14 DAY TRIAL // The web has morphed over the years and it's increasingly being used as a platform for applications rather than a huge 'library' of linked pages. But, as a platform, it's still behind native ones and, despite big advances in HTML5, it still has a long way to go before really challenging desktop or mobile operating systems.
It's getting there though, Mozilla is working on a new API, dubbed WebAPI, that should enable web applications to behave more like native ones, by having more access to the device underneath, be it to information stored locally, or to the features and capabilities of the device.
Some early examples of this are the geolocation API, used by most modern browsers to access location data on a device, provided by an IP or by direct GPS data, or access to the accelerometers, which Firefox experimented with.
Hardware access is a must for future web apps
But Mozilla wants a lot more, access to the file system, to the camera on a phone, to a contacts list, to calendar events and so on. Web apps should be able to do anything that a native app does.
"We want to make the full range of hardware that people use available to the web platform," Mozilla's Jonas Sicking writes.
Jonas Sicking was an editor for IndexedDB and File API at W3C, so he is well within his field of expertise with WebAPI.
"From common hardware like cameras, to more rarely used (but no less awesome) hardware like USB-driven Nerf cannons. We also want to enable communication hardware like Bluetooth and NFC," he explained.
WebAPI is intended to become a web standard
The way to achieve this is via powerful APIs, and Mozilla is already working on WebAPI which should provide a way for web apps and sites to access the device they're running on, with a focus on mobile devices for now.
Mozilla wants WebAPI to become a standard, adopted by browser makers and web developers, but it needs to build a powerful, stable and secure set of APIs before it can move to the next phase and make a proposal with the W3C, WAC or WHATWG.
Security is the biggest concern
The reason why no API like this exists today is because web applications and websites have always been treated as insecure. Granting them access to the underlying hardware was not something that browser makers wanted, in fact, they work hard to do the opposite.
Google Chrome, for example, uses a sandbox to isolate web content from the system it's running on and it's working on adding another sandbox layer via Native Client.
So security is a priority for WebAPI. Mozilla hasn't decided yet what type of security model will be chosen and how permissions will work, but will not release anything until security risks are minimized.
"We are developing these APIs, we always have to develop a security model to go along with them. In some cases simply asking the user, which is how we currently do Geolocation, might work," Sicking explained.
"In others, where security implications are scarier or where describing the risk to the user is harder, we’ll have to come up with better solutions," he said.
"I really want to emphasize that we don’t yet know what the security story is going to be, but that we’re absolutely planning on having a solid security solution before we ship an API to millions of users," he insisted.
WebAPI is still very much in the early stages, but Mozilla wants something it can show others within months. If we look back at how fast WebGL became standard, only a year or so, the possibility of very powerful web applications coming within a year, two at most, is a real one.