Web Application

advertisement
The phone in the cloud
Utilizing resources hosted anywhere
Claes Nilsson
1
“Software as a Service”
“Cloud Computing”
……..
2
What about
“The Phone as a Service”
…………….
GPS
Camera
Calendar
3
Messaging
Let us combine this……..
4
So, we all agree that…
5
The Web is THE
application execution
platform
6
and that ….
7
Mobile Devices must be
full citizens of the
Cloud
8
and that….
9
Web Applications must
be able to consistently
utilize
Cloud Resources
as well as
Local Device Resources
10
Device APIs
Give Web Applications access
to device capabilities in a
secure manner
Device Capabilities
Web Application
Access control framework
GPS
Camera
Calendar
Messaging
11
Existing Device API solutions
GeoLocation
DAP APIs
All these solutions define
JavaScript APIs for web
browsers and web widget
engines
Example:
navigator.geolocation.getCurrentPosition(showMap);
12
13
One approach is control
by some trusted
authority
14
Existing Device API solutions –Bondi/JIL Security
define an access policy control framework
based on origin of web application and
user interaction
Device Capabilities
Web Application
Access control policy
framework
• Unknown ?
•Manufacturer ?
• Operator ?
15
Existing Device API solutions – Bondi/JIL policy
security model
Control by a configured access policy
Examples:
• “A Widget whose signature chains to operator root
certificate can read and write from the PIM databases”
• “A Widget downloaded from weather.com can access
geolocation coordinates if the user says it’s OK”
16
Another approach is full
user control (and
responsibility)
17
Security – implicit user consent examples
Full user control
•
user must press camera shutter
•
user must state granularity of location
•
user must inspect message and press “send”
•
18
Device APIs – work in progress
Device API and Policy (DAP) WG
• Main SDO for Device APIs
• SEMC active – support for W3C DAP is our main
strategic direction for device APIs
• Other members; Nokia, Vodafone, Google, Opera,
Orange, AT&T, Telefonica, OMTP, Aplix, Intel…...
• W3C DAP Website
19
Device API and Policy WG
So far JavaScript interfaces defined
Contacts
File Writer
File Directories
System
Calendar
Media
Capture
System information
and
Sensors
20
Messaging
Gallery
Device API and Policy WG
In addition an optional generic
policy based access control framework
is being worked on
21
Device API and Policy WG – REST APIs
•Another approach proposed by
•Local Resources as “Virtual Web Servers”
•HTTP REST APIs
Server
(Resource
Provider)
Client
(Web Browser or
Widget Engine)
Server
(Resource
Provider)
22
Device API and Policy WG – REST APIs
•APIs as URIs:
• Example:
http://localhost/dap/contacts/create.json?...
&name=Mr.%20Robert%20Smith%20Jr
&nicknames=Bob
• Access through standard HTTP methods GET,
POST, PUT, DELETE
• More reading Rest Introduction
23
Device API and Policy WG – REST APIs
•HTTP REST API advantages
Language independent
A resource can be situated "anywhere“
In mobile device, in PC, in accessory, in server…
A resource can be accessed from
“anywhere”
Leverage on existing HTTP access control
mechanisms
24
SEMC - access to local resources through
in-device web server
Web
Application
Internet
Device
JS libraries to hide complex REST-coding
Browser
Any native API
can be bound to
a web API
REST
Device
APIs
New web APIs
by upgrading
in-device server
Access
Control
In-device Web Server
25
Native
Device
APIs
Device API and Policy WG – Powerbox
•Powerbox
• Proposed by
, SEMC and Mozilla Labs
• Supports discovery and interaction with
resources independent of where these
resources are hosted or how they are
produced
• Security and Privacy purely user controlled
26
Device API and Policy WG –
Powerbox example scenario
1. Customer Web Application needs
a user’s private image
2. User selects image Provider:
•
•
•
Photo sharing web site
Local device image gallery
Device camera
3. User selects image
27
Device API and Policy WG – Powerbox
Provider Registration
Remote Resource
Provider (e.g. photo sharing site)
Web Site that
offers a Provider
Remote Resources
1: Web content:
“Offer URL to
Provider”
2: Get Provider
metadata doc
Local Resource Providers
Powerbox
enabled
browser
28
……
“Pre-registered”
Device API and Policy WG – Powerbox
User selects remote Provider
Remote Resource
Provider (e.g. photo sharing site)
Customer Web Site
Remote Resources
1: Web Application:
“Request image”
2: User selects Remote Resource Provider
3: Powerbox sends introduction request to
Provider
4: Provider returns web page that lets user
choose image
5: Provider provides link to selected image
Powerbox
enabled
browser
29
Device API and Policy WG – Powerbox
User selects device gallery Provider
Customer
1: Web Application:
“Request image”
Local Resource Providers
Powerbox
enabled
browser
30
2: User selects device gallery Provider
3: Powerbox sends introduction request to
local gallery Provider
4: Provider lets user choose image
5: Provider provides link to selected image
Device API and Policy WG – Powerbox
User selects device camera Provider
Customer
1: Web Application:
“Request image”
Local Resource Providers
Powerbox
enabled
browser
31
2: User selects device camera Provider
3: Powerbox sends introduction request to
local camera Provider
4: Provider activates camera
5: User takes a picture
6: Link to image provided
Conclusion
32
Use resources hosted anywhere
33
•We need:
Resource discovery
User directed resource selection
Standardized APIs (HTTP – REST)
Access and privacy control
34
Thank you !
35
Download