W3C

Widgets 1.0 Requirements

W3C Working Draft 9 February 2007

This version:
http://www.w3.org/TR/2007/WD-widgets-reqs-20070209/
Latest version:
http://www.w3.org/TR/widgets-reqs/
Previous Version:
http://www.w3.org/TR/2006/WD-WAPF-REQ-20061109/
Editor:
Marcos Caceres (m.caceres@qut.edu.au), Queensland University of Technology

Copyright © 2006 W3C® (MIT, ERCIM, Keio), All Rights Reserved. W3C liability, trademark and document use rules apply.

Abstract

This document specifies the design goals and requirements for a specification that would standardize the way client-side web applications (widgets) are to be scripted, digitally signed, secured, packaged and deployed in a way that is device independent.

The type of web applications that are addressed by this document are usually small client-side applications for displaying and updating remote data, packaged in a way to allow a single download and installation on a client machine. The application may execute outside of the typical web browser interface. Examples include clocks, stock tickers, currency converters, news readers, games and weather forecasters. Some existing industry solutions go by the names "widgets", "gadgets" or "modules".

Status of this Document

This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.

This is the 9 February 2007 3rd Public Working Draft of the Widgets 1.0 Requirements (previously known as Client-Side Web Applications (Widgets) Requirements). This document is produced by the Web Application Formats (WAF) Working Group (WG). This WG is part of the Rich web Clients Activity and this activity is within the W3C's Interaction Domain.

The public is encouraged to send comments to the WAF Working Group's public mailing list public-appformats@w3.org (archive). See W3C mailing list and archive usage guidelines.

This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

Table of Contents

1. Introduction

Client-side web applications, or widgets, are typically self-contained applications for displaying and updating remote data, packaged in a way to allow a single download and installation on a client machine or mobile device. Just like authors of HTML documents, authors of widgets rely on various file formats and specifications to construct a user interface, script, package, digitally sign and deploy their applications. Figure 1 illustrates a typical architecture for widgets (please note that other architectures are also found on the web). The bottom most layer, which we refer to as the host runtime environment, is usually a piece of software that is either directly built on, or provides very similar functionality to, a web browser. Most host runtime environments will typically support HTTP, IRIs, and Unicode, as well as ECMAScript (JavaScript), CSS, the DOM, and some mechanism for rendering multimedia resources such as images and sounds.

This figure shows the various specifications and file formats that typically make up a client-side Web application.

Figure 1. The architecture of a typical widget.

To make development of widgets possible, the host runtime environment typically includes APIs that provides functionality that is currently specific to widgets, such as persistent storage and read/write access to a sand-boxed portion of an end-user's storage device. Also, because of the rise in popularity of Ajax-style development approaches, many host runtime environments now support the XMLHttpRequest object or some similar mechanism for making asynchronous data requests over HTTP. To construct the user interface of a widget, authors will typically rely on HTML or on some proprietary XML vocabulary supported by the host runtime environment.

Once an author has finished developing a widget, he or she will usually bundle all the resources that are needed to make the widget run into a single file, or package, and copy it on to a web server for distribution. Packaging is the process of bundling the widget's resources into an archive format (eg. a ZIP file) for the purpose of distribution and deployment. A package will usually include a resource that configures that widget, which is commonly referred to as a manifest, which contains instructions that declaratively instruct a host runtime environment how to install and run the packaged application. On the web server, a packaged widget will usually be associated with a particular media type that associates the package with a certain runtime environment on the end-user's computer.

In some cases, authors and/or vendors may choose to digitally sign a package as a secure means of distribution and deployment. A digitally signed package provides users with a means to verify the authenticity and the integrity of a package, as well as giving a user a degree of support for non-repudiation. User agents can verify the authenticity of a package by decrypting an encrypted hash of the content of the package (known as a digest) using the signer's public key; theoretically, only the signer's public key should be able to decrypt the digest. User agents can then check the integrity of a package by checking the hash of the package against the encrypted digest for equality. If the values do not match, then it is likely that the file is either corrupt or someone has tampered with the contents of the package after it was digitally signed. Non-repudiation refers to the fact that a digital signature makes it difficult for a signer to deny signing the contents of a package as only the signer should have access to the private key used to create the digital signature. An author or vendor may also include in the package a digital certificate, which they obtain from a certification authority, that a user can use to further verify the authenticity of the author and the package. To facilitate the process of verifying digital certificates, some host runtime environments include root certificates that host runtime environment can use to check the authenticity of digital certificates bundled with a package. (For more information on digital signatures, see the XML Digital Signatures Specification. For a general introduction to cryptography, see the book Cryptography Decrypted).

