />
<br />
10) Trigger a sound sample to be played through the effects graph ASAP but without causing any blocking<br />
<br />
11) Synchronized MIDI + Audio capture<br />
<br />
12) Synchronized MIDI + Audio playback (Would that just work if streams could contain MIDI data?)<br />
<br />
13) Capture video from a camera and analyze it (e.g. face recognition)<br />
<br />
14) Capture video, record it to a file and upload the file (e.g. Youtube)<br />
<br />
15) Capture video from a canvas element, record it and upload (e.g. Screencast/"Webcast" or composite multiple video sources with effects into a single canvas then record)<br />
<br />
=== Straw-man Proposal ===<br />
<br />
==== Streams ====<br />
<br />
The semantics of a stream:<br />
<br />
*A window of timecoded video and audio data. <br />
*The timecodes are in the stream's own internal timeline. The internal timeline can have any base offset but always advances at the same rate as real time, if it's advancing at all. <br />
*Not seekable, resettable etc. The window moves forward automatically in real time (or close to it). <br />
*A stream can be "blocked". While it's blocked, its timeline and data window does not advance.<br />
<br />
Blocked state should be reflected in a new readyState value "BLOCKED". We should have a callback when the stream blocks and unblocks, too.<br />
<br />
We do not allow streams to have independent timelines (e.g. no adjustable playback rate or seeking within an arbitrary Stream), because that leads to a single Stream being consumed at multiple different offsets at the same time, which requires either unbounded buffering or multiple internal decoders and streams for a single Stream. It seems simpler and more predictable in performance to require authors to create multiple streams (if necessary) and change the playback rate in the original stream sources.<br />
<br />
*Streams can end. The end state is reflected in the Stream readyState. A stream can never resume after it has ended.<br />
<br />
Hard case: <br />
<br />
*Mix http://slow with http://fast, and mix http://fast with http://fast2; does the http://fast stream have to provide data at two different offsets? <br />
*Solution: if a (non-live) stream feeds into a blocking mixer, then it itself gets blocked. This has the same effect as the entire graph of (non-live) connected streams blocking as a unit.<br />
<br />
==== Media elements ====<br />
<br />
interface HTMLMediaElement {<br />
// Returns new stream of "what the element is playing" ---<br />
// whatever the element is currently playing, after its<br />
// volume and playbackrate are taken into account.<br />
// While the element is not playing (e.g. because it's paused<br />
// or buffering), the stream is blocked. This stream never<br />
// ends; if the element ends playback, the stream just blocks<br />
// and can resume if the element starts playing again.<br />
// When something else causes this stream to be blocked,<br />
// we block the output of the media element.<br />
Stream createStream();<br />
<br />
// Like getStream(), but also sets the captureAudio attribute.<br />
Stream captureStream();<br />
<br />
// When set, do not produce direct audio output. Audio output<br />
// is still sent to the streams created by createStream() or captureStream()<br />
// is called.<br />
// This attribute is NOT reflected into the DOM. It's initially false.<br />
attribute boolean captureAudio;<br />
<br />
// Can be set to a Stream. Blocked streams play silence and show the last video frame.<br />
attribute any src;<br />
};<br />
<br />
==== Stream extensions ====<br />
<br />
Streams can have attributes that transform their output: <br />
<br />
interface Stream {<br />
attribute double volume;<br />
<br />
// When set, destinations treat the stream as not blocking. While the stream is<br />
// blocked, its data are replaced with silence.<br />
attribute boolean live;<br />
<br />
// Time on its own timeline<br />
readonly double currentTime;<br />
<br />
// Create a new StreamProcessor with this Stream as the input.<br />
StreamProcessor createProcessor();<br />
// Create a new StreamProcessor with this Stream as the input,<br />
// initializing worker.<br />
StreamProcessor createProcessor(Worker worker);<br />
};<br />
<br />
==== Stream mixing and processing ====<br />
<br />
[Constructor]<br />
interface StreamProcessor : Stream {<br />
readonly attribute Stream[] inputs;<br />
void addStream(Stream input);<br />
void setInputParams(Stream input, any params);<br />
void removeStream(Stream input);<br />
<br />
// Causes this stream to enter the ended state.<br />
// No more worker callbacks will be issued.<br />
void end(double delay);<br />
<br />
attribute Worker worker;<br />
};<br />
<br />
This object combines multiple streams with synchronization to create a new stream. While any input stream is blocked and not live, the StreamProcessor is blocked. While the StreamProcessor is blocked, all its input streams are forced to be blocked. (Note that this can cause other StreamProcessors using the same input stream(s) to block, etc.) <br />
<br />
The offset from the timeline of an input to the timeline of the StreamProcessor is set automatically when the stream is added to the StreamProcessor. <br />
<br />
While 'worker' is null, the output is produced simply by adding the streams together. Video frames are composited with the last-added stream on top, everything letterboxed to the size of the last-added stream that has video. While there is no input stream, the StreamProcessor produces silence and no video. <br />
<br />
While 'worker' is non-null, the results of mixing (or the default silence) are fed into the worker by dispatching onstream callbacks. Each onstream callback takes a StreamEvent as a parameter. A StreamEvent provides audio sample buffers and a list of video frames for each input stream; the event callback can write audio output buffers and a list of output video frames. If the callback does not output audio, default audio output is automatically generated as above; ditto for video. Each StreamEvent contains the inputParams for each input stream contributing to the StreamEvent.<br />
<br />
Note that 'worker' cannot be a SharedWorker. This ensures that the worker can run in the same process as the page in multiprocess browsers, so media streams can be confined to a single process.<br />
<br />
An ended stream is treated as producing silence and no video. (Alternative: automatically remove the stream as an input. But this might confuse scripts.) <br />
<br />
// XXX need to figure out the actual StreamEvent API: channel formats, etc.<br />
<br />
==== Graph cycles ====<br />
<br />
If a cycle is formed in the graph, the streams involved block until the cycle is removed. <br />
<br />
==== Dynamic graph changes ====<br />
<br />
Dynamic graph changes performed by a script take effect atomically after the script has run to completion. Effectively we post a task to the HTML event loop that makes all the pending changes. The exact timing is up to the implementation but the implementation should try to minimize the latency of changes. <br />
<br />
==== Examples ====<br />
<br />
1) Play video with processing effect applied to the audio track <br />
<br />
&lt;video src="foo.webm" id="v" controls&gt;&lt;/video&gt;<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
document.getElementById("out").src =<br />
document.getElementById("v").captureStream().createProcessor(new Worker("effect.js"));<br />
&lt;/script&gt;<br />
<br />
2) Play video with processing effects mixing in out-of-band audio tracks (in sync)<br />
<br />
&lt;video src="foo.webm" id="v"&gt;&lt;/video&gt;<br />
&lt;audio src="back.webm" id="back"&gt;&lt;/audio&gt;<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
var mixer = document.getElementById("v").captureStream().createProcessor(new Worker("audio-ducking.js"));<br />
mixer.addStream(document.getElementById("back").captureStream());<br />
document.getElementById("out").src = mixer;<br />
function startPlaying() {<br />
document.getElementById("v").play();<br />
document.getElementById("back").play();<br />
}<br />
// We probably need additional API to more conveniently tie together<br />
// the controls for multiple media elements.<br />
&lt;/script&gt;<br />
<br />
3) Capture microphone input and stream it out to a peer with a processing effect applied to the audio <br />
<br />
&lt;script&gt;<br />
navigator.getUserMedia('audio', gotAudio);<br />
function gotAudio(stream) {<br />
peerConnection.addStream(stream.createProcessor(new Worker("effect.js")));<br />
}<br />
&lt;/script&gt;<br />
<br />
4) Capture microphone input and visualize it as it is being streamed out to a peer and recorded <br />
<br />
&lt;canvas id="c"&gt;&lt;/canvas&gt;<br />
&lt;script&gt;<br />
navigator.getUserMedia('audio', gotAudio);<br />
var streamRecorder;<br />
function gotAudio(stream) {<br />
var worker = new Worker("visualizer.js");<br />
var processed = stream.createProcessor(worker);<br />
worker.onmessage = function(event) {<br />
drawSpectrumToCanvas(event.data, document.getElementById("c"));<br />
}<br />
streamRecorder = processed.record();<br />
peerConnection.addStream(processed);<br />
}<br />
&lt;/script&gt;<br />
<br />
5) Capture microphone input, visualize it, mix in another audio track and stream the result to a peer and record <br />
<br />
&lt;canvas id="c"&gt;&lt;/canvas&gt;<br />
&lt;mediaresource src="back.webm" id="back"&gt;&lt;/mediaresource&gt;<br />
&lt;script&gt;<br />
navigator.getUserMedia('audio', gotAudio);<br />
var streamRecorder;<br />
function gotAudio(stream) {<br />
var worker = new Worker("visualizer.js");<br />
var processed = stream.createProcessor(worker);<br />
worker.onmessage = function(event) {<br />
drawSpectrumToCanvas(event.data, document.getElementById("c"));<br />
}<br />
var mixer = processed.createProcessor();<br />
mixer.addStream(document.getElementById("back").startStream());<br />
streamRecorder = mixer.record();<br />
peerConnection.addStream(mixer);<br />
}<br />
&lt;/script&gt;<br />
<br />
6) Receive audio streams from peers, mix them with spatialization effects, and play <br />
<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
var worker = new Worker("spatializer.js");<br />
var spatialized = stream.createProcessor(worker);<br />
peerConnection.onaddstream = function (event) {<br />
spatialized.addStream(event.stream);<br />
spatialized.setInputParams(event.stream, {x:..., y:..., z:...});<br />
};<br />
document.getElementById("out").src = spatialized; <br />
&lt;/script&gt;<br />
<br />
7) Seamlessly chain from the end of one input stream to another <br />
<br />
&lt;mediaresource src="in1.webm" id="in1" preload&gt;&lt;/mediaresource&gt;<br />
&lt;mediaresource src="in2.webm" id="in2"&gt;&lt;/mediaresource&gt;<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
var in1 = document.getElementById("in1");<br />
in1.onloadeddata = function() {<br />
var mixer = in1.startStream().createProcessor();<br />
var in2 = document.getElementById("in2");<br />
in2.delay = in1.duration;<br />
mixer.addStream(in2.startStream());<br />
document.getElementById("out").src = mixer;<br />
}<br />
&lt;/script&gt;<br />
<br />
8) Seamlessly switch from one input stream to another, e.g. to implement adaptive streaming <br />
<br />
&lt;mediaresource src="in1.webm" id="in1" preload&gt;&lt;/mediaresource&gt;<br />
&lt;mediaresource src="in2.webm" id="in2"&gt;&lt;/mediaresource&gt;<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
var stream1 = document.getElementById("in1").startStream();<br />
var mixer = stream1.createProcessor();<br />
document.getElementById("out").src = mixer;<br />
function switchStreams() {<br />
var in2 = document.getElementById("in2");<br />
in2.currentTime = stream1.currentTime;<br />
var stream2 = in2.startStream();<br />
stream2.volume = 0;<br />
stream2.live = true; // don't block while this stream is playing<br />
mixer.addStream(stream2);<br />
stream2.onplaying = function() {<br />
if (mixer.inputs[0] == stream1) {<br />
stream2.volume = 1.0;<br />
stream2.live = false; // allow output to block while this stream is playing<br />
mixer.removeStream(stream1);<br />
}<br />
}<br />
}<br />
&lt;/script&gt;<br />
<br />
9) Synthesize samples from JS data <br />
<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
document.getElementById("out").src =<br />
new StreamProcessor(new Worker("synthesizer.js"));<br />
&lt;/script&gt;<br />
<br />
10) Trigger a sound sample to be played through the effects graph ASAP but without causing any blocking <br />
<br />
&lt;script&gt;<br />
var effectsMixer = ...;<br />
function playSound(src) {<br />
var audio = new Audio(src);<br />
audio.oncanplaythrough = new function() {<br />
var stream = audio.captureStream();<br />
stream.live = true;<br />
effectsMixer.addStream(stream);<br />
stream.onended = function() { effectsMixer.removeStream(stream); }<br />
audio.play();<br />
}<br />
}<br />
&lt;/script&gt;<br />
<br />
13) Capture video from a camera and analyze it (e.g. face recognition)<br />
<br />
&lt;script&gt;<br />
navigator.getUserMedia('video', gotVideo);<br />
function gotVideo(stream) {<br />
stream.createProcessor(new Worker("face-recognizer.js"));<br />
}<br />
&lt;/script&gt;<br />
<br />
14) Capture video, record it to a file and upload the file (e.g. Youtube)<br />
<br />
&lt;script&gt;<br />
