Re: [unhosted] apps.unhosted.org manifest format & technology-independent permissions from Scott Wilson on 2012-11-10 (public-webappstore@w3.org from November 2012)

From: Scott Wilson <scott.bradley.wilson@gmail.com>
Date: Sat, 10 Nov 2012 18:30:34 +0000
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: unhosted <unhosted@googlegroups.com>, public-webappstore@w3.org
Message-Id: <2BA00CB8-1596-4256-A842-BC3FDD0390F5@gmail.com>

On 10 Nov 2012, at 16:48, Melvin Carvalho wrote:

> 
> 
> On 10 November 2012 17:37, Michiel de Jong <michiel@unhosted.org> wrote:
> Hi!
> 
> i've changed the manifest format on https://apps.unhosted.org/ to be
> more like the Mozilla one.
> 
> I did add an 'origin' field because that makes it easier to mirror the
> manifest. in Mozilla's format, the authorative manifest file should be
> hosted on the app's origin.
> 
> For now, i'm using apps.unhosted.org as a source for the 'install
> default apps' button in owncloud. For now, the manifests are only
> available there, but the idea is that the respective app developers
> would also start hosting their apps on their app origin. All of that
> is a bit futile though if it's a http origin instead of https.

In practice a lot of apps aren't hosted at an origin at all but are distributed in various packaging formats.

What Apache Wookie and Apache Shindig do is provide a means to create virtual origins for each instance of an app to prevent XSS attacks - e.g. app1234568.myhost.org - to cope with this situation.

> 
> One interesting point that came up is that I decided to put the
> permission scopes of remotestorage modules at the same level as those
> of device functionality exposed by Firefox OS.
> 
> So "this app wants access to your calendar" then becomes a
> technology-independent statement. That could then be the device
> calendar (via Firefox OS), or the remotestorage calendar (via
> remoteStorage.calendar).

I'm not quite sure how this is meant to work?

The way other specs (W3C, OpenSocial) work is via feature declarations rather than permissions; e.g.

<feature name="http://calendar" required="true"/>

As the dependency on a feature isn't quite the same thing as permission to use it, particularly in a multi-user/multi-tenancy scenario.

> 
> There are three modules that probably overlap with the permission
> scopes that Mozilla are using so far: contacts, calendar, and
> webapps-manage. I'm still calling the apps module 'apps' and not
> 'webapps-manage' for now, because we said we don't want to use module
> names with hyphens in them. So we have to see how that works out.

OpenSocial use java-style notation. E.g. osapi.person

W3C Widgets uses IRIs.

Mozilla use strings.

Standards are nice, aren't they? :)

> 
> I'm curious what other people think of this, particularly people from
> 5apps and Surfnet, because they're both already working with app
> manifest formats.

Edukapp (used for Surfnet, ITEC etc) supports W3C Widgets and OpenSocial manifest formats, and provides a fairly generic JSON metadata format on output. Here is a search result, for example:

{"number_of_results":2,"SearchResults":[{"id":552,"name":"You decide","icon":"http://localhost:8080/wookie/wservices/www.getwookie.org/widgets/youdecide/icon.png","featured":0,"created":"2012-07-19T23:00:00.000+0000","updated":"2012-07-19T23:00:00.000+0000","license":null,"author":"Scott Wilson","tags":[],"activities":[],"description":"A quick and simple voting widget","type":"W3C Widget","downloadUrl":"http://localhost:8080/wookie/widgets/http://www.getwookie.org/widgets/youdecide?format=application/widget","uri":"http://www.getwookie.org/widgets/youdecide"},{"id":108,"name":"SimpleChat","icon":"http://localhost:8080/wookie/wservices/wookie.apache.org/widgets/simplechat/icon.png","featured":0,"created":"2012-07-16T23:00:00.000+0000","updated":"2012-07-16T23:00:00.000+0000","license":"Licensed under the Apache 2.0 License (see http://www.apache.org/licenses/LICENSE-2.0). Smileys created by macpoupou and licensed under Creative Commons Attribution License 3.0. See http://ismileys.free.fr/smileys/ for more information.","author":"Apache Wookie (Incubating) Team","tags":[],"activities":[],"description":"Stripped down chat widget with minimal styling","type":"W3C Widget","downloadUrl":"http://localhost:8080/wookie/widgets/http://wookie.apache.org/widgets/simplechat?format=application/widget","uri":"http://wookie.apache.org/widgets/simplechat"}]}

There is also regular Atom output.

> 
> Looks cool!
> 
> CC'ing public-webappstore group as they were looking at some similar things (manifests etc.)...
>  
> 
> 
> Cheers!
> Michiel
> 
> --
> 
> 
> 
>

Received on Saturday, 10 November 2012 18:31:07 UTC