We4IT lcty 2013 - captain mobility - mobile domino applications offline capability and security
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

We4IT lcty 2013 - captain mobility - mobile domino applications offline capability and security

on

  • 310 views

 

Statistics

Views

Total Views
310
Views on SlideShare
310
Embed Views
0

Actions

Likes
0
Downloads
5
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

We4IT lcty 2013 - captain mobility - mobile domino applications offline capability and security Presentation Transcript

  • 1. Mobile Domino Applications – Offline Capability and Security Matthew Fyleman | Product / Project Manager - We4IT© 2013 IBM Corporation
  • 2. Please note: IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the users job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.2 © 2013 IBM Corporation
  • 3. Agenda Why is Offline Persistence Important? Offline Persistence and HTML 5.0 Synchronisation and REST APIs Security Considerations Securing Offline Data An Easier Way ... Q&A3 © 2013 IBM Corporation
  • 4. Welcome and Introductions Matthew Fyleman ─ Senior Product / Project Manager: We4IT GmbH. – 20 years of Lotus Notes / Domino Development Experience – Recently focused entirely on XPages development – Working on We4ITs XPages framework – Aveedo – Also on Offline capabilities for docLinkr4 © 2013 IBM Corporation
  • 5. Agenda Why is Offline Persistence Important? Offline Persistence and HTML 5.0 Synchronisation and REST APIs Security Considerations Securing Offline Data An Easier Way ... Q&A5 © 2013 IBM Corporation
  • 6. Increasing Demand for Mobile Applications Smartphones and Tablets commonplace Awareness that application access on smart devices is possible Initially a mix of mobile browser and native applications Native applications often worked offline ... © 2013 IBM Corporation
  • 7. The Importance of Offline Persistence In most cases, connected access only is acceptable Some application data is useful to have offline: ─ Who uses the contacts app on their phone for more than just dialling? ─ What about a sales rep.? Despite provider claims coverage is not universal: ─ No coverage ─ Canyoning in cities ─ Mandatory shutdown of wireless connections (planes*, hospitals)  Until recently offline persistence was only possible in native applications  Titanium Studio, PhoneGap etc. make native applications for multiple device platforms easier  But there is now another option ... © 2013 IBM Corporation
  • 8. Agenda Why is Offline Persistence Important? Offline Persistence and HTML 5.0 Synchronisation and REST APIs Security Considerations Securing Offline Data An Easier Way ... Q&A8 © 2013 IBM Corporation
  • 9. HTML 5 and Web SQL HTML 5 has Web SQL and offline storage management features If you are competent with HTML, JavaScript and Web 2.0 technologies it is reasonably straightforward. Simple example can be found at this address: ─ http://tutorials.html5rocks.com/en/tutorials/webdatabase/todo/ But … © 2013 IBM Corporation
  • 10. Current HTML 5 Issues The bulk of HTML 5 is established and usable in most browsers, including mobile However, the standard is unlikely to be ratified before 2014 (?!!) Implementation is inconsistent across browsers ─ Mostly minor inconsistencies, but in particular - Storage and Web SQL currently only work under Chrome So for the moment native is still the easiest way to go ... © 2013 IBM Corporation
  • 11. Agenda  Why is Offline Persistence Important?  Offline Persistence and HTML 5.0  Synchronisation and REST APIs  Security Considerations  Securing Offline Data  An Easier Way ...  Q&A11 © 2013 IBM Corporation
  • 12. Synchronicity Setting up an offline database is relatively simple The tricky bit is the synchronisation with the online storage Weve been here before … Notes replication engine was actually an afterthought! A short REST ... © 2013 IBM Corporation
  • 13. RESTful Services  Representational State Transfer – Roy Fielding, see wikipedia article: ─ http://en.wikipedia.org/wiki/Representational_state_transfer  Not a standard!  Simpler than other protocols (e.g. SOAP), yet still scalable  Uses URIs for calls  Asynchronous and stateless © 2013 IBM Corporation
  • 14. Some RESTful Thoughts ... Not a tutorial but take a look at: ─ BP204 Take a REST and put your data to work with APIs ─ Craig Schumann - Inner Ring Solutions ─ http://www.innerringsolutions.com/downloads/Connect2013/B P204.pdf Plan your API – it makes implementation much simpler Version it – but avoid providing a general pointer to latest Document it – nothing slows adoption like the lack of documentation In Domino, make use of XAgents: ─ See XAgents – Web Agents Xpages Style at Wissel.Net ─ http://www.wissel.net/blog/d6plinks/shwl-7mgfbn © 2013 IBM Corporation
  • 15. Final Synchronisation Thoughts Write a generic synchronisation engine: ─ Javascript Library client side ─ XAgent server side (in Java!) Engine will be driven from client: ─ Must push (send to server) ─ Pull (receive from server) ─ Be Asynchronous but allow data to be chunked Decide how to deal with conflicts You will still need to design each offline version separately ─ (Unless you want to construct a formula interpreter!) © 2013 IBM Corporation
  • 16. Agenda  Why is Offline Persistence Important?  Offline Persistence and HTML 5.0  Synchronisation and REST APIs  Security Considerations  Securing Offline Data  An Easier Way ...  Q&A16 © 2013 IBM Corporation
  • 17. Theyre Out To Get You ...  Data on a mobile device is inherently insecure ─ Even in sandbox environments like Good Technology  Lost or Stolen phones are an issue – but most thieves would not know the value of the data  Weakest link is the user  Rule #1: If data is really that sensitive, dont put it on a mobile device!  Rule #2: If you support a BYOD environment (and even if you dont) put a mobile data policy in place: ─ Otherwise you might be sued! ─ Examples available on the web © 2013 IBM Corporation
  • 18. Agenda  Why is Offline Persistence Important?  Offline Persistence and HTML 5.0  Synchronisation and REST APIs  Security Considerations  Securing Offline Data  An Easier Way ...  Q&A18 © 2013 IBM Corporation
  • 19. Security on the Move Synchronisation security (online) ─ Authentication (HTTP, SSL, LTPA) ─ Authorisation (OAuth) ─ Interesting article: – http://www.darkreading.com/security/client- security/232500640/the-future-of-web-authentication.html Storage Security (offline) ─ Do NOT rely on device-memory storage to keep data secure (DropBox!) ─ Most important to encrypt sensitive data, particularly, but not exclusively, for removable storage ─ There are JS encryption libraries out there but not particularly robust ─ Always keep in mind Rule #1 on the previous slide!19 © 2013 IBM Corporation
  • 20. Agenda  Why is Offline Persistence Important?  Offline Persistence and HTML 5.0  Synchronisation and REST APIs  Security Considerations  Securing Offline Data  An Easier Way ...  Q&A20 © 2013 IBM Corporation
  • 21. Why Go To All That Trouble? Several Moderately Complex Applications? Need to enable them all for mobile? Want offline cabability for some/all? docLinkr © 2013 IBM Corporation
  • 22. Summary Offline capability for mobile applications is desirable ─ And in some cases essential! HTML 5 will make this simpler, but it is not quite there yet Use RESTful services and XAgents for Synchronisation The User is the weakest link in the security chain – remember Rule #1 Mobile security centers on Authentication, Authorisation and Encryption There are easier ways of doing things! © 2013 IBM Corporation
  • 23. Q&A23 © 2013 IBM Corporation
  • 24. Legal disclaimer © IBM Corporation 2013. All Rights Reserved. The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the users job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both.24 © 2013 IBM Corporation