CloudServices/Roadmaps/SimplePush-Server/SecCodeReview: Difference between revisions

Jump to navigation Jump to search

CloudServices/Roadmaps/SimplePush-Server/SecCodeReview (view source)

Revision as of 23:22, 3 June 2013

613 bytes removed ,  3 June 2013
→‎Detailed Application Diagram
Line 128: Line 128:


=== Detailed Application Diagram ===
=== Detailed Application Diagram ===
A Detailed Application Diagram is essentially a Data-flow diagram;  a data flow diagram enumerates each application or service that is a component of a system, and illustrates each of the paths data can flow through.
The SimplePush server has been greatly simplified from the standard protocol in order to meet expected load issues. Where possible, stateful data has been eliminated or factored against (e.g. the normal protocol defines that the client return a list of known ChannelIDs for a given UAID that the server would filter incoming requests against. Since the client discards unknown ChannelIDs, the decision was made that those ChannelIDs would be passed to the client, and left to the client to discard.)


 
There is some consideration being made that the data *not* be written to memcache immediately, but only if the client fails to ACK the data as it's being sent (client is offline or fails to ACK data sent by the connected server thread).
[https://wiki.mozilla.org/images/2/22/BrowserID-Threat-Model.png BrowserID Detailed Diagram]
 
Note that a data-flow diagram is only one example of how this information.  The goal is to effectively communicate to the audience how data moves through the system, where different operations are performed, and if detailed enough, how different roles within the system can access different operations.
 
When designing the detailed application diagram it can be useful to assemble a list of each of the subjects in a system.
 
 
TODO - add references for subject/object/operations in relation to access control models.
 
==== Key Attributes ====
* Clarity; labels for objects are brief, and contain clear references that can be used to cross-reference other documentation
* Detailed; ensure that all roles and operations are clearly presented
 
==== Additional Examples====
* [https://wiki.mozilla.org/images/b/bf/MozillaF1-Diagram.png Mozilla F1 Detailed Application Diagram]
* [https://wiki.mozilla.org/images/e/ee/BrowserID-Protocol.png BrowserID Protocol]
* [https://people.mozilla.com/~ckoenig/App-Marketplace.jpg AppStore Threat Model]


=== Data-flow Enumeration ===
=== Data-flow Enumeration ===
Jrconlin
Confirmed users
1,022

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/662730"

Navigation menu