Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow an app to retrieve its own AppMetadata #603

Closed
kriswest opened this issue Feb 21, 2022 · 3 comments · Fixed by #726
Closed

Allow an app to retrieve its own AppMetadata #603

kriswest opened this issue Feb 21, 2022 · 3 comments · Fixed by #726
Labels
api FDC3 API Working Group Context Data & Intents Contexts & Intents Discussion Group enhancement New feature or request
Milestone
2.0

Comments

@kriswest
Copy link
Contributor

Enhancement Request

There are times when it may be useful for an application to be able to retrieve its own AppMetadata via the Desktop Agent API. An AppMetadata object encodes the Desktop Agent's name, appId and instance metadata for a particular app instance and can be used, for example, to target future intents at it.

Add a new required (MUST) API call for an app to retrieve its own metadata:

interface DesktopAgent {
  ...
  getMyAppMetadata(): Promise<AppMetadata>;
}

Use Case:
@kriswest kriswest added enhancement New feature or request api FDC3 API Working Group needs-pr Context Data & Intents Contexts & Intents Discussion Group labels Feb 21, 2022
This was referenced Feb 21, 2022
Closed
Closed
@kriswest kriswest mentioned this issue Mar 24, 2022
Closed
13 tasks
@MichaelMCoates
Copy link

Just following up here:

  • We brought up that we'd like to see real workflows of this API in use
  • In relation to that, one of the proposed workflows (including app metadata as part of a context payload) raised the potential of spoofing
  • Raised the question of "Who should be responsible for this decision-making/control, the applications themselves, or the Desktop Agent?"

@kriswest
Copy link
Contributor Author

There are a few possible workflows that would require an app to be able to retrieve its own AppMetadata:

  • An app wishes to open another instance of itself (e.g. open in new window) via fdc3.open. However, it doesn't know its own appId as it was configured in the appD by someone other than the developer. Hence, it needs to retrieve its own AppMetadata to know its configured appId.
  • An app (and/or desktop owner) wishes to log activity of one or more instances of the application, including interactions between those instances. It requires its own appId and instanceId in order to do so and must retrieve the via the API.
  • An app wishes to pass context to another instance of itself. It is able to retrieve the list of available instances via findInstances(), but needs to know its own AppMetadata to do so and its own AppMetadata.instanceId in order to eliminate itself from the list.
  • A particular workflow passes through multiple applications and ends at the originating app. At each step, 'originating app metadata' is available (Require propagation of originating application identity on context/intent handlers #520 having been implemented) and is used for logging or otherwise accumulated. When the workflow ends back at the originating app it wishes to confirm that it originated the workflow, but it can't recognize its own metadata as it is unable to retrieve it.

These workflows primarily relate to utility functions, rather than security. I agree that we should not encourage situations where an app is required to add its own metadata to a context and to rely on that for security or access control. This should be clarified in the relevant documentation for any function added.

Raised the question of "Who should be responsible for this decision-making/control, the applications themselves, or the Desktop Agent?"

I assume this relates to #520 where it is proposed that the Desktop Agent be responsible for supplying the originating app metadata, which is more secure, but only if you trust the Desktop Agent implementation (which @bingenito pointed out can itself also be spoofed, although the facility would still be useful/appreciated). This issue essentially seeks to provide parity to the application, allowing it to know its own metadata (which #520 will expose to other apps).

@kriswest kriswest mentioned this issue Apr 28, 2022
Closed
17 tasks
@kriswest
Copy link
Contributor Author

kriswest commented Apr 28, 2022
edited
Loading

As discussed at the SWG meeting today, we'll proceed with an alternative proposal to implement this use-case, without increasing the surface area of the DesktopAgent API, by adding the app's own metadata to the ImplementationMetadata object returned by fdc3.getInfo().

I.e. update:

public interface ImplementationMetadata {
  fdc3Version: string;
  provider: string;
  providerVersion?: string;
}

to

public interface ImplementationMetadata {
  fdc3Version: string;
  provider: string;
  providerVersion?: string;
  appMetadata: AppMetadata;
}

@kriswest kriswest added this to the 2.0-candidates milestone May 17, 2022
@kriswest kriswest mentioned this issue May 19, 2022
Merged
@kriswest kriswest removed the needs-pr label May 19, 2022
@kriswest kriswest modified the milestones: 2.0-candidates, 2.0 May 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api FDC3 API Working Group Context Data & Intents Contexts & Intents Discussion Group enhancement New feature or request
Projects
None yet
Milestone
2.0
Development

Successfully merging a pull request may close this issue.

603 Allow an App to retrieve its own metadata through getInfo() finos/FDC3
2 participants
@kriswest @MichaelMCoates