Mais conteúdo relacionado
Semelhante a We4IT lcty 2013 - captain mobility - mobile domino applications offline capability and security (20)
We4IT lcty 2013 - captain mobility - mobile domino applications offline capability and security
- 1. Mobile Domino Applications –
Offline Capability and Security
Matthew Fyleman | Product / Project Manager - We4IT
© 2013 IBM Corporation
- 2. Please note:
IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal
without notice at IBM’s sole discretion.
Information regarding potential future products is intended to outline our general product direction
and it should not be relied on in making a purchasing decision.
The information mentioned regarding potential future products is not a commitment, promise, or
legal obligation to deliver any material, code or functionality. Information about potential future
products may not be incorporated into any contract. The development, release, and timing of any
future features or functionality described for our products remains at our sole discretion.
Performance is based on measurements and projections using standard IBM benchmarks in a
controlled environment. The actual throughput or performance that any user will experience will
vary depending upon many factors, including considerations such as the amount of
multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the
workload processed. Therefore, no assurance can be given that an individual user will achieve
results similar to those stated here.
2 © 2013 IBM Corporation
- 3. Agenda
Why is Offline Persistence Important?
Offline Persistence and HTML 5.0
Synchronisation and REST APIs
Security Considerations
Securing Offline Data
An Easier Way ...
Q&A
3 © 2013 IBM Corporation
- 4. Welcome and Introductions
Matthew Fyleman
─ Senior Product / Project Manager: We4IT GmbH.
– 20 years of Lotus Notes / Domino Development Experience
– Recently focused entirely on XPages development
– Working on We4IT's XPages framework – Aveedo
– Also on Offline capabilities for docLinkr
4 © 2013 IBM Corporation
- 5. Agenda
Why is Offline Persistence Important?
Offline Persistence and HTML 5.0
Synchronisation and REST APIs
Security Considerations
Securing Offline Data
An Easier Way ...
Q&A
5 © 2013 IBM Corporation
- 6. Increasing Demand for Mobile Applications
Smartphones and Tablets
commonplace
Awareness that application access
on smart devices is possible
Initially a mix of mobile browser and
native applications
Native applications often worked
offline ...
© 2013 IBM Corporation
- 7. The Importance of Offline Persistence
In most cases, connected access only is acceptable
Some application data is useful to have
offline:
─ Who uses the contacts app on their phone for
more than just dialling?
─ What about a sales rep.?
Despite provider claims coverage is not
universal:
─ No coverage
─ Canyoning in cities
─ Mandatory shutdown of wireless connections
(planes*, hospitals)
Until recently offline persistence was only possible in native applications
Titanium Studio, PhoneGap etc. make native applications for multiple device
platforms easier
But there is now another option ...
© 2013 IBM Corporation
- 8. Agenda
Why is Offline Persistence Important?
Offline Persistence and HTML 5.0
Synchronisation and REST APIs
Security Considerations
Securing Offline Data
An Easier Way ...
Q&A
8 © 2013 IBM Corporation
- 9. HTML 5 and Web SQL
HTML 5 has Web SQL and offline storage management features
If you are competent with HTML, JavaScript and Web 2.0 technologies it is
reasonably straightforward.
Simple example can be found at this address:
─ http://tutorials.html5rocks.com/en/tutorials/webdatabase/todo/
But …
© 2013 IBM Corporation
- 10. Current HTML 5 Issues
The bulk of HTML 5 is established and usable in most browsers, including
mobile
However, the standard is unlikely to be ratified before 2014 (?!!)
Implementation is inconsistent across browsers
─ Mostly minor inconsistencies, but in particular -
Storage and Web SQL currently only work under Chrome
So for the moment native is still the easiest way to go ...
© 2013 IBM Corporation
- 11. Agenda
Why is Offline Persistence Important?
Offline Persistence and HTML 5.0
Synchronisation and REST APIs
Security Considerations
Securing Offline Data
An Easier Way ...
Q&A
11 © 2013 IBM Corporation
- 12. Synchronicity
Setting up an offline database is relatively simple
The tricky bit is the synchronisation with the online
storage
We've been here before …
Notes' replication engine was actually an
afterthought!
A short REST ...
