The BONDI API Design Patterns - Version 1.1

9 February 2010

2. WebIDL patterns

2.1. Error Handling

Motivation and problem statement

WebIDL allows methods, getters and setters to raise not only exceptions, but also objects that expose given interfaces. WebIDL exceptions cannot be inherited and therefore no hierarchy of exceptions can be built. However, within BONDI each module is able to define its own error interface. Thus, to support hierarchy of errors within BONDI, we are going to use only error interfaces for which a specific inheritance hierarchy has been built.

Solution

The following rules apply to WebIDL parts of .widl files for the error-related conventions:

• Exceptions MUST NOT be defined within BONDI WebIDL.
• All the error interfaces within BONDI WebIDL MUST inherit (directly or indirectly) from BONDI generic error interface, GenericError, whereas GenericError directly inherits from ECMAScript's Error.
• Only objects instantiating interfaces that inherit from GenericError MAY be raised by BONDI methods and attributes' getters and setters.
• Error objects MUST be uniquely identifiable by error object's prototype, constructor as well as the error codes that are attribute of the GenericError object.
• Security-related error interfaces MUST inherit from SecurityError, whereas SecurityError MUST directly inherit from GenericError.
• Error code constants MUST have the following syntax:
  • They MUST be defined in uppercase.
  • Words with the error constant definition MUST be separated by "_" (underscore) character.
  • The constant name MUST be postfixed with "_ERROR".
  • Common error codes MUST be grouped in DeviceAPIError interface that MUST directly inherit from GenericError.
  • Module specific error constants MUST start with the value of 0 (zero).
  • Common error codes MUST be in the range of 10000-19999.
  • Security-related error codes MUST be in the range of 20000-29999.
  • The specification of the error code in the doxygen-like format MUST follow the format specified in format for WebIDL method.

WebIDL definition

interface Error {

        readonly attribute DOMString name;

        readonly attribute DOMString message;
};

interface GenericError : Error {

        readonly attribute unsigned short code;
};
        
interface DeviceAPIError : GenericError {

        const unsigned short UNKNOWN_ERROR           = 10000;

        const unsigned short INVALID_ARGUMENT_ERROR  = 10001;

        const unsigned short NOT_FOUND_ERROR         = 10002;

        const unsigned short PENDING_OPERATION_ERROR = 10003;

        const unsigned short IO_ERROR                = 10004;

        const unsigned short NOT_SUPPORTED_ERROR     = 10005;
};

interface SecurityError : GenericError {
        const unsigned short PERMISSION_DENIED_ERROR = 20000;
};

2.2. Asynchronicity

Motivation and problem statement

ECMAScript methods can be either synchronous or asynchronous. Methods using the synchronous mode of operation do not return control to the caller until the operation is complete. Asynchronous methods return immediately and notify the caller at some point in the future of the results via callback method(s). The callback methods are specified as parameters to the asynchronous method. The following rules describe how to specify asynchronous methods in BONDI WebIDL.

Solution

The following rules specify the signature and the way of operation of the asynchronous method call.

• Each asynchronous method MUST have at least two parameters, as follows:
  • the first parameter MUST be a Function object instantiating or inheriting from SuccessCallback interface,
  • the second parameter MUST be a Function object instantiating or inheriting from ErrorCallback interface.
• The asynchronous methods MUST NOT raise errors. For asynchronous methods the errors are provided by means of the ErrorCallback.
• Each asynchronous method MUST return PendingOperation object or null. When null is returned, it means that one of the callback functions was executed prior to the accomplishment of the asynchronous method.
• The PendingOperation interface MUST enable cancellation of the asynchronous method call by means of the "cancel" method of this interface. The "cancel" method has the following characteristics:
  • it is synchronous
  • it is always successful, i.e. the asynchronous operation is either cancelled or immediately accomplished,
  • it returns a boolean value with the following meaning:
    • true - if one of the callback functions (instantiating or inheriting from SuccessCallback or ErrorCallback) has been called during the call to this method
    • false - otherwise, i.e. the pending operation was just cancelled, without being accomplished either successfully or erroneously, and none of the callbacks were called.

WebIDL definition

[Callback] interface SuccessCallback {

        void onSuccess(in Object ob);

};

[Callback] interface ErrorCallback {

        void onError(in Error error);

};

interface PendingOperation {

        boolean cancel();

};

2.2.1. How to combine APIs with architecture and security principles?

Motivation and problem statement

The design of BONDI APIs MUST satisfy the principles resulting from the BONDI Architecture & Security.