The paragraph below is at risk of being removed. Please let us know if there any good use cases for encryption.

In certain situations, an author may choose to encrypt particular resources within the package without affecting the ability for the widget to run. For instance, the author may choose to encrypt scripts or any resources they want to keep secure. It should be noted that encrypting resources is currently not a standard practice in the Widget development space, but may become a requirement as the popularity of widgets continues to grow.

1.1 Standardizing Widgets

There is currently no formally standardized way to script, package, sign and secure a widgets for distribution and deployment on the web. In the widget development space, each vendor has come up with their own solution to what is essentially the same set of problems (see Appendix). The Working Group hopes that by standardizing widgets developers will be able to author, package and deploy their widgets on a variety of platforms and devices in a standardized manner that is both easy to use and device independent.

The paragraph above currently only talks about advantages for developers. Need to discuss the advantages for vendors/implementors and for end-users.

1.1.1 Terms Related to widgets

As shown in Figure 1, a typical widget-architecture is composed of the a number of distinct parts that play multiple roles in the architecture of a widget:

A host runtime environment:
The software that hosts instances of a widget. Host runtime environments are either directly built on, or provide similar functionality to, a common web browser. Examples include Yahoo!'s Widget Engine, Microsoft Windows Vista Sidebar, and Apple's Dashboard.
A media type:
A pre-registered Media Type that associates the package with a certain runtime environment on the end-user's computer. For example, Opera's current 'application/x-opera-widgets' media type.
A packaging format:
A self-contained structured resource that encapsulates the contents of a widget for the purposes of distribution and deployment. For example, Apple's Bundle format and related directory structures as specified in the Dashboard Reference.
A manifest:
A distinguished resource of the package that describes how the widget and host runtime environment should be configured when the widget is instantiated. The manifest may also define the relationship between resources in the package. The manifest resource usually takes the form of an XML document that declares properties and behaviors of various components of the widget and the host runtime environment. For example, the 'config.xml' resource bundled with an Opera Widgets package.
APIs:
A set of programming interfaces that provide functionality specific to widgets. Current Widget APIs range extensively in the level of functionality they provide an author; see for example Microsoft's API for Windows Vista in the Sidebar Reference and Apple's APIs for widgets in the Dashboard Reference.
Resources:
Images, text, graphical user interface markup, style sheets, executable scripts and other possible parts of the widget. Resources may be organized in directories and may have directories versions tailored for localization purposes.

1.1.2 Standardizable Aspects of a Widget

The Working Group has identified that the following aspects of widgets should be standardized:

Section 3 lists an exhaustive set of requirements that would be needed to standardize the various aspects of widgets listed above.

1.2 Conformance

Inputs that attempt to standardize Widgets as described in this document should conform to the requirements listed in Section 3.

As well as sections marked as non-normative, all diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in the normative parts of this document are to be interpreted as described in [RFC2119]. For readability, these words do not appear in all uppercase letters in this specification.

2. Design Goals

This section is non-normative.

This section describes the design goals that the Working Group will attempt to reach in standardizing the various standardizable aspects of a widget (as listed in Section 1.1.2). The requirements outlined in section 3.1 and 3.2 are directly motivated by the following design goals. The design goals are listed in alphabetical order, and the Working Group considers them all to be of equal importance.

