Architecture of the Mozilla Apps Ecosystem

854 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
854
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Architecture of the Mozilla Apps Ecosystem

  1. 1. Text ARCHITECTURE OF THE MOZILLA APPS ECOSYSTEM Bill WalkerThursday, November 15, 12
  2. 2. WHY ARE WE HERE? • Show the value to users and developers • Define the systems and concepts • Show how data flows between them • Consider how the architecture will meet coming challengesThursday, November 15, 12
  3. 3. DEMOESThursday, November 15, 12
  4. 4. VALUE PROPOSITION User, DeveloperThursday, November 15, 12
  5. 5. User Values I buy my App once and run it everywhereThursday, November 15, 12
  6. 6. User Values I’m always me across carriers, networks Stores and servicesThursday, November 15, 12
  7. 7. User Values App Store I discover Apps in many ways Recommendation Engine Self-publisherThursday, November 15, 12
  8. 8. User Values App Store Cloud-based services Recommendation Engine Self-publisher I backup my all App receiptsThursday, November 15, 12
  9. 9. User Values Cloud-based services I manage my Apps across all my devicesThursday, November 15, 12
  10. 10. Developer value •I code to one platform •I optimize for devices if needed • My users discover, buy, and install my Apps on all their devices •I can innovate without hitting arbitrary restrictionsThursday, November 15, 12
  11. 11. Developer value •I can submit and manage my Apps programmatically •I have access to great development tools •I get access to App usage analyticsThursday, November 15, 12
  12. 12. ec·o·sys·tem /ˈekōˌsistəm/ a biological community of interacting organisms and their physical environmentThursday, November 15, 12
  13. 13. Systems and Concepts Apps in the Payment App Backend App Store Cloud Provider manifest package discover identify pay receipt receipt receipt receipt install launch manage manifest manifest package packageThursday, November 15, 12
  14. 14. CONCEPTS App, Web Runtime, App StoreThursday, November 15, 12
  15. 15. What is an App? •A native application experience built with HTML5 • Web content reachable from a launch URL within an Origin • Like the web, except that it works offline •A context for In-App payments Bookmark Tab WebsiteThursday, November 15, 12
  16. 16. What is an App Manifest? • App metadata (version, developer info, icon) • Enumeration of sensitive API use { "name":"Test App ({subdomain})", "description":"This app has been automatically generated by testmanifest.com", "version":"1.0", "icons":{ "16":"http://testmanifest.com/icon-16.png", "48":"http://testmanifest.com/icon-48.png", "128":"http://testmanifest.com/icon-128.png" }, "installs_allowed_from":[ "*" ], "developer":{ "name":"Gregory Koberger", "url":"http://gkoberger.net" } }Thursday, November 15, 12
  17. 17. Device and Web API’s alarm power backgroundservice push bluetooth settings browser sms camera storage contacts systemclock desktop-notification network-http device-storage network-tcp fmradio telephony geolocation wake-lock-screen mobileconnection webapps-manageThursday, November 15, 12
  18. 18. App Security Model Packaged or not Web No sensitive API’s Hosted Anywhere Signed packages Privileged Some sensitive API’s Hosted at Store Certified SMS, Phone Pre-installedThursday, November 15, 12
  19. 19. Who hosts an App? users neither know nor careThursday, November 15, 12
  20. 20. Who hosts an App? • Developers host Apps • that don’t use sensitive API’s • that work offline using traditional Web tools • that do need frequent updatesThursday, November 15, 12
  21. 21. Who hosts an App? • Firefox Marketplace hosts App packages • that do use sensitive API’s 1 • for when appcache is not enough 2 1 Mozilla will not host or review an App’s server-side logic or content 2 App has no server-side logic or content; Developer lacks hostingThursday, November 15, 12
  22. 22. What is an App Receipt? • JWT (Javascript Web Token, signed text blob) • Cryptography reveals tampering or forgery • Does Not reveal a user’s identity • Not tied to a deviceThursday, November 15, 12
  23. 23. What is an App Receipt? { typ: "purchase-receipt", product: { url: "https://grumpybadgers.com", storedata: "5169314356" }, user: { type: "directed-identifier", value: "4fb35151-2b9b-4ba2-8283-c49d381640bd" }, iss: "https://appstore.com", nbf: 131360185, iat: 131360188, exp: 141360188, detail: "https://appstore.com/receipt/5169314356", verify: "https://appstore.com/verify/5169314356", reissue: "https://appstore.com/reissue/5169314356" }Thursday, November 15, 12
  24. 24. What is an App Receipt? • Issued by Marketplace • Installed on device upon purchase • Backed up by an opt-in ecosystem service • Provided to App at launch time for server-side verification and fraud detection • Periodically expired and refreshed to mitigate risk of key compromiseThursday, November 15, 12
  25. 25. What is an In-App Payment? •A payment from the user to the developer from within the App • Facilitated by DOM API for payment • Current invisible to ecosystem servicesThursday, November 15, 12
  26. 26. What is an In-App Payment? { "aud": "marketplace.mozilla.org", "iss": "1OTC1FA7K1HOCADCS3KD", "request": { "priceTier": 1, "name": "The Product", "productdata": "<set to local transaction ID>", "description": "detailed description" }, "exp": 1348795465, "iat": 1348791865, "typ": "mozilla/payments/pay/v1" }Thursday, November 15, 12