Solution

The BONDI Architecture & Security rules are specifically defining:

• that some specific methods guarded by the security policy MUST be asynchronous (to expect "prompt-oneshot" policy effect). Some security queries rely solely on device capabilities and API features, they do not depend on any device capability parameters. Those security queries MAY be issued once and be cached (A&S 5.6).
• that attributes MUST not be guarded by the security policy (since this could result in modal prompt dialogs). This is already assumed in the below documentation pattern: only methods MAY be have \api-feature keyword specified.

2.3. Namespaces and interface structure

Motivation and problem statement

BONDI APIs comprise a set of interfaces grouped into modules. It shall be clearly stated where an object that instantiates an interface is placed in the object hierarchy, i.e. property of which object it becomes.

Solution

The grouping of interfaces into modules is purely for organizational purposes. The "module" keyword does not have any semantics related to the execution of the API. The WebIDL's "implements" keyword is used to specify as property of what object the given interface is instantiated. The statement

	Window implements bondiObject;

specifies that bondi interface is instantiated as the property of the Window object of the browsing context's active document.

module bondi {
	interface bondi {
		...
        PendingOperation requestFeature (in RequestFeatureSuccessCallback successCallback,
                in ErrorCallback errorCallback,
                in DOMString name)
            raises (DeviceAPIError, SecurityError);
		...
	};

	interface bondiObject {
		readonly attribute bondi bondi; 
	};

	Window implements bondiObject;
};


module calendar {
	interface CalendarManager {
	...
	...
	};
	
	interface Calendar {
	...
	...
	};

	interface CalendarManagerObject {
		readonly attribute CalendarManager calendarManager;
	};
	bondi implements CalendarManagerObject;

};

2.4. Data records, supported property keys and filters

Motivation and problem statement

BONDI APIs operate on data collections that MAY potentially be large. Very often there arises a need to filter the collection's data records and search for records with specific values of the properties. BONDI modules and interfaces shall provide a unified way of expressing the filter syntax used in search operations. In ECMAScript the properties of objects MAY be added dynamically. Whereas it is a very useful extensibility mechanism, it MAY be difficult to handle for objects that are to be persistently stored. This is because some platforms MAY be able to store only predefined properties and their values. On the other hand, the interoperability reasons require that the minimum set of properties is specified. This results in the following categorization of properties:

• interoperable data-carrying properties,
• platform-specific data-carrying properties,
• application-specific data-carrying properties,
• administrative properties.

Solution

The properties regarded as storable information-carriers MUST be grouped into interfaces whose name is postfixed with "Properties" string. For example, in case of a contact record we MAY start with the following basic interfaces:

    interface Address {
        attribute DOMString country;
        attribute DOMString postalCode;
    };

    interface Contact {
        readonly attribute DOMString id;
        attribute DOMString name;
        attribute DOMString email;
        attribute Address address;
	};

We note that the properties name, email and address carry useful contact information, whereas the administrative property id results from need to store the contact information and it is readonly, since it is to be assigned by the implementation. When searching for the contact in the contacts' collection, we assume that the filter would be based on the primitive properties name and email as well as on the properties of the Address interface that would refer to the address property. The result of the above considerations are:

• the ContactProperties interface that groups the contact information-carrying properties,
• the Contact interface that inherits from the ContactProperties interface.

    interface ContactProperties {
        attribute DOMString name;
        attribute DOMString email;
        attribute Address address;
	};
    interface Contact : ContactProperties {
        readonly attribute DOMString id;
	};

The interoperable data-carrying properties, i.e. those specified on the XXXProperties interfaces, MUST be available and storable in all implementations. Additionally to them, the underlying implementation MAY provide platform-specific data-carrying properties. E.g. in case of the ContactProperties interface this could be the phoneNumber property. Such a property MUST be set to null when the ContactProperties interface is instantiated. Furthermore, the script MAY try to add new properties; those are called here application-specific data-carrying properties. E.g. the following code:

    contact.name = "Marcin Hanclik";
    contact.email = "marcin.hanclik@access-company.com";
    contact.web-colorofeyes = "blue";

tries to add the property colorofeyes to the contact object. Such a property MAY always be added to the object (design of ECMAScript language), but it is BONDI implementation specific whether this property will persist when storing the contact object. The XXX (to distinguish from XXXProperties) interfaces are to be used when creating filter objects. The usage of only those properties in the filter objects SHALL guarantee the interoperability of the filter object. The implementations MUST ignore properties requested in the filter objects that are not actually present in the matching objects. The names of the application-specific and platform-specific data-carrying properties MUST be prefixed in a way that will enable adding of the new properties in the BONDI API without any conflicts. See below example about "x-colorofeyes" property.

