Apps/Security: Difference between revisions

Jump to navigation Jump to search

Apps/Security (view source)

Revision as of 02:17, 26 March 2012

1,375 bytes removed ,  26 March 2012
→‎Requirements
No edit summary
Line 67: Line 67:


{{:Apps/Security/Summary}}
{{:Apps/Security/Summary}}
== Requirements ==
(''This section describing requirements was developed/written separately from the 4 security areas outlined above.  both areas must be consistent and integrated'')
===Core Principles===
#User control: Users control what application permissions an application has at all times (pre, during and post installation).
#Secure by default: A user who chooses to accept the default permissions recommended by a store must be secure by default
#Least Privilege: Applications must be granted the minimum privileges necessary to function
#Minimize Permissions: APIs should be designed in such a way to provide the most functionality without the need to be granted permissions
===Trust Model===
#The user is the root source of trust for permissions settings.
#B2G devices will be shipped with a root Trusted Store which has the power to set the permissions defaults for an Web App.
#The user can choose to override store permissions (either granting or revoking privileges), but the store permissions should be safe for the user, and represent the minimum permissions the application needs to run.
#The store can also entrust other stores with the power to grant permissions (possibly a subset of permissions, or not privileged permissions)
=== Enforcement of permissions on device ===
# Permissions should be enforced regardless of version of B2G installed




Line 96: Line 77:
{{:Apps/Security/Permissions}}
{{:Apps/Security/Permissions}}
{{:Apps/Security/StandardWebSecurity}}
{{:Apps/Security/StandardWebSecurity}}


= Other =
= Other =
Lkcl
177

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/411562"

Navigation menu