Compatibility with other standards
Where possible, the standardizable aspects of a widget should maintain compatibility with, or directly make use of, other standards.
Current development practice or industry best-practices
The standardizable aspects of a widget should consider the development practices currently used by the widget development communities and promote other relevant industry best-practices.
Device independence
The standardizable aspects of a widget must support relevant device independence guidelines so that it is possible to run widgets on mobile devices.
Ease of use
The standardizable aspects of a widget should be easy to use and avoid unnecessary complexity: easy to edit by content authors, allow for robust interoperability, and provide effective usability, accessibility, and ease-of-use for the end-users.
Internationalization and localization
The standardizable aspects of a widget must support relevant internationalization and localization guidelines, as well as consider current practical internationalization solutions used by the widget development community.
Security
The standardizable aspects of a widget should consider the security concerns of end-users and should also consider the security and authenticity requirements of authors and vendors.
Reduce fragmentation widget development space
Where possible, the standardizable aspects of a widget should not further fragment the widget development space. Reducing fragmentation will give authors a common development framework making it easier to author, package, and deploy widgets across many host runtime environments. Once a specification for widgets has been created that addresses the requirements listed in this document (Section 3), it should give implementors the means to reduce fragmentation of the widget development space.
Web delivery
The standardizable aspects of a widget should be focused on web delivery and deployment, taking into considerations the best practices of the Mobile Web.

3. Requirements

This section list the requirements for standardizing the packaging format, manifest and application programming interfaces. These requirements are directly motivated by the Working Group's design goals (Section 2) for standardizing widgets and are based on feedback from the public, discussions with various vendors, and a survey of existing host runtime environments as detailed in the Appendix.

3.1 Packaging Format

This section lists the requirements of the packaging format to facilitate the creating, packaging, and deployment of widgets. The aim is to specify, amongst other things, a general packaging format that is suitable for both desktops and mobile devices, and able to be used in internationalized contexts.

R1. Media Type

When delivered over the web, the package format must be sent with a standardized Media Type. Media types may allow a user-agent to associate the package with an appropriate host runtime environment. The media type could potentially be used in conjunction with an auto-discovery mechanism, such as Atom Auto-Discovery, to facilitate deployment of a widget. (Inputs addressing this requirement should read "How to Register a Media Type for a W3C Specification" at the W3C and the Media Type Specification).

Motivation:
Compatibility with other standards, web delivery, ease of use.

R2. File Extension

The packaging format should use a consistent file extension when a widget is not intended to be distributed and deployed over HTTP. When a Media Type is not present, as is the case when a widget is instantiated locally from an end-user's storage device, the operating system may use the file extension to associate the package with the appropriate host runtime environment. However, when the widget is distributed over HTTP and a Media Type is present, a file extension may not be required but is nevertheless recommended. In some cases, web servers may also rely on a file extension to correctly set a package's media type in the HTTP headers.

Motivation:
Device independence, ease of use, web delivery.

R3. Free and Widely Available Packaging Format

The packaging format must be one that is royalty free, open, and widely implemented across a wide range of devices. The format used for packaging must be supported by existing user-agents, host runtime environments, and the operating systems on which authors are developing their widgets. The format should also be suitable for archiving widgets in such a way that it ensures longevity.

Motivation:
Compatibility with other standards, web delivery, device independence, ease of use, current development practices and industry best-practices, reduce fragmentation of widget development space, internationalization and localization.

R4. Internal Package Structure and Naming of Components/Directories

The packaging format must support structuring of resources in a manner that authors are accustomed to, such as collections of files and directories. In addition, it should be easy for authors (and automated systems) to add, modify, remove and resign resources from a package. The packaging format may require authors to put resources into specific directories (or similar containers) that serve a specific function to the widget. For example, the packaging format may require authors to place all contents inside a 'Resources' directory located at the root of the package.

Motivation:
Ease of use, compatibility with other standards, current development practice or industry best-practices.

R5. Internal Packaging Addressing

The packaging format must specify a mechanism to address the individual resources within the package, for instance, via relative IRIs. The packaging format must also specify the base IRI from which resources can be addressed within the package. For example, it may only be possible for an author to address resources in the 'Resources' directory, but to not have the ability to address resources at the root of the package.

Motivation:
Ease of use, compatibility with other standards, current development practice or industry best-practices.

R6. Internationalization and localization strategy

The packaging format should be suitable for a multilingual internationalized context, giving authors the ability to create files and directories in any language they choose. In addition, the packaging format must provide a single standardized way for authors to structure localized content within the package (the localization strategy). For example, the localization strategy would dictate that authors place localized content into a strictly names directory structure that denotes the language that the localized content is in (eg. 'Resources/en/' for all english content, 'Resources/en-au/' for further localized Australian-english content, and so on).