Type of property	Example	Is storable?	Is interoperable (works on all platforms)?
interoperable data-carrying	ContactProperties.email	yes	yes
platform-specific data-carrying	contact.phone	yes	no (no guarantee for interoperability, although it could happen)
application-specific data-carrying	contact.web-colorofeyes	user-agent dependent	n/a
administrative	Contact.id	yes (but it is irrelevant, since the administrative properties are readonly and cannot be set by the widget/application)	yes

The following is the rule for creating the filter object:

• the filter object is a JSON representation of the XXX (e.g. Contact) object with the following exceptions, additions and refinements:
  • for properties of DOMString type the value of the property MAY contain U+0025 'PERCENT SIGN' wildcard character to match the values similarly to the usage of the PERCENT SIGN character in SQL. It is implementation dependent whether other pattern syntax is supported. The processing of the queried value is similar to the processing of the "LIKE" condition in SQL.
  • for properties of any WebIDL number type, i.e. boolean, octet, short, unsigned short, long, unsigned long, long long, unsigned long long, float, double as well as of the ECMAScript Date type the value MAY be queried in two ways:
    1. as a single value that SHALL exactly match
    2. as a range represented as two-element array in JSON notation that SHALL match the values greater than or equal to the first value and less than or equal the second value. This is similar to the "BETWEEN" condition in SQL.
• the filter interfaces used in the API signatures MUST:
  • inherit from GenericFilter interface specified in bondi module:

    module bondi {
    	interface GenericFilter {
    
    	};
    };
    

  • their documentation must state based on which XXX interface, the XXXFilter interface is to be created (e.g. ContactFilter objects MAY be created based on Contact interface). The XXXFilter interface MAY be based on XXX interface specified in another BONDI module.
• the result-set of the filter operation MUST contain the objects that match the filter object according the following principles:
  • if the property is not listed in the filter object, then all values of this property in all records match and all those records are candidates for result-set,
  • the SQL "AND" operator is assumed between all conditions,
  • the SQL "OR" operator is not available in the model defined in this section (assuming that "LIKE" and "BETWEEN" are not regarded as "OR"-derivatives). To realize it, several filter queries SHOULD be issued.
  • if the filter object is null, then all records match and MUST be returned (it is equivalent to the "SELECT * FROM XXX" in SQL),
  • the order of the records in the result-set is implementation specific.

Examples

3. Architectural patterns

3.1. Versioning

Motivation and problem statement

It is assumed that the BONDI interfaces will evolve over time. The interfaces defined within a given BONDI Release MAY be modified in future releases of the BONDI specifications. They MAY add new methods or attributes, they MAY remove them or modify the way they operate. Therefore a versioning model is defined that will enable widgets to be installable and to function properly on WUAs that are equipped with the appropriate implementation of the APIs.

Solution

The BONDI API versioning is based on the IRI of the API features. If the functionality behind an existing feature is changed, a new IRI for that extended feature MUST be assigned. If the functionality behind an existing feature-set is changed (e.g. the API owner wants to incorporate new feature into a feature-set), a new IRI for that extended feature-set MUST be assigned. Between BONDI Releases vendors MAY add experimental APIs under the already provided IRI, but MUST take special care in order not to compromise the security provided by the API design in the official BONDI Release. It is out of the scope of this specification to specify how those additional APIs are discoverable.

3.2. API coverage by features

Motivation and problem statement

From the security perspective all APIs (methods, attributes and constants) expressed in BONDI WebIDL are to some extent related to the user's privacy. Some APIs MAY not be accessible due to security restrictions, other APIs MAY be not available on the given platform or exposed by a given User Agent. When requesting access to some APIs by means of a feature within the configuration document or programmatically, the list of methods, attributes, and constants to which access is requested and later granted, shall be made clear.

Solution

Every method, attribute and constant MUST belong to at least one feature.

3.3. Feature-sets

Motivation and problem statement

Rich Web Applications need to use many BONDI APIs. Thus, to satisfy the BONDI security model, many features MUST be declared within the configuration document or MUST be requested programmatically. This need MAY result in unnecessary performance impact on the application or excessive burden for the developer of the configuration document.

Solution

Features are grouped into feature-sets. Feature-set comprises one or more features from a single module. Each module MUST have at least one feature-set declared. The feature-set MAY comprise all the features declared within a module.

4. Documentation patterns

4.1. General format

Motivation and problem statement

Each BONDI 1.0 module is specified by widl files. WebIDL does not have a mechanism for inclusion of the comments.

Solution

The format for widl file combines doxygen-like syntax with WebIDL syntax. Each WebIDL statement in widl file MUST be prefixed with the comments in doxygen format as follows.

