Name of API: WebUSB API
Brief purpose of API: Allow core (certified) apps to interact directly with USB devices General Use Cases:
- Theft of sensitive data
- Device compromise (mounting of device USB filesystem)
Threat severity: Critical
Regular web content (unauthenticated)
Use cases for unauthenticated code: None
Authorization model for normal content: None
Authorization model for installed content: None
Potential mitigations: N/A
Trusted (authenticated by publisher)
Same as for installed unauthenticated app
Certified (vouched for by trusted 3rd party)
Use cases for certified code: Configure, enable/disable USB devices. Interact with USB devices.
Authorization model for normal content: Implicit
Non-certified use cases are out of scope for 1.0. We will consider those for a subsequent release.