The phone in the cloud. Utilizing resources hosted anywhere. Claes Nilsson. “Software as a Service” “Cloud Computing” ……. What about “The Phone as a Service”. ……………. GPS. Camera. Calendar. Messaging. Let us combine this……. So, we all agree that….
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
The phone in the cloud Utilizing resources hosted anywhere Claes Nilsson
“Software as a Service” “Cloud Computing” ……..
What about “The Phone as a Service” ……………. GPS Camera Calendar Messaging
Web Applications must be able to consistently utilize Cloud Resourcesas well asLocal Device Resources
Device APIs Give Web Applications access to device capabilities in a secure manner Device Capabilities Web Application GPS Camera Access control framework Calendar Messaging
Existing Device API solutions –Bondi/JIL Security define an access policy control framework based on origin of web application and user interaction Device Capabilities Web Application • Access control policyframework • Unknown ? • Manufacturer ? • Operator ?
Existing Device API solutions – Bondi/JIL policy security model Examples: • “A Widget whose signature chains to operator root certificate can read and write from the PIM databases” • “A Widget downloaded from weather.com can access geolocation coordinates if the user says it’s OK” Control by a configured access policy
Security – implicit user consent examples • user must press camera shutter • user must state granularity of location • user must inspect message and press “send” Full user control
Device APIs – work in progress Device API and Policy (DAP) WG • Main SDO for Device APIs • SEMC active – support for W3C DAP is our main strategic direction for device APIs • Other members; Nokia, Vodafone, Google, Opera, Orange, AT&T, Telefonica, OMTP, Aplix, Intel…... • W3C DAP Website
Device API and Policy WG In addition an optional genericpolicy based access control framework is being worked on
Device API and Policy WG – REST APIs • Another approach proposed by • Local Resources as “Virtual Web Servers” • HTTP REST APIs Server (Resource Provider) Client (Web Browser or Widget Engine) http://................ http://................ Server (Resource Provider)
Device API and Policy WG – REST APIs • APIs as URIs: • Example: http://localhost/dap/contacts/create.json?...&name=Mr.%20Robert%20Smith%20Jr&nicknames=Bob • Access through standard HTTP methods GET, POST, PUT, DELETE • More reading Rest Introduction
Device API and Policy WG – REST APIs • HTTP REST API advantages • Language independent • A resource can be situated "anywhere“ • In mobile device, in PC, in accessory, in server… • A resource can be accessed from “anywhere” • Leverage on existing HTTP access control mechanisms
SEMC - access to local resources through in-device web server Internet Web Application Device Browser JS libraries to hide complex REST-coding Any native API can be bound to a web API RESTDeviceAPIs In-device Web Server Native Device APIs Access Control New web APIs by upgradingin-device server
Device API and Policy WG – Powerbox • Powerbox • Proposed by , SEMC and Mozilla Labs • Supports discovery and interaction with resources independent of where these resources are hosted or how they are produced • Security and Privacy purely user controlled
Device API and Policy WG – Powerbox example scenario • Customer Web Application needs a user’s private image • User selects image Provider: • Photo sharing web site • Local device image gallery • Device camera • User selects image
Device API and Policy WG – Powerbox Provider Registration Remote Resource Provider (e.g. photo sharing site) Web Site that offers a Provider Remote Resources 1: Web content:“Offer URL to Provider” 2: Get Provider metadata doc Local Resource Providers Powerboxenabledbrowser …… “Pre-registered”
Device API and Policy WG – Powerbox User selects remote Provider Remote Resource Provider (e.g. photo sharing site) Customer Web Site Remote Resources 1: Web Application: “Request image” 2: User selects Remote Resource Provider 3: Powerbox sends introduction request to Provider 4: Provider returns web page that lets user choose image Powerboxenabledbrowser 5: Provider provides link to selected image
Device API and Policy WG – Powerbox User selects device gallery Provider Customer 1: Web Application: “Request image” Local Resource Providers Powerboxenabledbrowser 2: User selects device gallery Provider 3: Powerbox sends introduction request to local gallery Provider 4: Provider lets user choose image 5: Provider provides link to selected image
Device API and Policy WG – Powerbox User selects device camera Provider Customer 1: Web Application: “Request image” Local Resource Providers Powerboxenabledbrowser 2: User selects device camera Provider 3: Powerbox sends introduction request to local camera Provider 4: Provider activates camera 5: User takes a picture 6: Link to image provided
We need: • Resource discovery • User directed resource selection • Standardized APIs (HTTP – REST) • Access and privacy control