  27. 27. What is an App Store? • An App that lets Users discover, purchase, and install Apps •A Web service that generates and validates App Receipts • An community that reviews and curates Apps • Any web page that calls mozApps.install()Thursday, November 15, 12
  28. 28. Firefox Marketplace • Scalable implementation based on addons.mozilla.org • 30Mbps on version checks •3 billion add-ons downloaded • 25,000 developers • Tiered architecture separates persistence, business logic, presentation layer • Persistence layer preparing for multiple Data CentersThursday, November 15, 12
  29. 29. What is a Web Runtime? • Client-side code that includes • Same HTML, JS, and CSS engines on all platforms • Access to device API’s as governed by App Security Model • Native application experience on each platform • Access to cloud services BrowserThursday, November 15, 12
  30. 30. Web Runtime platforms Firefox OS Gecko Part of Gaia Android Gecko Testing now in Firefox 18 Aurora iOS WebKit? TBD Mac OS X Enabled for developers in Firefox 16 Windows Gecko Firefox Marketplace support coming LinuxThursday, November 15, 12
  31. 31. DATA FLOWS Discover, Purchase, Install, Launch, ManageThursday, November 15, 12
  32. 32. Discover + Purchase an App Apps in the Payment App Server App Store Cloud Aggregator launch marketplace navigator.id.request(…) navigator.id.onlogin(assertion) assertion start session discover app Buy nav.pay() nav.pay callback iframe generate and sign receiptThursday, November 15, 12
  33. 33. Install Web App Apps in the Payment App Server App Store Cloud Aggregator discover app Buy payment flow generate and sign receipt mozApps.install(manifest URL, receipt) manifest GET manifest manifest receipt manifest update receiptThursday, November 15, 12
  34. 34. Install Privileged App Apps in the Payment App Server App Store Cloud Aggregator discover app Buy payment flow generate and sign receipt package mozApps.installPackage(package, receipt) receipt package update receiptThursday, November 15, 12
  35. 35. Launch App Apps in the Payment App Server App Store Cloud Aggregator receipt nav.mozApps.getSelf() refresh expired receipt app running validate receipt receipt create user session access contentThursday, November 15, 12
  36. 36. Make In-app Payment Apps in the Payment App Server App Store Cloud Aggregator buy nav.pay() payment choices iframe nav.pay notification access contentThursday, November 15, 12
  37. 37. Update Web App Apps in the Payment App Server App Store Cloud Aggregator receipt manifest Receipt Validation access updated content update AppCacheThursday, November 15, 12
  38. 38. Update Privileged App Apps in the Payment App Server App Store Cloud Aggregator receipt package1 check for update (HEAD request + Etag) get updated package package2Thursday, November 15, 12
  39. 39. Manage Apps Apps in the Payment App Server App Store Cloud Aggregator navigator.id.request(…) navigator.id.onlogin(assertion) assertion start session receipt receipt update receipt receipt installThursday, November 15, 12
  40. 40. Values & User Stories Systems & Concepts Data Flows design pressure design pressure ImplementationThursday, November 15, 12
  41. 41. Engineering Values • Loose coupling between systems • Open standards for HTML Apps • User SovereigntyThursday, November 15, 12
  42. 42. CHALLENGES Privacy, Payments, SandboxesThursday, November 15, 12
  43. 43. Challenges: App Analytics Provide developers with Protect User Privacy and detailed information about Sovereignty usage of installed AppsThursday, November 15, 12
  44. 44. Challenges: Links across Apps Protect Users by creating new Protect Users with traditional App isolation tools Web sandbox Enable current Web services Current Web services just using new platform API’s workThursday, November 15, 12
  45. 45. Challenges: Links across AppsThursday, November 15, 12
  46. 46. Challenges: Links across Apps Like the Browser Like Native Apps Runtime, Profiles Shared Isolated Sandbox Web Origin Native Platform Paypal, Persona, etc Shared (but secure) Native Platform User Settings Shared Native Platform App Identity Origin Package / unique IDThursday, November 15, 12
  47. 47. Challenges ED LV SO Permit Apps to access device Make App development very API’s while protecting Users much like Web developmentThursday, November 15, 12
  48. 48. HOW WE WIN • Build great experiences • Be Natives, not Tourists • Create an Open EcosystemThursday, November 15, 12
  49. 49. HOW WE WIN • Create Web Runtime (google, mozilla) • Offer parity with Native platforms • Exploit Web runtime (you) • Avoid sock with sandals, loud plaid shirts • Embrace native menus, device API’s • Be awesome offlineThursday, November 15, 12
  50. 50. 1. CONTRIBUTE YOUR APP!Thursday, November 15, 12
  51. 51. 2. GET INVOLVED!Thursday, November 15, 12
  52. 52. 3. WE’RE HIRING!Thursday, November 15, 12
  53. 53. REFERENCES navigator.mozApps API http://mozilla.github.com/webapps-spec/ App Manifest specification App Security model https://wiki.mozilla.org/Apps/Security https://developer.mozilla.org/en-US/docs/Apps/ App Packaging format Packaged_appsThursday, November 15, 12
  54. 54. Thursday, November 15, 12

×