I'm not sure if a document exists for this content due to the fact, as you mentioned, it is not a fair comparison. HTML Widgets can do some of the stuff Apps can do, but from a scale perspective...Apps are a 10, while HTML Widgets are no more than a 2-3. The biggest limitations to Widgets that come to mind that I can outline really quick:
- Widgets can only use the Current Session as the API context.
- Widgets can only be deployed to the overview page(s), where as Tiles/Apps can be deployed to any number of Tile Pages
- Deployment management of Widgets is quite painful ... and managing assets and versioning is poor.
- JS resources can only be uploaded to Widgets that live in Spaces, not groups.
- With Widgets, the Client's browser directly calls the Jive APIs; where-as in Apps...you use the Shindig Proxy to separate the browser's session.
- Apps support the use of Jive Connects which opens the doors to many services.
Also, I'm not sure if you saw this document:
- https://community.jivesoftware.com/docs/DOC-110981#jive_content_id_Jive_Hosted_AppsCommon Jive Add-On Use-Case Patterns
Does any of that help? In short, you should definitely be using Apps/Tiles to build your solutions if you are doing any considerable modification/management operations.
hope that helps.
That is helpful yes.
I did see that document recently but I did not read through the whole thing, I will RTFM.
Taking a concrete example again:
If I have an HTML widget that makes a rest call to add a tag to a document using jQuery
And if I also have a jive app that makes the same rest call to add a tag to a document using jQuery.
It seems like there would be significant security advantages to using apps vs an html widget to achieve this.
Risk is reduced through better code management and ease of deployment.
Is there less risk to the Jive platform as a whole by deploying code like this through an app?
Is there more risk?
Is the risk identical?
In more blunt terms, if we were deploying widgets to do these types of functions and managing the code through spaces (which we are) and we switch to using apps, does that increase the risk profile, decrease it, or is it the same?
as always it depends. If you develop an addon which requires additional servers / vm's it can be seen as an additional network component. This means it needs to fullfil any security requirement depending on your network including DMZ's, TZ's, ports, network communication s. o. - all of this . . .
Cheers - Guido