The Mobile TF has decided to pursue a fast-track effort to define key use cases and key requirements around allowing JavaScript access to mobile device APIs, along with a characterization of potential security vulnerabilities and where a security framework is needed to address those vulnerabilities. Mobile device APIs would allow the “Web Runtime” (used within the browser, used within widgets, and used for the device’s built-in applications) to gain access to things such as location (e.g., GPS), contact list, phone log, email boxes, phone dialog, connection status (e.g., connection speed and whether roaming), SMS services, MMS services, and the camera. The plan is to push hard for 2 months, between now and April 30, to get as far as possible with our fast-track requirements phase. After April 30, we will then look at the use cases and requirements and decide whether to launch formal activities, such as a standards effort or an open source effort.

Looking forward to what might happen after April 30, there is a strawman proposal where OpenAjax Alliance pursues an open source initiative to develop a shim layer of JavaScript APIs to access mobile device services, and then various JavaScript adapter providers plug into the shim layer to map the OpenAjax APIs to native services. For example, one provider might map the shim layer to a JavaScript library that attaches to J2ME’s device APIs, available via MSA. Another provider might map the shim layer to a JavaScript library that attaches to Windows Mobile services, another to Google Gears mobile services, etc. We will put this strawman proposal on the shelf for the next two months as we go through our fast-track requirements efforts, and then evaluate the strawman to see if it is a good way to go forward.