Changes

Jump to: navigation, search

Apps/Security

1 byte added, 14:44, 22 March 2012
move definitions up to top of page (kinda important to follow standard RFC document best practices here!)
* [https://developer.mozilla.org/en/OpenWebApps OWA developer page]
== Definitions ==
* '''WebApp''' - An application developed with web technologies (JS/HTML/CSS). May contain dynamic and static content
* '''Native App''' - A WebApp consisting solely of static content and run on a B2G capable device
* '''Gaia App''' - '''DEFINITION REQUIRED'''
* '''B2G App''' - '''DEFINITION REQUIRED''' which is meaningful in the context of the above app definitions
* '''Store''' - A marketplace where a user may download/purchase WebApps for their device
* above definition are up for discussion
* '''Extended Validation (EV) Certificate''' - A SSL certificate that undergoes additional authentication / verification steps before issuance.
** [http://www.cabforum.org/certificates.html Explanation]
** [http://www.cabforum.org/vetting.html Verification process]
* '''Content Security Policy (CSP)''' - A mechanism by which website administrators can define a policy which restricts what domains a website can load resources from
** [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html Specification]
* '''XPCOM''' - a Common Object Model that is 'inspired by' Microsoft's COM. It is reasonably feature-complete but does not contain co-classes. The implementation is also entirely missing a marshalling / unmarshalling (serialisation) layer.
* '''ncalrpc''' - a local networking protocol that is used in Microsoft's COM to efficiently communicate data between COM clients and COM servers that are on the same machine. http://msdn.microsoft.com/en-us/library/windows/desktop/aa378665%28v=vs.85%29.aspx
'''Important reading!''' B2G applications are Open Web Apps, you can read about them here: https://developer.mozilla.org/en-US/apps
 
=== Concepts to be given Official Definitions ===
 
There is no real easy way to distinguish the following, all of which are iframes (!) in the B2G environment. There is some considerable confusion as a result, especially due to the fact that the required security context and especially the interactions between parent and child iframes are ''different'' depending on the type of iframe.
 
Names really therefore need to be given to the following:
 
* the root frame (top-level one into which the top gaia HTML is loaded)
* individual gaia apps (sub-iframes, one per app)
* any gaia app that opens up a public-facing (URL-based) iframe in which the contents of a URI are displayed: the browser app is one such
* iframes *within* that iframe - as in "iframes that you normally think of iframes being used for as an ordinary web developer".
 
Discussion which raises the issue of confused definitions, helps clarify them:
https://groups.google.com/d/msg/mozilla.dev.b2g/AQYPkIjKxjE/WYy0LPta9cMJ
 
== Bugs ==
* {{bug|707625}} - WebAPI permissions manager
== Summary ==
== Definitions ==
* '''WebApp''' - An application developed with web technologies (JS/HTML/CSS). May contain dynamic and static content
* '''Native App''' - A WebApp consisting solely of static content and run on a B2G capable device
* '''Gaia App''' - '''DEFINITION REQUIRED'''
* '''B2G App''' - '''DEFINITION REQUIRED''' which is meaningful in the context of the above app definitions
* '''Store''' - A marketplace where a user may download/purchase WebApps for their device
* above definition are up for discussion
* '''Extended Validation (EV) Certificate''' - A SSL certificate that undergoes additional authentication / verification steps before issuance.
** [http://www.cabforum.org/certificates.html Explanation]
** [http://www.cabforum.org/vetting.html Verification process]
* '''Content Security Policy (CSP)''' - A mechanism by which website administrators can define a policy which restricts what domains a website can load resources from
** [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html Specification]
* '''XPCOM''' - a Common Object Model that is 'inspired by' Microsoft's COM. It is reasonably feature-complete but does not contain co-classes. The implementation is also entirely missing a marshalling / unmarshalling (serialisation) layer.
* '''ncalrpc''' - a local networking protocol that is used in Microsoft's COM to efficiently communicate data between COM clients and COM servers that are on the same machine. http://msdn.microsoft.com/en-us/library/windows/desktop/aa378665%28v=vs.85%29.aspx
'''Important reading!''' B2G applications are Open Web Apps, you can read about them here: https://developer.mozilla.org/en-US/apps
=== Concepts to be given Official Definitions ===
 
There is no real easy way to distinguish the following, all of which are iframes (!) in the B2G environment. There is some considerable confusion as a result, especially due to the fact that the required security context and especially the interactions between parent and child iframes are ''different'' depending on the type of iframe.
 
Names really therefore need to be given to the following:
 
* the root frame (top-level one into which the top gaia HTML is loaded)
* individual gaia apps (sub-iframes, one per app)
* any gaia app that opens up a public-facing (URL-based) iframe in which the contents of a URI are displayed: the browser app is one such
* iframes *within* that iframe - as in "iframes that you normally think of iframes being used for as an ordinary web developer".
 
Discussion which raises the issue of confused definitions, helps clarify them:
https://groups.google.com/d/msg/mozilla.dev.b2g/AQYPkIjKxjE/WYy0LPta9cMJ
 
== Bugs ==
* {{bug|707625}} - WebAPI permissions manager
== Requirements ==
=== Distribution / management of WebApps ===
Lkcl
177
edits
Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/410567"

Navigation menu