Architecture of the Mozilla Apps Ecosystem
-
Upload
bill-walker -
Category
Documents
-
view
565 -
download
2
Transcript of Architecture of the Mozilla Apps Ecosystem
Text
ARCHITECTURE OF THE MOZILLA APPS ECOSYSTEM
Bill Walker
Thursday, November 15, 12
• Show the value to users and developers
•Define the systems and concepts
• Show how data flows between them
•Consider how the architecture will meet coming challenges
WHY ARE WE HERE?
Thursday, November 15, 12
DEMOES
Thursday, November 15, 12
VALUE PROPOSITIONUser, Developer
Thursday, November 15, 12
User ValuesI buy my App once and run it everywhere
Thursday, November 15, 12
User Values
Stores and services
I’m always me across carriers, networks
Thursday, November 15, 12
User Values
Self-publisher
App StoreI discover Apps in many ways
Recommendation Engine
Thursday, November 15, 12
User ValuesCloud-based services
I backup my all App receipts
Self-publisher
App Store
Recommendation Engine
Thursday, November 15, 12
Cloud-based services
User Values
I manage my Apps across all my devicesThursday, November 15, 12
Developer value• I code to one platform
• I optimize for devices if needed
•My users discover, buy, and install my Apps on all their devices
• I can innovate without hitting arbitrary restrictions
Thursday, November 15, 12
Developer value• I can submit and manage my Apps programmatically
• I have access to great development tools
• I get access to App usage analytics
Thursday, November 15, 12
ec·o·sys·tem /ˈekōˌsistəm/
a biological community of interacting organisms and their physical environment
Thursday, November 15, 12
Systems and ConceptsPayment ProviderApp Backend App Store
package
discover
install
identify
manifest
launch
Apps in the Cloud
package
manage
manifest
package
manifest
receipt receiptreceiptreceipt
pay
Thursday, November 15, 12
CONCEPTSApp, Web Runtime, App Store
Thursday, November 15, 12
What is an App?•A native application experience built with HTML5
•Web content reachable from a launch URL within an Origin
• Like the web, except that it works offline
•A context for In-App payments
WebsiteBookmark Tab
Thursday, November 15, 12
What is an App Manifest?•App metadata (version, developer info, icon)
• Enumeration of sensitive API use{ "name":"Test App ({subdomain})", "description":"This app has been automatically generated by testmanifest.com", "version":"1.0", "icons":{ "16":"http://testmanifest.com/icon-16.png", "48":"http://testmanifest.com/icon-48.png", "128":"http://testmanifest.com/icon-128.png" }, "installs_allowed_from":[ "*" ], "developer":{ "name":"Gregory Koberger", "url":"http://gkoberger.net" }}
Thursday, November 15, 12
alarmbackgroundservicebluetoothbrowsercameracontactsdesktop-notificationdevice-storagefmradiogeolocationmobileconnection
powerpushsettingssmsstoragesystemclocknetwork-httpnetwork-tcptelephonywake-lock-screenwebapps-manage
Device and Web API’s
Thursday, November 15, 12
App Security Model
Web No sensitive API’s Packaged or notHosted Anywhere
Privileged Some sensitive API’s Signed packagesHosted at Store
Certified SMS, Phone Pre-installed
Thursday, November 15, 12
Who hosts an App?
users neither know nor care
Thursday, November 15, 12
Who hosts an App?•Developers host Apps
• that don’t use sensitive API’s
• that work offline using traditional Web tools
• that do need frequent updates
Thursday, November 15, 12
Who hosts an App?• Firefox Marketplace hosts App packages
• that do use sensitive API’s1
• for when appcache is not enough2
1Mozilla will not host or review an App’s server-side logic or content2App has no server-side logic or content; Developer lacks hosting
Thursday, November 15, 12
What is an App Receipt?• JWT (Javascript Web Token, signed text blob)
•Cryptography reveals tampering or forgery
•Does Not reveal a user’s identity
•Not tied to a device
Thursday, November 15, 12
What is an App Receipt?{ typ: "purchase-receipt", product: { url: "https://grumpybadgers.com", storedata: "5169314356" }, user: { type: "directed-identifier", value: "4fb35151-2b9b-4ba2-8283-c49d381640bd" }, iss: "https://appstore.com", nbf: 131360185, iat: 131360188, exp: 141360188, detail: "https://appstore.com/receipt/5169314356", verify: "https://appstore.com/verify/5169314356", reissue: "https://appstore.com/reissue/5169314356"}
Thursday, November 15, 12
What is an App Receipt?• Issued by Marketplace
• Installed on device upon purchase
•Backed up by an opt-in ecosystem service
•Provided to App at launch time for server-side verification and fraud detection
•Periodically expired and refreshed to mitigate risk of key compromise
Thursday, November 15, 12
What is an In-App Payment?•A payment from the user to the developer from within the App
• Facilitated by DOM API for payment
•Current invisible to ecosystem services
Thursday, November 15, 12
What is an In-App Payment?
