Action Items

(held over from last week)

• Jonas - to clean up page - https://wiki.mozilla.org/Apps/Security (this page will be central point of knowledge for security models)
• fligtar - to ensure MarketPlace decisions are documented and will send wiki link to mcoates
• Lucas - to communicate to b2g mailing list that App security model discussions will happen on dev-webapps mailing list

Attendees

• Raymond Forbes
• Jonas
• Mike Hanson
• Bill Walker
• James Straus
• Ragavan
• Justin Scott
• Lucas Adamski
• Ben Adida

Agenda

• Ensure ongoing security model development across B2G, MarketPlace, API are cohesive and in sync.
  • Are business requirements, terms, expectations thoroughy documented?
  • Need for single cohesive securtiy model
• Provide visibility in security model selections.
  • Status of security model discussions across B2G / MarketPlace /WebApi
• Validate assumptions and decisions must hold across all three environments.
  • Project Plans and deadlines
  • Planning to design together

Notes - Discussion

Lucas discussed his proposal for distributing the APIs into bucked based on permissions requirements. These would each have a different level of authenticity. The idea was discussed and met with approval.

Fligtar, Ragavan, and Chris Lee were to organize API's based on priority.

Terms/ideas that need to be defined?

• Overall principles guiding our system/plan - we know them, but should have on wiki to point people to
• Manifest - https://developer.mozilla.org/en/Apps/Manifest
• #s of AppStores - should point to our strategy of supporting multiple apps
• What is an "app" - Lucas has ideas here (in email)
• Granting or permissions - who grants permissions? Users, stores? Can users restrict or grant permissions to an app?
• Remembered Permissions - prompt every time, decacy prompting, manifest granted, store granted

Assumptions that are being held - correct?

APIs will prompt user before access is allowed