navigator.getUserMedia('video', gotVideo);<br />
var streamRecorder;<br />
function gotVideo(stream) {<br />
streamRecorder = stream.record();<br />
}<br />
function stopRecording() {<br />
streamRecorder.getRecordedData(gotData);<br />
}<br />
function gotData(blob) {<br />
var x = new XMLHttpRequest();<br />
x.open('POST', 'uploadMessage');<br />
x.send(blob);<br />
}<br />
&lt;/script&gt;<br />
<br />
15) Capture video from a canvas, record it to a file then upload<br />
<br />
&lt;script&gt;<br />
// TBD<br />
&lt;/script&gt;<br />
<br />
= Related Proposals =<br />
<br />
W3C-RTC charter (Harald et. al.): [[RTCStreamAPI]]<br />
<br />
WhatWG proposal (Ian et. al.): [http://www.whatwg.org/specs/web-apps/current-work/complete/video-conferencing-and-peer-to-peer-communication.html]<br />
<br />
Chrome audio API: [http://chromium.googlecode.com/svn/trunk/samples/audio/specification/specification.html]</div>Ananthttps://wiki.mozilla.org/index.php?title=MediaStreamAPI&diff=296414MediaStreamAPI2011-04-06T17:39:55Z<p>Anant: /* Alternate Proposals */</p>
<hr />
<div>= Streams, RTC, audio API and media controllers =<br />
<br />
=== Scenarios ===<br />
<br />
These are higher-level than use-cases. <br />
<br />
1) Play video with processing effect applied to the audio track <br />
<br />
2) Play video with processing effects mixing in out-of-band audio tracks (in sync) <br />
<br />
3) Capture microphone input and stream it out to a peer with a processing effect applied to the audio <br />
<br />
4) Capture microphone input and visualize it as it is being streamed out to a peer and recorded <br />
<br />
5) Capture microphone input, visualize it, mix in another audio track and stream the result to a peer and record <br />
<br />
6) Receive audio streams from peers, mix them with spatialization effects, and play <br />
<br />
7) Seamlessly chain from the end of one input stream to another <br />
<br />
8) Seamlessly switch from one input stream to another, e.g. to implement adaptive streaming <br />
<br />
9) Synthesize samples from JS data <br />
<br />
10) Trigger a sound sample to be played through the effects graph ASAP but without causing any blocking <br />
<br />
=== Straw-man Proposal ===<br />
<br />
==== Streams ====<br />
<br />
Need to clarify exactly what the semantics of a stream are: <br />
<br />
*A window of timecoded video and audio data. <br />
*The timecodes are in the stream's own internal timeline. The internal timeline can have any base offset but always advances at the same rate as real time, if it's advancing at all. <br />
*Not seekable, resettable etc. The window moves forward automatically in real time (or close to it). <br />
*A stream can be "blocked". While it's blocked, its timeline and data window does not advance.<br />
<br />
Blocked state should be reflected in a new readyState value "BLOCKED". We should have a callback when the stream blocks and unblocks, too. <br />
<br />
*Streams can end. The end state is reflected in the Stream readyState. A stream can never resume after it has ended.<br />
<br />
Hard case: <br />
<br />
*Mix http://slow with http://fast, and mix http://fast with http://fast2; does the http://fast stream have to provide data at two different offsets? <br />
*Solution: if a (non-live) stream feeds into a blocking mixer, then it itself gets blocked. This has the same effect as the entire graph of (non-live) connected streams blocking as a unit.<br />
<br />
==== &lt;mediaresource&gt; element ====<br />
<br />
interface HTMLMediaResourceElement {<br />
attribute DOMString src;<br />
attribute DOMString preload;<br />
<br />
// If set, the resource repeats indefinitely.<br />
attribute boolean loop;<br />
<br />
// Start stream at this offset in the resource (after looping, if enabled).<br />
attribute double currentTime;<br />
<br />
// End the stream at this offset in the resource (after looping, if enabled).<br />
attribute double endTime;<br />
<br />
// Add this much silence to the start of the stream.<br />
attribute double delay;<br />
<br />
attribute double playbackRate;<br />
void load();<br />
<br />
readonly attribute DOMString currentSrc;<br />
readonly attribute unsigned short networkState;<br />
readonly attribute TimeRanges buffered;<br />
DOMString canPlayType(in DOMString type);<br />
readonly attribute MediaError error;<br />
readonly attribute boolean seeking;<br />
readonly attribute double duration;<br />
<br />
// Returns a new stream of the resource played back starting at currentTime using current<br />
// element state (stream contents do not change in response to future changes in the element)<br />
Stream startStream();<br />
};<br />
<br />
&lt;mediaresource&gt; elements can have &lt;source&gt; children. <br />
<br />
Is this needed? Maybe to allow reliable synchronization/easy use of canned samples. <br />
<br />
I'm not really sure how much API this element needs. <br />
<br />
==== Media elements ====<br />
<br />
interface HTMLMediaElement {<br />
// Returns new stream of "what the element is playing" ---<br />
// whatever the element is currently playing, after its<br />
// volume and playbackrate are taken into account.<br />
// While the element is not playing (e.g. because it's paused<br />
// or buffering), the stream is blocked. This stream never<br />
// ends; if the element ends playback, the stream just blocks<br />
// and can resume if the element starts playing again.<br />
// When something else causes this stream to be blocked,<br />
// we block the output of the media element.<br />
Stream getStream();<br />
<br />
// When set, do not produce direct audio output. Audio output<br />
// is still produced when getStream() is called.<br />
attribute boolean streamaudio;<br />
<br />
// Can be set to a Stream. Blocked streams play silence and show the last video frame.<br />
attribute any src;<br />
};<br />
<br />
==== Stream extensions ====<br />
<br />
Streams can have attributes that transform their output: <br />
<br />
interface Stream {<br />
attribute double volume;<br />
<br />
// When set, destinations treat the stream as not blocking. While the stream is<br />
// blocked, its data are replaced with silence.<br />
attribute boolean live;<br />
<br />
// Time on its own timeline<br />
readonly double currentTime;<br />
<br />
// Create a new StreamProcessor with this Stream as the input.<br />
StreamProcessor createProcessor();<br />
// Create a new StreamProcessor with this Stream as the input,<br />
// initializing worker.<br />
StreamProcessor createProcessor(Worker worker);<br />
};<br />
<br />
==== Stream mixing and processing ====<br />
<br />
[Constructor]<br />
interface StreamProcessor&nbsp;: Stream {<br />
readonly attribute Stream[] inputs;<br />
void addStream(Stream input);<br />
void setInputParams(Stream input, any params);<br />
void removeStream(Stream input);<br />
<br />
// Causes this stream to enter the ended state.<br />
// No more worker callbacks will be issued.<br />
void end(double delay);<br />
<br />
attribute Worker worker;<br />
};<br />
<br />
This object combines multiple streams with synchronization to create a new stream. While any input stream is blocked and not live, the StreamProcessor is blocked. While the StreamProcessor is blocked, all its input streams are forced to be blocked. (Note that this can cause other StreamProcessors using the same input stream(s) to block, etc.) <br />
<br />
The offset from the timeline of an input to the timeline of the StreamProcessor is set automatically when the stream is added to the StreamProcessor. <br />
<br />
While 'worker' is null, the output is produced simply by adding the streams together. Video frames are composited with the last-added stream on top, everything letterboxed to the size of the last-added stream that has video. While there is no input stream, the StreamProcessor produces silence and no video. <br />
<br />
While 'worker' is non-null, the results of mixing (or the default silence) are fed into the worker by dispatching onstream callbacks. Each onstream callback takes a StreamEvent as a parameter. A StreamEvent provides audio sample buffers and a list of video frames for each input stream; the event callback can write audio output buffers and a list of output video frames. If the callback does not output audio, default audio output is automatically generated as above; ditto for video. Each StreamEvent contains the inputParams for each input stream contributing to the StreamEvent. <br />
<br />
An ended stream is treated as producing silence and no video. (Alternative: automatically remove the stream as an input. But this might confuse scripts.) <br />
<br />
// XXX need to figure out the actual StreamEvent API: channel formats, etc. <br />
<br />
==== Graph cycles ====<br />
<br />
If a cycle is formed in the graph, the streams involved block until the cycle is removed. <br />
<br />
==== Dynamic graph changes ====<br />
<br />
Dynamic graph changes performed by a script take effect atomically after the script has run to completion. Effectively we post a task to the HTML event loop that makes all the pending changes. The exact timing is up to the implementation but the implementation should try to minimize the latency of changes. <br />
<br />
==== Examples ====<br />
<br />
1) Play video with processing effect applied to the audio track <br />
<br />
&lt;video src="foo.webm" id="v" controls streamaudio&gt;&lt;/video&gt;<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
document.getElementById("out").src =<br />
document.getElementById("v").getStream().createProcessor(new Worker("effect.js"));<br />
&lt;/script&gt;<br />
<br />
2) Play video with processing effects mixing in out-of-band audio tracks (in sync) <br />
<br />
&lt;video src="foo.webm" id="v" streamaudio&gt;&lt;/video&gt;<br />
&lt;audio src="back.webm" id="back"&gt;&lt;/audio&gt;<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
var mixer = document.getElementById("v").getStream().createProcessor(new Worker("audio-ducking.js"));<br />
mixer.addStream(document.getElementById("back").getStream());<br />
document.getElementById("out").src = mixer;<br />
function startPlaying() {<br />
document.getElementById("v").play();<br />
document.getElementById("back").play();<br />
}<br />
// We probably need additional API to more conveniently tie together<br />
// the controls for multiple media elements.<br />
&lt;/script&gt;<br />
<br />
3) Capture microphone input and stream it out to a peer with a processing effect applied to the audio <br />
<br />
&lt;script&gt;<br />
navigator.getUserMedia('audio', gotAudio);<br />
function gotAudio(stream) {<br />
peerConnection.addStream(stream.createProcessor(new Worker("effect.js")));<br />
}<br />
&lt;/script&gt;<br />
<br />
4) Capture microphone input and visualize it as it is being streamed out to a peer and recorded <br />
<br />
&lt;canvas id="c"&gt;&lt;/canvas&gt;<br />
&lt;script&gt;<br />
navigator.getUserMedia('audio', gotAudio);<br />
var streamRecorder;<br />
function gotAudio(stream) {<br />
var worker = new Worker("visualizer.js");<br />
var processed = stream.createProcessor(worker);<br />
worker.onmessage = function(event) {<br />
drawSpectrumToCanvas(event.data, document.getElementById("c"));<br />
}<br />
streamRecorder = processed.record();<br />
peerConnection.addStream(processed);<br />
}<br />
&lt;/script&gt;<br />
<br />
5) Capture microphone input, visualize it, mix in another audio track and stream the result to a peer and record <br />
<br />
&lt;canvas id="c"&gt;&lt;/canvas&gt;<br />
&lt;mediaresource src="back.webm" id="back"&gt;&lt;/mediaresource&gt;<br />
&lt;script&gt;<br />
navigator.getUserMedia('audio', gotAudio);<br />
var streamRecorder;<br />
function gotAudio(stream) {<br />
var worker = new Worker("visualizer.js");<br />
var processed = stream.createProcessor(worker);<br />
worker.onmessage = function(event) {<br />
drawSpectrumToCanvas(event.data, document.getElementById("c"));<br />
}<br />
var mixer = processed.createProcessor();<br />
mixer.addStream(document.getElementById("back").startStream());<br />
streamRecorder = mixer.record();<br />
peerConnection.addStream(mixer);<br />
}<br />
&lt;/script&gt;<br />
<br />
6) Receive audio streams from peers, mix them with spatialization effects, and play <br />
<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
var worker = new Worker("spatializer.js");<br />
var spatialized = stream.createProcessor(worker);<br />
peerConnection.onaddstream = function (event) {<br />
spatialized.addStream(event.stream);<br />
spatialized.setInputParams(event.stream, {x:..., y:..., z:...});<br />
};<br />
document.getElementById("out").src = spatialized; <br />
&lt;/script&gt;<br />
<br />
7) Seamlessly chain from the end of one input stream to another <br />
<br />
&lt;mediaresource src="in1.webm" id="in1" preload&gt;&lt;/mediaresource&gt;<br />
&lt;mediaresource src="in2.webm" id="in2"&gt;&lt;/mediaresource&gt;<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
var in1 = document.getElementById("in1");<br />
in1.onloadeddata = function() {<br />
var mixer = in1.startStream().createProcessor();<br />
var in2 = document.getElementById("in2");<br />
in2.delay = in1.duration;<br />
mixer.addStream(in2.startStream());<br />
document.getElementById("out").src = mixer;<br />
}<br />
&lt;/script&gt;<br />
<br />
8) Seamlessly switch from one input stream to another, e.g. to implement adaptive streaming <br />