Motivation:
Internationalization and localization, current development practice or industry best-practices, ease of use.

R7. Data Compression

The packaging format should support optional data compression to make packages smaller.

Motivation:
Web delivery, device independence, current development practice or industry best-practices.

R8. Device Independence

The packaging format must be suitable for delivery onto many devices, particularly web-enabled mobile phones.

Motivation:
Device independence, web delivery.

R9. Digital Signature

The packaging format should allow authors (and other publishers) to digitally sign their widgets so that a user agent can verify the authenticity and the integrity of the package, as well as provide the user with some means for non-repudiation. Vendors may also use digital signatures as a means of quality assurance, whereby if a widget meets particular quality standards it receives a signature (together with a digital certificate).

Motivation:
Security, current development practice or industry best-practices.

R10. Encryption

This requirement is at risk, if you have a use case for this requirement then please let us know.

The packaging format may include one or more encrypted resources. If a resource has been encrypted, then the packaging format must include a resource that describes the encryption method used to encrypt a particular resource within the package. When encryption is used, it must only use the methods as specified by the XML Encryption Specification.

Motivation:
Security.

R11. Manifest resource

An instance of the packaging format must contain a manifest resource as specified in Section 3.2.

Motivation:
Current development practices and industry best-practices, device independence, ease of use, reduce fragmentation of widget development space.

3.2 Manifest Resource

This section describes the requirements of the manifest resource and a corresponding declarative language. The manifest language would generally allow authors to declare the metadata and other properties related to their widget, as well as provide a means to automatically instantiate the widget.

R12. Widget Metadata

The manifest language must provide a mechanism to declare metadata about the widget that is relevant to end-users, other authors, and the host runtime environment. This may include the widget's name, version, a unique identifier, creation date, update IRI, etc.

Motivation:
Current development practices and industry best-practices.

R13. Authorship Metadata

The manifest should provide a mechanism for an author to record information about the authorship of the widget. This metadata may include details like the name, email, and IRI of the author(s) that created the widget.

Motivation:
Current development practices and industry best-practices.

The manifest should allow the author of the widget to explicitly reference, or otherwise include, a software license agreement or notice. Also, the manifest should allow authors to declare who holds the copyright for the widget.

Motivation:
Current development practices and industry best-practices.

R15. Visual Rendering Dimensions and Initial Position

When applicable, the manifest language should allow authors to declare the initial visual dimensions and initial position of a widget.

Motivation:
Ease of use, device independence, current development practices and industry best-practices.

R16. Application Bootstrapping

The manifest must define a bootstrapping mechanism that points to the main/root resource of the widget, such as referencing via a relative IRI the an initial resource to be run by host runtime environment. The bootstrapping mechanism must not be able to address resources outside the scope of the widget package or resources on the web.

Motivation:
Ease of use, current development practices and industry best-practices, security.

R17. Alternative Representations

The manifest should allow authors to declare alternative representations of the widget for use as fallback content, standby indicator or in a non-running context, such as a small image icon. Because of the motivations listed below, iconic alternatives may not be limited to static images, but may also potentially include plain text, animations and/or sounds.

Motivation:
Ease of use, device independence, current development practices and industry best-practices, localization and internationalization.

R18. Default Preference Values

The manifest should provide authors with a means for setting the default value of either custom or standard preferences for a widget. For example, the author might declare that the value for the custom preference 'foo' is 'bar', and set a default preference that causes the instantiated widget to be displayed on-top of all other elements on the screen.

Motivation:
Ease of use, current development practice or industry best-practices.

R19. Access-Control and Security

The manifest should provide a means for authors to declare their intentions to access resources outside the context of the widget. Example of sensitive resources include end-user's storage device, a service or domain on the Internet. On a mobile device security sensitive resources could include short message and voice-call services and access to the device's camera.

Motivation:
Security, current development practice or industry best-practices.

