Changes

Jump to: navigation, search

WebAPI/Security/WebNFC

613 bytes added, 14:40, 27 March 2015
Add scope of review
Name of API: WebNFC API
'''
Reference:'''
* https://wiki.mozilla.org/WebAPI/WebNFC
* https://bugzilla.mozilla.org/show_bug.cgi?id=674741
ReferenceBrief purpose of API:Allow core (certified) and privileged apps to interact directly with NFC devices<br/>https://wiki.mozilla.org/WebAPI/WebNFChttps://bugzilla.mozilla.org/show_bug.cgi?id=674741
Brief purpose of APIGeneral Use Cases: Allow core sharing content (certifiedmedia files, contacts) apps to interact directly with NFC devicesGeneral Use Cases: pairing, read/write NFC tags<br />
 '''Inherent threats: '''<br />
*Theft of sensitive data
*Device compromise (configuring NFC device)
*Potential for financial impact (payments via NFC)- cf the Secure Element API
Threat severity: Critical
== Regular web content (unauthenticated) ==
Use cases for unauthenticated code: None
Potential mitigations: N/A
== '''Trusted (authenticated by publisher) =='''<br /> 
Same as for installed unauthenticated app
== '''Certified (vouched for by trusted 3rd party) =='''<br /> 
Use cases for certified code:
*Configure, enable/disable NFC devices.
*Interact with NFC devices.
*Manage NFC payments.
'''
 
= Security Review =
== Scope of Review ==
=== Gaia ===
* System Application changes
* Web Activities
* System messages
* Communication between system app and NFC client app
* Certified NFC applications
* 3rd party NFC apps
 
Out of scope for now:
* Wallet Application (see Secure Element API)
* Certified transportation/miFare applications
 
=== Gecko ===
* mozNfc APIs
* Gecko Permissions
* Messaging (NFC:* messages, system messages)
* NFC System worker
* Interface to nfcd on IPC socket
Authorization model for normal contentOut of scope: Implicit* Secure elements** access control** integration with RIL=== Gonk ===* NFC Daemon (nfcd)* Interface to lib
==Notes==
Non-certified use cases are out of scope for 1.0. We will consider those for a subsequent release.
__NOTOC__
[[Category:Web APIs]]
[[Category:Security]]
Arroway
Confirm
152
edits
Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1064870"

Navigation menu