The BONDI project is aimed at opening up device-based functions to web applications and widgets. There is significant industry traction around widgets as an addition to traditional native applications on devices. When opening up security and privacy-sensitive APIs such as location or messaging, the user must not be put at risk. BONDI defines a security and policy framework for managing this. With the core APIs already in development, OMTP is looking to the future and how to open up mobile functions such as UICC, trusted services and NFC to web applications, to enable development of cool widgets right through from m-commerce to gaming.