Mobile Minutes 2009-03-19

From MemberWiki

Jump to: navigation, search

URL: http://www.openajax.org/member/wiki/Mobile_Minutes_2009-03-19

Contents

Attendees

  • Jon Ferraiolo, IBM
  • Mohammed Dadas, Orange
  • Andrew Sledd, Ikivo
  • Nick Allott, OMTP (invited guest)
  • Adam Peller, IBM
  • David Boloker, IBM
  • Andre Charland, Nitobi
  • Jeremy Chone, Nexaweb

Original Agenda

Minutes

White paper

Jon: Nick, you said at the last phone call that you would pull together a BONDI primer. You have sent me drafts. Is it now posted?

Nick: Yes. How should I send the URL?

Jon: Send an email to me.

Jon: Probably can't organize feedback relative to the primer until after your F2F.

PhoneGap

Andre: PhoneGap is a framework for developers. Open source with MIT license. HTML and JS run natively on phone across multiple mobile platforms. Same JS code using same APIs across different phones. APIs give access to system functions. Pretty much complete at this point regarding iPhone 2.0. We now have 40-50 apps in the app store using the framework. Among APIs supported are accelerometer and GPS. Android is in process. Some things work on RIM, but the browser available to the SDK is very limited. Also targeting Nokia, Palm and Windows Mobile. APIs bridge from JS to native platform support, such as Objective-C on iPhone. 500 developers on our mailing list. My company is a service provider for JS development. We are also working on simulators fro Eclipse and Dreamweaver. It is possible that UI consists of a URL to a web page on the net.

Jeremy: What's the difference with iPhone 3.0?

Andre: More APIs. Also, geo APIs are available directly within WebKit.

Jeremy: What you are providing is a native wrapper over HTML

Andre: Yes, similar to what AIR does

Jon: Are there leverage opportunities between PhoneGap and BONDI? For example, PhoneGap might allow accelerated delivery of BONDI APIs, and PhoneGap might benefit from having a gold star for supporting an official set of APIs

Nick: PhoneGap delivers a native application but provides a programming environment where you can use HTML+JS, which differs from a web page in that it adds access to device APIs, and in this sense there is overlapping goals. I assume with PhoneGap that security model is delegated to the platform?

Andre: Yes. iPhone prompts user when attempting to do an SMS to allow the SMS to be sent.

Nick: BONDI has two methods: (a) web page, (b) widget package. Assumption is that platforms will support the BONDI security model and the BONDI API platform.

Nick: PhoneGap APIs pretty much the same as BONDI except maybe simpler and more elegant

Nick: I support Jon's position on getting them to align

Andre: We don't actually want to deliver native applications, but that's the only way to do it today

Nick: Yes, a practical solution to a practical problem

Andre: Our dream is that one day you won't need to use native apps to do this

Jon: W3C Widgets is close to Nokia's ZIP/Dashboard widget technology today. Conceivably, given infinite resources, PhoneGap could implement both W3C Widgets and BONDI.

Andre: Yes

Nick: Right now our APIs are a superset of PhoneGap's APIs

Andre: You will always have the superset/subset feature issue because phones all have different APIs.

Nick: We have a few weeks to work together towards minimizing the delta between the technologies

Andre: Will BONDI support accelerometer?

Nick: Soon after 1.0. Maybe a 1.0.1.

Nick: Note that BONDI has an extensible API, so new APIs can be added.

Enterprise Feedback

Jon: I talked with a few people from the mobile team at IBM/Lotus.

Jon: First interesting thing was their feedback on web pages vs. widgets. Mobile browsing was very much on their radar, but they hadn't thought about mobile widgets as a possible vehicle. I wonder if there is an industry marcom problem with widgets, where the people involved in widgets know about them, and some early adopters, but that the broad mainstream is unaware.

Nick: I'm making a note on this.

Jon: Second thing is the prioritized list of devices and platforms. iPhone is at the top right now. I'll bet the next four platforms will vary if you talk to different people in Enterprise workflows.

Andrew: Email and office requirements will cause people to elevate importance of Windows Mobile

Jeremy: There is a huge stack of devices and lots of tricky issues to deploy mobile applications on the devices. Therefore, an Enterprise will just hit the top devices, particularly ones that support the Open Web and are likely to drive the market.

Jon: I expect that thinking will be common across Enterprise companies.

Jeremy: Probably want more than one, say the top three. Enterprise customers generally want more than one choice

Jon: Now onto features. How about support for iCal and vcard?

Nick: Problem with vcard is lack of standards and consistency. Instead, we chose to define lower-level APIs. It would be the responsibility of JavaScript logic to parse the vcard or iCal entry

Jon: Reasonable response

Jon: Finding names based on a pattern?

Nick: I don't know whether we support that. Yes, desirable.

Jon: Mixing corporate and personal data

Nick: Have to research that. We have the ability to have two address books, built-in and SIM card, but whether there is further extensibility, have to check. Maybe use categories to achieve this. An issue is that the underlying platform doesn't have this distinction.

Jon: Synchronization is an Enterprise requirement.

Nick: We are having discussions in this area. Anything that's offline has to sync. We are talking to Oracle about AtomDB.

Jeremy: OMA uses SyncML

Jon: Also used by some IBM products.

Nick: Pretty well supported on mobile phones.

Jeremy: Could you add sync to your spec?

Nick: A future consideration

Jon: Next big thing from the list: the ability for a server to push a message to client to wake up and act

Nick: We will squeeze in an SMS approach as a hack. You have to register for a system event for a change to the SMS inbox. What you really want is something more direct.

Jon/Nick: iPhone3 SDK seems to have this

Jon: Also, vague worries about usability in applications needed authentication. If you have a touchscreen device, it can take awhile to type. If you have to give various approvals or passwords on the phone to get started, and then have to login to a server to get data, it might take so long that users say forget about it.

Nick: BONDI security policy was designed with these issues in mind. There are assurances that the app can be trusted. If there is some HW that authenticates the user, that will help. Widget installation is quite easy. No prompting required. Security model knows that the given widget is trusted.

Jon: That's reassuring

Security requirements

Jon: Not much time left. IBM security experts gave a general thumbs up on the conceptual approach, but that's understandable, because the same people had outlined what was needed before OpenAjax started looking at this, and we all managed to give them what they wanted.

Jon: First big thing is the need for concrete use cases. We have mentioned this before. To help out, we brainstormed three quick scenarios for which sample security policies could be formed.

Nick: Totally agree that you can only tell when put into practice. That's why we have the reference implementation. Includes multiple examples with security. Includes the features listed in the 3 examples.

Jon: Running out of time. Let's look the item on yes/no/prompt. In some cases, such as giving permission to an addressbook, you might want to approve/disapprove on a per-item basis.

Nick: That's covered. We have an option for prompt for each item.

Jon: OK

Jon: OK, out of time. If any other feedback, send to mobile@openajax.org.

Retrieved from "http://www.openajax.org/member/wiki/Mobile_Minutes_2009-03-19"
Personal tools