Subtitles section Play video Print subtitles Part 2: ... This is also a great situation for apps that need frequent updates such as a content site or other rapidly changing property The Firefox Marketplace will host app packages for apps that do use sensitive APIs, because those apps will be code-reviewed and signed by the Marketplace. Now, in a situation where an app cannot rely on the app-cache standard or IndexDB or other existing web standards for its offline experience, it's possible that the packaging standard for apps is useful to create a better offline experience for traditional web apps. And we are waiting to see how app developers will use these different technologies to best provide offline experience for their users. Purchased/paid apps are associated with a receipt and the application receipt is a JWT JavaScript web token, which is a signed blob of text The signing is used to reveal tampering or forgery of a receipt. A receipt is not tied to users specific identity nor is the receipt tied to the identity of an individual device. Here's a sample receipt showing the name of the product and the unique identifier associated with the user which the Marketplace can use to verify that no refund was given for this receipt. The receipts are issued by the Marketplace at time of purchase, and installed at that time on the device. We will provide an opt-in service that allow users to back up all their receipts regardless of where the apps were purchased. The receipt is made available to the app at runtime, for server-side verification and for detection of fraud. Fraud can be detected by noticing frequent use of identical receipts from many, different locations. Receipts will expire and periodically be refreshed and this will mitigate the risk of the signing keys being compromised at the Marketplace. In addition to the notion of paid apps, we also have the notion of in-app payments. In-app payments are used when a developer wants the user to participate in the application by purchasing digital content, extra levels or weapons in a game, or content in a magazine or book-type site. These are facilitated by a DOM API that we are developing currently called navigator.mozpay. At the present the in-app payments are a communication directly between the developer and the user - and the Marketplace has little involvement beyond invoking the payment provider Here's a sample JSON description of an in-app payment, giving the name of the digital content and a detailed description. Finally, what is an app store? The most minimal definition of an app store is any web page that invokes the mozapps install API. Any page that allows you to install an app could be considered an app store. In our case, it's much more than that. Our app store, called the Firefox Marketplace, is itself an app. that allows user to discover, purchase and install a wide variety of applications. It is also a web service that generates and validates application receipts. And finally, in the best Mozilla tradition, it is a group of people, a community that reviews and curates apps, and ensures that our users have a great experience when they go there, ... and find useful things. Firefox Marketplace is based on proven technology from addons.mozilla.org. We are confident that it will sustain the load of our Apps ecosystem in the coming years and it is proven to have created a strong developer community. We are working to refactor the code to make it better able to operate in multiple data centers, and we'll be rolling that out next year.
B1 app apps receipt marketplace mozilla app store Architecture of the Mozilla Apps Ecosystem - Part 2 10 2 陳彥良 posted on 2013/11/23 More Share Save Report Video vocabulary