[Accepted with Revisions] SDL 0240 - WebEngine support for SDL JavaScript #767
Comments
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
theresalech
changed the title
|
The Steering Committee voted to return this proposal for revisions, so that the author can update per the action items identified in the 2019-06-24 workshop, as listed in this comment. |
theresalech
changed the title
|
The author has updated the proposal, and the revised proposal is now in review until 2019-07-23. |
This comment has been minimized.
This comment has been minimized.
|
The Steering Committee voted to defer this proposal, keeping it in review until our next meeting on 2019-07-30, to allow the author and all SDLC Members to review the OpenHMI Response from the project maintainer and provide input. It was reiterated that all SDLC Members are encouraged to review this proposal and project maintainer's feedback. |
|
During the 2019-07-30 Steering Committee meeting, an SDLC Member asked for the general intention of this proposal. The author answered that it provides a new way of how applications are presented on the HMI, especially in relation to in-vehicle web applications, using JavaScript. The Steering Committee then voted to defer this proposal, keeping it in review until our next meeting on 2019-08-06, to allow for more review and discussion of the proposal. It was again reiterated that the project maintainer believes this proposal to be introducing a very impactful change, which should be carefully considered by all members. |
|
The Steering Committee voted to defer this proposal, keeping it in review until our next meeting on 2019-08-20, to allow the author and members time to respond to the feedback from the Project Maintainer. It was agreed that if there was no activity on the review issue by the next meeting, the proposal would be deferred as inactive. |
This comment has been minimized.
This comment has been minimized.
|
The Steering Committee voted to return this proposal for revisions, to remove the OpenHMI components and only focus on in-vehicle applications and the web engine. OpenHMI components will be discussed separately in a subsequent proposal, once in-vehicle applications and web engine are agreed upon. As the author noted revisions (removing OpenHMI) were ready (#810), the Steering Committee then voted to bring the revised proposal into review. The revised proposal will now be in review until 2019-08-27. It was also communicated during the Steering Committee Meeting that returning a proposal for revisions and bringing the revisions into review in the same week is not something that should happen moving forward, unless the proposal is critically time sensitive. The Project Maintainer is working to clarify the SDL Evolution Process in the repository’s process.md, and will share with the Steering Committee for review soon. Once the process is more defined, we can ensure it’s adhered to in all scenarios moving forward. |
|
The Steering Committee voted to defer this proposal, keeping it in review until our next meeting on 2019-09-03, to allow for additional time to review. |
|
1.
*if Core is built with Should there be any other mechanism that would determine if Core should listen on this port? For example, if the policy table includes at least one entry for a local web engine app the websocket server transport should be activated? I would prefer if the websocket wasn't opened unless there was an app that was intended to use it, but this is not a blocker for me. I would imagine it would also be possible to know how many connections core should allow based on PT entries, but would likely cause more issues than it is worth. 2a.
Just as a clarification, the original decision was to treat local and cloud apps as the same type that would give preference to local apps over cloud. 2b.
The developer portal currently allows for Android, iOS, Cloud, and Embedded as the registered app types. If a change is requested to that set I want to make sure it is very clearly stated and this statement alone isn't taken as the spec of what should be done. 3.
Should the PT entry be extended to include more information about the app and its transport in the case of needed a Websocket server vs Core being the ws client? 4. I think one aspect that could enhance this proposal would be the ability load the app as a javascript module from the HMI if the HMI were also using a webengine. Maybe it makes sense to create a new line in the manifest to include the javascript file only. {
"entrypoint_html": "index.html",
"entrypoint_js": "js/hello_sdl.js",
...
}This could be a separate proposal, but changing the 5.
Is this intended to be RPC spec version? Currently we support versions for both the protocol layer and the RPC messaging layer and they are different. So I would imagine we should specific this version to RPC spec version, and possibly add a new key/value pair for protocol. 6. The manifest has a lot of useful information included, but the previously implemented Cloud Transport Proposal used the policy table for some of this information to display to the HMI. (eg app icon). Creating this new packaging for webengine apps would create a division between how other information from other apps (Java SE, Java EE, Node.js) is gathered currently. Maybe it's possible to create a similar structure for the other non-mobile frameworks as well? 7.