© 2013 IBM Corporation
- 13. RESTful Services
Representational State Transfer – Roy Fielding, see wikipedia article:
─ http://en.wikipedia.org/wiki/Representational_state_transfer
Not a standard!
Simpler than other protocols (e.g. SOAP), yet still scalable
Uses URI's for calls
Asynchronous and stateless
© 2013 IBM Corporation
- 14. Some RESTful Thoughts ...
Not a tutorial but take a look at:
─ BP204 Take a REST and put your data to work with APIs
─ Craig Schumann - Inner Ring Solutions
─ http://www.innerringsolutions.com/downloads/Connect2013/B
P204.pdf
Plan your API – it makes implementation much simpler
Version it – but avoid providing a general pointer to latest
Document it – nothing slows adoption like the lack of documentation
In Domino, make use of XAgents:
─ See XAgents – Web Agents Xpages Style at Wissel.Net
─ http://www.wissel.net/blog/d6plinks/shwl-7mgfbn
© 2013 IBM Corporation
- 15. Final Synchronisation Thoughts
Write a generic synchronisation engine:
─ Javascript Library client side
─ XAgent server side (in Java!)
Engine will be driven from client:
─ Must push (send to server)
─ Pull (receive from server)
─ Be Asynchronous but allow data to be chunked
Decide how to deal with conflicts
You will still need to design each offline version separately
─ (Unless you want to construct a formula interpreter!)
© 2013 IBM Corporation
- 16. Agenda
Why is Offline Persistence Important?
Offline Persistence and HTML 5.0
Synchronisation and REST APIs
Security Considerations
Securing Offline Data
An Easier Way ...
Q&A
16 © 2013 IBM Corporation
- 17. They're Out To Get You ...
Data on a mobile device is inherently insecure
─ Even in sandbox environments like Good Technology
Lost or Stolen phones are an issue – but most thieves
would not know the value of the data
Weakest link is the user
Rule #1: If data is really that sensitive, don't put it on a
mobile device!
Rule #2: If you support a BYOD environment (and
even if you don't) put a mobile data policy in place:
─ Otherwise you might be sued!
─ Examples available on the web
© 2013 IBM Corporation
- 18. Agenda
Why is Offline Persistence Important?
Offline Persistence and HTML 5.0
Synchronisation and REST APIs
Security Considerations
Securing Offline Data
An Easier Way ...
Q&A
18 © 2013 IBM Corporation
- 19. Security on the Move
Synchronisation security (online)
─ Authentication (HTTP, SSL, LTPA)
─ Authorisation (OAuth)
─ Interesting article:
– http://www.darkreading.com/security/client-
security/232500640/the-future-of-web-authentication.html
Storage Security (offline)
─ Do NOT rely on device-memory storage to keep data secure
(DropBox!)
─ Most important to encrypt sensitive data, particularly, but not
exclusively, for removable storage
─ There are JS encryption libraries out there but not particularly robust
─ Always keep in mind Rule #1 on the previous slide!
19 © 2013 IBM Corporation
- 20. Agenda
Why is Offline Persistence Important?
Offline Persistence and HTML 5.0
Synchronisation and REST APIs
Security Considerations
Securing Offline Data
An Easier Way ...
Q&A
20 © 2013 IBM Corporation
- 21. Why Go To All That Trouble?
Several Moderately Complex Applications?
Need to enable them all for mobile?
Want offline cabability for some/all?
docLinkr
© 2013 IBM Corporation
- 22. Summary
Offline capability for mobile applications is desirable
─ And in some cases essential!
HTML 5 will make this simpler, but it is not quite there yet
Use RESTful services and XAgents for Synchronisation
The User is the weakest link in the security chain – remember
Rule #1
Mobile security centers on Authentication, Authorisation and
Encryption
There are easier ways of doing things!
© 2013 IBM Corporation
- 23. Q&A
23 © 2013 IBM Corporation
- 24. Legal disclaimer
© IBM Corporation 2013. All Rights Reserved.
The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication,
it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice.
IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have
the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.
References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced
in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any
way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other
results.
Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary
depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed.
Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance
characteristics may vary by customer.
Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both.
24 © 2013 IBM Corporation