CloudServices/Presence: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
 
(100 intermediate revisions by 7 users not shown)
Line 6: Line 6:


==Overview==
==Overview==
The goal of Mozilla Presence is to provide a way for applications to know when their users are online,
even if they don't have the application running.


XXX find a better sentence here
Presence is a proposed Cloud Service that tracks a Firefox OS device's Internet connectivity status as ''online'', ''offline'' or ''unavailable'' by the device's Firefox Account. A Firefox OS Web App may request permission on behalf of its publisher to read status. Once approved, the publisher may poll the Presence service and, once the device is back online, push messages to the Web App.
 
See [[#Architecture Overview]] for more details.


==Project Contacts==
==Project Contacts==
''Principal Point of Contact'' - <i>Tarek Ziadé</i> <i>tarek@mozilla.com</i>


''IRC'' - #<i>presence-wg</i>
''Principal Point of Contact'' - <i>Tarek Ziade</i> <i>tziade@mozilla.com</i>
 
 
* ''IRC'' - #<i>presence-wg</i>
* ''Group Email'' - https://mail.mozilla.org/listinfo/wg-presence


''Group Email'' - [https://mail.mozilla.org/listinfo/wg-presence wg-presence@mozilla.org]
===Team===


==Goals==
==== Cloud Services ====
<i>How will you know things are working?</i>
 
<i>What problems does this solve?</i>
 
* <i>Tarek Ziade</i> <i>tziade@mozilla.com</i>
* <i>Ben Bangert</i> <i>bbangert@mozilla.com</i>
* <i>Robert Lord</i> <i>rlord@mozilla.com</i>
* Firefox Account Engineer - TBD
 
==== Firefox OS ====


==Use Cases==
* <i>Fabrice Desré</i> <i>fabrice@mozilla.com</i>


==Presence on other Mobile Platforms==


=== Facebook ===
===Presence on iOS===


Jeff wants to appear online on Facebook (he's already determined on Facebook who can see him, etc).
In iOS >= 7.x, applications that want to provide a presence feature can
keep a socket opened in the background even if the application is not
running anymore in the foreground.


He's already installed the Facebook app on his FFOS phone, he goes to the Settings and touch, "Authorize Presence",
The feature is called setKeepAliveTimeout (https://developer.apple.com/library/ios/documentation/UIKit/Reference/UIApplication_Class/Reference/Reference.html#//apple_ref/occ/instm/UIApplication/setKeepAliveTimeout:handler:)
his screen loads a doorhanger (provided by Mozilla Presence) asking if he wants to authorize the app.
and will give the app the ability to register a handler that
will be called periodically to check on the socket connection. Only approved VOIP apps are
allowed by Apple to always keep a socket alive and not be terminated. Apple
is very discerning about which apps get to use this functionality.


Jeff clicks "Yes" on the doorhanger page, and the Facebook app waits while Facebook recieves the redirect, stores
The handler has a limited time to do it (max 10 seconds) but
his UID, and closes the doorhanger (and likely needs to do something else to register this with the device so that
this is enough to handle presence for the user by interacting with a
it will appear in the Presence Settings page).
server.  


The next day, Jeff wakes up, and goes to check his e-mail on his phone. Upon seeing his idle drop, the phone's
The Apple Push Notification Service https://en.wikipedia.org/wiki/Apple_Push_Notification_Service
simple-push client (which is always running) includes an 'O' in its next PING to simplepush to indicate the user
is also often used by applications to keep a connection opened on a
is now online. Mozilla Presence gets notified of this and acts on it to batch the status change to Facebook. The
server to receive push notifications. That's comparable to the Simple Push
batch of updates goes to Facebook including Jeff's, so Facebook knows that Jeff is now online, and updates its
service Mozilla has added in Firefox OS.
database indicating this.


Jeff's friend Marsha goes to Facebook to see if any of her friends are online. Marsha sees that Jeff is now online
Therefore, building an application with device-level presence on an iOS device
and sends a chat request. Facebook uses SimplePush to notify Jeff of the chat request. Jeff sees the chat request
is doable but requires the publisher to maintain one or several connections per user
opened all the time and very few applications qualify for VOIP status.  


=== AppMaker ===
=== Presence on Android ===


Sue has signed up to be an appmaker tutor -- Bob is a new appmaker teacher, and is stuck in a workshop, Bob wants to know which of the tutors are available to help w/ a togetherJS session
Like iOS, Android provides features to run some services in the background,
see http://developer.android.com/guide/components/services.html


Sue is an appmaker expert.  She previously authorized AppMaker to see her Online Presence - as Jeff did in with
However, the service can be killed when the memory becomes low, and
Facebook in the previous story. She also configured her notifications so any message coming from AppMaker
if TCP/IP is used it can be hard to have a reliable service.
when she's online would display a message on her screen and let her start the app.


Bob is building a cool new application with his class in AppMaker and would like some input from someone.  Appmaker maintains a mapping of which helpers are appropriate for which users (e.g. by language skills). He's currently working in AppMaker from his FFOS Phone and sees that Sue is online.
Google also provides a "Google Cloud Messaging" (GCM) service - http://developer.android.com/google/gcm/index.html
That provides similar features than Simple Push, to push notifications to users.


Bob clicks on Sue's name in his contact lists and hit "invite Sue for peer design session".  
There's also a new feature called GCM Cloud Connection Server - (CSS)
AppMaker sends a notification to Sue using the Simple Push service.
http://developer.android.com/google/gcm/ccs.html - that allows applications to communicate
with the device via XMPP and on the client side "Intent Services".  
The app and the devices interact with CSS, which relays the messages back and forth.


Sues gets the notification instantly on her phone via her simple-push client and joins Bob on the  
There's a full example on that page, of a Python server interacting with the GCM service
design page.
to interact with users.  


AppMaker uses Together.js so Bob and Sue can interact live on the page.
The architecture is quite similar to what we want to build with Mozilla Presence
since GCM acts as an intermediary between the app server and the device.


=== Support ===
However, CSS is a neutral messaging relay and does not keep track of users online
status. It sends back and forth what the server and the device have pushed in the pipe.


(This is about a tentative and unnamed Firefox OS support tool.)
So it's still up to the app to leverage this service to keep track of connected
devices to get device-level presence.


