5 <meta name="generator" content="pandoc">
6 <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes">
7 <meta name="author" content="José Bollo">
8 <title>Overview of AFB-DAEMON</title>
9 <style type="text/css">code{white-space: pre;}</style>
10 <link rel="stylesheet" href="doc.css">
12 <script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
17 <h1 class="title">Overview of AFB-DAEMON</h1>
18 <h2 class="author">José Bollo</h2>
19 <h3 class="date">24 juin 2016</h3>
23 <li><a href="#overview-of-afb-daemon">Overview of AFB-DAEMON</a><ul>
24 <li><a href="#roles-of-afb-daemon">Roles of afb-daemon</a></li>
25 <li><a href="#use-cases-of-the-binder-afb-daemon">Use cases of the binder afb-daemon</a><ul>
26 <li><a href="#remotely-running-application">Remotely running application</a></li>
27 <li><a href="#adding-native-features-to-html5qml-applications">Adding native features to HTML5/QML applications</a></li>
28 <li><a href="#offering-services-to-the-system">Offering services to the system</a></li>
30 <li><a href="#the-bindings-of-the-binder-afb-daemon">The bindings of the binder afb-daemon</a></li>
31 <li><a href="#launching-the-binder-afb-daemon">Launching the binder afb-daemon</a></li>
32 <li><a href="#future-development-of-afb-daemon">Future development of afb-daemon</a></li>
36 <h1 id="overview-of-afb-daemon">Overview of AFB-DAEMON</h1>
37 <h2 id="roles-of-afb-daemon">Roles of afb-daemon</h2>
38 <p>The name <strong>afb-daemon</strong> stands for <em>Application Framework Binder Daemon</em>. That is why afb-daemon is also named <strong><em>the binder</em></strong>.</p>
39 <p><strong>Afb-daemon</strong> is in charge to bind one instance of an application to the AGL framework and AGL system.</p>
40 <p>On the following figure, you can use a typical use of afb-daemon:</p>
41 <a id="binder-fig-basis">
43 Figure: binder afb-daemon, basis
46 <pre><code>. . . . . . . . . . . . . . . . . . . . . . . . . .
47 . Isolated security context .
49 . +------------------------------+ .
51 . | A P P L I C A T I O N | .
53 . +--------------+---------------+ .
56 . +-------------------+----------------------+ .
59 . | A F B - D A E M O N : BINDINGS | .
61 . +-------------------+----------------------+ .
63 . . . . . . . . . . . . | . . . . . . . . . . . . .
66 AGL SYSTEM</code></pre>
67 <p>The application and its companion binder run in secured and isolated environment set for them. Applications are intended to access to AGL system through the binder.</p>
68 <p>The binder afb-daemon serves multiple purposes:</p>
70 <li><p>It acts as a gateway for the application to access the system;</p></li>
71 <li><p>It acts as an HTTP server for serving files to HTML5 applications;</p></li>
72 <li><p>It allows HTML5 applications to have native extensions subject to security enforcement for accessing hardware ressources or for speeding parts of algorithm.</p></li>
74 <h2 id="use-cases-of-the-binder-afb-daemon">Use cases of the binder afb-daemon</h2>
75 <p>This section tries to give a better understanding of the binder usage through several use cases.</p>
76 <h3 id="remotely-running-application">Remotely running application</h3>
77 <p>One of the most interresting aspect of using the binder afb-daemon is the ability to run applications remotely. This feature is possible because the binder afb-daemon implements native web protocols.</p>
78 <p>So the <a href="#binder-fig-1">figure binder, basis</a> would become when the application is run remotely:</p>
79 <a id="binder-fig-remote">
81 Figure: binder afb-daemon and remotely running application
84 <pre><code> +------------------------------+
86 | A P P L I C A T I O N |
88 +--------------+---------------+
94 . . . . . . . . . . . . . . | . . . . . . . . . . . . . .
95 . Isolated security | .
98 . . . . . . . . . . . . . . . . . . . . . . . . . .
100 . . F I R E W A L L . .
102 . . . . . . . . . . . . . . . . . . . . . . . . . .
104 . +-------------------+----------------------+ .
106 . | A F B - D A E M O N : BINDINGS | .
108 . +-------------------+----------------------+ .
110 . . . . . . . . . . . . . . | . . . . . . . . . . . . . .
113 AGL SYSTEM</code></pre>
114 <h3 id="adding-native-features-to-html5qml-applications">Adding native features to HTML5/QML applications</h3>
115 <p>Applications can provide with their packaged delivery a binding. That binding will be instanciated for each application instance. The methods of the binding will be accessible by applications and will be excuted within the security context.</p>
116 <h3 id="offering-services-to-the-system">Offering services to the system</h3>
117 <p>It is possible to run the binder afb-daemon as a daemon that provides the API of its bindings.</p>
118 <p>This will be used for:</p>
120 <li><p>offering common APIs</p></li>
121 <li><p>provide application's services (services provided as application)</p></li>
123 <p>In that case, the figure showing the whole aspects is</p>
124 <a id="binder-fig-remote">
126 Figure: binder afb-daemon for services
129 <pre><code>. . . . . . . . . . . . . . . . . . . . . .
130 . Isolated security context application .
132 . +------------------------------+ .
134 . | A P P L I C A T I O N | .
