Universal Applications

Web Applications can run on any device. They use standard technology that works on desktop PCs, smartphones, and tablets. They can be installed on devices automatically when users authorize their devices, and are personalized so that users keep their preferences and data with them wherever they go.

Personalized Application Collections

The user's collection of web applications is part of their personal data. Web browsers and devices maintain the collection on the user's own hardware. In the Firefox architecture, the list of installed web applications is part of the user's profile data.

Mozilla offers an application sync service that makes it quick and easy for users to keep their application collections in sync across their devices. This synchronization includes all the infrastructure needed to support paid applications, and the list of in-application purchases that the user has made.

Read More:

• Web Client Application API
• Application Dashboard - link needed
• Application Sync Service - link needed

Authenticated Applications

Applications can optionally be "authenticated," which means that the application is stored on the user's devices with a targeted identity. The BrowserID system allows the application to verify this identity at startup. When the application is copied to another device, the identity flows with it, allowing the user to launch the application and get back to their cloud-based state with no per-application login step required.

Read More:

• BrowserID
• Browser ID Directed Identity Assertion - link needed

Paid Applications and In-App Purchases

The Open Web Applications system supports paid applications ranging from free-and-self-published to paid, web-store distribution. Applications can be sold by multiple stores, or sold directly by the publisher. Paid applications are built on top the Authenticated Application system.

When a user purchases an application from a store, the store synthesizes a Web Application Receipt with a purchase type of application and installs the application with the receipt in the appReceipt property of the application's installData. The application later retrieves this receipt and verifies it, proving that the receipt came from a trusted store. The application may then verifies the identity embedded in the receipt using BrowserID; when the application is launched through the launch method of Web Application Client API, a BrowserID Directed Identity Assertion is enabled to allow the application to verify the receipt's embedded user identity without a popup. The application is free to use cookies, usernames, or other techniques for creating a user session, but is encouraged to user BrowserID to remove the need for a login screen.

When a user performs an in-application purchase, the store synthesizes a Web Application Receipt with a purchase type of application-payment and adds the receipt to the purchaseReceipts property of the application's installData. The application may retrieve this list later and verify the receipts contained in the list; this data can be used to enable features on the server or the client as the application sees fit.

Note that security concerns require that receipt verification be performed on a server under the developer's control; the web platform does not, and likely will never, support hardware-locked application licensing. For more discussion of how offline verification be handled, see Offline Verification of Purchased Apps.

Read More:

• Web Application Receipt - link needed
• Offline Verification of Purchased Apps - link needed

Application Activities

Applications can expose "Activities," which are an application-to-application communication system. This system allows an application (or website) to request access to a user's preferred service, and for a message to flow between the application and the service.

Use cases for this feature include link sharing, contact lists, personal profile data, payment processing, travel planning, and media preferences.

Read More:

• Activities specification (in-progress)
• Web Intents (related work by Google Chrome team; conversations with this team are ongoing)

Web browsers can run applications in a tab, a window, or full-screen. The tab can be a traditional tab or a pinned tab that is always present in every browser window.

Web browsers can provide different default permissions to web applications, allowing them to access data and device capabilities that are not allowed to websites be default. They can, optionally, provide greater capabilities to web applications that were installed from a trusted source (which assumes that a review and revocation system is in place).

In the Firefox architecture, web applications can run in tabs, pinned tabs, or full screen. The Firefox permissions mechanism will be enhanced to provide more capabilities to web applications, subject to the user's control.

Read More:

• Web Apps on Firefox Home Tab
• dev-platform thread on advanced permissions
• UI mockup of application permissions - need link

The capabilities provided by a web browser can also be separated and turned into a standalone application. These applications can interact with operating systems in a more "native" way; for example, they can have their own icon in a task bar or dock, act as a target for document-opening requests, and be copied between devices with a drag-and-drop to a file server.

The Mozilla platform can support this both in a "custom invocation of Firefox" mode (as the WebRunner project does today), or through statically linking the XULRunner libraries with an executable (as the Chromeless project does). The creation of native runtimes for web applications could be performed on the client, or on the server.

The PhoneGap project provides this capability for many smartphone platforms.

Read More:

• WebRunner
• Chromeless

The Application Marketplace is a web site, operated by Mozilla, that provides a safe, fast, fun place for users to find web applications, and for developers to reach their customers. It is a reference implementation for a web application store, which developers can download and set up on their own domains.

The Marketplace supports both paid applications and in-app purchasing. The in-app purchase function is supported by the Mozilla Marketplace application, which implements the In-App Purchase activity.

The Marketplace understands the complexity of delivering web applications to multiple platforms. It provides a features-and-capabilities system that shows users apps that can run on their platform, and suggests available platforms for the user's device if a more capable platform could provide a better experience.

Read More:

• Application Marketplace - link needed
• Mozilla Marketplace App - link needed