R20. XML

The manifest language must be defined using XML. XML is generally excepted and understood by widget development communities (see Appendix), and XML parsers generally have support for Unicode and other character encoding schemes that are required for effective internationalization and localization.

Motivation:
Compatibility with other standards, current development practice or industry best-practices, ease of use, internationalization and localization.

R21. Manifest independence

An author may provide a copy of the manifest separately to the package. The independent manifest may then be used, for instance, for checking information about the widget without needing to download the complete package. This may be particularly useful for mobile devices where download costs may be prohibitive.

Motivation:
Ease of use, web delivery, device independence.

3.3 Widget Scripting Interfaces

This section describes the requirements for a set of base scripting interfaces that an author can use to author a widget. Only host runtime environments that support scripting are required to fulfill the requirements of Section 3.3.

R22. Scripting Interfaces for Accessing an Instantiated Widgets

The host runtime environment must provide an author with a set of interfaces that expose the properties, methods, and events of an instantiated widget. These interfaces should be encapsulated as a self-contained object. The host runtime environment must automatically create a unique instance of this object for every widget instantiated by the user. See for example Apple's Widget Object described in the Dashboard Reference and Microsoft's System.Gadget Object described in the Sidebar Reference.

Motivation:
Ease of use, Compatibility with other standards, current development practice or industry best-practices.

R23. Scripting Interfaces for Accessing and Configuring Runtime Properties

The host runtime environment may provide an author with a set of interfaces that expose relevant properties and methods of the host runtime environment. Such properties may include localization information, operating environment details, availability of network access, etc. See for example Microsoft's Sidebar Reference.

Motivation:
Ease of use, Compatibility with other standards, current development practice or industry best-practices.

R24. Scripting Interfaces for Changing User Preferences

The host runtime environment must provide an author with a set of interfaces for dynamically getting and setting user preferences. The host runtime environment may implement a means to persistently store user preferences for each instance of an widget that is running.

Motivation:
Ease of use, Compatibility with other standards, current development practice or industry best-practices.

R25. Automatic updates

If it is the case that the author has declared in the manifest a IRI for where the widget can be updated, then the host runtime environment should periodically check over HTTP if the widget has been updated. The widget must be able to request that the user agent checks for an update, but widgets must not be able to change the update IRI that is declared in the manifest (see R12. Widget Metadata).

Motivation:
Current development practice or industry best-practices, web delivery.

R26. Widget State Change Events

this refers to the different states or modes that a widget can be in. For example, it can be docked in a sidebar and so on...

Motivation:
Current development practice or industry best-practices, ease of use.

R27. Accessing services

This requirement needs to address how services, like the camera, SMS, and device specific services are made available to scripts. There are a number of options here: either we either start defining a core set of APIs for things like the camera (eg. Camera.takePicture(), Camera.activate(), Camera.startRecording(), etc.), or we have some sort of generic mechanism for getting at services (eg. getServiceProvider('Camera'); ) Please send us your feedback.

Motivation:
Compatibility with other standards, current development practice or industry best-practices, ease of use.

R28. ECMAScript Compatibility

All scripting interfaces described above (R22 to R27) must be implementable in ECMAScript.

Motivation:
Compatibility with other standards, current development practice or industry best-practices, internationalization and localization

 

Appendix

This section includes a survey of popular host runtime environments. The information in this Appendix is only as current as the date of publication of this document and there is no guarantee that it is accurate. Please double check the information found here through the References. The aim of this section is to identify:

In addition to the Design Goals, researching the questions listed above has provided the Working Group with the means to define the Requirements that a a specification for standardizing widgets would need to conform to.

Packaging Formats and Media Types

The following table lists the packaging formats currently used by various vendors to bundle widgets.

Packaging formats supported by host runtime environment
Runtime Container Format File Extension Media Type
Runtime Container Format File Extension Media Type
Yahoo! Widgets Engine Zip, directory, proprietary flat-file .widget application/vnd.yahoo.widget
Microsoft Sidebar Zip, Cab, directory .gadget application/x-windows-gadget
Google Desktop Zip .gg app/gg
Opera Browser Zip .zip application/x-opera-widgets
Apple Dashboard Zip, Apple bundle .wdgt or .zip application/x-macbinary
AOL Modules Zip .html text/html

Manifest and User Interface Declaration

This section is incomplete. It will eventually contain more detail about manifest and languages used for user interfaces. The UI stuff will probably get its own section.

This table lists the formats of the manifest files various vendors are using as part of packaging widgets. It also identifies what markup language authors are required to use when declaring the user interface of widgets.

The details of manifest files used in conjunction with current packaging formats
Runtime Manifest Format Manifest File UI Markup
Runtime Manifest Format Manifest File UI Markup
Yahoo! Widgets Engine Proprietary XML Yahoo! Widgets Reference *.kon Proprietary XML Yahoo! Widgets Reference
Microsoft Sidebar Proprietary XML Microsoft Gadgets gadget.xml HTML + CSS
Google Desktop Proprietary XML Google Gadgets gadget.gmanifest Proprietary XML Google Gadgets
Opera Widgets Proprietary XML Opera Config config.xml HTML + CSS
Apple Dashboard Proprietary XML Apple pList Info.plist HTML + CSS
AOL Modules (any capable UA) Microformat AOL ModuleT index.html HTML + CSS

Localization strategies

This section is incomplete; it will eventually contain complete details of the localization strategies currently being used by widget engines.

For each host runtime environment, the following table identifies:

Localization strategy
Is localization handled automatically by the widget engine? if so, what strategy (or convention) is in place to facilitate localization of content.
Runtime Localization Strategy
Yahoo! Widgets Engine Automatic, Directory-based +JS
Microsoft Sidebar Automatic, Directory-based + JS
Google Desktop Automatic, Directory-based + JS
Opera Widgets Manual, recreate Widget or use JS
Apple Dashboard Automatic, Directory-based + JS
AOL Modules (any capable UA) None, recreate Widget or use JS
Runtime Localization strategy

Security Models

This section is incomplete; it will eventually contain complete details of the security models currently being used by widget engines.

For each host runtime environment, the following table identifies:

Security model
Where does an author declare security related things, such as the intention to access networked resources?
Digital Certificates/signatures
Does the host runtime environment support digital signatures? And what format (or standard) is used to encode the digital certificate?
Runtime Security Model Signature Certificate Format
Yahoo! Widgets Engine UI Language yes -
Microsoft Sidebar Browser based no  
Google Desktop Internal no  
Opera Widgets Manifest + Browser no  
Apple Dashboard Access Keys Apple pList no  
AOL Modules (any capable UA) Browser based no  
Runtime Security Model Signature Certificate Format