Maria is a Mozillian who wants to helpful to other Firefox OS users.  She signs up with a support application (an application that Mozilla creates).  She indicates what she knows about, and what languages she speaks.
'''if we decide not to build presence, maybe we would just need to build that relay to make sure we offer FFOS apps the ability to implement presence the right way, like what Google provides on Android'''


Javier wants to activate developer mode on his phone, but can't find the right setting.  He goes into '''Help &gt; Live Support'''.  The phone sends a request to the support app: someone wants support with Settings in es-MX.  The application looks in its database of contributors to see who has the appropriate expertise (and language) to help him, and who is online.  Among the pool of possible people it selects Maria, and pings her to see if she can provide support.  If she doesn't respond then another person is selected from the pool (or maybe many people are asked at once), and if someone else helps Javier then Maria is notified that her help is no longer needed.
XXX stuff to dig: can we use CSS with BOSH or with websockets


Note that Maria would be participating under an alias specific to the support application (though not anonymous), and she will not be fielding support requests all the time (e.g., she may not provide support at work, only after hours).
==Goals==


=== Talkilla ===
Phone UI for users to:
* see at a glance and manage what applications they granted presence access to.
* see lively notifications and act on them or ignore them.
* manage how much idling is considered to be 'online' vs. 'away' vs. 'offline'
* set custom status updates


XXX
Mozilla Cloud Services run system that:
* allows a user to authorize an AppService access to the users presence
* sends notifications to the users device that they can act on
* sends user presence updates to authorized AppServices


=== Chatspace ===
Note: Lively notifications are different than SimplePush style Notifications in that they can require immediate action else they'll become stale, like a missed phone call.


Jane is building https://github.com/mozilla/chatspaces - we should investigate how presence fits there
The project will be a success if an application registered with Mozilla Cloud Services is able to reach out to users that are "online" (active on their phone or desktop but with the app not running) via Mozilla Presence.


=== SUMO ===
==Use Cases==


XXX See with Lloyd about the user story there (sumo experts summoned etc)
See [https://wiki.mozilla.org/CloudServices/Presence/UseCases Detailed Use Cases].


==Requirements==
==Requirements==
* <i>List of requirements</i>
* <i>List of requirements</i>
==Get Involved==
==Get Involved==


Line 94: Line 123:


[https://id.etherpad.mozilla.org/presence Identity Presence Etherpad]
[https://id.etherpad.mozilla.org/presence Identity Presence Etherpad]
[https://etherpad.mozilla.org/presence-meeting Presence Meeting Wiki]
== Meetings ==
We try to meet every Thursday at 10:00 Pacific Time
For mozilla employees, we meet in the "Services" vidyo room, and use IRC channel #presence-wg (irc.mozilla.org)
For participants outside of mozilla, you can call into the meeting using the following numbers:
* Phone (US/Intl): 650 903 0800 x92 Conf: 98616#
* Phone (Toronto): 416 848 3114 x92 Conf: 98616#
* Phone (US): 800 707 2533 (pin 369) Conf: 98616#
Please mute yourself with '* 1' upon joining to prevent needless noise and feedback. You can unmute yourself with '* 1' again to speak.


=== Meeting Notes ===
=== Meeting Notes ===
https://etherpad.mozilla.org/presence-meeting-20140311


[[Services/Roadmaps/Presence/Meetings/notes_20131014]]
[[Services/Roadmaps/Presence/Meetings/notes_20131014]]


[[Services/Roadmaps/Presence/Meetings/notes_20131031]]
[[Services/Roadmaps/Presence/Meetings/notes_20131031]]
https://etherpad.mozilla.org/presence-2013-11-26


=Design=
=Design=
==Points of Contact==
==Points of Contact==
Engineer - <i>Name</i> <i>contact@info</i>


== General Overview ==
Services Engineers:
 
* <i>Ben Bangert</i> <i>bbangert@mozilla.com</i>
* <i>Tarek Ziadé</i> <i>tarek@mozilla.com</i>
 
==Architecture Overview==
 
There are two levels of presence:
 
1/ app-level presence
 
* online: you are connected in the app, and using it
* offline: you are disconnected from the app
 
2/ device-level presence.
 
* online : you are using your FXOS phone or your desktop browser
* offline: you are not on your FXOS phone or your browser
 
Sometimes you might be online in 1/ or 2/ and not wishing other users to know about it. And you also might want to appear online for app B but not for app C.
 
1/ is solved by every application. they all have their ad-hoc system, their social graph, rosters, contacts, etc. Large social networks don't care as much about 2/ because they would prefer you to use *only* their application for talking to your friends. By solving 2/, we can enable non-dominant social/communication applications to get useful presence information they can act on.
 
Mozilla Presence acts as a <b>trusted intermediary between the user's device (solving 2/) and the applications the user has allowed to see their presence, as well as a short-lived notification system for applications to engage available users</b>.
 
[[File:PresenceOverview.jpg]]
 
Channel communication overview:
 
[[File:MPChannels.jpg]]
 
== Terminology ==
 
;AppDeveloper : A developer that creates applications which may or may not have server-backed resources.
 
;AppService : An Internet-accessible server that an application talks to. For example, Facebook's locally installed application talks to Facebook's API server to get data. The Facebook API server in that case is the AppService as it acts as a service to the application.
 
;Application : A website application that might run locally on a device with or without needing to talk to an AppService.
 
;FxAID : A Firefox Accounts user ID.
 
;Device Presence Channel : A channel of communications between a phone/browser device and Mozilla Presence that carries live notifications from Presence and presence data to Presence.
 
;AppService Presence Channel : A channel of communication between Mozilla Presence and an AppService that carries presence updates for users sharing their presence with the AppService and live notifications from the AppService to be delivered to a PUID.
 
; LiveNotification : A live notification is an alert requiring a response within a set period of time (5 seconds up to several minutes) before its considered 'missed' and stored on the device separately to indicate it can no longer be acknowledged. A response is considered acknowledgement and switches the user to the appropriate application to act on the LiveNotification.
 
; Presence : For our purposes the definition of presence definined by XMPP also applies, but in our case 'contacts' happen to be AppServices that the presence is broadcast to. See http://xmpp.org/rfcs/rfc6121.html#presence-fundamentals
 
;PUID : A Presence Unique Identifier. Every AppService authorized by a user to see presence updates will be assigned a PUID that it should store and associate with the user (who may or may not be logged into the application).
 
