The phone in the cloud Utilizing resources hosted anywhere Claes Nilsson 1 “Software as a Service” “Cloud Computing” …….. 2 What about “The Phone as a Service” ……………. GPS Camera Calendar 3 Messaging Let us combine this…….. 4 So, we all agree that… 5 The Web is THE application execution platform 6 and that …. 7 Mobile Devices must be full citizens of the Cloud 8 and that…. 9 Web Applications must be able to consistently utilize Cloud Resources as well as Local Device Resources 10 Device APIs Give Web Applications access to device capabilities in a secure manner Device Capabilities Web Application Access control framework GPS Camera Calendar Messaging 11 Existing Device API solutions GeoLocation DAP APIs All these solutions define JavaScript APIs for web browsers and web widget engines Example: navigator.geolocation.getCurrentPosition(showMap); 12 13 One approach is control by some trusted authority 14 Existing Device API solutions –Bondi/JIL Security define an access policy control framework based on origin of web application and user interaction Device Capabilities Web Application Access control policy framework • Unknown ? •Manufacturer ? • Operator ? 15 Existing Device API solutions – Bondi/JIL policy security model Control by a configured access policy Examples: • “A Widget whose signature chains to operator root certificate can read and write from the PIM databases” • “A Widget downloaded from weather.com can access geolocation coordinates if the user says it’s OK” 16 Another approach is full user control (and responsibility) 17 Security – implicit user consent examples Full user control • user must press camera shutter • user must state granularity of location • user must inspect message and press “send” • 18 Device APIs – work in progress Device API and Policy (DAP) WG • Main SDO for Device APIs • SEMC active – support for W3C DAP is our main strategic direction for device APIs • Other members; Nokia, Vodafone, Google, Opera, Orange, AT&T, Telefonica, OMTP, Aplix, Intel…... • W3C DAP Website 19 Device API and Policy WG So far JavaScript interfaces defined Contacts File Writer File Directories System Calendar Media Capture System information and Sensors 20 Messaging Gallery Device API and Policy WG In addition an optional generic policy based access control framework is being worked on 21 Device API and Policy WG – REST APIs •Another approach proposed by •Local Resources as “Virtual Web Servers” •HTTP REST APIs Server (Resource Provider) Client (Web Browser or Widget Engine) Server (Resource Provider) 22 Device API and Policy WG – REST APIs •APIs as URIs: • Example: http://localhost/dap/contacts/create.json?... &name=Mr.%20Robert%20Smith%20Jr &nicknames=Bob • Access through standard HTTP methods GET, POST, PUT, DELETE • More reading Rest Introduction 23 Device API and Policy WG – REST APIs •HTTP REST API advantages Language independent A resource can be situated "anywhere“ In mobile device, in PC, in accessory, in server… A resource can be accessed from “anywhere” Leverage on existing HTTP access control mechanisms 24 SEMC - access to local resources through in-device web server Web Application Internet Device JS libraries to hide complex REST-coding Browser Any native API can be bound to a web API REST Device APIs New web APIs by upgrading in-device server Access Control In-device Web Server 25 Native Device APIs Device API and Policy WG – Powerbox •Powerbox • Proposed by , SEMC and Mozilla Labs • Supports discovery and interaction with resources independent of where these resources are hosted or how they are produced • Security and Privacy purely user controlled 26 Device API and Policy WG – Powerbox example scenario 1. Customer Web Application needs a user’s private image 2. User selects image Provider: • • • Photo sharing web site Local device image gallery Device camera 3. User selects image 27 Device API and Policy WG – Powerbox Provider Registration Remote Resource Provider (e.g. photo sharing site) Web Site that offers a Provider Remote Resources 1: Web content: “Offer URL to Provider” 2: Get Provider metadata doc Local Resource Providers Powerbox enabled browser 28 …… “Pre-registered” Device API and Policy WG – Powerbox User selects remote Provider Remote Resource Provider (e.g. photo sharing site) Customer Web Site Remote Resources 1: Web Application: “Request image” 2: User selects Remote Resource Provider 3: Powerbox sends introduction request to Provider 4: Provider returns web page that lets user choose image 5: Provider provides link to selected image Powerbox enabled browser 29 Device API and Policy WG – Powerbox User selects device gallery Provider Customer 1: Web Application: “Request image” Local Resource Providers Powerbox enabled browser 30 2: User selects device gallery Provider 3: Powerbox sends introduction request to local gallery Provider 4: Provider lets user choose image 5: Provider provides link to selected image Device API and Policy WG – Powerbox User selects device camera Provider Customer 1: Web Application: “Request image” Local Resource Providers Powerbox enabled browser 31 2: User selects device camera Provider 3: Powerbox sends introduction request to local camera Provider 4: Provider activates camera 5: User takes a picture 6: Link to image provided Conclusion 32 Use resources hosted anywhere 33 •We need: Resource discovery User directed resource selection Standardized APIs (HTTP – REST) Access and privacy control 34 Thank you ! 35