Copyright © 2010 W3C® (MIT, ERCIM, Keio), All Rights Reserved. W3C liability, trademark and document use rules apply.
This specification defines a process and a document format to allow a user agent to update an installed widget package with a different version of a widget package. A widget cannot update itself; instead, a widget relies on the user agent to manage the update process. A user agent can perform an update over HTTP and from non-HTTP sources (e.g., directly from a device's memory card or hard disk).
This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.
Implementers should be aware that this document is not stable and should not be implemented. Implementers who are not taking part in the discussions are likely to find the specification changing out from under them in incompatible ways. Vendors interested in implementing this document before it eventually reaches the Candidate Recommendation stage should join the group's public mailing list and take part in the discussions.
User agents that wish to extend this specification in any way are encouraged to discuss their extensions on a public forum, such as public-webapps so their extensions can be considered for standardization.
This specification is part of the Widgets Family of Specifications.
This Specification takes into account the recommendations from the Widget Updates Patent Advisory Group and considering the large set of prior art the PAG found.
This document was published by the Web Applications WG as a Working Draft. This document is intended to become a W3C Recommendation. If you wish to make comments regarding this document, please send them to public-webapps@w3.org (subscribe, archives). All feedback is welcome.
Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.
This section is non-normative.
There are a multitude of reasons why authors might want to update a widget including addressing security vulnerabilities, making performance enhancements, and adding new features. Sometimes authors may even want to revert back to a previous version of a widget, if it is found that a newly deployed version of a widget contains issues or vulnerabilities.
To facilitate the process of updating widgets, this specification introduces an XML element, called
update-description
, that is included into a configuration document of a widget. This specificaiton also introduces a new XML vocabulary, called an update
description document. The update-description
element provides an author with a means to point to an update description
document. An update description document is metadata about an widget update including:
a means to describe the purpose of the update.
a means to indicate the version number of the potential update.
a link to where the updated widget package can be retrieved from.
If a user agent determines, via the strategies defined in this specification, that two widget packages are not the same version, and if the user consents, the user agent will attempt to replace the currently installed widget package with a potential update. Updates are designed to retain any locally stored data, so to protect end-users from losing data that a widget may have stored at runtime.
This specification also defines the rules that govern the interactions between the user agent, the update description document, and the updated widget.
As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.
The key words must, must not, required, should, should not, recommended, may, and optional in this specification are to be interpreted as described in [RFC2119].
This specification defines conformance requirements for a single class of product: user agents.
The concepts of a widget package and a configuration document are defined in the [WIDGETS] specification.
A user agent is an implementation of this specification that also implements the [WIDGETS] specification and its dependencies.
An installed widget is a widget package that has been correctly installed on a user agent.
An update description source is the URI referenced by the href
attribute of an
update-description
element of an installed widget's configuration document.
An update description document is an [XML10] document that has a update-info
element at its root.
An update source is the URI referenced by the src
attribute of an update-info
element of an
update description document.
A potential update is a resource acquired via HTTP from an update source or from local media.
The widget update process is a multi-step process whereby a user agent acquires a potential update, performs the rule for verifying a widget update, and then proceeds to install the widget package.
The identity of a widget package is determined by the id
attribute of the widget
element declared by an author in the configuration document of a widget package.
The version of a widget package is determined by the version
attribute of the widget
element declared by an author in the configuration document of a widget package.
An incumbent widget is an installed widget that is determined to have the same identity as the potential update.
An installed widget is said to be up-to-date if a user agent determins that an incumbent widget does not need updating.
A failure notification is an optional message emitted by the user agent to indicate to the user that a widget update has failed.
Note: This specification does not define the means or format of a failure notification, which is left up to implementers.
The space characters, valid URI, and valid version-tag are defined in the Widget Packaging and Configuration specification [WIDGETS].
update-description
Element
The update-description
element points, via the href
attribute, to an update description
document.
The update-description
element is in the http://www.w3.org/ns/widgets
namespace as defined in
[WIDGETS].
widget
element defined in the [WIDGETS] specification.
xml:lang
:
href
This example shows the expected usage of the update-description
element.
<widget xmlns ="http://www.w3.org/ns/widgets"
id ="http://example.com/my-widget"
version="1.0">
<update-description
href="http//example.com/update?widget=my-widget&version=1.0"/>
</widget>
update-description
elements in the Configuration Document
This section describes the algorithm for processing the update-description element.
Variable | Type | Default Value | Overridden in | Description |
---|---|---|---|---|
update href | URI |
null
|
Processing update-description elements in the Configuration Document
|
The URI for where an update description can be downloaded, corresponding to the update-description element's
href attribute.
|
update-description
element, then the user agent must ignore this
element and its descendants. update-description
element and the href
attribute is used, and it is a
valid uri, then let update href be the value of the href
attribute.
Otherwise, this elements is in error and the user agent must ignore this element. Within an update description document an author declares, amongst other things, what's new or different in the potential update, the version that the widget will be updated to, and the URI from where the user agent can retrieve the potential update (the update source).
The purpose of the update description document is to provide the details about a potential update, including a pointer to a HTTP resource that will act as the potential update.
In order for a user agent to retrieve and process an update description document, an author must initially declare a
valid URI for the update-description
element in the installed configuration document (e.g.
<update-description href="https://example.com/myWidget/updates"/>
).
Below is an example of a typical update description document.
<update-info xmlns = "http://www.w3.org/ns/widgets"
src = "https://w.example.com/2.1/RC/app.wgt"
version = "RC2.1">
<details>
Now supporting X, Y and Z features!
</details>
</update-info>
All elements defined to be used in an update description document are in the http://www.w3.org/ns/widgets
namespace as defined in [WIDGETS].
update-info
Element
The update-info
element is intended to provide metadata about the potential update. In addition, it serves as
a container for the other elements; as such, it must be used.
details
elements.
details
.
xml:lang
:
version
src
application/widget
).