== API Reference/Documentation ==
 
The Presence service has several functions:
 
# '''Device Channel to Mozilla Presence''' - let a '''user''' update her online status and set a custom status message
# '''Applications registration''' - let a '''developer''' register an application
# '''Applications permissions''' - let a '''user''' manage applications access to their presence
# '''Status updates''' - let an '''application''' receive status updates
# '''Live Notifications''' - let an '''application''' send a live notification and a user receive it.
 
=== 1. Device Channel to Mozilla Presence ===
 
Mozilla Presence provides a secured web socket endpoint at '''wss://presence.services.mozilla.com/presence''' for
devices to connect to.
 
The user may connect to the socket using a valid FxA (which will entail a BrowserID Assertion per FxaSSO), and send status updates.
 
The data must be sent in JSON and is based on a simple protocol where a first request must be made to create a new session.
Each subsequent request is a status update. The server or the user can disconnect from the socket at any time and for
any reason. In that case the session is lost and a new session must be initiated.
 
==== Session Request ====
 
Example of a session request:
 
    {'type': 'connect',
    'application_ids': [421, 492, 9592, 391],
    'assertion': 'valid persona assertion'}
 
where:
* '''assertion''' is a valid persona assertion
* '''type''' is the type of request. in that case "connect"
* '''application_ids''' is the list of applications IDs presence updates should be sent to.
 
The '''application_ids''' field is used because Mozilla Presence does not retain a list of applications
authorized to see updates. This data is kept only on the phone. As a result, the device must
indicate what application ID's presence data should be sent to when connecting.
 
The server validates the assertion by sending it to a persona/fxaccount verifier,
and if valid, creates a unique session id and sends it back to the cient.
 
Example:
  {'result': true, 'session_id': '61539351-1f02-4b62-a136-205000ece41a'}
 
In case there's an issue, like an invalid assertion, the server will send back a
request with a result flag set to false, an '''errno''' field with
an error code (to be documented) - and an error message in the '''reason''' field.
 
Example:
 
  {'result': false, 'errno': 34, 'reason': 'Invalid assertion'}
 
 
==== Status Update Request ====
 
Once the session is set, the client can send status updates.
 
Example:
 
    {'type': 'status',
    'session_id': '61539351-1f02-4b62-a136-205000ece41a'
    'status': 'online'}
 
where:
* '''session_id''' the session ID
* '''type''' is the type of request. in that case "status"
* '''status''' the presence status. The value must be one of "online", "offline", "unavailable".
 
In case the device wants to send a status update to a specific subset
of applications, it can use the 'application_ids' key on a status update
request, it will override the value set on a visibility call, just for
that call.
 
Example:
 
    {'type': 'status',
    'session_id': '61539351-1f02-4b62-a136-205000ece41a'
    'application_ids': [421, 391],
    'status': 'offline'}
 
For every status request received, the server sends back an ACK message.
 
Example:
  {'result': true}
 
In case of an error, the server will send back an extra 'errno' field with an
error code (codes to be documented) and an optional 'reason' message.
 
Example:
 
  {'result': false, 'errno': 34, 'reason': 'Assertion expired'}
 
The error codes have to be documented, but in case the errno value is
a negative value, the session is lost and the client has to recreate a new one.
 
The user can send as many updates as it wants, but the server can ask it to
slow down with a specific  error code  (codes to be documented)
 
The server or the user can disconnect from the socket at any time and for any reason.
The number of socket connections is limited to one connection per device and per email.
 
=== 2. Applications registration ===
 
An App developer can register a new application into Mozilla Presence
 
An application is defined by:


This service is hooked onto SimplePush, such that when a client ping comes in that includes presence info (either O,
* a domain
A, or U to indicate Online/Away/Unavailable based on the devices Presence policy dictated by the devices user
* an email
and its idel time), then SimplePush will broadcast that to Presence somehow, that client id XXYYY is now O/A/U or
* a name
whatever. Presence then updates its record and relays the status update to the services the user has authorized.
* a description


The service stores records for every user that has Presence 'activated'. The device is tied to the users FxA such
Registering a new application is done in 3 steps
that if the device is lost, when they get a new one they will still identify the same. If/When a client needs to
re-register for SimplePush, the SimplePush client-id is sent to Presence to tie it to the existing FxA record.


Presence stores a set of data (rough schema):
# validation of the domain ownership
# attribution of a unique application ID
# activation of presence notifications


'''Domain Ownership Validation'''


    Client-Mappings:
Mozilla Presence provides a web page at '''https://presence.mozilla.com/myapps'''
        Client-ID  | Corresponds to the client-id that is used for SimplePush
where an application developer can connect by logging in with her persona account.
        FxA-ID      | The FxA of the presence user


    Presence-Authentications
Once logged in, the developer can fill a
        FxA        | The FxA of the presence user
form with a domain, name and description of the application to register.
        Service-ID  | Service ID that the app developer registered for this service
        UUID        | A unique ID for this user on this service, to avoid leaking the FxA ID
        Status      | Boolean flag on whether the user currently wants presence broadcast to this service


Mozilla Presence generates a unique key of 1024 characters, the developer needs
to place in this URL: ''http://<domain>/__presence'' in a plain/text file that
can be reached pubicly.


   
Once the key is placed, the developer can hit a '''Verify''' button.
When the user changes the toggle on their device to turn on/off Presence, their device must be able to
Mozilla Presence will then visit ''http://<domain>/__presence'' to verify
contact our server so that we can update their Presence choice in the Presence-Authentications table.
that the domain is owned by the developer.
This is because Presence is broadcast in the background by the SimplePush UA, and we don't want to
have to include a list of all the 'apps' that should get the presence update in every ping request.
   
When Presence gets a status update from simplepush, it looks up the client-id in the Client-Mappings, then uses that
to lookup all the services in Presence-Authentications that the user wants notified of this change. It filters out
services that the user has currently chosen not to recieve presence. The remaining services have their webhook URL's
called with the UUID and presence change so that the services can decide what they want to do.


To avoid a call for every single status change, the Presence service may batch updates to the various services so
'''Application ID'''
that the webhook URL for each service is only called every 30+ seconds with all the updates intended for it (in the
list POST format explained above).