        /**
         * \brief Messaging specific error callback.
         *
         * This callback error interface is specific to this messaging API. It
         * specifies a error callback with a function taking an MessagingError object
         * input argument.
         */
        [Callback] interface MessagingErrorCallback {
                void onError(in MessagingError error);
        };

The documentation syntax MUST begin with the line that includes only "/**" and white-space characters (space, tab or new line). Each of the subsequent documentation lines MUST begin with "*" and the final documentation line MUST consist of only "*/" and white-space characters. Each line of the documentation MAY include up to one keyword, i.e. a token prefixed with the backslash ("\") character. The following keywords are available for BONDI widl documentation:

• brief - provides a short comment about the functionality
• n - specifies new line in the resulting HTML documentation of the widl
• code - introduces the sample code snippet
• endcode - ends the sample code snippet
• def-api-feature - defines the API feature used in the security model
• device-cap - refers to the device capability that is associated with API feature defined by def-api-feature
• def-device-cap - defines the device capability
• param - specifies the parameter of the device capability or the parameter of the WebIDL method
• author - provides name and email address of the module author's
• throw - specifies the error object that MAY be thrown by a method, a getter or a setter
• return - specifies the type of value that is returned by a method

The detailed description of the syntax follows in the next sections of this document.

4.2. Common types, errors and interfaces

Motivation and problem statement

BONDI APIs share a few type definitions, errors and interfaces. For consistency reasons the common types, errors and interfaces MUST be specified in one file.

Solution

The file bondi.widl MUST include all the common BONDI type, error and interface definitions. Those definitions include:

• Type definitions
  • StringArray
  • ByteArray
  • ShortArray
  • LongArray
  • FloatArray
• Callback functions
  • SuccessCallback
  • ErrorCallback
• Error interface definitions
  • GenericError inheriting from ECMAScript's Error
  • DeviceAPIError inheriting from GenericError
• Error constants
  • UNKNOWN_ERROR
  • INVALID_ARGUMENT_ERROR for invalid parameter specification
  • NOT_FOUND_ERROR for failing search operation
  • PENDING_OPERATION_ERROR for notification about a pending operation
  • IO_ERROR for input/output error
  • NOT_SUPPORTED_ERROR for unsupported feature

The PendingOperation interface MUST also be specified in bondi.widl.

4.3. Documentation syntax

Motivation and problem statement

The following WebIDL statements are used in widls:

• module for module definition
• interface for interface definition
• typedef for type definition
• attribute for attribute definition
• const for constant definition
• implements for interface hierarchy definition

Solution

The following subsections provide the detailed information about syntaxes used for each of the relevant WebIDL definitions.

4.3.1. Documentation format for WebIDL module

The comment for a module definition SHOULD include the following doxygen-like keywords:

• brief - Brief description of the module functionality
• Module description in free text
• def-feature-set - A description of the feature-set declared in the module
• api-feature - A description of features belonging to the feature-set above
• def-api-feature - A description of all the API features used by the module
• def-device-cap - A description of all the Device Capabilities used by the module
• author - Module authors
• version - Module version

    /**
     * \brief 
     *
     * 'module description'
     *
     * \def-api-feature 'API Feature Identifier'
     * \brief 'API Feature brief description'
     *
     * \def-feature-set 'Feature-Set Identifier'
     * \api-feature 'Identifier of the API feature belonging to the feature-set above'
     * \api-feature 'Identifier of the API feature belonging to the feature-set above'
     *
     * 'API Feature detailed description (optional, blank line above not needed if absent)'
     * \device-cap 'Identifier of related Device Capability'
     * 'optional brief description of circumstance in which that device cap is used'
     *
     * ...
     * \def-device-cap 'Device Capability Identifier'
     * \brief 'Device capability brief description'
     *
     * 'Device Capability detailed description (optional, blank line above not needed if absent)'
     * \param 'security parameter name' 'brief description'
     * ...
     *
     * \author 'Name' 'e-mail'
     * \version 'API version'
     *
     */
     module foo {
      ...
      aaa implements bbb; 
     };

4.3.2. Documentation format for WebIDL interface

The comment for a interface definition SHOULD include the following doxygen-like keywords:

• brief - Brief description of the interface functionality
• Module description in free text
• code and endcode - A sample code to present the usage of the interface
• def-instantiated - specifies which following feature instantiate the interface object
• api-feature - specifies the features that instantiate the interface object

    /**
     * \brief 'Brief interface description'
     *
     * 'Detailed description of the interface'
     *
     * \code
     * 'Code Example'
     * \endcode
     */
    interface fooInterface {
    ...
    };

