Confirmed users
620
edits
FirefoxOS/New security model: Difference between revisions
Jump to navigation
Jump to search
Add a section "Targets/Scopes in 2.5".
Ptheriault (talk | contribs) |
Ethantseng (talk | contribs) (Add a section "Targets/Scopes in 2.5".) |
||
| Line 11: | Line 11: | ||
"Sensitive APIs" here means APIs that we have not figured out how to safely expose to normal web pages. About 5-10% of the content in our marketplace falls into this category, and none of the content on the rest of the web fall into this category. I.e. most content does not use sensitive APIs, and can and should remain as normal websites. | "Sensitive APIs" here means APIs that we have not figured out how to safely expose to normal web pages. About 5-10% of the content in our marketplace falls into this category, and none of the content on the rest of the web fall into this category. I.e. most content does not use sensitive APIs, and can and should remain as normal websites. | ||
== Targets/Scopes in 2.5 == | |||
=== Summary === | |||
* Usable developer prototype is landed. | |||
* Developers can create and host signed packages which can be navigated to in the browser. | |||
* Signed packages can request any permission and packages are loaded properly in isolated child process | |||
* Known limitations: | |||
** Some APIs depend on existing App infrastructure and need to be refactored | |||
** No support for “Pinning” signed packages | |||
* Still landing bug fixes as possible (but prioritising 2.5 blockers instead) | |||
==New Security Model== | === Detailed Status === | ||
'''For 2.5 the following is supported:''' | |||
* Signed package support can be enable by a pref | |||
* Tool available for developers to package and sign their own content | |||
* Signed packages are able to use certified & priviliged APIs (some limitations, see below) | |||
* Signed packages are hosted on a web server and navigated to in the browser | |||
* Signed packages load in isolated content processes (i.e. transparent process switching) | |||
* Packages will update (inline with normal HTTP semantics) | |||
* Signed packages are granted an isolated data jar (however web content that signed packages load is in the regular web cookie jar) | |||
'''Not available in 2.5:''' | |||
* The ability to "pin" signed packages and actions that depend on pinning: | |||
** http cache pinning of packages (i.e. packages currently follow normal web semantics, not available offline unless http cached) | |||
** Registration of web activities & system messages | |||
* Service worker support | |||
* Known issues with some APIs which depend on existing app concepts (notably system messages are not yet supported) | |||
* Process switching away from signed packages isn’t working yet (only switching _to_ the package) | |||
'''Key "blocking" bugs:''' (none really block since nsec is not blocking 2.5, but these are priority to get landed to improve dev experience) | |||
* {{Bug|1180088}} - fixing an app permission which prevent some permissions being available to signed packages | |||
* {{Bug|1178526}} - important to ensure the segregation between the signed packages, and the web server they are hosted on | |||
* {{Bug|1178448}} - allows devs to sign packages with their own certificates (rather than bypassing signature checks) | |||
<br> | |||
== New Security Model == | |||
=== Signing - {{Bug|1153420}}=== | === Signing - {{Bug|1153420}}=== | ||
| Line 212: | Line 245: | ||
== Meeting Note == | == Meeting Note == | ||
https://wiki.mozilla.org/FirefoxOS/New_security_model/Meetings | |||