Lowest Prices anywhere on MacBook Pros and Mac Pros: Apple Price Guides updated Apr 18th (use exclusive coupons, tax-free options to save hundreds)
 


Friday, August 15, 2008, 06:00 am PT (09:00 am ET)

Inside MobileMe: Web 3 and Web client-server apps


What No SSL?

Data transaction security in MobileMe's web apps is based upon authenticated handling of JSON data exchanges between the self contained JavaScript client apps and Apple's cloud, rather than the SSL web page encryption used by HTTPS. The only real web pages MobileMe exchanges with the server are the HTML, JavaScript, and CSS files that make up the application, which have no need for SSL encryption following the initial user authentication. This has caused some unnecessary panic among web users who have equated their browser's SSL lock icon with web security. And of course, Internet email is not a secured medium anyway once it leaves your server.

If Apple applied SSL encryption in the browser, it would only slow down every data exchange without really improving providing perfect security, and instead present what could be a false sense of security that distracts from real security threats.

One other advantage held by MobileMe in terms of security is that Apple runs the entire show. There's no third party ads being injected into Apple's MobileMe apps, no external scripts introducing search results, alerts, or buddy lists that could potentially intercept secure transactions with the server, nor any opportunities for Adobe Flash, Microsoft's Silverlight, or other potentially vulnerable plugins to expose unforeseen security threats. A simplified trust relationship equates to stronger security.

The emerging new platform for web apps

While Safari, Firefox, and Internet Explorer all make different levels of attempts to follow the existing standards for HTML 4 and CSS, Safari and Firefox have done a better job of pushing web standards because it is in their interest to differentiate their browsers as being standards compliant. Microsoft could continue to push its own proprietary non-interoperability for another half-decade due to its closed ecosystem of developers who readily support using non-interoperable technologies because they have no need for them. That currently leaves IE 7 incompatible with some of the features in MobileMe (and IE 6 completely unsupported), but the good news is that Microsoft is working to adopt more of the W3C standards in the future.

Neither Safari nor Firefox are HTML5 compliant yet because the standard isn't yet even finished. However, both are already adopting some of its upcoming features in advance, as well as making enhancements to their JavaScript interpreters that will allow the next generation of web apps to run much faster. Apple's JavaScript interpreter is getting a lot of attention within the company, and has resulted in the fast new SquirrelFish for Safari 4.

MobileMe


MobileMe's web apps are therefore pioneering a new road just as Microsoft's OWA did nearly a decade ago with Ajax. The sophistication of MobileMe's apps should also have in impact on what browser users choose to adopt, as how well the browser follows standards and how quickly it can run JavaScript will have a major impact on how fast modern web apps will run. Microsoft has recently become distracted with Silverlight, which attempts to follow the course of Adobe Flash in loading an entirely proprietary level of middleware into the browser that is run by an external plugin. Microsoft also continues to use Flash, as it does in its new Mojave Experiment.

Apple's MobileMe web apps

If MobileMe can demonstrate that web applications don't require external plugins like Flash or Silverlight to function, it will have the opportunity to develop MobileMe into a platform and marketplace for online apps, just as the Apps Store opened the iPhone and iPod touch to third party developers. Apple typically develops its platforms internally first (as it did with iTunes, iLife, the iPhone, and .Mac sync), then exposes its private work as a public API third parties can use in their own apps.

The MobileMe service already supports a public API for syncing data and settings up to the cloud; this was originally part of .Mac, too. Apps can also copy up data to MobileMe's WebDAV hosted web server, as Delicious Library 2 does. While third party iPhone apps and external web services can already access that publicly published data, there is a tremendous potential for external new APIs that allow interacting with data stored in the MobileMe cloud, allowing iPhone apps to automatically sync settings or data with their desktop equivalents.

There is also vast, uncharted potential for Apple to host web apps developed by third parties that are either bundled into the MobileMe service, or sold as separate subscription service options. Opening up a viable and profitable market for online apps that share the same standards-based Web 3 platform would enable developers to copy Apple's desktop, web, and mobile integration. For example, Quicken could build an iPhone expenses app that synced with a MobileMe finances web app and its desktop equivalent.

The web app platform isn't complete; in fact, it's barely finished. Apple's MobileMe web apps aren't flawless, nor do the deliver feature parity with the company's established desktop apps that have seen nearly a decade of refinement. There's currently very limited support for offline operation; unplug from the Internet and there isn't much you can do. However, the pieces are all there and Apple can rapidly update its online apps to present new features immediately, without having to deliver new client software updates to every user. That's one of the most obvious advantages of web apps, in addition to being able to run nearly anywhere.

You get what you pay for

One of the biggest problems currently holding back the development of new web apps is the lack of a viable business model. It's hard to get users to pay for web services now that the web has become regarded as an entirely free medium. However, Apple has already found millions of paying subscribers for .Mac (including long time vocal critic Paul Thurrott), and will be selling MobileMe to millions of new iPhone users. Nobody else has figured out to sell subscription web services to millions of consumers as Apple has been, but Google, Microsoft, and Yahoo would love to do so.

Those ready customers will happily pay for the ability to connect their mobile to new custom web services and desktop applications. Further, Apple's hardware focus makes it the ideal merchandizer for web app developers; the company can deliver low priced deployment and billing services for developers with the intent of selling more iPhones and Macs rather than demanding huge overhead from developers, just as it has promoted its low priced, high volume iPhone Apps Store.

Security is another problem for web apps, as some sort of centralized authentication system is required to begin any type of secured transactions. Rather than each developer rolling their own security and authentication system, they could share MobileMe's. The presence of a centrally-secured market will result in rapid development of sophisticated new standards-based web applications. Safari's focus on developing advanced and fast JavaScript support will make it the ideal browser to use in rendering those applications on both the Mac and Windows PCs.

So where do Apple's MobileMe apps stand right now? The next Inside MobileMe segment will look at Apple's implementation of web email, how it compares with existing products, and where it needs improvement.