HTTP/REST Interface for Desktop APIs

HTTP/REST Interface for Desktop APIs


Some notes, before you have started


1) This project is open-source, and as I see it, some basic feature set of the final product should be free and open-source forever. Because love!
2) This project requires knowledge of C++. Interfacing with operating system APIs is hard otherwise. While my choice is opinionated like any other choice, remember that I have considered C, C++, C#, D, Go, Rust, Zig, and Beef beforehand. C++ is optimal to my taste.
3) This project requires knowledge of Windows APIs and is pretty much Windows specific so far. Linux and Mac versions are possible in theory, but I’d prefer to focus on 88% of desktops for now. I love Linux though; I did not sell my soul completely. Mac is terrible, I want my scroll direction back.
4) I’m a bit crazy. Ba-dum-tss.


The Project


The following is my current incomplete vision. You may disagree, it's fine.

The Problem


Web applications are cheaper to develop and cheaper to maintain, than desktop applications. Many tasks which were considered too heavy for the web in the past, are implemented with web technologies now. Microsoft Excel Online and Google Sheet for spreadsheets, Figma for graphics design. Maybe you can remember other examples, can you?

I have worked in large enterprises most of my career. Many enterprise/business applications I have seen could be web-based, but were not, because they needed access to various desktop APIs. I'll focus on three use cases here.

Authentication, Authorization, Audit


Web-browsers give no direct access to authorization, authentication and audit APIs provided by operating systems. Windows workstations are usually joined to an Active Directory domain. Permissions are managed by group membership within the domain. Hundreds, if not thousands, of groups and policies are serving usual enterprise. Restricted logon hours, whitelisted logon workstations, centralized collection of audit log. Every desktop application may call a few simple APIs to check if current user has specific privilege, is a member of some specific group, just lists all current user groups, or writes an important message to the event log. But good luck integrating this with your new fancy web-based SaaS. No single sign-on for you, no event log. If infrastructure is hybrid and the cloud part is Azure, you may have some luck with SAML and Azure Active Directory, but if not, you most likely will be asked to install on-premises version or leave immediately.

Printing and imaging


Web-browsers provide no usable printing APIs. Printing is important, whether it is cheque, report or handout. Most websites just give up on printing and export PDFs. This experience is terrible, starting with color support and ending with A4/Letter confusion. If printing is an essential part of your application’s workflow, like for a cash desk, web technologies are simply unusable. Google Cloud Print is discontinued, so the situation will become even worse. Scanning with preview? I don't even know where to start. It's simply impossible.

Industrial devices


There are a lot of industrial hardware devices. None of them can be accessed from the browser, if not explicitly supported, like FIDO tokens. Most can be accessed via text-based protocols over serial ports. They are begging to be wrapped into web-sockets.

Why is it so bad?


There are two answers I know:
First answer is “other priorities”. Web technologies are mostly for landing pages, not for business applications, so a new CSS selector is more welcome than printing.
Second answer is “security”. It is hard to introduce new features without introducing new attack vectors.

The Proposed Solution


Create a universal windows service application which will provide a highly secure easy to use REST interface, available on localhost. Allow JavaScript applications to fully integrate into desktop environments.
Security is paramount. Permissions, which website has access to what APIs, should be opt-in only, clear, managed by Administrators only and optionally by global Active Directory policies. Everything is double checked, secured, isolated and sandboxed if possible.

Who do I seek for?


Not necessarily a C++ software developer who wants to write code. Can you give me advice on Windows security? Can you try my software in a specific environment I cannot reproduce? Can you tell me what is your specific related use case I have missed? Can you come up with a monetization strategy? You are very welcome even if not!

What tools do I use?


1) Visual Studio 2019 community
2) Notion

Contacts


Write an email on adontz@gmail.com
Or drop a message into @adontz in Skype or Telegram.
I don't use Instagram, Viber, WhatsApp, etc.
I don't want work related conversations on Facebook and I rarely open LinkedIn, so you'll find me there as adontz, but don’t.




Login to post a comment.
Loading comments...
For any questions or bug reports, you can find me on Twitter