<br />
&lt;mediaresource src="in1.webm" id="in1" preload&gt;&lt;/mediaresource&gt;<br />
&lt;mediaresource src="in2.webm" id="in2"&gt;&lt;/mediaresource&gt;<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
var stream1 = document.getElementById("in1").startStream();<br />
var mixer = stream1.createProcessor();<br />
document.getElementById("out").src = mixer;<br />
function switchStreams() {<br />
var in2 = document.getElementById("in2");<br />
in2.currentTime = stream1.currentTime;<br />
var stream2 = in2.startStream();<br />
stream2.volume = 0;<br />
stream2.live = true; // don't block while this stream is playing<br />
mixer.addStream(stream2);<br />
stream2.onplaying = function() {<br />
if (mixer.inputs[0] == stream1) {<br />
stream2.volume = 1.0;<br />
stream2.live = false; // allow output to block while this stream is playing<br />
mixer.removeStream(stream1);<br />
}<br />
}<br />
}<br />
&lt;/script&gt;<br />
<br />
9) Synthesize samples from JS data <br />
<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
document.getElementById("out").src =<br />
new StreamProcessor(new Worker("synthesizer.js"));<br />
&lt;/script&gt;<br />
<br />
10) Trigger a sound sample to be played through the effects graph ASAP but without causing any blocking <br />
<br />
&lt;script&gt;<br />
var effectsMixer = ...;<br />
function playSound(src) {<br />
var audio = new Audio(src);<br />
audio.oncanplaythrough = new function() {<br />
var stream = audio.getStream();<br />
stream.live = true;<br />
stream.onended = function() { effectsMixer.removeStream(stream); }<br />
effectsMixer.addStream(stream);<br />
}<br />
}<br />
&lt;/script&gt;<br />
<br />
= Alternate Proposals =<br />
<br />
W3C-RTC charter (Harald et. al.): [[RTCStreamAPI]]<br />
<br />
WhatWG proposal (Ian et. al.):&nbsp;??</div>Ananthttps://wiki.mozilla.org/index.php?title=MediaStreamAPI&diff=296413MediaStreamAPI2011-04-06T17:39:28Z<p>Anant: /* Alternate Proposals */</p>
<hr />
<div>= Streams, RTC, audio API and media controllers =<br />
<br />
=== Scenarios ===<br />
<br />
These are higher-level than use-cases. <br />
<br />
1) Play video with processing effect applied to the audio track <br />
<br />
2) Play video with processing effects mixing in out-of-band audio tracks (in sync) <br />
<br />
3) Capture microphone input and stream it out to a peer with a processing effect applied to the audio <br />
<br />
4) Capture microphone input and visualize it as it is being streamed out to a peer and recorded <br />
<br />
5) Capture microphone input, visualize it, mix in another audio track and stream the result to a peer and record <br />
<br />
6) Receive audio streams from peers, mix them with spatialization effects, and play <br />
<br />
7) Seamlessly chain from the end of one input stream to another <br />
<br />
8) Seamlessly switch from one input stream to another, e.g. to implement adaptive streaming <br />
<br />
9) Synthesize samples from JS data <br />
<br />
10) Trigger a sound sample to be played through the effects graph ASAP but without causing any blocking <br />
<br />
=== Straw-man Proposal ===<br />
<br />
==== Streams ====<br />
<br />
Need to clarify exactly what the semantics of a stream are: <br />
<br />
*A window of timecoded video and audio data. <br />
*The timecodes are in the stream's own internal timeline. The internal timeline can have any base offset but always advances at the same rate as real time, if it's advancing at all. <br />
*Not seekable, resettable etc. The window moves forward automatically in real time (or close to it). <br />
*A stream can be "blocked". While it's blocked, its timeline and data window does not advance.<br />
<br />
Blocked state should be reflected in a new readyState value "BLOCKED". We should have a callback when the stream blocks and unblocks, too. <br />
<br />
*Streams can end. The end state is reflected in the Stream readyState. A stream can never resume after it has ended.<br />
<br />
Hard case: <br />
<br />
*Mix http://slow with http://fast, and mix http://fast with http://fast2; does the http://fast stream have to provide data at two different offsets? <br />
*Solution: if a (non-live) stream feeds into a blocking mixer, then it itself gets blocked. This has the same effect as the entire graph of (non-live) connected streams blocking as a unit.<br />
<br />
==== &lt;mediaresource&gt; element ====<br />
<br />
interface HTMLMediaResourceElement {<br />
attribute DOMString src;<br />
attribute DOMString preload;<br />
<br />
// If set, the resource repeats indefinitely.<br />
attribute boolean loop;<br />
<br />
// Start stream at this offset in the resource (after looping, if enabled).<br />
attribute double currentTime;<br />
<br />
// End the stream at this offset in the resource (after looping, if enabled).<br />
attribute double endTime;<br />
<br />
// Add this much silence to the start of the stream.<br />
attribute double delay;<br />
<br />
attribute double playbackRate;<br />
void load();<br />
<br />
readonly attribute DOMString currentSrc;<br />
readonly attribute unsigned short networkState;<br />
readonly attribute TimeRanges buffered;<br />
DOMString canPlayType(in DOMString type);<br />
readonly attribute MediaError error;<br />
readonly attribute boolean seeking;<br />
readonly attribute double duration;<br />
<br />
// Returns a new stream of the resource played back starting at currentTime using current<br />
// element state (stream contents do not change in response to future changes in the element)<br />
Stream startStream();<br />
};<br />
<br />
&lt;mediaresource&gt; elements can have &lt;source&gt; children. <br />
<br />
Is this needed? Maybe to allow reliable synchronization/easy use of canned samples. <br />
<br />
I'm not really sure how much API this element needs. <br />
<br />
==== Media elements ====<br />
<br />
interface HTMLMediaElement {<br />
// Returns new stream of "what the element is playing" ---<br />
// whatever the element is currently playing, after its<br />
// volume and playbackrate are taken into account.<br />
// While the element is not playing (e.g. because it's paused<br />
// or buffering), the stream is blocked. This stream never<br />
// ends; if the element ends playback, the stream just blocks<br />
// and can resume if the element starts playing again.<br />
// When something else causes this stream to be blocked,<br />
// we block the output of the media element.<br />
Stream getStream();<br />
<br />
// When set, do not produce direct audio output. Audio output<br />
// is still produced when getStream() is called.<br />
attribute boolean streamaudio;<br />
<br />
// Can be set to a Stream. Blocked streams play silence and show the last video frame.<br />
attribute any src;<br />
};<br />
<br />
==== Stream extensions ====<br />
<br />
Streams can have attributes that transform their output: <br />
<br />
interface Stream {<br />
attribute double volume;<br />
<br />
// When set, destinations treat the stream as not blocking. While the stream is<br />
// blocked, its data are replaced with silence.<br />
attribute boolean live;<br />
<br />
// Time on its own timeline<br />
readonly double currentTime;<br />
<br />
// Create a new StreamProcessor with this Stream as the input.<br />
StreamProcessor createProcessor();<br />
// Create a new StreamProcessor with this Stream as the input,<br />
// initializing worker.<br />
StreamProcessor createProcessor(Worker worker);<br />
};<br />
<br />
==== Stream mixing and processing ====<br />
<br />
[Constructor]<br />
interface StreamProcessor&nbsp;: Stream {<br />
readonly attribute Stream[] inputs;<br />
void addStream(Stream input);<br />
void setInputParams(Stream input, any params);<br />
void removeStream(Stream input);<br />
<br />
// Causes this stream to enter the ended state.<br />
// No more worker callbacks will be issued.<br />
void end(double delay);<br />
<br />
attribute Worker worker;<br />
};<br />
<br />
This object combines multiple streams with synchronization to create a new stream. While any input stream is blocked and not live, the StreamProcessor is blocked. While the StreamProcessor is blocked, all its input streams are forced to be blocked. (Note that this can cause other StreamProcessors using the same input stream(s) to block, etc.) <br />
<br />
The offset from the timeline of an input to the timeline of the StreamProcessor is set automatically when the stream is added to the StreamProcessor. <br />
<br />
While 'worker' is null, the output is produced simply by adding the streams together. Video frames are composited with the last-added stream on top, everything letterboxed to the size of the last-added stream that has video. While there is no input stream, the StreamProcessor produces silence and no video. <br />
<br />
While 'worker' is non-null, the results of mixing (or the default silence) are fed into the worker by dispatching onstream callbacks. Each onstream callback takes a StreamEvent as a parameter. A StreamEvent provides audio sample buffers and a list of video frames for each input stream; the event callback can write audio output buffers and a list of output video frames. If the callback does not output audio, default audio output is automatically generated as above; ditto for video. Each StreamEvent contains the inputParams for each input stream contributing to the StreamEvent. <br />
<br />
An ended stream is treated as producing silence and no video. (Alternative: automatically remove the stream as an input. But this might confuse scripts.) <br />
<br />
// XXX need to figure out the actual StreamEvent API: channel formats, etc. <br />
<br />
==== Graph cycles ====<br />
<br />
If a cycle is formed in the graph, the streams involved block until the cycle is removed. <br />
<br />
==== Dynamic graph changes ====<br />
<br />
Dynamic graph changes performed by a script take effect atomically after the script has run to completion. Effectively we post a task to the HTML event loop that makes all the pending changes. The exact timing is up to the implementation but the implementation should try to minimize the latency of changes. <br />
<br />
==== Examples ====<br />
<br />
1) Play video with processing effect applied to the audio track <br />
<br />
&lt;video src="foo.webm" id="v" controls streamaudio&gt;&lt;/video&gt;<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
document.getElementById("out").src =<br />
document.getElementById("v").getStream().createProcessor(new Worker("effect.js"));<br />
&lt;/script&gt;<br />
<br />
2) Play video with processing effects mixing in out-of-band audio tracks (in sync) <br />
<br />
&lt;video src="foo.webm" id="v" streamaudio&gt;&lt;/video&gt;<br />
&lt;audio src="back.webm" id="back"&gt;&lt;/audio&gt;<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
var mixer = document.getElementById("v").getStream().createProcessor(new Worker("audio-ducking.js"));<br />
mixer.addStream(document.getElementById("back").getStream());<br />
document.getElementById("out").src = mixer;<br />
function startPlaying() {<br />
document.getElementById("v").play();<br />
document.getElementById("back").play();<br />
}<br />
// We probably need additional API to more conveniently tie together<br />
// the controls for multiple media elements.<br />
&lt;/script&gt;<br />
<br />
3) Capture microphone input and stream it out to a peer with a processing effect applied to the audio <br />
<br />
&lt;script&gt;<br />
navigator.getUserMedia('audio', gotAudio);<br />
function gotAudio(stream) {<br />
peerConnection.addStream(stream.createProcessor(new Worker("effect.js")));<br />
}<br />
&lt;/script&gt;<br />
<br />
4) Capture microphone input and visualize it as it is being streamed out to a peer and recorded <br />
<br />
&lt;canvas id="c"&gt;&lt;/canvas&gt;<br />
&lt;script&gt;<br />
navigator.getUserMedia('audio', gotAudio);<br />
var streamRecorder;<br />
function gotAudio(stream) {<br />
var worker = new Worker("visualizer.js");<br />
var processed = stream.createProcessor(worker);<br />
worker.onmessage = function(event) {<br />
drawSpectrumToCanvas(event.data, document.getElementById("c"));<br />
}<br />
streamRecorder = processed.record();<br />
peerConnection.addStream(processed);<br />
}<br />
&lt;/script&gt;<br />
<br />
5) Capture microphone input, visualize it, mix in another audio track and stream the result to a peer and record <br />
<br />
&lt;canvas id="c"&gt;&lt;/canvas&gt;<br />
&lt;mediaresource src="back.webm" id="back"&gt;&lt;/mediaresource&gt;<br />
&lt;script&gt;<br />
navigator.getUserMedia('audio', gotAudio);<br />
var streamRecorder;<br />
function gotAudio(stream) {<br />
var worker = new Worker("visualizer.js");<br />
var processed = stream.createProcessor(worker);<br />
worker.onmessage = function(event) {<br />
drawSpectrumToCanvas(event.data, document.getElementById("c"));<br />
}<br />
var mixer = processed.createProcessor();<br />
mixer.addStream(document.getElementById("back").startStream());<br />
streamRecorder = mixer.record();<br />
peerConnection.addStream(mixer);<br />
}<br />
&lt;/script&gt;<br />
<br />
6) Receive audio streams from peers, mix them with spatialization effects, and play <br />
<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
var worker = new Worker("spatializer.js");<br />
var spatialized = stream.createProcessor(worker);<br />
peerConnection.onaddstream = function (event) {<br />
