Upload
we4it-group
View
338
Download
1
Embed Size (px)
DESCRIPTION
Citation preview
© 2013 IBM Corporation
Mobile Domino Applications – Offline Capability and Security
Matthew Fyleman | Product / Project Manager - We4IT
2 © 2013 IBM Corporation
Please note:
IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.
Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
3 © 2013 IBM Corporation
Agenda
Why is Offline Persistence Important?
Offline Persistence and HTML 5.0
Synchronisation and REST APIs
Security Considerations
Securing Offline Data
An Easier Way ...
Q & A
4 © 2013 IBM Corporation
Welcome and Introductions
Matthew Fyleman─ Senior Product / Project Manager: We4IT GmbH.
– 20 years of Lotus Notes / Domino Development Experience– Recently focused entirely on XPages development– Working on We4IT's XPages framework – Aveedo– Also on Offline capabilities for docLinkr
5 © 2013 IBM Corporation
Agenda
Why is Offline Persistence Important?
Offline Persistence and HTML 5.0
Synchronisation and REST APIs
Security Considerations
Securing Offline Data
An Easier Way ...
Q & A
© 2013 IBM Corporation
Increasing Demand for Mobile Applications
Smartphones and Tablets
commonplace
Awareness that application access
on smart devices is possible
Initially a mix of mobile browser and
native applications
Native applications often worked
offline ...
© 2013 IBM Corporation
The Importance of Offline Persistence In most cases, connected access only is acceptable Some application data is useful to have
offline:─ Who uses the contacts app on their phone for
more than just dialling?─ What about a sales rep.?
Despite provider claims coverage is not universal:
─ No coverage─ Canyoning in cities─ Mandatory shutdown of wireless connections
(planes*, hospitals)
Until recently offline persistence was only possible in native applications Titanium Studio, PhoneGap etc. make native applications for multiple device
platforms easier But there is now another option ...
8 © 2013 IBM Corporation
Agenda
Why is Offline Persistence Important?
Offline Persistence and HTML 5.0
Synchronisation and REST APIs
Security Considerations
Securing Offline Data
An Easier Way ...
Q & A
© 2013 IBM Corporation
HTML 5 and Web SQL
HTML 5 has Web SQL and offline storage management features
If you are competent with HTML, JavaScript and Web 2.0 technologies it is
reasonably straightforward.
Simple example can be found at this address:
─ http://tutorials.html5rocks.com/en/tutorials/webdatabase/todo/
But …
© 2013 IBM Corporation
Current HTML 5 Issues
The bulk of HTML 5 is established and usable in most browsers, including
mobile
However, the standard is unlikely to be ratified before 2014 (?!!)
Implementation is inconsistent across browsers
─ Mostly minor inconsistencies, but in particular -
Storage and Web SQL currently only work under Chrome So for the moment native is still the easiest way to go ...
11 © 2013 IBM Corporation
Agenda
Why is Offline Persistence Important?
Offline Persistence and HTML 5.0
Synchronisation and REST APIs
Security Considerations
Securing Offline Data
An Easier Way ...
Q & A
© 2013 IBM Corporation
Synchronicity
Setting up an offline database is relatively simple
The tricky bit is the synchronisation with the online
storage
We've been here before …
Notes' replication engine was actually an
afterthought!
A short REST ...
© 2013 IBM Corporation
RESTful Services
Representational State Transfer – Roy Fielding, see wikipedia article:
─ http://en.wikipedia.org/wiki/Representational_state_transfer
Not a standard!
Simpler than other protocols (e.g. SOAP), yet still scalable
Uses URI's for calls
Asynchronous and stateless
© 2013 IBM Corporation
Some RESTful Thoughts ...
Plan your API – it makes implementation much simpler
Version it – but avoid providing a general pointer to latest
Document it – nothing slows adoption like the lack of documentation
In Domino, make use of XAgents:
─ See XAgents – Web Agents Xpages Style at Wissel.Net
─ http://www.wissel.net/blog/d6plinks/shwl-7mgfbn
Not a tutorial but take a look at:
─ BP204 Take a REST and put your data to work with APIs
─ Craig Schumann - Inner Ring Solutions
─ http://www.innerringsolutions.com/downloads/Connect2013/B
P204.pdf
© 2013 IBM Corporation
Final Synchronisation Thoughts
Write a generic synchronisation engine:
─ Javascript Library client side
─ XAgent server side (in Java!)
Engine will be driven from client:
─ Must push (send to server)
─ Pull (receive from server)
─ Be Asynchronous but allow data to be chunked
Decide how to deal with conflicts
You will still need to design each offline version separately
─ (Unless you want to construct a formula interpreter!)
16 © 2013 IBM Corporation
Agenda
Why is Offline Persistence Important?
Offline Persistence and HTML 5.0
Synchronisation and REST APIs
Security Considerations
Securing Offline Data
An Easier Way ...
Q & A
© 2013 IBM Corporation
They're Out To Get You ...
Data on a mobile device is inherently insecure
─ Even in sandbox environments like Good Technology
Lost or Stolen phones are an issue – but most thieves
would not know the value of the data
Weakest link is the user
Rule #1: If data is really that sensitive, don't put it on a
mobile device!
Rule #2: If you support a BYOD environment (and
even if you don't) put a mobile data policy in place:
─ Otherwise you might be sued!
─ Examples available on the web
18 © 2013 IBM Corporation
Agenda
Why is Offline Persistence Important?
Offline Persistence and HTML 5.0
Synchronisation and REST APIs
Security Considerations
Securing Offline Data
An Easier Way ...
Q & A
19 © 2013 IBM Corporation
Security on the Move
Synchronisation security (online)
─ Authentication (HTTP, SSL, LTPA)
─ Authorisation (OAuth)
─ Interesting article:– http://www.darkreading.com/security/client-
security/232500640/the-future-of-web-authentication.html
Storage Security (offline)─ Do NOT rely on device-memory storage to keep data secure
(DropBox!)
─ Most important to encrypt sensitive data, particularly, but not
exclusively, for removable storage
─ There are JS encryption libraries out there but not particularly robust
─ Always keep in mind Rule #1 on the previous slide!
20 © 2013 IBM Corporation
Agenda
Why is Offline Persistence Important?
Offline Persistence and HTML 5.0
Synchronisation and REST APIs
Security Considerations
Securing Offline Data
An Easier Way ...
Q & A
© 2013 IBM Corporation
Why Go To All That Trouble?
Several Moderately Complex Applications?
Need to enable them all for mobile?
Want offline cabability for some/all?
docLinkr
© 2013 IBM Corporation
Summary Offline capability for mobile applications is desirable
─ And in some cases essential!
HTML 5 will make this simpler, but it is not quite there yet
Use RESTful services and XAgents for Synchronisation
The User is the weakest link in the security chain – remember
Rule #1
Mobile security centers on Authentication, Authorisation and
Encryption
There are easier ways of doing things!
23 © 2013 IBM Corporation
Q & A
24 © 2013 IBM Corporation
Legal disclaimer
© IBM Corporation 2013. All Rights Reserved.The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer.
Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both.