Apps/Security: Difference between revisions

Jump to navigation Jump to search

Apps/Security (view source)

Revision as of 06:19, 9 August 2012

26 bytes removed ,  9 August 2012
→‎Format for privileged and certified apps
Line 327: Line 327:
We need an application delivery mechanism that provides assurances on app integrity and authenticity, and also allows for well-defined application & privilege scope enforcement so integrity can be maintained at runtime.
We need an application delivery mechanism that provides assurances on app integrity and authenticity, and also allows for well-defined application & privilege scope enforcement so integrity can be maintained at runtime.


Apps will be packaged within a zip file format, along with the OWA manifest and a signature.  This package will be provided to the app store for the review, which will then sign it upon approval.  Upon installation, the client will verify that the signature is valid and chains to a privileged app store.
Thus all privileged and certified apps will be in packaged format.  This package will be provided to the app store for the review, which will then sign it upon approval.  Upon installation, the client will verify that the signature is valid and chains to a privileged app store.


Privileged and certified apps will be accessed via a unique scheme (app://).  The domain will correspond to the app id.
Privileged and certified apps will be accessed via a unique scheme (app://).  The domain will correspond to the app id.
Ladamski
Confirmed users
717

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/459556"

Navigation menu