Skip to main content

3. Terminology

In addition to the terms defined in referenced specifications, this document uses the following terms:

"native app" - An app or application that is installed by the user to their device, as distinct from a web app that runs in the browser context only. Apps implemented using web-based technology but distributed as a native app, so-called "hybrid apps", are considered equivalent to native apps for the purpose of this specification.

"app" - A "native app" unless further specified.

"app store" - An e-commerce store where users can download and purchase apps.

"OAuth" - Authorization protocol specified by the OAuth 2.0 Authorization Framework [RFC6749].

"external user-agent" - A user-agent capable of handling the authorization request that is a separate entity or security domain to the native app making the request, such that the app cannot access the cookie storage, nor inspect or modify page content.

"embedded user-agent" - A user-agent hosted by the native app making the authorization request that forms a part of the app or shares the same security domain such that the app can access the cookie storage and/or inspect or modify page content.

"browser" - The default application launched by the operating system to handle "http" and "https" scheme URI content.

"in-app browser tab" - A programmatic instantiation of the browser that is displayed inside a host app but that retains the full security properties and authentication state of the browser. It has different platform-specific product names, several of which are detailed in Appendix B.

"web-view" - A web browser UI (user interface) component that is embedded in apps to render web pages under the control of the app.

"inter-app communication" - Communication between two apps on a device.

"claimed "https" scheme URI" - Some platforms allow apps to claim an "https" scheme URI after proving ownership of the domain name. URIs claimed in such a way are then opened in the app instead of the browser.

"private-use URI scheme" - As used by this document, a URI scheme defined by the app (following the requirements of Section 3.8 of [RFC7595]) and registered with the operating system. URI requests to such schemes launch the app that registered it to handle the request.

"reverse domain name notation" - A naming convention based on the domain name system, but one where the domain components are reversed, for example, "app.example.com" becomes "com.example.app".

Last updated on