Security/Reviews/MozillaApps: Difference between revisions
Jump to navigation
Jump to search
(Created page with "= Mozilla App Project Security = == About this Page == This page is meant as a general living resources for security information related to the Mozilla App Store project. Indiv...") |
|||
| (2 intermediate revisions by one other user not shown) | |||
| Line 17: | Line 17: | ||
=== Delivering apps/services via the platform === | === Delivering apps/services via the platform === | ||
* services around contacts, identity, wallet, etc. Note that monetization implies payment implies identity anyway, at minimum. | * services around contacts, identity, wallet, etc. Note that monetization implies payment implies identity anyway, at minimum. | ||
== Resources == | |||
* Technical docs: https://developer.mozilla.org/en/OpenWebApps | |||
* Main site: https://apps.mozillalabs.com | |||
== Platform Detail == | == Platform Detail == | ||
(As of 3/31/2011) | |||
* An appid is basically a URL for a manifest | * An appid is basically a URL for a manifest | ||
* currently contemplating a rule of one app per domain to avoid intra-site security quagmire (vs fighting same-origin) | * currently contemplating a rule of one app per domain to avoid intra-site security quagmire (vs fighting same-origin) | ||
| Line 30: | Line 35: | ||
* sync integration to help propagate apps to end user devices, maybe with metadata to enumerate supported platforms | * sync integration to help propagate apps to end user devices, maybe with metadata to enumerate supported platforms | ||
* playing with concept apps: web service advertisement and subscription to currently installed apps (i.e. this site provides a photo feed at /services/photostream, would you like to subscribe to it with your Flickr or iPhoto app?) | * playing with concept apps: web service advertisement and subscription to currently installed apps (i.e. this site provides a photo feed at /services/photostream, would you like to subscribe to it with your Flickr or iPhoto app?) | ||
== Milestones == | == Milestones == | ||
* 2011/3 First Developer Release: http://mozillalabs.com/blog/2011/03/first-developer-release-of-web-apps-project/ | * 2011/3 First Developer Release: http://mozillalabs.com/blog/2011/03/first-developer-release-of-web-apps-project/ | ||
* As of 4/1/11: Currently working on PRD, rough draft after all-hands and meet during platform work week. Mike Hanson working on general architectural overview, can have something ready for above meeting. | * As of 4/1/11: Currently working on PRD, rough draft after all-hands and meet during platform work week. Mike Hanson working on general architectural overview, can have something ready for above meeting. | ||
Latest revision as of 23:43, 1 April 2011
Mozilla App Project Security
About this Page
This page is meant as a general living resources for security information related to the Mozilla App Store project. Individual formal design and implementation reviews should be stored in separate sub-page.
Introduction to Mozilla App Project
The high level goals of the project can be grouped around:
Platform
- provide an open web app playground for easily building portable apps
- extend web technologies into new terrain
- Firefox, JS and IOS/android pieces (maybe chrome os, windows, mac os, etc)
Acquisition and Monetization
- how to improve the web app discovery/acquisition, monetization, etc. strategy (whether we run the store or not is TBD)
Delivering apps/services via the platform
- services around contacts, identity, wallet, etc. Note that monetization implies payment implies identity anyway, at minimum.
Resources
- Technical docs: https://developer.mozilla.org/en/OpenWebApps
- Main site: https://apps.mozillalabs.com
Platform Detail
(As of 3/31/2011)
- An appid is basically a URL for a manifest
- currently contemplating a rule of one app per domain to avoid intra-site security quagmire (vs fighting same-origin)
- therefore an app is really a domain
- the UA keeps a list of apps (URLs)
- apps not required to be hosted on HTTPS (otherwise possible conflict with one-app-per-origin rule?)
- installed app discovery should be easy & seamless (user-agent UI/dashboard, awesome bar integration, etc.)
- domain related app management functionality: query if app is installed, version/update check, list apps installed (from that store), list + delete + launch dashboard (ours, potentially 3rd party ones)
- capabilities was there for a while, but its been pulled for now due to lack of consensus
- permission UI during install vs. at run time is under discussion
- sync integration to help propagate apps to end user devices, maybe with metadata to enumerate supported platforms
- playing with concept apps: web service advertisement and subscription to currently installed apps (i.e. this site provides a photo feed at /services/photostream, would you like to subscribe to it with your Flickr or iPhoto app?)
Milestones
- 2011/3 First Developer Release: http://mozillalabs.com/blog/2011/03/first-developer-release-of-web-apps-project/
- As of 4/1/11: Currently working on PRD, rough draft after all-hands and meet during platform work week. Mike Hanson working on general architectural overview, can have something ready for above meeting.