spatialized.addStream(event.stream);<br />
spatialized.setInputParams(event.stream, {x:..., y:..., z:...});<br />
};<br />
document.getElementById("out").src = spatialized; <br />
&lt;/script&gt;<br />
<br />
7) Seamlessly chain from the end of one input stream to another <br />
<br />
&lt;mediaresource src="in1.webm" id="in1" preload&gt;&lt;/mediaresource&gt;<br />
&lt;mediaresource src="in2.webm" id="in2"&gt;&lt;/mediaresource&gt;<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
var in1 = document.getElementById("in1");<br />
in1.onloadeddata = function() {<br />
var mixer = in1.startStream().createProcessor();<br />
var in2 = document.getElementById("in2");<br />
in2.delay = in1.duration;<br />
mixer.addStream(in2.startStream());<br />
document.getElementById("out").src = mixer;<br />
}<br />
&lt;/script&gt;<br />
<br />
8) Seamlessly switch from one input stream to another, e.g. to implement adaptive streaming <br />
<br />
&lt;mediaresource src="in1.webm" id="in1" preload&gt;&lt;/mediaresource&gt;<br />
&lt;mediaresource src="in2.webm" id="in2"&gt;&lt;/mediaresource&gt;<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
var stream1 = document.getElementById("in1").startStream();<br />
var mixer = stream1.createProcessor();<br />
document.getElementById("out").src = mixer;<br />
function switchStreams() {<br />
var in2 = document.getElementById("in2");<br />
in2.currentTime = stream1.currentTime;<br />
var stream2 = in2.startStream();<br />
stream2.volume = 0;<br />
stream2.live = true; // don't block while this stream is playing<br />
mixer.addStream(stream2);<br />
stream2.onplaying = function() {<br />
if (mixer.inputs[0] == stream1) {<br />
stream2.volume = 1.0;<br />
stream2.live = false; // allow output to block while this stream is playing<br />
mixer.removeStream(stream1);<br />
}<br />
}<br />
}<br />
&lt;/script&gt;<br />
<br />
9) Synthesize samples from JS data <br />
<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
document.getElementById("out").src =<br />
new StreamProcessor(new Worker("synthesizer.js"));<br />
&lt;/script&gt;<br />
<br />
10) Trigger a sound sample to be played through the effects graph ASAP but without causing any blocking <br />
<br />
&lt;script&gt;<br />
var effectsMixer = ...;<br />
function playSound(src) {<br />
var audio = new Audio(src);<br />
audio.oncanplaythrough = new function() {<br />
var stream = audio.getStream();<br />
stream.live = true;<br />
stream.onended = function() { effectsMixer.removeStream(stream); }<br />
effectsMixer.addStream(stream);<br />
}<br />
}<br />
&lt;/script&gt;<br />
<br />
= Alternate Proposals =<br />
<br />
W3C-RTC charter (Harald et. al.): [[RTCStreamAPI]]<br />
WhatWG proposal (Ian et. al.): ??</div>Ananthttps://wiki.mozilla.org/index.php?title=MediaStreamAPI&diff=296412MediaStreamAPI2011-04-06T17:38:22Z<p>Anant: </p>
<hr />
<div>= Streams, RTC, audio API and media controllers =<br />
<br />
=== Scenarios ===<br />
<br />
These are higher-level than use-cases. <br />
<br />
1) Play video with processing effect applied to the audio track <br />
<br />
2) Play video with processing effects mixing in out-of-band audio tracks (in sync) <br />
<br />
3) Capture microphone input and stream it out to a peer with a processing effect applied to the audio <br />
<br />
4) Capture microphone input and visualize it as it is being streamed out to a peer and recorded <br />
<br />
5) Capture microphone input, visualize it, mix in another audio track and stream the result to a peer and record <br />
<br />
6) Receive audio streams from peers, mix them with spatialization effects, and play <br />
<br />
7) Seamlessly chain from the end of one input stream to another <br />
<br />
8) Seamlessly switch from one input stream to another, e.g. to implement adaptive streaming <br />
<br />
9) Synthesize samples from JS data <br />
<br />
10) Trigger a sound sample to be played through the effects graph ASAP but without causing any blocking <br />
<br />
=== Straw-man Proposal ===<br />
<br />
==== Streams ====<br />
<br />
Need to clarify exactly what the semantics of a stream are: <br />
<br />
*A window of timecoded video and audio data. <br />
*The timecodes are in the stream's own internal timeline. The internal timeline can have any base offset but always advances at the same rate as real time, if it's advancing at all. <br />
*Not seekable, resettable etc. The window moves forward automatically in real time (or close to it). <br />
*A stream can be "blocked". While it's blocked, its timeline and data window does not advance.<br />
<br />
Blocked state should be reflected in a new readyState value "BLOCKED". We should have a callback when the stream blocks and unblocks, too. <br />
<br />
*Streams can end. The end state is reflected in the Stream readyState. A stream can never resume after it has ended.<br />
<br />
Hard case: <br />
<br />
*Mix http://slow with http://fast, and mix http://fast with http://fast2; does the http://fast stream have to provide data at two different offsets? <br />
*Solution: if a (non-live) stream feeds into a blocking mixer, then it itself gets blocked. This has the same effect as the entire graph of (non-live) connected streams blocking as a unit.<br />
<br />
==== &lt;mediaresource&gt; element ====<br />
<br />
interface HTMLMediaResourceElement {<br />
attribute DOMString src;<br />
attribute DOMString preload;<br />
<br />
// If set, the resource repeats indefinitely.<br />
attribute boolean loop;<br />
<br />
// Start stream at this offset in the resource (after looping, if enabled).<br />
attribute double currentTime;<br />
<br />
// End the stream at this offset in the resource (after looping, if enabled).<br />
attribute double endTime;<br />
<br />
// Add this much silence to the start of the stream.<br />
attribute double delay;<br />
<br />
attribute double playbackRate;<br />
void load();<br />
<br />
readonly attribute DOMString currentSrc;<br />
readonly attribute unsigned short networkState;<br />
readonly attribute TimeRanges buffered;<br />
DOMString canPlayType(in DOMString type);<br />
readonly attribute MediaError error;<br />
readonly attribute boolean seeking;<br />
readonly attribute double duration;<br />
<br />
// Returns a new stream of the resource played back starting at currentTime using current<br />
// element state (stream contents do not change in response to future changes in the element)<br />
Stream startStream();<br />
};<br />
<br />
&lt;mediaresource&gt; elements can have &lt;source&gt; children. <br />
<br />
Is this needed? Maybe to allow reliable synchronization/easy use of canned samples. <br />
<br />
I'm not really sure how much API this element needs. <br />
<br />
==== Media elements ====<br />
<br />
interface HTMLMediaElement {<br />
// Returns new stream of "what the element is playing" ---<br />
// whatever the element is currently playing, after its<br />
// volume and playbackrate are taken into account.<br />
// While the element is not playing (e.g. because it's paused<br />
// or buffering), the stream is blocked. This stream never<br />
// ends; if the element ends playback, the stream just blocks<br />
// and can resume if the element starts playing again.<br />
// When something else causes this stream to be blocked,<br />
// we block the output of the media element.<br />
Stream getStream();<br />
<br />
// When set, do not produce direct audio output. Audio output<br />
// is still produced when getStream() is called.<br />
attribute boolean streamaudio;<br />
<br />
// Can be set to a Stream. Blocked streams play silence and show the last video frame.<br />
attribute any src;<br />
};<br />
<br />
==== Stream extensions ====<br />
<br />
Streams can have attributes that transform their output: <br />
<br />
interface Stream {<br />
attribute double volume;<br />
<br />
// When set, destinations treat the stream as not blocking. While the stream is<br />
// blocked, its data are replaced with silence.<br />
attribute boolean live;<br />
<br />
// Time on its own timeline<br />
readonly double currentTime;<br />
<br />
// Create a new StreamProcessor with this Stream as the input.<br />
StreamProcessor createProcessor();<br />
// Create a new StreamProcessor with this Stream as the input,<br />
// initializing worker.<br />
StreamProcessor createProcessor(Worker worker);<br />
};<br />
<br />
==== Stream mixing and processing ====<br />
<br />
[Constructor]<br />
interface StreamProcessor&nbsp;: Stream {<br />
readonly attribute Stream[] inputs;<br />
void addStream(Stream input);<br />
void setInputParams(Stream input, any params);<br />
void removeStream(Stream input);<br />
<br />
// Causes this stream to enter the ended state.<br />
// No more worker callbacks will be issued.<br />
void end(double delay);<br />
<br />
attribute Worker worker;<br />
};<br />
<br />
This object combines multiple streams with synchronization to create a new stream. While any input stream is blocked and not live, the StreamProcessor is blocked. While the StreamProcessor is blocked, all its input streams are forced to be blocked. (Note that this can cause other StreamProcessors using the same input stream(s) to block, etc.) <br />
<br />
The offset from the timeline of an input to the timeline of the StreamProcessor is set automatically when the stream is added to the StreamProcessor. <br />
<br />
While 'worker' is null, the output is produced simply by adding the streams together. Video frames are composited with the last-added stream on top, everything letterboxed to the size of the last-added stream that has video. While there is no input stream, the StreamProcessor produces silence and no video. <br />
<br />
While 'worker' is non-null, the results of mixing (or the default silence) are fed into the worker by dispatching onstream callbacks. Each onstream callback takes a StreamEvent as a parameter. A StreamEvent provides audio sample buffers and a list of video frames for each input stream; the event callback can write audio output buffers and a list of output video frames. If the callback does not output audio, default audio output is automatically generated as above; ditto for video. Each StreamEvent contains the inputParams for each input stream contributing to the StreamEvent. <br />
<br />
An ended stream is treated as producing silence and no video. (Alternative: automatically remove the stream as an input. But this might confuse scripts.) <br />
<br />
// XXX need to figure out the actual StreamEvent API: channel formats, etc. <br />
<br />
==== Graph cycles ====<br />
<br />
If a cycle is formed in the graph, the streams involved block until the cycle is removed. <br />
<br />
==== Dynamic graph changes ====<br />
<br />
Dynamic graph changes performed by a script take effect atomically after the script has run to completion. Effectively we post a task to the HTML event loop that makes all the pending changes. The exact timing is up to the implementation but the implementation should try to minimize the latency of changes. <br />
<br />
==== Examples ====<br />
<br />
1) Play video with processing effect applied to the audio track <br />
<br />
&lt;video src="foo.webm" id="v" controls streamaudio&gt;&lt;/video&gt;<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
document.getElementById("out").src =<br />
document.getElementById("v").getStream().createProcessor(new Worker("effect.js"));<br />
&lt;/script&gt;<br />
<br />
2) Play video with processing effects mixing in out-of-band audio tracks (in sync) <br />
<br />
&lt;video src="foo.webm" id="v" streamaudio&gt;&lt;/video&gt;<br />
&lt;audio src="back.webm" id="back"&gt;&lt;/audio&gt;<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
var mixer = document.getElementById("v").getStream().createProcessor(new Worker("audio-ducking.js"));<br />
mixer.addStream(document.getElementById("back").getStream());<br />
document.getElementById("out").src = mixer;<br />
function startPlaying() {<br />
document.getElementById("v").play();<br />
document.getElementById("back").play();<br />
}<br />
// We probably need additional API to more conveniently tie together<br />
// the controls for multiple media elements.<br />
&lt;/script&gt;<br />
<br />
3) Capture microphone input and stream it out to a peer with a processing effect applied to the audio <br />
<br />
&lt;script&gt;<br />
navigator.getUserMedia('audio', gotAudio);<br />
function gotAudio(stream) {<br />
peerConnection.addStream(stream.createProcessor(new Worker("effect.js")));<br />
}<br />
&lt;/script&gt;<br />
<br />
4) Capture microphone input and visualize it as it is being streamed out to a peer and recorded <br />
<br />
&lt;canvas id="c"&gt;&lt;/canvas&gt;<br />
&lt;script&gt;<br />
navigator.getUserMedia('audio', gotAudio);<br />
var streamRecorder;<br />
function gotAudio(stream) {<br />
var worker = new Worker("visualizer.js");<br />
var processed = stream.createProcessor(worker);<br />
worker.onmessage = function(event) {<br />
drawSpectrumToCanvas(event.data, document.getElementById("c"));<br />
}<br />
streamRecorder = processed.record();<br />
peerConnection.addStream(processed);<br />
}<br />
&lt;/script&gt;<br />
<br />
5) Capture microphone input, visualize it, mix in another audio track and stream the result to a peer and record <br />
<br />
&lt;canvas id="c"&gt;&lt;/canvas&gt;<br />
&lt;mediaresource src="back.webm" id="back"&gt;&lt;/mediaresource&gt;<br />