136 . +--------------+---------------+ . . . . . . . . . . . . . . . . . . . . . . .
137 . | . . Isolated security context A .
139 . +-----------------+------------------+ . . +------------------------------------+ .
141 . | b i n d e r : | . . | b i n d e r : service | .
142 . | A F B - D A E M O N : BINDINGS | . . | A F B - D A E M O N : BINDINGS | .
143 . | : | . . | : A | .
144 . +-----------------+------------------+ . . +-----------------+------------------+ .
146 . . . . . . . . . . | . . . . . . . . . . . . . . . . . . . . . | . . . . . . . . . . .
149 ================================================================================
150 D - B U S & C Y N A R A
151 ================================================================================
154 . . . . . . . . . . | . . . . . . . . . . . . . . . . . . . . . | . . . . . . . . . . .
156 . +-----------------+------------------+ . . +-----------------+------------------+ .
158 . | b i n d e r : service | . . | b i n d e r : service | .
159 . | A F B - D A E M O N : BINDINGS | . . | A F B - D A E M O N : BINDINGS | .
160 . | : B | . . | : C | .
161 . +------------------------------------+ . . +------------------------------------+ .
163 . Isolated security context B . . Isolated security context C .
164 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .</code></pre>
165 <p>For this case, the binder afb-daemon takes care to attribute one single session context to each client instance. It allows bindings to store and retrieve data associated to each of its client.</p>
166 <h2 id="the-bindings-of-the-binder-afb-daemon">The bindings of the binder afb-daemon</h2>
167 <p>The binder can instanciate bindings. The primary use of bindings is to add native methods that can be accessed by applications written with any language through web technologies ala JSON RPC.</p>
168 <p>This simple idea is declined to serves multiple purposes:</p>
170 <li><p>add native feature to applications</p></li>
171 <li><p>add common API available by any applications</p></li>
172 <li><p>provide customers services</p></li>
174 <p>A specific document explains how to write an afb-daemon binder binding: <a href="afb-binding-writing.html">HOWTO WRITE a BINDING for AFB-DAEMON</a></p>
175 <h2 id="launching-the-binder-afb-daemon">Launching the binder afb-daemon</h2>
176 <p>The launch options for binder <strong>afb-daemon</strong> are:</p>
179 Prints help with available options
183 Display version and copyright
187 Increases the verbosity, can be repeated
191 HTTP listening TCP port [default 1234]
195 HTTP Root Directory [default $AFBDIR or else $HOME/.AFB]
199 Angular Base Root URL [default /opa]
201 This is used for any application of kind OPA (one page application).
202 When set, any missing document whose url has the form /opa/zzz
203 is translated to /opa/#!zzz
207 HTML Root API URL [default /api]
209 The bindings are available within that url.
213 Maps a path located anywhere in the file system to the
214 a subdirectory. The syntax for mapping a PATH to the
215 subdirectory NAME is: --alias=/NAME:PATH.
217 Example: --alias=/icons:/usr/share/icons maps the
218 content of /usr/share/icons within the subpath /icons.
220 This option can be repeated.
224 binding API timeout in seconds [default 20]
226 Defines how many seconds maximum a method is allowed to run.
231 Client Session Timeout in seconds [default 3600]
235 Client cache end of live [default 100000 that is 27,7 hours]
239 Sessions file path [default rootdir/sessions]
243 Maximum count of simultaneous sessions [default 10]
247 Load bindings from given paths separated by colons
248 as for dir1:dir2:binding1.so:... [default = $libdir/afb]
250 You can mix path to directories and to bindings.
251 The sub-directories of the given directories are searched
254 The bindings are the files terminated by '.so' (the extension
255 so denotes shared object) that contain the public entry symbol.
259 Load the binding of given path.
263 Initial Secret token to authenticate.
265 If not set, no client can authenticate.
267 If set to the empty string, then any initial token is accepted.
271 Set the mode: either local, remote or global.
273 The mode indicate if the application is run locally on the host
274 or remotely through network.
278 Set the #fd to signal when ready
280 If set, the binder afb-daemon will write "READY=1\n" on the file
281 descriptor whose number if given (/proc/self/fd/xxx).
285 Transparent binding to a binder afb-daemon service through dbus.
287 It creates an API of name xxxx that is implemented remotely
288 and queried via DBUS.
292 Provides a binder afb-daemon service through dbus.
294 The name xxxx must be the name of an API defined by a binding.
295 This API is exported through DBUS.
299 Get all in foreground mode (default)
303 Get all in background mode</code></pre>
304 <h2 id="future-development-of-afb-daemon">Future development of afb-daemon</h2>
306 <li><p>The binder afb-daemon would launch the applications directly.</p></li>
307 <li><p>The current setting of mode (local/remote/global) might be reworked to a mechanism for querying configuration variables.</p></li>
308 <li><p>Implements "one-shot" initial token. It means that after its first authenticated use, the initial token is removed and no client can connect anymore.</p></li>
309 <li><p>Creates some intrinsic APIs.</p></li>
310 <li><p>Make the service connection using WebSocket not DBUS.</p></li>
311 <li><p>Management of targetted events.</p></li>
312 <li><p>Securisation of LOA.</p></li>
313 <li><p>Integration of the protocol JSON-RPC for the websockets.</p></li>