For instance, in the case of the FileSystemManager Interface

    /**
     * \brief FileSystemManager API.
     *
     * This file system API provides basic filesystem access.
     *
     * \def-instantiated
     * \api-feature 'Identifier of the API feature that instantiates the interface object'
     * \api-feature 'Identifier of the API feature that instantiates the interface object'
     *
     * \code
     *    var dir = bondi.filesystem.mount(fs.getDefaultLocation("app:public"));
     *    var files = dir.listFiles();
     *    for(var i = 0; i < files.length; i++) {
     *      alert(files[i].name); // displays name of each file in directory
     *    }
     *    var file = dir.createFile("test.txt");
     *    var out  = file.open("w", "UTF-8");
     *    // writes Hello World to test.txt
     *    out.write("Hello World");
     *    out.close();
     * \endcode
     */
    interface FileSystemManager {

4.3.3. Documentation format for WebIDL attribute

The comment for a read-only attribute definition SHOULD include the following doxygen-like keywords:

• brief - Brief description of the attribute
• More detailed description of the attribute, including that the attribute is read-only and also related requirements
• api-feature - The IRI of the feature this attribute belongs to and a brief description
• code and endcode - A sample code to present the usage of the attribute

Additionally, read-write attributes MUST include a description of the possible errors and the conditions in which they are raised when setting or getting the value of the attribute based on the setraises or getraises WebIDL keywords.

• throw - Specification of errors that MAY be thrown and the circumstances under which they are raised.

 /**
  * \brief 'brief attribute description'
  *
  * 'detailed attribute description'. 
  * This attribute is read-only
  *
  * \api-feature 'API Feature ID' 'optional brief description'
  *
  * \code
  *   'example code'
  * \endcode  
  */
  readonly attribute 'type' 'name'

 /**
  * \brief Contains the implementation dependent maximum path length.
  *
  * This attribute is read-only.
  *
  * \code
  *    alert(bondi.filesystem.maxPathLength);
  * \endcode
  */
  readonly attribute long maxPathLength;

 /**
  * \brief 'brief attribute description'
  *
  * 'detailed attribute description'. 
  * This attribute is read-only
  *
  * \code
  *   'example code'
  * \endcode  
  * \throw 'error object and code to be thrown' 'conditions in which is thrown'
  */
  attribute 'type' 'name'
       setraises('errorobject');

  /**
    * \brief Get/set current position in this stream.
    *
    * The position of this stream is an offset of bytes from the start
    * of the file stream.  When invoking an operation that reads or writes
    * from the stream, the operation will take place from the position
    * in the position attribute.
    *
    * \code
    *   alert(stream.position); // displays current stream position
    *   // alters current stream position to the begin of the file,
    *   // like seek() in C
    *   stream.position = 0;
    * \endcode
    * \throw FileSystemError IO_ERROR if invalid position was given.
    */
    attribute long position
              setraises(FileSystemError);

4.3.4. Documentation format for WebIDL method

The comment for a method definition SHOULD include the following doxygen-like keywords:

• brief - Brief description of the method
• More detailed description of related requirements
• api-feature - The IRI of the feature this method belongs to and a brief description
• code and endcode - A sample code to present the usage of the method
• param - Specification of every input argument
• return - Specification of the return value
• throw - Specification of errors that MAY be thrown and the circumstances under which they are raised

 /**
   * \brief 'Method's brief description'
   *
   * 'Method's long description'
   *
   * \api-feature 'API Feature ID' 'optional brief description'
   *
   * \code
   * 'example code'   
   * \endcode
   *
   * \param 'name' - 'description'
   * \return 'description of the return value'
   * \throw 'errorobject' 'error code' if 'error condition'
   */

4.3.5. Documentation format for WebIDL constant

The comment for a constant definition SHOULD include the following doxygen-like keywords:

• brief - Brief description of the constant
• More detailed description of the constant including related requirements
• api-feature - The IRI of the feature this constant belongs to and a brief description
• code and endcode - A sample code to present the usage of the constant

 /**
   * \brief 'Constant's brief description'
   *
   * 'Constant's long description'
   *
   * \api-feature 'API Feature ID' 'optional brief description'
   *
   * \code
   * 'example code'   
   * \endcode
   *
   */

4.3.6. Documentation format for WebIDL type

The comment for a type definition SHOULD include the following doxygen-like keywords:

• brief - Brief description of the type
• More detailed description of the type including related requirements
• code and endcode - A sample code to present the usage of the type

 /**
   * \brief 'Type's brief description'
   *
   * 'Type's long description'
   *
   * \code
   * 'example code'   
   * \endcode
   *
   */