&lt;script&gt;<br />
navigator.getUserMedia('audio', gotAudio);<br />
var streamRecorder;<br />
function gotAudio(stream) {<br />
var worker = new Worker("visualizer.js");<br />
var processed = stream.createProcessor(worker);<br />
worker.onmessage = function(event) {<br />
drawSpectrumToCanvas(event.data, document.getElementById("c"));<br />
}<br />
var mixer = processed.createProcessor();<br />
mixer.addStream(document.getElementById("back").startStream());<br />
streamRecorder = mixer.record();<br />
peerConnection.addStream(mixer);<br />
}<br />
&lt;/script&gt;<br />
<br />
6) Receive audio streams from peers, mix them with spatialization effects, and play <br />
<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
var worker = new Worker("spatializer.js");<br />
var spatialized = stream.createProcessor(worker);<br />
peerConnection.onaddstream = function (event) {<br />
spatialized.addStream(event.stream);<br />
spatialized.setInputParams(event.stream, {x:..., y:..., z:...});<br />
};<br />
document.getElementById("out").src = spatialized; <br />
&lt;/script&gt;<br />
<br />
7) Seamlessly chain from the end of one input stream to another <br />
<br />
&lt;mediaresource src="in1.webm" id="in1" preload&gt;&lt;/mediaresource&gt;<br />
&lt;mediaresource src="in2.webm" id="in2"&gt;&lt;/mediaresource&gt;<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
var in1 = document.getElementById("in1");<br />
in1.onloadeddata = function() {<br />
var mixer = in1.startStream().createProcessor();<br />
var in2 = document.getElementById("in2");<br />
in2.delay = in1.duration;<br />
mixer.addStream(in2.startStream());<br />
document.getElementById("out").src = mixer;<br />
}<br />
&lt;/script&gt;<br />
<br />
8) Seamlessly switch from one input stream to another, e.g. to implement adaptive streaming <br />
<br />
&lt;mediaresource src="in1.webm" id="in1" preload&gt;&lt;/mediaresource&gt;<br />
&lt;mediaresource src="in2.webm" id="in2"&gt;&lt;/mediaresource&gt;<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
var stream1 = document.getElementById("in1").startStream();<br />
var mixer = stream1.createProcessor();<br />
document.getElementById("out").src = mixer;<br />
function switchStreams() {<br />
var in2 = document.getElementById("in2");<br />
in2.currentTime = stream1.currentTime;<br />
var stream2 = in2.startStream();<br />
stream2.volume = 0;<br />
stream2.live = true; // don't block while this stream is playing<br />
mixer.addStream(stream2);<br />
stream2.onplaying = function() {<br />
if (mixer.inputs[0] == stream1) {<br />
stream2.volume = 1.0;<br />
stream2.live = false; // allow output to block while this stream is playing<br />
mixer.removeStream(stream1);<br />
}<br />
}<br />
}<br />
&lt;/script&gt;<br />
<br />
9) Synthesize samples from JS data <br />
<br />
&lt;audio id="out" autoplay&gt;&lt;/audio&gt;<br />
&lt;script&gt;<br />
document.getElementById("out").src =<br />
new StreamProcessor(new Worker("synthesizer.js"));<br />
&lt;/script&gt;<br />
<br />
10) Trigger a sound sample to be played through the effects graph ASAP but without causing any blocking <br />
<br />
&lt;script&gt;<br />
var effectsMixer = ...;<br />
function playSound(src) {<br />
var audio = new Audio(src);<br />
audio.oncanplaythrough = new function() {<br />
var stream = audio.getStream();<br />
stream.live = true;<br />
stream.onended = function() { effectsMixer.removeStream(stream); }<br />
effectsMixer.addStream(stream);<br />
}<br />
}<br />
&lt;/script&gt;<br />
<br />
= Alternate Proposals =<br />
<br />
W3C-RTC charter (Harald et. al.): [RTCStreamAPI]<br />
WhatWG proposal (Ian et. al.): ??</div>Ananthttps://wiki.mozilla.org/index.php?title=RTCStreamAPI&diff=296410RTCStreamAPI2011-04-06T17:34:54Z<p>Anant: </p>
<hr />
<div>This doc specifies an API, and the semantics thereof, for manipulating point-to-point connections that use ICE / STUN / TURN to set up audio and video flows using RTP through a Javascript interface that can be implemented in browsers.<br />
<br />
It is expressed using WebIDL syntax, which should suffice to completely specify a Javascript API. Other specifications can specify concrete APIs that expose this functionality in other languages.<br><br />
<br />
'''Overview'''<br>The goal of this API is to provide a high-level interface to allow developers to create media sessions, such as used in phone calls, games or multiparty video conferences.<br><br />
<br />
'''Goals'''<br>● Support for voice and video sessions.<br>● Support for data transfer.<br>● Support for handling multiple voice and video streams, possibly multiplexing them onto a lower number of transports<br>● Support for encryption of media.<br>● Safe for untrusted content, with user permission.<br>● High performance; suitable for high-throughput applications such as HD video conferencing<br>● Does not depend on any specific signaling service or protocol.<br>● Able to exchange media with existing RTP/(S)AVP(F) endpoints that are ICE-aware.<br />
<br />
'''Non-Goals'''<br>● Complete interoperation with legacy (non-ICE-aware) endpoints.<br>● Direct support for SIP or XMPP<br />
<br />
'''History and previous names'''<br>This interface was at various times known as ConnectionPeer, being evolved from the ConnectionPeer of the HTML5 proposal (as of March 2011 named PeerConnection).<br>The current name, RtcSession, is chosen to reflect that this is intended for real-time connections at a higher level than a transport (“byte transmission”) interface.<br />
<br />
<br>'''References'''<br>Sockets API: http://dev.w3.org/html5/websockets/<br />
<br />
The channel spec is here:<br>http://www.whatwg.org/specs/web-apps/current-work/#channel-messaging<br>The current HTML5 specification for video conferencing is here:<br>http://www.whatwg.org/specs/web-apps/current-work/#video-conferencing-and-peer-to-peer-communication<br>The section entitled “Peer to peer connections” (currently section 9.4) from that reference are intended to be obsoleted by this document.<br />
<br />
A proposed interface "Session" by Justin Uberti contributed some concepts:<br>https://docs.google.com/a/google.com/document/d/16fQmZxV-Re8esLDstcIuVL3RDxj1aDY8UkJtPoRymv0/edit?hl=en#<br />
<br />
A proposed “transport” interface, which this can possibly be layered on top of:<br>https://docs.google.com/a/google.com/document/d/1lpBlkkyH4UzHVUrSfUcfO-nfURk6WMYBPzca-d3PXbc/edit?hl=en#<br />
<br />
<br>'''The RtcSession interface'''<br>This specification replaces the one in the HTML5 specification as of Feb 14, 2011.<br />
<br />
A RtcSession is a higher level object that encompasses all information about the media and data flow between two peers, and knows how to use the signalling path to handle changes in the devices.<br>It may encompass a number of RTP sessions. If mapped into SDP, its state at any given time can be represented by a single SDP session.<br />
<br />
It is an interface to underlying subsystems of the browser; it makes no sense to think of it as an object with independent existence. In particular, the data flows that flow through a RtcSession, and are configured via the Stream objects described below, are not directly accessible to JavaScript; they are internal functions inside the browser.<br />
<br />
It is created via a factory object, and initialized via a formatted string.<br />
<br />
To illustrate the use of the API, this HTML creates a very simple videophone initiator:<br />
<blockquote><br />
&lt;video id=”display”&gt;<br>&lt;audio id=”speaker”&gt;<br>&lt;device id=”camera” type=”video”&gt;<br>&lt;device id=”microphone” type=”audio”&gt;<br>&lt;script&gt;<br> configstring = “{“stun_service”: { “host”: “stun.example.com” }}”<br> var factory = new RtcSessionFactory(configstring);<br> var connection = factory.CreateSession();<br> connection.onOutgoingNegotiationItem = function(session, item) {<br> // Not specified: How to transmit the negotiation item<br> }<br> connection.onOutgoingNegotiationBlob = sendToServer;<br> connection.addOutgoingMedia(“camera”, camera.data)<br> connection.addOutgoingMedia(“microphone”, microphone.data)<br> display.src = connection.expectIncomingMedia(videoconfig).url<br> speaker.src = connection.expectIncomingMedia(audioconfig).url<br> // At this point, we have the information needed to perform<br> // the negotiation.<br> connection.Connect();<br />
<br />
connection.onConnect = StartSendingMedia();<br> StartSendingMedia() {<br> alert(“Your camera and microphone will now be turned on”);<br> connection.OutgoingMedia(“camera”).unmute();<br> connection.OutgoingMedia(“microphone”).unmute();<br> }<br> // Function called by whatever function receives negotiation data<br> function incomingNegotiationHandler(item) {<br> connection.IncomingNegotiationItem(item)<br> }<br>&lt;/script&gt;<br />
</blockquote><br />
The API for a RtcSession, the object that defines a single group of media connections going to one other participant, iis defined below. It uses the concepts of “StreamSource” and “StreamSink” that are described further on in this document.<br />
<blockquote><br />
[Constructor(in DOMString config)]<br />
<br />
interface RtcSessionFactory {<br>RtcSession CreateSession();<br> };<br />
<br />
<br>interface RtcSession {<br> // Initializes a StreamSource of a requested<br> // type/configuration.<br> StreamSource expectIncomingMedia(in DOMString config);<br> // Alternative handler: Set up a callback instead of getting<br> // the object. The callback will be called when a compatible<br> // incoming media stream is requested from the other end.<br> void expectIncomingMedia(in DOMString media_config,<br> in Function media_handler);<br> void addOutgoingMedia(in DOMString media_config,<br> in StreamSource stream);<br> // Called when all media info has been entered.<br> void connect();<br> // Access to resources, indexed by ID<br> StreamSink OutgoingMedia(in DOMString id);<br> StreamSource IncomingMedia(in DOMString id);<br> // Events<br> // Negotiation finished. Media can be sent.<br> attribute Function onconnect;<br> attribute Function onmediachange; // media starts or stops<br> attribute Function onerror;<br>// f.ex. connection broken and can’t be reestablished<br />
<br />
// Connection negotiation.<br>// The handler will<br>// be called when a RtcSession reuests an outgoing<br>// connection. Details TBD.<br>attribute Function onOutgoingNegotiationItem; <br>void IncomingNegotiationItem(DOMString item);<br> // Functions for querying status are TBD.<br> // More functions for detailed manipulation can be added <br> /// at-will.<br>}<br />
</blockquote><br />
<br>'''Streams'''<br>A Stream is an interface that controls data flows. It supports:<br>● Identification<br>● Connecting a source (StreamSource object) to one or more sinks (StreamSink object).<br />
<br />
<br>The id is guaranteed to be unique across all items on the same class in an app context (there is no guarantee that it’s globally unuque, or that all StreamSources have ids distinct from all StreamSinks).<br />
<br />
The usual usage of a stream is that one creates streams using factory functions of other objects. Some of these return objects that implement the StreamSink interface, some return objects that implement the StreamSource interface, some may return objects that implement both.<br />
<br />
A StreamSource and StreamSink can be connected:<br />
<blockquote><br />
ChannelA.add_data_recipient(ChannelB)<br />
<br />
Conceptually, one can imagine that this connection is implemented in terms of an “onmessage” event handler in ChannelA that calls a function in ChannelB to pass the data:<br />
<br />
ChannelA.onmessage = function(event) {<br> ChannelB.send(event.data)<br>}<br />
</blockquote><br />
but in practical implementation, the data will not be accessible to outside inspection.<br />
<br />
It is possible to connect multiple StreamSources to one StreamSink (mixing). If the sink does not support the requested mixing, the add_data_recipient call will throw an &lt;IncompatibleDestination&gt; exception.<br />
<br />
It is possible to connect a StreamSource to multiple StreamSinks (split, for instance used in self-view provisioning).<br />
<br />
When a StreamSink is connected to a StreamSource, the add_data_recipient call may thrown an &lt;IncompatibleDestination&gt; exception if the types are incompatible (codec mismatch, or connecting a video stream to an audio-only device).<br />
<blockquote><br />
interface StreamSource {<br> void Mute();<br> void Unmute();<br> // Define where data will be sent.<br> void add_data_recipient(StreamSink recipient);<br> readonly attribute DOMString id;<br> // Where data are currently being sent.<br> // It is not certain that these need to be exposed.<br> attribute StreamSink[] data_recipients;<br> // Callback when media stops being available<br> attribute Function onerror;<br>}<br />
<br />
interface StreamSink {<br> readonly attribute DOMString id;<br> // Conceptually, but not in practice:<br> // void send(ByteArray data);<br> attribute StreamSource[] data_sources;<br> // Callback when it’s not possible to send data<br> attribute Function onerror;<br>}<br />
</blockquote><br />
There are multiple possible destinations and sources - for instance, one may desire to display video using a &lt;video&gt; tag, a &lt;canvas&gt; tag or a WebGL interface. Rather than adapting to each specific form, we define a constructor for StreamSource and StreamSink that gives a StreamSource or a StreamSink for the DOM object that is going to be used.<br />