I'm not sure I agree with this point when using the Java Virtual Machine (JVM) has a few different options to increase security to a sandboxed environment. This includes simply running the JVM as different user or implementing the Java Security Manager. I would also venture that if apps have created Java implementations they would be familiar with these. However, the volume of apps that would use this framework might be less than node.js/javascript so the point is likely moot. |
|
@kshala-ford Hey Kujtim, some feedback/questions below. Keeping with the numbering that @joeljfischer started in his "technical notes" - some of which should probably still be addressed before bringing this proposal to a vote. 1. Does the SDL open-source project have any responsibility regarding app updates, or is the burden of handling app installation and updates intended to be placed entirely on the shoulders of OEMs? For example, if an app developer creates an app targeting 9. How is the OEM supposed to receive the compressed app package from a developer? Are developers expected to upload their compressed app package on smartdevicelink.com, which would then be attached to SHAID app records in the form of a file URL and propagated to SDL Servers? The end-to-end process from the perspective of an app developer is a bit vague to me. 10. The mobile app properties 11. The mobile app properties 12. The proposal states that these apps would not be allowed to be modified without going through another round of SDLC review for security reasons, however, there is an inherent risk of an app performing maliciously post-certification by using an external web API with well-obfuscated requests and responses. While this isn't something that can be easily addressed, but I feel it should be recognized as a weakness and carefully considered when reviewing these kinds of apps. 13. When an app isn't recognized, the proposal states that a Policy Table update will occur and the app's name will be verified with the list of approved app nicknames. Is a Policy Server required for this kind of app to work, or can these apps be used through the use of Core's default Policy Table? 14. Can you please describe your reasoning for putting so much metadata in the 15. In the example |
|
The Steering Committee voted to defer this proposal, keeping it in review until our next meeting on 2019-09-10, to allow for additional conversation on the review issue between the author and commenters. |
|
@nickschwab, @joeljfischer, @joeygrover I will follow Joey's enumeration from 1 to 7 and reply to Nick's comments from 9 to 15. Technical notes from Joel will be appended with new numbers due to the revision that made a few notes obsolete. To @joeygrover comments |1
Of course, I think this can be implied as listen to a port is impossible without the code included.
I like the idea but I have the same concerns around increase complexity. The query for the policy database is no rocket science but not sure if it delays Core initialization (might affect app resumption). I think the proposed ini settings to also specify an adapter address (e.g. localloop) it gives a fair amount of security to production vehicles. The benefit of this ini is that we could configure and listen to local network for test benches hence help developers to test their app from their computer. |2a I'm not sure if I am understanding. I know cloud apps are independent of their location and could run on the local machine (though specified as cloud app). The new app preference should be independent of and should not interfere with the cloud app feature. |2b I was reading SDL-0203 and the comments made during review but couldn't find any useful information. smartdevicelink.com doesn't say much about embedded apps. What does "Embedded" stand for in the developer portal? Isn't it what I mentioned in 2a? If you want us to spec out things properly we need the PM to do the same. |3 Please have a look at bullet point 6
|4 Not sure if I can really follow what you're suggesting. I assume it is about loading an app into a web based HMI by pointing to a js file. I'm not a fan of this approach as it would require a monolithic, single process, single DOM, single domain where nothing is protecting the HMI from apps. If this feature is really something we would like to include (in future?) it needs to be fleshed out further. I believe "entrypoint" doesn't need to be changed to prepare this feature as a new key like |5 Yes this is the RPC spec version. It should be optional and allow developers to specify a RPC spec version required for the app to be operational. Same can be included for min Protocol version. |6 Can you specify what information you are referring to? The only field I can see is the app icon. While I understand why an icon_url make sense for a cloud app I see benefits for a local app to embed the icon into the application package. The app installation routine of the IVI system will have all app information available when installing the app. For the developers and for the OEMs it's beneficial in the way that it is clear to how the app appears on the system. It's not possible to change the app appearance or reachability (voice commands etc.) from a different source. Last the driver/user could be confused if the app all of a sudden appears differently (different app icon) or if the app cannot be launched with the previously known voice command, all without an actual app update. |7 One of the main features of JVM is to provide platform independency and of course this approach naturally includes security mechanisms. There are methods of Java to increase the security (as you mentioned the security manager) and practices to restrict access using the OS user roles. Using a sandbox with a web engine doesn't only protect the system from the app but also the app from the system (or other apps). Security and privacy are main goals of the sandbox. By default features are permission controlled (see chrome://settings/content) providing a very good protection service out of the box. As mentioned, there are many web apps available and we expect a high chance to reuse existing app code for in-vehicle apps. To @nickschwab comment |8 (belongs to @nickschwab notes to
The burden is on the shoulders of the OEMs. An OEM will have many different versions of SDL Core on the road and these vehicles would request an app list from an OEM app store backend returning a list specific for the vehicle. The OEM backend would be based on data from the SDL server. |9 This is one possible option to submit the compressed package to smartdevicelink.com. Imagining an app certification for such apps I believe it would be necessary. However, we're planning a developer to submit to our (OEM) developer platform (which can be referenced from smartdevicelink.com if such an API exist). |10 I think this is a general question about SDL server and versioning. The first thing I have in mind to solve the problem for this proposal is to:
|11 This is funny because in automotive using the word embedded is understood as "it is shipped with the vehicle" or "it's purely offline" or "it's fixed with the surrounding (software)". Local is describing a location instead. I would say "A local web application is running in an embedded WebEngine". To the point that "EMBEDDED" already exist... I want to refer to 2b from Joey and defer the discussion to the next SC meeting. I believe there's need to discuss how |12 You are right. The possibility of backend logic or data changes post-certification is a challenge. It's necessary to verify that the requests an app can send are known during certification and that they are all are properly tested. The app behavior might change due to backend sending different data hence triggering the app to behave differently. I want to note that WebEngines prevent apps to post-load executable code from a backend. |13 The plan is when an app is installed into the vehicle, the HMI sends |14 Can you please be more specific to "so much"? |15 I want to make everyone aware of the RFC 5646 which we should follow everywhere where internationalization and localization is required. to your point: Hyphen is okay but I don't think lowercase region is a good idea. It should be uppercase. To @joeljfischer comment (excluding OpenHMI questions) |16 If this question is still valid but unanswered can you please be more specific to "these OEM Store changes"? |17 3. I don't see the security concerns of running unknown JavaScript code on the head unit addressed... Just to recap. With developers submitting a compressed app package to SDL/OEMs, all the code can and will be reviewed before it is made available to apps for installation. As I noted in |12 WebEngines prevent post-loading executable code therefore the app code is known with the app being installed. The question regarding the web browser/engine vulnerability (but also compatibility): It should be the OEMs goal (as it is our goal for this feature) is to keep the engine up-to-date throughout the vehicle lifespan. This means that regular software updates should be made available to the vehicle. At least the engine should really be at the latest version. I want to add that this is a general issue for any kind of runtime environment (node, JVM etc.). It's the host-owner responsibility to keep the host up-to-date For cloud apps, it's the developer's server. For local apps it's the vehicle/IVI. |18
Yes!
this is the purpose of minSDLVersion. The OEM store should know all apps and also different versions of the app. Depending on the requesting vehicle and the current version of the vehicle it may return only supported apps. |19
We have done some analysis to how far phones can be used as a relay to the internet. Phone features like Hotspot or WiFi direct or using an app as a relay... The complexity and the risk of phone OS changes breaking the suggested feature caused us to not continue this route further. |20
I think any compression or packaging would work. With the OEM app store we will anyway need to unpackage and repackage the app compatible with the OEM specific OTA app installation procedure. This is planned to be completely transparent to the app and the partner and should not affect the behavior of the app. |21
Any place is fine. Adding them in the <!doctype html>
<html>
<head></head>
<body></body>
<script src="manifest.json"></script>
<script src="sdl.js"></script>
</html> |
|
The author has revised this proposal per Steering Committee requested revisions. The revised proposal will now be in review until December 10, 2019. In addition to reviewing the revised proposal, Steering Committee Members should be aware of the following open items which will require vote at our next meeting: 15. Vote between the two presented options: Option 1: continue using existing patterns within SDL project Option 2: use standard proposed by Ford, and convert locale strings when necessary. 21. Vote on whether or not the location of the manifest's <script> tag placement should be specified within the proposal. |
|
@kshala-ford Thank you for working with us to address several feedback items thus far. Additional items below:
|
|
Hi @nickschwab thanks for the feedback. I have a few questions: |1. 👍 Do you agree to this suggestion? |2. 👍 |3. 👍 |4. 👍 |5. 👍 (Adding the bullet points but don't refer to external services) |6. With my little knowledge about Manticore implementation I believe it could be possible to support the WebSocket-Server transport with Manticore. The only change required would be to expose the hostname and port of the Core transport. Also when building Core yourself with In both variants the "WebEngine" would be the browser on your development computer, still I think app developers do have a way to test their WebEngine apps without partnering directly with an OEM. I want to note that SDL-0158 "Cloud App Transport Adapter" didn't mention the testing environment specifically either. What I'm saying is that even though the proposal doesn't clearly mention manticore, a test environment can be created and that there's no negative impact to the ease of SDL adoption. |7. I was informed that the proposed <struct name="AppProperties">
- <param name="appID" ... />
+ <param name="policyAppID" type="String" maxlength="100" minlength="1" mandatory="true" />This suggested change doesn't have a major impact to the feature. It's just to match the naming and attributes within the HMI_API. |8. The proposal suggests that HMI should launch the app including SDL Core's hostname and port as GET parameters. The names should be I've created a PR already that includes all the agreed suggestions. You can find the PR here #888 |
|
1. 👍 Sounds good to me. Are you ok with the supporting endpoint(s) in SDL Server being an implementation detail determined by the PM? 6. I think the changes to support the testing of WebEngine apps "in the open" would be more involved due to the fact that app packages would need to be decompressed, stored, and executed from somewhere, but @JackLivio is probably best to address that effort from a Core/HMI perspective and @crokita from a Manticore perspective. I haven't looked back at the Cloud Transport Proposal, but regardless of what it contains, I think it is in the best interest of the SDLC (and SDL app developers) that new app-related features are supported by existing testing tools, and that such support is clearly documented in their respective proposals. 7. Will let @JackLivio confirm this. 8. 👍 I'm good with this. |
|
|
6. Since there aren't strict system/runtime requirements at this time for WebEngine containers (other than supporting ECMA-2017 for the SDL JavaScript library), allowing Manticore to expose Core's WebSocket Server port should be a suitable way to allow developers to test their WebEngine apps. Can you please specify this in the proposal and add Manticore as an impacted platform, or mention the ability to test WebEngine apps as a prerequisite prior to releasing the feature (similar to what was written for WebEngine App Certification)? |
@kshala-ford Could we define some minimum capabilities for a test environment that would be delivered with the web engine feature? "Test environment" in the context of testing with a local build of core and a reference hmi.
