8 The name **afb-daemon** stands for *Application
9 Framework Binder Daemon*. That is why afb-daemon
10 is also named ***the binder***.
12 **Afb-daemon** is in charge to bind one instance of
13 an application to the AGL framework and AGL system.
15 On the following figure, you can use a typical use
18 <a id="binder-fig-basis"><h4>Figure: binder afb-daemon, basis</h4></a>
20 . . . . . . . . . . . . . . . . . . . . . . . . . .
21 . Isolated security context .
23 . +------------------------------+ .
25 . | A P P L I C A T I O N | .
27 . +--------------+---------------+ .
30 . +-------------------+----------------------+ .
33 . | A F B - D A E M O N : BINDINGS | .
35 . +-------------------+----------------------+ .
37 . . . . . . . . . . . . | . . . . . . . . . . . . .
42 The application and its companion binder run in secured and isolated
43 environment set for them. Applications are intended to access to AGL
44 system through the binder.
46 The binder afb-daemon serves multiple purposes:
48 1. It acts as a gateway for the application to access the system;
50 2. It acts as an HTTP server for serving files to HTML5 applications;
52 3. It allows HTML5 applications to have native extensions subject
53 to security enforcement for accessing hardware ressources or
54 for speeding parts of algorithm.
56 Use cases of the binder afb-daemon
57 ----------------------------------
59 This section tries to give a better understanding of the binder
60 usage through several use cases.
62 ### Remotely running application
64 One of the most interresting aspect of using the binder afb-daemon
65 is the ability to run applications remotely. This feature is
66 possible because the binder afb-daemon implements native web
69 So the [figure binder, basis](#binder-fig-1) would become
70 when the application is run remotely:
72 <a id="binder-fig-remote"><h4>Figure: binder afb-daemon and remotely running application</h4></a>
74 +------------------------------+
76 | A P P L I C A T I O N |
78 +--------------+---------------+
84 . . . . . . . . . . . . . . | . . . . . . . . . . . . . .
85 . Isolated security | .
88 . . . . . . . . . . . . . . . . . . . . . . . . . .
90 . . F I R E W A L L . .
92 . . . . . . . . . . . . . . . . . . . . . . . . . .
94 . +-------------------+----------------------+ .
96 . | A F B - D A E M O N : BINDINGS | .
98 . +-------------------+----------------------+ .
100 . . . . . . . . . . . . . . | . . . . . . . . . . . . . .
105 ### Adding native features to HTML5/QML applications
107 Applications can provide with their packaged delivery a binding.
108 That binding will be instanciated for each application instance.
109 The methods of the binding will be accessible by applications and
110 will be excuted within the security context.
112 ### Offering services to the system
114 It is possible to run the binder afb-daemon as a daemon that provides the
117 This will be used for:
119 1. offering common APIs
121 2. provide application's services (services provided as application)
123 In that case, the figure showing the whole aspects is
125 <a id="binder-fig-remote"><h4>Figure: binder afb-daemon for services</h4></a>
127 . . . . . . . . . . . . . . . . . . . . . .
128 . Isolated security context application .
130 . +------------------------------+ .
132 . | A P P L I C A T I O N | .
134 . +--------------+---------------+ . . . . . . . . . . . . . . . . . . . . . . .
135 . | . . Isolated security context A .
137 . +-----------------+------------------+ . . +------------------------------------+ .
139 . | b i n d e r : | . . | b i n d e r : service | .
140 . | A F B - D A E M O N : BINDINGS | . . | A F B - D A E M O N : BINDINGS | .
141 . | : | . . | : A | .
142 . +-----------------+------------------+ . . +-----------------+------------------+ .
144 . . . . . . . . . . | . . . . . . . . . . . . . . . . . . . . . | . . . . . . . . . . .
147 ================================================================================
148 D - B U S & C Y N A R A
149 ================================================================================
152 . . . . . . . . . . | . . . . . . . . . . . . . . . . . . . . . | . . . . . . . . . . .
