1

The phone in the cloud Utilizing resources hosted anywhere

Claes Nilsson

2

“Software as a Service”

“Cloud Computing”

……..

3

What about

“The Phone as a Service”

GPS Camera MessagingCalendar

…………….

4

Let us combine this……..

5

So, we all agree that…

6

The Web is THE application execution

platform

7

and that ….

8

Mobile Devices must be full citizens of the

Cloud

9

and that….

10

Web Applications must be able to consistently

utilize Cloud Resources

as well asLocal Device Resources

11

Device APIs

Acc

ess

co

ntr

ol

fra

me

wo

rk

Web Application Device Capabilities

Give Web Applications access to device capabilities in a

secure manner

GPS

Camera

Messaging

Calendar

12

Existing Device API solutions

GeoLocationDAP APIs

All these solutions define JavaScript APIs for web

browsers and web widget engines

Example:

navigator.geolocation.getCurrentPosition(showMap);

13

14

One approach is control by some trusted

authority

15

Existing Device API solutions –Bondi/JIL Security

define an access policy control framework based on origin of web application and

user interaction

Access control policyframework

• Unknown ?•Manufacturer ?

• Operator ?

Web Application Device Capabilities

16

Existing Device API solutions – Bondi/JIL policy security model

Examples:

• “A Widget whose signature chains to operator root certificate can read and write from the PIM databases”

• “A Widget downloaded from weather.com can access geolocation coordinates if the user says it’s OK”

Control by a configured access policy

17

Another approach is full user control (and

responsibility)

18

Security – implicit user consent examples

Full user control

• user must press camera shutter

• user must state granularity of location

• user must inspect message and press “send”

•

19

Device APIs – work in progress

Device API and Policy (DAP) WG

• Main SDO for Device APIs• SEMC active – support for W3C DAP is our main strategic direction for device APIs

• Other members; Nokia, Vodafone, Google, Opera, Orange, AT&T, Telefonica, OMTP, Aplix, Intel…...

• W3C DAP Website

20

Device API and Policy WG

So far JavaScript interfaces defined

MessagingContacts

Calendar

File Writer

MediaCapture

System informationandSensors

Gallery

File DirectoriesSystem

21

Device API and Policy WG

In addition an optional genericpolicy based access control framework

is being worked on

22

•Another approach proposed by

•Local Resources as “Virtual Web Servers”

•HTTP REST APIs

Device API and Policy WG – REST APIs

Client (Web Browser orWidget Engine)

Server(Resource Provider)

Server(Resource Provider)

http://................

http://................

23

•APIs as URIs:• Example: http://localhost/dap/contacts/create.json?...&name=Mr.%20Robert%20Smith%20Jr&nicknames=Bob

•Access through standard HTTP methods GET, POST, PUT, DELETE

•More reading Rest Introduction

Device API and Policy WG – REST APIs

24

•HTTP REST API advantagesLanguage independent

A resource can be situated "anywhere“In mobile device, in PC, in accessory, in server…

A resource can be accessed from “anywhere”

Leverage on existing HTTP access control mechanisms

Device API and Policy WG – REST APIs

25

InternetInternet

BrowserBrowser

In-device Web ServerIn-device Web Server

Access ControlAccess Control

WebApplication

Native DeviceAPIs

Native DeviceAPIs

Device

RESTDeviceAPIs

SEMC - access to local resources through in-device web server

Any native APIcan be bound to a web API

New web APIsby upgradingin-device server

JS libraries to hide complex REST-coding

26

•Powerbox• Proposed by , SEMC and Mozilla Labs• Supports discovery and interaction with resources independent of where these resources are hosted or how they are produced

• Security and Privacy purely user controlled

Device API and Policy WG – Powerbox

27

1. Customer Web Application needs a user’s private image

2. User selects image Provider:• Photo sharing web site

• Local device image gallery

• Device camera

3. User selects image

Device API and Policy WG – Powerbox example scenario

28

Device API and Policy WG – Powerbox Provider Registration

1: Web content:“Offer URL to Provider”

Remote ResourceProvider (e.g. photo sharing site)

Remote Resources

……

Local Resource Providers

Web Site thatoffers a Provider

2: Get Providermetadata doc

Powerboxenabledbrowser

“Pre-registered”

29

Device API and Policy WG – Powerbox User selects remote Provider

Customer Web Site

1: Web Application: “Request image”

3: Powerbox sends introduction request to Provider

5: Provider provides link to selected image

2: User selects Remote Resource Provider

Remote ResourceProvider (e.g. photo sharing site)

Remote Resources

Powerboxenabledbrowser

4: Provider returns web page that lets user choose image

30

Device API and Policy WG – Powerbox User selects device gallery Provider Customer

1: Web Application: “Request image”

4: Provider lets user choose image5: Provider provides link to selected image

2: User selects device gallery Provider

Powerboxenabledbrowser

Local Resource Providers

3: Powerbox sends introduction request to local gallery Provider

31

Device API and Policy WG – Powerbox User selects device camera Provider Customer

1: Web Application: “Request image”

4: Provider activates camera

6: Link to image provided

2: User selects device camera Provider

Powerboxenabledbrowser

Local Resource Providers

5: User takes a picture

3: Powerbox sends introduction request to local camera Provider

32

Conclusion

33

Use resources hosted anywhere

34

•We need:

Resource discovery

User directed resource selection

Standardized APIs (HTTP – REST)

Access and privacy control

35

Thank you !