This specification defines a model and a document format to allow a user agent to locate and replace a widget package with a new or different version of a widget package. The updates model is designed to allow user agents to update widget packages over HTTP. Updates for from non-HTTP sources (e.g., directly from a device's memory card or hard disk) are beyond the scope of this specifications.

Implementers should be aware that this document is not stable. Implementers who are not taking part in the discussions are likely to find the specification changing out from under them in incompatible ways. Vendors interested in implementing this document before it eventually reaches the Candidate Recommendation stage should join the group's public mailing list and take part in the discussions.

User agents that wish to extend this specification in any way are encouraged to discuss their extensions on a public forum, such as public-webapps so their extensions can be considered for standardization.

This specification is part of the Widgets Family of Specifications.

Introduction

This section is non-normative

@@@ TBW: things we want to say here: use cases... authors want to update to provide security fixes and add new features. Sometimes authors may even want to revert back to a previous version... It would be great to have a little update process diagram that shows how the user agent performs the update@@@

For updates performed over HTTP, this specification defines a simple XML document that authors place on a Web server to indicate, amongst other things, where the next most suitable version of a widget resource can be retrieved from.

If a user agent determines, via the strategies defined in this specification, that two widget packages are not the of same version, and if the user consents, the user agent will attempt to replace the currently installed widget package with a potential update. Updates are designed to retain any locally stored data, hence protecting the end-user from losing any data that the widget may have stored at runtime.

Design Goals and Requirements

This section is non-normative.

This document addresses the Remote and Local Updates the requirement of the 30 April 2009 Working Draft of the Widgets 1.0: Requirements Document [[!WIDGETS-REQS]].

This specification defines conformance criteria that apply to a single product: user agents.

Definitions

The concepts of a widget package and a configuration document are defined in the [[!WIDGETS]] specification.

A user agent is an implementation of this specification that also implements the [[!WIDGETS]] specification and its dependencies.

An installed widget is a widget package that has been correctly installed on a user agent. Not every installed widget classifies as an updatable widget (see rule for determining if a widget can be updated).

An updatable widget is an installed widget that meets all the preconditions defined in this specification that would allow it to be updated.

An update source is the URI referenced by the src attribute of a update-info element of an update description document.

A potential update is a resource acquired by downloading the update source (i.e., the resource addressed by the src attribute of a update-info element).

The update process is a multi-step process whereby a user agent compares the version of a currently installed widget package to the version of a resource available either on the Web or on local storage.

The version of an installed widget is determined by the version attribute of the widget element declared by an author in a widget package's configuration document.

An installed widget is said to be up-to-date if a user agent determines, via the update-checking strategies, that an installed widget does not need updating.

Precondition for Updating a Widget Package

In order to verify that an installed widget meets the preconditions which deem it an updatable widget, a user agent must apply the rule for determining if a widget can be updated.

Rule for Determining if a Widget can be Updated

The rule for determining if an installed widget can be updated is given by the following algorithm. This rule makes use of values derived in the configuration defaults table (CDT)established in the [[!WIDGETS]] specification.

  1. Let widget be an installed widget.

  2. In the CDT, if the widget identifier is not null and update href is not null, return true. Otherwise, return false.

Update-Checking Strategies

This document defines two update-checking strategies that a user agent ca use to check if a widget package is up-to-date, as well as the rules that define how user agents are expected to behave when performing each . The strategies are as follows:

  1. Referencing an update description document on the Web.
  2. Updating from local media.

Update-checking strategy 1 is performed by acquiring and processing an update description document (UDD) from a URI. An UDD is an XML document in which an author declares, amongst other things, what's new or different in the potential update, the version that the widget will be updated to, and the URI from where the user agent can retrieve the potential update (the update source). It is expected that user agents will perform updates asynchronously by periodically checking for changes in either the HTTP response codes for the UDD (e.g. a changed [[HTTP11]] Etag header or using If-Modified-Since) and by processing the UDD itself. The timing of periodic checks is an implementation detail left to the discretion of the implementer (e.g. once a day or once a week).

A push mechanism could be applied as well that pushes a UDD to the user agent as soon as an update is available.

In the case of update-checking strategy 2, updating from local media, this specification works in conjunction with the Widget Packaging and Configuration specification [[!WIDGETS]] to define the rules for how to verify and install a potential update.

Value types

The space characters, valid URI, and valid version-tag are defined in the Widget Packaging and Configuration specification [[!WIDGETS]].

The update-description Element

The update-description element points, via the href attribute, to an update description document.

The update-description element is in the http://www.w3.org/ns/widgets namespace as defined in [[!WIDGETS]].

Context in which this element MAY be used:
As a child of the widget element defined in the [[!WIDGETS]] specification.
Content model:
Empty.
Occurrences:
Zero or one.
Expected children:
none.
Localizable via xml:lang:
No.

Attributes

href
A URI attribute that points to the location of an update description document.

Usage example

This example shows the expected usage of the update-description element. 

  <widget xmlns = "http://www.w3.org/ns/widgets" 
          id    = "http://example.com/my-widget" version="1.0">

    <update-description href="http//example.com/update?widget=my-widget&amp;version=1.0"/>

  </widget>

Processing update-description elements in the Configuration Document

A user agent MUST add the following to the Table of Configuration Defaults [[!WIDGETS]] as part of Step 7.

Table of Configuration Defaults (addendum)
Variable Type Default Value Overridden in Description
update href URI null Processing update-description elements in the Configuration Document The URI for where an update description can be downloaded, corresponding to the update-description element's href attribute.

If this is not the first update-description element, then the user agent MUST ignore this element and its descendants.

If this is the first update-description element and the href attribute is used, and it is a valid uri, then let update href be the value of the href attribute.

Update Description Document (UDD)

An update description document (UDD) is an [[!XML10]] document that has a update-info element at its root.

The purpose of the UDD is to provide the details about a potential update, including a pointer to HTTP resource that will act as the potential update.

Namespace

All elements defined to be used in a UDD are in the the http://www.w3.org/ns/widgets namespace as defined in [[!WIDGETS]].

Example Update Description Document

Below is an example of a typical UDD. In order for a user agent to retrieve and process a UDD, an author must initially declare a valid URI for the update-description element in the installed widget's configuration document (e.g. <update-description src="https://example.com/myWidget/updates"/>). 

          <update-info xmlns="http://www.w3.org/ns/widgets"
                       src="http://evil-fruit-company.com/sins/unoriginal-patent.wgt"
                       version="1.1">
            <details>
              This update tries to make 2010 a little bit more like "1984".
            </details>
          </update-info>

Media Type

Update Description Documents are identified by the application/xml media type.

The update-info Element

The update-info element is intended to provide metadata about the potential update. In addition, it serves as a container for the other elements; as such, it must be used.

Context in which this element MAY be used:
The root element of an UDD document.
Content model:
Zero or more details elements.
Occurrences:
One.
Expected children:
details.
Localizable via xml:lang:
No.

Attributes

version
A valid version tag that denotes the version number of the potential update.
src
A valid URI that references a potential update. Over the wire, the potential update MUST be labeled with a correct widget media type (i.e. application/widget).

The details Element

The details element represents a human-readable description of what differentiates this potential update from other versions.

Context in which this element can be used:
Inside a update-info element.
Content model:
Anything.
Occurrences:
Zero or more.
Expected children:
Anything.
Localizable via xml:lang:
Yes.

UDD Acquisition

A user agent MUST support the capability to acquire a UDD over [HTTP] and over [HTTPS].

Aquisition of a UDD

Response Codes

UDD Processing

@@ TBW @@

A user agent MUST assume the following defaults prior to processing a UDD:

Update Defaults
Variable Type Default value Description
update-source URI null  
version-tag DOMString null  
details DOMString null  

Processing model

The term in error, typically used of an element or attribute, means that the element, attribute, or other construct does not conform to the rules of this specification. Rules for exactly how a user agent needs to treat the erronous construct are always given when the term is used. Typically this will involve ignoring the erroneous nodes, meaning the UA must, for the purposes of processing, act as if those nodes were absent from the UDD.

The following processing model is written with more concern for clarity over efficiency. As such, a user agent can optimize the processing model so long as the end result is indistinguishable from the result that would be obtained by the following the specification.

  1. Let doc be the result of parsing the acquired UDD as a [[!DOM-LEVEL-3-CORE]] Document using a [[!XML-NAMES]]-aware parser. If the document is not well-formed [[!XML10]], then threat this as an invalid UDD.

  2. Let root element be the documentElement of doc.
  3. If the root element is not a update-info element in the widget namespace, then treat this UDD as an invalid.
  4. If the root element is a update-info element:
    1. If the version attribute was used, and it is a valid version-tag, then let version-tag be the value of version.
    2. If no version attribute was used, or the value was in error, treat this as an invalid UDD.
    3. If the src attribute was used, and it is a valid URI, then let update-source be the value of src.
    4. If no src attribute was used, or the value was in error, treat this as an invalid UDD.
  5. For any child element of the root element:
    1. If the child element is a details element:
      1. If this is not the first details element, then the element is in error and MUST be ignored.
      2. TBW: Need to extract the text content ignoring any invalid nodes not defined in this document. However, need to align this with the i18n model so that <bdo> is allowed (or whatever solution we end up using).
    2. Otherwise it MUST be ignored.

Dealing with invalid Update Description Documents

 

Potential update verification and installation process

@@ TBW @@

Security concerns

It is conceivable that an UDD could be subject to a man-in-the-middle-attack, as with any unencrypted requests performed over [[HTTP11]]. For this reason, it is RECOMMENDED that, for widgets that have not been digitally signed, updates are always performed over [[HTTP-TLS]].

Another means of protection is for authors to always digitally sign their widget resources. During an update, the user agent will then validate the signature before installation, ensuring that a widget resource's identity and integrity was maintained over the network.

Acknowledgements

The editors would like to think the following contributors (in no particular order): Raine Hillebrand.