a content site or other rapidly changing property

The Firefox Marketplace will host app packages for apps that do use sensitive APIs, because

those apps will be code-reviewed and signed by the Marketplace.

Now, in a situation where an app cannot rely on the app-cache standard or IndexDB or other

existing web standards for its offline experience,

it's possible that the packaging standard for apps is useful to create a better offline

experience for traditional web apps.

And we are waiting to see how app developers will use these different technologies to best

provide offline experience for their users.

Purchased/paid apps are associated with a receipt and the application receipt is a JWT

JavaScript web token, which is a signed blob of text

The signing is used to reveal tampering or forgery of a receipt. A receipt is not tied

to users specific identity

nor is the receipt tied to the identity of an individual device. Here's a sample receipt

showing the name of the product and the unique identifier associated with the user which

the Marketplace can use to verify that no refund was given for this receipt.

The receipts are issued by the Marketplace at time of purchase, and installed at that

time on the device.

We will provide an opt-in service that allow users to back up all their receipts regardless

of where the apps were purchased. The receipt is made available to the app at runtime, for

server-side verification and for detection of fraud.

Fraud can be detected by noticing frequent use of identical receipts from many, different

locations.

Receipts will expire and periodically be refreshed and this will mitigate the risk of the signing

keys being compromised at the Marketplace.

In addition to the notion of paid apps, we also have the notion of in-app payments. In-app

payments are used when a developer wants the user to participate in the application by

purchasing digital content,

extra levels or weapons in a game, or content in a magazine or book-type site.

These are facilitated by a DOM API that we are developing currently called navigator.mozpay.

At the present the in-app payments are a communication directly between the developer and the user

-

and the Marketplace has little involvement beyond invoking the payment provider

Here's a sample JSON description of an in-app payment, giving the name of the digital content

and a detailed description.

Finally, what is an app store?

The most minimal definition of an app store is any web page that invokes the mozapps install

API.

Any page that allows you to install an app could be considered an app store.

In our case, it's much more than that. Our app store, called the Firefox Marketplace,

is itself an app.

that allows user to discover, purchase and install a wide variety of applications. It

is also a web service

that generates and validates application receipts. And finally, in the best Mozilla tradition,

it is a group of people,

a community that reviews and curates apps, and ensures that our users have a great experience

when they go there,

... and find useful things.

Firefox Marketplace is based on proven technology from addons.mozilla.org. We are confident

that it will sustain the load of our Apps ecosystem in the coming years

and it is proven to have created a strong developer community. We are working to refactor

the code to make it better able to operate in multiple data centers,

and we'll be rolling that out next year.