== Architecture Overview ==
Once the domain has been verified, Mozilla Presence generates a unique id for the
application, and displays an entry point the developer will need to visit to
get status updates.


http://ziade.org/presence.jpg
The entry point is in the form of '''ws://<node>.presence.mozilla.com/<appid>'''
and is a web socket the developer's application may connect to, in order to
receive status updates.


# appmaker asks for a token
# appmaker register to the presence server to ask for presence info - basically a POST with the web hook + the token as an auth
## Bob decides to give appmaker Presence access.
## Bob is redirected with appmaker token to Presence service.
## Bob hits 'Yes' to grant appmaker access to his Presence
## Bob is redirected back to appmaker with token that includes Presence UID (the one you'll get with the update in step 5)
# bob updates his status with the presence
# sarah updates her status with the presence
# the presence service calls the webhook to notify status updates


=== Proposed Modifications to SimplePush ===
'''Activation of presence notifications'''
SimplePush protocol is [https://wiki.mozilla.org/WebAPI/SimplePush/Protocol defined here].


Principle changes to the protocol involve introducing a change to the "hello" and "ping" packets.  
To activate the status update stream, the app developer needs to visit
'''https://presence.mozilla.com/myapps''' and click on the '''Activate'''
button located besides the application name (a developer may have several apps.)


The "hello" packet needs to be modified to include a GUID as the user's Presence ID (PrID). This is required because SimplePush UserAgentIDs (UIAD) can change at any time, where the PrID is more "stable", but only active when the user opts into Presence.
By clicking on '''Activate''', an API key is generated for the application and
displayed besides the application. An API key is a string of 1024 chars.


In an effort to save bandwidth, keys are reduced to x + "p" + sub identifier.
This API key has to be used by the application in order to get status updates.


old format:
Getting status updates is done by connecting to the websocket located at
'''ws://<node>.presence.mozilla.com/<appid>''' with the API key.


    {messageType": "hello", "uaid":"...", "channelIDs":[...]}
Example:


new format:  
  {'key': 'e3b0c44298fc1c149afbf4c8....996fb92427ae41e4649b934ca495991b7852b855'}


    {"messageType": "hello", "uaid":"...", "channelIDs":[...], "'''xpi'''":"..."}
Once connected, the application will receive status updated as they happen,  
in the form of a list. Each element is composed of an uid and a status.


It is important to note that future simplepush reregistrations use the same "xpi" value (if defined). This will allow the SimplePush socket plugin monitor to associate the correct to the correct Presence server.
Example:


"ping" packets would use the optional long form and contain the Presence Status (xps).
  [{'UID': 2123131, 'status': 'online'},
  {'UID': 12345, 'status': 'offline'}
  ]


    {"messageType": "ping", "'''xps'''":"(UAO)?"}
Where '''UID''' is a user identifier as described in the next section.


A simplepush "ping" packet is exchanged between the client and server when the user's status changes. User's status is indicated by
=== 3. Applications permissions ===
* "A"way (user is idle or temporarily unavailable)
* "U"navailable (user has gone offline)
* "O"nline


This information would be picked up by the Presence Plug-in to SimplePush which would send the status change to the Presence monitoring system using ''TBD'' REST calls.
Granting presence access requires user interaction to indicate to Mozilla Presence that the user wants an AppService to see their presence information. In the event that the user might have multiple identities or profiles on a single AppService, a user-meaningful string should be included in the authorization request to Mozilla Presence.


=== For App Developers ===
Here's what a users interaction with an application to grant it presence might look like:
[[File:WPPhoneOverview.jpg]]


An app developer wishes to get presence information, the following can be addd to the app manifest:
The following steps occur in this flow:
# User clicks Authorize button
# User acknowledges the AppService they're granting and allows it
# User is redirected back to the AppService


    {
==== Technical Details ====
        "permissions": {
            "push": {"description": "To receive notifications about the newest phone releases"},
            "presence": {"description": "To broadcast presence"}
        },
        "messages": [
            {"push": "/view_to_launch.html"},
            {"push-register": "/view_to_launch.html"}
        ]
    }


Note that the existing bits for SimplePush are retained, as Presence merely add's broadcast of the user's Presence
The page URL the Authorize buttons posts to is:
to the app.
https://<node>.presence.mozilla.com/<appid>/grant?redirect=<url>&id=<userstring>


The application developer must register their application separately with Mozilla Presence and set a "Webhook URL"
Where <node> and <appid> are values known by the registered application, <url> is the url to redirect back to, and <userstring> is the user-meaningful string indicating that should usually be their login name (or something short and meaningful to distinguish multiple identities on a single AppService if applicable).
that will be called with presence updates for users that look like the following:


    POST /some/webhook/callback
In the example above, the user Marge happens to be logged into BeerChat as 'Fred', so this identifier is attached during authorization so that when Marge manages her Presence she can see that she appears online as Fred to BeerChat.
   
    {[
        ["UID2949293", "away"],
        ["UID4823888", "online"],
        ["UID482838", "offline"],
        ["UID4828382", "online"]
    ]}


When the user grants access, your application will get a unique ID that you should associate with the user record
The user is expected to already be signed into their Firefox Account in this example, otherwise they will need to first login to Prsence before seeing the authorization page.
your application stores.


A doorhanger will be needed in applications to prompt the user to grant an application Presence notification data
Authorizing the AppService performs a POST on https://<node>.presence.mozilla.com/<appid> containing the redirect url and the answer.
should the user not grant it initially when installing the app (and for websites that don't necessarilly install
as 'apps').


Setup of a doorhanger will require the app developer to register their application with Mozilla Services and get
If user has accepted, Mozilla Presence generates a unique ID (PUID) to identify the user in the context of the application.
an application token. This application token can be used with Mozilla TokenServer to register access with the
Mozilla Presence server. The app developer may then enter the "Webhook URL" in their Settings page for Mozilla
Presence.


When a user signs-in to your application/website and you wish to ask for Presence notifications, you may redirect
The user then is redirected back to <url> with an encoded PUID in a <Presence-UID> header.
the user to Mozilla Services asking for "Presence" access. The user will be prompted to grant access or deny and
redirected back to your application. If the user granted access, the redirect will include an encoded UID that you
should store and associate with the user as this UID will be the one sent in the Webhook calls.


App developers should account for the possibility that 'updates' may get lost, and automatically mark a user as
The application is responsible to store the PUID and associate it with the user.
offline if no status is sent in an hour.


=== For Device Users ===
The redirect flow looks like this:
[[File:WPAuthInteraction.jpg]]


=== 5. Status updates ===


A separate Settings page is available, that looks similar to the iOS Notifications page, showing a list of apps and
When Mozilla Presence gets a status update from someone, it looks up all the
websites that have been granted Presence access. The page also lets one set a "Presence Policy" that determines
registered applications and sends to the one that are activated to see the updates.
what liveliness is communicated, for example:


    Presence Policy
Since statuses are fetched via a web socket at ws://<node>.presence.mozilla.com/<appid>, each application gets its own messaging queue that is dequeued when the application is connected via the web socket. A status message is dropped from the queue if not
   
consumed within an hour.
    Show me online when I've used this device in the past:
    5 - 10 - 15 - 20  (minutes)
   
    Show me away when I haven't used this device in at least:
    5 - 10 - 15 - 20  (minutes)
   
    Show me offline when I haven't used this device in at least:
    10 - 25 - 35      (minutes)


=== 6. Live notifications ===


Perhaps these will be sliders, UX is not determined this is only a possible example of how the user determines
Live notifications are a way for applications to reach out online users that are not active in the application.
what type of 'livliness' data is sent based on whether they're using the device or not, and how recently.
It can be used to give the opportunity to the user to react when something is happening in the application.


A list of toggles for each app the user has granted access to will be here, so that a user may turn off Presence
Examples:
for individual apps temporailly without fully revoking possible future Presence broadcasts to the app/website.


<!--
* ChatRoom: Your nick was used in a message sent to the room.
==API Reference/Documentation==
* ChatRoom: Someone wants you to join the room.
=== Data Schema ===
<i>How will data be stored</i>
=== API ===
<i>How to call the data</i>
==== <i>method</i> <i>URI</i> ====
<i>description</i>


Arguments <i>argument descriptions</i>
 
Returns: <i>returned contents</i>
AppService sends a notifications to Mozilla Presence via a POST request :
-->
 
  POST https://<node>.presence.mozilla.com/<appid>/notification
 
  [{'UID': 'userid',
    'message': '<message>',
    'action': '<url>'},
    ...
  ]
 
AppService can send notifications by batches.
 
Details:
 
* ''userid'': the user ID provided by the presence system.
* ''message'': a message to display to the user. Limited to 512 chars.
* ''action'': an action that will happen on the device if the user agrees - it can be an url to visit or an application to run. Limited to 512 chars.
 
Mozilla Presence pushes the message into a FIFO queue. There's one queue per user id + app id combination, and its size
is limited to 100 items. When the queue is full, the oldest item is dropped before the new item is added.
For each item, it appends in the mapping the ''appid'' value.
 
Once the message is stored, the service sends back an ack message to AppService, with the
current size of the queue:
 
  {'result': 'OK',
    'queue_size': <size>}
 
Receiving the ack is a guarantee that the message was stored on the server, but
is not a guarantee that it was delivered to the user.
 
If the user is connected to Mozilla Presence via the Presence daemon, it gets all
the items from the queue and the queue is purged.
 
The Presence daemon on the device is responsible to dispatch the messages to
the different applications:
 
* '''on desktop''', it displays a notification with the url contained in the action for the user to click
* '''on mobile''', it displays a notification with a link to run the app XXX
 
The application has no feedback on whether a notification was seen by the user.
 
==FAQ==
 
To help people get up to speed faster and prevent backtracking, commonly asked questions by those getting involved are listed here with an answer.
 
=== Is this going to use XMPP? ===
 
The presence channel to AppServices will have an XMPP option. It's useful to remember that Mozilla Presence is in very early stages at this moment. Worrying about the exact implementation is a detail that we're not addressing yet as we build some prototypes to test ideas out and prove the overall concept is worthwhile.
 
=== Shouldn't Mozilla have a way for me to see my contacts online? ===
 
Nowadays, peoples' personal connections are spread across multiple online services (Facebook, Google+, Skype, etc). These services usually already have done the work of ensuring both people want to see each other's presence and have ways to facilitate a conversation. All they need is a way to be aware of a users presence when their app might be closed or suspended (on a phone). By serving as the underlying plumbing notifying AppService's when users are online, Mozilla Presence avoids having to try and change users expectations about where their 'friends' are and can facilitate new social interaction applications that need presence data.


==Platform Requirements==
==Platform Requirements==
Line 286: Line 495:


==Code Repository==
==Code Repository==
<i>Links to the published code bases</i>
 
Repository: https://github.com/mozilla-services/presence
 
Diagrams: https://github.com/mozilla-services/presence-graffles
 
==Release Schedule==
==Release Schedule==
<i>Predicted code delivery dates</i>
 
===Prototype===
 
Server-side implementation:
 
* Allows AppServices to send LiveNotifications
* Sends AppServices presence stanzas
* Holds WebSocket connection to devices
* Sends LiveNotifications to devices
* Allows a device when connecting to toggle what AppServices should have presence stanzas relayed
 
Client-side implementation:
 
* Settings screen to manage
** Applications that can use Presence (On/Off toggles)
** Online - Away - Offline sliders to set how much idle is away vs. offline
** Custom status message
** Custom away message (if additional info should accompany it)
* LiveNotifications pop-up with Accept/Dismiss button
* Background service that sends pings, accepts LiveNotifications
 
===Production V.1===
 
Everything in the Prototype, designed for scale, in addition:
 
* Possibly a QUIC-derived UDP-based device-presence channel
* XMPP interface for AppServices <-> Presence
* FxA Integration for device user (Requires https://wiki.mozilla.org/Identity/Firefox_Accounts/SSO)
* Developer Registration page to acquire Presence Application ID, linked to from the Developer page in Marketplace
 
=QA=
=QA=
==Points of Contact==
==Points of Contact==

Latest revision as of 18:50, 11 March 2014

Last updated: 2014/03/11
Draft-template-image.png THIS PAGE IS A WORKING DRAFT Pencil-emoji U270F-gray.png
The page may be difficult to navigate, and some information on its subject might be incomplete and/or evolving rapidly.
If you have any questions or ideas, please add them as a new topic on the discussion page.

Presence

Overview

Presence is a proposed Cloud Service that tracks a Firefox OS device's Internet connectivity status as online, offline or unavailable by the device's Firefox Account. A Firefox OS Web App may request permission on behalf of its publisher to read status. Once approved, the publisher may poll the Presence service and, once the device is back online, push messages to the Web App.

See #Architecture Overview for more details.

Project Contacts

Principal Point of Contact - Tarek Ziade tziade@mozilla.com


Team

Cloud Services

  • Tarek Ziade tziade@mozilla.com
  • Ben Bangert bbangert@mozilla.com
  • Robert Lord rlord@mozilla.com
  • Firefox Account Engineer - TBD

Firefox OS

  • Fabrice Desré fabrice@mozilla.com

Presence on other Mobile Platforms

Presence on iOS

In iOS >= 7.x, applications that want to provide a presence feature can keep a socket opened in the background even if the application is not running anymore in the foreground.

The feature is called setKeepAliveTimeout (https://developer.apple.com/library/ios/documentation/UIKit/Reference/UIApplication_Class/Reference/Reference.html#//apple_ref/occ/instm/UIApplication/setKeepAliveTimeout:handler:) and will give the app the ability to register a handler that will be called periodically to check on the socket connection. Only approved VOIP apps are allowed by Apple to always keep a socket alive and not be terminated. Apple is very discerning about which apps get to use this functionality.

The handler has a limited time to do it (max 10 seconds) but this is enough to handle presence for the user by interacting with a server.

The Apple Push Notification Service https://en.wikipedia.org/wiki/Apple_Push_Notification_Service is also often used by applications to keep a connection opened on a server to receive push notifications. That's comparable to the Simple Push service Mozilla has added in Firefox OS.

Therefore, building an application with device-level presence on an iOS device is doable but requires the publisher to maintain one or several connections per user opened all the time and very few applications qualify for VOIP status.

Presence on Android

Like iOS, Android provides features to run some services in the background, see http://developer.android.com/guide/components/services.html

However, the service can be killed when the memory becomes low, and if TCP/IP is used it can be hard to have a reliable service.

Google also provides a "Google Cloud Messaging" (GCM) service - http://developer.android.com/google/gcm/index.html That provides similar features than Simple Push, to push notifications to users.

There's also a new feature called GCM Cloud Connection Server - (CSS) http://developer.android.com/google/gcm/ccs.html - that allows applications to communicate with the device via XMPP and on the client side "Intent Services". The app and the devices interact with CSS, which relays the messages back and forth.

There's a full example on that page, of a Python server interacting with the GCM service to interact with users.

The architecture is quite similar to what we want to build with Mozilla Presence since GCM acts as an intermediary between the app server and the device.

However, CSS is a neutral messaging relay and does not keep track of users online status. It sends back and forth what the server and the device have pushed in the pipe.

So it's still up to the app to leverage this service to keep track of connected devices to get device-level presence.

if we decide not to build presence, maybe we would just need to build that relay to make sure we offer FFOS apps the ability to implement presence the right way, like what Google provides on Android

XXX stuff to dig: can we use CSS with BOSH or with websockets

Goals

Phone UI for users to:

  • see at a glance and manage what applications they granted presence access to.
  • see lively notifications and act on them or ignore them.
  • manage how much idling is considered to be 'online' vs. 'away' vs. 'offline'
  • set custom status updates

Mozilla Cloud Services run system that:

  • allows a user to authorize an AppService access to the users presence
  • sends notifications to the users device that they can act on
  • sends user presence updates to authorized AppServices

Note: Lively notifications are different than SimplePush style Notifications in that they can require immediate action else they'll become stale, like a missed phone call.

The project will be a success if an application registered with Mozilla Cloud Services is able to reach out to users that are "online" (active on their phone or desktop but with the app not running) via Mozilla Presence.

Use Cases

See Detailed Use Cases.

Requirements

  • List of requirements

Get Involved

Documents so far

Services Presence Etherpad

Identity Presence Etherpad

Presence Meeting Wiki

Meetings

We try to meet every Thursday at 10:00 Pacific Time

For mozilla employees, we meet in the "Services" vidyo room, and use IRC channel #presence-wg (irc.mozilla.org)

For participants outside of mozilla, you can call into the meeting using the following numbers:

  • Phone (US/Intl): 650 903 0800 x92 Conf: 98616#
  • Phone (Toronto): 416 848 3114 x92 Conf: 98616#
  • Phone (US): 800 707 2533 (pin 369) Conf: 98616#

Please mute yourself with '* 1' upon joining to prevent needless noise and feedback. You can unmute yourself with '* 1' again to speak.

Meeting Notes

https://etherpad.mozilla.org/presence-meeting-20140311

Services/Roadmaps/Presence/Meetings/notes_20131014

Services/Roadmaps/Presence/Meetings/notes_20131031

https://etherpad.mozilla.org/presence-2013-11-26

Design

Points of Contact

Services Engineers:

  • Ben Bangert bbangert@mozilla.com
  • Tarek Ziadé tarek@mozilla.com

Architecture Overview

There are two levels of presence:

1/ app-level presence

  • online: you are connected in the app, and using it
  • offline: you are disconnected from the app

2/ device-level presence.

  • online : you are using your FXOS phone or your desktop browser
  • offline: you are not on your FXOS phone or your browser

Sometimes you might be online in 1/ or 2/ and not wishing other users to know about it. And you also might want to appear online for app B but not for app C.

1/ is solved by every application. they all have their ad-hoc system, their social graph, rosters, contacts, etc. Large social networks don't care as much about 2/ because they would prefer you to use *only* their application for talking to your friends. By solving 2/, we can enable non-dominant social/communication applications to get useful presence information they can act on.

Mozilla Presence acts as a trusted intermediary between the user's device (solving 2/) and the applications the user has allowed to see their presence, as well as a short-lived notification system for applications to engage available users.

