WebAPI/Security/WebNFC: Difference between revisions

Jump to navigation Jump to search

WebAPI/Security/WebNFC (view source)

Revision as of 14:40, 27 March 2015

613 bytes added ,  27 March 2015
Add scope of review
No edit summary
(Add scope of review)
Line 1: Line 1:
Name of API: WebNFC API
Name of API: WebNFC API
'''
Reference:'''
* https://wiki.mozilla.org/WebAPI/WebNFC
* https://bugzilla.mozilla.org/show_bug.cgi?id=674741


Reference:<br>
Brief purpose of API: Allow core (certified) and privileged apps to interact directly with NFC devices<br />
https://wiki.mozilla.org/WebAPI/WebNFC
https://bugzilla.mozilla.org/show_bug.cgi?id=674741


Brief purpose of API: Allow core (certified) apps to interact directly with NFC devices
General Use Cases: sharing content (media files, contacts) with NFC pairing, read/write NFC tags<br />
General Use Cases:


Inherent threats:  
 
'''Inherent threats:'''<br />
*Theft of sensitive data
*Theft of sensitive data
*Device compromise (configuring NFC device)
*Device compromise (configuring NFC device)
*Potential for financial impact (payments via NFC)
*Potential for financial impact (payments via NFC) - cf the Secure Element API


Threat severity: Critical
Threat severity: Critical


== Regular web content (unauthenticated) ==
Regular web content (unauthenticated)
Use cases for unauthenticated code: None
Use cases for unauthenticated code: None


Line 24: Line 26:
Potential mitigations: N/A
Potential mitigations: N/A


== Trusted (authenticated by publisher) ==
'''Trusted (authenticated by publisher)'''<br />
 
Same as for installed unauthenticated app
Same as for installed unauthenticated app


== Certified (vouched for by trusted 3rd party) ==
'''Certified (vouched for by trusted 3rd party)'''<br />
 
Use cases for certified code:  
Use cases for certified code:  
*Configure, enable/disable NFC devices.
*Configure, enable/disable NFC devices.
*Interact with NFC devices.
*Interact with NFC devices.
*Manage NFC payments.
*Manage NFC payments.
'''
= Security Review =
== Scope of Review ==
=== Gaia ===
* System Application changes
* Web Activities
* System messages
* Communication between system app and NFC client app
* Certified NFC applications
* 3rd party NFC apps
Out of scope for now:
* Wallet Application (see Secure Element API)
* Certified transportation/miFare applications
=== Gecko ===
* mozNfc APIs
* Gecko Permissions
* Messaging (NFC:* messages, system messages)
* NFC System worker
* Interface to nfcd on IPC socket


Authorization model for normal content: Implicit
Out of scope:
* Secure elements
** access control
** integration with RIL
=== Gonk ===
* NFC Daemon (nfcd)
* Interface to lib


==Notes==
Non-certified use cases are out of scope for 1.0.  We will consider those for a subsequent release.


__NOTOC__


[[Category:Web APIs]]
[[Category:Web APIs]]
[[Category:Security]]
[[Category:Security]]
Arroway
Confirmed users
152

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1064870"

Navigation menu