|
|
6. I agree we have to have something for developers to test their production level bundle with at the time of this features release. I believe it is very important to being good stewards of our technology that we provide the proper tools at the time of launch for features if we can. These tools should also come from/be hosted by the SDLC, so that no specific OEM gains an advantage here. 7. ( I could be wrong here)The naming of the 8. Adding SDL as a prefix is good but could we still specify these with a transport type? websocket client vs server, or even TCP client/server? There's nothing worse than naming something vaguely and having to create a corner case around it because it's legacy. |
There is already a disconnect between RPC spec and HMI api regarding "appID". In the context of the hmi api, "appID" refers to an integer that is generated by Core and is not related to the actual app id of an app. The HMI API refers to an apps mobile/policy app id as "policyAppID". Refer to the HMIApplication struct in the HMI_API.XML Regarding the minlength, the don't believe the AppProperties struct is passed from any HMI RPC to any MOBILE RPC so the differing minlength requirement should not have an impact. However adding that minlength could cause a headache in the future if we come up with a feature that will pass that struct from HMI to Mobile, or vice versa. |
|
7. Ahh, that should be something like |
|
For this proposal we only need: Possibly:
|
|
Thanks @joeygrover. Instead of |
|
I'm fine with In this case the HMI is passing these parameters to the app right? So the context would be this is the host name for a secure websocket connection server. So the parameters would be describing the Core/HMI information rather than an action for the client to take. Edit: The other option would be including additional params instead of naming them this way. |
|
Thank you for the clarification. So for WebEngine the role name should be I like the transport role as it avoids mixing roles in host and port. I'll add it to the PR |
|
The PR #888 contains the suggested changes. https://github.com/smartdevicelink/sdl_evolution/pull/888/files The actual changes are rather minor making corrections to the text, being more specific to the GET params and enabling Manticore as a basic test environment. Therefore if there are no other issues to address I would suggest to accept the proposal with revisions. |
|
1. Are you ok with the supporting endpoint(s) in SDL Server being an implementation detail determined by the PM? If so, can you please note this in the proposal? |
|
The Steering Committee voted to keep this proposal in review, as members were not yet ready to vote. It will be very important that members are prepared to vote on the following during the 2019-12-17 Steering Committee meeting:
|
theresalech
changed the title
|
The Steering Committee voted to accept this proposal with the following revisions:
|
|
Proposal updated to reflect accepted revisions, and implementation issues have been entered: |
Hello SDL community,
The review of the revised proposal "SDL 0240 - WebEngine support for SDL JavaScript" begins now and runs through December 10, 2019. Previous reviews of this proposal took place November 13 - 19, 2019, October 16 - 28, 2019, July 17 - October 8, 2019, and June 19 - 25, 2019. The proposal is available here:
https://github.com/smartdevicelink/sdl_evolution/blob/master/proposals/0240-sdl-js-pwa.md
Reviews are an important part of the SDL evolution process. All reviews should be sent to the associated Github issue at:
#767
What goes into a review?
The goal of the review process is to improve the proposal under review through constructive criticism and, eventually, determine the direction of SDL. When writing your review, here are some questions you might want to answer in your review:
Please state explicitly whether you believe that the proposal should be accepted into SDL.
More information about the SDL evolution process is available at
https://github.com/smartdevicelink/sdl_evolution/blob/master/process.md
Thank you,
Theresa Lech
Program Manager - Livio
theresa@livio.io
The text was updated successfully, but these errors were encountered: