canmove, Confirmed users
1,220
edits
B2G App Security Model: Difference between revisions
Jump to navigation
Jump to search
no edit summary
mNo edit summary |
Ptheriault (talk | contribs) No edit summary |
||
| Line 11: | Line 11: | ||
}} | }} | ||
{{FeaturePageBody | {{FeaturePageBody | ||
|Feature open issues and risks= | |Feature open issues and risks=Will B2G have an "installed apps" mechanism for installing static offline applications, or will all apps be loaded over the web (using Offline Web Application API as necessary for offline mode)? | ||
Will applications need to be signed? (if so how, and what will be signed?) | |||
|Feature overview=The B2G app security model governs how applications are discovered, installed, managed, run and updated. | |Feature overview=The B2G app security model governs how applications are discovered, installed, managed, run and updated. | ||
| Line 18: | Line 23: | ||
Users should be able to discover, installed, run, update and uninstall application as they see fit. These applications should be able to run offline. Users should also be able to manage the security and privacy relevant settings for those applications, potentially at different phases of the apps lifecycle (at install, at runtime, independently). | Users should be able to discover, installed, run, update and uninstall application as they see fit. These applications should be able to run offline. Users should also be able to manage the security and privacy relevant settings for those applications, potentially at different phases of the apps lifecycle (at install, at runtime, independently). | ||
|Feature dependencies=Heavily dependent on the Open Web Apps security model and ecosystem, and on BrowserID as well. | |Feature dependencies=Heavily dependent on the Open Web Apps security model and ecosystem (including Marketplace), and on BrowserID as well. | ||
|Feature requirements=*An app store needs to be able to approve an application, implying they can verify the integrity and authenticity of the app. | |Feature requirements=*An app store needs to be able to approve an application, implying they can verify the integrity and authenticity of the app. | ||
*A user needs to be able to make a trust decision at install time, so they also need to be able to verify the authenticity, integrity and privileges of an app | *A user needs to be able to make a trust decision at install time, so they also need to be able to verify the authenticity, integrity and privileges of an app | ||
*User | *An store app must be able to set the default permissions for an app | ||
*User has control of the permissions of the app throughout its lifecycle, overiding those set by the app store if desired | |||
*Apps should be able to discover their privileges and degrade gracefully in a limited privilege environment | *Apps should be able to discover their privileges and degrade gracefully in a limited privilege environment | ||
*Permissions need to be expressed to the user in a way that they can realistically be expected to comprehend (perhaps with options for power-users) | *Permissions need to be expressed to the user in a way that they can realistically be expected to comprehend (perhaps with options for power-users) | ||
| Line 28: | Line 34: | ||
*Ability to grant trust for certain highly sensitive privileges (such as phone dialing) may be restricted at the OS level to specific trusted parties | *Ability to grant trust for certain highly sensitive privileges (such as phone dialing) may be restricted at the OS level to specific trusted parties | ||
|Feature non-goals=This document does not try to define the broader B2G security model, nor does it define the Open Web Apps security model even though we expect that B2G will contain a superset of the latter's requirements. | |Feature non-goals=This document does not try to define the broader B2G security model, nor does it define the Open Web Apps security model even though we expect that B2G will contain a superset of the latter's requirements. | ||
|Feature functional spec=--Threat Model-- | |||
*Hostile Network Environment | |||
*Web Server Compromise | |||
*Dynamic Applications | |||
}} | }} | ||
{{FeatureInfo | {{FeatureInfo | ||