Apps/Security/Meeting-2012-03-30
From MozillaWiki
Contents
Action Items
(held over from last week)
- Jonas - to clean up page - https://wiki.mozilla.org/Apps/Security (this page will be central point of knowledge for security models)
- fligtar - to ensure MarketPlace decisions are documented and will send wiki link to mcoates
- Lucas - to communicate to b2g mailing list that App security model discussions will happen on dev-webapps mailing list
Attendees
- Raymond Forbes
- Jonas
- Mike Hanson
- Bill Walker
- James Straus
- Ragavan
- Justin Scott
- Lucas Adamski
- Ben Adida
Agenda
- Ensure ongoing security model development across B2G, MarketPlace, API are cohesive and in sync.
- Are business requirements, terms, expectations thoroughy documented?
- Need for single cohesive securtiy model
- Provide visibility in security model selections.
- Status of security model discussions across B2G / MarketPlace /WebApi
- Validate assumptions and decisions must hold across all three environments.
- Project Plans and deadlines
- Planning to design together
Notes - Discussion
Lucas discussed his proposal for distributing the APIs into bucked based on permissions requirements. These would each have a different level of authenticity. The idea was discussed and met with approval.
Fligtar, Ragavan, and Chris Lee were to organize API's based on priority.
Terms/ideas that need to be defined?
- Overall principles guiding our system/plan - we know them, but should have on wiki to point people to
- Manifest - https://developer.mozilla.org/en/Apps/Manifest
- #s of AppStores - should point to our strategy of supporting multiple apps
- What is an "app" - Lucas has ideas here (in email)
- Granting or permissions - who grants permissions? Users, stores? Can users restrict or grant permissions to an app?
- Remembered Permissions - prompt every time, decacy prompting, manifest granted, store granted
Assumptions that are being held - correct?
APIs will prompt user before access is allowed