105 min⏵︎ ⏸ −1 +1 ↺
Leaving presentation mode.
MiniApp Packaging, Manifest, and MiniApp Components
Industry Meetup: W3C MiniApps Standardization and Implementation
Martin Alvarez-Espinar
Vision Hotel, Beijing (CN) - 22 Dec 2023
Contents
Progress and Next-Steps of:
MiniApp Packaging
MiniApp Manifest
Incubation of MiniApp Components
Contents
Progress and Next-Steps of:
MiniApp Packaging
MiniApp Manifest
Incubation of MiniApp Components
MiniApp Packaging
Describes the logical and physical structure of a MiniApp
Pages, components, styles,…
Packaging format, file-system, directories…
Digital signatures (for developer, publishers, others…)
Status: WD
Types of Resources
Pages & Components
HTML : based on templates
JS : ECMAScript profile
CSS : CSS profile
Resources for i18n
Based on Web Components
File System
Homogeneous structure:
manifest.json
: metadata, setup
app.js
, app.css
: global logic, styles
pages/
: page resources
common/
: shared media, script resources
i18n/
: localization of content
Packaging: Open Issues
Security and efficiency concerns (TAG's Review):
Preservation of the origin model
UA SHOULD
use SSL/TSL for distribution
UA SHOULD
keep track of the origin (save it in manifest?)
Secure context (integrity of the package)
Package SHOULD
be hashed (integrity);
and SHOULD
be signed (e.g, developer + distributor)
Efficiency of ZIP container
Ongoing discussion .
Contents
Progress and Next-Steps of:
MiniApp Packaging
MiniApp Manifest
Incubation of MiniApp Components
MiniApp Manifest
JSON document to describe a MiniApp
Based on Web App Manifest (extends
)
15 attributes with information for user agents (super-app, OS ) and publishers (icons, descriptions, versions…)
Runtime configuration (themes, colors, orientation…)
Status: WD
Manifest Next: Internationalization
Localization of manifest members
Currently, MiniApps apply text localization techniques during the compilation stage
We must distribute texts in different languages and localize color schemes, icons, and images (good for marketplaces).
Expected alignment with Web App Manifest (working draft )
Manifest Next: Content Security Policy (CSP )
Increase security and integrity of MiniApps
Currently, the standard CSP directives enable restricting the origin of resources through HTTP headers like default-src
, connect-src
, img-src
, script-src
, or font-src
The system caches the MiniApp, and user agents do not always have access to HTTP headers.
We need to guarantee security and avoid content and scripts from non-trusted origins.
Manifest Next: CSP
"content-security-policy" :
{
"default-src":
[
"trusted1.example.org",
"trusted2.example.org"
],
"origin": "superapp-store.example.org"
}
Open discussion
Manifest: Open Issues
Internationalization (lang
, dir
, string
) #4
Alignment with req_permissions
(IWA 's permissions_policy
) #57
Content Security Policy (i.e., origin and trusted sources) #42
Alignment of app_id
and Web App's id
#43
Contents
Progress and Next-Steps of:
MiniApp Packaging
MiniApp Manifest
Incubation of MiniApp Components
MiniApp Components
To MiniApp Pages (based on different MiniApp implementations)
How to declare, reuse, access components
Templating, content interpolation, styling, scripting...
Built-in components (i.e., <image>
, <ad>
, <map>
)
Status: Draft Community Group Report