154 . +-----------------+------------------+ . . +-----------------+------------------+ .
156 . | b i n d e r : service | . . | b i n d e r : service | .
157 . | A F B - D A E M O N : BINDINGS | . . | A F B - D A E M O N : BINDINGS | .
158 . | : B | . . | : C | .
159 . +------------------------------------+ . . +------------------------------------+ .
161 . Isolated security context B . . Isolated security context C .
162 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
165 For this case, the binder afb-daemon takes care to attribute one single session
166 context to each client instance. It allows bindings to store and retrieve data
167 associated to each of its client.
169 The bindings of the binder afb-daemon
170 ------------------------------------
172 The binder can instanciate bindings. The primary use of bindings
173 is to add native methods that can be accessed by applications
174 written with any language through web technologies ala JSON RPC.
176 This simple idea is declined to serves multiple purposes:
178 1. add native feature to applications
180 2. add common API available by any applications
182 3. provide customers services
184 A specific document explains how to write an afb-daemon binder binding:
185 [HOWTO WRITE a BINDING for AFB-DAEMON](afb-binding-writing.html)
188 Launching the binder afb-daemon
189 -------------------------------
191 The launch options for binder **afb-daemon** are:
195 Prints help with available options
199 Display version and copyright
203 Increases the verbosity, can be repeated
207 HTTP listening TCP port [default 1234]
211 HTTP Root Directory [default $AFBDIR or else $HOME/.AFB]
215 Angular Base Root URL [default /opa]
217 This is used for any application of kind OPA (one page application).
218 When set, any missing document whose url has the form /opa/zzz
219 is translated to /opa/#!zzz
223 HTML Root API URL [default /api]
225 The bindings are available within that url.
229 Maps a path located anywhere in the file system to the
230 a subdirectory. The syntax for mapping a PATH to the
231 subdirectory NAME is: --alias=/NAME:PATH.
233 Example: --alias=/icons:/usr/share/icons maps the
234 content of /usr/share/icons within the subpath /icons.
236 This option can be repeated.
240 binding API timeout in seconds [default 20]
242 Defines how many seconds maximum a method is allowed to run.
247 Client Session Timeout in seconds [default 3600]
251 Client cache end of live [default 100000 that is 27,7 hours]
255 Sessions file path [default rootdir/sessions]
259 Maximum count of simultaneous sessions [default 10]
263 Load bindings from given paths separated by colons
264 as for dir1:dir2:binding1.so:... [default = $libdir/afb]
266 You can mix path to directories and to bindings.
267 The sub-directories of the given directories are searched
270 The bindings are the files terminated by '.so' (the extension
271 so denotes shared object) that contain the public entry symbol.
275 Load the binding of given path.
279 Initial Secret token to authenticate.
281 If not set, no client can authenticate.
283 If set to the empty string, then any initial token is accepted.
287 Set the mode: either local, remote or global.
289 The mode indicate if the application is run locally on the host
290 or remotely through network.
294 Set the #fd to signal when ready
296 If set, the binder afb-daemon will write "READY=1\n" on the file
297 descriptor whose number if given (/proc/self/fd/xxx).
301 Transparent binding to a binder afb-daemon service through dbus.
303 It creates an API of name xxxx that is implemented remotely
304 and queried via DBUS.
308 Provides a binder afb-daemon service through dbus.
310 The name xxxx must be the name of an API defined by a binding.
311 This API is exported through DBUS.
315 Get all in foreground mode (default)
319 Get all in background mode
322 Future development of afb-daemon
323 --------------------------------
325 - The binder afb-daemon would launch the applications directly.
327 - The current setting of mode (local/remote/global) might be reworked to a
328 mechanism for querying configuration variables.
330 - Implements "one-shot" initial token. It means that after its first
331 authenticated use, the initial token is removed and no client can connect
334 - Creates some intrinsic APIs.
336 - Make the service connection using WebSocket not DBUS.
338 - Management of targetted events.
340 - Securisation of LOA.
342 - Integration of the protocol JSON-RPC for the websockets.