177
edits
Changes
no edit summary
# Permissions should be enforced regardless of version of B2G installed
== Scope ==
=== App instance / version ===
* Possible definitions of what an app instance / version is
*# a static bundle of code authenticated by manifest + signature (or equivalent)
*# a dynamic stream of code authenticated by a specific origin (same origin applied, all assets must be loaded from https://<a host>)
*# an initial loader authenticated by a specific origin (https://<a host>), which can then load whatever it wants
*# unauthenticated code loaded over any channel, from any origin
* loosely ordered from best to worst (descending) security wise
* 1) and 2) could work with additional security controls
* attacker can use option 2) as a proxy for malicious content
* attacker can use option 2) as proxy to paid app (buy once, share with world)
** mitigation for this may be responsibility of app developer
* CSP can secure 1) and 2) to an extent
** define baseline CSP policy that apps have to adopt
* See [https://www.adobe.com/devnet/air/articles/introduction_to_air_security.html Intro to AIR security]
===Permission Types===
#For privacy-related permissions, the user must always be asked, unless they have overridden
== Requirements ==
=== Management / granting of API permissions to WebApps ===
# User should be able to view / control / modify permissions granted to WebApps