—

A new step in the evil strategy to have the open web platform becoming the universal development framework for mobile app developers has been unveiled this summer by the World Wide Web Consortium (W3C).

—

Up to now ,W3C plan was to have mobile web app executed in smartphone and tablet browsers, offering features based on HTML5, CSS and some additional javascript features developed by the Device API Working Group (so called DAP for the people attending this club). Features like : network information – (how is the device connected ? 3G, 2G, Wifi…), battery status information, service discovery (is there any payment webapp on the device another webapp can use ?), vibration capability (bzzz, bzzz), management of media from the webapp … A complete list of items and corresponding specifications are publicly available on DAP wiki [1]. And in addition, if you want to follow when this will land in your favorite browsers, Dominique Hazaël-Massieux @dontcallmedom from W3C Office, is maintaining all devices and browsers implementing the standard HTML and javascript APIs [2]. Great. That was 2012 year plan roll out.

The plan for 2013 is much more ambitious : W3C is in the process of creating a new working group which will handle more advanced features [3]. Why not having a webapp being able to manage alarm, play with contacts, dial a number, send and receive SMS, listen specific connection or manage device power .. just like native application in most of the smartphone actually can ? Well, this question of empowering webapp with such natural capabilities has been frozen up to now due to  security concerns. The current security model of the web is : trust anything the user agree to load and make sure that content when being downloaded by this webapp is coming from the same origin (same domain) as the requiring webapp. Simple, efficient, but … accessing power management, device settings and other items may be dangerous for the user – and the device maker. And this is why the working group will design, together with those APIs, a new security model. This security model will make sure that no malicious webapp is going drain the battery or see data exchanged over your internet connection while it should not. Once the security model and this first set of API will be advanced, the working group will go on with a second wave of attractive components: managing Bluetooth connections, manipulating device characteristics (such as settings, idle state, capabilities), accessing calendar, playing with hardware secure tokens,  …

You are not impressed ? Right. All those capabilities are not new to the web. Mots of them are already offered in web operating systems such as Boot2Gecko developed by Mozilla [4], Tizen promoted by Samsung and Intel [5]. In addition, several initiatives such as the dead WAC (Wholesale Application Community) or the living Webinos European project [6] have already researched similar services. (note : the only feature which has been removed from the working group scope is the NFC, due to probable Intellectual Properties pitfall). Anyway, all this existing material is referenced as a basis for the working group. What is new is this joint effort for standardize and harmonizing implementations in browsers with this special care for user security and privacy. This is where the challenge is residing. It will be up to the W3C participating members to make choice or take the best of each to offer webapp serious competitive advantages.

This working group will probably become an official W3C one in few weeks, lead by two co-chairs from Google and Samsung, as announced in the charter. First deliverable is expected for beginning of 2013. Stay tuned [7] to know more about the progresses of this promising working group, named the SysApps working group – yeah, I kept the name for the end, finding it particularly strange …

[1] W3C Device API Working Group wiki ; [2] W3C Standards for Web Applications on Mobile:  current state and roadmap ; [3] W3C draft charter of the SysApps Working Group ; [4] Boot2Gecko wiki ; [5] Tizen website ; [6] webinos european project website ; [7] W3C SysApps Working Group public mailing list.