{ "aud": "marketplace.mozilla.org", "iss": "1OTC1FA7K1HOCADCS3KD", "request": { "priceTier": 1, "name": "The Product", "productdata": "<set to local transaction ID>", "description": "detailed description" }, "exp": 1348795465, "iat": 1348791865, "typ": "mozilla/payments/pay/v1"}
Thursday, November 15, 12
What is an App Store?•An App that lets Users discover, purchase, and install Apps
•A Web service that generates and validates App Receipts
•An community that reviews and curates Apps
•Any web page that calls mozApps.install()
Thursday, November 15, 12
Firefox Marketplace• Scalable implementation based on addons.mozilla.org
• 30Mbps on version checks
• 3 billion add-ons downloaded
• 25,000 developers
• Tiered architecture separates persistence, business logic, presentation layer
•Persistence layer preparing for multiple Data Centers
Thursday, November 15, 12
What is a Web Runtime?•Client-side code that includes
• Same HTML, JS, and CSS engines on all platforms
•Access to device API’s as governed by App Security Model
•Native application experience on each platform
•Access to cloud services
Browser
Thursday, November 15, 12
Web Runtime platformsFirefox OS Gecko Part of Gaia
Android Gecko Testing now in Firefox 18 Aurora
iOS WebKit? TBD
Mac OS X
GeckoEnabled for developers in Firefox 16
Firefox Marketplace support comingWindows Gecko
Enabled for developers in Firefox 16
Firefox Marketplace support coming
Linux
GeckoEnabled for developers in Firefox 16
Firefox Marketplace support coming
Thursday, November 15, 12
DATA FLOWSDiscover, Purchase, Install, Launch, Manage
Thursday, November 15, 12
Payment Aggregator
Discover + Purchase an App
receipt
nav.id
iframe
navigator.id.request(…)
navigator.id.onlogin(assertion)
assertion
nav.pay()
generate and sign
nav.pay callback
start session
launch marketplace
discover app
App Server App StoreApps in the
Cloud
Buy
Thursday, November 15, 12
Install Web App
receipt
nav.id
generate and sign
discover app
payment flow
mozApps.install(manifest URL, receipt)
GET manifestmanifest
manifest
receipt
manifest
Payment AggregatorApp Server App Store
update
receipt
Apps in the Cloud
Buy
Thursday, November 15, 12
Install Privileged App
receipt
nav.id
generate and sign
discover app
payment flow
mozApps.installPackage(package, receipt)package
receipt
package
update
Payment AggregatorApp Server App Store
receipt
Apps in the Cloud
Buy
Thursday, November 15, 12
Launch Appnav.id
receipt
validate receipt
nav.mozApps.getSelf()
refresh expired receipt
app running
create user session
access content
Payment AggregatorApp Server App Store
receipt
Apps in the Cloud
Thursday, November 15, 12
Make In-app Paymentnav.id
iframe
nav.pay()
buy
payment choices
access content
Payment AggregatorApp Server App Store
nav.pay notification
Apps in the Cloud
Thursday, November 15, 12
Update Web Appnav.id
receipt
manifest
Receipt Validation
access updated contentupdate AppCache
Payment AggregatorApp Server App Store
Apps in the Cloud
Thursday, November 15, 12
Update Privileged Appnav.id
receipt
package1
check for update (HEAD request + Etag)
Payment AggregatorApp Server App Store
get updated package
package2
Apps in the Cloud
Thursday, November 15, 12
Manage Appsnav.id
update
Payment AggregatorApp Server App Store
receipt
receipt
navigator.id.request(…)
navigator.id.onlogin(assertion)
assertionstart session
receipt
receipt
install
Apps in the Cloud
Thursday, November 15, 12
Values & User Stories
Systems & Concepts
Data Flows
Implementationdesign pressure design pressure
Thursday, November 15, 12
Engineering Values• Loose coupling between systems
•Open standards for HTML Apps
•User Sovereignty
Thursday, November 15, 12
CHALLENGESPrivacy, Payments, Sandboxes
Thursday, November 15, 12
Challenges: App Analytics
Provide developers with detailed information about
usage of installed AppsProtect User Privacy and
Sovereignty
Thursday, November 15, 12
Challenges: Links across Apps
Protect Users by creating new App isolation tools
Enable current Web services using new platform API’s
Protect Users with traditional Web sandbox
Current Web services just work
Thursday, November 15, 12
Challenges: Links across Apps
Thursday, November 15, 12
Challenges: Links across AppsLike the Browser Like Native Apps
Runtime, Profiles Shared Isolated
Sandbox Web Origin Native Platform
Paypal, Persona, etc Shared (but secure) Native Platform
User Settings Shared Native Platform
App Identity Origin Package / unique ID
Thursday, November 15, 12
Challenges
SOLVED
Permit Apps to access device API’s while protecting Users
Make App development very much like Web development
Thursday, November 15, 12
HOW WE WIN
•Build great experiences
•Be Natives, not Tourists
•Create an Open Ecosystem
Thursday, November 15, 12
HOW WE WIN
•Create Web Runtime (google, mozilla)
•Offer parity with Native platforms
• Exploit Web runtime (you)
•Avoid sock with sandals, loud plaid shirts
• Embrace native menus, device API’s
•Be awesome offline
Thursday, November 15, 12
1. CONTRIBUTE YOUR APP!
Thursday, November 15, 12
2. GET INVOLVED!
Thursday, November 15, 12
3. WE’RE HIRING!
Thursday, November 15, 12
REFERENCES
navigator.mozApps APIApp Manifest specification
http://mozilla.github.com/webapps-spec/
App Security model https://wiki.mozilla.org/Apps/Security
App Packaging format https://developer.mozilla.org/en-US/docs/Apps/Packaged_apps
Thursday, November 15, 12
Thursday, November 15, 12