PresenceOverview.jpg

Channel communication overview:

MPChannels.jpg

Terminology

AppDeveloper
A developer that creates applications which may or may not have server-backed resources.
AppService
An Internet-accessible server that an application talks to. For example, Facebook's locally installed application talks to Facebook's API server to get data. The Facebook API server in that case is the AppService as it acts as a service to the application.
Application
A website application that might run locally on a device with or without needing to talk to an AppService.
FxAID
A Firefox Accounts user ID.
Device Presence Channel
A channel of communications between a phone/browser device and Mozilla Presence that carries live notifications from Presence and presence data to Presence.
AppService Presence Channel
A channel of communication between Mozilla Presence and an AppService that carries presence updates for users sharing their presence with the AppService and live notifications from the AppService to be delivered to a PUID.
LiveNotification
A live notification is an alert requiring a response within a set period of time (5 seconds up to several minutes) before its considered 'missed' and stored on the device separately to indicate it can no longer be acknowledged. A response is considered acknowledgement and switches the user to the appropriate application to act on the LiveNotification.
Presence
For our purposes the definition of presence definined by XMPP also applies, but in our case 'contacts' happen to be AppServices that the presence is broadcast to. See http://xmpp.org/rfcs/rfc6121.html#presence-fundamentals
PUID
A Presence Unique Identifier. Every AppService authorized by a user to see presence updates will be assigned a PUID that it should store and associate with the user (who may or may not be logged into the application).

API Reference/Documentation

The Presence service has several functions:

  1. Device Channel to Mozilla Presence - let a user update her online status and set a custom status message
  2. Applications registration - let a developer register an application
  3. Applications permissions - let a user manage applications access to their presence
  4. Status updates - let an application receive status updates
  5. Live Notifications - let an application send a live notification and a user receive it.

1. Device Channel to Mozilla Presence

Mozilla Presence provides a secured web socket endpoint at wss://presence.services.mozilla.com/presence for devices to connect to.

The user may connect to the socket using a valid FxA (which will entail a BrowserID Assertion per FxaSSO), and send status updates.

The data must be sent in JSON and is based on a simple protocol where a first request must be made to create a new session. Each subsequent request is a status update. The server or the user can disconnect from the socket at any time and for any reason. In that case the session is lost and a new session must be initiated.

Session Request

Example of a session request: 

   {'type': 'connect',
    'application_ids': [421, 492, 9592, 391],
    'assertion': 'valid persona assertion'}

where:

  • assertion is a valid persona assertion
  • type is the type of request. in that case "connect"
  • application_ids is the list of applications IDs presence updates should be sent to.

The application_ids field is used because Mozilla Presence does not retain a list of applications authorized to see updates. This data is kept only on the phone. As a result, the device must indicate what application ID's presence data should be sent to when connecting.

The server validates the assertion by sending it to a persona/fxaccount verifier, and if valid, creates a unique session id and sends it back to the cient.

Example: 

  {'result': true, 'session_id': '61539351-1f02-4b62-a136-205000ece41a'}

In case there's an issue, like an invalid assertion, the server will send back a request with a result flag set to false, an errno field with an error code (to be documented) - and an error message in the reason field.

Example: 

  {'result': false, 'errno': 34, 'reason': 'Invalid assertion'}


Status Update Request

Once the session is set, the client can send status updates.

Example: 

   {'type': 'status',
    'session_id': '61539351-1f02-4b62-a136-205000ece41a'
    'status': 'online'}

where:

  • session_id the session ID
  • type is the type of request. in that case "status"
  • status the presence status. The value must be one of "online", "offline", "unavailable".

In case the device wants to send a status update to a specific subset of applications, it can use the 'application_ids' key on a status update request, it will override the value set on a visibility call, just for that call.

Example: 

   {'type': 'status',
    'session_id': '61539351-1f02-4b62-a136-205000ece41a'
    'application_ids': [421, 391],
    'status': 'offline'}

For every status request received, the server sends back an ACK message.

Example: 

  {'result': true}

In case of an error, the server will send back an extra 'errno' field with an error code (codes to be documented) and an optional 'reason' message.

Example: 

  {'result': false, 'errno': 34, 'reason': 'Assertion expired'}

The error codes have to be documented, but in case the errno value is a negative value, the session is lost and the client has to recreate a new one.

The user can send as many updates as it wants, but the server can ask it to slow down with a specific error code (codes to be documented)

The server or the user can disconnect from the socket at any time and for any reason. The number of socket connections is limited to one connection per device and per email.

2. Applications registration

An App developer can register a new application into Mozilla Presence

An application is defined by:

  • a domain
  • an email
  • a name
  • a description

Registering a new application is done in 3 steps

  1. validation of the domain ownership
  2. attribution of a unique application ID
  3. activation of presence notifications

Domain Ownership Validation

Mozilla Presence provides a web page at https://presence.mozilla.com/myapps where an application developer can connect by logging in with her persona account.

Once logged in, the developer can fill a form with a domain, name and description of the application to register.

Mozilla Presence generates a unique key of 1024 characters, the developer needs to place in this URL: http://<domain>/__presence in a plain/text file that can be reached pubicly.

Once the key is placed, the developer can hit a Verify button. Mozilla Presence will then visit http://<domain>/__presence to verify that the domain is owned by the developer.

Application ID

Once the domain has been verified, Mozilla Presence generates a unique id for the application, and displays an entry point the developer will need to visit to get status updates.

The entry point is in the form of ws://<node>.presence.mozilla.com/<appid> and is a web socket the developer's application may connect to, in order to receive status updates.


Activation of presence notifications

To activate the status update stream, the app developer needs to visit https://presence.mozilla.com/myapps and click on the Activate button located besides the application name (a developer may have several apps.)

By clicking on Activate, an API key is generated for the application and displayed besides the application. An API key is a string of 1024 chars.

This API key has to be used by the application in order to get status updates.

Getting status updates is done by connecting to the websocket located at ws://<node>.presence.mozilla.com/<appid> with the API key.

Example: 

 {'key': 'e3b0c44298fc1c149afbf4c8....996fb92427ae41e4649b934ca495991b7852b855'}

Once connected, the application will receive status updated as they happen, in the form of a list. Each element is composed of an uid and a status.

Example: 

 [{'UID': 2123131, 'status': 'online'},
  {'UID': 12345, 'status': 'offline'}
 ]

Where UID is a user identifier as described in the next section.

3. Applications permissions

Granting presence access requires user interaction to indicate to Mozilla Presence that the user wants an AppService to see their presence information. In the event that the user might have multiple identities or profiles on a single AppService, a user-meaningful string should be included in the authorization request to Mozilla Presence.

Here's what a users interaction with an application to grant it presence might look like: WPPhoneOverview.jpg

The following steps occur in this flow:

  1. User clicks Authorize button
  2. User acknowledges the AppService they're granting and allows it
  3. User is redirected back to the AppService

Technical Details

The page URL the Authorize buttons posts to is: 

https://<node>.presence.mozilla.com/<appid>/grant?redirect=<url>&id=<userstring>

Where <node> and <appid> are values known by the registered application, <url> is the url to redirect back to, and <userstring> is the user-meaningful string indicating that should usually be their login name (or something short and meaningful to distinguish multiple identities on a single AppService if applicable).