References

Ajax
Ajax: A New Approach to Web Applications. J. J. Garrett. February 18, 2005. Adaptive Path. Available at http://www.adaptivepath.com/publications/essays/archives/000385.php
AOL ModuleT
AOL ModuleT: A Module Transport Microformat Profile, S. Carnell, Joe Dzikiewiczl, Kevin Lawver, and Paul Maneesilasan, AOL LLC, 2006. Available at http://developer.iamalpha.com/profile/
Atom Auto-Discovery
Atom Autodiscovery, M. Pilgrim, P. Ringnalda. ATOMPUB Working Group (Draft), May 2005-. Available at http://philringnalda.com/rfc/draft-ietf-atompub-autodiscovery-01.html
CSS
Cascading Style Sheets, level 2, revision 1, B. Bos, T. Çelik, I. Hickson, and HW Lie. W3C working Draft.
Available at: http://www.w3.org/TR/CSS21
DOM
Document Object Model (DOM) Level 1 Specification, L. Wood et al., 1 October 1998. Available at: http://www.w3.org/TR/REC-DOM-Level-1
Dashboard Reference
Dashboard Reference, Apple Computer, Inc, May 2006. Available at http://developer.apple.com/documentation/AppleApplications/Reference/Dashboard_Ref/index.html
Apple pList
Introduction to Property List Programming Topics for Core Foundation", Apple Computer Inc, 7 February 2006. Available at http://developer.apple.com/documentation/CoreFoundation/Conceptual/CFPropertyLists/index.html
ECMAScript
ECMAScript Language Specification, Third Edition. ECMA, December 1999.
Google Gadgets
Google Desktop Sidebar Scripting API, Google Inc., 2006. Available at http://desktop.google.com/script.html
HTML
HTML 4.01 Specification, D. Raggett, A. Le Hors, I. Jacobs, 24 December 1999. Available at: http://www.w3.org/TR/html401/
HTTP
Hypertext Transfer Protocol -- HTTP/1.1, R. Fielding, J. Gettys, J. Mogul, H. Frystyk Nielsen, L. Masinter, P. Leach and T. Berners-Lee, June 1999. Available at http://www.ietf.org/rfc/rfc2616.txt
IRI
Internationalized Resource Identifiers (IRIs), M. Duerst, M. Suignard. IETF, January 2005. RFC3987 is available at http://www.ietf.org/rfc/rfc3987
Microsoft Gadgets
Gadget Development Overview, B.Teutsch, Microsoft Inc., May 22, 2006. Available at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sidebar/sidebar/overviews/gdo.asp
Mobile Web
Mobile Web Best Practices 1.0. J. Rabin and C. McCathieNevile. 2 November 2006. W3C Proposed Recommendation. Available at: http://www.w3.org/TR/mobile-bp/
Opera Widgets
Opera Widgets: Widget information file syntax, A. Bersvendsen (Editor), Opera Software, 2006. Available at http://oxine.opera.com/widgets/documentation/widget-configuration.html
Media Type
RFC2046: Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types, N. Freed and N. Borenstein, November 1996. Available at http://www.ietf.org/rfc/rfc2046.txt.
RFC2119
Key words for use in RFCs to Indicate Requirement Levels, S. Bradner. IETF, March 1997. Available at http://www.ietf.org/rfc/rfc2119.txt
Sidebar Reference
Windows Sidebar Reference, Microsoft Corporation, 2006. Available at http://msdn2.microsoft.com/en-us/library/aa965853.aspx
Unicode
The Unicode Standard, The Unicode Consortium, Version 3.2, defined by: The Unicode Standard, Version 3.0 (Reading, MA, Addison-Wesley, 2000. ISBN 0-201-61633-5), as amended by the Unicode Standard Annex #27: Unicode 3.1 (http://www.unicode.org/reports/tr27) and the Unicode Standard Annex #28: Unicode 3.2(http://www.unicode.org/reports/tr28)
XML
Extensible Markup Language (XML) 1.0 Specification (Second Edition), T. Bray, J. Paoli, C. M. Sperberg-McQueen, E. Maler, 6 October 2000. Available at http://www.w3.org/TR/REC-xml/
XML Digital Singnatures
XML-Signature Syntax and Processing. D. Eastlake, J. Reagle, and D. Solo. W3C Recommendation, February 2002. Available at http://www.w3.org/TR/xmldsig-core/
XML Encryption
XML Encryption Syntax and Processing. T. Imamura, B. Dillaway, and E. Simon. W3C Recommendation, 10 December 2002. Available at http://www.w3.org/TR/xmlenc-core/
XMLHttpRequest
The XMLHttpRequest object. A. van Kesteren and D. Jackson. 2006. W3C Working Draft, Available at http://www.w3.org/TR/XMLHttpRequest/
Yahoo! Widgets Reference
Yahoo! Widget Engine Reference 3.1 Reference Manual Yahoo! Inc., April 14, 2006. Available at http://widgets.yahoo.com/gallery/dl_item.php?item=WidgetEngineReference_3.1.1.pdf
Zip
.ZIP File Format Specification. PKWare Inc., January 2006. Available at http://www.pkware.com/business_and_developers/developer/popups/appnote.txt
XML Packaging
XML Packaging Working Group Charter, Joel Nava. W3C. Available at http://www.w3.org/XML/2000/07/xml-packaging-charter 2000/07/25
Cryptography Decrypted
Cryptography Decrypted. H. X. Mel and Doris Baker. Addison-Wesley, Boston, Mass. 2001.

Acknowledgments

This document was produced with the participation of the following web Application Formats Working Group participants:

The Web Application Formats Working Group has benefited in its work from the participation and contributions of a number of people not currently members of the Working Group, including in particular those named below. Affiliations given are those current at the time of their work with the WG.