<blockquote><br />
function StreamSink(DOMObject something_we_can_stream_to);<br>function StreamSource(DOMObject something_we_can_stream_from);<br />
</blockquote><br />
These return an object with the right handlers.<br>If the implementation doesn’t support streaming to that particular type of device, the &lt;IncompatibleDestination&gt; exception is thrown.<br />
<br />
Configuration strings<br>The configuration strings are serialized JSON objects.<br />
<br />
RtcSessionFactory configuration string<br />
<br />
The RtcSessionFactory initialization string looks like this:<br />
<blockquote><br />
{<br> “stun_service”: { “host”: “stun.example.com”,<br> “service”: “stun”,<br> “protocol”: “udp”<br> },<br> “turn_service”: { “host”: “turn.example.com” }<br>}<br />
</blockquote><br />
The protocol used for negotiation is mediated through the onconnectionrequest handler.<br>If the onconnectionrequest handler is instantiated, it is OK to omit the connectionmediator from the initialization string; if neither is given, “connect()” will throw an IllegalConfiguration exception.<br />
<br />
The STUN server may either be an IP address:port literal, or be a domain name. If it is a domain name, the procedure in section 9 of RFC 5389 (SRV record lookup, with fallback to port 3478 (STUN) or 5349 (STUN over TLS)) is used to establish the IP address and port to use for STUN and TURN.<br>If “service” and “protocol” are omitted, they are assumed to be “stun” and “udp” for stun_service, and “turn” and “udp” for turn_service.<br>For TURN, the procedure is defined in RFC 5766 section 6.1. The procedure of RFC 5928 (using S-NAPTR applications) is not used.<br />
<br />
Media configuration string<br>The media configuration string gives the type of media and any parameters required to refine it further. It is used as part of the input to construct a media negotiation string.<br />
<br />
Example:<br />
<blockquote><br />
{<br> “type”: “video”,<br> “label”: “my-own-label”,<br> “width”: “640”,<br> “height”: “360”,<br> “max-bitrate”: 1024000<br>}<br />
</blockquote><br />
“type” MUST be present. All other attributes are optional.<br>If “label” is present, it MUST be unique within the set of streams of this class. If it is absent, the implementation will generate an unique string.<br>The “type” is one of “video” or “audio”. The implementation may support other types. (TODO: Add “data” once there is an agreed proposal for how to transport data)<br>The “label” attribute conforms to the syntax of RFC 4574 section 4 “Label” attributes (ASCII with some syntax-sensitive characters disallowed).<br />
<br />
For video, the attribute “size” gives the width x height in pixels of the largest display area that makes sense to the caller; it is used by the video engine to select a suitable video stream resolution, but it gives no guarantee that the resulting video stream will have exactly that resolution.<br />
<br />
Media negotiation string<br>The media negotiation string is passed across the negotiation interface. It contains the information required to negotiate media.<br />
<br />
While the SDP format is universally understood to have multiple flaws that mean we should not emulate or require it, it is also relatively common to use SDP in an offer/answer mode to communicate the information needed for setup - which means that it is at least able to represent the information needed. The fields below are picked to make it obvious how they are mapped to SDP fields; there is no assumption that all SDP fields make sense in this format.<br />
<br />
Example:<br />
<blockquote><br />
{<br>// session level parameters go here.<br>“media”: [<br> {<br> // media-level parameters go here - one array entry per element.<br> // MIME type, parameters:<br> label: “my-own-label”,<br> rtpmap: [<br> “97”: {codec: “video/vp8”}<br> ]<br> attributes: [ // these correspond to a:xxx lines<br> ice-pwd: “asd88fgpdd777uzjYhagZg”,<br> ice-ufrag: 8hhY<br> candidate: [<br> {component: 1 foundation:1 generation:1 proto:UDP <br> priority:2130706431<br> ip:10.0.1.1 port:8998 type:host}<br> {component: 1 foundation:2 proto:UDP<br> priority:1694498815<br> ip:192.0.2.3 port:45664<br> type:srflx raddr:10.0.1.1 rport:8998}<br> ]<br> ]<br> }<br>] // end of “media”<br>}<br />
</blockquote><br />
Connection establishment event flow<br>To initiate a call, an application will create an RtcSession object and initialize it to know what sources and sinks to request, and then call the “connect” method. The object will then do internal processing to emit one or more calls to the “onOutgoingNegotiatonItem” callback; the media negotiation string will be sufficient to construct (if required) an SDP “offer” for use in a SIP exchange.<br />
<br />
The responding peer, if it is of the same type, will construct an RtcSession object and call its IncomingNegotiationItem() function with the passed information. If the negotiation ins successful, it will call its onOutgoingNegotiationItem callback, which is assumed to pass the information to the initiating peer.<br />
<br />
The initiating peer’s application will then call its IncomingNegotiationItem function; if the answer is acceptable to the initiator, “onconnect” is signalled.<br />
<br />
The session description strings sent to a RtcSession need to contain all the information needed to successfully negotiate a multimedia connection.<br />
<br />
'''Appendix: SDP description of a codec setup'''<br>Copied from RFC 4317, SDP offer/answer examples.<br />
<blockquote><br />
[Offer,]<br />
<br />
v=0<br> o=alice 2890844526 2890844526 IN IP4 host.atlanta.example.com<br> s=<br> c=IN IP4 host.atlanta.example.com<br> t=0 0<br> m=audio 49170 RTP/AVP 0 8 97<br> a=rtpmap:0 PCMU/8000<br> a=rtpmap:8 PCMA/8000<br> a=rtpmap:97 iLBC/8000<br> m=video 51372 RTP/AVP 31 32<br> a=rtpmap:31 H261/90000<br> a=rtpmap:32 MPV/90000<br />
<br />
[Answer]<br />
<br />
v=0<br> o=bob 2808844564 2808844564 IN IP4 host.biloxi.example.com<br> s=<br> c=IN IP4 host.biloxi.example.com<br> t=0 0<br> m=audio 49172 RTP/AVP 0 8<br> a=rtpmap:0 PCMU/8000<br> a=rtpmap:8 PCMA/8000<br> m=video 0 RTP/AVP 31<br> a=rtpmap:31 H261/90000<br />
</blockquote><br />
<br>'''Appendix: ICE info in session control protocols'''<br>The session description strings need to contain all the information needed to successfully set up a bidirectional datagram transport. This section reproduces readily available examples of how this information is represented in SDP and XMPP.<br>This is included to make sure the expressive power of the ICE info in media negotiation strings is sufficient.<br />
<blockquote><br />
Example using SDP<br>Example from RFC 5245 (note that these assume ICE is in use):<br>a=ice-pwd:asd88fgpdd777uzjYhagZg<br>a=ice-ufrag:8hhY<br>a=candidate:1 1 UDP 2130706431 10.0.1.1 8998 typ host<br>a=candidate:2 1 UDP 1694498815 192.0.2.3 45664 typ srflx raddr 10.0.1.1 rport 8998<br>Example using XMPP<br>Example from XEP-176:<br> &lt;transport xmlns='urn:xmpp:jingle:transports:ice-udp:1'<br> pwd='asd88fgpdd777uzjYhagZg'<br> ufrag='8hhy'&gt;<br> &lt;candidate component='1'<br> foundation='1'<br> generation='0'<br> id='el0747fg11'<br> ip='10.0.1.1'<br> network='1'<br> port='8998'<br> priority='2130706431'<br> protocol='udp'<br> type='host'/&gt;<br> &lt;candidate component='1'<br> foundation='2'<br> generation='0'<br> id='y3s2b30v3r'<br> ip='192.0.2.3'<br> network='1'<br> port='45664'<br> priority='1694498815'<br> protocol='udp'<br> rel-addr='10.0.1.1'<br> rel-port='8998'<br> type='srflx'/&gt;<br> &lt;/transport&gt;<br><br><br />
</blockquote></div>Ananthttps://wiki.mozilla.org/index.php?title=RTCStreamAPI&diff=296408RTCStreamAPI2011-04-06T17:28:46Z<p>Anant: Created page with "This doc specifies an API, and the semantics thereof, for manipulating point-to-point connections that use ICE / STUN / TURN to set up audio and video flows using RTP through a J..."</p>
<hr />
<div>This doc specifies an API, and the semantics thereof, for manipulating point-to-point connections that use ICE / STUN / TURN to set up audio and video flows using RTP through a Javascript interface that can be implemented in browsers.<br />
<br />
It is expressed using WebIDL syntax, which should suffice to completely specify a Javascript API. Other specifications can specify concrete APIs that expose this functionality in other languages.<br />
Overview<br />
The goal of this API is to provide a high-level interface to allow developers to create media sessions, such as used in phone calls, games or multiparty video conferences.<br />
Goals<br />
<br />
Support for voice and video sessions.<br />
Support for data transfer.<br />
Support for handling multiple voice and video streams, possibly multiplexing them onto a lower number of transports<br />
Support for encryption of media.<br />
Safe for untrusted content, with user permission.<br />
High performance; suitable for high-throughput applications such as HD video conferencing<br />
Does not depend on any specific signaling service or protocol.<br />
Able to exchange media with existing RTP/(S)AVP(F) endpoints that are ICE-aware.<br />
<br />
<br />
Non-Goals<br />
<br />
Complete interoperation with legacy (non-ICE-aware) endpoints.<br />
Direct support for SIP or XMPP<br />
<br />
<br />
History and previous names<br />
This interface was at various times known as ConnectionPeer, being evolved from the ConnectionPeer of the HTML5 proposal (as of March 2011 named PeerConnection).<br />
The current name, RtcSession, is chosen to reflect that this is intended for real-time connections at a higher level than a transport (“byte transmission”) interface.<br />
References<br />
Sockets API: http://dev.w3.org/html5/websockets/<br />
<br />
The channel spec is here:<br />
http://www.whatwg.org/specs/web-apps/current-work/#channel-messaging<br />
The current HTML5 specification for video conferencing is here:<br />
http://www.whatwg.org/specs/web-apps/current-work/#video-conferencing-and-peer-to-peer-communication<br />
The section entitled “Peer to peer connections” (currently section 9.4) from that reference are intended to be obsoleted by this document.<br />
<br />
A proposed interface "Session" by Justin Uberti contributed some concepts:<br />
https://docs.google.com/a/google.com/document/d/16fQmZxV-Re8esLDstcIuVL3RDxj1aDY8UkJtPoRymv0/edit?hl=en#<br />
<br />
A proposed “transport” interface, which this can possibly be layered on top of:<br />
https://docs.google.com/a/google.com/document/d/1lpBlkkyH4UzHVUrSfUcfO-nfURk6WMYBPzca-d3PXbc/edit?hl=en#<br />
<br />
The RtcSession interface<br />
This specification replaces the one in the HTML5 specification as of Feb 14, 2011.<br />
<br />
A RtcSession is a higher level object that encompasses all information about the media and data flow between two peers, and knows how to use the signalling path to handle changes in the devices.<br />
It may encompass a number of RTP sessions. If mapped into SDP, its state at any given time can be represented by a single SDP session.<br />
<br />
It is an interface to underlying subsystems of the browser; it makes no sense to think of it as an object with independent existence. In particular, the data flows that flow through a RtcSession, and are configured via the Stream objects described below, are not directly accessible to JavaScript; they are internal functions inside the browser.<br />
<br />
It is created via a factory object, and initialized via a formatted string.<br />
<br />
To illustrate the use of the API, this HTML creates a very simple videophone initiator:<br />
<br />
<video id=”display”><br />
<audio id=”speaker”><br />
<device id=”camera” type=”video”><br />
<device id=”microphone” type=”audio”><br />
<script><br />
configstring = “{“stun_service”: { “host”: “stun.example.com” }}”<br />
var factory = new RtcSessionFactory(configstring);<br />
var connection = factory.CreateSession();<br />
connection.onOutgoingNegotiationItem = function(session, item) {<br />
// Not specified: How to transmit the negotiation item<br />
}<br />
connection.onOutgoingNegotiationBlob = sendToServer;<br />
connection.addOutgoingMedia(“camera”, camera.data)<br />
connection.addOutgoingMedia(“microphone”, microphone.data)<br />
display.src = connection.expectIncomingMedia(videoconfig).url<br />
speaker.src = connection.expectIncomingMedia(audioconfig).url<br />
// At this point, we have the information needed to perform<br />
// the negotiation.<br />
connection.Connect();<br />
<br />
connection.onConnect = StartSendingMedia();<br />
StartSendingMedia() {<br />
alert(“Your camera and microphone will now be turned on”);<br />
connection.OutgoingMedia(“camera”).unmute();<br />
connection.OutgoingMedia(“microphone”).unmute();<br />
}<br />
// Function called by whatever function receives negotiation data<br />
function incomingNegotiationHandler(item) {<br />
connection.IncomingNegotiationItem(item)<br />
}<br />
</script><br />
<br />
The API for a RtcSession, the object that defines a single group of media connections going to one other participant, iis defined below. It uses the concepts of “StreamSource” and “StreamSink” that are described further on in this document.<br />
<br />
[Constructor(in DOMString config)]<br />
<br />
interface RtcSessionFactory {<br />
<br />
RtcSession CreateSession();<br />
};<br />
<br />
interface RtcSession {<br />
<br />
// Initializes a StreamSource of a requested<br />
