WebAPI/Security/Idle

From MozillaWiki
Jump to: navigation, search

Idle API

Brief purpose of API: Notify an app if the user is idle.
General Use Cases: Notify a web page is a user is idle (e.g. to change a status in an instant messaging program).

References:

Inherent threats:

  • Privacy implications
    • Signalling multiple windows at exactly the same time could correlate user identities and compromise privacy
    • Could be used by a workplace to monitor activity by monitoring system idle

Threat severity: Low

Permissions Table

Type Use Cases Authorization Model
Web Content None No access
Installed Web Apps None No access
Privileged Web Apps None No access
Certified Web Apps Notify an app if the user is idle. Implicit