The example below shows how the update-info
element can be used.
<update-info xmlns="http://www.w3.org/ns/widgets" src="http://sometld/somewidget_0_3_BETA.wgt" version="BETA 0.3"> </update-info>
details
Element
The details
element represents a human-readable description of what differentiates this potential update from
other versions.
update-info
element.
xml:lang
:
The example below shows how the details
element can be used.
<update-info xmlns="http://www.w3.org/ns/widgets"
src="http://foo.com/widget.wgt"
version="1.3.1">
<details>
This update tries to make 2010 a little bit less like "1984".
</details>
</update-info>
The authoritative update URI is the update source
of an installed widget's configuration
document.
A user agent must support the capability to acquire an update description document over HTTP protocols. For non-HTTP protocols, UAs should act in equivalent ways.
It is expected that user agents will perform a widget update process asynchronously and periodically check for any available updates. The timing of any widget update process is an implementation detail left to the discretion of the implementer (e.g. once a day or once a week).
To check for updates to a widget, the user agent issues a HTTP request towards the authoritative update URI.
The user agent should send the last known ETag response value, if available, in an If-None-Match header.
The user agent should send an If-Modified-Since header indicating the time of the last check for an update from the user agent.
If the widget is displaying localized content, the user agent should send an Accept-Encoding header representing the widget's locale.
As data is received, the user agent will then act as follows.
The user agent should ignore any Cache-Control or Pragma header with a value of no-cache
.
The user agent should honor the value of any Expires header when scheduling the next widget update process for the current installed widget.
HTTP 200 OK responses with a Content-Type header specifying the type application/xml
must be processed
according to the rules defined in Processing an Update Description Document.
HTTP 200 OK responses that have a Content-Type other than application/xml
must cause the user agent
to terminate the widget update.
HTTP 204 No Content, 205 Reset Content, and 304 Not Modified responses are equivalent to 200 OK responses with a
Content-Type other than application/xml
.
Other HTTP response codes in the 2xx range must terminate the widget update. They are, however, likely to indicate an error has occurred somewhere and may cause the user agent to emit a warning.
HTTP 301 Moved Permanently, 302 Found, 303 See Other, and 307 Temporary Redirect responses must cause the user agent to reconnect using the new server specified URL instead of the previously specified URL.
HTTP 305 Use Proxy, 401 Unauthorized, and 407 Proxy Authentication Required should be treated transparently as for any other subresource.
Any other HTTP response code not listed here, and any network error that prevents the HTTP connection from being established in the first place (e.g. DNS errors), must cause the user agent to terminate the widget update.
A user agent must assume the following defaults prior to processing an update description document:
Variable | Type | Default value | Description |
---|---|---|---|
update-source | URI |
null
|
|
version-tag | DOMString | null | |
details | DOMString | null |
A user agent must process an update description document according to the rule for processing an update description document.
The following processing model is written with more concern for clarity over efficiency. As such, a user agent can optimize the processing model so long as the end result is indistinguishable from the result that would be obtained by the following the specification.
The term in error, typically used on an element or attribute, means that the element, attribute, or other construct does not conform to the rules of this specification. Rules for exactly how a user agent needs to treat the erroneous construct are always given when the term is used.
When an invalid update description document is determined, the user agent must terminate the current widget update process.
The rule for processing an update description document is defined as follows:
Document
using a [XML-NAMES]-aware parser. If the document is not well-formed [XML10], then treat this as an
invalid update description document.
documentElement
of doc.
update-info
element in the widget namespace, then treat this update
description document as an invalid update description document.
update-info
element:
version
attribute was used, and it is a valid version-tag, then let version-tag
be the value of version
.
version
attribute was used, or the value was in error, treat this as an invalid update
description document.
src
attribute was used, and it is a valid URI, then let
update-source be the value of src
.
src
attribute was used, or the value was in error, treat this as an invalid update description
document.
details
element:
details
element, then the element is in error and must be
ignored.
When a user agent is to install the widget package it must remove any incumbent widget and add the potential update as an installed widget.
When a user agent is to terminate the widget update the user agent must terminate the current widget update process. The user agent may emit a failure notification warning that the widget update has been terminated.
To verify and install a potential update the user agent must apply the rule for verifying a widget update.
The rule for verifying a widget update enables a user agent to match and verify a potential update - acquired via HTTP or from local media - with an installed widget package and is defined as follows:
Note: The decision of which (if any) distributor signatures are to be validated and whether the author signature is to be validated is out of scope [WIDGETS-DIGSIG].
dsp:Identifier
value [WIDGETS-DIGSIG] from update_signature with the same
value obtained from the associated incumbent_signature within incumbent_digsigs.
Because an update description document is not self-contained, it is conceivable that the update model could be subject to a man-in-the-middle attack, as with any unencrypted requests performed over [HTTP11]. For this reason, it is recommended that, for widgets that have not been digitally signed, updates are always performed over [HTTP-TLS].
Another means of protection is for authors to always digitally sign their widget resources. During an update, the user agent will then validate the signature before installation, ensuring that a widget resource's identity and integrity was maintained over the network.
Without the availability of a digitally signed installed widget, it is extremely easy to overwrite a widget resource with another (potentially malicious) widget resource. Therefore it is recommended that a user agent only allow updates to a signed installed widget or to a non-signed installed widget only from a potential update obtained via its authoritative update URI.
This section is non-normative.
This document addresses the Remote and Local Updates the requirement of the 30 April 2009 Working Draft of the Widgets 1.0: Requirements Document (see [WIDGETS-REQS]).
The editors would like to thank the following contributors (in no particular order): Raine Hillebrand.