Security/Reviews/MozillaApps
From MozillaWiki
Contents
Mozilla App Project Security
About this Page
This page is meant as a general living resources for security information related to the Mozilla App Store project. Individual formal design and implementation reviews should be stored in separate sub-page.
Introduction to Mozilla App Project
The high level goals of the project can be grouped around:
Platform
- provide an open web app playground for easily building portable apps
- extend web technologies into new terrain
- Firefox, JS and IOS/android pieces (maybe chrome os, windows, mac os, etc)
Acquisition and Monetization
- how to improve the web app discovery/acquisition, monetization, etc. strategy (whether we run the store or not is TBD)
Delivering apps/services via the platform
- services around contacts, identity, wallet, etc. Note that monetization implies payment implies identity anyway, at minimum.
Resources
- Technical docs: https://developer.mozilla.org/en/OpenWebApps
- Main site: https://apps.mozillalabs.com
Platform Detail
(As of 3/31/2011)
- An appid is basically a URL for a manifest
- currently contemplating a rule of one app per domain to avoid intra-site security quagmire (vs fighting same-origin)
- therefore an app is really a domain
- the UA keeps a list of apps (URLs)
- apps not required to be hosted on HTTPS (otherwise possible conflict with one-app-per-origin rule?)
- installed app discovery should be easy & seamless (user-agent UI/dashboard, awesome bar integration, etc.)
- domain related app management functionality: query if app is installed, version/update check, list apps installed (from that store), list + delete + launch dashboard (ours, potentially 3rd party ones)
- capabilities was there for a while, but its been pulled for now due to lack of consensus
- permission UI during install vs. at run time is under discussion
- sync integration to help propagate apps to end user devices, maybe with metadata to enumerate supported platforms
- playing with concept apps: web service advertisement and subscription to currently installed apps (i.e. this site provides a photo feed at /services/photostream, would you like to subscribe to it with your Flickr or iPhoto app?)
Milestones
- 2011/3 First Developer Release: http://mozillalabs.com/blog/2011/03/first-developer-release-of-web-apps-project/
- As of 4/1/11: Currently working on PRD, rough draft after all-hands and meet during platform work week. Mike Hanson working on general architectural overview, can have something ready for above meeting.