Apps/Security: Difference between revisions

Jump to navigation Jump to search

Apps/Security (view source)

Revision as of 02:37, 26 March 2012

116 bytes added ,  26 March 2012
→‎Boot 2 Gecko App Security Model Discussion
No edit summary
Line 2: Line 2:
This page is for capturing information about the B2G/OWA security discussion.  
This page is for capturing information about the B2G/OWA security discussion.  
{{note|<b>This is not a design document and should not be considered authoritative at this time</b>}}
{{note|<b>This is not a design document and should not be considered authoritative at this time</b>}}
{{note|<b>This page has been subdivided into sections that have their own page but have been transcluded</b>}}


There are four separate areas where security work is required.  Each area is separate but inter-related.  Each is '''required''' and cannot be ignored.
There are four separate areas where security work is required.  Each area is separate but inter-related.  Each is '''required''' and cannot be ignored.


# [[Apps/Security/Distribution|'''Secure Application Distribution''']]. A level of trust must be established between all four parties: B2G developers, Application developers, users and stores.
# [[Apps/Security/Distribution|'''Secure Application Distribution''']].
# [[Apps/Security/Enforcement|'''Application Permissions Enforcement''']]. This can '''only''' be done at the Operating System (kernel) level.
  A level of trust must be established between all four parties: B2G developers, Application developers, users and stores.
# [[Apps/Security/Permissions|'''Definition, management and presentation of the permissions to be enforced''']]. Examples include "app can access the IMEI number" and "app can make phone calls".
# [[Apps/Security/Enforcement|'''Application Permissions Enforcement''']].
# [[Apps/Security/StandardWebSecurity|'''Standard web security''']]. This is what is normally considered to be "the web" (XSS in AJAX etc.) and it still has a role to play in B2G.
  This can '''only''' be done at the Operating System (kernel) level.
# [[Apps/Security/Permissions|'''Definition, management and presentation of the permissions to be enforced''']].
  Examples include "app can access the IMEI number" and "app can make phone calls".
# [[Apps/Security/StandardWebSecurity|'''Standard web security''']].
  This is what is normally considered to be "the web" (XSS in AJAX etc.) and it still has a role to play in B2G.


* Track the status of [[B2G_App_Security_Model]]
* Track the status of [[B2G_App_Security_Model]]
Lkcl
177

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/411576"

Navigation menu