W3C home > Mailing lists > Public > public-web-intents@w3.org > November 2011

Web Intents - User Agent Features (part 3)

From: timeless <timeless@gmail.com>
Date: Mon, 21 Nov 2011 20:21:24 -0500
Message-ID: <CAACrNNdUHR=691MyuRVoW5L+jFTL=oucwNdJ+NGmYPw5TEY3SA@mail.gmail.com>
To: public-web-intents@w3.org
I think we need the following from User Agents:
§2 Opacity
§3 Persistable metadata for Partner Providers
§4 Profiles
§5 Hubs
§6 Hotswapping

Specific examples below are representative only.

§2 Opacity

Devices with no Actions must be invisible, they only enable fingerprinting.
Also, Discovery/Transport must be hidden from Clients -- all that
should matter to them is that when they request an Action, one may be
selected for them by the User and returned by the User Agent.

§3. Persistable metadata for Partner Providers

We definitely need a way to have persistent names, and we need to have
persistable + shareable metadata (which often should *not*) be
importable as trusted data upon Discovery.

First, an explanation of why we need persistable metadata:

My initial example [1] was the "representative" who ceased to be the
representative. You obviously need to remember it's no longer relevant
to you.

If the reason it isn't relevant to you is that you moved, then your
metadata decision isn't something which the "representative" would
hand out.

In the case of a "representative" dying or retiring, his office can
return a Fatal error message during the Intent connection. The UA can
offer to update its metadata after presenting this explanation to you.

Security consideration here:
Why shouldn't metadata be automatically imported as trusted during Discovery?

There's value to providers stealing requests to Partners:
It's trivial for someone simply having a copy of a pointer for someone
else's service with additional annotations. And for HTTP (or weak
HTTPS), there are cases where there could be a MITM [2] or Hackers [3]
attacking to trigger DoS [4], etc.

In my representative example [1], if Lobbyist E (evil) can provide a
suggestion to voters of a Partner "S" which sounds like the Right
Partner "R" (which happens to be someone who would oppose E), but
where this Partner "S" either MITM and relays traffic (possibly
tainted) or simply captures and drops it, then we have problems.
-- This is the argument against all metadata being sourced at Partner
Discovery: "just trust me" is incredibly dangerous.

§4 Profiles

Most peripheral systems (including Bluetooth [6], USB [7], and UPnP
[8]) provide a way for a Device to advertise its complete list of
Services, each service is typically a Profile [9][10]. I'd like to
encourage this model. Here in place of a "Service" or "Profile", we
have an "Action".

§5 Hubs

In some peripheral systems, users can also get Hubs and combine
Devices by attaching them through these Hubs. I'd like to encourage
this model by enabling Clients to hint that they'd like to have an
Action related to an already retrieved Action.

§6 Hotswapping

Ideally, UAs would enable Users to hot-swap Providers transparent to Clients.

Example A. USB with PnP OSs Today:
I have a USB keyboard (HID [5]) with a USB exposed integrated
touchpad. I also have a USB keyboard and a USB mouse. When I swap
these, my Applications aren't told (the OS, my UA is and it hides
these details from most applications). When I resume typing or
"mousing", my applications get Input through their standard channels,
blissfully unaware of this change. They're also generally unaware when
the typist at the keyboard changes -- it's none of their business.

Example B. Use Case for Web Intents -- Thermometer:
I propose that a Thermometer have one primary service:
<get-temperature>. If it wants to have a supplemental service
<get-location>, that's fine, but it should be a distinct Action.

A User-Agent should make it easy for Users to select related services
from an already selected Provider in response to additional Action
requests from a Client.

Technically this could be QoI, but hopefully most UA form factors will
support/favor this.

How would this work in practice?
I have a Bluetooth GPS and I have a digital thermometer with an LCD.

(1) I visit a site that wants to map Temperature/Locations using crowd-sourcing.
(2) It ask for a <get-temperature> Action.
(3) I select my "Manual Provider" from my UA's list of possible
<get-temperature> Action Partner Providers*.
(4) The "Manual Provider" prompts me for a reading.
(5) I read my Digital Thermometer and enter its value.
(5a) This value is sent by the Provider to the Client (web site) by my UA.
(6) The site can then ask for a <get-location> Action.
(6a) It should be able to hint in this request that it would like it
to be paired with the Opaque Representation of the Action (opaque to
the Client, but not to the User Agent/User) it was already given in
(3) .
(7) In my case, I'll be told by my UA that Client wants a
<get-location> Action for my "Manual Provider" from (3).
(7a) QoI, my UA tells me when it (the Manual Provider for
<get-temperature>) was last used and other metadata upon my request.
(8) Since my Partner (3) doesn't have a <get-location> Action (and
answering that is tedious), I'll instead select my Bluetooth GPS as
the Partner-Provider.
(8a) My UA can QoI remember/offer to remember it for this
<get-temperature> Action†.
(9) Since I've now paired two Providers for a Client, my UA should
offer a way for me to disconnect them as a unified device‡.

* This Provider may be something that the UA natively supports, that
it discovered while I was browsing, or that it automatically searched
for on the fly.
† This is merely a suggestion by my UA the next time a request for a
<get-location> Action with this <get-temperature> Action Partner even
for a different Client, but no Client sees this suggestion, only the
Partner I select.
‡ Just as one can eject a USB device with multiple sub resources, the
Client is told the entire bundle has gone away atomically.

[1] http://lists.w3.org/Archives/Public/public-web-intents/2011Nov/0000.html
[2] http://en.wikipedia.org/wiki/Man-in-the-middle_attack
[3] http://en.wikipedia.org/wiki/Hacker_(computer_security)
[4] http://en.wikipedia.org/wiki/Denial-of-service_attack
[5] http://en.wikipedia.org/wiki/Universal_serial_bus#Device_classes
[6] http://en.wikipedia.org/wiki/Bluetooth
[7] http://en.wikipedia.org/wiki/USB
[8] http://en.wikipedia.org/wiki/Universal_Plug_and_Play
[9] http://en.wikipedia.org/wiki/Bluetooth_profile
[10] http://en.wikipedia.org/wiki/USB_human_interface_device_class
Received on Tuesday, 22 November 2011 01:22:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 22 November 2011 01:22:02 GMT