<br />
// type/configuration.<br />
<br />
StreamSource expectIncomingMedia(in DOMString config);<br />
<br />
// Alternative handler: Set up a callback instead of getting<br />
<br />
// the object. The callback will be called when a compatible<br />
<br />
// incoming media stream is requested from the other end.<br />
<br />
void expectIncomingMedia(in DOMString media_config,<br />
<br />
in Function media_handler);<br />
<br />
void addOutgoingMedia(in DOMString media_config,<br />
<br />
in StreamSource stream);<br />
<br />
// Called when all media info has been entered.<br />
<br />
void connect();<br />
<br />
// Access to resources, indexed by ID<br />
<br />
StreamSink OutgoingMedia(in DOMString id);<br />
<br />
StreamSource IncomingMedia(in DOMString id);<br />
<br />
// Events<br />
<br />
// Negotiation finished. Media can be sent.<br />
<br />
attribute Function onconnect;<br />
<br />
attribute Function onmediachange; // media starts or stops<br />
<br />
attribute Function onerror;<br />
<br />
// f.ex. connection broken and can’t be reestablished<br />
<br />
// Connection negotiation.<br />
<br />
// The handler will<br />
<br />
// be called when a RtcSession reuests an outgoing<br />
<br />
// connection. Details TBD.<br />
<br />
attribute Function onOutgoingNegotiationItem; <br />
<br />
void IncomingNegotiationItem(DOMString item);<br />
<br />
// Functions for querying status are TBD.<br />
<br />
// More functions for detailed manipulation can be added <br />
<br />
/// at-will.<br />
<br />
}<br />
<br />
Streams<br />
A Stream is an interface that controls data flows. It supports:<br />
<br />
Identification<br />
Connecting a source (StreamSource object) to one or more sinks (StreamSink object).<br />
<br />
<br />
<br />
<br />
The id is guaranteed to be unique across all items on the same class in an app context (there is no guarantee that it’s globally unuque, or that all StreamSources have ids distinct from all StreamSinks).<br />
<br />
The usual usage of a stream is that one creates streams using factory functions of other objects. Some of these return objects that implement the StreamSink interface, some return objects that implement the StreamSource interface, some may return objects that implement both.<br />
<br />
A StreamSource and StreamSink can be connected:<br />
<br />
ChannelA.add_data_recipient(ChannelB)<br />
<br />
Conceptually, one can imagine that this connection is implemented in terms of an “onmessage” event handler in ChannelA that calls a function in ChannelB to pass the data:<br />
<br />
ChannelA.onmessage = function(event) {<br />
ChannelB.send(event.data)<br />
}<br />
<br />
but in practical implementation, the data will not be accessible to outside inspection.<br />
<br />
It is possible to connect multiple StreamSources to one StreamSink (mixing). If the sink does not support the requested mixing, the add_data_recipient call will throw an <IncompatibleDestination> exception.<br />
<br />
It is possible to connect a StreamSource to multiple StreamSinks (split, for instance used in self-view provisioning).<br />
<br />
When a StreamSink is connected to a StreamSource, the add_data_recipient call may thrown an <IncompatibleDestination> exception if the types are incompatible (codec mismatch, or connecting a video stream to an audio-only device).<br />
<br />
interface StreamSource {<br />
void Mute();<br />
void Unmute();<br />
// Define where data will be sent.<br />
void add_data_recipient(StreamSink recipient);<br />
readonly attribute DOMString id;<br />
// Where data are currently being sent.<br />
// It is not certain that these need to be exposed.<br />
attribute StreamSink[] data_recipients;<br />
// Callback when media stops being available<br />
attribute Function onerror;<br />
}<br />
<br />
interface StreamSink {<br />
readonly attribute DOMString id;<br />
// Conceptually, but not in practice:<br />
// void send(ByteArray data);<br />
attribute StreamSource[] data_sources;<br />
// Callback when it’s not possible to send data<br />
attribute Function onerror;<br />
}<br />
<br />
There are multiple possible destinations and sources - for instance, one may desire to display video using a <video> tag, a <canvas> tag or a WebGL interface. Rather than adapting to each specific form, we define a constructor for StreamSource and StreamSink that gives a StreamSource or a StreamSink for the DOM object that is going to be used.<br />
<br />
function StreamSink(DOMObject something_we_can_stream_to);<br />
function StreamSource(DOMObject something_we_can_stream_from);<br />
<br />
These return an object with the right handlers.<br />
If the implementation doesn’t support streaming to that particular type of device, the <IncompatibleDestination> exception is thrown.<br />
Configuration strings<br />
The configuration strings are serialized JSON objects.<br />
RtcSessionFactory configuration string<br />
<br />
The RtcSessionFactory initialization string looks like this:<br />
<br />
{<br />
“stun_service”: { “host”: “stun.example.com”,<br />
“service”: “stun”,<br />
“protocol”: “udp”<br />
},<br />
“turn_service”: { “host”: “turn.example.com” }<br />
}<br />
<br />
The protocol used for negotiation is mediated through the onconnectionrequest handler.<br />
If the onconnectionrequest handler is instantiated, it is OK to omit the connectionmediator from the initialization string; if neither is given, “connect()” will throw an IllegalConfiguration exception.<br />
<br />
The STUN server may either be an IP address:port literal, or be a domain name. If it is a domain name, the procedure in section 9 of RFC 5389 (SRV record lookup, with fallback to port 3478 (STUN) or 5349 (STUN over TLS)) is used to establish the IP address and port to use for STUN and TURN.<br />
If “service” and “protocol” are omitted, they are assumed to be “stun” and “udp” for stun_service, and “turn” and “udp” for turn_service.<br />
For TURN, the procedure is defined in RFC 5766 section 6.1. The procedure of RFC 5928 (using S-NAPTR applications) is not used.<br />
Media configuration string<br />
The media configuration string gives the type of media and any parameters required to refine it further. It is used as part of the input to construct a media negotiation string.<br />
<br />
Example:<br />
<br />
{<br />
“type”: “video”,<br />
“label”: “my-own-label”,<br />
“width”: “640”,<br />
“height”: “360”,<br />
“max-bitrate”: 1024000<br />
}<br />
<br />
“type” MUST be present. All other attributes are optional.<br />
If “label” is present, it MUST be unique within the set of streams of this class. If it is absent, the implementation will generate an unique string.<br />
The “type” is one of “video” or “audio”. The implementation may support other types. (TODO: Add “data” once there is an agreed proposal for how to transport data)<br />
The “label” attribute conforms to the syntax of RFC 4574 section 4 “Label” attributes (ASCII with some syntax-sensitive characters disallowed).<br />
<br />
For video, the attribute “size” gives the width x height in pixels of the largest display area that makes sense to the caller; it is used by the video engine to select a suitable video stream resolution, but it gives no guarantee that the resulting video stream will have exactly that resolution.<br />
<br />
Media negotiation string<br />
The media negotiation string is passed across the negotiation interface. It contains the information required to negotiate media.<br />
<br />
While the SDP format is universally understood to have multiple flaws that mean we should not emulate or require it, it is also relatively common to use SDP in an offer/answer mode to communicate the information needed for setup - which means that it is at least able to represent the information needed. The fields below are picked to make it obvious how they are mapped to SDP fields; there is no assumption that all SDP fields make sense in this format.<br />
<br />
Example:<br />
<br />
{<br />
// session level parameters go here.<br />
“media”: [<br />
{<br />
// media-level parameters go here - one array entry per element.<br />
// MIME type, parameters:<br />
label: “my-own-label”,<br />
rtpmap: [<br />
“97”: {codec: “video/vp8”}<br />
]<br />
attributes: [ // these correspond to a:xxx lines<br />
ice-pwd: “asd88fgpdd777uzjYhagZg”,<br />
ice-ufrag: 8hhY<br />
candidate: [<br />
{component: 1 foundation:1 generation:1 proto:UDP <br />
priority:2130706431<br />
ip:10.0.1.1 port:8998 type:host}<br />
{component: 1 foundation:2 proto:UDP<br />
priority:1694498815<br />
ip:192.0.2.3 port:45664<br />
type:srflx raddr:10.0.1.1 rport:8998}<br />
]<br />
]<br />
}<br />
] // end of “media”<br />
}<br />
Connection establishment event flow<br />
To initiate a call, an application will create an RtcSession object and initialize it to know what sources and sinks to request, and then call the “connect” method. The object will then do internal processing to emit one or more calls to the “onOutgoingNegotiatonItem” callback; the media negotiation string will be sufficient to construct (if required) an SDP “offer” for use in a SIP exchange.<br />
<br />
The responding peer, if it is of the same type, will construct an RtcSession object and call its IncomingNegotiationItem() function with the passed information. If the negotiation ins successful, it will call its onOutgoingNegotiationItem callback, which is assumed to pass the information to the initiating peer.<br />
<br />
The initiating peer’s application will then call its IncomingNegotiationItem function; if the answer is acceptable to the initiator, “onconnect” is signalled.<br />
<br />
The session description strings sent to a RtcSession need to contain all the information needed to successfully negotiate a multimedia connection.<br />
Appendix: SDP description of a codec setup<br />
Copied from RFC 4317, SDP offer/answer examples.<br />
<br />
[Offer,]<br />
<br />
v=0<br />
o=alice 2890844526 2890844526 IN IP4 host.atlanta.example.com<br />
s=<br />
c=IN IP4 host.atlanta.example.com<br />
t=0 0<br />
m=audio 49170 RTP/AVP 0 8 97<br />
a=rtpmap:0 PCMU/8000<br />
a=rtpmap:8 PCMA/8000<br />
a=rtpmap:97 iLBC/8000<br />
m=video 51372 RTP/AVP 31 32<br />
a=rtpmap:31 H261/90000<br />
a=rtpmap:32 MPV/90000<br />
<br />
[Answer]<br />
<br />
v=0<br />
o=bob 2808844564 2808844564 IN IP4 host.biloxi.example.com<br />
s=<br />
c=IN IP4 host.biloxi.example.com<br />
t=0 0<br />
m=audio 49172 RTP/AVP 0 8<br />
a=rtpmap:0 PCMU/8000<br />
a=rtpmap:8 PCMA/8000<br />
m=video 0 RTP/AVP 31<br />
a=rtpmap:31 H261/90000<br />
<br />
Appendix: ICE info in session control protocols<br />
The session description strings need to contain all the information needed to successfully set up a bidirectional datagram transport. This section reproduces readily available examples of how this information is represented in SDP and XMPP.<br />
This is included to make sure the expressive power of the ICE info in media negotiation strings is sufficient.<br />
Example using SDP<br />
Example from RFC 5245 (note that these assume ICE is in use):<br />
a=ice-pwd:asd88fgpdd777uzjYhagZg<br />
a=ice-ufrag:8hhY<br />
a=candidate:1 1 UDP 2130706431 10.0.1.1 8998 typ host<br />
a=candidate:2 1 UDP 1694498815 192.0.2.3 45664 typ srflx raddr 10.0.1.1 rport 8998<br />
Example using XMPP<br />
Example from XEP-176:<br />
<transport xmlns='urn:xmpp:jingle:transports:ice-udp:1'<br />
pwd='asd88fgpdd777uzjYhagZg'<br />
ufrag='8hhy'><br />
<candidate component='1'<br />
foundation='1'<br />
generation='0'<br />
id='el0747fg11'<br />
ip='10.0.1.1'<br />
network='1'<br />
port='8998'<br />
priority='2130706431'<br />
protocol='udp'<br />
type='host'/><br />
<candidate component='1'<br />
foundation='2'<br />
generation='0'<br />
id='y3s2b30v3r'<br />
ip='192.0.2.3'<br />
network='1'<br />
port='45664'<br />
priority='1694498815'<br />
protocol='udp'<br />
rel-addr='10.0.1.1'<br />
rel-port='8998'<br />
type='srflx'/><br />
</transport></div>Ananthttps://wiki.mozilla.org/index.php?title=Services/Sync/WEP/115&diff=230890Services/Sync/WEP/1152010-06-15T18:31:10Z<p>Anant: /* “Secret Phrase” considered harmful */</p>
<hr />
<div>= WEP 115 Mongolian Crypto Scheme for Firefox Sync =<br />
<br />
* Champions: Zandr Milewski <zandr at mozilla dot com><br />
* Status: Draft<br />
* Created: 13 Jun 2010<br />
* [[Labs/Weave/WEPs|WEP Index]]<br />
<br />
The current username/password/secret phrase scheme used for Firefox Sync has desirable privacy properties. However, there are significant UX challenges and opportunities to improve security. This document attempts to distill several email conversations into a single proposal. It is deliberately aimed more at describing user experience than defining implementation details.<br />
<br />
The name continues the "Where were we when Zandr asked a stupid question?" naming convention established by the [http://tahoe-lafs.org Tahoe Project]<br />
= Issues with the current scheme =<br />
== “Secret Phrase” considered harmful ==<br />
The current implementation uses a secret phrase to generate an encryption key to protect user data. The actual scheme is [http://kix.in/2009/10/11/how-does-weave-use-cryptography/ more complex than that], but at the end of the day, the secret to protect is this 256 bit key. This secret is never transmitted to to the server, which means the server cannot access user data. All well and good, but we haven’t been able to communicate this to the end user very well.<br />