In the example above, the user Marge happens to be logged into BeerChat as 'Fred', so this identifier is attached during authorization so that when Marge manages her Presence she can see that she appears online as Fred to BeerChat.

The user is expected to already be signed into their Firefox Account in this example, otherwise they will need to first login to Prsence before seeing the authorization page.

Authorizing the AppService performs a POST on https://<node>.presence.mozilla.com/<appid> containing the redirect url and the answer.

If user has accepted, Mozilla Presence generates a unique ID (PUID) to identify the user in the context of the application.

The user then is redirected back to <url> with an encoded PUID in a <Presence-UID> header.

The application is responsible to store the PUID and associate it with the user.

The redirect flow looks like this: WPAuthInteraction.jpg

5. Status updates

When Mozilla Presence gets a status update from someone, it looks up all the registered applications and sends to the one that are activated to see the updates.

Since statuses are fetched via a web socket at ws://<node>.presence.mozilla.com/<appid>, each application gets its own messaging queue that is dequeued when the application is connected via the web socket. A status message is dropped from the queue if not consumed within an hour.

6. Live notifications

Live notifications are a way for applications to reach out online users that are not active in the application. It can be used to give the opportunity to the user to react when something is happening in the application.

Examples:

  • ChatRoom: Your nick was used in a message sent to the room.
  • ChatRoom: Someone wants you to join the room.


AppService sends a notifications to Mozilla Presence via a POST request : 

  POST https://<node>.presence.mozilla.com/<appid>/notification
  
  [{'UID': 'userid',
   'message': '<message>',
   'action': '<url>'},
   ...
  ]

AppService can send notifications by batches.

Details:

  • userid: the user ID provided by the presence system.
  • message: a message to display to the user. Limited to 512 chars.
  • action: an action that will happen on the device if the user agrees - it can be an url to visit or an application to run. Limited to 512 chars.

Mozilla Presence pushes the message into a FIFO queue. There's one queue per user id + app id combination, and its size is limited to 100 items. When the queue is full, the oldest item is dropped before the new item is added. For each item, it appends in the mapping the appid value.

Once the message is stored, the service sends back an ack message to AppService, with the current size of the queue: 

  {'result': 'OK',
   'queue_size': <size>}

Receiving the ack is a guarantee that the message was stored on the server, but is not a guarantee that it was delivered to the user.

If the user is connected to Mozilla Presence via the Presence daemon, it gets all the items from the queue and the queue is purged.

The Presence daemon on the device is responsible to dispatch the messages to the different applications:

  • on desktop, it displays a notification with the url contained in the action for the user to click
  • on mobile, it displays a notification with a link to run the app XXX

The application has no feedback on whether a notification was seen by the user.

FAQ

To help people get up to speed faster and prevent backtracking, commonly asked questions by those getting involved are listed here with an answer.

Is this going to use XMPP?

The presence channel to AppServices will have an XMPP option. It's useful to remember that Mozilla Presence is in very early stages at this moment. Worrying about the exact implementation is a detail that we're not addressing yet as we build some prototypes to test ideas out and prove the overall concept is worthwhile.

Shouldn't Mozilla have a way for me to see my contacts online?

Nowadays, peoples' personal connections are spread across multiple online services (Facebook, Google+, Skype, etc). These services usually already have done the work of ensuring both people want to see each other's presence and have ways to facilitate a conversation. All they need is a way to be aware of a users presence when their app might be closed or suspended (on a phone). By serving as the underlying plumbing notifying AppService's when users are online, Mozilla Presence avoids having to try and change users expectations about where their 'friends' are and can facilitate new social interaction applications that need presence data.

Platform Requirements

What are the things this needs (OS, language, databases, etc.)?

XXX explain here how simple push is running on the different platforms - Firefox OS : built-in, what about Desktop ? a separate service that wakes up Firefox ?

Libraries Required

List of external project dependencies. (Stuff that's not pulled in via the installation script)

Code Repository

Repository: https://github.com/mozilla-services/presence

Diagrams: https://github.com/mozilla-services/presence-graffles

Release Schedule

Prototype

Server-side implementation:

  • Allows AppServices to send LiveNotifications
  • Sends AppServices presence stanzas
  • Holds WebSocket connection to devices
  • Sends LiveNotifications to devices
  • Allows a device when connecting to toggle what AppServices should have presence stanzas relayed

Client-side implementation:

  • Settings screen to manage
    • Applications that can use Presence (On/Off toggles)
    • Online - Away - Offline sliders to set how much idle is away vs. offline
    • Custom status message
    • Custom away message (if additional info should accompany it)
  • LiveNotifications pop-up with Accept/Dismiss button
  • Background service that sends pings, accepts LiveNotifications

Production V.1

Everything in the Prototype, designed for scale, in addition:

  • Possibly a QUIC-derived UDP-based device-presence channel
  • XMPP interface for AppServices <-> Presence
  • FxA Integration for device user (Requires https://wiki.mozilla.org/Identity/Firefox_Accounts/SSO)
  • Developer Registration page to acquire Presence Application ID, linked to from the Developer page in Marketplace

QA

Points of Contact

Engineer - Name contact@info

Test Framework

Security and Privacy

Fill out the security & privacy bug template: https://bugzilla.mozilla.org/form.moz-project-review (https://wiki.mozilla.org/Websites/Kick-Off_Form)

For security reviews, there's: https://wiki.mozilla.org/Security/ReviewProcess

Points of Contact

Questionnaire Answers

1.1 Goal of Feature

2. Potential Threat Vectors and Mitigation Points

Review Status

Bugzilla Tracking # - see https://wiki.mozilla.org/Security/Reviews

Issues and Resolutions

Operations

Points of Contact

Deployment Architecture

Bugzilla Tracking # -

Escalation Paths

Lifespan Support Plans

Logging and Metrics

Points of Contact

Tracking Element Definitions

Data Retention Plans

Dashboard URL

Customer Support

Points of Contact

Sumo Tags

Review Meeting

Retrieved from "https://wiki.allizom.org/index.php?title=CloudServices/Presence&oldid=949051"