WebAPI/Security/Idle: Difference between revisions
Jump to navigation
Jump to search
Ptheriault (talk | contribs) No edit summary |
No edit summary |
||
| (3 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
==Idle API== | |||
Brief purpose of API: Notify an app if the user is idle.<br> | |||
General Use Cases: Notify a web page is a user is idle (e.g. to change a status in an instant messaging program). | |||
References: | References: | ||
*https://wiki.mozilla.org/WebAPI/IdleAPI | *https://wiki.mozilla.org/WebAPI/IdleAPI | ||
*Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/Wxgz7_LKD40/discussion | *Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/Wxgz7_LKD40/discussion | ||
Inherent threats: | Inherent threats: | ||
| Line 14: | Line 14: | ||
Threat severity: Low | Threat severity: Low | ||
=== Permissions Table=== | |||
{| border="1" class="wikitable" | {| border="1" class="wikitable" | ||
| Line 29: | Line 30: | ||
|} | |} | ||
[[Category:Web APIs]] | |||
[[Category:Security]] | |||
Latest revision as of 23:40, 1 October 2014
Idle API
Brief purpose of API: Notify an app if the user is idle.
General Use Cases: Notify a web page is a user is idle (e.g. to change a status in an instant messaging program).
References:
- https://wiki.mozilla.org/WebAPI/IdleAPI
- Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/Wxgz7_LKD40/discussion
Inherent threats:
- Privacy implications
- Signalling multiple windows at exactly the same time could correlate user identities and compromise privacy
- Could be used by a workplace to monitor activity by monitoring system idle
Threat severity: Low
Permissions Table
| Type | Use Cases | Authorization Model |
|---|---|---|
| Web Content | None | No access |
| Installed Web Apps | None | No access |
| Privileged Web Apps | None | No access |
| Certified Web Apps | Notify an app if the user is idle. | Implicit |