=== “A security question would work better.” ===<br />
Users often think that the role of the secret phrase is to verify password recovery requests. There have been several messages on the mailing list about this, suggesting that account setup was too complex, and that security questions would be better.<br />
=== “What do you mean you can’t tell me my secret phrase?” ===<br />
Similarly, there have been messages on the list from users who have lost or forgotten their secret phrase, and thus cannot recover their data from the servers. While Sync was not designed or intended to be a backup service, 70% of our users have only one client. Backup is the only function Sync provides in this case.<br />
<br />
== User-generated long term secrets are often weak ==<br />
Humans are pretty bad at picking passwords. UX concerns have prevented us from requiring a strong secret phrase, and we currently have a 12-character minimum with no further restrictions. Assuming a 94 character alphabet, the [http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf| NIST guidelines] estimate this at a mere 24 bits of entropy. PBKDF2 or not, this is a pretty poor protection for user data, and we can help the user do much better.<br />
= Design Goals =<br />
The server must not be able to read user data. This is the overriding design requirement, and is what sets Sync apart from the competition. The user need not trust the server. The practical implication of this is that we cannot enable any offline attack that is easier than a direct attack on the ciphertext.<br />
== Account setup should be simple ==<br />
The current username/password/secret phrase triplet is confusing and should be simplified.<br />
== Account setup should provide strong secrets ==<br />
The Sync client should generate (pseudo-)random secrets of sufficient length to provide good security.<br />
== Adding clients additional clients should be easy ==<br />
Having good secrets is usually a pain to manage. To the extent possible, the Sync client should manage these secrets for the user, and make transferring them to new clients both easy and secure.<br />
== Recovery from loss of all clients should be possible ==<br />
Competing with all of the above goals, we still need to be able to recover from a loss of all configured clients. This should be handled separately, as it really has nothing in common with the other use cases.<br />
= Proposal =<br />
== Account Setup ==<br />
=== Username ===<br />
While not necessary for many of these use cases, for UX reasons this proposal retains the notion of a username. This is used for a couple of the transfer scenarios, but it’s account metadata, not a primary key.<br />
=== Signing Key ===<br />
Rather than using password to protect access to ciphertext on the server (most importantly, protecting deletion) we use a signing/verifying keypair. Using Elliptic Curve DSA for this allows the private key to be only 256-bits long, and NSS already supports the NIST 256p curve.<br />
At account setup, the client creates this keypair. The private, signing half of this key is the only credential that needs to be transferred to new clients.<br />
Storage on the server is indexed by a hash of the verifying key and a tag indicating the purpose of the hash. We will refer to this hash as the user ID.<br />
=== CAPTCHA ===<br />
To limit account creation to humans, the client will sent a creation request to a Ticket Server. The request contains the verifying key of the new user. The Ticket Server will will sign the request in exchange for a successful CAPTCHA, thus validating the humanity of the user.<br />
The client then presents this signed ticket to a storage server, which creates the storage pool under that user ID. As the creation request is idempotent, there is no requirement for a one-time nonce.<br />
Automated testers could sign account requests with a separate key which could be enabled on the web servers.<br />
<br />
=== Encryption Key ===<br />
Each client also generates a symmetric key for data encryption. Using a hash of the signing key, with a different tag, allows us to use a single 256-bit secret for the entire account. This means that adding a new client requires only this secret to completely configure the client.<br />
== Normal Operations ==<br />
Once the account is created, all storage requests will be signed by the client. The client submits the request, the signature, and the verifying key. The server will then verify the signature and hash the verifying key to select the storage pool. This provides integrity checking of the requests, and restricts access to the holder of the signing key. A single-use nonce could be added here to prevent replay attacks if SSL (preventing recording of messages) is not considered sufficient protection against replays.<br />
== Adding a client ==<br />
Once an account is set up and a client has been configured, all that is necessary to configure a new client is to transfer the signing and encryption keys.<br />
<br />
Adding clients when one is already configured is facilitated using a PAKE protocol. For the purpose of prototyping, J-PAKE is convenient, though our security group has some questions that need resolution. There are other functionally equivalent PAKE protocols that are well understood, but may be patent encumbered.<br />
<br />
These transfers take the following general form:<br />
*Arm an existing client for the transfer. This creates the first key exchange message which is sent to the PAKE server. In addition, a small secret is created and displayed to the user. Very little entropy is required here, picking a word from a dictionary of 1000 or so words is sufficient. This word could be randomly selected, the user could pick a word from a list, or the user could enter one of their own choosing.<br />
*On the new client, retrieve the first message from the PAKE server.<br />
*Enter the secret word on the new client<br />
*The new client and old complete a PAKE handshake. If the old client is online, this completes quickly. It is possible to complete the handshake without having both clients online simultaneously, but it requires 2 round trips to enable the new client.<br />
<br />
It is important to note that protecting this key exchange is only protecting a fixed number of guesses at the secret word, potentially as few as one, though two or three might be desirable to tolerate typos without requiring the user to go back and re-arm the initiating machine. The initiating machine should log and alert the user to all failed guesses. As such, the passwords and nonces described below are not protecting the user credentials, only protecting the ability to attempt a key exchange.<br />
<br />
Several forms of this system are described below. Some of them are easier than others, but if consistency is more desirable than each of use, the last form (“Memorized”) covers all use cases.<br />
=== Email ===<br />
This form uses a strong, single-use nonce to protect the key exchange.<br />
<br />
Arming the client displays the secret word, and helps the user send a strong nonce by email.<br />
<br />
At the new client, click a link in the email, or cut/paste the nonce into the client and enter the secret word.<br />
<br />
The new client completes the PAKE transaction and receives the new credentials.<br />
<br />
=== QR Code ===<br />
If a mobile device has a camera, it is possible for a QR-code to contain all of the credentials. To avoid writing a QR reader ourselves, the QR-code could contain a URL of a custom scheme. This could be attacked by another app registering for that URL scheme, however. As an alternative, the QR code could be used to transfer a strong nonce as in the email case. <br />
<br />
Once the user is satisfied that the legitimate Sync app is running, they enter the secret word.<br />
<br />
The new client completes the PAKE transaction and receives the new credentials.<br />
=== Nearby clients ===<br />
If the two clients are nearby, as transferring credentials from a phone to a desktop machine, an email path is not required.<br />
<br />
Instead of a strong nonce, a combination of a username and short nonce or username and password could be used to protect the key exchange. This password could be short or long term.<br />
<br />
The user will arm a transfer on the phone, which will show a nonce or prompt for a password. It will then show the secret word.<br />
<br />
The user enters the username, nonce or password, and secret word on the new client. <br />
<br />
The new client completes the PAKE transaction and receives the new credentials.<br />
<br />
=== Memorized ===<br />
If email is infeasible, then a username/password pair can be used to protect the key exchange as in the “Nearby Clients” case above.<br />
<br />
The user arms the transfer on the old client, which prompts for a password and displays the secret word.<br />
<br />
== Recovery ==<br />
During account setup, we need to do a bit of user education. What makes Sync private and secure is that the server doesn't ever have the user's keys. What makes recovery challenging is that the server doesn't ever have the user's keys.<br />
<br />
I think there should be a message something like “Would you like to create a backup of your Sync login?” with an offer to create an artifact that will allow account recovery. This should contain instructions to keep this artifact somewhere safe. The combination of the username and this artifact will allow configuration of a new client.<br />
=== File ===<br />
The simplest for most people, just put the credentials in a file that they can keep in a safe place such as a backup or thumb drive. This could be encrypted with a user password, but this creates something else for the user to forget.<br />
=== QR Code ===<br />
Back to QR codes again, but it’s a simple way to encode a big binary blob in a form that could be printed and stuck in a drawer. Comments about encrypting credentials in a file apply here as well.<br />
=== Word List ===<br />
Rather than give a user a long hex (or worse, base64) string to type back in when recovering, we could provide a list of words to print. PGPfone developed [http://web.mit.edu/network/pgpfone/manual/%23PGP000062| word lists] for authenticating key exchanges, in which an English word represented 8 bits. These have the advantage of being human readable and easily typed. Alternating between two word lists protects against duplication and transposition, and there is sufficient redundancy to allow stemming and spellchecking to reduce the effect of typos. It seems somewhat absurd at first blush, but a 256-bit symmetric key would only be 32 words using those dictionaries. This is an interesting issue for localization, as the word lists were selected for maximum phonetic distance in English, and I'm not sure our localizers would appreciate generating similar lists. <br />
= System Changes =<br />
== New components ==<br />
=== Ticket Server ===<br />
This basically replaces the registration server. Its sole purpose is to sign the new account ticket in exchange for a successful CAPTCHA. In fact, this function could be performed on the web front-ends. As the only additional capability present is signing tickets, separation from the normal webheads doesn’t increase security.<br />
== PAKE Server ==<br />
This server is used to facilitate PAKE handshakes between clients. Using a server to mediate these transfers bypasses problems with firewalls, and allows exchanges between devices that are not online at the same time. As this does not require long-term persistence or bulk data storage, memcached running on the ticket server is probably sufficient. This document does not intend to provide a complete design for the PAKE server, but the basic operations required are just POST and GET. A lower-latency protocol like XMPP would be desirable, but is not required.<br />
== Removed components ==<br />
=== LDAP ===<br />
As the verification key is hashed to find a storage index, there is no specific authentication required. <br />
=== Weaveserver-Registration ===<br />
As noted above, the function of the registration server is replaced by the ticket server, and could easily be performed by the front-end webheads.<br />
=== Weaveserver-Registration-Secure ===<br />
The whole point of this server was to isolate powerful LDAP privileges from the net. As there is no LDAP, there is no need for an isolated server.<br />
== Back-end changes ==<br />
=== Node Assignment ===<br />
Distribution and management of storage pools is enough material for a separate WEP. As a sketch of a basic scheme, a mapping file could be published containing the DNS names of storage nodes and a range of user IDs served by each node. This file would be downloaded periodically by the clients, which would look up the server they should contact. Migration can be achieved by maintaining a table of user IDs to redirect on the old server pointing to the new location of that user's data. Once the migration has been completed, the mapping file can be updated and the redirection removed. <br />
=== Authentication ===<br />
The sync servers no longer authenticate against an external source. They should 404 any requests (other than pool creation with a valid ticket) that reference a non-existent pool, and 401 if the signature is not valid.</div>Anant